top of page
Recent Posts
Search

To Install & configure the Ansible Ansible Automation Hub

Updated: Mar 10, 2022

We can install the Ansible Automation Hub 2 separately or together with the Ansible Automation Platform installation. In my lab I'm going to install a single Ansible Automation Hub separately. Let’s start the installation step by step, as below:


Step 1: Download the Red Hat Ansible Automation Platform installer if your Red Hat Enterprise Linux environment is connected to the internet. Navigate to https://access.redhat.com/downloads/content/480 and select the Product Variant & the

Version, as below:


And download the Ansible Automation Platform installer bundle.

We can skip this steps, if we already downloaded.



Step2: : Verify the necessary rpm repo's are enabled.

[root@ansible4-ah ~]# subscription-manager repos --list-enabled
+----------------------------------------------------------+
    Available Repositories in /etc/yum.repos.d/redhat.repo
+----------------------------------------------------------+
Repo ID:   rhel-8-for-x86_64-appstream-rpms
Repo Name: Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs)
Repo URL:  https://cdn.redhat.com/content/dist/rhel8/$releasever/x86_64/appstream/os
Enabled:   1

Repo ID:   codeready-builder-for-rhel-8-x86_64-rpms
Repo Name: Red Hat CodeReady Linux Builder for RHEL 8 x86_64 (RPMs)
Repo URL:  https://cdn.redhat.com/content/dist/rhel8/$releasever/x86_64/codeready-builder/os
Enabled:   1

Repo ID:   ansible-2.9-for-rhel-8-x86_64-rpms
Repo Name: Red Hat Ansible Engine 2.9 for RHEL 8 x86_64 (RPMs)
Repo URL:  https://cdn.redhat.com/content/dist/layered/rhel8/x86_64/ansible/2.9/os
Enabled:   1

Repo ID:   rhel-8-for-x86_64-baseos-rpms
Repo Name: Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs)
Repo URL:  https://cdn.redhat.com/content/dist/rhel8/$releasever/x86_64/baseos/os
Enabled:   1

Step3: Verify the hostname and IP Address of the Server.

[root@ansible4-ah ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.121.210    ansible4.jazakallah.info    ansible4
192.168.121.211    ansible4-db.jazakallah.info    ansible4-db
192.168.121.212    ansible4-ah.jazakallah.info    ansible4-ah
[root@ansible4-ah repo]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 52:54:00:35:d0:5c brd ff:ff:ff:ff:ff:ff
    inet 192.168.121.212/24 brd 192.168.121.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fe35:d05c/64 scope link
       valid_lft forever preferred_lft forever

Step 4: Copy the file and Extract the files and will install from my controller node.

[root@ansible4 ~]# tar xvzf ansible-automation-platform-setup-<latest-version>.tar.gz

[root@ansible4 ~]# ls -l
-rw-------. 1 root root      1614 May 20 07:19 anaconda-ks.cfg
drwxr-xr-x. 6 root root       186 Nov  3 19:31 ansible-automation-platform-setup-bundle-2.0.1-1-early-access

Step 5: Open the inventory file with a vim editor and edit inventory file parameters to specify my installation scenario.

[root@ansible4 ~]# cd ansible-automation-platform-setup-bundle-2.0.1-1-early-access/
[root@ansible4 ansible-automation-platform-setup-bundle-2.0.1-1-early-access]# vim inventory
[automationcontroller]

[automationhub]
ansible4-ah.jazakallah.info

[database]

[servicescatalog_workers]

[all:vars]
#admin_password=''

#pg_host=''
#pg_port='5432'

#pg_database='awx'
#pg_username='awx'
#pg_password=''
#pg_sslmode='prefer'  # set to 'verify-full' for client-side enforced SSL

# Execution Environment Configuration
# Credentials for container registry to pull execution environment images from,
# comment out registry_username if authentication is not required
registry_url='registry.redhat.io'
registry_username='mh2xxx'
registry_password='XXXXXXXX’'

# Automation Hub Configuration
#

automationhub_admin_password='Redhat123'

automationhub_pg_host=''
automationhub_pg_port=''

automationhub_pg_database='automationhub'
automationhub_pg_username='automationhub'
automationhub_pg_password='Redhat123'
automationhub_pg_sslmode='prefer'

