10.2. 升级 Ansible Automation Platform

10.2.1. 拉取 ansible-on-clouds-ops 容器镜像
复制链接

流程

在云操作容器上拉取 Ansible 的 Docker 镜像，其标签与您要升级到的版本相同。
注意
在拉取 docker 镜像前，请确保使用 docker 登录到 registry.redhat.io。使用以下命令登录到 registry.redhat.io。
$ docker login registry.redhat.io
Copy to Clipboard Toggle word wrap
有关 registry 登录的更多信息，请参阅 Registry 身份验证
注意
Clouds 操作镜像标签上的 Ansible 必须与您要升级到的版本匹配。例如，如果您的基础部署版本为 2.3.20230221，请使用标签 2.4.20230630 拉取操作镜像，以升级到 2.4.20230630 版本。
```
export IMAGE=registry.redhat.io/ansible-on-clouds/ansible-on-clouds-ops-rhel9:2.4.20230630
docker pull $IMAGE --platform=linux/amd64
```
```
$ export IMAGE=registry.redhat.io/ansible-on-clouds/ansible-on-clouds-ops-rhel9:2.4.20230630
$ docker pull $IMAGE --platform=linux/amd64
```
Copy to Clipboard Toggle word wrap

10.2.2. 所需权限
复制链接

您必须具有以下 AWS IAM 权限才能升级堆栈：

注意

要验证权限或调试权限拒绝问题，AWS IAM Policy Simulator 会很有帮助。

required-roles:
  ec2:
    actions:
      - ec2:DescribeInstances
      - ec2:GetLaunchTemplateData
      - ec2:DescribeAccountAttributes
      - ec2:DescribeLaunchTemplates
      - ec2:CreateTags
      - ec2:RunInstances
      - ec2:DescribeInstanceTypes
      - ec2:DescribeSubnets
      - ec2:DeleteTags
      - ec2:DescribeRegions
      - ec2:DescribeAvailabilityZones
      - ec2:DeleteLaunchTemplate
      - ec2:DescribeTags
      - ec2:DescribeLaunchTemplateVersions
      - ec2:DescribeSecurityGroups
      - ec2:CreateLaunchTemplateVersion
      - ec2:CreateLaunchTemplate
      - ec2:DescribeVpcs
      - ec2:ModifyLaunchTemplate
    resources:
      - "*"
  iam:
    actions:
      - iam:ListRoleTags
      - iam:AttachRolePolicy
      - iam:PutRolePolicy
      - iam:AddRoleToInstanceProfile
      - iam:ListAttachedRolePolicies
      - iam:GetRole
      - iam:GetRolePolicy
      - iam:CreateInstanceProfile
      - iam:ListInstanceProfilesForRole
      - iam:PassRole
      - iam:GetInstanceProfile
      - iam:CreateServiceLinkedRole
    resources:
      - "*"
  secretsmanager:
    actions:
      - secretsmanager:DescribeSecret
      - secretsmanager:ListSecrets
      - secretsmanager:TagResource
      - secretsmanager:UntagResource
      - secretsmanager:CreateSecret
      - secretsmanager:GetSecretValue
      - secretsmanager:UpdateSecret
      - secretsmanager:GetResourcePolicy
    resources:
      - "*"
  ssm:
    actions:
      - ssm:StartSession
      - ssm:TerminateSession
    resources:
      - "*"
  autoscaling:
    actions:
      - autoscaling:DescribeAutoScalingGroups
      - autoscaling:UpdateAutoScalingGroup
      - autoscaling:DescribeInstanceRefreshes
      - autoscaling:DeleteTags
      - autoscaling:DescribeTags
      - autoscaling:CreateOrUpdateTags
      - autoscaling:CreateAutoScalingGroup
      - autoscaling:DescribeLaunchConfigurations
      - autoscaling:DescribeLifecycleHooks
      - autoscaling:StartInstanceRefresh
      - autoscaling:CreateLaunchConfiguration
      - autoscaling:DisableMetricsCollection
      - autoscaling:DeleteLaunchConfiguration
      - autoscaling:DetachLoadBalancerTargetGroups
      - autoscaling:AttachLoadBalancerTargetGroups
    resources:
      - "*"
  s3:
    actions:
      - s3:DeleteObject
      - s3:PutObject
      - s3:GetObject
      - s3:GetBucketLocation
    resources:
      - "*"
  cloudformation:
    actions:
      - cloudformation:ListStackResources
      - cloudformation:DescribeStacks
      - cloudformation:GetTemplate
    resources:
      - "*"
  elasticloadbalancing:
    actions:
      - elasticloadbalancing:DescribeTargetGroupAttributes
      - elasticloadbalancing:DescribeTags
      - elasticloadbalancing:DescribeTargetHealth
      - elasticloadbalancing:DescribeTargetGroups
      - elasticloadbalancing:ModifyTargetGroup
      - elasticloadbalancing:DescribeLoadBalancers
      - elasticloadbalancing:DescribeLoadBalancerAttributes
      - elasticloadbalancing:DescribeListeners
      - elasticloadbalancing:CreateListener
      - elasticloadbalancing:DeleteListener
      - elasticloadbalancing:DescribeRules
      - elasticloadbalancing:DeleteTargetGroup
      - elasticloadbalancing:CreateTargetGroup
      - elasticloadbalancing:ModifyTargetGroupAttributes
      - elasticloadbalancing:AddTags
      - elasticloadbalancing:RemoveTags
    resources:
      - "*"

