search

ansible-collections / community.general

Ansible Community General Collection
https://galaxy.ansible.com/ui/repo/published/community/general/
GNU General Public License v3.0
810 stars 1.49k forks source link

Proxmox module to use same credentials as Proxmox inventory #8649

Open JoshkVFX opened 1 month ago

JoshkVFX commented 1 month ago

Summary

I'm trying to avoid hardcoding in api_host, api_user, api_token and api_secret_id into my playbooks/roles and I think that having the proxmox module fallback to the settings applied in the inventory yaml (if it exists) could be helpful

This might be tricky if you have multiple proxmox clusters defined, so maybe we have a parameter that specifies which cluster's inventory file to use?

Issue Type

Feature Idea

Component Name

proxmox

Additional Information

Code of Conduct

ansibullbot commented 1 month ago

Files identified in the description:

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

ansibullbot commented 1 month ago

cc @Ajpantuso @Thulium-Drake @UnderGreen @joshainglis @karmab @krauthosting click here for bot help

felixfontein commented 1 month ago

The modules have no access to that data. What you can do is use the community.general.proxmox module defaults group (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_module_defaults.html#module-defaults-groups) yourself to provide values for these options based on inventory values.

lyrandy commented 4 weeks ago

Does it help that the various Proxmox modules will fallback to environment vars for the api_host (PROXMOX_HOST), api_port (PROXMOX_PORT), api_user (PROXMOX_USER), and api_password (PROXMOX_PASSWORD) module arguments? The module documentation mentions the environment variable possibility for the password and the port, but not the other module arguments. A quick scan of the source code reveals that indeed environment variables are considered as fallbacks for the host, port, username, and password.

It does seem to be missing the fallback to environment vars for api_token_id and api_token_secret though, which the inventory plugin considers.

I think this would work if you use a Proxmox inventory and tasks that will action on the same Proxmox instance(s). In other words, if the API URIs and credentials match.

Cases where multiple clusters need to be considered from a single Ansible Playbook invocation would be harder to handle with this environment variable-based approach though.

Inventory plugin: https://docs.ansible.com/ansible/latest/collections/community/general/proxmox_inventory.html#parameter-token_id

Proxmox Module: https://docs.ansible.com/ansible/latest/collections/community/general/proxmox_module.html#parameter-api_token_id

Source: https://github.com/ansible-collections/community.general/blob/main/plugins/modules/proxmox.py#L989 https://github.com/ansible-collections/community.general/blob/main/plugins/module_utils/proxmox.py#L26-L52