Red Hat Satellite 6 Administration
Configure and enable remote execution and install additional Ansible Roles on a Satellite Capsule Server.
Satellite supports Ansible Playbooks and Roles. You can create custom Ansible Roles or use available external roles in the Ansible Galaxy website. You can also use Red Hat Enterprise Linux system roles to automate common RHEL management tasks.
You require a valid Ansible subscription to manage hosts and to use Ansible Roles with Satellite.
Important
To use Ansible with Satellite, you must configure the remote execution feature and distribute the correct SSH key to each managed host.
Ansible Roles help with reuse of generic Ansible code. You can package tasks, variables, files, templates, and other resources into a role to provision infrastructure or to deploy applications. The resulting Ansible Role is a standardized directory structure that you can reuse by copying the directory to other systems. You can then execute that role from an Ansible Playbook.
Reusable, modular roles use passed-in playbook variables. Variables can modify the behavior of a role by setting site-specific hostnames, IP addresses, usernames, secrets, and other locality-specific details. For example, an Ansible Role could use variables for the host name, a database administrative user and password, and other environment-specific parameters to deploy a database. The role author can set appropriate default variable values to work with playbooks that might not set the variables.
The following list shows some benefits of using Ansible Roles to manage hosts:
Supports sharing of code by grouping content.
Supports the use of workflow conditions and runtime variable definition.
Enables developers to work on small modules of large projects.
Supports simultaneous development by different coders.
An Ansible Role is defined by a standardized structure of subdirectories and files.
The top-level directory defines the name of the role itself.
Files are organized into subdirectories that are called according to each file's purpose in the role, such as tasks or handlers.
The files and templates subdirectories contain files that tasks in other YAML files reference.
The following tree command displays the directory structure of the user.example role.
[user@host roles]$ tree user.example
user.example/
├── defaults
│ └── main.yml
├── files
├── handlers
│ └── main.yml
├── meta
│ └── main.yml
├── README.md
├── tasks
│ └── main.yml
├── templates
├── tests
│ ├── inventory
│ └── test.yml
└── vars
└── main.ymlTable 7.1. Ansible Role Subdirectories
| Subdirectory | Function |
|---|---|
defaults
| The main.yml file in this directory contains the default values of role variables.
These variables have low precedence and are intended to be overwritten in playbooks. |
files
| This directory contains static files that are referenced by role tasks. Files in this directory are not supposed to change or to be populated with variables. |
handlers
| The main.yml file in this directory contains the role's handler definitions.
Handlers are tasks that are triggered on special conditions. |
meta
| The main.yml file in this directory contains information about the role, including author, license, platforms, and optional role dependencies. |
tasks
| The main.yml file in this directory contains the role's task definitions. |
templates
| This directory contains Jinja2 templates that are referenced by role tasks. Files in this directory can have variables and Jinja2 template blocks. |
tests
| This directory can contain an inventory and a test.yml playbook to test the role. |
vars
| The main.yml file in this directory defines the role's variable values.
Often these variables are used for internal role purposes.
These variables have high precedence, and are intended to remain unchanged when used in a playbook. |
Ansible searches these directories for relevant content. All these directories are optional.
Role variables are defined in the vars/main.yml file by using key-value pairs.
The variables are referenced in the role YAML file and they have the {{ format.
These variables have a high precedence, and inventory variables cannot override them.
You must use these variables to control the internal role functions.VAR_NAME }}
You create default variables to set initial values that configure a role or customize its behavior.
These variables are defined in the defaults/main.yml file with key: value pairs in the role directory hierarchy.
Default variables have the lowest precedence and are meant to be overridden by other variables, including inventory variables.
These variables are intended for a playbook author to customize or control how a role or playbook behaves.
Variables can provide information to the role to configure or deploy objects correctly.
Use either vars/main.yml or defaults/main.yml, but not both, to define a specific variable.
Important
Roles should not contain site-specific data. They should not contain secrets such as passwords or private keys. Roles are intended to be generic, reusable, and freely shareable. Site-specific details should not be hard-coded into roles.
Secrets should be provided to the role through other means, such as passed-in role variables. Role variables that are set in the playbook might provide the secret, or point to an Ansible Vault-encrypted file that contains the secret.
Starting with Red Hat Enterprise Linux 7.4, various Ansible Roles are provided with the operating system as part of the rhel-system-roles package.
In Red Hat Enterprise Linux 8, the package is available in the AppStream channel.
The following table shows some common system roles in the rhel-system-roles package:
Table 7.2. RHEL System Roles
| Name | Description |
|---|---|
rhel-system-roles.kdump
| Configures the kdump crash recovery service. |
rhel-system-roles.network
| Configures network interfaces. |
rhel-system-roles.selinux
| Configures and manages SELinux customization, including SELinux mode, file and port contexts, Boolean settings, and SELinux users. |
rhel-system-roles.timesync
| Configures time synchronization by using Network Time Protocol or Precision Time Protocol. |
rhel-system-roles.postfix
| Configures each host as a Mail Transfer Agent by using the Postfix service. |
rhel-system-roles.firewall
| Configures a host's firewall. |
rhel-system-roles.tuned
| Configures the tuned service to tune system performance. |
System roles aim to standardize the configuration of Red Hat Enterprise Linux subsystems across multiple versions. System roles are available for Red Hat Enterprise Linux 6.10 and later.
The recommended time synchronization service for Red Hat Enterprise Linux 7 and later is the chronyd service.
In Red Hat Enterprise Linux 6, however, the recommended service is the ntpd service.
In an environment with a mixture of Red Hat Enterprise Linux 6 and 7 hosts, you must manage the configuration files for both services.
With RHEL system roles, you no longer need to maintain configuration files for both services.
You can use the rhel-system-roles.timesync role to configure time synchronization for both Red Hat Enterprise Linux 6 and 7 hosts.
A simplified YAML file with role variables defines the configuration of time synchronization for both types of hosts.
RHEL system roles are based on the open-source Linux System Roles project, on Ansible Galaxy. Unlike Linux system roles, Red Hat supports RHEL system roles as part of a standard Red Hat Enterprise Linux subscription. RHEL system roles have the same lifecycle support benefits as a Red Hat Enterprise Linux subscription.
Some RHEL system roles are in Technology Preview status.
This status means that the role is tested and stable, but the role interface might be updated in the future, to become incompatible with the current version.
Red Hat recommends that you run integration tests for playbooks that incorporate any Technology Preview role.
The Fully Supported system roles also have stable interfaces.
For any Fully Supported system role, Red Hat endeavors to ensure that role variables remain unchanged in later versions.
Playbook refactoring due to system role changes should be minimal.
Other roles are in development in the upstream Linux System Roles project, and are not yet available through a RHEL subscription. These roles are available through Ansible Galaxy.
Ansible is enabled by default on Satellite and Capsule. You can import Ansible Roles and Red Hat Enterprise Linux system roles into Satellite to automate the routine tasks.
Important
You must store all of your customized or third-party Ansible Roles in the /etc/ansible/roles directory of the Satellite Server or Capsule Server, depending on where you want to use the roles.
Otherwise, the Ansible Role is not visible.
To import a custom Ansible Role, navigate to → and click the Capsule or Satellite Server that contains the roles to import. From the list of available Ansible Roles, select those roles that you want to import, and click .
You can install and import Red Hat Enterprise Linux system roles into Satellite.
To install the rhel-system-roles packages, ensure that the Server Extras repository is enabled in the system.
[root@satellite ~]#subscription-manager repos \--enable=rhel-7-server-extras-rpmsRepository 'rhel-7-server-extras-rpms' is enabled for this system. [root@satellite ~]#satellite-maintain packages install rhel-system-roles...output omitted... Success! ...output omitted...
This command installs the system roles in the /usr/share/ansible/roles directory.
You can review and customize the roles before you import them into Satellite or Capsule, depending on where you want to use them.
When you are ready to import the system roles, follow the same steps as the custom roles to import them.
The system roles have a name with the linux-system-roles. format.role_name
Note
For more information about Red Hat Enterprise Linux system, see this article at https://access.redhat.com/articles/3050101
To refine the configuration of systems with specific requirements, use Ansible Roles variables. To use variables in your Satellite Ansible Roles, first import or create the variables. Variables of imported roles are automatically imported.
You can create an Ansible variable in Satellite with these steps:
Navigate to → and click .
In the field, enter the name of the variable and add a description in the field.
From the list, select the Ansible Role to associate with the variable.
Optionally, select to allow Satellite to manage the variable. When overriding, select the value parameter for validation from the .
If required, enter a default value for the variable in the field.
Click to create the variable.
You can use an imported Ansible Role to manage RHEL 6.9 or later systems. You can assign an Ansible Roles to a single host or to a host group.
To assign an imported Ansible Role to a host:
Navigate to → .
From the list of available hosts, click the name of the host to assign the Ansible Role to. On the details page for the host, click .
Click the tab to display available Ansible Roles.
To assign a new role to a host, click next to the Ansible Role to assign. This action moves the role from the list to the list for that host. Similarly, to remove a role from a host, click the minus sign (-) next to the Ansible Role to remove.
Click .
With a role is imported into Satellite and assigned to a host, it is available to run on that host.
To run an Ansible Role on a host:
Navigate to → .
Select the checkbox for the host with the Ansible Role to run.
Click and choose . On the next page, you can monitor the progress of the remote execution of the Ansible Role on that host.
References
For more information, see the Getting Started with Ansible in Satellite chapter in the Configuring Red Hat Satellite to Use Ansible guide at https://access.redhat.com/documentation/en-us/red_hat_satellite/6.11/html-single/configuring_red_hat_satellite_to_use_ansible/index#configuring-your-deployment-to-run-Ansible-roles_ansible
For more information, see the Using Ansible Roles to Automate Repetitive Tasks on Satellite Hosts chapter in the Configuring Red Hat Satellite to Use Ansible guide at https://access.redhat.com/documentation/en-us/red_hat_satellite/6.11/html-single/configuring_red_hat_satellite_to_use_ansible/index#using-ansible-roles_ansible
