Chapter 2. Installing Red Hat Ansible Automation Platform
Ansible Automation Platform is a modular platform and you can deploy automation controller with other automation platform components, such as automation hub. For more information about the components provided with Ansible Automation Platform, see Red Hat Ansible Automation Platform components in the Red Hat Ansible Automation Platform Planning Guide.
With the Ansible Automation Platform installer, you can deploy only one automation hub per inventory. You can use the Ansible Automation Platform installer for a standalone instance of automation hub and run the installer any number of times with any number of different inventories to deploy multiple automation hub nodes.
There are a number of supported installation scenarios for Red Hat Ansible Automation Platform. To install Red Hat Ansible Automation Platform, you must edit the inventory file parameters to specify your installation scenario using one of the following examples:
- Standalone automation controller with internal database
- Single automation controller with external (installer managed) database
- Single automation controller with external (customer provided) database
- Ansible Automation Platform with an external (installer managed) database
- Ansible Automation Platform with an external (installer managed) database
- Standalone automation hub with internal database
- Single automation controller with external (installer managed) database
- Single automation controller with external (customer provided) database
2.1. Editing the Red Hat Ansible Automation Platform installer inventory file
You can use the Red Hat Ansible Automation Platform installer inventory file to specify your installation scenario.
Procedure
Navigate to the installer:
[RPM installed package]
$ cd /opt/ansible-automation-platform/installer/
[bundled installer]
$ cd ansible-automation-platform-setup-bundle-<latest-version>
[online installer]
$ cd ansible-automation-platform-setup-<latest-version>
-
Open the
inventoryfile with a text editor. -
Edit
inventoryfile parameters to specify your installation scenario. Use one of the supported Installation scenario examples to update yourinventoryfile.
Additional resources
For a comprehensive list of pre-defined variables used in Ansible installation inventory files, see Inventory file variables.
2.1.1. Inventory file examples based on installation scenarios
Red Hat supports a number of installation scenarios for Ansible Automation Platform. Review the following examples and choose those suitable for your preferred installation scenario.
- For Red Hat Ansible Automation Platform or automation hub: Add an automation hub host in the [automationhub] group.
- Do not install automation controller and automation hub on the same node for versions of Ansible Automation Platform in a production or customer environment. This can cause contention issues and heavy resource use.
- Provide a reachable IP address or fully qualified domain name (FDQN) for the [automationhub] and [automationcontroller] hosts to ensure users can sync and install content from automation hub from a different node. Do not use 'localhost'.
-
Do not use special characters for
pg_password. It can cause the setup to fail. -
Enter your Red Hat Registry Service Account credentials in
registry_usernameandregistry_passwordto link to the Red Hat container registry. -
The inventory file variables
registry_usernameandregistry_passwordare only required if a non-bundle installer is used.
2.1.1.1. Standalone automation controller with internal database
Use this example to populate the inventory file to install Red Hat Ansible Automation Platform. This installation inventory file includes a single automation controller node with an internal database.
[automationcontroller] controller.acme.org [all:vars] admin_password='<password>' pg_host='' pg_port='5432' pg_database='awx' pg_username='awx' pg_password='<password>' pg_sslmode='prefer' # set to 'verify-full' for client-side enforced SSL registry_url='registry.redhat.io' registry_username='<registry username>' registry_password='<registry password>' # SSL-related variables # If set, this will install a custom CA certificate to the system trust store. # custom_ca_cert=/path/to/ca.crt # Certificate and key to install in nginx for the web UI and API # web_server_ssl_cert=/path/to/tower.cert # web_server_ssl_key=/path/to/tower.key # Server-side SSL settings for PostgreSQL (when we are installing it). # postgres_use_ssl=False # postgres_ssl_cert=/path/to/pgsql.crt # postgres_ssl_key=/path/to/pgsql.key
2.1.1.2. Single automation controller with external (installer managed) database
Use this example to populate the inventory file to install Red Hat Ansible Automation Platform. This installation inventory file includes a single automation controller node with an external database on a separate node.
