Chapter 7. Integrating Red Hat Satellite and Ansible Tower

You can integrate Red Hat Satellite 6.3 and Ansible Tower to use Satellite Server as a dynamic inventory source for Ansible Tower.

You can also use the provisioning callback function to run playbooks on hosts managed by Satellite, from either the host or Ansible Tower. When provisioning new hosts from Satellite Server, you can use the provisioning callback function to trigger playbook runs from Ansible Tower. The playbook configures the host following Kickstart deployment.

7.1. Adding Satellite Server to Ansible Tower as a Dynamic Inventory Item

To add Satellite Server to Ansible Tower as a dynamic inventory item, you must create a credential for a Satellite Server user on Ansible Tower, add an Ansible Tower user to the credential, and then configure an inventory source.

Prerequisites

Satellite Server and Ansible Tower communicate by using credentials and callbacks.

  • You must have a Satellite Server user with an integration role that includes the necessary permission filters. For more information about managing users, roles, and permission filters, see Managing Users and Roles and Creating and Managing Roles in the Administering Red Hat Satellite Guide.
  • You must specify the following permission filters and assign the role to the user.

    Table 7.1. Permission Filters

    ResourcePermissionsAccess Description

    Host

    view_hosts

    To view Satellite Server hosts.

    Host Group

    view_hostgroups

    To view Satellite Server host groups.

    Fact value

    view_facts

    To view Satellite Server Facts.

To Add Satellite Server to Ansible Tower as a Dynamic Inventory Item:

  1. In the Ansible Tower Web UI, create a credential for your Satellite. For more information about creating credentials, see Add a New Credential and Red Hat Satellite 6 Credentials in the Ansible Tower User Guide.

    Table 7.2. Satellite Credentials

    Credential Type:

    Red Hat Satellite 6

    Satellite 6 URL:

    https://satellite.example.com

    Username:

    The username of the Satellite user with the integration role.

    Password:

    The password of the Satellite user.

  2. Add an Ansible Tower user to the new credential. For more information about adding a user to a credential, see Getting Started with Credentials in the Ansible Tower User Guide.
  3. Add Satellite Server as a new inventory source, specifying the following inventory source options. For more information about adding inventories, see Add a new inventory in the Ansible Tower User Guide.

    Table 7.3. Inventory Source Options

    Source:

    Red Hat Satellite 6

    Credential:

    The credential you created for Satellite Server.

    Overwrite:

    Selected

    Update on Launch:

    Selected

    Cache Timeout:

    90

For more information about managing inventories, see Inventories in the Ansible Tower User Guide.

7.2. Configuring Provisioning Callback for a Host

You can configure Provisioning Callback for an Ansible Tower template. You can then call a specific URL on the Ansible Tower server, pass variables to it, and trigger a playbook run on the calling system.

You can also use this feature to trigger playbook runs on newly deployed hosts. For more information about provisioning callbacks, see Provisioning Callbacks in the Ansible Tower User Guide.

In Satellite the Satellite Kickstart Default and Satellite Kickstart Default Finish templates include three snippets:

ansible_provisioning_callback
ansible_tower_callback_script
ansible_tower_callback_service

To configure provisioning callback for a host or host group, you must create and define parameters for each snippet.

Prerequisites

  • Red Hat Satellite 6.3 and Ansible Tower must be integrated before configuring Provisioning Callback for a host. For more information, see, Integrating Satellite and Ansible Tower.
  • In the Ansible Tower Web UI, you must enable provisioning callbacks, generate the host configuration key, and have the template_ID of your job template. For more information about job templates, see Job Templates in the Ansible Tower User Guide.

To Configure Provisioning Callback for a Host:

  1. In the Red Hat Satellite Web UI, navigate to Hosts > All hosts.
  2. On the Hosts page, select the host you want to edit from the Hosts list.
  3. In the Host Group window, click the Parameters tab.
  4. In the Host parameters window, click Add Parameter.
  5. In the Name field, enter ansible_tower_provisioning.
  6. In the Value field, enter true.
  7. Repeat Step 4 to Step 6 to create each of the following parameters:

    Table 7.4. Host Parameters

    NameValueDescription

    ansible_tower_provisioning

    true

    Enables Provisioning Callback.

    ansible_tower_fqdn

    tower.example.com

    The fully qualified domain name (FQDN) of your Ansible Tower.

    ansible_job_template_id

    template_ID

    The ID of your provisioning template found in the URL of the template: /templates/job_template/5.

    ansible_host_config_key

    config_KEY

    The host configuration key generated by your job template in Ansible Tower.

  8. Click Submit when you have created all the necessary parameters.
  9. To verify that the provisioning callback is configured correctly, start the ansible-callback service and then check the status of the service:

    1. On the command line, enter the following command to start the ansible-callback service:

      # systemctl start ansible-callback
    2. On the command line, enter the following command to output the status of the ansible-callback service:

      # systemctl status ansible-callback

      Provisioning callback is configured correctly if the command returns the following output:

      SAT_host systemd[1]: Started Provisioning callback to Ansible Tower...

To Configure Provisioning Callback for a Host Group:

  1. In the Red Hat Satellite Web UI, navigate to Configure > Host groups.
  2. On the Host Groups page, select the host group you want to edit from the Host Group list.
  3. In the Host Group window, click the Parameters tab.
  4. In the Host group parameters window, click Add Parameter.
  5. In the Name field, enter ansible_tower_provisioning.
  6. In the Value field, enter true.
  7. Repeat Step 4 to Step 6 to create each of the following parameters:

    Table 7.5. Host Group Parameters

    NameValueDescription

    ansible_tower_provisioning

    true

    Enables Provisioning Callback.

    ansible_tower_fqdn

    tower.example.com

    The fully qualified domain name (FQDN) of your Ansible Tower.

    ansible_job_template_id

    template_ID

    The ID of your provisioning template found in the URL of the template: /templates/job_template/5.

    ansible_host_config_key

    config_KEY

    The host configuration key generated by your job template in Ansible Tower.

  8. Click Submit when you have created all the necessary parameters.
  9. To verify that the provisioning callback is configured correctly, start the ansible-callback service and then check the status of the service:

    1. On the command line, enter the following command to start the ansible-callback service:

      # systemctl start ansible-callback
    2. On the command line, enter the following command to output the status of the ansible-callback service:

      # systemctl status ansible-callback

      Provisioning callback is configured correctly if the command returns the following output:

      SAT_host systemd[1]: Started Provisioning callback to Ansible Tower...

You can use the provisioning callback URL and the host configuration key from a host to call Ansible Tower. This triggers the playbook run specified in the template against the host.

You can also use the provisioning callback function to trigger a playbook run from Ansible Tower as part of the provisioning process. The playbook configures the host after Kickstart deployment.