IBM Cloud Docs
Secure and streamline Ansible automation with Schematics multihost credentials and variables

Secure and streamline Ansible automation with Schematics multihost credentials and variables

Ansible playbooks in IBM Cloud® Schematics enable automation of configuration and application deployment on various hosts. For secure management of access to these hosts, Schematics offers multihost credentials and variables support. The multihost approach centralizes and securely handles authentication details, including SSH keys, usernames, and passwords for numerous target systems in one place. This streamlines the process and enhances security by avoiding the need to hardcode credentials directly into playbooks.

Managing Credentials

Multihost credentials in Schematics streamlines Ansible deployment management by centralizing credentials, reducing duplication, enhancing security through encryption and role-based access, and can ensure consistency across environments. This approach simplifies large-scale automation, maintains compliance, and strengthens security.

Types of credentials

Schematics supports different credential types to manage host and group access. These credential types offer flexibility and security in managing host access for automation workflows.

  1. Group and Host Credentials: Shared access details for multiple hosts, with host credentials specific to individual hosts.
  2. Common Credential: A global access credential shared by all hosts, simplifying management by reducing the need for unique credentials per host.
  3. Bastion Credentials: Used to connect through a Bastion host, acting as a secure gateway to protected hosts or groups.

Managing variables

Managing variables simplifies updates, reduces inconsistencies, minimizes sensitive data exposure, promotes consistency, and can easily adapt in environments, making automation tasks more robust and maintainable. The following are the primary types of variables.

  1. Host Variables: Settings are applied to individual hosts, enabling customization of specific configurations like IP addresses or credentials for a particular server.

  2. Group Variables: Applies the same settings to all hosts within a group, simplifying the management of shared configurations, such as common users or environment settings.

Both managing credentials and variables are applicable to static inventory in Schematics. You can define and securely store access details (credentials) and configuration settings (variables) for your hosts within a static inventory file, ensuring consistent and secure automation task execution across your infrastructure. For more information about static inventory, see static inventory.

Managing credentials and variables by using Console

To manage credentials and variables by using the Schematics UI, follow these steps:

  1. Log in to the IBM Cloud console.
  2. Click the Menu icon Hamburger icon > Platform Automation > Schematics > Ansible.
  3. Select your playbook and click Inventory from the left pane.
  4. Click the three dots next to the inventory name and select Manage Credentials.
  5. To add new credentials, click Add credentials. And enter the required details. For example, the username and password for Common Credentials and click Add. You can edit or delete existing credentials as needed.
  6. For managing variables, click Add variables. Choose the Host or Host group, specify the Variable name, value, and mark the variable as sensitive if necessary. You can also edit or delete existing variables.
  7. After configuring credentials and variables, Navigate to the Overview panel, review your actions, and make any necessary edits.
  8. Click Run your action and monitor the logs for successful execution.

Managing credentials and variables by using CLI

To manage credentials and variables by using the Schematics CLI, follow these steps:

  1. From your local command line interface, setup your CLI and Schematics plug-in.
  2. Create an inventory by using the ibmcloud schematics inventory create command.
  3. Check the logs to verify that the creation was successful.

Managing credentials and variables by using API

To manage credentials and variables by using the Schematics API, follow these steps:

  1. Retrieve your IAM access token and authenticate with Schematics using the API.
  2. Create an inventory by sending a POST request.
  3. Check the response status to verify that the creation was successful.

Next steps

After managing your credentials or variables, you can further enhance your workflow by Creating an auto deploy button. The feature allows you to trigger your Schematics action automatically, streamlining the deployment process, and reducing manual intervention.