What’s new in Ansible Automation Platform 2.1 Takashi Sugimura Senior Technical Support Engineer (Ansible) 2021-12-21 Ansible Advent Calendar 2021

Agenda ● Version history ● What’s new in 2.1? ● Upgrade paths ● FAQ in support cases

3 OPTIONAL SECTION MARKER OR TITLE Version history

History Version history Red Hat Ansible Tower Life Cycle https://access.redhat.com/support/policy/updates/ansible-tower ### Ansible Automation Platform 1.0 Released: November 14, 2019 End of Life: May 14, 2021 Product components: Ansible Tower 3.6 (final version 3.6.7) Ansible Engine 2.9 (current version 2.9.27) ### Ansible Automation Platform 1.1 Released: May 18, 2020 End of Life: November 18, 2021 Product components: Ansible Tower 3.7 (final version 3.7.5) Ansible Engine 2.9 (current version 2.9.27) - Introduced Engine 2.9 - Online activation - PostgreSQL 10 - Collections support - Use a private copy of the project for each run - RHEL7.7 or RHEL8.2 required at least - Improved performance - Inventory plugins from upstream collections - Removed RabbitMQ, introduced Redis and WebSocket We have been gradually renaming the brand of the product.

Version history Red Hat Ansible Automation Platform Life Cycle https://access.redhat.com/support/policy/updates/ansible-automation-platform ### Ansible Automation Platform 1.2 (current version 1.2.6) Released: November 18, 2020 End of Life: November 18, 2022 Product components: Ansible Tower 3.8 (current version 3.8.5) Ansible Engine 2.9 (current version 2.9.27) Ansible Automation Hub 4.2 (current version 4.2.7) ### Ansible Automation Platform 2.0 (early access, current version 2.0.1) Released: July 15, 2021 End of Life: January 15, 2023 Product components: Ansible automation controller 4.0 (current version 4.0.0) Ansible Automation Hub 4.3 (current version 4.3.3) Execution Environments Ansible core 2.11 (current version 2.11.6) Ansible 2.9 (current version 2.9.27) Current supported versions - Introduced Private Automation Hub - License activation has been changed - More performance improvements - Ansible Tower renamed as Ansible automation controller - New Web UI using PatternFly 4 - Refactored to EE (Podman container)

Version history Red Hat Ansible Automation Platform Life Cycle https://access.redhat.com/support/policy/updates/ansible-automation-platform ### Ansible Automation Platform 2.1 (current version 2.1.0) Released: December 2, 2021 End of Life: June 2, 2023 Product components: Ansible automation controller 4.1 (current version 4.1.0) Ansible Automation Hub 4.4 (current version 4.4.0) Red Hat Single Sign-On 7.4 Execution Environments Ansible core 2.12 (current version 2.12.0) Ansible 2.9 (current version 2.9.27) New release This presentation will describe the updates in details

Summary - Product components Version history AAP 1.x AAP 2.0 AAP 2.1 Ansible Engine 2.9 - 2.11 for installation Execution Environments (Podman container image) - ee-minimal (2.11) - ee-supported (2.11) - ee-2.9 - 2.12 for installation Execution Environments (Podman container image) - ee-minimal (2.12) - ee-supported (2.12) - ee-2.9 Customized Ansible Engine Python Virtual Environment Create an EE image Web UI / service Ansible Tower 3.6/3.7/3.8 Ansible automation controller 4.0 Ansible automation controller 4.1 Automation Mesh Private Automation Hub 4.2 (since AAP 1.2) 4.3 4.4 PostgreSQL 10 12 Content Creator Experience (community provided) ansible-builder ansible-navigator VScode plugin Molecule ansible-lint

8 OPTIONAL SECTION MARKER OR TITLE What’s new in 2.1?

Rough Architecture of AAP 1.x What’s new in 2.1? inventory credential servers networks cloud playbooks roles plugins configurations project variables Web UI Ansible Engine on Python venv project credentials inventory variables job template background services Web browser SCM repository Public / Private Automation Hub database external auth (SAML / LDAP, etc) collections git, etc HTTPS SSH, etc

Rough Architecture of AAP 2.1 What’s new in 2.1? inventory credential servers networks cloud playbooks roles plugins configurations project variables Web UI Ansible Core on Execution Environment project credentials inventory variables job template background services SCM repository database Podman container Ansible Core 2.12 PostgreSQL 10 → 12 New Web UI Design Clustering and SSO Automation Mesh (Receptor) EE image external auth (SAML / LDAP, etc) Web browser Also supported Ansible Automation Platform Operator for OCP 4 HTTPS git, etc collections container image Public / Private Automation Hub SSH, etc

