Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 2. Installing the Ansible plug-ins with a Helm chart on OpenShift Container Platform

The following procedures describe how to install Ansible plug-ins in Red Hat Developer Hub instances on Red Hat OpenShift Container Platform using a Helm chart.

The workflow is as follows:

  1. Download the Ansible plug-ins files.
  2. Create a plug-in registry in your OpenShift cluster to host the Ansible plug-ins.
  3. Add the plug-ins to the Helm chart.
  4. Create a custom ConfigMap.
  5. Add your custom ConfigMap to your Helm chart.

  6. Edit your custom ConfigMap and Helm chart according to the required and optional configuration procedures.

    Note

    You can save changes to your Helm and ConfigMap after each update to your configuration. You do not have to make all the changes to these files in a single session.

2.1. Prerequisites

  • Red Hat Developer Hub installed on Red Hat OpenShift Container Platform.

  • A valid subscription to Red Hat Ansible Automation Platform.
  • An OpenShift Container Platform instance with the appropriate permissions within your project to create an application.
  • The Red Hat Developer Hub instance can query the automation controller API.
  • Optional: To use the integrated learning paths, you must have outbound access to developers.redhat.com.

2.3. Downloading the Ansible plug-ins files

  1. Download the latest .tar file for the plug-ins from the Red Hat Ansible Automation Platform Product Software downloads page. The format of the filename is ansible-backstage-rhaap-bundle-x.y.z.tar.gz. Substitute the Ansible plug-ins release version, for example 1.0.0, for x.y.z.

  2. Create a directory on your local machine to store the .tar files. 

    $ mkdir /path/to/<ansible-backstage-plugins-local-dir-changeme>

  3. Set an environment variable ($DYNAMIC_PLUGIN_ROOT_DIR) to represent the directory path. 

    $ export DYNAMIC_PLUGIN_ROOT_DIR=/path/to/<ansible-backstage-plugins-local-dir-changeme>

  4. Extract the ansible-backstage-rhaap-bundle-<version-number>.tar.gz contents to $DYNAMIC_PLUGIN_ROOT_DIR. 

    $ tar --exclude='*code*' -xzf ansible-backstage-rhaap-bundle-x.y.z.tar.gz -C $DYNAMIC_PLUGIN_ROOT_DIR

    Substitute the Ansible plug-ins release version, for example 1.0.0, for x.y.z.

Verification

Run ls to verify that the extracted files are in the $DYNAMIC_PLUGIN_ROOT_DIR directory: 

$ ls $DYNAMIC_PLUGIN_ROOT_DIR
ansible-plugin-backstage-rhaap-dynamic-x.y.z.tgz
ansible-plugin-backstage-rhaap-dynamic-x.y.z.tgz.integrity
ansible-plugin-backstage-rhaap-backend-dynamic-x.y.z.tgz
ansible-plugin-backstage-rhaap-backend-dynamic-x.y.z.tgz.integrity
ansible-plugin-scaffolder-backend-module-backstage-rhaap-dynamic-x.y.z.tgz
ansible-plugin-scaffolder-backend-module-backstage-rhaap-dynamic-x.y.z.tgz.integrity

The files with the .integrity file type contain the plugin SHA value. The SHA value is used during the plug-in configuration.

2.4. Creating a registry for the Ansible plug-ins

Set up a registry in your OpenShift cluster to host the Ansible plug-ins and make them available for installation in Red Hat Developer Hub (RHDH).

Procedure

  1. Log in to your OpenShift Container Platform instance with credentials to create a new application.

  2. Open your Red Hat Developer Hub OpenShift project. 

    $ oc project <YOUR_DEVELOPER_HUB_PROJECT>

  3. Run the following commands to create a plug-in registry build in the OpenShift cluster. 

    $ oc new-build httpd --name=plugin-registry --binary
$ oc start-build plugin-registry --from-dir=$DYNAMIC_PLUGIN_ROOT_DIR --wait
$ oc new-app --image-stream=plugin-registry

Verification

To verify that the plugin-registry was deployed successfully, open the Topology view in the Developer perspective on the Red Hat Developer Hub application in the OpenShift Web console.

  1. Click the plug-in registry to view the log.

    Developer perspective

    (1) Developer hub instance

    (2) Plug-in registry

  2. Click the terminal tab and login to the container.

  3. In the terminal, run ls to confirm that the .tar files are in the plugin registry. 

    ansible-plugin-backstage-rhaap-dynamic-x.y.z.tgz
ansible-plugin-backstage-rhaap-backend-dynamic-x.y.z.tgz
ansible-plugin-scaffolder-backend-module-backstage-rhaap-dynamic-x.y.z.tgz

    The version numbers and file names can differ.

2.5. Required configuration

2.5.1. Adding the Ansible plug-ins configuration

  1. In the OpenShift Developer UI, navigate to Helm developer-hub Actions Upgrade Yaml view.

  2. Update the Helm chart configuration to add the dynamic plug-ins in the Red Hat Developer Hub instance. Under the plugins section in the YAML file, add the dynamic plug-ins that you want to enable. 

    global:
  ...
    plugins:
      - disabled: false
        integrity: <SHA512 Integrity key for ansible-plugin-backstage-rhaap-dynamic plugin>
        package: 'http://plugin-registry:8080/ansible-plugin-backstage-rhaap-dynamic-x.y.z.tgz'
        pluginConfig:
          dynamicPlugins:
            frontend:
              ansible.plugin-backstage-rhaap:
                appIcons:
                  - importName: AnsibleLogo
                    name: AnsibleLogo
                dynamicRoutes:
                  - importName: AnsiblePage
                    menuItem:
                      icon: AnsibleLogo
                      text: Ansible
                    path: /ansible
      - disabled: false
        integrity: <SHA512 Integrity key for ansible-plugin-scaffolder-backend-module-backstage-rhaap-dynamic plugin>
        package: >-
          http://plugin-registry:8080/ansible-plugin-scaffolder-backend-module-backstage-rhaap-dynamic-x.y.z.tgz
        pluginConfig:
          dynamicPlugins:
            backend:
              ansible.plugin-scaffolder-backend-module-backstage-rhaap: null
      - disabled: false
        integrity: <SHA512 Integrity key for ansible-plugin-backstage-rhaap-backend-dynamic plugin>
        package: >-
          http://plugin-registry:8080/ansible-plugin-backstage-rhaap-backend-dynamic-x.y.z.tgz
        pluginConfig:
          dynamicPlugins:
            backend:
              ansible.plugin-backstage-rhaap-backend: null
  3. In the package sections, replace x.y.z in the plug-in filenames with the correct version numbers for the Ansible plug-ins.
  4. For each Ansible plug-in, update the integrity values using the corresponding .integrity file content.

  5. Click Upgrade.

    The developer hub pods restart and the plug-ins are installed.

Verification

To verify that the plug-ins have been installed, open the install-dynamic-plugin container logs and check that the Ansible plug-ins are visible in Red Hat Developer Hub:

  1. Open the Developer perspective for the Red Hat Developer Hub application in the OpenShift Web console.
  2. Select the Topology view.
  3. Select the Red Hat Developer Hub deployment pod to open an information pane.
  4. Select the Resources tab of the information pane.
  5. In the Pods section, click View logs to open the Pod details page.
  6. In the Pod details page, select the Logs tab.
  7. Select install-dynamic-plugins from the drop-down list of containers to view the container log.

  8. In the install-dynamic-plugin container logs, search for the Ansible plug-ins.

    The following example from the log indicates a successful installation for one of the plug-ins: 

    => Successfully installed dynamic plugin http://plugin-registry-1:8080/ansible-plugin-backstage-rhaap-dynamic-1.1.0.tgz

    The following image shows the container log in the Pod details page. The version numbers and file names can differ.

    container logs for install-dynamic-plugin

2.5.2. Adding the Ansible Development Tools sidecar container

After the plug-ins are loaded, add the Ansible Development Container (ansible-devtools-server) in the Red Hat Developer Hub pod as a sidecar container.

