Ce contenu n'est pas disponible dans la langue sélectionnée.
Chapter 2. Automation controller configuration
You can configure some automation controller options by using the Settings menu of the User Interface.
Save applies the changes you make, but it does not exit the edit dialog.
To return to the Settings page, from the navigation panel select Settings or use the breadcrumbs at the top of the current view.
2.1. Configuring system settings
You can use the System menu to define automation controller system settings.
Procedure
-
From the navigation panel, select
. The System Settings page is displayed. - Click .
You can configure the following options:
- Base URL of the service: This setting is used by services such as notifications to render a valid URL to the service.
Proxy IP allowed list: If the service is behind a reverse proxy or load balancer, use this setting to configure the proxy IP addresses from which the service should trust custom
REMOTE_HOST_HEADERS
header values.If this setting is an empty list (the default), the headers specified by
REMOTE_HOST_HEADERS
are trusted unconditionally.-
CSRF Trusted Origins List: If the service is behind a reverse proxy or load balancer, use this setting to configure the
schema://addresses
from which the service should trust Origin header values. - Red Hat customer username: This username is used to send data to Automation Analytics.
- Red Hat customer password: This password is used to send data to Automation Analytics.
- Red Hat or Satellite username: This username is used to send data to Automation Analytics.
- Red Hat or Satellite password: This password is used to send data to Automation Analytics.
- Global default execution environment: The execution environment to be used when one has not been configured for a job template.
Custom virtual environment paths: Paths where automation controller looks for custom virtual environments.
Enter one path per line.
- Last gather date for Automation Analytics: Set the date and time.
Automation Analytics Gather Interval: Interval (in seconds) between data gathering.
If Gather data for Automation Analytics is set to false, this value is ignored.
- Last cleanup date for HostMetrics: Set the date and time.
- Last computing date of HostMetricSummaryMonthly: Set the date and time.
-
Remote Host Headers: HTTP headers and meta keys to search to decide remote hostname or IP. Add additional items to this list, such as
HTTP_X_FORWARDED_FOR
, if behind a reverse proxy. For more information, see Configuring proxy support for Red Hat Ansible Automation Platform. - Automation Analytics upload URL: This value has been set manually in a settings file. This setting is used to configure the upload URL for data collection for Automation Analytics.
Defines subscription usage model and shows Host Metrics:
You can select the following options:
- Enable Activity Stream: Set to enable capturing activity for the activity stream.
- Enable Activity Stream for Inventory Sync: Set to enable capturing activity for the activity stream when running inventory sync.
- All Users Visible to Organization Admins: Set to control whether any organization administrator can view all users and teams, even those not associated with their organization.
Organization Admins Can Manage Users and Teams: Set to control whether any organization administrator has the privileges to create and manage users and teams.
You might want to disable this ability if you are using an LDAP or SAML integration.
- Gather data for Automation Analytics: Set to enable the service to gather data on automation and send it to Automation Analytics.
- Click
2.2. Configuring jobs
You can use the Job option to define the operation of Jobs in automation controller.
Procedure
-
From the navigation panel, select
. On the Job Settings page, click .
You can configure the following options:
Ansible Modules Allowed For Ad Hoc Jobs: List of modules allowed to be used by ad hoc jobs.
The directory in which the service creates new temporary directories for job execution and isolation (such as credential files).
When can extra variables contain Jinja templates?: Ansible allows variable substitution through the Jinja2 templating language for
--extra-vars
.This poses a potential security risk where users with the ability to specify extra vars at job launch time can use Jinja2 templates to run arbitrary Python.
Set this value to either
template
ornever
.Paths to expose to isolated jobs: List of paths that would otherwise be hidden to expose to isolated jobs.
Enter one path per line.
Volumes are mounted from the execution node to the container.
The supported format is
HOST-DIR[:CONTAINER-DIR[:OPTIONS]]
.- Extra Environment Variables: Additional environment variables set for playbook runs, inventory updates, project updates, and notification sending.
K8S Ansible Runner Keep-Alive Message Interval: Only applies to jobs running in a Container Group.
If not 0, send a message every specified number of seconds to keep the connection open.
- Environment Variables for Galaxy Commands: Additional environment variables set for invocations of ansible-galaxy within project updates. Useful if you must use a proxy server for ansible-galaxy but not git.
- Standard Output Maximum Display Size: Maximum Size of Standard Output in bytes to display before requiring the output be downloaded.
-
Job Event Standard Output Maximum Display Size: Maximum Size of Standard Output in bytes to display for a single job or ad hoc command event. stdout ends with
…
when truncated. Job Event Maximum Websocket Messages Per Second: The maximum number of messages to update the UI live job output with per second.
