피드 구독

In the world of IT automation, Red Hat Ansible Automation Platform has emerged as a powerful tool for streamlining tasks and orchestrating complex systems. With the release of Ansible Automation Platform 2.X, managing automation workflows has become even more efficient. In this blog post, we'll explore how to configure a newly deployed Ansible Automation Platform 2.X instance using API calls directly from a playbook. By following these steps, you'll be able to set up your automation environment swiftly and seamlessly.

Of course, in most cases, you will use a Red Hat Ansible Certified Content Collection such as ansible.controller or Ansible validated content infra.controller_configuration as a more flexible option to configure the Ansible Automation Platform. In certain situations, you might find that regular collections aren't available. This could occur post-installation of the Ansible Automation Platform or in environments with strict security policies disallowing external collections. In these instances, your best course of action is to leverage API calls for initial configuration.

Prerequisites:

Before diving into the configuration process, ensure you meet the following prerequisites:

Ansible Automation Platform 2.X: Check that Ansible Automation Platform 2.X is installed without errors and is accessible along with a private automation hub.

Ansible package: The latest release of  Ansible Automation Platform (2.9 or later) must be installed on the host where the playbook will run. If you haven't already installed it, make sure to set it up on your system before proceeding further. If you are running the playbook on the same host that was used for the Ansible Automation Platform installation, the Ansible package will already be there.

Repo Credentials:

While we've tested this setup using GitHub, you can configure it to work with other repository sources as needed.

  • GitHub Credentials: You'll need your GitHub username and personal access token to authenticate with GitHub and access repositories. The examples below assume the repository with Ansible Automation Platform configuration is not public.

  • GitHub Repository: Prepare the GitHub repository URL where your Ansible Playbook and related files are stored. This repository will be used for version control and synchronization with your Ansible Automation Platform environment.

  • Collections Tarballs: If you are going to import any collections into a private automation hub, make sure collection tarball files are accessible by the playbook. Collections contain reusable automation content and modules necessary for various tasks within your automation workflows.

  • Ansible Installation Inventory File: Make sure you have an inventory file containing the necessary configuration details, such as host addresses and groupings, for your Ansible Automation Platform installation. This can be the same inventory file you used for Ansible Automation Platform installation and it is expected to be located in the same folder as the playbook containing the examples below.

Configuration Process

Before delving into the configuration of the Ansible Automation Platform 2.X, it's imperative to prepare all the necessary variables required for the setup using API calls. This initial step lays the foundation for a smooth and seamless configuration process, so that all essential components are in place before proceeding further.

1) Get and Prepare Variables for Ansible Automation Platform Configuration:

The first step involves retrieving and preparing all the variables essential for configuring Ansible Automation Platform. Through API calls, we gather pertinent information such as controller node addresses, authentication tokens and user credentials. These variables serve as the building blocks for our configuration process, providing the necessary parameters for interaction with the Ansible Automation Platform environment.

Example:

  - name: Generate Controller token
    ansible.builtin.uri:
      url: "https://{{ controller_node }}/api/v2/tokens/"
      method: POST
      body_format: json
      headers:
        Content-Type: "application/json"
        Authorization: "Basic {{ ('admin:' + admin_password) | b64encode }}"
      body:
        description: "Personal Controller token"
      validate_certs: false
    register: controller_token
    failed_when: "controller_token.status not in [200, 201]"

This example assumes that we are creating a personal token for an admin account since this account is created by default during the Ansible Automation Platform deployment and its credentials are what is available by default in the inventory file used for the deployment. If the requirement is to use another account, it has to be created first and can also be parameterized in the task above. Step 3 has an example of creating a user.

2) Create Namespaces for Private Automation Hub Collections:

As the private automation hub is newly installed and collections are not available, we next check that there’s organizational clarity within the Ansible Automation Platform environment by creating namespaces for collections. These namespaces serve as logical containers for organizing and managing automation assets effectively. In the absence of predefined namespaces, we create them to streamline access control and resource allocation within our automation ecosystem.

Example:

  - name: Create namespaces for collections
    ansible.builtin.uri:
      url: https://{{ automation_hub }}/api/galaxy/_ui/v1/namespaces/
      user: "{{ automationhub_admin_user }}"
      password: "{{ automationhub_admin_password }}"
      method: POST
      body: '{
               "name": "{{ item }}",
               "groups": []
             }'
      force_basic_auth: true
      status_code: 201
      body_format: json
      validate_certs: false
    loop: "{{ namespaces_to_match | difference(matched_namespaces) }}"

For private automation hub configuration, we'll use a username and password. At the same time, existing the hub-wide API token gets reset each time a new one is requested, and since the hub-wide API token is also used by the automation controller to get collections, it’s not something we want to be changing each time we run the playbook.