required-roles:
  ec2:
    actions:
      - ec2:DescribeInstances
      - ec2:GetLaunchTemplateData
      - ec2:DescribeAccountAttributes
      - ec2:DescribeLaunchTemplates
      - ec2:CreateTags
      - ec2:RunInstances
      - ec2:DescribeInstanceTypes
      - ec2:DescribeSubnets
      - ec2:DeleteTags
      - ec2:DescribeRegions
      - ec2:DescribeAvailabilityZones
      - ec2:DeleteLaunchTemplate
      - ec2:DescribeTags
      - ec2:DescribeLaunchTemplateVersions
      - ec2:DescribeSecurityGroups
      - ec2:CreateLaunchTemplateVersion
      - ec2:CreateLaunchTemplate
      - ec2:DescribeVpcs
      - ec2:ModifyLaunchTemplate
    resources:
      - "*"
  iam:
    actions:
      - iam:ListRoleTags
      - iam:AttachRolePolicy
      - iam:PutRolePolicy
      - iam:AddRoleToInstanceProfile
      - iam:ListAttachedRolePolicies
      - iam:GetRole
      - iam:GetRolePolicy
      - iam:CreateInstanceProfile
      - iam:ListInstanceProfilesForRole
      - iam:PassRole
      - iam:GetInstanceProfile
      - iam:CreateServiceLinkedRole
    resources:
      - "*"
  secretsmanager:
    actions:
      - secretsmanager:DescribeSecret
      - secretsmanager:ListSecrets
      - secretsmanager:TagResource
      - secretsmanager:UntagResource
      - secretsmanager:CreateSecret
      - secretsmanager:GetSecretValue
      - secretsmanager:UpdateSecret
      - secretsmanager:GetResourcePolicy
    resources:
      - "*"
  ssm:
    actions:
      - ssm:StartSession
      - ssm:TerminateSession
    resources:
      - "*"
  autoscaling:
    actions:
      - autoscaling:DescribeAutoScalingGroups
      - autoscaling:UpdateAutoScalingGroup
      - autoscaling:DescribeInstanceRefreshes
      - autoscaling:DeleteTags
      - autoscaling:DescribeTags
      - autoscaling:CreateOrUpdateTags
      - autoscaling:CreateAutoScalingGroup
      - autoscaling:DescribeLaunchConfigurations
      - autoscaling:DescribeLifecycleHooks
      - autoscaling:StartInstanceRefresh
      - autoscaling:CreateLaunchConfiguration
      - autoscaling:DisableMetricsCollection
      - autoscaling:DeleteLaunchConfiguration
      - autoscaling:DetachLoadBalancerTargetGroups
      - autoscaling:AttachLoadBalancerTargetGroups
    resources:
      - "*"
  s3:
    actions:
      - s3:DeleteObject
      - s3:PutObject
      - s3:GetObject
      - s3:GetBucketLocation
    resources:
      - "*"
  cloudformation:
    actions:
      - cloudformation:ListStackResources
      - cloudformation:DescribeStacks
      - cloudformation:GetTemplate
    resources:
      - "*"
  elasticloadbalancing:
    actions:
      - elasticloadbalancing:DescribeTargetGroupAttributes
      - elasticloadbalancing:DescribeTags
      - elasticloadbalancing:DescribeTargetHealth
      - elasticloadbalancing:DescribeTargetGroups
      - elasticloadbalancing:ModifyTargetGroup
      - elasticloadbalancing:DescribeLoadBalancers
      - elasticloadbalancing:DescribeLoadBalancerAttributes
      - elasticloadbalancing:DescribeListeners
      - elasticloadbalancing:CreateListener
      - elasticloadbalancing:DeleteListener
      - elasticloadbalancing:DescribeRules
      - elasticloadbalancing:DeleteTargetGroup
      - elasticloadbalancing:CreateTargetGroup
      - elasticloadbalancing:ModifyTargetGroupAttributes
      - elasticloadbalancing:AddTags
      - elasticloadbalancing:RemoveTags
    resources:
      - "*"

