Authors: Seeman Mannan, Anastasia Ntogka

Red Hat® Ansible® Automation Platform is available on IBM® Z® and IBM® LinuxONE since December 7th, 2023. This marked an important step towards more centralized and efficient operations management on IBM Z / IBM® LinuxONE.

It alleviates the need to maintain multiple tools and frameworks and allows for an easy automation of system setup and maintenance.

Giving the ability to build on available Ansible Certified Content Collections (see list of collections below), any team that uses it will have an easy starting point.

The Ansible Automation Platform introduces a range of useful features, including Event-Driven Ansible, enabling events to be received from third-party tools and subsequent responsive actions based on predefined rules.

In this blog, we lead you through the step-by-step installation and configuration of the Ansible Automation Platform as a standalone system on IBM Z and IBM LinuxONE (s390x architecture) to help you get it up and running.

Architecture diagram

Ansible Automation Platform consists of the following three components,

• Ansible Automation controller
• Private Automation Hub
• Event-Driven Ansible controller

Prerequisites

1. Registry Service Account
   The Registry Service Account is used to consume container images from registry.redhat.io. Follow the steps below to retrieve the token and username, which will be used while installing the Ansible Automation Platform .
   
   Login to the URL https://access.redhat.com/RegistryAuthentication#creating-registry-service-accounts-6 by using your RedHat admin credentials. Then click New Service Account

   Provide the Name and Description as per the requirements and click Create.
   

   
   Registry Service Account has been created. Click the Account Name to retrieve the token.
   
   

   
   

   Note: The above username and token from the Registry Service Account will be used in our upcoming Ansible Automation Platform

    installation.
   
   

2. Ansible Automation Platform installation and registration
   

   Prepare your Red Hat Enterprise Linux (RHEL) machine by registering with Red Hat and installing the "Ansible Automation Platform" on all three machines.
   
   

   • Register your RHEL system with your username and password

     subscription-manager register --username <rhel_username> --password <password> --auto-attach  
     

   • Then execute the below command to find the pool id for Ansible Automation Platform

     subscription-manager list --available --all | grep "Ansible Automation Platform" -B 3 -A 6 | grep Pool
     
     

   • Attach the "Ansible Automation Platform" pool to the subscription manager

     subscription-manager attach --pool= <Ansible Pool-Id from the previous step>
     

   • Proceed with the installation

     dnf install --enablerepo=ansible-automation-platform-2.4-for-rhel-9-s390x-rpms ansible-automation-platform-installer
     

   
   
   
3. System requirements
   
   
   • Requirement for Automation Controller
   • Requirement for Automation Hub
   • Requirement for Event-Driven Ansible controller
     
     

Automation Controller installation on an LPAR

Make sure the Prerequisites section is completed before proceeding with the installation.

• After installing Ansible Automation Platform on the LPAR, you should be able to find the installed files under,
  
  

• $ cd /opt/ansible-automation-platform/installer
  $ ls
  

  Output:

  

  After installing Ansible Automation Platform on the LPAR, you should be able to find the installed files under,
  
  

• Replace the existing inventory file with the below content, 

  • • automationcontroller : Provide the fully qualified domain name for the controller login URL

    • admin_password : Provide an automation controller login password of your choice

    • pg_password : Provide a database password of your choice

    • registry_username : Update the username from the Registry Service Account

    • registry_password : Update the token from theRegistry Service Account

      Sample content:

      [automationcontroller]
      controller.example.com
      
      [all:vars]
      admin_password='controller-password'
      pg_host=''
      pg_port='5432'
      pg_database='awx'
      pg_username='awx'
      pg_password='pg-password'
      pg_sslmode='prefer'  # set to 'verify-full' for client-side enforced SSL
      
      registry_url='registry.redhat.io'
      registry_username='123456789|sa-ansible'
      registry_password='xxxxxxxxxxxx'
      
      # SSL-related variables
      # If set, this will install a custom CA certificate to the system trust store.
      # custom_ca_cert=/path/to/ca.crt
      # Certificate and key to install in nginx for the web UI and API
      # web_server_ssl_cert=/path/to/tower.cert
      # web_server_ssl_key=/path/to/tower.key
      # Server-side SSL settings for PostgreSQL (when we are installing it).
      # postgres_use_ssl=False
      # postgres_ssl_cert=/path/to/pgsql.crt
      # postgres_ssl_key=/path/to/pgsql.key
      
      

      Note: More information about the inventory file can be found in the link.

• After completing the inventory file, execute the setup.sh script. The installation begins. Wait until it is completed.

  $ sudo ./setup.sh

• After the installation is completed, open using your browser the automationcontroller URL mentioned in your inventory file in order to login.

  https://<automationcontroller>/login

• Use admin as username and as password use the one you provided under admin_password in the inventory file.
  
  
• After successfully logging in, you can see the dashboard.
  
  

Automation Hub installation in an LPAR

Ansible Automation Hub is the central repository for discovering, downloading, and managing the Ansible Collections from Red Hat and its partners.

Again, it is important to make sure that the prerequisites section is completed, before proceeding further with the installation.

• After installing Ansible Platform Installation and Registration in the LPAR. You can find the installed files under

  $ cd /opt/ansible-automation-platform/installer
  $ ls

Output: 

• Replace the existing inventory file with the below content,

  • automationhub : Provide the fully qualified domain name for the Automation Hub login URL

  • admin_password : Provide an automation hub login password of your choice

  • pg_password : Provide a database password of your choice

  • registry_username : Update the username from the Registry Service Account

  • registry_password : Update the token from theRegistry Service Account

    Sample content:

    [automationcontroller]
    
    
            [automationhub]
            automationhub.example.com ansible_connection=local
    
            [all:vars]
            registry_url='registry.redhat.io'
            registry_username='123456789|sa-ansible'
            registry_password='xxxxxxxxxxxx'
            automationhub_admin_password='hub-password'
    
            automationhub_pg_host=''
            automationhub_pg_port='5432'
    
            automationhub_pg_database='automationhub'
            automationhub_pg_username='automationhub'
            automationhub_pg_password='pg-password'
            automationhub_pg_sslmode='prefer'
    
            # The default install will deploy a TLS enabled Automation Hub.
            # If for some reason this is not the behavior wanted one can
            # disable TLS enabled deployment.
            #
            # automationhub_disable_https = False
            # The default install will generate self-signed certificates for the Automation
            # Hub service. If you are providing valid certificate via automationhub_ssl_cert
            # and automationhub_ssl_key, one should toggle that value to True.
            #
            # automationhub_ssl_validate_certs = False
            # SSL-related variables
            # If set, this will install a custom CA certificate to the system trust store.
            # custom_ca_cert=/path/to/ca.crt
            # Certificate and key to install in Automation Hub node
            # automationhub_ssl_cert=/path/to/automationhub.cert
            # automationhub_ssl_key=/path/to/automationhub.key
    

    Note: More information about the inventory file can be found in the link

• After completing the inventory file execute the setup.sh script. The installation will begin, please wait until it is completed.

  $ sudo ./setup.sh
  

• Once the installation is completed,open using your browser the automationhub mentioned in your inventory file to login.

  https://<automationhub>/login
  

• Use admin as username and as password use the one you provided under automationhub_admin_password in the inventory file.

• After successfully logging in, you will be able to see the dashboard.

Updating Execution Environment Image Location:
Follow the steps mentioned in the link in your Automation Controller to update the location of the execution environment pointing to your private Automation Hub if you plan to use it more privately.

Event-Driven Ansible controller in an LPAR

Event-Driven Ansible provides the event-handling capability needed to automate time-consuming tasks and respond to changing conditions in any IT domain.

Make sure the Prerequisites section is completed before proceeding with the installation.

• After installing Ansible Platform Installation and Registration in the LPAR. You can find the installed files under,

  $ cd /opt/ansible-automation-platform/installer
  $ ls
  

  Output: 

  

• Replace the existing inventory file with the below content,

  • automationedacontroller : Provide the fully qualified domain name for the Event-Driven Ansible controller login URL

  • automationedacontroller_admin_password : Provide an Event-Driven Ansible controller login password of your choice

  • automationedacontroller_pg_password : Provide a database password of your choice

  • automation_controller_main_url : Provide the Automation Controller URL to connect the Event-Driven Ansible controller

    Sample content:

        # Automation EDA Controller Configuration
    
        [automationedacontroller]
        automationedacontroller.example.com ansible_connection=local
    
        [all:vars]
        automationedacontroller_admin_password='eda-password'
    
        automationedacontroller_pg_host=''
        automationedacontroller_pg_port=5432
    
        automationedacontroller_pg_database='automationedacontroller'
        automationedacontroller_pg_username='automationedacontroller'
        automationedacontroller_pg_password='pg-password'
    
        # The full routable URL used by EDA to connect to a controller host.
        # This URL is required if there is no automation controller configured
        # in inventory.
        #
        automation_controller_main_url = 'https://controller.example.com/'
    
        # Boolean flag used to verify Automation Controller's
        # web certificates when making calls from Automation EDA Controller.
        #
        automationedacontroller_controller_verify_ssl = false  
    

    Note: More information about the inventory file can be found in the link

• After completing the inventory file, execute the setup.sh script. The installation will begin, please wait until it is completed.

  $ sudo ./setup.sh
  

• Once the installation is completed, open using your browser the automationedacontroller URL mentioned in your inventory file in order to login.

  https://<automationedacontroller>/login
  

• Use admin as username and as password use the one you provided under automationedacontroller_admin_password in the inventory file.

• After successfully logging in, you will be able to see the dashboard.

Available Ansible collections to build from

• Red Hat Ansible Certified and validated content
• Red Hat Catalog
• Ansible Galaxy
• Ansible on GitHub

More information about Ansible Automation Platform on IBM Z and IBM LinuxONE

• Red Hat Ansible Automation Platform on IBM Z and IBM LinuxONE is generally available now!
• Red Hat Ansible Automation Platform capabilities on IBM Z and IBM LinuxONE