Appendix A. Inventory file variables
The following tables contain information about the variables used in Ansible Automation Platform’s installation inventory
files. The tables include the variables that you can use for RPM-based installation and container-based installation.
A.1. General variables
RPM variable name | Container variable name | Description |
---|---|---|
| The path to the bundle directory.
Default = | |
|
Use offline installation. Set to
Default = | |
|
Define a Certification Authority certificate here along with a matching key in | |
|
Define the key for a Certification Authority certificate here for the matching certificate in | |
| TLS CA remote files.
Default = | |
| Container compression software.
Default = | |
| Keep container images.
Default = | |
| Pull newer container images.
Default = | |
| Define a custom Certification Authority certificate here when you have the leaf certificates created for each product and need the certificate trust to be established. | |
| The default install registers the node to the Red Hat Insights for Red Hat Ansible Automation Platform for the Red Hat Ansible Automation Platform Service if the node is registered with Subscription Manager.
Set to
Default = | |
|
Defines support for
Values available The TLSv1.1 and TLSv1.2 parameters only work when OpenSSL 1.0.1 or higher is used. The TLSv1.3 parameter only works when OpenSSL 1.1.1 or higher is used.
If
Default = | |
|
List of NGINX configurations for
Each element in the list is provided into Default = empty list | |
| Use registry authentication.
Default = | |
| Ansible Automation Platform registry namespace.
Default = | |
| RHEL registry namespace.
Default = | |
| Redis can be colocated with platform gateway, automation hub, and Event-Driven Ansible controller nodes. Default = cluster | |
|
| This variable is only required if a non-bundle installer is used.
Password credential for access to
Enter your Red Hat Registry Service Account credentials in
When For more information, see Setting registry_username and registry_password. |
| Verify registry TLS.
Default = | |
|
| URL for the registry source.
Default = |
|
| This variable is only required if a non-bundle installer is used.
User credential for access to
Enter your Red Hat Registry Service Account credentials in For more information, see Setting registry_username and registry_password. |
|
| This variable is used if the machine running the installer can only route to the target host through a specific URL. For example, if you use short names in your inventory, but the node running the installer can only resolve that host by using a FQDN.
If
This variable is used as a host variable for particular hosts and not under the For further information, see Assigning a variable to one machine: host variables. |
A.2. Automation hub variables
RPM variable name | Container variable name | Description |
---|---|---|
|
| Required Required passwords must be enclosed in quotes when they are provided in plain text in the inventory file.
Use of special characters for this variable is limited. The password can include any printable ASCII character except |
| This variable can be used to provide the installer with an existing token.
For example, a regenerated token in Hub UI will invalidate an existing token. Use | |
|
| If a collection signing service is enabled, collections are not signed automatically by default.
Setting this parameter to
Default = |
| Optional
Ansible automation hub provides artifacts in
You can also set
Default = | |
| Optional Determines whether download count is displayed on the UI.
Default = | |
|
When you run the bundle installer, validated content is uploaded to the By default, both certified and validated content are uploaded.
Possible values of this variable are
If you do not want to install content, set
If you only want one type of content, set | |
|
| If a collection signing service is enabled, you must provide this variable to ensure that collections can be properly signed.
|
| If a collection signing service is enabled, you must provide this variable to ensure that collections can be properly signed.
| |
|
| If a container signing service is enabled, you must provide this variable to ensure that containers can be properly signed.
|
| If a container signing service is enabled, you must provide this variable to ensure that containers can be properly signed.
| |
|
|
Set this variable to
Default = |
|
|
Set this variable to
Default = |
|
| The default installation deploys a TLS enabled automation hub. Use this variable if you deploy automation hub with HTTP Strict Transport Security (HSTS) web-security policy enabled. This variable disables the HSTS web-security policy mechanism.
Default = |
|
| Optional If automation hub is deployed with HTTPS enabled.
