Skip to content

Commit

Permalink
Doc: fix formatting for service account authentication note (#3520)
Browse files Browse the repository at this point in the history
  • Loading branch information
@noredistribution
noredistribution authored Jan 22, 2024
1 parent d2e6a56 commit 2cc7261
Showing 1 changed file with 5 additions and 3 deletions.
8 changes: 5 additions & 3 deletions ansible_collections/arista/avd/roles/eos_config_deploy_cvp/docs/avd-to-cvaas.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,14 +11,16 @@ The purpose of this tutorial is to review the steps required in order to integra
!!! info "Important"
The name of the service account created on CVaaS must match a username configured to be authorized on EOS,
otherwise device interactive API calls may fail due to authorization denial.

When using service accounts, on ansible side the `ansible_user` variable must always be `cvaas` or `svc_account`.
The `cvaas` and `svc_account` are special variable names to notify the client to switch to using service accounts instead of creating a session using the login API with username/password.

When using service accounts the username is embedded into the token itself so it does not need to be passed in a separate HTTP header on the client side.
For example when using service accounts we would have the following:
- on the CV UI the username in Users page and Service Accounts page would be john.smith

- on the CV UI the username in Users page and Service Accounts page would be `john.smith`
- on EOS in the running config there would be either a local user: `username john.smith privilege 15 role <roleName> <nopassword/secret>` or one in TACACS/RADIUS
- on ansible side in inventory.yaml the `ansible_user` has to be set to `cvaas` or `svc_account`, e.g.: `ansible_user: cvaas` or `ansible_user: svc_account`
and `ansible_password` will reference the service account token, e.g.: `"{{ lookup('file', '/tokens/cvaas.tok')}}"`
- on ansible side in `inventory.yaml` the `ansible_user` has to be set to `cvaas` or `svc_account`, e.g.: `ansible_user: cvaas` or `ansible_user: svc_account` and `ansible_password` will reference the service account token, e.g.: `"{{ lookup('file', '/tokens/cvaas.tok')}}"`
- reference: [ansible-cvp authentication](https://cvp.avd.sh/en/stable/docs/how-to/cvp-authentication/)

## Steps to create service accounts on CloudVision
Expand Down

0 comments on commit 2cc7261

Please sign in to comment.