Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Using the Satellite Ansible Collection

Red Hat Satellite 6.18

Automate the management of your Satellite with Satellite Ansible Collection

Red Hat Satellite Documentation Team

Abstract

Satellite Ansible Collection is a set of Ansible modules that interact with the Satellite API. You can use the modules to automate many aspects of Satellite administration.

Providing feedback on Red Hat documentation
Copy link

We appreciate your feedback on our documentation. Let us know how we can improve it.

Use the Create Issue form in Red Hat Jira to provide your feedback. The Jira issue is created in the Red Hat Satellite Jira project, where you can track its progress.

Prerequisites

Procedure

  1. Click the following link: Create Issue. If Jira displays a login error, log in and proceed after you are redirected to the form.
  2. Complete the Summary and Description fields. In the Description field, include the documentation URL, chapter or section number, and a detailed description of the issue. Do not modify any other fields in the form.
  3. Click Create.

Satellite Ansible Collection provides a set of Ansible modules for managing Satellite. Using the modules, you can automate many aspects of Satellite management.

1.1. Installing the Satellite Ansible modules
Copy link

Modules from the Satellite Ansible Collection are provided by the ansible-collection-redhat-satellite package. On your Satellite Server, the package is installed by default. If you want to execute your playbooks on a different system, you must first install the package that provides them.

Note

You can execute your playbooks on any system that can reach the Satellite API. This can also be your Satellite Server itself.

Procedure

  • Install the ansible-collection-redhat-satellite package: 

    # dnf install ansible-collection-redhat-satellite
    Copy to Clipboard Toggle word wrap

Verification

  • Display the list of Ansible modules that are now available on your system: 

    # ansible-doc --list redhat.satellite
    Copy to Clipboard Toggle word wrap

Next steps

  • You can now use the installed Ansible modules to execute playbooks.
Note

To view the built-in documentation, Satellite Ansible Collection must be installed on your system. For more information, see Section 1.1, “Installing the Satellite Ansible modules”.

You can view the full built-in documentation for available modules with the following command: 

# ansible-doc --list redhat.satellite
Copy to Clipboard Toggle word wrap

You can view the built-in documentation for a particular module with the following command: 

# ansible-doc redhat.satellite.Module_Name
Copy to Clipboard Toggle word wrap

For example: 

# ansible-doc redhat.satellite.location
Copy to Clipboard Toggle word wrap

Ansible modules from the Satellite Ansible Collection must be able to communicate with the Satellite API over HTTPS. In your playbooks, include parameters specifying how to authenticate to enable the connection to API.

Important

Do not store sensitive credentials, such as username and password, directly in your playbooks or environment variables. The following examples use Ansible vault to manage sensitive data.

Prerequisites

  • A user account in Satellite exists with permissions to perform the action defined in your playbook.

  • You have access to one of the following types of authentication credentials for that user:

    • Username and password
    • Username and Personal Access Token
    • Kerberos ticket, if your Satellite Server is configured to use Identity Management as an external authentication source

  • A system that you will execute your playbook against. The following examples use localhost.

    This system must be able to reach the Satellite API. You can choose from these options:

    • A system that can reach the Satellite API directly. You can use your Satellite Server, your Capsule Servers, or any other system in your environment.
    • A system without a direct connection to the Satellite API that uses an HTTP proxy to connect to Satellite.

Procedure

  1. Store your sensitive variables in an encrypted file:

    1. Create an Ansible vault. For example, to create a vault named My_Vault.yml: 

      $ ansible-vault create My_Vault.yml
      Copy to Clipboard Toggle word wrap

    2. After the ansible-vault create command opens an editor, provide the required parameters in the key: value format.

      If you want to authenticate with Satellite username and password: 

      My_Username: My_Admin_User_Account
My_Password: My_Admin_Password
My_Server_URL: https://satellite.example.com
      Copy to Clipboard Toggle word wrap

      If you want to authenticate with Satellite username and Personal Access Token (PAT): 

      My_Username: My_Admin_User_Account
My_Password: My_PAT
My_Server_URL: https://satellite.example.com
      Copy to Clipboard Toggle word wrap

      If you want to authenticate with a Kerberos ticket: 

      My_Server_URL: https://satellite.example.com
      Copy to Clipboard Toggle word wrap

    3. If you use an HTTP proxy to reach the Satellite API, store it in the vault too: 

      My_HTTP_Proxy: "http://proxy.example.com:8080"
      Copy to Clipboard Toggle word wrap
    4. Save your changes and close the editor. Ansible encrypts the data in the vault.

  2. Create a playbook file that references the vault file:

    Note

    The following YAML snippets include the module_defaults keyword to pass vault variables as parameters to all modules from the redhat.satellite.satellite group that are used in the playbook. Module defaults groups simplify parameter management by enabling you to define common parameters to groups of modules rather than having to pass the parameters to each module individually.

    1. Provide details on how to authenticate to the Satellite API.

      If you are authenticating with Satellite username and password or PAT, map the username, password, and server_url parameters to the contents of My_Vault.yml: 

      - name: My Playbook
  hosts: localhost
  vars_files:
    - My_Vault.yml
  module_defaults:
    group/redhat.satellite.satellite:
      username: "{{ My_Username }}"
      password: "{{ My_Password }}"
      server_url: "{{ My_Server_URL }}"
  tasks:
      Copy to Clipboard Toggle word wrap

      If you are authenticating with a Kerberos ticket, map the server_url parameter to the contents of My_Vault.yml and add use_gssapi: true to enable Kerberos authentication: 

      - name: My Playbook
  hosts: localhost
  vars_files:
    - My_Vault.yml
  module_defaults:
    group/redhat.satellite.satellite:
      server_url: "{{ My_Server_URL }}"
      use_gssapi: true
  tasks:
      Copy to Clipboard Toggle word wrap

    2. If you need to use an HTTP proxy to reach the Satellite API, set the https_proxy environment variable: 

      - name: My Playbook
  hosts: localhost
  vars_files:
    - My_Vault.yml
  environment:
    https_proxy: "{{ My_HTTP_Proxy }}"
  module_defaults:
    group/redhat.satellite.satellite:
      username: "{{ My_Username }}"
      password: "{{ My_Password }}"
      server_url: "{{ My_Server_URL }}"
  tasks:
      Copy to Clipboard Toggle word wrap
    3. In the tasks: section, define the tasks that you want your playbook to perform.

  3. Validate the playbook syntax: 

    $ ansible-playbook --syntax-check --ask-vault-pass My_Playbook.yml
    Copy to Clipboard Toggle word wrap

    Note that this command only validates the syntax. It does not protect against a valid but incorrect configuration.

  4. Run the playbook: 

    $ ansible-playbook --ask-vault-pass My_Playbook.yml
    Copy to Clipboard Toggle word wrap

Example 2.1. Example Ansible playbook: Ensure that domain new.example.com exists in Satellite

The redhat.satellite.domain module can create, update, and delete domains. This example playbook uses redhat.satellite.domain to ensure that a domain named new.example.com exists and is managed by Satellite. For additional examples, see Chapter 3, Example playbooks based on modules from Satellite Ansible Collection. 

- name: Domain management
  hosts: localhost
  vars_files:
    - My_Vault.yml
  module_defaults:
    group/redhat.satellite.satellite:
      username: "{{ My_Username }}"
      password: "{{ My_Password }}"
      server_url: "{{ My_Server_URL }}"
  tasks:
    - name: Ensure domain new.example.com exists
      redhat.satellite.domain:
        name: new.example.com
Copy to Clipboard Toggle word wrap

The settings specified in the example playbook include the following:

vars_files
The name of the vault file that stores the variables My_Username, My_Password, and My_Server_URL.
module_defaults
The module defaults group that maps the variables from the vault file to the username, password, and server_url module parameters.
name
The name of the domain that you want to ensure exists in Satellite.

For more information, see the Ansible module documentation with ansible-doc redhat.satellite.domain.

