To Install & configure the Ansible Ansible Automation Hub
Updated: Mar 10, 2022
We can install the Ansible Automation Hub 2 separately or together with the Ansible Automation Platform installation. In my lab I'm going to install a single Ansible Automation Hub separately. Let’s start the installation step by step, as below:
Step 1: Download the Red Hat Ansible Automation Platform installer if your Red Hat Enterprise Linux environment is connected to the internet. Navigate to https://access.redhat.com/downloads/content/480 and select the Product Variant & the
Version, as below:
And download the Ansible Automation Platform installer bundle.
We can skip this steps, if we already downloaded.
Step2: : Verify the necessary rpm repo's are enabled.
[root@ansible4-ah ~]# subscription-manager repos --list-enabled
+----------------------------------------------------------+
Available Repositories in /etc/yum.repos.d/redhat.repo
+----------------------------------------------------------+
Repo ID: rhel-8-for-x86_64-appstream-rpms
Repo Name: Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs)
Repo URL: https://cdn.redhat.com/content/dist/rhel8/$releasever/x86_64/appstream/os
Enabled: 1
Repo ID: codeready-builder-for-rhel-8-x86_64-rpms
Repo Name: Red Hat CodeReady Linux Builder for RHEL 8 x86_64 (RPMs)
Repo URL: https://cdn.redhat.com/content/dist/rhel8/$releasever/x86_64/codeready-builder/os
Enabled: 1
Repo ID: ansible-2.9-for-rhel-8-x86_64-rpms
Repo Name: Red Hat Ansible Engine 2.9 for RHEL 8 x86_64 (RPMs)
Repo URL: https://cdn.redhat.com/content/dist/layered/rhel8/x86_64/ansible/2.9/os
Enabled: 1
Repo ID: rhel-8-for-x86_64-baseos-rpms
Repo Name: Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs)
Repo URL: https://cdn.redhat.com/content/dist/rhel8/$releasever/x86_64/baseos/os
Enabled: 1Step3: Verify the hostname and IP Address of the Server.
[root@ansible4-ah ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.121.210 ansible4.jazakallah.info ansible4
192.168.121.211 ansible4-db.jazakallah.info ansible4-db
192.168.121.212 ansible4-ah.jazakallah.info ansible4-ah[root@ansible4-ah repo]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 52:54:00:35:d0:5c brd ff:ff:ff:ff:ff:ff
inet 192.168.121.212/24 brd 192.168.121.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe35:d05c/64 scope link
valid_lft forever preferred_lft foreverStep 4: Copy the file and Extract the files and will install from my controller node.
[root@ansible4 ~]# tar xvzf ansible-automation-platform-setup-<latest-version>.tar.gz
[root@ansible4 ~]# ls -l
-rw-------. 1 root root 1614 May 20 07:19 anaconda-ks.cfg
drwxr-xr-x. 6 root root 186 Nov 3 19:31 ansible-automation-platform-setup-bundle-2.0.1-1-early-accessStep 5: Open the inventory file with a vim editor and edit inventory file parameters to specify my installation scenario.
[root@ansible4 ~]# cd ansible-automation-platform-setup-bundle-2.0.1-1-early-access/
[root@ansible4 ansible-automation-platform-setup-bundle-2.0.1-1-early-access]# vim inventory
[automationcontroller]
[automationhub]
ansible4-ah.jazakallah.info
[database]
[servicescatalog_workers]
[all:vars]
#admin_password=''
#pg_host=''
#pg_port='5432'
#pg_database='awx'
#pg_username='awx'
#pg_password=''
#pg_sslmode='prefer' # set to 'verify-full' for client-side enforced SSL
# Execution Environment Configuration
# Credentials for container registry to pull execution environment images from,
# comment out registry_username if authentication is not required
registry_url='registry.redhat.io'
registry_username='mh2xxx'
registry_password='XXXXXXXX’'
# Automation Hub Configuration
#
automationhub_admin_password='Redhat123'
automationhub_pg_host=''
automationhub_pg_port=''
automationhub_pg_database='automationhub'
automationhub_pg_username='automationhub'
automationhub_pg_password='Redhat123'
automationhub_pg_sslmode='prefer'
