Appendix A. Inventory file variables


The following tables contain information about the variables used in Ansible Automation Platform’s installation inventory files. The tables include the variables that you can use for RPM-based installation and container-based installation.

A.1. General variables

RPM variable nameContainer variable nameDescription
 

bundle_dir

The path to the bundle directory.

Default = false

 

bundle_install

Use offline installation. Set to true to enable offline installation.

Default = false

 

ca_tls_cert

Define a Certification Authority certificate here along with a matching key in ca_tls_key when you want the installer to create leaf certificates for each product for you.

 

ca_tls_key

Define the key for a Certification Authority certificate here for the matching certificate in ca_tls_cert when you want the installer to create leaf certificates for each product for you.

 

ca_tls_remote

TLS CA remote files.

Default = false

 

container_compress

Container compression software.

Default = gzip

 

container_keep_images

Keep container images.

Default = false

 

container_pull_images

Pull newer container images.

Default = true

 

custom_ca_cert

Define a custom Certification Authority certificate here when you have the leaf certificates created for each product and need the certificate trust to be established.

enable_insights_collection

 

The default install registers the node to the Red Hat Insights for Red Hat Ansible Automation Platform for the Red Hat Ansible Automation Platform Service if the node is registered with Subscription Manager.

Set to False to disable.

Default = true

nginx_tls_protocols

 

Defines support for ssl_protocols in NGINX.

Values available TLSv1, TLSv1.1, TLSv1.2, TLSv1.3.

The TLSv1.1 and TLSv1.2 parameters only work when OpenSSL 1.0.1 or higher is used.

The TLSv1.3 parameter only works when OpenSSL 1.1.1 or higher is used.

If nginx_tls-protocols = ['TLSv1.3'] only TLSv1.3 is enabled. To set more than one protocol use nginx_tls_protocols = ['TLSv1.2', 'TLSv.1.3'].

Default = TLSv1.2

nginx_user_http_config

 

List of NGINX configurations for /etc/nginx/nginx.conf under the http section.

Each element in the list is provided into http nginx config as a separate line.

Default = empty list

 

registry_auth

Use registry authentication.

Default = true

 

registry_ns_aap

Ansible Automation Platform registry namespace.

Default = ansible-automation-platform-25

 

registry_ns_rhel

RHEL registry namespace.

Default = rhel8

redis_mode

 

Redis can be colocated with platform gateway, automation hub, and Event-Driven Ansible controller nodes.

Default = cluster

registry_password

registry_password

This variable is only required if a non-bundle installer is used.

Password credential for access to registry_url.

Enter your Red Hat Registry Service Account credentials in registry_username and registry_password to link to the Red Hat container registry.

When registry_url is registry.redhat.io, username and password are required if not using a bundle installer.

For more information, see Setting registry_username and registry_password.

 

registry_tls_verify

Verify registry TLS.

Default = true

registry_url

registry_url

URL for the registry source.

Default = registry.redhat.io

registry_username

registry_username

This variable is only required if a non-bundle installer is used.

User credential for access to registry_url.

Enter your Red Hat Registry Service Account credentials in registry_username and registry_password to link to the Red Hat container registry.

For more information, see Setting registry_username and registry_password.

routable_hostname

routable_hostname

This variable is used if the machine running the installer can only route to the target host through a specific URL. For example, if you use short names in your inventory, but the node running the installer can only resolve that host by using a FQDN.

If routable_hostname is not set, it should default to ansible_host. If you do not set ansible_host, inventory_hostname is used as a last resort.

This variable is used as a host variable for particular hosts and not under the [all:vars] section.

For further information, see Assigning a variable to one machine: host variables.

A.2. Automation hub variables

RPM variable nameContainer variable nameDescription

automationhub_admin_password

hub_admin_password

Required

Required passwords must be enclosed in quotes when they are provided in plain text in the inventory file.

Use of special characters for this variable is limited. The password can include any printable ASCII character except /, , or @.

automationhub_api_token

 

This variable can be used to provide the installer with an existing token.

For example, a regenerated token in Hub UI will invalidate an existing token. Use automationhub_api_token to use that token in the installer the next time you run the installer.

automationhub_auto_sign_collections

hub_collection_auto_sign

If a collection signing service is enabled, collections are not signed automatically by default.

Setting this parameter to true signs them by default.