[automationcontroller] controller.acme.org [database] data.acme.org [all:vars] admin_password='<password>' pg_host='data.acme.org' pg_port='5432' pg_database='awx' pg_username='awx' pg_password='<password>' pg_sslmode='prefer' # set to 'verify-full' for client-side enforced SSL registry_url='registry.redhat.io' registry_username='<registry username>' registry_password='<registry password>' # SSL-related variables # If set, this will install a custom CA certificate to the system trust store. # custom_ca_cert=/path/to/ca.crt # Certificate and key to install in nginx for the web UI and API # web_server_ssl_cert=/path/to/tower.cert # web_server_ssl_key=/path/to/tower.key # Server-side SSL settings for PostgreSQL (when we are installing it). # postgres_use_ssl=False # postgres_ssl_cert=/path/to/pgsql.crt # postgres_ssl_key=/path/to/pgsql.key
2.1.1.3. Single automation controller with external (customer provided) database
Use this example to populate the inventory file to install Red Hat Ansible Automation Platform. This installation inventory file includes a single automation controller node with an external database on a separate node that is not managed by the platform installer.
This example does not have a host under the database group. This indicates to the installer that the database already exists, and is being managed elsewhere.
[automationcontroller] controller.acme.org [database] [all:vars] admin_password='<password>' pg_host='data.acme.org' pg_port='5432' pg_database='awx' pg_username='awx' pg_password='<password>' pg_sslmode='prefer' # set to 'verify-full' for client-side enforced SSL registry_url='registry.redhat.io' registry_username='<registry username>' registry_password='<registry password>' # SSL-related variables # If set, this will install a custom CA certificate to the system trust store. # custom_ca_cert=/path/to/ca.crt # Certificate and key to install in nginx for the web UI and API # web_server_ssl_cert=/path/to/tower.cert # web_server_ssl_key=/path/to/tower.key # Server-side SSL settings for PostgreSQL (when we are installing it). # postgres_use_ssl=False # postgres_ssl_cert=/path/to/pgsql.crt # postgres_ssl_key=/path/to/pgsql.key
2.1.1.4. Ansible Automation Platform with an external (installer managed) database
Use this example to populate the inventory file to install Ansible Automation Platform. This installation inventory file includes two automation controller nodes, two execution nodes, and automation hub with an external managed database.
# Automation Controller Nodes # There are two valid node_types that can be assigned for this group. # A node_type=control implies that the node will only be able to run # project and inventory updates, but not regular jobs. # A node_type=hybrid will have the ability to run everything. # If you do not define the node_type, it defaults to hybrid. # # control.example node_type=control # hybrid.example node_type=hybrid # hybrid2.example <- this will default to hybrid [automationcontroller] controller1.acme.org node_type=control controller2.acme.org node_type=control # Execution Nodes # There are two valid node_types that can be assigned for this group. # A node_type=hop implies that the node will forward jobs to an execution node. # A node_type=execution implies that the node will be able to run jobs. # If you do not define the node_type, it defaults to execution. # # hop.example node_type=hop # execution.example node_type=execution # execution2.example <- this will default to execution [execution_nodes] execution1.acme.org node_type=execution execution2.acme.org node_type=execution [automationhub] automationhub.acme.org [database] data.acme.org [all:vars] admin_password='<password>' pg_host='data.acme.org' pg_port='5432' pg_database='awx' pg_username='awx' pg_password='<password>' pg_sslmode='prefer' # set to 'verify-full' for client-side enforced SSL registry_url='registry.redhat.io' registry_username='<registry username>' registry_password='<registry password>' # Receptor Configuration # receptor_listener_port=27199 # Automation Hub Configuration # automationhub_admin_password='<password>' automationhub_pg_host='data.acme.org' automationhub_pg_port='5432' automationhub_pg_database='automationhub' automationhub_pg_username='automationhub' automationhub_pg_password='<password>' automationhub_pg_sslmode='prefer' # The default install will deploy a TLS enabled Automation Hub. # If for some reason this is not the behavior wanted one can # disable TLS enabled deployment. # # automationhub_disable_https = False # The default install will generate self-signed certificates for the Automation # Hub service. If you are providing valid certificate via automationhub_ssl_cert # and automationhub_ssl_key, one should toggle that value to True. # # automationhub_ssl_validate_certs = False # SSL-related variables # If set, this will install a custom CA certificate to the system trust store. # custom_ca_cert=/path/to/ca.crt # Certificate and key to install in nginx for the web UI and API # web_server_ssl_cert=/path/to/tower.cert # web_server_ssl_key=/path/to/tower.key # Certificate and key to install in Automation Hub node # automationhub_ssl_cert=/path/to/automationhub.cert # automationhub_ssl_key=/path/to/automationhub.key # Server-side SSL settings for PostgreSQL (when we are installing it). # postgres_use_ssl=False # postgres_ssl_cert=/path/to/pgsql.crt # postgres_ssl_key=/path/to/pgsql.key
2.1.1.5. Ansible Automation Platform with an external (customer provided) database
Use this example to populate the inventory file to install Red Hat Ansible Automation Platform. This installation inventory file includes one of each node type; control, hybrid, hop, and execution, and automation hub with an external managed database that is not managed by the platform installer.
