Introduction to Event-Driven Ansible

Bookmark this page
P123
PreviousNext

Chapter 2.  Getting Started with Event-Driven Ansible Controller

Section Installing Event-Driven Ansible Controller
SectionObjectives
SectionPlanning the Installation
SectionEvent-Driven Ansible Controller Installation Options
SectionSubscription and Support
SectionInstalling Red Hat Ansible Automation Platform
SectionReplacing the CA Certificate
SectionTrusting Custom CA Certificates
SectionUpdating RPM Packages on Ansible Automation Platform Servers
Quiz: Installing Event-Driven Ansible Controller
Configuring Event-Driven Ansible Controller to Run Ansible Rulebooks
Objectives
Event-Driven Ansible Controller Resources
Creating Credentials
Creating Projects
Creating Controller Tokens
Creating Ansible Rulebook Activations
Launching an Automation Controller Job Template or Workflow Template Using a Rulebook Activation
Viewing Rule Audits
Guided Exercise: Configuring Event-Driven Ansible Controller to Run Ansible Rulebooks
Summary

Abstract

Goal

Configure Event-Driven Ansible controller as a service that provides a rules engine to listen for events and activate your Ansible Rulebooks.

Objectives

  • Explain installation options for Event-Driven Ansible controller and how to install it.

  • Set up new projects, the automation decision environment, and integration with automation controller so that Event-Driven Ansible controller can launch job templates based on events monitored by Ansible Rulebooks.

Sections

  • Installing Event-Driven Ansible Controller (and Quiz)

  • Configuring Event-Driven Ansible Controller to Run Ansible Rulebooks (and Guided Exercise)

Installing Event-Driven Ansible Controller

Objectives

  • Explain installation options for Event-Driven Ansible controller and how to install it.

Planning the Installation

You can deploy the components of Red Hat Ansible Automation Platform in different ways, depending on the resources that you have available and the number of hosts that you want to support.

You can use one of the following supported installation scenarios for Red Hat Ansible Automation Platform:

  • Automation controller with a database on the same node

  • Automation controller and private automation hub with an external database

  • Automation controller, private automation hub, and Event-Driven Ansible controller with an external database

Note

You can install the external database on the same node as the automation controller, the private automation hub, or the Event-Driven Ansible controller.

Automation Controller, Private Automation Hub, and Event-Driven Ansible Controller with External Database Servers

To improve performance, you can install the PostgreSQL databases used by automation controller, private automation hub, and Event-Driven Ansible controller on an external database server. By separating the functions to separate servers, you can spread the load and tune the servers for their particular functions.

Figure 2.1: Ansible Automation Platform deployment with external database

Event-Driven Ansible Controller Installation Options

You can install automation controller, private automation hub, and Event-Driven Ansible controller on systems that run the 64-bit x86_64 version of Red Hat Enterprise Linux, or by using the platform operator in an OpenShift environment.

Installation Requirements

Ensure that you satisfy the following requirements before installing automation controller, private automation hub, and Event-Driven Ansible controller on Red Hat Enterprise Linux systems.

ResourceAnsible Automation Platform nodeMinimum requirements
MemoryAutomation controller16 GB
Private automation hub8 GB
Event-Driven Ansible controller16 GB
CPUAutomation controller4 CPUs
Private automation hub2 CPUs
Event-Driven Ansible controller4 CPUs
Local diskAutomation controller40 GB; 20 GB of this space must be available to the /var directory.
Private automation hub40 GB
Event-Driven Ansible controller40 GB

To connect to the web UI for Event-Driven Ansible controller, use the current supported version of Mozilla Firefox or Google Chrome web browsers.

Note

The minimum requirements for the Event-Driven Ansible controller enables you to run a maximum of twelve simultaneous rulebook activations.

Under standard conditions, an Event-Driven Ansible rulebook activation uses approximately 250 MB of memory. However, the actual memory consumption might vary significantly based on the complexity of your rules and the volume and size of the events processed.

Important

You cannot install Event-Driven Ansible controller on the same node as automation controller or private automation hub.

Installing Event-Driven Ansible controller with Ansible Automation Platform Operator on OpenShift Container Platform is out of scope for this course, but you can find information about this installation in the references at the end of this section.

Database Storage

You might need more database storage based on the following factors:

  • The number of hosts managed by the automation controller

  • The number of Ansible Content Collections and automation execution environments stored by the private automation hub

  • The number of automation decision environments stored by the Event-Driven Ansible controller

Red Hat recommends at least 150 GB for database storage.

The storage volume must have a high baseline input/output operations per second (IOPS) rating (1500 IOPS or more).

Subscription and Support

You need a Red Hat Ansible Automation Platform subscription and you must enable the Red Hat Ansible Automation Platform 2 repository.

Use the following procedure to register your systems and enable the repositories:

  • As the root user, use Red Hat Subscription Manager to register each of your systems:

    [root@host ~]# subscription-manager register

  • Enable the Red Hat Ansible Automation Platform 2 repository on all systems that need to use packages from that channel. This includes all automation controller, private automation hub, and Event Driven Ansible nodes. The following example is for a Red Hat Enterprise Linux 9 system:

    [root@host ~]# subscription-manager repos \
--enable ansible-automation-platform-2.4-for-rhel-9-x86_64-rpms

Important

You must use Red Hat Ansible Automation Platform 2.4 or later to install Event-Driven Ansible controller.

Installing Red Hat Ansible Automation Platform

The current installation process executes a shell script that runs an Ansible Playbook. This process automatically attempts to install the latest ansible-core release package. You can get the relevant files in one of two ways:

  • Enable access to the Ansible Automation Platform repository (such as ansible-automation-platform-2.4-for-rhel-9-x86_64-rpms for RHEL 9) on one of your systems, and then install the ansible-automation-platform-installer RPM package on that system. That RPM unpacks the installer into the /opt/ansible-automation-platform/installer directory on that system.

  • Download an archive file from the Red Hat Customer Portal (https://access.redhat.com/downloads/content/480/) and unpack it into a directory on your workstation.

If you want to perform an installation using an archive file, then you must choose between two different archives:

Red Hat Ansible Automation Platform installer

This is a smaller file but this installer requires internet connectivity to download the required repositories, packages, and dependencies.

Red Hat Ansible Automation Platform Bundle installer

This file includes an initial set of RPM packages that you can use to install Ansible Automation Platform on systems that are disconnected from the internet.

Use the following procedure to install automation controller, automation hub, and Event-Driven Ansible controller:

  1. Download and extract the installation archive file, or install the ansible-automation-platform-installer RPM package.

  2. Change to the directory containing the installer files.

  3. Edit the inventory file to configure the installation process.

  4. Run the setup.sh script, which uses Ansible to install and configure the servers.

  5. Log in to the web UI of the new servers and complete their configuration.

Installing Event-Driven Ansible Controller

The following procedure describes how to install a single automation controller, single private automation hub, and single Event-Driven Ansible controller node with an external database.

  1. Download the installer from https://access.redhat.com/downloads/content/480.

  2. Extract the files from the installer and change to the directory containing the extracted contents.

    For the Red Hat Ansible Automation Platform installer:

    [user@host ~]$ tar xzf ansible-automation-platform-setup-2.4-5.tar.gz
[user@host ~]$ cd ansible-automation-platform-setup-2.4-5/

    For the Red Hat Ansible Automation Platform Bundle installer:

    [user@host ~]$ tar xzf ansible-automation-platform-setup-bundle-2.4-5.tar.gz
[user@host ~]$ cd ansible-automation-platform-setup-bundle-2.4-5/

  3. Edit the inventory file.

    • Specify the fully qualified domain name (FQDN) of the automation controller server in the [automationcontroller] section:

      [automationcontroller]
fqdn-for-the-controller-server

    • Specify the FQDN of the private automation hub server in the [automationhub] section:

      [automationhub]
fqdn-for-the-hub-server

    • Specify the FQDN of the Event-Driven Ansible controller server in the [automationedacontroller] section:

      [automationedacontroller]
fqdn-for-the-event-driven-ansible-controller-server

    • Specify the FQDN of the database server in the [database] section:

      [database]
fqdn-for-the-database-server

    Note

    You can set additional required variables by either modifying the inventory file or by creating a separate variables file that you can pass to the setup.sh installation script.

