Managing Enterprise Automation with Red Hat Ansible Automation Platform
Perform initial configuration of automation controller and private automation hub and explore the services' web UIs.
Red Hat Ansible Automation Platform includes private automation hub, which allows an organization to provide curated Ansible content. You might use this content in your playbooks or to create customized automation execution environments. Because automation controller can also use this same content, a playbook developed and tested with ansible-navigator can run without modification on automation controller.
One of the first steps after installing private automation hub is to configure it by uploading and publishing content. This is especially important if automation controller expects to be able to download automation execution environments from private automation hub.
Aside from activating its subscription, automation controller does not require any initial configuration. If you configured automation controller to use automation execution environments provided by private automation hub, then you might perform some basic functionality tests to verify that Red Hat Ansible Automation Platform works as expected.
Private automation hub includes a simple container registry. Administrators of private automation hub can synchronize container images from remote repositories, such as from the Red Hat Ecosystem Catalog, and can also manually upload container images.
Note
Although the web interface navigation for the included container registry is titled , it is not restricted to hosting automation execution environment images.
If you plan to host automation execution environments on private automation hub, then you might add one or more remote registries to private automation hub. You can choose how frequently you synchronize images from the remote registries, and you might even remove images from private automation hub. By hosting container images on private automation hub, you have a standard location for them to help control which images are used in your organization.
Use the following procedure to add the Red Hat Ecosystem Catalog remote registry to a private automation hub.
Log in to the private automation hub web UI as a user that has permissions to manage remote registries.
Navigate to → and then click .
Enter a name, such as
Red Hat Ecosystem Catalog.Enter the remote registry URL, such as
https://registry.redhat.io.Enter a valid username and password combination for a user that has permission to download container images from the URL.
Click to create the remote registry.
You can selectively synchronize specific container repositories.
Navigate to → to display the configured remote registries.
Find the row for the remote registry, such as , and then select from the vertical ellipsis icon.
Navigate to → to display the container repositories available for synchronization.
To synchronize a specific container repository, such as the container repository, select from the vertical ellipsis icon for the desired container repository row.
After synchronization completes, you can view the available images. Navigate to → , click the name of a container repository, and then select the tag. Some images have more than one tag. For Ansible Automation Platform 2.1, the most recent image has several tags, such as 1.0 and latest.
Rather than synchronizing individual container repositories, you can synchronize all Ansible Automation Platform container repositories (this includes versions of the Ansible Automation Platform 2.0, 2.1, and 2.2 automation execution environment container images).
From the page, find the row for the remote registry and select from the vertical ellipsis icon.
Click to start the synchronization.
Although the task completes quickly, it also creates additional tasks to synchronize each container registry. These additional tasks are visible by navigating to .
Organizations might choose to manually upload container images to private automation hub, such as custom automation execution environments or other approved container images.
The skopeo command (provided by the skopeo RPM) can perform several tasks on container images, such as inspecting both local and remote images, uploading a local archive to a remote repository, and copying container images from one repository to another without needing to download it to the local machine.
If a remote repository requires authentication, then use the skopeo login command to log in to the container registry. This is typically required in order to push or copy a container image to a remote repository. Authentication might also be required to inspect or copy a remote repository image.
[user@host ~]$skopeo login registry.redhat.ioUsername:Password:your-usernameLogin Succeeded!your-password
Use the skopeo inspect command to inspect details of a container image. For example, you might use the command to inspect the ee-minimal-rhel8:latest container image, available from the Red Hat Ecosystem Catalog.
[user@host ~]$skopeo inspect \>docker://registry.redhat.io/ansible-automation-platform-22/ee-minimal-rhel8...output omitted...
Use the skopeo copy command to copy a container image (either local or remote) to a remote registry. When copying from one remote registry to another, you might need to log in to both registries. If you prefer not to log in, then the skopeo copy command has options for specifying credentials from the command line. The following example copies a local archive to a remote registry and adds the 1.0 tag to the container image.
[user@host ~]$skopeo copy docker-archive:///tmp/ee-29-rhel8.tar \>docker://hub.lab.example.com/ansible-automation-platform-22/ee-29-rhel8:1.0...output omitted...
Synchronizing content from a remote registry can download more content than you need. If you do not need a container repository, then you can delete it. For example, you might not need the Ansible Automation Platform 2.0 container repositories that appear when you synchronize all of container repositories from the https://registry.redhat.io remote registry.
To delete a container registry:
Navigate to → to display all container repositories.
Select from the vertical ellipsis icon on the container repository row that you wish to delete, such as .
Confirm your decision to delete the container repository.
An individual container repository can contain many container images, especially if it is synchronized from a remote registry. To delete an individual container image:
Navigate to → to display all container repositories.