2.5.2.1. Adding a pull secret to the Red Hat Developer Hub Helm configuration

Prerequisite

The Ansible Development Container download requires a Red Hat Customer Portal account and Red Hat Service Registry account.

Procedure

  1. Create a new Red Hat Registry Service account, if required.
  2. Click the token name under the Account name column.
  3. Select the OpenShift Secret tab and follow the instructions to add the pull secret to your Red Hat Developer Hub OpenShift project.

  4. Add the new secret to the Red Hat Developer Hub Helm configuration, replacing <your-redhat-registry-pull-secret> with the name of the secret you generated on the Red Hat Registry Service Account website: 

    upstream:
  backstage:
    ...
    image:
      ...
      pullSecrets:
        - <your-redhat-registry-pull-secret>
    ...

For more information, refer to the Red Hat Container Registry documentation.

2.5.2.2. Adding the Ansible Developer Tools container

You must update the Helm chart configuration to add an extra container.

Procedure

  1. Log in to the OpenShift UI.
  2. Navigate to Helm developer-hub Actions upgrade Yaml view to open the Helm chart.

  3. Update the extraContainers section in the YAML file.

    Add the following code: 

    upstream:
  backstage:
    ...
    extraContainers:
      - command:
          - adt
          - server
        image: >-
          registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8:latest
        imagePullPolicy: IfNotPresent
        name: ansible-devtools-server
        ports:
          - containerPort: 8000
    ...
    Note

    The image pull policy is imagePullPolicy: IfNotPresent. The image is pulled only if it does not already exist on the node. Update it to imagePullPolicy: Always if you always want to use the latest image.

  4. Click Upgrade.

Verification

To verify that the container is running, check the container log:

View container log

2.5.3. Adding a custom ConfigMap

Create a Red Hat Developer Hub ConfigMap following the procedure in the Creating and using config maps section of the OpenShift Container Platform Nodes guide. The following examples use a custom ConfigMap named app-config-rhdh.

To edit your custom ConfigMap, log in to the OpenShift UI and navigate to Select Project ( developerHubProj ) ConfigMaps {developer-hub}-app-config EditConfigMaps app-config-rhdh.

2.5.4. Configuring the Ansible Dev Tools Server

The creatorService URL is required for the Ansible plug-ins to provision new projects using the provided software templates.

Procedure

  1. Edit your custom Red Hat Developer Hub config map, app-config-rhdh, that you created in Adding a custom ConfigMap.

  2. Add the following code to your Red Hat Developer Hub app-config-rhdh.yaml file. 

    kind: ConfigMap
apiVersion: v1
metadata:
  name: app-config-rhdh
...
data:
  app-config-rhdh.yaml: |-
    ansible:
      creatorService:
        baseUrl: 127.0.0.1
        port: '8000'
...

2.5.5. Configuring Ansible Automation Platform details

The Ansible plug-ins query your Ansible Automation Platform subscription status with the controller API using a token.

Note

The Ansible plug-ins continue to function regardless of the Ansible Automation Platform subscription status.

Procedure

  1. Create a Personal Access Token (PAT) with “Read” scope in automation controller, following the Applications section of Access management and authentication.
  2. Edit your custom Red Hat Developer Hub config map, for example app-config-rhdh.

  3. Add your Ansible Automation Platform details to app-config-rhdh.yaml.

    1. Set the baseURL key with your automation controller URL.
    2. Set the token key with the generated token value that you created in Step 1.

    3. Set the checkSSL key to true or false.

      If checkSSL is set to true, the Ansible plug-ins verify whether the SSL certificate is valid. 

      data:
  app-config-rhdh.yaml: |
    ...
    ansible:
    ...
      rhaap:
        baseUrl: '<https://MyControllerUrl>'
        token: '<AAP Personal Access Token>'
        checkSSL: true
Note

You are responsible for protecting your Red Hat Developer Hub installation from external and unauthorized access. Manage the backend authentication key like any other secret. Meet strong password requirements, do not expose it in any configuration files, and only inject it into configuration files as an environment variable.

2.5.6. Configuring showCaseLocation

You must configure showCaseLocation in your custom config map.

Procedure

  1. Edit your custom Red Hat Developer Hub config map, app-config-rhdh, that you created in Adding a custom ConfigMap.

  2. Add the following code to your Red Hat Developer Hub app-config-rhdh.yaml file. 

    kind: ConfigMap
apiVersion: v1
metadata:
  name: app-config-rhdh
...
data:
  app-config-rhdh.yaml: |-
    ansible:
      rhaap:
      ...
        showCaseLocation:
          type: file
          target: '/tmp/aap-showcases/'
...

2.5.7. Adding Ansible plug-ins software templates

Red Hat Ansible provides software templates for Red Hat Developer Hub to provision new playbooks and collection projects based on Ansible best practices.

Procedure

  1. Edit your custom Red Hat Developer Hub config map, for example app-config-rhdh.
  2. Add the following code to your Red Hat Developer Hub app-config-rhdh.yaml file. 
data:
  app-config-rhdh.yaml: |
    catalog:
      ...
      locations:
        ...
        - type: url
          target: https://github.com/ansible/ansible-rhdh-templates/blob/main/all.yaml
          rules:
            - allow: [Template]

For more information, refer to the Managing templates section of the Administration guide for Red Hat Developer Hub.

2.5.8. Configuring Role Based Access Control

Red Hat Developer Hub offers Role-based Access Control (RBAC) functionality. RBAC can then be applied to the Ansible plug-ins content.

Assign the following roles:

  • Members of the admin:superUsers group can select templates in the Create tab of the Ansible plug-ins to create playbook and collection projects.
  • Members of the admin:users group can view templates in the Create tab of the Ansible plug-ins.

The following example adds RBAC to Red Hat Developer Hub. 

data:
  app-config-rhdh.yaml: |
    plugins:
    ...
    permission:
      enabled: true
      rbac:
        admin:
          users:
            - name: user:default/<user-scm-ida>
          superUsers:
            - name: user:default/<user-admin-idb>

For more information about permission policies and managing RBAC, refer to the Authorization guide for Red Hat Developer Hub.

2.6. Optional configuration for Ansible plug-ins

2.6.1. Enabling Red Hat Developer Hub authentication

Red Hat Developer Hub (RHDH) provides integrations for multiple Source Control Management (SCM) systems. This is required by the plug-ins to create repositories.

Refer to the Enabling authentication in Red Hat Developer Hub chapter of the Administration guide for Red Hat Developer Hub.

2.6.2. Configuring Ansible plug-ins optional integrations

The Ansible plug-ins provide integrations with Ansible Automation Platform and other optional Red Hat products.

To edit your custom ConfigMap, log in to the OpenShift UI and navigate to Select Project ( developerHubProj ) ConfigMaps {developer-hub}-app-config-rhdh app-config-rhdh.

2.6.2.1. Configuring OpenShift Dev Spaces

When OpenShift Dev Spaces is configured for the Ansible plug-ins, users can click a link from the catalog item view in Red Hat Developer Hub and edit their provisioned Ansible Git projects using Dev Spaces.

Note

OpenShift Dev Spaces is a separate product and it is optional. The plug-ins will function without it.

It is a separate Red Hat product and is not included in the Ansible Automation Platform or Red Hat Developer Hub subscription.

If the OpenShift Dev Spaces link is not configured in the Ansible plug-ins, the Go to OpenShift Dev Spaces dashboard link in the DEVELOP section of the Ansible plug-ins landing page redirects users to the Ansible development tools home page.

Prerequisites

  • A Dev Spaces installation. Refer to the Installing Dev Spaces section of the Red Hat OpenShift Dev Spaces Administration guide.

Procedure

  1. Edit your custom Red Hat Developer Hub config map, for example app-config-rhdh.

  2. Add the following code to your Red Hat Developer Hub app-config-rhdh.yaml file. 

    data:
  app-config-rhdh.yaml: |-
    ansible:
      devSpaces:
        baseUrl: >-
          https://<Your OpenShift Dev Spaces URL>
  3. Replace <Your OpenShft Dev Spaces URL> with your OpenShift Dev Spaces URL.
  4. In the OpenShift Developer UI, select the Red Hat Developer Hub pod.
  5. Open Actions.
  6. Click Restart rollout.

2.6.2.2. Configuring the private automation hub URL

Private automation hub provides a centralized, on-premise repository for certified Ansible collections, execution environments and any additional, vetted content provided by your organization.

If the private automation hub URL is not configured in the Ansible plug-ins, users are redirected to the Red Hat Hybrid Cloud Console automation hub.

Note

The private automation hub configuration is optional but recommended. The Ansible plug-ins will function without it.

Prerequisites:

Procedure:

  1. Edit your custom Red Hat Developer Hub config map, for example app-config-rhdh.

  2. Add the following code to your Red Hat Developer Hub app-config-rhdh.yaml file. 

    data:
  app-config-rhdh.yaml: |-
    ansible:
    ...
      automationHub:
        baseUrl: '<https://MyOwnPAHUrl>'
    ...
  3. Replace <https://MyOwnPAHUrl/> with your private automation hub URL.
  4. In the OpenShift Developer UI, select the Red Hat Developer Hub pod.
  5. Open Actions.
  6. Click Restart rollout.

2.7. Full examples

2.7.1. Full app-config-rhdh ConfigMap example for Ansible plug-ins entries

kind: ConfigMap
...
metadata:
  name: app-config-rhdh
  ...
data:
  app-config-rhdh.yaml: |-
    ansible:
      creatorService:
        baseUrl: 127.0.0.1
        port: '8000'
      rhaap:
        baseUrl: '<https://MyControllerUrl>'
        token: '<AAP Personal Access Token>'
        checkSSL: <true or false>
        showCaseLocation:
          type: file
          target: '/tmp/aap-showcases/'
      # Optional integrations
      devSpaces:
        baseUrl: '<https://MyDevSpacesURL>'
      automationHub:
        baseUrl: '<https://MyPrivateAutomationHubURL>'

    ...
    catalog:
      locations:
        - type: url
          target: https://github.com/ansible/ansible-rhdh-templates/blob/main/all.yaml
          rules:
            - allow: [Template]
    ...

2.7.2. Full Helm chart config example for Ansible plug-ins

global:
  ...
  dynamic:
    ...
    plugins:
      - disabled: false
        integrity: <SHA512 Integrity key for ansible-plugin-backstage-rhaap plugin>
        package: 'http://plugin-registry:8080/ansible-plugin-backstage-rhaap-dynamic-x.y.z.tgz'
        pluginConfig:
          dynamicPlugins:
            frontend:
              ansible.plugin-backstage-rhaap:
                appIcons:
                  - importName: AnsibleLogo
                    name: AnsibleLogo
                dynamicRoutes:
                  - importName: AnsiblePage
                    menuItem:
                      icon: AnsibleLogo
                      text: Ansible
                    path: /ansible
      - disabled: false
        integrity: <SHA512 Integrity key for ansible-plugin-scaffolder-backend-module-backstage-rhaap plugin>
        package: >-
          http://plugin-registry:8080/ansible-plugin-scaffolder-backend-module-backstage-rhaap-dynamic-x.y.z.tgz
        pluginConfig:
          dynamicPlugins:
            backend:
              ansible.plugin-scaffolder-backend-module-backstage-rhaap: null
      - disabled: false
        integrity: <SHA512 Integrity key for ansible-plugin-backstage-rhaap-backend plugin>
        package: >-
          http://plugin-registry:8080/ansible-plugin-backstage-rhaap-backend-dynamic-x.y.z.tgz
        pluginConfig:
          dynamicPlugins:
            backend:
              ansible.plugin-backstage-rhaap-backend: null
...
upstream:
  backstage:
    ...
    extraAppConfig:
      - configMapRef: app-config-rhdh
        filename: app-config-rhdh.yaml
    extraContainers:
      - command:
          - adt
          - server
        image: >-
          registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8:latest
        imagePullPolicy: IfNotPresent
        name: ansible-devtools-server
        ports:
          - containerPort: 8000
...
Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat, Inc.