Lab: Ansible Automation Platform on Azure

As a group, we will deploy Red Hat Ansible Automation Platform as a managed application on the Microsoft Azure platform. We will provision the platform directly from the Azure Marketplace, configure network access, and validate that we can log into Automation Controller.

Running and managing your own instance of Ansible Automation Platform (AAP) can be complex and time-consuming. To simplify this process, Red Hat offers AAP as a managed application on Microsoft Azure. This allows organizations to leverage the power of Ansible automation without the overhead of managing the underlying infrastructure.

Due to subscription limitations, instead of each student deploying their own instance of Ansible Automation Platform on Azure, together we will collectively perform a single deployment as a class. This approach allows us to focus on understanding the deployment process and key concepts without the need for individual subscriptions. The steps included within this lab can be followed later by each student when they have access to their own or a customers' Azure subscription

Learning Objectives

After completing this module, you will be able to:

  • Understand the benefits of managed AAP deployment on Azure

  • Deploy AAP from the Azure Marketplace

  • Configure networking and security settings within the Azure Portal

  • Access and validate AAP functionality

1: Introduction: Why AAP on Azure?

Red Hat AnsibleĀ® Automation Platform on Microsoft Azure offers all the benefits of Ansible automation, deployed in your Azure cloud and offered as a managed or self-managed application

1.1: Importance of AAP on Azure

  1. Speed to Value: Deploy in minutes from the Azure Marketplace.

  2. Fully Supported: Backed by Red Hat SREs for patching, upgrades, and reliability.

  3. Hybrid Cloud Ready: Automate Azure, on-prem, and multi-cloud resources.

  4. Unified Billing: Consumption billed directly through your Azure subscription.

  5. Flexible Deployment: Three options to deploy AAP on Azure - Managed Application, Self-Managed, or on Azure Red Hat OpenShift.

1.2: Choosing Between Managed and Self-Managed

Based on Red Hat’s guidance, choosing to deploy Ansible Automation Platform (AAP) as a managed service in Azure offers significant advantages in convenience, support, and operational efficiency. It is an ideal choice for organizations that want to focus on automation rather than platform maintenance. In contrast, the self-managed option provides greater control and is suited for those with specific architectural or security policy needs.

1.2.1: Key Advantages of the Managed Application

  1. Reduced Operational Burden: Red Hat’s Site Reliability Engineering (SRE) team handles upgrades, patches, and daily maintenance.

  2. Automated Upgrades and Maintenance: You always stay current without doing upgrades yourself.

  3. Infrastructure Management: Red Hat manages the AKS cluster, database, and scaling.

  4. Monitoring and Support: Active monitoring with Red Hat as your single support contact.

  5. Quick Time to Value: Deploy directly from the Azure Marketplace and start automating in minutes.

  6. Simplified Billing: Unified billing through Azure and eligible for Microsoft Azure Consumption Commitment (MACC).

1.2.2: When to Consider Self-Managed

  1. Full Control Over Architecture and Security: Necessary for strict compliance or specialized configurations.

  2. Custom Scaling and Sizing: Allows manual control over VM sizes and architecture.

  3. Complete Management Responsibility: Installation, upgrades, scaling, and backups are owned entirely by the customer.

In summary, choose the Managed Application if your priority is to accelerate automation and reduce operational overhead. Choose Self-Managed if your priority is full control and customization.

2. Lab Setup: Prerequisites

Before we begin deployment, ensure the following prerequisites are met:

  1. Red Hat Account - Required to activate your AAP subscription entitlement after deployment.

  2. Azure Subscription

  3. Networking Plan - Prepare a dedicated VNET with a /24 range that does not overlap with existing CIDRs.

  4. Resource Quotas - Confirm at least 80 vCPUs available in the target Azure region for scaling.

3: Deploy AAP from Azure Marketplace

3.1: Launch the Marketplace Offer

  1. Log in to Azure Portal.

  2. In the Azure Portal, go to Marketplace and search for "Ansible Automation Platform". Select Red Hat Ansible Automation Platform on Azure.

    Ansible Automation Platform in Azure Marketplace

  3. Select your desired Subscription and Plan and then click Create.

Ansible Automation Platform in Azure Marketplace

3.2: Configure the Deployment

3.2.1: Basics / Database Availability Tab

Fill out the following fields on the Basics tab:

  1. Subscription: Select your desired subscription.

  2. Resource Group: Create a new one (e.g., rg-aap-lab-eastus) by clicking Create new and entering the name of your desired Resource Group.

