Setting up secure communication with the Ansible control node

Ops Center Automator User Guide

Version
10.8.x
File Size
3.6 MB
Audience
anonymous
Part Number
MK-99AUT001-14
You must do the following before setting up secure communications with Ansible:
  • Enable secure client communication in Ops Center Automator.
  • Create the Ops Center Automator SSL certificate with the required host name in CN (Common Name) or SAN(Subject Alternative Name).
  • In the Ansible Control Node, make sure the certificate file extension is .crt or .pem.
  • Import the CA certificate or the Ops Center Automator self-signed certificate to the Linux certificate trust store.
    Note: SSL is enabled by default after a new Ops Center Automator installation. In an upgrade installation, Ops Center Automator retains the current SSL settings.

    If you want to use a new certificate, see "Setting up SSL on the server for secure client communication (Linux OS)" or "Setting up SSL on the server for secure client communication (Windows OS)" in the Hitachi Ops Center Automator Installation and Configuration Guide.

  • Complete the SSL settings between Common Services and the Ansible control node. For details, see "Configuring SSL communications" in the Hitachi Ops Center Automator Installation and Configuration Guide

Prepare the playbook (Ansible control node):

  1. Set the following parameters for Ops Center Automator Ansible modules:
    host: Automator_host_name
    The specified host name must match the CN or SAN attribute of the certificate.
    port: SSL_port_number
    When the ssl parameter is set to yes, the default value is 22016.
    ssl: yes
    The default value is yes.
    validate_certs: yes
    The default value is yes.
  2. Set the following parameters if you use a Common Services user to access the Ops Center Automator server:
    • cs_host: Common_Services_host_name

      The specified host name must match the CN or SAN attribute of the certificate.

    • cs_port: Common_Services_SSL_port_number

      When the ssl parameter is set to yes, the default value is 443.

  3. Run the playbook with an Ansible command, for example:
    $ ansible-playbook