Chapter 2. Configuration Management Providers

Currently, Red Hat CloudForms has two configuration management providers integrated in it to review and monitor the configuration items and changes to them to eliminate the confusion and error brought about by the existence of different providers. These configuration systems are used for recording and reporting status and change activity for these configuration items.

2.1. Red Hat Satellite 6

Satellite 6 is a subscription and system management tool that provides a way to provision hosts (both virtual and bare metal) and configure them using a set of Puppet modules. Red Hat CloudForms provides functionality to integrate with a Red Hat Satellite 6 server and take advantage of its features. This includes:

  • Monitoring the inventory of your Red Hat Satellite 6 server, including independent hosts and hosts provisioned using hostgroups.
  • Reprovisioning existing bare metal system hosts to new host groups.
  • Applying Red Hat CloudForms policy tags to hosts.
Important

Red Hat CloudForms only reprovisions existing systems in a Red Hat Satellite 6 environment. Provisioning systems from Red Hat Satellite 6’s bare metal discovery service is planned for a future release.

2.1.1. Defining the Workflow

This section uses the following workflow:

  1. Add Red Hat Satellite 6 server details to Red Hat CloudForms.
  2. Refresh the state of your Red Hat Satellite 6 provider in Red Hat CloudForms.
  3. Select an existing bare metal host from Red Hat Satellite 6 for reprovisioning.
  4. Apply policy tags to Red Hat Satellite 6 hosts.

2.1.2. Defining the Hostgroup Hierarchy

Red Hat CloudForms displays the Red Hat Satellite 6 infrastructure in a host group and host relationship. A host group defines a set of default values that hosts inherit when placed in that group. Hosts can belong to only one host group, but host groups can be nested in hierarchies. You can create a "base" or "parent" host group that represents all hosts in your organization, and then create nested or "child" host groups under that parent to provide specific settings.

2.1.3. Adding a Satellite 6 Provider

To start provisioning bare metal machines, you need at least one Red Hat Satelllite 6 provider added to Red Hat CloudForms.

  1. Navigate to ConfigurationConfiguration Management.
  2. Select ConfigurationAdd a new Provider.
  3. Enter a Name for the provider.
  4. Enter a URL for the provider. This is the root URL for the Satellite 6 server and can be either an IP address or a hostname. For example, http://satellite6.example.com.
  5. Select Verify Peer Certificate to use encrypted communication with the provider. This requires the SSL certificates from your Red Hat Satellite 6 provider.
  6. Enter a Username for a user on the provider. Ideally, this would be a user in Satellite 6 with administrative access.
  7. Enter a Password, and then enter it again in Confirm Password.
  8. Click Validate to test your connection with the Red Hat Satellite 6 server.
  9. Click Add to confirm your settings and save the provider.

Red Hat CloudForms saves the Satellite 6 provider in its database and triggers a refresh of resources detected in the provider.

2.1.4. Triggering a Refresh of a Satellite 6 Provider

Your Satellite 6 provider can still create new hosts independently of Red Hat CloudForms. Your Red Hat CloudForms appliance detects these changes after an automatic refresh period. However, you can trigger a manual refresh to avoid waiting for the automatic refresh.

  1. Navigate to ConfigurationConfiguration Management.
  2. Select your Red Hat Satellite 6 provider using the checkbox, and click ConfigurationRefresh Relationships and Power States. This triggers the refresh.
  3. When the refresh is complete, select the Red Hat Satellite 6 provider to check the updated list of hosts groups in the provider.

2.1.5. Displaying Red Hat Satellite 6 Contents

Red Hat CloudForms provides two methods for viewing the contents of a Red Hat Satellite 6 provider:

  • Providers - This presents the Red Hat Satellite 6 contents as a hierarchy of host groups belonging to a provider, and then individual hosts belonging to each provider.
  • Configured Systems - This presents a list of all hosts on your Red Hat Satellite 6 server. This also provides a method to apply predefined filters to organized specific machines.

Change between these two views using the accordion menu on the left of the user interface.

