Developing Advanced Automation with Red Hat Ansible Automation Platform
Run a playbook in automation controller that uses an Ansible Content Collection in the Ansible project or provided by a specific automation execution environment.
You might want to run an Ansible Playbook that requires an Ansible Content Collection that is not included in an existing automation execution environment. In some cases, one of your automation execution environments might already provide all the resources needed by the collection, other than the collection itself.
If so, then you can configure automation controller to automatically download the collection into the automation execution environment when it runs your playbook.
To configure this, you need to do two things:
Set up a
collections/requirements.ymlfile in your Ansible project, which specifies the additional collections that your playbook needs.Configure automation controller with the authentication credentials it needs to access the Ansible automation hub or private automation hub that stores those collections.
When you use the ansible-navigator run command to run a playbook that requires Ansible Content Collections that are not in the automation execution environment, you must manually install the collections.
Usually, the project provides a collections/requirements.yml file that you can process with the ansible-galaxy collection install -r collections/requirements.yml command to do this.
Automation controller does not require you to manually run this command. Instead, it automatically runs the following commands to install collections and roles when you run a playbook:
ansible-galaxy collection install -r collections/requirements.ymlansible-galaxy role install -r roles/requirements.yml
The collections/requirements.yml file that you provide in your Ansible project might point to collections available on Ansible automation hub or private automation hub.
For example, the following collections/requirements.yml file lists two collections.
Ansible automation hub hosts the redhat.insights collection, and private automation hub at hub.example.com hosts the ansible.posix collection.
---
collections:
- name: redhat.insights
source: https://console.redhat.com/api/automation-hub/
- name: ansible.posix
source: https://hub.example.com/api/galaxy/content/rh-certified/Ansible automation hub and private automation hubs require login credentials. You need to configure automation controller with a credential that provides the automation hub API token and URLs for Ansible automation hub and for any private automation hubs that your playbook uses to download collections.
To perform that configuration, follow these steps:
Log in to the automation controller web UI.
Navigate to → and click .
Select the credential type and then enter the Ansible automation hub URL and your token. You can obtain the Ansible automation hub URL and your token at
https://console.redhat.com/ansible/automation-hub/token.
Figure 9.2: Creating a credential for accessing Ansible automation hubClick .
Associate the credential with all the organizations in automation controller that need access to Ansible automation hub. To do so, navigate to → and select an organization.
Click and then add the credential in the field, in the order you want to search the platforms for collections.
Figure 9.3: Associating Ansible automation hub credentials with organizationsClick .
You might need to repeat the process for your private automation hub.
Important
If you installed both automation controller and private automation hub at the same time, then the installation script creates the following credential resources:
Automation Hub Community RepositoryAutomation Hub Published RepositoryAutomation Hub RH Certified Repository
These credentials use the API token for the private automation hub
adminuser. Because loading a new token in the private automation hub web UI deletes the previous token, if you load a new API token for the private automation hubadminuser, then you must update these automation controller credentials with the new API token.
Automation controller uses an automation execution environment to run playbooks. By default, automation controller already includes the supported automation execution environments from Red Hat.
You can use your own custom automation execution environments as well. You can configure automation controller to download the container images for these execution environments automatically.
To implement this, perform the following:
Configure automation controller with a credential that it can use to authenticate to the container registry that contains your execution environment's container image.
Configure automation controller with information about what container images to pull from where, and how often to pull them.
(Optional) Specify a default execution environment for automation controller to use when running playbooks from a particular project.
(Optional) Specify an execution environment to use when running a playbook from a particular template, if you do not want the template to use the project's default execution environment.
Automation controller automatically downloads the container images for its automation execution environments from a container registry. This could be a container registry built into automation hub, or one provided by a service such as Quay.
Many container registries require authentication for access. You need to configure automation controller with a credential to store this authentication information.
The following steps show how to create a credential for a container registry:
Log in to the automation controller web UI.
Navigate to → and then click .
Select the credential type and then enter the URL of the container registry, your username, and your password. The following screen capture shows how to configure a credential for the container registry of private automation hub at
hub.example.com.
Figure 9.4: Creating a credential for accessing a container registryClick .
Important
If you installed both automation controller and private automation hub at the same time, then the installation script creates the automation controller Automation Hub Container Registry credential.
This credential uses the private automation hub admin user and the password for that user specified during installation.
If you update the password for the private automation hub admin user, then you must update the automation controller Automation Hub Container Registry credential as well.
You can configure your automation execution environment images as follows:
Navigate to → and then click .
Complete the form.
Field Description Specify a name to use in automation controller for the automation execution environment. Specify the container image for the automation execution environment. Select how automation controller should pull the container image. Select an existing credential for the container registry. 
Figure 9.5: Configuring an automation execution environmentClick .
Important
If you do not specify a tag for the image, then the tag defaults to latest.
Using the latest tag might be problematic.
Suppose, for example, that a developer creates a new version of an execution environment but forgets to assign a tag before pushing it to the container registry.
The latest tag is then automatically moved to that new, untested image.
All your jobs in automation controller start by using that image, which can have severe consequences if the image does not work correctly.
When you set up your Ansible project in automation controller, you can specify a default automation execution environment for playbooks from that project to use.
Define the default execution environment for your project as follows:
Navigate to → and then click .
Complete the form to configure your project. Select the automation execution environment to use by default in the field.
Figure 9.6: Selecting an automation execution environment for a projectClick .
A template specifies all the parameters that automation controller needs to run a playbook, including the project containing the playbook, the inventory to use, and machine credentials needed to access the managed nodes in its plays.
When you set up a job template to run a playbook, you can also select a specific execution environment to use when running the playbook. This overrides the default execution environment specified by the playbook's project.
 |
If you leave the field empty, then automation controller uses the default automation execution environment from the playbook's project.
After creating the template, click to start a job (run the playbook). The first time you launch a job that uses a new automation execution environment, the job might take longer than later runs. Automation controller must download the automation execution environment's container image if it is not present.