3) Create Necessary Users, Credentials, Inventory:

With the foundational elements in place, we proceed to create essential components such as users, credentials and inventories within Ansible Automation Platform. This step encompasses the creation of accounts for further automation or administrative tasks, inventory configurations and credential setups, enabling a robust authentication and authorization framework for our automation workflows.

Example:

  - name: Create an automation user with a random password
    ansible.builtin.uri:
      url: "https://{{ controller_node }}/api/v2/users/"
      method: POST
      body_format: json
      headers:
        Content-Type: "application/json"
        Authorization: "Bearer {{ controller_token.json.token }}"
      body:
        username: "aap-admin"
        password: "{{ automation_user_random_password.stdout }}"
        is_superuser: true

4) Create Private Automation Hub (PAH) Users and namespaces:

Simultaneously, we configure the private automation hub, a critical component for orchestrating automation workflows securely. This involves creating private automation hub users and namespaces, and establishing secure authentication mechanisms. By implementing stringent access controls and authentication protocols, we fortify the security posture of our automation infrastructure, safeguarding sensitive data and workflows.

Example:

  - name: Create Private Automation Hub credential
    ansible.builtin.uri:
      url: "https://{{ controller_node }}/api/v2/credentials/"
      method: POST
      body_format: json
      headers:
        Content-Type: "application/json"
        Authorization: "Bearer {{ controller_token.json.token }}"
      body:
      validate_certs: false

5) Create a Project, Add WebHook, Connect with GitHub, and Launch the Job:

To culminate our configuration process, we create a project within the Ansible Automation Platform environment, integrate it with external services such as GitHub and automate the deployment process using webhooks. This comprehensive approach offers seamless collaboration and versioning capabilities within our automation workflows. Finally, we add the project to a job template and launch the job, validating the functionality of our playbook and enabling the successful execution of our configuration tasks.

Example:

  - name: Create project
    ansible.builtin.uri:
      url: "https://{{ controller_node }}/api/v2/projects/"
      method: POST
      body_format: json
      headers:
        Content-Type: "application/json"
        Authorization: "Bearer {{ controller_token.json.token }}"
      body:
        name: aap-config
        scm_type: "git"
        scm_url: "{{ github_repo }}"
        organization: 1
        credential: "{{ github_credential_id }}"
        scm_update_on_launch: true
      validate_certs: false

By following these configuration steps, you can configure Ansible Automation Platform 2.X using API calls. Each step in the process contributes to the establishment of a robust automation environment, characterized by efficiency, security and agility. With proper execution, you'll have a fully functional Ansible Automation Platform instance ready to streamline your IT automation workflows and drive organizational success. You will find a complete example playbook here.

Conclusion

In this blog post, we've provided a detailed guide on setting up Ansible Automation Platform 2.X through API calls from a playbook, starting from a fresh installation with no existing configuration. By adhering to these steps, you'll establish the essential initial configurations for your day-to-day tasks with the Ansible Automation Platform.

Learn more


저자 소개

Sohidur Rahman is a dedicated Red Hat Container Infrastructure Consultant, driven by a passion for helping clients overcome their strategic technology and business challenges using open source methods and technologies.

Read full bio
UI_Icon-Red_Hat-Close-A-Black-RGB

채널별 검색

automation icon

오토메이션

기술, 팀, 인프라를 위한 IT 자동화 최신 동향

AI icon

인공지능

고객이 어디서나 AI 워크로드를 실행할 수 있도록 지원하는 플랫폼 업데이트

open hybrid cloud icon

오픈 하이브리드 클라우드

하이브리드 클라우드로 더욱 유연한 미래를 구축하는 방법을 알아보세요

security icon

보안

환경과 기술 전반에 걸쳐 리스크를 감소하는 방법에 대한 최신 정보

edge icon

엣지 컴퓨팅

엣지에서의 운영을 단순화하는 플랫폼 업데이트

Infrastructure icon

인프라

세계적으로 인정받은 기업용 Linux 플랫폼에 대한 최신 정보

application development icon

애플리케이션

복잡한 애플리케이션에 대한 솔루션 더 보기

Original series icon

오리지널 쇼

엔터프라이즈 기술 분야의 제작자와 리더가 전하는 흥미로운 스토리