Manage Execution Environments in Oracle Linux Automation Manager Private Automation Hub

1
0
Send lab feedback

Manage Execution Environments in Oracle Linux Automation Manager Private Automation Hub

Introduction

Private Automation Hub is an Oracle Linux Automation Manager repository for managing collections, execution environment images, and other curated content locally within a customer's infrastructure.

This tutorial shows how to install Private Automation Hub and upload a custom execution environment to its container registry. For details on creating customized execution environments, see our tutorial on the Builder utility.

Objectives

In this lab, you'll learn how to:

  • Secure password variables with ansible-vault
  • Install Private Automation Hub using variables
  • Upload a custom execution environment to the Private Automation Hub registry

Prerequisites

  • Two systems running Oracle Linux
    • One for installing Private Automation Hub
    • Another for running the Builder utility and acting as a client to Private Automation Hub

Install the Private Automation Hub Packages

Note: When using the free lab environment, see Oracle Linux Lab Basics for connection and other usage instructions.

Information: The free lab environment deploys Oracle Linux Automation Manager Builder utility and creates a custom execution environment. The deployment takes approximately 20 minutes to finish after launch. Therefore, you might want to step away while this runs and promptly return to complete the lab.

  1. Open a terminal and connect via ssh to the ol-pah instance.

    ssh oracle@<ip_address_of_ol-pah>

  2. Install the Oracle Linux Automation Manager repository.

    sudo dnf install -y oraclelinux-automation-manager-release-el8

  3. Install the Private Automation Hub package.

    sudo dnf install -y ol-private-automation-hub-installer

    This command installs the Private Automation Hub installation playbooks and roles, ansible-core, python3.11, and other package dependencies.

Install Private Automation Hub

When installing Private Automation Hub, you must set the passwords for the Private Automation Hub admin superuser account and its backend database. Rather than passing these to the playbook in the open, let's perform that step more securely using ansible-vault.

The ansible-vault utility ships with Oracle Linux Automation Engine and enables the encryption and decryption of structured data files such as text files, variables, and YAML playbooks.

We'll encrypt a variable file containing our two passwords for our purposes.

  1. Create a working directory.

    mkdir ~/single-host

  2. Copy the Private Automation Hub playbook to the working directory.

    cp -r /usr/share/ansible/collections/ansible_collections/oraclelinux/private_automation_hub/playbooks/single-node/ ~/single_node

  3. Change to the working directory.

    cd ~/single_node

  4. Create an inventory file.

    The inventory file for this playbook requires the hostname and SSH username where the playbook installs Private Automation Hub. You define the inventory file in either INI or YAML format. The sample inventory hosts.singlenode.example the installation includes with the playbook uses YAML, so we'll use the INI format here to demonstrate an alternate option.

    tee hosts > /dev/null <<EOF
[hub]
ol-pah ansible_host=ol-pah ansible_user=oracle
EOF

    Unlike the sample that uses hub as a ansible_host alias, this INI inventory file uses hub as a group name. Groups allow for creating parent/child relationships between the hosts and grouping them into one or many categories to run tasks or assign variables.

  5. Create a vault containing the password variables.

    ansible-vault create vault_passwords.yml

    When running the command, it prompts you to create a vault password. The ansible-vault utility uses this password when decrypting the vault's contents when accessing these contents from within a playbook. The password can be any combination of characters, but remember it, as you cannot recover it.

    Once you enter and confirm the password, the utility opens the vault_passwords.yml file in your default editor. For the free lab environment, the editor is vi. Type i to enter INSERT mode and paste these sample Private Automation Hub password variables.

    Note: These are the variables the playbook uses when installing Private Automation Hub and setting the superuser and database passwords.

    ---
olpah_admin_password: password
olpah_db_password: password

    Close and save the file by typing ESC, :wq! and then ENTER.

  6. Verify the contents of the vault.

    ansible-vault view vault_passwords.yml

    Enter the vault password at the prompt, and ansible-vault displays the vault's contents in the terminal.

  7. Run the Private Automation Hub playbook.

    ansible-playbook single-node-install.yml -i hosts -e "@vault_passwords.yml" --ask-vault-pass
    • -i defines the inventory file
    • -e defines any runtime variables as key=value pairs or in a variable file
    • --ask-vault-pass prompts for the vault password

    There are alternate methods to provide the vault password, which you can review in the upstream documentation .

    Note: The installation of Private Automation Hub takes 10-20 minutes. During the installation, the playbook's progress scrolls in the terminal until all tasks are complete.

Connect to Private Automation Hub

  1. Exit from the existing SSH session.

    exit

  2. Configure an SSH tunnel to the newly deployed Private Automation Hub.

    ssh -L 5444:localhost:443 oracle@<ip_address_of_ol-pah>

    In the free lab environment, use the IP address of the ol-pah VM.

  3. Open a web browser and enter the URL.

    https://localhost:5444

    Note: Approve the security warning based on the browser used. For Chrome, click the Advanced button and then the Proceed to localhost (unsafe) link.

  4. Log in to the Private Automation Hub WebUI.

    Use the Username admin and the Password password. This password is the value we set for olpah_admin_password in the runtime variables file.

    pah-login

  5. The WebUI displays after a successful login.

    pah-webui

Add Execution Environment Using the WebUI

One of the items that Private Automation Hub manages is execution environments. This feature allows Private Automation Hub to act as a repository for container images that administrators can interact with using Podman and the WebUI.

  1. Click Remote Registries from the WebUI under Execution Environments in the navigation menu.

  2. Click the Add remote registry button.

  3. Enter the following values in the specific fields.

    • Name: Quay Upstream Registry
    • URL: https://quay.io

  4. Click the Save button.

    The newly created remote registry appears in the Remote Registries panel.

  5. Click Execution Environments under Execution Environments in the navigation menu.

  6. Click the Add execution environment button.

    The WebUI displays the Add execution environment dialog. We can pull container images from upstream or other registries through this dialog.

  7. Enter or select the following values in the specific fields.

    • Name: upstream/awx-ee
    • Upstream Name: ansible/awx-ee
    • Registry: Quay Upstream Registry
    • Add tag(s) to include: Type latest and then ENTER

  8. Click the Save button.

    The newly created execution environment appears in the Execution Environments panel.

  9. Sync the upstream/awx-ee execution environment from the remote registry.

    1. Click the vertical three-dot menu to the right of the upstream/awx-ee item.

    2. Select Sync from registry

      A pop-up dialog appears stating the sync started.

    3. Click the detail page link in the pop-up dialog to see the status of this task.

    4. The task shows Completed.

    5. Click Execution Environments under Execution Environments in the navigation menu.

    6. Click the upstream/awx-ee link in the Execution Environments panel.

      This link displays the instructions to pull this image from Private Automation Hub under the Details tab.

    7. Click the Images tab.

      This panel displays more details about the image, including its tag, size, and sha256 digest.

Push Execution Environment Using Podman

  1. Open a terminal from the Luna Desktop and connect via ssh to the devops-node instance.

    ssh oracle@<ip_address_of_devops-node>

    This instance contains an installation of the Builder utility and a pre-built custom execution environment. For details on performing those tasks, see Build Custom Execution Environments with Oracle Linux Automation Manager Builder Utility .

  2. Change to the custom ee working directory.

    cd ~/my_custom_ee_project

    This directory contains the Builder utility's data files to create the custom execution environment image.

  3. List existing local images.

    podman images

    The output displays our custom image and Oracle Linux Automation Manager's default olam-ee and olam-builder images.

  4. Log in to the Private Automation Hub.

    podman login -u admin https://ol-pah.$(hostname -d) --tls-verify=0
    • -u is a user with privileges to access the container registry
    • ol-pah.$(hostname -d) is the container registry FQDN
    • --tls-verify=0 turns off TLS certificate verification as the free lab environment uses self-signed certificates

    The command prompts for a Password:. Enter the password matching the login credentials for the Private Automation Hub admin user.

  5. Tag the local custom image.

    Before pushing the image to the Private Automation Hub registry, create the required repository structure and tag using the local image.

    podman tag localhost/my_custom_ee ol-pah.$(hostname -d)/my_first_olam_ee_image

  6. Verify the new tagged image exists.

    podman images

    Example Output:

    [oracle@devops-node my_custom_ee_project]$ podman images
REPOSITORY                                                                  TAG         IMAGE ID      CREATED      SIZE
localhost/my_custom_ee                                                      latest      fbc43634b168  5 hours ago  2.29 GB
ol-pah.lv.vcn5ef1c2b6.oraclevcn.com/my_first_olam_ee_image                  latest      fbc43634b168  5 hours ago  2.29 GB
<none>                                                                      <none>      92aa94db3699  5 hours ago  1.4 GB
<none>                                                                      <none>      cc087fbfa018  5 hours ago  1.45 GB
container-registry.oracle.com/oracle_linux_automation_manager/olam-ee       latest      368657c8376d  5 weeks ago  1.25 GB
container-registry.oracle.com/oracle_linux_automation_manager/olam-builder  latest      5e98580f7956  5 weeks ago  546 MB

  7. Upload the custom image to Private Automation Hub.

    Note: Replace <IMAGE ID> with the actual image ID of the my_first_olam_ee_image from the podman images output.

    podman push --tls-verify=0 <IMAGE ID> ol-pah.$(hostname -d)/my_first_olam_ee_image:latest

  8. Confirm the upload in the WebUI.

    1. Switch to the browser containing the Private Automation Hub WebUI.

    2. Navigate to Execution Environments.

    3. Notice the new my_first_olam_ee_image.

      pah-ee

Summary

The output within the WebUI confirms you have a working Private Automation Hub.

For More Information

Oracle Linux Automation Manager Documentation
Oracle Linux Automation Manager Training
Oracle Linux Training Station

SSR