Managing Enterprise Automation with Red Hat Ansible Automation Platform
- Section Configuring Red Hat Ansible Automation Platform with Collections
- SectionObjectives
- SectionAutomating Red Hat Ansible Automation Platform Configuration
- SectionGetting the Supported Ansible Content Collection
- SectionExploring the Supported Ansible Content Collection
- SectionExamples of Automation with ansible.controller
- SectionCommunity-supported Ansible Content Collections
- Guided Exercise: Configuring Red Hat Ansible Automation Platform with Collections
- Automating Configuration Updates with Git Webhooks
- Guided Exercise: Automating Configuration Updates with Git Webhooks
- Launching Jobs with the Automation Controller API
- Guided Exercise: Launching Jobs with the Automation Controller API
- Lab: Automating Configuration of Ansible Automation Platform
- Summary
Abstract
| Goal |
Automate the configuration and deployment of Red Hat Ansible Automation Platform services by using Ansible Content Collections, the automation controller API, and Git webhooks. |
| Objectives |
|
| Sections |
|
| Lab |
|
Use Red Hat Certified Ansible Content Collections to configure and maintain Ansible Automation Platform services.
Instead of manually configuring automation controller, private automation hub, and other components of your Ansible Automation Platform infrastructure, you can use Ansible itself to automate those tasks.
This can have clear benefits for your management of those servers and components.
If you want to rebuild your infrastructure from scratch, you can run playbooks to reconfigure it with appropriate users, teams, credentials, projects, job templates, and more. This can help with migrations from one version to another, or for disaster recovery planning.
You can use the version control capabilities of the Git repositories containing your automation to store the history of changes that you have made to the configuration of your automation infrastructure.
You can use configuration as code techniques to quickly validate infrastructure changes on test servers before implementing the changes in production. You can then use the same automation to deploy those changes to production.
Red Hat supports ansible.controller, a Red Hat Certified Ansible Content Collection, which provides modules and other tools to help you automate the configuration and management of your automation controllers. Other community-supported Ansible Content Collections are also available but are not officially supported by Red Hat.
You can obtain the ansible.controller Ansible Content Collection in several ways:
It is included in the
ee-supported-rhel8automation execution environment.Use the
ansible-galaxy collection install ansible.controllercommand to install it from your automation hub, depending on your local system configuration.Download it from
https://console.redhat.com/ansible/automation-hub/.
The ansible.controller Ansible Content Collection contains modules and plug-ins for managing automation controller. It contains modules to create, update, and delete resources such as project, inventory, credential, job_template, and workflow_job_template. To determine what modules are available and to view their documentation, you can:
Use the
ansible-navigator collectionscommand to view the documentation foransible.controllerinteractively.Use your web browser to find
ansible.controlleron automation hub and go to its tab to read the documentation.
You can use the ansible-navigator collections command to view the documentation for Ansible Content Collections that are included with your current automation execution environment.
Because the ee-supported-rhel8 execution environment includes ansible.controller, you can use the following command to access its documentation:
[user@demo ~]$ ansible-navigator collections --eei ee-supported-rhel8This displays a list of all the collections available in the execution environment. Select ansible.controller from that list by typing a colon (:) followed by its line number on the list.
A list of the modules and other plug-ins provided by the ansible.controller collection is displayed. The following example shows this list, scrolled partway through the output as indicated by the scroll bar on the right.
Ansible.controller Type Added Deprecated Description 12│group module None False create, update, or destr 13│host module None False create, update, or destr 14│import module 3.7.0 False import resources into Au 15│instance_group module 4.0.0 False create, update, or destr 16│inventory module None False create, update, or destr 17│inventory_source module None False create, update, or destr 18│inventory_source_update module None False Update inventory source( 19│job_cancel module None False Cancel an Automation Pla 20│job_launch module None False Launch an Ansible Job. 21│job_list module None False List Automation Platform 22│job_template module None False create, update, or destr 23│job_wait module None False Wait for Automation Plat 24│label module None False create, update, or destr 25│license module None False Set the license for Auto 26│notification_template module None False create, update, or destr 27│organization module None False create, update, or destr 28│project module None False create, update, or destr 29│project_update module None False Update a Project in Auto 30│role module None False grant or revoke an Autom^b/PgUppage up^f/PgDnpage down ↑↓ scrollescback[0-9]goto:helphelp
You can select the line number of any of the items on that list to get more information about how to use it.
For example, given the preceding output, if you enter :20, the documentation for the job_launch module, which launches a job, is displayed.
The documentation contains two particularly important sections. The doc: line marks the start of usage documentation.
27│doc:
If you scroll down further to the indented options: line in that output, the subsequent indented lines document options used by that module. In the following example, the first option is controller_config_file.
38│ options: 39│ controller_config_file:
If you scroll down further you can see the name option:
126│ name: 127│ aliases: 128│ - job_template 129│ description: 130│ - Name of the job template to use. 131│ required: true 132│ type: str
This specifies that the job_launch module has an option called name of type string. You can use job_template as a synonym for name. It contains the name of the job template to use to launch the job. You must specify this option when you use this module.
The other section of this output that is useful is the examples: section, which contains a number of examples of how to use the module.
The documentation for job_launch contains the following example, among others. The example on lines 187 to 190 is a task that launches a job from the My Job Template job template and registers a variable, job, that contains the job ID of the job that the task launched, among other data.
186│examples: |- 187│ - name: Launch a job 188│ job_launch: 189│ job_template: "My Job Template" 190│ register: job
You can also use your web browser to read documentation for the ansible.controller content collection on automation hub. After you search for the ansible.controller content collection, go to its tab to learn more about its modules and other plug-ins.
The ansible.controller Ansible Content Collection includes over forty modules and other plug-ins. Instead of trying to cover them all here, this presentation focuses on three of the modules as examples of how they generally work. You can review the ansible.controller documentation for the other modules to see what other capabilities this Ansible Content Collection provides.
The ansible.controller.user module adds, modifies, and deletes automation controller users.
If you do not specify that the user should have the System Administrator user type (using the is_superuser option), or System Auditor (using the is_system_auditor option), then automation controller sets up the user with the Normal User user type.
You can directly open the documentation for the ansible.controller.user module with the following command:
[user@demo ~]$ansible-navigator doc ansible.controller.user \>--eei ee-supported-rhel8
Documentation for the ansible.controller.user module shows the following example:
- name: Add user user:username: jdoe password: foobarbaz email: jdoe@example.org first_name: John last_name: Doe state: present
| Although the example uses |
Most modules in the ansible.controller Ansible Content Collection require you to specify your automation controller host and provide authentication information for that automation controller. Each module documents the following options:
| Option | Description |
|---|---|
controller_config_file
| You might use this option if you run your playbooks from a local machine rather than from automation controller itself. |
controller_host
| The name of your controller host, such as controller.example.com. |
controller_oauthtoken
| Authenticate using an OAuth token. |
controller_password
| Specify the password for the automation controller user. You might define this option within a variable file and then protect the file with Ansible Vault. |
controller_username
| Specify an automation controller user that has permission to perform the desired actions. You might define this option within a variable file and then protect the file with Ansible Vault. |
validate_certs
| Set this option to either no or false if your automation controller uses custom certificates and the machine running the playbook does not trust the certificate authority that signed the custom certificates. (Ideally, for security reasons this should be set to yes or true.) |
You can run your playbook locally using the ansible-navigator command, or you can configure automation controller to run the playbook. Running the playbook from automation controller might require creating several resources:
An inventory resource that specifies your automation controller host.
A project resource pointing to the source control repository that contains your playbooks and associated files. This might also require an additional SCM credential resource for the repository.
One or more job template resources for your playbooks.
A Vault credential if you protected your automation controller credentials (or other files) using Ansible Vault.
The ansible.controller.team module adds, modifies, and deletes automation controller teams.
Documentation for the ansible.controller.team module shows the following example:
- name: Create team team:
| Although the example uses |
| Only use the |
Just like the previous example, you can run the playbook locally using the ansible-navigator command, or you can configure automation controller to run the playbook.
The ansible.controller.role module grants or revokes automation controller roles for users and teams.
Individual resource types only allow specific roles. For example, you can only use the admin, member, and read roles when you assign a team role. At a minimum, when you create a new user, the user should have the member role in the automation controller organization.
The following example grants the jdoe user the member role on the Default organization.
- name: Add jdoe as a member of the Default organization
ansible.controller.role:
user: jdoe
organization: Default
role: member
state: presentAdd a user to a team by adding a team role for the user. The following example grants the jdoe user the member role on the My Team team.
- name: Add jdoe to the member role of My Team
ansible.controller.role:
user: jdoe
target_team: "My Team"
role: member
state: presentImportant
The ansible.controller.role module has both the team and target_team options. Use the team option when you add or remove other resource roles (such as roles for credentials, inventories, and job templates) for a team. Use the target_team option when you add or remove team roles for a user.
Ansible Galaxy provides additional content collections that you can use to manage Ansible Automation Platform. The following content collections from Ansible Galaxy are of interest:
redhat_cop.controller_configuration: This content collection contains Ansible roles that interact with theansible.controllercontent collection to configure automation controller.redhat_cop.ah_configuration: This content collection contains roles and modules for configuring private automation hub.
These community-supported Ansible Content Collections are currently not supported by Red Hat, but they do provide additional capabilities for the automation of Red Hat Ansible Automation Platform.
Important
Red Hat does not provide support for community Ansible Content Collections.
References
For more information, refer to the Configuration consistency across multi Ansible Automation Platform deployments chapter in the Deploying Ansible Automation Platform reference architecture at https://access.redhat.com/documentation/en-us/reference_architectures/2021/html-single/deploying_ansible_automation_platform_2.1/index#config_as_code_using_webhooks
