CODEWITHSUNDEEP
vagrantfilevagrant-provision
gone t'pub
gone t'pub

Reputation: 1

Vagrantfile provision script credentials

Banging my head of a brick wall with this and have tried multiple methods without success so far. Hoping the Vagrant gurus out there can assist. I am trying to find a method of successfully removing the credential variables RH_username & RH_password so that they are not retained in source code but I cannot figure out how to remove them and construct the script and/or the provision inline correctly.

I don't really want to use $export VAR1 VAR2 ; vagrant reload etc and would prefer to have some sort of hidden 'secrets' file - I tried a couple of 'solutions' but was unable to construct the script/inline properly.

Hopefully this is an easy community answer.

$cat Vagrantfile (snipped to problem area)

RH_username = "XXXXX"
RH_password = "XXXXX"

script = %{
if ! sudo subscription-manager status; then
  sudo subscription-manager register --username=#{RH_username} --password=#{RH_password}
fi
}

Vagrant.configure("2") do |config|
  (1..NODES).each do |i|
    config.vm.define "node#{i}" do |node|

      node.vm.provision "subscription-manager", type: "shell" do |subscription|
        subscription.inline = script
      end # node.vm.provision

    end # config.vm.define
  end # NODES loop
end # Vagrant.configure

Unable to hide credentials

Tried this idea from JustaGuyCoding.com

$vagrant --version
Vagrant 2.3.4

$vagrant plugin list
vagrant-vbguest (0.31.0, global)
vagrant-vmware-desktop (3.0.1, global)

$cat .vagrant/secrets.rb
module Secrets
        RH_username = "XXXXX"
        RH_password = "XXXXX"
end

$cat Vagrantfile (snipped)

require_relative '.vagrant/secrets.rb'
include Secrets

Vagrant.configure("2") do |config|
  (1..NODES).each do |i|
    config.vm.define "node#{i}" do |node|

      node.vm.provision "subscription-manager", type: "shell" do |subscription|
        subscription.inline = "sudo subscription-manager register --username=Secrets::RH_username --password=Secrets::RH_password"
      end # node.vm.provision

    end # config.vm.define
  end # NODES loop
end # Vagrant.configure

But it has not worked : it seems to pick up the secrets OK but they are not being extracted correctly in the provision inline statement

Error summary : The registration command actions but says incorrect username/password.

ERROR

Upvotes: 0

Views: 139

Answers (1)

gone t'pub
gone t'pub

Reputation: 1

Figured it out with a bit of brute force myself (just as well lol)

BOX = "generic/rhel8"
NODES = 3
RAM = 2048

require_relative '.vagrant/secrets.rb'
include Secrets

unregister_script = %{
if sudo subscription-manager status; then
  sudo subscription-manager unregister
fi
}

Vagrant.configure("2") do |config|
  (1..NODES).each do |i|
    config.vm.define "node#{i}" do |node|

      node.vm.provision "subscription-manager", type: "shell" do |subscription|
        subscription.inline = "sudo subscription-manager register --username=#{USER} --password=#{PASS}"
        #subscription.inline = "sudo subscription-manager register --force --username=#{USER} --password=#{PASS}"
      end # node.vm.provision

      node.trigger.before :destroy do |unregister|
        unregister.name = "Unregister VM"
        unregister.info = "Unregistering this VM from RedHat Subscription Manager..."
        unregister.warn = "If this fails, unregister VMs manually at https://access.redhat.com/management/subscriptions"
        unregister.run_remote = {inline: unregister_script}
        unregister.on_error = :continue
      end # node.trigger.before

      node.vm.provision "repolist", type: "shell", run: "always" do |dnf|
        dnf.inline = "sudo dnf repolist"
      end # node.vm.provision

      node.vm.provider "vmware_workstation" do |vmware|
        vmware.gui = false
        vmware.memory = RAM
        vmware.vmx['displayname'] = "vagrant:node#{i}"
        vmware.vmx['guestos'] = "rhel8-64"
      end # node.vm.provider

      node.vm.box = BOX
      node.vm.hostname = "node#{i}"
      node.vm.boot_timeout = 1500
      node.vm.synced_folder "../share/", "/mnt/SHARE"
      node.vm.network "private_network", ip: "192.168.1.#{i + 10}"
    end # config.vm.define
  end # NODES loop
end # Vagrant.configure

For completeness the secrets file

$cat .vagrant/secrets.rb

    module Secrets
            USER = "XXXXX"
            PASS = "XXXXX"
    end

    $vagrant plugin list
    vagrant-secret (0.0.1, global)
    vagrant-vbguest (0.31.0, global)
    vagrant-vmware-desktop (3.0.1, global)

    $vagrant --version
    Vagrant 2.3.4

Upvotes: 0

Related Questions