How to Integrate Conjur OSS with Ansible Tower

Hi All,
I installed Conjur OSS, and able to add and test the Credential (CyberArk Conjur Secret Lookup) in Ansible Tower.

From CLI:

[root@rhat-dr-thai conjur-quickstart]# docker-compose exec client conjur list
[
“myConjurAccount:policy:root”,
“myConjurAccount:policy:db”,
“myConjurAccount:policy:ansible”,
“myConjurAccount:policy:vcenter”,
“myConjurAccount:layer:ansible”,
“myConjurAccount:host:ansible/ansible-01”,
> “myConjurAccount:variable:vcenter/vcenter1/host”,
> “myConjurAccount:variable:vcenter/vcenter1/user”,
> “myConjurAccount:variable:vcenter/vcenter1/pass”,
“myConjurAccount:group:vcenter/secrets-users”,
“myConjurAccount:variable:db/host1/host”,
“myConjurAccount:variable:db/host1/user”,
“myConjurAccount:variable:db/host1/pass”,
“myConjurAccount:group:db/secrets-users”
]

However, I have requirement to lookup vcenter/vcenter1/* info from vmware_guest module.
Ansible Playbook Task:

- name: Clone the template
  vmware_guest:
    hostname: "{{ vcenter_hostname }}"
    username: "{{ vcenter_username }}"
    password: "{{ vcenter_password }}"
  ---
  ---
  delegate_to: localhost

I’m still not sure whether cyberark.conjur-lookup-plugin or cyberark.conjur-host-identity I can use, and also how to utilize it.

Really appreciate if you could share your thoughts on this.

Kind Regards,
Abip

Hey @asjarbin ,

Is there a requirement for you to use the lookup plugin? We have another integration that’s built into tower (doesn’t use a lookup plugin) that’s outlined here: https://docs.ansible.com/ansible-tower/3.5.0/html/administration/credential_plugins.html#cyberark-conjur-secret-lookup

It will work with both OSS and Enterprise versions of Conjur.

Thanks,

Darren

Hi Darren,
At the end, I’m using cyberark.conjur-lookup-plugin, and able to retrieve the secrets.

I’m wondering if it works with vmware_guest module which in this case will be executed by Tower (delegate_to: localhost). However, I’ll give it a try too.

Kind Regards,
Abip