订阅内容

In the world of IT automation, Red Hat Ansible Automation Platform has emerged as a powerful tool for streamlining tasks and orchestrating complex systems. With the release of Ansible Automation Platform 2.X, managing automation workflows has become even more efficient. In this blog post, we'll explore how to configure a newly deployed Ansible Automation Platform 2.X instance using API calls directly from a playbook. By following these steps, you'll be able to set up your automation environment swiftly and seamlessly.

Of course, in most cases, you will use a Red Hat Ansible Certified Content Collection such as ansible.controller or Ansible validated content infra.controller_configuration as a more flexible option to configure the Ansible Automation Platform. In certain situations, you might find that regular collections aren't available. This could occur post-installation of the Ansible Automation Platform or in environments with strict security policies disallowing external collections. In these instances, your best course of action is to leverage API calls for initial configuration.

Prerequisites:

Before diving into the configuration process, ensure you meet the following prerequisites:

Ansible Automation Platform 2.X: Check that Ansible Automation Platform 2.X is installed without errors and is accessible along with a private automation hub.

Ansible package: The latest release of  Ansible Automation Platform (2.9 or later) must be installed on the host where the playbook will run. If you haven't already installed it, make sure to set it up on your system before proceeding further. If you are running the playbook on the same host that was used for the Ansible Automation Platform installation, the Ansible package will already be there.

Repo Credentials:

While we've tested this setup using GitHub, you can configure it to work with other repository sources as needed.

  • GitHub Credentials: You'll need your GitHub username and personal access token to authenticate with GitHub and access repositories. The examples below assume the repository with Ansible Automation Platform configuration is not public.

  • GitHub Repository: Prepare the GitHub repository URL where your Ansible Playbook and related files are stored. This repository will be used for version control and synchronization with your Ansible Automation Platform environment.

  • Collections Tarballs: If you are going to import any collections into a private automation hub, make sure collection tarball files are accessible by the playbook. Collections contain reusable automation content and modules necessary for various tasks within your automation workflows.

  • Ansible Installation Inventory File: Make sure you have an inventory file containing the necessary configuration details, such as host addresses and groupings, for your Ansible Automation Platform installation. This can be the same inventory file you used for Ansible Automation Platform installation and it is expected to be located in the same folder as the playbook containing the examples below.

Configuration Process

Before delving into the configuration of the Ansible Automation Platform 2.X, it's imperative to prepare all the necessary variables required for the setup using API calls. This initial step lays the foundation for a smooth and seamless configuration process, so that all essential components are in place before proceeding further.

1) Get and Prepare Variables for Ansible Automation Platform Configuration:

The first step involves retrieving and preparing all the variables essential for configuring Ansible Automation Platform. Through API calls, we gather pertinent information such as controller node addresses, authentication tokens and user credentials. These variables serve as the building blocks for our configuration process, providing the necessary parameters for interaction with the Ansible Automation Platform environment.

Example:

  - name: Generate Controller token
    ansible.builtin.uri:
      url: "https://{{ controller_node }}/api/v2/tokens/"
      method: POST
      body_format: json
      headers:
        Content-Type: "application/json"
        Authorization: "Basic {{ ('admin:' + admin_password) | b64encode }}"
      body:
        description: "Personal Controller token"
      validate_certs: false
    register: controller_token
    failed_when: "controller_token.status not in [200, 201]"

This example assumes that we are creating a personal token for an admin account since this account is created by default during the Ansible Automation Platform deployment and its credentials are what is available by default in the inventory file used for the deployment. If the requirement is to use another account, it has to be created first and can also be parameterized in the task above. Step 3 has an example of creating a user.

2) Create Namespaces for Private Automation Hub Collections:

As the private automation hub is newly installed and collections are not available, we next check that there’s organizational clarity within the Ansible Automation Platform environment by creating namespaces for collections. These namespaces serve as logical containers for organizing and managing automation assets effectively. In the absence of predefined namespaces, we create them to streamline access control and resource allocation within our automation ecosystem.

