I am using ansible-vault in a playbook and I want to call it from Jenkinsfile. I have read that you can have the password in a file and just call it like that but I want to do it using the --ask-vault-pass.
I created the credential (secret text) on Jenkins and I want to use it but I don't know how. Been searching around the internet but all I see are questions regarding the usage of the ansible-vault password in a file.
This would be the code:
pipeline {
agent none
environment {
ANSIBLE_VAULT=credentials('ansiblevault')
}
stages {
stage ('Start docker node via Ansible') {
agent { label 'ansible_slave' }
steps {
sh 'ansible-playbook /etc/ansible/instance_start_stop.yml --ask-vault-pass -i hosts --user user1 --key-file /home/user1/.ssh/id_rsa'
}
}
}
}
How could I use the credential in this case? Thanks!
Thanks Zeitounator and β.εηοιτ.βε for your replies!
I tried this:
withCredentials([file(credentialsId: 'ansible_password', variable: 'ansibleVaultKeyFile')]) {
ansiblePlaybook playbook: 'instance_start_stop.yml', inventory: 'hosts', extras: "--user user1 --vault-password-file ${ansibleVaultKeyFile} --key-file /home/user1/.ssh/id_rsa'"
But there was a problem of not having the right permissions since the user I am doing the command with, is not root. So I needed the sudo. I tried using sudoUser but to no avail.
So this is how I implemented it in the end:
withCredentials([file(credentialsId: 'ansible_password', variable: 'ansibleVaultKeyFile')]) {
sh 'sudo ansible-playbook /etc/ansible/instance_start_stop.yml --vault-password-file ${ansibleVaultKeyFile} -i /etc/ansible/hosts --user user1 --key-file /home/user1/.ssh/id_rsa'
}