Ansible Automation Platform connections

You can create a connection to Ansbile Automation Platform. Red Hat Ansible Automation Platform provides tools for building and operating automation.

IBM supports Ansible as part of the Ansible Automation Platform. For more information about this platform, see Red Hat Ansible Automation Platform.

Note: You can create only one Ansible Automation Platform controller connection. Also, you must have an account with administrator role to create, edit, view, or delete an Ansible Automation Platform connection.

For more information about HTTP headers for the various credential types, see HTTP headers for credential types.

Creating Ansible Automation Platform connections

Complete the following steps to create a connection to an Ansible Automation Platform controller server.

  1. Log in to IBM Cloud Pak Automation console.

  2. Expand the navigation menu (four horizontal bars), then click Define > Data and tool connections.

  3. On the Data and tool connections page, click Add connection.

  4. From the list of available connections, find and click the Ansible Automation Controller tile.

    Note: If you do not immediately see the connection that you want to create, you can filter the tiles by type of connection. Click the type of connection that you want in the Category section.

  5. On the side-panel, review the instructions and when ready to continue, click Connect.

  6. Enter the base URL of your Ansible Automation Platform controller server. This URL must contain the protocol, for example: https://ansible.mycompany.com:443.

  7. Choose an authentication type. You can select User ID/Password to connect with username and password, or API Token to use a bearer token, previously created with Write Scope in the Ansible.

  8. Enter the chosen authentication information.

  9. Optional: Enter the Ansible Automation Platform controller server certificate or certificate chain.

    On Linux systems, enter the following command to receive the certificate or certificate chain:

    echo -n | openssl s_client -servername <ANSIBLE_TOWER_HOSTNAME> -connect <ANSIBLE_TOWER_HOSTNAME>:<ANSIBLE_TOWER_PORT> -showcerts | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > file.cert
    

    If the command does not work in your environment, use the following variant of the command:

    ex +'g/BEGIN CERTIFICATE/,/END CERTIFICATE/p' <(echo | openssl s_client -showcerts -servername <ANSIBLE_TOWER_HOSTNAME> -connect <ANSIBLE_TOWER_HOSTNAME>:<ANSIBLE_TOWER_PORT>) -scq > file.cert
    

    If errors occur, make sure your exported certificate that is stored in file.cert contains a full and valid certificate. Errors like verify error:num=20:unable to get local issuer certificate occur due to a missing CA root certificate for the DigiCert CA.

    The resulting file.cert might contain one or more certificates and each certificate begins and ends as follows:

    -----BEGIN CERTIFICATE-----
    ...
    -----END CERTIFICATE-----
    

    On Windows systems, use your preferred browser to export the certificate or certificate chain.

  10. Click Done to complete the Ansible Automation Platform connection.

If you have performed the steps that are described in Enabling secure communications within the RBA service, then it is mandatory to specify the certificate of the Ansible Automation Platform controller server (or the certificate of the CA, respectively).

Note: When using the standard Ansible Automation Platform installation a self-signed certificate that is issued for CN localhost might be generated. Make sure to replace that certificate with a certificate that is issued for the actual domain name you are using. Otherwise, the connection might not work.