2. Ansible Automation Platform

2.1. Introduction

This guide aims to explain the system configuration and environment needed to operate Exastro IT Automation (hereinafter referred to as ITA)'s Ansible connectivity function (referred to as Ansible Driver)

This guide will also explain system configurations and environments for using Ansible Automation Platform as an execution engine.

For Ansible Core configurations, please see Ansible Core.

Exastro IT Automation must be installed in order to use the ITA Ansible driver.

For instructions on how to install Exastro IT Automation, please see Helm chart (Kubernetes) - Online.

2.2. Systen configuration

The Ansible driver is a standard function available when deploying Exastro IT Automation.

We recommend using Ansible Automation Platform configurations for scale-out architectures for the Ansible execution server.

The diagram below illustrates an Ansible Automation Platform configuration pattern.

2.2.1. Systen configuration pattern

Ansible Automation Controller allows for operation of systems with better availability and the use of expanded functions when running Ansible.

警告

The ITA system and Ansible core must be own their own servers.

Ansible Core (Ansibler driver (Agent)) is required, as it the Playbooks are encrypted using Ansible Vault.

The following image illustrates a configuration pattern with the main Ansible driver functions.

※ The diagram does not include the Exastro ITA system.

表 2.1 System configuration pattern

No	Configuration	Description	Ansible scaleout
1	Ansible Automation Platform (Hybrid pattern)	A configuration pattern that allows the Ansible Control node execute operations for Managed nodes. While simple, this configuration requires a communication for each Managed node	Yes
2	Ansible Automation Platform (Seperate Execution node pattern)	A configuration where the Ansible Control node links with the Ansible Execution node in order to execute operations for Managed nodes. In contrast to the Ansible Automation Platform (Hybrid pattern), this configuration is more complicated. In return, it allows the user to execute operations to the managed nodes as long as the Ansible Control node can communicate with the Ansible Execution node. The user does not need to configure communication settings for each Managed node.	Yes

Ansible Automation Platform (Hybrid pattern)Ansible Automation Platform (Seperate Execution node pattern)

The following diagram illustrates the configuration for Ansible Automation Platform (Hybrid pattern).

図 2.1 Ansible Automation Platform (Hybrid pattern)

※1 The communication numbers corresponds to the numbers illustrated in the Ansible Automation Platform (Hybrid pattern) diagram.

※2 The port numbers written are standard port numbers.

※3 These are examples. The protocols depends on the Ansible module.

2.3. System requirements

The system requirements for Ansible driver are based on the ITA System requirements. See Helm chart (Kubernetes) - Online for more information.

The following are the system requirements for Ansible Automation Platform.

表 2.3 Ansible Automation Platform の動作確認済みバージョン

Exastro IT Automation	Ansible Automation Platform
	2.1	2.2	2.3	2.4
2.0.x	○	○
2.1.x		○	○
2.2.x		○	○
2.3.x		○	○	○

〇: 動作確認済み

2.4. Playbook link

The following diagram illustrates The Playbook links between ITA and Ansible Automation Platform.

図 2.3 ITA and Ansible Automation Platform 2.x Playbook link Diagram

2.5. Initial settings

After installing Ansible Automation Platform, configure the following settings depending on the Execution engine.

表 2.4 Ansible Core system requirements

Setting	Ansible Automation Platform 2.x
ITA Operation directory preparation	〇
ITA Operation directory publication	〇
Ansible Automation Platform file transfer user preparation	〇
Ansible Automation Platform Git user preparation	〇
Proxy settings	△

〇:Required　△:Required depending on user conditions

2.5.1. ITA Operation directory preparation

Create a directory for ITA operations in the Ansible Automation Platform server.

For cluster configurations, create the directory on all the configurating servers.

The Ansible Automation Platform's Hon node does not need a directory.

表 2.5 ITA Operation directory information

Item	Setting value
Directory path	/var/lib/exastro
Owner/Group	awx:awx
Permission	0755

2.5.2. ITA Operation directory publication

Log in to the Ansible Automation Platform through your browser and set:menuselection:Settings --> Job --> Path for publishing seperated jobs to /var/lib/exastro/.

2.5.3. Ansible Automation Platform file transfer user preparation

When generating Ansible Automation Platform projects from ITA, you must transfer a set of Playbook files to the following directory in Ansible Automation Platform.

Make sure to prepare a Linux user for file transfers.

・SCM management directory(/var/lib/awx/projects)

　※Use the linux user for Playbook transfers for Ansible Tower3.x.

・ITA operation directory(/var/lib/exastro)

We highly recommend that the Linux user configures a password for the awx user generated when Ansible Automation Platform is installing.

警告

Preparing and using users other than the awx user to change SCM management path (/var/lib/awx/projects) permissions is not within the scope of Red Hat support.

The Linux user needs to be registered to the ITA System. See Ansible Automation Controller host list for more information.

2.5.4. Ansible Automation Platform Git user preparation

The SCM type for projects generated from ITA to Ansible Automation Platform is using Git.

The destination Git repository is created by the host installed by the Ansible driver backyard function.

Make sure to prepare a Linux user for connecting to the Git repository with ssh key authentication from Ansible Automation Platform.

