Chapter 2. Automation controller configuration

Procedure

1. From the navigation panel, select Settings Automation Execution System. The System Settings page is displayed.
2. Click Edit.

3. You can configure the following options:

   • Base URL of the service: This setting is used by services such as notifications to render a valid URL to the service.

   • Proxy IP allowed list: If the service is behind a reverse proxy or load balancer, use this setting to configure the proxy IP addresses from which the service should trust custom REMOTE_HOST_HEADERS header values.

     If this setting is an empty list (the default), the headers specified by REMOTE_HOST_HEADERS are trusted unconditionally.

   • Red Hat Client ID for anaytics Client ID used to send data to Automation Analytics.
   • Red Hat Client Secret for analytics Client secret used to send data to Automation Analytics.
   • Red Hat Client ID for subscriptions Client ID used to retrieve subscription and content information.
   • Red Hat Client Secret for Subsciptions Client secret used to retrieve subscription and content information
   • Global default execution environment: The execution environment to be used when one has not been configured for a job template.

   • Custom virtual environment paths: Paths where automation controller looks for custom virtual environments.

     Enter one path per line.

   • Automation Analytics Gather Interval: Interval (in seconds) between data gathering.

     If Gather data for Automation Analytics is set to false, this value is ignored.

   • Remote Host Headers: HTTP headers and meta keys to search to decide remote hostname or IP. Add additional items to this list, such as HTTP_X_FORWARDED_FOR, if behind a reverse proxy. For more information, see Configuring proxy support for Red Hat Ansible Automation Platform.
   • Automation Analytics upload URL: This value has been set manually in a settings file. This setting is used to configure the upload URL for data collection for Automation Analytics.

   • Defines subscription usage model and shows Host Metrics:

     You can select the following options:

     • No subscription: Deletion of host_metrics will not be considered for purposes of managed host counting.
     • Usage based on unique managed nodes ina large hostorical time frame and delete functionality for no longer used managed nodes.

4. You can set the following options:

   • Enable Activity Stream: Set to enable capturing activity for the activity stream.
   • Enable Activity Stream for Inventory Sync: Set to enable capturing activity for the activity stream when running inventory sync.
   • All Users Visible to Organization Admins: Set to control whether any organization administrator can view all users and teams, even those not associated with their organization.

   • Organization Admins Can Manage Users and Teams: Set to control whether an organization administrator has the privileges to create and manage users and teams.

     You might want to disable this ability if you are using an LDAP or SAML integration.

   • Gather data for Automation Analytics: Set to enable the service to gather data on automation and send it to Automation Analytics.
5. Click Save

Procedure

1. From the navigation panel, select Settings Automation Execution Job.

2. On the Job Settings page, click Edit.

   

   View larger image

   

3. You can configure the following options:

   • Ansible Modules Allowed For Ad Hoc Jobs: List of modules allowed to be used by ad hoc jobs.

     The directory in which the service creates new temporary directories for job execution and isolation (such as credential files).

   • When can extra variables contain Jinja templates?: Ansible allows variable substitution through the Jinja2 templating language for --extra-vars.

     This poses a potential security risk where users with the ability to specify extra vars at job launch time can use Jinja2 templates to run arbitrary Python.

     Set this value to either template or never.

   • Paths to expose to isolated jobs: List of paths that would otherwise be hidden to expose to isolated jobs.

     Enter one path per line. If a path to a specific file is entered, then the entire directory containing that file will be mounted inside the execution environment.

     Volumes are mounted from the execution node to the container.

     The supported format is HOST-DIR[:CONTAINER-DIR[:OPTIONS]].

   • Extra Environment Variables: Additional environment variables set for playbook runs, inventory updates, project updates, and notification sending.

   • K8S Ansible Runner Keep-Alive Message Interval: Only applies to jobs running in a Container Group.

     If not 0, send a message every specified number of seconds to keep the connection open.

   • Environment Variables for Galaxy Commands: Additional environment variables set for invocations of ansible-galaxy within project updates. Useful if you must use a proxy server for ansible-galaxy but not git.
   • Standard Output Maximum Display Size: Maximum Size of Standard Output in bytes to display before requiring the output be downloaded.
   • Job Event Standard Output Maximum Display Size: Maximum Size of Standard Output in bytes to display for a single job or ad hoc command event. stdout ends with … when truncated.

