Everything you know and love about Ansible Automation Platform in containerized form
We’re excited to announce something that we’ve been working on for a while now, the technical preview of a containerized Red Hat Ansible Automation Platform solution.
Currently, this will allow you to install and run containerized automation controller, Ansible automation hub, and the Event-Driven Ansible controller services on just one or more underlying RHEL hosts on x86_64 and ARM64 architectures. This does not require a kubernetes-based platform, as it just uses native RHEL podman on top of a RHEL host.
The rationale behind containerized Ansible Automation Platform
As Ansible Automation Platform evolved, we added more services and components into the stack. Over time, the increasing complexity and inter-dependencies between these components have introduced new challenges in terms of maintenance, installation, and support. They have also opened up opportunities for growth and innovation.
Containerized Ansible Automation Platform is the first step towards a more streamlined and improved platform management experience, incorporating our future vision and strategy.
The benefits
Just containerizing existing services was not enough for us, so we set some goals to provide:
- a slimmed down installation experience
- a layered installation approach
- a containerized services approach
- security out of the box using rootless Podman containers
- a launchpad for new improved future features
- a lighter footprint for applicable markets and solutions
- alignment to the approach for our supported deployment platforms and options
New features
New and currently only available with this technical preview release is:
- the ability to use controller_license_file to apply your Ansible Automation Platform license at install
- pre-seeding automation controller configuration content as code
Setup Overview
As a design goal, we’ve tried to simplify the installation requirements and process.
This now basically boils down to these few tasks:
- Download and unpack the installation bundle
Available from the usual RHN portal under our Downloads, download the latest released version in either ‘online’ (internet access required) or ‘offline’ bundle form. Note we support both x86_64 and arm64 architectures so download the right package for your platform choice.
We now mandate running as a non-root user, so extract the installation files in a location of your choice as the user you want to own Ansible Automation Platform. You’ll need as a minimum just one RHEL 9.2 virtual or physical host for all platform components. For exact host requirements please refer to the installation guide.
- Edit the supplied inventory file.
In the extracted installation directory, you’ll find an inventory file. This has been stubbed out with the necessary, optional and recommended configuration to get you going fast. We’ll explain this in a little more detail shortly.
Simply edit the inventory file and modify the configuration as required and fill in the necessary variable information. We’ve tried to make this as foolproof as possible to ensure the greatest success on the first install.
It should look something like this:
# This is the AAP installer inventory file # Please consult the docs if you're unsure what to add # For all optional variables please consult the included README.md # This section is for your AAP Controller host(s) # ------------------------------------------------- [automationcontroller] fqdn_of_your_rhel_host ansible_connection=local # This section is for your AAP Automation Hub host(s) # ----------------------------------------------------- [automationhub] fqdn_of_your_rhel_host ansible_connection=local # This section is for your AAP EDA Controller host(s) # ----------------------------------------------------- [automationeda] fqdn_of_your_rhel_host ansible_connection=local # This section is for the AAP database(s) # ----------------------------------------- # Uncomment the lines below and amend appropriately if you want AAP to install and manage the postgres databases # Leave commented out if you intend to use your own external database and just set appropriate _pg_hosts vars # see mandatory sections under each AAP component #[database] #fqdn_of_your_rhel_host ansible_connection=local [all:vars] # Common variables needed for installation # ---------------------------------------- postgresql_admin_username=postgres postgresql_admin_password= # If using the online (non-bundled) installer, you need to set RHN registry credentials registry_username= registry_password= # If using the bundled installer, you need to alter defaults by using: #bundle_install=true #bundle_dir= # AAP Controller - mandatory # -------------------------- controller_admin_password= controller_pg_host=fqdn_of_your_rhel_host controller_pg_password= # AAP Controller - optional # ------------------------- # To use the postinstall feature you need to set these variables #controller_postinstall=true #controller_license_file= #controller_postinstall_repo_url= #controller_postinstall_dir= # AAP Automation Hub - mandatory # ------------------------------ hub_admin_password= hub_pg_host=fqdn_of_your_rhel_host hub_pg_password= # AAP Automation Hub - optional # ----------------------------- # AAP EDA Controller - mandatory # ------------------------------ eda_admin_password= eda_pg_host=fqdn_of_your_rhel_host eda_pg_password= controller_main_url=https://fqdn_of_your_rhel_host # AAP EDA Controller - optional # -----------------------------
The [ ] sections represent our groups of services which we want to deploy (automation controller, automation hub, Event-Driven Ansible controller, and associated databases).
If a component platform service (automation controller, Ansible automation hub, or Event-Driven Ansible controller) is not required, simply comment out the fqdn_of_your_rhel_host line for that service and it’ll be skipped. I encourage you to install all the components though to get the full Ansible Automation Platform experience and benefits. It’ll also do the common integration tasks which you may not get when adding individual components.
The postgres database itself is also containerized on the same RHEL host and is provided and managed by the installer. It is possible to use an external containerized or non-containerized database, but we’ll keep it simple in this example.
fqdn_of_your_rhel_host presents my fully qualified domain named RHEL 9.2 host. Replace anything inside <> with the password or credentials you wish to use.
As we’re installing from and on the same RHEL host, we can use ansible_connection=local as the connection mechanism to avoid having to use SSH keys.
[all:vars] is a special section where we’re supplying the individual service options as Ansible variables. We’ve sectioned the sample inventory file so it’s easier to know which are mandatory and which are optional. The latter is useful to tweak and customize your configuration further.
There are many more variables available to provide the ultimate flexibility so please consult the README.md that comes with the installation package. Most are straight forward but I’ll call out registry_*. These are the RHN portal credentials you normally use, which enable the container images we need to be fetched from registry.redhat.io if you use the default online bundle.
Some customers prefer to separate out the more sensitive variable information into a separate file so it can be protected with the likes of ansible-vault. It allows for a much cleaner, simpler inventory file. I won’t use that example here but will instead show how it can be called when installing.
- Set environment variables
The actual installer itself is now an Ansible Content Collection in its own right. This is a super cool feature and allows us to commoditize the packaging aspect for the installer, giving us a more flexible future proofed approach.
You need to tell the installer where to go find the installer collections using ANSIBLE_COLLECTIONS_PATH
An example will be something like:
$ export ANSIBLE_COLLECTIONS_PATH=/full-path-to-installer/collections
- Run the collections installer!
We are now ready to run the installer which is done by calling the installer collections playbook:
$ ansible-playbook -i inventory ansible.containerized_installer.install [options]
[options] are ansible-playbook supported options such as increasing verbosity with -v, asking for privilege escalation password -K. Consult the ansible-playbook documentation for more options.
If you’ve separated out your variable information into a separate file (in this example called vars.yml), then you can use something like this:
$ ansible-playbook -i inventory -e @vars.yml ansible.containerized_installer.install [--ask-vault-pass] [-K] [-vvvv]
If you’ve not ansible-vault protected the vars.yml file, then you don’t need to use –ask-vault-pass which prompts for the vaulted file’s password.
Once completed, you’ll see output similar to:
PLAY RECAP ***************************************************************************************************************** caap1.lan : ok=227 changed=10 unreachable=0 failed=0 skipped=45 rescued=0 ignored=0 localhost : ok=10 changed=0 unreachable=0 failed=0 skipped=14 rescued=0 ignored=0
There should be zero failed actions, but others will vary depending on what and how you’re configuring the platform.
You can now go automate! By default the services will be available on:
- automation controller - port 443
- Ansible automation hub - port 444
- Event-Driven Ansible - controller port 445
Access via your browser and enter https://your_RHEL_host:<port>
Summary
This blog provides a quick overview and demonstration of our new tech preview of containerized Ansible Automation Platform.
You can get started by downloading this from the normal Red Hat Portal Downloads section, and you'll find the current documentation here.
Please refer to the installation guide for a more detailed and comprehensive installation walkthrough as we still provide many flexible options.
In a follow up blog, I'll cover another new feature: the ability to pre-seed Ansible Automation Platform configuration at installation time. Watch this space!
from Ansible Blog https://bit.ly/3RBZXMc
via IFTTT
No comments:
Post a Comment