Red Hat SummitChapter 1. Installing Red Hat Ansible Automation Platform Operator on Red Hat OpenShift Container Platform
As a system administrator, you can use Ansible Automation Platform Operator to deploy new Ansible Automation Platform instances in your OpenShift environment.
1.1. Planning your Red Hat Ansible Automation Platform Operator on Red Hat OpenShift Container Platform
Red Hat Ansible Automation Platform is supported on both Red Hat Enterprise Linux and Red Hat Openshift.
OpenShift operators help install and automate day-2 operations of complex, distributed software on Red Hat OpenShift Container Platform. The Ansible Automation Platform Operator enables you to deploy and manage Ansible Automation Platform components on Red Hat OpenShift Container Platform.
You can use this section to help plan your Red Hat Ansible Automation Platform installation on your Red Hat OpenShift Container Platform environment. Before installing, review the supported installation scenarios to determine which meets your requirements.
1.1.1. About Ansible Automation Platform Operator
The Ansible Automation Platform Operator provides cloud-native, push-button deployment of new Ansible Automation Platform instances in your OpenShift environment. The Ansible Automation Platform Operator includes resource types to deploy and manage instances of automation controller and private automation hub. It also includes automation controller job resources for defining and launching jobs inside your automation controller deployments.
Deploying Ansible Automation Platform instances with a Kubernetes native operator offers several advantages over launching instances from a playbook deployed on Red Hat OpenShift Container Platform, including upgrades and full lifecycle support for your Red Hat Ansible Automation Platform deployments.
You can install the Ansible Automation Platform Operator from the Red Hat Operators catalog in OperatorHub.
For information about the Ansible Automation Platform Operator system requirements and infrastructure topology see Operator topologies in Tested deployment models
1.1.2. OpenShift Container Platform version compatibility
The Ansible Automation Platform Operator to install Ansible Automation Platform 2.5 is available on OpenShift Container Platform 4.12 through to 4.17 and later versions.
Additional resources
- See the Red Hat Ansible Automation Platform Life Cycle for the most current compatibility details.
1.1.3. Supported installation scenarios for Red Hat OpenShift Container Platform
You can use the OperatorHub on the Red Hat OpenShift Container Platform web console to install Ansible Automation Platform Operator.
Alternatively, you can install Ansible Automation Platform Operator from the OpenShift Container Platform command-line interface (CLI), oc. See Installing Red Hat Ansible Automation Platform Operator from the OpenShift Container Platform CLI for help with this.
After you have installed Ansible Automation Platform Operator you must create an Ansible Automation Platform custom resource (CR). This enables you to manage Ansible Automation Platform components from a single unified interface known as the platform gateway. As of version 2.5, you must create an Ansible Automation Platform CR, even if you have an existing automation controller, automation hub, or Event-Driven Ansible, components.
If existing components have already been deployed, you must specify these components on the Ansible Automation Platform CR. You must create the custom resource in the same namespace as the existing components.
| Supported scenarios | Supported scenarios with existing components |
|---|---|
|
|
1.1.4. Custom resources
You can define custom resources for each primary installation workflows.
1.1.4.1. Modifying the number of simultaneous rulebook activations during or after Event-Driven Ansible controller installation
-
If you plan to install Event-Driven Ansible on OpenShift Container Platform and modify the number of simultaneous rulebook activations, add the required
EDA_MAX_RUNNING_ACTIVATIONSparameter to your custom resources. By default, Event-Driven Ansible controller allows 12 activations per node to run simultaneously. See the example in appendix EDA_MAX_RUNNING_ACTIVATIONS.
EDA_MAX_RUNNING_ACTIVATIONS for OpenShift Container Platform is a global value since there is no concept of worker nodes when installing Event-Driven Ansible on OpenShift Container Platform.
1.1.5. Ansible Automation Platform Operator CSRF management
In Ansible Automation Platform version 2.5 the Ansible Automation Platform Operator on OpenShift Container Platform creates OpenShift Routes and configures your Cross-site request forgery (CSRF) settings automatically. When using external ingress, you must configure your CSRF on the ingress, for help with this see Configuring your CSRF settings for your platform gateway operator ingress.
In previous versions CSRF was configurable through the automation controller user interface, in version 2.5 automation controller settings are still present but have no impact on CSRF settings for the platform gateway.
