AAP 2 Migration Considerations Checklist
Updated
The following document helps provide context into the relative degree of difficulty for upgrading/migrating from Red Hat Ansible Automation Platform 1.x to 2. This will provide insight into meaningful eligibility questions and considerations for customers to determine what work would be required if applicable. If you are unsure what a term or acronym means please refer to the Content from docs.ansible.com is not included.Ansible Glossary.
Customers or Red Hat sales (on behalf of customers) may ask the following questions:
- “When should we upgrade to Ansible Automation Platform 2?”
- “What specific dependencies need to be resolved prior to upgrading?”
- “What is the relative degree of difficulty in upgrading based on my current installation?”
| Current Condition | Mitigating Response | Recommendation |
|---|---|---|
| Isolated nodes are in use and in inventory | Automation Platform installer will try to convert the isolated nodes in the old inventory file to automation mesh execution nodes in the Ansible Automation Platform 2 inventory file or instead utilize Red Hat OpenShift to orchestrate Ansible Automation Platform 2 capacity via container groups in an isolated environment. NOTE: Container groups were out of tech preview and fully supported in Ansible Automation Platform 2 | Upgrade is viable, as the installer will make suggestions if it finds isolated nodes in the Ansible Automation Platform 1.x installer inventory file and will change them as automation mesh execution nodes in the new installer inventory. Human intervention is required to take advantage of automation mesh features and to use automation mesh execution nodes as a direct replacement to isolated nodes. |
| Running any version of AAP on RHEL 7 | Must migrate Ansible Automation Platform environment to RHEL 8.3+ as part of upgrade. RHEL 8.3 or later is a requirement for use with Ansible Automation Platform 2 (both automation controller and hub). | DO NOT upgrade if you cannot migrate to RHEL 8 (or OpenShift) for your Ansible Automation Platform environment, this is a blocking condition. |
| Running AAP 1.1 or older (Tower 3.7 or earlier) | Must update to Ansible Automation Platform 1.2 first in order to then update to Ansible Automation Platform 2. | DO NOT upgrade directly if you cannot upgrade to 1.2 as part of your upgrade process. This is a blocking condition. |
| Use of python virtual environments | Must migrate all virtual environments to execution environments, and understand containers as packaging | Upgrade is viable depending on the number of and complexity of the virtual environments. Migration from virtual environments to execution environments is currently a manual process. Helpful blog: Content from red.ht is not included.Content from red.ht is not included.https://red.ht/3ptAZjh |
| Developing against upstream Ansible/Ansible Base/Ansible Core for execution | Must develop against provided supported execution environment containers and subsequent layering using ansible-builder | Upgrade is viable assuming knowledge on building and layering execution environments for developers. |
| Developing playbooks against Ansible 2.8 or older | Must test with at least Ansible 2.9 and/or Ansible Core 2.11, which are the default subsystems in supported and provided execution environments | Upgrade is viable assuming playbooks and content are compatible with Ansible 2.9 or newer. |
| Not using Collections in playbooks | Redirection rules should allow for current playbooks to function/work if using Ansible 2.9 and newer. | Upgrade is viable assuming playbooks are using Ansible 2.9 and newer. Highly recommended to start migrating playbooks to utilize Collections, FQCN, etc. |
| Optional: Ansible Automation Platform deployed on OpenShift 4.x | Platform deployments have moved from a playbook-based install to an OpenShift Operator. Customers have the choice of connecting to their previously deployed database, or moving to the database managed by the operator. | Upgrade is viable assuming the customer has access to deploy Ansible Automation Platform via operator. |
| Optional: Ansible Automation Platform deployed on OpenShift Container Platform 3.11 (non-operator installs) | Requires currently supported OpenShift (4.5 and newer) | Upgrade is viable assuming availability of OpenShift 4.5 and newer in customer environment |
| Non-standard or third-party database add-ons or clustering for existing Ansible Automation Platform installs with Postgres 10 | Must have all third-party add-ons or customizations working with Postgres 12 | Upgrade is viable assuming there are no third-party dependencies on Ansible Automation Platform 2 install with Postgres 12. |
| Services Catalog Cloud Connector | Services Catalog will ship with GA of Cloud Connector (MQTT). Cloud Connector replaces Receptor (Tech Preview). All Service Catalog products will need to be recreated. | Upgrade is viable assuming the customer does not currently use Service Catalog or is willing to recreate products. |
| Custom inventory scripts | Custom inventory scripts need to be exported prior to migration. Use awx-manage export_custom_scripts to save them | Upgrade is viable assuming customer does not use custom inventory scripts or exported format using awx-manage export_custom_scripts will suffice |
NOTES
- Performance: Initial playbook job runs can experience performance overhead if the execution environment image is not already present on the host. This is due to the image needing to be pulled from the relevant registry. Once the image is present on the host, the performance will improve. This is expected as the EEs are spun up on demand in Ansible Automation Platform 2, the benefit is in management of the ansible instance and its portability for both scale and development efforts but we will be looking at improvements as more usage patterns are reported. Please go through Content from www.ansible.com is not included.this blog which talks about performance improvements with Ansible Automation Platform 2.
