Red Hat SummitQuesto contenuto non è disponibile nella lingua selezionata.
Chapter 14. Troubleshooting the Red Hat Ansible Automation Platform Operator on OpenShift Container Platform
This guide provides a collection of commands and tips to help you diagnose and resolve common issues with your Ansible Automation Platform deployment on OpenShift Container Platform. You will learn how to view logs, inspect resources, and collect diagnostic data for support.
14.1. Understanding automation controller operator logs
When the operator deploys an Automation Controller instance, it runs an installer role inside the operator container. If the automation controller’s status is Failed, you must check the automation-controller-operator container logs. These logs provide the installer role’s output and are a critical first step in debugging deployment issues.
14.2. Viewing events in the OpenShift Container Platform
You can view events in the OpenShift Container Platform web console to monitor for errors and troubleshoot issues. This helps you quickly diagnose problems by examining the status of custom resources and their related events.
You can debug by first reviewing the status conditions of the Ansible Automation Platform custom resource (CR) and then checking any nested CRs for errors.
Procedure
- Log in to the OpenShift Container Platform web console.
-
In the navigation menu, select
. - Select your project from the project list.
- To view events for a specific resource, navigate to that resource’s page. Many resource pages, such as pods and deployments, have their own Events tab.
- Select a resource to bring you to the Pod Details page.
Verification
Check the Conditions section on the Pod details page to confirm no errors are listed in the Message column.
14.3. Viewing operator logs
The following procedure is an example of how to view the logs for an automation-controller-operator pod.
Procedure
To find the pod name, run:
oc get pods | grep operatorto view the logs for the pod, run:
oc logs <operator-pod-name> -fAlternatively, to view the logs without first getting the pod name, run:
oc logs deployments/automation-controller-operator-controller-manager -c automation-controller-manager -f
14.4. Configuring log verbosity
You can enable task output for debugging on any custom resources (CRs) by setting no_log to false in the component section of the AnsibleAutomationPlatform CR.
The logs then show output for any failed tasks that originally had no_log set to true. All Ansible Automation Platform components (automation controller, automation hub, and Event-Driven Ansible) support the no_log setting.
Procedure
Edit the Ansible Automation Platform CR and set the
no_logfield tofalsefor the component you want to debug.For automation controller:
apiVersion: aap.ansible.com/v1alpha1 kind: AnsibleAutomationPlatform metadata: name: myaap spec: controller: no_log: falseFor automation hub:
apiVersion: aap.ansible.com/v1alpha1 kind: AnsibleAutomationPlatform metadata: name: myaap spec: hub: no_log: falseFor Event-Driven Ansible:
apiVersion: aap.ansible.com/v1alpha1 kind: AnsibleAutomationPlatform metadata: name: myaap spec: eda: no_log: falseNoteThis might expose sensitive data in the logs. On production clusters, this value must generally be set to
trueunless you are actively debugging an issue.To increase the Ansible Playbook verbosity from the operator, set the verbosity level using an annotation on the Ansible Automation Platform CR:
apiVersion: aap.ansible.com/v1alpha1 kind: AnsibleAutomationPlatform metadata: name: myaap annotations: ansible.sdk.operatorframework.io/verbosity: "4" spec: # ... component configuration ...
14.5. Inspecting a OpenShift Container Platform resource
To inspect a OpenShift Container Platform resource, you must use the oc command to get a summary or the full YAML definition of the resource.
Procedure
To view a human-readable summary of a resource, run:
oc describe -n <namespace> <resource> <resource-name>To view the complete YAML definition of a resource, use the
-o yamlflag:oc get -n <namespace> <resource> <resource-name> -o yamlFor example, to get the YAML for the
automationcontrollercustom resource, run:oc get -n aap automationcontroller aap -o yaml
14.6. Core Ansible Automation Platform resources
The following table lists and describes the core custom resources (CRs) that the Ansible Automation Platform Operator manages. Understanding these resources will help you with advanced troubleshooting and configuration.
