ovirt_auth - Module to manage authentication to oVirt.¶
New in version 2.2.
Synopsis¶
This module authenticates to oVirt engine and creates SSO token, which should be later used in all other oVirt modules, so all modules don’t need to perform login and logout. This module returns an Ansible fact called ovirt_auth. Every module can use this fact as auth parameter, to perform authentication.
Options¶
| parameter | required | default | choices | comments |
|---|---|---|---|---|
| ca_file |
no |
A PEM file containing the trusted CA certificates. The certificate presented by the server will be verified using these CA certificates. If
ca_file parameter is not set, system wide CA certificate store is used.
| ||
| compress |
no |
A boolean flag indicating if the SDK should ask the server to send compressed responses. The default is True. Note that this is a hint for the server, and that it may return uncompressed data even when this parameter is set to True.
| ||
| insecure |
no |
A boolean flag that indicates if the server TLS certificate and host name should be checked.
| ||
| kerberos |
no |
A boolean flag indicating if Kerberos authentication should be used instead of the default basic authentication.
| ||
| password |
yes |
The password of the user.
| ||
| state |
no | present |
|
Specifies if a token should be created or revoked.
|
| timeout |
no |
The maximum total time to wait for the response, in seconds. A value of zero (the default) means wait forever. If the timeout expires before the response is received an exception will be raised.
| ||
| url |
yes |
A string containing the base URL of the server. For example: https://server.example.com/ovirt-engine/api.
| ||
| username |
yes |
The name of the user. For example: admin@internal.
|
Examples¶
tasks: - block: # Create a vault with `ovirt_password` variable which store your # oVirt user's password, and include that yaml file with variable: - include_vars: ovirt_password.yml # Always be sure to pass 'no_log: true' to ovirt_auth task, # so the oVirt user's password is not logged: - name: Obtain SSO token with using username/password credentials: no_log: true ovirt_auth: url: https://ovirt.example.com/ovirt-engine/api username: admin@internal ca_file: ca.pem password: "{{ ovirt_password }}" # Previous task generated I(ovirt_auth) fact, which you can later use # in different modules as follows: - ovirt_vms: auth: "{{ ovirt_auth }}" state: absent name: myvm always: - name: Always revoke the SSO token ovirt_auth: state: absent ovirt_auth: "{{ ovirt_auth }}"
Return Values¶
Common return values are documented here common_return_values, the following are the fields unique to this module:
| name | description | returned | type | sample | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ovirt_auth | Authentication facts, needed to perform authentication to oVirt. | success | dictionary | |||||||||||||||||||||||||||||||||||||||||
| contains: |
| |||||||||||||||||||||||||||||||||||||||||||
Notes¶
Note
Everytime you use ovirt_auth module to obtain ticket, you need to also revoke the ticket, when you no longer need it, otherwise the ticket would be revoked by engine when it expires. For an example of how to achieve that, please take a look at examples section.
This is an Extras Module¶
For more information on what this means please read modules_extra
For help in developing on modules, should you be so inclined, please read community, developing_test_pr and developing_modules.