Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 2. Installing the Ansible plug-ins with a Helm chart on OpenShift Container Platform

The following procedures describe how to install Ansible plug-ins in Red Hat Developer Hub instances on Red Hat OpenShift Container Platform using a Helm chart.

The workflow is as follows:

  1. Choose a plug-in delivery method: OCI container delivery (recommended) or HTTP plug-in registry.
  2. Complete the preparation steps for your chosen delivery method.
  3. Add the plug-ins to the Helm chart.
  4. Create a custom ConfigMap.
  5. Add your custom ConfigMap to your Helm chart.

  6. Edit your custom ConfigMap and Helm chart according to the required and optional configuration procedures.

    Note

    You can save changes to your Helm chart and ConfigMap after each update to your configuration. You do not have to make all the changes to these files in a single session.

2.1. Prerequisites
Copy link

To proceed, you must have Red Hat Developer Hub installed on Red Hat OpenShift Container Platform (OCP) and a valid subscription to Red Hat Ansible Automation Platform.

  • Red Hat Developer Hub installed on Red Hat OpenShift Container Platform.

  • A valid subscription to Red Hat Ansible Automation Platform.
  • An OpenShift Container Platform instance with the appropriate permissions within your project to create an application.
  • The Red Hat Developer Hub instance can query the automation controller API.
  • Optional: To use the integrated learning paths, you must have outbound access to developers.redhat.com.

2.3. Choose a plug-in delivery method
Copy link

Ansible plug-ins for Red Hat Developer Hub support two delivery methods. Choose the method that fits your environment:

  • OCI container (recommended): Red Hat Developer Hub pulls the Ansible plug-ins directly from registry.redhat.io as OCI artifacts during startup. You do not need to use any manual file downloads or plug-in registry deployment.
  • HTTP plug-in registry: Manually download the Ansible plug-ins tarball files, deploy an HTTP plug-in registry in your OpenShift cluster, and configure Red Hat Developer Hub to pull plug-ins from that registry. Use this method if your environment cannot pull OCI artifacts from registry.redhat.io.

Complete one of the following procedures before configuring the Ansible plug-ins in the Required configuration section.

2.3.1. Use OCI container delivery method
Copy link

Red Hat Developer Hub pulls the Ansible plug-ins directly from registry.redhat.io as OCI artifacts. This the recommended method that requires a registry authentication secret in the same OpenShift project as your Red Hat Developer Hub deployment.

Prerequisites

  • You have a Red Hat account with access to registry.redhat.io.
  • You have a registry service account token from the Red Hat Customer Portal. For more information, see Registry Service Accounts.
  • You have access to the OpenShift project. In the same project you had installed Red Hat Developer Hub.
  • You have installed the OpenShift CLI (oc) and logged in to your cluster.

Procedure

  1. Create an auth.json file on your local machine with your registry.redhat.io credentials: 

    {
  "auths": {
    "registry.redhat.io": {
      "auth": "<base64-encoded-username:password>"
    }
  }
}

    To generate the base64-encoded value use the printf '%s' '<username>:<password>' | base64 command.

  2. Create the authentication secret in the OpenShift project where you installed Red Hat Developer Hub.

    The secret name must follow the pattern <deployment-name>-dynamic-plugins-registry-auth, where <deployment-name> matches your Red Hat Developer Hub deployment name.

    • For a default Red Hat Developer Hub Helm installation with release name developer-hub: 

      oc create secret generic developer-hub-dynamic-plugins-registry-auth \
  --from-file=auth.json=./auth.json

    • If you use a different Helm release name: 

      oc create secret generic <deployment-name>-dynamic-plugins-registry-auth \
  --from-file=auth.json=./auth.json

    • If you already have Podman credentials configured locally: 

      oc create secret generic <deployment-name>-dynamic-plugins-registry-auth \
  --from-file=auth.json=${XDG_RUNTIME_DIR}/containers/auth.json
      Important

      Create this secret in the same OpenShift project as your Red Hat Developer Hub deployment, and create it before you configure the plug-ins. Use a Red Hat Registry service account token, not your personal Red Hat account credentials.

Verification

  • Verify that the secret exists in the project: 

    oc get secret <deployment-name>-dynamic-plugins-registry-auth

2.3.2. Downloading the Ansible plug-ins files
Copy link

Download the Ansible plug-ins for Red Hat Developer Hub Setup Bundle from the Red Hat Ansible Automation Platform Product Software downloads page.

Procedure

  1. In a browser, navigate to the Red Hat Ansible Automation Platform Product Software downloads page and select the Product Software tab.

  2. Click Download now next to Ansible plug-ins for Red Hat Developer Hub Setup Bundle to download the latest version of the plug-ins.

    The format of the filename is ansible-rhdh-plugins-x.y.z.tar.gz. Substitute the Ansible plug-ins release version, for example 2.0.0, for x.y.z.

  3. Create a directory on your local machine to store the .tar files. 

    $ mkdir /path/to/<ansible-backstage-plugins-local-dir-changeme>

  4. Set an environment variable ($DYNAMIC_PLUGIN_ROOT_DIR) to represent the directory path. 

    $ export DYNAMIC_PLUGIN_ROOT_DIR=/path/to/<ansible-backstage-plugins-local-dir-changeme>

  5. Extract the ansible-rhdh-plugins-<version-number>.tar.gz contents to $DYNAMIC_PLUGIN_ROOT_DIR. 

    $ tar --exclude='*code*' -xzf ansible-rhdh-plugins-x.y.z.tar.gz -C $DYNAMIC_PLUGIN_ROOT_DIR

    Substitute the Ansible plug-ins release version, for example 2.0.0, for x.y.z.

Verification

Run ls to verify that the extracted files are in the $DYNAMIC_PLUGIN_ROOT_DIR directory: 

$ ls $DYNAMIC_PLUGIN_ROOT_DIR
ansible-plugin-backstage-rhaap-dynamic-x.y.z.tgz
ansible-plugin-backstage-rhaap-dynamic-x.y.z.tgz.integrity
ansible-plugin-scaffolder-backend-module-backstage-rhaap-dynamic-x.y.z.tgz
ansible-plugin-scaffolder-backend-module-backstage-rhaap-dynamic-x.y.z.tgz.integrity

The files with the .integrity file type contain the plugin SHA value. You use the SHA value during the plug-in configuration.

Set up a registry in your OpenShift cluster to host the Ansible plug-ins and make them available for installation in Red Hat Developer Hub (RHDH).

Procedure

  1. Log in to your OpenShift Container Platform instance with credentials to create a new application.

  2. Open your Red Hat Developer Hub OpenShift project. 

    $ oc project <YOUR_DEVELOPER_HUB_PROJECT>

  3. Run the following commands to create a plug-in registry build in the OpenShift cluster. 

    $ oc new-build httpd --name=plugin-registry --binary
$ oc start-build plugin-registry --from-dir=$DYNAMIC_PLUGIN_ROOT_DIR --wait
$ oc new-app --image-stream=plugin-registry

Verification

To verify that the plugin-registry was deployed successfully, open the Topology view in the Developer perspective on the Red Hat Developer Hub application in the OpenShift Web console.

  1. Click the plug-in registry to view the log.

    Developer perspective

    (1) Developer hub instance

    (2) Plug-in registry

  2. Click the terminal tab and login to the container.

  3. In the terminal, run ls to confirm that the .tar files are in the plugin registry. 

    ansible-plugin-backstage-rhaap-dynamic-x.y.z.tgz
ansible-plugin-scaffolder-backend-module-backstage-rhaap-dynamic-x.y.z.tgz

    The version numbers and file names can differ.

2.4. Required configuration
Copy link

Configure the Ansible plug-ins installation using a Helm chart on OpenShift Container Platform.

2.4.1. Adding the Ansible plug-ins configuration
Copy link

Modify the Red Hat Developer Hub Helm chart to add the Ansible plug-ins. The configuration depends on the plug-in delivery method you chose earlier.

  1. In the OpenShift Developer UI, navigate to Helm developer-hub Actions Upgrade Yaml view.

  2. Update the Helm chart configuration to add the dynamic plug-ins in the Red Hat Developer Hub instance. Under the plugins section in the YAML file, add the dynamic plug-ins that you want to enable. Choose the configuration that matches your delivery method.

    • OCI container delivery (recommended): 

      global:
  dynamic:
    includes:
      - dynamic-plugins.default.yaml
    plugins:
      - disabled: false
        package: 'oci://registry.redhat.io/ansible-automation-platform/automation-portal:21!ansible-plugin-backstage-rhaap'
        pluginConfig:
          dynamicPlugins:
            frontend:
              ansible.plugin-backstage-rhaap:
                appIcons:
                  - importName: AnsibleLogo
                    name: AnsibleLogo
                dynamicRoutes:
                  - importName: AnsiblePage
                    menuItem:
                      icon: AnsibleLogo
                      text: Ansible
                    path: /ansible
      - disabled: false
        package: 'oci://registry.redhat.io/ansible-automation-platform/automation-portal:2.1!ansible-plugin-scaffolder-backend-module-backstage-rhaap'
        pluginConfig:
          dynamicPlugins:
            backend:
              ansible.plugin-scaffolder-backend-module-backstage-rhaap: null

      Replace x.y.z with the Ansible plug-ins version.

      Note

      OCI delivery does not require the integrity hash values. The OCI registry handles integrity verification.

    • HTTP plug-in registry: 

      global:
  dynamic:
    includes:
      - dynamic-plugins.default.yaml
    plugins:
      - disabled: false
        integrity: <SHA512 value>
        package: 'http://plugin-registry:8080/ansible-plugin-backstage-rhaap-dynamic-x.y.z.tgz'
        pluginConfig:
          dynamicPlugins:
            frontend:
              ansible.plugin-backstage-rhaap:
                appIcons:
                  - importName: AnsibleLogo
                    name: AnsibleLogo
                dynamicRoutes:
                  - importName: AnsiblePage
                    menuItem:
                      icon: AnsibleLogo
                      text: Ansible
                    path: /ansible
      - disabled: false
        integrity: <SHA512 value>
        package: >-
          http://plugin-registry:8080/ansible-plugin-scaffolder-backend-module-backstage-rhaap-dynamic-x.y.z.tgz
        pluginConfig:
          dynamicPlugins:
            backend:
              ansible.plugin-scaffolder-backend-module-backstage-rhaap: null

      Replace x.y.z with the correct plug-in version numbers and update the integrity values using the corresponding .integrity file content.

  3. Click Upgrade.

    The Red Hat Developer Hub pods restart and the plug-ins are installed.

Verification

To verify that the plug-ins have been installed, open the install-dynamic-plugin container logs:

  1. Open the Developer perspective for the Red Hat Developer Hub application in the OpenShift Web console.
  2. Select the Topology view.
  3. Select the Red Hat Developer Hub deployment pod to open an information pane.
  4. Select the Resources tab of the information pane.
  5. In the Pods section, click View logs to open the Pod details page.
  6. In the Pod details page, select the Logs tab.

  7. Select install-dynamic-plugins from the drop-down list of containers to view the container log.

    • For OCI delivery, a successful installation displays: 

      => Successfully installed dynamic plugin oci:registry.redhat.io/ansible-automation-platform/ansible-plugin-backstage-rhaap-dynamic:x.y.z

    • For HTTP plug-in registry, a successful installation displays: 

      => Successfully installed dynamic plugin http://plugin-registry:8080/ansible-plugin-backstage-rhaap-dynamic-x.y.z.tgz

You must add a pull secret to the Red Hat Developer Hub Helm configuration to enable the dynamic plug-ins to pull container images from authenticated registries.

Prerequisite

The Ansible Development Container download requires a Red Hat Customer Portal account and Red Hat Service Registry account.

Procedure

  1. Create a new Red Hat Registry Service account, if required.
  2. Click the token name under the Account name column.
  3. Select the OpenShift Secret tab and follow the instructions to add the pull secret to your Red Hat Developer Hub OpenShift project.

  4. Add the new secret to the Red Hat Developer Hub Helm configuration, replacing <your-redhat-registry-pull-secret> with the name of the secret you generated on the Red Hat Registry Service Account website: 

    upstream:
  backstage:
    ...
    image:
      ...
      pullSecrets:
        - <your-redhat-registry-pull-secret>
    ...

You must update the Helm chart configuration to add an extra container.

Procedure

  1. Log in to the OpenShift UI.
  2. Navigate to Helm developer-hub Actions upgrade Yaml view to open the Helm chart.

  3. Update the extraContainers section in the YAML file.

    Add the following code: 

    upstream:
  backstage:
    ...
    extraContainers:
      - command:
          - adt
          - server
        image: >-
          registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8:latest
        imagePullPolicy: IfNotPresent
        name: ansible-devtools-server
        ports:
          - containerPort: 8000
    ...
    Note

    The image pull policy is imagePullPolicy: IfNotPresent. The image is pulled only if it does not already exist on the node. Update it to imagePullPolicy: Always if you always want to use the latest image.

  4. Click Upgrade.

Verification

To verify that the container is running, check the container log:

View container log

2.4.3. Adding a custom ConfigMap
Copy link

Create a Red Hat Developer Hub ConfigMap following the procedure in the Creating and using config maps section of the OpenShift Container Platform Nodes guide. The following examples use a custom ConfigMap named app-config-rhdh.

To edit your custom ConfigMap, log in to the OpenShift UI and navigate to Select Project ( developerHubProj ) ConfigMaps {developer-hub}-app-config EditConfigMaps app-config-rhdh.

