Introduction

Automation mesh is a Red Hat Ansible Automation Platform feature that allows organizations to distribute automation workloads across hybrid cloud peer-to-peer connections with each other using existing networks. Automation mesh with Red Hat Ansible Automation Platform on Microsoft Azure empowers organizations to scale their automation with a single control plane two-fold:

  1. The Ansible Automation Platform on Azure architecture automatically scales based on automation workloads that it can directly automate against, through direct or transit routing, eliminating the need for customers to manage the automation infrastructure directly.
  2. When automation must run against resources in other data centers, at the edge, or in circumstances where Ansible Automation Platform on Azure cannot directly connect, then customers can configure an automation mesh execution plane connected to Ansible Automation Platform on Azure.

The automation mesh execution plane consists of two types of mesh nodes, hop nodes and execution nodes.

Hop nodes serve to facilitate communication with the execution nodes and route traffic to them.

Execution nodes run automation against the target endpoint resources.

Many organizations have hybrid cloud environments with workloads and resources in public cloud, private clouds, and across data centers. For them, the need to reach those networks and place execution nodes close to the automation endpoints is critical. An example of this type of configuration is below.

With the release of automation controller 4.5, the ability to implement hop nodes is now available for Ansible Automation Platform on Azure.

Your Ansible Automation Platform subscription grants you ten Red Hat Enterprise Linux (RHEL) licenses that may be used for running components of Ansible Automation Platform. In this example, we will leverage those licenses to implement automation mesh using a hop node and an execution node that runs in a remote site from our Ansible Automation Platform on Azure deployment.

Let’s walk through how to deploy this and take advantage of this capability.

Preparing the Network

The network configuration in these examples will use default ports for examples. Network configuration can be configured per the organization’s needs. For complex network configurations, use the automation mesh documentation for guidance.

Automation mesh uses TLS encryption for communication, so traffic that traverses external networks (the internet or other) will be encrypted in transit.

  1. The DMZ is open to port 27199 for traffic from the public internet that will allow for communication from the Ansible Automation Platform on Azure instance.
  2. Network traffic can route between the DMZ and the private network on port 27199.
  3. Network traffic within the private network can route on ports where automation occurs, such as 22 for SSH and 443 for APIs.

Also prepare resources, like a virtual machine, on the private network. In Ansible Automation Platform, create an inventory with the private resource using its private IP address or hostname.

Preparing the RHEL instances

There are many different ways that the automation mesh machines could be deployed and configured, including with more Ansible automation. For example purposes, we will describe the steps manually in this section. The following assumes RHEL 9 running on x64_64 architecture.

  1. Deploy the RHEL instances within the remote networks where communication is required.
    1. In the example above, one instance will reside within the DMZ network with a public IP address and one will reside on the private network.
    2. RHEL ISOs can be obtained from access.redhat.com.
  2. SSH into each of the RHEL instances and perform the following steps. Depending on your network access and controls, SSH proxies or other access models may be required.
  3. Ensure that the RHEL instances are entitled through subscription-manager.

    sudo subscription-manager register --auto-attach
  4. Subscribe to the Ansible Automation Platform repositories. 

    sudo subscription-manager repos --enable ansible-automation-platform-2.4-for-rhel-9-x86_64-rpms
  5. Install the ansible-core packages.

    sudo dnf install -y ansible-core
  6. Install the ansible.receptor Ansible collection.

    ansible-galaxy collection install ansible.receptor
  7. Create or copy an SSH key that can be used to connect from the hop node to the execution node in later steps. This can be a temporary key used just for the automation mesh configuration, or a long-lived key. The SSH user and key will be used in later steps.
  8. Open port 27199 for receptor communication.

    sudo firewall-cmd --permanent --zone=public --add-port=27199/tcp

The RHEL instances should now be ready to run automation mesh.

Configuration in automation controller

We need to configure the nodes in automation controller. In our example we will deploy 1 hop node, and 1 execution node.

  1. Log in to automation controller.
  2. Navigate to “Instances” under the “Administration” menu.
  3. Click “Add”.
  4. Fill out the fields with the following to configure the execution node.
    1. Host name: <the private ip address of the host>
    2. Description: Execution node
    3. Listener Port: 27199
    4. Instance Type: Execution

  1. Click ”Save”.
  2. Click the “Install Bundle” icon to download the installation package.  Save this for use in later steps.
  3. Click “Back to instances”.
  4. Click “Add”.
  5. Fill out the fields with the following to configure the hop node.
    1. Host name: <the public ip address or host name of the host>
    2. Description: Hop node
    3. Listener Port: 27199
    4. Instance Type: Hop
    5. Peers: Click the magnifying glass and select the execution node that was previously created
    6. Check the “Peers from control nodes” option

IP address in this screenshot is example only

  1. Click “Save”.
  2. Click the “Install Bundle” icon to download the installation package. Save this for use in later steps.
  3. Click on the “Topology View” menu item under “Administration”. You should see your automation mesh configuration in a tentative “installed” state.

IP addresses in this screenshot are for example purposes only

Hop node IP address:  20.123.123.972

Execution Node IP address: 10.10.0.2

Installing the automation mesh bundles

The two bundles that were downloaded in the previous section use Ansible Automation Platform to set up each of these automation mesh nodes. Where you run these bundles will depend on your network access to the resources. In our example, we will assume that you have SSH access to the hop node and can run the bundle automation for both machines from the hop node.

