Configuring the Ansible Tower connector

As an automation engineer, you configure an on-premises connector to establish a connection between BMC Helix Intelligent Automation and Ansible Tower. 

To configure a connector, the high-level process includes the following steps:

Connector Config Process.png

Related topics

Managing-automation-policies

Managing-connectors

Deprecated-and-discontinued-features

Task 1: To create a plugin key

  1. In the BMC Helix Intelligent Automation console, click Connectors > Plugin Keys tab.
  2. Click Create Plugin Key and do the following steps: 
    1. (Optional) Enter a new name for the plugin with which you want to associate the plugin key.
    2. (Optional) Update the expiry date for the plugin key.
      By default, a plugin key expires in 90 days. To ensure that the connector is running, you can extend the date before it expires.

    3. Click Download Plugin Key.
      creds.json file gets downloaded. 

      Warning

      If you close the Create Plugin Key panel before downloading the key, you cannot download and use the plugin key. Instead, you need to create a new plugin key.

  3. Click Save.
    The plugin and the associated plugin key appear on the Plugins page.

Optional Task: To reuse an existing plugin key

If you have configured any on-premises connector, you already have a plugin key. You can use the same key to configure any other on-premises connector. 

  1. In the BMC Helix Intelligent Automation console, click Connectors > Available Connectors and click Configure against the connector that you want to configure.
  2. On the following message that appears on the configure connector page, click the download & install link.
    Reuse plugin.png
    On the Configure On-premises Connector page, the plugin keys available for reuse are displayed.
    Available plugins.png
  3. Skip Task 2 and continue with Task 3 to configure the connector.

Task 2: To download the plugin

You can download and run a plugin on a Linux or a Microsoft Windows server. This server should be accessible from the computer where the automation tool or application is installed. 

  1. In the BMC Helix Intelligent Automation console, click Connectors > Available Connectors and click Configure against the connector.
  2. On the following message that appears on the configure connector page, click the download & install link.
    Reuse plugin.png

  3. On the Configure On-premises Connector page, click Download Plugin.
    The remote-restapi-plugin.zip file is downloaded.
  4. Copy and extract the downloaded ZIP file and go to the remote-restapi-plugin directory.
  5. (For Linux only) Ensure that the run.sh file has the execute permission.

Optional task: To use a pass-through proxy server

If the host where you download the plugin to configure a connector does not have internet access, you can use a proxy server to configure the connector. The host where the connector is to be configured and the automation tool must be in the same network domain. 

Proxy Support.gif

  1. Navigate to the remote-restapi-plugin/config directory.

  2. In the proxy.json file, provide the proxy server hostname and port number.

    Example proxy.json file
    {
      "proxy_host": "hostname.bmc.com",
      "proxy_port": "3128",
       "enabled": true
    }

  3. Set the value of enabled to true and continue with to create credentials.
    By default, it is false.

Task 3: To create credentials by using the plugin key

A plugin requires credentials to authenticate and execute various actions on the target applications that are defined in an automation policy. The credential CLI utility enables you to create, search, update, and delete credentials for a plugin. 

This server should be accessible from the server where the on-premise application is installed.

  1. Navigate to the directory where you have extracted the remote-restapi-plugin.zip file.
    The remote-restapi-plugin directory contains credential.sh.
  2. Ensure that the credential.sh file has the execute permission.

  3. Run the following create switch command to create credentials.
    Whenever credentials are created, a unique credential ID is assigned to it.

    Sample command for Microsoft Windows
    credential.bat create -n <credentialsName> -i <http://host:port> -p <provider> -a <AuthenticationType>
    Sample command for Linux
    ./credential.sh create -n <credentialsName> -i <http://host:port> -p <provider> -a <AuthenticationType>
    Example for Ansible Tower by using basic authentication
    ./credential.sh create -n ansibleCreds -i https://172.20.65.241:6443 -p ansible_tower -a basic
    Example for Ansible Tower credentials by using bearer authentication
    ./credential.sh create -n ansibleCreds -i https://172.20.65.241:6443 -p ansible_tower -a bearer

    In the example:

    Field

    Description

    Sample value

    credentialsName

    Enter a unique name for the credentials. A name can contain a maximum of 30 characters. Enclose the name in double quotes if it contains spaces.

    AnsibleTowerCredentials

    credentialsTargetID

    Enter the target identifier based on the credentials provider.

    Note: Ensure that you do not provide the same target ID while configuring any other connector. 

    https://172.20.65.241:6443

    credentialsProviderID

    Enter ansible_tower

    -

    authenticationType

    Enter one of the supported authentication mechanisms: 

    • basic: Requires a username and a password
    • bearer: Requires the access token generated from Ansible Tower

    Bearer: 1ZmDqTScGhe6SHct7vF5To6Pp3Vf3h 


  4. For Login required, enter n.
    Credentials are created successfully. The following figure shows a sample output: 

    {
     "credential_id": "fd5af7f8-6c3d-4116-9ff8-32582b6a64ed",
     "credential_name": "ansible",
     "credential_target_id": "https://hostname.com",
     "credential_type": "",
     "credential_provider_id": "ansible_tower",
     "credential_source": "External",
     "credential_object": {
     "api_key": "dN4k9HzQZYRNII1Q1X8xEKl3zvJv04",
     "login_action": {
     "": {
    "post": {
    "parameters": [],
    "requestBody": {
    "content": {
    "application/x-www-form-urlencoded": {
    "username": "",
    "password": "*******"
    }
    }
    }
    }
    }
    },
    "security_scheme": {
    "type": "http",
    "in": "bearer",
    "bearerFormat": ""
    }
    },
    "encryption_key_id": null,
    "credential_metadata": null,
    "createdAt": "2022-04-27T14:56:56.146Z",
    "updatedAt": "2022-04-27T14:56:56.146Z"
    }
    ]

Task 4: To start and run the plugin as a service

If a remote plugin is installed as a service, you can start, stop, or restart it as any other service. BMC recommends that you run the plugin as a service as against running it as a batch or shell process. You can run remote plugin as a service only on Microsoft Windows Server 2016 Enterprise and CentOS 7 operating systems.

Before running a plugin as a service, ensure that the following prerequisites are fulfilled:

  • You have administrative or root privileges on the host where the plugin is extracted.
  • The host where the plugin is available is also accessible from the host where the application is installed.

To run plugin as a service:

  1. Navigate to the directory where you have extracted the remote-restapi-plugin.zip file.
  2. Run the install.bat (for Microsoft Windows) or install.sh (for Linux) command.
    You can also use the install.bat install command. The plugin now runs as a service.

If a service is installed successfully, in the list of services available in the Microsoft Windows Service Manager, the remote restapi plugin service is displayed. On Linux servers, if you run the install.sh status command, a system process with the name BMC remote-restapi-plugin appears.

Note

The credentials database is now stored at a new location. To ensure backward compatibility, copy the credential.db file from your previous location and place it in the new database location.

OS

Old location

New location

Microsoft Windows

C:\Users\Public\bmc\ia_remote_plugins\database
C:/ProgramData/BMC/ia_remote_plugins/database/

Linux

/root/.bmc/ia_remote_plugins/database/
/var/lib/bmc/ia_remote_plugins/database/ 

Optional: To start the plugin as a batch or shell process

After successfully creating the credentials, run the plugin to enable the connector. 

  1. Navigate to the remote-restapi-plugin/config directory, and replace the creds.json file with the creds.json file that you have downloaded while creating the plugin key.
  2. Run the run.sh script to start the plugin.

Task 5: To test the plugin

BMC recommends that you test whether the plugin is able to connect to the automation tool or application successfully before creating automation policies. 

  1. In the BMC Helix Intelligent Automation console, click Connectors > PluginKeys.
  2. Click Actions > Test against the plugin that is used to configure the connector.
    A message appears that shows that the connection is successful. 

The Ansible Tower connector is configured and appears in the Configured Connectors tab with the status as Connected. 

If the connector is not successfully connected, the status appear as Disconnected. Click the Info Icon.png icon to view the error message and fix the configuration issue.  

Where to go from here

Now that the connector is configured successfully, you can create policies to execute actions supported by Ansible Tower. For more information, see Launching-a-job-template

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*