- Automation execution environments can be large
- One of the motivations behind collections was that Ansible increasingly was becoming larger and larger as a project. Many customers have reported that they do not want to install a full Ansible build all the time. EEs and collections, plus ansible-builder allow more accurate lifecycle management of Ansible environments based on use cases and customer upgrade cycles.
- An accompanying challenge with using containers when including a base OS image plus all possibly required python dependencies is that execution environments can get increasingly large if care is not taken. This is a common problem that OpenShift and RHEL are also experiencing and while it can be alarming to some users it is expected and we will continue working on ways to minimize container sizes going forward. A general migration consideration for customers would be to build an EE with ee-minimal as base and to use separate EEs per organization and build them based on each organization's Ansible content needs.
- Example:
- ee-minimal: 292MB
- ee-supported: 907MB (Includes ee-controller and inventory plugins)
- An ee that included all ansible 2.9 community content and all dependencies could be very large.
- Using Private automation hub
- While not 100% mandatory, without Private automation Hub customers will struggle to reap the benefits of Ansible Automation Platform 2.
- Whether for storing/distributing synced collections from cloud.redhat.com, in house developed collections, community collections, or for storing/distributing Execution Environments, Hub is an important part of the story for Ansible users within an organization.
- Using ansible-navigator
- Another benefit of Automation execution environments is the playbook development use case. Now that production virtual envs run in a container, you can use that same container to craft a playbook. Automation content navigator is the tool for this that replaces the need to install ansible on a laptop or server for playbook development.
- While ansible can still be installed from an RPM and built up using tools (as ansible-builder would do), Automation content navigator plus execution environments allow for that in a much simpler deployment model.
- Automation content navigator does change existing developer workflows and customers with a large number of users will need to consider how they enable their internal customers to use this new method, plus how to distribute the navigator tool before they upgrade, or understand how to recreate a ansible 2.11 build via their existing processes.
- Migrating playbooks to run in execution environments
- Referencing localhost in playbooks
- References to ‘localhost’ in Ansible Automation Platform 2.0 using an execution environment refers to the pod itself where previously, it would refer to the host. As an example, executing a playbook on the Automation controller itself will need to be done via an SSH connection to complete successfully.
- Examples of references to ‘localhost’ that need to be considered include:
- delegate_to: localhost
- ansible_connection: local
- Why does this matter? Containers are ephemeral and any file or manipulation that happens locally will only exist for the duration of the play. Use-cases like backing up files, fetching files, saving ssh keys on tower(AAP 1.2) node, installing SDKs on tower(AAP 1.2) node etc. will not work like they did before execution environments.
- Job Isolation
- Job isolation will no longer be supported due to execution occurring within isolated pods.
- Referencing localhost in playbooks
- API Considerations
- The top-level /api/v2/job_events endpoints have been removed
- The job_events API endpoint will only be present for individual jobs
Sources:
Migration Scenarios doc
SBR
Product(s)
Category
Components
Article Type