Import/handle ansible vars to foreman

tomabg · May 8, 2020, 7:19am

Hi,

i have a very simple ansible playbook/tasks to change NTP-servers.
This works well and can be imported and started with foreman except ansible variables are not imported to foreman.

So how to handle this?
I want to set and overwrite the ansible variables via foreman GUI.
Is this possible?
i already read a post where to write variables in default folder but i did not get it working:-(

#pwd
/etc/ansible/roles/test

#cat vars/main.yml
---
# vars file for test
NTP_SERVERS:
  - 192.168.0.15
  - 192.168.0.151
  - 192.168.0.152

#cat tasks/main.yml
---
# tasks file for test

- name: Copy the chrony.conf template file
  template: src=templates/chrony.conf.j2 dest=/etc/chrony.conf
  register: ntp_conf

- name: restart chrony
  service:
    name: chronyd
    state: restarted
  when: ntp_conf.changed

Ondrej_Prazak · May 11, 2020, 7:50am

Hi,
foreman imports variables from defaults/main.yml, so when you have that file in your role, the variables should get imported.

tomabg · May 11, 2020, 8:40am

many thanks it just working now perfect!
One small question: per default the values are hidden. Is there maybe a global switch to have it visible by default?

Ondrej_Prazak · May 11, 2020, 10:54am

There is no global setting to change that, but feel free to submit a feature request in redmine.

tomabg · May 11, 2020, 9:34pm

Thanks! Feature: “set hidden ansible variables values with global setting” should imho be implemented in future as it makes configuration more efficient…however probably a user settings needs to be introduced for users should not see this values…so effort is not soo low…is there a chance to get this feature ??

Ondrej_Prazak · May 12, 2020, 10:05am

Adding a setting that would determine if imported variables have hidden/visible values on import is quite easy, having different visibility per user is a bit more complex - whether the value is hidden or not is a variable attribute right now and it would have to be moved into the permission system.

It makes me wonder about the use case and whether this granularity is really needed, something similar can be achieved today by not giving users ‘view_ansible_variables’ permission. Of course, they would not see any variable details, not just the variable value.

Still, if the feature request is in redmine, someone may pick it up and start working on it.

tbrisker · May 12, 2020, 10:12am

What is the situation with other parameters such as Global or Puppet? I think a user with view_* permission should be able to see all hidden parameters values, but i might be wrong and it requires edit_* permission,
We should have a unified experience for all parameters in my opinion, rather than adding a specific setting for ansible.

tomabg · May 13, 2020, 9:44am

i have created a Feature request in redmine for this: Feature #29762: make ansible variables values visible via setting/permissions - Ansible - Foreman

Bernhard_Suttner · January 12, 2021, 10:25am

what is the reason that by default the value of imported variables are hidden?

Ondrej_Prazak · January 13, 2021, 1:24pm

I am not aware of any reason in particular.

Bernhard_Suttner · January 14, 2021, 10:46am

then, shouldn’t we just set the default value for imported values to “not hidden”?