Tested deployment models
Plan your deployment of Ansible Automation Platform
Abstract
Providing feedback on Red Hat documentation
If you have a suggestion to improve this documentation, or find an error, you can contact technical support at https://access.redhat.com to open a request.
Chapter 1. Overview of tested deployment models
Red Hat tests Ansible Automation Platform 2.5 with a defined set of topologies to give you opinionated deployment options. Deploy all components of Ansible Automation Platform so that all features and capabilities are available for use without the need to take further action.
Red Hat tests the installation of Ansible Automation Platform 2.5 based on a defined set of infrastructure topologies or reference architectures. Enterprise organizations can use one of the enterprise topologies for production deployments to ensure the highest level of uptime, performance, and continued scalability. Organizations or deployments that are resource constrained can use a "growth" topology.
It is possible to install the Ansible Automation Platform on different infrastructure topologies and with different environment configurations. Red Hat does not fully test topologies outside of published reference architectures. Use a tested topology for all new deployments.
1.1. Installation and deployment models
The following table outlines the different ways to install or deploy Ansible Automation Platform:
Mode | Infrastructure | Description | Tested topologies |
---|---|---|---|
RPM | Virtual machines and bare metal | The RPM installer deploys Ansible Automation Platform on Red Hat Enterprise Linux by using RPMs to install the platform on host machines. Customers manage the product and infrastructure lifecycle. | |
Containers | Virtual machines and bare metal | The containerized installer deploys Ansible Automation Platform on Red Hat Enterprise Linux by using Podman which runs the platform in containers on host machines. Customers manage the product and infrastructure lifecycle. | |
Operator | Red Hat OpenShift | The Operator uses Red Hat OpenShift Operators to deploy Ansible Automation Platform within Red Hat OpenShift. Customers manage the product and infrastructure lifecycle. |
Chapter 2. RPM topologies
The RPM installer deploys Ansible Automation Platform on Red Hat Enterprise Linux by using RPMs to install the platform on host machines. Customers manage the product and infrastructure lifecycle.
2.1. RPM growth topology
The growth topology is intended for organizations that are getting started with Ansible Automation Platform and do not require redundancy or higher compute for large volumes of automation. This topology allows for smaller footprint deployments.
2.1.1. Infrastructure topology
The following diagram outlines the infrastructure topology that Red Hat has tested with this deployment model that customers can use when self-managing Ansible Automation Platform:
Figure 2.1. Infrastructure topology diagram
Each virtual machine (VM) has been tested with the following component requirements: 16 GB RAM, 4 CPUs, 60 GB local disk, and 3000 IOPS.
VM count | Purpose | Example VM group names |
---|---|---|
1 | Platform gateway with colocated Redis |
|
1 | Automation controller |
|
1 | Private automation hub |
|
1 | Event-Driven Ansible |
|
1 | Automation mesh execution node |
|
1 | Database |
|
2.1.2. Tested system configurations
Red Hat has tested the following configurations to install and run Red Hat Ansible Automation Platform:
Type | Description |
---|---|
Subscription | Valid Red Hat Ansible Automation Platform subscription |
Operating system | Red Hat Enterprise Linux 9.2 or later x86_64 and AArch64 |
Ansible-core | Ansible-core version 2.16 or later |
Browser | A currently supported version of Mozilla Firefox or Google Chrome |
Database | PostgreSQL 15 |
2.1.3. Network ports
Red Hat Ansible Automation Platform uses several ports to communicate with its services. These ports must be open and available for incoming connections to the Red Hat Ansible Automation Platform server for it to work. Ensure that these ports are available and are not blocked by the server firewall.
Port number | Protocol | Service | Source | Destination |
---|---|---|---|---|
80/443 | TCP | HTTP/HTTPS | Event-Driven Ansible | Automation hub |
80/443 | TCP | HTTP/HTTPS | Event-Driven Ansible | Automation controller |
80/443 | TCP | HTTP/HTTPS | Automation controller | Automation hub |
443 | TCP | HTTPS | Platform gateway | Automation controller |
443 | TCP | HTTPS | Platform gateway | Automation hub |
443 | TCP | HTTPS | Platform gateway | Event-Driven Ansible |
5432 | TCP | PostgreSQL | Event-Driven Ansible | Database |
5432 | TCP | PostgreSQL | Platform gateway | Database |
5432 | TCP | PostgreSQL | Automation hub | Database |
5432 | TCP | PostgreSQL | Automation controller | Database |
27199 | TCP | Receptor | Automation controller | Execution node |
6379 | TCP | Redis | Event-Driven Ansible | Redis node |
6379 | TCP | Redis | Platform gateway | Redis node |
8443 | TCP | HTTPS | Platform gateway | Platform gateway |
50051 | TCP | gRPC | Platform gateway | Platform gateway |
2.1.4. Example growth inventory file
Use the example inventory file to perform an installation for this topology:
# This is the growth installer inventory file # Please consult the docs if you are unsure what to add # For all optional variables please consult the Red Hat documentation: # https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/rpm_installation # This section is for your platform gateway hosts # ----------------------------------------------------- [automationgateway] gateway.example.org # This section is for your automation controller hosts # ----------------------------------------------------- [automationcontroller] controller.example.org [automationcontroller:vars] peers=execution_nodes # This section is for your Ansible Automation Platform execution hosts # ----------------------------------------------------- [execution_nodes] exec.example.org # This section is for your automation hub hosts # ----------------------------------------------------- [automationhub] hub.example.org # This section is for your Event-Driven Ansible controller hosts # ----------------------------------------------------- [automationedacontroller] eda.example.org # This section is for the Ansible Automation Platform database # ----------------------------------------------------- [database] db.example.org [all:vars] # Common variables # https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/rpm_installation/appendix-inventory-files-vars#ref-general-inventory-variables # ----------------------------------------------------- registry_username=<your RHN username> registry_password=<your RHN password> redis_mode=standalone # Platform gateway # https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/rpm_installation/appendix-inventory-files-vars#ref-gateway-variables # ----------------------------------------------------- automationgateway_admin_password=<set your own> automationgateway_pg_host=db.example.org automationgateway_pg_password=<set your own> # Automation controller # https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/rpm_installation/appendix-inventory-files-vars#ref-controller-variables # ----------------------------------------------------- admin_password=<set your own> pg_host=db.example.org pg_password=<set your own> # Automation hub # https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/rpm_installation/appendix-inventory-files-vars#ref-hub-variables # ----------------------------------------------------- automationhub_admin_password=<set your own> automationhub_pg_host=db.example.org automationhub_pg_password=<set your own> # Event-Driven Ansible controller # https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/rpm_installation/appendix-inventory-files-vars#event-driven-ansible-controller # ----------------------------------------------------- automationedacontroller_admin_password=<set your own> automationedacontroller_pg_host=db.example.org automationedacontroller_pg_password=<set your own>
2.2. RPM mixed growth topology
The growth topology is intended for organizations that are getting started with Ansible Automation Platform and do not require redundancy or higher compute for large volumes of automation. This topology allows for smaller footprint deployments. The mixed topology has different versions of Ansible Automation Platform intended for configuring a new installation of Event-Driven Ansible controller 1.1 with automation controller 4.4 or 4.5.
2.2.1. Infrastructure topology
The following diagram outlines the infrastructure topology that Red Hat has tested with this deployment model that customers can use when self-managing Ansible Automation Platform:
Figure 2.2. Infrastructure topology diagram
Each virtual machine (VM) has been tested with the following component requirements: 16 GB RAM, 4 CPUs, 60 GB local disk, and 3000 IOPS.
VM count | Purpose | Ansible Automation Platform version | Example VM group names |
---|---|---|---|
1 | Platform gateway with colocated Redis | 2.5 |
|
1 | Automation controller | 2.4 |
|
1 | Private automation hub | 2.4 |
|
1 | Event-Driven Ansible | 2.5 |
|
1 | Automation mesh execution node | 2.4 |
|
1 | Database | 2.4 |
|
2.2.2. Tested system configurations
Red Hat has tested the following configurations to install and run Red Hat Ansible Automation Platform:
Type | Description |
---|---|
Subscription | Valid Red Hat Ansible Automation Platform subscription |
Operating system | Red Hat Enterprise Linux 9.2 or later x86_64 and AArch64 |
Ansible-core | Ansible-core version 2.16 or later |
Browser | A currently supported version of Mozilla Firefox or Google Chrome |
Database | PostgreSQL 15 |
2.2.3. Network ports
Red Hat Ansible Automation Platform uses several ports to communicate with its services. These ports must be open and available for incoming connections to the Red Hat Ansible Automation Platform server for it to work. Ensure that these ports are available and are not blocked by the server firewall.
Port number | Protocol | Service | Source | Destination |
---|---|---|---|---|
80/443 | TCP | HTTP/HTTPS | Event-Driven Ansible | Automation hub |
80/443 | TCP | HTTP/HTTPS | Event-Driven Ansible | Automation controller |
80/443 | TCP | HTTP/HTTPS | Automation controller | Automation hub |
443 | TCP | HTTPS | Platform gateway | Automation controller |
443 | TCP | HTTPS | Platform gateway | Automation hub |
443 | TCP | HTTPS | Platform gateway | Event-Driven Ansible |
5432 | TCP | PostgreSQL | Event-Driven Ansible | Database |
5432 | TCP | PostgreSQL | Platform gateway | Database |
5432 | TCP | PostgreSQL | Automation hub | Database |
5432 | TCP | PostgreSQL | Automation controller | Database |
27199 | TCP | Receptor | Automation controller | Execution node |
6379 | TCP | Redis | Event-Driven Ansible | Redis node |
6379 | TCP | Redis | Platform gateway | Redis node |
8443 | TCP | HTTPS | Platform gateway | Platform gateway |
50051 | TCP | gRPC | Platform gateway | Platform gateway |
2.2.4. Example mixed growth inventory file
Use the example inventory file to perform an installation for this topology:
# This is the mixed growth installer inventory file # Please consult the docs if you are unsure what to add # For all optional variables please consult the Red Hat documentation: # https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/rpm_installation # This section is for your platform gateway hosts # ----------------------------------------------------- [automationgateway] gateway.example.org # This section is for your Event-Driven Ansible controller hosts # ----------------------------------------------------- [automationedacontroller] eda.example.org [all:vars] # Common variables # https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/rpm_installation/appendix-inventory-files-vars#ref-general-inventory-variables # ----------------------------------------------------- registry_username=<your RHN username> registry_password=<your RHN password> redis_mode=standalone # Platform gateway # https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/rpm_installation/appendix-inventory-files-vars#ref-gateway-variables # ----------------------------------------------------- automationgateway_admin_password=<set your own> automationgateway_pg_host=db.example.org automationgateway_pg_password=<set your own> # Event-Driven Ansible controller # https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/rpm_installation/appendix-inventory-files-vars#event-driven-ansible-controller # ----------------------------------------------------- automationedacontroller_admin_password=<set your own> automationedacontroller_pg_host=db.example.org automationedacontroller_pg_password=<set your own>
2.3. RPM enterprise topology
The enterprise topology is intended for organizations that require Ansible Automation Platform to be deployed with redundancy or higher compute for large volumes of automation.
