Red Hat SummitChapter 2. Installing a high availability automation hub
Configure the Ansible Automation Platform installer to install automation hub in a highly available (HA) configuration. Install HA automation hub on SELinux by creating mount points and adding the appropriate SELinux contexts to your Ansible Automation Platform environment.
2.1. Highly available automation hub installation
Install a highly available automation hub by making the following changes to the inventory file in the Ansible Automation Platform installer, then running the ./setup.sh script:
Specify database host IP
Specify the IP address for your database host, using the automation_pg_host and automation_pg_port fields. For example:
automationhub_pg_host='192.0.2.10' automationhub_pg_port='5432'
automationhub_pg_host='192.0.2.10'
automationhub_pg_port='5432'
also specify the IP address for your database host in the [database] section, using the value in the automationhub_pg_port field:
[database] 192.0.2.10
[database]
192.0.2.10List all instances in a clustered setup
If installing a clustered setup, replace localhost ansible_connection=local in the [automationhub] section with the hostname or IP of all instances. For example:
[automationhub] automationhub1.testing.ansible.com ansible_user=cloud-user ansible_host=192.0.2.18 automationhub2.testing.ansible.com ansible_user=cloud-user ansible_host=192.0.2.20 automationhub3.testing.ansible.com ansible_user=cloud-user ansible_host=192.0.2.22
[automationhub]
automationhub1.testing.ansible.com ansible_user=cloud-user ansible_host=192.0.2.18
automationhub2.testing.ansible.com ansible_user=cloud-user ansible_host=192.0.2.20
automationhub3.testing.ansible.com ansible_user=cloud-user ansible_host=192.0.2.22Red Hat Single Sign-On requirements
If you are implementing Red Hat Single Sign-On on your automation hub environment, specify the main automation hub URL that clients will connect to, using the automationhub_main_url field. For example:
automationhub_main_url = 'https://automationhub.ansible.com'
automationhub_main_url = 'https://automationhub.ansible.com'
If automationhub_main_url is not specified, the first node in the [automationhub] group will be used as default.
2.2. Install a high availability (HA) deployment of automation hub on SELinux
To set up a high availability (HA) deployment of automation hub on SELinux, create two mount points for /var/lib/pulp and /var/lib/pulp/pulpcore_static, then assign the appropriate SELinux contexts to each. You must add the context for /var/lib/pulp/pulpcore_static and run the Ansible Automation Platform installer before adding the context for /var/lib/pulp.
Prerequisites
- You have already configured a NFS export on your server.
Pre-installation procedure
Create a mount point at
/var/lib/pulp:mkdir /var/lib/pulp/
$ mkdir /var/lib/pulp/Copy to Clipboard Copied! Toggle word wrap Toggle overflow Open
/etc/fstabusing a text editor, then add the following values:srv_rhel8:/data /var/lib/pulp nfs defaults,_netdev,nosharecache 0 0 srv_rhel8:/data/pulpcore_static /var/lib/pulp/pulpcore_static nfs defaults,_netdev,nosharecache,context="system_u:object_r:httpd_sys_content_rw_t:s0" 0 0
srv_rhel8:/data /var/lib/pulp nfs defaults,_netdev,nosharecache 0 0 srv_rhel8:/data/pulpcore_static /var/lib/pulp/pulpcore_static nfs defaults,_netdev,nosharecache,context="system_u:object_r:httpd_sys_content_rw_t:s0" 0 0Copy to Clipboard Copied! Toggle word wrap Toggle overflow Run the mount command for
/var/lib/pulp:mount /var/lib/pulp
$ mount /var/lib/pulpCopy to Clipboard Copied! Toggle word wrap Toggle overflow Create a mount point at
/var/lib/pulp/pulpcore_static:mkdir /var/lib/pulp/pulpcore_static
$ mkdir /var/lib/pulp/pulpcore_staticCopy to Clipboard Copied! Toggle word wrap Toggle overflow Run the mount command:
mount -a
$ mount -aCopy to Clipboard Copied! Toggle word wrap Toggle overflow With the mount points set up, run the Ansible Automation Platform installer:
setup.sh -- -b --become-user root
$ setup.sh -- -b --become-user rootCopy to Clipboard Copied! Toggle word wrap Toggle overflow
Once the installation is complete, unmount the /var/lib/pulp/ mount point then apply the appropriate SELinux context:
Post-installation procedure
Shut down the Pulp service:
systemctl stop pulpcore.service
$ systemctl stop pulpcore.serviceCopy to Clipboard Copied! Toggle word wrap Toggle overflow Unmount
/var/lib/pulp/pulpcore_static:umount /var/lib/pulp/pulpcore_static
$ umount /var/lib/pulp/pulpcore_staticCopy to Clipboard Copied! Toggle word wrap Toggle overflow Unmount
/var/lib/pulp/:umount /var/lib/pulp/
$ umount /var/lib/pulp/Copy to Clipboard Copied! Toggle word wrap Toggle overflow Open
/etc/fstabusing a text editor, then replace the existing value for/var/lib/pulpwith the following:srv_rhel8:/data /var/lib/pulp nfs defaults,_netdev,nosharecache,context="system_u:object_r:pulpcore_var_lib_t:s0" 0 0
srv_rhel8:/data /var/lib/pulp nfs defaults,_netdev,nosharecache,context="system_u:object_r:pulpcore_var_lib_t:s0" 0 0Copy to Clipboard Copied! Toggle word wrap Toggle overflow Run the mount command:
mount -a
$ mount -aCopy to Clipboard Copied! Toggle word wrap Toggle overflow
Configure pulpcore.service:
With the two mount points set up, shut down the Pulp service to configure
pulpcore.service:systemctl stop pulpcore.service
$ systemctl stop pulpcore.serviceCopy to Clipboard Copied! Toggle word wrap Toggle overflow Edit
pulpcore.serviceusingsystemctl:systemctl edit pulpcore.service
$ systemctl edit pulpcore.serviceCopy to Clipboard Copied! Toggle word wrap Toggle overflow Add the following entry to
pulpcore.serviceto ensure that automation hub services starts only after starting the network and mounting the remote mount points:[Unit] After=network.target var-lib-pulp.mount
[Unit] After=network.target var-lib-pulp.mountCopy to Clipboard Copied! Toggle word wrap Toggle overflow Enable
remote-fs.target:systemctl enable remote-fs.target
$ systemctl enable remote-fs.targetCopy to Clipboard Copied! Toggle word wrap Toggle overflow Reboot the system:
systemctl reboot
$ systemctl rebootCopy to Clipboard Copied! Toggle word wrap Toggle overflow
Troubleshooting
A bug in the pulpcore SELinux policies can cause the token authentication public/private keys in etc/pulp/certs/ to not have the proper SELinux labels, causing the pulp process to fail. When this occurs, run the following command to temporarily attach the proper labels:
chcon system_u:object_r:pulpcore_etc_t:s0 /etc/pulp/certs/token_{private,public}_key.pem
$ chcon system_u:object_r:pulpcore_etc_t:s0 /etc/pulp/certs/token_{private,public}_key.pemYou must repeat this command to reattach the proper SELinux labels whenever you relabel your system.
Additional Resources
- See the SELinux Requirements on the Pulp Project documentation for a list of SELinux contexts.
- See the Filesystem Layout information for a full description of Pulp folders.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}