Este conteúdo não está disponível no idioma selecionado.

Chapter 3. Installing and configuring automation controller on Red Hat OpenShift Container Platform web console


You can use these instructions to install the automation controller operator on Red Hat OpenShift Container Platform, specify custom resources, and deploy Ansible Automation Platform with an external database.

Note

When an instance of automation controller is removed, the associated PVCs are not automatically deleted. This can cause issues during migration if the new deployment has the same name as the previous one. Therefore, it is recommended that you manually remove old PVCs before deploying a new automation controller instance in the same namespace. See Finding and deleting PVCs for more information.

3.1. Prerequisites

  • You have installed the Red Hat Ansible Automation Platform catalog in Operator Hub.

3.2. Installing the automation controller operator

  1. Navigate to Operators Installed Operators, then click on the Ansible Automation Platform operator.
  2. Locate the Automation controller tab, then click Create instance.

You can proceed with configuring the instance using either the Form View or YAML view.

3.2.1. Creating your automation controller form-view

  1. Ensure Form view is selected. It should be selected by default.
  2. Enter the name of the new controller.
  3. Optional: Add any labels necessary.
  4. Click Advanced configuration.
  5. Enter Hostname of the instance. The hostname is optional. The default hostname will be generated based upon the deployment name you have selected.
  6. Enter the Admin account username.
  7. Enter the Admin email address.
  8. Under the Admin password secret drop-down menu, select the secret.
  9. Under Database configuration secret drop-down menu, select the secret.
  10. Under Old Database configuration secret drop-down menu, select the secret.
  11. Under Secret key secret drop-down menu, select the secret.
  12. Under Broadcast Websocket Secret drop-down menu, select the secret.
  13. Enter any Service Account Annotations necessary.

3.2.2. Configuring your controller image pull policy

  1. Under Image Pull Policy, click on the radio button to select

    • Always
    • Never
    • IfNotPresent
  2. To display the option under Image Pull Secrets, click the arrow.

    1. Click + beside Add Image Pull Secret and enter a value.
  3. To display fields under the Web container resource requirements drop-down list, click the arrow.

    1. Under Limits, and Requests, enter values for CPU cores, Memory, and Storage.
  4. To display fields under the Task container resource requirements drop-down list, click the arrow.

    1. Under Limits, and Requests, enter values for CPU cores, Memory, and Storage.
  5. To display fields under the EE Control Plane container resource requirements drop-down list, click the arrow.

    1. Under Limits, and Requests, enter values for CPU cores, Memory, and Storage.
  6. To display fields under the PostgreSQL init container resource requirements (when using a managed service) drop-down list, click the arrow.

    1. Under Limits, and Requests, enter values for CPU cores, Memory, and Storage.
  7. To display fields under the Redis container resource requirements drop-down list, click the arrow.

    1. Under Limits, and Requests, enter values for CPU cores, Memory, and Storage.
  8. To display fields under the PostgreSQL container resource requirements (when using a managed instance)* drop-down list, click the arrow.

    1. Under Limits, and Requests, enter values for CPU cores, Memory, and Storage.
  9. To display the PostgreSQL container storage requirements (when using a managed instance) drop-down list, click the arrow.

    1. Under Limits, and Requests, enter values for CPU cores, Memory, and Storage.
  10. Under Replicas, enter the number of instance replicas.
  11. Under Remove used secrets on instance removal, select true or false. The default is false.
  12. Under Preload instance with data upon creation, select true or false. The default is true.

3.2.3. Configuring your controller LDAP security

  1. Under LDAP Certificate Authority Trust Bundle click the drop-down menu and select a secret.
  2. Under LDAP Password Secret, click the drop-down menu and select a secret.
  3. Under EE Images Pull Credentials Secret, click the drop-down menu and select a secret.
  4. Under Bundle Cacert Secret, click the drop-down menu and select a secret.
  5. Under Service Type, click the drop-down menu and select

    • ClusterIP
    • LoadBalancer
    • NodePort

3.2.4. Configuring your automation controller operator route options

The Red Hat Ansible Automation Platform operator installation form allows you to further configure your automation controller operator route options under Advanced configuration.

  1. Click Advanced configuration.
  2. Under Ingress type, click the drop-down menu and select Route.
  3. Under Route DNS host, enter a common host name that the route answers to.
  4. Under Route TLS termination mechanism, click the drop-down menu and select Edge or Passthrough. For most instances Edge should be selected.
  5. Under Route TLS credential secret, click the drop-down menu and select a secret from the list.
  6. Under Enable persistence for /var/lib/projects directory select either true or false by moving the slider.

3.2.5. Configuring the Ingress type for your automation controller operator

The Red Hat Ansible Automation Platform operator installation form allows you to further configure your automation controller operator Ingress under Advanced configuration.

Procedure

  1. Click Advanced Configuration.
  2. Under Ingress type, click the drop-down menu and select Ingress.
  3. Under Ingress annotations, enter any annotations to add to the ingress.
  4. Under Ingress TLS secret, click the drop-down menu and select a secret from the list.

After you have configured your automation controller operator, click Create at the bottom of the form view. Red Hat OpenShift Container Platform will now create the pods. This may take a few minutes.

You can view the progress by navigating to Workloads Pods and locating the newly created instance.

Verification

Verify that the following operator pods provided by the Ansible Automation Platform Operator installation from automation controller are running:

Expand
Operator manager controllersautomation controllerautomation hub

The operator manager controllers for each of the 3 operators, include the following:

  • automation-controller-operator-controller-manager
  • automation-hub-operator-controller-manager
  • resource-operator-controller-manager

After deploying automation controller, you will see the addition of these pods:

  • controller
  • controller-postgres

After deploying automation hub, you will see the addition of these pods:

  • hub-api
  • hub-content
  • hub-postgres
  • hub-redis
  • hub-worker
Note

A missing pod can indicate the need for a pull secret. Pull secrets are required for protected or private image registries. See Using image pull secrets for more information. You can diagnose this issue further by running oc describe pod <pod-name> to see if there is an ImagePullBackOff error on that pod.

For users who prefer to deploy Ansible Automation Platform with an external database, they can do so by configuring a secret with instance credentials and connection information, then applying it to their cluster using the oc create command.

By default, the Red Hat Ansible Automation Platform operator automatically creates and configures a managed PostgreSQL pod in the same namespace as your Ansible Automation Platform deployment. You can deploy Ansible Automation Platform with an external database instead of the managed PostgreSQL pod that the Red Hat Ansible Automation Platform operator automatically creates.

Using an external database lets you share and reuse resources and manually manage backups, upgrades, and performance optimizations.

Note

The same external database (PostgreSQL instance) can be used for both automation hub and automation controller as long as the database names are different. In other words, you can have multiple databases with different names inside a single PostgreSQL instance.

The following section outlines the steps to configure an external database for your automation controller on a Ansible Automation Platform operator.

Prerequisite

The external database must be a PostgreSQL database that is the version supported by the current release of Ansible Automation Platform.

Note

Ansible Automation Platform 2.2 supports PostgreSQL 13.

Procedure

The external postgres instance credentials and connection information will need to be stored in a secret, which will then be set on the automation controller spec.

  1. Create a postgres_configuration_secret .yaml file, following the template below:

    apiVersion: v1
    kind: Secret
    metadata:
      name: external-postgres-configuration
      namespace: <target_namespace> 
    1
    
    stringData:
      host: "<external_ip_or_url_resolvable_by_the_cluster>" 
    2
    
      port: "<external_port>" 
    3
    
      database: "<desired_database_name>"
      username: "<username_to_connect_as>"
      password: "<password_to_connect_with>" 
    4
    
      sslmode: "prefer" 
    5
    
      type: "unmanaged"
    type: Opaque
    Copy to Clipboard Toggle word wrap
    1
    Namespace to create the secret in. This should be the same namespace you wish to deploy to.
    2
    The resolvable hostname for your database node.
    3
    External port defaults to 5432.
    4
    Value for variable password should not contain single or double quotes (', ") or backslashes (\) to avoid any issues during deployment, backup or restoration.
    5
    The variable sslmode is valid for external databases only. The allowed values are: prefer, disable, allow, require, verify-ca, and verify-full.
  2. Apply external-postgres-configuration-secret.yml to your cluster using the oc create command.

    $ oc create -f external-postgres-configuration-secret.yml
    Copy to Clipboard Toggle word wrap
  3. When creating your AutomationController custom resource object, specify the secret on your spec, following the example below:

    apiVersion: awx.ansible.com/v1beta1
    kind: AutomationController
    metadata:
      name: controller-dev
    spec:
      postgres_configuration_secret: external-postgres-configuration
    Copy to Clipboard Toggle word wrap

3.4. Finding and deleting PVCs

A persistent volume claim (PVC) is a storage volume used to store data that automation hub and automation controller applications use. These PVCs are independent from the applications and remain even when the application is deleted. If you are confident that you no longer need a PVC, or have backed it up elsewhere, you can manually delete them.

Procedure

  1. List the existing PVCs in your deployment namespace:

    oc get pvc -n <namespace>
    Copy to Clipboard Toggle word wrap
  2. Identify the PVC associated with your previous deployment by comparing the old deployment name and the PVC name.
  3. Delete the old PVC:

    oc delete pvc -n <namespace> <pvc-name>
    Copy to Clipboard Toggle word wrap
Voltar ao topo
Red Hat logoGithubredditYoutubeTwitter

Aprender

Experimente, compre e venda

Comunidades

Sobre a documentação da Red Hat

Ajudamos os usuários da Red Hat a inovar e atingir seus objetivos com nossos produtos e serviços com conteúdo em que podem confiar. Explore nossas atualizações recentes.

Tornando o open source mais inclusivo

A Red Hat está comprometida em substituir a linguagem problemática em nosso código, documentação e propriedades da web. Para mais detalhes veja o Blog da Red Hat.

Sobre a Red Hat

Fornecemos soluções robustas que facilitam o trabalho das empresas em plataformas e ambientes, desde o data center principal até a borda da rede.

Theme

© 2025 Red Hat