Click the name of a container repository, such as .
Identify a container image to delete, such as , and select from the vertical ellipsis icon.
Confirm your decision to delete the container image.
If you manually upload container images, then you might need to add new tags or remove tags from container images. Container images can have more than one tag, but the tags used within a container repository must be unique. For example, only one container image in a container repository can have the latest tag or the 1.0 tag.
Use the skopeo inspect command to display details about a container image. You can filter the output with the --format option to only display specific information, such as the version and release of the image. When not specified, the container image tag defaults to the latest tag. In the following example, the version and release of the latest container image available from the Red Hat Ecosystem Catalog is 1.0.1-27.
[user@host ~]$skopeo inspect \>--format "{{ .Labels.version }}-{{ .Labels.release }}" \>docker://registry.redhat.io/ansible-automation-platform-22/ee-supported-rhel81.0.0-113
The 1.0.0-113 matches a tag visible from the Red Hat Ecosystem Catalog for the ansible-automation-platform-22/ee-supported-rhel8 container repository.
You can manage container image tags from the private automation hub web UI.
Navigate to → to display all container repositories.
Click the name of a container repository, such as .
Find a container name to manage and then select from the vertical ellipsis icon.
Add or remove tags and then click .
To provide Ansible Content Collections from your private automation hub, you must synchronize or upload them from another source. These content collections can include:
Supported Red Hat Certified Ansible Content Collections from the cloud-based automation hub at https://console.redhat.com/ansible/automation-hub.
Ansible Content Collections published by the upstream community at Ansible Galaxy, https://galaxy.ansible.com.
Ansible Content Collections that you manually upload.
Synchronizing Ansible Content Collections from automation hub (available at https://console.redhat.com/ansible/automation-hub) is the most efficient way to make Red Hat Ansible Certified Content Collections available to your private automation hub. Red Hat reviews, maintains, updates, and fully supports those collections. By using Red Hat Ansible Certified Content Collections instead of the collections from Ansible Galaxy, you benefit from the support from Red Hat.
Within automation hub, navigate to . If you are an automation hub administrator for your organization, then each collection has a button. When enabled, this button allows the collection to be synchronized with your private automation hub. By synchronizing, you can provide a curated set of collections to your users from your private automation hub.
Warning
Never use your corporate account for testing purposes. The test configuration you perform might corrupt your existing organization configuration.
If you do not have a customer portal account or do not want to use your corporate account, then create a personal account. Navigate to https://access.redhat.com/, click the user icon at the upper left, and then click .
The following process synchronizes Ansible Content Collections (that have been marked for synchronization) from automation hub to private automation hub.
Log in to the private automation hub web UI as a user that has permissions to manage remote collections.
Navigate to → and then click the tab.
On the row, select from the vertical ellipsis icon.
Enter your token for downloading content from automation hub. You can copy your automation hub token from https://console.redhat.com/ansible/automation-hub/token.
Click to save your changes.
From the page, click to synchronize Ansible Content Collections from automation hub. If successful, then the column eventually displays a status of .
Remote repository synchronization creates the relevant namespaces for the Ansible Content Collections.
You can also synchronize Ansible Content Collections from Ansible Galaxy.
Important
Content collections that are published on Ansible Galaxy are managed by the upstream community and are not Red Hat Certified Ansible Content Collections officially supported by Red Hat. Content provided through the cloud-based automation hub at https://console.redhat.com/ansible/automation-hub is officially supported.
Log in to the private automation hub web UI as a user who can manage remote collections.
Navigate to → and then click the tab.
On the row, click .
Click and locate a
requirements.ymlfile containing a list of Ansible Content Collections to synchronize.Ansible Galaxy does not require the and fields. You can remove any populated values.
Click to save your changes.
From the page, click to synchronize Ansible Content Collections from Ansible Galaxy. If successful, then the column eventually displays a status of .
You can manually add Ansible Content Collections to private automation hub, such as custom Ansible Content Collections created by your organization. Organizations in a disconnected environment can also use this method to add previously downloaded Ansible Content Collections to their private automation hub.
Both automation hub (available at https://console.redhat.com/ansible/automation-hub) and Ansible Galaxy (available at https://galaxy.ansible.com) allow downloading Ansible Content Collections as TAR files. After locating an Ansible Content Collection, select a specific version and then click the link. If you do not select a version, then you download the latest version of the Ansible Content Collection.
The following procedure creates an Ansible Content Collection namespace.
Log in to the private automation hub web UI as a user who can manage collections and collection namespaces.
Navigate to → and then click .
