Ce contenu n'est pas disponible dans la langue sélectionnée.
Chapter 4. Infrastructure Migration
To achieve a successful migration from Ansible Automation Platform 1.2 to Ansible Automation Platform 2, this reference environment takes advantage of the capabilities of the Ansible Automation Platform installer.
Using the Ansible Automation Platform installer, you’ll be able to backup, import and upgrade to the latest Ansible Automation Platform 2 with a few simple commands.
The following sections provide a step-by-step of that process.
4.1. Backup Ansible Automation Platform 1.2 on Environment A
As our Ansible Automation Platform 1.2 environment from Environment A contains all of our data, the following creates a backup using the Ansible Automation Platform installer on Environment A.
Prior to taking a backup, ensure there are no current running jobs or future jobs scheduled to run. Any data collected after the backup is taken will be LOST.
Within Environment A,
Login as the
ansible
user$ ssh ansible@enva_controller1.example.com
NoteThis reference environment uses
enva_controller1
as the host that contains the Ansible Automation Platform installer directory and binaries.Change to the
ansible-tower-setup-3.8.5-X
directory$ cd /path/to/ansible-tower-setup-3.8.5-X
Run the Ansible Automation Platform installer to create a backup
-
backup_dest
provides the location where to store the backup of your Ansible Automation Platform database -
use_compression
shrinks the size of the Ansible Automation Platform database backup -
@credentials.yml
passes the password variables and their values encrypted viaansible-vault
-
-- --ask-vault-pass
asks for the password used to access the encryptedcredentials.yml
file -b
sets the create a backup option to True$ ./setup.sh -e 'backup_dest=<mount_point>' -e 'use_compression=True' -e @credentials.yml -b
-
This reference environment takes advantage of encrypted credentials and does not include passwords in plain text. Details in Appendix C, Creating an encrypted credentials.yml file can be found on how to use ansible-vault
to encrypt your credentials.
The backup process may take some time to complete.
4.2. Import Ansible Automation Platform 1.2 database to Environment B
With the backup from Environment A created and available, the following imports the backed up Ansible Automation Platform database using the Ansible Automation Platform installer on Environment B.
Within Environment B,
Login as the
ansible
user$ ssh ansible@envb_controller1.example.com
NoteThis reference environment uses
envb_controller1
as the host that contains the Ansible Automation Platform installer directory and binaries.Change to the
ansible-tower-setup-3.8.5-X
directory$ cd /path/to/ansible-tower-setup-3.8.5-X
Run the Ansible Automation Platform installer to import the Ansible Automation Platform database
-
restore_backup_file
provides the location of the backed up Ansible Automation Platform database -
use_compression
is set to True due to compression being used during the backup process -r
sets the restore database option to True$ ./setup.sh -e ‘restore_backup_file=<mount_point>/tower-backup-latest.tar.gz -e ‘use_compression=True’ -e @credentials.yml -r -- --ask-vault-pass
-
This reference environment takes advantage of encrypted credentials and does not include passwords in plain text. Details in Appendix C, Creating an encrypted credentials.yml file can be found on how to use ansible-vault
to encrypt your credentials.
The import process may take some time to complete.
4.3. Upgrade Environment B to Ansible Automation Platform 2
With the successful import of the Ansible Automation Platform database, the final step in the migration process is to upgrade the Environment B Ansible Automation Platform 1.2 environment to Ansible Automation Platform 2 and expand the architecture of Environment B as shown in Figure 1.4, “Expanded Environment B Architecture Overview”.
