Installing Event Driven Ansible Controller (EDA) with separate database (Linux/Fedora/RHEL9)

6 min readOct 30, 2023

“Event-Driven Ansible controller enables orchestration of multiple rulebooks and provides a single interface to manage and audit all responses across all event sources. These event sources are often third party monitoring and observability tools, but can be any source that provides intelligence about your IT environment.”

Event-Driven Ansible Controller (EDA) is a recent release of a new feature integrated with Ansible Automation Controller since Ansible Automation Platform Version 2.4. Ansible Rulebooks are triggered by events/changing IT conditions from sources such as third party monitoring and observability tools.

In this article, I will be exploring Event Driven Ansible Installation on a locally deployed virtual machine. One thing to take note about EDA Controller is its integration with AAP Controller, meaningEDA_ALLOWED_HOSTS=”edanode.local,192.168.789.456" that AAP Controller needs to be installed as standalone or in a 3-node deployment before installation of an EDA controller.

For this example, I will be installing EDA controller with a separate database, and the separate database will be shared by the AAP as well, as shown by a simple diagram below.

Normal installation of AAP consists of 3 nodes, but with EDA it will be 4 nodes:

Automation Controller Node
Postgresql Database Node
Private Automation Hub
Event Driven Controller

Take Note:

Do take note that EDA with separate database does not mean that EDA can be installed across 2 separate nodes like AAP Controller, meaning there will be 5 servers/virtual machines. Once installation of AAP Controller with EDA starts, the setup script will directly search for Postgresql Database which should already by set up and installed in the database node.

Hence when a new separate standalone Server/VM node is written as EDA database node, the setup will continuously poll the Postgresql port 5432 on the Server/VM, which will eventually result in TCP/IP connection error. (There are no services listening on the port)

You can, however, indicate a separate database node in the inventory to be used by EDA separately from the controller.

After following the article for AAP installation across 3 nodes as linked above, an extra VM node would need to be provisioned. The extra VM node will follow the same minimum settings for Automation Controller Node.

Requirements for EDA Controller:

Recommended amount of RAM is 16gb, but for resource conservation efforts on a locally provisioned node, 8gb would suffice.
For Virt Manager, as the specification is MiB, 1 GB is about 1000 MiB. Specify about 9000MiB to 10000MiB. As the available RAM will be reduced once the VM has been deployed.
Specify about 4 CPU Cores. More information regarding specifications can be found here.
Recommended Storage/Local Disk Size for VM or Server is about 40gb. Similarly as RAM, I will be utilizing 20gb of storage for the EDA Controller.

Tip: Allow SSH with password when VM is set up (When root account is created). This saves the hassle of allowing SSH with password through configuration files afterwards.

IP Address and Hosts Configuration

This follows the same process as AAP Controller Installation.

In order to set the hostname of the node:

[root@edanode ~]# sudo hostnamectl set-hostname edanode.local

I have put a .local behind to have a local FQDN for successful DNS resolution. Of course, it could be .test or other words. (Unless you have an official FQDN for each Server/VM)

To figure out the IP address:

[root@aapController ~]# ip addr

Ensure to add the ip address and hostname into /etc/hosts.

[root@aapController ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.123.456 aapController.local
192.168.789.123 databasenode.local
192.168.123.457 automationhub.local
192.168.789.456 edanode.local

Ensure that EDA node can be pinged from the controller:

[root@aapController ~]# ping edanode.local
PING aapController.local (192.168.789.456) 56(84) bytes of data.
64 bytes from edanode.local (192.168.789.456): icmp_seq=1 ttl=64 time=0.035 ms
64 bytes from edanode.local (192.168.789.456): icmp_seq=2 ttl=64 time=0.051 ms
64 bytes from edanode.local (192.168.789.456): icmp_seq=3 ttl=64 time=0.091 ms
64 bytes from edanode.local (192.168.789.456): icmp_seq=4 ttl=64 time=0.104 ms
^C
--- aapController.local ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3057ms
rtt min/avg/max/mdev = 0.035/0.070/0.104/0.028 ms

Configure SSH for EDA node

This also follows the same process as the Ansible Automation Controller.