Default = false

automationhub_backup_collections

 

Optional

Ansible automation hub provides artifacts in /var/lib/pulp. Automation controller automatically backs up the artifacts by default.

You can also set automationhub_backup_collections to false and the backup and restore process will not backup or restore /var/lib/pulp.

Default = true

automationhub_collection_download_count

 

Optional

Determines whether download count is displayed on the UI.

Default = false

automationhub_collection_seed_repository

 

When you run the bundle installer, validated content is uploaded to the validated repository, and certified content is uploaded to the rh-certified repository.

By default, both certified and validated content are uploaded.

Possible values of this variable are certified or validated.

If you do not want to install content, set automationhub_seed_collections to false to disable the seeding.

If you only want one type of content, set automationhub_seed_collections to true and automationhub_collection_seed_repository to the type of content you do want to include.

automationhub_collection_signing_service_key

hub_collection_signing_key

If a collection signing service is enabled, you must provide this variable to ensure that collections can be properly signed.

/absolute/path/to/key/to/sign

automationhub_collection_signing_service_script

 

If a collection signing service is enabled, you must provide this variable to ensure that collections can be properly signed.

/absolute/path/to/script/that/signs

automationhub_container_signing_service_key

hub_container_signing_key

If a container signing service is enabled, you must provide this variable to ensure that containers can be properly signed.

/absolute/path/to/key/to/sign

automationhub_container_signing_service_script

 

If a container signing service is enabled, you must provide this variable to ensure that containers can be properly signed.

/absolute/path/to/script/that/signs

automationhub_create_default_collection_signing_service

hub_collection_signing_service

Set this variable to true to create a collection signing service.

Default = false

automationhub_create_default_container_signing_service

hub_container_signing_service

Set this variable to true to create a container signing service.

Default = false

automationhub_disable_hsts

hub_nginx_disable_hsts

The default installation deploys a TLS enabled automation hub. Use this variable if you deploy automation hub with HTTP Strict Transport Security (HSTS) web-security policy enabled. This variable disables the HSTS web-security policy mechanism.

Default = false

automationhub_disable_https

hub_nginx_disable_https

Optional

If automation hub is deployed with HTTPS enabled.

Default = false

automationhub_enable_analytics

 

A Boolean indicating whether to enable pulp analytics for the version of pulpcore used in automation hub in Ansible Automation Platform 2.5.

To enable pulp analytics, set automationhub_enable_analytics to true.

Default = false

automationhub_enable_api_access_log

 

When set to true, this variable creates a log file at /var/log/galaxy_api_access.log that logs all user actions made to the platform, including their username and IP address.

Default = false

automationhub_enable_unauthenticated_collection_access

 

Set this variable to true to enable unauthorized users to view collections.

Default = false

automationhub_enable_unauthenticated_collection_download

 

Set this variable to true to enable unauthorized users to download collections.

Default = false

automationhub_importer_settings

hub_galaxy_importer

Optional

Dictionary of setting to pass to galaxy-importer. At import time, collections can go through a series of checks.

Behavior is driven by galaxy-importer.cfg configuration.

Examples are ansible-doc, ansible-lint, and flake8.

This parameter enables you to drive this configuration.

automationhub_pg_database

hub_pg_database

The PostgreSQL database name.

RPM default = automationhub

Container default = pulp

automationhub_pg_host

hub_pg_host

Required if not using an internal database.

The hostname of the remote PostgreSQL database used by automation hub.

Default = 127.0.0.1

automationhub_pg_password

hub_pg_password

Required if not using an internal database.

The password for the automation hub PostgreSQL database.

Use of special characters for this variable is limited. The !, #, 0 and @ characters are supported. Use of other special characters can cause the setup to fail.

automationhub_pg_port

hub_pg_port

Required if not using an internal database.

Default = 5432

automationhub_pg_sslmode

 

Required

Default = prefer

automationhub_pg_username

hub_pg_username

The username for your automation hub PostgreSQL database

RPM default = automationhub

Container default = pulp

automationhub_require_content_approval

 

Optional

Value is true if automation hub enforces the approval mechanism before collections are made available.

By default when you upload collections to automation hub, an administrator must approve it before they are made available to the users.

If you want to disable the content approval flow, set the variable to false.

Default = true

automationhub_seed_collections

 

A Boolean that defines whether or not pre-loading is enabled.

