Search
SupportConsoleDevelopersStart a trialContact

Chapter 1. Ansible Automation Platform containerized installation

download PDF

Ansible Automation Platform is a commercial offering that helps teams manage complex multi-tier deployments by adding control, knowledge, and delegation to Ansible-powered environments.

This guide helps you to understand the installation requirements and processes behind the containerized version of Ansible Automation Platform.

Note

Upgrades from 2.4 Containerized Ansible Automation Platform Tech Preview to 2.5 Containerized Ansible Automation Platform are unsupported at this time.

Prerequisites

  • A Red Hat Enterprise Linux (RHEL) 9.2 based host. Use a minimal operating system base install.
  • A non-root user for the Red Hat Enterprise Linux host, with sudo or other Ansible supported privilege escalation (sudo recommended). This user is responsible for the installation of containerized Ansible Automation Platform.

  • SSH public key authentication for the non-root user. For guidelines on setting up SSH public key authentication for the non-root user, see How to configure SSH public key authentication for passwordless login.

    • SSH keys are only required when installing on remote hosts. If doing a self contained local VM based installation, you can use ansible_connection=local.
  • Internet access from the Red Hat Enterprise Linux host if you are using the default online installation method.
  • The appropriate network ports are open if a firewall is in place. For more information about the ports to open, see Container topologies in Tested deployment models.

1.1. Tested deployment topologies

Red Hat tests Ansible Automation Platform 2.5 with a defined set of topologies to give you opinionated deployment options. The supported topologies include infrastructure topology diagrams, tested system configurations, example inventory files, and network ports information.

For containerized Ansible Automation Platform, there are two infrastructure topology shapes:

  1. Growth - (All-in-one) Intended for organizations that are getting started with Ansible Automation Platform. This topology allows for smaller footprint deployments.
  2. Enterprise - Intended for organizations that require Ansible Automation Platform deployments to have redundancy or higher compute for large volumes of automation. This is a more future-proofed scaled out architecture.

For more information about the tested deployment topologies for containerized Ansible Automation Platform, see Container topologies in Tested deployment models.

1.2. System requirements

Each virtual machine (VM) has the following system requirements:

RequirementMinimum requirement

RAM

16 GB

CPUs

4

Local disk

60 GB

Disk IOPS

3000

1.3. Preparing the Red Hat Enterprise Linux host for containerized installation

Containerized Ansible Automation Platform runs the component services as Podman based containers on top of a Red Hat Enterprise Linux host. Prepare the Red Hat Enterprise Linux host to ensure a successful installation.

Procedure

  1. Log in to the Red Hat Enterprise Linux host as your non-root user.

  2. Set a hostname that is a fully qualified domain name (FQDN): 

    sudo hostnamectl set-hostname <your_hostname>

  3. Register your Red Hat Enterprise Linux host with subscription-manager: 

    sudo subscription-manager register

  4. Run sudo dnf repolist to validate that only the BaseOS and AppStream repositories are setup and enabled on the host: 

    $ sudo dnf repolist
Updating Subscription Management repositories.
repo id                                                    repo name
rhel-9-for-x86_64-appstream-rpms                           Red Hat Enterprise Linux 9 for x86_64 - AppStream (RPMs)
rhel-9-for-x86_64-baseos-rpms                              Red Hat Enterprise Linux 9 for x86_64 - BaseOS (RPMs)
  5. Ensure that only these repositories are available to the Red Hat Enterprise Linux host. For more information about managing custom repositories, see: Managing custom software repositories.
  6. Ensure that the host has DNS configured and can resolve host names and IP addresses by using a fully qualified domain name (FQDN). This is essential to ensure services can talk to one another.

  7. Install ansible-core: 

    sudo dnf install -y ansible-core

  8. Optional: You can install additional utilities that can be useful for troubleshooting purposes, for example wget, git-core, rsync, and vim: 

    sudo dnf install -y wget git-core rsync vim
  9. Optional: To have the installer automatically pick up and apply your Ansible Automation Platform subscription manifest license, follow the steps in Obtaining a manifest file.

Additional resources

1.4. Downloading Ansible Automation Platform

Choose the installer you need based on your Red Hat Enterprise Linux environment internet connectivity and download the installer to your Red Hat Enterprise Linux host.