Within Environment B,
Login as the
ansible
user$ ssh ansible@envb_controller1.example.com
NoteThis reference environment uses
envb_controller1
as the host that contains the Ansible Automation Platform installer directory and binaries.Download Ansible Automation Platform 2.1.1 Setup tar ansible-automation-platform-setup-2.1.1-1.tar.gz
NoteFor disconnected installs, download the Ansible Automation Platform 2.1.1 Setup Bundle
Untar the ansible-automation-platform-setup-2.1.1-1.tar.gz
$ tar zxvf ansible-automation-platform-setup-2.1.1-1.tar.gz
Change directory into ansible-automation-platform-setup-2.1.1-1
$ cd ansible-automation-platform-setup-2.1.1-1/
Copy the Ansible Automation Platform 1.2 inventory file to the ansible-automation-platform-setup-2.1.1-1 directory
$ cp /path/to/ansible-tower-setup-3.8.5-X/inventory .
Generate an Ansible Automation Platform 2 installation inventory proposal using the Ansible Automation Platform 1.2 inventory file copied over using the Ansible Automation Platform installer
$ ./setup.sh
Noteansible-core
is installed during this process if not already installed.WarningExpect the Ansible Automation Platform installer to fail early in the process when creating the proposal inventory.new.ini.
Expected error task look as follows:
TASK [ansible.automation_platform_installer.check_config_static : Detect pre-2.x inventory and offer a migration] *** fatal: [172.16.58.48 -> localhost]: FAILED! => {"changed": false, "msg": "The installer has detected that you are using an inventory format from a version prior to 4.0. We have created an example inventory based on your old style inventory. Please check the file `/home/ansible/aap_install-2.1.1/ansible-automation-platform-setup-bundle-2.1.1-2/inventory.new.ini` and make necessary adjustments so that the file can be used by the installer."}
Proposed inventory.new.ini
[all:vars] pg_host='10.0.188.133' pg_port='5432' pg_database='awx' pg_username='awx' pg_sslmode='prefer' ansible_become='true' ansible_user='ansible' tower_package_name='automation-controller' tower_package_version='4.1.1' automationhub_package_name='automation-hub' automationhub_package_version='4.4.1' automation_platform_version='2.1.1' automation_platform_channel='ansible-automation-platform-2.1-for-rhel-8-x86_64-rpms' minimum_ansible_version='2.11' # In AAP 2.X [tower] has been renamed to [automationcontroller] # Nodes in [automationcontroller] will be hybrid by default, capable of executing user jobs. # To specify that any of these nodes should be control-only instead, give them a host var of `node_type=control` [automationcontroller] envb_controller1.example.com envb_controller2.example.com envb_controller3.example.com [database] envb_database.example.com
NoteThe variables
admin_password
,pg_password
andregistry_password
are not part of the inventory.new.ini file as it is not recommended to store passwords in plain text. An encrypted credentials.yml file is used instead.With the proposed
inventory.new.ini
created, modify the file to include the expanded architecture of Environment B that includes hop nodes and execution nodesExpanded Environment B inventory.new.ini
[all:vars] pg_host='envb_database.example.com' pg_port='5432' pg_database='awx' pg_username='awx' pg_sslmode='prefer' ansible_become='true' ansible_user='ansible' tower_package_name='automation-controller' tower_package_version='4.1.1' automationhub_package_name='automation-hub' automationhub_package_version='4.4.1' automation_platform_version='2.1.1' automation_platform_channel='ansible-automation-platform-2.1-for-rhel-8-x86_64-rpms' minimum_ansible_version='2.11' registry_url='registry.redhat.io' 1 registry_username='myusername' 2 # In AAP 2.X [tower] has been renamed to [automationcontroller] # Nodes in [automationcontroller] will be hybrid by default, capable of executing user jobs. # To specify that any of these nodes should be control-only instead, give them a host var of `node_type=control` [automationcontroller] envb_controller1.example.com envb_controller2.example.com envb_controller3.example.com [database] envb_database.example.com [automationcontroller:vars] node_type=control 3 peers=envb_datacenter_execution_nodes,envb_datacenter_hop_nodes 4 [execution_nodes] envb_executionnode-1.example.com envb_executionnode-2.example.com envb_hopnnode-sacramento.example.com node_type=hop peers=sacramento_execution_nodes 5 envb_hopnode-new-delhi.example.com node_type=hop peers=new-delhi_execution_nodes envb_hopnode-dublin.example.com node_type=hop peers=env_hopnode-new-delhi.example.com envb_executionnode-3.example.com envb_executionnode-4.example.com envb_executionnode-5.example.com envb_executionnode-6.example.com [envb_datacenter_execution_nodes] 6 envb_executionnode-1.example.com envb_executionnode-2.example.com [envb_datacenter_hop_nodes] 7 envb_hopnnode-sacramento.example.com envb_hopnode-new-delhi.example.com envb_hopnode-dublin.example.com [sacramento_execution_nodes] 8 envb_executionnode-3.example.com envb_executionnode-4.example.com [new-delhi_execution_nodes] 9 envb_executionnode-5.example.com envb_executionnode-6.example.com
- 1
- Execution Environment images are downloaded and included in your installation. Proper credentials required to download the images.
