Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 3. Installing the Red Hat Edge Manager on Ansible Automation Platform

Install the Red Hat Edge Manager to manage edge devices and applications at scale. This guide focuses on a standalone deployment of the Red Hat Edge Manager on Red Hat Enterprise Linux alongside Ansible Automation Platform.

Prepare your Red Hat Enterprise Linux host for the installation of the Red Hat Edge Manager by enabling the necessary repositories, installing the flightctl-services package, configuring the baseDomain, and then starting and verifying the running services.

Prerequisites

  • An active Ansible Automation Platform subscription with a running instance and the necessary API URLs and OAuth credentials.
  • A separate machine from Ansible Automation Platform to install the Red Hat Edge Manager on.
  • Podman installed for managing containers.

  • A Red Hat Enterprise Linux host with:

    • Minimal installation
    • 4 cores and 16GB RAM (recommended)
    • Administrative access (root or sudo-capable user)
    • SSH access

Procedure

  1. SSH into your Red Hat Enterprise Linux host.

  2. Authenticate and log in to the Red Hat Container Registry: 

    sudo podman login registry.redhat.io
    Copy to Clipboard Toggle word wrap

  3. Install the necessary repositories and packages:

    • Ensure that the Ansible Automation Platform repositories are enabled by running the following example command based on the version of Red Hat Enterprise Linux and architecture of your host: 

      sudo subscription-manager repos --enable ansible-automation-platform-2.5-for-rhel-9-x86_64-rpms
      Copy to Clipboard Toggle word wrap

    • Install the Red Hat Edge Manager service by running: 

      sudo dnf install -y flightctl-services
      Copy to Clipboard Toggle word wrap

  4. Update the installed /etc/flightctl/service-config.yaml to set the baseDomain: 

    sudo vi /etc/flightctl/service-config.yaml
    Copy to Clipboard Toggle word wrap
    Important

    Ensure that you set the baseDomain in the service configuration correctly. By default, the installation process attempts to automatically set this value based on the IP address of your Red Hat Enterprise Linux host.

    However, if your environment uses a specific domain name to access this host, for example rhem-example.com, it is recommended that you manually update the baseDomain in /etc/flightctl/service-config.yaml to this hostname.

    Setting the baseDomain correctly ensures that all generated URLs, certificates, and internal configurations within the Red Hat Edge Manager are accurate for your network setup. This is especially important for integration with Ansible Automation Platform and for ensuring that the UI is accessible through the intended domain name.

    You can check the currently configured baseDomain using: 

    grep baseDomain: /etc/flightctl/service-config.yaml
    Copy to Clipboard Toggle word wrap

  5. Enable and start the services: 

    sudo systemctl enable flightctl.target
sudo systemctl start flightctl.target
    Copy to Clipboard Toggle word wrap

  6. Verify that services are running: 

    sudo systemctl list-units flightctl-*.service
    Copy to Clipboard Toggle word wrap

    You should see these 7 services running:

    • flightctl-db
    • flightctl-kv
    • flightctl-api
    • flightctl-periodic
    • flightctl-worker
    • flightctl-ui
    • flightctl-cli-artifacts

  7. Go to the UI at the baseDomain stored in the service configuration file: 

    grep baseDomain: /etc/flightctl/service-config.yaml
    Copy to Clipboard Toggle word wrap

    Visit the displayed baseDomain in your web browser to access the UI.

Troubleshooting

If your services do not run correctly, use the following log command to troubleshoot further and remediate: 

journalctl -u flightctl-<impacted service> -b --no-pager
Copy to Clipboard Toggle word wrap

You have two options for setting up the OAuth application in Ansible Automation Platform, either manually or automatically in the Ansible Automation Platform UI.

Automatic setup of an OAuth application by generating an OAuth token within Ansible Automation Platform and adding it to your configuration file. Upon service startup, the application is automatically created, and the client ID updated.

Procedure

  1. Generate an OAuth token in Ansible Automation Platform:

    1. From the navigation panel, select Access Management Users.
    2. Select a user with write permissions to the Default organization (admin user recommended).
    3. Click the Tokens tab for that user.

    4. Click Create token and enter the relevant details.

      1. Scope: Select Write.
  2. Go to the Integrating with Ansible Automation Platform section for the steps to edit your service-config.yaml file and complete setting up the OAuth application automatically.

