DO467 - ch06s04

Preface A: Introduction

Section A.1: Managing Enterprise Automation with Red Hat Ansible Automation Platform

Section A.2: Orientation to the Classroom Environment

Section A.3: Obtaining a Trial Subscription to Red Hat Ansible Automation Platform

Chapter 1: Installing Red Hat Ansible Automation Platform

Section 1.1: Explaining the Red Hat Ansible Automation Platform Architecture

Section 1.2: Quiz: Explaining the Red Hat Ansible Automation Platform Architecture

Section 1.3: Installing Automation Controller and Private Automation Hub

Section 1.4: Guided Exercise: Installing Automation Controller and Private Automation Hub

Section 1.5: Initial Configuration of Automation Controller and Private Automation Hub

Section 1.6: Guided Exercise: Initial Configuration of Automation Controller and Private Automation Hub

Section 1.7: Quiz: Installing Red Hat Ansible Automation Platform

Section 1.8: Summary

Chapter 2: Managing User Access

Section 2.1: Creating and Managing Automation Controller Users

Section 2.2: Guided Exercise: Creating and Managing Automation Controller Users

Section 2.3: Managing Automation Controller Access with Teams

Section 2.4: Guided Exercise: Managing Automation Controller Access with Teams

Section 2.5: Creating and Managing Users and Groups for Private Automation Hub

Section 2.6: Guided Exercise: Creating and Managing Users and Groups in Private Automation Hub

Section 2.7: Lab: Managing User Access

Section 2.8: Summary

Chapter 3: Managing Inventories and Machine Credentials

Section 3.1: Creating a Static Inventory

Section 3.2: Guided Exercise: Creating a Static Inventory

Section 3.3: Creating Machine Credentials for Access to Inventory Hosts

Section 3.4: Guided Exercise: Creating Machine Credentials for Access to Inventory Hosts

Section 3.5: Lab: Managing Inventories and Machine Credentials

Section 3.6: Summary

Chapter 4: Managing Projects and Launching Ansible Jobs

Section 4.1: Creating a Project for Ansible Playbooks

Section 4.2: Guided Exercise: Creating a Project for Ansible Playbooks

Section 4.3: Creating Job Templates and Launching Jobs

Section 4.4: Guided Exercise: Creating Job Templates and Launching Jobs

Section 4.5: Lab: Managing Projects and Launching Ansible Jobs

Section 4.6: Summary

Chapter 5: Advanced Job Configuration

Section 5.1: Improving Performance with Fact Caching

Section 5.2: Guided Exercise: Improving Performance with Fact Caching

Section 5.3: Creating Job Template Surveys to Set Variables for Jobs

Section 5.4: Guided Exercise: Creating Job Template Surveys to Set Variables for Jobs

Section 5.5: Scheduling Jobs and Configuring Notifications

Section 5.6: Guided Exercise: Scheduling Jobs and Configuring Notifications

Section 5.7: Lab: Advanced Job Configuration

Section 5.8: Summary

Chapter 6: Constructing Job Workflows

Section 6.1: Creating Workflow Job Templates and Launching Workflow Jobs

Section 6.2: Guided Exercise: Creating Workflow Job Templates and Launching Workflow Jobs

Section 6.3: Requiring Approvals in Workflow Jobs

SectionSection 6.4: Guided Exercise: Requiring Approvals in Workflow Jobs

Section 6.5: Lab: Constructing Job Workflows

Section 6.6: Summary

Chapter 7: Managing Advanced Inventories

Section 7.1: Importing External Static Inventories

Section 7.2: Guided Exercise: Importing External Static Inventories

Section 7.3: Configuring Dynamic Inventory Plug-ins

Section 7.4: Quiz: Configuring Dynamic Inventory Plug-ins

Section 7.5: Filtering Hosts with Smart Inventories

Section 7.6: Guided Exercise: Filtering Hosts with Smart Inventories

Section 7.7: Lab: Managing Advanced Inventories

Section 7.8: Summary

Chapter 8: Automating Configuration of Ansible Automation Platform

Section 8.1: Configuring Red Hat Ansible Automation Platform with Collections

Section 8.2: Guided Exercise: Configuring Red Hat Ansible Automation Platform with Collections

