Red Hat SummitManage containers in your private automation hub
Private automation hub functions as an internal container registry for your organization. It allows you to store, manage, and govern the container images, or automation execution environments, that your teams use to run automation.
Private automation hub functions as an internal container registry for your organization. It allows you to store, manage, and govern the container images, or automation execution environments, that your teams use to run automation.
To effectively manage these containers, first learn the difference between the two types of registries in your workflow:
- External registries (the source): Public or third-party registries where you source your initial images. Common examples include the Red Hat Ecosystem Catalog (registry.redhat.io) or Quay.io. You can pull images from these registries to your local environment.
- Private automation hub registry, or your remote registry (the destination): Your internal, secure registry hosted on private automation hub. You push your curated and approved images here. Your Ansible Automation Platform infrastructure then pulls these images from private automation hub to execute jobs.
Populate your private automation hub container registry
The automation hub remote registry is used for storing and managing automation execution environments.
When you have built or sourced an execution environment, you can push that execution environment to the registry portion of private automation hub to create a container repository. Then, you can grant your team access to the container repository, and customize the repository with a README, relevant links and other information for your team's use.
-
Pull an execution environment from an external registry (like registry.redhat.io) to your local machine.
-
Tag the image locally for your private automation hub registry.
-
Push the image to your private automation hub.
-
Configure access permissions and documentation (such as READMEs) within private automation hub so your teams can use the image.
As of April 1st, 2025, quay.io is adding three additional endpoints. As a result, you must adjust the allow/block lists within your firewall systems lists to include the following endpoints:
-
cdn04.quay.io -
cdn05.quay.io -
cdn06.quay.io
To avoid problems pulling container images, customers must allow outbound TCP connections (ports 80 and 443) to the following hostnames:
-
cdn.quay.io -
cdn01.quay.io -
cdn02.quay.io -
cdn03.quay.io -
cdn04.quay.io -
cdn05.quay.io -
cdn06.quay.io
This change should be made to any firewall configuration that specifically enables outbound connections to registry.redhat.io or registry.access.redhat.com.
Use the hostnames instead of IP addresses when configuring firewall rules.
After making this change, you can continue to pull images from registry.redhat.io or registry.access.redhat.com. You do not require a quay.io login, or need to interact with the quay.io registry directly in any way to continue pulling Red Hat container images.
Pull execution environments for use in automation hub
Before you can push execution environments to your private automation hub, you must first pull them from an existing registry and tag them for use.
Before you begin
- You have permissions to pull automation execution environments from
registry.redhat.io.
About this task
The following example details how to pull an execution environment from the Red Hat Ecosystem Catalog (registry.redhat.io).
Procedure
Results
To verify that the execution environment you pulled is contained in the list, take these steps:
- List the images in local storage:
$ podman images - Check the execution environment name, and verify that the tag is correct.
Tag container images
Tag automation execution environments to add an additional name to automation execution environments stored in your automation hub container repository. If no tag is added to an automation execution environment, automation hub defaults to latest for the name.
Before you begin
- You have change automation execution environment tags permissions.
Procedure
- From the navigation panel, select .
- Select your automation execution environments.
- Click the Images tab.
- Click the icon ⋮, and click .
- Add a new tag in the text field and click .
- Optional: Remove current tags by clicking on any of the tags for that image.
Results
- Click the Activity tab and review the latest changes.
Pull and sync images from automation hub to your local system
Pull Ansible Automation Platform execution environments from the automation hub registry to your local machine. Use the provided podman pull command for the latest version in the repository, or specify a tag to copy a specific execution environment.
Pull an image
Use the user interface to pull an execution environment from your private automation hub remote registry to make a copy to your local machine.
Before you begin
- You must have permission to view and pull from a private container repository.
- If you are pulling automation execution environments from a password or token-protected registry, create a credential first.
Procedure
- From the navigation panel, select .
- Select your execution environment.
- In the Pull this image entry, click .
- Paste and run the command in your terminal.
Results
- Run
podman imagesto view images on your local machine.
Sync images from a container registry
You can pull automation execution environments from the private automation hub remote registry to sync an image to your local machine. To sync an execution environment from a remote registry, you must first configure a remote registry.
Before you begin
You must have permission to view and pull from a private container repository.
Procedure
Create a credential
To pull automation execution environments images from a password or token-protected registry, you must create a credential.
About this task
In earlier versions of Ansible Automation Platform, you were required to deploy a registry to store execution environment images. On Ansible Automation Platform 2.0 and later, the system operates as if you already have a remote registry up and running. To store execution environment images, add the credentials of only your selected remote registries.
Procedure
- Log in to Ansible Automation Platform.
- From the navigation panel, select .
- Click to create a new credential.
- Enter an authorization Name, Description, and Organization.
- In the Credential Type drop-down, select Container Registry.
- Enter the Authentication URL. This is the remote registry address.
- Enter the Username and Password or Token required to log in to the remote registry.
- Optional: To enable SSL verification, select Verify SSL.
- Click .
Remote registry team permissions
Configure team access to container repositories in private automation hub to control who can access and manage execution environments.
New teams do not have any assigned permissions by default. You must add permissions when first creating a team or edit an existing team to add or remove permissions.
The following table lists permissions you can grant to teams to ensure they have the correct level of access and privileges to your remote registries.
| Permission name | Description |
|---|---|
| Create new containers |
Users can create new containers |
| Change container namespace permissions |
Users can change permissions on the container repository |
| Change container |
Users can change information on a container |
| Change execution environment tags |
Users can modify execution environment tags |
| Push to existing container |
Users can push an execution environment to an existing container |
Add a README to your container repository
Add a README to your container repository to provide instructions to your users on how to work with the container. Automation hub container repositories support Markdown for creating a README. By default, the README is empty.
Before you begin
- You have permissions to change containers.
Procedure
- Log in to Ansible Automation Platform.
- From the navigation panel, select .
- Select your execution environment.
- On the Detail tab, click .
- In the Raw Markdown text field, enter your README text in Markdown.
- Click when you are finished.
What to do next
After you add a README, you can edit it at any time by clicking and repeating steps 4 and 5.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}