General variables

aap_ca_cert_file

ca_tls_cert

Path to the user-provided CA certificate file. When you specify this variable, the installation program automatically generates TLS certificates for each Ansible Automation Platform service signed by this CA. You do not need to define individual service certificate variables.

Optional

aap_ca_cert_files_remote

ca_tls_remote

Denote whether the CA certificate files are local to the installation program (false) or on the remote component server (true).

Optional

false

aap_ca_cert_size

Bit size of the internally managed CA certificate private key.

Optional

4096

aap_ca_key_file

ca_tls_key

Path to the key file for the CA certificate provided in aap_ca_cert_file (RPM) and ca_tls_cert (Container). The installation program uses this key to sign the automatically generated TLS certificates for each Ansible Automation Platform service.

Optional

aap_ca_passphrase_cipher

Cipher used for signing the internally managed CA certificate private key.

Optional

aes256

aap_ca_regenerate

Denotes whether or not to regenerate the internally managed CA certificate key pair.

Optional

false

aap_service_cert_size

Bit size of the component key pair managed by the internal CA.

Optional

4096

aap_service_regen_cert

Denotes whether or not to regenerate the component key pair managed by the internal CA.

Optional

false

aap_service_san_records

A list of additional SAN records for signing a service. Assign these to components in the inventory file as host variables rather than group or all variables. All strings must also contain their corresponding SAN option prefix such as DNS: or IP:.

Optional

[]

backup_dest

Directory local to setup.sh for the final backup file.

Optional

The value defined in setup_dir.

backup_dir

backup_dir

Directory used to store backup files.

Optional

RPM = /var/backups/automation-platform/. Container = ~/backups

backup_file_prefix

Prefix used for the file backup name for the final backup file.

Optional

automation-platform-backup

bundle_install

bundle_install

Controls whether or not to perform an offline or bundled installation. Set this variable to true to enable an offline or bundled installation.

Optional

false if using the setup installation program. true if using the setup bundle installation program.

bundle_install_folder

bundle_dir

Path to the bundle directory used when performing a bundle install.

Required if bundle_install=true

RPM = /var/lib/ansible-automation-platform-bundle. Container = <current_dir>/bundle.

custom_ca_cert

custom_ca_cert

Path to the custom CA certificate file. Use this variable when you have manually provided TLS certificates for Ansible Automation Platform services (such as gateway_tls_cert, controller_tls_cert, or hub_tls_cert) that are signed by a custom CA.

This variable adds the CA certificate to the environment to ensure proper authentication and trust of the manually provided certificates. This variable is not needed when using ca_tls_cert and ca_tls_key, which automatically generate TLS certificates.

Optional

enable_insights_collection

The default install registers the node to the Red Hat Insights for Red Hat Ansible Automation Platform for the Red Hat Ansible Automation Platform Service if the node is registered with Subscription Manager. Set to false to disable this functionality.

Optional

true

registry_password

registry_password

Password credential for access to the registry source defined in registry_url.

For more information, see Create a registry service account.

Not required for disconnected (bundled) installations where bundle_install=true.

RPM = Required if you need a password to access registry_url. Container = Required for online installations if registry_auth=true. Not required for disconnected installations.

registry_url

registry_url

URL of the registry source from which to pull execution environment images.

Optional

registry.redhat.io

registry_username

registry_username

Username credential for access to the registry source defined in registry_url. For more information, see Create a registry service account.

Not required for disconnected (bundled) installations where bundle_install=true.

RPM = Required if you need a password to access registry_url. Container = Required for online installations if registry_auth=true. Not required for disconnected installations.

registry_verify_ssl

registry_tls_verify

Controls whether SSL/TLS certificate verification is enabled or disabled when making HTTPS requests.

Optional

true

restore_backup_file

Path to the tar file used for the platform restore.

Optional

{{ setup_dir }}/automation-platform-backup-latest.tar.gz

restore_file_prefix

Path prefix for the staged restore components.

Optional

automation-platform-restore

routable_hostname

routable_hostname

Used if the machine running the installation program can only route to the target host through a specific URL. For example, if you use short names in your inventory, but the node running the installation program can only resolve that host by using a FQDN. If routable_hostname is not set, it defaults to ansible_host. If you do not set ansible_host, inventory_hostname is used as a last resort. This variable is used as a host variable for particular hosts and not under the [all:vars] section.

Optional

use_archive_compression

use_archive_compression

Controls at a global level whether the filesystem-related backup files are compressed before being sent to the host to run the backup operation. If set to true, a tar.gz file is generated on each Ansible Automation Platform host and then gzip compression is used. If set to false, a simple tar file is generated.

You can control this functionality at a component level by using the <component_name>_use_archive_compression variables.

Optional

true

use_db_compression

use_db_compression

Controls at a global level whether the database-related backup files are compressed before being sent to the host to run the backup operation.

You can control this functionality at a component level by using the <component_name>_use_db_compression variables.

Optional

true

ca_tls_key_passphrase

Passphrase used to decrypt the key provided in ca_tls_key.

Optional

client_request_timeout

Sets the HTTP timeout for end-user requests. The minimum value is 10 seconds.

Optional

30

container_compress

Compression software to use for compressing container images.

Optional

gzip

container_keep_images

Controls whether or not to keep container images when uninstalling Ansible Automation Platform. Set to true to keep container images when uninstalling Ansible Automation Platform.

Optional

false

container_pull_images

Controls whether or not to pull newer container images during installation. Set to false to prevent pulling newer container images during installation.

Optional

true

images_tmp_dir

The directory where the installation program temporarily stores container images during installation.

Optional

The system’s temporary directory.

pcp_firewall_zone

The firewall zone where Performance Co-Pilot related firewall rules are applied. This controls which networks can access Performance Co-Pilot based on the zone’s trust level.

Optional

public

pcp_use_archive_compression

Controls whether archive compression is enabled or disabled for Performance Co-Pilot. You can control this functionality globally by using use_archive_compression.

Optional

true

registry_auth

Controls whether to use registry authentication. When set to true, registry_username and registry_password are required. Not applicable for disconnected (bundled) installations.

Optional

true

registry_ns_aap

Ansible Automation Platform registry namespace.

Optional

ansible-automation-platform-26

registry_ns_rhel

RHEL registry namespace.

Optional

rhel8

setup_monitoring

Set to true to enable Performance Co-Pilot for system performance monitoring and data collection on Ansible Automation Platform control plane nodes.

Optional

false