Search
SupportConsoleDevelopersStart a trialContact

Chapter 2. Installation

download PDF

2.1. Prerequisites

Before you can install and register Ansible Automation Platform, you must be familiar with GCP including how services operate, how data is stored, and any privacy implications that may exist by using these services. You must also set up an account with Google Cloud Platform (GCP).

You must have a working knowledge of the following aspects of Google Cloud Platform:

  • Deploying solutions from the GCP Marketplace
  • Compute engine Virtual machine (VM) instances
  • Cloud SQL for PostgreSQL
  • Filestore

  • GPC Virtual Private Clouds (VPCs)

    • Subnets
    • Route Tables
    • Load Balancers

  • Network Design

    • Hub-and-spoke networking designs
    • VPC Peering
    • Class Inter-Domain Routing (CIDR) blocks
    • Transit routing

  • GCP Cloud monitoring

    • GCP Ops agent
  • SSH

For more information about Google Cloud Platform and terminology, see the GCP product documentation.

2.2. Create a project

To install Ansible Automation Platform, you must create a project in your Google Cloud Platform account to host the application if you do not already have one. See Creating and managing projects in the GCP documentation.

2.2.1. Required APIs

Your Google Cloud Platform (GCP) project requires access to several API services to complete Ansible Automation Platform installation. On marketplace deployment, the process automatically attempts to enable the following APIs.

If you prefer, you can enable the APIs ahead of time to ensure they are permitted by your organization.

API ServiceConsole service name

Compute Engine API

compute.googleapis.com

Google Cloud APIs

cloudapis.googleapis.com

Identity and Access Management (IAM) API

iam.googleapis.com

Cloud SQL Admin API

sql-component.googleapis.com

Cloud Logging API

logging.googleapis.com

See Monitoring and logging

Cloud Monitoring API

monitoring.googleapis.com

See Monitoring and logging

Cloud Resource Manager API

cloudresourcemanager.googleapis.com

Cloud Identity-Aware Proxy API

iap.googleapis.com

Secret Manager API

secretmanager.googleapis.com

Service Networking API

servicenetworking.googleapis.com

Service Usage API

serviceusage.googleapis.com

OS Config API

osconfig.googleapis.com

Cloud Runtime Configuration API

runtimeconfig.googleapis.com

Cloud Filestore API

file.googleapis.com

2.2.2. Create a service account

You must have a service account to set up Ansible Automation Platform from GCP Marketplace. This account is used to install and configure the application and remains associated with the Ansible Automation Platform virtual machines. You can use an existing service account with the required roles, or the Ansible Automation Platform deployment can create one with the required roles on your behalf. If you use an existing account, or create a service account in advance, it must have the following roles:

  • Editor
  • Logs Writer
  • Cloud SQL Client
  • Cloud SQL Instance User
  • Secret Manager Secret Accessor
  • Compute Network Admin

See Grant a single role for steps to add the required roles to your existing service account.

The Compute Network Administrator role is only required at the time of deployment to configure the application properly. When installation and configuration are complete, this role can be removed from the service account, which remains configured on the Ansible Automation Platform Virtual Machines.

2.2.3. Policies and permissions

Your GCP account must have the following Identity and Access Management (IAM) permissions to successfully create and manage Ansible Automation Platform deployments as well as the resources described in Application architecture.

Your GCP account must also be licensed to deploy Ansible Automation Platform from GCP Marketplace.

The application can fail to deploy if your IAM policies restrict deployment and management of these resources.

The application has two deployment options:

  • Create a deployment with a new VPC.
  • Create a deployment using an existing VPC.

Both options require the same minimum permissions 

Cloud SQL Client
Cloud SQL Instance User
Compute Network Admin
Editor
Logs Writer
Secret Manager Secret Accessor

2.3. Application deployment

To launch your offer on the Google Cloud Console, navigate to the marketplace and search for Red Hat Ansible Automation Platform 2 - Up to 100 Managed Nodes. After selecting this offer click Launch.

There are four virtual machines included in this product listing. Three n2-standard-2 virtual machines make up the permanent compute components of the solution. Additionally, a single ephemeral e2-medium instance is used to run Red Hat Ansible Automation Platform and Google Cloud deployment workloads. This virtual machine is only used during deployment and then is permanently removed from the solution. The infrastructure cost for the ephemeral VM is charged at the hourly rate during the periiod that the VM exists, usually less than an hour.

Important

A temporary yet necessary constraint has been placed on the length of deployment names. This is due to GCP’s naming scheme for internal components that make up an Ansible Automation Platform deployment. Component names based on this naming scheme can get too long and often break naming constraints imposed by other services, creating deployment errors.

The length of the name of your deployment, plus the length of your GCP project name must be less than 35 characters and the length of the deployment name must be less than 30 characters.

The calculation below will help you find the maximum length of the name of an Ansible Automation Platform deployment in your project.

length of deployment name < = (minimum between 30 and 35) - length(gcp project name)

There are two methods for deploying the application:

2.3.1. Deploying an application with a new VPC

This procedure creates a new VPC network and deploys the application in the created VPC.

Note

The process of deploying the application using a new VPC has been deprecated, and the functionality will be removed from Ansible Automation Platform from GCP Marketplace in a future release.

