In the world of IT automation, Red Hat Ansible Automation Platform has emerged as a powerful tool for streamlining tasks and orchestrating complex systems. With the release of Ansible Automation Platform 2.X, managing automation workflows has become even more efficient. In this blog post, we'll explore how to configure a newly deployed Ansible Automation Platform 2.X instance using API calls directly from a playbook. By following these steps, you'll be able to set up your automation environment swiftly and seamlessly.
Of course, in most cases, you will use a Red Hat Ansible Certified Content Collection such as ansible.controller or Ansible validated content infra.controller_configuration as a more flexible option to configure the Ansible Automation Platform. In certain situations, you might find that regular collections aren't available. This could occur post-installation of the Ansible Automation Platform or in environments with strict security policies disallowing external collections. In these instances, your best course of action is to leverage API calls for initial configuration.
Prerequisites:
Before diving into the configuration process, ensure you meet the following prerequisites:
Ansible Automation Platform 2.X: Check that Ansible Automation Platform 2.X is installed without errors and is accessible along with a private automation hub.
Ansible package: The latest release of Ansible Automation Platform (2.9 or later) must be installed on the host where the playbook will run. If you haven't already installed it, make sure to set it up on your system before proceeding further. If you are running the playbook on the same host that was used for the Ansible Automation Platform installation, the Ansible package will already be there.
Repo Credentials:
While we've tested this setup using GitHub, you can configure it to work with other repository sources as needed.
GitHub Credentials: You'll need your GitHub username and personal access token to authenticate with GitHub and access repositories. The examples below assume the repository with Ansible Automation Platform configuration is not public.
GitHub Repository: Prepare the GitHub repository URL where your Ansible Playbook and related files are stored. This repository will be used for version control and synchronization with your Ansible Automation Platform environment.
Collections Tarballs: If you are going to import any collections into a private automation hub, make sure collection tarball files are accessible by the playbook. Collections contain reusable automation content and modules necessary for various tasks within your automation workflows.
Ansible Installation Inventory File: Make sure you have an inventory file containing the necessary configuration details, such as host addresses and groupings, for your Ansible Automation Platform installation. This can be the same inventory file you used for Ansible Automation Platform installation and it is expected to be located in the same folder as the playbook containing the examples below.
Configuration Process
Before delving into the configuration of the Ansible Automation Platform 2.X, it's imperative to prepare all the necessary variables required for the setup using API calls. This initial step lays the foundation for a smooth and seamless configuration process, so that all essential components are in place before proceeding further.
1) Get and Prepare Variables for Ansible Automation Platform Configuration:
The first step involves retrieving and preparing all the variables essential for configuring Ansible Automation Platform. Through API calls, we gather pertinent information such as controller node addresses, authentication tokens and user credentials. These variables serve as the building blocks for our configuration process, providing the necessary parameters for interaction with the Ansible Automation Platform environment.
Example:
- name: Generate Controller token
ansible.builtin.uri:
url: "https://{{ controller_node }}/api/v2/tokens/"
method: POST
body_format: json
headers:
Content-Type: "application/json"
Authorization: "Basic {{ ('admin:' + admin_password) | b64encode }}"
body:
description: "Personal Controller token"
validate_certs: false
register: controller_token
failed_when: "controller_token.status not in [200, 201]"
This example assumes that we are creating a personal token for an admin account since this account is created by default during the Ansible Automation Platform deployment and its credentials are what is available by default in the inventory file used for the deployment. If the requirement is to use another account, it has to be created first and can also be parameterized in the task above. Step 3 has an example of creating a user.
2) Create Namespaces for Private Automation Hub Collections:
As the private automation hub is newly installed and collections are not available, we next check that there’s organizational clarity within the Ansible Automation Platform environment by creating namespaces for collections. These namespaces serve as logical containers for organizing and managing automation assets effectively. In the absence of predefined namespaces, we create them to streamline access control and resource allocation within our automation ecosystem.
Example:
- name: Create namespaces for collections
ansible.builtin.uri:
url: https://{{ automation_hub }}/api/galaxy/_ui/v1/namespaces/
user: "{{ automationhub_admin_user }}"
password: "{{ automationhub_admin_password }}"
method: POST
body: '{
"name": "{{ item }}",
"groups": []
}'
force_basic_auth: true
status_code: 201
body_format: json
validate_certs: false
loop: "{{ namespaces_to_match | difference(matched_namespaces) }}"
For private automation hub configuration, we'll use a username and password. At the same time, existing the hub-wide API token gets reset each time a new one is requested, and since the hub-wide API token is also used by the automation controller to get collections, it’s not something we want to be changing each time we run the playbook.
3) Create Necessary Users, Credentials, Inventory:
With the foundational elements in place, we proceed to create essential components such as users, credentials and inventories within Ansible Automation Platform. This step encompasses the creation of accounts for further automation or administrative tasks, inventory configurations and credential setups, enabling a robust authentication and authorization framework for our automation workflows.
Example:
- name: Create an automation user with a random password
ansible.builtin.uri:
url: "https://{{ controller_node }}/api/v2/users/"
method: POST
body_format: json
headers:
Content-Type: "application/json"
Authorization: "Bearer {{ controller_token.json.token }}"
body:
username: "aap-admin"
password: "{{ automation_user_random_password.stdout }}"
is_superuser: true
4) Create Private Automation Hub (PAH) Users and namespaces:
Simultaneously, we configure the private automation hub, a critical component for orchestrating automation workflows securely. This involves creating private automation hub users and namespaces, and establishing secure authentication mechanisms. By implementing stringent access controls and authentication protocols, we fortify the security posture of our automation infrastructure, safeguarding sensitive data and workflows.
Example:
- name: Create Private Automation Hub credential
ansible.builtin.uri:
url: "https://{{ controller_node }}/api/v2/credentials/"
method: POST
body_format: json
headers:
Content-Type: "application/json"
Authorization: "Bearer {{ controller_token.json.token }}"
body:
validate_certs: false
5) Create a Project, Add WebHook, Connect with GitHub, and Launch the Job:
To culminate our configuration process, we create a project within the Ansible Automation Platform environment, integrate it with external services such as GitHub and automate the deployment process using webhooks. This comprehensive approach offers seamless collaboration and versioning capabilities within our automation workflows. Finally, we add the project to a job template and launch the job, validating the functionality of our playbook and enabling the successful execution of our configuration tasks.
Example:
- name: Create project
ansible.builtin.uri:
url: "https://{{ controller_node }}/api/v2/projects/"
method: POST
body_format: json
headers:
Content-Type: "application/json"
Authorization: "Bearer {{ controller_token.json.token }}"
body:
name: aap-config
scm_type: "git"
scm_url: "{{ github_repo }}"
organization: 1
credential: "{{ github_credential_id }}"
scm_update_on_launch: true
validate_certs: false
By following these configuration steps, you can configure Ansible Automation Platform 2.X using API calls. Each step in the process contributes to the establishment of a robust automation environment, characterized by efficiency, security and agility. With proper execution, you'll have a fully functional Ansible Automation Platform instance ready to streamline your IT automation workflows and drive organizational success. You will find a complete example playbook here.
Conclusion
In this blog post, we've provided a detailed guide on setting up Ansible Automation Platform 2.X through API calls from a playbook, starting from a fresh installation with no existing configuration. By adhering to these steps, you'll establish the essential initial configurations for your day-to-day tasks with the Ansible Automation Platform.
Learn more
关于作者
Sohidur Rahman is a dedicated Red Hat Container Infrastructure Consultant, driven by a passion for helping clients overcome their strategic technology and business challenges using open source methods and technologies.
更多此类内容
产品
工具
试用购买与出售
沟通
关于红帽
我们是世界领先的企业开源解决方案供应商,提供包括 Linux、云、容器和 Kubernetes。我们致力于提供经过安全强化的解决方案,从核心数据中心到网络边缘,让企业能够更轻松地跨平台和环境运营。