  4. Set the passwords for the administrative accounts and for the PostgreSQL database user account.

    Important

    You should set the passwords to something secure.

    To prevent the installation from failing, do not use special characters for the database password.

    • Set the password for the automation controller admin account by using the admin_password variable.

      Specify the FQDN of the automation controller database server by using the pg_host variable. Specify the port to communicate with the database server by using the pg_port variable. Unless you configure it differently, the PostgreSQL database server uses port 5432.

      admin_password='password'

pg_host='fqdn-for-the-database-server'
pg_port=5432

pg_database='awx'
pg_username='awx'
pg_password='password'
pg_sslmode='prefer'  # set to 'verify-full' for client-side enforced SSL

    • Set the password for the private automation hub admin account by using the automationhub_admin_password variable.

      Specify the FQDN of the private automation hub database server by using the automationhub_pg_host variable. Specify the port used to communicate with the database server by using the automationhub_pg_port variable.

      The database is the same as for the automation controller.

      automationhub_admin_password='password'

automationhub_pg_host='fqdn-for-the-database-server'
automationhub_pg_port=5432

automationhub_pg_database='automationhub'
automationhub_pg_username='automationhub'
automationhub_pg_password='password'
automationhub_pg_sslmode='prefer'

    • Set the password for the Event-Driven Ansible controller admin account by using the automationedacontroller_admin_password variable.

      As with automation controller and private automation hub, specify the FQDN of the database server (automationedacontroller_pg_host) for the Event-Driven Ansible controller and the port used to communicate with the database server (automationedacontroller_pg_port).

      The database is the same as for the automation controller and private automation hub.

      automationedacontroller_admin_password='password'

automationedacontroller_pg_host='fqdn-for-the-database-server'
automationedacontroller_pg_port=5432

automationedacontroller_pg_database='automationedacontroller'
automationedacontroller_pg_username='automationedacontroller'
automationedacontroller_pg_password='password'
automationedacontroller_pg_sslmode='prefer'

    Important

    For an installation with the PostgreSQL database on the same node as automation controller, private automation hub, or Event-Driven Ansible controller, leave the values for the FQDN of the database server and the port used to communicate with the database server empty.

    For example, for installing the automation controller with the PostgreSQL database on the same server, leave the values for the pg_host and pg_port variables empty.

    admin_password='password'

pg_host=''
pg_port=''

pg_database='awx'
pg_username='awx'
pg_password='password'

  5. Set the registry_url, registry_username, and registry_password variables.

    If you use the default registry_url variable value of registry.redhat.io, then specify the registry credentials (registry_username and registry_password) that you use to pull container images from that URL.

    registry_url='registry.redhat.io'
registry_username='username'
registry_password='password'

    If you plan to host automation execution environment images on the private automation hub, then perform the following configuration:

    • Set the registry_url variable to the FQDN of the private automation hub, such as hub.lab.example.com.

    • Set the registry credentials (registry_username and registry_password) to a user who can pull container images from the registry server.

  6. If desired, then specify values for additional variables defined in the inventory file, such as variables related to certificates.

    The following is an example of the uncommented content of a modified inventory file you can use to install a single automation controller, a single private automation hub, and a single Event-Driven Ansible controller node with an external database:

    [automationcontroller]
controller.lab.example.com

[automationcontroller:vars]
peers=execution_nodes

[execution_nodes]

[automationhub]
hub.lab.example.com

[automationedacontroller]
eda-controller.lab.example.com

[database]
db.lab.example.com

[sso]

[all:vars]
admin_password='redhat'

pg_host='db.lab.example.com'
pg_port=5432

pg_database='awx'
pg_username='awx'
pg_password='redhat'

registry_url='hub.lab.example.com'
registry_username='admin'
registry_password='redhat'
ee_from_hub_only = true

receptor_listener_port=27199

automationhub_admin_password='redhat'

automationhub_pg_host='db.lab.example.com'
automationhub_pg_port=5432

automationhub_pg_database='automationhub'
automationhub_pg_username='automationhub'
automationhub_pg_password='redhat'
automationhub_pg_sslmode='prefer'

automationedacontroller_admin_password='redhat'

automationedacontroller_pg_host='db.lab.example.com'
automationedacontroller_pg_port=5432

automationedacontroller_pg_database='automationedacontroller'
automationedacontroller_pg_username='automationedacontroller'
automationedacontroller_pg_password='redhat'
automationedacontroller_pg_sslmode='prefer'

sso_keystore_password=''

sso_console_admin_password=''

  7. Run the setup.sh installation script:

    [user@host ansible-automation-platform-setup-bundle-2.4-5-x86_64]$ ./setup.sh
...output omitted...
The setup process completed successfully.
[warn] /var/log/tower does not exist. Setup log saved to setup.log.

