Openstack API clients commonly use a set of environment variables such as OS_AUTH_TYPE, OS_AUTH_URL, etc.
The set of needed variables can be downloaded from the dashboard as an Openstack RC File (v2.0 or v3). This is basically a shell script that you need to source in the current session:
...
With the environment vars available, tools like OpenStackClient work, and or the Openstack Ansible modules.
...
Ansible provides ansible-vault to encrypt information . How can we use this? Ideally we'd only store them once.An - an example Ansible playbook might look like this:
...
with the encrypted vault.yml file containing:
| Code Block | ||
|---|---|---|
| ||
--- openrc_vars: OS_AUTH_TYPE: v3applicationcredential OS_AUTH_URL: https://keystone.cloud.garrservices.it:5000/v3 OS_IDENTITY_API_VERSION: 3 OS_REGION_NAME: garr-pa1 OS_INTERFACE: public OS_APPLICATION_CREDENTIAL_ID: 33ff72a9162341dbb81fd480ddcc23d7 OS_APPLICATION_CREDENTIAL_SECRET: HACKME |
...
| Code Block | ||
|---|---|---|
| ||
# Alias to populate Openstack environment variables from ansible vault encrypted file
alias openstack-auth-garr='$(ANSIBLE_LOAD_CALLBACK_PLUGINS=TRUE ANSIBLE_STDOUT_CALLBACK=json ansible all -m debug -i localhost, --extra-vars "@vault.yml" -a "msg=\"{% for k,v in openrc_vars.items() %}export {{ k }}={{ v }}\n{% endfor %}\"" | jq -r '\''.["plays"][0]["tasks"][0]["hosts"]["localhost"]["msg"]'\'')' |
...