Using Private Automation Hub

Task 4: Using Private Automation Hub


  • Automation Controller is running & accessible
  • Private Automation Hub is running & accessible


  • Configure Automation Controller to access your Private Automation Hub
  • Add collections from Red Hat Automation Hub, Galaxy and custom ones created by you.
  • Add Excution Environment images

Important: You only have to do this because we didn’t have installer install Controller and PAH in one go. Then the integration would have been configured for you already. For the sake of understanding we decided to let you do this manually. Note: The Execution Environemnt images coming with the bundle installer have been pushed to the PAH registry already.

Let’s start, as the docs for this are distributed over some places we’ll give some more instructions.

Integrate Private Automation Hub into Automation Controller

  • In your PAH go to Collections->API token management, hit Load Token and copy the token. Put it somewhere, the token will change every time you have to get it this way!
  • In Controller, go to Resources->Credentials and Add three new credentials:
    • Name them PAH community, PAH certified and Pah published
    • All belong to the Organisation default
    • Credential Type is Ansible Galaxy/Automation Hub API Token
    • Look up the Galaxy Server URL for each in PAH: In Collections->Repository Management lookup the Repo URL for community, published and rh-certified and put them in respectively.
    • You have created the API token already, paste in into the credentials
    • As your PAH is using a self-signed certificate, disable the certificate verification:
      • Go to Settings->Jobs Settings, click Edit and set Ignore Ansible Galaxy SSL Certificate Verification to On

The last thing you have to setup is to configure the Organization (default here) to use the PAH credentials and the order it searches them:

  • Go to Access->Organizations, choose the default Organization and click Edit
  • In Galaxy Credentials remove Ansible Galaxy and add our three PAH credentials
  • Note how you could change the order here
  • Click Save

Add content to your Private Automation Hub

Most of this is well documented here

Sync collections from Red Hat Automation Hub

  • Go to and open Ansible Automation Platform->Automation Hub->Collections. Here you could enable/disable the sync of certain collections but there is a bug as of now! We’ll give you a working URL to sync all content as a workaround.
  • What you need to do is to get the autentication token and configure it in your PAH:
    • In Red Hat Automation Hub Go to Connect to Hub and copy the Offline Token
    • In PAH go to Collections->Repository management->Remote
    • Edit the rh-certified remote:

Sync selected comunity collections from Ansible Galaxy

  • Galaxy is configured as the remote community out of the box
  • To sync collections:
    • Create a regular requirements.yml file pointing to the collection you want, we’ll use the one from the docs:
  # Install a collection from Ansible Galaxy.
  - name: geerlingguy.php_roles
    version: 0.9.3
  • Go to Repo Management, click the Remote tab again
  • Edit the community remote
  • In YAML requirements upload the requirements.yml file from your local machine.
  • Click Save
  • In the Remote overview tab click Sync for the community remote

Verify the sync of the collections in Collections->Collections, switch the repositories with the dropdown at the top. There should be a lot of content in the Red Hat Certified repo and one collection in the Community repo.

Push Images to PAH Registry

  • As test push a local image to PAH
  • First login to the PAH registry: podman login --tls-verify=false <PAH-HOST>
  • Example: podman push --tls-verify=false <PAH-HOST>/ee-ansible-ssa
  • Check in PAH under Execution Environments

Test Private Automation Hub Integration

Now check that your Automation Controller can actually use the content from your PAH:

  • Create a new Project pointing here:
    • Have a look at the content, esp the collections/requirements.yml file
  • Create a new Template:
    • Name: up to you
    • Inventory: The one you set up with the Playbook before, it should contain one of your AWS instances
    • Project: The one you just created
    • Execution Environment: Ansible Engine 2.9 execution environment
    • Playbook: install-php.yml
    • Check Privilege Escalation
  • Launch the Template, if all was configured correctly it should install PHP modules on the managed node.

So recap what happened:

  • You created a Template that runs a Playbook that has a requirement on a certain Collection which is not part of the Execution Environments included in Controller.
  • Your Organization (default) is configured in a way it can only download Collections from your Private Automation Hub
  • The Collection did exist on your PAH
  • Important: As this collection is not part of the Execution Environment the Playbook run in, how did it work? In this case is it was dynamically “added” to the Execution Environment at runtime.