Appendix D. Synchronizing Templates with Git
Red Hat Satellite 6 enables synchronization of Job Templates, Provisioning Templates, and Partition Table Templates between Satellite Server and a Git repository or a local directory.
This section details the workflow for:
- installing and configuring the TemplateSync plug-in
- performing exporting and importing tasks
D.1. Enabling the TemplateSync plug-in
To enable the plug-in on your Satellite Server:
# satellite-installer --enable-foreman-plugin-templates
- To verify that the plug-in is installed correctly, ensure Administer > Settings includes the TemplateSync menu.
D.2. Configuring the TemplateSync plug-in
Navigate to Administer > Settings > TemplateSync to configure the plug-in. The following table explains the attributes behavior. Note that some attributes are only used on importing or exporting tasks.
Parameter | API parameter name | Meaning on importing | Meaning on exporting |
---|---|---|---|
Associate |
Accepted values: | Associates templates with OS, Organization, and Location based on metadata. | N/A |
Branch |
| Specifies the default branch in Git repository to read from. | Specifies the default branch in Git repository to write to. |
Dirname |
| Specifies the subdirectory under the repository to read from. | Specifies the subdirectory under the repository to write to. |
Filter |
| Imports only templates with names that match this regular expression. | Exports only templates with names that match this regular expression. |
Force import |
| Imported templates overwrite locked templates with the same name. | N/A |
Metadata export mode |
Accepted values: | N/A | Defines how metadata is handled when exporting:
|
Negate |
Accepted values: | Imports templates ignoring the filter attribute. | Exports templates ignoring the filter attribute. |
Prefix |
| Adds specified string to the beginning of the template if the template name does not start with the prefix already. | N/A |
Repo |
| Defines the path to the repository to synchronize from. | Defines the path to a repository to export to. |
Verbosity |
Accepted values: | Enables writing verbose messages to the logs for this action. | N/A |
D.3. Importing and Exporting Templates
Importing and exporting tasks are available through a series of API calls. API calls use the role-based access control system, which enables the tasks to be executed as any user. The TemplateSync plug-in allows synchronizing with a Git repository or a local directory.
Prerequisites
For imported templates to appear in the Satellite web UI, each template must contain the location and organization that the template belongs to. This applies to all template types. Before you import a template, ensure that you add the following section to the template:
<%# kind: provision name: My Kickstart File oses: - RedHat 7 - RedHat 6 locations: - First Location - Second Location organizations: - Default Organization - Extra Organization %>
You can also import and export templates using Hammer. For more information, see Provisioning Templates in the Hammer Cli Guide.
D.3.1. Synchronizing Templates with a Git repository
- Configure a Git server that uses SSH authorization, for example gitosis, gitolite, or git daemon.
Configure the TemplateSync plug-in settings on a TemplateSync tab.
- Change the Branch setting to match the target branch on a Git server.
-
Change the Repo setting to match the Git repository. For example, for the repository located in
git@git.example.com/templates.git
set the setting intossh://git@git.example.com/templates.git
.
Accept Git SSH host key as the foreman user:
# sudo -u foreman ssh git.example.com
You can see the
Permission denied, please try again.
message in the output, which is expected, because the SSH connection cannot succeed yet.Create an SSH key pair if you do not already have it. Do not specify any passphrase.
# sudo -u foreman ssh-keygen
-
Configure your Git server with the public key from your Satellite, which resides in
/usr/share/foreman/.ssh/id_rsa.pub
. Export templates from your Satellite Server to the Git repository specified in the TemplateSync menu:
$ curl -H "Accept:application/json,version=2" \ -H "Content-Type:application/json" \ -u login:password \ -k https://satellite.example.com/api/v2/templates/export \ -X POST {"message":"Success"}
Import templates to Satellite Server after their content was changed:
$ curl -H "Accept:application/json,version=2" \ -H "Content-Type:application/json" \ -u login:password \ -k https://satellite.example.com/api/v2/templates/import \ -X POST {“message”:”Success”}
Note that templates provided by Satellite are locked and you cannot import them by default. To overwrite this behavior, change the
Force import
setting in the TemplateSync menu toyes
or add theforce
parameter-d '{ "force": "true" }’
to the import command.
D.3.2. Synchronizing templates with a local directory
Synchronizing templates with a local directory is useful if you have configured any revision control system repository in the local directory. That way, you can edit templates and track the history of edits in the directory. You can also synchronize changes to Satellite Server after editing the templates.
Create the directory where templates are stored and apply appropriate permissions and SELinux context:
# mkdir -p /usr/share/templates_dir/ # chown foreman /usr/share/templates_dir/ # chcon -t httpd_sys_rw_content_t /usr/share/templates_dir/ -R
-
Change the Repo setting on the TemplateSync tab to match the export directory
/usr/share/templates_dir/
. Export templates from your Satellite Server to a local directory:
$ curl -H "Accept:application/json,version=2" \ -H "Content-Type:application/json" \ -u login:password \ -k https://satellite.example.com/api/v2/templates/export \ -X POST \ {"message":"Success"}
Import templates to Satellite Server after their content was changed:
$ curl -H "Accept:application/json,version=2" \ -H "Content-Type:application/json" \ -u login:password \ -k https://satellite.example.com/api/v2/templates/import \ -X POST {“message”:”Success”}
Note that templates provided by Satellite are locked and you cannot import them by default. To overwrite this behavior, change the
Force import
setting in the TemplateSync menu toyes
or add theforce
parameter-d '{ "force": "true" }’
to the import command.
You can override default API settings by specifying them in the request with the -d
parameter. The following example exports templates to the git.example.com/templates
repository:
$ curl -H "Accept:application/json,version=2" \ -H "Content-Type:application/json" \ -u login:password \ -k https://satellite.example.com/api/v2/templates/export \ -X POST \ -d "{\"repo\":\"git.example.com/templates\"}"
D.4. Advanced Git Configuration
You can perform additional Git configuration for the TemplateSync plug-in using the command line or editing the .gitconfig
file.
Accepting a self-signed Git certificate
If you are using a self-signed certificate authentification on your Git server, validate the certificate with the git config http.sslCAPath
command.
For example, the following command verifies a self-signed certificate stored in /cert/cert.pem
:
# sudo -u foreman git config --global http.sslCAPath cert/cert.pem
For a complete list of advanced options, see the git-config
manual page.
D.5. Uninstalling the plug-in
To avoid errors after uninstallation:
Disable the plug-in using the Satellite installer:
# satellite-installer --no-enable-foreman-plugin-templates
Clean custom data of the plug-in. The command does not affect any templates that you created.
# foreman-rake templates:cleanup
Uninstall the plug-in:
# yum remove tfm-rubygem-foreman_templates