Chapter 13. Technical Notes

Ansible Automation Platform from GCP Marketplace is a self-managed deployment. The following are technical notes regarding the Ansible Automation Platform from GCP Marketplace deployment.

13.1. Upgrade - logging and monitoring

To ensure a successful upgrade, logging and monitoring must be disabled before running the upgrade. Follow these instructions to toggle off monitoring and logging for your current version before beginning the upgrade. when the upgrade has completed, logging and monitoring can be reenabled by following these instructions.

13.2. Command generator - Linux files owned by root

On Linux, any file or directory created by the command generator is owned by root:root by default. To change the ownership of the files and directories, you can run the sudo chmod command after the files are created:

# Change the owner of the command_generator_data directory recursively
$ sudo chown -R $USER:$USER command_generator_data/

# Check the permissions
$ ls -la command_generator_data/

The command generator currently expects to use the Docker CLI in the daemon mode. The default Docker installation does not have User namespace mapping for Discretionary access control (DAC). So, for any file created by root from the container will also be owned by root on the host if the file is located in a shared volume.

You can learn more about the Linux namespaces, including the User namespace at the article The 7 most used Linux namespaces.

13.3. Upgrade note

Upgrading Ansible Automation Platform to 2.4.20230630 updates the protocol of its internal load balancers from HTTP to HTTPs. If additional networking configurations were added, they can also be updated to ensure connectivity. When the upgrade has succeeded, you must revalidate any additional added networking configurations.

13.4. Ansible Automation Platform Controller API

API endpoints for Controller must contain a trailing slash in order for requests to go through. Automatic trailing slash redirects are not supported in this current offering of Ansible Automation Platform from GCP Marketplace. For example a request such as <controller_base_url>/api/v2/metrics times out while <controller_base_url>/api/v2/metrics/ goes through.

13.5. Remove extension node note

When removing extension node using the Ansible-on-Clouds ops playbook, ensure you have provided correct instance group name and instance template name. Incorrect instance group name and instance template name results in some orphan resources.

13.6. Secrets Update

When you update any secrets in the GCP secret manager, ensure that the latest secret version is enabled. For example, if you have two secret versions for a <deployment-name>-aap-admin secret, secret version 2 must be enabled, where <deployment-name> is the name of your foundation deployment.