Skip to content

Instantly share code, notes, and snippets.

@wtfred

wtfred/GitlabCiAnsibleGalaxyGitRepository.md

Last active January 10, 2024 19:15
Show Gist options
  • Save wtfred/abeee62d6a3e4371dbb4b309322dac30 to your computer and use it in GitHub Desktop.
Save wtfred/abeee62d6a3e4371dbb4b309322dac30 to your computer and use it in GitHub Desktop.
Download ZIP
Using same requirements.yml in gitlab-ci with roles in private git repositories, using tokens
Raw
GitlabCiAnsibleGalaxyGitRepository.md

I had a problem using ansible / ansible-galaxy to install roles from a requirements.yml file.

My roles are listed like this:

- src: git+ssh://git@gitlab.domain.lan/ansible/roles/my_role.git
  version: "v1.0.0"

This is working fine when running ansible-galaxy install -r requirements.yml on a host which have permission on the role repository (with a pair of ssh keys)

In Gitlab you can't define a "Deploy key" at group level, so i needed to use a token instead.

To make this works in gitlab-ci without any modification to the requirements.yml file:

  1. In Gitlab, get an Access Token with read_repository for the group that own the role repository

  2. In your project, create a CI/CD variable of type "File" (eg: ANSIBLE_GIT_CREDENTIALS) with git credentials as a URL. https://<TOKEN_USER>:<TOKEN>@gitlab.domain.lan

  3. In gitlab-ci.yml

    1. Store git credentials git config --global credential.helper 'store --file ${ANSIBLE_GIT_CREDENTIALS}'
    2. Make git rewrite urls for the roles repositories to use https instead of ssh git config --global url."https://gitlab.domain.lan/ansible/roles".insteadOf "ssh://git@gitlab.domain.lan/ansible/roles/"
    3. Then you can run ansible-galaxy install -r requirements.yml
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment