Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 3. Installing the Ansible plug-ins with the Operator on OpenShift Container Platform

The following procedures describe how to install Ansible plug-ins in Red Hat Developer Hub instances on Red Hat OpenShift Container Platform using the Operator.

3.1. Prerequisites

  • Red Hat Developer Hub installed on Red Hat OpenShift Container Platform.

  • A valid subscription to Red Hat Ansible Automation Platform.
  • An OpenShift Container Platform instance with the appropriate permissions within your project to create an application.
  • The Red Hat Developer Hub instance can query the automation controller API.
  • Optional: To use the integrated learning paths, you must have outbound access to developers.redhat.com.

3.3. Adding a sidecar container for Ansible development tools to the RHDH Operator Custom Resource

Add a sidecar container for Ansible development tools in the Developer Hub pod. To do this, you must modify the base ConfigMap for the Red Hat Developer Hub deployment.

  1. In the OpenShift console, select the Topology view.
  2. Click More actions ⋮ on the developer-hub instance and select Edit backstage to open the Backstage details page.
  3. Select the YAML tab.

  4. In the editing pane, add a containers block in the spec.deployment.patch.spec.template.spec block: 

    apiVersion: rhdh.redhat.com/v1alpha3
kind: Backstage
metadata:
  name: developer-hub
spec:
  deployment:
    patch:
      spec:
        template:
          spec:
            containers:
              - command:
                  - adt
                  - server
                image: registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8:latest
                imagePullPolicy: always
                ports:
                  - containerPort: 8000
                    protocol: TCP
                terminationMessagePolicy: file
  5. Click Save.
Note

If you want to add extra environment variables to your deployment, you can add them in the spec.application.extraEnvs block: 

spec:
  application:
    ...
    extraEnvs:
      envs:
        - name: <env_variable_name>
          value: <env_variable_value>

3.4. Downloading the Ansible plug-ins files

  1. Download the latest .tar file for the plug-ins from the Red Hat Ansible Automation Platform Product Software downloads page. The format of the filename is ansible-backstage-rhaap-bundle-x.y.z.tar.gz. Substitute the Ansible plug-ins release version, for example 1.0.0, for x.y.z.

  2. Create a directory on your local machine to store the .tar files. 

    $ mkdir /path/to/<ansible-backstage-plugins-local-dir-changeme>

  3. Set an environment variable ($DYNAMIC_PLUGIN_ROOT_DIR) to represent the directory path. 

    $ export DYNAMIC_PLUGIN_ROOT_DIR=/path/to/<ansible-backstage-plugins-local-dir-changeme>

  4. Extract the ansible-backstage-rhaap-bundle-<version-number>.tar.gz contents to $DYNAMIC_PLUGIN_ROOT_DIR. 

    $ tar --exclude='*code*' -xzf ansible-backstage-rhaap-bundle-x.y.z.tar.gz -C $DYNAMIC_PLUGIN_ROOT_DIR

    Substitute the Ansible plug-ins release version, for example 1.0.0, for x.y.z.

Verification

Run ls to verify that the extracted files are in the $DYNAMIC_PLUGIN_ROOT_DIR directory: 

$ ls $DYNAMIC_PLUGIN_ROOT_DIR
ansible-plugin-backstage-rhaap-dynamic-x.y.z.tgz
ansible-plugin-backstage-rhaap-dynamic-x.y.z.tgz.integrity
ansible-plugin-backstage-rhaap-backend-dynamic-x.y.z.tgz
ansible-plugin-backstage-rhaap-backend-dynamic-x.y.z.tgz.integrity
ansible-plugin-scaffolder-backend-module-backstage-rhaap-dynamic-x.y.z.tgz
ansible-plugin-scaffolder-backend-module-backstage-rhaap-dynamic-x.y.z.tgz.integrity

The files with the .integrity file type contain the plugin SHA value. The SHA value is used during the plug-in configuration.

3.5. Creating a registry for the Ansible plug-ins

Set up a registry in your OpenShift cluster to host the Ansible plug-ins and make them available for installation in Red Hat Developer Hub (RHDH).

Procedure

  1. Log in to your OpenShift Container Platform instance with credentials to create a new application.

  2. Open your Red Hat Developer Hub OpenShift project. 

    $ oc project <YOUR_DEVELOPER_HUB_PROJECT>

  3. Run the following commands to create a plug-in registry build in the OpenShift cluster. 

    $ oc new-build httpd --name=plugin-registry --binary
$ oc start-build plugin-registry --from-dir=$DYNAMIC_PLUGIN_ROOT_DIR --wait
$ oc new-app --image-stream=plugin-registry

Verification

To verify that the plugin-registry was deployed successfully, open the Topology view in the Developer perspective on the Red Hat Developer Hub application in the OpenShift Web console.

  1. Click the plug-in registry to view the log.

    Developer perspective

    (1) Developer hub instance

    (2) Plug-in registry

  2. Click the terminal tab and login to the container.

  3. In the terminal, run ls to confirm that the .tar files are in the plugin registry. 

    ansible-plugin-backstage-rhaap-dynamic-x.y.z.tgz
ansible-plugin-backstage-rhaap-backend-dynamic-x.y.z.tgz
ansible-plugin-scaffolder-backend-module-backstage-rhaap-dynamic-x.y.z.tgz

    The version numbers and file names can differ.

3.6. Installing the dynamic plug-ins

To install the dynamic plugins, add them to your ConfigMap for your RHDH plugin settings (for example, rhaap-dynamic-plugins-config).

If you have not already created a ConfigMap file for your RHDH plugin settings, create one by following the procedure in the Creating and using config maps section of the OpenShift Container Platform Nodes guide.

The example ConfigMap used in the following procedure is called rhaap-dynamic-plugins-config.

Procedure

  1. Select ConfigMaps in the navigation pane of the OpenShift console.
  2. Select the rhaap-dynamic-plugins-config ConfigMap from the list.
  3. Select the YAML tab to edit the rhaap-dynamic-plugins-config ConfigMap.

  4. In the data.dynamic-plugins.yaml.plugins block, add the three dynamic plug-ins from the plug-in registry.

    • For the integrity hash values, use the .integrity files in your $DYNAMIC_PLUGIN_ROOT_DIR directory that correspond to each plug-in, for example use ansible-plugin-backstage-rhaap-dynamic-x.y.z.tgz.integrity for the ansible-plugin-backstage-rhaap-dynamic-x.y.z.tgz plug-in.

    • Replace x.y.z with the correct version of the plug-ins. 

      kind: ConfigMap
apiVersion: v1
metadata:
 name: rhaap-dynamic-plugins-config
data:
 dynamic-plugins.yaml: |
   ...
   plugins:
     - disabled: false
       package: 'http://plugin-registry:8080/ansible-plugin-backstage-rhaap-dynamic-x.y.z.tgz'
       integrity: <SHA512 value> # Use hash in ansible-plugin-backstage-rhaap-dynamic-x.y.z.tgz.integrity
       pluginConfig:
         dynamicPlugins:
           frontend:
             ansible.plugin-backstage-rhaap:
               appIcons:
                 - importName: AnsibleLogo
                   name: AnsibleLogo
               dynamicRoutes:
                 - importName: AnsiblePage
                   menuItem:
                     icon: AnsibleLogo
                     text: Ansible
                   path: /ansible
     - disabled: false
       package: >-
         http://plugin-registry:8080/ansible-plugin-backstage-rhaap-backend-dynamic-x.y.z.tgz
       integrity: <SHA512 value> # Use hash in ansible-plugin-backstage-rhaap-backend-dynamic-x.y.z.tgz.integrity
       pluginConfig:
         dynamicPlugins:
           backend:
             ansible.plugin-backstage-rhaap-backend: null
     - disabled: false
       package: >-
         http://plugin-registry:8080/ansible-plugin-scaffolder-backend-module-backstage-rhaap-dynamic-x.y.z.tgz
       integrity: <SHA512 value> # Use hash in ansible-plugin-scaffolder-backend-module-backstage-rhaap-dynamic-x.y.z.tgz.integrity
       pluginConfig:
         dynamicPlugins:
           backend:
             ansible.plugin-scaffolder-backend-module-backstage-rhaap: null
     - ...<REDACTED>
  5. Click Save.