# By default if the automation hub package and its dependencies
# are installed they won't get upgraded when running the installer
# even if newer packages are available. One needs to run the ./setup.sh
# script with the following set to True.
#
# automationhub_upgrade = False
# By default when one uploads collections to Automation Hub
# an admin needs to approve it before it is made available
# to the users. If one wants to disble the content approval
# flow, the following setting should be set to False.
#
# automationhub_require_content_approval = True
# At import time collections can go through a series of checks.
# Behaviour is driven by galaxy-importer.cfg configuration.
# Example are ansible-doc, ansible-lint, flake8, ...
#
# The following parameter allow one to drive this configuration.
# This variable is expected to be a dictionnary.
#
# automationhub_importer_settings = None
# The default install will deploy a TLS enabled Automation Hub.
# If for some reason this is not the behavior wanted one can
# disable TLS enabled deployment.
#
# automationhub_disable_https = False
# The default install will deploy a TLS enabled Automation Hub.
# Unless specified otherwise the HSTS web-security policy mechanism
# will be enabled. This setting allows one to disable it if need be.
#
# automationhub_disable_hsts = False
# The default install will generate self-signed certificates for the Automation
# Hub service. If you are providing valid certificate via automationhub_ssl_cert
# and automationhub_ssl_key, one should toggle that value to True.
#
# automationhub_ssl_validate_certs = False
# SSL-related variables
# If set, this will install a custom CA certificate to the system trust store.
# custom_ca_cert=/path/to/ca.crt
# Certificate and key to install in nginx for the web UI and API
# web_server_ssl_cert=/path/to/tower.cert
# web_server_ssl_key=/path/to/tower.key
# Certificate and key to install in Automation Hub node
# automationhub_ssl_cert=/path/to/automationhub.cert
# automationhub_ssl_key=/path/to/automationhub.key
# Server-side SSL settings for PostgreSQL (when we are installing it).
# postgres_use_ssl=False
# postgres_ssl_cert=/path/to/pgsql.crt
# postgres_ssl_key=/path/to/pgsql.keyStep 6: To run the Red Hat Ansible Automation Hub installer setup script.
[root@ansible4 ansible-automation-platform-setup-bundle-2.0.1-1-early-access]# ./setup.sh
Installation will take 30-45 minutes and will see the successful installation messages at end of the installation, as below.
Step 7: To verify the Ansible Automation Hub services status installation completed.
[root@ansible4-ah ~]# systemctl status nginx redis postgresql pulpcore-api pulpcore-content pulpcore-resource-manager pulpcore-worker@1 pulpcore-worker@2
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2021-11-03 18:03:04 +08; 15h ago
Main PID: 23902 (nginx)
Tasks: 2 (limit: 48888)
Memory: 3.4M
CGroup: /system.slice/nginx.service
├─23902 nginx: master process /usr/sbin/nginx
└─24893 nginx: worker process
:::::::::::::CUTSOMEOUTPUT:::::::::::::
● redis.service - Redis persistent key-value database
Loaded: loaded (/usr/lib/systemd/system/redis.service; enabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/redis.service.d
└─limit.conf
Active: active (running) since Wed 2021-11-03 18:00:29 +08; 15h ago
Main PID: 18056 (redis-server)
Tasks: 4 (limit: 48888)
Memory: 6.7M
CGroup: /system.slice/redis.service
└─18056 /usr/bin/redis-server 127.0.0.1:0
:::::::::::::CUTSOMEOUTPUT:::::::::::::
● postgresql.service - PostgreSQL database server