A value of 0 means no limit.
- Maximum Scheduled Jobs: Maximum number of the same job template that can be waiting to run when launching from a schedule before no more are created.
- Ansible Callback Plugins: List of paths to search for extra callback plugins to be used when running jobs.
Default Job Timeout: If no output is detected from ansible in this number of seconds the execution will be terminated.
Use a value of 0 to indicate that no idle timeout should be imposed.
Enter one path per line.
Default Job Idle Timeout: If no output is detected from ansible in this number of seconds the execution will be terminated.
Use a value of 0 to indicate that no idle timeout should be imposed.
Default Inventory Update Timeout: Maximum time in seconds to allow inventory updates to run.
Use a value of 0 to indicate that no timeout should be imposed.
A timeout set on an individual inventory source will override this.
Default Project Update Timeout: Maximum time in seconds to allow project updates to run.
Use a value of 0 to indicate that no timeout should be imposed.
A timeout set on an individual project will override this.
Per-Host Ansible Fact Cache Timeout: Maximum time, in seconds, that stored Ansible facts are considered valid since the last time they were modified.
Only valid, non-stale, facts are accessible by a playbook.
This does not influence the deletion of
ansible_facts
from the database.Use a value of 0 to indicate that no timeout should be imposed.
Maximum number of forks per job: Saving a Job Template with more than this number of forks results in an error.
When set to 0, no limit is applied.
- Job execution path: Only available in operator-based installations.
Container Run Options: Only available in operator-based installations.
List of options to pass to Podman run example:
['--network', 'slirp4netns:enable_ipv6=true', '--log-level', 'debug']
.You can set the following options:
-
Run Project Updates With Higher Verbosity: Select to add the CLI
-vvv
flag to playbook runs ofproject_update.yml
used for project updates -
Enable Role Download: Select to allow roles to be dynamically downloaded from a
requirements.yml
file for SCM projects. -
Enable Collection(s) Download: Select to allow collections to be dynamically downloaded from a
requirements.yml
file for SCM projects. Follow symlinks: Select to follow symbolic links when scanning for playbooks.
Be aware that setting this to
True
can lead to infinite recursion if a link points to a parent directory of itself.Expose host paths for Container Groups: Select to expose paths through hostPath for the Pods created by a Container Group.
HostPath volumes present many security risks, and it is best practice to avoid the use of HostPaths when possible.
Ignore Ansible Galaxy SSL Certificate Verification: If set to
true
, certificate validation is not done when installing content from any Galaxy server.Click the tooltip icon next to the field that you need additional information about.
For more information about configuring Galaxy settings, see the Ansible Galaxy Support section of Using automation execution.
NoteThe values for all timeouts are in seconds.
- Click to apply the settings.
2.3. Logging and aggregation settings
For information about these settings, see Setting up logging.
2.4. Configuring Automation Analytics
When you imported your license for the first time, you were automatically opted in for the collection of data that powers Automation Analytics, a cloud service that is part of the Ansible Automation Platform subscription.
Procedure
-
From the navigation panel, select
. The Subscription page is displayed. If you have not already set up a subscription, do so now, and ensure that on the next page you have selected Automation Analytics to use analytics data to enhance future releases of Ansible Automation Platform and to provide the Red Hat insights service to subscribers.
-
From the navigation panel, select
. - Click .
- Toggle the Gather data for Automation Analytics switch and enter your Red Hat customer credentials.
You can also configure the following options:
- Red Hat Customer Name: This username is used to send data to Automation Analytics.
- Red Hat Customer Password: This password is used to send data to Automation Analytics.
- Red Hat or Satellite Username: This username is used to send data to Automation Analytics.
- Red Hat or Satellite password: This password is used to send data to Automation Analytics.
- Last gather date for Automation Analytics: Set the date and time
- Automation Analytics Gather Interval: Interval (in seconds) between data gathering.
- Click .
2.5. Additional settings for automation controller
There are additional advanced settings that can affect automation controller behavior that are not available in the automation controller UI.
For traditional virtual machine based deployments, these settings can be provided to automation controller by creating a file in /etc/tower/conf.d/custom.py
. When settings are provided to automation controller through file-based settings, the settings file must be present on all control plane nodes. These include all of the hybrid or control type nodes in the automationcontroller
group in the installer inventory.
For these settings to be effective, restart the service with automation-controller-service
restart on each node with the settings file. If the settings provided in this file are also visible in the automation controller UI, then they are marked as "Read only" in the UI.