Automation Mesh Configuration with Hosted Hop Nodes

Updated -

Overview

The Ansible Automation Platform Service on AWS control plane is configured so that a limited amount of automation can run without automation mesh, including platform management jobs and the demo automation job. All other automation must be configured to run on the customer-configured execution plane.

As part of the Ansible Automation Platform Service on AWS subscription, customers receive 10 Red Hat Enterprise Linux (RHEL) entitlements for running the execution plane. Additional RHEL or OpenShift licenses can be purchased separately.

Ansible Automation Platform Service on AWS provides two service-hosted hop nodes. These hop nodes allow execution nodes to poll for automation work through egress from a customer’s private network without the need to open inbound firewall ports to a customer’s network.

Customers can also configure the automation mesh with outbound connectivity from the control plane to their execution plane, allowing them to specify the ports used by the automation mesh.

For more information, refer to the Automation mesh for managed cloud or operator environments documentation for instructions.

Connectivity

The execution plane can communicate with the control plane under the following conditions:

  • Customer hosted execution nodes route stateful egress traffic to the hop nodes hosted as part of the service over port 443.
  • Automation mesh nodes are peered from the control plane to the node; a push model from the control plane to the node. Customers must configure firewalls, both at the network and OS layer, to allow traffic on automation mesh ports.

Customers can configure automation mesh nodes behind firewalls, proxy servers, and similar services. These services route or proxy traffic originating from Ansible Automation Platform without altering headers, payload, or other information that would affect functionality of the automation mesh. However, Red Hat does not test the wide range of firewalls, proxies, and other services that are all uniquely configured. Customers that wish to implement these solutions may need assistance from consulting partners that can help architect a desired solution.

Comments