When you run the bundle installer, validated content is uploaded to the validated repository, and certified content is uploaded to the rh-certified repository.

By default, both certified and validated content are uploaded.

If you do not want to install content, set automationhub_seed_collections to false to disable the seeding.

If you only want one type of content, set automationhub_seed_collections to true and automationhub_collection_seed_repository to the type of content you do want to include.

Default = true

automationhub_ssl_cert

hub_tls_cert

Optional

/path/to/automationhub.cert

Same as web_server_ssl_cert but for automation hub UI and API.

automationhub_ssl_key

hub_tls_key

Optional

/path/to/automationhub.key.

Same as web_server_ssl_key but for automation hub UI and API.

automationhub_user_headers

 

List of nginx headers for Ansible automation hub’s web server.

Each element in the list is provided to the web server’s nginx configuration as a separate line.

Default = empty list

ee_from_hub_only

 

When deployed with automation hub, the installer pushes execution environment images to automation hub and configures automation controller to pull images from the automation hub registry.

To make automation hub the only registry to pull execution environment images from, set this variable to true.

If set to false, execution environment images are also taken directly from Red Hat.

Default = true when the bundle installer is used.

generate_automationhub_token

 

When performing a fresh installation, a new token will automatically be generated by default. If you want the installer to regenerate a new token, set generate_automationhub_token=true and the installer will use it in the installation process.

nginx_hsts_max_age

hub_nginx_hsts_max_age

This variable specifies how long, in seconds, the system should be considered as an HTTP Strict Transport Security (HSTS) host. That is, how long HTTPS is used exclusively for communication.

Default = 63072000 seconds, or two years.

pulp_db_fields_key

 

Relative or absolute path to the Fernet symmetric encryption key that you want to import. The path is on the Ansible management node. It is used to encrypt certain fields in the database, such as credentials. If not specified, a new key will be generated.

 

hub_tls_remote

Automation hub TLS remote files.

Default = false

 

hub_main_url

Automation hub main URL.

 

hub_nginx_client_max_body_size

NGINX maximum body size.

Default = 20m

 

hub_nginx_http_port

NGINX HTTP port.

Default = 8081

 

hub_nginx_https_port

NGINX HTTPS port.

Default = 8444

 

hub_nginx_https_protocols

NGINX HTTPS protocols.

Default = [TLSv1.2, TLSv1.3]

 

hub_pg_socket

PostgreSQL Automation hub UNIX socket.

 

hub_secret_key

Automation hub secret key.

 

hub_storage_backend

Automation hub storage backend.

 

hub_workers

Automation hub workers count.

 

hub_collection_signing

Enable Automation hub collection signing.

Default = false

 

hub_container_signing

Enable Automation hub container signing.

Default = false

 

hub_container_signing_pass

Automation hub container signing passphrase.

 

hub_collection_signing_pass

Automation hub collection signing passphrase.

 

hub_postinstall

Enable Automation hub postinstall.

Default = false

 

hub_postinstall_async_delay

Postinstall delay between retries.

Default = 1

 

hub_postinstall_async_retries

Postinstall number of retries to perform.

Default = 30

 

hub_postinstall_dir

Automation hub postinstall directory.

 

hub_postinstall_ignore_files

Automation hub ignore files.

 

hub_postinstall_repo_ref

Automation hub repository branch or tag.

Default = main

 

hub_postinstall_repo_url

Automation hub repository URL.

 

hub_shared_data_path

Required when installing more than one instance of automation hub with a file storage backend. When installing a single instance of automation hub, it is optional.

Path to a Network File System (NFS) share with read, write, and execute (RWX) access.

 

hub_shared_data_mount_opts

Optional

Mount options for NFS share.

Default = rw,sync,hard

A.3. Automation controller variables

RPM variable nameContainer variable nameDescription

admin_email

 

The email address used for the admin user for automation controller.

admin_password

controller_admin_password

Required

Automation controller admin password.

Passwords must be enclosed in quotes when they are provided in plain text in the inventory file.

Use of special characters for this variable is limited. The password can include any printable ASCII character except /, , or @.

admin_username

controller_admin_user

Automation controller admin user.

Default = admin

automation_controller_main_url

 

Automation controller main URL.

controller_tls_files_remote

controller_tls_remote

Automation controller TLS remote files.

Default = false

nginx_disable_hsts

controller_nginx_disable_hsts

Disable NGINX HTTP Strict Transport Security (HSTS).

Default = false

nginx_disable_https

controller_nginx_disable_https

Disable NGINX HTTPS.

Default = false

nginx_hsts_max_age

controller_nginx_hsts_max_age

This variable specifies how long, in seconds, the system must be considered as an HTTP Strict Transport Security (HSTS) host. That is, how long HTTPS is used only for communication.

Default = 63072000 seconds, or two years.

nginx_http_port

controller_nginx_http_port

The NGINX HTTP server listens for inbound connections.

RPM default = 80

Container default = 8080

nginx_https_port

controller_nginx_https_port

The NGINX HTTPS server listens for secure connections.

RPM Default = 443

Container default = 8443

nginx_user_headers

controller_nginx_user_headers

List of NGINX headers for the automation controller web server.

Each element in the list is provided to the web server’s NGINX configuration as a separate line.

Default = empty list

node_state

 

Optional

The status of a node or group of nodes. Valid options are active, deprovision to remove a node from a cluster, or iso_migrate to migrate a legacy isolated node to an execution node.

Default = active

node_type

 

For [automationcontroller] group.

Two valid node_types can be assigned for this group.

A node_type=control means that the node only runs project and inventory updates, but not regular jobs.

A node_type=hybrid can run everything.

Default for this group = hybrid.

For [execution_nodes] group:

Two valid node_types can be assigned for this group.

A node_type=hop implies that the node forwards jobs to an execution node.

A node_type=execution implies that the node can run jobs.

Default for this group = execution.

peers

 

Optional

The peers variable is used to indicate which nodes a specific host or group connects to. Wherever this variable is defined, an outbound connection to the specific host or group is established.

This variable is used to add tcp-peer entries in the receptor.conf file used for establishing network connections with other nodes.

The peers variable can be a comma-separated list of hosts and groups from the inventory. This is resolved into a set of hosts that is used to construct the receptor.conf file.

pg_database

controller_pg_database

The name of the PostgreSQL database.

Default = awx

pg_host

controller_pg_host

Required

The PostgreSQL host, which can be an externally managed database.

pg_password

controller_pg_password

Required

The password for the PostgreSQL database.

Use of special characters for this variable is limited. The !, #, 0 and @ characters are supported. Use of other special characters can cause the setup to fail.

NOTE

You no longer have to provide a pg_hashed_password in your inventory file at the time of installation, because PostgreSQL 13 can now store user passwords more securely.

When you supply pg_password in the inventory file for the installer, PostgreSQL uses the SCRAM-SHA-256 hash to secure that password as part of the installation process.

pg_port

controller_pg_port

The PostgreSQL port to use.

Default = 5432

pg_username

controller_pg_username

Your PostgreSQL database username.

Default = awx.

web_server_ssl_cert

controller_tls_cert

Optional

/path/to/webserver.cert

Same as automationhub_ssl_cert but for web server UI and API.

web_server_ssl_key

controller_tls_key

Optional

/path/to/webserver.key

Same as automationhub_server_ssl_key but for web server UI and API.

 

controller_event_workers

Automation controller event workers.

Default = 4

 

controller_license_file

The location of your automation controller license file.

For example:

controller_license_file=/path/to/license.zip

If you are defining this variable as part of the postinstall process (controller_postinstall = true), then you need to also set the controller_postinstall_dir variable.

 

controller_nginx_client_max_body_size

NGINX maximum body size.

Default = 5m

 

controller_nginx_https_protocols

NGINX HTTPS protocols.

Default = [TLSv1.2, TLSv1.3]

 

controller_pg_socket

PostgreSQL Controller UNIX socket.

 

controller_secret_key

Automation controller secret key.

 

controller_uwsgi_listen_queue_size

Automation controller uWSGI listen queue size.

Default = 2048

 

controller_postinstall

Enable or disable the postinstall feature of the containerized installer.

If set to true, then you also need to set controller_license_file and controller_postinstall_dir.

Default = false

 

controller_postinstall_dir

The location of your automation controller postinstall directory.

 

controller_postinstall_async_delay

Postinstall delay between retries.

Default = 1

 

controller_postinstall_async_retries

Postinstall number of tries to attempt.

