Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 3. Ansible Automation Platform Controller Configuration Details

This reference architecture focuses on the deployment of Ansible Automation Platform 2.1 using automation mesh on Red Hat Enterprise Linux 8.4 x86_64. The configuration is intended to provide a comprehensive Ansible Automation Platform solution. The key solution components covered within this reference archtiecture consists of:

  • Red Hat Enterprise Linux 8.4
  • Ansible Automation Platform 2.1
  • automation mesh
  • private automation hub

3.1. Network Configuration
Copy link

3.1.1. Chrony Configuration
Copy link

Each Ansible Automation Platform node in the cluster must have access to an NTP server. The chronyd is a daemon for synchronization of the system clock. It can synchronize the clock with NTP servers. This ensures that when cluster nodes use SSL certificates that require validation, they don’t fail if the date and time between the nodes are not in sync.

On all the nodes,

  1. If not installed, install chrony as follows 

    # dnf install chrony --assumeyes
    Copy to Clipboard Toggle word wrap

  2. Edit the /etc/chrony.conf file with a text editor such as vi. 

    # vi /etc/chrony.conf
    Copy to Clipboard Toggle word wrap

  3. Locate the following public server pool section, and modify to include the appropriate servers. Only one server is required, but three is recommended. The iburst option is added to speed up the time that it takes to properly sync with the servers. 

    # Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server <ntp-server-address> iburst
    Copy to Clipboard Toggle word wrap
  4. Save all the changes within the /etc/chrony.conf file.

  5. Start and enable that the chronyd daemon is started when the host is booted. 

    # systemctl --now enable chronyd.service
    Copy to Clipboard Toggle word wrap

  6. Verify the chronyd daemon status. 

    # systemctl status chronyd.service
    Copy to Clipboard Toggle word wrap

3.2. OS Configuration
Copy link

3.2.1. Red Hat Subscription Manager
Copy link

The subscription-manager command registers a system to the Red Hat Network (RHN) and manages the subscription entitlements for a system. The --help option specifies on the command line to query the command for the available options. If the --help option is issued along with a command directive, then options available for the specific command directive are listed.

To use Red Hat Subscription Management for providing packages to a system, the system must first register with the service. In order to register a system, use the subscription-manager command and pass the register command directive. If the --username and --password options are specified, then the command does not prompt for the RHN Network authentication credentials.

An example of registering a system using subscription-manager is shown below. 

# subscription-manager register --username [User] --password '[Password]'
The system has been registered with id: abcd1234-ab12-ab12-ab12-481ba8187f60
Copy to Clipboard Toggle word wrap

After a system is registered, it must be attached to an entitlement pool. For the purposes of this reference environment, the Red Hat Ansible Automation Platform is the pool chosen. Identify and subscribe to the Red Hat Ansible Automation Platform entitlement pool, the following command directives are required. 

# subscription-manager list --available | grep -A8 "Red Hat Ansible Automation Platform"
---
Subscription Name:   Red Hat Ansible Automation Platform, Premium (5000 Managed Nodes)
Provides:            Red Hat Ansible Engine
                     Red Hat Single Sign-On
                     Red Hat Ansible Automation Platform
SKU:                 MCT3695
Contract:            <contract>
Pool ID:             <pool_id>
Provides Management: No
Available:           9990
Suggested:           1
Service Type:        L1-L3
Roles:
Copy to Clipboard Toggle word wrap 
# subscription-manager attach --pool <pool_id>
Successfully attached a subscription for: Red Hat Ansible Automation Platform, Premium (5000 Managed Nodes)
Copy to Clipboard Toggle word wrap 
# subscription-manager repos --enable=ansible-automation-platform-2.1-for-rhel-8-x86_64-rpms
Copy to Clipboard Toggle word wrap

3.2.2. User Accounts
Copy link

Prior to the installation of Ansible Automation Platform 2.1, it is recommended to create a non-root user with sudo privileges for the deployment process. This user is used for:

  • SSH connectivity
  • passwordless authentication during installation

For the purposes of this reference environment, the user ansible was chosen, however, any user name would suffice.

On all nodes, create a user named ansible and generate an ssh key.

  1. Create a non-root user 

    # useradd ansible
    Copy to Clipboard Toggle word wrap

  2. Set a password for your ansible user. 

    # passwd ansible
    Copy to Clipboard Toggle word wrap

  3. Generate an ssh key as the ansible user. 

    $ ssh-keygen -t rsa
    Copy to Clipboard Toggle word wrap

  4. Disable password requirements when using sudo as the ansible user 

    # echo "ansible ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/ansible
    Copy to Clipboard Toggle word wrap

3.2.3. Copying SSH keys to all nodes
Copy link

With the ansible user created, as the ansible user, copy the ssh key to all the nodes. This ensures that when the Ansible Automation Platform installation runs, it can ssh to all the nodes without a password.

This can be done using the ssh-copy-id command as follows: 

$ ssh-copy-id ansible@hostname.example.com
Copy to Clipboard Toggle word wrap
Note

If running within a cloud provider, you may need to instead create an ~/.ssh/authorized_keys file containing the public key for the ansible user on all your nodes and set the permissions to the authorized_keys file to only the owner (ansible) having read and write access (permissions 644).

3.2.4. Configuring Firewall Settings
Copy link

Firewall access and restrictions play a critical role in securing Ansible Automation Platform 2.1 environment. The use of Red Hat Enterprise Linux 8.4 defaults to using firewalld, a dynamic firewall daemon. firewalld works by assigning network zones to assign a level of trust to a network and its associated connections and interfaces.

It is recommended that firewall settings be configured to permit access to the appropriate services and ports for a success Ansible Automation Platform 2.1 installation.

On all nodes, ensure that firewalld is installed, started and enabled.

  1. Install the firewalld package 

    # dnf install firewalld --assumeyes
    Copy to Clipboard Toggle word wrap

  2. Start the firewalld service 

    # systemctl start firewalld
    Copy to Clipboard Toggle word wrap

  3. Enable the firewalld service 

    # systemctl enable firewalld
    Copy to Clipboard Toggle word wrap
Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat