Nowadays, Ansible is one of the most widely-used automation tools in IT. However, the big challenge with the huge number of available modules and roles in the community serving different use cases is to find the properly hardened modules suitable and reliable for production environments.
When using community modules and roles in playbooks to automate your production environments, you need to keep track of their life cycle and verify their compatibility with new Ansible releases.
These challenges make the reliability of Ansible community modules and roles questionable.
Red Hat Automation Hub
Red Hat has recently modified their Ansible subscription model and introduced many new online Ansible products accessible from the Red Hat Cloud Tools site if you have the proper Ansible subscription.
The primary online product there, which I believe will make Ansible more reliable, is the Red Hat Automation Hub. It would not be an exaggeration if I said it will greatly increase the trust level. Red Hat Automation Hub is the supported version of modules and roles in Ansible Galaxy.
Red Hat tests and hardens the modules and roles before publishing them in the Automation Hub. You can see them as Red Hat Registry Available for Open Shift, but this time for Ansible. The Automation Hub is still a new product that does not have many modules, but Red Hat continues to add more.
Collections and FQCN
Red Hat groups modules and roles on the Automation Hub in collections. In the playbook, when using a module from an installed collection, you reference it by using the "Full Qualified Collection Name" or the FQCN, which usually has the following format:
However, the Automation Hub is a new product. You can still find some modules which must be referenced by name only, as is still the case with the F5 collections and Ansible 2.9. You can always open a case with Red Hat Support if the modules are not working, and they will advise you. With the Automation Hub, you are not alone anymore.
[ Readers also liked: Getting started with Ansible ]
In this article, we will install Ansible engine. The installation is based on RHEL8.2. It has Python 3.6, which is still supported, and it is a prerequisite for many of the recent Ansible modules.
Ansible Engine has three different layers:
- Operating System, which is RHEL8.2 in our case.
- Ansible binaries.
- Additional modules (in Red Hat Automation Hub, they are called collections).
- Downloading collections requires using RHEL-based Ansible Engine. Installation of RHEL8.2 is out of this article's scope, so the assumption is that there is a server ready to be used.
- You have the appropriate Red Hat Ansible Subscriptions.
- Installing and using Ansible Tower is out of the scope of this article.
- Installation will occur behind a proxy. However, if you install Ansible Engine to a system directly connected to the Internet, you can skip the proxy-related steps.
- Ansible 2.9 will be installed and used.
Installing Ansible Engine
After a fresh install of RHEL8.2, follow these steps to install Ansible Engine:
1. Edit the RHSM configuration file:
# vi /etc/rhsm/rhsm.conf
2. Modify this section in the RHSM configuration file with the proxy details and then save the file:
# an http proxy server to use proxy_hostname = # The scheme to use for the proxy when updating repo definitions, if needed # e.g. http or https proxy_scheme = http # port for http proxy server proxy_port = # user name for authenticating to an http proxy, if needed proxy_user = # password for basic http proxy auth, if needed proxy_password =
3. Register to RHSM:
# subscription-manager register
4. Attach to your RHEL and Red Hat Ansible Engine subscriptions. This command will help you find the available RHEL Red Hat Ansible Engine subscriptions:
# subscription-manager list --available
5. Grab the pool ID of the subscription and run the following:
# subscription-manager attach --pool=<pool id here of RHEL subscription> # subscription-manager attach --pool=<pool id here of engine subscription>
6. Enable the related repositories:
# subscription-manager repos --enable rhel-8-for-x86_64-appstream-rpms --enable rhel-8-for-x86_64-baseos-rpms --enable ansible-2.9-for-rhel-8-x86_64-rpms
7. Install Ansible:
# yum install -y ansible
8. Update the OS binaries:
# yum update -y
9. Reboot the node.
Installing the F5 Collection
The configuration of a default Ansible installation points to the upstream ansible-galaxy, so the Ansible configuration must be modified to include Red Hat Automation Hub as follows:
1. Go to Red Hat's Automation Hub Token Management site.
2. Log in using your username and password for the Red Hat Cloud Tools site.
3. Press Get API Token.
4. Copy the token.
5. Edit the Ansible configuration file:
# vi /etc/ansible/ansible.cfg
6. Add the following lines at the end of the configuration file:
[galaxy] server_list = automation_hub, release_galaxy, test_galaxy [galaxy_server.automation_hub] url=https://cloud.redhat.com/api/automation-hub/ auth_url=https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token token=" Paste Token"
7. Save the
ansible.cfg configuration file.
Now you are ready to download the collections, but before starting, there are some points to consider:
1. If the Ansible node is not directly connected to the Internet, you need to set a proxy from which the Internet is reachable. Setting the proxy must be temporary, and it shouldn't last with new SSH sessions, so that when running a playbook that is automating a target system using its API over HTTP or HTTPS, the playbook won't fail.
To set the proxy:
$ export http_proxy='proxy.example.com:port' $ export https_proxy='proxy.example.com:port'
Remark: Collections can be downloaded as tarball files in case of an offline installation, and then installed in the default path as per the next point.
2. The collection is downloaded and installed locally in the home directory of the current user. It will be installed to the following path:
The command below can be used to download any collection :
$ ansible-galaxy collection download namespace.collection
On the Red Hat Cloud Tools site, select the relevant collection page, and you can see the exact command in the screenshot below:
To download the F5 collection, run the following command:
$ ansible-galaxy collection install f5networks.f5_modules
A sample playbook
To start automating the F5 equipment, the network should be set as below, where the Ansible node can reach the F5 management interface (port):
In the collection guide at the Red Hat Cloud Tools site, you are advised to use the FQCN, but unfortunately, this was not possible at the time this article was written. Per the gitMemory site, this might be fixed in Ansible 2.10:
Please view a sample of a working playbook from my GitHub site.
The IP in the playbook should be replaced with the management interface IP for the F5 equipment, and the password should be replaced with the "admin" password, secured with ansible-vault.
[ A free guide from Red Hat: 5 steps to automate your business. ]
- Ansible Automation Hub is a very promising product from Red Hat that would move Ansible from a community-supported automation tool to an enterprise-grade tool.
- The Hub is still at the beginning compared to the number of roles and modules available up-stream, but just in the past few weeks, I noticed more vendors have joined the Hub (i.e., HP, Arista, etc...)
- Some modules downloaded from the Hub are still not ready to be referenced using their FQCN, so if you get strange errors, try to reference them using only their names before opening a case with Red Hat Support.
- I believe being able to mirror the Automation Hub to a local one, for instance, in Satellite, will make the Automation Hub much more valuable.
- To install Ansible Engine, please refer to the article, How do I Download and Install Red Hat Ansible Engine?
- For more details regarding how to handle collections, please refer to Using Ansible Collections.