Example:

  - name: Create namespaces for collections
    ansible.builtin.uri:
      url: https://{{ automation_hub }}/api/galaxy/_ui/v1/namespaces/
      user: "{{ automationhub_admin_user }}"
      password: "{{ automationhub_admin_password }}"
      method: POST
      body: '{
               "name": "{{ item }}",
               "groups": []
             }'
      force_basic_auth: true
      status_code: 201
      body_format: json
      validate_certs: false
    loop: "{{ namespaces_to_match | difference(matched_namespaces) }}"

For private automation hub configuration, we'll use a username and password. At the same time, existing the hub-wide API token gets reset each time a new one is requested, and since the hub-wide API token is also used by the automation controller to get collections, it’s not something we want to be changing each time we run the playbook.

3) Create Necessary Users, Credentials, Inventory:

With the foundational elements in place, we proceed to create essential components such as users, credentials and inventories within Ansible Automation Platform. This step encompasses the creation of accounts for further automation or administrative tasks, inventory configurations and credential setups, enabling a robust authentication and authorization framework for our automation workflows.

Example:

  - name: Create an automation user with a random password
    ansible.builtin.uri:
      url: "https://{{ controller_node }}/api/v2/users/"
      method: POST
      body_format: json
      headers:
        Content-Type: "application/json"
        Authorization: "Bearer {{ controller_token.json.token }}"
      body:
        username: "aap-admin"
        password: "{{ automation_user_random_password.stdout }}"
        is_superuser: true

4) Create Private Automation Hub (PAH) Users and namespaces:

Simultaneously, we configure the private automation hub, a critical component for orchestrating automation workflows securely. This involves creating private automation hub users and namespaces, and establishing secure authentication mechanisms. By implementing stringent access controls and authentication protocols, we fortify the security posture of our automation infrastructure, safeguarding sensitive data and workflows.

Example:

  - name: Create Private Automation Hub credential
    ansible.builtin.uri:
      url: "https://{{ controller_node }}/api/v2/credentials/"
      method: POST
      body_format: json
      headers:
        Content-Type: "application/json"
        Authorization: "Bearer {{ controller_token.json.token }}"
      body:
      validate_certs: false

5) Create a Project, Add WebHook, Connect with GitHub, and Launch the Job:

To culminate our configuration process, we create a project within the Ansible Automation Platform environment, integrate it with external services such as GitHub and automate the deployment process using webhooks. This comprehensive approach offers seamless collaboration and versioning capabilities within our automation workflows. Finally, we add the project to a job template and launch the job, validating the functionality of our playbook and enabling the successful execution of our configuration tasks.

Example:

  - name: Create project
    ansible.builtin.uri:
      url: "https://{{ controller_node }}/api/v2/projects/"
      method: POST
      body_format: json
      headers:
        Content-Type: "application/json"
        Authorization: "Bearer {{ controller_token.json.token }}"
      body:
        name: aap-config
        scm_type: "git"
        scm_url: "{{ github_repo }}"
        organization: 1
        credential: "{{ github_credential_id }}"
        scm_update_on_launch: true
      validate_certs: false

By following these configuration steps, you can configure Ansible Automation Platform 2.X using API calls. Each step in the process contributes to the establishment of a robust automation environment, characterized by efficiency, security and agility. With proper execution, you'll have a fully functional Ansible Automation Platform instance ready to streamline your IT automation workflows and drive organizational success. You will find a complete example playbook here.

Conclusion

In this blog post, we've provided a detailed guide on setting up Ansible Automation Platform 2.X through API calls from a playbook, starting from a fresh installation with no existing configuration. By adhering to these steps, you'll establish the essential initial configurations for your day-to-day tasks with the Ansible Automation Platform.

Learn more


关于作者

Sohidur Rahman is a dedicated Red Hat Container Infrastructure Consultant, driven by a passion for helping clients overcome their strategic technology and business challenges using open source methods and technologies.

Read full bio
UI_Icon-Red_Hat-Close-A-Black-RGB

按频道浏览

automation icon

自动化

有关技术、团队和环境 IT 自动化的最新信息

AI icon

人工智能

平台更新使客户可以在任何地方运行人工智能工作负载

open hybrid cloud icon

开放混合云

了解我们如何利用混合云构建更灵活的未来

security icon

安全防护

有关我们如何跨环境和技术减少风险的最新信息

edge icon

边缘计算

简化边缘运维的平台更新

Infrastructure icon

基础架构

全球领先企业 Linux 平台的最新动态

application development icon

应用领域

我们针对最严峻的应用挑战的解决方案

Original series icon

原创节目

关于企业技术领域的创客和领导者们有趣的故事