How To Change Control Plane Execution Environment Settings
One of the important parts is execution environments (EE) in the Ansible Automation Platform 2 (AAP2). By default AAP2 will import execution environments to Automation Hub and create them on AAP2 to pull them from Automation Hub. And we can change the default execution environment from it's settings to point one of our offline/online container registry.
But there is one Execution Environment called '' Control Plane Execution Environment '' that will automatically create and use for the project sync runs for the source code management (SCM), like GitLab or GitHub. And the “Control Plane Execution Environment '' is read-only configuration and Ansible Controller admin can’t modify it.
That is why we need to change the execution environments setting during the installation or after the installation especially in a disconnected environment. Otherwise, by default, '' Control Plane Execution Environment '' will automatically points to the Red Hat container registry and the project sync runs for the source code management (SCM) will always fail. Due to internet connectivity.
Let’s see the steps. We can consider the two scenarios.
A private image registry without authentication.
A private image registry with authentication.
A private image registry without authentication:
Step 1: Based on my first scenarios, Here additional configuration that needs to be added in the inventory under the group_vars directory.
[root@ansible4 ansible-automation-platform-setup-bundle-2.0.1-1-early-access]# pwd
/root/ansible-automation-platform-setup-bundle-2.0.1-1-early-access
[root@ansible4 ansible-automation-platform-setup-bundle-2.0.1-1-early-access]# vi group_vars/automationcontroller
# ## Execution Environments
control_plane_execution_environment: 'localhost:5000/ee-supported-rhel8:latest'
global_job_execution_environments:
- name: "Default execution environment"
image: "localhost:5000/ee-supported-rhel8:latest"
- name: "Ansible Engine 2.9 execution environment"
image: "localhost:5000/ee-29-rhel8:latest"
- name: "Minimal execution environment"
image: "localhost:5000/ee-minimal-rhel8:latest"
Note: we have to disable below line from the inventory file that defined earlier during our Ansible Automation Platform Installation. Those lines are related to image registry authentication for the Execution Environment Configuration, as below:
# Execution Environment Configuration
# Credentials for container registry to pull execution environment images from,
# comment out registry_username if authentication is not required
#registry_url='registry.redhat.io'
#registry_username=''
#registry_password=''
Step 2: We need to re-run setup.sh if we already install with the default configuration before.
[root@ansible4 ansible-automation-platform-setup-bundle-2.0.1-1-early-access]# ./setup.sh
Step 3: To verify the Execution Environments details from the Ansible Controller web interface.
We can see below only Pull option could be change in Control Plane Execution Environment edit window and all the other options has no permission for the modification. the Registry credential field is also empty.
Now, to verify the functionality, lets try with ad-hoc ping test to a target host using the Control Plane Execution Environment.
Great, it's working fine. Now we are going change the inventory to verify the image registry configuration with our Automation Hub. And Automation Hub image registry required a authentication to pull the images from the on-premises Automation Hub system.
A private image registry with authentication:
Step 1: Based on my second scenarios, Here additional configuration that needs to be added in the inventory under the group_vars directory.
[root@ansible4 ansible-automation-platform-setup-bundle-2.0.1-1-early-access]# vi group_vars/automationcontroller
# Automation Hub Registry
registry_username: 'aap4admin'
registry_password: 'password'
registry_url: 'ansible4-ah.jazakallah.info'
registry_verify_ssl: False
## Execution Environments
control_plane_execution_environment: 'ansible4-ah.jazakallah.info/ee-supported-rhel8:latest'
global_job_execution_environments:
- name: "Default execution environment"
image: "ansible4-ah.jazakallah.info/ee-supported-rhel8:latest"
- name: "Ansible Engine 2.9 execution environment"
image: "ansible4-ah.jazakallah.info/ee-29-rhel8:latest"
- name: "Minimal execution environment"
image: "ansible4-ah.jazakallah.info/ee-minimal-rhel8:latest"
~
Step 2: We need to re-run setup.sh if we already install with the default configuration before.
[root@ansible4 ansible-automation-platform-setup-bundle-2.0.1-1-early-access]# ./setup.sh
Step 3: To verify the Execution Environments details from the Ansible Controller web interface.
We can see below only Pull option could be change in Control Plane Execution Environment edit window and all the other options has no permission for the modification.
But the Registry credential field is not empty this time and the details of that Default Execution Environment Registry Credential is as below.
Now, to verify the functionality, lets try with ad-hoc ping test to a target host using the Control Plane Execution Environment.
Great, it's working fine as well. Hopefully it will help.
Very valuable information. Was looking for it high and low