diff --git a/README.md b/README.md index 63bd1d6..60514af 100644 --- a/README.md +++ b/README.md @@ -8,49 +8,139 @@ Example of using ansible-core to automatically install and configure Red Hat Sat Once the playbooks complete, Satellite is configured to provision RHEL 7, 8 and 9 via PXE network boot. Also, the Satellite acts as the DNS and DHCP servers for the subnet. -While the code works, this README is a work in progress. Full instructions will be forthcoming... - ## Lab Environment -My test Lab is libvirt on Fedora 38. I created a subnet 192.168.100.0/24 with DHCP disabled, and NAT forwarding. The Gateway is 192.168.100.1, and the Satellite is 192.168.100.2. For the Red Hat Satellite installation, the DHCP pool is the 192.168.100.100 - 150. I deployed the Red Hat Satellite and subsequent clients into the test.org domain. I started with a Minimal install of RHEL 8.9, registered to Red Hat Subscription Management on the Internet. My Red Hat Satellite VM is 4 CPU x 20GB RAM with a single 150GB disk. Given Red Hat Satellite can take up quite a bit of storage, I went with the following partition layout: +My test Lab is libvirt on Fedora 39. I created a subnet 192.168.100.0/24 with DHCP disabled, and NAT forwarding. The Gateway is 192.168.100.1, and the Satellite is 192.168.100.2. For the Red Hat Satellite installation, the DHCP pool is the 192.168.100.100 - 150. I deployed the Red Hat Satellite and subsequent clients into the test.org domain. I started with a Minimal install of RHEL 8.9, registered to Red Hat Subscription Management on the Internet. My Red Hat Satellite VM is 4 CPU x 20GB RAM with a single 150GB disk. Given Red Hat Satellite can take up quite a bit of storage, I went with the following partition layout: -- /boot 1 GB ext4 -- / 139.14 GB ext4 -- swap 9.9 GB + /boot 1 GB ext4 + /boot/efi 600 MB vfat + / 138.56 GB ext4 + swap 9.9 GB swap I used the Red Hat Enterprise Linux GUI installation DVD to setup the default partitions, removed /home and added the space to /. You may wonder why I switched from xfs to ext4. In the past my satellite filled the disk. I found with xfs, once you grow the file system, you cannot shrink it again. However, with ext4 you can! Given this is a lab I use quite a bit. I chose to keep my options open by using ext4. ## Quick How To -### Customizations - -To use this code, you need to customize the variable files for your needs. The following should be reviewed and altered as necessary: - - Red_Hat_Satellite_IaC/ - ├── content_cleanup.yml (set how many old versions of Content Views to Keep) - ├── group_vars - │   └── satellites - │   ├── main.yml (set your organization) - │   └── vault.yml (There are several variables to set according to your needs) - ├── host_vars - │   └── sattest.test.org.yml (Your list of subscription pool ids and quantities for your manifest, and satellite installer options) - ├── inventory.yml (Your satellite FQDN must be in the satellites group, adjust the host_vars filename to match as well) - ├── secret (This file contains your secret to decrypt your ansible vault in plain text) - └── vars ( all of these files can be used as is, to setup a Standard Operating Environment Red Hat Satellite, but may be customized) - ├── actkeys.yml - ├── content_views.yml - ├── domains.yml - ├── hostgroups.yml - ├── lifecycles.yml - ├── obsoletes.yml - ├── products.yml - ├── subnets.yml - └── sync_plans.yml +### File Manifest + + Red_Hat_Satellite_IaC + ├── ansible.cfg + ├── cleanup_content.yml + ├── install_satellite_packages.yml + ├── install_satellite.yml + ├── inventory + │   ├── group_vars + │   │   ├── all + │   │   │   └── main.yml + │   │   └── satellites + │   │   ├── content_views.yml + │   │   ├── obsolete_repositories.yml + │   │   ├── satellite_activation_keys.yml + │   │   ├── satellite_lifecycle_environments.yml + │   │   └── satellite_products.yml + │   ├── host_vars + │   │   └── sattest.test.org + │   │   ├── firewall_rules.yml + │   │   ├── install_options.yml + │   │   ├── main.yml + │   │   ├── manifest.yml + │   │   ├── satellite_domains.yml + │   │   ├── satellite_hostgroups.yml + │   │   ├── satellite_locations.yml + │   │   ├── satellite_settings.yml + │   │   ├── satellite_subnets.yml + │   │   ├── satellite_sync_plans.yml + │   │   └── vault.yml + │   └── inventory.yml + ├── LICENSE + ├── maintain_activation_keys.yml + ├── maintain_content.yml + ├── maintain_locations.yml + ├── maintain_manifest.yml + ├── maintain_provisioning.yml + ├── maintain_repositories.yml + ├── maintain_satellite_settings.yml + ├── maintain_sync_plans.yml + ├── README.md + ├── sat_prep.bash + ├── secret + └── site.yml + +### Description of Files + +#### Ansible Configuration + +The 'ansible.cfg' file configures ansible to use the 'inventory' directory for the Ansible Inventory, and the 'secret' file to decrypt and read Ansible Vault Files. + +#### Ansible Inventory Directory + +Within the 'inventory' directory you will find the following: + + inventory.yml: File containing the inventory of Satellites. + group_vars: Directory containing group variable directories. + group_vars/all: Directory containing variable files to apply to all hosts. This is currently a placeholder. + group_vars/satellites: Directory container variable files to apply to all Satellite hosts. + host_vars: Directory containing variable directories corresponding to specific hosts. + host_vars/sattest.test.org: Directory containing variable files to apply to the sattest.test.org host. + +##### Group Variable Files + +The following group variable files define the Content required for a Standard Operating Environment Satellite with RHEL 5 - 9. RHEL 5 and 6 are commented as they are no longer supported. + +content_views.yml +obsolete_repositories.yml +satellite_activation_keys.yml +satellite_lifecycle_environments.yml +satellite_products.yml + +##### Host Variable Files + +The following host variable files define configuration items specific to each Satellite. + + firewall_rules.yml Defines Firewalld rules for Satellite + install_options.yml Defines Satellite Installer Options + main.yml Defines the Satellite Organization and Location + manifest.yml Set the subscription pools and quantities for the Satellite Manifest + satellite_domains.yml Defines Domains + satellite_hostgroups.yml Defines Hostgroups + satellite_locations.yml Defines Locations + satellite_settings.yml Set any required Satellite Settings + satellite_subnets.yml Defines Subnets + satellite_sync_plans.yml Defines Sync Plans + vault.yml Defines Satellite and Red Hat Subscription Portal Authentication information and Default Root Password for Provisioning. + +NOTE: *If you wish to have multiple satellites with differing content, you may move the appropriate variable files from the 'group_vars/satellites' directory to the 'host_vars' directory for your satellite hosts.* + +### Required Variable Customizations + +The playbook will not run without making the following customizations, assuming the exact lab environment is in place. If your host name or network differ you will need to make appropriate changes. + +#### Satellite Host manifest.yml (Required) + +Customize the subscription pools. They are required to automatically create the manifest. + +To find the subscription pool id(s) to add to the subscription pools, use subscription-manager to search your subscriptions: + + # subscription-manager list --all --available --matches 'Red Hat Satellite Infrastructure Subscription' + +You can replace the search string with the Subscription name of your choosing. This example searches for Red Hat Satellite Subscriptions. + +#### Satellite Host vault.yml (Required) + +Customize the Red Hat Portal Username and Password variables. They are required to automatically create the manifest. + + vault_red_hat_portal_username + vault_red_hat_portal_password + +NOTE: *I preface all variables in the 'vault.yml' file with 'vault_'. This enables me to see where these encrypted variables are coming from when reading the ansible variable files and playbooks.* + +#### Review other host and group variable files + +All other files may be customized to your particular use case. ### Running the automation -1. Customize the variable files as needed. - - I still have a bit of work to do here to take what should be variables out of content_cleanup.yml and standardize some variables. I started this a few years ago and need to integrate the new installation process with the configuration processes better. +1. Ensure your RHEL 8 server is registered to Red Hat Subscription Management and has access to a Satellite Infrastructure Subscription. 2. Run "sat_prep.bash". The script will do the following: 1. Disable all but the necessary repositories for the Satellite installation. 2. Enable the Satellite EL8 module @@ -61,8 +151,9 @@ To use this code, you need to customize the variable files for your needs. The 3. redhat.satellite ansible collection 4. redhat.satellite_operations ansible collection 5. Perform a full system update - 6. Reboot the system -3. Run "ansible-playbook satellite_complete_installation_configuration.yml" The following actions will be performed: + 6. Report if a Reboot is required. +3. If necessary, reboot. +4. Run "ansible-playbook site.yml" The following actions will be performed: 1. Install the following (Some are optional but help to maintain code): - satellite (rpm packages) - chrony @@ -79,33 +170,36 @@ To use this code, you need to customize the variable files for your needs. The 6. Store the UUID of the Manifest file - Stored in a text file in /root 7. Upload the manifest into Satellite - 8. Refresh the manifest + 8. Set Satellite Settings as appropriate + - Set Default Download Policy to on_demand + - This saves a ton of disk space! + 9. Create non-default Satellite Locations + 10. Refresh the manifest - This can be needed for normal maintenance, so I left it in for future day 2 operations. - 9. Manage GPG keys for Repositories - 10. Set the Default Download Policy to on_demand - - This saves a ton of disk space! - 11. Enable the required Red Hat Repositories and any custom repositories + 11. Manage GPG keys for Repositories + 12. Enable the required Red Hat Repositories and any custom repositories - Custom repositories can include EPEL or in house created repositories - Note: the use of EPEL on production systems is not recommended, use it at your own risk. - 12. Create a Sync Plan - 13. Create Lifecycle Environments - 14. Sync the repository content - - With the Default Download Policy set to on_demand, this will only download repository metadata, and create repository metadata internal to Satellite. RPM's are downloaded to Satellite as clients request them. - 15. Create Content Views - 16. Publish Content Views and publish them to Lifecycle Environments - 17. Create Activation Keys - 18. Create Domains - 19. Create Subnets - 20. Create Hostgroups - 21. Set the Default root password for systems created by Hostgroups. + 13. Sync the repository content + - With the Default Download Policy set to on_demand, this will only download repository metadata, and create repository metadata internal to Satellite. RPM's are downloaded to Satellite as clients request them. + 14. Create a Sync Plan + 15. Create Lifecycle Environments + + 16. Create Content Views + 17. Publish Content Views and publish them to Lifecycle Environments + 18. Create Activation Keys + 19. Create Domains + 20. Create Subnets + 21. Create Hostgroups + 22. Set the Default root password for systems created by Hostgroups. This covers all of the installation and configuration playbooks. After all of this, your Satellite is ready to PXE Provision BIOS based systems! -There is one other playbook not covered here, content_cleanup.yml. This playbook can remove old Content View versions and disable unneeded RedHat repositories (such as old Kickstart trees). +There is one other playbook not covered here, 'content_cleanup.yml'. This playbook can remove old Content View versions and disable unneeded RedHat repositories (such as old Kickstart trees). -The playbooks that begin with maintain_ are the day two operational playbooks that you can use to maintain your Red Hat Satellite Configuration over time. +The playbooks that begin with 'maintain_' are the day two operational playbooks that you can use to maintain your Red Hat Satellite Configuration over time. -Again, this is a work in progress and more information will come in due time, and some enhancements as well... I hope to add some more features. +NOTE: *This is a work in progress. I hope to add some new features such as capsule installation and configuration in the future.* ## Tips @@ -115,20 +209,20 @@ This code can not only be used to initially install Red Hat Satellite, but also ~/.vimrc - autocmd FileType yaml setlocal et ts=2 ai sw=2 sts=0 + " Long Option versions + " --------------------- + " expandtab et + " tabstop ts + " autoindent ai + " shiftwidth sw + " softtabstop sts + " list list + " listchars lcs (multispace option only supported on vim 9 or higher) + " number nu + " --------------------- + " To show line indentation, the following plugin may be used: + " https://github.com/Yggdroot/indentLine.git + + autocmd FileType yaml setlocal et ts=2 ai sw=2 sts=0 list + set nu set modeline - -### How do I find the subscription pool id(s) to add to my manifest? - -Use subscription-manager to search your subscriptions: - - # subscription-manager list --all --available --matches 'Red Hat Satellite Infrastructure Subscription' - -You can replace the search string with the Subscription name of your choosing. This example searches for Red Hat Satellite Subscriptions. - -### Customize the initial Organization and Location - -You can add your own Organization name and Location names to the installation. To do so, add the following to the satellite_installer_options list in the satellite server host_vars file. - - - '--foreman-initial-organization "initial_organization_name"' - - '--foreman-initial-location "initial_location_name"' diff --git a/ansible.cfg b/ansible.cfg index 1c47928..5d22cbb 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,3 +1,3 @@ [defaults] -inventory = inventory.yml +inventory = inventory vault_password_file = secret diff --git a/content_cleanup.yml b/cleanup_content.yml similarity index 60% rename from content_cleanup.yml rename to cleanup_content.yml index 74e016f..b62c9b7 100644 --- a/content_cleanup.yml +++ b/cleanup_content.yml @@ -1,22 +1,20 @@ --- - name: Cleanup Old CV Versions hosts: satellites - gather_facts: no - vars_files: - - vars/obsoletes.yml + gather_facts: false - roles: - - role: redhat.satellite.content_view_version_cleanup + tasks: + - name: Remove Old Content View Versions + ansible.builtin.import_role: + name: redhat.satellite.content_view_version_cleanup vars: - satellite_server_url: "https://{{ inventory_hostname }}" satellite_content_view_version_cleanup_keep: 1 - tasks: - name: Disable Old Repositories redhat.satellite.repository_set: username: "{{ satellite_username }}" password: "{{ satellite_password }}" - server_url: "https://{{ inventory_hostname }}" + server_url: "{{ satellite_server_url }}" organization: "{{ satellite_organization }}" state: disabled product: "{{ item.0.name }}" @@ -24,7 +22,4 @@ repositories: - basearch: "{{ item.1.basearch | default(omit) }}" releasever: "{{ item.1.releasever | default(omit) }}" - with_subelements: - - "{{ obsolete_repositories | selectattr('repository_sets', 'defined') | list }}" - - repository_sets - + loop: "{{ obsolete_repositories | selectattr('repository_sets', 'defined') | list | subelements('repository_sets') }}" diff --git a/configure_satellite.yml b/configure_satellite.yml deleted file mode 100644 index 25c58f0..0000000 --- a/configure_satellite.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: Configure Satellite - hosts: satellites - gather_facts: false - -- name: Maintain Main Satellite Content - import_playbook: maintain_content.yml - -- name: Maintain Activation Keys - import_playbook: maintain_activation_keys.yml - -- name: Maintain Locations - import_playbook: maintain_locations.yml - -- name: Maintain Satellite Provisioning Configuration - import_playbook: maintain_provisioning.yml diff --git a/group_vars/satellites/vault.yml b/group_vars/satellites/vault.yml deleted file mode 100644 index 81039a2..0000000 --- a/group_vars/satellites/vault.yml +++ /dev/null @@ -1,18 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -33363133303232326563626336323532323466616632613233623934363038666162323136663437 -6534343161336666326261633236613161333763633032330a376336323935646538306132656264 -35333833346636373963623362323033646461306162363862323266663464646432613361376436 -6464636563663939350a363239363331306261666435336639346237316437316461386562663161 -34346335316434306636353231313563373432326530653631373165626565306364333937666334 -30396238336366656133653037636233303465376439616564356139383734323530313933383765 -63626465613933333862386566333466333162626261353636316661376138656431653036653535 -63383064366630653730373662306366383839663539343730333833636562363566386432316331 -63663638383661653231316333336130663864333365626164386136383564303736643462353762 -30643964356132356434643833623339373638623230613536663364643161613535336133643536 -33663762386165333566396235396130313436306136393762333331653630663230626532616531 -39356265626130326332353364336661396437613661646535363333333439653139313033356434 -35666338353261343739306331663466656339363931333663373939613637666536653432646664 -65383036623461663136656230393264393332623861623430316336633737393262666130376135 -31376530393165343735653265613939316564333138613265306436383261343164633662303866 -62383031363231326130313261356535353930346666393231366635643865393634646463636535 -34343665386365653865303731333738613839353039313463646333326661643838 diff --git a/hostgroup_set_default_root_password.yml b/hostgroup_set_default_root_password.yml deleted file mode 100644 index 556aa23..0000000 --- a/hostgroup_set_default_root_password.yml +++ /dev/null @@ -1,18 +0,0 @@ -- name: Hostgroups - Set Default Root Password - hosts: satellites - gather_facts: no - vars_files: - - vars/hostgroups.yml - - tasks: - - name: Host Groups - Set Default Root Password - redhat.satellite.hostgroup: - username: "{{ satellite_username }}" - password: "{{ satellite_password }}" - server_url: "https://{{ inventory_hostname }}" - organization: "{{ satellite_organization }}" - name: "{{ item.name }}" - root_pass: "{{ hostgroup_default_root_password }}" - state: present - loop: "{{ hostgroups }}" - diff --git a/install_satellite.yml b/install_satellite.yml index fb24798..47f5c04 100644 --- a/install_satellite.yml +++ b/install_satellite.yml @@ -1,54 +1,17 @@ --- -- name: Install Satellite +- name: Configure Firewall and Install Satellite hosts: satellites gather_facts: false - pre_tasks: - - name: Install required packages - ansible.builtin.package: - name: - - satellite - - chrony - - sos - - bash-completion - - tree - - vim-enhanced - state: latest - - - name: Download the Satellite 6 Queue Checker script - ansible.builtin.get_url: - url: https://raw.githubusercontent.com/jasondickerson/sat6-queue-check/master/sat6-queue-check.bash - dest: /root/sat6-queue-check.bash - mode: '0750' - - roles: - - role: redhat.rhel_system_roles.firewall - - role: redhat.satellite_operations.installer - tasks: - - name: Manage manifest - redhat.satellite.redhat_manifest: - name: "{{ inventory_hostname }}" - username: "{{ red_hat_portal_username }}" - password: "{{ red_hat_portal_password }}" - content_access_mode: org_environment - pool_id: "{{ item.id }}" - quantity: "{{ item.quantity }}" - path: "/root/{{ inventory_hostname }}_manifest.zip" - loop: "{{ subscription_pools }}" - register: manifest - - - name: Store Manifest UUID - ansible.builtin.copy: - content: "{{ manifest.results[0].uuid }}" - dest: "/root/{{ inventory_hostname }}_manifest_uuid.txt" - mode: '0640' + - name: Configure Satellite Firewall Rules + ansible.builtin.import_role: + name: redhat.rhel_system_roles.firewall + tags: + - firewall - - name: "Upload the manifest" - redhat.satellite.subscription_manifest: - username: "{{ satellite_username }}" - password: "{{ satellite_password }}" - server_url: "https://{{ inventory_hostname }}" - organization: "{{ satellite_organization }}" - state: present - manifest_path: "/root/{{ inventory_hostname }}_manifest.zip" + - name: Run Satellite Installer + ansible.builtin.import_role: + name: redhat.satellite_operations.installer + tags: + - satellite_installer diff --git a/install_satellite_packages.yml b/install_satellite_packages.yml new file mode 100644 index 0000000..d77ceb1 --- /dev/null +++ b/install_satellite_packages.yml @@ -0,0 +1,22 @@ +--- +- name: Install Satellite Packages + hosts: satellites + gather_facts: false + + tasks: + - name: Install required packages + ansible.builtin.package: + name: + - satellite + - chrony + - sos + - bash-completion + - tree + - vim-enhanced + state: present + + - name: Download the Satellite 6 Queue Checker script + ansible.builtin.get_url: + url: https://raw.githubusercontent.com/jasondickerson/sat6-queue-check/master/sat6-queue-check.bash + dest: /root/sat6-queue-check.bash + mode: '0750' diff --git a/inventory/group_vars/all/main.yml b/inventory/group_vars/all/main.yml new file mode 100644 index 0000000..10d584d --- /dev/null +++ b/inventory/group_vars/all/main.yml @@ -0,0 +1,2 @@ +--- +# Place holder for any variables to apply to all hosts diff --git a/vars/content_views.yml b/inventory/group_vars/satellites/content_views.yml similarity index 100% rename from vars/content_views.yml rename to inventory/group_vars/satellites/content_views.yml diff --git a/vars/obsoletes.yml b/inventory/group_vars/satellites/obsolete_repositories.yml similarity index 100% rename from vars/obsoletes.yml rename to inventory/group_vars/satellites/obsolete_repositories.yml diff --git a/vars/actkeys.yml b/inventory/group_vars/satellites/satellite_activation_keys.yml similarity index 99% rename from vars/actkeys.yml rename to inventory/group_vars/satellites/satellite_activation_keys.yml index 9d157ca..c865213 100644 --- a/vars/actkeys.yml +++ b/inventory/group_vars/satellites/satellite_activation_keys.yml @@ -1,5 +1,5 @@ --- -activation_keys: +satellite_activation_keys: ## RHEL 6 is no longer supported # - name: "RHEL6-DEV-AK" # lifecycle_environment: "DEV6" diff --git a/vars/lifecycles.yml b/inventory/group_vars/satellites/satellite_lifecycle_environments.yml similarity index 80% rename from vars/lifecycles.yml rename to inventory/group_vars/satellites/satellite_lifecycle_environments.yml index f469595..272b16c 100644 --- a/vars/lifecycles.yml +++ b/inventory/group_vars/satellites/satellite_lifecycle_environments.yml @@ -1,5 +1,5 @@ --- -lifecycles: +satellite_lifecycle_environments: - name: DEV6 prior: Library - name: DEV7 diff --git a/vars/products.yml b/inventory/group_vars/satellites/satellite_products.yml similarity index 99% rename from vars/products.yml rename to inventory/group_vars/satellites/satellite_products.yml index 05f8737..046adc2 100644 --- a/vars/products.yml +++ b/inventory/group_vars/satellites/satellite_products.yml @@ -1,5 +1,5 @@ --- -products: +satellite_products: - name: Red Hat Software Collections (for RHEL Server) repository_sets: ## RHEL 6 is no longer supported diff --git a/inventory/host_vars/sattest.test.org/firewall_rules.yml b/inventory/host_vars/sattest.test.org/firewall_rules.yml new file mode 100644 index 0000000..950f00d --- /dev/null +++ b/inventory/host_vars/sattest.test.org/firewall_rules.yml @@ -0,0 +1,16 @@ +--- +firewall: + - service: RH-Satellite-6 + state: enabled + - service: cockpit + state: enabled + - service: dhcp + state: enabled + - service: dhcpv6-client + state: enabled + - service: dns + state: enabled + - service: ssh + state: enabled + - service: tftp + state: enabled diff --git a/host_vars/sattest.test.org.yml b/inventory/host_vars/sattest.test.org/install_options.yml similarity index 57% rename from host_vars/sattest.test.org.yml rename to inventory/host_vars/sattest.test.org/install_options.yml index 74f3d13..b51e36e 100644 --- a/host_vars/sattest.test.org.yml +++ b/inventory/host_vars/sattest.test.org/install_options.yml @@ -1,29 +1,4 @@ --- -firewall: - - service: RH-Satellite-6 - state: enabled - - service: cockpit - state: enabled - - service: dhcp - state: enabled - - service: dhcpv6-client - state: enabled - - service: dns - state: enabled - - service: ssh - state: enabled - - service: tftp - state: enabled - -subscription_pools: - ### To find subscriptions, use subscription-manager command on Satellite to search for the necessary product - ### Manifest will need Sat Infra, RHEL Premium, ELS subscriptions - ### the ansible module does not like virtual subs so just use physical - ### - ### subscription-manager list --all --available --matches 'Red Hat Satellite Infrastructure Subscription' - - id: - quantity: - satellite_installer_scenario: satellite satellite_installer_options: - '--foreman-initial-admin-username {{ satellite_username }}' diff --git a/group_vars/satellites/main.yml b/inventory/host_vars/sattest.test.org/main.yml similarity index 87% rename from group_vars/satellites/main.yml rename to inventory/host_vars/sattest.test.org/main.yml index 35c40ca..f322988 100644 --- a/group_vars/satellites/main.yml +++ b/inventory/host_vars/sattest.test.org/main.yml @@ -3,6 +3,7 @@ satellite_organization: "Default Organization" satellite_location: "Default Location" satellite_username: "{{ vault_satellite_username }}" satellite_password: "{{ vault_satellite_password }}" +satellite_server_url: "https://{{ inventory_hostname }}" hostgroup_default_root_password: "{{ vault_hostgroup_default_root_password }}" red_hat_portal_username: "{{ vault_red_hat_portal_username }}" red_hat_portal_password: "{{ vault_red_hat_portal_password }}" diff --git a/inventory/host_vars/sattest.test.org/manifest.yml b/inventory/host_vars/sattest.test.org/manifest.yml new file mode 100644 index 0000000..26f7444 --- /dev/null +++ b/inventory/host_vars/sattest.test.org/manifest.yml @@ -0,0 +1,9 @@ +--- +subscription_pools: + ### To find subscriptions, use subscription-manager command on Satellite to search for the necessary product + ### Manifest will need Sat Infra, RHEL Premium, ELS subscriptions + ### the ansible module does not like virtual subs so just use physical + ### + ### subscription-manager list --all --available --matches 'Red Hat Satellite Infrastructure Subscription' + - id: + quantity: diff --git a/vars/domains.yml b/inventory/host_vars/sattest.test.org/satellite_domains.yml similarity index 90% rename from vars/domains.yml rename to inventory/host_vars/sattest.test.org/satellite_domains.yml index 6405508..82ad38f 100644 --- a/vars/domains.yml +++ b/inventory/host_vars/sattest.test.org/satellite_domains.yml @@ -1,5 +1,5 @@ --- -domains: +satellite_domains: - name: "test.org" dns_proxy: "{{ inventory_hostname }}" locations: diff --git a/vars/hostgroups.yml b/inventory/host_vars/sattest.test.org/satellite_hostgroups.yml similarity index 95% rename from vars/hostgroups.yml rename to inventory/host_vars/sattest.test.org/satellite_hostgroups.yml index 8206e2e..0a068fc 100644 --- a/vars/hostgroups.yml +++ b/inventory/host_vars/sattest.test.org/satellite_hostgroups.yml @@ -1,5 +1,5 @@ --- -hostgroups: +satellite_hostgroups: ## RHEL 6 is no longer supported # - name: RHEL6DEVHG # lifecycle_environment: DEV6 @@ -31,6 +31,7 @@ hostgroups: # locations: # - "{{ satellite_location }}" # activation_keys: "RHEL6-DEV-AK" +# organization: "{{ satellite_organization }}" - name: RHEL7DEVHG lifecycle_environment: DEV7 @@ -62,6 +63,7 @@ hostgroups: locations: - "{{ satellite_location }}" activation_keys: "RHEL7-DEV-AK" + organization: "{{ satellite_organization }}" - name: RHEL8DEVHG lifecycle_environment: DEV8 @@ -93,6 +95,7 @@ hostgroups: locations: - "{{ satellite_location }}" activation_keys: "RHEL8-DEV-AK" + organization: "{{ satellite_organization }}" - name: RHEL9DEVHG lifecycle_environment: DEV9 @@ -124,6 +127,7 @@ hostgroups: locations: - "{{ satellite_location }}" activation_keys: "RHEL9-DEV-AK" + organization: "{{ satellite_organization }}" - name: CapsulesHG lifecycle_environment: DEV8 @@ -155,3 +159,4 @@ hostgroups: locations: - "{{ satellite_location }}" activation_keys: "Capsules-AK" + organization: "{{ satellite_organization }}" diff --git a/vars/locations.yml b/inventory/host_vars/sattest.test.org/satellite_locations.yml similarity index 82% rename from vars/locations.yml rename to inventory/host_vars/sattest.test.org/satellite_locations.yml index c7e9d1c..861ed40 100644 --- a/vars/locations.yml +++ b/inventory/host_vars/sattest.test.org/satellite_locations.yml @@ -1,5 +1,5 @@ --- -locations: +satellite_locations: - name: "{{ satellite_location }}" organizations: - "{{ satellite_organization }}" diff --git a/inventory/host_vars/sattest.test.org/satellite_settings.yml b/inventory/host_vars/sattest.test.org/satellite_settings.yml new file mode 100644 index 0000000..8583fbd --- /dev/null +++ b/inventory/host_vars/sattest.test.org/satellite_settings.yml @@ -0,0 +1,4 @@ +--- +satellite_settings: + - name: "default_download_policy" + value: "on_demand" diff --git a/vars/subnets.yml b/inventory/host_vars/sattest.test.org/satellite_subnets.yml similarity index 98% rename from vars/subnets.yml rename to inventory/host_vars/sattest.test.org/satellite_subnets.yml index cfa62c1..f4f877e 100644 --- a/vars/subnets.yml +++ b/inventory/host_vars/sattest.test.org/satellite_subnets.yml @@ -1,5 +1,5 @@ --- -subnets: +satellite_subnets: # - name: "test.org_static" # description: "" # network_type: "IPv4" diff --git a/vars/sync_plans.yml b/inventory/host_vars/sattest.test.org/satellite_sync_plans.yml similarity index 90% rename from vars/sync_plans.yml rename to inventory/host_vars/sattest.test.org/satellite_sync_plans.yml index b9052ba..07e674f 100644 --- a/vars/sync_plans.yml +++ b/inventory/host_vars/sattest.test.org/satellite_sync_plans.yml @@ -1,5 +1,5 @@ --- -sync_plans: +satellite_sync_plans: - name: Sync All description: "Sync All repositories" enabled: false diff --git a/inventory/host_vars/sattest.test.org/vault.yml b/inventory/host_vars/sattest.test.org/vault.yml new file mode 100644 index 0000000..89609a3 --- /dev/null +++ b/inventory/host_vars/sattest.test.org/vault.yml @@ -0,0 +1,18 @@ +$ANSIBLE_VAULT;1.1;AES256 +31303834626564636261396336623337646263653431653331366463313464383439343637386666 +3261666636623639366361613761353337356439373939390a633237373435616534653564303332 +65356465646662663931306130386665333564653135666330363763336461363333356264383433 +6333333063656434630a323334343435636162613766396265333231643264323261333635663631 +31333138393330333630393839626261353731313666393863656437646364316162316331323238 +61343664343363383338666161393634373763383738616663653765303031316530396336373337 +34303961373337386566633662353661306561636237326131373934313434613436393436303762 +65353335396362313561623039666433366461303232383562623565373233363933306437656638 +31653738653532353964393239653334303933663466303665336265326438396666343735303431 +30636331333765663037326135346638613637343839666439356636376636656563336530303734 +34333966623463316565303263653965633536376235376639623630306262346466373665393062 +61653634663866613061353133353463396465393233663538343663326137626138363030363535 +63356264663538343039613362663065383261343535306165343066353337343766373164643433 +37623164346462656331363633643861386237323933306536353462396132633137623836353331 +32313065343131613433326137636137303036326530303066333161643331306336333765393732 +64323131366135383963356662353433356666393665666437316661303366623066643232363965 +36356232316265666265663266383363653134373039386136303236613333623165 diff --git a/inventory.yml b/inventory/inventory.yml similarity index 100% rename from inventory.yml rename to inventory/inventory.yml diff --git a/maintain_activation_keys.yml b/maintain_activation_keys.yml index 3eb1953..0feee7c 100644 --- a/maintain_activation_keys.yml +++ b/maintain_activation_keys.yml @@ -1,13 +1,12 @@ --- -- name: Maintain Activation Keys +- name: Manage Activation Keys hosts: satellites gather_facts: false - vars_files: - - vars/actkeys.yml + tags: + - actkeys + - satconfig - roles: - - role: redhat.satellite.activation_keys - vars: - satellite_server_url: "https://{{ inventory_hostname }}" - satellite_activation_keys: "{{ activation_keys }}" - tags: actkeys + tasks: + - name: Manage Activation Keys + ansible.builtin.import_role: + name: redhat.satellite.activation_keys diff --git a/maintain_content.yml b/maintain_content.yml index 6eb1742..fe29f6b 100644 --- a/maintain_content.yml +++ b/maintain_content.yml @@ -1,80 +1,22 @@ --- -- name: Maintain Satellite Content +- name: Manage Content Content Views hosts: satellites - gather_facts: no - vars_files: - - vars/products.yml - - vars/sync_plans.yml - - vars/lifecycles.yml - - vars/content_views.yml - - pre_tasks: - - name: Refresh manifest - redhat.satellite.subscription_manifest: - username: "{{ satellite_username }}" - password: "{{ satellite_password }}" - server_url: "https://{{ inventory_hostname }}" - organization: "{{ satellite_organization }}" - state: refreshed - tags: manifest - - - name: Manage GPG keys - redhat.satellite.content_credential: - username: "{{ satellite_username }}" - password: "{{ satellite_password }}" - server_url: "https://{{ inventory_hostname }}" - organization: "{{ satellite_organization }}" - content_type: gpg_key - name: "{{ item.gpg_key }}" - content: "{{ lookup('url', item.gpg_url) }}" - loop: "{{ products }}" - when: item.gpg_key is defined - tags: gpgkeys - - - name: Set Default Download Policy - redhat.satellite.setting: - username: "{{ satellite_username }}" - password: "{{ satellite_password }}" - server_url: "https://{{ inventory_hostname }}" - name: "default_download_policy" - value: "on_demand" - tags: downloadpolicy - - roles: - - role: redhat.satellite.repositories - vars: - satellite_server_url: "https://{{ inventory_hostname }}" - satellite_products: "{{ products }}" - tags: enablerepos - - - role: redhat.satellite.sync_plans - vars: - satellite_server_url: "https://{{ inventory_hostname }}" - satellite_sync_plans: "{{ sync_plans }}" - tags: syncplan - - - role: redhat.satellite.lifecycle_environments - vars: - satellite_server_url: "https://{{ inventory_hostname }}" - satellite_lifecycle_environments: "{{ lifecycles }}" - tags: lifecycles + gather_facts: false + tags: + - satconfig tasks: - - name: Sync Products - redhat.satellite.repository_sync: - username: "{{ satellite_username }}" - password: "{{ satellite_password }}" - server_url: "https://{{ inventory_hostname }}" - product: "{{ item.name }}" - organization: "{{ satellite_organization }}" - loop: "{{ products }}" - tags: sync + - name: Manage Lifecycle Environments + ansible.builtin.import_role: + name: redhat.satellite.lifecycle_environments + tags: + - lifecycles - name: Manage Content Views