Loaded: loaded (/usr/lib/systemd/system/postgresql.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2021-11-03 17:56:43 +08; 15h ago
Main PID: 10301 (postmaster)
Tasks: 19 (limit: 48888)
Memory: 827.6M
CGroup: /system.slice/postgresql.service
├─10301 /usr/bin/postmaster -D /var/lib/pgsql/data
├─10302 postgres: logger
├─10304 postgres: checkpointer
├─10305 postgres: background writer
:::::::::::::CUTSOMEOUTPUT:::::::::::::
● pulpcore-api.service - Pulp WSGI Server
Loaded: loaded (/usr/lib/systemd/system/pulpcore-api.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2021-11-03 18:03:38 +08; 15h ago
Main PID: 25908 (gunicorn)
Tasks: 5 (limit: 48888)
Memory: 637.9M
CPU: 30.887s
CGroup: /system.slice/pulpcore-api.service
├─25908 /usr/libexec/platform-python /usr/bin/gunicorn pulpcore.app.wsgi:application --bind unix:/var/run/pulpcore-api/pulpc>
├─25921 /usr/libexec/platform-python /usr/bin/gunicorn
:::::::::::::CUTSOMEOUTPUT:::::::::::::
● pulpcore-content.service - Pulp Content App
Loaded: loaded (/usr/lib/systemd/system/pulpcore-content.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2021-11-06 21:26:45 +08; 3min 13s ago
Main PID: 1131 (gunicorn)
Tasks: 9 (limit: 48888)
Memory: 696.0M
CPU: 16.993s
CGroup: /system.slice/pulpcore-content.service
├─1131 /usr/libexec/platform-python /usr/bin/gunicorn pulpcore.content:server --bind unix:/var/run/pulpcore-content/pulpcore>
:::::::::::::CUTSOMEOUTPUT:::::::::::::
● pulpcore-resource-manager.service - Pulp Resource Manager
Loaded: loaded (/usr/lib/systemd/system/pulpcore-resource-manager.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2021-11-06 21:26:45 +08; 3min 13s ago
Main PID: 1125 (rq)
Tasks: 2 (limit: 48888)
Memory: 112.5M
CPU: 2.308s
CGroup: /system.slice/pulpcore-resource-manager.service
└─1125 /usr/libexec/platform-python /usr/bin/rq worker -w pulpcore.tasking.worker.PulpWorker -n resource-manager --pid=/var/>
:::::::::::::CUTSOMEOUTPUT:::::::::::::
● pulpcore-worker@1.service - Pulp RQ Worker
Loaded: loaded (/usr/lib/systemd/system/pulpcore-worker@.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2021-11-06 21:26:45 +08; 3min 13s ago
Main PID: 1130 (rq)
Tasks: 2 (limit: 48888)
Memory: 85.1M
CPU: 2.196s
CGroup: /system.slice/system-pulpcore\x2dworker.slice/pulpcore-worker@1.service
└─1130 /usr/libexec/platform-python /usr/bin/rq worker -w pulpcore.tasking.worker.PulpWorker --pid=/var/run/pulpcore-worker->
:::::::::::::CUTSOMEOUTPUT:::::::::::::
● pulpcore-worker@2.service - Pulp RQ Worker
Loaded: loaded (/usr/lib/systemd/system/pulpcore-worker@.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2021-11-06 21:26:45 +08; 3min 13s ago
Main PID: 1129 (rq)
Tasks: 2 (limit: 48888)
Memory: 86.2M
CPU: 2.180s
CGroup: /system.slice/system-pulpcore\x2dworker.slice/pulpcore-worker@2.service
└─1129 /usr/libexec/platform-python /usr/bin/rq worker -w pulpcore.tasking.worker.PulpWorker --pid=/var/run/pulpcore-worker->
:::::::::::::CUTSOMEOUTPUT:::::::::::::
● pulpcore-worker@2.service - Pulp RQ Worker
Loaded: loaded (/usr/lib/systemd/system/pulpcore-worker@.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2021-11-06 21:26:45 +08; 3min 13s ago
Main PID: 1129 (rq)
Tasks: 2 (limit: 48888)
Memory: 86.2M
CPU: 2.180s
CGroup: /system.slice/system-pulpcore\x2dworker.slice/pulpcore-worker@2.service
└─1129 /usr/libexec/platform-python /usr/bin/rq worker -w pulpcore.tasking.worker.PulpWorker --pid=/var/run/pulpcore-worker->
:::::::::::::CUTSOMEOUTPUT:::::::::::::Step 8: To verify the Ansible Automation Hub User Interface at https://ansible4-ah.jazakallah.info.
