| Ansible Config Provider Discovery on Day 0 |
- Configure Ansible credentials reference link: https://docs.ansible.com/ansible-tower/latest/html/userguide/credentials.html
- Creating Ansible tower users: https://docs.ansible.com/ansible-tower/3.2.5/html/userguide/users.html
- Roles/permissions can be granted to Ansible tower users per project/ inventory/ job template/credentials as required. For more details: https://docs.ansible.com/ansible-tower/latest/html/userguide/users.html#users-permissions
- CAPI uses basic authentication token based mechanism which uses the Ansible tower user's credentials. OAuth tokens based on basic authentication credentials are generated.
- Projects that contain the GitHub credentials of the playbook (this is where .yml files exist) is configured manually on Ansible. For more information: https://docs.ansible.com/ansible-tower/latest/html/userguide/credentials.html#source-control
- Uses Ansible credentials for Discovery of Inventory, projects, cfg installable– job templates (fetching playbooks and its extra variables) using CAPI.
|
| Ansible Catalog provision/ de-provision on Day 1 |
Uses Ansible tower user credentials and service account credentials of Amazon Web Services/ Azure given in the Ansible job template. |
| Ansible tag:GetResources for discovery |
Uses tag:GetResources
permission to discover AWS resources provisioned through Ansible pipeline. |
| Ansible Day 2 operations |
Uses Ansible tower user credentials, service account credentials of Amazon Web Services/ Azure and private ssh key pair or windows user name/password, to connect to the particular cloud resource
provisioned. |