Default = 30

 

controller_postinstall_ignore_files

Automation controller ignore files.

 

controller_postinstall_repo_ref

Automation controller repository branch or tag.

Default = main

 

controller_postinstall_repo_url

Automation controller repository URL.

A.4. Event-Driven Ansible controller variables

RPM variable nameContainer variable nameDescription

automationedacontroller_activation_workers

eda_activation_workers

Optional

Number of workers for ansible-rulebook activation pods in Event-Driven Ansible.

Default = (# of cores or threads) * 2 + 1

automationedacontroller_admin_email

eda_admin_email

Optional

Email address used by Django for the admin user for Event-Driven Ansible controller.

Default = admin@example.com

automationedacontroller_admin_password

eda_admin_password

Required

The admin password used by the Event-Driven Ansible controller instance.

Passwords must be enclosed in quotes when they are provided in plain text in the inventory file.

Use of special characters for this variable is limited. The password can include any printable ASCII character except /, , or @.

automationedacontroller_admin_username

eda_admin_user

Username used by Django to identify and create the admin superuser in Event-Driven Ansible controller.

Default = admin

automationedacontroller_allowed_hostnames

 

List of additional addresses to enable for user access to Event-Driven Ansible controller.

Default = empty list

automationedacontroller_controller_verify_ssl

 

Boolean flag used to verify automation controller’s web certificates when making calls from Event-Driven Ansible controller. Verified is true and not verified is false.

Default = false

automationedacontroller_disable_hsts

eda_nginx_disable_hsts

Optional

Boolean flag to disable HSTS for Event-Driven Ansible controller.

Default = false

automationedacontroller_disable_https

eda_nginx_disable_https

Optional

Boolean flag to disable HTTPS for Event-Driven Ansible controller.

Default = false

automationedacontroller_event_stream_path

eda_event_stream_prefix_path

API prefix path used for Event-Driven Ansible event-stream through platform gateway.

Default = /eda-event-streams

automationedacontroller_gunicorn_workers

eda_gunicorn_workers

Number of workers for the API served through Gunicorn.

Default = (# of cores or threads) * 2 + 1

automationedacontroller_max_running_activations

eda_max_running_activations

Optional

The number of maximum activations running concurrently per node.

This is an integer that must be greater than 0.

Default = 12

automationedacontroller_nginx_tls_files_remote

eda_tls_remote

Boolean flag to specify whether cert sources are on the remote host (true) or local (false).

Default = false

automationedacontroller_pg_database

eda_pg_database

Optional

The PostgreSQL database used by Event-Driven Ansible controller.

RPM default = automationedacontroller

Container default = eda

automationedacontroller_pg_password

eda_pg_password

Required

The password for the PostgreSQL database used by Event-Driven Ansible controller.

Use of special characters for this variable is limited. The !, #, 0 and @ characters are supported. Use of other special characters can cause the setup to fail.

automationedacontroller_pg_port

eda_pg_port

Optional

The port number of the PostgreSQL database used by Event-Driven Ansible controller.

Default = 5432

automationedacontroller_pg_username

eda_pg_username

Optional

The username for your Event-Driven Ansible controller PostgreSQL database.

RPM default = automationedacontroller

Container default = eda

automationedacontroller_redis_host

eda_redis_host

The Redis hostname used by Event-Driven Ansible controller.

automationedacontroller_redis_port

eda_redis_port

The port used for the Redis host defined by automationedacontroller_redis_host for Event-Driven Ansible controller.

automationedacontroller_rq_workers

 

Number of Redis Queue (RQ) workers used by Event-Driven Ansible controller. RQ workers are Python processes that run in the background.

Default = (# of cores or threads) * 2 + 1

automationedacontroller_ssl_cert

eda_tls_cert

Optional

/root/ssl_certs/eda.<example>.com.crt

Same as automationhub_ssl_cert but for Event-Driven Ansible controller UI and API.

automationedacontroller_ssl_key

eda_tls_key

Optional

/root/ssl_certs/eda.<example>.com.key

Same as automationhub_server_ssl_key but for Event-Driven Ansible controller UI and API.

automationedacontroller_user_headers

eda_nginx_user_headers

List of additional NGINX headers to add to Event-Driven Ansible controller’s NGINX configuration.