2.3.1. Infrastructure topology
The following diagram outlines the infrastructure topology that Red Hat has tested with this deployment model that customers can use when self-managing Ansible Automation Platform:
Figure 2.3. Infrastructure topology diagram
Each virtual machine (VM) has been tested with the following component requirements: 16 GB RAM, 4 CPUs, 60 GB local disk, and 3000 IOPS.
VM count | Purpose | Example VM group names |
---|---|---|
2 | Platform gateway with colocated Redis |
|
2 | Automation controller |
|
2 | Private automation hub with colocated Redis |
|
2 | Event-Driven Ansible with colocated Redis |
|
1 | Automation mesh hop node |
|
2 | Automation mesh execution node |
|
1 | Externally managed database service | N/A |
1 | HAProxy load balancer in front of platform gateway (externally managed) | N/A |
6 VMs are required for a Redis high availability (HA) compatible deployment. Redis can be colocated on each Ansible Automation Platform component VM except for automation controller, execution nodes, or the PostgreSQL database.
2.3.2. Tested system configurations
Red Hat has tested the following configurations to install and run Red Hat Ansible Automation Platform:
Type | Description |
---|---|
Subscription | Valid Red Hat Ansible Automation Platform subscription |
Operating system | Red Hat Enterprise Linux 9.2 or later x86_64 and AArch64 |
Ansible-core | Ansible-core version 2.16 or later |
Browser | A currently supported version of Mozilla Firefox or Google Chrome |
Database | PostgreSQL 15 |
2.3.3. Network ports
Red Hat Ansible Automation Platform uses several ports to communicate with its services. These ports must be open and available for incoming connections to the Red Hat Ansible Automation Platform server for it to work. Ensure that these ports are available and are not blocked by the server firewall.
Port number | Protocol | Service | Source | Destination |
---|---|---|---|---|
80/443 | TCP | HTTP/HTTPS | Event-Driven Ansible | Automation hub |
80/443 | TCP | HTTP/HTTPS | Event-Driven Ansible | Automation controller |
80/443 | TCP | HTTP/HTTPS | Automation controller | Automation hub |
443 | TCP | HTTPS | HAProxy load balancer | Platform gateway |
443 | TCP | HTTPS | Platform gateway | Automation controller |
443 | TCP | HTTPS | Platform gateway | Automation hub |
443 | TCP | HTTPS | Platform gateway | Event-Driven Ansible |
5432 | TCP | PostgreSQL | Event-Driven Ansible | External database |
5432 | TCP | PostgreSQL | Platform gateway | External database |
5432 | TCP | PostgreSQL | Automation hub | External database |
5432 | TCP | PostgreSQL | Automation controller | External database |
27199 | TCP | Receptor | Automation controller | Hop node and execution node |
27199 | TCP | Receptor | Hop node | Execution node |
6379 | TCP | Redis | Event-Driven Ansible | Redis node |
6379 | TCP | Redis | Platform gateway | Redis node |
16379 | TCP | Redis | Redis node | Redis node |
8443 | TCP | HTTPS | Platform gateway | Platform gateway |
50051 | TCP | gRPC | Platform gateway | Platform gateway |
2.3.4. Example enterprise inventory file
Use the example inventory file to perform an installation for this topology:
# This is the enterprise installer inventory file # Please consult the docs if you are unsure what to add # For all optional variables please consult the Red Hat documentation: # https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/rpm_installation # This section is for your platform gateway hosts # ----------------------------------------------------- [automationgateway] gateway1.example.org gateway2.example.org # This section is for your automation controller hosts # ----------------------------------------------------- [automationcontroller] controller1.example.org controller2.example.org [automationcontroller:vars] peers=execution_nodes # This section is for your Ansible Automation Platform execution hosts # ----------------------------------------------------- [execution_nodes] hop1.example.org node_type='hop' exec1.example.org exec2.example.org # This section is for your automation hub hosts # ----------------------------------------------------- [automationhub] hub1.example.org hub2.example.org # This section is for your Event-Driven Ansible controller hosts # ----------------------------------------------------- [automationedacontroller] eda1.example.org eda2.example.org [redis] gateway1.example.org gateway2.example.org hub1.example.org hub2.example.org eda1.example.org eda2.example.org [all:vars] # Common variables # https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/rpm_installation/appendix-inventory-files-vars#ref-general-inventory-variables # ----------------------------------------------------- registry_username=<your RHN username> registry_password=<your RHN password> # Platform gateway # https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/rpm_installation/appendix-inventory-files-vars#ref-gateway-variables # ----------------------------------------------------- automationgateway_admin_password=<set your own> automationgateway_pg_host=<set your own> automationgateway_pg_database=<set your own> automationgateway_pg_username=<set your own> automationgateway_pg_password=<set your own> # Automation controller # https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/rpm_installation/appendix-inventory-files-vars#ref-controller-variables # ----------------------------------------------------- admin_password=<set your own> pg_host=<set your own> pg_database=<set your own> pg_username=<set your own> pg_password=<set your own> # Automation hub # https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/rpm_installation/appendix-inventory-files-vars#ref-hub-variables # ----------------------------------------------------- automationhub_admin_password=<set your own> automationhub_pg_host=<set your own> automationhub_pg_database=<set your own> automationhub_pg_username=<set your own> automationhub_pg_password=<set your own> # Event-Driven Ansible controller # https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/rpm_installation/appendix-inventory-files-vars#event-driven-ansible-controller # ----------------------------------------------------- automationedacontroller_admin_password=<set your own> automationedacontroller_pg_host=<set your own> automationedacontroller_pg_database=<set your own> automationedacontroller_pg_username=<set your own> automationedacontroller_pg_password=<set your own>
2.4. RPM mixed enterprise topology
The enterprise topology is intended for organizations that require Ansible Automation Platform to be deployed with redundancy or higher compute for large volumes of automation. The mixed topology has different versions of Ansible Automation Platform intended for configuring a new installation of Event-Driven Ansible controller 1.1 with automation controller 4.4 or 4.5.
