Cannot use Gitlab personal access token for SCM
729 views
Skip to first unread message
Roman Terescenko
Jul 20, 2020, 11:03:26 AM7/20/20
to AWX Project
I want my AWX to pull git repository from my private repo in gitlab.com.
The choice is either SSH key or personal access token. I would prefer access token, so that I could configure read only access.
How to create token in GitLab: https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html#creating-a-personal-access-token
In AWX, I can add credential for GitLab https://docs.ansible.com/ansible-tower/latest/html/userguide/credentials.html#add-a-new-credential
My AWX v 11.2.0 gives me choice to add "GitLab Personal Access Token"
But when I create project, and use git for SCM, SCM Credentials choice is blank.
I can add ssh key and use it for git, but would prefer not to use ssh key.
Bill Nottingham
Jul 20, 2020, 12:55:06 PM7/20/20
to Roman Terescenko, AWX Project
Roman Terescenko (inv...@gmail.com) said:
> I want my AWX to pull git repository from my private repo in gitlab.com.
>
> The choice is either SSH key or personal access token. I would prefer
> access token, so that I could configure read only access.
>
> How to create token in GitLab:
> https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html#creating-a-personal-access-token
From the top of this doc:
> I want my AWX to pull git repository from my private repo in gitlab.com.
>
> The choice is either SSH key or personal access token. I would prefer
> access token, so that I could configure read only access.
>
> How to create token in GitLab:
> https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html#creating-a-personal-access-token
You can also use personal access tokens with Git to authenticate over HTTP
or SSH. ... In both cases, you can authenticate with a token in place
of your password.
Ergo, use it as a password in a SCM credential.
Bill
Roman Terescenko
Jul 21, 2020, 6:28:35 AM7/21/20
to AWX Project
What is "GitLab Personal Access Token" used for? I cannot find any other use for it in AWX.
Roman Terescenko
Jul 21, 2020, 9:05:53 AM7/21/20
to AWX Project
I may have misunderstood the purpose of tokens. https://www.ansible.com/blog/using-ansible-automation-platform-gitlab-ce-and-webhooks-to-deploy-iis-website
Then I will have no choice but to setup SSH access to git.
On Monday, 20 July 2020 16:03:26 UTC+1, Roman Terescenko wrote:
Roman
Jul 21, 2020, 9:09:17 AM7/21/20
to AWX Project
If SSH is the only way to retrieve git into AWX, then this may not work with my security controls, allowing - outgoing ssh connections.
On Monday, 20 July 2020 16:03:26 UTC+1, Roman Terescenko wrote:
Sergio
Jul 22, 2020, 2:10:40 AM7/22/20
to AWX Project
Hello,
When you create a project in AWX, make sure to use the HTTPS url from your Gitlab repository, that way AWX will use HTTPS and not SSH when cloning the repository.
But, if you don't want to use SSH, how are you connecting to your inventory hosts to run Ansible?
Roman
Jul 22, 2020, 4:29:24 AM7/22/20
to AWX Project
I have figured it out. It is not ideal because API token is stored in clear and anyone with access to AWX can see it. I am not comfortable with this approach but looks like it is the only one apart from SSH key.
1) create personal access token with read_repository permissions: https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html#creating-a-personal-access-token
2) create project, SCM type: Git
2) create project, SCM type: Git
3) paste URL, it should look like: `https://gitlabusername:personal_a...@gitlab.com/group/privateproject.git`
Wei-Yen Tan
Jul 22, 2020, 4:33:13 AM7/22/20
to Roman, AWX Project
From: awx-p...@googlegroups.com <awx-p...@googlegroups.com> on behalf of Roman <inv...@gmail.com>
Sent: Wednesday, July 22, 2020 8:29:23 PM
To: AWX Project <awx-p...@googlegroups.com>
Subject: [awx-project] Re: Cannot use Gitlab personal access token for SCM
Sent: Wednesday, July 22, 2020 8:29:23 PM
To: AWX Project <awx-p...@googlegroups.com>
Subject: [awx-project] Re: Cannot use Gitlab personal access token for SCM
--
You received this message because you are subscribed to the Google Groups "AWX Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to awx-project...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/awx-project/4c0a8bff-b5ac-4643-92b4-6314f88cb129o%40googlegroups.com.
