Ansible Automation Platform integrations

You can create an integration to Ansbile Automation Platform. Red Hat Ansible Automation Platform provides tools for building and operating automation.

IBM supports Ansible as part of the Ansible Automation Platform. For more information about this platform, see Red Hat Ansible Automation Platform.

Note: You can create only one Ansible Automation Platform controller integration. Also, you must have an account with administrator role to create, edit, view, or delete an Ansible Automation Platform integration.

For more information about HTTP headers for the various credential types, see HTTP headers for credential types.

Creating Ansible Automation Platform integrations

Complete the following steps to create an integration to an Ansible Automation Platform controller server.

  1. Log in to IBM Cloud Pak for AIOps console.

  2. Expand the navigation menu (four horizontal bars), then click Define > Integrations.

  3. On the Integrations page, click Add integration.

  4. From the list of available integrations, find and click the Ansible Automation Controller tile.

    Note: If you do not immediately see the integration that you want to create, you can filter the tiles by type of integration. Click the type of integration that you want in the Category section.

  5. On the side-panel, review the instructions and when ready to continue, click Get started.

  6. Enter the base URL of your Ansible Automation Platform controller server. This URL must contain the protocol, for example:

  7. Choose an authentication type. You can select User ID/Password to connect with username and password, or API Token to use a bearer token, previously created with Write Scope in the Ansible.

  8. Enter the chosen authentication information.

  9. Optional: Enter the Ansible Automation Platform controller server root CA certificate, or the Ansible Automation Platform controller self-signed certificate.

    If the Ansible server certificate is based on a root CA certificate, then this root CA certificate must be entered (in PEM format). Some Ansible installations provide a self-generated root CA certificate (for example, at <aap_install_dir>/tls/ca.cert).

    If the Ansible server certificate is a self-signed certificate, then make sure the common name (CN) of the certificate matches the fully qualified domain name of the host system (a certificate with another CN like "localhost" will not be accepted). If needed, replace that certificate with a certificate that is issued for the actual domain name you are using.

    On Linux systems, enter the following command to receive the self-signed certificate:

    echo -n | openssl s_client -servername <ANSIBLE_TOWER_HOSTNAME> -connect <ANSIBLE_TOWER_HOSTNAME>:<ANSIBLE_TOWER_PORT> -showcerts | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > file.cert

    If the command does not work in your environment, use the following variant of the command:

    ex +'g/BEGIN CERTIFICATE/,/END CERTIFICATE/p' <(echo | openssl s_client -showcerts -servername <ANSIBLE_TOWER_HOSTNAME> -connect <ANSIBLE_TOWER_HOSTNAME>:<ANSIBLE_TOWER_PORT>) -scq > file.cert

    If errors occur, make sure your exported certificate that is stored in file.cert contains a full and valid certificate. Errors like verify error:num=20:unable to get local issuer certificate occur due to a missing CA root certificate for the DigiCert CA.

    The resulting file.cert might contain one or more certificates and each certificate begins and ends as follows:

    -----END CERTIFICATE-----

    On Windows systems, use your preferred browser to export the certificate or certificate chain.

  10. Click Done to complete the Ansible Automation Platform integration.

Note: See Ansible actions for additional information on the supported Ansible versions and some other restrictions.