Specify a name for the namespace. This name must match the first part of the name of the archive file that you intend to upload. For example: use
ansibleas the namespace name for theansible-posix-1.3.0.tar.gzarchive; usecommunityas the namespace name for thecommunity-crypto-2.2.2.tar.gzarchive; and usecontainersas the namespace name for thecontainers-podman-1.9.1.tar.gzarchive.(Optional) Select one or more existing groups as namespace owners. Namespace owners can change the namespace and can upload to the namespace.
Click to create the new namespace.
The following procedure uploads an Ansible Content Collection to an existing namespace.
Log in to the private automation hub web UI as a user who can upload collections.
Navigate to → and then click the link for the desired namespace.
Click .
Click and then browse to the archive file that you want to upload.
Click to upload the Ansible Content Collection.
By default, private automation hub requires a user to approve uploaded Ansible Content Collections. Use the following procedure to approve or reject an uploaded Ansible Content Collection.
Navigate to → and then locate the collection.
(Optional) Select from the vertical ellipsis icon.
Click the vertical ellipsis icon and choose either or .
You can configure private automation hub to automatically approve uploaded Ansible Content Collections. Set the automationhub_require_content_approval variable to False in the installation inventory file. If you change this value after installation, then run the setup.sh installation script again to apply the change.
When you install automation controller, it is initially configured with a Demo project, which includes resources that you can use to perform basic functionality tests. Performing these tests can help verify that automation controller is working as expected.
The Demo Project project resource pulls content from the Git repository located at https://github.com/ansible/ansible-tower-samples. Navigate to → and click the icon.
Initiating a project synchronization verifies two things:
It verifies that automaton controller can download the defined at → . If not already present on automation controller, then automation controller uses the credential (defined at → ) to pull the container image defined by the
Control Plane Execution Environmentresource.In the classroom environment, the initial project synchronization failed because the
Control Plane Execution Environmentcontainer image did not initially exist on private automation hub.The project synchronization verifies that the
Control Plane Execution Environmentcontainer image can clone the project source control repository to automation controller.
The installer uses the registry_url, registry_username, and registry_password variables in the installer inventory file to create the container registry credential. Navigate to → on your automation controller to display existing credentials. The automation controller web UI does not allow you to make changes to the container registry credential. If you need to make a change, then modify the relevant inventory variables and run the setup.sh installation script again.
The installer creates the machine credential. The machine credential is not immediately useful by default. Recall that a machine credential allows automation controller to connect to machines.
You might modify the machine credential to use a valid username, and either a password or SSH private key for authentication, so that it can connect to machines in your environment.
The installer creates the inventory resource, which includes the host resource. When you run a playbook in an automation execution environment with automation controller, localhost refers to the automation execution environment container, not the automation controller that launched the job.
Navigate to → to display existing inventories. Navigate to → to display existing hosts.
To test functionality, you might consider adding a host from your environment to the Demo Inventory inventory. If so, then you should also update the Demo Credential machine credential. You might also delete the localhost host from the Demo Inventory inventory.
The job template uses the hello_world.yml playbook from the Demo Project project. The job template targets all hosts defined in the and uses the machine credential. Because localhost in the default inventory is configured to use a local connection, it is not necessary to use the Demo Credential machine credential when targeting just this host.
Navigate to → to display existing templates. Launching the Demo Job Template template initiates a job. The hello_world.yml playbook uses the debug module to print a Hello, World! message.
References
For more information about private automation hub namespaces, refer to Curating Collections Using Namespaces in Automation Hub at https://access.redhat.com/documentation/en-us/red_hat_ansible_automation_platform/2.1/html-single/curating_collections_using_namespaces_in_automation_hub/index
For more information about publishing content to private automation hub, refer to Publishing Proprietary Content Collections in Automation Hub at https://access.redhat.com/documentation/en-us/red_hat_ansible_automation_platform/2.1/html-single/publishing_proprietary_content_collections_in_automation_hub/index
For more information about managing containers in private automation hub, refer to Managing Containers in Private Automation Hub at https://access.redhat.com/documentation/en-us/red_hat_ansible_automation_platform/2.1/html-single/managing_containers_in_private_automation_hub/index
For more information about using Ansible Content Collections in private automation hub, refer to Managing Red Hat Certified and Ansible Galaxy Collections in Automation Hub at https://access.redhat.com/documentation/en-us/red_hat_ansible_automation_platform/2.1/html-single/managing_red_hat_certified_and_ansible_galaxy_collections_in_automation_hub/index
For more information, refer to the Automation Controller User Guide at https://docs.ansible.com/automation-controller/latest/html/userguide/
skopeo-login(1), skopeo-inspect(1), and skopeo-copy(1) man pages
