Appendix A. Inventory file variables
The following tables contain information about the pre-defined variables used in Ansible installation inventory files. Not all of these variables are required.
A.1. General variables
Variable | Description |
---|---|
|
The default install registers the node to the Red Hat Insights for Red Hat Ansible Automation Platform Service if the node is registered with Subscription Manager. Set to
Default = |
|
List of nginx configurations for
Each element in the list is provided into Default = empty list |
|
Password credential for access to
Used for both
Enter your Red Hat Registry Service Account credentials in
When |
|
Used for both
Default = |
|
User credential for access to
Used for both
Enter your Red Hat Registry Service Account credentials in |
|
If
This variable is used as a host variable for particular hosts and not under the |
A.2. Ansible automation hub variables
Variable | Description |
---|---|
| Required Passwords must be enclosed in quotes when they are provided in plain text in the inventory file. |
| If upgrading from Ansible Automation Platform 2.0 or earlier, you must either:
Generating a new token invalidates the existing token. |
|
This variable is not set by default. Set it to
When this is set to
If any of these are absent, the installation will be halted. |
| If a collection signing service is enabled, collections are not signed automatically by default.
Setting this parameter to
Default = |
| Optional
Ansible automation hub provides artifacts in
You can also set
Default = |
| Optional Determines whether download count is displayed on the UI.
Default = |
|
When you run the bundle installer, validated content is uploaded to the By default, both certified and validated content are uploaded. Possible values of this variable are 'certified' or 'validated'.
If you do not want to install content, set
If you only want one type of content, set |
| If a collection signing service is enabled, you must provide this variable to ensure that collections can be properly signed.
|
| If a collection signing service is enabled, you must provide this variable to ensure that collections can be properly signed.
|
| Set this variable to true to create a collection signing service.
Default = |
| If a container signing service is enabled, you must provide this variable to ensure that containers can be properly signed.
|
| If a container signing service is enabled, you must provide this variable to ensure that containers can be properly signed.
|
| Set this variable to true to create a container signing service.
Default = |
| The default installation deploys a TLS enabled Ansible automation hub. Use this variable if you deploy automation hub with HTTP Strict Transport Security (HSTS) web-security policy enabled. This variable disables, the HSTS web-security policy mechanism.
Default = |
| Optional If Ansible automation hub is deployed with HTTPS enabled.
Default = |
|
When set to
Default = |
| A Boolean indicating whether to enable pulp analytics for the version of pulpcore used in automation hub in Ansible Automation Platform 2.4.
To enable pulp analytics, set
Default = |
| Set this variable to true to enable unauthorized users to view collections.
Default = |
| Set this variable to true to enable unauthorized users to download collections.
Default = |
| Optional Dictionary of setting to pass to galaxy-importer. At import time collections can go through a series of checks.
Behavior is driven by
Examples are This parameter enables you to drive this configuration. |
| The main automation hub URL that clients connect to. For example, https://<load balancer host>.
Use
If not specified, the first node in the |
| Required The database name.
Default = |
| Required if not using an internal database. The hostname of the remote PostgreSQL database used by automation hub.
Default = |
| The password for the automation hub PostgreSQL database.
Use of special characters for |
| Required if not using an internal database. Default = 5432. |
| Required.
Default = |
| Required
Default = |
| Optional
Value is By default when you upload collections to automation hub an administrator must approve it before they are made available to the users.
If you want to disable the content approval flow, set the variable to
Default = |
| A Boolean that defines whether or not preloading is enabled.
When you run the bundle installer, validated content is uploaded to the By default, both certified and validated content are uploaded.
If you do not want to install content, set
If you only want one type of content, set
Default = |
| Optional
|
| Optional
Same as |
| For Red Hat Ansible Automation Platform 2.2 and later, this value is no longer used.
Set value to
Default = |
| Deprecated
For Ansible Automation Platform 2.2.1 and later, the value of this has been fixed at Automation hub always updates with the latest packages. |
| List of nginx headers for Ansible automation hub’s web server. Each element in the list is provided to the web server’s nginx configuration as a separate line. Default = empty list |
| When deployed with automation hub the installer pushes execution environment images to automation hub and configures automation controller to pull images from the automation hub registry.
To make automation hub the only registry to pull execution environment images from, set this variable to
If set to
Default = |
| If upgrading from Red Hat Ansible Automation Platform 2.0 or earlier, choose one of the following options:
|
| This variable specifies how long, in seconds, the system should be considered as a HTTP Strict Transport Security (HSTS) host. That is, how long HTTPS is used exclusively for communication. Default = 63072000 seconds, or two years. |
|
Defines support for
Values available The TLSv1.1 and TLSv1.2 parameters only work when OpenSSL 1.0.1 or higher is used. The TLSv1.3 parameter only works when OpenSSL 1.1.1 or higher is used.