This example does not have a host under the database group. This indicates to the installer that the database already exists, and is being managed elsewhere.
# Automation Controller Nodes # There are two valid node_types that can be assigned for this group. # A node_type=control implies that the node will only be able to run # project and inventory updates, but not regular jobs. # A node_type=hybrid will have the ability to run everything. # If you do not define the node_type, it defaults to hybrid. # # control.example node_type=control # hybrid.example node_type=hybrid # hybrid2.example <- this will default to hybrid [automationcontroller] hybrid1.acme.org node_type=hybrid controller1.acme.org node_type=control # Execution Nodes # There are two valid node_types that can be assigned for this group. # A node_type=hop implies that the node will forward jobs to an execution node. # A node_type=execution implies that the node will be able to run jobs. # If you do not define the node_type, it defaults to execution. # # hop.example node_type=hop # execution.example node_type=execution # execution2.example <- this will default to execution [execution_nodes] hop1.acme.org node_type=hop execution1.acme.org node_type=execution [automationhub] automationhub.acme.org [database] [all:vars] admin_password='<password>' pg_host='data.acme.org' pg_port='5432' pg_database='awx' pg_username='awx' pg_password='<password>' pg_sslmode='prefer' # set to 'verify-full' for client-side enforced SSL registry_url='registry.redhat.io' registry_username='<registry username>' registry_password='<registry password>' # Receptor Configuration # receptor_listener_port=27199 # Automation Hub Configuration # automationhub_admin_password='<password>' automationhub_pg_host='data.acme.org' automationhub_pg_port='5432' automationhub_pg_database='automationhub' automationhub_pg_username='automationhub' automationhub_pg_password='<password>' automationhub_pg_sslmode='prefer' # The default install will deploy a TLS enabled Automation Hub. # If for some reason this is not the behavior wanted one can # disable TLS enabled deployment. # # automationhub_disable_https = False # The default install will generate self-signed certificates for the Automation # Hub service. If you are providing valid certificate via automationhub_ssl_cert # and automationhub_ssl_key, one should toggle that value to True. # # automationhub_ssl_validate_certs = False # SSL-related variables # If set, this will install a custom CA certificate to the system trust store. # custom_ca_cert=/path/to/ca.crt # Certificate and key to install in nginx for the web UI and API # web_server_ssl_cert=/path/to/tower.cert # web_server_ssl_key=/path/to/tower.key # Certificate and key to install in Automation Hub node # automationhub_ssl_cert=/path/to/automationhub.cert # automationhub_ssl_key=/path/to/automationhub.key # Server-side SSL settings for PostgreSQL (when we are installing it). # postgres_use_ssl=False # postgres_ssl_cert=/path/to/pgsql.crt # postgres_ssl_key=/path/to/pgsql.key
2.1.1.6. Standalone automation hub with internal database
Use this example to populate the inventory file to deploy a standalone instance of automation hub with an internal database.