Procedure

  1. Download the latest installer .tar file from the Ansible Automation Platform download page.

    1. For online installations: Ansible Automation Platform 2.5 Containerized Setup
    2. For offline or bundled installations: Ansible Automation Platform 2.5 Containerized Setup Bundle
  2. Copy the installer .tar file and the optional manifest .zip file onto your Red Hat Enterprise Linux host.
  3. Decide where you want the installer to reside on the file system. Installation related files are created under this location and require at least 10 GB for the initial installation.

  4. Unpack the installer .tar file into your installation directory, and go to the unpacked directory.

    1. To unpack the online installer: 

      $ tar xfvz ansible-automation-platform-containerized-setup-<version>.tar.gz

    2. To unpack the offline or bundled installer: 

      $ tar xfvz ansible-automation-platform-containerized-setup-bundle-<version>-<arch_name>.tar.gz

1.5. Installing containerized Ansible Automation Platform

You can control the installation of Ansible Automation Platform with inventory files. Inventory files define the hosts and containers used and created, variables for components, and other information needed to customize the installation.

Example inventory files are provided in this document that you can copy and change to quickly get started.

Inventory files for the growth and enterprise topology are also found in the downloaded installer package:

  • The default one named inventory is for the enterprise topology pattern.
  • If you want to deploy the growth or all-in-one pattern you need to copy over or use the inventory-growth file instead.

Additionally, you can find example inventory files in Container topologies in Tested deployment models.

To use the example inventory files, replace the < > placeholders with your specific variables, and update the host names. Refer to the README.md file in the installation directory for more information about optional and required variables.

1.5.1. Inventory file for online installation for containerized growth topology (all-in-one)

Use the following example inventory file to perform an online installation for the containerized growth topology (all-in-one): 

# This is the Ansible Automation Platform growth installer inventory file
# Please consult the docs if you are unsure what to add
# For all optional variables please consult the included README.md
# or the Red Hat documentation:
# https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/containerized_installation

# This section is for your platform gateway hosts
# -----------------------------------------------------
[automationgateway]
aap.example.org

# This section is for your automation controller hosts
# -----------------------------------------------------
[automationcontroller]
aap.example.org

# This section is for your automation hub hosts
# -----------------------------------------------------
[automationhub]
aap.example.org

# This section is for your Event-Driven Ansible controller hosts
# -----------------------------------------------------
[automationeda]
aap.example.org

# This section is for the Ansible Automation Platform database
# -----------------------------------------------------
[database]
aap.example.org

[all:vars]

# Common variables
# https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/containerized_installation/appendix-inventory-files-vars#ref-general-inventory-variables
# -----------------------------------------------------
postgresql_admin_username=postgres
postgresql_admin_password=<set your own>

registry_username=<your RHN username>
registry_password=<your RHN password>

redis_mode=standalone

# Platform gateway
# https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/containerized_installation/appendix-inventory-files-vars#ref-gateway-variables
# -----------------------------------------------------
gateway_admin_password=<set your own>
gateway_pg_host=aap.example.org
gateway_pg_password=<set your own>

# Automation controller
# https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/containerized_installation/appendix-inventory-files-vars#ref-controller-variables
# -----------------------------------------------------
controller_admin_password=<set your own>
controller_pg_host=aap.example.org
controller_pg_password=<set your own>

# Automation hub
# https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/containerized_installation/appendix-inventory-files-vars#ref-hub-variables
# -----------------------------------------------------
hub_admin_password=<set your own>
hub_pg_host=aap.example.org
hub_pg_password=<set your own>

# Event-Driven Ansible controller
# https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/containerized_installation/appendix-inventory-files-vars#event-driven-ansible-controller
# -----------------------------------------------------
eda_admin_password=<set your own>
eda_pg_host=aap.example.org
eda_pg_password=<set your own>

1.5.2. Inventory file for online installation for containerized enterprise topology

Use the following example inventory file to perform an online installation for the containerized enterprise topology: 

# This is the Ansible Automation Platform enterprise installer inventory file
# Please consult the docs if you are unsure what to add
# For all optional variables please consult the included README.md
# or the Red Hat documentation:
# https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/containerized_installation

# This section is for your platform gateway hosts
# -----------------------------------------------------
[automationgateway]
gateway1.example.org
gateway2.example.org

# This section is for your automation controller hosts
# -----------------------------------------------------
[automationcontroller]
controller1.example.org
controller2.example.org

# This section is for your Ansible Automation Platform execution hosts
# -----------------------------------------------------
[execution_nodes]
hop1.example.org receptor_type='hop'
exec1.example.org
exec2.example.org

