Installing Ansible Automation Platform (AAP) on-premise (Linux/Fedora/RHEL9)

8 min readApr 9, 2023

My recent exploration would be the Ansible Automation Platform, an enterprise solution of the open source AWX project, both supported by Red Hat. Sharing my journey through this step-by step article.

This Installation is completed on a workstation running Fedora Linux 37 (Workstation Edition) OS with 32 Gigabytes of RAM.

What is Ansible Automation Platform?

Ansible Automation Platform provides an enterprise framework for building and operating IT automation at scale, from hybrid cloud to the edge.

As the explanation suggests, AAP can be utilized to automate various processes, be it on a single machine or across multiple servers. The processes to be automated includes but not limited to:

Infrastructure Provisioning
Setting up of environments and installation of applications across various servers
Networking Processes
Patching and versioning

AAP consists of 3 main components:

Automation Controller (previously known as Tower) — Main Ansible Automation Platform, where playbooks are run. Will pull the project from a repository, such as GitHub, local AWX project folder etc.
Automation Hub — Storage of Ansible Content Collections and Execution Environments, useful for creating custom Execution Environments and storing locally on a server. This can be used to run the projects pulled from online repositories like GitHub, GitLab, BitBucket, etc. (Local projects can be written in /var/lib/awx/projects)
Database — A Postgresql Database dedicated for Automation Controller and Automation Hub. (Able to be installed together on the Automation Hub Node)

Pre-requisites

Virtual Machine Manager — VirtualBox, VMware, etc. I will using Red Hat Virtual Machine Manager, or Virt Manager for short.
Base ISO file for the VM — In this case would be RHEL 9.1, which can be downloaded here. (RHEL Subscription is needed to register the system with subscription manager)
Note: Boot ISO file is for the bare minimal installation without a package source, compared to the DVD ISO. The process would be similar on Linux Image such as Fedora/CentOS as well.
A workstation with sufficient amount of RAM. Automation Controller and Automation Hub each requires at least 8GB of RAM. Database Node will work with 4GB of RAM. These would consume about 20 GB of RAM.
Note: Both Automation Hub and Database Node can be installed on a single VM to conserve RAM. The RAM specifications can be changed in the script as well (bundle/roles/preflight/defaults/main.yml — Not Recommended)
Red Hat Developers Account — For AAP Developer Subscription and AAP Bundle Download. AWX open source are configured through pip. Able to find the GitHub here.

Notes: Each Automation Controller and Hub can be standalone installations with local inventory, meaning they are still usable as standalone instances even if not installed across 3 nodes. This article will install across 3 VMs.

Provisioning Nodes

Download a Linux VM Image ISO file of your choice. The commands may have to be executed according to the Linux Operating System.

Create a new virtual machine in the Virt Manager. Follow the steps of the interface.

Choose ISO or CDROM from local folder to install media. Specify the RAM and CPUs needed. As the specification is MiB, 1 GB is about 1000 MiB. Specify about 9000MiB to 10000MiB. As the available RAM will be reduced once the VM has been deployed. Specify about 4 CPU Cores. More information regarding specifications can be found here.

Create Disk Space. Create more space for the database node based on the space needed for the application, otherwise 80–100GB would be more than sufficient.

Finish the installation.

Configure the VM when it boots up:

Register the System OS (if required)
Change the host name from localhost to different names. (Can be changed through command line if required)
Set up the OS as a Server with GUI.
Create password for root user and ensure the account is not locked
Create a user with administration rights if needed.

IP address and Hosts Configuration

Figure out the IP addresses of the 3 nodes:

[root@aapController ~]# ip addr

Write all the hosts IP addresses with hostnames in /etc/hosts, ensure to put .local after each hostname for successful DNS resolution when pulling images from Docker to push Execution Environment into Automation Hub.

Important: Ensure to repeat the steps across the 3 nodes.

[root@aapController ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.123.456 aapController.local
192.168.789.123 databasenode.local
192.168.123.457 automationhub.local

Ensure the nodes can be pinged:

[root@aapController ~]# ping aapController.local
PING aapController.local (192.168.123.456) 56(84) bytes of data.
64 bytes from aapController.local (192.168.123.456): icmp_seq=1 ttl=64 time=0.035 ms
64 bytes from aapController.local (192.168.123.456): icmp_seq=2 ttl=64 time=0.051 ms
64 bytes from aapController.local (192.168.123.456): icmp_seq=3 ttl=64 time=0.091 ms
64 bytes from aapController.local (192.168.123.456): icmp_seq=4 ttl=64 time=0.104 ms
^C
--- aapController.local ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3057ms
rtt min/avg/max/mdev = 0.035/0.070/0.104/0.028 ms

Extra Steps:

Installing Ansible Engine on the Controller node to test if the hosts can be pinged from Ansible.