If
Default = |
| Relative or absolute path to the Fernet symmetric encryption key that you want to import. The path is on the Ansible management node. It is used to encrypt certain fields in the database, such as credentials. If not specified, a new key will be generated. |
| Optional Used for Ansible Automation Platform managed and externally managed Red Hat Single Sign-On. Path to the directory where theme files are located. If changing this variable, you must provide your own theme files.
Default = |
| Optional Used for Ansible Automation Platform managed and externally managed Red Hat Single Sign-On. The name of the realm in SSO.
Default = |
| Optional Used for Ansible Automation Platform managed and externally managed Red Hat Single Sign-On. Display name for the realm.
Default = |
| Optional Used for Ansible Automation Platform managed and externally managed Red Hat Single Sign-On. SSO administration username.
Default = |
| Required Used for Ansible Automation Platform managed and externally managed Red Hat Single Sign-On. SSO administration password. |
| Optional Used for Ansible Automation Platform managed Red Hat Single Sign-On only. Customer-provided keystore for SSO. |
| Required Used for Ansible Automation Platform externally managed Red Hat Single Sign-On only. Automation hub requires SSO and SSO administration credentials for authentication. If SSO is not provided in the inventory for configuration, then you must use this variable to define the SSO host. |
| Optional Used for Ansible Automation Platform managed Red Hat Single Sign-On only.
Set to
Default = |
| Optional Used for Ansible Automation Platform managed Red Hat Single Sign-On only. Name of keystore for SSO.
Default = |
| Password for keystore for HTTPS enabled SSO.
Required when using Ansible Automation Platform managed SSO and when HTTPS is enabled. The default install deploys SSO with |
| Optional Used for Ansible Automation Platform managed and externally managed Red Hat Single Sign-On.
If This must be reachable from client machines. |
| Optional Used for Ansible Automation Platform managed and externally managed Red Hat Single Sign-On.
Set to
Default = |
| Optional Used for Ansible Automation Platform managed and externally managed Red Hat Single Sign-On if Single Sign On uses HTTPS.
Default = |
For Ansible automation hub to connect to LDAP directly, you must configure the following variables: A list of additional LDAP related variables that can be passed using the ldap_extra_settings
variable, see the Django reference documentation.
Variable | Description |
---|---|
|
The name to use when binding to the LDAP server with Must be set when integrating private automation hub with LDAP, or the installation will fail. |
| Required
The password to use with Must be set when integrating private automation hub LDAP, or the installation will fail. |
| An LDAP Search object that finds all LDAP groups that users might belong to.
If your configuration makes any references to LDAP groups, you must set this variable and Must be set when integrating private automation hub with LDAP, or the installation will fail.
Default = |
| Optional Search filter for finding group membership. Variable identifies what objectClass type to use for mapping groups with automation hub and LDAP. Used for installing automation hub with LDAP.
Default = |
| Optional Scope to search for groups in an LDAP tree using the django framework for LDAP authentication. Used for installing automation hub with LDAP.
Default = |
| Describes the type of group returned by automationhub_ldap_group_search. This is set dynamically based on the the values of automationhub_ldap_group_type_params and automationhub_ldap_group_type_class, otherwise it is the default value coming from django-ldap which is 'None'
Default = |
| Optional The importable path for the django-ldap group type class. Variable identifies the group type used during group searches within the django framework for LDAP authentication. Used for installing automation hub with LDAP.
Default = |
| The URI of the LDAP server. Use any URI that is supported by your underlying LDAP libraries. Must be set when integrating private automation hub LDAP, or the installation will fail. |
| An LDAP Search object that locates a user in the directory. The filter parameter must contain the placeholder %(user)s for the username. It must return exactly one result for authentication to succeed. Must be set when integrating private automation hub with LDAP, or the installation will fail. |
| Optional
Default = |
| Optional Scope to search for users in an LDAP tree by using the django framework for LDAP authentication. Used for installing automation hub with LDAP.
Default = |
A.3. Automation controller variables
Variable | Description |
---|---|
| The admin password used to connect to the automation controller instance. Passwords must be enclosed in quotes when they are provided in plain text in the inventory file. |
| The full URL used by Event-Driven Ansible to connect to a controller host. This URL is required if there is no automation controller configured in the inventory file.
Format example: |
| The username used to identify and create the admin superuser in automation controller. |
| The email address used for the admin user for automation controller. |
| The nginx HTTP server listens for inbound connections. Default = 80 |
| The nginx HTTPS server listens for secure connections. Default = 443 |
| This variable specifies how long, in seconds, the system must be considered as a HTTP Strict Transport Security (HSTS) host. That is, how long HTTPS is used exclusively for communication. Default = 63072000 seconds, or two years. |
|
Defines support for
Values available The TLSv1.1 and TLSv1.2 parameters only work when OpenSSL 1.0.1 or higher is used. The TLSv1.3 parameter only works when OpenSSL 1.1.1 or higher is used.
