Chapter 2. Upgrading to Red Hat Ansible Automation Platform 2.5
To upgrade your Red Hat Ansible Automation Platform, start by reviewing Planning your installation to ensure a successful upgrade. You can then download the desired version of the Ansible Automation Platform installer, configure the inventory file in the installation bundle to reflect your environment, and then run the installer.
2.1. Prerequisites
Upgrades to Ansible Automation Platform 2.5 include the platform gateway. Ensure you review the 2.5 Network ports and protocols for architectural changes and Tested deployment models for information on opinionated deployment models.
You have reviewed the centralized Redis instance offered by Ansible Automation Platform for both standalone and clustered topologies.
Prior to upgrading your Red Hat Ansible Automation Platform, ensure you have reviewed Planning your installation for a successful upgrade. You can then download the desired version of the Ansible Automation Platform installer, configure the inventory file in the installation bundle to reflect your environment, and then run the installer.
2.2. Ansible Automation Platform upgrade planning
Before you begin the upgrade process, review the following considerations to plan and prepare your Ansible Automation Platform deployment:
See System requirements in the Planning your installation guide to ensure you have the topologies that fit your use case.
Note2.4 to 2.5 upgrades now include Platform gateway. Ensure you review the 2.5 Network ports and protocols for architectural changes.
ImportantWhen upgrading from Ansible Automation Platform 2.4 to 2.5, the API endpoints for the automation controller, automation hub, and Event-Driven Ansible controller are all available for use. These APIs are being deprecated and will be disabled in an upcoming release. This grace period is to allow for migration to the new APIs put in place with the platform gateway.
- Verify that you have a valid subscription before upgrading from a previous version of Ansible Automation Platform. Existing subscriptions are carried over during the upgrade process.
- Ensure you have a backup of an Ansible Automation Platform 2.4 environment before upgrading in case any issues occur. See Backup and restore and Backup and recovery for operator environments for the specific topology of the environment.
- Ensure you capture your inventory or instance group details before upgrading.
Upgrades of Event-Driven Ansible version 2.4 to 2.5 are not supported. Database migrations between Event-Driven Ansible 2.4 and Event-Driven Ansible 2.5 are not compatible. For more information, see automation controller and automation hub 2.4 and Event-Driven Ansible 2.5 with unified UI upgrades.
If you are currently running Event-Driven Ansible controller 2.5, it is recommended that you disable all Event-Driven Ansible activations before upgrading to ensure that only new activations run after the upgrade process is complete.
- Automation controller OAuth applications on the platform UI are not supported for 2.4 to 2.5 migration. See this Knowledgebase article for more information. To learn how to recreate your OAuth applications, see Applications in the Access management and authentication guide.
- During the upgrade process, user accounts from the individual services are migrated. If there are accounts from multiple services, they must be linked to access the unified platform. See Account linking for details.
- Ansible Automation Platform 2.5 offers a centralized Redis instance in both standalone and clustered topologies. For information on how to configure Redis, see Configuring Redis in the RPM installation guide.
Additional resources
2.3. Choosing and obtaining a Red Hat Ansible Automation Platform installer
Choose the Red Hat Ansible Automation Platform installer you need based on your Red Hat Enterprise Linux environment internet connectivity. Review the following scenarios and decide on which Red Hat Ansible Automation Platform installer meets your needs.
A valid Red Hat customer account is required to access Red Hat Ansible Automation Platform installer downloads on the Red Hat Customer Portal.
2.3.1. Installing with internet access
Choose the Red Hat Ansible Automation Platform installer if your Red Hat Enterprise Linux environment is connected to the internet. Installing with internet access retrieves the latest required repositories, packages, and dependencies. Choose one of the following ways to set up your Ansible Automation Platform installer.
Tarball install
Procedure
- Navigate to the Red Hat Ansible Automation Platform download page.
- In the Product software tab, click for the Ansible Automation Platform <latest-version> Setup.
Extract the files:
$ tar xvzf ansible-automation-platform-setup-<latest-version>.tar.gz
RPM install
Procedure
Install the Ansible Automation Platform Installer Package.
v.2.5 for RHEL 8 for x86_64:
$ sudo dnf install --enablerepo=ansible-automation-platform-2.5-for-rhel-8-x86_64-rpms ansible-automation-platform-installer
v.2.5 for RHEL 9 for x86-64:
$ sudo dnf install --enablerepo=ansible-automation-platform-2.5-for-rhel-9-x86_64-rpms ansible-automation-platform-installer
dnf install
enables the repo as the repo is disabled by default.
When you use the RPM installer, the files are placed under the /opt/ansible-automation-platform/installer
directory.
2.3.2. Installing without internet access
Use the Red Hat Ansible Automation Platform Bundle installer if you are unable to access the internet, or would prefer not to install separate components and dependencies from online repositories. Access to Red Hat Enterprise Linux repositories is still needed. All other dependencies are included in the tar archive.
