ovirt_auth - Module to manage authentication to oVirt/RHV

New in version 2.2.

Synopsis
Requirements (on host that executes module)
Options
Examples
Return Values
Notes
- Status

Synopsis

This module authenticates to oVirt/RHV engine and creates SSO token, which should be later used in all other oVirt/RHV modules, so all modules don’t need to perform login and logout. This module returns an Ansible fact called ovirt_auth. Every module can use this fact as auth parameter, to perform authentication.

Requirements (on host that executes module)

python >= 2.7
ovirt-engine-sdk-python >= 4.0.0

Options

parameter	required	default	choices	comments
ca_file	no			A PEM file containing the trusted CA certificates. The certificate presented by the server will be verified using these CA certificates. If `ca_file` parameter is not set, system wide CA certificate store is used.
compress	no			A boolean flag indicating if the SDK should ask the server to send compressed responses. The default is True. Note that this is a hint for the server, and that it may return uncompressed data even when this parameter is set to True.
headers (added in 2.4)	no			A dictionary of HTTP headers to be added to each API call.
insecure	no			A boolean flag that indicates if the server TLS certificate and host name should be checked.
kerberos	no			A boolean flag indicating if Kerberos authentication should be used instead of the default basic authentication.
password	yes			The password of the user.
state	no	present	present absent	Specifies if a token should be created or revoked.
timeout	no			The maximum total time to wait for the response, in seconds. A value of zero (the default) means wait forever. If the timeout expires before the response is received an exception will be raised.
url	yes			A string containing the base URL of the server. For example: https://server.example.com/ovirt-engine/api.
username	yes			The name of the user. For example: admin@internal.

Examples

tasks:
  - block:
       # Create a vault with `ovirt_password` variable which store your
       # oVirt/RHV user's password, and include that yaml file with variable:
       - include_vars: ovirt_password.yml

       - name: Obtain SSO token with using username/password credentials
         ovirt_auth:
           url: https://ovirt.example.com/ovirt-engine/api
           username: admin@internal
           ca_file: ca.pem
           password: "{{ ovirt_password }}"

       # Previous task generated I(ovirt_auth) fact, which you can later use
       # in different modules as follows:
       - ovirt_vms:
           auth: "{{ ovirt_auth }}"
           state: absent
           name: myvm

    always:
      - name: Always revoke the SSO token
        ovirt_auth:
          state: absent
          ovirt_auth: "{{ ovirt_auth }}"

Return Values

Common return values are documented here Return Values, the following are the fields unique to this module:

name

description

returned

type

sample

ovirt_auth

Authentication facts, needed to perform authentication to oVirt/RHV.

success

complex

contains:

name	description	returned	type	sample
timeout	Number of seconds to wait for response.	success	int	0
url	URL of the oVirt/RHV engine API endpoint.	success	string	https://ovirt.example.com/ovirt-engine/api
insecure	Flag indicating if insecure connection is used.	success	bool	False
kerberos	Flag indicating if kerberos is used for authentication.	success	bool	False
compress	Flag indicating if compression is used for connection.	success	bool	True
headers	Dictionary of HTTP headers to be added to each API call.	success	dict
token	SSO token which is used for connection to oVirt/RHV engine.	success	string	kdfVWp9ZgeewBXV-iq3Js1-xQJZPSEQ334FLb3eksoEPRaab07DhZ8ED8ghz9lJd-MQ2GqtRIeqhvhCkrUWQPw
ca_file	CA file, which is used to verify SSL/TLS connection.	success	string	ca.pem

Notes

Note

Everytime you use ovirt_auth module to obtain ticket, you need to also revoke the ticket, when you no longer need it, otherwise the ticket would be revoked by engine when it expires. For an example of how to achieve that, please take a look at examples section.
In order to use this module you have to install oVirt/RHV Python SDK. To ensure it’s installed with correct version you can create the following task: pip: name=ovirt-engine-sdk-python version=4.0.0
Note that in oVirt/RHV 4.1 if you want to use a user which is not administrator you must enable the ENGINE_API_FILTER_BY_DEFAULT variable in engine. In oVirt/RHV 4.2 and later it’s enabled by default.

Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.4/ovirt_auth_module.html