Explore Ansible Automation Platform in a ready-to-use sandbox

Learning path | 4 resources | 45 mins | Published on May 7, 2025

Automate time-consuming tasks like credentials, accounts, and templates and create a centralized process with Ansible Automation Platform and the Developer Sandbox.

Access the Developer Sandbox

  1. Overview: Explore Ansible Automation Platform in a ready-to-use sandbox
  2. Provision a Developer Sandbox instance Page | 15 mins
  3. Create a custom execution environment Page | 15 mins
  4. Configure job templates and use cases Page | 15 mins

Page

Create a custom execution environment

See Original Post
May 8, 2025
Leonardo Gallego
Related topics:
Automation and management
Related products:
Red Hat Ansible Automation Platform
Ansible-sandbox-LP-feature-image

Now that you have provisioned your Developer Sandbox account, it's time to learn all about tokens, credentials, and execution environments.

In this lesson, you will:

  • Create a registry credential.
  • Build an execution environment.
  • Create a service account.
  • Create a dynamic inventory.

Ansible Execution Environments

We will be using a custom Ansible Execution Environment as part of the exercises in this learning path. Ansible Execution Environments are dedicated containerized environments that include everything needed to run Ansible automation, including ansible-core, collections, and Python dependencies. For now, we will provide you with pre-built execution environments for the Ansible Automation Platform sandbox. You will be able to experiment with creating your own later on if you choose to.

Create a registry credential

We will be using a custom Ansible Execution Environment as part of the exercises in this learning path. Ansible Execution Environments are dedicated containerized environments that include everything needed to run Ansible automation, including ansible-core, collections, and Python dependencies. For now, we will provide you with pre-built execution environments for the Ansible Automation Platform sandbox. You will be able to experiment with creating your own later on if you choose to.

First, we will need to create a set of credentials because our execution environment is hosting in Quay.io and requires authentication. We will then create a credential for the registry.

  1. To create a registry credential, follow these steps:

  2. In the Automation Platform Sandbox sidebar, go to Automation Execution > Infrastructure, then select Credentials.
  3. In the new screen, select Create credential.
  4. Fill out the form with the following credentials:
    • Name: credential-quay
    • Credential type: Container Registry
    • Authentication URL: quay.io
    • Username: acme_corp+sandbox_robo
    • Password or token: T7H8AF379G8NQF4GPZJ4UDEYRPR7MVZLNG7IZT0Q1ZOVWASBRVNQMK425CPD4JEV
  5. Select Create Credential.

Create the execution environment

Now we can proceed to create the execution environment in Ansible Automation Platform:

  1. In the Automation Platform Sandbox sidebar, go to Automation Execution > Infrastructure, then select Execution Environments.
  2. In the new screen, select Create execution environment.
  3. Fill out the form with the following:
    • Name: ee-sandbox
    • Image: quay.io/acme_corp/aap_sandbox_ee
    • Registry credential: credential-quay
  4. Select Create execution environment.

Create a Red Hat Service Account

An account can be either a user account or a service account. A user account authenticates human users in your organization. A service account authenticates applications or services without human intervention. Users create service accounts on Red Hat Hybrid Cloud Console for the following reasons:

  •  An application or service needs access to specific resources.
  • The application or service needs to access resources without the need for human intervention.
  • The application or service needs to access resources from multiple locations.

When you create a Red Hat service account, you generate a client ID and a secret. The service account uses the ID and secret to access services on the Red Hat Hybrid Cloud Console. The client ID identifies the service account with the resource, much like a username identifies a user. The secret provides a similar function as a password. The secret appears once when you create the service account. Copy and save the secret and protect it as you would any password.

Once you create client IDs and secrets, you will add them to our inventory variables in the next step:

  1. From the Red Hat Hybrid Cloud Console, go to Settings > Service Accounts and click Create service account.
  2. Enter a Service account name and a short description then click Create.
  3. Copy the generated Client ID and Client secret values to a secure location. You’ll specify these credentials when configuring a connection to a service.
    Note: After you save the Client ID and secret to a secure location.
  4. Select the confirmation check box in the credentials window and close the window.

The service account and its Client ID appear on the Service Accounts page.

In the next step, for Ansible Automation Platform sandbox configuration purposes, we will refer to:

  • Client ID as Organization ID = <your-organization-id>
  • Secret as Activation Key = <your-activation-key>

Create a dynamic inventory for OpenShift Virtualization 

Now we will continue our Ansible Automation Platform sandbox integration to the Developer Sandbox by creating a dynamic inventory, which will automatically populate our Ansible Automation Platform inventory with the VMs available in our cluster.

An inventory in Ansible Automation Platform is a collection of hosts or systems that Ansible can manage. It defines the infrastructure targets for automation and can be grouped and organized to control where and how playbooks run.

A dynamic inventory automatically pulls host information from external sources like cloud providers or CMDBs. In this case, we will be sourcing from OpenShift Virtualization for the VMs. To do this:

  1. In the Ansible Automation Platform sidebar, go to Infrastructure > Inventory option then select Create inventory.

  2. Fill out the form with the following:

    • Name: inventory-sandbox
    • Organization: Default
    • Extra variables:
    vm_name: rhel9-server
ocp_namespace: <your-namespace>
vm_password: 123qwe
activation_key: <your-activation-key>
organization_id: <your-organization-id>
ssh_public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCKfhj3ecy926Y5IsE6NQqel9J67xLj3vh+bRzepSHWyJlw00cpJA1UD3iBjZzTOcmuKXTlr/ytUyoAKHn2tWZQmGPb5cD3bBHmYhd90/+FFFu7uxboDPUyXrKBK53CQ4ohiGcK0L05Qm28a2HZKDoSXN1slA3z3xLxGdm3X9qbokqUiSc4hhi2CF+otcDhWcV4DuS5NUsuUspTOYJYYd+Zw99CzYECefyzNQigxxEOqoatsg/iTtnDCUd3RXn32ET0LyfS464pZgTFSn63Wd+uDogzXrwsBAAAx3yXBYLFtA3DAVpx5iN+B1OO1YvHwbBUS8Vk77vhGiSqYyHaA1g/R6E8XTx/7SJE7olMBtB979yPpnbcgWRRRoJqEusUFYUxj2tPkPhvG2nYTWag+RvqUhZqBnxmz08UOZc1GhuX8HUVswcY1n6C2Z0qmtuu+DKbR5thCoBywEqshhQkUOIZ03ybyWcZLZ0cPq98YUQRhS4X+zs54zMUft9VAYjSIz8=
  3.  Select Create inventory.
  4. In the inventory, click the Sources tab then Create source.
  5. Fill out the form with the following:
    • Name: inventory-virt-sandbox
    • Execution environment: ee-sandbox
    • Source: OpenShift Virtualization
    • Credential: credential-ocp
    • Verbosity: 1 (info)
    • Overwrite: Checked
    • Update on launch: Checked
    • Extra variables: namespaces: - <your-namespace>
  6. Select Create source.
  7. In the new screen with the inventory details, select Launch inventory update in the top right corner.
  8. The Last job status will switch to Running and should display Success when it finishes.

Good job. You've provisioned a Developer Sandbox instance and configured your execution environment. In the next lesson, you'll apply what you've learned to create templates and manage your use cases.

Previous resource
Provision a Developer Sandbox instance
Next resource
Configure job templates and use cases