Section 8.3: Automating Configuration Updates with Git Webhooks

Section 8.4: Guided Exercise: Automating Configuration Updates with Git Webhooks

Section 8.5: Launching Jobs with the Automation Controller API

Section 8.6: Guided Exercise: Launching Jobs with the Automation Controller API

Section 8.7: Lab: Automating Configuration of Ansible Automation Platform

Section 8.8: Summary

Chapter 9: Maintaining Red Hat Ansible Automation Platform

Section 9.1: Performing Basic Troubleshooting of Automation Controller

Section 9.2: Guided Exercise: Performing Basic Troubleshooting of Automation Controller

Section 9.3: Backing up and Restoring Red Hat Ansible Automation Platform

Section 9.4: Guided Exercise: Backing up and Restoring Red Hat Ansible Automation Platform

Section 9.5: Quiz: Maintaining Red Hat Ansible Automation Platform

Section 9.6: Summary

Chapter 10: Getting Insights into Automation Performance

Section 10.1: Gathering Data for Cloud-based Analysis

Section 10.2: Quiz: Gathering Data for Cloud-based Analysis

Section 10.3: Getting Insights into Automation Performance

Section 10.4: Quiz: Getting Insights into Automation Performance

Section 10.5: Evaluating Performance with Automation Analytics

Section 10.6: Quiz: Evaluating Performance with Automation Analytics

Section 10.7: Producing Reports from Automation Analytics

Section 10.8: Quiz: Producing Reports from Automation Analytics

Section 10.9: Summary

Chapter 11: Building a Large-scale Red Hat Ansible Automation Platform Deployment

Section 11.1: Designing a Clustered Ansible Automation Platform Implementation

Section 11.2: Quiz: Designing a Clustered Ansible Automation Platform Implementation

Section 11.3: Deploying Distributed Execution with Automation Mesh

Section 11.4: Guided Exercise: Deploying Distributed Execution with Automation Mesh

Section 11.5: Managing Distributed Execution with Automation Mesh

Section 11.6: Guided Exercise: Managing Distributed Execution with Automation Mesh

Section 11.7: Quiz: Building a Large-scale Red Hat Ansible Automation Platform Deployment

Section 11.8: Summary

Chapter 12: Comprehensive Review

Section 12.1: Comprehensive Review

Section 12.2: Lab: Deploying and Operating an Automation Mesh

Section 12.3: Lab: Adding Users and Teams

Section 12.4: Lab: Uploading Automation Execution Environments to Private Automation Hub

Section 12.5: Lab: Creating an Inventory Managed as a Project

Section 12.6: Lab: Configuring Job Templates

Section 12.7: Lab: Configuring Workflow Job Templates, Surveys, and Notifications

Section 12.8: Lab: Operating Automation Controller using the API

Section 12.9: Lab: Backup and Restore Red Hat Ansible Automation Platform

Bookmark this page

P 1 2 3 4 5 6 7 8 9 10 11 12

Guided Exercise: Requiring Approvals in Workflow Jobs

Create a workflow job template that requires approval to run.

Outcomes

Modify a workflow job template by adding an approval node to the workflow.
Configure an email notification when the workflow requires an approval.
Launch and approve the workflow job.

As the student user on the workstation machine, use the lab command to prepare your system for this exercise.

This command ensures that automation controller is installed and configured with any necessary resources created in previous exercises.