Default = empty list

automationnedacontroller_pg_host

eda_pg_host

Required

The hostname of the PostgreSQL database used by Event-Driven Ansible controller, which can be an externally managed database.

eda_node_type

eda_type

Optional

Event-Driven Ansible controller node type.

Default = hybrid

 

eda_debug

Event-Driven Ansible controller debug.

Default = false

 

eda_event_stream_url

Event-Driven Ansible controller event stream URL.

 

eda_main_url

Event-Driven Ansible controller main URL.

 

eda_nginx_client_max_body_size

NGINX maximum body size.

Default = 1m

 

eda_nginx_hsts_max_age

NGINX HSTS maximum age.

Default = 63072000

 

eda_nginx_http_port

NGINX HTTP port.

Default = 8082

 

eda_nginx_https_port

NGINX HTTPS port.

Default = 8445

 

eda_nginx_https_protocols

NGINX HTTPS protocols.

Default = [TLSv1.2, TLSv1.3]

 

eda_pg_socket

PostgreSQL Event-Driven Ansible UNIX socket.

 

eda_redis_disable_tls

Disable TLS Redis (for many nodes).

Default = false

 

eda_redis_password

Redis Event-Driven Ansible controller password (for many nodes).

 

eda_redis_tls_cert

Optional

/path/to/edaredis.crt

Location of the Event-Driven Ansible controller Redis TLS certificate.

 

eda_redis_tls_key

Optional

/path/to/edaredis.key

Location of the Event-Driven Ansible controller Redis TLS key.

 

eda_redis_username

Redis Event-Driven Ansible controller username (for many nodes).

 

eda_safe_plugins

Event-Driven Ansible controller safe plugins.

 

eda_secret_key

Event-Driven Ansible controller secret key.

 

eda_workers

Event-Driven Ansible controller workers count.

Default = 2

A.5. Platform gateway variables

RPM variable nameContainer variable nameDescription

automationgateway_admin_email

gateway_admin_email

The email address used for the admin user for platform gateway.

automationgateway_admin_password

gateway_admin_password

Required

The admin password used to connect to the platform gateway instance.

Passwords must be enclosed in quotes when they are provided in plain text in the inventory file.

Use of special characters for this variable is limited. The password can include any printable ASCII character except /, , or @.

automationgateway_admin_username

gateway_admin_user

Optional

The username used to identify and create the admin superuser in platform gateway.

Default = admin

automationgateway_disable_hsts

gateway_nginx_disable_hsts

Optional

Disable NGINX HSTS.

Default = false

automationgateway_disable_https

gateway_nginx_disable_https

Optional

Disable NGINX HTTPS.

Default = false

automationgateway_grpc_auth_service_timeout

gateway_grpc_auth_service_timeout

Platform gateway auth server timeout.

Default = 30s

automationgateway_grpc_server_max_threads_per_process

gateway_grpc_server_max_threads_per_process

Platform gateway auth server threads per process.

Default = 10

automationgateway_grpc_server_processes

gateway_grpc_server_processes

Platform gateway auth server processes

Default = 5

automationgateway_main_url

gateway_main_url

Optional

The main platform gateway URL that clients will connect to (e.g. https://<gateway_node>).

If not specified, the first the first node in the [automationgateway] group will be used when needed.

automationgateway_pg_database

gateway_pg_database

Optional

The PostgreSQL database used by platform gateway.

RPM default = automationgateway

Container default = gateway

automationgateway_pg_host

gateway_pg_host

Required

The hostname of the PostgreSQL database used by platform gateway, which can be an externally managed database.

automationgateway_pg_password

gateway_pg_password

Required

The password for the PostgreSQL database used by platform gateway.

Use of special characters for automationgateway_pg_password is limited. The !, #, 0 and @ characters are supported.

Use of other special characters can cause the setup to fail.

automationgateway_pg_port

gateway_pg_port

Optional

The port number of the PostgreSQL database used by platform gateway.

Default = 5432

automationgateway_pg_sslmode

gateway_pg_sslmode

Choose one of the two available modes: prefer and verify-full.

Set to verify-full for client-side enforced SSL.

Default = prefer

automationgateway_pg_username

gateway_pg_username

Optional

The username for your platform gateway PostgreSQL database.

RPM default = automationgateway

Container default = gateway

automationgateway_redis_host

gateway_redis_host

The Redis hostname used by platform gateway.

automationgateway_redis_port

gateway_redis_port

The Redis platform gateway port.