[automationcontroller] [automationhub] automationhub.acme.org ansible_connection=local [all:vars] registry_url='registry.redhat.io' registry_username='<registry username>' registry_password='<registry password>' automationhub_admin_password= <PASSWORD> automationhub_pg_host='' automationhub_pg_port='5432' automationhub_pg_database='automationhub' automationhub_pg_username='automationhub' automationhub_pg_password=<PASSWORD> automationhub_pg_sslmode='prefer' # The default install will deploy a TLS enabled Automation Hub. # If for some reason this is not the behavior wanted one can # disable TLS enabled deployment. # # automationhub_disable_https = False # The default install will generate self-signed certificates for the Automation # Hub service. If you are providing valid certificate via automationhub_ssl_cert # and automationhub_ssl_key, one should toggle that value to True. # # automationhub_ssl_validate_certs = False # SSL-related variables # If set, this will install a custom CA certificate to the system trust store. # custom_ca_cert=/path/to/ca.crt # Certificate and key to install in Automation Hub node # automationhub_ssl_cert=/path/to/automationhub.cert # automationhub_ssl_key=/path/to/automationhub.key
2.1.1.7. Single automation hub with external (installer managed) database
Use this example to populate the inventory file to deploy a single instance of automation hub with an external (installer managed) database.
[automationcontroller] [automationhub] automationhub.acme.org [database] data.acme.org [all:vars] registry_url='registry.redhat.io' registry_username='<registry username>' registry_password='<registry password>' automationhub_admin_password= <PASSWORD> automationhub_pg_host='data.acme.org' automationhub_pg_port='5432' automationhub_pg_database='automationhub' automationhub_pg_username='automationhub' automationhub_pg_password=<PASSWORD> automationhub_pg_sslmode='prefer' # The default install will deploy a TLS enabled Automation Hub. # If for some reason this is not the behavior wanted one can # disable TLS enabled deployment. # # automationhub_disable_https = False # The default install will generate self-signed certificates for the Automation # Hub service. If you are providing valid certificate via automationhub_ssl_cert # and automationhub_ssl_key, one should toggle that value to True. # # automationhub_ssl_validate_certs = False # SSL-related variables # If set, this will install a custom CA certificate to the system trust store. # custom_ca_cert=/path/to/ca.crt # Certificate and key to install in Automation Hub node # automationhub_ssl_cert=/path/to/automationhub.cert # automationhub_ssl_key=/path/to/automationhub.key
2.1.1.8. Single automation hub with external (customer provided) database
Use this example to populate the inventory file to deploy a single instance of automation hub with an external database that is not managed by the platform installer.
This example does not have a host under the database group. This indicates to the installer that the database already exists, and is being managed elsewhere.
[automationcontroller] [automationhub] automationhub.acme.org [database] [all:vars] registry_url='registry.redhat.io' registry_username='<registry username>' registry_password='<registry password>' automationhub_admin_password= <PASSWORD> automationhub_pg_host='data.acme.org' automationhub_pg_port='5432' automationhub_pg_database='automationhub' automationhub_pg_username='automationhub' automationhub_pg_password=<PASSWORD> automationhub_pg_sslmode='prefer' # The default install will deploy a TLS enabled Automation Hub. # If for some reason this is not the behavior wanted one can # disable TLS enabled deployment. # # automationhub_disable_https = False # The default install will generate self-signed certificates for the Automation # Hub service. If you are providing valid certificate via automationhub_ssl_cert # and automationhub_ssl_key, one should toggle that value to True. # # automationhub_ssl_validate_certs = False # SSL-related variables # If set, this will install a custom CA certificate to the system trust store. # custom_ca_cert=/path/to/ca.crt # Certificate and key to install in Automation Hub node # automationhub_ssl_cert=/path/to/automationhub.cert # automationhub_ssl_key=/path/to/automationhub.key
2.2. Running the Red Hat Ansible Automation Platform installer setup script
After you update the inventory file with required parameters for installing your private automation hub, run the installer setup script.
Procedure
Run the
setup.shscript$ sudo ./setup.sh
Installation of Red Hat Ansible Automation Platform will begin.
2.3. Verifying installation of automation controller
Verify that you installed automation controller successfully by logging in with the admin credentials you inserted in the inventory file.
Procedure
-
Navigate to the IP address specified for the automation controller node in the
inventoryfile. -
Log in with the Admin credentials you set in the
inventoryfile.
The automation controller server is accessible from port 80 (https://<CONTROLLER_SERVER_NAME>/) but redirects to port 443, so port 443 must also be available.
If the installation fails and you are a customer who has purchased a valid license for Red Hat Ansible Automation Platform, contact Ansible through the Red Hat Customer portal.
After a successful login to automation controller, your installation of Red Hat Ansible Automation Platform 2.3 is complete.