2.4.4. Configuring the Ansible Dev Tools Server
Copy link

The creatorService URL is required for the Ansible plug-ins to provision new projects using the provided software templates.

Procedure

  1. Edit your custom Red Hat Developer Hub config map, app-config-rhdh, that you created in Adding a custom ConfigMap.

  2. Add the following code to your Red Hat Developer Hub app-config-rhdh.yaml file. 

    kind: ConfigMap
apiVersion: v1
metadata:
  name: app-config-rhdh
...
data:
  app-config-rhdh.yaml: |-
    ansible:
      creatorService:
        baseUrl: 127.0.0.1
        port: '8000'
...

Connect Red Hat Developer Hub to your automation controller by configuring the Ansible Automation Platform details. This configuration uses a Personal Access Token (PAT) to authenticate the plug-ins, which allows them to interact with your automation environment.

Note

The Ansible plug-ins continue to function regardless of the Ansible Automation Platform subscription status.

Procedure

  1. Create a Personal Access Token (PAT) with “read and write” scope in automation controller, following the Applications section of Access management and authentication.
  2. Edit your custom Red Hat Developer Hub config map, for example app-config-rhdh.

  3. Add your Ansible Automation Platform details to app-config-rhdh.yaml.

    1. Set the baseURL key with your automation controller URL.
    2. Set the token key with the generated token value that you created in Step 1.

    3. Set the checkSSL key to true or false.

      If checkSSL is set to true, the Ansible plug-ins verify whether the SSL certificate is valid. 

      data:
  app-config-rhdh.yaml: |
    ...
    ansible:
    ...
      rhaap:
        baseUrl: '<https://MyControllerUrl>'
        token: '<AAP Personal Access Token>'
        checkSSL: true
      Note

      You are responsible for protecting your Red Hat Developer Hub installation from external and unauthorized access. Manage the backend authentication key like any other secret. Meet strong password requirements, do not expose it in any configuration files, and only inject it into configuration files as an environment variable.

2.4.6. Adding Ansible plug-ins software templates
Copy link

Ansible Automation Platform provides software templates for Red Hat Developer Hub to provision new playbooks and collection projects based on Ansible best practices.

Procedure

  1. Edit your custom Red Hat Developer Hub config map, for example app-config-rhdh.

  2. Add the following code to your Red Hat Developer Hub app-config-rhdh.yaml file. 

    data:
  app-config-rhdh.yaml: |
    catalog:
      ...
      locations:
        ...
        - type: url
          target: https://github.com/ansible/ansible-rhdh-templates/blob/main/all.yaml
          rules:
            - allow: [Template]

2.4.7. Configuring Role Based Access Control
Copy link

Red Hat Developer Hub offers Role-based Access Control (RBAC) functionality. RBAC can then be applied to the Ansible plug-ins content.

Assign the following roles:

  • Members of the admin:superUsers group can select templates in the Create tab of the Ansible plug-ins to create playbook and collection projects.
  • Members of the admin:users group can view templates in the Create tab of the Ansible plug-ins.

The following example adds RBAC to Red Hat Developer Hub. 

data:
  app-config-rhdh.yaml: |
    plugins:
    ...
    permission:
      enabled: true
      rbac:
        admin:
          users:
            - name: user:default/<user-scm-ida>
          superUsers:
            - name: user:default/<user-admin-idb>

For more information about permission policies and managing RBAC, refer to the Authorization in Red Hat Developer Hub guide for Red Hat Developer Hub.

2.5. Optional configuration for Ansible plug-ins
Copy link

Enable Red Hat Developer Hub authentication and configure optional integrations, such as connecting to OpenShift Dev Spaces or specifying a private automation hub URL. While optional, these configurations enhance the user experience and functionality of the plug-ins.

Red Hat Developer Hub (RHDH) provides integrations for multiple Source Control Management (SCM) systems. This is required by the plug-ins to create repositories.

Refer to the Enabling authentication in Red Hat Developer Hub chapter of the Administration guide for Red Hat Developer Hub.

The Ansible plug-ins provide integrations with Ansible Automation Platform and other optional Red Hat products.

Procedure

  • To edit your custom ConfigMap, log in to the OpenShift UI and navigate to Select Project ( developerHubProj ) ConfigMaps {developer-hub}-app-config-rhdh app-config-rhdh.

2.5.2.1. Configuring OpenShift Dev Spaces
Copy link

When OpenShift Dev Spaces is configured for the Ansible plug-ins, users can click a link from the catalog item view in Red Hat Developer Hub and edit their provisioned Ansible Git projects using Dev Spaces.

Note

OpenShift Dev Spaces is a separate product and it is optional. The plug-ins will function without it.