2.1.6. Reprovisioning a Bare Metal Host

This procedure provides an example of reprovisioning an existing bare metal system into a new hostgroup. For this example, your Red Hat Satellite 6 environment requires the following:

  • An existing bare metal system stored as a host object in your Red Hat Satellite 6 server. This system can be one of the following:

    • A standalone system previously provisioned without a host group.
    • A system previously provisioned using a host group.
  • A target host group. This host group contains the system configuration to apply to the host when reprovisioning it. This includes:

    • A new operating system installation, including a new partition table.
    • A new networking configuration that the Red Hat Satellite 6 server defines and manages.
    • Registration to any Red Hat subscriptions and repositories assigned to the host group.
    • Application of any Puppet modules assigned to the host group.
  1. Navigate to ConfigurationConfiguration Management.
  2. Select Configured Systems from the accordion menu on the left. This displays the system list.
  3. Select one or more hosts to reprovision.
  4. Select LifecycleProvision Configured Systems.
  5. Under the Request tab, enter the following details:

    1. E-Mail address
    2. First Name
    3. Last Name
    4. This form also contains optional fields for users to enter a plain text Note to inform Red Hat CloudForms administrators of any special details, and a field to provide a manager’s name in case administrators require approval from a user’s manager.
  6. Select the Purpose tab and select any Red Hat CloudForms policy tags that apply to the system.
  7. Select the Catalog tab. This screen displays the list of chosen machines to reprovision and their current details. Select a target host group from the Configuration Profile list. Red Hat CloudForms communicates with Red Hat Satellite to apply the configuration from this host group to the selected host and reprovision the system.
  8. Select the Customize tab. This screen displays some customizable fields for the selected system. You can change the Root Password or change the Hostname and IP Address. Note that these fields are optional, because the host group in Red Hat Satellite 6 contains this information. The fields here will override the settings from the host group.

    Important

    Provisioning bare metal systems still requires access to the network that Red Hat Satellite 6 manages. This is because Red Hat Satellite controls PXE booting, kickstarts, and Puppet configuration for bare metal systems. Ensure the IP address you enter in Red Hat CloudForms can access a DHCP service that Red Hat Satellite 6 provides either through the main server or through a Red Hat Satellite 6 Capsule server.

  9. Select the Customize tab. This screen allows you to either launch the provisioning process immediately on approval or using a schedule. Click Schedule to show the date and time fields used to schedule the provisioning.
  10. Click Submit.

Depending on the request settings on your Red Hat CloudForms appliance, this provisioning request might require approval from an administrator. If not, the provisioning request launches depending on your choice for the schedule.

Note

Previously provisioned hosts might require manual selection of PXE boot from the boot menu, otherwise they might boot to hard disk and not reprovision.

2.1.7. Tagging a Bare Metal Host

Red Hat CloudForms can also control policy settings of bare metal systems from Red Hat Satellite 6 through tagging. Tagging attaches levels of metadata to help define the policy rules required for a set of systems.

  1. Navigate to ConfigurationConfiguration Management.
  2. Select Configured Systems from the accordion menu on the left. This displays the system list.
  3. Select one or more hosts to tag.
  4. Select PolicyEdit Tags.
  5. Under Tag Assignment, select a tag from Select a customer tag to assign and then choose a value from Select a value to assign. For example, you can tag this system as located in Chicago by selecting Location as the tag and Chicago as the value. Once selected, the user interface automatically adds this tag and value to the table below.
  6. Click Save.

The bare metal system is now configured with a set of policy tags.

2.2. Ansible Tower

Ansible Tower is a management tool integrated with Red Hat CloudForms, designed to help automate infrastructure operations. Red Hat CloudForms allows you to execute Ansible Tower jobs using service catalogs and Automate. No custom configuration or Ruby scripting is needed in Red Hat CloudForms, as configuration is done in Ansible Tower using playbooks.

You can use the large library of existing Ansible playbooks as Red Hat CloudForms state machines to automate tasks such as backups, package updates, and maintenance in your Red Hat CloudForms environment. This also includes deploying Red Hat Satellite agents on bare metal machines as required. This can be particularly useful for quickly applying changes across large environments with many virtual machines or instances. Using Ansible Tower, you can schedule Ansible playbook runs and monitor current and historical results, allowing for troubleshooting or identification of issues before they occur.

The basic workflow when using Red Hat CloudForms with an Ansible Tower provider is as follows:

  1. Create an Ansible playbook which performs a specific task.
  2. A new Ansible Tower job template is created from the playbook, which is then retrieved by Red Hat CloudForms.
  3. From the Ansible Tower job template, create a new catalog item in Red Hat CloudForms, optionally with a service dialog that allows the user to enter parameters if needed.
  4. The user orders the service from the Red Hat CloudForms user interface, and fills out any additional arguments (for example, limiting the task to run on a specific set of virtual machines).
  5. The job executes.
Note

For more information on Ansible playbooks, see the Ansible playbook documentation.

2.2.1. Adding an Ansible Tower Provider

To access your Ansible Tower inventory from Red Hat CloudForms, you must add Ansible Tower as a provider.

  1. Navigate to ConfigurationConfiguration ManagementProviders.
  2. Under Configuration Configuration, click Add a new Provider Add a new Provider.
  3. In the Add a new Configuration Management Provider area:

    Add_Ansible_Provider

    1. Enter a Name for the new provider.
    2. In the Type field, select Ansible Tower from the list.
    3. Enter the URL location or IP address to the Ansible Tower server.
  4. Select the Verify Peer Certificate checkbox if desired.
  5. In the Credentials area, provide the Username and Password, and Confirm Password.
  6. Click Add.

After adding the Ansible Tower provider, refresh its relationships and power states in order to view the current inventory.

2.2.2. Refreshing an Ansible Tower Provider

Refresh relationships of all items related to an existing Ansible Tower configuration management provider including inventory, hosts, virtual machines, and clusters.

You can refresh inventory from Red Hat CloudForms, or by enabling the Update on Launch option for inventory groups in Ansible Tower. The Update on Launch option allows Ansible Tower to automatically update inventory using a dynamic inventory script before launching an Ansible Tower job from a playbook. See the Ansible Tower documentation for more information.

Important

It can take a long time to retrieve information from providers containing many virtual machines or instances. The Ansible Tower dynamic inventory script can be modified to limit updates to specific items and reduce refresh time.

To refresh an Ansible Tower provider’s inventory in Red Hat CloudForms:

  1. Navigate to ConfigurationConfiguration ManagementProviders.
  2. Select the checkboxes for the Ansible Tower providers to refresh under All Ansible Tower Providers.
  3. Click Configuration (Configuration), and then Refresh Relationships and Power States (Refresh Relationships and Power States).
  4. Click OK.

Red Hat CloudForms then queries the Ansible Tower API and obtains an inventory of all available hosts and job templates.

2.2.3. Viewing Ansible Tower Providers and Inventory

Red Hat CloudForms automatically updates its inventory from Ansible Tower. This includes system groups (known as Inventories in Ansible Tower), basic information about individual systems, and available Ansible Tower job templates to be executed from the service catalog or Automate.

Note

To view and access Ansible Tower inventories and job templates in Red Hat CloudForms, you must first create them in Ansible Tower.

To view a list of Ansible Tower providers and inventory:

  1. Navigate to ConfigurationConfiguration ManagementProviders.
  2. Under All Configuration Manager Providers, select the Ansible Tower Providers accordion menu to display a list of providers.
  3. Select your Ansible Tower provider to expand and list the inventory groups on that Ansible Tower system. The inventory groups can be expanded to view the systems contained within each group, as well as configuration details for these systems.

Similarly, all discovered job templates are accessed under the provider by expanding the ConfigurationConfiguration ManagementAnsible Tower Job Templates accordion menu.

2.2.4. Viewing Ansible Tower Configured Systems

To view the systems in your Ansible Tower inventory:

  1. Navigate to ConfigurationConfiguration ManagementConfigured Systems.
  2. Under All Configured Systems, select Ansible Tower Configured Systems to display a list.

2.2.5. Executing an Ansible Tower Job Template from a Service Catalog

You can execute an Ansible Tower playbook from Red Hat CloudForms by creating a service catalog item from an Ansible Tower job template.

Important

You must first create the job template in Ansible Tower. The job templates are automatically discovered by Red Hat CloudForms when refreshing your Ansible Tower provider’s inventory.

First, create a catalog:

  1. Navigate to ServicesCatalogs.
  2. Click Configuration (Configuration), then Add a New Catalog (Add a New Catalog)
  3. Enter a Name and Description for the catalog.
  4. Click Add.

Then, create an Ansible Tower service catalog item:

  1. Navigate to ConfigurationConfiguration Management.
  2. Click Ansible Tower Job Templates and select an Ansible Tower job template.
  3. Click Configuration (Configuration), then Create Service Dialog from this Job Template (Create Service Dialog from this Job Template).
  4. Enter a Service Dialog Name (for example, ansible_tower_job)and click Save.
  5. Navigate to ServicesCatalogs. Click Catalog Items.
  6. Click Configuration (Configuration), then Add a New Catalog Item (Add a New Catalog Item) to create a new catalog item with the following details, at minimum:

    • For Catalog Item type, select Ansible Tower.
    • Enter a Name for the service catalog item.
    • Select Display in Catalog.
    • In Catalog, select the catalog you created previously.
    • In Dialog, select the service dialog you created previously (in this example, ansible_tower_job). No Dialog can be selected if the playbook does not require extra variables from the user. To ask the user to enter extra information when running the task, Service Dialog must be selected.
    • In Provider, select your Ansible Tower provider. This brings up the Ansible Tower Job Template option and configures the Provisioning Entry Point State Machine automatically.
    • Select your desired Ansible Tower Job Template from the list. Generally, this is the Ansible Tower job template previously used to create the service dialog.

      Add AT Service Catalog Item

  7. Click Add. The catalog item you created will appear in the All Service Catalog Items list.

To execute the Ansible Tower job:

  1. Navigate to Service CatalogsAnsible Tower catalog.

    Order AT Catalog Item

  2. Click Order for the catalog item.
  3. Enter any variables requested and click Submit.

Red Hat CloudForms takes you to the Requests queue page and show the status of the job.

The service item’s details can be viewed in ServicesMy Services in Red Hat CloudForms.

Note

Instead of running a single job at a time, multiple service catalog items can also be grouped together as a catalog bundle to create one deployment with multiple job templates. See Catalogs and Services in Provisioning Virtual Machines and Hosts for more information.

2.2.6. Executing an Ansible Tower Job Using a Custom Automate Button

Red Hat CloudForms can execute Ansible Tower jobs on virtual machines or instances using custom buttons in Automate.

Ansible Tower jobs can either be non-customizable, which do not require any extra configuration from the user, or alternatively, they can allow the user to specify a parameter (for example, a package name to install). In Ansible Tower jobs containing a dialog, Red Hat CloudForms accepts additional information from the user and adds it to the appropriate API call in Automate, and then sends it into Ansible Tower.

Prerequisites

Before creating an Automate button to execute an Ansible Tower job, the following must be configured:

  • An Ansible playbook in Ansible Tower. See the Ansible Tower documentation for instructions.
  • Ansible Tower must be able reach virtual machines or instances deployed by Red Hat CloudForms at the IP level.
  • The virtual machine template must have the Ansible Tower environment’s public SSH key injected. For cloud instances, cloud-init can be used and the public SSH key can be passed without rebuilding the image.
  • Any dynamic inventory scripts used must be configured to return the virtual machine names exactly as they are stored in Red Hat CloudForms, without the UUID appended.

Executing an Ansible Tower Job using a Custom Automate Button

To configure a custom button to execute an Ansible Tower job on a virtual machine or instance, first create the button:

  1. Navigate to AutomateCustomization.
  2. Click the Buttons accordion menu.
  3. Click VM and InstanceUnassigned Buttons. This configures the button to run on virtual machines or instances.
  4. Click 1847 (Configuration), then click 1862 (Add a new Button).

    • In the Adding a new Button screen, configure the Action parameters as desired. Dialog can be left blank if the playbook does not require extra variables. To ask the user to enter extra information when running the task, Service Dialog must be selected.
    • Configure Object Details fields with the following request details:

      • For System/Process, select Request.
      • For Message, enter create.
      • For Request, enter Ansible_Tower_Job.
    • Configure Attribute/Value Pairs with the following parameters:

      • job_template_name is the Ansible Tower job template name to associate with the button. The job_template_name field is mandatory; other parameters are provided by the Tower job dialog.
    • Configure Visibility to all users, or limit visibility by role as desired.

      Add button

    • Click Add.

If you do not have an existing button group to assign the new button to, create a new button group:

  1. From AutomateCustomization, navigate to ButtonsVM and InstanceAdd a new Button Group, and configure the following:

    • Configure Basic Info as desired. For example, name the button group VM Actions.
    • In Assign Buttons, select the button you just created from the Unassigned list and click 1876 to assign it to Selected.

      Create button group

    • Click Add.

To assign the button to an existing button group:

  1. Navigate to ButtonsVM and InstanceVM ActionsEdit this Button Group.
  2. In Assign Buttons, select the button you just created from the Unassigned list and click 1876 to assign it to Selected.
  3. Click Add.

To use the button to run an Ansible Tower job on a virtual machine:

  1. Navigate to ComputeInfrastructureVirtual Machines.
  2. Select the virtual machine to run the Ansible Tower job template on.
  3. Click the VM Actions button to show the button you created, and click the button from the list to run the Ansible Tower job template.

    Run Update Button

  4. Click Submit to execute the job.

Red Hat CloudForms then confirms the job has been executed.

If you selected a service dialog to run when creating the button, Red Hat CloudForms will then prompt you to enter variables to complete the task. After entering your desired parameters, Red Hat CloudForms takes you to the Requests page.

The service item’s details can be viewed in ServicesMy Services in Red Hat CloudForms.