Linux Integration with AD using Thycotic Secret server

214 views
Skip to first unread message

Vinod P

unread,
Aug 19, 2021, 3:51:29 PM8/19/21
to AWX Project
Hello All, 
Hope you all doing OK. 

Did any one tried integrating Thycotic Secret Server with AWX Ansible. 

Description - I Have a project to add all LINUX server to Windows Active directory. 

I was able to add the servers manually, but I would like to use yaml script to add 200 servers by fetching active Directory Admin credentials from Thycotic Server (which is a centralized encrypted password repository.) and use those credentials while adding servers to AD using 'realm join' .

Please some one help me how does AWX Ansible will work with Thycotic Server. 

Regards
Vinod


Bill Medley

unread,
Aug 19, 2021, 6:52:32 PM8/19/21
to Vinod P, AWX Project

It does not work natively with Thycotic.  I had to write a python module to gain access to the secrets stored in Thycotic.  You will need to enable the API in Thycotic, and then create a python script that can pass the information to the api and get the appropriate response.  If you do a google search you will find several examples on how to do this, but it isn’t easy, as once you have the information you then need to parse the xml response to get the value you want(in this case the password field)  Below is the python script that allows you to talk to the API.  It may need some tweaks depending on the version of Thycotic you are using but it should give you an idea on what you need to do:

 

 

#!/usr/bin/env python

# Copyright (c) 2020 William Medley

# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)

 

ANSIBLE_METADATA = {'metadata_version''1.1',

                    'status': ['preview'],

                    'supported_by''community'}

 

DOCUMENTATION = '''

---

 

'''

 

EXAMPLES = '''

 

'''

from ansible.module_utils.basic import *

import sys

import suds

import json

 

fields = {

  "uri": {"required"True"type""str"},

  "username": {"required"True"type""str"},

  "password": {"required"True"type""str""no_log"True},

  "organization": {"required"False"type""str""default"""},

  "domain": {"required"False"type""str""default"""},

  "secretid": {"required"False"type""str"},

  "secret_name": {"required"False"type""str"},

  "searchstring": {"required"False"type""str"}

 }

 

namespaces = { "x""urn:thesecretserver.com" }

 

def searchSecret(usernamepasswordorganizationdomainsearchstring):

    from suds.client import Client

    client = Client("uri")

    #Org code is not necessary for installed edition and can be represented by ""

    token = client.service.Authenticate("username""password""organization""domain")

    searchResult=client.service.SearchSecrets(token.Token, "searchstring")

--
You received this message because you are subscribed to the Google Groups "AWX Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to awx-project...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/awx-project/406b76be-3178-43e2-b780-989c1d3f9c6bn%40googlegroups.com.

Vinod P

unread,
Aug 19, 2021, 11:08:43 PM8/19/21
to Bill Medley, AWX Project
Thank You very much Bill.
--
Thanks & Regards
Vinod 
Reply all
Reply to author
Forward
0 new messages