You received this message because you are subscribed to the Google Groups "AWX Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to awx-project...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/awx-project/4c0a8bff-b5ac-4643-92b4-6314f88cb129o%40googlegroups.com.
Message has been deleted
Roman
Jul 22, 2020, 4:59:13 AM7/22/20
to AWX Project
Yes
On Wednesday, 22 July 2020 09:33:13 UTC+1, Wei-Yen Tan wrote:
From: awx-p...@googlegroups.com <awx-p...@googlegroups.com> on behalf of Roman <inv...@gmail.com>
Sent: Wednesday, July 22, 2020 8:29:23 PM
To: AWX Project <awx-p...@googlegroups.com>
Subject: [awx-project] Re: Cannot use Gitlab personal access token for SCM
I have figured it out. It is not ideal because API token is stored in clear and anyone with access to AWX can see it. I am not comfortable with this approach but looks like it is the only one apart from SSH key.
1) create personal access token with read_repository permissions: https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html#creating-a-personal-access-token
2) create project, SCM type: Git
3) paste URL, it should look like: `https://gitlabusername:personal_access_token@gitlab.com/group/privateproject.git`
On Monday, 20 July 2020 16:03:26 UTC+1, Roman wrote:I want my AWX to pull git repository from my private repo in gitlab.com.
The choice is either SSH key or personal access token. I would prefer access token, so that I could configure read only access.
How to create token in GitLab: https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html#creating-a-personal-access-token
In AWX, I can add credential for GitLab https://docs.ansible.com/ansible-tower/latest/html/userguide/credentials.html#add-a-new-credentialMy AWX v 11.2.0 gives me choice to add "GitLab Personal Access Token"But when I create project, and use git for SCM, SCM Credentials choice is blank.
I can add ssh key and use it for git, but would prefer not to use ssh key.
--
You received this message because you are subscribed to the Google Groups "AWX Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to awx-p...@googlegroups.com.
Wei-Yen Tan
Jul 22, 2020, 5:04:51 AM7/22/20
to Roman, AWX Project
If I am right your gitlab token is just in the password of the credential object with your username being the same.
That's how I have used my token currently. I have one on my user account because i use 2fa
Get Outlook for iOS
Sent: Wednesday, July 22, 2020 8:59:13 PM
To: AWX Project <awx-p...@googlegroups.com>
Subject: Re: [awx-project] Re: Cannot use Gitlab personal access token for SCM
To: AWX Project <awx-p...@googlegroups.com>
Subject: Re: [awx-project] Re: Cannot use Gitlab personal access token for SCM
To unsubscribe from this group and stop receiving emails from it, send an email to
awx-project...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/awx-project/41fe458d-9f0b-4a17-9b2a-d43896023909o%40googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/awx-project/41fe458d-9f0b-4a17-9b2a-d43896023909o%40googlegroups.com.
Sergio
Jul 22, 2020, 5:09:56 AM7/22/20
to AWX Project
That's right, you store your token in the password field of a SCM credential and use that credential to update the project in AWX.
El miércoles, 22 de julio de 2020 a las 11:04:51 UTC+2, weiye...@gmail.com escribió:
If I am right your gitlab token is just in the password of the credential object with your username being the same.
That's how I have used my token currently. I have one on my user account because i use 2fa
Get Outlook for iOS
Sent: Wednesday, July 22, 2020 8:59:13 PM
To: AWX Project <awx-p...@googlegroups.com>
Subject: Re: [awx-project] Re: Cannot use Gitlab personal access token for SCM
Yes
On Wednesday, 22 July 2020 09:33:13 UTC+1, Wei-Yen Tan wrote:
From: awx-p...@googlegroups.com <awx-p...@googlegroups.com> on behalf of Roman <inv...@gmail.com>
Sent: Wednesday, July 22, 2020 8:29:23 PM
To: AWX Project <awx-p...@googlegroups.com>
Subject: [awx-project] Re: Cannot use Gitlab personal access token for SCM
I have figured it out. It is not ideal because API token is stored in clear and anyone with access to AWX can see it. I am not comfortable with this approach but looks like it is the only one apart from SSH key.