Procedure
- Navigate to the Red Hat Ansible Automation Platform download page.
- In the Product software tab, click for the Ansible Automation Platform <latest-version> Setup Bundle.
Extract the files:
$ tar xvzf ansible-automation-platform-setup-bundle-<latest-version>.tar.gz
2.4. Setting up the inventory file
Before upgrading your Red Hat Ansible Automation Platform installation, edit the inventory
file so that it matches your desired configuration. You can keep the same parameters from your existing Ansible Automation Platform deployment or you can modify the parameters to match any changes to your environment.
You can find sample inventory files in the Test topologies GitHub repository, or in our Tested deployment models guide.
Procedure
Navigate to the installation program directory.
- Bundled installer
$ cd ansible-automation-platform-setup-bundle-2.5-4-x86_64
- Online installer
$ cd ansible-automation-platform-setup-2.5-4
-
Open the
inventory
file for editing. Modify the
inventory
file to provision new nodes, deprovision nodes or groups, and import or generate automation hub API tokens.You can use the same
inventory
file from an existing Ansible Automation Platform installation if there are no changes to the environment.NoteProvide a reachable IP address or fully qualified domain name (FQDN) for all hosts to ensure that users can synchronize and install content from Ansible automation hub from a different node. Do not use
localhost
. Iflocalhost
is used, the upgrade will be stopped as part of preflight checks.
Provisioning new nodes in a cluster
Add new nodes alongside existing nodes in the
inventory
file as follows:[automationcontroller] clusternode1.example.com clusternode2.example.com clusternode3.example.com [all:vars] admin_password='password' pg_host='<host_name>' pg_database='<database_name>' pg_username='<your_username>' pg_password='<your_password>'
2.5. Back up your Ansible Automation Platform instance
Back up an existing Ansible Automation Platform instance by running the .setup.sh
script with the backup_dir
flag, which saves the content and configuration of your current environment.
Procedure
- Navigate to your Ansible Automation Platform installation directory.
Run the
./setup.sh
script following the example below:$ ./setup.sh -e ‘backup_dir=/ansible/mybackup’ -e ‘use_compression=True’ @credentials.yml -b 1
- 1
backup_dir
specifies a directory to save your backup to.
With a successful backup, a backup file is created at /ansible/mybackup/automation-platform-backup-<date/time>.tar.gz
.
2.6. Running the Red Hat Ansible Automation Platform installer setup script
You can run the setup script once you have finished updating the inventory
file.
Procedure
Run the
setup.sh
script:$ ./setup.sh
The installation will begin.
Next steps
If you are upgrading from Ansible Automation Platform 2.4 to 2.5, proceed to Linking your account to link your existing service level accounts to a single unified platform account.
2.7. Automation controller and automation hub 2.4 and Event-Driven Ansible 2.5 with unified UI upgrades
Ansible Automation Platform 2.5 supports upgrades from Ansible Automation Platform 2.4 environments for all components, with the exception of Event-Driven Ansible. You can also configure a mixed environment with Event-Driven Ansible from 2.5 connected to a legacy 2.4 cluster. Combining install methods (OCP, RPM, Containerized) within such a topology is not supported by Ansible Automation Platform.
If you are running the 2.4 version of Event-Driven Ansible in production, before you upgrade, contact Red Hat support or your account represenative for more information on how to move to Ansible Automation Platform 2.5.
Supported topologies described in this document assume that:
- 2.4 services will only include automation controller and automation hub.
- 2.5 parts will always include Event-Driven Ansible and the unified UI (platform gateway).
- Combining install methods for these topologies is not supported.
2.7.1. Upgrade considerations
- You must maintain two separate inventory files: one for the 2.4 services and one for the 2.5 services.
- You must maintain two separate "installations" wihtin this scenario: one for the 2.4 services and one for the 2.5 services.
- You must "upgrade" the two separate "installations" separately.
To upgrade to a consistent component version topology, consider the following:
- You must manually combine the inventory file configuration from the 2.4 inventory into the 2.5 inventory and run upgrade on ONLY the 2.5 inventory file.
- You must be using an external database for both the 2.4 inventory as well as the 2.5 inventory.
- Customers using "managed database" instances for either 2.4 or 2.5 inventory must migrate to an external database first, before upgrading.
Prerequisites
- An inventory from 2.4 for automation controller and automation hub and a 2.5 inventory for unified UI (platform gateway) and Event-Driven Ansible. You must run upgrades on 2.4 services (using the inventory file to specify only automation controller and automation hub VMs) to get them to the invitial version of Ansible Automation Platform 2.5 first. When all the services are at the same version, run an upgrade (using a complete inventory file) on all the services to go to the latest version of Ansible Automation Platform 2.5.