redhat.satellite.content_view: username: "{{ satellite_username }}" password: "{{ satellite_password }}" - server_url: "https://{{ inventory_hostname }}" + server_url: "{{ satellite_server_url }}" organization: "{{ satellite_organization }}" name: "{{ item.name }}" repositories: "{{ item.repositories }}" @@ -82,16 +24,17 @@ solve_dependencies: "{{ item.solve_dependencies }}" composite: "{{ item.composite }}" loop: "{{ content_views }}" - tags: cvs + tags: + - cvs - name: Publish Content Views and Promote to Lifecycle Environments redhat.satellite.content_view_version: username: "{{ satellite_username }}" password: "{{ satellite_password }}" - server_url: "https://{{ inventory_hostname }}" + server_url: "{{ satellite_server_url }}" content_view: "{{ item.name }}" organization: "{{ satellite_organization }}" lifecycle_environments: "{{ item.lce }}" loop: "{{ content_views }}" - tags: pubpromote - + tags: + - pubpromote diff --git a/maintain_locations.yml b/maintain_locations.yml index 4b12a4d..62da30b 100644 --- a/maintain_locations.yml +++ b/maintain_locations.yml @@ -1,13 +1,12 @@ --- -- name: Maintain Locations +- name: Manage Locations hosts: satellites gather_facts: false - vars_files: - - vars/locations.yml + tags: + - satconfig + - locations - roles: - - role: redhat.satellite.locations - vars: - satellite_server_url: "https://{{ inventory_hostname }}" - satellite_locations: "{{ locations }}" - tags: locations + tasks: + - name: Manage Locations + ansible.builtin.import_role: + name: redhat.satellite.locations diff --git a/maintain_manifest.yml b/maintain_manifest.yml new file mode 100644 index 0000000..9061dae --- /dev/null +++ b/maintain_manifest.yml @@ -0,0 +1,32 @@ +--- +- name: Maintain Satellite Manifest + hosts: satellites + gather_facts: false + + tasks: + - name: Manage manifest + redhat.satellite.redhat_manifest: + name: "{{ inventory_hostname }}" + username: "{{ red_hat_portal_username }}" + password: "{{ red_hat_portal_password }}" + content_access_mode: org_environment + pool_id: "{{ item.id }}" + quantity: "{{ item.quantity }}" + path: "/root/{{ inventory_hostname }}_manifest.zip" + loop: "{{ subscription_pools }}" + register: manifest + + - name: Store Manifest UUID + ansible.builtin.copy: + content: "{{ manifest.results[0].uuid }}" + dest: "/root/{{ inventory_hostname }}_manifest_uuid.txt" + mode: '0640' + + - name: "Upload the manifest" + redhat.satellite.subscription_manifest: + username: "{{ satellite_username }}" + password: "{{ satellite_password }}" + server_url: "{{ satellite_server_url }}" + organization: "{{ satellite_organization }}" + state: present + manifest_path: "/root/{{ inventory_hostname }}_manifest.zip" diff --git a/maintain_provisioning.yml b/maintain_provisioning.yml index e1d75ca..2d56bfb 100644 --- a/maintain_provisioning.yml +++ b/maintain_provisioning.yml @@ -1,87 +1,39 @@ --- -- name: Maintain Satellite Provisioning Configuration +- name: Manage Provisioning hosts: satellites - gather_facts: no - vars_files: - - vars/domains.yml - - vars/subnets.yml - - vars/hostgroups.yml + gather_facts: false + tags: + - satconfig + - provision tasks: - name: Manage Domains - redhat.satellite.domain: - server_url: "https://{{ inventory_hostname }}" - username: "{{ satellite_username }}" - password: "{{ satellite_password }}" - name: "{{ item.name }}" - dns_proxy: "{{ item.dns_proxy | default(omit) }}" - locations: "{{ item.locations }}" - organizations: "{{ item.organizations }}" - state: present - loop: "{{ domains }}" - tags: domains,provision + ansible.builtin.import_role: + name: redhat.satellite.domains + tags: + - domains - name: Manage Subnets - redhat.satellite.subnet: - server_url: "https://{{ inventory_hostname }}" - username: "{{ satellite_username }}" - password: "{{ satellite_password }}" - name: "{{ item.name }}" - description: "{{ item.description }}" - network_type: "{{ item.network_type }}" - dns_primary: "{{ item.dns_primary }}" - dns_secondary: "{{ item.dns_secondary }}" - domains: "{{ item.domains }}" - gateway: "{{ item.gateway }}" - network: "{{ item.network }}" - cidr: "{{ item.cidr }}" - mask: "{{ item.mask }}" - from_ip: "{{ item.from_ip }}" - to_ip: "{{ item.to_ip }}" - boot_mode: "{{ item.boot_mode }}" - ipam: "{{ item.ipam }}" - dhcp_proxy: "{{ item.dhcp_proxy | default(omit) }}" - httpboot_proxy: "{{ item.httpboot_proxy | default(omit) }}" - tftp_proxy: "{{ item.tftp_proxy | default(omit) }}" - discovery_proxy: "{{ item.discovery_proxy | default(omit) }}" - dns_proxy: "{{ item.dns_proxy | default(omit) }}" - template_proxy: "{{ item.template_proxy | default(omit) }}" - remote_execution_proxies: "{{ item.remote_execution_proxies }}" - externalipam_proxy: "{{ item.externalipam_proxy }}" - externalipam_group: "{{ item.externalipam_group | default(omit) }}" - vlanid: "{{ item.vlanid | default(omit) }}" - mtu: "{{ item.mtu }}" - organizations: "{{ item.organizations }}" - locations: "{{ item.locations }}" - state: present - loop: "{{ subnets }}" - tags: subnets,provision + ansible.builtin.import_role: + name: redhat.satellite.subnets + tags: + - subnets - - name: Manage Host Groups + - name: Manage Hostgroups + ansible.builtin.import_role: + name: redhat.satellite.hostgroups + tags: + - hostgroups + + - name: Set Default Root Password for Hostgroups redhat.satellite.hostgroup: username: "{{ satellite_username }}" password: "{{ satellite_password }}" - server_url: "https://{{ inventory_hostname }}" + server_url: "{{ satellite_server_url }}" organization: "{{ satellite_organization }}" name: "{{ item.name }}" - lifecycle_environment: "{{ item.lifecycle_environment }}" - content_view: "{{ item.content_view }}" - content_source: "{{ item.content_source }}" - environment: "{{ item.environment | default(omit) }}" - puppet_proxy: "{{ item.puppet_proxy | default(omit) }}" - puppet_ca_proxy: "{{ item.puppet_ca_proxy | default(omit) }}" - openscap_proxy: "{{ item.openscap_proxy }}" - domain: "{{ item.domain }}" - subnet: "{{ item.subnet }}" - architecture: "{{ item.architecture }}" - operatingsystem: "{{ item.operatingsystem }}" - kickstart_repository: "{{ item.kickstart_repository }}" - ptable: "{{ item.ptable }}" - pxe_loader: "{{ item.pxe_loader }}" - parameters: "{{ item.parameters | default(omit) }}" - locations: "{{ item.locations }}" - activation_keys: "{{ item.activation_keys }}" + root_pass: "{{ hostgroup_default_root_password }}" state: present - loop: "{{ hostgroups }}" - tags: hostgroups,provision - + loop: "{{ satellite_hostgroups }}" + tags: + - setrootpw diff --git a/maintain_repositories.yml b/maintain_repositories.yml new file mode 100644 index 0000000..7d3d1da --- /dev/null +++ b/maintain_repositories.yml @@ -0,0 +1,48 @@ +--- +- name: Maintain Satellite Repositories + hosts: satellites + gather_facts: false + tags: + - satconfig + + tasks: + - name: Refresh manifest + redhat.satellite.subscription_manifest: + username: "{{ satellite_username }}" + password: "{{ satellite_password }}" + server_url: "{{ satellite_server_url }}" + organization: "{{ satellite_organization }}" + state: refreshed + tags: + - manifest + + - name: Manage GPG keys + redhat.satellite.content_credential: + username: "{{ satellite_username }}" + password: "{{ satellite_password }}" + server_url: "{{ satellite_server_url }}" + organization: "{{ satellite_organization }}" + content_type: gpg_key + name: "{{ item.gpg_key }}" + content: "{{ lookup('url', item.gpg_url) }}" + loop: "{{ satellite_products }}" + when: item.gpg_key is defined + tags: + - gpgkeys + + - name: Enable repositories + ansible.builtin.import_role: + name: redhat.satellite.repositories + tags: + - enablerepos + + - name: Sync Products + redhat.satellite.repository_sync: + username: "{{ satellite_username }}" + password: "{{ satellite_password }}" + server_url: "{{ satellite_server_url }}" + product: "{{ item.name }}" + organization: "{{ satellite_organization }}" + loop: "{{ satellite_products }}" + tags: + - sync diff --git a/maintain_satellite_settings.yml b/maintain_satellite_settings.yml new file mode 100644 index 0000000..e751a95 --- /dev/null +++ b/maintain_satellite_settings.yml @@ -0,0 +1,11 @@ +--- +- name: Configure Satellite Settings + hosts: satellites + gather_facts: false + tags: + - satconfig + + tasks: + - name: Configure Satellite Settings + ansible.builtin.import_role: + name: redhat.satellite.settings diff --git a/maintain_sync_plans.yml b/maintain_sync_plans.yml new file mode 100644 index 0000000..3611cd6 --- /dev/null +++ b/maintain_sync_plans.yml @@ -0,0 +1,12 @@ +--- +- name: Manage Sync Plans + hosts: satellites + gather_facts: false + tags: + - syncplans + - satconfig + + tasks: + - name: Manage Sync Plans + ansible.builtin.import_role: + name: redhat.satellite.sync_plans diff --git a/sat_prep.bash b/sat_prep.bash index 0e8d6dc..ced1f43 100755 --- a/sat_prep.bash +++ b/sat_prep.bash @@ -1,25 +1,24 @@ #!/bin/bash -cd /root - # Configure Satellite 6.14 repositories subscription-manager repos --disable "*" subscription-manager repos --enable=rhel-8-for-x86_64-baseos-rpms \ ---enable=rhel-8-for-x86_64-appstream-rpms \ ---enable=satellite-6.14-for-rhel-8-x86_64-rpms \ ---enable=satellite-maintenance-6.14-for-rhel-8-x86_64-rpms + --enable=rhel-8-for-x86_64-appstream-rpms \ + --enable=satellite-6.14-for-rhel-8-x86_64-rpms \ + --enable=satellite-maintenance-6.14-for-rhel-8-x86_64-rpms dnf -y module enable satellite:el8 -# clear dnf cache +# Clear dnf cache dnf clean all rm -rf /var/cache/yum/* -# install Ansible +# Install Ansible dnf -y install ansible-core rhel-system-roles ansible-collection-redhat-satellite ansible-collection-redhat-satellite_operations # Update OS dnf -y update -systemctl reboot +# Check if reboot is needed before proceeding +dnf needs-restarting --reboothint diff --git a/satellite_complete_installation_configuration.yml b/satellite_complete_installation_configuration.yml deleted file mode 100644 index 5f0e594..0000000 --- a/satellite_complete_installation_configuration.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -- name: Install and Configure Satellite - hosts: satellites - gather_facts: false - -- name: Install Satellite - import_playbook: install_satellite.yml - -- name: Maintain Main Satellite Content - import_playbook: maintain_content.yml - -- name: Maintain Activation Keys - import_playbook: maintain_activation_keys.yml - -- name: Maintain Locations - import_playbook: maintain_locations.yml - -- name: Maintain Satellite Provisioning Configuration - import_playbook: maintain_provisioning.yml - -- name: Set Default Root Password for Hostgroups - import_playbook: hostgroup_set_default_root_password.yml diff --git a/site.yml b/site.yml new file mode 100644 index 0000000..f3529a7 --- /dev/null +++ b/site.yml @@ -0,0 +1,32 @@ +--- +- name: Install Satellite Packages + ansible.builtin.import_playbook: install_satellite_packages.yml + +- name: Install Satellite + ansible.builtin.import_playbook: install_satellite.yml + +- name: Manage Manifest + ansible.builtin.import_playbook: maintain_manifest.yml + +- name: Manage Satellite Settings + ansible.builtin.import_playbook: maintain_satellite_settings.yml + +- name: Manage Locations + ansible.builtin.import_playbook: maintain_locations.yml + +- name: Manage Repositories + ansible.builtin.import_playbook: maintain_repositories.yml + +- name: Manage Sync Plans + ansible.builtin.import_playbook: maintain_sync_plans.yml + +- name: Manage Content Views + ansible.builtin.import_playbook: maintain_content.yml + +- name: Manage Activation Keys + ansible.builtin.import_playbook: maintain_activation_keys.yml + +## Capsule Installation + +- name: Manage Provisioning + ansible.builtin.import_playbook: maintain_provisioning.yml