2.3.1. Additional automation controller configuration and resources
See the following resources to explore additional automation controller configurations.
Table 2.1. Resources to configure automation controller
| Resource link | Description |
|---|---|
| Set up automation controller and run your first playbook | |
| Configure automation controller administration through customer scripts, management jobs, etc. | |
| Configuring proxy support for Red Hat Ansible Automation Platform | Set up automation controller with a proxy server |
| Managing usability analytics and data collection from automation controller | Manage what automation controller information you share with Red Hat |
| Review automation controller functionality in more detail |
2.4. Verifying installation of automation hub
Verify that you installed your automation hub successfully by logging in with the admin credentials you inserted into the inventory file.
Procedure
-
Navigate to the IP address specified for the automation hub node in the
inventoryfile. -
Log in with the Admin credentials you set in the
inventoryfile.
If the installation fails and you are a customer who has purchased a valid license for Red Hat Ansible Automation Platform, contact Ansible through the Red Hat Customer portal.
After a successful login to automation hub, your installation of Red Hat Ansible Automation Platform 2.3 is complete.
2.4.1. Additional automation hub configuration and resources
See the following resources to explore additional automation hub configurations.
Table 2.2. Resources to configure automation controller
| Resource link | Description |
|---|---|
| Configure user access for automation hub | |
| Managing Red Hat Certified and Ansible Galaxy collections in automation hub | Add content to your automation hub |
| Publishing proprietary content collections in automation hub | Publish internally developed collections on your automation hub |
2.5. Post-installation steps
Whether you are a new Ansible Automation Platform user looking to start automating, or an existing administrator looking to migrate old Ansible content to your latest installed version of Red Hat Ansible Automation Platform, explore the next steps to begin leveraging the new features of Ansible Automation Platform 2.3:
2.5.1. Migrating data to Ansible Automation Platform 2.3
For platform administrators looking to complete an upgrade to the Ansible Automation Platform 2.3, there may be additional steps needed to migrate data to a new instance:
2.5.1.1. Migrating from legacy virtual environments (venvs) to automation execution environments
Ansible Automation Platform 2.3 moves you away from custom Python virtual environments (venvs) in favor of automation execution environments - containerized images that packages the necessary components needed to execute and scale your Ansible automation. This includes Ansible Core, Ansible Content Collections, Python dependencies, Red Hat Enterprise Linux UBI 8, and any additional package dependencies.
If you are looking to migrate your venvs to execution environments, you will (1) need to use the awx-manage command to list and export a list of venvs from your original instance, then (2) use ansible-builder to create execution environments.
2.5.1.2. Migrating to Ansible Engine 2.9 images using Ansible Builder
To migrate Ansible Engine 2.9 images for use with Ansible Automation Platform 2.3, the ansible-builder tool automates the process of rebuilding images (including its custom plugins and dependencies) for use with automation execution environments.
Additional resources
For more information on using Ansible Builder to build execution environments, see the Creating and Consuming Execution Environments.
2.5.1.3. Migrating to Ansible Core 2.13
When upgrading to Ansible Core 2.13, you need to update your playbooks, plugins, or other parts of your Ansible infrastructure in order to be supported by the latest version of Ansible Core. For instructions on updating your Ansible content for Ansible Core 2.13 compatibility, see the Ansible-core 2.13 Porting Guide.
2.5.2. Scale up your automation using automation mesh
The automation mesh component of the Red Hat Ansible Automation Platform simplifies the process of distributing automation across multi-site deployments. For enterprises with multiple isolated IT environments, automation mesh provides a consistent and reliable way to deploy and scale up automation across your execution nodes using a peer-to-peer mesh communication network.
When upgrading from version 1.x to the latest version of the Ansible Automation Platform, you will need to migrate the data from your legacy isolated nodes into execution nodes necessary for automation mesh. You can implement automation mesh by planning out a network of hybrid and control nodes, then editing the inventory file found in the Ansible Automation Platform installer to assign mesh-related values to each of your execution nodes.
For instructions on how to migrate from isolated nodes to execution nodes, see the Red Hat Ansible Automation Platform Upgrade and Migration Guide.
For information about automation mesh and the various ways to design your automation mesh for your environment, see the Red Hat Ansible Automation Platform automation mesh guide.