2.4.1. Infrastructure topology
The following diagram outlines the infrastructure topology that Red Hat has tested with this deployment model that customers can use when self-managing Ansible Automation Platform:
Figure 2.4. Infrastructure topology diagram
Each VM has been tested with the following component requirements: 16 GB RAM, 4 CPUs, 60 GB local disk, and 3000 IOPS.
VM count | Purpose | Ansible Automation Platform version | Example VM group names |
---|---|---|---|
3 | Platform gateway with colocated Redis | 2.5 |
|
2 | Automation controller | 2.4 |
|
2 | Private automation hub | 2.4 |
|
3 | Event-Driven Ansible with colocated Redis | 2.5 |
|
1 | Automation mesh hop node | 2.4 |
|
2 | Automation mesh execution node | 2.4 |
|
1 | Externally managed database service | N/A | N/A |
1 | HAProxy load balancer in front of platform gateway (externally managed) | N/A | N/A |
6 VMs are required for a Redis high availability (HA) compatible deployment. Redis can be colocated on each Ansible Automation Platform 2.5 component VM except for automation controller, execution nodes, or the PostgreSQL database.
2.4.2. Tested system configurations
Red Hat has tested the following configurations to install and run Red Hat Ansible Automation Platform:
Type | Description |
---|---|
Subscription | Valid Red Hat Ansible Automation Platform subscription |
Operating system | Red Hat Enterprise Linux 9.2 or later x86_64 and AArch64 |
Ansible-core | Ansible-core version 2.16 or later |
Browser | A currently supported version of Mozilla Firefox or Google Chrome |
Database | PostgreSQL 15 |
2.4.3. Network ports
Red Hat Ansible Automation Platform uses several ports to communicate with its services. These ports must be open and available for incoming connections to the Red Hat Ansible Automation Platform server for it to work. Ensure that these ports are available and are not blocked by the server firewall.
Port number | Protocol | Service | Source | Destination |
---|---|---|---|---|
80/443 | TCP | HTTP/HTTPS | Event-Driven Ansible | Automation hub |
80/443 | TCP | HTTP/HTTPS | Event-Driven Ansible | Automation controller |
80/443 | TCP | HTTP/HTTPS | Automation controller | Automation hub |
443 | TCP | HTTPS | HAProxy load balancer | Platform gateway |
443 | TCP | HTTPS | Platform gateway | Automation controller |
443 | TCP | HTTPS | Platform gateway | Automation hub |
443 | TCP | HTTPS | Platform gateway | Event-Driven Ansible |
5432 | TCP | PostgreSQL | Event-Driven Ansible | External database |
5432 | TCP | PostgreSQL | Platform gateway | External database |
5432 | TCP | PostgreSQL | Automation hub | External database |
5432 | TCP | PostgreSQL | Automation controller | External database |
27199 | TCP | Receptor | Automation controller | Hop node and execution node |
27199 | TCP | Receptor | Hop node | Execution node |
6379 | TCP | Redis | Event-Driven Ansible | Redis node |
6379 | TCP | Redis | Platform gateway | Redis node |
16379 | TCP | Redis | Redis node | Redis node |
8443 | TCP | HTTPS | Platform gateway | Platform gateway |
50051 | TCP | gRPC | Platform gateway | Platform gateway |
2.4.4. Example mixed enterprise inventory file
Use the example inventory file to perform an installation for this topology:
# This is the mixed enterprise installer inventory file # Please consult the docs if you are unsure what to add # For all optional variables please consult the Red Hat documentation: # https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/rpm_installation # This section is for your platform gateway hosts # ----------------------------------------------------- [automationgateway] gateway1.example.org gateway2.example.org gateway3.example.org # This section is for your Event-Driven Ansible controller hosts # ----------------------------------------------------- [automationedacontroller] eda1.example.org eda2.example.org eda3.example.org [redis] gateway1.example.org gateway2.example.org gateway3.example.org eda1.example.org eda2.example.org eda3.example.org [all:vars] # Common variables # https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/rpm_installation/appendix-inventory-files-vars#ref-general-inventory-variables # ----------------------------------------------------- registry_username=<your RHN username> registry_password=<your RHN password> # Platform gateway # https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/rpm_installation/appendix-inventory-files-vars#ref-gateway-variables # ----------------------------------------------------- automationgateway_admin_password=<set your own> automationgateway_pg_host=<set your own> automationgateway_pg_database=<set your own> automationgateway_pg_username=<set your own> automationgateway_pg_password=<set your own> # Event-Driven Ansible controller # https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/rpm_installation/appendix-inventory-files-vars#event-driven-ansible-controller # ----------------------------------------------------- automationedacontroller_admin_password=<set your own> automationedacontroller_pg_host=<set your own> automationedacontroller_pg_database=<set your own> automationedacontroller_pg_username=<set your own> automationedacontroller_pg_password=<set your own>
Chapter 3. Container topologies
The containerized installer deploys Ansible Automation Platform on Red Hat Enterprise Linux by using Podman which runs the platform in containers on host machines. Customers manage the product and infrastructure lifecycle.
