How to manage multiple private keys in AWX

[Fraz Mahmud]

Hi Folks,

I have just imported 150+ hosts from Amazon Web Services into AWX. We have multiple private keys (PEM) for servers e.g. db servers, web servers, file servers all have their own private keys.

However, when creating TEMPLATES to deploy updates or install an application, I can only includes one credential (in this a case a private key). But because i wany to deploy to all hosts this means i need to associate multiple credentials to the same template. 

How can i do this? Is this possible? Does this require a script or external managemet tools?

Any help would be greatly appreciated.  

Thanks.

[Sergio]

Hello,

You can create custom credential types, that way you could have a credential for DB servers, another for web servers, and so on.

The catch is, you can only associate one credential type for each job template.

Another approach is to have one job template for each type of server and conditionally run them using a workflow template.

Good luck!

[Fraz Mahmud]

Hey Sergio,

Thanks for the reply. I have managed to get this to work. For the record, we have approx 100 AWS PEM/SSHkeys so we would have to create 100 custom credentials through the "credential type" menu and then insert some custom variables into the injector configuration and add some fields. See below for an example of how we set up our first credential:

Input configuration

fields:

  - id: username

    type: string

    label: Username

  - id: dev_key

    type: string

    label: SSH Key

    secret: true

    multiline: true

Injector configuration

file:

  template.dev_key: '{{ dev_key }}'

extra_vars:

  dev_ssh_key: '{{ tower.filename.dev_key }}'

  ansible_ssh_user: '{{ username }}'

I have added some screenshots for reference. This allows to us now run a single job template against multiple hosts which use multiple PEM/SSH Keys. 

I have attached some screenshots for the benefit of others.

[Fraz Mahmud]

Forgot to mention, we also needed to pass some variable to the group/tag associated with hosts that share the same PEM/SSH keys. You can see this in the screenshots.