Red Hat Training
A Red Hat training course is available for Red Hat Satellite
Chapter 7. Integrating Red Hat Satellite and Ansible Tower
You can integrate Red Hat Satellite 6.3 and Ansible Tower to use Satellite Server as a dynamic inventory source for Ansible Tower.
You can also use the provisioning callback function to run playbooks on hosts managed by Satellite, from either the host or Ansible Tower. When provisioning new hosts from Satellite Server, you can use the provisioning callback function to trigger playbook runs from Ansible Tower. The playbook configures the host following Kickstart deployment.
7.1. Adding Satellite Server to Ansible Tower as a Dynamic Inventory Item
To add Satellite Server to Ansible Tower as a dynamic inventory item, you must create a credential for a Satellite Server user on Ansible Tower, add an Ansible Tower user to the credential, and then configure an inventory source.
Prerequisites
Satellite Server and Ansible Tower communicate by using credentials and callbacks.
- You must have a Satellite Server user with an integration role that includes the necessary permission filters. For more information about managing users, roles, and permission filters, see Managing Users and Roles and Creating and Managing Roles in the Administering Red Hat Satellite Guide.
You must specify the following permission filters and assign the role to the user.
Table 7.1. Permission Filters
Resource Permissions Access Description Host
view_hosts
To view Satellite Server hosts.
Host Group
view_hostgroups
To view Satellite Server host groups.
Fact value
view_facts
To view Satellite Server Facts.
To Add Satellite Server to Ansible Tower as a Dynamic Inventory Item:
In the Ansible Tower Web UI, create a credential for your Satellite. For more information about creating credentials, see Add a New Credential and Red Hat Satellite 6 Credentials in the Ansible Tower User Guide.
Table 7.2. Satellite Credentials
Credential Type:
Red Hat Satellite 6
Satellite 6 URL:
https://satellite.example.com
Username:
The username of the Satellite user with the integration role.
Password:
The password of the Satellite user.
- Add an Ansible Tower user to the new credential. For more information about adding a user to a credential, see Getting Started with Credentials in the Ansible Tower User Guide.
Add Satellite Server as a new inventory source, specifying the following inventory source options. For more information about adding inventories, see Add a new inventory in the Ansible Tower User Guide.
Table 7.3. Inventory Source Options
Source:
Red Hat Satellite 6
Credential:
The credential you created for Satellite Server.
Overwrite:
Selected
Update on Launch:
Selected
Cache Timeout:
90
For more information about managing inventories, see Inventories in the Ansible Tower User Guide.
7.2. Configuring Provisioning Callback for a Host
You can configure Provisioning Callback for an Ansible Tower template. You can then call a specific URL on the Ansible Tower server, pass variables to it, and trigger a playbook run on the calling system.
You can also use this feature to trigger playbook runs on newly deployed hosts. For more information about provisioning callbacks, see Provisioning Callbacks in the Ansible Tower User Guide.
In Satellite the Satellite Kickstart Default
and Satellite Kickstart Default Finish
templates include three snippets:
ansible_provisioning_callback
ansible_tower_callback_script
ansible_tower_callback_service
To configure provisioning callback for a host or host group, you must create and define parameters for each snippet.
Prerequisites
- Red Hat Satellite 6.3 and Ansible Tower must be integrated before configuring Provisioning Callback for a host. For more information, see, Integrating Satellite and Ansible Tower.
- In the Ansible Tower Web UI, you must enable provisioning callbacks, generate the host configuration key, and have the template_ID of your job template. For more information about job templates, see Job Templates in the Ansible Tower User Guide.
To Configure Provisioning Callback for a Host:
- In the Red Hat Satellite Web UI, navigate to Hosts > All hosts.
- On the Hosts page, select the host you want to edit from the Hosts list.
- In the Host Group window, click the Parameters tab.
- In the Host parameters window, click Add Parameter.
-
In the Name field, enter
ansible_tower_provisioning
. -
In the Value field, enter
true
. Repeat Step 4 to Step 6 to create each of the following parameters:
Table 7.4. Host Parameters
Name Value Description ansible_tower_provisioning
true
Enables Provisioning Callback.
ansible_tower_fqdn
tower.example.com
The fully qualified domain name (FQDN) of your Ansible Tower.
ansible_job_template_id
template_ID
The ID of your provisioning template found in the URL of the template:
/templates/job_template/5
.ansible_host_config_key
config_KEY
The host configuration key generated by your job template in Ansible Tower.
- Click Submit when you have created all the necessary parameters.
To verify that the provisioning callback is configured correctly, start the
ansible-callback
service and then check the status of the service:On the command line, enter the following command to start the
ansible-callback
service:# systemctl start ansible-callback
On the command line, enter the following command to output the status of the
ansible-callback
service:# systemctl status ansible-callback
Provisioning callback is configured correctly if the command returns the following output:
SAT_host systemd[1]: Started Provisioning callback to Ansible Tower...
To Configure Provisioning Callback for a Host Group:
- In the Red Hat Satellite Web UI, navigate to Configure > Host groups.
- On the Host Groups page, select the host group you want to edit from the Host Group list.
- In the Host Group window, click the Parameters tab.
- In the Host group parameters window, click Add Parameter.
-
In the Name field, enter
ansible_tower_provisioning
. -
In the Value field, enter
true
. Repeat Step 4 to Step 6 to create each of the following parameters:
Table 7.5. Host Group Parameters
Name Value Description ansible_tower_provisioning
true
Enables Provisioning Callback.
ansible_tower_fqdn
tower.example.com
The fully qualified domain name (FQDN) of your Ansible Tower.
ansible_job_template_id
template_ID
The ID of your provisioning template found in the URL of the template:
/templates/job_template/5
.ansible_host_config_key
config_KEY
The host configuration key generated by your job template in Ansible Tower.
- Click Submit when you have created all the necessary parameters.
To verify that the provisioning callback is configured correctly, start the
ansible-callback
service and then check the status of the service:On the command line, enter the following command to start the
ansible-callback
service:# systemctl start ansible-callback
On the command line, enter the following command to output the status of the
ansible-callback
service:# systemctl status ansible-callback
Provisioning callback is configured correctly if the command returns the following output:
SAT_host systemd[1]: Started Provisioning callback to Ansible Tower...
You can use the provisioning callback URL and the host configuration key from a host to call Ansible Tower. This triggers the playbook run specified in the template against the host.
You can also use the provisioning callback function to trigger a playbook run from Ansible Tower as part of the provisioning process. The playbook configures the host after Kickstart deployment.