The following table helps to clarify which settings are applicable for which component.
| UI setting | Applicable for |
|---|---|
| Subscription | automation controller |
| platform gateway | platform gateway |
| User Preferences | User interface |
| System | Automation controller |
| Job | Automation controller |
| Logging | Automation controller |
| Troubleshooting | Automation controller |
1.1.6. Additional resources
- See Understanding OperatorHub to learn more about OpenShift Container Platform OperatorHub.
1.2. Installing the Red Hat Ansible Automation Platform Operator on Red Hat OpenShift Container Platform
For information about the Ansible Automation Platform Operator system requirements and infrastructure topology see Operator topologies in Tested deployment models.
When installing your Ansible Automation Platform Operator you have a choice of a namespace-scoped operator or a cluster-scoped operator. This depends on the update channel you choose, stable-2.x or cluster-scoped-2.x.
A namespace-scoped operator is confined to one namespace, offering tighter security. A cluster-scoped operator spans multiple namespaces, which grants broader permissions.
If you are managing multiple Ansible Automation Platform instances with the same Ansible Automation Platform Operator version, use the cluster-scoped operator, which uses a single operator to manage all Ansible Automation Platform custom resources in your cluster.
If you need multiple operator versions in the same cluster, you must use the namespace-scoped operator. The operator and the deployment share the same namespace. This can also be helpful when debugging because the operator logs pertain to custom resources in that namespace only.
For help with installing a namespace or cluster-scoped operator see the following procedure.
You cannot deploy Ansible Automation Platform in the default namespace on your OpenShift Cluster. The aap namespace is recommended. You can use a custom namespace, but it should run only Ansible Automation Platform.
Prerequisites
- You have installed the Red Hat Ansible Automation Platform catalog in OperatorHub.
-
You have created a
StorageClassobject for your platform and a persistent volume claim (PVC) withReadWriteManyaccess mode. See Dynamic provisioning for details. To run Red Hat OpenShift Container Platform clusters on Amazon Web Services (AWS) with
ReadWriteManyaccess mode, you must add NFS or other storage.-
For information about the AWS Elastic Block Store (EBS) or to use the
aws-ebsstorage class, see Persistent storage using AWS Elastic Block Store. -
To use multi-attach
ReadWriteManyaccess mode for AWS EBS, see Attaching a volume to multiple instances with Amazon EBS Multi-Attach.
-
For information about the AWS Elastic Block Store (EBS) or to use the
Procedure
- Log in to Red Hat OpenShift Container Platform.
-
Navigate to
. - Search for Ansible Automation Platform and click .
Select an Update Channel:
- stable-2.x: installs a namespace-scoped operator, which limits deployments of automation hub and automation controller instances to the namespace the operator is installed in, this is suitable for most cases. The stable-2.x channel does not require administrator privileges and utilizes fewer resources because it only monitors a single namespace.
- stable-2.x-cluster-scoped: installs the Ansible Automation Platform Operator in a single namespace that manages Ansible Automation Platform custom resources and deployments in all namespaces. The Ansible Automation Platform Operator requires administrator privileges for all namespaces in the cluster.
- Select Installation Mode, Installed Namespace, and Approval Strategy.
- Click .
The installation process begins. When installation finishes, a modal appears notifying you that the Ansible Automation Platform Operator is installed in the specified namespace.
Verification
- Click to view your newly installed Ansible Automation Platform Operator and verify the following operator custom resources are present:
| Automation controller | Automation hub | Event-Driven Ansible (EDA) | Red Hat Ansible Lightspeed |
|---|---|---|---|
|
|
|
|
1.3. Installing Red Hat Ansible Automation Platform Operator from the Red Hat OpenShift Container Platform CLI
Use these instructions to install the Ansible Automation Platform Operator on Red Hat OpenShift Container Platform from the OpenShift Container Platform command-line interface (CLI) using the oc command.
1.3.1. Prerequisites
- Access to Red Hat OpenShift Container Platform using an account with operator installation permissions.
-
The OpenShift Container Platform CLI
occommand is installed on your local system. Refer to Installing the OpenShift CLI in the Red Hat OpenShift Container Platform product documentation for further information.
1.3.2. Installing the Ansible Automation Platform Operator in a namespace
Use this procedure to subscribe a namespace to an operator.
You cannot deploy Ansible Automation Platform in the default namespace on your OpenShift Cluster. The aap namespace is recommended. You can use a custom namespace, but it should run only Ansible Automation Platform.