    Important

    You need root access to the server to run the playbook to install automation controller, private automation hub, and Event-Driven Ansible controller. Choose the privilege escalation setting you prefer to achieve this access.

  8. After the installer finishes successfully, connect to the web UI for the Event-Driven Ansible controller with a web browser. If you did not specify variables for certificates, then the web browser generates a warning message regarding a self-signed security certificate presented by the Event-Driven Ansible controller website. Accept the risk and continue.

  9. Log in to the Event-Driven Ansible controller web UI with the admin account and the password you set in the inventory file.

Replacing the CA Certificate

You can configure automation controller, private automation hub, Event-Driven Ansible controller, and the database server to use valid TLS certificates. These certificates could be signed by a publicly recognizable certificate authority or by a corporate or enterprise certificate authority that is trusted by your company.

Gathering Certificates and Private Keys

Before replacing certificates, ensure that you have the following files:

  • The certificate authority (CA) certificate that signed the TLS certificates for the automation controller, private automation hub, Event-Driven Ansible controller, and database server if you use a corporate or enterprise CA. This is not needed for a public certificate authority that is already configured as trusted by Red Hat Enterprise Linux.

  • The signed certificate for the automation controller, private automation hub, Event-Driven Ansible controller, or database server.

  • The associated private key for each signed certificate.

Preparing the Systems

To configure the certificates during the installation process, edit the inventory file before running the setup.sh installation script. If the certificate was signed by a corporate or enterprise certificate authority, then specify the location of the CA certificate (custom_ca_cert) in the inventory file.

custom_ca_cert=/etc/pki/tls/certs/third-party-ca.pem

Depending on the server, uncomment the variables related to certificates and specify the correct values for them.

For example, for the Event-Driven Ansible controller, specify the signed certificate (automationedacontroller_ssl_cert) and the private key (automationedacontroller_ssl_key).

automationedacontroller_ssl_cert=/tmp/certs/eda-controller.lab.example.com.crt
automationedacontroller_ssl_key=/tmp/certs/eda-controller.lab.example.com.key

Trusting Custom CA Certificates

If you specify the custom_ca_cert variable, then the installation script configures the servers targeted by the playbook to trust any certificate signed by that certificate authority.

You can configure additional servers in your environment to trust certificates signed by that certificate authority. As the root user, copy the CA certificate to the /etc/pki/ca-trust/source/anchors/ directory and then run the update-ca-trust command to add the trusted CA certificate:

[root@host ~]$ update-ca-trust

Note

You can configure Ansible Automation Platform to use custom certificates either before or after the installation.

Updating RPM Packages on Ansible Automation Platform Servers

Do not use the dnf command or module to update RPM packages on servers where you used the setup.sh installation script to install Ansible Automation Platform.

Instead, to upgrade packages, you must run the setup.sh installation script again. The services must be updated with the installation script to perform database migrations and other operations correctly, and the installation script takes care of other RPM package updates as well.

Warning

Using the dnf command or module to update RPM packages on automation controller, private automation hub, or Event-Driven Ansible controller can cause issues with your installation. For more information, see the Knowledgebase article at https://access.redhat.com/solutions/4566711.

References

Installing Red Hat Ansible Automation Platform

Event-Driven Ansible Controller

Event-Driven Ansible Controller System Requirements

Single Automation Controller, Single Automation Hub, and Single Event-Driven Ansible Controller Node with External (Installer Managed ) Database

Inventory File Variables

Deploying Event-Driven Ansible Controller with Ansible Automation Platform Operator on OpenShift Container Platform

PreviousNext
Revision: do274-2.4-65daa25