Automating Satellite Installation and Configuration With the Ansible Foreman Modules

by Keith Resar

Slide 1

Slide 1 text

AUTOMATING Satellite With ANSIBLE @KeithResar

Slide 2

Slide 2 text

No content

Slide 3

Slide 3 text

No content

Slide 4

Slide 4 text

...and also some pots and pans I found while building this @KeithResar

Slide 5

Slide 5 text

No content

Slide 6

Slide 6 text

Satellite ingredients? @KeithResar Satellite 5, go home (pg 583) -or- Satellite 6, go to the bar (pg 82)

Slide 7

Slide 7 text

@KeithResar

Slide 8

Slide 8 text

Foreman Katello Pulp Candlepin System provisioning and life cycle management Subscription and repo management Repo + Content management Subscription management @KeithResar

Slide 9

Slide 9 text

No content

Slide 10

Slide 10 text

Automation? @KeithResar All the Things, go home team! (pg 53) -or- Nothing, go to sad banana (pg 2)

Slide 11

Slide 11 text

2900+ Ansible modules #7 GitHub Octoverse 500,000+ Downloads a month @KeithResar

Slide 12

Slide 12 text

SIMPLE POWERFUL AGENTLESS App deployment Configuration management Workflow orchestration Network automation Orchestrate the app lifecycle Human readable automation No special coding skills needed Tasks executed in order Usable by every team Get productive quickly Agentless architecture Uses OpenSSH & WinRM No agents to exploit or update Get started immediately More efficient & more secure WHY ANSIBLE? @KeithResar

Slide 13

Slide 13 text

CLOUD SECURITY NETWORK DEVOPS AWS Azure Century Link Cloud Scale Google Linode OpenStack Rackspace Docker Digital Ocean Palo Alto Check Point Splunk Snort F5 Arista A10 Cumulus Big Switch Cisco Dell F5 Juniper Palo Alto OpenSwitch HipChat IRC Jabber Email RocketChat Sendgrid Slack Twilio INFRASTRUCTURE RHEL VMware Windows Netapp Stacki @KeithResar

Slide 14

Slide 14 text

Ansible module implementation follows a predictable lifecycle... @KeithResar 1 2 3

Slide 15

Slide 15 text

Ansible module implementation follows a predictable lifecycle... Phase I - Nothing We are all sad, no built-in support. @KeithResar 1 ● Make use of uri and command modules ● Ugly python in playbooks ● Do as I say, not as I do 2 3

Slide 16

Slide 16 text

Ansible module implementation follows a predictable lifecycle... Phase II - Introduce Primitives Primitives introduced support automation, but not using expected Ansible patterns @KeithResar 1 Plenty of examples in the network space ● foo_facts → getter ● foo_config → setter ● foo_command → executer 2 3

Slide 17

Slide 17 text

Ansible module implementation follows a predictable lifecycle... Phase III - Supported Functionality Number of modules explodes, Ansible patterns throughout! @KeithResar 1 The tactical modules you know and love are available. _You implement using the language of_ _Ansible, not vendor functional language._ 2 3

Slide 18

Slide 18 text

No content

Slide 19

Slide 19 text

Ansible Foreman Demo? @KeithResar Never, go to close your eyes (pg 99) -or- Soon, go to a few more slides (pg 8)

Slide 20

Slide 20 text

Satellite conﬁguration questions Questions you need to answer when deploying satellite. How many of them can you answer just based on your subscriptions? @KeithResar ● Organizations, Locations ● Subnets, domains ● Products, Content Views, Life cycle environments ● Content Sync

Slide 21

Slide 21 text

Automation Flow Phase I - Satellite Install @KeithResar 1 ● Pre-ﬂight Tasks ● Storage ● Repos ● Apply RPMs ● Install Satellite 2 3

Slide 22

Slide 22 text

Automation Flow Phase II - Satellite Tuning @KeithResar 1 ● Tune Satellite (That’s it!) 2 3

Slide 23

Slide 23 text

Automation Flow Phase III - Satellite conﬁguration @KeithResar 1 ● Manifests ● Lifecycle envs ● Enable Repos ● Sync plan ● Custom products ● Content Views ● Activation Keys 2 3

Slide 24

Slide 24 text

No content

Slide 25

Slide 25 text

Delivering Automation Hammer? @KeithResar 1 ● (We just saw this) ● Abstracts multiple APIs calls into a well-deﬁned CLI client. Let’s you use object names rather than IDs 2 3 4

Slide 26

Slide 26 text

Delivering Automation Ansible Native (pre 2.8/2.9) @KeithResar 1 ● foreman and katello modules ● Requires nailgun ● Limited support ● Limited Discoverability 2 3 4

Slide 27

Slide 27 text

Delivering Automation Ansible Native + URI (pre 2.8/2.9) @KeithResar 1 ● uri module ● Directly interact with Satellite API ● Review API documentation and WUI implementation (limited discoverability) 2 3 4

Slide 28

Slide 28 text

Delivering Automation Ansible + Foreman Collection @KeithResar 1 ● Install with mazer or ansible-galaxy ● Uses apypie 2 3 4

Slide 29

Slide 29 text

No content

Slide 30

Slide 30 text

No content

Slide 31

Slide 31 text

No content

Slide 32

Slide 32 text

Are we done yet? @KeithResar Please stop talking, go.. Just go (pg 6) -or- Just one more thing, go AAPL RIP (pg 78)

Slide 33

Slide 33 text

Just one more thing Inventory and Inventory Plugins @KeithResar 1 ● Dynamic inventories → No ● Inventory Plugins → Yes! 2 # my.foreman.yml plugin: foreman url: http://localhost:2222 user: ansible-tester password: secure validate_certs: False

Slide 34

Slide 34 text

Just one more thing Foreman Callback @KeithResar 1 ● Sends facts to Foreman ● Captures custom facts too - /etc/ansible/facts.d/*.fact ● Does not work under Tower/AWX 2

Slide 35

Slide 35 text

No content

Slide 36

Slide 36 text

Closing The Future (aka Roadmap) @KeithResar 1 ● Planned supported RPMs with Satellite 6.8 release ● Documentation on how to use the modules ● An SOE guide including example Ansible Playbooks 2

Slide 37

Slide 37 text

Closing Resources @KeithResar 1 ● github.com/jjaswanson4/satellite6-deployment Josh Swanson’s AWESOME role ● github.com/ﬂyemsafe/satellite-day-two-ops Another role getting traction, but my favorite ● github.com/theforeman/foreman-ansible-modules The Foreman modules 2