Procedure

  1. In the Deployment page, select the Service Usage API link below the Confirm Service Usage API is enabled checkbox.
  2. In the API/Service Details tab, ensure that the API is enabled, then return to the Deployment page.
  3. Check the Confirm Service Usage API is enabled checkbox.
  4. Select or create a Service Account. For further information see Your service account.
  5. In the Region field, select the region where you want the application deployed.
  6. In the Zone field, select the zone where you want the Filestore deployed. The zone must be in the Region you selected.
  7. In the Observability section, you can enable logging and metrics to be sent to Cloud Logging and Cloud Monitoring. See Operations Suite Pricing for the financial cost of enabling these services. See Monitoring and logging for more information on configuring this feature.
  8. In the Network Selection section, select New network. The Networking section provides defaults for all of the network ranges used in the deployment. If you want to modify these values, see Networking Options.
  9. Optional: In the Additional Labels section, provide any additional label key and value pairs to be added to the GCP resources that are part of the deployment. Valid keys and values must meet GCP label requirements. For a key, only hyphens, underscores, lowercase characters and numbers are permitted. A key must start with a lowercase character. For a value, only hyphens, underscores, lowercase characters and numbers are permitted.
  10. Click DEPLOY.
  11. The Deployment Manager displays the running deployment.
  12. The application begins provisioning. It can take some time for the infrastructure and application to fully provision.
Note

You will see a warning on the deployment 

This deployment has resources from the Runtime Configurator service, which is in Beta

This warning is expected and is not a cause for concern.

If you want to modify your network ranges post deployment, your current deployment must be deleted, then follow the instructions in Deploying an application with an existing VPC.

2.3.2. Deploying an application with an existing VPC

The following procedure uses an existing VPC network to deploy an application.

Procedure

  1. In the Deployment page, select the Service Usage API link below the Confirm Service Usage API is enabled checkbox.
  2. In the API/Service Details tab, ensure that the API is enabled, then return to the Deployment page.
  3. Check the Confirm Service Usage API is enabled checkbox.
  4. Select or create a Service Account. For further information, see Your service account.
  5. In the Region field, select the region where you want the application deployed.
  6. In the Zone field, select the zone where you want the Filestore deployed. The zone must be in the Region you selected.
  7. In the Observability section, you can enable logging and metrics to be sent to Cloud Logging and Cloud Monitoring. See Operations Suite Pricing for the financial cost of enabling these services. See Monitoring and logging for more information on configuring this feature.
  8. In the Network Selection section, select Existing network.

  9. In the Existing Network section, provide your existing VPC network name, existing subnet name and existing proxy subnet name.

    Note

    The existing proxy subnet must be of type Regional Managed Proxy, which is the reserved proxy-only subnet for load balancing.

    Select cloud NAT router to create a NAT router in your VPC network.

  10. The Networking section provides defaults for all of the network ranges used in the deployment. Provide these values based on your existing network configuration. If you want to modify these values, see Networking Options
  11. Optional: In the Additional Labels section, provide any additional label key and value pairs to be added to the GCP resources that are part of the deployment. Valid keys and values must meet GCP label requirements. For a key, only hyphens, underscores, lowercase characters and numbers are permitted. A key must start with a lowercase character. For a value, only hyphens, underscores, lowercase characters and numbers are permitted.
  12. Click DEPLOY.
  13. The Deployment Manager displays the running deployment.

  14. The application begins provisioning. It can take some time for the infrastructure and application to fully provision.

    Note

    You will see a warning on the deployment. 

    This deployment has resources from the Runtime Configurator service, which is in Beta.

    This warning is expected and is not a cause for concern.

2.4. Deployment information

After deploying Ansible Automation Platform, use the following procedures to retrieve information about your deployment.

2.4.1. Retrieving the administration password

Use the following procedure to retrieve the administration password.

Procedure

  1. In the GCP UI, select the main menu.
  2. Select Security. If you do not see Security, select View All Products.
  3. Select Secret Manager.
  4. Filter with the name of the deployment. The secret name format is <DeploymentName>-aap-admin.
  5. Click on the secret name of the deployment
  6. Click the More Actions icon on the line of the deployment.
  7. Select View secret value. The administration password is displayed.

2.4.2. Retrieving the load balancer addresses

Use the following procedure to retrieve the controller and hub IP address.

Procedure

  1. In the GCP UI, select the main menu.
  2. Select Deployment Manager.
  3. Select Deployments.
  4. Select the deployment name.
  5. Select View Details.
  6. In the right pane, under Deployment properties, find the Layout line.
  7. Select View. The Outputs: section shows the finalValue for the name controllerIp and hubIp.

2.5. Setting up monitoring and logging at deployment time

Procedure

  1. In the GCP UI, navigate to Observability.

  2. Check the Connect Logging and Connect Metrics checkboxes.

    Note

    These checkboxes are only available in the foundation deployment.

2.6. Deploying an extension node

You configure extension nodes after you have purchased and launched an extension from the public or private offer.

Procedure

  1. In the Deployment name field, enter a sufficiently short name as described in Application deployment.
  2. For the Service Account, select the service account used with your Red Hat Ansible Automation Platform with up to 100 Managed Nodes deployment.
  3. In the Region field, select the region where you want the application deployed.
  4. In the Zone field, select a zone in the Region you selected when deploying your foundational offer. This field is only used to filter the Network list.

  5. In the Main Deployment Name field, enter the foundation deployment name for which you are deploying an extension.

    Note

    Main Deployment Name is a required field.

  6. In the Networking section, expand the default option.
  7. In the Network field, select the existing foundation network ending with -aap-net.

  8. In the Subnetwork field, select the existing foundation subnetwork ending with -aap-subnet.

    Important

    Do not select the subnet ending with -aap-proxy-subnet.

    Note

    In case of an error stating Make sure all fields are correct to continue and You must select a Network. Reselect the values from the menu and click Done.

  9. Ensure Extend Ansible Automation Platform deployment in selected VPC is checked.
  10. Click DEPLOY.
  11. The Deployment Manager displays the running deployment.

The extension begins provisioning.

It can take some time for the infrastructure and extension to fully provision.

Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.