Changes - New Web UI Design What’s new in 2.1? Based on PatternFly 4

Changes - Containerized Ansible EE What’s new in 2.1? When a user has an additional requirement to execute a playbook, they needed to create another Python virtual environment. It was a kind of a craftsmanship. I want to use Python 3 libraries for third party modules on RHEL 7. Where can I create a directory for venv? Tower didn’t find it. My Tower cluster has 3 nodes, should I create the venv on all nodes? How can I create a venv on OCP4? Now you can create a customized Podman container image with the unified way using the ansible-builder command. And since 2.10, Ansible Core 2.12 separates the modules into built-in and optional collections. You can use supported container images and customized image.

Changes - Automation Mesh What’s new in 2.1? https://www.ansible.com/products/automation-mesh Where does AAP run the playbook? Until AAP 1.2 (Ansible Tower), the Tower nodes and isolated nodes are able to run the playbook. Now 2.1, it has expanded as plane. Control plane 　Hybrid nodes, Control nodes Execution plane 　Execution nodes, Hop nodes Control plane Automation controller Execution plane node type: hybrid or controller Automation mesh hop node Connects segmented environments Executes automation locally in environments segmented environment Remote location execution node(s) execution node(s) Resilient to high latency and connection disruptions

Changes - Automation Hub What’s new in 2.1? Red Hat Ansible Automation Platform cluster Private Automation Hub Custom enterprise content Automation Hub cloud.redhat.com Ansible Galaxy Developer IDE Content SDK Build Publish Deliver Clustering and SSO Execution Environment As a Podman image registry

15 OPTIONAL SECTION MARKER OR TITLE Upgrade paths

Upgrade paths Upgrade paths ・Supported path 　AAP 1.2 (Tower 3.8) -> 2.1 　AAP 2.0 -> 2.1 ・Tower 3.7 or previous versions should be upgraded to 3.8 in advance ・AAP 2.1 works only RHEL 8.4 or later For example, RHEL 7.7 + Tower 3.7.5 ・Take a backup ・Create a RHEL 8.5 + Tower 3.7.5 and restore the backup ・Upgrade it to 3.8.5 and AAP 2.1 step by step ・Create an EE if you were using a venv We don’t support leapp to upgrade from RHEL 7 to 8. Reinstallation is needed.

17 OPTIONAL SECTION MARKER OR TITLE FAQ in support cases

FAQ in support cases FAQ in support cases ■ Running a playbook job - 2.9 will reach EOL soon (2021-12-31) → you can continue using it until the EOL of AAP 1.2 - how to create and use venv with 3rd party python libraries for community maintained collections - how to connect Windows servers - how to connect via jumphost ■ Using controller (and Tower) - SAML authentication (OKTA, Azure AD, etc) - how to use dynamic inventory (filtering, grouping, new collections, etc) - how to upgrade - database performance ■ License and subscription ■ OCP environment ■ hardening, security scanning services ■ etc and etc

Skill change is needed for us FAQ in support cases ■ Ansible / Ansible Tower / Ansible Automation Platform - new features after 2.10 - 2.12, devel - new architectures on AAP 2.x - old architectures are still supported until AAP 1.2 EOL (2022-11-18) - even already EOL versions, we are often asked (we cannot forget RabbitMQ!) - SSO is introduced for AH, we have to learn Keycloak ■ Containers - Podman, Container registry, OpenShift Container Platform - persistent storage on OCP - how to gather information from running containers (logs, processes, resources, etc) ■ Use-case changes - cloud and network operations rather than RHEL automations - authentications (SAML, SAML and SAML) - these kinds of queries are often hard to reproduce on our side

The important things FAQ in support cases Ansible Automation performs so much operations at once very easily. When the product is not functional or works a wrong behavior, it may impact to customer’s business widely. As Ansible can reduce the 99% cost compared to manual operation, then if stops the customer’s cost makes 100 times than usual. I always keep in mind that it is the reason why we are here.

21 OPTIONAL SECTION MARKER OR TITLE Questions? Feel free to contact me anytime. I have written blog articles every month in this site: https://rheb.hatenablog.com/archive/category/Ansible

linkedin.com/company/red-hat youtube.com/user/RedHatVideos facebook.com/redhatinc twitter.com/RedHat Thank you!!!