| Resource name | Description |
|---|---|
|
| CR for deploying the entire Ansible Automation Platform. |
|
| CR for creating backups of the entire Ansible Automation Platform instance. |
|
| CR for restoring the entire Ansible Automation Platform instance from a backup. |
|
| CR defining the desired state of an automation controller instance. |
|
| CR for creating backups of automation controller data and configuration. |
|
| CR for restoring the automation controller from a backup. |
|
| CR for deploying an automation hub (Galaxy) instance. |
|
| CR for creating backups of automation hub data and configuration. |
|
| CR for restoring automation hub from a backup. |
|
| CR for deploying an Event-Driven Ansible (EDA) instance. |
|
| CR for creating backups of EDA data and configuration. |
|
| CR for restoring EDA from a backup. |
|
| CR for deploying an Red Hat Ansible Lightspeed instance. |
14.7. Standard Kubernetes resources
Standard Kubernetes resources are a core part of the OpenShift Container Platform. The following table describes the standard resources you can inspect to troubleshoot the state and configuration of an application.
| Resource name | Description |
|---|---|
|
| Smallest deployable unit containing one or more containers running the application workloads. |
|
| Manages pod configuration and scaling. |
|
| A PersistentVolumeClaim (PVC) is a request for storage resources, used for persistent data storage. |
|
| Exposes pods as network services with stable IP addresses and DNS names within the cluster. |
|
| Manages external HTTP and HTTPS access to services within the cluster. |
|
| An OpenShift-specific resource for exposing services externally (similar to an ingress). |
|
| Stores sensitive data like passwords, tokens, and certificates. |
|
| Provides identity for processes running in pods to access permissions to other Kubernetes resources. |
14.8. Discovering custom resource definition configuration parameters
The Ansible Automation Platform Operator manages multiple custom resources (CRs), each with its own configuration parameters. Use the oc explain command to discover all available configuration options for the AnsibleAutomationPlatform CR and its nested components.
Procedure
To see all available configuration parameters for a top-level CR, run:
oc explain ansibleautomationplatform.specTo view component-specific configuration options nested under the Ansible Automation Platform CR, query them through the component section:
oc explain ansibleautomationplatform.spec.controller.postgres_configuration_secret oc explain ansibleautomationplatform.spec.controller.route_tls_termination_mechanism oc explain ansibleautomationplatform.spec.hub.storage_type oc explain ansibleautomationplatform.spec.eda.automation_server_urlTo explore all nested fields for a specific component, use the
--recursiveflag:oc explain ansibleautomationplatform.spec.controller --recursive oc explain ansibleautomationplatform.spec.hub --recursive oc explain ansibleautomationplatform.spec.eda --recursiveNoteYou can also query individual component CRs directly if needed:
oc explain automationcontroller.spec oc explain automationhub.spec oc explain eda.specHowever, when configuring components through the Ansible Automation Platform CR (recommended approach), use the nested paths shown above.
14.9. Collecting Diagnostic Data
Use the oc adm must-gather command to collect comprehensive diagnostic data about your cluster and the Ansible Automation Platform components. This data is essential when contacting Red Hat Support.
Procedure
To start the
must-gathertool, run:oc adm must-gather --image=registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9NoteFor version 2.6, the base image name changes to
registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9.View the collected data, use the
omctool to query themust-gathertarball as if it were a live cluster.omc use <path-to-must-gather> omc get pods
14.10. Debugging crashing pods
If a pod is failing or crashing, use the oc debug command. This command creates a new pod with the same configuration and mounts as the pod you specified, allowing you to access it for debugging.
Procedure
To connect to the pod, run:
oc debug <pod-name>
14.11. Operator service account error
Manually modifying the aap_operator_service_account user in the Ansible Automation Platform database or UI removes the required is_superuser flag. This action causes a critical failure in the platform gateway operator’s reconciliation loop.
You see the following error:
TASK [ansibleautomationplatform : Create operator service account user] … CommandError: Error: That username is already takenThe Ansible Automation Platform operator automatically recreates the service account when the account is missing. To restore the required superuser privileges, you must remove the existing, incorrectly configured user.
After you delete the user, the platform gateway operator automatically runs its idempotency logic, recreates the account, and ensures it has the necessary is_superuser=True flag, restoring the reconciliation loop’s functionality.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}