Procedure
Create a project for the operator.
oc new-project ansible-automation-platform
-
Create a file called
sub.yaml. Add the following YAML code to the
sub.yamlfile.--- apiVersion: v1 kind: Namespace metadata: labels: openshift.io/cluster-monitoring: "true" name: ansible-automation-platform --- apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: ansible-automation-platform-operator namespace: ansible-automation-platform spec: targetNamespaces: - ansible-automation-platform --- apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: ansible-automation-platform namespace: ansible-automation-platform spec: channel: 'stable-2.5' installPlanApproval: Automatic name: ansible-automation-platform-operator source: redhat-operators sourceNamespace: openshift-marketplace ---This file creates a
Subscriptionobject calledansible-automation-platformthat subscribes theansible-automation-platformnamespace to theansible-automation-platform-operatoroperator.Run the
oc applycommand to create the objects specified in thesub.yamlfile:oc apply -f sub.yaml
Verify the CSV PHASE reports "Succeeded" before proceeding using the
oc get csv -n ansible-automation-platformcommand:oc get csv -n ansible-automation-platform NAME DISPLAY VERSION REPLACES PHASE aap-operator.v2.5.0-0.1728520175 Ansible Automation Platform 2.5.0+0.1728520175 aap-operator.v2.5.0-0.1727875185 Succeeded
Create an
AnsibleAutomationPlatformobject calledexamplein theansible-automation-platformnamespace.To change the Ansible Automation Platform and its components from from
example, edit the name field in themetadata:section and replace example with the name you want to use:oc apply -f - <<EOF apiVersion: aap.ansible.com/v1alpha1 kind: AnsibleAutomationPlatform metadata: name: example namespace: ansible-automation-platform spec: # Platform image_pull_policy: IfNotPresent # Components controller: disabled: false eda: disabled: false hub: disabled: false ## Modify to contain your RWM storage class name storage_type: file file_storage_storage_class: <your-read-write-many-storage-class> file_storage_size: 10Gi ## uncomment if using S3 storage for Content pod # storage_type: S3 # object_storage_s3_secret: example-galaxy-object-storage ## uncomment if using Azure storage for Content pod # storage_type: azure # object_storage_azure_secret: azure-secret-name lightspeed: disabled: true EOF
For further information about subscribing namespaces to operators, see Installing from OperatorHub using the CLI in the Red Hat OpenShift Container Platform Operators guide.
You can use the OpenShift Container Platform CLI to fetch the web address and the password of the Automation controller that you created.
1.3.3. Fetching platform gateway login details from the OpenShift Container Platform CLI
To login to the platform gateway, you need the web address and the password.
1.3.3.1. Fetching the platform gateway web address
A Red Hat OpenShift Container Platform route exposes a service at a host name, so that external clients can reach it by name. When you created the platform gateway instance, a route was created for it. The route inherits the name that you assigned to the platform gateway object in the YAML file.
Use the following command to fetch the routes:
oc get routes -n <platform_namespace>
In the following example, the example platform gateway is running in the ansible-automation-platform namespace.
$ oc get routes -n ansible-automation-platform NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD example example-ansible-automation-platform.apps-crc.testing example-service http edge/Redirect None
The address for the platform gateway instance is example-ansible-automation-platform.apps-crc.testing.
1.3.3.2. Fetching the platform gateway password
The YAML block for the platform gateway instance in the AnsibleAutomationPlatform object assigns values to the name and admin_user keys.
Use these values in the following command to fetch the password for the platform gateway instance.
oc get secret/<your instance name>-<admin_user>-password -o yaml
The default value for admin_user is
admin. Modify the command if you changed the admin username in theAnsibleAutomationPlatformobject.The following example retrieves the password for a platform gateway object called
example:oc get secret/example-admin-password -o yaml
The base64 encoded password for the platform gateway instance is listed in the
metadatafield in the output:$ oc get secret/example-admin-password -o yaml apiVersion: v1 data: password: ODzLODzLODzLODzLODzLODzLODzLODzLODzLODzLODzL kind: Secret metadata: labels: app.kubernetes.io/component: aap app.kubernetes.io/name: example app.kubernetes.io/operator-version: "" app.kubernetes.io/part-of: example name: example-admin-password namespace: ansible-automation-platform
1.3.3.3. Decoding the platform gateway password
After you have found your gateway password, you must decode it from base64.
Run the following command to decode your password from base64:
oc get secret/example-admin-password -o jsonpath={.data.password} | base64 --decode
1.3.4. Additional resources
- For more information on running operators on OpenShift Container Platform, navigate to the OpenShift Container Platform product documentation and click the Operators - Working with Operators in OpenShift Container Platform guide.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}