Need explanations to use the installation part

[laurent-indermuehle]

Hi and thanks to all the contributors for this template! It is exactly what I needed.

I thinks the documentation for the installation of AAP could be more explanatory. I'm having trouble using this template to install Ansible Automation Platform and think additional explanations would help. I may offer a pull request once I've sorted this out but first I need your help to understand how this repo works please.

1) It's unclear where the playbooks are meant to be run from - the server hosting one of the controllers or a workstation? I tried running them from my workstation but now have AAP uncompressed in /var/tmp. Not what I wanted.

2) The inventory_env.yml files are new to me. I previously configured the setup.sh inventory for AAP/AWX node types and placements. How do these files work with bundle installation or the Technical Preview containerized installer? I see I need to add aap_setup_down_type: setup-bundle but details would help.

3) Without step-by-step SSH key generation guidance, getting all AAP nodes to communicate is difficult. Do I create a key on a controller node, copy the private key to other controllers, and add the public key to all nodes? More details would help ensure proper setup. As I'm getting permission denied even though the key are in place and work properly. Do I need to mount my .ssh folder inside the EE?

4) I've added a role preparing requirements like firewall and NTP - would you be interested in that contribution once I have the SSH keys working? I can then document the full process. Or is it intentionally left out of the scope of this template?

[djdanielsson]

First I will warn you that the install part is the least worked out and while it does work in my lab I probably could improve it some more. 1) it doesn't matter where you run it from, I personally run it from my "builder" server (which is Fedora) but it could be on your laptop or anything though if it isn't a RHEL server you may need to add a few variables to make it work. yes it unpacks the AAP in /var/tmp because it needs it somewhere to kick off the setup.sh

2) the install stuff does not work with the container build. the inventory is setup to just know what nodes are what, you should be able to just fill in where it says HERE. if you look at group_vars/all/aap_install.yml that will have the variables more like what you are thinking about that is used to fill out the inventory for setup.sh to use

3) You need to have access from the system that you are running the install from to all the nodes you are deploying too

4) You should not need to do anything extra with firewalls because the installer should take care of this. What do you need to do NTP wise? I think there might be a role for ssh keys... I would have to double check, it just isn't something that I use and often people have service accounts or keys already configured in their environment. and yes I would consider that out of scope for this template

We have this lab (it is outdated) but maybe if you review it, it will help explain how some of the parts work (we don't get into install) and then from there help you with your template. If you still have questions let me know.

[laurent-indermuehle]

@djdanielsson thanks a lot for taking the time to explain everything!

I'll need to check your answer of the 3rd item next week. I got an SSH error when the script attempt to connect to others nodes despite my key been on every nodes.

I hope I can find time to create a step by step guide that would help newcomers like me.

[laurent-indermuehle]

@djdanielsson I tried using a RHEL install instead of Fedora but haven't go much further.

I searched a bit on console.redhat.com but was unable to find how to create a token for the cloud_token variable. Did you remember how to do it?

I found why install_app.yml playbook give me host UNREACHABLE but install_configure.yml works : The variable "connection: local" from the inventory seems to not be working. It works for the later because this is set in the header of the playbook in install_configure.yml.

Also, I'm using the following EE: registry.redhat.io/ansible-automation-platform-24/ee-supported-rhel9 and I get the following error: Please install python3-dnf or python2-dnf package or ensure you have specified the correct ansible_python_interpreter. I see now in the lab that I should use infra.ee_utilities.ee_builder to build a custom EE. But I only have my workstation since I have yet to provision the AAP nodes. And have the same error "host UNREACHABLE" as above.

By fixing build_ee.yml file by adding "connection: local" in the header, I now get this error: Failed to find required executable \"podman\" in paths: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

And of course, podman is not installed in the EE I use. I'm starting to think I should not use ansible-navigator for the first installation. But follow the lab and use ansible-playbook instead.

But after logging to the future control node, when running dnf install ansible-builder ansible-lint it fails because I haven't configured the subscriptions and repos yet.

I compared the lab and the current state of the repo, I see a major difference. In the lab you didn't use the group "dev" with 127.0.0.1 and local connection. I think it's the root of my issues since the playbook is now attempting to install stuff inside de EE instead of the control node.

Maybe the solution to all this would be to create a custom EE for this project designed to provision AAP and publish this in a public registry?

[djdanielsson]

@laurent-indermuehle are you in our matrix channel?

[laurent-indermuehle]

@djdanielsson I'm in many ansible rooms. Is it #awx:ansible.com? I'm also on forum.ansible.com

[djdanielsson]

@laurent-indermuehle https://matrix.to/#/#aap_config_as_code:ansible.com

[laurent-indermuehle]

Also, I'm wondering what the ansible_password variable do?

It is only present in:

• infra/aap_utilities/roles/aap_setup_prepare/defaults/main.yml
• group_vars/all/aap_install.yml

Do we want to use the same password for the admin accounts of the controller and hub? Or are they supposed to be different?

Because in the vault we have both controller_pass and ah_pass, but it seems that none are used and I endup with Password123! in my inventory file.

[laurent-indermuehle]

Thanks to @djdanielsson, @sean-m-sullivan for your time during the Office Hours today. I'll try again using ansible-playbook. Also try to create smaller issues with error messages ;) And finally open a request at Red Hat to build a custom EE with supported collections if the need arise. I close this issue as discussed. Have a nice day.