3.1. Container growth topology
The growth topology is intended for organizations that are getting started with Ansible Automation Platform and do not require redundancy or higher compute for large volumes of automation. This topology allows for smaller footprint deployments.
3.1.1. Infrastructure topology
The following diagram outlines the infrastructure topology that Red Hat has tested with this deployment model that customers can use when self-managing Ansible Automation Platform:
Figure 3.1. Infrastructure topology diagram
A single VM has been tested with the following component requirements: 16 GB RAM, 4 CPUs, 60 GB local disk, and 3000 IOPS. Resources, such as storage, can be increased based on the needs of the deployment.
Purpose | Example group names |
---|---|
All Ansible Automation Platform components |
|
3.1.2. Tested system configurations
Red Hat has tested the following configurations to install and run Red Hat Ansible Automation Platform:
Type | Description |
---|---|
Subscription |
|
Operating system | Red Hat Enterprise Linux 9.2 or later |
CPU architecture | x86_64, AArch64, s390x (IBM Z) |
Ansible-core | Ansible-core version 2.16 or later |
Browser | A currently supported version of Mozilla Firefox or Google Chrome |
Database | PostgreSQL 15 |
3.1.3. Network ports
Red Hat Ansible Automation Platform uses several ports to communicate with its services. These ports must be open and available for incoming connections to the Red Hat Ansible Automation Platform server for it to work. Ensure that these ports are available and are not blocked by the server firewall.
Port number | Protocol | Service | Source | Destination |
---|---|---|---|---|
80/443 | TCP | HTTP/HTTPS | Event-Driven Ansible | Automation hub |
80/443 | TCP | HTTP/HTTPS | Event-Driven Ansible | Automation controller |
80/443 | TCP | HTTP/HTTPS | Automation controller | Automation hub |
443 | TCP | HTTPS | Platform gateway | Automation controller |
443 | TCP | HTTPS | Platform gateway | Automation hub |
443 | TCP | HTTPS | Platform gateway | Event-Driven Ansible |
5432 | TCP | PostgreSQL | Event-Driven Ansible | External database |
5432 | TCP | PostgreSQL | Platform gateway | External database |
5432 | TCP | PostgreSQL | Automation hub | External database |
5432 | TCP | PostgreSQL | Automation controller | External database |
27199 | TCP | Receptor | Automation controller | Execution container |
6379 | TCP | Redis | Event-Driven Ansible | Redis container |
6379 | TCP | Redis | Platform gateway | Redis container |
8433 | TCP | HTTPS | Platform gateway | Platform gateway |
50051 | TCP | gRPC | Platform gateway | Platform gateway |
3.1.4. Example growth inventory file
Use the example inventory file to perform an installation for this topology:
# This is the growth installer inventory file # Please consult the docs if you are unsure what to add # For all optional variables please consult the included README.md # or the Red Hat documentation: # https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/containerized_installation # This section is for your platform gateway hosts # ----------------------------------------------------- [automationgateway] aap.example.org # This section is for your automation controller hosts # ------------------------------------------------- [automationcontroller] aap.example.org # This section is for your automation hub hosts # ----------------------------------------------------- [automationhub] aap.example.org # This section is for your Event-Driven Ansible controller hosts # ----------------------------------------------------- [automationeda] aap.example.org # This section is for the Ansible Automation Platform database # -------------------------------------- [database] aap.example.org [all:vars] # Ansible ansible_connection=local # Common variables # https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/containerized_installation/appendix-inventory-files-vars#ref-general-inventory-variables # ----------------------------------------------------- postgresql_admin_username=postgres postgresql_admin_password=<set your own> registry_username=<your RHN username> registry_password=<your RHN password> redis_mode=standalone # Platform gateway # https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/containerized_installation/appendix-inventory-files-vars#ref-gateway-variables # ----------------------------------------------------- gateway_admin_password=<set your own> gateway_pg_host=aap.example.org gateway_pg_password=<set your own> # Automation controller # https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/containerized_installation/appendix-inventory-files-vars#ref-controller-variables # ----------------------------------------------------- controller_admin_password=<set your own> controller_pg_host=aap.example.org controller_pg_password=<set your own> # Automation hub # https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/containerized_installation/appendix-inventory-files-vars#ref-hub-variables # ----------------------------------------------------- hub_admin_password=<set your own> hub_pg_host=aap.example.org hub_pg_password=<set your own> # Event-Driven Ansible controller # https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/containerized_installation/appendix-inventory-files-vars#event-driven-ansible-controller # ----------------------------------------------------- eda_admin_password=<set your own> eda_pg_host=aap.example.org eda_pg_password=<set your own>
SSH keys are only required when installing on remote hosts. If doing a self contained local VM based installation, you can use ansible_connection=local
.
3.2. Container enterprise topology
The enterprise topology is intended for organizations that require Ansible Automation Platform to be deployed with redundancy or higher compute for large volumes of automation.
3.2.1. Infrastructure topology
The following diagram outlines the infrastructure topology that Red Hat has tested with this deployment model that customers can use when self-managing Ansible Automation Platform:
Figure 3.2. Infrastructure topology diagram
Each VM has been tested with the following component requirements: 16 GB RAM, 4 CPUs, 60 GB local disk, and 3000 IOPS.