Default = |
|
A Boolean indicating whether to enable pulp analytics for the version of
To enable pulp analytics, set
Default = | |
|
When set to
Default = | |
|
Set this variable to
Default = | |
|
Set this variable to
Default = | |
|
| Optional Dictionary of setting to pass to galaxy-importer. At import time, collections can go through a series of checks.
Behavior is driven by
Examples are This parameter enables you to drive this configuration. |
|
| The PostgreSQL database name.
RPM default =
Container default = |
|
| Required if not using an internal database. The hostname of the remote PostgreSQL database used by automation hub.
Default = |
|
| Required if not using an internal database. The password for the automation hub PostgreSQL database.
Use of special characters for this variable is limited. The |
|
| Required if not using an internal database.
Default = |
| Required
Default = | |
|
| The username for your automation hub PostgreSQL database
RPM default =
Container default = |
| Optional
Value is By default when you upload collections to automation hub, an administrator must approve it before they are made available to the users.
If you want to disable the content approval flow, set the variable to
Default = | |
| A Boolean that defines whether or not pre-loading is enabled.
When you run the bundle installer, validated content is uploaded to the By default, both certified and validated content are uploaded.
If you do not want to install content, set
If you only want one type of content, set
Default = | |
|
| Optional
Same as |
|
| Optional
Same as |
| List of nginx headers for Ansible automation hub’s web server. Each element in the list is provided to the web server’s nginx configuration as a separate line. Default = empty list | |
| When deployed with automation hub, the installer pushes execution environment images to automation hub and configures automation controller to pull images from the automation hub registry.
To make automation hub the only registry to pull execution environment images from, set this variable to
If set to
Default = | |
|
When performing a fresh installation, a new token will automatically be generated by default. If you want the installer to regenerate a new token, set | |
|
| This variable specifies how long, in seconds, the system should be considered as an HTTP Strict Transport Security (HSTS) host. That is, how long HTTPS is used exclusively for communication.
Default = |
| Relative or absolute path to the Fernet symmetric encryption key that you want to import. The path is on the Ansible management node. It is used to encrypt certain fields in the database, such as credentials. If not specified, a new key will be generated. | |
| Automation hub TLS remote files.
Default = | |
| Automation hub main URL. | |
| NGINX maximum body size.
Default = | |
| NGINX HTTP port.
Default = | |
| NGINX HTTPS port.
Default = | |
| NGINX HTTPS protocols.
Default = | |
| PostgreSQL Automation hub UNIX socket. | |
| Automation hub secret key. | |
| Automation hub storage backend. | |
| Automation hub workers count. | |
| Enable Automation hub collection signing.
Default = | |
| Enable Automation hub container signing.
Default = | |
| Automation hub container signing passphrase. | |
| Automation hub collection signing passphrase. | |
| Enable Automation hub postinstall.
Default = | |
| Postinstall delay between retries.
Default = | |
| Postinstall number of retries to perform.
Default = | |
| Automation hub postinstall directory. | |
| Automation hub ignore files. | |
| Automation hub repository branch or tag.
Default = | |
| Automation hub repository URL. | |
| Required when installing more than one instance of automation hub with a file storage backend. When installing a single instance of automation hub, it is optional. Path to a Network File System (NFS) share with read, write, and execute (RWX) access. | |
| Optional Mount options for NFS share.
Default = |
A.3. Automation controller variables
RPM variable name | Container variable name | Description |
---|---|---|
| The email address used for the admin user for automation controller. | |
|
| Required Automation controller admin password. Passwords must be enclosed in quotes when they are provided in plain text in the inventory file.
Use of special characters for this variable is limited. The password can include any printable ASCII character except |
|
| Automation controller admin user.
Default = |
| Automation controller main URL. | |
|
| Automation controller TLS remote files.
Default = |
|
| Disable NGINX HTTP Strict Transport Security (HSTS).
Default = |
|
| Disable NGINX HTTPS.
Default = |
|
| This variable specifies how long, in seconds, the system must be considered as an HTTP Strict Transport Security (HSTS) host. That is, how long HTTPS is used only for communication.