  1. Copy both bundle files from your local machine to the hope node. Note that your IP addresses or hostnames will be unique to your environment.
scp /path/to/hop/bundle/20.123.123.972_install_bundle.tar.gz \ user@20.123.123.972

scp /path/to/exec/bundle/10.10.0.2_install_bundle.tar.gz user@20.123.123.972
  1. Extract both tar.gz files.
tar -xzvf /path/to/hop/bundle/20.123.123.972_install_bundle.tar.gz
tar -xzvf /path/to/exec/bundle/10.10.0.2_install_bundle.tar.gz
  1. Change into the directory of the execution node folder.
cd /path/to/exec/bundle/10.10.0.2_install_bundle
  1. Open the inventory.yml file in a text editor.
vim /path/to/exec/bundle/10.10.0.2_install_bundle/inventory.yml
  1. Change the user field so that it contains the SSH user for the execution node.
---
all:
  hosts:
    remote-execution:
      ansible_host: 10.10.0.2
      ansible_user: <username> # user provided
      ansible_ssh_private_key_file: ~/.ssh/id_rsa
  1. If required, change the name of the SSH key based on how you set up your SSH key on this host in earlier steps.
  2. Save the inventory.yml file.
  3. Run the playbook to install automation mesh on the execution node host.
ansible-playbook -i inventory.yml install_receptor.yml
  1. When the installation completes, change into the directory for the hop node folder.
cd /path/to/hop/bundle/20.123.123.972_install_bundle
  1. Open the inventory.yml file in a text editor.
vim /path/to/hop/bundle/20.123.123.972_install_bundle/inventory.yml
  1. Change the user field so that it contains the SSH user for the hop node.
---
all:
  hosts:
    remote-execution:
      ansible_host: 20.123.123.972
      ansible_user: <username> # user provided
      ansible_ssh_private_key_file: ~/.ssh/id_rsa
  1. If required, change the name of the SSH key based on how you set up your SSH key on this host in earlier steps.
  2. Save the inventory.yml file.
  3. Run the playbook to install automation mesh on the hop node host.
ansible-playbook -i inventory.yml install_receptor.yml

Verify connectivity

  1. In your web browser, open automation controller again.
  2. Click on “Instances” under “Administration” in the left menu.
  3. Click the checkbox next to the execution node.
  4. Click “Run health check”. This step may take a few minutes.
  5. If the automation mesh is working correctly, then all nodes should have a “Ready” status.

Create an Instance Group

  1. Click on “Instance Groups” under “Administration”.
  2. Click “Add”.
  3. Click “Add instance group”.
  4. Create the instance group with the following fields:
    1. Name: Remote Network

  1. Click “Save”.
  2. Click the “Instances” tab.
  3. Click “Associate”.
  4. Click the checkbox next to the execution node that was created.
  5. Click “Save”.

Demonstrate how this works

Now that we have configured the hop and execution nodes, let’s kick off some jobs from the automation controller and observe how they pass through the hop node, which in turn passes them to the execution nodes to run the automation tasks.

  1. Open the inventory that you created as a preparatory step to this guide.
  2. Click “Edit” to edit the inventory.
  3. Click the magnifying glass next to Instance Groups.
  4. Select the “Remote Network” instance group.
  5. Click “OK
  6. Click “Save
  7. Click on the “hosts” tab.
  8. Click the checkbox next to the VM host that you created on the private network.
  9. Click “Run Command”.
  10. Run the ping module against the host.

If the ping is successful, then automation mesh is configured properly. You may now run automation jobs against hosts on a private network.

What can I do next?

To learn more about Ansible Automation Platform on Azure, please visit the page here.

To learn more about automation mesh, please visit this guide.

To learn more about Ansible Automation Platform on other hyperscaler clouds, please visit the page here.

For hands-on self-paced lab(s) on Ansible Automation Platform please visit this page.

  • lab on Ansible Automation Platform on Azure.
  • lab on getting started with automation mesh.
  • Documentation for Red Hat Ansible Automation Platform Automation Mesh for operator-based installations
  • Documentation for Red Hat Ansible Automation Platform Automation Mesh for VM-based installations

About the authors

Hicham is responsible for technical marketing of the Red Hat Ansible Automation Platform on Clouds. Hicham has been in the software industry for over 20 years and for many of them focused on cloud management. Hicham has been a frequent presenter at events and conferences like VMworld, vForum, VMUG, VMLive, Gartner, Dell Technology World, AWS re:Invent, HPE Discover, Cloud Field Day, Red Hat Summit, AnsibleFest, in addition to Customer events.

Read full bio

Scott Harwell is a Principal Product Manager at Red Hat for Ansible on Clouds. His focus is the delivery of Ansible Automation Platform offerings on hyperscaler cloud vendors such as Microsoft Azure and AWS. Prior to joining Red Hat, Scott held product management, development, and consulting roles for Oracle, AST Corporation, Tech Machine, and Volvo. Scott is a cloud enthusiast with experience and certifications across many cloud providers. He is passionate about automation and likes to find creative ways to improve IT, technical, and business processes.

Read full bio