Mark,
Hi, here's what I have defined in AWX, does that help or hinder?
Administration > Credential types
Created a credential called "Hardware Management Console"
Within that (credential) definition is a field called "Input configuration" into which I put:
fields:
- id: username
type: string
label: Username
- id: password
type: string
label: Password
secret: true
required:
- username
- password
In the field called "Injector configuration" I put:
env:
hmc_password: '{{ password }}'
hmc_username: '{{ username }}'
I then created a new Credential (Resources > Credentials) called "UNIX-HMC" which has a Credential Type of "Hardware Management Console" (i.e. taken from the name of the Credential Type we defined above).
I then created a new Inventory (Resources > Inventories) called "HMC_Inventory" which has the following configuration:
(Source) Name: HMC_plugin
Source: Sourced from a Project
Project: UNIX-ibm << You will need to have already defined a GitHub centric project as that's where the inventory playbook is located
Inventory file: / (project root) << Our inventory (playbook) file is called "hosts.power_hmc.yml" (excerpt provided earlier) which is all alone in its own Repo just to keep things very simple
Credential: UNIX-HMC (we created this above)
Enabled options: "Overwrite local groups and hosts from remote inventory source" and "Update on launch"
Once all the above has been defined and an initial "sync" at the Inventory layer has been run you should then see the HMC inventory appear within the "Group" and "Host" tabs of the inventory based upon how you have defined / filtered your inventory.yml playbook.
Hope that provides some insight into a possible way you can go about things.
Many thanks, Steve
------------------------------
Steve Munday
AIX, IBMi, HMC, PowerVM, PowerVS, Ansible automation engineering
------------------------------
Original Message:
Sent: Tue June 03, 2025 10:45 AM
From: Mark Steele
Subject: Ansible ibm.power_hmc.powervm_inventory plugin security question
If I understand this correctly, this would be using environment variables. Not exactly sure how I would pass them to an execution environment or how to keep that secure. Might be worth mucking with, thanks Steve. Just be so much smoother if I could just pass variables and/or credentials to the plugin.
------------------------------
Mark Steele
Guru
Direct Systems Support
San Diego CA
Original Message:
Sent: Tue June 03, 2025 06:46 AM
From: Steve Munday
Subject: Ansible ibm.power_hmc.powervm_inventory plugin security question
Mark,
Hi, good day to you.
Are you looking to do something like the below then?
plugin: ibm.power_hmc.powervm_inventoryhmc_hosts: - hmc: "HMC1" user: "{{ lookup('env', 'hmc_username') }}" password: "{{ lookup('env', 'hmc_password') }}" - hmc: "HMC2" user: "{{ lookup('env', 'hmc_username') }}" password: "{{ lookup('env', 'hmc_password') }}" - hmc: "HMC3" user: "{{ lookup('env', 'hmc_username') }}" password: "{{ lookup('env', 'hmc_password') }}"filters: PartitionState: 'running'
Many thanks, Steve
------------------------------
Steve Munday
AIX, IBMi, HMC, PowerVM, PowerVS, Ansible automation engineering
Original Message:
Sent: Sun June 01, 2025 07:04 PM
From: Mark Steele
Subject: Ansible ibm.power_hmc.powervm_inventory plugin security question
I'm trying to use the inventory plugin that's part of ibm.power_hmc.
powervm_inventory as per the documentation on Galaxy (Ansible Galaxy) connects to the HMC, pulls and populates AAP inventory. In general, the plugin works as advertised, but what I do NOT want to is hard code hostnames and credentials into the yaml file, as provided in all the examples.
I've tried various different ways to pass it variables in AAP but have had zero success. Has anyone found a way to implement this add-in without hardcoding credentials? Last thing I want is credentials stored in any sort of repositories.
Thanks,
------------------------------
Mark Steele
Guru
Direct Systems Support
San Diego CA
------------------------------