Wednesday, July 5, 2023

How to deploy Red Hat Ansible Automation Platform on Google Cloud

This blog is co-authored by Zack Kayyali and Hicham (he-sham) Mourad

Deploying Red Hat Ansible Automation Platform

The steps below detail how to install Red Hat Ansible Automation Platform on Google Cloud from the marketplace. Before starting the deployment process, please ensure the Google Cloud account you are using to deploy has the following permissions. These IAM roles are required to deploy the Google Cloud foundation stack offering.  The foundation stack offering here refers to the base Ansible Automation Platform 2 deployment.

This blog details how to deploy Ansible Automation Platform on Google Cloud, and then access the application. This deployment process will be configured to set up Ansible Automation Platform on its own Virtual Private Cloud (VPC) that it creates and manages. We also support deploying into an existing VPC.

To begin, first log into your Google Cloud account. If you have a private offer, ensure that these are accepted for both the foundation and extension node offerings. 

Note: 

  • The foundation offer refers to the “Red Hat Ansible Automation Platform 2 - Up to 100 Managed Nodes” marketplace item. 
  • The extension node offer refers to the “Extension Node - Ansible Automation Platform 2 - 100 Managed Nodes”, and “- 200 Managed Nodes”, and “- 400 Managed Nodes” marketplace items.  (The foundation offer MUST be deployed first before any extension node offers can be used to scale the Ansible Automation Platform environment).

Navigate to the private offers page in the Google Cloud Marketplace to accept these subscriptions. Accept the offers for the foundation and extension offers if they are available here. Note: Be sure you are in the correct Google Cloud project.

If Ansible Automation Platform is not visible under the Your Orders page under Google Cloud Marketplace, the offer can be found here - Ansible Automation Platform (Foundation).

Once the subscription has been accepted, you can begin deploying Ansible Automation Platform 2 on Google Cloud.

From the AAP Foundation offer page, click Launch to begin launching your Ansible Automation Platform on Google Cloud stack - as shown below.

After clicking Launch, you will be at the page below, titled New Red Hat Ansible Automation Platform 2 - Up to 100 Managed Nodes deployment.

At this page, you can name and configure your Ansible Automation Platform. 

The Deployment name must meet the following requirements:

  1. Deployment name must be less than 30 characters.
  2. Length of deployment name and length of project name must be less than 35 characters.

Note: If the deployment name does not meet these requirements, the deployment will fail.

Check the “Confirm Service Usage API is enabled” box and validate that the Service Usage API is enabled (make sure the correct project is selected).

Under the Deployment configuration section, select or create a service account which will be used for the Ansible Automation Platform virtual machines.

Select or create a Service Account and configure the service account with the following IAM roles -

  1. Editor
  2. Logs Writer
  3. Cloud SQL Client
  4. Cloud SQL Instance User
  5. Secret Manager Secret Accessor
  6. Compute Network Admin

Ensure you select the correct Region and Zone for your deployment.

(Optional) You can enable Observability and/or Logging

  1. Google Cloud Operations Suite Pricing
  2. Monitoring and Logging information

To enable these services, ensure the checkboxes are checked (these are disabled by default).

Under Network Selection, either New network or Existing network can be selected. Deploying into a new network guides the Ansible Automation Platform deployment to create its own VPC, and deploy its components inside this network. Deploying into an existing network allows the user to specify networking information to guide Ansible Automation Platform to deploy into an existing network. This blog details how to configure Ansible Automation Platform in a new network. In this flow, we will leave all fields in the Existing Network field blank.

In the Networking section, you should ensure that your subnets, load balancers, Cloud SQL peering, and Filestore peering are configured correctly with the required network settings. Customize your network settings as appropriate. Once deployed, Ansible Automation Platform will have created a VPC and subnets with the CIDR ranges you supplied. If a custom CIDR range is required, it is required to modify these values to meet your private networking requirements (ex: 10.x.x.x/xx).

The Networking parameters are explained in detail below.

Application Subnet Range: Network CIDR defining the subnet range used by the custom VPC deployed by the offering. Must be a minimum “/24” segment and must be in the private network range (192.168 or 10.0). (Default: 192.168.240.0./24)

Cloud SQL Peering Network Range: Network CIDR defining the network segment to be used to peer the Google Cloud CloudSQL network with the custom VPC Application Subnet deployed by the offering. Must be a “/24” segment. The “/24” segment range is a requirement of Google Cloud CloudSQL network peering configuration. (Default: 192.168.241.0/24)

Filestore Peering Network Range: The Ansible Automation Platform from Google Cloud Marketplace uses Google Cloud Filestore service to share configuration files between multiple automation controllers and Ansible automation hub VMs provisioned as part of the deployment. This network CIDR range defines the peer network that is used by the offering to peer between the Google Cloud Filestore network and the custom VPC Application Subnet of the offering. (Default: 192.168.243.0/29)

Load Balancer Proxy Subnet Range: Ansible Automation Platform from Google Cloud Marketplace is deployed using Google Cloud’s native cloud capabilities to provide a scalable and reliable installation. As part of the Ansible Automation Platform from Google Cloud Marketplace deployment topology, two load balancers are deployed in front of the Ansible automation hub and automation controller VMs. All traffic is directed at these load balancers and is proxied to the available backend VMs. The deployment takes advantage of Google Cloud’s native load balancing support enabling the customer to add additional ports (https) to the load balancers to capture and forward requests onto the backend VMs. This also provides request balancing and session tracking for better reliability. As part of the load balancer deployment Google Cloud requires creation of a special “proxy network” where Google Cloud natively handles the “redirection” of requests to the backend VMs. This special proxy network is not used within Ansible Automation Platform from Google Cloud Marketplace for any other purpose than Google Cloud’s Load Balancer’s proxy network requirement. A “/24” segment is required. (Default: 192.168.242.0/24)

Controller Internal Load Balancer IP Address:  This is the static IP address assigned to the automation controller load balancer. This address must be within the Application Subnet Range segment. (Default: 192.168.240.20)

Hub Internal Load Balancer IP Address: This will be the static IP address assigned to the Ansible automation hub load balancer. This address must be within the Application Subnet Range segment. (Default: 192.168.240.21)

Once all configuration options have been finalized, click Deploy to begin deploying Ansible Automation Platform.

Wait for the application to complete deploying. It should take approximately 30 minutes or so. At this point, please refer to the documentation to get started with Ansible Automation Platform.

 

Accessing the Ansible Automation Platform deployment

Once the Ansible Automation Platform foundation has been deployed, follow the instructions below to begin accessing the application. 

In the steps detailed above, Ansible Automation Platform is deployed into a VPC that it created during the deployment process. This VPC by default has no external access configured. External access can be configured in a variety of ways. These access methods may include strategies like VPC peering, setting up VPN access, or configuring external load balancers.

For specific instruction and detailed information about setting up networking and application access, view our documentation online.

To find the internal load balancer URLs, navigate to the load balancing page in the Google Cloud console. Two load balancers are created, one for the private automation hub and one for the automation controller.

The private automation hub load balancer will be named
<Deployment_name>-aap-hub-int-lb

The automation controller load balancer will be named
<Deployment_name>-aap-cntrlr-int-lb

Open both of these URLs in new tabs respectively, to open the login pages for the private automation hub, and the automation controller. If you are unable to access these pages, this indicates a problem in your network connectivity.

Now that you can access the login pages, you can retrieve the “admin” password for the Ansible Automation Platform deployment. The login credentials are the same for the private automation hub and automation controller.

To find the login information, first navigate to Google Secret Manager and ensure you are in the same project as your Ansible Automation Platform deployment. The secret containing your login information will be called <Deployment_name>-aap-admin. Click on this secret, and then click on the three dots under Actions. Then click View secret value to view the admin user password. The default username is always admin to start.

With these credentials, you can now login to the automation controller and the private automation hub consoles.

After logging into the controller console for the first time, you will be guided to activate Ansible Automation Platform by pulling in the subscription.

Simply log in with the Red Hat account that accepted the subscription at the start of the deployment steps, and then click Get subscriptions. This will retrieve a list of all active subscriptions, and from here we can pick the required one, and click next.

 

What can I do next?

Watch Hicham (he-sham) Mourad walk through this deployment process in a video.

To learn more about Ansible Automation Platform on Google Cloud, visit the page here. Also to learn more about Ansible Automation Platform on other hyperscalers, please visit the page here.

For hands-on self-paced lab(s) on Ansible Automation Platform, you can visit here. You can also take a look at the Ansible Automation Platform on Google Cloud documentation.

Consider trying other Red Hat products from the Google Cloud Marketplace.

 



from Ansible Blog https://bit.ly/43s5WFX
via IFTTT

No comments:

Post a Comment