# By default if the automation hub package and its dependencies
# are installed they won't get upgraded when running the installer
# even if newer packages are available. One needs to run the ./setup.sh
# script with the following set to True.
#
# automationhub_upgrade = False

# By default when one uploads collections to Automation Hub
# an admin needs to approve it before it is made available
# to the users. If one wants to disble the content approval
# flow, the following setting should be set to False.
#
# automationhub_require_content_approval = True

# At import time collections can go through a series of checks.
# Behaviour is driven by galaxy-importer.cfg configuration.
# Example are ansible-doc, ansible-lint, flake8, ...
#
# The following parameter allow one to drive this configuration.
# This variable is expected to be a dictionnary.
#
# automationhub_importer_settings = None

# The default install will deploy a TLS enabled Automation Hub.
# If for some reason this is not the behavior wanted one can
# disable TLS enabled deployment.
#
# automationhub_disable_https = False

# The default install will deploy a TLS enabled Automation Hub.
# Unless specified otherwise the HSTS web-security policy mechanism
# will be enabled. This setting allows one to disable it if need be.
#
# automationhub_disable_hsts = False

# The default install will generate self-signed certificates for the Automation
# Hub service. If you are providing valid certificate via automationhub_ssl_cert
# and automationhub_ssl_key, one should toggle that value to True.
#
# automationhub_ssl_validate_certs = False

# SSL-related variables

# If set, this will install a custom CA certificate to the system trust store.
# custom_ca_cert=/path/to/ca.crt

# Certificate and key to install in nginx for the web UI and API
# web_server_ssl_cert=/path/to/tower.cert
# web_server_ssl_key=/path/to/tower.key

# Certificate and key to install in Automation Hub node
# automationhub_ssl_cert=/path/to/automationhub.cert
# automationhub_ssl_key=/path/to/automationhub.key

# Server-side SSL settings for PostgreSQL (when we are installing it).
# postgres_use_ssl=False
# postgres_ssl_cert=/path/to/pgsql.crt
# postgres_ssl_key=/path/to/pgsql.key

Step 6: To run the Red Hat Ansible Automation Hub installer setup script.

[root@ansible4 ansible-automation-platform-setup-bundle-2.0.1-1-early-access]# ./setup.sh

Installation will take 30-45 minutes and will see the successful installation messages at end of the installation, as below.


Step 7: To verify the Ansible Automation Hub services status installation completed.

[root@ansible4-ah ~]# systemctl status nginx  redis postgresql pulpcore-api pulpcore-content pulpcore-resource-manager pulpcore-worker@1 pulpcore-worker@2 

 nginx.service - The nginx HTTP and reverse proxy server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2021-11-03 18:03:04 +08; 15h ago
 Main PID: 23902 (nginx)
    Tasks: 2 (limit: 48888)
   Memory: 3.4M
   CGroup: /system.slice/nginx.service
           ├─23902 nginx: master process /usr/sbin/nginx
           └─24893 nginx: worker process

:::::::::::::CUTSOMEOUTPUT:::::::::::::

 redis.service - Redis persistent key-value database
   Loaded: loaded (/usr/lib/systemd/system/redis.service; enabled; vendor preset: disabled)
  Drop-In: /etc/systemd/system/redis.service.d
           └─limit.conf
   Active: active (running) since Wed 2021-11-03 18:00:29 +08; 15h ago
 Main PID: 18056 (redis-server)
    Tasks: 4 (limit: 48888)
   Memory: 6.7M
   CGroup: /system.slice/redis.service
           └─18056 /usr/bin/redis-server 127.0.0.1:0

:::::::::::::CUTSOMEOUTPUT:::::::::::::

 postgresql.service - PostgreSQL database server
   Loaded: loaded (/usr/lib/systemd/system/postgresql.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2021-11-03 17:56:43 +08; 15h ago
 Main PID: 10301 (postmaster)
    Tasks: 19 (limit: 48888)
   Memory: 827.6M
   CGroup: /system.slice/postgresql.service
           ├─10301 /usr/bin/postmaster -D /var/lib/pgsql/data
           ├─10302 postgres: logger   
           ├─10304 postgres: checkpointer   
           ├─10305 postgres: background writer   
           
