Update the deployment URL

Complete the necessary post-installation configuration, including updating the OAuth application and setting up initial Role-Based Access Control (RBAC). You can then access and sign in to the portal.

Add the deployment URL to the OAuth Application
Copy link

When you set up your OAuth application in Ansible Automation Platform before deploying self-service automation portal, you added placeholder text for the Redirect URIs value.

About this task
Copy link

You must update this value using the URL from the deployed application so that you can run automation on self-service automation portal from self-service automation portal.

Procedure
Copy link

  1. Determine the Redirect URI from your OpenShift deployment:
    1. Open the URL for the deployment from the OpenShift console to display the sign-in page for self-service automation portal.
      Open URL from OpenShift web console
    2. Copy the URL for the sign-in page for self-service automation portal.
    3. To determine the Redirect URI value, append /api/auth/rhaap/handler/frame to the end of the deployment URL.

      For example, if the URL for the deployment is https://my-automation-portal-project.mycluster.com, then the Redirect URI value is https://my-automation-portal-project.mycluster.com/api/auth/rhaap/handler/frame.

  2. Update the Redirect URIs field in the OAuth application in Ansible Automation Platform:
    1. In a browser, open your instance of Ansible Automation Platform.
    2. Navigate to Access Management > OAuth Applications.
    3. In the list view, click the OAuth application you created.
    4. Replace the placeholder text in the Redirect URIs field with the value you determined from your OpenShift deployment.
    5. Click Save to apply the changes.

Configure custom SSL certificates for self-service automation portal
Copy link

If your Ansible Automation Platform instance uses custom or self-signed SSL certificates, you must configure self-service automation portal to trust those certificates to avoid SSL verification errors.

Before you begin
Copy link

  • You have administrator access to your OpenShift Container Platform cluster.
  • You have the custom Certificate Authority (CA) certificate file used by your Ansible Automation Platform instance.
  • Self-service automation portal is installed in your OpenShift Container Platform cluster.

Procedure
Copy link

  1. Obtain the CA certificate file from your Ansible Automation Platform instance.

    If you do not have the CA certificate file, you can extract it from your Ansible Automation Platform server:

    openssl s_client -showcerts -connect <aap-hostname>:443 </dev/null 2>/dev/null | openssl x509 -outform PEM > aap-ca-cert.pem

    Replace <aap-hostname> with your Ansible Automation Platform hostname.

  2. Log in to your OpenShift Container Platform cluster with administrator privileges.
  3. Create a ConfigMap containing your custom CA certificate: 
    oc create configmap custom-ca-bundle \
  --from-file=ca-bundle.crt=aap-ca-cert.pem \
  -n <namespace>

    Replace <namespace> with the namespace where self-service automation portal is installed.

  4. Update your self-service automation portal Helm chart values to mount the custom CA certificate: 
    upstream:
  backstage:
    extraEnvVarsSecrets:
      - custom-ca-bundle
    extraVolumes:
      - name: custom-ca
        configMap:
          name: custom-ca-bundle
    extraVolumeMounts:
      - name: custom-ca
        mountPath: /etc/pki/ca-trust/source/anchors/
        readOnly: true
  5. Apply the updated configuration by upgrading the self-service automation portal Helm chart: 
    helm upgrade <release-name> <chart-name> \
  -f values.yaml \
  -n <namespace>

    Replace <release-name> with your Helm release name and <chart-name> with the self-service automation portal chart name.

  6. Wait for the self-service automation portal pods to restart with the new configuration.

Results
Copy link

  1. Verify that the self-service automation portal pods are running: 
    oc get pods -n <namespace>

    All self-service automation portal pods should show a status of Running.

  2. Attempt to sign in to self-service automation portal using your Ansible Automation Platform credentials.

    If the SSL certificate configuration is correct, you can authenticate successfully without SSL verification errors.

  3. Check the self-service automation portal logs for SSL-related errors: 
    oc logs -n <namespace> <pod-name> | grep -i ssl

    If you see no SSL verification errors, the custom CA certificate is trusted correctly.

If you continue to experience SSL verification errors after following this procedure:

  • Verify that the CA certificate file contains the complete certificate chain.
  • Ensure that the certificate file is in PEM format.
  • Confirm that the Ansible Automation Platform hostname in your configuration matches the hostname in the SSL certificate.
  • Check that the checkSSL parameter in your Helm values is set to true (the default). Setting it to false disables SSL verification entirely, which is not recommended for production environments.

Sign in to self-service automation portal
Copy link

Log in to the deployed self-service automation portal using your existing Ansible Automation Platform credentials. The portal uses these credentials for authentication.

Before you begin
Copy link

  • You have configured an OAuth application in Ansible Automation Platform for self-service automation portal.
  • You have configured a user account in Ansible Automation Platform.

Procedure
Copy link

  1. In a browser, navigate to the URL for self-service automation portal to open the sign-in page.
    Self-service sign-in page
  2. Click Sign In.
  3. The sign-in page for Ansible Automation Platform appears:
    Ansible Automation Platform sign-in page
  4. Enter your Ansible Automation Platform credentials and click Log in.
  5. The self-service automation portal web console opens.

If you are using custom or self-signed SSL certificates and when attempting to log in to self-service automation portal, it displays the error:

Login failed; caused by Error: Failed to send POST request: fetch failed

This error indicates that self-service automation portal cannot verify the SSL certificate from your Ansible Automation Platform instance.

To resolve this issue, configure self-service automation portal to trust your custom CA certificate.

Note

While you can disable SSL validation by setting checkSSL: false in the Helm chart configuration, this approach is not recommended for production environments as it reduces security. Instead, configure self-service automation portal to trust your custom CA certificate.