VM count | Purpose | Example VM group names |
---|---|---|
2 | Platform gateway with colocated Redis |
|
2 | Automation controller |
|
2 | Private automation hub with colocated Redis |
|
2 | Event-Driven Ansible with colocated Redis |
|
1 | Automation mesh hop node |
|
2 | Automation mesh execution node |
|
1 | Externally managed database service | N/A |
1 | HAProxy load balancer in front of platform gateway (externally managed) | N/A |
6 VMs are required for a Redis high availability (HA) compatible deployment. Redis can be colocated on each Ansible Automation Platform component VM except for automation controller, execution nodes, or the PostgreSQL database.
3.2.2. Tested system configurations
Red Hat has tested the following configurations to install and run Red Hat Ansible Automation Platform:
Type | Description |
---|---|
Subscription |
|
Operating system | Red Hat Enterprise Linux 9.2 or later |
CPU architecture | x86_64, AArch64, s390x (IBM Z) |
Ansible-core | Ansible-core version 2.16 or later |
Browser | A currently supported version of Mozilla Firefox or Google Chrome. |
Database | PostgreSQL 15 |
3.2.3. Network ports
Red Hat Ansible Automation Platform uses several ports to communicate with its services. These ports must be open and available for incoming connections to the Red Hat Ansible Automation Platform server for it to work. Ensure that these ports are available and are not blocked by the server firewall.
Port number | Protocol | Service | Source | Destination |
---|---|---|---|---|
80/443 | TCP | HTTP/HTTPS | Event-Driven Ansible | Automation hub |
80/443 | TCP | HTTP/HTTPS | Event-Driven Ansible | Automation controller |
80/443 | TCP | HTTP/HTTPS | Automation controller | Automation hub |
443 | TCP | HTTPS | HAProxy load balancer | Platform gateway |
443 | TCP | HTTPS | Platform gateway | Automation controller |
443 | TCP | HTTPS | Platform gateway | Automation hub |
443 | TCP | HTTPS | Platform gateway | Event-Driven Ansible |
5432 | TCP | PostgreSQL | Event-Driven Ansible | External database |
5432 | TCP | PostgreSQL | Platform gateway | External database |
5432 | TCP | PostgreSQL | Automation hub | External database |
5432 | TCP | PostgreSQL | Automation controller | External database |
27199 | TCP | Receptor | Automation controller | Hop node and execution node |
27199 | TCP | Receptor | Hop node | Execution node |
6379 | TCP | Redis | Event-Driven Ansible | Redis node |
6379 | TCP | Redis | Platform gateway | Redis node |
16379 | TCP | Redis | Redis node | Redis node |
8433 | TCP | HTTPS | Platform gateway | Platform gateway |
50051 | TCP | gRPC | Platform gateway | Platform gateway |
3.2.4. Example enterprise inventory file
Use the example inventory file to perform an installation for this topology:
# This is the enterprise installer inventory file # Please consult the docs if you are unsure what to add # For all optional variables please consult the included README.md # or the Red Hat documentation: # https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/containerized_installation # This section is for your platform gateway hosts # ----------------------------------------------------- [automationgateway] gateway1.example.org gateway2.example.org # This section is for your automation controller hosts # ----------------------------------------------------- [automationcontroller] controller1.example.org controller2.example.org # This section is for your Ansible Automation Platform execution hosts # ----------------------------------------------------- [execution_nodes] hop1.example.org receptor_type='hop' exec1.example.org exec2.example.org # This section is for your automation hub hosts # ----------------------------------------------------- [automationhub] hub1.example.org hub2.example.org # This section is for your Event-Driven Ansible controller hosts # ----------------------------------------------------- [automationeda] eda1.example.org eda2.example.org [redis] gateway1.example.org gateway2.example.org hub1.example.org hub2.example.org eda1.example.org eda2.example.org [all:vars] # Common variables # https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/containerized_installation/appendix-inventory-files-vars#ref-general-inventory-variables # ----------------------------------------------------- postgresql_admin_username=<set your own> postgresql_admin_password=<set your own> registry_username=<your RHN username> registry_password=<your RHN password> # Platform gateway # https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/containerized_installation/appendix-inventory-files-vars#ref-gateway-variables # ----------------------------------------------------- gateway_admin_password=<set your own> gateway_pg_host=externaldb.example.org gateway_pg_database=<set your own> gateway_pg_username=<set your own> gateway_pg_password=<set your own> # Automation controller # https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/containerized_installation/appendix-inventory-files-vars#ref-controller-variables # ----------------------------------------------------- controller_admin_password=<set your own> controller_pg_host=externaldb.example.org controller_pg_database=<set your own> controller_pg_username=<set your own> controller_pg_password=<set your own> # Automation hub # https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/containerized_installation/appendix-inventory-files-vars#ref-hub-variables # ----------------------------------------------------- hub_admin_password=<set your own> hub_pg_host=externaldb.example.org hub_pg_database=<set your own> hub_pg_username=<set your own> hub_pg_password=<set your own> # Event-Driven Ansible controller # https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/containerized_installation/appendix-inventory-files-vars#event-driven-ansible-controller # ----------------------------------------------------- eda_admin_password=<set your own> eda_pg_host=externaldb.example.org eda_pg_database=<set your own> eda_pg_username=<set your own> eda_pg_password=<set your own>
3.2.5. Storage requirements
-
Execution environments are pulled into automation controller hybrid nodes and execution nodes that run jobs. The size of these containers influences the storage requirements for
$PATH_WHERE_PODMAN_PUTS_CONTAINER_IMAGES
. The primary determining factors for the size of the database and its storage volume, which defaults to
$POSTGRES_DEFAULT_DATA_DIR
, are:- The quantity of job events (lines of output from automation controller jobs)
- The quantity of days of job data that are retained
-
On execution nodes and automation controller control and hybrid nodes, job output is buffered to the disk in
$NAME_OF_RECEPTOR_DIR_VAR
, which defaults to/tmp
. -
The size and quantity of collections synced to automation hub influence the storage requirements of
$PATH_WHERE_PULP_STORES_COLLECTIONS
.
Chapter 4. Operator topologies
The Ansible Automation Platform Operator uses Red Hat OpenShift Operators to deploy Ansible Automation Platform within Red Hat OpenShift. Customers manage the product and infrastructure lifecycle.
You can only install a single instance of the Ansible Automation Platform Operator into a single namespace. Installing multiple instances in the same namespace can lead to improper operation for both Operator instances.
4.1. Operator growth topology
The growth topology is intended for organizations that are getting started with Ansible Automation Platform and do not require redundancy or higher compute for large volumes of automation. This topology allows for smaller footprint deployments.
4.1.1. Infrastructure topology
The following diagram outlines the infrastructure topology that Red Hat has tested with this deployment model that customers can use when self-managing Ansible Automation Platform:
Figure 4.1. Infrastructure topology diagram
A Single Node OpenShift (SNO) cluster has been tested with the following requirements: 32 GB RAM, 16 CPUs, 128 GB local disk, and 3000 IOPS.
Count | Component |
---|---|
1 | Automation controller web pod |
1 | Automation controller task pod |
1 | Automation hub API pod |
2 | Automation hub content pod |
2 | Automation hub worker pod |
1 | Automation hub Redis pod |
1 | Event-Driven Ansible API pod |
1 | Event-Driven Ansible activation worker pod |
1 | Event-Driven Ansible default worker pod |
1 | Event-Driven Ansible event stream pod |
1 | Event-Driven Ansible scheduler pod |
1 | Platform gateway pod |
1 | Database pod |
1 | Redis pod |
4.1.2. Tested system configurations
Red Hat has tested the following configurations to install and run Red Hat Ansible Automation Platform:
Type | Description |
---|---|
Subscription | Valid Red Hat Ansible Automation Platform subscription |
Operating system | Red Hat Enterprise Linux 9.2 or later x86_64 and AArch64 |
Red Hat OpenShift |
|
Ansible-core | Ansible-core version 2.16 or later |
Browser | A currently supported version of Mozilla Firefox or Google Chrome. |
Database | PostgreSQL 15 |
4.1.3. Example custom resource file
Use the following example custom resource (CR) to add your Ansible Automation Platform instance to your project:
apiVersion: aap.ansible.com/v1alpha1 kind: AnsibleAutomationPlatform metadata: name: <aap instance name> spec: eda: automation_server_ssl_verify: 'no' hub: storage_type: 's3' object_storage_s3_secret: '<name of the Secret resource holding s3 configuration>'
4.1.4. Nonfunctional requirements
Ansible Automation Platform’s performance characteristics and capacity are impacted by its resource allocation and configuration. With OpenShift, each Ansible Automation Platform component is deployed as a pod. You can specify resource requests and limits for each pod.
Use the Ansible Automation Platform Custom Resource (CR) to configure resource allocation for OpenShift installations. Each configurable item has default settings. These settings are the minimum requirements for an installation, but might not meet your production workload needs.
By default, each component’s deployments are set for minimum resource requests but no resource limits. OpenShift only schedules the pods with available resource requests, but the pods are allowed to consume unlimited RAM or CPU provided that the OpenShift worker node itself is not under node pressure.
In the Operator growth topology, Ansible Automation Platform is deployed on a Single Node OpenShift (SNO) with 32 GB RAM, 16 CPUs, 128 GB Local disk, and 3000 IOPS. This is not a shared environment, so Ansible Automation Platform pods have full access to all of the compute resources of the OpenShift SNO. In this scenario, the capacity calculation for the automation controller task pods is derived from the underlying OpenShift Container Platform node that runs the pod. It does not have access to the entire node. This capacity calculation influences how many concurrent jobs automation controller can run.
OpenShift manages storage distinctly from VMs. This impacts how automation hub stores its artifacts. In the Operator growth topology, we use S3 storage because automation hub requires a ReadWriteMany
type storage, which is not a default storage type in OpenShift.
4.1.5. Network ports
Red Hat Ansible Automation Platform uses several ports to communicate with its services. These ports must be open and available for incoming connections to the Red Hat Ansible Automation Platform server for it to work. Ensure that these ports are available and are not blocked by the server firewall.
Port number | Protocol | Service | Source | Destination |
---|---|---|---|---|
27199 | TCP | Receptor | OpenShift Container Platform cluster | Execution node |
27199 | TCP | Receptor | OpenShift Container Platform cluster | Hop node |
443 | HTTPS | Receptor | Execution node | OpenShift Container Platform ingress |
443 | HTTPS | Receptor | Hop node | OpenShift Container Platform ingress |
443 | HTTPS | Platform | Customer clients | OpenShift Container Platform ingress |
4.2. Operator enterprise topology
The enterprise topology is intended for organizations that require Ansible Automation Platform to be deployed with redundancy or higher compute for large volumes of automation.
4.2.1. Infrastructure topology
The following diagram outlines the infrastructure topology that Red Hat has tested with this deployment model that customers can use when self-managing Ansible Automation Platform:
Figure 4.2. Infrastructure topology diagram
The following infrastructure topology describes an OpenShift Cluster with 3 master nodes and 2 worker nodes.
Each OpenShift Worker node has been tested with the following component requirements: 16 GB RAM, 4 CPUs, 128 GB local disk, and 3000 IOPS.
Count | Component |
---|---|
1 | Automation controller web pod |
1 | Automation controller task pod |
1 | Automation hub API pod |
2 | Automation hub content pod |
2 | Automation hub worker pod |
1 | Automation hub Redis pod |
1 | Event-Driven Ansible API pod |
2 | Event-Driven Ansible activation worker pod |
2 | Event-Driven Ansible default worker pod |
2 | Event-Driven Ansible event stream pod |
1 | Event-Driven Ansible scheduler pod |
1 | Platform gateway pod |
2 | Mesh ingress pod |
N/A | Externally managed database service |
N/A | Externally managed Redis |
N/A | Externally managed object storage service (for automation hub) |
4.2.2. Tested system configurations
Red Hat has tested the following configurations to install and run Red Hat Ansible Automation Platform:
Type | Description |
---|---|
Subscription | Valid Red Hat Ansible Automation Platform subscription |
Red Hat OpenShift |
|
Ansible-core | Ansible-core version 2.16 or later |
Browser | A currently supported version of Mozilla Firefox or Google Chrome. |
AWS RDS PostgreSQL service |
|
AWS Memcached Service |
|
s3 storage | HTTPS only accessible through AWS Role assigned to automation hub SA at runtime by using AWS Pod Identity |
4.2.3. Nonfunctional requirements
Ansible Automation Platform’s performance characteristics and capacity are impacted by its resource allocation and configuration. With OpenShift, each Ansible Automation Platform component is deployed as a pod. You can specify resource requests and limits for each pod.
Use the Ansible Automation Platform custom resource to configure resource allocation for OpenShift installations. Each configurable item has default settings. These settings are the exact configuration used within the context of this reference deployment architecture and presumes that the environment is being deployed and managed by an Enterprise IT organization for production purposes.
By default, each component’s deployments are set for minimum resource requests but no resource limits. OpenShift only schedules the pods with available resource requests, but the pods are allowed to consume unlimited RAM or CPU provided that the OpenShift worker node itself is not under node pressure.
In the Operator enterprise topology, Ansible Automation Platform is deployed on a Red Hat OpenShift on AWS (ROSA) Hosted Control Plane (HCP) cluster with 2 t3.xlarge worker nodes spread across 2 AZs within a single AWS Region. This is not a shared environment, so Ansible Automation Platform pods have full access to all of the compute resources of the ROSA HCP cluster. In this scenario, the capacity calculation for the automation controller task pods is derived from the underlying HCP worker node that runs the pod. It does not have access to the CPU or memory resources of the entire node. This capacity calculation influences how many concurrent jobs automation controller can run.
OpenShift manages storage distinctly from VMs. This impacts how automation hub stores its artifacts. In the Operator enterprise topology, we use S3 storage because automation hub requires a ReadWriteMany
type storage, which is not a default storage type in OpenShift. Externally provided Redis, PostgreSQL, and object storage for automation hub are specified. This provides the Ansible Automation Platform deployment with additional scalability and reliability features, including specialized backup, restore, and replication services and scalable storage.
4.2.4. Network ports
Red Hat Ansible Automation Platform uses several ports to communicate with its services. These ports must be open and available for incoming connections to the Red Hat Ansible Automation Platform server for it to work. Ensure that these ports are available and are not blocked by the server firewall.
Port number | Protocol | Service | Source | Destination |
---|---|---|---|---|
5432 | TCP | PostgreSQL | OpenShift Container Platform cluster | External database service |
6379 | TCP | Redis | OpenShift Container Platform cluster | External Redis service |
443 | HTTPS | Object storage | OpenShift Container Platform cluster | External object storage service |
27199 | TCP | Receptor | OpenShift Container Platform cluster | Execution node |
27199 | TCP | Receptor | OpenShift Container Platform cluster | Hop node |
443 | HTTPS | Receptor | Execution node | OpenShift Container Platform ingress |
443 | HTTPS | Receptor | Hop node | OpenShift Container Platform ingress |
Chapter 5. Automation mesh nodes
Automation mesh is an overlay network intended to ease the distribution of work across a large and dispersed collection of workers. This is done through nodes that establish peer-to-peer connections with each other by using existing networks.
5.1. Tested system configurations
Each automation mesh VM has been tested with the following component requirements: 16 GB RAM, 4 CPUs, 60 GB local disk, and 3000 IOPS.
5.2. Network ports
Automation mesh uses several ports to communicate with its services. These ports must be open and available for incoming connections to the Red Hat Ansible Automation Platform server for it to work. Ensure that these ports are available and are not blocked by the server firewall.
Port number | Protocol | Service | Source | Destination |
---|---|---|---|---|
27199 | TCP | Receptor | OpenShift Container Platform cluster | Execution node |
27199 | TCP | Receptor | OpenShift Container Platform cluster | Hop node |
443 | HTTPS | Receptor | Execution node | OpenShift Container Platform mesh ingress |
443 | HTTPS | Receptor | Hop node | OpenShift Container Platform mesh ingress |
For additional information about each of the tested topologies described in this document, see the test-topologies GitHub repo.