# This section is for your automation hub hosts
# -----------------------------------------------------
[automationhub]
hub1.example.org
hub2.example.org

# This section is for your Event-Driven Ansible controller hosts
# -----------------------------------------------------
[automationeda]
eda1.example.org
eda2.example.org

[redis]
gateway1.example.org
gateway2.example.org
hub1.example.org
hub2.example.org
eda1.example.org
eda2.example.org

[all:vars]

# Common variables
# https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/containerized_installation/appendix-inventory-files-vars#ref-general-inventory-variables
# -----------------------------------------------------
registry_username=<your RHN username>
registry_password=<your RHN password>

# Platform gateway
# https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/containerized_installation/appendix-inventory-files-vars#ref-gateway-variables
# -----------------------------------------------------
gateway_admin_password=<set your own>
gateway_pg_host=externaldb.example.org
gateway_pg_database=<set your own>
gateway_pg_username=<set your own>
gateway_pg_password=<set your own>

# Automation controller
# https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/containerized_installation/appendix-inventory-files-vars#ref-controller-variables
# -----------------------------------------------------
controller_admin_password=<set your own>
controller_pg_host=externaldb.example.org
controller_pg_database=<set your own>
controller_pg_username=<set your own>
controller_pg_password=<set your own>

# Automation hub
# https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/containerized_installation/appendix-inventory-files-vars#ref-hub-variables
# -----------------------------------------------------
hub_admin_password=<set your own>
hub_pg_host=externaldb.example.org
hub_pg_database=<set your own>
hub_pg_username=<set your own>
hub_pg_password=<set your own>

# Event-Driven Ansible controller
# https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/containerized_installation/appendix-inventory-files-vars#event-driven-ansible-controller
# -----------------------------------------------------
eda_admin_password=<set your own>
eda_pg_host=externaldb.example.org
eda_pg_database=<set your own>
eda_pg_username=<set your own>
eda_pg_password=<set your own>

Redis configuration for an enterprise topology

  • Redis can be colocated with any other node in a clustered installation.

  • By default the redis_mode is set to cluster.

    • redis_mode=cluster
  • For more information about Redis, see Caching and queueing system in Planning your installation.

1.5.3. Additional information for configuring your inventory file

Offline or bundled installation

  • To perform an offline installation, add the following under the [all:vars] group: 
bundle_install=true
# The bundle directory must include /bundle in the path
bundle_dir=<full path to the bundle directory>

Configuring a HAProxy load balancer

  • To configure a HAProxy load balancer in front of platform gateway with a custom CA cert, set the following inventory file variables under the [all:vars] group: 
custom_ca_cert=<path_to_cert_crt>
gateway_main_url=<https://load_balancer_url>
Note

HAProxy SSL passthrough mode is not supported with platform gateway.

Loading an automation controller license file

  • To define the location of your automation controller license file, set the following variable in the inventory file: 
controller_license_file=<full_path_to_your_manifest_zip_file>

1.5.4. Running the installation command

Use the following command to install containerized Ansible Automation Platform: 

ansible-playbook -i inventory ansible.containerized_installer.install
  • If your privilege escalation requires you to enter a password, append -K to the command line. You are then prompted for the BECOME password.
  • You can use increasing verbosity, up to 4 v’s (-vvvv) to see the details of the installation process. However, it is important to note that this can significantly increase installation time, so it is recommended that you use it only as needed or requested by Red Hat support.

1.6. Accessing Ansible Automation Platform

After the installation completes, the default protocol and ports used for Ansible Automation Platform are 80 (HTTP) and 443 (HTTPS).

You can customize the ports with the following variables: 

envoy_http_port=80
envoy_https_port=443

If you want to disable HTTPS, set envoy_disable_https to true: 

envoy_disable_https=true

Accessing the platform UI

The platform UI is available by default at: 

https://<gateway-node>:443

Log in as the admin user with the password you created for gateway_admin_password.

1.7. Using custom TLS certificates

By default, the installer generates TLS certificates and keys for all services that are signed by a custom Certificate Authority (CA). You can provide a custom TLS certificate and key for each service. If that certificate is signed by a custom CA, you must provide the CA TLS certificate and key.

  • Certificate Authority 
ca_tls_cert=/full/path/to/tls/certificate
ca_tls_key=/full/path/to/tls/key
  • Platform gateway 
gateway_tls_cert=/full/path/to/tls/certificate
gateway_tls_key=/full/path/to/tls/key
  • Automation controller 
controller_tls_cert=/full/path/to/tls/certificate
controller_tls_key=/full/path/to/tls/key
  • Automation hub 
hub_tls_cert=/full/path/to/tls/certificate
hub_tls_key=/full/path/to/tls/key
  • Event-Driven Ansible 
eda_tls_cert=/full/path/to/tls/certificate
eda_tls_key=/full/path/to/tls/key
  • PostgreSQL 
postgresql_tls_cert=/full/path/to/tls/certificate
postgresql_tls_key=/full/path/to/tls/key
  • Receptor 
receptor_tls_cert=/full/path/to/tls/certificate
receptor_tls_key=/full/path/to/tls/key

1.8. Using custom Receptor signing keys

Receptor signing is enabled by default unless receptor_disable_signing=true is set, and an RSA key pair (public and private) is generated by the installer. However, you can give custom RSA public and private keys by setting the path variables: 

receptor_signing_private_key=<full_path_to_private_key>
receptor_signing_public_key=<full_path_to_public_key>

1.9. Enabling Automation hub collection and container signing

With automation hub you can sign Ansible collections and container images. This feature is not enabled by default, and you must provide the GPG key. 

hub_collection_signing=true
hub_collection_signing_key=<full_path_to_collections_gpg_key>
hub_container_signing=true
hub_container_signing_key=<full_path_to_containers_gpg_key>

When the GPG key is protected by a passphrase, you must provide the passphrase. 

hub_collection_signing_pass=<collections_gpg_key_passphrase>
hub_container_signing_pass=<containers_gpg_key_passphrase>

1.10. Adding execution nodes

The containerized installer can deploy remote execution nodes. The execution_nodes group in the inventory file handles this. 

[execution_nodes]
<fqdn_of_your_execution_host>

An execution node is by default configured as an execution type running on port 27199 (TCP). This can be changed by the following variables: 

receptor_port=27199
receptor_protocol=tcp
receptor_type=hop

The receptor_type value can be either execution or hop, while the receptor_protocol is either tcp or udp. By default, the nodes in the execution_nodes group are added as peers for the controller node. However, you can change the peers configuration by using the receptor_peers variable. 

[execution_nodes]
fqdn_of_your_execution_host
fqdn_of_your_hop_host receptor_type=hop receptor_peers='["<fqdn_of_your_execution_host>"]'

1.11. Adding a safe plugin variable to Event-Driven Ansible controller

When using redhat.insights_eda or similar plugins to run rulebook activations in Event-Driven Ansible controller, you must add a safe plugin variable to a directory in Ansible Automation Platform. This ensures connection between Event-Driven Ansible controller and the source plugin, and displays port mappings correctly.

Procedure

  1. Create a directory for the safe plugin variable: mkdir -p ./group_vars/automationedacontroller
  2. Create a file within that directory for your new setting (for example, touch ./group_vars/automationedacontroller/custom.yml)

  3. Add the variable automationedacontroller_additional_settings to extend the default settings.yaml template for Event-Driven Ansible controller and add the SAFE_PLUGINS field with a list of plugins to enable. For example: 

    automationedacontroller_additional_settings:
   SAFE_PLUGINS:
     - ansible.eda.webhook
     - ansible.eda.alertmanager
    Note

    You can also extend the automationedacontroller_additional_settings variable beyond SAFE_PLUGINS in the Django configuration file, /etc/ansible-automation-platform/eda/settings.yaml

1.12. Uninstalling containerized Ansible Automation Platform

To uninstall a containerized deployment, run the uninstall.yml playbook: 

$ ansible-playbook -i inventory ansible.containerized_installer.uninstall

This stops all systemd units and containers and then deletes all resources used by the containerized installer such as:

  • config and data directories and files
  • systemd unit files
  • Podman containers and images
  • RPM packages

To keep container images, you can set the container_keep_images variable to true. 

$ ansible-playbook -i inventory ansible.containerized_installer.uninstall -e container_keep_images=true

To keep PostgreSQL databases, you can set the postgresql_keep_databases variable to true. 

$ ansible-playbook -i inventory ansible.containerized_installer.uninstall -e postgresql_keep_databases=true
Note

Use the Ansible Automation Platform secret key values rather than the autogenerated ones.

Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.