The tool tower-cli is often used to pre-configure Ansible Tower in a scripted way. It provides a convenient way to boot-strap a Tower configuration. But adding SSH keys as machine credentials is far from easy.
Boot-strapping Ansible Tower can become necessary for testing and QA environments where the same setup is created and destroyed multiple times. Other use cases are when multiple Tower installations need to be configured in the same way or share at least a larger part of the configuration.
One of the necessary tasks in such setups is to create machine credentials in Ansible Tower so that Ansible is able to connect properly to a target machine. In a Linux environment, this is often done via SSH keys.
However, tower-cli calls the Tower API in the background – and JSON POST data need to be in one line. But SSH keys come in multiple lines, so providing the file via a $(cat ssh_file) does not work:
tower-cli credential create --name "Example Credentials" \
--organization "Default" --credential-type "Machine" \
--inputs="{\"username\":\"ansible\",\"ssh_key_data\":\"$(cat .ssh/id_rsa)\",\"become_method\":\"sudo\"}"
Multiple workarounds can be found on the net, like manually editing the file to remove the new lines or creating a dedicated variables file containing the SSH key. There is even a bug report discussing that.
But for my use case I needed to read an existing SSH file directly, and did not want to add another manual step or create an additional variables file. The trick is a rather complex piece of SED:
$(sed -E ':a;N;$!ba;s/\r{0,1}\n/\\n/g' /home/ansible/.ssh/id_rsa)
This basically reads in the entire file (instead of just line by line), removes the new lines and replaces them with \n. To be precise:
- we first create a label
"a" - append the next line to the pattern space (
"N") - find out if this is the last line or not (
"$!"), and if not - branch back to label a (
"ba") - after that, we search for the new lines (
"\r{0,1}") - and replace them with the string for a new line,
"\n"
Note that this needs to be accompanied with proper line endings and quotation marks. The full call of tower-cli with the sed command inside is:
tower-cli credential create --name "Example Credentials" \
--organization "Default" --credential-type "Machine" \
--inputs="{\"username\":\"ansible\",\"ssh_key_data\":\"$(sed -E ':a;N;$!ba;s/\r{0,1}\n/\\n/g' /home/ansible/.ssh/id_rsa)\n\",\"become_method\":\"sudo\"}"
Note all the escaped quotations marks.
Update
Another way to add the keys is to provide yaml in the shell command:
tower-cli credential create --name "Example Credentials" \
--organization "Default" --credential-type "Machine" \
--inputs='username: ansible
become_method: sudo
ssh_key_data: |
'"$(sed 's/^/ /' /home/ansible/.ssh/id_rsa)"
This method is appealing since the corresponding sed call is a little bit easier to understand. But make sure to indent the variables exactly like shown above.
Thanks to the @ericzolf of the Red Hat Automation Community of Practice hinting me to that solution. If you are interested in the Red Hat Communities of Practice, you can read more about them in the blog “Communities of practice: Straight from the open source”.
/home/liquidat 