Generate SSH Keygen:

[root@edanode ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
...
The key's randomart image is:
+---[RSA 3072]----+
|=+ .             |
|ooE.   .         |
| oo = o          |
|   B = .         |
|  = X = S        |
|   O # . .       |
| .. @ =          |
|  +O.+.          |
| o**B+           |
+----[SHA256]-----

Transfer SSH Key:

[root@edanode ~]# ssh-copy-id edanode
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'edanode (192.168.789.456)' can't be established.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@edanode's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'edanode'"
and check to make sure that only the key(s) you wanted were added.fe80::5054:ff:fe29:5610

Testing out SSH:

[root@aapController ~]# ssh edanode.local
root@edanode.local's password: 
Activate the web console with: systemctl enable --now cockpit.socket

Last login: Mon Oct 30 16:04:04 2023 from 192.168.789.456

[root@edanode ~]#

Download and Configure AAP Inventory

Obtain the AAP Bundle from here. Unzip the file and configure the inventory for installation. The configuration is the same as AAP 3-node installation (linked at the start of the article), with addition of EDA. I will be going through the EDA portion for this article.

At the start of the inventory file where Controller, Hub, Database nodes specifications are written, such as FQDN, username and password, there will be a section for the EDA controller (below the specification for automation hub).

Do note that the same nodes are being used as the AAP 3-node installation article, so the database and registry configurations can be repeated as well from that article.

Write in the details of the EDA node

[automationcontroller]
aapController.local ansible_ssh_user=root ansible_ssh_pass=password ansible_connection=local

[automationhub]
automationhub.local ansible_ssh_user=root ansible_ssh_pass=password

[automationedacontroller]
edanode.local ansible_ssh_user=root ansible_ssh_pass=password

[database]
databasenode.local ansible_ssh_user=root ansible_ssh_pass=password

EDA Controller Configuration

Scroll down the inventory file until you see the comment for the EDA Controller

Fill in the details:

# Automation EDA Controller Configuration
#

automationedacontroller_admin_password='password'

automationedacontroller_pg_host='databasenode.local'
automationedacontroller_pg_port=5432

automationedacontroller_pg_database='automationedacontroller'
automationedacontroller_pg_username='automationedacontroller'
automationedacontroller_pg_password='password'

The Postgresql(PG) Host is the database node utilized for the AAP installation.

3 fields need to be specified:

EDA controller admin password. (Can be vaulted)
EDA Controller PG host
EDA PG password

Install Ansible EDA Controller with AAP

[root@aapController aap-setup-bundle-2.4]# ./setup.sh

Let the setup run, it will take some time.

Afterwards, you will be able to access EDA controller from the EDA node:

Ansible Event Driven Automation

Configuring Allowed Host names to access EDA

When accessing EDA UI from the browser, unlike AAP Controller or Automation Hub, you will not be able to access by simply typing ‘localhost’ in the browser. Even if you were access to access the platform, you will face a 400 Bad Request Error.

You have to type in the FQDN to access and log in to the console, which in my case would be ‘edanode.local’.

To configure which host names should be allowed to access the console, you can configure EDA allowed hosts:

[root@edanode ~]# cat /etc/ansible-automation-platform/eda/environment
EDA_SECRET_KEY=...
EDA_DB_NAME=automationedacontroller
EDA_DB_HOST=databasenode.local
EDA_DB_PORT=5432
EDA_DB_USER=automationedacontroller
EDA_DB_PASSWORD=password
EDA_DB_SSL_MODE=prefer

...

EDA_ALLOWED_HOSTS="edanode.local,192.168.789.456"

...

There will be FQDN, ipv4 and ipv6 addressed assigned to the EDA_ALLOWED_HOSTS variable.

Add in localhost and save the file:

EDA_ALLOWED_HOSTS="edanode.local,192.168.789.456,localhost"

Now you will be able to access the EDA console from the browser simply by typing in localhost.

With the installation completed, you will be able to utilize Ansible Event Driven Automation Controller for your projects together with AAP.