Chapter 6. Integrating Red Hat Satellite and Ansible Tower

You can integrate Red Hat Satellite 6.4 and Ansible Tower to use Satellite Server as a dynamic inventory source for Ansible Tower.

You can also use the provisioning callback function to run playbooks on hosts managed by Satellite, from either the host or Ansible Tower. When provisioning new hosts from Satellite Server, you can use the provisioning callback function to trigger playbook runs from Ansible Tower. The playbook configures the host following Kickstart deployment.

6.1. Adding Satellite Server to Ansible Tower as a Dynamic Inventory Item

To add Satellite Server to Ansible Tower as a dynamic inventory item, you must create a credential for a Satellite Server user on Ansible Tower, add an Ansible Tower user to the credential, and then configure an inventory source.

Prerequisites

  • You must have a Satellite Server user with an integration role that includes the necessary permission filters. For more information about managing users, roles, and permission filters, see Managing Users and Roles and Creating and Managing Roles in Administering Red Hat Satellite.
  • You must specify the following permission filters and assign the role to the user.

    Table 6.1. Permission Filters

    ResourcePermissionsAccess Description

    Host

    view_hosts

    To view Satellite Server hosts.

    Host Group

    view_hostgroups

    To view Satellite Server host groups.

    Fact value

    view_facts

    To view Satellite Server Facts.

  • You must host your Satellite Server and Ansible Tower on the same network or subnet.

Procedure

To add Satellite Server to Ansible Tower as a Dynamic Inventory Item, complete the following procedure:

  1. In the Ansible Tower web UI, create a credential for your Satellite. For more information about creating credentials, see Add a New Credential and Red Hat Satellite 6 Credentials in the Ansible Tower User Guide.

    Table 6.2. Satellite Credentials

    Credential Type:Red Hat Satellite 6

    Satellite 6 URL:

    https://satellite.example.com

    Username:

    The username of the Satellite user with the integration role.

    Password:

    The password of the Satellite user.

  2. Add an Ansible Tower user to the new credential. For more information about adding a user to a credential, see Getting Started with Credentials in the Ansible Tower User Guide.
  3. Add a new inventory. For more information, see Add a new inventory in the Ansible Tower User Guide.
  4. In the new inventory, add Satellite Server as the inventory source, specifying the following inventory source options. For more information, see Add Source in the Ansible Tower User Guide.

    Table 6.3. Inventory Source Options

    SourceRed Hat Satellite 6

    Credential

    The credential you create for Satellite Server.

    Overwrite

    Select

    Overwrite Variables

    Select

    Update on Launch

    Select

    Cache Timeout

    90

  5. Ensure that you synchronize the source that you add.

6.2. Configuring Provisioning Callback for a Host

When you create hosts in Satellite, you can use Ansible Tower to run playbooks to configure your newly created hosts. This is called provisioning callback in Ansible Tower.

The provisioning callback function triggers a playbook run from Ansible Tower as part of the provisioning process. The playbook configures the host after Kickstart deployment.

For more information about provisioning callbacks, see Provisioning Callbacks in the Ansible Tower User Guide.

In Satellite Server, the Kickstart Default and Kickstart Default Finish templates include three snippets:

  1. ansible_provisioning_callback
  2. ansible_tower_callback_script
  3. ansible_tower_callback_service

You can add parameters to hosts or host groups to provide the credentials that these snippets can use to run Ansible playbooks on your newly created hosts.

Prerequisites

Before you can configure provisioning callbacks, you must add Satellite as a dynamic inventory in Ansible Tower. For more information, see Integrating Satellite and Ansible Tower.

In the Ansible Tower web UI, you must complete the following tasks:

  1. Create a machine credential for your new host. Ensure that you enter the same password in the credential that you plan to assign to the host that you create in Satellite. For more information, see Add a New Credential in the Ansible Tower User Guide.
  2. Create a project. For more information, see Projects in the Ansible Tower User Guide.
  3. Add a job template to your project. For more information, see Job Templates in the Ansible Tower User Guide.
  4. In your job template, you must enable provisioning callbacks, generate the host configuration key, and note the template_ID of your job template. For more information about job templates, see Job Templates in the Ansible Tower User Guide.

Procedure

To configure provisioning callback for a new host in Satellite, complete the following steps:

  1. In the Red Hat Satellite web UI, navigate to Configure > Host Group.
  2. Create a host group or edit an existing host group.
  3. In the Host Group window, click the Parameters tab.
  4. Click Add Parameter.
  5. Enter the following information for each new parameter:

    Table 6.4. Host Parameters

    NameValueDescription

    ansible_tower_provisioning

    true

    Enables Provisioning Callback.

    ansible_tower_fqdn

    tower.example.com

    The fully qualified domain name (FQDN) of your Ansible Tower. Do not add https because this is appended by Ansible Tower.

    ansible_job_template_id

    template_ID

    The ID of your provisioning template that you can find in the URL of the template: /templates/job_template/5.

    ansible_host_config_key

    config_KEY

    The host configuration key that your job template generates in Ansible Tower.

  6. Click Submit.
  7. Create a host using the host group.
  8. On the new host, enter the following command to start the ansible-callback service:

    # systemctl start ansible-callback
  9. On the new host, enter the following command to output the status of the ansible-callback service:

    # systemctl status ansible-callback

    Provisioning callback is configured correctly if the command returns the following output:

    SAT_host systemd[1]: Started Provisioning callback to Ansible Tower...

Manual Provisioning Callback

You can use the provisioning callback URL and the host configuration key from a host to call Ansible Tower. For example:

# curl -k -s --data curl --insecure --data host_config_key=my_config_key \
 https://tower.example.com/api/v2/job_templates/8/callback/

Ensure that you use https when you enter the provisioning callback URL.

This triggers the playbook run specified in the template against the host.