If a git repository requires credentials to clone, and you are still using a username/password (instead of ssh key), it is still possible to have the repository cloned in your automation scripts without be prompted.
You just have to ensure that the username and password are properly URL encoded. From the command line, the syntax is:
git clone https://<user>:<password>@<gitserver>/<path>/<repo>.git
Where any special characters in the password are URL encoded (e.g. an exclamation mark needs to be “%21”). I describe this in my article here. To use the same logic from your Ansible role/playbook, apply the ‘urlencode’ filter.
- git: repo: "https://{{git_user|urlencode()}}:{{git_pass|urlencode()}}@github.com/fabianlee/local-kvm-cloudimage.git" dest: "/tmp/local-kvm-cloudimage" update: yes - name: remove visibility of credentials command: cmd: git remote set-url origin https://github.com/fabianlee/local-kvm-cloudimage.git chdir: "/tmp/local-kvm-cloudimage"
We set the remote URL the second time so that the username/password are not left embedded in the git database and visible from ‘git remote -v’.
‘git_user’ and ‘git_pass’ are Ansible variables that been defined elsewhere (host vars, group vars, playbook, vars prompt, etc).
Here is a link to the full example playbook-git-withcreds.yml, which shows how these variables could be manually requested when the playbook is run (so they do not have to be stored in files).
--- - hosts: all gather_facts: no become: no vars_prompt: - name: git_user private: no - name: git_password private: yes
To silence the manual prompts, you can specify the variables using the ‘extra-vars’ flag.
ansible-playbook playbook-git-withcreds.yml --extra-vars "git_user=myuser git_pass=Myp4ss!"
REFERENCES
fabianlee.org, calling git when password contains special character
Graham Hay, ansible templates and urlencode
NOTES
To use the git module with a proxy, specify in the ‘environment’
- name: checkout git repo with credentials git: repo: https://{{git_username}}:{{git_password|urlencode()}}@github.com/ansible/ansible environment: http_proxy: "http://mysquid:3128" https_proxy: "http://mysquid:3128"