Additional resources

All playbooks based on modules from Satellite Ansible Collection must include parameters detailing how to connect to the Satellite API. The following examples use Ansible vault and module defaults group to provide these parameters, and they authenticate using a username and password. For more information, see Chapter 2, Creating a playbook with modules from Satellite Ansible Collection.

Additional resources

  • Use the ansible-doc --list redhat.satellite command to display the Satellite Ansible modules installed on your system.
  • See Red Hat Ansible Automation Platform for a complete list of Satellite Ansible modules and other related information.

This example playbook uses the following modules:

  • redhat.satellite.repository_set
  • redhat.satellite.content_view

The playbook ensures RHEL 9 repositories are enabled and a content view that contains these repositories exists.

Before you run this playbook, ensure that you have uploaded a manifest and can access the Red Hat CDN. 

- name: Ensure RHEL 9 repositories are enabled and a content view exists
  hosts: localhost
  vars_files:
    - My_Vault.yml
  module_defaults:
    group/redhat.satellite.satellite:
      username: "{{ My_Username }}"
      password: "{{ My_Password }}"
      server_url: "{{ My_Server_URL }}"
  tasks:
    - name: Ensure RHEL 9 BaseOS repositories are enabled
      redhat.satellite.repository_set:
        name: "Red Hat Enterprise Linux 9 for x86_64 - BaseOS (RPMs)"
        organization: "Default Organization"
        product: "Red Hat Enterprise Linux for x86_64"
        repositories:
        - releasever: "9"
        state: enabled
    - name: Ensure RHEL 9 AppStream repositories are enabled
      redhat.satellite.repository_set:
        name: "Red Hat Enterprise Linux 9 for x86_64 - AppStream (RPMs)"
        organization: "Default Organization"
        product: "Red Hat Enterprise Linux for x86_64"
        repositories:
        - releasever: "9"
        state: enabled
    - name: Ensure a content view for RHEL 9 repositories exists
      redhat.satellite.content_view:
        name: "RHEL 9 content view"
        organization: "Default Organization"
        repositories:
          - name: "Red Hat Enterprise Linux 9 for x86_64 - BaseOS RPMs 9"
            product: "Red Hat Enterprise Linux for x86_64"
          - name: "Red Hat Enterprise Linux 9 for x86_64 - AppStream RPMs 9"
            product: "Red Hat Enterprise Linux for x86_64"
Copy to Clipboard Toggle word wrap

For more information, see the Ansible module documentation with the following commands:

  • ansible-doc redhat.satellite.repository_sync
  • ansible-doc redhat.satellite.content_view

This example playbook uses the following modules:

  • redhat.satellite.repository_sync
  • redhat.satellite.content_view_version

The playbook synchronizes repositories and publishes the content view that includes them.

Before you run this playbook, ensure that you have enabled the required repositories and created a content view. For an example playbook that ensures this, see Section 3.1, “Playbook example: Enable repositories and create a content view”. 

- name: Ensure Red Hat Enterprise Linux 9 repositories are synced and content view is published
  hosts: localhost
  vars_files:
    - My_Vault.yml
  module_defaults:
    group/redhat.satellite.satellite:
      username: "{{ My_Username }}"
      password: "{{ My_Password }}"
      server_url: "{{ My_Server_URL }}"
  tasks:
    - name: Sync Red Hat Enterprise Linux repositories
      redhat.satellite.repository_sync:
        product: "Red Hat Enterprise Linux for x86_64"
        organization: "Default Organization"
    - name: Publish Red Hat Enterprise Linux 9 content view
      redhat.satellite.content_view_version:
        content_view: "Red Hat Enterprise Linux 9 content view"
        organization: "Default Organization"
Copy to Clipboard Toggle word wrap

For more information, see the Ansible module documentation with the following commands:

  • ansible-doc redhat.satellite.repository_sync
  • ansible-doc redhat.satellite.content_view_version

Legal Notice
Copy link

Copyright © 2025 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.
Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat