How to create an Automation Hub instance on Azure Red Hat OpenShift (ARO)?
Environment
- Ansible Automation Platform >= 2.2
- Azure Red Hat OpenShift 4
- AAP Operator >= 2.2
Issue
- How to create an Automation Hub instance on Azure Red Hat OpenShift (ARO)?
Resolution
1. Prepare ARO instance and install the AAP Operator
-
Confirm to login to the cluster with
oc
command.$ oc login --username kubeadmin https://api.XXXXXXXX.japaneast.aroapp.io:6443/ Authentication required for https://api.XXXXXXXX.japaneast.aroapp.io:6443 (openshift) Username: kubeadmin Password: Login successful. it give access to 69 projects, the list has been suppressed. it can list all projects with 'oc projects' Using project "default".
2. prepare a cluster role and its binding
-
Create the following files to define the role.
clusterrole.yml
--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: system:azure-cloud-provider rules: - apiGroups: [''] resources: ['secrets'] verbs: ['get','create']
clusterrolebinding.yml
--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: system:azure-cloud-provider roleRef: kind: ClusterRole apiGroup: rbac.authorization.k8s.io name: system:azure-cloud-provider subjects: - kind: ServiceAccount name: persistent-volume-binder namespace: kube-system
-
Apply them.
$ oc apply -f clusterrole.yml clusterrole.rbac.authorization.k8s.io/system:azure-cloud-provider created $ oc apply -f clusterrolebinding.yml clusterrolebinding.rbac.authorization.k8s.io/system:azure-cloud-provider created
3. create a storage class
-
On the Azure console at
Home
>Storage accounts
, you can find the information about the storage account associated with the ARO cluster.- Storage account: clusterXXXXX
-
Resource group: aro-XXXXXXXX
storageclass.yml
kind: StorageClass apiVersion: storage.k8s.io/v1 metadata: name: azure-files provisioner: kubernetes.io/azure-file parameters: location: <YOUR REGION> skuName: Standard_LRS storageAccount: clusterXXXXX resourceGroup: aro-XXXXXXXX mountOptions: - dir_mode=0777 - file_mode=0777 - noperm reclaimPolicy: Delete volumeBindingMode: Immediate
-
Apply and confirm it.
$ oc apply -f storageclass.yml storageclass.storage.k8s.io/azure-files created $ oc describe sc/azure-files ...
4. install an Automation Hub instance
-
Go to Installed Operators > Ansible Automation Platform >
Automation Hub
tab > press theCreate AutomationHub
button > fill in these forms.- Name: (your instance name for AH) - Storage type: select `File` - File storage access mode: ReadWriteMany (by default) - File storage size: 100Gi (by default) - File storage class: azure-files (created by the step [3])
-
Next press the
Create
button to proceed. -
When the deployment is successful, login to the Web UI for the Automation Hub instance.
- URL: Networking > Routes > (AH instance) > Location
- Password for admin user: Workloads > Secrets > (AH instance)-admin-password > Data
Diagnostic Steps
-
When the cluster role for storage is not configured, the following error can be seen in PVC.
Generated from persistentvolume-controller 6 times in the last 1 minute Failed to provision volume with StorageClass "azure-files": couldn't create secret secrets is forbidden: User "system:serviceaccount:kube-system:persistent-volume-binder" cannot create resource "secrets" in API group "" in the namespace "<YOUR_OPERATOR_NAMESPACE>"
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments