# Enabling the Ansible Runner Capability on the Site Controller

The Site controller can execute Ansible tasks, typically provided via the Extension mechanism. It is **disabled** by default for security reasons and must be enabled in order for it to execute workflow tasks of type **Ansible**.

On the Site Controller VM execute:
1. Create a transient job directory
```
mkdir -p /opt/metalsoft/ansible-jobs
```
2. Add the ansible runner pod:
Edit the `docker-compose.yaml` file and add the ansible runner pod and uncomment the following entries in the `services` section:

```

  ansible-runner:
    container_name: ansible-runner
    network_mode: host
    hostname: ansible-runner-qa02-os10-b9425
    image: registry.metalsoft.dev/sc/sc-ansible-playbook-runner:openshift
    restart: always
    environment:
      - TZ=Etc/UTC
      - ANSIBLE_RUNNER=enabled
      - ANSIBLE_RUNNER_HOME=/opt/metalsoft/ansible-jobs
      - ANSIBLE_RUNNER_ARCHIVES_FOLDER=/opt/metalsoft/ansible-archives
    volumes:
      - /opt/metalsoft/ansible-jobs:/opt/metalsoft/ansible-jobs
      - /opt/metalsoft/nfs-storage:/iso
```
3. Enable the ansible runner capability in the `ms-agent` section:
```
environment:
      - ANSIBLE_RUNNER=enabled
volumes:
      - /opt/metalsoft/ansible-jobs:/opt/metalsoft/ansible-jobs
```

4. Restart the site controller:
```
docker compose up -d
```

5. Verify that the capability is active:
In the Admin go to **Sites** > **site** > **Site Controllers** and look for the `ANSIBLE_RUNNER=true` entry