Red Hat SummitChapter 2. Prerequisites for Installing Red Hat Ansible Automation Platform on Microsoft Azure
To install Ansible Automation Platform on Microsoft Azure, you must first ensure your environment meets all technical prerequisites.
2.1. Azure requirements
- A subscription for Microsoft Azure.
- Contributor or Administrator access to that Azure subscription.
- Access to the Azure command line interface (CLI).
2.2. Ansible Automation Platform requirements
- An account on the Red Hat Red Hat Customer Portal (access.redhat.com).
- A specific subscription entitlement for Red Hat Ansible Automation Platform.
2.3. Azure resource quotas and infrastructure limits
Microsoft imposes resource limits within each Azure region. The CPU limit is the most likely to impact Red Hat Ansible Automation Platform on Microsoft Azure.
Before you install Ansible Automation Platform on Microsoft Azure, ensure that you have capacity to deploy the managed application into your desired region. Refer to Ansible Automation Platform on Microsoft Azure infrastructure usage for infrastructure requirements.
2.3.1. Regional vCPU limits
The Azure resources used during the deployment of the managed application temporarily exceed the resource requirements in Ansible Automation Platform on Microsoft Azure infrastructure usage. The Total Regional vCPUs quota is temporarily consumed when deploying the managed application.
Every Azure region has a separate Total Regional vCPUs quota. To prevent installation failure, ensure that you have at least 80 DDSv5 and 8 DSV3 vCPUs available in the Azure region where you want to deploy the managed application.
You can view the resource quotas for your subscription from the Azure console. Open the My Quotas page and select the region where you wish to deploy the managed application to view your allocation and usage metrics for that region. Ensure that you have selected a single region. Viewing all regions at once does not show the limitations of a single Azure region.
2.3.2. Regional StandardCore limits
The StandardCore limit is a compute metric for the resources that are temporarily consumed when deploying the managed application.
It is possible that the Ansible Automation Platform on Microsoft Azure can deploy without hitting the StandardCore limit. When a deployment fails because the consumed resources hit the StandardCore limit, the error message includes container group quota 'StandardCores' exceeded:
2.3.3. Requesting StandardCore limit increase
The StandardCore metric is not displayed in the My Quotas page in the Azure console. To request the value of your regional limit, contact Microsoft directly.
If your deployments fail because the consumed resources reach this limit, you must submit a resource increase request for StandardCore to Microsoft. Only submit a quota increase request if you encounter a deployment failure due to this issue.
Use the following information to respond to questions from Microsoft support:
- Will the container groups be run in Linux or Windows?
- Linux
- What will the core and memory be in your Container Group instance?
- Red Hat recommends 20 cores, 16 GB
- When will you create all the Container Group Instances?
- During managed application deployment of Red Hat Ansible Automation Platform on Microsoft Azure
- How frequent will you create/delete the container groups?
- Only during managed application deployment of Red Hat Ansible Automation Platform on Microsoft Azure
2.4. Azure resource providers
Microsoft uses Azure resource providers as a set of REST operations that enable functionality for a specific Azure service in an Azure subscription.
For example, the Key Vault service consists of a resource provider named Microsoft.KeyVault. The resource provider defines REST operations for managing vaults, secrets, keys, and certificates.
The resource provider defines the Azure resources you can deploy in your Azure subscription.
2.4.1. Required Azure Resource Providers
Ansible Automation Platform on Microsoft Azure installation requires specific Azure Resource Providers registered in your Azure subscription before you attempt a new installation:
2.4.2. Registering Azure Resource Providers
To register Azure Resource Providers, follow the instructions in the Register resource provider section of the Azure documentation.
2.5. Network
When you deploy Ansible Automation Platform on Microsoft Azure, you can configure the following networks in the Networking tab of the form:
- The networking address range (CIDR block) for the VNet that your Ansible Automation Platform on Microsoft Azure application uses.
- AKS network CIDR blocks.
Plan your networking configuration before you deploy the Ansible Automation Platform on Microsoft Azure application, because you cannot change it after deployment.
2.5.1. VNet CIDR blocks
You can configure the networking address range (CIDR block) for the VNet that your Ansible Automation Platform on Microsoft Azure application uses.
You set the CIDR block for the application in the Configure virtual networks section of the form when you deploy Ansible Automation Platform on Microsoft Azure.
When you are planning your network configuration, bear the following in mind:
The managed application requires at least a /24 Vnet that is divided into four subnets. The subnets have minimum address spacing.
Expand Networking entity Minimum CIDR Block VNet
/24
Cluster subnet
/26
Gateway subnet
/28
Database subnet
/28
Private link subnet
/28
- Ensure that the VNet range you configure does not intersect with the default CIDR block for AKS clusters (10.0.0.0/16). The Azure user interface does not prevent you entering this range, but using the default AKS CIDR block for your VNet causes networking issues.
- To ensure successful network peering and communication between Ansible Automation Platform on Microsoft Azure and your existing networks, your enterprise network ranges must not overlap with the VNet network range.
- If you do not have any existing Azure VNets, the Azure user interface suggests a default CIDR block and range for the VNet. Do not accept these defaults. Instead, use the network configuration that you have planned.
For information about planning the network address range and completing the networking configuration form on deployment, refer to Red Hat Ansible Automation Platform on Microsoft Azure VNet Preparation.
2.5.2. AKS CIDR Blocks
You can configure the AKS network CIDR blocks. Traffic that originates from the AKS cluster appears to come from the range configured in AKS, not from the VNET.
When you are planning your AKS CIDR block configuration, bear the following in mind:
- Ensure that these network ranges do not overlap with any existing network range in your enterprise network.
Do not use the following reserved network ranges:
Expand AKS Reserved CIDR Blocks 169.254.0.0/16
172.30.0.0/16
172.31.0.0/16
192.0.2.0/24
172.17.0.1/26
You can configure the AKS network CIDR blocks in the Configure AKS networks area of the networking tab. Do not accept the default values suggested in the Azure user interface. Instead, use the CIDR blocks that you have planned. The settings have the following requirements:
| Network | Description | Requirements |
| Service CIDR | A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP ranges. | Requires a /24 block at minimum. A larger block is not necessary. This CIDR block must not intersect with the CIDR of the Pod CIDR block. This CIDR block also must not intersect with the CIDR of the VNET CIDR block. |
| DNS Service IP | An IP address assigned to the Kubernetes DNS service.
It must be within the Kubernetes service address range specified in | Must be an IP address in the Service CIDR other than the first IP in that range.
Red Hat recommends using the first |
| Pod CIDR | A CIDR notation IP range from which to assign pod IPs when kubenet is used. | Requires a /19 or larger block. This CIDR block must not intersect with the CIDR of the Service CIDR block. |
2.6. Azure Policy
Azure Policy is a tool to help organizations enforce compliance of Azure resources to defined standards.
For information on using Azure Policy with Ansible Automation Platform on Microsoft Azure, see Azure Policy and Ansible on Azure.
2.7. Entitling your subscription
To access your deployment, you need an existing subscription entitlement that you can assign to your Ansible Automation Platform when you first log in.
For information on obtaining a subscription entitlement and attaching it to Ansible Automation Platform, see Red Hat Ansible Automation Platform on Microsoft Azure Subscription Entitlement Association.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}