Step 9: To create a group and user from the the Ansible Automation Hub User Interface.
User aap4admin is a member of the app2 group and the has above permission.
Now we can populate the Container Registry or Collections Repository in the Ansible Automation Hub.
Let's populate the Container Registry in the Ansible Automation Hub.
Step 1: To enable insecure image registry to ignore the verification of self-signed ssl certificates.
[root@ansible4-ah ~]# vi /etc/containers/registries.conf
# Registries that do not use TLS when pulling images or uses self-signed
# certificates.
[registries.insecure]
registries = ['ansible4-ah.jazakallah.info']Step 2: To login to the Ansible Automation Hub image registry.
[root@ansible4-ah ~]# podman login ansible4-ah.jazakallah.info -u aap4admin
Password:
Login Succeeded!Step 3: To copy and load that image file from the tarball.
[root@ansible4-ah ~]# scp root@bastion:/root/images/ee-29-rhel8.tar
[root@ansible4-ah ~]# podman load -i ee-29-rhel8.tar
Getting image source signatures
Copying blob 54e42005468d done
Copying blob 0b911edbb97f done
Copying blob 651388d6b512 done
Copying blob eac4dc81f86d done
Copying config e61302ef49 done
Writing manifest to image destination
Storing signatures
Loaded image(s): sha256:e61302ef4941f4a2b2562d70a9cfb1ba346ed0ebe6862b1259d57f101c0caacb[root@ansible4 ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
<none> <none> e61302ef4941 2 weeks ago 794 MBStep 4: To tag that image file and push to the local image registry.
[root@ansible4-ah ~]# podman tag e61302ef4941 ansible4-ah.jazakallah.info/ee-29-rhel8
[root@ansible4-ah repo]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
ansible4-ah.jazakallah.info/ee-29-rhel8 latest e61302ef4941 2 weeks ago 794 MB[root@ansible4-ah repo]# podman push ansible4-ah.jazakallah.info/ee-29-rhel8
Getting image source signatures
Copying blob eac4dc81f86d skipped: already exists
Copying blob 0b911edbb97f skipped: already exists
Copying blob 651388d6b512 skipped: already exists
Copying blob 54e42005468d [--------------------------------------] 0.0b / 0.0b
Copying config e61302ef49 [--------------------------------------] 0.0b / 4.0KiB
Writing manifest to image destination
Storing signaturesStep 5: Verify the Container Registry in the Ansible Automation Hub from the User Interface.
Now we can test our Ansible Automation platform using this newly configured Automation hub.
Step 1: To Create a Container Registry credential using Automation hub username.
Step 2: To configure the execution environments from the existing one.
Step 3: To execute an ad-hoc command on the target host.
Great its working fine. Now let's populate the Collections Repository in the Ansible Automation Hub.
Step 1: Login using our red hat user id to the cloud.redhat.com and get the token from the https://console.redhat.com/ansible/automation-hub/token URL under the Ansible Automation Platform.
It will generate a token once you click the Load Token button.
Step 2: Now, To login to our local Ansible Automation Hub at https://ansible4-ah.jazakallah.info and configure the token. And edit the Remote Repo Management, as below.
Type token and the user name and password in the below Edit Remote window.
Save and click the Sync for the repo synchronization.
Step 3: Now, Very the collections in the local Ansible Automation Hub at https://ansible4-ah.jazakallah.info, as below.
Now, local collections also synchronization with the cloud.redhat.com.