Private automation hub is the content system for Red Hat Ansible Automation Platform, hosting and serving up content to the platform in a scalable way with an enhanced security posture. The hosted content ranges from collections to container images, whether it's your own content, certified content from Red Hat or partner content from the extensive partner ecosystem, along with open source content from Ansible Galaxy.

Private automation hub is on its way to being the content management system for the Ansible Automation Platform and, with the most recent release, it has made some great steps to cementing itself as the de facto content system choice for Ansible Automation Platform.

 

Enhancing Software Supply Chain Security

Content can be pretty harmful if you cannot trust the source. Much like surfing the internet, we have become accustomed to knowing that if there is a “padlock” in the browser bar then we can consider the site safe. We also know that if we take content from the community, we do so at our own risk, but when you pay for a subscription that offers Red Hat Ansible Certified Content, you expect it to be safe. To drive this manner of safety and instill greater trust with our users, we have added certificates to all Red Hat Ansible Certified Content, so that when you build automation you can check and verify that only content with valid signatures are used in your build process. 

 

Organizing Content  

Until now, content in private automation hub has been restricted to three static repositories (like folders/directories). In the new release of private automation hub, it is now possible to create custom repositories. Why? 

The feature is mostly targeted at our partner ecosystem, but in an enterprise you may still wish to do this. Imagine you have content by geographic nature, or maybe by regulatory needs, such as GDPR-compliant versus non-compliant. Your business process may mandate that this content cannot be mixed or sent/synchronized to the wrong locations. Creating custom repositories means you can now slice and dice your content how you prefer. It also makes it easier to synchronize the whole repository of content between different automation hubs in your network. Role-Based Access rules are supported across the repository to govern who can access, and you can also set how the repository behaves in a pipeline. This means you can set the repository to require approval on new artifacts published into it or to act as a standalone repository with no approval settings.

 

Synchronizing Content

Private automation hub users always have more than one hub: They have the automation hub at console.redhat.com that serves Red Hat Ansible Certified and Ansible validated content from their subscription as well as at least one private automation hub on premise or in their cloud space. Therefore synchronizing content usually starts with content from Red Hat to your instance, and with the new release we have settled on a common approach for this task. Whether you are syncing content from Ansible Galaxy, Cloud Hub at console.redhat.com or one of your own private hubs, all you need to do is define a YAML file in the format of a requirements.yml type detailing the individual collections and/or versions you wish to pull/sync to your private automation hub. This is configured on a per repository basis, and includes a built in UI YAML editor with a pre-build template for you to follow. All repositories support this method and this makes it really easy to sync only the content you wish to define. 

Built-in editor with predefined template for syncing of content

 

Built-in Content

Private automation hub, when installed using the bundled installer, now seeds as part of the install all current Red Hat Ansible Certified and Ansible validated content into their respective repositories. This saves time obtaining the content and means you can start working with extensive automation use cases straight away. This is the same for automation execution environment images, as these too are seeded into the install private automation hub.

Seeded Red Hat Ansible Certified Content

Seeded Red Hat Execution Environment Images

 

Task Management

A task management tab now allows you to view what's going on behind the scenes in private automation hub. This is very helpful during synchronization of content to see more than just the “in progress” message.

Task Management tab

 

Directory Services Native Integration

Private automation hub has had the ability to authenticate its users via Red Hat’s single sign-on for some time now. This allows for common authentication types to be supported such as SAML, MFA, and LDAP. Our customers requested support for LDAP, which has become the number one authentication integration use case natively within private automation hub. Private automation hub can now support direct connection to a LDAP service without the need for separate SSO services. You can enable or disable this capability directly in the settings file for private automation hub on the local file system. The integration uses the standard Django LDAP plugin and will authenticate the user against the directory and mirror the group membership to private automation hub. 

 

Ansible Lightspeed for Ansible Galaxy and beyond

Whilst this capability is not strictly in private automation hub, it is in the code base that all of the hubs share with galaxy. Engineers have been working to enable participation options and flags in Ansible Galaxy to allow content curators to opt in or out of Ansible Lightspeed, these are currently being tested in our beta Ansible Galaxy website and will transition to production very soon. This will serve as a basis going forward for private automation hub integrations. Ansible Lightspeed uses the content in Galaxy to teach itself about what automation is available and what variables and options drive that automation. Essentially, Ansible Galaxy and its content is everything that Ansible Lightspeed can be.

 

What's Next?

Private automation hub has a strong roadmap; here are a few of the items you can expect in the future:

New Dashboard

Content of all kinds, whether its movies, music or Ansible Content Collections, all share a similar style in presentation. To that end, we are evolving a new dashboard that better matches the industry standard that our users are accustomed to from streaming media services, online shopping and more.The new dashboard will group content by their various categories such as networking, storage, compute, Red Hat Ansible Certified, validated, top 5, last used, etc.

Execution Environment Image Builder

We are working on the ability to select the collections you wish to use into the UI of private automation hub, and simply click build the execution environment. The resulting execution environment image will then be built for you and pushed into the private automation hub local registry for use. This removes the complexity and friction in building execution environment images. You can still use the CLI for execution environment builder in case you have more complicated use cases. A big advantage to using private automation hub for building execution environment images is that you can version your build files; the Docker file used to make the image will be stored in private automation hub so that you can reuse or view the manifest.

Officially Certified Private Automation Hub Collection

The Red Hat Community of Practice created an Ansible Content Collection that could be used to configure private automation hub post-installation, or Day 2. This collection has seen a lot of customer use, with requests that we offer official support around it. In the future, we will adopt this collection into the hub engineering team and will place it in the certified repositories on console.redhat.com. This means the collection will be fully supported and will run its own lifecycle so we can iterate chosen features outside that of Ansible Automation Platform.

Settings Area

An area within the UI that allows an administrator to configure various areas of private automation hub, such as LDAP settings, banners and feature flags. This capability will also be available via API so you can orchestrate these changes across multiple hubs using Ansible if you wish too.

There is even more work going on with hub engineering, including taking the hub code base to the existing Ansible Galaxy website, contributing the entire hub UI to the centralized UI effort, bug fixes and addressing customer requests for enhancements. There is also a whole new partner-only offering of Ansible automation hub - interested Red Hat partners can reach out to their representatives for more details.

 


About the author