Ansible Automation Platform (AAP) on ARO

Ansible Automation Platform (AAP) is a popular platform for centralizing and managing an organization’s automation content using Ansible as the engine for writing automation code. Prior to deployment, organizations are faced with the decision “where do I want to host this thing?”. In today’s landscape, there are several options between traditional Virtual Machines, running it on OpenShift, or even running it as a managed offering. This walkthrough covers a scenario when a customer wants to run AAP on top of a managed OpenShift offering like Azure Red Hat OpenShift (ARO).

NOTE: there are several design decisions that go into the deployment of AAP. This is a simple walkthrough to get you going and does not cover all possible decisions.

Prerequisites

• Azure CLI
• An Azure Red Hat OpenShift (ARO) cluster

High-Level Architecture

Below represents a high-level architecture. It is intended to show a simplified architecture with most components deployed. Please note that components can easily be spread across multiple availability zones to achieve high availability requirements, which is not represented in the overly simplified diagram below:

Prepare your Environment

This step simply sets up your environment with variables to be used during installation:

Create the Prerequisite Projects and Secrets

This project assumes that you will be installing the following components of Ansible Automation Platform:

• Automation Controller
• Event Driven Ansible Controller
• Automation Hub

1. Create the projects for each of the components and the operators:

2. Create the admin password secret for each of the operators. This will be used to authenticate with each of the individual components of AAP:

Install the AAP Operators

This section covers the installation of the AAP operators. The AAP operators are responsible for all deployment and management actions as it relates to AAP.

1. Install the AAP Operators:

Install the Automation Controller

1. Install the automation controller with the AutomationController custom resource definition which was provided via the operator installation in the previous step:

   NOTE: you may need to adjust the *_resource_requirements fields (not pictured below) depending upon how large your deployment is and how many hosts you are managing with AAP. See oc explain automationcontroller.spec for full configuration details.

2. This should take a few minutes to become ready. You can monitor the status by checking to see the pods that are deployed. The deployed pods are prepended with the .metadata.name value of the AutomationController instance deployed above. In this case, default are the deployed pods:

3. Should you run into issues, you can check the logs of the automation controller operator pod. This operator is responsible for watching for new AutomationController instances and deploying and managing those instances:

4. Once deployed (you should see some task pods, some web pods, and a postgres pod), you can login to the Ansible Automation Platform UI with the AAP_ADMIN_USERNAME user and the password that you set with the AAP_ADMIN_PASSWORD environment variable. Once logged in you will need to provide access to an AAP subscription via your RH or Satellite credentials, accept a EULA, and then you are redirected to the dashboard. You can access AAP via the https://ansible.apps.$AAP_APPS_DOMAIN url:

   

Install Event Driven Ansible Controller

For those that wish to use event-driven Ansible, you can install the EDA controller.

1. Install the EDA controller with the EDA custom resource definition which was provided via the operator installation in the previous step:

   NOTE: you may need to adjust the *_resource_requirements fields (not pictured below) depending upon how large your deployment is and how many hosts you are managing with AAP. See oc explain eda.spec for full configuration details.

2. This should take a few minutes to become ready. You can monitor the status by checking to see the pods that are deployed. The deployed pods are prepended with the .metadata.name value of the EDA instance deployed above. In this case, default are the deployed pods:

3. Should you run into issues, you can check the logs of the automation hub operator pod. This operator is responsible for watching for new EDA instances and deploying and managing those instances:

4. Once deployed (you should see activation workers, api pods, default workers and other various pods), you can login to the Ansible EDA UI with the AAP_ADMIN_USERNAME user and the password that you set with the AAP_ADMIN_PASSWORD environment variable. You can access AAP via the https://ansible-eda.apps.$AAP_APPS_DOMAIN url:

   

   NOTE: should you run into issues with an invalid username or password, you can change it to the value you set as AAP_ADMIN_PASSWORD (see https://access.redhat.com/solutions/7050687 )

Install Automation Hub

For those that wish to host their own Ansible content locally, you may also wish to install Automation Hub.

1. Install the automation hub with the AutomationHub custom resource definition which was provided via the operator installation in the previous step:

   NOTE: you may need to adjust the *_resource_requirements fields (not pictured below) depending upon how large your deployment is and how many hosts you are managing with AAP. See oc explain automationhub.spec for full configuration details.

2. This should take a few minutes to become ready. You can monitor the status by checking to see the pods that are deployed. The deployed pods are prepended with the .metadata.name value of the AutomationHub instance deployed above. In this case, default are the deployed pods:

3. Should you run into issues, you can check the logs of the automation hub operator pod. This operator is responsible for watching for new AutomationHub instances and deploying and managing those instances:

4. Once deployed (you should see api pods, worker pods, a postgres pod, a redis pod and content pods), you can login to the Ansible Automation Hub UI with the AAP_ADMIN_USERNAME user and the password that you set with the AAP_ADMIN_PASSWORD environment variable. You can access AAP via the https://default-aap-hub.apps.$AAP_APPS_DOMAIN url: