infra.aap_utilities.aap_setup_prepare

A role to prepare the installation of AAP 2.x, installing pre-requisites, unpacking the installation tarball and (optionally) writing the necessary inventory file.

Requirements

  • The installer tarball must be available, by default downloaded with the aap_setup_download role.
  • The (RPM) pre-requisites must have been installed, or root access must be given.

Role Variables

The following input variables are available:

Variable Name Default Value Required Description Example
aap_setup_prep_installer_file ”``” no absolute path where to find the tarball on the remote host, or URL http(s), note that aap_setup_down_installer_file is a fact set by the role aap_setup_download 'https://myhost/myinstaller.tar.gz' or '/var/tmp/myinstaller.tar.gz'
aap_setup_prep_working_dir ”``” no absolute path to a working directory, note that aap_setup_working_dir is used by other roles in the collection ‘/srv/workdir’
aap_setup_prep_process_template true no shall the inventory be generated by the role? false
aap_setup_prep_inv_nodes none yes a dictionary of dictionaries, the first level key is the inventory group name, the 2nd level key is the hostname with the value being its inventory host variables in INI-format see defaults/main.yml
aap_setup_prep_inv_vars {} see below a dictionary of dictionaries, the first level key is the inventory group name, the 2nd level key is the variable name with the value being the variable’s value see defaults/main.yml
aap_setup_prep_inv_secrets {} see below a dictionary of dictionaries, the first level key is the inventory group name, the 2nd level key is the variable name with the value being the variable’s value see defaults/main.yml
aap_setup_prep_containerized ”``” no will the setup prep be for a containerized install see defaults/main.yml

Some notes about the inventory variables and secrets:

  • both values will be combined (the secrets overwriting the variables) and used to generate the installation inventory, so that secret variables can be defined separately for example in a vault.
  • even if formally both variables don’t need to be defined, you’ll get a viable inventory only if you define some keys/variables at least in the group all. By convention the defaults/main.yml contains all possible variables as comments, the variables commented out twice are truly optional.

Dependencies

  • aap_setup_download, in the same collection, can be used to download the tarball automatically.

Example Playbook

- name: download and install AAP from the bastion
  hosts: bastion
  gather_facts: false
  become: false
  tags: aap_installation

  vars_files:
    - inventory_vars/variables.yml
  roles:
    - infra.aap_utilities.aap_setup_download
    - infra.aap_utilities.aap_setup_prepare
    - infra.aap_utilities.aap_setup_install

Note that this only works without root access if the bastion host isn’t part of the future cluster, and if the RPM pre-requisites have been pre-installed. Else change to become: true.

Example Inventory Variables

aap_setup_down_type: "setup-bundle"
aap_setup_rhel_version: 8

aap_setup_prep_inv_nodes:  # a dictionary of dictionaries!
  automationcontroller:
    ansible-ctrl.example.com:
  automationhub:
    ansible-hub.example.com:
  automationedacontroller:
    ansible-eda.example.com:
  database:
    database.example.com:  # If using an already existing DB, remove this group/node
                           # and adapt accordingly the following database related values
  execution_nodes:
    execution-1.example.com:
    execution-2.example.com:

aap_setup_prep_inv_vars:
  automationcontroller: # denotes the automation controller nodes as hybrid nodes (controller and execution)
    peers: execution_nodes
    node_type: hybrid

  execution_nodes:
    node_type: execution

  all:
    ansible_user: ansible
    ansible_become: true
    admin_password: changeme # admin password for Automation Controller UI
    pg_host: 'database.example.com'
    pg_port: '5432'

    pg_database: 'awx'
    pg_username: 'awx'
    pg_password: changeme
    pg_sslmode: 'prefer'  # set to 'verify-full' for client-side enforced SSL

    registry_url: 'registry.redhat.io'
    receptor_listener_port: 27199

    automationhub_admin_password: changeme # admin password for PAH UI
    automationhub_pg_host: 'database.example.com'
    automationhub_pg_port: '5432'

    automationhub_pg_database: 'automationhub'
    automationhub_pg_username: 'automationhub'
    automationhub_pg_password: changeme
    automationhub_pg_sslmode: 'prefer'
    automationhub_main_url: https://hub.example.com #url, not hostname
    automationhub_require_content_approval: False
    automationhub_enable_unauthenticated_collection_access: True

    automationhub_ssl_validate_certs: False

    automationedacontroller_admin_password: 'password' # Admin password for EDA UI
    automationedacontroller_pg_host: 'controller.aap24.local'
    automationedacontroller_pg_port: '5432'
    automationedacontroller_pg_database: 'automationedacontroller'
    automationedacontroller_pg_username: 'automationedacontroller'
    automationedacontroller_pg_password: 'password'

    sso_console_admin_password: ''

aap_setup_prep_inv_secrets:
  all:
    registry_username: changeme
    registry_password: changeme

License

GPLv3+0

Author Information

Eric Lavarde elavarde@redhat.com