Contents

Red Hat Satellite Ansible Dynamic Inventory

Contents

Ansible is one of the easiest configuration management tool amongst its competitors, as it is agentless. It simply connects managed hosts over SSH protocol. Only thing you have to do is create a list of hosts that you want to manage/configure which is called inventory. Ansible inventory is simple text file in a format ini or json. But things getting interesting, if you have a very dynamic infrastructre that tens of VMs are provisioning in seconds, then you have to update inventory all the time.

Thanks to Ansible dynamic inventory that is able to get your hosts from your internal IT inventory system such as CMDB, cobbler etc. In this post, we are getting inventory from the Red Hat Satellite.

Note: All tests on this post tested on Foreman which is upstream version of Red Hat Sattelite. But the configuration applies both version.

One thing you should know that, Red Hat has two repositories that Ansible roles are available. One is the ansible galaxy which is communutiy repo (https://galaxy.ansible.com ). You can freely download any collection there. The other one is a automation hub (https://cloud.redhat.com ) that only Red Hat certified collections available there. You need to have a proper Red Hat account to download them.

Install plugin from Ansible Galaxy.

You do not have to do anything. ansible-galaxy connects there by default.

$ ansible-galaxy collection install theforeman.foreman

Install plugin from Red Hat Automation Hub

If you have a Red Hat account, you can download certified Ansible collections of Red Hat. For this, You need to activate token from https://cloud.redhat.com and add token to your ansible.cfg file. Only thing you have to do is, put your token in the section token.

#ansible.cfg
...

[galaxy]
server_list = automation_hub, galaxy

[galaxy_server.automation_hub]
url=https://cloud.redhat.com/api/automation-hub/
auth_url=https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token
token=<your token here>

[galaxy_server.galaxy]
url=https://galaxy.ansible.com/

Reference

$ ansible-galaxy collection install redhat.satellite

Ceate a folder “inventories” and create file foreman.yaml

plugin: foreman
validate_certs: False
url: https://foreman.homelab.io
user: admin
password: secret
want_facts: True
want_params: True

Fore more information you can use below command for available options of foreman plugin.

ansible-doc -t inventory foreman

Experiment:

$ ansible-inventory -i inventories/foreman.yaml --graph
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:999: InsecureRequestWarning: Unverified HTTPS request is being made to host 'foreman.homelab.io'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  warnings.warn(
@all:
  |--@foreman_svc:
  |  |--foreman.homelab.io
  |--@foreman_xbd:
  |  |--devops.homelab.io
  |--@ungrouped:

Lets use hammer cli to check hostgroups on Red Hat Satellite if host groups are correct.

[tesla@foreman ~]$ hammer hostgroup list
[Foreman] Username: admin 
[Foreman] Password for admin: 
---|------|-------|------------------|--------------------|------
ID | NAME | TITLE | OPERATING SYSTEM | PUPPET ENVIRONMENT | MODEL
---|------|-------|------------------|--------------------|------
2  | SVC  | SVC   |                  | production         |      
1  | XBD  | XBD   |                  | production         |      
---|------|-------|------------------|--------------------|------

Ansible Constructed Plugin

This is one of very cool Ansible plugin, which allows you to dynamically create groups based on host facts. For testing, I added a host parameter param1 on Red Hat Satellite for some hosts for testing. You can see the added parameters for the hosts below.

[tesla@foreman ~]$ hammer host list --search 'params.param1 = "M7"'
[Foreman] Username: admin
[Foreman] Password for admin: 
---|-------------------|------------------|------------|----|-----|--------------
ID | NAME              | OPERATING SYSTEM | HOST GROUP | IP | MAC | GLOBAL STATUS
---|-------------------|------------------|------------|----|-----|--------------
2  | devops.homelab.io | CentOS 7.9.2009  | XBD        |    |     | Warning      
---|-------------------|------------------|------------|----|-----|--------------
[tesla@foreman ~]$ hammer host list --search 'params.param1 = "XBID"'
[Foreman] Username: admin
[Foreman] Password for admin: 
---|--------------------|------------------|------------|-------------|-------------------|--------------
ID | NAME               | OPERATING SYSTEM | HOST GROUP | IP          | MAC               | GLOBAL STATUS
---|--------------------|------------------|------------|-------------|-------------------|--------------
1  | foreman.homelab.io | CentOS 7.9.2009  | SVC        | 10.5.100.90 | 52:54:00:fc:ee:fb | OK           
---|--------------------|------------------|------------|-------------|-------------------|--------------

Create a file in the folder inventories. Basically constructed plugin reshape the inventory from the output foreman inventory plugin. So we are actually combining it.

plugin: constructed
strict: False
keyed_groups:
  - prefix: group
    key: param1
gokay@angora:/tier1lab/data/projects/satellite6$ ansible-inventory -i inventories/ --graph
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:999: InsecureRequestWarning: Unverified HTTPS request is being made to host 'foreman.homelab.io'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  warnings.warn(
@all:
  |--@foreman_svc:
  |  |--foreman.homelab.io
  |--@foreman_xbd:
  |  |--devops.homelab.io
  |--@group_M7:
  |  |--devops.homelab.io
  |--@group_XBID:
  |  |--foreman.homelab.io
  |--@ungrouped:

foreman_svc and foreman_xbd is just a usual Satellite hostgroup. But group_M7 and group_XBID created by constructed plugin based on a host parameter.

Experiment:

ansible group_M7 -m ping -u tesla --ask-pass -i inventories/
SSH password: 
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:999: InsecureRequestWarning: Unverified HTTPS request is being made to host 'foreman.homelab.io'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  warnings.warn(
devops.homelab.io | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "ping": "pong"
}
gokay@angora:/tier1lab/data/projects/satellite6$ ansible group_XBID -m ping -u tesla --ask-pass -i inventories/
SSH password: 
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:999: InsecureRequestWarning: Unverified HTTPS request is being made to host 'foreman.homelab.io'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  warnings.warn(
foreman.homelab.io | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}

Caveat:

  • Password is in clear text. But you have an option to use with environment variable.(I have not checked it yet)