Automating Satellite Installation and Configuration With the Ansible Foreman Modules

Transcript

1. AUTOMATING Satellite With ANSIBLE @KeithResar

2. None
3. None

4. ...and also some pots and pans I found while building

   this @KeithResar
5. None

6. Satellite ingredients? @KeithResar Satellite 5, go home (pg 583) -or-

   Satellite 6, go to the bar (pg 82)

7. @KeithResar

8. Foreman Katello Pulp Candlepin System provisioning and life cycle management

   Subscription and repo management Repo + Content management Subscription management @KeithResar
9. None

10. Automation? @KeithResar All the Things, go home team! (pg 53)

    -or- Nothing, go to sad banana (pg 2)

11. 2900+ Ansible modules #7 GitHub Octoverse 500,000+ Downloads a month

    @KeithResar

12. SIMPLE POWERFUL AGENTLESS App deployment Configuration management Workflow orchestration Network

    automation Orchestrate the app lifecycle Human readable automation No special coding skills needed Tasks executed in order Usable by every team Get productive quickly Agentless architecture Uses OpenSSH & WinRM No agents to exploit or update Get started immediately More efficient & more secure WHY ANSIBLE? @KeithResar

13. CLOUD SECURITY NETWORK DEVOPS AWS Azure Century Link Cloud Scale

    Google Linode OpenStack Rackspace Docker Digital Ocean Palo Alto Check Point Splunk Snort F5 Arista A10 Cumulus Big Switch Cisco Dell F5 Juniper Palo Alto OpenSwitch HipChat IRC Jabber Email RocketChat Sendgrid Slack Twilio INFRASTRUCTURE RHEL VMware Windows Netapp Stacki @KeithResar

14. Ansible module implementation follows a predictable lifecycle... @KeithResar 1 2

    3

15. Ansible module implementation follows a predictable lifecycle... Phase I -

    Nothing We are all sad, no built-in support. @KeithResar 1 • Make use of uri and command modules • Ugly python in playbooks • Do as I say, not as I do 2 3

16. Ansible module implementation follows a predictable lifecycle... Phase II -

    Introduce Primitives Primitives introduced support automation, but not using expected Ansible patterns @KeithResar 1 Plenty of examples in the network space • foo_facts → getter • foo_config → setter • foo_command → executer 2 3

17. Ansible module implementation follows a predictable lifecycle... Phase III -

    Supported Functionality Number of modules explodes, Ansible patterns throughout! @KeithResar 1 The tactical modules you know and love are available. _You implement using the language of_ _Ansible, not vendor functional language._ 2 3
18. None

19. Ansible Foreman Demo? @KeithResar Never, go to close your eyes

    (pg 99) -or- Soon, go to a few more slides (pg 8)

20. Satellite configuration questions Questions you need to answer when deploying

    satellite. How many of them can you answer just based on your subscriptions? @KeithResar • Organizations, Locations • Subnets, domains • Products, Content Views, Life cycle environments • Content Sync

21. Automation Flow Phase I - Satellite Install @KeithResar 1 •

    Pre-flight Tasks • Storage • Repos • Apply RPMs • Install Satellite 2 3

22. Automation Flow Phase II - Satellite Tuning @KeithResar 1 •

    Tune Satellite (That’s it!) 2 3

23. Automation Flow Phase III - Satellite configuration @KeithResar 1 •

    Manifests • Lifecycle envs • Enable Repos • Sync plan • Custom products • Content Views • Activation Keys 2 3
24. None

25. Delivering Automation Hammer? @KeithResar 1 • (We just saw this)

    • Abstracts multiple APIs calls into a well-defined CLI client. Let’s you use object names rather than IDs 2 3 4

26. Delivering Automation Ansible Native (pre 2.8/2.9) @KeithResar 1 • foreman

    and katello modules • Requires nailgun • Limited support • Limited Discoverability 2 3 4

27. Delivering Automation Ansible Native + URI (pre 2.8/2.9) @KeithResar 1

    • uri module • Directly interact with Satellite API • Review API documentation and WUI implementation (limited discoverability) 2 3 4

28. Delivering Automation Ansible + Foreman Collection @KeithResar 1 • Install

    with mazer or ansible-galaxy • Uses apypie 2 3 4
29. None
30. None
31. None

32. Are we done yet? @KeithResar Please stop talking, go.. Just

    go (pg 6) -or- Just one more thing, go AAPL RIP (pg 78)

33. Just one more thing Inventory and Inventory Plugins @KeithResar 1

    • Dynamic inventories → No • Inventory Plugins → Yes! 2 # my.foreman.yml plugin: foreman url: http://localhost:2222 user: ansible-tester password: secure validate_certs: False

34. Just one more thing Foreman Callback @KeithResar 1 • Sends

    facts to Foreman • Captures custom facts too - /etc/ansible/facts.d/*.fact • Does not work under Tower/AWX 2
35. None

36. Closing The Future (aka Roadmap) @KeithResar 1 • Planned supported

    RPMs with Satellite 6.8 release • Documentation on how to use the modules • An SOE guide including example Ansible Playbooks 2

37. Closing Resources @KeithResar 1 • github.com/jjaswanson4/satellite6-deployment Josh Swanson’s AWESOME role

    • github.com/flyemsafe/satellite-day-two-ops Another role getting traction, but my favorite • github.com/theforeman/foreman-ansible-modules The Foreman modules 2