A quick and dirty HOWTO/Guide on configuring and using Host groups and collections in RH Satellite, Targeting them with Ansible. (with resources!)
Before You Begin
- I Don’t think you need to be signed in to an organizational account to access redhat provided collections.
- This was written in response to needing the redhat.satellite collection from redhat.
- I’m trying to write this as something I would want as a sys admin. The quick and dirty “This is what you do, this is how you do it, and here’s how you can be agile with it”
Configure your Activation Keys to bind a host to a specific Host Collection
- Sign into your satellite instance (V1.16)
- Navigate to Configure > Host Collection
- Choose or create a new host group. If you are creating a Host Group, populate it according to your spec.
- Choose Activation Keys
- In the Activation Keys Form Field type in the name of the activation key you would like bound to this host collection
Configure ansible-galaxy To Fetch Collections From RedHat Ansible Automation Hub
STEP ONE: Create API Token for ansible-galaxy
- Navigate to: https://cloud.redhat.com/ansible/automation-hub/token/.
- Click Load Token
- Copy this token into a Text File
- Make note of the server URL, Copying it into a text file
- Make note of the SSO URL, copying it into a text file
STEP TWO: Configure API Token into ansible.cfg
NOTE: The affinity ansible engine uses to check for an ansible.cfg is:
- Environmental Variable ANSIBLE_CONFIG
- ~/.ansible.cfg
- (default) /etc/ansible/ansible.cfg
- In your home directory create an ansible config file: touch ~/.ansible.cfg
- Open it and place the following content inside:
server_list = automation_hub
[galaxy_server.automation_hub]
url=https://console.redhat.com/api/automation-hub/content/published/
auth_url=https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token token=
Pull RedHat.Satellite Ansible Collection from RedHat Automation
STEP ONE: Get The Collection From Ansible Automation Hub
- Run the following command: ansible-galaxy collection install redhat.satellite
- This should now
Write a Playbook/Role that makes a host list for a playbook based on a Host Collection in Satellite.
—
– name: Satellite Host Group Demo
hosts: localhost
become: false
vars:
hostgroup_name: “Production Servers”
tasks:
# Define how CRUD Operations are executed
#- name: CREATE Host Group
– name: READ Host Group
redhat.satellite.hostgroup_info:
username: “Computermun”
password: “computermunspassword”
server_url: “https://satellite.network.local”
validate_certs: false
name: “Production Servers”
register: production_hostgroup
# – name: Debug Message, Show SOE Production Host Group
# ansible.builtin.debug:
# msg: “{{production_hostgroup}}”
# – name: UPDATE Host Group
# ansible.builtin.debug:
# msg: “Not Implemented”
# – name: DESTROY Host Group
# ansible.builtin.debug:
# msg: “Not Implemented”
# Do Zazzy shtuff like filter hosts by hostgroup
– name: FILTER – EX, By Host Group
redhat.satellite.host_info:
username: “ComputerMun”
password: “computermunspassword”
server_url: “https://satellite.network.local”
validate_certs: false
# Create Hostgroup
search: ‘hostgroup_fullname = “{{ hostgroup_name }}”‘
register: host_search_results
– name: Send Host Group Search Results to file
ansible.builtin.file:
path: ~/Documents/hostgroupoutput.txt
state: touch
– name: Save Hot Group Search Results to File for inspection
ansible.builtin.copy:
content: “{{ host_search_results }}”
dest: ~/Documents/hostgroupoutput.txt
– name: Generate Consumable Dynamic Host Group
ansible.builtin.add_host:
name: “{{ item.name }}”
group: dynamically_generated_host_group_from_satellite # This is the group name for the hosts we’re going to target in our next play
loop: “{{ host_search_results.hosts }}”
– name: Use Dynamically Generated Host Group
hosts: dynamically_generated_host_group_from_satellite
become: false
vars:
ANSIBLE_HOST_KEY_CHECKING: false
tasks:
– name: Ping hosts
ansible.builtin.ping:
Thoughts on how and when to use Host groups and collections.
For my part, i think it makes good sense to make host collections our of lifecycles. So for me in my org I’ve modeled the kinds of servers we typically deployed, arranged them into their own lifecycles with matching activation keys that sort them into host collections based on what they are. and then I use host groups to define a scope for Change requests. So I have server lifecycle “Retail Database Server”, for example, which is a collection of all database servers running in a store, so servers that server that serve that role can be targeted all at once (for example enabling lockdown at scale), but then when we are working a change process and need to perform phased changes it’s trivial to write a script that continuously scopes that lifecycle and divides it into however many partitions we want so we can execute changes gradually.
LSS:
Host Collections should be associated with activation keys tide to a lifecycle that represents a server’s role in the environment. Lifecycles should have ansible roles associated with them that terraform the given server into a server that execute’s it’s role in the organization.
Host Groups should be partitions of a collection for phased execution of fleet changes.
Leave a Reply