1) create personal access token with read_repository permissions: https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html#creating-a-personal-access-token
2) create project, SCM type: Git
3) paste URL, it should look like: `https://gitlabusername:personal_a...@gitlab.com/group/privateproject.git`
On Monday, 20 July 2020 16:03:26 UTC+1, Roman wrote:I want my AWX to pull git repository from my private repo in gitlab.com.
The choice is either SSH key or personal access token. I would prefer access token, so that I could configure read only access.
How to create token in GitLab: https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html#creating-a-personal-access-token
In AWX, I can add credential for GitLab https://docs.ansible.com/ansible-tower/latest/html/userguide/credentials.html#add-a-new-credentialMy AWX v 11.2.0 gives me choice to add "GitLab Personal Access Token"But when I create project, and use git for SCM, SCM Credentials choice is blank.
I can add ssh key and use it for git, but would prefer not to use ssh key.
--
You received this message because you are subscribed to the Google Groups "AWX Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to awx-p...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/awx-project/4c0a8bff-b5ac-4643-92b4-6314f88cb129o%40googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "AWX Project" group.
Roman
Jul 22, 2020, 5:14:39 AM7/22/20
to AWX Project
Thanks, that's right, it worked for me.
I stored my personal access token in Credentials, credential type: Source Control
On Wednesday, 22 July 2020 10:09:56 UTC+1, Sergio wrote:
That's right, you store your token in the password field of a SCM credential and use that credential to update the project in AWX.
El miércoles, 22 de julio de 2020 a las 11:04:51 UTC+2, weiye...@gmail.com escribió:
If I am right your gitlab token is just in the password of the credential object with your username being the same.
That's how I have used my token currently. I have one on my user account because i use 2fa
Get Outlook for iOS
Sent: Wednesday, July 22, 2020 8:59:13 PM
To: AWX Project <awx-p...@googlegroups.com>
Subject: Re: [awx-project] Re: Cannot use Gitlab personal access token for SCM
Yes
On Wednesday, 22 July 2020 09:33:13 UTC+1, Wei-Yen Tan wrote:
From: awx-p...@googlegroups.com <awx-p...@googlegroups.com> on behalf of Roman <inv...@gmail.com>
Sent: Wednesday, July 22, 2020 8:29:23 PM
To: AWX Project <awx-p...@googlegroups.com>
Subject: [awx-project] Re: Cannot use Gitlab personal access token for SCM
I have figured it out. It is not ideal because API token is stored in clear and anyone with access to AWX can see it. I am not comfortable with this approach but looks like it is the only one apart from SSH key.
1) create personal access token with read_repository permissions: https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html#creating-a-personal-access-token
2) create project, SCM type: Git
3) paste URL, it should look like: `https://gitlabusername:personal_access_token@gitlab.com/group/privateproject.git`
On Monday, 20 July 2020 16:03:26 UTC+1, Roman wrote:I want my AWX to pull git repository from my private repo in gitlab.com.
The choice is either SSH key or personal access token. I would prefer access token, so that I could configure read only access.
How to create token in GitLab: https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html#creating-a-personal-access-token
In AWX, I can add credential for GitLab https://docs.ansible.com/ansible-tower/latest/html/userguide/credentials.html#add-a-new-credentialMy AWX v 11.2.0 gives me choice to add "GitLab Personal Access Token"But when I create project, and use git for SCM, SCM Credentials choice is blank.
I can add ssh key and use it for git, but would prefer not to use ssh key.
--
You received this message because you are subscribed to the Google Groups "AWX Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to awx-p...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/awx-project/4c0a8bff-b5ac-4643-92b4-6314f88cb129o%40googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "AWX Project" group.
Reply all
Reply to author
Forward
0 new messages