:::::::::::::CUTSOMEOUTPUT:::::::::::::

 pulpcore-api.service - Pulp WSGI Server
   Loaded: loaded (/usr/lib/systemd/system/pulpcore-api.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2021-11-03 18:03:38 +08; 15h ago
 Main PID: 25908 (gunicorn)
    Tasks: 5 (limit: 48888)
   Memory: 637.9M
      CPU: 30.887s
   CGroup: /system.slice/pulpcore-api.service
           ├─25908 /usr/libexec/platform-python /usr/bin/gunicorn pulpcore.app.wsgi:application --bind unix:/var/run/pulpcore-api/pulpc>
           ├─25921 /usr/libexec/platform-python /usr/bin/gunicorn 

:::::::::::::CUTSOMEOUTPUT:::::::::::::

 pulpcore-content.service - Pulp Content App
   Loaded: loaded (/usr/lib/systemd/system/pulpcore-content.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2021-11-06 21:26:45 +08; 3min 13s ago
 Main PID: 1131 (gunicorn)
    Tasks: 9 (limit: 48888)
   Memory: 696.0M
      CPU: 16.993s
   CGroup: /system.slice/pulpcore-content.service
           ├─1131 /usr/libexec/platform-python /usr/bin/gunicorn pulpcore.content:server --bind unix:/var/run/pulpcore-content/pulpcore>

:::::::::::::CUTSOMEOUTPUT:::::::::::::

 pulpcore-resource-manager.service - Pulp Resource Manager
   Loaded: loaded (/usr/lib/systemd/system/pulpcore-resource-manager.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2021-11-06 21:26:45 +08; 3min 13s ago
 Main PID: 1125 (rq)
    Tasks: 2 (limit: 48888)
   Memory: 112.5M
      CPU: 2.308s
   CGroup: /system.slice/pulpcore-resource-manager.service
           └─1125 /usr/libexec/platform-python /usr/bin/rq worker -w pulpcore.tasking.worker.PulpWorker -n resource-manager --pid=/var/>

:::::::::::::CUTSOMEOUTPUT:::::::::::::

 pulpcore-worker@1.service - Pulp RQ Worker
   Loaded: loaded (/usr/lib/systemd/system/pulpcore-worker@.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2021-11-06 21:26:45 +08; 3min 13s ago
 Main PID: 1130 (rq)
    Tasks: 2 (limit: 48888)
   Memory: 85.1M
      CPU: 2.196s
   CGroup: /system.slice/system-pulpcore\x2dworker.slice/pulpcore-worker@1.service
           └─1130 /usr/libexec/platform-python /usr/bin/rq worker -w pulpcore.tasking.worker.PulpWorker --pid=/var/run/pulpcore-worker->

:::::::::::::CUTSOMEOUTPUT:::::::::::::

 pulpcore-worker@2.service - Pulp RQ Worker
   Loaded: loaded (/usr/lib/systemd/system/pulpcore-worker@.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2021-11-06 21:26:45 +08; 3min 13s ago
 Main PID: 1129 (rq)
    Tasks: 2 (limit: 48888)
   Memory: 86.2M
      CPU: 2.180s
   CGroup: /system.slice/system-pulpcore\x2dworker.slice/pulpcore-worker@2.service
           └─1129 /usr/libexec/platform-python /usr/bin/rq worker -w pulpcore.tasking.worker.PulpWorker --pid=/var/run/pulpcore-worker->

:::::::::::::CUTSOMEOUTPUT:::::::::::::

 pulpcore-worker@2.service - Pulp RQ Worker
   Loaded: loaded (/usr/lib/systemd/system/pulpcore-worker@.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2021-11-06 21:26:45 +08; 3min 13s ago
 Main PID: 1129 (rq)
    Tasks: 2 (limit: 48888)
   Memory: 86.2M
      CPU: 2.180s
   CGroup: /system.slice/system-pulpcore\x2dworker.slice/pulpcore-worker@2.service
           └─1129 /usr/libexec/platform-python /usr/bin/rq worker -w pulpcore.tasking.worker.PulpWorker --pid=/var/run/pulpcore-worker->

:::::::::::::CUTSOMEOUTPUT:::::::::::::


Step 8: To verify the Ansible Automation Hub User Interface at https://ansible4-ah.jazakallah.info.