Default = |
|
| The NGINX HTTP server listens for inbound connections.
RPM default =
Container default = |
|
| The NGINX HTTPS server listens for secure connections.
RPM Default =
Container default = |
|
| List of NGINX headers for the automation controller web server. Each element in the list is provided to the web server’s NGINX configuration as a separate line. Default = empty list |
| Optional
The status of a node or group of nodes. Valid options are
Default = | |
|
For
Two valid
A
A
Default for this group =
For
Two valid
A
A
Default for this group = | |
| Optional
The
This variable is used to add
The peers variable can be a comma-separated list of hosts and groups from the inventory. This is resolved into a set of hosts that is used to construct the | |
|
| The name of the PostgreSQL database.
Default = |
|
| Required The PostgreSQL host, which can be an externally managed database. |
|
| Required The password for the PostgreSQL database.
Use of special characters for this variable is limited. The NOTE
You no longer have to provide a
When you supply |
|
| The PostgreSQL port to use.
Default = |
|
| Your PostgreSQL database username.
Default = |
|
| Optional
Same as |
|
| Optional
Same as |
| Automation controller event workers.
Default = | |
| The location of your automation controller license file. For example:
If you are defining this variable as part of the postinstall process ( | |
| NGINX maximum body size.
Default = | |
| NGINX HTTPS protocols.
Default = | |
| PostgreSQL Controller UNIX socket. | |
| Automation controller secret key. | |
| Automation controller uWSGI listen queue size.
Default = | |
| Enable or disable the postinstall feature of the containerized installer.
If set to
Default = | |
| The location of your automation controller postinstall directory. | |
| Postinstall delay between retries.
Default = | |
| Postinstall number of tries to attempt.
Default = | |
| Automation controller ignore files. | |
| Automation controller repository branch or tag.
Default = | |
| Automation controller repository URL. |
A.4. Event-Driven Ansible controller variables
RPM variable name | Container variable name | Description |
---|---|---|
|
| Optional Number of workers for ansible-rulebook activation pods in Event-Driven Ansible. Default = (# of cores or threads) * 2 + 1 |
|
| Optional Email address used by Django for the admin user for Event-Driven Ansible controller.
Default = |
|
| Required The admin password used by the Event-Driven Ansible controller instance.
Passwords must be enclosed in quotes when they are provided in plain text in the
Use of special characters for this variable is limited. The password can include any printable ASCII character except |
|
| Username used by Django to identify and create the admin superuser in Event-Driven Ansible controller.
Default = |
| List of additional addresses to enable for user access to Event-Driven Ansible controller. Default = empty list | |
|
Boolean flag used to verify automation controller’s web certificates when making calls from Event-Driven Ansible controller. Verified is
Default = | |
|
| Optional Boolean flag to disable HSTS for Event-Driven Ansible controller.
Default = |
|
| Optional Boolean flag to disable HTTPS for Event-Driven Ansible controller.
Default = |
|
| API prefix path used for Event-Driven Ansible event-stream through platform gateway.
Default = |
|
| Number of workers for the API served through Gunicorn. Default = (# of cores or threads) * 2 + 1 |
|
| Optional The number of maximum activations running concurrently per node. This is an integer that must be greater than 0.
Default = |
|
| Boolean flag to specify whether cert sources are on the remote host (true) or local (false).
Default = |
|
| Optional The PostgreSQL database used by Event-Driven Ansible controller.
RPM default =
Container default = |
|
| Required The password for the PostgreSQL database used by Event-Driven Ansible controller.
Use of special characters for this variable is limited. The |
|
| Optional The port number of the PostgreSQL database used by Event-Driven Ansible controller.
Default = |
|
| Optional The username for your Event-Driven Ansible controller PostgreSQL database.