DO NOT upgrade Event-Driven Ansible and the unified UI (platform gateway) to the latest version of Ansible Automation Platform 2.5 without first upgrading the individual services (automation controller and automation hub) to the initial version of Ansible Automation Platform 2.5.
2.7.1.1. Migration path for 2.4 instances with managed databases
Procedure
Standalone node managed database
Convert the database node to an external one, removing it from the inventory. The PostgreSQL node will continue working and will not lose the Ansible Automation Platform-provided setup, but you are responsible for managing its configuration afterward.
Collocated managed database
- Backup
- Restore with standalone managed database node instead of collocated.
- Unmanaged standalone database
2.7.1.2. Migration path for 2.4 services with 2.5 services
If you installed Ansible Automation Platform 2.5 to use Event-Driven Ansible in a supported scenario, you can upgrade your Ansible Automation Platform 2.4 automation controller and automation hub to Ansible Automation Platform 2.5 by following these steps:
- Merge 2.4 inventory data into the 2.5 inventory. The example below shows the inventory file for automation controller and automation hub for 2.4 and the inventory file for Event-Driven Ansible and the unified UI (platform gateway) for 2.5, respectively, as the starting point, and what the merged inventory looks like.
Inventory files from 2.4
[automationcontroller] controller-1 controller-2 [automationhub] hub-1 hub-2 [all:vars] # Here we have the admin passwd, db credentials, etc.
Inventory files from 2.5
[edacontroller] eda-1 eda-2 [gateway] gw-1 gw-2 [all:vars] # Here we have admin passwd, db credentials etc.
Merged Inventory
[automationcontroller] controller-1 controller-2 [automationhub] hub-1 hub-2 [edacontroller] eda-1 eda-2 [gateway] gw-1 gw-2 [all:vars] # Here we have admin passwd, db credentials etc from both inventories above
-
Run
setup.sh
The installer upgrades automation controller and automation hub from 2.4 to Ansible Automation Platform 2.5.latest, Event-Driven Ansible and the unified UI (platform gateway) from the fresh install of 2.5 to the latest version of 2.5, and connects automation controller and automation hub properly with the unified UI (platform gateway) node to initialize the unified experience.
Verification
Verify that everything has upgraded to 2.5 and is working properly in one of two ways:
- performing an SSH to automation controller and Event-Driven Ansible.
- In the unified UI, navigate to Help > About to verify the RPM versions are at 2.5.
2.8. Linking your account
Ansible Automation Platform 2.5 provides a centralized location for users, teams and organizations to access the platform’s services and features. When you upgrade from a previous version of Ansible Automation Platform, your existing account is automatically migrated to a single platform account. However, if you have multiple component accounts, your accounts must be linked to use the centralized features of the platform.
The first time you log in to Ansible Automation Platform 2.5, the platform searches through the existing services to locate a user account with the credentials you entered. When there is a match to an existing account, that account is registered and becomes centrally managed by the platform. Any subsequent component accounts in the system are orphaned and cannot be used to log into the platform.
To address this problem, use the account linking procedure to authenticate from any of your existing component accounts and still be recognized by the platform. Linking accounts associates existing component accounts with the same user profile.
Prerequisites
- You have completed the upgrade process and have a legacy Ansible Automation Platform account and credentials.
Procedure
If you have completed the upgrade process and have a legacy Ansible Automation Platform subscription, follow the account linking procedure below to migrate your account to Ansible Automation Platform 2.5.
- Navigate to the login page for Ansible Automation Platform.
- In the login modal, select either I have an automation controller account or I have an automation hub account based on the credentials you have.
On the next screen, enter the legacy credentials for the component account you selected and click
.NoteIf you are logging in using OIDC credentials, see How to fix broken OIDC redirect after upgrading to AAP 2.5.
- If you have successfully linked your account, the next screen shows your username with a green checkmark beside it. If you have other legacy accounts that you want to link, enter those account credentials and click to link them to your centralized platform gateway account.
- Click to complete linking your legacy accounts.
- After your accounts are linked, depending on your authentication method, you might be prompted to create a new username and password. These credentials will replace your legacy credentials for each component account.
You can also link your legacy account manually by taking the following steps:
- Select your user icon at the top right of your screen, and select User details.
- Select the ⋮ > Link user accounts. icon
- Enter the credentials for the account that you want to link.
If you encounter an error message telling your that your account could not be authenticated, contact your platform administrator.
If you log into Ansible Automation Platform for the first time and are prompted to change your username, this is an indication that another user has already logged into Ansible Automation Platform with the same username. To proceed with account migration, follow the prompts to change your username. Ansible Automation Platform uses your password to authenticate which account or accounts belong to you.
A diagram of the account linking flow
After you have migrated your user account, you can manage your account from the Access Management menu. See Managing access with role based access control.