Last active
November 8, 2023 15:11
-
-
Save Pyrrhu5/47640e30e723812b5ae934bc479b6127 to your computer and use it in GitHub Desktop.
Ansible OVH cloud
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Ansible playbook to interact with OVH cloud API | |
| # Create a token | |
| # https://eu.api.ovh.com/createToken/ | |
| # every methods: `/*` | |
| --- | |
| # It requires a secret.yaml | |
| ovh: | |
| application_key: | |
| application_secret: | |
| consumer_key: | |
| --- | |
| - name: Login to OVH | |
| hosts: all | |
| gather_facts: no | |
| vars: | |
| secrets: "{{ lookup('file', 'secrets.yaml') | from_yaml }}" | |
| base_url: "https://eu.api.ovh.com/v1" | |
| # Define here the HTTP method | |
| method: GET | |
| # Define here the payload for the POSTs/PUTs | |
| # Empty body should be like this (not empty brackets) | |
| body: "" | |
| # Bodies with Ansible variables are a pain in the arse, as Ansible is going to change double quotes for single quotes | |
| # So the signature is going to fails as the hash generated is not equal to the payload sent. | |
| # The trick is dirty, but works. | |
| # In this ignominy, the space before {\"ip is REALLY important, it prevents so weird Ansible casting | |
| body: "{{' {\"ip\": \"' + public_ip_address + '\", \"subDomain\": \"' + item.service_name + '\"}'}}" | |
| # If no variable is needed, the code can be cleaner | |
| body: {"ip": "127.0.0.1", "subDomain": "ew"} | |
| # Define here the route to call | |
| endpoint: "{{ base_url }}/domain" | |
| tasks: | |
| # Get OVH server time | |
| - name: Get OVH time | |
| ansible.builtin.uri: | |
| url: "{{ base_url }}/auth/time" | |
| method: GET | |
| status_code: 200 | |
| return_content: true | |
| register: time_result | |
| - name: Set time var | |
| set_fact: | |
| time: "{{ time_result.content }}" | |
| # Generate the signature | |
| - name: Set signature | |
| set_fact: | |
| signature: "{{ secrets.ovh.application_secret}}+{{ secrets.ovh.consumer_key }}+{{ method }}+{{ endpoint }}+{{ body }}+{{ time }}" | |
| - name: Encrypt the signature | |
| local_action: | |
| module: shell | |
| cmd: "echo -n '{{ signature }}' | openssl dgst -sha1 | sed -e 's/^.* //'" | |
| register: result | |
| - name: Set signature_encrypted | |
| set_fact: | |
| signature_encrypted: "$1${{ result.stdout }}" | |
| - name: Do stuff | |
| ansible.builtin.uri: | |
| url: "{{ endpoint }}" | |
| method: "{{ method }}" | |
| body_format: json | |
| status_code: 200 | |
| headers: | |
| Content-Type: application/json | |
| X-Ovh-Application: "{{ secrets.ovh.application_key }} " | |
| X-Ovh-Consumer: "{{ secrets.ovh.consumer_key }}" | |
| X-Ovh-Timestamp: "{{ time }}" | |
| X-Ovh-Signature: "{{ signature_encrypted }}" | |
| body: "{{ body }}" | |
| return_content: true | |
| register: login | |
| - name: "debug" | |
| debug: | |
| var: login.json |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment