Some questions and notes about Satellite+Tower
I've been working recently to integrate our existing Satellite (6.5) system with Ansible Tower. Prior to using tower all hosts were provisioned directly via Satellite and managed using Satellite's built in Ansible management. There's a pretty good blog entry on this but for whatever reason there's no 'comments' section for RH blogs, so I thought I'd share some. I also have a question or two myself.
The instructions provided for integrating Satellite+Tower are pretty good. Creating the Satellite dynamic inventory source was pretty easy, but I feel it takes far too long to synchronize. I only have ~100 hosts in Satellite and it takes at least 3 minutes to synch that to Tower. Is it supposed to take that long?? There is a setting in the Source configuration to 'Update on Launch'; having this option ticked will cause the inventory to synchronize every time you run a playbook. The end result is far too slow to be tenable; nobody wants to wait around for 3 minutes every time a playbook is tested. What's more is that other jobs (templates) that use the same inventory source will 'queue up' while the inventory is refreshing (they won't run during a synchronization). It doesn't take too long before the system is unable to keep up. For me, clearing the 'Update on Launch' option corrected the issue, and I simply schedule an inventory synchronization a few time/daily. This also complicates the Ansible Tower Provisioning Call-back functionality: because the update is set on the Inventory source and not in the job template, I couldn't disable the inventory update AND have callbacks working. I feel that the inventory update should be an option in the Job template instead of the Inventory source (I found a workaround for this).
The other thing I noticed is that Satellite host parameters aren't available using the role filters specified in the instructions (or the blog post). So, if you have roles that set some sort of config based on a Satellite host parameter, you're out of luck. Fortunately, the host parameters can be exposed if you add the 'View_Params' permission from the 'Parameters' resource when setting up the role assigned to the 'Tower User'. Once the filter is added to the role, host parameters will be visible and can be treated like any other host fact in your roles.
My question is that once I switch my host configuration management into Tower is that systems aren't 'checking in' to Satellite any more and show 'out of synch'. There's an option in each host to disable that but it has to be done as an afterthought for each host. Is there a better way to handle this? Should I have Satellite run an ansible 'ping' role just to keep things happy?
