Chapter 13. Extending Satellite Server Functionality

Red Hat Satellite Server can be extended by installing plugins and using hooks for orchestration and Rails events. The plugins are available as RPM packages in the Red Hat repositories and the Foreman repositories.

13.1. Satellite Plugins

Satellite plugins are available from:

  • Red Hat Repository
  • Foreman Repository

Plugins for Satellite typically include the word foreman in the RPM package name and the plugins for Capsule include the word smart_proxy in the name.

The plugins provided by Red Hat can be searched and installed using the yum command from the Satellite CLI.

The upstream Satellite plugins are available in the Foreman repositories. Each release of Foreman has a separate repository containing plugins for that release.

The Foreman repository needs to be configured in Satellite to install the upstream plugins. Once the repository is configured, the plugins can be searched and installed using the yum command from Satellite CLI.

The Foreman repositories are available at http://yum.theforeman.org/plugins.

Note

Ensure you install plugins compatible with the version of Foreman on your system.

You can view an RPM package description to confirm the identity of a plugin using the yum info or rpm -qi command.

Important

Red Hat supports the Foreman API but not the plugins installed from the Foreman repository.

13.1.1. Searching for Plugins

Search available plugins using the Satellite CLI.

Note

To search upstream plugins as well, configure the Foreman repository as described in Section 13.1.3, “Configuring the Foreman Repository”

Procedure

  • As root user, search for packages with "-foreman" in the package name using yum search.

    Example - Searching rubygem plugin for Satellite: 

    # yum search rubygem-foreman
Loaded plugins: product-id, search-disabled-repos, subscription-manager
=================== N/S matched: rubygem-foreman ==============================
tfm-rubygem-foreman-redhat_access.noarch : Foreman engine to access Red Hat knowledge base and manage support cases.
tfm-rubygem-foreman-tasks.noarch : Tasks support for Foreman with Dynflow integration
tfm-rubygem-foreman_abrt.noarch : Display reports from Automatic Bug Reporting Tool in Foreman
tfm-rubygem-foreman_bootdisk.noarch : Create boot disks to provision hosts with Foreman
output truncated

13.1.2. Installing Plugins

Install plugins using the Satellite CLI.

Note

To install upstream plugins, configure the Foreman repository as described in Section 13.1.3, “Configuring the Foreman Repository”

Procedure

  1. Install the required plugin using yum install.

    Example: Installing the tfm-rubygem-foreman_templates plugin: 

    # yum install tfm-rubygem-foreman_templates

  2. Restart foreman-maintain service. 

    # foreman-maintain service restart

To verify the install, use yum to list installed plugins:

  • Example: Verifying rubygem-foreman plugin is installed: 

    # yum list installed | grep rubygem-foreman | grep foreman

  • You can also list Capsule plugins using yum: 

    # yum list installed | grep proxy

13.1.3. Configuring the Foreman Repository

Configure the Foreman repository using the Satellite CLI.

Procedure

  1. Determine the Foreman release with rpm command. 

    $ rpm -q foreman
foreman-1.7.2.53-1.el7sat.noarch

  2. Create an rpm configuration file. 

    touch /etc/yum.repos.d/foreman-plugins.repo

  3. Add the following content to the file: 

    [foreman-plugins]
name=Foreman plugins
baseurl=http://yum.theforeman.org/plugins/1.10/el_7_/x86_64/
enabled=1
gpgcheck=0

    Replace the version number (1.10 here) in the URL to the required Foreman release number.

Note

The packages are not currently GPG signed.

For additional information on foreman plugins, see the Popular Plugins and List of Plugins sections on the Foreman website.

13.2. Foreman Hooks

Foreman’s host orchestration can be extended by means of hooks so that additional tasks can be executed. A Foreman hook enables triggering a script (any executable can be used) when an orchestration event occurs, such as when a host is created or when provisioning of a host has completed. In addition, hooks can be made into standard Rails callbacks for any Foreman object, all with scripts.

Note

Foreman hooks can modify workflows in Satellite and therefore you might be requested to remove all hooks in order to get support from Red Hat. Foreman hooks also need to be removed before upgrading, and then reinstated after you have confirmed Satellite is working as expected.

13.2.1. Installing Foreman Hooks

Foreman hooks are provided by the tfm-rubygem-foreman_hooks package, which is installed by default. Ensure that the package is installed and up to date using yum as root.

Procedure

  • Use yum to install foreman hooks: 

    # yum install tfm-rubygem-foreman_hooks
Loaded plugins: product-id, search-disabled-repos, subscription-manager
Package tfm-rubygem-foreman_hooks-0.3.9-2.el7sat.noarch already installed and latest version
Nothing to do

13.2.2. Creating Foreman Hooks

Foreman hooks are stored in /usr/share/foreman/config/hooks/.