[student@workstation ~]$ lab start workflow-approval

Procedure 6.2. Instructions

Review the automation controller resources created by the lab command for this exercise.
The lab command configured a workflow job template named DEV - Deploy HTTPS and Populate Webservers. You can add an approval node to that workflow job template that uses an existing notification template to alert your operations team by email. If you add that approval node at the beginning of the workflow job template, then your operations team must approve jobs launched using the workflow job template before the next on success node in the job runs.
1. Navigate to https://controller.lab.example.com and log in as the admin user with redhat as the password.
2. Navigate to Resources → Templates. The lab command created the workflow job template and the job templates used in this exercise. The DEV - Deploy HTTPS and Populate Webservers workflow job template runs the DEV - Deploy HTTPS job template and then runs either the DEV - Populate Webservers job template if the previous job succeeds, or the DEV - Revert HTTPS job template if the previous job fails.
3. Navigate to Administration → Notifications. You can see the Email AAP Admins notification listed as a notification template of type Email. Click the Test notification icon for the notification template and wait for the Status column to display the Successful message. This ensures that the notification is working as expected.
4. Navigate to Access → Teams. You can see the Developers and Operations teams listed as part of the Default organization.
Insert a workflow approval node as the first step for the workflow job template and modify the workflow so that it only executes when approved.
1. Navigate to Resources → Templates and click the Visualizer icon for the DEV - Deploy HTTPS and Populate Webservers workflow job template.
2. In the workflow visualizer, hover over the line connecting the START button and the Synchronize Project node, and then click the + icon (notice the Add a new node between these two nodes description at the upper-left corner of the workflow editor).
3. Create the new node using the following information. Do not modify any of the other fields. Click Save when finished.
  Field Value
  Node Type Approval
  Name Dev approval
  Description Require approval before even starting the workflow
  Timeout (min) 60
  Alias Approval
4. Hover over the line connecting the new Approval approval node and the Synchronize Project node and click the Edit this link icon.
  Figure 6.18: Editing an existing link in the workflow
5. In the Run list, choose On Success and click Save. Notice how the line that connects the two nodes changes from blue (Always) to green (On Success).
6. Click Save in the upper-right corner to save the changes you made to the workflow job template.
  Figure 6.19: Inserted approval node as the first step for the workflow
On the DEV - Deploy HTTPS and Populate Webservers workflow job template, assign the Approve role to the Developers team. Give the Operations team the Execute role.
1. Navigate to Resources → Templates and click the DEV - Deploy HTTPS and Populate Webservers link.
2. Click the Access tab and then click Add.
3. Click Teams and then click Next.
4. Select the Developers team and then click Next.
5. Select the Approve role and then click Save to assign the role. Because they are part of the Developers team, the daniel and david users now have the Approve role.
6. Click Add again, select Teams, and then click Next.
7. Select the Operations team and then click Next.
8. Select the Execute role and then click Save to assign the role. Because they are part of the Operations team, the oliver and ophelia users now have the Execute role.
Configure the workflow job template to use the Email AAP Admins notification template. When a workflow job launched by the template requests an approval, it should trigger the notification.
1. Navigate to Resources → Templates and click the DEV - Deploy HTTPS and Populate Webservers link.
2. Click the Notifications tab and set Approval to on for the Email AAP Admins notification.
  Figure 6.20: Notification for a required approval
Run the workflow job template as user ophelia, who is a member of the Operations team.
1. Navigate to admin → Logout to log out of the admin account. Log in again, using the ophelia user, with redhat123 as the password.
  Important
  Because you were on the Notifications tab when you logged out as the admin user, when you log in with the ophelia user, the web UI attempts to return to the same tab.
  The ophelia user only has the Execute role on the workflow job template. Consequently, the ophelia user does not have permission to see the notifications associated with the workflow job template, and the web UI displays a Not Found message.
2. Navigate to Resources → Templates. Because the Operations team has the Execute role, and the ophelia user is a member of that team, the ophelia user can launch the DEV - Deploy HTTPS and Populate Webservers workflow job template.
3. Click the Launch Template icon for the DEV - Deploy HTTPS and Populate Webservers workflow job template. A workflow job launches, but its workflow stops at the approval node.
4. Notice that the Pending Workflow Approvals icon at the top of the page indicates one pending workflow approval. Click the icon and then select the checkbox for the Dev approval workflow approval. Even though the ophelia user can see the workflow approval, that user does not have sufficient permissions to approve it.
5. Click the notification icon in the top of the page, then select the checkbox for the Dev approval workflow approval. Even though the ophelia user can see the workflow approval, that user does not have sufficient permissions to approve it.
Verify that the workflow job triggered a notification email. In a real situation, this mail would reach the people with permissions to approve the workflow. In this exercise, those people are the members of the Developers team.
1. Open a terminal and connect to the utility server.
```
[student@workstation ~]$ ssh student@utility
```
2. Use the tail command to read incoming email messages delivered to the local mailbox file of the student user. You should see the email that was sent for the approval. Your message looks similar to the following example:
```
[student@utility ~]$ tail -f /var/mail/student
    "id": 4,
    "name": "Dev approval",
    "url": "https://controller.lab.example.com/#/jobs/workflow/3",
    "created_by": "ophelia",
    "started": "2022-05-05T18:00:11.884846+00:00",
    "finished": null,
    "status": "pending",
    "traceback": ""
}
```

