[ TITLE ] : AAP Containerized Bundle Install

[ CATEGORY ] : /Automatisation/Tower/AAP

[ TAGS ] : AAP, Ansible, Bundle, Container, EDA

[ DATE ] : 2025-11-19 22:10

[ AUTHOR ] : 4L1N3

AAP Containerized Bundle Install

How to install Ansible Automation Platform 2.6 (AAP) using the Containerized All-in-One Bundle in an offline environment.
This installation focuses on the offline, containerized installation method, where all required components, including the Controller, Automation Hub, Automation Gateway, and Event-Driven are deployed via pre-packaged containers, without requiring direct internet access.

Download the installation program

Go to https://access.redhat.com/downloads/content/480/ver=2.6/rhel---9/2.6/x86_64/product-software.

Then download the Ansible Automation Platform 2.6 Containerized Setup Bundle file for offline or bundled installations:

Ansible Automation Platform 2.6 Containerized Setup Bundle
- Last modified: 2025-10-15
- SHA-256 Checksum: e896a67e7fc3002657fca25eedbc5806f84466ec8b32c17c79167e5af0fcad36

Prerequires

System Prerequires

Fist, you need a fresh Red Hat (RHEL 9) install.

Check the version of the system:

$ cat /etc/redhat-release
Red Hat Enterprise Linux release 9.6 (Plow)

Mandatory Packages

If you have a local repository, you need to add the ansible-automation-platform-2.6-for-rhel-9-x86_64-rpms.
For example, by the following command:

$ sudo bash -c 'cat > /etc/yum.repos.d/custom.repo << "EOF"
[MyCompany_ansible-automation-platform-2.6-for-rhel-9-x86_64-rpms]
name=Custom MyCompany Red Hat Ansible Automation Platform 2.6 for RHEL 9 x86_64 (RPMs)
baseurl=http://rpms-zone.section.MyCompany.org/rhel/9/ansible-automation-platform-2.6-for-rhel-9-x86_64-rpms/
enabled=1
gpgcheck=0
EOF'

Update and upgrade the repository, then install the necessary packages:

$ sudo dnf update -y
$ sudo dnf upgrade -y

$ sudo dnf install -y tar
$ sudo dnf install -y ansible-core
$ sudo dnf install -y wget git-core rsync vim

Check the version of ansible-playbook:

$ ansible-playbook --version

Output:

ansible-playbook [core 2.16.14]
  config file = /home/aap/ansible-automation-platform-containerized-setup-bundle-2.6-1.1-x86_64/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.11/site-packages/ansible
  ansible collection location = /home/aap/ansible-automation-platform-containerized-setup-bundle-2.6-1.1-x86_64/collections
  executable location = /bin/ansible-playbook
  python version = 3.11.11 (main, Aug 21 2025, 00:00:00) [GCC 11.5.0 20240719 (Red Hat 11.5.0-5)] (/usr/bin/python3.11)
  jinja version = 3.1.6
  libyaml = True

Configuration

User Creation

To ensure a consistent and secure setup of containerized Ansible Automation Platform, create a dedicated user on each host.
Ansible Automation Platform connects as this user to run tasks on the host.

$ sudo adduser aap
$ sudo passwd aap

$ sudo visudo -f /etc/sudoers.d/aap
aap ALL=(ALL) NOPASSWD: ALL

The goal is for Ansible Automation Platform to log in as this user to run tasks on the host.
This dedicated user can be used for each host by adding ansible_user=aap to the inventory file.
Example: aap.example.org ansible_user=aap.

⚠️This user MUST ssh on the server.

Connect as aap user:

$ sudo -u aap -s

Then ssh on the server itself.
The aap user must have an open ssh connection to be able to deploy the installation playbook.

$ ssh 4510bt-srv-0029
There were 0 failed login attempts since the last successful login.

Unpack

Put the zip file on your AAP server, in the /home/aap directory:

File: ansible-automation-platform-containerized-setup-bundle-2.6-1.1-x86_64.tar.gz

Check the checksum:

$ echo "e896a67e7fc3002657fca25eedbc5806f84466ec8b32c17c79167e5af0fcad36  ansible-automation-platform-containerized-setup-bundle-2.6-1.1-x86_64.tar.gz" | sha256sum -c -

Output:

ansible-automation-platform-containerized-setup-bundle-2.6-1.1-x86_64.tar.gz: OK

Unpack the tar.gz file:

$ tar xfvz ansible-automation-platform-containerized-setup-bundle-2.6-1.1-x86_64.tar.gz

Add the aap user and group on the unpacked directory:

$ sudo chown -R aap:aap ansible-automation-platform-containerized-setup-bundle-2.6-1.1-x86_64

Rename the directory, for example:

$ mv ansible-automation-platform-containerized-setup-bundle-2.6-1.1-x86_64 AAP

Playbook configuration

Inventory files define the information needed to customize the installation.

Go to the installation directory then open the inventory-growth file:

$ cd AAP
$ vim inventory-growth

Then add the following configuration:

# Please consult the docs if you're unsure what to add
# For all optional variables please consult the included README.md
# or the Ansible Automation Platform documentation:
# https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/containerized_installation

# This section is for your AAP Gateway host(s)
# -----------------------------------------------------
[automationgateway]
my-hostname.company.org

# This section is for your AAP Controller host(s)
# -----------------------------------------------------
[automationcontroller]
my-hostname.company.org

# This section is for your AAP Automation Hub host(s)
# -----------------------------------------------------
[automationhub]
my-hostname.company.org

# This section is for your AAP EDA Controller host(s)
# -----------------------------------------------------
[automationeda]
my-hostname.company.org

# This section is for the AAP database
# -----------------------------------------------------
[database]
my-hostname.company.org

# -----------------------------------------------------
# This section is for the AAP variables
# -----------------------------------------------------
[all:vars]

# Ansible
# -----------------------------------------------------
ansible_connection=local

# Common variables
# -----------------------------------------------------
postgresql_admin_username=postgres
postgresql_admin_password=MyAw3s0meP455w0rD!

bundle_install=true
bundle_dir='{{ lookup("ansible.builtin.env", "PWD") }}/bundle'

redis_mode=standalone


# AAP Gateway
# -----------------------------------------------------
gateway_admin_password=MyAw3s0meP455w0rD!
gateway_pg_host=my-hostname.company.org
gateway_pg_password=MyAw3s0meP455w0rD!

# AAP Controller
# -----------------------------------------------------
controller_admin_password=MyAw3s0meP455w0rD!
controller_pg_host=my-hostname.company.org
controller_pg_password=MyAw3s0meP455w0rD!
controller_percent_memory_capacity=0.5

# AAP Automation Hub
# -----------------------------------------------------
hub_admin_password=MyAw3s0meP455w0rD!
hub_pg_host=my-hostname.company.org
hub_pg_password=MyAw3s0meP455w0rD!
hub_seed_collections=false

# AAP EDA Controller
# -----------------------------------------------------
eda_admin_password=MyAw3s0meP455w0rD!
eda_pg_host=:my-hostname.company.org
eda_pg_password=MyAw3s0meP455w0rD!

Launch the installation

Launch the playbook:

$ ansible-playbook -i inventory-growth collections/ansible_collections/ansible/containerized_installer/playbooks/install.yml

Wait for almost 30mim…

[...]
PLAY RECAP ************************************************************************************************************************
my-hostname.company.org        : ok=612  changed=193  unreachable=0    failed=0    skipped=284  rescued=0    ignored=0
localhost                      : ok=32   changed=0    unreachable=0    failed=0    skipped=56   rescued=0    ignored=0

Check the pods:

$ podman ps

CONTAINER ID  IMAGE                                                                             COMMAND               CREATED         STATUS         PORTS               NAMES
5eaa23bdf802  registry.redhat.io/rhel9/postgresql-15:latest                                     run-postgresql        21 hours ago    Up 21 hours    5432/tcp            postgresql
612ed5ebcd2f  registry.redhat.io/rhel9/redis-6:latest                                           run-redis             54 minutes ago  Up 53 minutes  6379/tcp            redis-unix
12adb73c07ae  registry.redhat.io/rhel9/redis-6:latest                                           run-redis             53 minutes ago  Up 53 minutes  6379/tcp            redis-tcp
1e4fefea2bb5  registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9:latest      /usr/bin/envoy --...  53 minutes ago  Up 52 minutes                      automation-gateway-proxy
565f5e34bddf  registry.redhat.io/ansible-automation-platform-26/gateway-rhel9:latest            /usr/bin/supervis...  53 minutes ago  Up 52 minutes                      automation-gateway
459e7aa2d00e  registry.redhat.io/ansible-automation-platform-26/receptor-rhel9:latest           /usr/bin/receptor...  50 minutes ago  Up 50 minutes                      receptor
d0ced196bdaa  registry.redhat.io/ansible-automation-platform-26/controller-rhel9:latest         /usr/bin/launch_a...  50 minutes ago  Up 46 minutes  8052/tcp            automation-controller-rsyslog
b5b36db18e50  registry.redhat.io/ansible-automation-platform-26/controller-rhel9:latest         /usr/bin/launch_a...  49 minutes ago  Up 46 minutes  8052/tcp            automation-controller-task
997a32d84a9e  registry.redhat.io/ansible-automation-platform-26/controller-rhel9:latest         /usr/bin/launch_a...  49 minutes ago  Up 45 minutes  8052/tcp            automation-controller-web
24063a83ed7d  registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9:latest     gunicorn --bind 1...  45 minutes ago  Up 43 minutes                      automation-eda-api
19e60aebdeaa  registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9:latest     daphne --bind 127...  44 minutes ago  Up 43 minutes                      automation-eda-daphne
02aa9ed3cb4a  registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9:latest  /bin/sh -c nginx ...  44 minutes ago  Up 43 minutes  8080/tcp, 8443/tcp  automation-eda-web
20ed6609312c  registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9:latest     aap-eda-manage rq...  44 minutes ago  Up 43 minutes                      automation-eda-worker-1
f9e6dde0f2a7  registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9:latest     aap-eda-manage rq...  44 minutes ago  Up 43 minutes                      automation-eda-worker-2
5ed7ebcdd047  registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9:latest     aap-eda-manage rq...  44 minutes ago  Up 43 minutes                      automation-eda-activation-worker-1
ec035eed5def  registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9:latest     aap-eda-manage rq...  44 minutes ago  Up 43 minutes                      automation-eda-activation-worker-2
f3552e9ceee8  registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9:latest     aap-eda-manage sc...  44 minutes ago  Up 43 minutes                      automation-eda-scheduler
ccd7ecd00e02  registry.redhat.io/ansible-automation-platform-26/hub-rhel9:latest                pulpcore-api --na...  43 minutes ago  Up 40 minutes                      automation-hub-api
27e8bf54195a  registry.redhat.io/ansible-automation-platform-26/hub-rhel9:latest                pulpcore-content ...  42 minutes ago  Up 40 minutes                      automation-hub-content
6e76ed30f61c  registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9:latest            /bin/sh -c nginx ...  42 minutes ago  Up 40 minutes  8080/tcp, 8443/tcp  automation-hub-web
93ed9e8ad194  registry.redhat.io/ansible-automation-platform-26/hub-rhel9:latest                pulpcore-worker       41 minutes ago  Up 40 minutes                      automation-hub-worker-1
7d34f20e308d  registry.redhat.io/ansible-automation-platform-26/hub-rhel9:latest                pulpcore-worker       41 minutes ago  Up 40 minutes                      automation-hub-worker-2

Web Administration

Go to https://my-hostname.company.org/, accept the risk.

Connect to the Web Interface with your admin credentials defined in the hub_admin_password variable.

Note about the certificates

By default, the installation program creates a self-signed Certificate Authority (CA) and uses it to generate self-signed TLS certificates for all Ansible Automation Platform services. The self-signed CA certificate and key are generated on one node under the ~/aap/tls/ directory and copied to the same location on all other nodes. This CA is valid for 10 years after the initial creation date.

Self-signed certificates are not part of any public chain of trust. The installation program creates a certificate truststore that includes the self-signed CA certificate under ~/aap/tls/extracted/ and bind-mounts that directory to each Ansible Automation Platform service container under /etc/pki/ca-trust/extracted/. This allows each Ansible Automation Platform component to validate the self-signed certificates of the other Ansible Automation Platform services. The CA certificate can also be added to the truststore of other systems or browsers as needed.

Documentation

https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html-single/containerized_installation/index