  6. To view the progress of the rolling restart:

    1. In the Topology view, select the deployment pod and click View logs.
    2. Select install-dynamic-plugins from the list of containers.

Verification

  1. In the OpenShift console, select the Topology view.
  2. Click the Open URL icon on the deployment pod to open your Red Hat Developer Hub instance in a browser window.

The Ansible plug-in is present in the navigation pane, and if you select Administration, the installed plug-ins are listed in the Plugins tab.

3.7. Adding a custom ConfigMap

Create a Red Hat Developer Hub ConfigMap following the procedure in the Creating and using config maps section of the OpenShift Container Platform Nodes guide. The following examples use a custom ConfigMap named app-config-rhdh.

To edit your custom ConfigMap, log in to the OpenShift UI and navigate to Select Project ( developerHubProj ) ConfigMaps {developer-hub}-app-config EditConfigMaps app-config-rhdh.

3.8. Configuring the Ansible Dev Tools Server

The creatorService URL is required for the Ansible plug-ins to provision new projects using the provided software templates.

Procedure

  1. Edit your custom Red Hat Developer Hub config map, app-config-rhdh, that you created in Adding a custom ConfigMap.

  2. Add the following code to your Red Hat Developer Hub app-config-rhdh.yaml file. 

    kind: ConfigMap
apiVersion: v1
metadata:
  name: app-config-rhdh
...
data:
  app-config-rhdh.yaml: |-
    ansible:
      creatorService:
        baseUrl: 127.0.0.1
        port: '8000'
...

3.9. Configuring Ansible Automation Platform details

The Ansible plug-ins query your Ansible Automation Platform subscription status with the controller API using a token.

Note

The Ansible plug-ins continue to function regardless of the Ansible Automation Platform subscription status.

Procedure

  1. Create a Personal Access Token (PAT) with “Read” scope in automation controller, following the Applications section of Access management and authentication.
  2. Edit your custom Red Hat Developer Hub config map, for example app-config-rhdh.

  3. Add your Ansible Automation Platform details to app-config-rhdh.yaml.

    1. Set the baseURL key with your automation controller URL.
    2. Set the token key with the generated token value that you created in Step 1.

    3. Set the checkSSL key to true or false.

      If checkSSL is set to true, the Ansible plug-ins verify whether the SSL certificate is valid. 

      data:
  app-config-rhdh.yaml: |
    ...
    ansible:
    ...
      rhaap:
        baseUrl: '<https://MyControllerUrl>'
        token: '<AAP Personal Access Token>'
        checkSSL: true
Note

You are responsible for protecting your Red Hat Developer Hub installation from external and unauthorized access. Manage the backend authentication key like any other secret. Meet strong password requirements, do not expose it in any configuration files, and only inject it into configuration files as an environment variable.

3.10. Adding Ansible plug-ins software templates

Red Hat Ansible provides software templates for Red Hat Developer Hub to provision new playbooks and collection projects based on Ansible best practices.

Procedure

  1. Edit your custom Red Hat Developer Hub config map, for example app-config-rhdh.
  2. Add the following code to your Red Hat Developer Hub app-config-rhdh.yaml file. 
data:
  app-config-rhdh.yaml: |
    catalog:
      ...
      locations:
        ...
        - type: url
          target: https://github.com/ansible/ansible-rhdh-templates/blob/main/all.yaml
          rules:
            - allow: [Template]

For more information, refer to the Managing templates section of the Administration guide for Red Hat Developer Hub.

3.11. Configuring Role Based Access Control

Red Hat Developer Hub offers Role-based Access Control (RBAC) functionality. RBAC can then be applied to the Ansible plug-ins content.

Assign the following roles:

  • Members of the admin:superUsers group can select templates in the Create tab of the Ansible plug-ins to create playbook and collection projects.
  • Members of the admin:users group can view templates in the Create tab of the Ansible plug-ins.

The following example adds RBAC to Red Hat Developer Hub. 

data:
  app-config-rhdh.yaml: |
    plugins:
    ...
    permission:
      enabled: true
      rbac:
        admin:
          users:
            - name: user:default/<user-scm-ida>
          superUsers:
            - name: user:default/<user-admin-idb>

For more information about permission policies and managing RBAC, refer to the Authorization guide for Red Hat Developer Hub.

3.12. Optional configuration for Ansible plug-ins

3.12.1. Enabling Red Hat Developer Hub authentication

Red Hat Developer Hub (RHDH) provides integrations for multiple Source Control Management (SCM) systems. This is required by the plug-ins to create repositories.

Refer to the Enabling authentication in Red Hat Developer Hub chapter of the Administration guide for Red Hat Developer Hub.

3.12.2. Configuring Ansible plug-ins optional integrations

The Ansible plug-ins provide integrations with Ansible Automation Platform and other optional Red Hat products.

To edit your custom ConfigMap, log in to the OpenShift UI and navigate to Select Project ( developerHubProj ) ConfigMaps {developer-hub}-app-config-rhdh app-config-rhdh.

3.12.2.1. Configuring OpenShift Dev Spaces

When OpenShift Dev Spaces is configured for the Ansible plug-ins, users can click a link from the catalog item view in Red Hat Developer Hub and edit their provisioned Ansible Git projects using Dev Spaces.

Note

OpenShift Dev Spaces is a separate product and it is optional. The plug-ins will function without it.

It is a separate Red Hat product and is not included in the Ansible Automation Platform or Red Hat Developer Hub subscription.

If the OpenShift Dev Spaces link is not configured in the Ansible plug-ins, the Go to OpenShift Dev Spaces dashboard link in the DEVELOP section of the Ansible plug-ins landing page redirects users to the Ansible development tools home page.

Prerequisites

  • A Dev Spaces installation. Refer to the Installing Dev Spaces section of the Red Hat OpenShift Dev Spaces Administration guide.

Procedure

  1. Edit your custom Red Hat Developer Hub config map, for example app-config-rhdh.

  2. Add the following code to your Red Hat Developer Hub app-config-rhdh.yaml file. 

    data:
  app-config-rhdh.yaml: |-
    ansible:
      devSpaces:
        baseUrl: >-
          https://<Your OpenShift Dev Spaces URL>
  3. Replace <Your OpenShft Dev Spaces URL> with your OpenShift Dev Spaces URL.
  4. In the OpenShift Developer UI, select the Red Hat Developer Hub pod.
  5. Open Actions.
  6. Click Restart rollout.

3.12.2.2. Configuring the private automation hub URL

Private automation hub provides a centralized, on-premise repository for certified Ansible collections, execution environments and any additional, vetted content provided by your organization.

If the private automation hub URL is not configured in the Ansible plug-ins, users are redirected to the Red Hat Hybrid Cloud Console automation hub.

Note

The private automation hub configuration is optional but recommended. The Ansible plug-ins will function without it.

Prerequisites:

Procedure:

  1. Edit your custom Red Hat Developer Hub config map, for example app-config-rhdh.

  2. Add the following code to your Red Hat Developer Hub app-config-rhdh.yaml file. 

    data:
  app-config-rhdh.yaml: |-
    ansible:
    ...
      automationHub:
        baseUrl: '<https://MyOwnPAHUrl>'
    ...
  3. Replace <https://MyOwnPAHUrl/> with your private automation hub URL.
  4. In the OpenShift Developer UI, select the Red Hat Developer Hub pod.
  5. Open Actions.
  6. Click Restart rollout.

3.13. Full app-config-rhdh ConfigMap example for Ansible plug-ins entries

kind: ConfigMap
...
metadata:
  name: app-config-rhdh
  ...
data:
  app-config-rhdh.yaml: |-
    ansible:
      creatorService:
        baseUrl: 127.0.0.1
        port: '8000'
      rhaap:
        baseUrl: '<https://MyControllerUrl>'
        token: '<AAP Personal Access Token>'
        checkSSL: <true or false>
        showCaseLocation:
          type: file
          target: '/tmp/aap-showcases/'
      # Optional integrations
      devSpaces:
        baseUrl: '<https://MyDevSpacesURL>'
      automationHub:
        baseUrl: '<https://MyPrivateAutomationHubURL>'

    ...
    catalog:
      locations:
        - type: url
          target: https://github.com/ansible/ansible-rhdh-templates/blob/main/all.yaml
          rules:
            - allow: [Template]
    ...
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.