This previous post showed how to setup and use SSL certificates for authentication instead of a username/password combination.  The post mentioned that this can be used with Tower as well.  This new post will show the minor updates to a Projects repository that are needed to use certificates.

Normally everything someone would need to do is included in these blogs.  This one assumes a bit of pre-existing knowledge.  Primarily you’ll require an understanding of how to use a SCM repository. In this case I am using a git compatible repository.

As shown in the post “Adding a Project and first Template”, Ansible Tower Projects are linked to SCM repositories.  All that is needed to be able to use the certificates created, is to add them to the repository and then use their relative path to indicate where they are.  That means to reference them in relation to where they are located compared to the playbook being run.

If this is the structure of the repository:

- playbook1.yml
- playbook2.yml
- playbook3.yml
- group1
- - playbook4.yml

A directory named certs could be created with the .key and .pem files:

- playbook1.yml
- playbook2.yml
- playbook3.yml
- group1
- - playbook4.yml
- certs
- - admin.key 
- - admin.pem

*SECURITY NOTE: This does mean that your private key must be kept in the SCM repository, so a public repository like github.com should not be used for this purpose.

For playbooks playbook1.yml through playbook3.yml the file path would look like this:

cert_filepath: certs/admin.pem
key_filepath: certs/admin.key

For playbook4.yml you have to use the ../ pathing to tell Ansible to start one directory up from the current directory as in the following:

cert_filepath: ../certs/admin.pem
key_filepath: ../certs/admin.key

That is all it takes to use certificates with Ansible Tower for ONTAP authentication.

As always if you have any questions or comments you can join us in thePub Slack workspace in the #configurationmgmt channel.  If you aren’t a part of thePub workspace get an invite at netapp.io/slack.

David Blackwell on Linkedin
David Blackwell
Technical Marketing Engineer at NetApp
David is a twenty year IT veteran who has been an admin for just about every aspect of a DataCenter at one time or another. When not working, or tinkering with new software at home, David spends most of his free time with his five year old son and his lovely wife.

Pin It on Pinterest