Credentials¶

For each resource that needs to be provisioned or artifact that needs to be imported, credentials are required. These credentials will be set in the required teflo.cfg file, and the credential name will be referenced in your scenario descriptor file in the provision section for each resource or artifact that is defined.Or you can set the credentials from a separate file

Define credential from a separate file¶

You can also define the credentials by creating a credential file (For example, credential.keys) and put all the credentials there. Users need to encrypt this credentials file using ansible-vault. The path for this file needs to be provided in the teflo.cfg as CREDENTIAL_PATH. The ansible-vault password needs to be provided in the teflo.cfg file as VAULTPASS. These values are present under the default section of the teflo.cfg file.

You need to define the CREDENTIAL_PATH and VAULTPASS fields in the teflo.cfg.

Note

For the VAULTPASS, you can also export it to be an environment variable, so you can protect the password

the credentials can be either put in teflo.cfg OR put providing a separate credentials file. These are mutually exclusive

Example:

[defaults]
log_level=debug
data_folder=teflo_data/
workspace=.
inventory_folder=css_psi_customerzero/
CREDENTIAL_PATH=credentials.key
VAULTPASS=abc

Beaker Credentials¶

For Beaker, the following table is a list of required and optional keys for your credential section in your teflo.cfg file. You must set either keytab and keytab_principal or username and password:

Key	Description	Type	Required
hub_url	The beaker server url.	String	True
keytab	name of the keytab file, which must be placed in the scenario workspace directory.	String	False
keytab_principal	The principal value of the keytab.	String	False
username	Beaker username.	String	False
password	Beaker username’s password.	String	False
ca_cert	path to a trusted certificate file	String	False
realm	realm to be used. default is ipa.redhat.com	String	False

Below is an example credentials section in the teflo.cfg file. If the credential was defined as below, it should be referenced in your teflo scenario descriptor by the host as credential: beaker-creds:

[credentials:beaker-creds]
hub_url=<hub_url>
keytab=<keytab>
keytab_principal=<keytab_principal>
username=<username>
password=<password>
ca_cert=<ca_cert_path>
realm=<realm to be used, default is ipa.redhat.com>

The following is an example of a resource in the scenario descriptor file that references this credential:

---

name: beaker resource
description: define a teflo host beaker resource to be provisioned

provision:
  - name: beaker-node
    groups: node
    provisioner: beaker-client
    credential: beaker-creds
    arch: x86_64
    distro: RHEL-7.5
    variant: Server
    whiteboard: teflo beaker resource example
    jobgroup: '{{ jobgroup }}'
    username: '{{ username }}'
    password: '{{ password }}'
    host_requires_options:
      - "force={{ host_fqdn }}"
    ksappends:
      - |
        %post
        echo "This is my extra %post script"
        %end

OpenStack Credentials¶

For OpenStack, the following table is a list of required and optional keys for your credential section in your teflo.cfg file.

Key	Description	Type	Required
auth_url	The authentication URL of your OpenStack tenant. (identity)	String	True
tenant_name	The name of your OpenStack tenant.	String	True
username	The username of your OpenStack tenant.	String	True
password	The password of your OpenStack tenant.	String	True
region	The region of your OpenStack tenant to authenticate with.	String	False
domain_name	The name of your OpenStack domain to authenticate with. When not set teflo will use the ‘default’ domain	String	False
project_id	The id of your OpenStack project.	String	False
project_domain_id	The id of the project domain.	String	False

[credentials:openstack-creds]
auth_url=<auth_url>
tenant_name=<tenant_name>
username=<username>
password=<password>
region=<region>
domain_name=<domain_name>
project_id=<project id>
project_domain_id=<project_domain_id>

The following is an example of a resource in the scenario descriptor file that references this credential:

      ansible_user: root
      ansible_ssh_private_key_file: "keys/{{ key_name }}"

# openstack scenario
---

name: openstack resource
description: define a teflo host openstack resource to be provisioned

provision:
  - name: openstack-node
    groups: node
    provisioner: openstack-libcloud
    credential: openstack-creds
    image: rhel-7.5-server-x86_64-released
    flavor: m1.small
    networks:
      - '{{ network }}'
    floating_ip_pool: "10.8.240.0"
    keypair: '{{ keypair }}'

---

name: openstack resource
description: define a teflo host openstack resource to be provisioned

provision:
  - name: openstack-node
    groups: node
    provisioner: openstack-libcloud
    credential: openstack-creds
    image: rhel-7.5-server-x86_64-released
    flavor: m1.small
    networks:
      - '{{ network }}'
    floating_ip_pool: "10.8.240.0"
    keypair: '{{ keypair }}'
    ansible_params:
      ansible_user: cloud-user
      ansible_ssh_private_key_file: "keys/{{ keypair }}"

Email Credentials¶

For email-notifier, the following table is a list of required and optional keys for your credential section in your teflo.cfg file.

Key	Description	Type	Required
smtp_host	The SMTP Server should be used to send emails.	String	True
smtp_port	The port number to use if not using the default port number.	String	False
smtp_user	The username to connect to your SMTP Server if authentication required	String	False
smtp_password	The password of the SMTP user to authenticate if required.	String	False
smtp_starttls	Whether to put the connection in TLS mode.	Boolean	False

[credentials:email-creds]
smtp_host=<smtp server fqdn>
smtp_port=<port number>
smtp_user=<user>
smtp_password=<password>
smtp_starttls=<True/False>