Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 7 additions & 7 deletions docs/aap-components-reference.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@

## Purpose

This reference documents the deployment-specific configuration, database setup, verification procedures, and troubleshooting for AAP 2.6 on OpenShift using external EDB PostgreSQL. For general AAP component capabilities and features, see the [Red Hat AAP 2.6 Documentation](https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6).
This reference documents the deployment-specific configuration, database setup, verification procedures, and troubleshooting for Ansible Automation Platform (AAP) 2.6 on OpenShift using external EDB PostgreSQL. For general AAP component capabilities and features, see the [Red Hat AAP 2.6 Documentation](https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6).

**What this guide covers:**

Expand Down Expand Up @@ -52,7 +52,7 @@ The default `ansibleautomationplatform.yaml` in this repository deploys **all fo

### Architecture Diagram

```
```text
┌─────────────────────────────────────────────────────────────┐
│ Platform Gateway │
│ (Authentication & Unified UI) │
Expand All @@ -78,7 +78,7 @@ The default `ansibleautomationplatform.yaml` in this repository deploys **all fo

### One Instance, Four Databases

This deployment uses a **single PostgreSQL instance** (EDB Postgres for Kubernetes Cluster) with four separate databases:
This deployment uses a **single PostgreSQL instance** (EDB PostgreSQL for Kubernetes Cluster) with four separate databases:

| Component | Database Name | Owner | Extensions | Secret Name |
|-----------|--------------|-------|------------|-------------|
Expand Down Expand Up @@ -264,7 +264,7 @@ oc get pods -n ansible-automation-platform

**Expected pods:**

```
```text
aap-operator-controller-manager-<id> 2/2 Running
aap-platform-gateway-<id> 1/1 Running
aap-controller-web-<id> 1/1 Running
Expand Down Expand Up @@ -324,7 +324,7 @@ oc get pvc -n ansible-automation-platform

**Expected:**

```
```text
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS
aap-hub-file-storage Bound pvc-abc123 10Gi RWX ocs-storagecluster-cephfs
```
Expand Down Expand Up @@ -364,7 +364,7 @@ aap-hub-file-storage Bound pvc-abc123 10Gi RWX

**Symptom:**

```
```text
aap-hub-api-<id> 0/1 Pending 0 5m
```

Expand Down Expand Up @@ -393,7 +393,7 @@ oc patch ansibleautomationplatform aap -n ansible-automation-platform --type=mer

**Symptom:**

```
```bash
oc logs deployment/aap-hub-api | tail
# Shows: ERROR: type "hstore" does not exist
```
Expand Down
8 changes: 4 additions & 4 deletions docs/aap-containerized-growth-dr-architecture.md
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ This architecture implements Red Hat Ansible Automation Platform 2.6 using the *
│ │ │ │ │ │
│ ┌─────────▼──────────────────┐│ │ ┌─────────▼──────────────────┐ │
│ │ PostgreSQL Cluster (3) ││ │ │ PostgreSQL Cluster (3) │ │
│ │ (EDB Postgres Advanced 16) ││ │ │ (EDB Postgres Advanced 16) │ │
│ │ (EDB PostgreSQL Advanced 16) ││ │ │ (EDB PostgreSQL Advanced 16) │ │
│ │ ││ │ │ │ │
│ │ pg-dc1-1 (PRIMARY) ││ │ │ pg-dc2-1 (STANDBY/DP) │ │
│ │ - awx ││ │ │ - awx (replica) │ │
Expand Down Expand Up @@ -172,7 +172,7 @@ User → GLB → HAProxy(DC2) → AAP Growth Nodes(DC2) → VIP(DC2) → Postgre

**VM Naming Convention:**

```
```text
DC1:
aap-node1-dc1.example.com (primary - gateway, controller, hub, eda, redis)
aap-node2-dc1.example.com (secondary - controller, hub, redis)
Expand Down Expand Up @@ -240,7 +240,7 @@ CREATE EXTENSION IF NOT EXISTS hstore;

**Network Segmentation**

```
```text
DC1 Network:
- AAP Subnet: 10.1.1.0/24
- aap-node1-dc1: 10.1.1.11
Expand Down Expand Up @@ -661,7 +661,7 @@ curl -k https://aap.example.com/api/v2/ping/
### Phase 2: Database Cluster Setup (Week 2-3)

**Tasks:**
- Install EDB Postgres Advanced Server
- Install EDB PostgreSQL Advanced Server
- Configure primary database (DC1)
- Initialize AAP databases
- Set up local standbys (DC1-2, DC1-3)
Expand Down
10 changes: 5 additions & 5 deletions docs/aap-containerized-quickstart.md
Original file line number Diff line number Diff line change
Expand Up @@ -46,9 +46,9 @@ Do you need production-grade component isolation?

### Infrastructure Requirements

- [ ] **2 Datacenters** with network connectivity (VPN or Direct Connect)
- [ ] **2 datacenters** with network connectivity (VPN or Direct Connect)
- [ ] **RHEL 9.4+** subscription and installation media
- [ ] **EDB Postgres Advanced** subscription and credentials
- [ ] **EDB PostgreSQL Advanced** subscription and credentials
- [ ] **Red Hat AAP 2.6** subscription and credentials
- [ ] **Networking:**
- Site-to-site connectivity (100 Mbps minimum, 1 Gbps recommended)
Expand Down Expand Up @@ -81,7 +81,7 @@ Do you need production-grade component isolation?

**DC1 Virtual Machines:**