- 2
- User credential for access to registry_url.
- 3
- control nodes run project and inventory updates and system jobs, but not execution jobs. Execution capabilities are disabled on these nodes.
- 4
- Setting peer relationships between the execution nodes.
- 5
- Setting node type and peer relationships between the hop nodes and execution nodes.
- 6
- Group of execution nodes with direct connection access to the automation controller nodes.
- 7
- Group of hop nodes that route traffic to their corresponding execution nodes.
- 8
- Group of execution nodes accessible via envb_hopnode-sacramento.example.com
- 9
- Group of execution nodes accessible via envb_hopnode-new-delhi.example.com
Run the
setup.sh
to upgrade to Ansible Automation Platform 2 with the following options$ ./setup.sh -i inventory.new.ini -e @credentials.yml -- --ask-vault-pass
Verify the Ansible Automation Platform dashboard UI is accessible across all automation controller nodes.
NoteIf you experience 502 error or a Secure Connection Failed when accessing the the Ansible Automation Platform dashboard via any of your automation controllers, this is likely due to one or both of the following issues:
- Certificate mismatch
-
Incorrect SELinux context for
nginx
The Appendix D, Post upgrade playbook provides a workaround to fix these issues. A fix is currently being implemented and should be fixed in an upcoming dot release.
The cert mismatch issue is fixed in version 2.1.2 and later of Ansible Automation Platform. The incorrect SELinux context for
nginx
still requires the workaround Ansible Playbook. Check the Appendix D, Post upgrade playbook for more details.
This reference environment uses credentials.yml for the following variables: * admin_password
* registry_password
* pg_password
For more information regarding the different values that can be set within your inventory file, visit: Setting up the inventory file
4.4. Configuring instance and instance groups
With the upgrade process complete, you’ll need to associate your instances to their corresponding instance groups, e.g. sacramento
and new-delhi
.
- Select Administration→Instance Groups
- Click on the sacramento instance group
- Select the Instances tab
- Click the blue Associate button
Within the Select Instances window, select
- envb_executionnode-3.example.com
- envb_executionnode-4.example.com
- Click Save
Repeat the process for the new-delhi instance group and associate the instances below with the new-delhi instance group:
- envb_executionnode-5.example.com
- envb_executionnode-6.example.com
Once complete, disassociate those instances within the default group.
- Select Administration→Instance Groups
- Click on the default instance group
- Select the Instances tab
Select the checkbox to the following instances
- envb_executionnode-3.example.com
- envb_executionnode-4.example.com
- envb_executionnode-5.example.com
- envb_executionnode-6.example.com
- Click the blue button labeled Disassociate
- Confirm the dissociation via the red Disassociate button
The default instance group should only contain the following instances:
- envb_executionnode-1.example.com
- envb_executionnode-2.example.com
With the infrastructure migration complete, the focus shifts to migrating Python virtual environments to user-built execution environments.