Im trying to pass user credentials from an AWX custom Credential Type that I named Ansible Vault to my ansible playbook. The credential is read fine in my Test Playbook, but when trying to use the credential to connect to the managed server it fails with error: fatal: UNREACHABLE! => {"changed": false, "msg": "ntlm: the specified credentials were rejected by the server", "unreachable": true}
In the Ansible Vault credential I have this
Input config:
fields:
- id: ansible_become_password
type: string
label: password
secret: true
required:
- ansible_become_password
Injector config:
extra_vars:
ansible_become_password: 'myfakepassword'
My Test Playbook
---
- hosts: myhost.com
vars:
ansible_winrm_password: "myfakepassword"
ansible_user: ansiblerunner
ansible_connection: winrm
ansible_port: 5986
ansible_winrm_transport: ntlm
ansible_winrm_server_cert_validation: ignore
source_file: "../files/test.txt"
tasks:
- name: Print Username from Credential
debug:
var: ansible_become_password
My non working playbook
---
- name: Clone and Build .NET Code from GitHub
hosts: myhost.com
gather_facts: true
vars:
ansible_user: ansiblerunner
ansible_winrm_password: ansible_become_password
ansible_connection: winrm
ansible_port: 5986
ansible_winrm_transport: ntlm
ansible_winrm_server_cert_validation: ignore
github_repo_url: "git@github.com/My-Repo/SSLAutomation.git"
clone_destination: "c:\Windows\Temp\SSLAutomation"
ssh_key_path: "../files/id_ed25519"
ansible_become: yes
ansible_become_method: runas
ansible_become_user: ansiblerunner
ansible_become_password: ansible_become_password
ansible_become_flags: logon_type=new_credentials logon_flags=netcredentials_only
tasks:
- name: Delete Existing Github Folder
win_shell: |
rd -r "c:\Windows\Temp\SSLAutomation" -force
- name: Clone the GitHub repository
win_shell: |
git clone {{ github_repo_url }} {{ clone_destination }}
- name: Build .NET code
win_shell: |
cd "c:\Windows\Temp\SSLAutomation\SSLAutomation"
dotnet build -c Release > "C:\SSLAutomationPublish\SSLAutomation.exe"