Default = 6379

automationgateway_ssl_cert

gateway_tls_cert

Optional

/path/to/automationgateway.cert

Same as automationhub_ssl_cert but for platform gateway UI and API.

automationgateway_ssl_key

gateway_tls_key

Optional

/path/to/automationgateway.key

Same as automationhub_server_ssl_key but for platform gateway UI and API.

 

gateway_nginx_client_max_body_size

NGINX maximum body size.

Default = 5m

 

gateway_nginx_hsts_max_age

NGINX HSTS maximum age.

Default = 63072000

 

gateway_nginx_http_port

NGINX HTTP port.

 

gateway_nginx_https_port

NGINX HTTPS port.

 

gateway_nginx_https_protocols

NGINX HTTPS protocols.

Default = [TLSv1.2, TLSv1.3]

 

gateway_nginx_user_headers

Custom NGINX headers.

 

gateway_redis_disable_tls

Disable TLS Redis.

Default = false

 

gateway_redis_password

Redis platform gateway password.

 

gateway_redis_tls_cert

Optional

/path/to/gatewayredis.crt

Location of the platform gateway Redis TLS certificate.

 

gateway_redis_tls_key

Optional

/path/to/gatewayredis.key

Location of the platform gateway Redis TLS key.

 

gateway_redis_username

Redis platform gateway username.

Default = gateway

 

gateway_secret_key

Platform gateway secret key.

 

gateway_tls_remote

Platform gateway TLS remote files.

Default = false

 

gateway_uwsgi_listen_queue_size

Platform gateway uWSGI listen queue size.

Default = 4096

A.6. Database variables

RPM variable nameContainer variable nameDescription

pg_ssl_mode

 

Choose one of the two available modes: prefer and verify-full.

Set to verify-full for client-side enforced SSL/TLS.

Default = prefer

postgres_ssl_cert

postgresql_tls_cert

Location of the PostgreSQL SSL/TLS certificate.

/path/to/pgsql_ssl.cert

postgres_ssl_key

postgresql_tls_key

Location of the PostgreSQL SSL/TLS key.

/path/to/pgsql_ssl.key

postgres_use_cert

 

Location of the PostgreSQL user certificate.

/path/to/pgsql.crt

postgres_use_ssl

postgresql_disable_tls

Determines if the connection between Ansible Automation Platform and the PostgreSQL database should use SSL/TLS. The default for this variable is false which means SSL/TLS is not used for PostgreSQL connections. When set to true, the platform connects to PostgreSQL by using SSL/TLS.

postgres_max_connections

postgresql_max_connections

Maximum database connections setting to apply if you are using installer-managed PostgreSQL.

See PostgreSQL database configuration and maintenance for automation controller for help selecting a value.

Default = 1024

 

postgresql_admin_database

PostgreSQL admin database.

Default = postgres

 

postgresql_admin_username

PostgreSQL admin user.

Default = postgres

 

postgresql_admin_password

Required

PostgreSQL admin password.

 

postgresql_effective_cache_size

PostgreSQL effective cache size.

 

postgresql_keep_databases

Keep databases during uninstall.

Default = false

 

postgresql_log_destination

PostgreSQL log file location.

Default = /dev/stderr

 

postgresql_password_encryption

PostgreSQL password encryption.

Default = scram-sha-256

 

postgresql_shared_buffers

PostgreSQL shared buffers.

 

postgresql_tls_remote

PostgreSQL TLS remote files.

Default = false

 

postgresql_port

PostgreSQL port number.

Default = 5432

A.7. Image variables

RPM variable nameContainer variable nameDescription
 

controller_image

Automation controller image.

Default = controller-rhel8:latest

 

de_extra_images

Decision environment extra images.

 

de_supported_image

Decision environment supported image.

Default = de-supported-rhel8:latest

 

eda_image

Event-Driven Ansible image.

Default = eda-controller-rhel8:latest

 

eda_web_image

Event-Driven Ansible web image.

Default = eda-controller-ui-rhel8:latest

 

ee_29_enabled

Enable execution environment 29.

Default = false

 

ee_29_image

Execution environment 29 image.

Default = ee-29-rhel8:latest

 

ee_extra_images

Execution environment extra images.

 

ee_minimal_image

Execution environment minimal image.

Default = ee-minimal-rhel8:latest

 

ee_supported_image

Execution environment supported image.

Default = ee-supported-rhel8:latest

 

hub_image

Automation hub image.

Default = hub-rhel8:latest

 

hub_web_image

Automation hub web image.

Default = hub-web-rhel8:latest

 

postgresql_image

PostgreSQL image.

Default = postgresql-15:latest

 

receptor_image

Receptor image.

Default = receptor-rhel8:latest

 

redis_image

Redis image.

Default = redis-6:latest

 

pcp_image

Performance Co-Pilot image.

Default = rhel8-pcp:latest

A.8. Receptor variables

RPM variable nameContainer variable nameDescription
 

receptor_disable_signing

Disable receptor signing.

Default = false

 

receptor_disable_tls

Disable receptor TLS.

Default = false

 

receptor_log_level

Receptor logging level.

Default = info

 

receptor_mintls13

Receptor TLS 1.3 minimal.

Default = false

 

receptor_peers

Receptor peers list.

receptor_datadir

 

This variable configures the receptor data directory. By default, it is set to /tmp/receptor. To change the default location, run the installation script with "-e receptor_datadir=" and specify the target directory that you want.

NOTES

* The target directory must be accessible to awx users.

* If the target directory is a temporary file system tmpfs, ensure it is remounted correctly after a reboot. Failure to do so results in the receptor no longer having a working directory.

receptor_listener_port

receptor_port

Receptor port number.

Default = 27199

receptor_listener_protocol

receptor_protocol

Receptor protocol.

Default = tcp

 

receptor_signing_private_key

Receptor signing private key.

 

receptor_signing_public_key

Receptor signing public key.

 

receptor_signing_remote

Receptor signing remote files.

Default = false

 

receptor_tls_cert

Receptor TLS certificate.

 

receptor_tls_key

Receptor TLS key.

 

receptor_tls_remote

Receptor TLS remote files.

Default = false

 

receptor_type

Receptor node type.

Default = execution

A.9. Ansible variables

The following variables control how Ansible Automation Platform interacts with remote hosts.

For more information about variables specific to certain plugins, see the documentation for Ansible.Builtin.

For a list of global configuration options, see Ansible Configuration Settings.

VariableDescription

ansible_connection

The connection plugin used for the task on the target host.

This can be the name of any of Ansible connection plugins. SSH protocol types are smart, ssh or paramiko.

Default = smart

ansible_host

The IP or name of the target host to use instead of inventory_hostname.

ansible_port

The connection port number.

Default: 22 for SSH

ansible_user

The user name to use when connecting to the host.

ansible_password

The password to authenticate to the host.

Never store this variable in plain text.

Always use a vault.

ansible_ssh_private_key_file

Private key file used by SSH. Useful if using multiple keys and you do not want to use an SSH agent.

ansible_ssh_common_args

This setting is always appended to the default command line for sftp, scp, and ssh. Useful to configure a ProxyCommand for a certain host or group.

ansible_sftp_extra_args

This setting is always appended to the default sftp command line.

ansible_scp_extra_args

This setting is always appended to the default scp command line.

ansible_ssh_extra_args

This setting is always appended to the default ssh command line.

ansible_ssh_pipelining

Determines if SSH pipelining is used. This can override the pipelining setting in ansible.cfg. If using SSH key-based authentication, the key must be managed by an SSH agent.

ansible_ssh_executable

Added in version 2.2.

This setting overrides the default behavior to use the system SSH. This can override the ssh_executable setting in ansible.cfg.

ansible_shell_type

The shell type of the target system. Do not use this setting unless you have set the ansible_shell_executable to a non-Bourne (sh) compatible shell. By default commands are formatted using sh-style syntax. Setting this to csh or fish causes commands executed on target systems to follow the syntax of those shells instead.

ansible_shell_executable

This sets the shell that the Ansible controller uses on the target machine and overrides the executable in ansible.cfg which defaults to /bin/sh.

Do not change this variable unless /bin/sh is not installed on the target machine or cannot be run from sudo.

inventory_hostname

This variable takes the hostname of the machine from the inventory script or the Ansible configuration file.

You cannot set the value of this variable.

Because the value is taken from the configuration file, the actual runtime hostname value can vary from what is returned by this variable.

Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.