If
Default = |
| List of nginx headers for the automation controller web server. Each element in the list is provided to the web server’s nginx configuration as a separate line. Default = empty list |
| Optional
The status of a node or group of nodes. Valid options are
Default = |
|
For
Two valid
A
A
Default for this group =
For
Two valid
A
A
Default for this group = |
| Optional
The
This variable is used to add
The peers variable can be a comma-separated list of hosts and groups from the inventory. This is resolved into a set of hosts that is used to construct the |
| The name of the postgreSQL database.
Default = |
| The postgreSQL host, which can be an externally managed database. |
| The password for the postgreSQL database.
Use of special characters for NOTE
You no longer have to provide a
When you supply |
| The postgreSQL port to use. Default = 5432 |
|
Choose one of the two available modes:
Set to
Default = |
| Your postgreSQL database username.
Default = |
| Location of the postgreSQL SSL certificate.
|
| Location of the postgreSQL SSL key.
|
| Location of the postgreSQL user certificate.
|
| Location of the postgreSQL user key.
|
| Use this variable if postgreSQL uses SSL. |
| Maximum database connections setting to apply if you are using installer-managed postgreSQL. See PostgreSQL database configuration in the automation controller administration guide for help selecting a value. Default for VM-based installations = 200 for a single node and 1024 for a cluster. |
| Port to use for receptor connection. Default = 27199 |
|
When specified, it adds
See program:x Section Values for more information about No default value exists. |
| Optional
Same as |
| Optional
Same as |
A.4. Ansible variables
The following variables control how Ansible Automation Platform interacts with remote hosts.
For more information about variables specific to certain plugins, see the documentation for Ansible.Builtin.
For a list of global configuration options, see Ansible Configuration Settings.
Variable | Description |
---|---|
| The connection plugin used for the task on the target host.
This can be the name of any of Ansible connection plugin. SSH protocol types are
Default = |
|
The ip or name of the target host to use instead of |
| The connection port number. Default: 22 for ssh |
| The user name to use when connecting to the host. |
| The password to authenticate to the host. Never store this variable in plain text. Always use a vault. |
| Private key file used by SSH. Useful if using multiple keys and you do not want to use an SSH agent. |
|
This setting is always appended to the default command line for |
|
This setting is always appended to the default |
|
This setting is always appended to the default |
|
This setting is always appended to the default |
|
Determines if SSH pipelining is used. This can override the pipelining setting in |
| Added in version 2.2.
This setting overrides the default behavior to use the system SSH. This can override the ssh_executable setting in |
|
The shell type of the target system. Do not use this setting unless you have set the |
|
This sets the shell that the Ansible controller uses on the target machine, and overrides the executable in
Do not change this variable unless |
| This variable takes the hostname of the machine from the inventory script or the Ansible configuration file. You cannot set the value of this variable. Because the value is taken from the configuration file, the actual runtime hostname value can vary from what is returned by this variable. |
A.5. Event-Driven Ansible controller variables
Variable | Description |
---|---|
| The admin password used by the Event-Driven Ansible controller instance. Passwords must be enclosed in quotes when they are provided in plain text in the inventory file. |
| Username used by django to identify and create the admin superuser in Event-Driven Ansible controller.
Default = |
| Email address used by django for the admin user for Event-Driven Ansible controller.
Default = |
| List of additional addresses to enable for user access to Event-Driven Ansible controller. Default = empty list |
|
Boolean flag used to verify automation controller’s web certificates when making calls from Event-Driven Ansible controller. Verified is
Default = |
| Boolean flag to disable HTTPS Event-Driven Ansible controller.
Default = |
| Boolean flag to disable HSTS Event-Driven Ansible controller.
Default = |
| Number of workers for the API served through gunicorn. Default = (# of cores or threads) * 2 + 1 |
| The number of maximum activations running concurrently per node. This is an integer that must be greater than 0. Default = 12 |
| Boolean flag to specify whether cert sources are on the remote host (true) or local (false).
Default = |
| The Postgres database used by Event-Driven Ansible controller.
Default = |
| The hostname of the Postgres database used by Event-Driven Ansible controller, which can be an externally managed database. |
| The password for the Postgres database used by Event-Driven Ansible controller.
Use of special characters for |
| The port number of the Postgres database used by Event-Driven Ansible controller.
Default = |
| The username for your Event-Driven Ansible controller Postgres database.
Default = |
| Number of Redis Queue (RQ) workers used by Event-Driven Ansible controller. RQ workers are Python processes that run in the background. Default = (# of cores or threads) * 2 + 1 |
| Optional
Same as |
| Optional
Same as |
| List of additional nginx headers to add to Event-Driven Ansible controller’s nginx configuration. Default = empty list |