AnsiblePilot — Master Ansible Automation

AnsiblePilot is the leading resource for learning Ansible automation, DevOps, and infrastructure as code. Browse over 1,400 tutorials covering Ansible modules, playbooks, roles, collections, and real-world examples. Whether you are a beginner or an experienced engineer, our step-by-step guides help you automate Linux, Windows, cloud, containers, and network infrastructure.

Popular Topics

About Luca Berton

Luca Berton is an Ansible automation expert, author of 8 Ansible books published by Apress and Leanpub including "Ansible for VMware by Examples" and "Ansible for Kubernetes by Example", and creator of the Ansible Pilot YouTube channel. He shares practical automation knowledge through tutorials, books, and video courses to help IT professionals and DevOps engineers master infrastructure automation.

Install Containerized Ansible Automation Platform 2.7

By Luca Berton · Published 2026-06-29 · Category: installation

Install containerized AAP 2.7: run the installer playbook, configure vault and verbosity options, verify gateway access, and enable feature flags.

Containerized Ansible Automation Platform 2.7 runs as a set of Podman containers on Red Hat Enterprise Linux 9. Installation is driven by a single ansible-playbook command using the ansible.containerized_installer collection included in the setup bundle. This guide walks through the full procedure from bundle download to first login.

Before You Begin

Complete these steps before running the installer:

  • Subscribe the RHEL 9 host and enable the AAP 2.7 repository
  • Prepare managed nodes and verify SSH connectivity
  • Download the AAP 2.7 setup bundle from the Red Hat Customer Portal
  • Configure the inventory file with your deployment topology
  • (Optional) Create an Ansible Vault file for sensitive variables

Download the Setup Bundle

Log in to the Red Hat Customer Portal and download the AAP 2.7 containerized setup bundle, then extract it:

tar xvf ansible-automation-platform-setup-bundle-2.7*.tar.gz
cd ansible-automation-platform-setup-bundle-2.7*/
ls

You will see:

  • inventory — template inventory file to configure
  • ansible.containerized_installer/ — the installer collection
  • collections/ — bundled Ansible collections

Configure the Inventory File

Edit inventory with your deployment details:

[automationgateway]
gateway.example.com

[automationcontroller]
controller.example.com

[automationhub]
hub.example.com

[automationeda]
eda.example.com

[all:vars]
# Gateway admin credentials
gateway_admin_username=admin
gateway_admin_password=<your-secure-password>

# Database settings
gateway_pg_host=gateway.example.com
gateway_pg_database=gateway
gateway_pg_username=gateway
gateway_pg_password=<db-password>

# (Add controller, hub, eda pg_* vars similarly)
registry_username=<your-rh-username>
registry_password=<your-rh-password>

For a single-node deployment, put all component groups on the same host.

See also: AAP 2.6 Upgrade Guide: RHEL 8 to 9 and RPM to Containerized Migration

Run the Installation

Basic Installation

From the extracted bundle directory, run:

ansible-playbook -i inventory ansible.containerized_installer.install

With Ansible Vault for Sensitive Variables

If passwords and secrets are stored in a vault file:

ansible-playbook \
  -i inventory \
  -e @vault.yml \
  --ask-vault-pass \
  ansible.containerized_installer.install

With Privilege Escalation Password Prompt

If your non-root user requires a sudo password:

ansible-playbook \
  -i inventory \
  -K \
  ansible.containerized_installer.install

-K prompts for the BECOME password before the playbook runs.

Full Production Command with All Options

ansible-playbook \
  -i inventory \
  -e @vault.yml \
  --ask-vault-pass \
  -K \
  ansible.containerized_installer.install

Increase Verbosity for Troubleshooting

Add -v through -vvvv for increasing detail. Use only when troubleshooting or when requested by Red Hat support — it significantly increases installation time:

ansible-playbook -i inventory -v ansible.containerized_installer.install
FlagOutput level
-vTask results
-vvTask input and output
-vvvConnection information
-vvvvSSH debug output

Installation Parameters Reference

ParameterPurposeExample
-i Inventory file-i inventory
-e @Extra variables from file-e @vault.yml
--ask-vault-passPrompt for vault password(no argument)
-KPrompt for become (sudo) password(no argument)
-v to -vvvvVerbosity level-vvv
--tags Run only specific installer roles--tags controller
--limit Run only against specific hosts--limit controller.example.com

Verify the Installation

After the playbook completes successfully, access the AAP gateway:

https://<gateway_node>:443

Log in with the gateway_admin_username and gateway_admin_password you set in the inventory.

Verify via the API:

curl -sk https://<gateway_node>/api/gateway/v1/ping/ | python3 -m json.tool

Expected output:

{
  "version": "2.7.0",
  "status": "ok"
}

Check all containers are running:

sudo podman ps --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"

Customize Ports

The gateway uses ports 80 (HTTP) and 443 (HTTPS) by default. Override in your inventory:

[all:vars]
envoy_http_port=8080
envoy_https_port=8443

To disable HTTPS entirely (not recommended for production):

[all:vars]
envoy_disable_https=true

See also: AAP 2.6 Install Guide: Containerized, RPM & OpenShift Methods (2026)

Configure Feature Flags

After installation, enable or disable optional features by adding variables to your inventory and re-running the installer:

[all:vars]
# Enable Lightspeed intelligent assistant
controller_enable_ai_features=true

# Enable Event-Driven Ansible
eda_enabled=true

# Enable Automation Analytics
automationanalytics_enabled=true

Re-apply the configuration:

ansible-playbook -i inventory ansible.containerized_installer.install

Post-Installation Checklist

  • Access the gateway at https:// and log in
  • Verify automation controller version in the API response
  • Create your first organization and user
  • Configure a credential for your target hosts
  • Import collections from automation hub
  • Run a test job template to confirm end-to-end connectivity
  • Set up your LDAP/SAML authentication (if applicable)
  • Configure backup schedules for the database

Disconnected (Air-Gapped) Installation

For environments without internet access, use the bundle installer which includes all required container images:

# The setup bundle includes a bundled registry
# Load images from the bundle
cd ansible-automation-platform-setup-bundle-2.7*/
sudo ./bundle-install.sh

# Then run the installer pointing to the local registry
ansible-playbook \
  -i inventory \
  -e registry_url=<local-registry-host>:5000 \
  ansible.containerized_installer.install

See also: Renew and Change SSL/TLS Certificates in AAP 2.7: Operator-Based OpenShift Installation

FAQ

How long does the installation take?

A single-node installation on a connected RHEL 9 host typically takes 15–30 minutes. Multi-node deployments with image pulls can take 45–60 minutes. Disconnected bundle installs are slower due to local image loading.

Can I run the installer multiple times?

Yes. The installer is idempotent — re-running it applies configuration changes without reinstalling from scratch. This is how you enable feature flags or change settings post-installation.

What RHEL version is required?

Containerized AAP 2.7 requires RHEL 9 (x86_64 or aarch64). RHEL 8 is not supported for containerized installations.

How do I update AAP after installation?

Download the new setup bundle, extract it, and re-run the installer against your existing inventory. The installer handles container image updates and database migrations.

Where are the logs if the installation fails?

The ansible-playbook output shows the failing task and host. Use -vvv for connection-level debugging. Persistent logs are written to the target host at:

journalctl -u ansible-automation-platform-* -n 100

Category: installation

Browse all Ansible tutorials · AnsiblePilot Home