RPM default =
Container default = |
|
| The Redis hostname used by Event-Driven Ansible controller. |
|
|
The port used for the Redis host defined by |
| Number of Redis Queue (RQ) workers used by Event-Driven Ansible controller. RQ workers are Python processes that run in the background. Default = (# of cores or threads) * 2 + 1 | |
|
| Optional
Same as |
|
| Optional
Same as |
|
| List of additional NGINX headers to add to Event-Driven Ansible controller’s NGINX configuration. Default = empty list |
|
| Required The hostname of the PostgreSQL database used by Event-Driven Ansible controller, which can be an externally managed database. |
|
| Optional Event-Driven Ansible controller node type.
Default = |
| Event-Driven Ansible controller debug.
Default = | |
| Event-Driven Ansible controller event stream URL. | |
| Event-Driven Ansible controller main URL. | |
| NGINX maximum body size.
Default = | |
| NGINX HSTS maximum age.
Default = | |
| NGINX HTTP port.
Default = | |
| NGINX HTTPS port.
Default = | |
| NGINX HTTPS protocols.
Default = | |
| PostgreSQL Event-Driven Ansible UNIX socket. | |
| Disable TLS Redis (for many nodes).
Default = | |
| Redis Event-Driven Ansible controller password (for many nodes). | |
| Optional
Location of the Event-Driven Ansible controller Redis TLS certificate. | |
| Optional
Location of the Event-Driven Ansible controller Redis TLS key. | |
| Redis Event-Driven Ansible controller username (for many nodes). | |
| Event-Driven Ansible controller safe plugins. | |
| Event-Driven Ansible controller secret key. | |
| Event-Driven Ansible controller workers count.
Default = |
A.5. Platform gateway variables
RPM variable name | Container variable name | Description |
---|---|---|
|
| The email address used for the admin user for platform gateway. |
|
| Required The admin password used to connect to the platform gateway instance.
Passwords must be enclosed in quotes when they are provided in plain text in the
Use of special characters for this variable is limited. The password can include any printable ASCII character except |
|
| Optional The username used to identify and create the admin superuser in platform gateway.
Default = |
|
| Optional Disable NGINX HSTS.
Default = |
|
| Optional Disable NGINX HTTPS.
Default = |
|
| Platform gateway auth server timeout.
Default = |
|
| Platform gateway auth server threads per process.
Default = |
|
| Platform gateway auth server processes
Default = |
|
| Optional
The main platform gateway URL that clients will connect to (e.g.
If not specified, the first the first node in the |
|
| Optional The PostgreSQL database used by platform gateway.
RPM default =
Container default = |
|
| Required The hostname of the PostgreSQL database used by platform gateway, which can be an externally managed database. |
|
| Required The password for the PostgreSQL database used by platform gateway.
Use of special characters for Use of other special characters can cause the setup to fail. |
|
| Optional The port number of the PostgreSQL database used by platform gateway.
Default = |
|
|
Choose one of the two available modes:
Set to
Default = |
|
| Optional The username for your platform gateway PostgreSQL database.
RPM default =
Container default = |
|
| The Redis hostname used by platform gateway. |
|
| The Redis platform gateway port.
Default = |
|
| Optional
Same as |
|
| Optional
Same as |
| NGINX maximum body size.
Default = | |
| NGINX HSTS maximum age.
Default = | |
| NGINX HTTP port. | |
| NGINX HTTPS port. | |
| NGINX HTTPS protocols.
Default = | |
| Custom NGINX headers. | |
| Disable TLS Redis.
Default = | |
| Redis platform gateway password. | |
| Optional
Location of the platform gateway Redis TLS certificate. | |
| Optional
Location of the platform gateway Redis TLS key. | |
| Redis platform gateway username.
Default = | |
| Platform gateway secret key. | |
| Platform gateway TLS remote files.
Default = | |
| Platform gateway uWSGI listen queue size.
Default = |
A.6. Database variables
RPM variable name | Container variable name | Description |
---|---|---|
|
Choose one of the two available modes:
Set to
Default = | |
|
| Location of the PostgreSQL SSL/TLS certificate.
|
|
| Location of the PostgreSQL SSL/TLS key.
|
| Location of the PostgreSQL user certificate.
| |
|
|
Determines if the connection between Ansible Automation Platform and the PostgreSQL database should use SSL/TLS. The default for this variable is |
|
| Maximum database connections setting to apply if you are using installer-managed PostgreSQL. See PostgreSQL database configuration and maintenance for automation controller for help selecting a value.
Default = |
| PostgreSQL admin database.
Default = | |
| PostgreSQL admin user.
Default = | |
| Required PostgreSQL admin password. | |
| PostgreSQL effective cache size. | |
| Keep databases during uninstall.
Default = | |
| PostgreSQL log file location.
Default = | |
| PostgreSQL password encryption.
Default = | |
| PostgreSQL shared buffers. | |
| PostgreSQL TLS remote files.
Default = | |
| PostgreSQL port number.
Default = |
A.7. Image variables
RPM variable name | Container variable name | Description |
---|---|---|
| Automation controller image.
Default = | |
| Decision environment extra images. | |
| Decision environment supported image.
Default = | |
| Event-Driven Ansible image.
Default = | |
| Event-Driven Ansible web image.
Default = | |
| Enable execution environment 29.
Default = | |
| Execution environment 29 image.
Default = | |
| Execution environment extra images. | |
| Execution environment minimal image.
Default = | |
| Execution environment supported image.
Default = | |
| Automation hub image.
Default = | |
| Automation hub web image.
Default = | |
| PostgreSQL image.
Default = | |
| Receptor image.
Default = | |
| Redis image.
Default = | |
| Performance Co-Pilot image.
Default = |
A.8. Receptor variables
RPM variable name | Container variable name | Description |
---|---|---|
| Disable receptor signing.
Default = | |
| Disable receptor TLS.
Default = | |
| Receptor logging level.
Default = | |
| Receptor TLS 1.3 minimal.
Default = | |
| Receptor peers list. | |
|
This variable configures the receptor data directory. By default, it is set to NOTES * The target directory must be accessible to awx users. * If the target directory is a temporary file system tmpfs, ensure it is remounted correctly after a reboot. Failure to do so results in the receptor no longer having a working directory. | |
|
| Receptor port number.
Default = |
|
| Receptor protocol.
Default = |
| Receptor signing private key. | |
| Receptor signing public key. | |
| Receptor signing remote files.
Default = | |
| Receptor TLS certificate. | |
| Receptor TLS key. | |
| Receptor TLS remote files.
Default = | |
| Receptor node type.
Default = |
A.9. Ansible variables
The following variables control how Ansible Automation Platform interacts with remote hosts.
For more information about variables specific to certain plugins, see the documentation for Ansible.Builtin.
For a list of global configuration options, see Ansible Configuration Settings.
Variable | Description |
---|---|
| The connection plugin used for the task on the target host.
This can be the name of any of Ansible connection plugins. SSH protocol types are
Default = |
|
The IP or name of the target host to use instead of |
| The connection port number. Default: 22 for SSH |
| The user name to use when connecting to the host. |
| The password to authenticate to the host. Never store this variable in plain text. Always use a vault. |
| Private key file used by SSH. Useful if using multiple keys and you do not want to use an SSH agent. |
|
This setting is always appended to the default command line for |
|
This setting is always appended to the default |
|
This setting is always appended to the default |
|
This setting is always appended to the default |
|
Determines if SSH |
| Added in version 2.2.
This setting overrides the default behavior to use the system SSH. This can override the |
|
The shell type of the target system. Do not use this setting unless you have set the |
|
This sets the shell that the Ansible controller uses on the target machine and overrides the executable in
Do not change this variable unless |
| This variable takes the hostname of the machine from the inventory script or the Ansible configuration file. You cannot set the value of this variable. Because the value is taken from the configuration file, the actual runtime hostname value can vary from what is returned by this variable. |