TL;DR des commandes clés pour sécuriser Gateway et EDA avec le certificat interne EtapesVérifier l’issuer du certificat serveur (ici le résultat est intCA1): $ openssl x509 -in /home/aap/hostname.sub.company.org.cert.pem -noout -issuer -subject Construire le fullchain.pem (certificat serveur + intermédiaire) : $ sudo cat /home/aap/hostname.sub.company.org.cert.pem \ /etc/pki/ca-trust/source/anchors/COMPANY-SUB-intCA1.pem \ > /home/aap/fullchain.pem Droits et owner : $ chown aap:aap /
[ ARTICLES CRÉÉS EN 2026 ]
L’objectif est de sécuriser les services Gateway et EDA d’Ansible Automation Platform (AAP) avec les certificats internes de votre entreprise. Contraintes : pas de clé privée globale pour la CA - on dispose seulement des certificats serveur signés et des intermédiaires. Problème initialLe playbook échoue systématiquement avec des erreurs SSL. Exemple Gateway : FAILED - RETRYING: [hostname.sub.company.org]: Ensure automation gateway proxy is ready (1 retries left).fatal: [hostname.sub.company.or
[ ARTICLES CRÉÉS EN 2025 ]
How I set up an automated backup system for Ansible Automation Platform (AAP) using the containerized installer. The script and the crontab setup run a daily backup, store it on a remote NFS location, and clean up older backups over time. The backup script must be launched using the dedicated non-root user (in this case, aap). This user also needs access to the AAP installation directory, since the backup command has to be run from there. PrerequisesPackagesYou have to install the following pack
Logging in with the dedicated non-root user account (here, aap) to perform a backup and access the automation platform’s installation directory is required. To control the compression of backup files before sending them to the host running the operation, you can use specific variables in the inventory file. Inventory file optionConnect to the aap user ang go to the installation directory then open the inventory-growth file: $ cd MyInstallDir$ vim inventory-growth Then add the following configu
How to install Ansible Automation Platform 2.6 (AAP) using the Containerized All-in-One Bundle in an offline environment.This installation focuses on the offline, containerized installation method, where all required components, including the Controller, Automation Hub, Automation Gateway, and Event-Driven are deployed via pre-packaged containers, without requiring direct internet access. Download the installation programGo to https://access.redhat.com/downloads/content/480/ver=2.6/rhel---9/2.6/
This playbook runs a series of HPE 3paradm commands on Alletra storage for weekly monitoring purposes. A separate file will be created for each host and a separate email will be sent with the attached file. Lauch the playbookYou can launch the weekly script using the following command: # ansible-playbook -i myhost1.org,myhost2.org, /path/to/Check_Storages.yml -u 3paradm --ask-pass You will receive separate mails in your mailbox with attached file. The playbookThe full script: ---- name: Run a c
[ ARTICLES CRÉÉS EN 2024 ]
Dans AWX (Ansible Tower), chaque tâche s’exécute dans un environnement d’exécution isolé pour assurer la sécurité et la stabilité des playbooks. Cet environnement restreint limite l’accès aux ressources du système hôte, y compris la création ou la modification de fichiers locaux. Pour y remédier il est possible d’utiliser le module ansible delegate_to en précisant le nom de la machibe hôte où s’exécute le playbook. Il est possible de préciser directement localhost, l‘@IP du localhost ou son DNS.
Launching navigator without any additional options brings up a welcome screen that displays the different subcommands that are available. # ansible-navigator Moving around the interface is quite simple and reminders for the navigation keys are listed at the bottom of the interface. Subcommands can be entered in a vim-like fashion using the format :. Available subcommands: :builder // Build execution environment (container image):collections // Explore available collections:config // Explore
Error encountered on AAP: SSH password: ERROR! couldn't resolve module/action 'community.general.redhat_subscription'. This often indicates a misspelling, missing collection, or incorrect module path. Export your proxy parameters: # export HTTP_PROXY=http://proxy.your.company.org:8080# export HTTPS_PROXY=http://proxy.your.company.org:8080 Install your module (here community.general) and your path (current user folder by default), force path (–force) if needed: # ansible-galaxy c
If you have a certificate problem with your AAP webGUI. Add a certificate1/ DL on your AAP server the certificates (probably a files named like the following: AAP-Server.your.company.org.key.pem and AAP-Server.your.company.org.cert.pem) 2/ In your /etc/tower folder you should have some old certificates, rename them and put your news certificates with the same name: # cp /etc/tower/tower.cert /etc/tower/tower.cert-$(date +%F)# cp /etc/tower/tower.key /etc/tower/tower.key-$(date +%F)# rm /etc/towe
The ability to backup and restore your system is integrated into the platform setup playbook. TL;DRSummary: # ./setup.sh -b // backup# ./setup.sh -r // restore# ./setup.sh -e 'backup_dest=/path/to/backup_dir/' -b // backup in a specific folder# ./setup.sh -e 'restore_backup_file=/path/to/nondefault/backup.tar.gz' -r // restore from a speficic file Make a backupSimple BackupYou make a backup using the same setup.sh script that you use to in
Ansible Vault est un outil intégré à Ansible qui permet de chiffrer des fichiers contenant des données sensibles, comme des mots de passe ou des clés privées Chiffrer des données avec Ansible-Vault et déployer un playbookCréer un fichier chiffréLors de la création d’un fichier chiffré, Ansible Vault demandera de fournir un mot de passe pour chiffrer le fichier : # ansible-vault create /path/encrypted.yml Exemple de contenu : # encrypted.yml (chiffré)user_john_passwd: 1337H4X0Rvariable_secret: 1