Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Automating Satellite Installation and Configuration With the Ansible Foreman Modules

B5a1b84c06bcad998068fc5557e3c8d9?s=47 Keith Resar
November 05, 2019

Automating Satellite Installation and Configuration With the Ansible Foreman Modules

Red Hat Satellite installation and configuration has always been far too much of a manual process. While we could use traditional sys-admin style automation to get Satellite installed, management and configuration of Satellite objects like Activation Keys, Content Views, etc. was always too elusive.

This deck reviews the history of Satellite automation, culminating in the power available from a new suite of Foreman modules for Ansible that finally allow idempotent interaction with every Satellite object.

B5a1b84c06bcad998068fc5557e3c8d9?s=128

Keith Resar

November 05, 2019
Tweet

Transcript

  1. AUTOMATING Satellite With ANSIBLE @KeithResar

  2. None
  3. None
  4. ...and also some pots and pans I found while building

    this @KeithResar
  5. None
  6. Satellite ingredients? @KeithResar Satellite 5, go home (pg 583) -or-

    Satellite 6, go to the bar (pg 82)
  7. @KeithResar

  8. Foreman Katello Pulp Candlepin System provisioning and life cycle management

    Subscription and repo management Repo + Content management Subscription management @KeithResar
  9. None
  10. Automation? @KeithResar All the Things, go home team! (pg 53)

    -or- Nothing, go to sad banana (pg 2)
  11. 2900+ Ansible modules #7 GitHub Octoverse 500,000+ Downloads a month

    @KeithResar
  12. SIMPLE POWERFUL AGENTLESS App deployment Configuration management Workflow orchestration Network

    automation Orchestrate the app lifecycle Human readable automation No special coding skills needed Tasks executed in order Usable by every team Get productive quickly Agentless architecture Uses OpenSSH & WinRM No agents to exploit or update Get started immediately More efficient & more secure WHY ANSIBLE? @KeithResar
  13. CLOUD SECURITY NETWORK DEVOPS AWS Azure Century Link Cloud Scale

    Google Linode OpenStack Rackspace Docker Digital Ocean Palo Alto Check Point Splunk Snort F5 Arista A10 Cumulus Big Switch Cisco Dell F5 Juniper Palo Alto OpenSwitch HipChat IRC Jabber Email RocketChat Sendgrid Slack Twilio INFRASTRUCTURE RHEL VMware Windows Netapp Stacki @KeithResar
  14. Ansible module implementation follows a predictable lifecycle... @KeithResar 1 2

    3
  15. Ansible module implementation follows a predictable lifecycle... Phase I -

    Nothing We are all sad, no built-in support. @KeithResar 1 • Make use of uri and command modules • Ugly python in playbooks • Do as I say, not as I do 2 3
  16. Ansible module implementation follows a predictable lifecycle... Phase II -

    Introduce Primitives Primitives introduced support automation, but not using expected Ansible patterns @KeithResar 1 Plenty of examples in the network space • foo_facts → getter • foo_config → setter • foo_command → executer 2 3
  17. Ansible module implementation follows a predictable lifecycle... Phase III -

    Supported Functionality Number of modules explodes, Ansible patterns throughout! @KeithResar 1 The tactical modules you know and love are available. _You implement using the language of_ _Ansible, not vendor functional language._ 2 3
  18. None
  19. Ansible Foreman Demo? @KeithResar Never, go to close your eyes

    (pg 99) -or- Soon, go to a few more slides (pg 8)
  20. Satellite configuration questions Questions you need to answer when deploying

    satellite. How many of them can you answer just based on your subscriptions? @KeithResar • Organizations, Locations • Subnets, domains • Products, Content Views, Life cycle environments • Content Sync
  21. Automation Flow Phase I - Satellite Install @KeithResar 1 •

    Pre-flight Tasks • Storage • Repos • Apply RPMs • Install Satellite 2 3
  22. Automation Flow Phase II - Satellite Tuning @KeithResar 1 •

    Tune Satellite (That’s it!) 2 3
  23. Automation Flow Phase III - Satellite configuration @KeithResar 1 •

    Manifests • Lifecycle envs • Enable Repos • Sync plan • Custom products • Content Views • Activation Keys 2 3
  24. None
  25. Delivering Automation Hammer? @KeithResar 1 • (We just saw this)

    • Abstracts multiple APIs calls into a well-defined CLI client. Let’s you use object names rather than IDs 2 3 4
  26. Delivering Automation Ansible Native (pre 2.8/2.9) @KeithResar 1 • foreman

    and katello modules • Requires nailgun • Limited support • Limited Discoverability 2 3 4
  27. Delivering Automation Ansible Native + URI (pre 2.8/2.9) @KeithResar 1

    • uri module • Directly interact with Satellite API • Review API documentation and WUI implementation (limited discoverability) 2 3 4
  28. Delivering Automation Ansible + Foreman Collection @KeithResar 1 • Install

    with mazer or ansible-galaxy • Uses apypie 2 3 4
  29. None
  30. None
  31. None
  32. Are we done yet? @KeithResar Please stop talking, go.. Just

    go (pg 6) -or- Just one more thing, go AAPL RIP (pg 78)
  33. Just one more thing Inventory and Inventory Plugins @KeithResar 1

    • Dynamic inventories → No • Inventory Plugins → Yes! 2 # my.foreman.yml plugin: foreman url: http://localhost:2222 user: ansible-tester password: secure validate_certs: False
  34. Just one more thing Foreman Callback @KeithResar 1 • Sends

    facts to Foreman • Captures custom facts too - /etc/ansible/facts.d/*.fact • Does not work under Tower/AWX 2
  35. None
  36. Closing The Future (aka Roadmap) @KeithResar 1 • Planned supported

    RPMs with Satellite 6.8 release • Documentation on how to use the modules • An SOE guide including example Ansible Playbooks 2
  37. Closing Resources @KeithResar 1 • github.com/jjaswanson4/satellite6-deployment Josh Swanson’s AWESOME role

    • github.com/flyemsafe/satellite-day-two-ops Another role getting traction, but my favorite • github.com/theforeman/foreman-ansible-modules The Foreman modules 2