3.2.2. Setting up the OAuth application manually
Copy link

Manually set up an OAuth application within your Ansible Automation Platform instance. This is important for enabling token-based authentication and integrating external applications such as the Red Hat Edge Manager.

Procedure

  1. From the navigation panel on your Ansible Automation Platform instance, go to Access Management OAuth Applications.
  2. Click Create OAuth application.

  3. Enter the following details:

    • Name: Enter a name such as "Red Hat Edge Manager". This is the name visible in the Ansible Automation Platform UI.
    • URL: The baseDomain of your Red Hat Edge Manager UI with https://.
    • Organization: Select Default.
    • Authorization grant type: Select Authorization code.
    • Client: Select Public.

    • Redirect URIs:

  4. Click Create OAuth application. An Application Links section is now visible in the navigation panel.
  5. Copy the Client ID as you need it to update the oAuthApplicationClientId in your service-config.yaml file with this value.
  6. Go to the Integrating with Ansible Automation Platform section for the steps to edit your service-config.yaml file and complete setting up the OAuth application manually.

Additional resources

Integrate the Red Hat Edge Manager with your Ansible Automation Platform instance by modifying the service-config.yaml file to include authentication type, API URLs, OAuth client ID, and an optional OAuth token, followed by restarting the services.

Procedure

  1. Stop the flightctl services before editing your service-config.yaml file: 

    sudo systemctl stop flightctl.target
    Copy to Clipboard Toggle word wrap

  2. Configure the integration settings by editing the configuration file: 

    sudo vi /etc/flightctl/service-config.yaml
    Copy to Clipboard Toggle word wrap

  3. Update the configuration file to integrate with Ansible Automation Platform: 

    global:
  baseDomain: <your-edge-manager-ip-or-domain>
    1 
    
  auth:
    type: aap
    2 
    
    insecureSkipTlsVerify: false
    3 
    
    aap:
      apiUrl: https://your-aap-instance.example.com
    4 
    
      externalApiUrl: https://your-aap-instance.example.com
    5 
    
      oAuthApplicationClientId: <client-id-from-oauth-app>
    6 
    
      oAuthToken: <your-oauth-token>
    7
    Copy to Clipboard Toggle word wrap
    1
    The domain name or IP for the host, this is automatically set when the RPM is installed but you can override this. It is the only field that is mandatory.
    2
    Set this to aap to enable Ansible Automation Platform authentication.
    3
    Set to false. Only set this to true to skip TLS certificate verification for the Ansible Automation Platform URLs. For production environments, consider configuring a CA certificate (see the Self-signed certificates section).
    4
    The internal facing API URL for the running Ansible Automation Platform instance that makes requests against. You can configure this URL to be an internally accessible URL for the running Ansible Automation Platform instance. For example, if there are separate internal or external ingresses.
    5
    The externally accessible URL of your running Ansible Automation Platform instance.
    6
    If you are using the automatic method, this field is not necessary. This is the Client ID of the OAuth application configured in Ansible Automation Platform for the Red Hat Edge Manager. If you do not have one yet, you can leave this empty and give an oAuthToken to allow the setup to create it.
    7
    If you are using the manual method, this field is not necessary. This is an OAuth token with write permissions for the "Default" organization in your Ansible Automation Platform instance. This is only needed if you want the setup process to automatically create the OAuth application. Once created, this token is no longer necessary.

  4. Start the services: 

    sudo systemctl start flightctl.target
    Copy to Clipboard Toggle word wrap

3.3. Self-signed certificates
Copy link

The Red Hat Edge Manager services automatically generate and store self-signed certificates in the /etc/flightctl/pki directory. These include:

  • /etc/flightctl/pki/ca.crt
  • /etc/flightctl/pki/ca.key
  • /etc/flightctl/pki/client-enrollment.crt
  • /etc/flightctl/pki/client-enrollment.key
  • /etc/flightctl/pki/server.crt
  • /etc/flightctl/pki/server.key

You can use your own custom certificates by placing them in the following locations:

  • Custom Server Certificate/Key Pair:

    • /etc/flightctl/pki/server.crt
    • /etc/flightctl/pki/server.key

  • Custom CA Certificate for Ansible Automation Platform authentication:

    • /etc/flightctl/pki/auth/ca.crt
Note

Ensure that you adjust the insecureSkipTlsVerify setting in the service-config.yaml if you use a custom CA certificate for your Ansible Automation Platform instance.

Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat