James Lab

Phase 1 - Deploying Ansible Automation Platform 2.6 (Containerized)

5 min read

Optional: This phase is only needed if you want AAP’s web UI to manage playbooks. If you prefer running Ansible from the command line, skip to Phase 2: Vanilla Ansible.

With the foundation in place from Phase 0, the next step is deploying AAP 2.6 on the RHEL 10 host. AAP will serve as the orchestration layer that runs the K3s playbooks from a web UI instead of the command line.

This phase includes a critical workaround: AAP officially requires 16 GB of RAM, but this lab runs on 4–8 GB. We’ll bypass that check and prune unnecessary services to fit.

1. Prerequisites Checklist

Before starting, confirm these from Phase 0:

  • RHEL 10 VM with static IP 192.168.5.49
  • Hostname set to ansible-host with FQDN ansible-host.local in /etc/hosts
  • ansible-core installed (sudo dnf install -y ansible-core)
  • Internet access for pulling container images

2. Red Hat Registry Authentication

AAP containerized installer pulls images from the Red Hat Terms-Based Registry. You need valid credentials.

Create a Registry Service Account

  1. Go to Red Hat Terms-Based Registry.
  2. Create a new service account (or use an existing one).
  3. Note your Registry Username and Registry Token.

Login to the Registry

sudo podman login registry.redhat.io
# Username: <your-service-account-username>
# Password: <your-service-account-token>

This stores credentials in ~/.config/containers/auth.json for the installer to use.

3. Download the AAP 2.6 Containerized Installer

cd ~
curl -O https://access.redhat.com/downloads/content/484/ver=2.6/rhel---9/169204320/x86_64/product-software
# Or download from the Red Hat Customer Portal directly
 
# Extract the installer
tar -xzf ansible-automation-platform-containerized-setup-2.6-*.tar.gz
cd ansible-automation-platform-containerized-setup-2.6-*

4. Resource Optimization (The 4GB Workaround)

The AAP 2.6 installer checks for 16 GB of RAM during its pre-flight validation. On lab hardware, we bypass this with three strategies.

Strategy A: Disable Heavy Services

We don’t need Automation Hub or Event-Driven Ansible (EDA) for this lab. Disabling them frees significant memory.

Strategy B: Reduce Controller Memory Allocation

Set controller_percent_memory_capacity=0.5 to cap the controller’s memory usage at 50% of available RAM.

Strategy C: Override Pre-flight Check

Add ignore_preflight_errors=true to skip hardware validation entirely.

Strategy D: Spoof Memory at Runtime

Pass -e "{'ansible_memtotal_mb': 16000}" to the installer command, overriding the system-reported RAM value.

5. Configure the Inventory File

Create or edit the inventory-growth file in the installer directory. This is the AAP equivalent of an Ansible inventory — it tells the installer where each component lives.

[automationgateway]
ansible-host.local ansible_host=192.168.5.49
 
[automationcontroller]
ansible-host.local ansible_host=192.168.5.49
 
[database]
ansible-host.local ansible_host=192.168.5.49
 
[all:vars]
ansible_connection=local
routable_hostname=ansible-host.local
ignore_preflight_errors=true
 
# Database Credentials
postgresql_admin_username=postgres
postgresql_admin_password=PG_welcome1
 
# Component Passwords
gateway_admin_password=GATEWAY_welcome1
gateway_pg_password=PG_welcome1
controller_admin_password=CONTROLLER_welcome1
controller_pg_password=PG_welcome1
 
# Resource Tuning
controller_percent_memory_capacity=0.5
redis_mode=standalone

Key Decisions in This Inventory

SettingValueWhy
All sections point to ansible-host.localSingle-node All-in-OneConsolidates all services on one host
ansible_connection=locallocalInstaller runs on the same machine it configures
ignore_preflight_errorstrueBypasses hardware requirement checks
controller_percent_memory_capacity0.5Caps AAP memory usage at 50%
redis_modestandaloneSingle-node Redis (no cluster needed for lab)

Security note: In production, use Ansible Vault to encrypt credentials. For this lab, plaintext is used for simplicity. See Phase 3 for Vault integration.

6. Run the Installer

From the installer directory:

ansible-playbook -i inventory-growth \
    ansible.containerized_installer.install -K \
    -e "{'ansible_memtotal_mb': 16000}"
  • -K prompts for the sudo password (required for system-level changes).
  • -e overrides the RAM check by spoofing 16 GB of memory.

Expected Duration

PhaseApproximate Time
Image pulls (controller, gateway, postgres, redis)5–10 min
Container setup and configuration3–5 min
Certificate generation1–2 min
Total10–15 min

Monitor Progress

In a second terminal, watch containers spin up:

watch -n 5 "podman ps --format 'table {{.Names}}\t{{.Status}}'"

Expected containers:

NAMES                    STATUS
automation-controller    Up 2 min
automation-gateway       Up 2 min
automation-eda-controller Up 2 min
redis                    Up 2 min
postgres-15              Up 2 min

7. Verify the Installation

Access the Web UI

Open a browser and navigate to:

https://192.168.5.49

You may need to accept the self-signed certificate warning.

Login credentials:

  • Username: admin
  • Password: CONTROLLER_welcome1 (from the inventory file)

First Login Checklist

After logging in, confirm:

  • Dashboard loads without errors
  • Automation Controller section is accessible
  • Automation Gateway is running (Settings → About)
  • No critical alerts in the notification area

8. Troubleshooting

Installer Fails at Pre-flight

If you see Insufficient memory errors:

  • Verify ignore_preflight_errors=true is set in the inventory
  • Confirm you’re passing -e "{'ansible_memtotal_mb': 16000}"
  • Check available RAM: free -h

Containers Not Starting

# Check container logs
podman logs automation-controller
podman logs automation-gateway
 
# Restart all containers
podman restart $(podman ps -q)

Certificate Errors on Web UI

If the browser shows connection errors:

  • Confirm /etc/hosts has 192.168.5.49 ansible-host.local
  • Verify the hostname: hostname -f should return ansible-host.local
  • Regenerate certs by re-running the installer (it’s idempotent)

Can’t Pull Images

# Re-authenticate
podman logout registry.redhat.io
podman login registry.redhat.io

9. Automation Script

For repeatable deployments, wrap the installer in a shell script. Save this as scripts/aap-install/install_aap.sh:

#!/bin/bash
cd ~/ansible-automation-platform-containerized-setup-2.6-5 || { echo "Installer directory not found"; exit 1; }
 
echo "Starting AAP 2.6 Installation (Vault Protected)..."
 
ansible-playbook -i inventory-growth \
    ansible.containerized_installer.install -K \
    --ask-vault-pass \
    -e "{'ansible_memtotal_mb': 16000}"

--ask-vault-pass is included for when you migrate to Vault-encrypted credentials.

What’s Next

AAP is now running and accessible at https://192.168.5.49. In Phase 2, we’ll configure AAP to pull our K3s playbooks from GitHub, set up credentials, define the inventory, and create job templates to deploy the cluster with a single click.

Backlinks