  3. Region: Choose a region with available vCPU quota.

  4. Administrator Password: Provide a strong password for the administrator account.

  5. Access Mode: For lab purposes we’ll use Public access, but in production you should always plan for Private access with VNET peering.

    Ansible Automation Platform on Azure - Basics

  6. Click Next

  7. Confirm the Database Availability is validated and click Next again.

3.2.2: Networking Tab

The wizard automatically suggests values for each of the fields found within the Networking tab. Update the following fields as needed:

  1. Virtual Network: Select an existing VNET that meets the prerequisites or create a new one.

  2. Cluster Subnet: Choose a subnet within the selected VNET that has sufficient IP addresses available.

  3. Gateway Subnet: Choose a subnet within the selected VNET for gateway traffic.

  4. Private Link Subnet: Choose a subnet within the selected VNET for private link traffic.

  5. Database Subnet: Choose a subnet within the selected VNET for database traffic.

  6. Service CIDR: Enter a CIDR block that can be used for the cluster service.

  7. DNS IP: IP Address assigned to the DNS service.

  8. Pod CIDR: Enter a CIDR block that can be used for the cluster pods.

Ansible Automation Platform on Azure - Networking

+ . Click Next.

3.2.3: Business Continuity Tab

  1. Enable/Disable Disaster Recovery: For lab purposes, we will disable Disaster Recovery. In production, it is recommended to enable this feature.

    Ansible Automation Platform on Azure - Business Continuity

  2. Click Next.

3.2.4: Requirements Tab

Check each of the options in the Requirements section.

Ansible Automation Platform on Azure - Requirements

3.2.5: Review + create Tab

Once all of the parameters have been added within the prior tabs, the proposed configurations are displayed for your review. They will be validated by Azure to ensure that all requirements have been met.

Once validation has completed successfully, click Create to begin the deployment.

4: Validate Deployment

Once the deployment has completed, review the resources that were provisioned.

4.1: Locate Resource Groups

After deployment, three (3) resource groups will be created:

  1. Customer Resource Group (RG) - You own this.

  2. Managed Resource Group (MRG) - Red Hat SRE-managed (read-only).

  3. Node Pool Resource Group (NPRG) - Holds AKS resources. Do not modify without Red Hat guidance.

4.2: Access the AAP Console

  1. In the Customer RG, locate the Managed Application resource.

  2. Click Outputs and find the AAP Console URL.

  3. Open the URL in your browser.

  4. Log in with the admin credentials created during deployment.

Once you have accessed the AAP console, you can perform any automation activities, much like you would with a self-managed installation.

5: Explore Networking (Optional Advanced Lab)

This section enables you to explore some of the networking options available when deploying AAP on Azure. For automation beyond localhost, configure Azure VNET peering:

  1. Public Access: Already works for internet-facing automation.

  2. Private Access: Requires VNET peering or VWAN configuration.

  3. Automation Mesh: Deploy execution nodes closer to your workloads for hybrid or edge use cases. Assess the network conditions (latency, bandwidth) and security requirements for each location.

  4. Decide on Node Roles:

    • Execution Nodes: Decide how many you need and where they’ll be deployed. Each will require a separate server or VM.

      • Ensure the VM’s Network Security Group (NSG) allows inbound traffic on port 27199 (the default receptor communication port) from your AAP controller.

      • If you’re using a private automation hub, also ensure the VM can reach it.

      • Integrate with controller: Execute the installer playbook on the Azure VM. This playbook installs the receptor service and configures a secure, encrypted connection back to your main AAP controller.

    • Hop Nodes: Consider using these if you need to traverse firewalls or complex networks, they don’t run jobs

      • Ensure the hop node can reach both the AAP controller and the execution nodes that will connect to it. Open port 27199 (the default receptor port) on the firewall to allow communication.

Conclusion

You have successfully:

  • Deployed Ansible Automation Platform as a managed service on Azure

  • Validated the deployment by logging into Automation Controller

  • Explored networking options for real-world automation

This deployment method provides:

  • Rapid deployment from the Azure Marketplace

  • Fully managed infrastructure by Red Hat SREs

  • Seamless integration with Azure billing and support

  • Enterprise-ready automation capabilities

The managed service approach allows you to focus on automation development rather than platform maintenance, while still benefiting from Red Hat’s enterprise support and updates.

Helpful Links

For additional reference and deeper learning on AAP in Azure, review the following resources:

  1. Red Hat Ansible Automation Platform on Azure.

  2. Networking and Prerequisites for AAP on Azure.

  3. Slack - Ansible Cloud Services.