Set the hosts in the /etc/ansible/hosts:

[root@aapController ~]# cat /etc/ansible/hosts
aapController.local ansible_user=root ansible_ssh_pass=password

databasenode.local ansible_user=root ansible_ssh_pass=password

automationhub.local ansible_user=root ansible_ssh_pass=password

To ensure that the hosts can be accessed using hostnames, set host_key_checking to false under /etc/ansible/ansible.cfg:

[root@aapController ~]# cat /etc/ansible/ansible.cfg
# Since Ansible 2.12 (core):
# To generate an example config file (a "disabled" one with all default settings, commented out):
#               $ ansible-config init --disabled > ansible.cfg
#
# Also you can now have a more complete file by including existing plugins:
# ansible-config init --disabled -t all > ansible.cfg

# For previous versions of Ansible you can check for examples in the 'stable' branches of each version
# Note that this file was always incomplete  and lagging changes to configuration settings

# for example, for 2.9: https://github.com/ansible/ansible/blob/stable-2.9/examples/ansible.cfg
[defaults]
host_key_checking = false

Ping the hosts from ansible:

[root@aapController ~]# ansible -m ping all
automationhub.local | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "ping": "pong"
}
aapController.local | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "ping": "pong"
}
databasenode.local | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "ping": "pong"
}

Configure SSH for the 3 hosts

Generate SSH Keygen:

[root@automationhub ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
...
The key's randomart image is:
+---[RSA 3072]----+
|=+ .             |
|ooE.   .         |
| oo = o          |
|   B = .         |
|  = X = S        |
|   O # . .       |
| .. @ =          |
|  +O.+.          |
| o**B+           |
+----[SHA256]-----+

Transfer SSH key:

[root@automationhub ~]# ssh-copy-id ansible-automation
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'ansible-automation (192.168.123.456)' can't be established.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@ansible-automation's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'ansible-automation'"
and check to make sure that only the key(s) you wanted were added.

Testing out SSH:

[root@aapController ~]# ssh databasenode.local
root@databasenode.local password: 
Activate the web console with: systemctl enable --now cockpit.socket

Last login: Mon Apr 10 00:25:22 2023 from 192.168.123.456

[root@databasenode ~]#

Download and Configure AAP Inventory

Obtain the AAP bundle from here. Unzip the file and configure the inventory for installation.

For security, the passwords can be vaulted in passwords.yml in the bundle folder and referenced from the inventory file. SSH key based authentication can also be used.

(In this setup, direct password indications will be used for simplicity. Please change user, password and database names to your preference)

Note: Privileged user with administration rights required for SSH.

Configure the 3 nodes:

[automationcontroller]
aapController.local ansible_ssh_user=root ansible_ssh_pass=password ansible_connection=local

[automationhub]
automationhub.local ansible_ssh_user=root ansible_ssh_pass=password

[database]
databasenode.local ansible_ssh_user=root ansible_ssh_pass=password

Configure postgres hosts and registry accounts:

[all:vars]
admin_password='password'

pg_host='databasenode.local'
pg_port=5432

pg_database='awx'
pg_username='awx'
pg_password='password'
pg_sslmode='prefer'  # set to 'verify-full' for client-side enforced SSL

# Execution Environment Configuration
#

# Credentials for container registry to pull execution environment images from,
# registry_username and registry_password are required for registry.redhat.io
#
# When deployed with Automation Hub:
# - The installer will push execution environment images to Automation Hub and
#   configure Automation Controller to pull images from the Hub registry.
# - To make Hub to be the only registry to pull execution environment images from,
#   set 'ee_from_hub_only' to True. This is set to True by default when bundle
#   installer is used.
registry_url='registry.redhat.io'
registry_username='abc@redhat.com' #abc@gmail.com
registry_password='password'
# ee_from_hub_only =

Configure Automation Hub and Automation Services Catalog Configuration:

Configure the databases usernames and passwords:

# Automation Hub Configuration
#

automationhub_admin_password='password'

automationhub_pg_host='databasenode.local'
automationhub_pg_port=5432

automationhub_pg_database='automationhub'
automationhub_pg_username='automationhub'
automationhub_pg_password='password'
automationhub_pg_sslmode='prefer'

# Automation Services Catalog Configuration
#

automationcatalog_pg_host='databasenode.local'
automationcatalog_pg_port=5432

automationcatalog_pg_database='automationservicescatalog'
automationcatalog_pg_username='automationservicescatalog'
automationcatalog_pg_password='password'

Install the Ansible Automation Platform

[root@aapController aap-setup-bundle-2.3-1]# ./setup.sh

Once the installation is completed, there will be log files for both validated collection and certified collection.

[root@aapController ansible-automation-platform-setup-bundle-2.3-1]# tree -L 1
.
├── bundle
├── certified_collection_seed_2023-04-08-19-01-05.log
├── collections
├── group_vars
├── inventory
├── licenses
├── README.md
├── setup.sh
└── validated_collection_seed_2023-04-08-19-08-20.log

4 directories, 5 files

You will be able to access the automation controller and automation hub from localhost on each node:

Ansible Automation Hub

Configuring Ansible Automation Platform on the Controller:

Once logged in there will a configuration page for the subscription:

Under the Username/Password Tab, enter your Red Hat Developer Account details.

You are able to obtain a trial subscription or utilize a Red Hat Developer Subscription for Individuals:

Setup User and Automation Analytics

Setting up User and Automation Analytics

Press Next then Submit. It will redirect to the AAP dashboard.

Now the installation is completed, you are able to set up your Projects, Inventory, Hosts etc for automation! Projects, Collections, and Execution Environments can be retrieved from the hosted Automation Hub as well.