Red Hat Satellite 6 Administration
Manage Red Hat Satellite infrastructure and automate operations by using playbooks from the Satellite Ansible Collection.
Red Hat provides the Red Hat Satellite Ansible Collection, which contains modules, roles, and other plug-in components to assist with the automation and management of Satellite Server infrastructure. A previous chapter that discussed remote execution described using Ansible Playbooks for automating tasks on Satellite's managed content hosts. This section introduces a collection of Ansible Playbooks for managing the Satellite Server infrastructure, such as for creating organizations, locations, lifecycle environments, content views, users, and roles.
The Satellite Ansible Collection is available with a subscription to either Red Hat Ansible Automation Platform (AAP) or Red Hat Satellite. With a subscription, customers who use the supported collection modules and roles can open support tickets for assistance with playbook and module issues.
Ansible Content Collections represent the new standard of distributing, maintaining, and consuming automation. Collections combine multiple types of Ansible content (playbooks, roles, modules, and plug-ins) as an Ansible packaging format for distributing related content.
Originally, all Ansible content was grouped into product- or vendor-specific modules and submitted for inclusion in the next Ansible release.
The katello and foreman modules were the original Ansible modules for maintaining Satellite Server infrastructure.
These two base modules are now deprecated.
Although the playbooks in those modules might continue to work, the replacement Satellite Ansible Collection is significantly expanded, updated, and improved.
Beginning with Ansible Engine 2.9, modules are distributed as Ansible Content Collections, and include pertinent roles, plug-ins, and documentation.
Module developers can independently update their content collection without waiting for the next Red Hat Ansible Automation Platform release.
Not all Ansible modules became content collections, because many common task modules and tools continue to be distributed with the ansible-core package.
Ansible Galaxy is the location for upstream Ansible modules and collection content.
Red Hat does not support upstream collections, modules, roles, and playbooks.
However, Theforeman.Foreman is the upstream community Satellite collection that feeds the supported Red Hat Satellite Ansible Collection.
Developers submit fixes and improvements to Theforeman.Foreman collection, and tested and approved submissions are included and released in the supported collection.
Organizations with a Red Hat Ansible Automation Platform (AAP) subscription can obtain the Satellite Ansible Collection through the Red Hat Hybrid Cloud Console at https://console.redhat.com/ansible/automation-hub/repo/published/redhat/satellite.
AAP subscribers use Ansible Automation Hub to install all supported Ansible content and collections.
The Red Hat Hybrid Cloud Console provides syntax information to install the redhat.satellite collection.
To install collections from Ansible Automation Hub, add the Automation Hub authentication information to your host's ansible.cfg configuration file.
...output omitted... [galaxy] server_list = automation_hub, galaxy[galaxy_server.automation_hub] url=https://console.redhat.com/api/automation-hub/
auth_url=https://sso.redhat.com/auth/realms/redhat-external/protocol/openid- connect/token
token=eyJh...Jf0o
[galaxy_server.galaxy] url=https://galaxy.ansible.com/
| The repositories to use, in order.
Define a |
| The Automation Hub distribution platform URL. |
| The authentication URL. |
| Your Red Hat account's authentication token. |
| The upstream Ansible Galaxy URL. |
Install the collection from the Ansible Automation Hub with the ansible-galaxy command, which is the same command to install upstream content from Ansible Galaxy.
The ansible-galaxy collection install command installs the collection structure into the first defined path in the COLLECTIONS_PATHS variable, which by default is ~/.ansible/collections.
Use the -p option to specify a different installation path.
The install command automatically appends the ansible_collections path to the specified one with the -p option unless the parent directory is already in a directory called ansible_collections.
[root@host ~]# ansible-galaxy collection install redhat.satelliteOrganizations with a Red Hat Satellite subscription obtain the Red Hat Satellite Ansible Collection as an RPM package that is provided with Satellite Server. Your host must be running Ansible 2.9 or later to install and use the Red Hat Satellite Ansible Collection.
[root@satellite ~]# satellite-maintain packages update ansible
...output omitted...Installing the ansible-collection-redhat-satellite RPM package does not require an AAP subscription.
By default, the package installs the collection structure into the /usr/share/ansible/collections/ directory on the Satellite Server.
[root@satellite ~]# satellite-maintain packages install ansible-collection-redhat-satellite
...output omitted...Alternatively, you can install the Satellite Ansible Collection by using a tarball file from the GitHub source at https://github.com/RedHatSatellite/satellite-ansible-collection, or from the Red Hat Hybrid Cloud Console at https://console.redhat.com/ansible/automation-hub/repo/published/redhat/satellite.
After downloading the tarball, use the ansible-galaxy command to install the collection on your selected host.
As stated previously, the ansible-galaxy collection install command installs the collection structure into the first defined path in the COLLECTIONS_PATHS variable, which by default is ~/.ansible/collections.
[user@host ~]$ ansible-galaxy collection install redhat-satellite-3.6.0.tar.gz
Starting galaxy collection install process
Process install dependency map
Starting collection install process
Installing 'redhat.satellite:3.6.0' to '/home/student/.ansible/collections/ansible_collections/redhat/satellite'
redhat.satellite:3.6.0 was installed successfullyThe Red Hat Satellite Ansible Collection contains modules to manage each significant resource type, and roles for performing primary management tasks.
For organizations with AAP subscriptions, locate the Satellite Ansible Collection documentation in the Automation Hub on the Red Hat Hybrid Cloud Console.
Similar documentation for the upstream Theforeman.Foreman collection is at https://docs.ansible.com/ansible/latest/collections/theforeman/foreman/index.html
Using the location where you installed the collection, list the available modules and roles.
[user@host ~]$ls \ ~/.ansible/collections/ansible_collections/redhat/satellite/plugins/modulesactivation_key.py hardware_model.py redhat_manifest.py architecture.py host_collection.py repository_info.py ...output omitted... domain.py puppetclasses_import.py usergroup.py external_usergroup.py puppet_environment.py user.py global_parameter.py realm.py [user@host ~]$ls \ ~/.ansible/collections/ansible_collections/redhat/satellite/rolesactivation keys content_views operatingsystems auth_source_ldap content_view_version_cleanup organizations compare_profiles convert2rhel provisioning_templates compute_resources domains repositories ...output omitted...
In addition to verifying that you installed the latest Ansible package (version 2.9 or later) and Satellite Ansible Collection, you require credentials for a Satellite user with administrator privileges to run the collection playbooks and roles. The Red Hat Satellite Ansible Collection modules use Satellite's REST API. Create a variables file in YAML format for the Satellite URL and credentials, to use with all Satellite playbooks. The variables file contains the common parameters that all Satellite modules require:
Satellite Server URL
Satellite username with administrator privileges
Satellite user password
Boolean for certificate validation, which can be disabled for private, self-signed installations
Important
Red Hat recommends to store YAML format variable files in Ansible Vault to secure the plain text parameters and credentials. This course does not use Ansible Vault.
[user@host ~]$ cat sat_vars.yml
---
sat_url: https://satellite.lab.example.com
sat_un: admin
sat_pw: redhat
cert_validate: noContent collection modules and playbooks work the same as when the modules were distributed with the Ansible product. Because both the upstream Ansible community and Red Hat maintain many collections, a naming convention was implemented with the introduction of collections.
Collection modules and tasks use Fully Qualified Collection Names (FQCN). Red Hat recommends to use FQCNs in your Ansible Playbooks to ensure that the expected task is referenced. Use FQCNs to name collections and module tasks, to avoid possible namespace collisions across the many available collections.
For example, the Satellite Ansible Collection uses redhat.satellite as its fully qualified name.
Commonly, the first token in the FQCN is the vendor or upstream project name.
A task within a collection is named by appending the module name to the collection name.
Use the ansible-doc command to research module parameters and to view example playbook syntax when creating playbooks.
Use the fully qualified module name, as in this example for the product module in the redhat.satellite collection:
[user@host ~]$ ansible-doc redhat.satellite.product
...output omitted...The following Ansible Playbook example creates a custom product and repository in the Marketing organization.
Each playbook task uses the correct FQCN for the selected module within the Satellite Ansible Collection.
[user@host ~]$ cat create_custom_product.yml
---
- name: Creating Custom Product example
hosts: localhost
vars_files: sat_vars.yml
vars:
org_name: Marketing
org_label: Marketing
custom_repo: Custom Repository
custom_product: Custom Software
tasks:
- name: "Create {{ custom_product }} product"
redhat.satellite.product:
server_url: "{{ sat_url }}"
username: "{{ sat_un }}"
password: "{{ sat_pw }}"
validate_certs: "{{ cert_validate }}"
name: "{{ custom_product }}"
organization: "{{ org_name }}"
state: present
- name: "Create repository"
redhat.satellite.repository:
server_url: "{{ sat_url }}"
username: "{{ sat_un }}"
password: "{{ sat_pw }}"
validate_certs: "{{ cert_validate }}"
name: "{{ custom_repo }}"
state: present
content_type: "yum"
product: "{{ custom_product }}"
organization: "{{ org_name }}"Run the Ansible Playbook to create the custom product and repository. Ansible uses the specified variable file in the playbook to authenticate to the Satellite Server, and then perform the requested tasks.
[user@host ~]$ ansible-playbook create_custom_product.yml
...output omitted...References
For more information, see the Red Hat Satellite Official Collection Documentation at https://console.redhat.com/ansible/automation-hub/repo/published/redhat/
For more information, see the Red Hat Satellite Ansible Collection GitHub repository at https://github.com/RedHatSatellite/satellite-ansible-collection
For more information, see the Foreman Collection Documentation at https://docs.ansible.com/ansible/latest/collections/theforeman/foreman/index.html
