Ansible and Insights Part 3 - Setting up Ansible Tower for Insights automated remediation

For our final Ansible and Insights release blog, we will finish this three part series by showing you how to enable Tower to talk with the Insights API to enable jobs for site wide remediation. This builds on our previous blog post, Ansible and Insights Part 2 - Automating Ansible Core remediation, so if you have do not have the pre-requisites mentioned in Part 2, you should verify you have met those requirements and can build a Planner plan within Insights before trying to follow along.

Prerequisites for being able to utilise Ansible functionality with Insights are:
- Active RHEL subscription
- Active Insights evaluation or entitlement
- RHEL 7 or RHEL 6.4 and later
- Ansible Tower 3.1.2 for examples in this blog post
- Insights systems registered and reporting with an identifiable problem
- Ability to manage systems via Ansible with Insights system hostname or "display name" as the hostname in your ansible inventory in Ansible Tower.
- Ability to store credentials, projects, and create template's within Ansible Tower (administrator account is used in these examples).
- Your Red Hat Customer portal username/password (the same one you use to login to Red Hat Insights on the Customer Portal.

** Editor's Update Oct 12, 2017 **: For Tower 3.2 there are some new features and functionality available, as well as a few new steps to complete integration. Please see the latest Tower documentation for more information - These changes may make some steps in this instructional blog for Tower 3.1.2 obsolete, but will add improved functionality.

Creating a plan for your remediation in Red Hat Insights
Similar to building out a remediation plan for use with Ansible, you can create a plan for Ansible Tower with the same procedure. We outline this process in Ansible and Insights Part 2 - Automating Ansible Core remediation and the only minor difference is that once you save the plan it is able to be sync'd to your Tower. You do not have to download the playbook, although you can download and modify it for manual or process based (git, etc.) import into your Tower.

Since we have our example plans built from our previous blog, we need to now setup Tower to interface with the Red Hat Insights API. This only takes a few minor one time setup steps and a minimal amount of time.

Setting up Insights Credentials
- Login to your Tower and click the Settings icon to enter the Settings menu.
- Click Credentials to access the Credentials page.
- Click the add button located in the upper right corner of the Credentials screen.
- Enter the name of the credential to be used in the Name field. For example, "Red Hat Insights credentials"
- In the Type drop down menu list, select Source Control.
- Enter your Red Hat Customer Portal credentials associated with your Insights deployment in the Username and Password fields.
- Click Save when done.

Setting up Insights inventory
Insights will include a hosts: line that contains the hostname that Insights itself knows about which may be different than the hostname that Tower knows about. Therefore, make sure that those hostnames match up with what Tower has in its inventory by comparing the systems in the Red Hat Insights Portal to the systems listed in the Tower Inventory.

To create a new inventory for use with Insights:
- Click the Inventory main link to access the Inventories page.
- Click the Add button, which launches the New Inventory window.
Enter the name and organization to be used in their respective fields.
- Click Save to proceed to the Groups and Hosts Management screen.
In the Hosts (right side) of the Inventory display screen, click the Add Host button to open the Create Host dialog.
Enter the name in the Host Name field associated with the Insights host that will be used and click Save.

Now that we have our inventory to manage added or imported into Tower we should setup the Insights Planner sync project. Every time this project runs it will sync the available Planner plans between Insights and your Tower.

Setting up Insights project
In your Tower click the Projects main link to access the Projects page.
- Click the Add button, which launches the New Project window.
Enter the appropriate details into the required fields, at minimum.
SCM Type should be “Red Hat Insights”
Upon selecting the SCM type, the Source Details field expands. Enter the name of the credential you created in the previous step for use in this project in the text field provided, or click the search button to look up and select the name
- Click to select the update option for this project, and provide any additional values, if applicable. For information about each option, click the help button next to the options.

Creating an Insights job template
Now that we have our credentials, inventory, and projects added, we will create a job template to run an Insights playbook. You can do this for any large scale job you would want to enable across the enterprise or for groups within your enterprise.
- Click the Templates main link to access the Templates page.
- Click the Add button and select Job Template from the drop-down menu list, which launches the New Job Template window.
Enter the appropriate details into the required fields, at minimum. Note the following fields requiring specific Insights-related entries:
In the Inventory field, enter (or choose from lookup) the name of the inventory you created with the appropriate hostnames used by Insights.
In the Project field, enter (or choose from lookup) the name of the Insights project to be used with this job template.
In the Playbook drop-down menu list, choose the playbook to be launched with this job template from the available playbooks associated with the selected Insights project.
For additional information about each field, click its corresponding Help button or refer to Job Templates for details.

Complete the rest of the template with other attributes such as permissions, notifications, and surveys, as necessary. When done completing the job template, select Save.

- To launch the job template, click the Launch button (under Actions).
Once complete, the playbook's job results display in the Job Details page.

For the examples we have been following with this blog, you should use a similar Planner plan from our previous blog post, such as fixing a few systems in the Payload Injection Fix plan within Insights.

For that use case you would select the so-named "Payload Injection fix" from the Playbook dropdown and the remediation that we applied in the previous blog post can also be applied to machines from Tower.

You can then go back to the Insights Planner and see that the Payload Injection Fix Insights plan has remediated the selected systems via Tower.

Final note
We hope this helps you see how powerful the Insights and Tower integration is becoming, giving operations teams the ability to scale guided remediation out to the entire enterprise. Please let us know how we’re doing with Insights integrations and the service by emailing us at insights@redhat.com or by using the Provide Feedback button at the top of every Insights Customer Portal page.

Stay tuned for more in depth and continued Red Hat Insights integrations into the Red Hat Management portfolio and other Red Hat software, and if you're interested in utilising these technologies in your own enterprise you can get started with an evaluation here.