Machine credentials are used to define the username and password of the user that will be making an SSH connection from the control node (Tower) to each managed node. This is similar to the remote_user parameter.
- In Tower, select Credentials.
- Select the green plus icon.
- Enter the following:
- Name = Something unique
- Description = Something unique
- Organization =
- Credential Type = Machine
- Username = the username
- Password = the password
- Select Save.
In this example, a machine credential with username rabbitmq is created.
Let's say you run a job template with verbosity set to 4 (Connection Debug).
AVOID TROUBLE
You will want to ensure that the playbook being invoked, which is example.yml in this example, does not include the remote_user parameter, as the remote_user parameter in the playbook would take precedence over the machine credential.
Something like this should be returned, which shows that the remote user was obtained from the machine credential.
PLAYBOOK: example.yml
Positional arguments: example.yml
subset: server001
ask_pass: True
remote_user: rabbitmq
The ansible_ssh_pass variable will contain the password being used by the Machine credential. However, this is not the way that Machine credentials are meant to be used. Instead, Vault credentials can be used to define a password that can then be used in a playbook.
- name: display ansible_ssh_pass
debug:
var: ansible_ssh_pass
Did you find this article helpful?
If so, consider buying me a coffee over at