tl;dr: Does Ansible have a variable containing the current Python interpreter?
As part of my playbook, I am creating a Python script on the controller (to be run by another command), and I want that script to be run by the Python interpreter being used by Ansible. To do this I am trying to set the interpreter in the shebang of the script.
If I were to set the interpreter manually, I could use the ansible_python_interpreter variable (and I have had it working that way). If I don't set the interpreter manually, then Ansible will auto-discover an interpreter, but I can no longer use the ansible_python_interpreter variable because it is not set.
From looking through the documentation I have been unable to find any way to see which interpreter Ansible has auto-detected. Is there something I've missed?
(Ansible version 2.9.10, Python 3.6)
The complete situation:
I am running Ansible on AWX (open-source Ansible Tower), using a custom virtual environment as the runner. I use Hashicorp Vault as a secret management system, rather than keeping secrets in AWX. For access to Vault I use short-lived access tokens, which doesn't work well with AWX's built-in support for pulling secrets from Vault, so instead I do it manually (so that I can supply a Vault token at job launch time). That works well for me, generally.
In this particular case, I am running ansible-vault (yes, there are too many things called 'vault') on the controller to decrypt a secret. I am using the --vault-password-file argument to supply the decryption password via a script. Since the virtual env that I am using already has the hvac package installed, I wish to just use a brief Python script to pull the password from Hashicorp Vault. All works fine, except that I can't figure out how to set the shebang on this script to point at the virtual environment that Ansible is using.
If I can't get a useable answer to this, I suppose I can change to instead pull the password directly into Ansible and then use the --ask-vault-pass flag to pass the password that way. It just seems to me that the interpreter should really be exposed somewhere by Ansible, so I'm trying that first.
As described in Special Variables ansible_playbook_python variable holds the path to python interpreter being used by Ansible on the controller.
With gather_facts: yes you should be able to get the active python using the ansible_facts.python variable.
Related
As the title says, I have a Python script I wrote that I would like to allow others to use.
The script is an API aggregator, and it requires a client_id and secret to access the API. As of now I have an env file which stores these values and I'm able to get the values from the env file.
My question is now that I have finished the script locally, how do I deploy with the environment variables it so others can use it given that the environment variables are required?
Sorry if this is a simple question - new to writing scripts for others to use.
The only thing I could think of was including the .env when I push to github, but not sure if that's great practice since my client_id and secret are stored there
I have a script that connects to a third party API that uses a public and secret key. The connection is written in python and works on PowerBI desktop and also on the web app in production.
However the keys are hard coded into the script and this doesn't feel like best practice. Is there a way to use Environment Variables in PowerBI so I can remove the keys from the script?
I was just working on this today! I was able to store my credentials as environment variables on my computer and then call them in my python script using os.getenv("SECRET_KEY") etc.
I did have to restart my PowerBI Desktop after saving them to my computer.
Additional information -
os is a python library to interface with your local machine. os.getenv accesses the environment variables that you have stored on your system. Windows users can create env vars here and mac users typically set them via terminal like this
I am new to Jenkins, and I need to use python to read some user credentials which are stored on Jenkins, I am confused about how to do that.
I have created some global credentials in my local jenkins. I want to use python to read and use these credentials.
The above photo is the credential I created.
I also have some jenkins CI pipeline code for reading and using the credentials, and I want to know is there some way allow me to use them in python?
When you use withCredentials block, you can use uname and pass as the environment variables. I'm not good at Python, but os.environ['uname'] and os.environ['pass'] can be used inside the block.
I'm using AWS for the first time and have just installed boto for python. I'm stuck at the step where it advices to:
"You can place this file either at /etc/boto.cfg for system-wide use or in the home directory of the user executing the commands as ~/.boto."
Honestly, I have no idea what to do. First, I can't find the boto.cfg and second I'm not sure which command to execute for the second option.
Also, when I deploy the application to my server, I'm assuming I need to do the same thing there too...
"You can place this file either at /etc/boto.cfg for system-wide use
or in the home directory of the user executing the commands as
~/.boto."
The former simply means that you might create a configuration file named boto.cfg within directory /etc (i.e. it won't necessarily be there already, depending on how boto has been installed on your particular system).
The latter is indeed phrased a bit unfortunate - ~/.boto means that boto will look for a configuration file named .boto within the home directory of the user executing the commands (i.e. Python scripts) which are facilitating the boto library.
You can read more about this in the boto wiki article BotoConfig, e.g. regarding the question at hand:
A boto config file is simply a .ini format configuration file that
specifies values for options that control the behavior of the boto
library. Upon startup, the boto library looks for configuration files
in the following locations and in the following order:
/etc/boto.cfg - for site-wide settings that all users on this machine
will use
~/.boto - for user-specific settings
You'll indeed need to prepare a respective configuration file on the server your application is deployed to as well.
Good luck!
For those who want to configure the credentials in Windows:
1-Create your file with the name you want(e.g boto_config.cfg) and place it in a location of your choice(e.g C:\Users\\configs).
2- Create an environment variable with the Name='BOTO_CONFIG' and Value= file_location/file_name
3- Boto is now ready to work with credentials automatically configured!
To create environment variables in Windows follow this tutorial: http://www.onlinehowto.net/Tutorials/Windows-7/Creating-System-Environment-Variables-in-Windows-7/1705
For anyone looking for information on the now-current boto3, it does not use a separate configuration file but rather respects the default one created by the aws cli when running aws configure (Ie, it will look at ~/.aws/config)
I need to write a script in python to check a webpage, which is protected by kerberos. Is there any possibility to do this from within python and how? The script is going to be deployed on a linux environment with python 2.4.something installed.
dertoni
I think that python-krbV and most Linux distributions also have a python-kerberos package. For example, Debian has one of the same name. Here's the documentation on it
Extract from link:
"This Python package is a high-level wrapper for Kerberos (GSSAPI)
operations. The goal is to avoid having to build a module that wraps
the entire Kerberos.framework, and instead offer a limited set of
functions that do what is needed for client/server Kerberos
authentication based on http://www.ietf.org/rfc/rfc4559.txt. "