Step 9: To create a group and user from the the Ansible Automation Hub User Interface.

User aap4admin is a member of the app2 group and the has above permission.


Now we can populate the Container Registry or Collections Repository in the Ansible Automation Hub.


Let's populate the Container Registry in the Ansible Automation Hub.

Step 1: To enable insecure image registry to ignore the verification of self-signed ssl certificates.

[root@ansible4-ah ~]#  vi /etc/containers/registries.conf
# Registries that do not use TLS when pulling images or uses self-signed
# certificates.
[registries.insecure]
registries = ['ansible4-ah.jazakallah.info']

Step 2: To login to the Ansible Automation Hub image registry.

[root@ansible4-ah ~]#  podman login ansible4-ah.jazakallah.info -u aap4admin
Password:
Login Succeeded!

Step 3: To copy and load that image file from the tarball.

[root@ansible4-ah ~]# scp root@bastion:/root/images/ee-29-rhel8.tar
[root@ansible4-ah ~]# podman load -i ee-29-rhel8.tar
Getting image source signatures
Copying blob 54e42005468d done  
Copying blob 0b911edbb97f done  
Copying blob 651388d6b512 done  
Copying blob eac4dc81f86d done  
Copying config e61302ef49 done  
Writing manifest to image destination
Storing signatures
Loaded image(s): sha256:e61302ef4941f4a2b2562d70a9cfb1ba346ed0ebe6862b1259d57f101c0caacb
[root@ansible4 ~]# podman images
REPOSITORY  TAG         IMAGE ID      CREATED      SIZE
<none>      <none>      e61302ef4941  2 weeks ago  794 MB

Step 4: To tag that image file and push to the local image registry.

[root@ansible4-ah ~]# podman tag e61302ef4941 ansible4-ah.jazakallah.info/ee-29-rhel8
[root@ansible4-ah repo]# podman images
REPOSITORY                               TAG         IMAGE ID      CREATED      SIZE
ansible4-ah.jazakallah.info/ee-29-rhel8  latest      e61302ef4941  2 weeks ago  794 MB
[root@ansible4-ah repo]#  podman push ansible4-ah.jazakallah.info/ee-29-rhel8
Getting image source signatures
Copying blob eac4dc81f86d skipped: already exists  
Copying blob 0b911edbb97f skipped: already exists  
Copying blob 651388d6b512 skipped: already exists  
Copying blob 54e42005468d [--------------------------------------] 0.0b / 0.0b
Copying config e61302ef49 [--------------------------------------] 0.0b / 4.0KiB
Writing manifest to image destination
Storing signatures

Step 5: Verify the Container Registry in the Ansible Automation Hub from the User Interface.


Now we can test our Ansible Automation platform using this newly configured Automation hub.


Step 1: To Create a Container Registry credential using Automation hub username.


Step 2: To configure the execution environments from the existing one.


Step 3: To execute an ad-hoc command on the target host.

Great its working fine. Now let's populate the Collections Repository in the Ansible Automation Hub.


Step 1: Login using our red hat user id to the cloud.redhat.com and get the token from the https://console.redhat.com/ansible/automation-hub/token URL under the Ansible Automation Platform.


It will generate a token once you click the Load Token button.

Step 2: Now, To login to our local Ansible Automation Hub at https://ansible4-ah.jazakallah.info and configure the token. And edit the Remote Repo Management, as below.


Type token and the user name and password in the below Edit Remote window.


Save and click the Sync for the repo synchronization.


Step 3: Now, Very the collections in the local Ansible Automation Hub at https://ansible4-ah.jazakallah.info, as below.

Now, local collections also synchronization with the cloud.redhat.com.

4,700 views2 comments

Recent Posts

See All
Log In to Connect With Members
View and follow other members, leave comments & more.
bottom of page