It is a separate Red Hat product and is not included in the Ansible Automation Platform or Red Hat Developer Hub subscription.

If the OpenShift Dev Spaces link is not configured in the Ansible plug-ins, the Go to OpenShift Dev Spaces dashboard link in the DEVELOP section of the Ansible plug-ins landing page redirects users to the Ansible development tools home page.

Prerequisites

  • A Dev Spaces installation. Refer to the Installing Dev Spaces section of the Red Hat OpenShift Dev Spaces Administration guide.

Procedure

  1. Edit your custom Red Hat Developer Hub config map, for example app-config-rhdh.

  2. Add the following code to your Red Hat Developer Hub app-config-rhdh.yaml file. 

    data:
  app-config-rhdh.yaml: |-
    ansible:
      devSpaces:
        baseUrl: >-
          https://<Your OpenShift Dev Spaces URL>
  3. Replace <Your OpenShft Dev Spaces URL> with your OpenShift Dev Spaces URL.
  4. In the OpenShift Developer UI, select the Red Hat Developer Hub pod.
  5. Open Actions.
  6. Click Restart rollout.

Private automation hub provides a centralized, on-premise repository for certified Ansible collections, execution environments and any additional, vetted content provided by your organization.

If the private automation hub URL is not configured in the Ansible plug-ins, users are redirected to the Red Hat Hybrid Cloud Console automation hub.

Note

The private automation hub configuration is optional but recommended. The Ansible plug-ins will function without it.

Prerequisites

Procedure

  1. Edit your custom Red Hat Developer Hub config map, for example app-config-rhdh.

  2. Add the following code to your Red Hat Developer Hub app-config-rhdh.yaml file. 

    data:
  app-config-rhdh.yaml: |-
    ansible:
    ...
      automationHub:
        baseUrl: '<https://MyOwnPAHUrl>'
    ...
  3. Replace <https://MyOwnPAHUrl/> with your private automation hub URL.
  4. In the OpenShift Developer UI, select the Red Hat Developer Hub pod.
  5. Open Actions.
  6. Click Restart rollout.

2.6. Full examples
Copy link

The following examples demonstrate how the required and optional settings for the Ansible Dev Tools Server, Ansible Automation Platform, software templates, and other integrations are correctly formatted within their respective YAML files.

This example details necessary settings like the creatorService URL, optional integrations for Ansible Automation Platform and OpenShift Dev Spaces, and the addition of Ansible software templates to the catalog. 

kind: ConfigMap
...
metadata:
  name: app-config-rhdh
  ...
data:
  app-config-rhdh.yaml: |-
    ansible:
      creatorService:
        baseUrl: 127.0.0.1
        port: '8000'
      # Optional integrations
      rhaap:
        baseUrl: '<https://MyControllerUrl>'
      devSpaces:
        baseUrl: '<https://MyDevSpacesURL>'
      automationHub:
        baseUrl: '<https://MyPrivateAutomationHubURL>'

    ...
    catalog:
      locations:
        - type: url
          target: https://github.com/ansible/ansible-rhdh-templates/blob/main/all.yaml
          rules:
            - allow: [Template]
    ...

This example provides a full YAML configuration for the Helm chart using OCI container delivery. 

global:
  dynamic:
    includes:
      - dynamic-plugins.default.yaml
    plugins:
      - disabled: false
        package: 'oci://registry.redhat.io/ansible-automation-platform/automation-portal:2.1!ansible-plugin-backstage-rhaap'
        pluginConfig:
          dynamicPlugins:
            frontend:
              ansible.plugin-backstage-rhaap:
                appIcons:
                  - importName: AnsibleLogo
                    name: AnsibleLogo
                dynamicRoutes:
                  - importName: AnsiblePage
                    menuItem:
                      icon: AnsibleLogo
                      text: Ansible
                    path: /ansible
      - disabled: false
        package: 'oci://registry.redhat.io/ansible-automation-platform/automation-portal:2.1!ansible-plugin-scaffolder-backend-module-backstage-rhaap'
        pluginConfig:
          dynamicPlugins:
            backend:
              ansible.plugin-scaffolder-backend-module-backstage-rhaap: null

upstream:
  backstage:
    image:
      pullSecrets:
        - <your-redhat-registry-pull-secret>
    extraAppConfig:
      - configMapRef: app-config-rhdh
        filename: app-config-rhdh.yaml
    extraContainers:
      - command:
          - adt
          - server
        image: >-
          registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8:latest
        imagePullPolicy: IfNotPresent
        name: ansible-devtools-server
        ports:
          - containerPort: 8000
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Legal Notice

Theme

© 2026 Red HatBack to top