   • Job Event Maximum Websocket Messages Per Second: The maximum number of messages to update the UI live job output with per second.

     A value of 0 means no limit.

   • Maximum Scheduled Jobs: Maximum number of the same job template that can be waiting to run when launching from a schedule before no more are created.
   • Ansible Callback Plugins: List of paths to search for extra callback plugins to be used when running jobs.

   • Default Job Timeout: If no output is detected from ansible in this number of seconds the execution will be terminated.

     Use a value of 0 to indicate that no idle timeout should be imposed.

     Enter one path per line.

   • Default Job Idle Timeout: If no output is detected from ansible in this number of seconds the execution will be terminated.

     Use a value of 0 to indicate that no idle timeout should be imposed.

   • Default Inventory Update Timeout: Maximum time in seconds to allow inventory updates to run.

     Use a value of 0 to indicate that no timeout should be imposed.

     A timeout set on an individual inventory source will override this.

   • Default Project Update Timeout: Maximum time in seconds to allow project updates to run.

     Use a value of 0 to indicate that no timeout should be imposed.

     A timeout set on an individual project will override this.

   • Per-Host Ansible Fact Cache Timeout: Maximum time, in seconds, that stored Ansible facts are considered valid since the last time they were modified.

     Only valid, non-stale, facts are accessible by a playbook.

     This does not influence the deletion of ansible_facts from the database.

     Use a value of 0 to indicate that no timeout should be imposed.

   • Maximum number of forks per job: Saving a Job Template with more than this number of forks results in an error.

     When set to 0, no limit is applied.

   • Job execution path: Only available in operator-based installations.

   • Container Run Options: Only available in operator-based installations.

     List of options to pass to Podman run example: ['--network', 'slirp4netns:enable_ipv6=true', '--log-level', 'debug'].

     You can set the following options:

   • Run Project Updates With Higher Verbosity: Select to add the CLI -vvv flag to playbook runs of project_update.yml used for project updates
   • Enable Role Download: Select to allow roles to be dynamically downloaded from a requirements.yml file for SCM projects.
   • Enable Collection(s) Download: Select to allow collections to be dynamically downloaded from a requirements.yml file for SCM projects.

   • Follow symlinks: Select to follow symbolic links when scanning for playbooks.

     Be aware that setting this to True can lead to infinite recursion if a link points to a parent directory of itself.

   • Expose host paths for Container Groups: Select to expose paths through hostPath for the Pods created by a Container Group.

     HostPath volumes present many security risks, and it is best practice to avoid the use of HostPaths when possible.

     Ignore Ansible Galaxy SSL Certificate Verification: If set to true, certificate validation is not done when installing content from any Galaxy server.

     Click the tooltip icon next to the field that you need additional information about.

     For more information about configuring Galaxy settings, see the Ansible Galaxy Support section of Using automation execution.

     Note

     The values for all timeouts are in seconds.

4. Click Save to apply the settings.

Procedure

1. From the navigation panel, select Settings Automation Execution System.
2. Click Edit.
3. In the field labeled Red Hat Client ID for Analytics, enter the client ID you received when you created your service account to retrieve subscription and content information.
4. In the field labeled Red Hat Client Secret for Analytics, enter the client secret you received when you created your service account to send data to Automation Analytics.
5. In the Options list select the checkbox to Gather data for Automation Analytics.
6. Click Save.

1. From the navigation panel, select Automation Execution Jobs to launch a job.
2. Check analytics at console.redhat.com to confirm that the data is being posted.

Procedure

1. From the navigation panel, select Settings Automation Execution Troubleshooting.
2. The Troubleshooting page is displayed.
3. Click Edit.

4. You can select the following options:

   • Enable or Disable tmp dir cleanup: Select this to enable or disable the cleanup of tmp directories generated during execution of a job after job execution completes.
   • Debug Web Requests: Select this to enable or disable web request profiling for debugging slow web requests.
   • Release Receptor Work: Select this to turn on or off the deletion of job pods after they complete or fail. This can be helpful in debugging why a job failed.
   • Keep receptor work on error: Select this to prevent receptor work from being released when an error is detected.
5. Click Save to save your changes.