The user will need a access token that allows them to create and operate.For more information, see GitLab link settings.

表 2.6 ITA Generated Linux user information for SSH authentication

Item	Value
User	awx
Password	Not set
Secret key	/home/awx/.ssh/rsa_awx_key
Public key	/home/awx/.ssh/rsa_awx_key.pub

2.5.5. Proxy settings

When running Operations with Ansible Automation Platform settings, an execution environment container image is downloaded from a website specified by Red Hat.

Log in to Ansible Automation Platform through your browser, access Settings ▶ Job ▶ Add Environment variables and configure the following environment variables.

• https_proxy

• http_proxy

• no_proxy

• HTTPS_PROXY

• HTTP_PROXY

• NO_PROXY

警告

If the Ansible Automation Platform is running under a Proxy environment, the Proxy settings needs to be configured to Ansible Automation Platform. Running operations without Proxy settings might cause errors with unknown causes

2.6. Adding Organizations

2.6.1. Create Organizations

Create an Organization.

Log in as admin (administrator) to Ansible Automation Platform.

1. Click the Add button under Access ▶ Organization.
2. Fill out the corresponding items and click Save.

   
   

   See the table below for the required items and their values.

Item	Set value	Remarks
Name	(User-set name)
Instance group	※Leave as unselected	Set with "Link Organization and Instance group "

2.6.2. Register Application

Register Application for paying out connection tokens.

Log in as admin (administrator) to Ansible Automation Platform.

1. Click the Add button under Management ▶ Application.
2. Fill out the corresponding items and click Save.

   
   

   See the table below for the required items and their values.

Item	Set value	Remarks
Name	(User-set name)	Use with「 Authentication token pay-out 」
Organization	Select organization created here:" Create Organizations "
Authentication grant type	Select Resource owner password base
Client type	Secret

2.6.3. Create user

Create user for Organization.

Log in as admin (administrator) to Ansible Automation Platform.

1. Click the Add button under Access ▶ User.
2. Fill out the corresponding items and click Save.

   
   

   See the table below for the required items and their values.

Item	Set value	Remarks
Name	(User-set name)
Password	(User-set password)
Confirm Password	(User-set password)
User type	Select Standard user
Organization	Select organization created here: "Create Organizations "

2.6.4. Configure Roles

Configure roles that will link the Users to the Organizations.

Log in as admin (administrator) to Ansible Automation Platform.

1. Click the username you created in Create user under Access ▶ User.
2. This will move you to the User details menu. Select "Role" and click the Add button.
3. Follow the instructions below and add the required user permissions.
   1. When adding Resource types, select "Organization" and click the Next button.
   2. When selecting List items, select the organization created in Create Organizations and click the Next button.

      ※Do not grant any roles to organizations that were not created in Create Organizations.
   3. When selecting role, select both "Admin" and "Member" and click Save.

2.6.5. Authentication token pay-out

Log in as Create user to Ansible Automation Platform.

1. Press the Add button under Access ▶ User.
2. Fill out the corresponding items and click Save.

   
   

   See the table below for the required items and their values.

Item	Set value	Remarks
Application	Select application created here: " Register Application ""
Range	Select Write

2.7. Add Workspaces

2.7.1. Add Instances

Add the Ansible Execution Environment Instance (hereinafter written as Ansible ee).

2.7.2. Create Instance groups

※ If there already is an instance group for Ansible ee, jump to Add Instance to Instance group.

Log in as admin (administrator) to Ansible Automation Platform.

1. Select the Instance group you are adding the Ansible ee Instance in Add Instances under Management ▶ Instance group.
2. Fill out the corresponding items and click Save.

   
   

   See the table below for the required items and their values.

Item	Set value	Remarks
Name	(User-set name)	See the following for rules regarding names.

2.7.3. Add Instance to Instance group

Add the Ansible ee instance from Add Instances to the Instance group.

Log in as admin (administrator) to Ansible Automation Platform.

1. Select the Instance group you are adding the Ansible ee Instance in Add Instances under Management ▶ Instance group.
2. This will move you to the Instance group details menu. Press the Instance tab and click the Associate button.
3. This will move you to the Instance selection menu. the Ansible ee Instance should be displayed. Select it and press the Save button.

2.7.4. Link Organization and Instance group

Link the Instance group from earlier with the organization created in Create Organizations.

Log in as admin (administrator) to Ansible Automation Platform.

1. Go to Access ▶ Organization and select the name of the Organization created in Create Organizations.
2. This will move you to the Details menu. Press the Edit button.
3. This will move you to the Edit menu. Select the Instance group from earlier and click the Save button.

   ※Multiple selectable

2.7.5. Register Authentication token and Organization to ITA

Refer to Interface information and Register the Authentication token created in Authentication token pay-out and the Organization created in Create Organizations to Ansible common ▶ Interface information

警告

When registering Organization names, make sure to open "Interface information" and select the name of the Organization created in "Create Organizations" approximately 1 minute after registering the Authentication token.

※The Backyard collects the organizations associated with the users corresponding to each authentication token and displays them in the pull-down.

注釈

If a user created in the " Configure Roles" section has been granted multiple organization roles, a randomly selected organization will be used as the default value.