Using Private Automation Hub
Task 4: Using Private Automation Hub
- Automation Controller is running & accessible
- Private Automation Hub is running & accessible
- Configure Automation Controller to access your Private Automation Hub
- Add collections from Red Hat Automation Hub, Galaxy and custom ones created by you.
- Add Excution Environment images
Important: You only have to do this because we didn’t have installer install Controller and PAH in one go. Then the integration would have been configured for you already. For the sake of understanding we decided to let you do this manually. Note: The Execution Environemnt images coming with the bundle installer have been pushed to the PAH registry already.
Let’s start, as the docs for this are distributed over some places we’ll give some more instructions.
Integrate Private Automation Hub into Automation Controller
- In your PAH go to Collections->API token management, hit Load Token and copy the token. Put it somewhere, the token will change every time you have to get it this way!
- In Controller, go to Resources->Credentials and Add three new credentials:
- Name them PAH community, PAH certified and Pah published
- All belong to the Organisation
- Credential Type is Ansible Galaxy/Automation Hub API Token
- Look up the Galaxy Server URL for each in PAH: In Collections->Repository Management lookup the Repo URL for community, published and rh-certified and put them in respectively.
- You have created the API token already, paste in into the credentials
- As your PAH is using a self-signed certificate, disable the certificate verification:
- Go to Settings->Jobs Settings, click Edit and set
Ignore Ansible Galaxy SSL Certificate Verification to On
The last thing you have to setup is to configure the Organization (
default here) to use the PAH credentials and the order it searches them:
- Go to Access->Organizations, choose the
default Organization and click Edit
Galaxy Credentials remove
Ansible Galaxy and add our three PAH credentials
- Note how you could change the order here
- Click Save
Add content to your Private Automation Hub
Most of this is well documented here
Sync collections from Red Hat Automation Hub
- Go to
console.redhat.com and open Ansible Automation Platform->Automation Hub->Collections. Here you could enable/disable the sync of certain collections but there is a bug as of now! We’ll give you a working URL to sync all content as a workaround.
- What you need to do is to get the autentication token and configure it in your PAH:
- In Red Hat Automation Hub Go to Connect to Hub and copy the Offline Token
- In PAH go to Collections->Repository management->Remote
- Edit the
Sync selected comunity collections from Ansible Galaxy
- Galaxy is configured as the remote
community out of the box
- To sync collections:
- Create a regular requirements.yml file pointing to the collection you want, we’ll use the one from the docs:
# Install a collection from Ansible Galaxy.
- name: geerlingguy.php_roles
- Go to Repo Management, click the Remote tab again
- Edit the
- In YAML requirements upload the
requirements.yml file from your local machine.
- Click Save
- In the Remote overview tab click Sync for the
Verify the sync of the collections in Collections->Collections, switch the repositories with the dropdown at the top. There should be a lot of content in the
Red Hat Certified repo and one collection in the
Push Images to PAH Registry
- As test push a local image to PAH
- First login to the PAH registry:
podman login --tls-verify=false <PAH-HOST>
podman push --tls-verify=false quay.io/redhat_emp1/ee-ansible-ssa <PAH-HOST>/ee-ansible-ssa
- Check in PAH under Execution Environments
Test Private Automation Hub Integration
Now check that your Automation Controller can actually use the content from your PAH:
- Create a new Project pointing here:
- Have a look at the content, esp the
- Create a new Template:
- Name: up to you
- Inventory: The one you set up with the Playbook before, it should contain one of your AWS instances
- Project: The one you just created
- Execution Environment:
Ansible Engine 2.9 execution environment
- Check Privilege Escalation
- Launch the Template, if all was configured correctly it should install PHP modules on the managed node.
So recap what happened:
- You created a Template that runs a Playbook that has a requirement on a certain Collection which is not part of the Execution Environments included in Controller.
- Your Organization (
default) is configured in a way it can only download Collections from your Private Automation Hub
- The Collection did exist on your PAH
- Important: As this collection is not part of the Execution Environment the Playbook run in, how did it work? In this case is it was dynamically “added” to the Execution Environment at runtime.