Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Ansible Automation Platform on OpenShift

Prerequisites

Follow these steps to install the Ansible Automation Platform (AAP) Operator on your OpenShift cluster and deploy an AAP instance. The verified version used in this guide is AAP 2.5 (Operator CSV aap-operator.v2.5.0-0.1737675968, Controller 4.6.7).

  1. Before you start, make sure you are logged in to the OpenShift cluster as a cluster-admin user.

  2. Check to see if your nfs-client StorageClass (or your preferred RWX-capable StorageClass) is available:

    Your cluster global pull secret includes credentials for registry.redhat.io (required to pull Red Hat images):

  3. If registry.redhat.io is missing, add it via the OpenShift console under Cluster Settings → Global Pull Secret, or contact your Red Hat account team for registry credentials.

Create the Namespace and OperatorGroup

  1. Create the aap namespace and an OperatorGroup that scopes the operator to that namespace:
  2. Verify the namespace and OperatorGroup are created:

Configure the Red Hat Registry Pull Secret

The operator pods must pull images from registry.redhat.io.

.
  1. Copy the cluster-level pull secret into the aap namespace:
  2. Verify the secret was created:

Create the Operator Subscription

  1. Create a Subscription object pointing to the stable-2.5 channel in the Red Hat operator catalog. Setting installPlanApproval: Manual with a pinned startingCSV ensures you install the exact tested version and do not auto-upgrade:
    Note:

    The startingCSV value aap-operator.v2.5.0-0.1737675968 is the verified CSV for AAP 2.5 (platform version 2.5.20250115, Controller 4.6.7). A newer CSV may be available in the catalog. To use the latest available 2.5 version, omit the startingCSV field, or check the available CSVs with:

  2. Verify the Subscription is created:

Approve the InstallPlan

Because installPlanApproval is set to Manual, the operator will not install until you explicitly approve the generated InstallPlan.

  1. Wait for the InstallPlan to appear (typically 15–30 seconds):
  2. Approve the pending InstallPlan:
  3. Wait for the operator CSV to reach Succeeded phase (typically 3–5 minutes):

    This is the expected output:

    Note:

    Do not proceed to the next step until the CSV shows Succeeded. If it remains in Installing mode for more than 10 minutes, check operator pod logs:

Deploy the AnsibleAutomationPlatform CR

  1. Create the top-level AnsibleAutomationPlatform custom resource. The operator uses this single CR to automatically provision all sub-components: Automation Controller, Automation Hub, Event-Driven Ansible (EDA), PostgreSQL, and Redis:
    Note:

    The postgres_storage_class value must match a StorageClass available in your cluster. The Automation Hub file storage PVC (100 Gi, RWX) and the Redis data PVC (1 Gi, RWO) are also automatically created using this storage class.
  2. Monitor deployment progress:

    The operator provisions resources in this order:

    1. PostgreSQL 15 StatefulSet (aap-postgres-15)

    2. Redis StatefulSet (aap-redis)

    3. Gateway deployment (aap-gateway)

    4. AutomationController sub-CR and pods (aap-controller-task, aap-controller-web)

    5. EDA sub-CR and pods (aap-eda-api, aap-eda-activation-worker, aap-eda-default-worker, aap-eda-scheduler, aap-eda-event-stream)

  3. Retrieve Admin Credentials

Verify the Installation

  1. Verify the Installation.
    Verify that all pods are running:

    All pods must show Running status.

    Table 1: Pods and Containers
    Pod Containers Expected Status
    aap-postgres-15-0 1/1 Running
    aap-redis-0 1/1 Running
    aap-gateway-* 2/2 Running
    aap-controller-task-* 4/4 Running
    aap-controller-web-* 3/3 Running
    aap-hub-api-* 1/1 Running
    aap-hub-content-* (×2) 1/1 Running
    aap-hub-web-* 1/1 Running
    aap-hub-worker-* 1/1 Running
    aap-hub-redis-* 1/1 Running
    aap-eda-api-* 3/3 Running
    aap-eda-activation-worker-* (×2) 1/1 Running
    aap-eda-default-worker-* (×2) 1/1 Running
    aap-eda-scheduler-* (×2) 1/1 Running
    aap-eda-event-stream-* 2/2 Running
  2. Verify the AAP CR shows a successful reconciliation:
    Look for "type": "Successful" with "status": "True".
  3. Verify the deployed versions match:
  4. Verify the routes are created:
    Four routes are expected.
    Table 2: Routes and URL Patterns
    Route URL Pattern
    Gateway (main entry point) http://aap-aap.apps.<cluster-domain>
    Automation Controller https://aap-controller-aap.apps.<cluster-domain>
    Automation Hub http://aap-hub-aap.apps.<cluster-domain>
    Event-Driven Ansible http://aap-eda-aap.apps.<cluster-domain>

Retrieve Admin Credentials

The operator auto-generates admin passwords and stores them in secrets within the aap namespace. Retrieve them as follows: