Red Hat SummitChapter 5. Integrating Red Hat Satellite and Ansible Automation Platform
You can integrate Red Hat Satellite and Ansible Automation Platform to use Satellite Server as a dynamic inventory source for Ansible Automation Platform.
You can also use the provisioning callback function to run playbooks on hosts managed by Satellite, from either the host or Ansible Automation Platform. When provisioning new hosts from Satellite Server, you can use the provisioning callback function to trigger playbook runs from Ansible Automation Platform. The playbook configures the host after the provisioning process.
5.1. Adding Satellite Server to Ansible Automation Platform as a dynamic inventory item
To add Satellite Server to Ansible Automation Platform as a dynamic inventory item, you must create a credential for a Satellite Server user on Ansible Automation Platform, add an Ansible Automation Platform user to the credential, and then configure an inventory source.
Prerequisites
- If your Satellite deployment is large, for example, managing tens of thousands of hosts, using a non-admin user can negatively impact performance because of time penalties that accrue during authorization checks. For large deployments, consider using an admin user.
-
For non-admin users, you must assign the
Ansible Tower Inventory Readerrole to your Satellite Server user. For more information about managing users, roles, and permission filters, see Creating and Managing Roles in Administering Red Hat Satellite. - You must host your Satellite Server and Ansible Automation Platform on the same network or subnet.
Procedure
In the Ansible Automation Platform web UI, create a credential for your Satellite. For more information about creating credentials, see Creating new credentials and Red Hat Satellite 6 credential type in Red Hat Ansible Automation Platform documentation.
Expand Table 5.1. Satellite credentials Credential Type: Red Hat Satellite 6 Satellite URL:
https://satellite.example.com
Username:
The username of the Satellite user with the integration role.
Password:
The password of the Satellite user.
- Add an Ansible Automation Platform user to the new credential. For more information about adding a user to a credential, see Adding new users and job templates to existing credentials in Red Hat Ansible Automation Platform documentation.
Add a new inventory. For more information, see Add a new inventory in Red Hat Ansible Automation Platform documentation.
In the new inventory, add Satellite Server as the inventory source, specifying the following inventory source options.
Expand Table 5.2. Inventory source options Source Red Hat Satellite 6 Credential
The credential you create for Satellite Server.
Overwrite
Select
Overwrite Variables
Select
Update on Launch
Select
Cache Timeout
90
- Ensure that you synchronize the source that you add.
5.2. Configuring provisioning callback for a host
When you create hosts in Satellite, you can use Ansible Automation Platform to run playbooks to configure your newly created hosts. This is called provisioning callback in Ansible Automation Platform.
The provisioning callback function triggers a playbook run from Ansible Automation Platform as part of the provisioning process. The playbook configures the host after the provisioning process.
For more information about provisioning callbacks, see Provisioning Callbacks in Red Hat Ansible Automation Platform documentation.
In Satellite Server, the Kickstart Default and Kickstart Default Finish templates include three snippets:
-
ansible_provisioning_callback -
ansible_tower_callback_script -
ansible_tower_callback_service
You can add parameters to hosts or host groups to provide the credentials that these snippets can use to run Ansible Playbooks on your newly created hosts.
Prerequisites
Before you can configure provisioning callbacks, you must add Satellite as a dynamic inventory in Ansible Automation Platform. For more information, see Chapter 5, Integrating Red Hat Satellite and Ansible Automation Platform.
In the Ansible Automation Platform web UI, you must complete the following tasks:
- Create a machine credential for your new host. Ensure that you enter the same password in the credential that you plan to assign to the host that you create in Satellite. For more information, see Managing user credentials in Red Hat Ansible Automation Platform documentation.
- Create a project. For more information, see Projects in Red Hat Ansible Automation Platform documentation.
- Add a job template to your project. In your job template, you must enable provisioning callbacks, generate the host configuration key, and note the template_ID of your job template. For more information, see Job templates in Red Hat Ansible Automation Platform documentation.
Procedure
- In the Satellite web UI, navigate to Configure > Host Group.
- Create a host group or edit an existing host group.
- In the Host Group window, click the Parameters tab.
- Click Add Parameter.
Enter the following information for each new parameter:
Expand Table 5.3. Host parameters Name Value Description ansible_tower_provisioningtrue
Enables Provisioning Callback.
ansible_tower_fqdnaap.example.com
The fully qualified domain name (FQDN) of your Ansible Automation Platform. Do not add
httpsbecause this is appended by Satellite.ansible_job_template_idtemplate_ID
The ID of your provisioning template that you can find in the URL of the template:
/templates/job_template/5.ansible_host_config_keyconfig_KEY
The host configuration key that your job template generates in Ansible Automation Platform.
- Click Submit.
- Create a host using the host group.
On the new host, enter the following command to start the
ansible-callbackservice:# systemctl start ansible-callbackOn the new host, enter the following command to output the status of the
ansible-callbackservice:# systemctl status ansible-callbackProvisioning callback is configured correctly if the command returns the following output:
satellite.example.com systemd[1]: Started Provisioning callback to Ansible Automation Platform...
Manual provisioning callback
You can use the provisioning callback URL and the host configuration key from a host to call Ansible Automation Platform:
$ curl \ --data curl \ --data host_config_key=My_Host_Config_Key \ --insecure \ --show-error \ --silent \ https://aap.example.com/api/v2/job_templates/8/callback/Ensure that you use
httpswhen you enter the provisioning callback URL.
This triggers the playbook run specified in the template against the host.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}