Field	Value
Node Type	Approval
Name	`Dev approval`
Description	`Require approval before even starting the workflow`
Timeout (min)	`60`
Alias	`Approval`

As user david, who is a member of the Developers team, approve the workflow job.

Navigate to ophelia → Logout to log out as user ophelia. Log in again as the david user, with redhat123 as the password.
Click the notification icon, and then select the checkbox for the Dev approval workflow approval. The david user has the permissions needed to approve or deny the approval request.
Click Approve to approve the request.

Go to the terminal window that is running the tail command and wait. After a few seconds, you should see a notification email arrive that looks similar to the following example:

From system@controller.lab.example.com  Thu May  5 14:18:35 2022
Return-Path: <system@controller.lab.example.com>
X-Original-To: aap-admins@lab.example.com
Delivered-To: aap-admins@lab.example.com
Received: from controller.lab.example.com (controller.lab.example.com [172.25.250.7])
        by utility.lab.example.com (Postfix) with ESMTPS id B5ABD938DAC
        for <aap-admins@lab.example.com>; Thu,  5 May 2022 14:18:35 -0400 (EDT)
Received: from controller.lab.example.com (localhost [IPv6:::1])
        by controller.lab.example.com (Postfix) with ESMTP id 9DF3A30404AA
        for <aap-admins@lab.example.com>; Thu,  5 May 2022 14:18:35 -0400 (EDT)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: The approval node "Dev approval" was approved.
 https://controller.lab.example.com/#/jobs/workflow/3
From: system@controller.lab.example.com
To: aap-admins@lab.example.com
Date: Thu, 05 May 2022 18:18:35 -0000
Message-ID:
 <165177471562.4668.18225658775475317495@controller.lab.example.com>

The approval node "Dev approval" was approved. https://controller.lab.example.com/#/jobs/workflow/3

{
    "id": 4,
    "name": "Dev approval",
    "url": "https://controller.lab.example.com/#/jobs/workflow/3",
    "created_by": "ophelia",
    "started": "2022-05-05T18:00:11.884846+00:00",
    "finished": "2022-05-05T18:18:35.040965+00:00",
    "status": "successful",
    "traceback": ""
}

When finished, press Ctrl+C to exit the tail command.

Exit the terminal session on the utility system.
```
[student@utility ~]$ exit
```

Verify that the workflow job completed successfully.
1. Navigate to Views → Jobs and wait for the workflow job to finish.
2. After the job succeeds, click the link for the job name, such as the 3 — DEV - Deploy HTTPS and Populate Webservers link, to see the workflow results for the completed job. The number in the job name might be different from the one listed here.
  Figure 6.21: The results of the completed workflow
(Optional) Repeat the exercise starting at step 5. This time, have the david user deny the approval request for the workflow job.
Log out from the automation controller web UI.

Finish

On the workstation machine, change to the student user home directory and use the lab command to complete this exercise. This step is important to ensure that resources from previous exercises do not impact upcoming exercises.

[student@workstation ~]$ lab finish workflow-approval

This concludes the section.

Discuss Managing Enterprise Automation with Red Hat Ansible Automation Platform

Go to community

Welcome to the Managing Enterprise Automation with Red Hat Ansible Automation Platform group!

Syed

26 wrz 2023

We are excited to launch a space dedicated to the Red Hat Training course Managing Enterprise Automation with Red Hat Ansible Automation Platform! To gain the most value from this group - click the "Join Group" button in the upper right hand corner of the group home page.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to DO467.Read more about Managing Enterprise Automation with Red Hat Ansible Automation Platform here.

312

Revision: do467-2.2-08877c1

Managing Enterprise Automation with Red Hat Ansible Automation Platform

Guided Exercise: Requiring Approvals in Workflow Jobs

Important