Deploy Ansible automation portal RHEL appliance
The Ansible automation portal RHEL virtual machine appliances provide pre-configured virtual machines that you can deploy across multiple virtualization platforms.
The appliances are available in the following formats:
- QCOW2 - For Red Hat OpenShift Virtualization and KVM-based environments
- VMDK - For VMware
vSphereinfrastructure
Supported platforms
You can deploy Ansible automation portal appliances on the following platforms:
- Red Hat OpenShift Virtualization
- Deploy the appliance as a virtual machine within your Red Hat OpenShift Container Platform environment using the QCOW2 image format.
-
VMware
vSphere - Deploy the appliance on VMware infrastructure using ESXi hosts and VMFS datastores with the VMDK image format.
- QEMU for local testing
- Deploy the appliance on your local machine for testing and demonstrations using the QCOW2 image format. This deployment model is not supported for production environments.
Ansible automation portal appliances support AMD64/x86_64 platforms only.
Initial configuration
The appliance requires configuration at first boot to connect to Ansible Automation Platform and start portal services. You must provide configuration through one of the following methods, listed in priority order:
- Baked-in configuration
- For advanced installations using the Ansible collection to build a customized appliance image with pre-baked settings.
-
VMware
guestinfoproperties -
For VMware deployments, provide SSH keys and portal configuration through
guestinfoproperties set invSphere. - cloud-init user-data
- For cloud and Red Hat OpenShift Virtualization deployments, provide SSH keys and portal configuration through cloud-init user-data. The appliance configures itself automatically on first boot.
- Pre-seeded configuration file
- Place a YAML configuration file at /etc/portal/config.yaml before first boot for automated deployment.
If no configuration source is found at first boot, portal services do not start. You can provide configuration after deployment by editing /etc/portal/configs/app-config/app-config.production.yaml and restarting the portal service.
The initial configuration includes:
- SSH key authentication for administrative access
- Ansible Automation Platform URL, OAuth application credentials, and admin token
- Database settings (built-in or external PostgreSQL)
- Base URL and network configuration
The admin user account is locked by default and console login is disabled. Administrative access is available only through SSH using the key you provided during configuration.
Disconnected environments
You can deploy Ansible automation portal appliances in disconnected or air-gapped environments. The pre-built appliance images include all required container images and plug-ins, so no external network access is required during initial deployment.
For appliance upgrades in disconnected environments, a mirror registry or OCI archive provides the updated container images. Use the ansible-portal registry-login command to authenticate to a private registry mirror.
Understanding the appliance
Before configuring or managing the appliance, review how its key components work together.
Configuration files
The Ansible automation portal RHEL appliance uses two YAML configuration files at /etc/portal/configs/app-config/:
-
app-config.yaml - Infrastructure configuration including the base URL, database connection, TLS, and system defaults. This file is set during initial deployment and is not typically modified.
-
app-config.production.yaml - Application configuration including Ansible Automation Platform connection, OAuth settings, SCM integrations, and catalog synchronization. Edit this file for day-to-day configuration changes. To apply changes, edit the file and restart the Ansible automation portal service. Changes take effect after the restart, which takes approximately 60 seconds.
Service management
The Ansible automation portal RHEL appliance runs three systemd services that manage Podman containers:
-
portal.service - Ansible automation portal application. Listens on port 443 (HTTPS).
-
postgres.service - PostgreSQL database. Listens on port 5432 (internal container network only). This service is skipped when an external database is configured.
-
devtools.service - Ansible development tools. Provides Ansible Navigator and content creator services for building execution environments and developing Ansible content from the Ansible automation portal interface.
Restarting the portal service also restarts postgres and devtools due to service dependencies.
Use standard systemctl and journalctl commands to manage and inspect these services:
$ sudo systemctl restart portal
$ sudo journalctl -u portal -fSSL certificates
The appliance generates self-signed SSL certificates at first boot and stores them at /etc/portal/ssl/. Replace these with certificates from a trusted certificate authority for production use.