```
```text
AAP Layer (3 VMs):
- aap-node1-dc1: 8 vCPU, 32GB RAM, 100GB disk (10.1.1.11)
- aap-node2-dc1: 8 vCPU, 32GB RAM, 100GB disk (10.1.1.12)
Expand Down Expand Up @@ -304,7 +304,7 @@ curl -k https://aap.example.com/api/v2/ping/

**DC1 Virtual Machines:**

```
```text
AAP Component Layer (8 VMs):
Gateway:
- gateway1-dc1: 4 vCPU, 16GB RAM, 60GB disk (10.1.1.11)
Expand Down Expand Up @@ -598,7 +598,7 @@ done

### Important Files

```
```text
/opt/aap/inventory # AAP installer inventory
/var/lib/edb/as16/data/postgresql.conf # PostgreSQL config
/etc/edb/efm-4.7/efm.properties # EFM config
Expand Down
18 changes: 9 additions & 9 deletions docs/aap-openshift-dr-architecture.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,11 +19,11 @@ This architecture describes **Ansible Automation Platform (AAP) 2.6** deployed w

- **Deployment method:** AAP 2.6 **operator** on OpenShift (`Subscription` + `AnsibleAutomationPlatform` CR), not the containerized RHEL installer.
- **Topology:** **Site 1 (active)** runs production AAP against the **read–write** PostgreSQL primary; **Site 2 (standby)** keeps **matching CRs and secrets** with AAP **workloads scaled down or unrouted** until DR.
- **Database:** **EDB Postgres for Kubernetes** `Cluster` (example namespace `edb-postgres`, name `postgresql`) on each site; **cross-cluster passive replica** from Site 1 → Site 2 per [`db-deploy/cross-cluster/README.md`](../db-deploy/cross-cluster/README.md).
- **High availability:** In-cluster Postgres HA via the EDB operator; **cross-site** recovery relies on **controlled promotion** of the replica and **re-pointing** AAP database secrets (or global DNS) to the new primary.
- **Database:** **EDB PostgreSQL for Kubernetes** `Cluster` (example namespace `edb-postgres`, name `postgresql`) on each site; **cross-cluster passive replica** from Site 1 → Site 2 per [`db-deploy/cross-cluster/README.md`](../db-deploy/cross-cluster/README.md).
- **High availability:** In-cluster PostgreSQL HA via the EDB operator; **cross-site** recovery relies on **controlled promotion** of the replica and **re-pointing** AAP database secrets (or global DNS) to the new primary.
- **Automation:** **Event-Driven Ansible (`AutomationEDA`)** can monitor health; add automated failover only after **manual** runbooks are proven.

> **⚠️ Important:** Multi-cluster Active–Passive AAP with an external/unmanaged Postgres topology is **customer responsibility** to validate. Red Hat documents single-cluster operator install and external DB requirements; **stretching** that across two OpenShift clusters with replication and cutover is **not** a single tested SKU. Follow PostgreSQL, EDB, and OpenShift best practices and test RTO/RPO in your environment.
> **⚠️ Important:** Multi-cluster Active–Passive AAP with an external/unmanaged PostgreSQL topology is **customer responsibility** to validate. Red Hat documents single-cluster operator install and external DB requirements; **stretching** that across two OpenShift clusters with replication and cutover is **not** a single tested SKU. Follow PostgreSQL, EDB, and OpenShift best practices and test RTO/RPO in your environment.

---

Expand Down Expand Up @@ -373,9 +373,9 @@ Failback is **the same pattern in reverse** after **Site 1** is rebuilt or re-sy

## 8. Configuration Examples

### 8.1 Postgres connection (unmanaged secret keys)
### 8.1 PostgreSQL connection (unmanaged secret keys)

Unmanaged Postgres secrets for the operator carry host, port, database, user, password, and TLS mode. Generate with [`generate-postgres-secrets.sh`](../aap-deploy/openshift/scripts/generate-postgres-secrets.sh). Example **logical** content (not a committed secret):
Unmanaged PostgreSQL secrets for the operator carry host, port, database, user, password, and TLS mode. Generate with [`generate-postgres-secrets.sh`](../aap-deploy/openshift/scripts/generate-postgres-secrets.sh). Example **logical** content (not a committed secret):

```yaml
# Keys vary by component secret — see script output
Expand All @@ -396,7 +396,7 @@ Use the committed sample as a starting point:
- [`aap-deploy/openshift/ansibleautomationplatform.yaml`](../aap-deploy/openshift/ansibleautomationplatform.yaml)
- Advanced options: [`aap-deploy/openshift/ansibleautomationplatform-advanced.yaml`](../aap-deploy/openshift/ansibleautomationplatform-advanced.yaml)

### 8.3 Private CA for Postgres TLS
### 8.3 Private CA for PostgreSQL TLS

If required, set **`spec.bundle_cacert_secret`** on `AnsibleAutomationPlatform` per product documentation (see [`aap-deploy/openshift/README.md`](../aap-deploy/openshift/README.md) §Private CA).