Copy to Clipboard

Toggle word wrap

10.2.3. 生成数据文件
复制链接

本节中的命令会创建一个目录，并使用在升级过程中使用填充时的空数据模板填充。

流程

运行以下命令以生成所需的数据文件。

Create a folder to hold the configuration files
mkdir command_generator_data

# Create a folder to hold the configuration files
$ mkdir command_generator_data

Copy to Clipboard

Toggle word wrap

使用配置文件模板填充 command_generator_data 文件夹。
注意
在 Linux 上，命令生成器创建的任何文件或目录默认归 root:root 所有。要更改文件和目录的所有权，您可以在创建文件后运行 sudo chmod 命令。如需更多信息，请阅读命令生成器 - 由 root 拥有的 Linux 文件。
```
docker run --rm -v $(pwd)/command_generator_data:/data $IMAGE \
command_generator_vars aws_upgrade \
--output-data-file /data/extra_vars.yml
```
```
$ docker run --rm -v $(pwd)/command_generator_data:/data $IMAGE \
command_generator_vars aws_upgrade \
--output-data-file /data/extra_vars.yml
```
Copy to Clipboard Toggle word wrap

运行这些命令后，会创建一个 command_generator_data/extra_vars.yml 模板文件。此模板文件类似于以下内容：

aws_upgrade:
  ansible_config_path:
  cloud_credentials_path:
  deployment_name:
  extra_vars:
    aws_backup_taken:
    aws_region:
    aws_ssm_bucket_name:
    seller_name:

aws_upgrade:
  ansible_config_path:
  cloud_credentials_path:
  deployment_name:
  extra_vars:
    aws_backup_taken:
    aws_region:
    aws_ssm_bucket_name:
    seller_name:

Copy to Clipboard

Toggle word wrap

10.2.4. 更新数据文件
复制链接

在触发升级前，您必须填充数据文件。每个参数都需要，除非将其标记为可选。如果该参数为可选，可以从数据文件中删除其键和值。

以下变量是数据文件中列出的参数：

ansible_config_path （可选）仅在使用自定义 ansible_config 覆盖时使用。
cloud_credentials_path 是 AWS 凭证文件的路径。
DEPLOYMENT_NAME 是基础部署的名称。
- 这是部署基础时使用的相同名称。
aws_backup_taken 是最近在运行此升级前创建的当前部署的手动备份的验证。
AWS_ REGION 是基础部署所在的 AWS 区域。
aws_ssm_bucket_name 是存储 AWS SSM 的临时配置文件的 S3 存储桶的名称。您可以使用现有存储桶或创建新存储桶。
注意
aws_ssm_bucket_name 参数仅适用于存储临时配置文件。不需要保存它以便在其他 playbook 中使用。可以使用任何有效的现有存储桶。有关创建 S3 存储桶的更多信息，请参阅 AWS 文档中的 AWS 创建 A Bucket。
存储桶名称不得包含大写字母。
seller_name （可选）用于指定 AWS Marketplace Seller。默认值为 redhatinc。如果您在 EMEA 上，并通过 redhatlimited AWS Marketplace 销售者购买此服务，请确保将这个值设置为 redhatlimited。

填充数据文件后，它应类似于以下内容：

以下示例提供了以下值：

aws_upgrade:
  ansible_config_path:
  cloud_credentials_path: ~/.aws/credentials
  deployment_name: AnsibleAutomationPlatform
  extra_vars:
    aws_backup_taken: true
    aws_region: us-east-1
    aws_ssm_bucket_name: aap-ssm-bucket
    seller_name: redhatinc

aws_upgrade:
  ansible_config_path:
  cloud_credentials_path: ~/.aws/credentials
  deployment_name: AnsibleAutomationPlatform
  extra_vars:
    aws_backup_taken: true
    aws_region: us-east-1
    aws_ssm_bucket_name: aap-ssm-bucket
    seller_name: redhatinc

Copy to Clipboard

Toggle word wrap

10.2.5. 运行升级 playbook
复制链接

注意

Ansible Automation Platform 升级到 2.4.20230630 更新其内部负载均衡器上的监听程序。如果在安装后添加了资源依赖，则必须临时删除它，以便升级成功。详情请查看技术备注。

要运行升级，请运行命令生成器来生成 upgrade CLI 命令：

docker run --rm -v $(pwd)/command_generator_data:/data $IMAGE command_generator --data-file /data/extra_vars.yml

$ docker run --rm -v $(pwd)/command_generator_data:/data $IMAGE command_generator --data-file /data/extra_vars.yml

Copy to Clipboard

Toggle word wrap

这会生成以下 upgrade 命令：

-----------------------------------------------
docker run --rm --env PLATFORM=AWS -v ~/.aws/credentials:/home/runner/.aws/credentials:ro --env ANSIBLE_CONFIG=../aws-ansible.cfg --env DEPLOYMENT_NAME=AnsibleAutomationPlatform --env GENERATE_INVENTORY=true  $IMAGE redhat.ansible_on_clouds.aws_upgrade -e 'aws_foundation_stack_name=AnsibleAutomationPlatform aws_region=us-east-1 aws_ssm_bucket_name=aap-ssm-bucket aws_backup_taken=True seller_name=redhatinc'
===============================================

-----------------------------------------------
docker run --rm --env PLATFORM=AWS -v ~/.aws/credentials:/home/runner/.aws/credentials:ro --env ANSIBLE_CONFIG=../aws-ansible.cfg --env DEPLOYMENT_NAME=AnsibleAutomationPlatform --env GENERATE_INVENTORY=true  $IMAGE redhat.ansible_on_clouds.aws_upgrade -e 'aws_foundation_stack_name=AnsibleAutomationPlatform aws_region=us-east-1 aws_ssm_bucket_name=aap-ssm-bucket aws_backup_taken=True seller_name=redhatinc'
===============================================

Copy to Clipboard

Toggle word wrap

运行给定的 upgrade 命令以触发升级。

docker run --rm --env PLATFORM=AWS -v ~/.aws/credentials:/home/runner/.aws/credentials:ro --env ANSIBLE_CONFIG=../aws-ansible.cfg --env DEPLOYMENT_NAME=AnsibleAutomationPlatform --env GENERATE_INVENTORY=true  $IMAGE redhat.ansible_on_clouds.aws_upgrade -e 'aws_foundation_stack_name=AnsibleAutomationPlatform aws_region=us-east-1 aws_ssm_bucket_name=aap-ssm-bucket aws_backup_taken=True seller_name=redhatinc'

$ docker run --rm --env PLATFORM=AWS -v ~/.aws/credentials:/home/runner/.aws/credentials:ro --env ANSIBLE_CONFIG=../aws-ansible.cfg --env DEPLOYMENT_NAME=AnsibleAutomationPlatform --env GENERATE_INVENTORY=true  $IMAGE redhat.ansible_on_clouds.aws_upgrade -e 'aws_foundation_stack_name=AnsibleAutomationPlatform aws_region=us-east-1 aws_ssm_bucket_name=aap-ssm-bucket aws_backup_taken=True seller_name=redhatinc'

Copy to Clipboard

Toggle word wrap

升级可能需要一些时间才能完成，但根据系统中的扩展节点数量，可能需要更长的时间。以下日志会标记成功升级。

TASK [redhat.ansible_on_clouds.standalone_aws_upgrade : [upgrade] [LOG] upgrade version] ***
ok: [localhost] => {
    "msg": "Successfully upgraded from '2.3.20230221-00' -> '2.4.20230630-00'."
}

TASK [redhat.ansible_on_clouds.standalone_aws_upgrade : [upgrade] [LOG] upgrade version] ***
ok: [localhost] => {
    "msg": "Successfully upgraded from '2.3.20230221-00' -> '2.4.20230630-00'."
}

Copy to Clipboard

Toggle word wrap

来自 AWS Marketplace 部署的 Ansible Automation Platform 现在已升级到更新的版本，您可以使用部署凭证登录到 Red Hat Ansible Automation Platform 自动化控制器和自动化中心。

10.2. 升级 Ansible Automation Platform

10.2.1. 拉取 ansible-on-clouds-ops 容器镜像
复制链接

10.2.2. 所需权限
复制链接

10.2.3. 生成数据文件
复制链接

10.2.4. 更新数据文件
复制链接

10.2.5. 运行升级 playbook
复制链接

学习

尝试、购买和销售

社区

关于红帽文档

让开源更具包容性

關於紅帽

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links

10.2. 升级 Ansible Automation Platform

10.2.1. 拉取 ansible-on-clouds-ops 容器镜像复制链接链接已复制到粘贴板!

10.2.2. 所需权限复制链接链接已复制到粘贴板!

10.2.3. 生成数据文件复制链接链接已复制到粘贴板!

10.2.4. 更新数据文件复制链接链接已复制到粘贴板!

10.2.5. 运行升级 playbook复制链接链接已复制到粘贴板!

学习

尝试、购买和销售

社区

关于红帽文档

让开源更具包容性

關於紅帽

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links

10.2.1. 拉取 ansible-on-clouds-ops 容器镜像
复制链接

10.2.2. 所需权限
复制链接

10.2.3. 生成数据文件
复制链接

10.2.4. 更新数据文件
复制链接

10.2.5. 运行升级 playbook
复制链接