Playbooks to setup Red Hat Ansible Automation Platform 2.0 and later.
More details can be found on the Ansible Labs web site.
Make sure to provide your cloud provider access details as environment variables. For convenience, save it as a shell script which can be sourced when needed.
# Amazon AWS
export AWS_ACCESS_KEY_ID=''
export AWS_SECRET_ACCESS_KEY=''
# Azure
export AZURE_SECRET=
export AZURE_CLIENT_ID=
export AZURE_SUBSCRIPTION_ID=
export AZURE_TENANT=
# Google
export GCP_AUTH_KIND=serviceaccount
export GCP_SERVICE_ACCOUNT_FILE=~/.gcp.json
export GCP_PROJECT=myproject
# Automation Controller
export CONTROLLER_HOST=
export CONTROLLER_USERNAME=admin
export CONTROLLER_PASSWORD=
# RHV
export OVIRT_HOSTNAME=
export OVIRT_USERNAME=
export OVIRT_PASSWORD=
# VMware
export VMWARE_HOST=
export VMWARE_USER=
export VMWARE_PASSWORD=
it’s only required to provide the credentials for your target provider. For example, if you plan to deploy on AWS, Azure and Google can be ignored and not defined.
The minimum set of extra variables you have to define is documented in the Setup extra variables section.
Since the controller-instance
playbook is creating the cloud instance and adds it to the in-memory inventory, no inventory file is needed. You can use /etc/ansible/hosts
if you have to provide an inventory file.
Since Red Hat Ansible Automation Platform 2 can only be downloaded from access.redhat.com when you have a valid Subscription, you have to download the file manually and save it in the roles/rhaap/files folder. If you don’t have a valid subscription, you can request a free trial.
It’s recommended to use Ansible Navigator with the ee-ansible-ssa execution environment. Install Ansible navigator from the Red Hat Repositories or by using pip (e.g. if you’re on Fedora).
It’s recommended to generate a separate SSH key ring for this project.
Start the Playbook:
# if you store your cloud provider credentials in a file, load them into your shell
source /path/to/your/environment-file
# make sure your ssh key is loaded to get access into your cloud instance (start ssh-agent first)
eval `ssh-agent -s`
ssh-add /path/to/key
# log into Quay.io to fetch the EE
podman login quay.io
# start the playbook
ansible-navigator run rhaap-install.yml -e @/path/to/main.yml --vault-password-file /path/to/.vault -e @/path/to/vault.yml -i /etc/ansible/hosts
Sometimes it’s necessary to update or delete a DNS record manually. To simplify this task, there is a little helper playbook which uses the ansible_ssa.general
collection to perform that task. Note that this playbook requires the dns_private
, dns_key
and dns_suffix
variables to be set. It’s probably most conveniently done, by just using the same variable file used to create the Red Hat Ansible Automation Platform Demo.
To create or update a DNS record:
ansible-navigator run dns-helper.yml -e @/path/to/your/variables --vault-password-file /path/to/.vault -e instance_name=test -e ipaddress=1.2.2.3
To delete a DNS record:
ansible-navigator run dns-helper.yml -e @/path/to/your/variables --vault-password-file /path/to/.vault -e instance_name=test -e remove=true
Perform the following tasks to debug DNS issues.
yum -y install bind-utils
Create a nsupdate file in /tmp/nsupdate.txt
:
server ns.ansible-labs.de
zone <your_zone_name>.ansible-labs.de.
update add test.<your_zone_name>.ansible-labs.de. 600 A 1.2.3.4
send
Run nsupdate
with your keys and the created file:
nsupdate -k /path/to/your/K<your_name>.key /tmp/nsupdate.txt
NOTE: The above command does not show an output message on success. For more details try:
nsupdate -L3 -D -k /path/to/your/K<your_name>.key /tmp/nsupdate.txt