Expand All @@ -413,7 +413,7 @@ If required, set **`spec.bundle_cacert_secret`** on `AnsibleAutomationPlatform`
### 9.2 TLS

- **Routes:** TLS termination vs passthrough for AAP vs Postgres replication are **separate** decisions.
- **Postgres:** Align `sslmode` with cert SAN/CN (see cross-cluster README).
- **PostgreSQL:** Align `sslmode` with cert SAN/CN (see cross-cluster README).

### 9.3 Secrets management

Expand All @@ -439,7 +439,7 @@ oc --context site1 get routes -n ansible-automation-platform
### 10.2 Emergency failover (outline)

1. `scripts/scale-aap-down.sh` (Site 1) — see script for flags.
2. Promote Postgres on Site 2 (EDB).
2. Promote PostgreSQL on Site 2 (EDB).
3. Update connection secrets / DNS for Site 2 AAP.
4. `scripts/scale-aap-up.sh` (Site 2).
5. Validate end-to-end automation (smoke job).
Expand Down Expand Up @@ -487,7 +487,7 @@ oc --context site1 get routes -n ansible-automation-platform
**External references**

- [Red Hat AAP 2.6 — Installing on OpenShift](https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html-single/installing_on_openshift_container_platform/index)
- [EDB Postgres for Kubernetes — Replica clusters](https://www.enterprisedb.com/docs/postgres_for_kubernetes/latest/replica_cluster/)
- [EDB PostgreSQL for Kubernetes — Replica clusters](https://www.enterprisedb.com/docs/postgres_for_kubernetes/latest/replica_cluster/)

---

Expand Down
18 changes: 9 additions & 9 deletions docs/architecture.md
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# AAP with EDB Postgres Multi-Datacenter Architecture
# AAP with EDB PostgreSQL Multi-Datacenter Architecture

**Complete architecture documentation for Ansible Automation Platform with EnterpriseDB PostgreSQL**

Expand Down Expand Up @@ -28,8 +28,8 @@

## Architecture Overview

This architecture implements EnterpriseDB Postgres deployed Active/Passive across two clusters in
different datacenters with in-datacenter replication for the Ansible Automation Platform (AAP).
This architecture implements EnterpriseDB PostgreSQL deployed Active/Passive across two clusters in
different datacenters with in-datacenter replication for Ansible Automation Platform (AAP).
This achieves a **NEAR** HA type architecture, especially for failover to the databases syncing
in region/datacenter.

Expand Down Expand Up @@ -80,9 +80,9 @@ The global load balancer provides a single entry point for AAP access:

For OpenShift, AAP is deployed on **separate OpenShift clusters** for high availability and
geographic distribution. For RHEL you can do a single install across datacenters however you
**MUST TURN OFF THE SERVICES ON THE SECONDARY SITE**.
**MUST TURN OFF THE SERVICES ON DC2**.

#### Datacenter 1 - AAP Instance (Active)
#### DC1 - AAP Instance (Active)

- **Namespace**: `ansible-automation-platform`
- **AAP Gateway**: 3 replicas for HA
Expand All @@ -92,7 +92,7 @@ geographic distribution. For RHEL you can do a single install across datacenters
- **Route**: `aap-dc1.apps.ocp1.example.com`
- **State**: Active, serving production traffic

#### Datacenter 2 - AAP Instance (Passive)
#### DC2 - AAP Instance (Passive)

- **Namespace**: `ansible-automation-platform`
- **AAP Gateway**: Scaled to 0 (or 3 replicas if pre-warmed)
Expand Down Expand Up @@ -150,7 +150,7 @@ EDB-managed application database clusters use physical replication:
- Supports all PostgreSQL features

**Replication topology:**
```
```text
DC1 Primary Cluster:
postgresql-1 (primary) → postgresql-2 (hot standby)
→ postgresql-3 (hot standby)
Expand Down Expand Up @@ -298,7 +298,7 @@ spec:
- Ensures DC2 can serve reads and has HA ready for promotion

**Data flow diagram:**
```
```text
User/API → GLB → AAP DC1 → PostgreSQL DC1 Primary
┌──────┴──────┬──────────┬─────────┐
Expand Down Expand Up @@ -342,7 +342,7 @@ User/API → GLB → AAP DC1 → PostgreSQL DC1 Primary
- Typical service update time: 5-10 seconds

**Query routing strategy:**
```
```text
Write queries → Always to -rw service → Primary instance
Read queries (low latency) → -r service → Any instance (including primary)
Read queries (HA) → -ro service → Hot standby replicas only
Expand Down
Loading
Loading