Procedure

  1. A subdirectory must be created for each Foreman object, with further subdirectories created for each event name. A Foreman object can be a host or network interface. The path to the hook is as follows: 

    /usr/share/foreman/config/hooks/object/event/hook_script

  2. For example, to create a subdirectory for hooks to be activated after the host has completed its operating system installation, enter a command as follows: 

    # mkdir -p /usr/share/foreman/config/hooks/host/managed/before_provision/

  3. If you download a script, and the appropriately named directory has been created already, then use the install command as follows to ensure the SELinux context is correct: 

    install hook_script /usr/share/foreman/config/hooks/object/event/hook_script

    • Alternately, if you created the script directly in the event subdirectory then apply the SELinux context by entering as root: 

      # restorecon -RvF /usr/share/foreman/config/hooks

      The SELinux context is foreman_hook_t on Red Hat Enterprise Linux 7. Keep in mind that the script is running confined, therefore some actions might be denied by SELinux. Check for actions denied by SELinux by running aureport -a or looking in /var/log/audit/audit.log.

      For further information on debugging SELinux problems and using the audit2allow utility:

    • On Red Hat Enterprise Linux 7, see Fixing Problems[4].

13.2.3. Creating a Foreman Hook to Use the logger Command

This hook script creates additional log messages each time Foreman provisions a new server.

Procedure

  1. Create the directory structure on the Satellite Server base system: 

    # mkdir -p /usr/share/foreman/config/hooks/host/managed/before_provision/

  2. Create the script as follows: 

    # vi /usr/share/foreman/config/hooks/host/managed/before_provision/_10__logger.sh
#!/bin/bash
logger $1 $2

    The numeric prefix 10 to the file name _logger.sh determines the order of execution for scripts in the same subdirectory. Change this prefix to suit your needs.

  3. Change the script owner to foreman: 

    # chown foreman:foreman /usr/share/foreman/config/hooks/host/managed/before_provision/_10__logger.sh

  4. Change the script permissions to allow execution by the user: 

    # chmod u+x /usr/share/foreman/config/hooks/host/managed/before_provision/_10__logger.sh

  5. Ensure the SELinux context is correct on all files in the /usr/share/foreman/config/hooks directory: 

    # restorecon -RvF /usr/share/foreman/config/hooks/

  6. To enable the foreman user to use the logger command, add the following rule to the /etc/sudoers file: 

    # vi /etc/sudoers
foreman ALL=(ALL) NOPASSWD:/usr/bin/logger

  7. Restart Satellite services for the hook to be registered: 

    # foreman-maintain service restart

Every Foreman or Rail object can have a hook. See the /usr/share/foreman/app/models/ directory or, to get a full list of available models, enter the following commands: 

# foreman-rake console
>
ActiveRecord::Base.descendants.collect(&:name).collect(&:underscore).sort
=> ["audited/adapters/active_record/audit", "compute_resource", "container",
output truncated

This command output also lists some technical tables which are unlikely to be used with Foreman hooks, for example "active_record" or "habtm". These are most commonly used:

  • host
  • report

13.2.4. Orchestration Events

Foreman supports orchestration tasks for hosts and network interfaces, referred to as objects, when the object is created, updated, and destroyed. These tasks are shown to the user in the web UI. If they fail, they automatically trigger a rollback of the action. Orchestration hooks can be given a priority, therefore it is possible to order them before or after built-in orchestration steps (before a DNS record is deployed for example).

To add a hook to an event, use the following event names:

  • create
  • update
  • destroy

13.2.5. Rails Events

For hooks on anything apart from hosts and NICs (which support orchestration, as above) then the standard Rails events can be used. Every event has a "before" and "after" hook and these are the most interesting events provided:

  • after_create
  • before_create
  • after_destroy
  • before_destroy

The host object has two additional callbacks that you can use:

  • host/managed/after_build triggers when a host is put into build mode.
  • host/managed/before_provision triggers when a host completes the OS install.

For the full list of Rails events, see the Constants section at the bottom of the Ruby on Rails ActiveRecord::Callbacks[5] documentation.

13.2.6. Execution of hooks

Hooks are executed in the context of the Foreman server, so usually under the foreman user. The first argument is always the event name, enabling scripts to be symbolically linked into multiple event directories. The second argument is the string representation of the object that was hooked, for example the host name for a host: 

~foreman/config/hooks/host/managed/create/50_register_system.sh create foo.example.com

A JSON representation of the hook object is passed in on standard input. This JSON is generated by the v2 API views. A utility to read this with jgrep is provided in examples/hook_functions.sh and sourcing this utility script is sufficient for most users. Otherwise, closing standard input is recommend to prevent the pipe buffer from filling which would block the Foreman thread. 

echo '{"host":{"name":"foo.example.com"}}' \
  | ~foreman/config/hooks/host/managed/create/50_register_system.sh \
       create foo.example.com

Every hook within the event directory is executed in alphabetical order. For orchestration hooks, an integer prefix in the hook filename is used as the priority value, thereby influencing when it is executed in relation to DNS, DHCP, VM creation, and other tasks.

13.2.7. Hook Failures and Rollback

If a hook fails and exits with a non-zero return code, the event is logged. For Rails events, execution of other hooks continue. For orchestration events, a failure halts the action and rollback occurs. If another orchestration action fails, the hook might be called again to rollback its action. In that case the first argument changes as appropriate, so it must be obeyed by the script (for example, a "create" hook is called with "destroy" if it has to be rolled back later).