Chapter 6. Integrating Red Hat Satellite and Ansible Tower
You can integrate Red Hat Satellite 6.4 and Ansible Tower to use Satellite Server as a dynamic inventory source for Ansible Tower.
You can also use the provisioning callback function to run playbooks on hosts managed by Satellite, from either the host or Ansible Tower. When provisioning new hosts from Satellite Server, you can use the provisioning callback function to trigger playbook runs from Ansible Tower. The playbook configures the host following Kickstart deployment.
6.1. Adding Satellite Server to Ansible Tower as a Dynamic Inventory Item
To add Satellite Server to Ansible Tower as a dynamic inventory item, you must create a credential for a Satellite Server user on Ansible Tower, add an Ansible Tower user to the credential, and then configure an inventory source.
- You must have a Satellite Server user with an integration role that includes the necessary permission filters. For more information about managing users, roles, and permission filters, see Managing Users and Roles and Creating and Managing Roles in Administering Red Hat Satellite.
You must specify the following permission filters and assign the role to the user.
Table 6.1. Permission Filters
Resource Permissions Access Description
To view Satellite Server hosts.
To view Satellite Server host groups.
To view Satellite Server Facts.
- You must host your Satellite Server and Ansible Tower on the same network or subnet.
To add Satellite Server to Ansible Tower as a Dynamic Inventory Item, complete the following procedure:
In the Ansible Tower web UI, create a credential for your Satellite. For more information about creating credentials, see Add a New Credential and Red Hat Satellite 6 Credentials in the Ansible Tower User Guide.
Table 6.2. Satellite Credentials
Credential Type: Red Hat Satellite 6
Satellite 6 URL:
The username of the Satellite user with the integration role.
The password of the Satellite user.
- Add an Ansible Tower user to the new credential. For more information about adding a user to a credential, see Getting Started with Credentials in the Ansible Tower User Guide.
- Add a new inventory. For more information, see Add a new inventory in the Ansible Tower User Guide.
In the new inventory, add Satellite Server as the inventory source, specifying the following inventory source options. For more information, see Add Source in the Ansible Tower User Guide.
Table 6.3. Inventory Source Options
Source Red Hat Satellite 6
The credential you create for Satellite Server.
Update on Launch
- Ensure that you synchronize the source that you add.
6.2. Configuring Provisioning Callback for a Host
When you create hosts in Satellite, you can use Ansible Tower to run playbooks to configure your newly created hosts. This is called provisioning callback in Ansible Tower.
The provisioning callback function triggers a playbook run from Ansible Tower as part of the provisioning process. The playbook configures the host after Kickstart deployment.
For more information about provisioning callbacks, see Provisioning Callbacks in the Ansible Tower User Guide.
In Satellite Server, the
Kickstart Default and
Kickstart Default Finish templates include three snippets:
You can add parameters to hosts or host groups to provide the credentials that these snippets can use to run Ansible playbooks on your newly created hosts.
Before you can configure provisioning callbacks, you must add Satellite as a dynamic inventory in Ansible Tower. For more information, see Integrating Satellite and Ansible Tower.
In the Ansible Tower web UI, you must complete the following tasks:
- Create a machine credential for your new host. Ensure that you enter the same password in the credential that you plan to assign to the host that you create in Satellite. For more information, see Add a New Credential in the Ansible Tower User Guide.
- Create a project. For more information, see Projects in the Ansible Tower User Guide.
- Add a job template to your project. For more information, see Job Templates in the Ansible Tower User Guide.
- In your job template, you must enable provisioning callbacks, generate the host configuration key, and note the template_ID of your job template. For more information about job templates, see Job Templates in the Ansible Tower User Guide.
To configure provisioning callback for a new host in Satellite, complete the following steps:
- In the Red Hat Satellite web UI, navigate to Configure > Host Group.
- Create a host group or edit an existing host group.
- In the Host Group window, click the Parameters tab.
- Click Add Parameter.
Enter the following information for each new parameter:
Table 6.4. Host Parameters
Name Value Description
Enables Provisioning Callback.
The fully qualified domain name (FQDN) of your Ansible Tower. Do not add
httpsbecause this is appended by Ansible Tower.
The ID of your provisioning template that you can find in the URL of the template:
The host configuration key that your job template generates in Ansible Tower.
- Click Submit.
- Create a host using the host group.
On the new host, enter the following command to start the
# systemctl start ansible-callback
On the new host, enter the following command to output the status of the
# systemctl status ansible-callback
Provisioning callback is configured correctly if the command returns the following output:
SAT_host systemd: Started Provisioning callback to Ansible Tower...
Manual Provisioning Callback
You can use the provisioning callback URL and the host configuration key from a host to call Ansible Tower. For example:
# curl -k -s --data curl --insecure --data host_config_key=my_config_key \ https://tower.example.com/api/v2/job_templates/8/callback/
Ensure that you use
https when you enter the provisioning callback URL.
This triggers the playbook run specified in the template against the host.