table { border: #ddd solid 1px; } td, th { padding: 8px; border: #ddd solid 1px; } td p { font-size: 15px !important; }

In this post:

  • Learn how Ansible and Satellite can work together to automate the installation of the Ansible Automation Platform by automatically downloading the installer and publishing it into Red Hat Satellite.


With the release of Red Hat Ansible Automation Platform 2, the installer download method has been centralized on the Customer Portal changing the requirements for an automated download.

As automation is a must in modern IT, we can leverage the power from Ansible together with Red Hat Satellite to automate this process as well as facilitate the version control for larger environments.

This sparked my interest in developing a solution for sysadmins and others who want to automate this process further using features available on Red Hat Satellite, such as Repository Management and Content Views.

What do you need?

Use a physical or virtual machine running Linux with Ansible installed. You also need an Automation Hub token configured for downloading the required collections. Optionally, use a physical or virtual machine running Linux with a Red Hat Satellite Instance. Detailed information for the installation and configuration of Red Hat Satellite can be found on the official documentation.

The configuration of the ansible-galaxy client with the Automation Hub token will be mentioned in this post, for further options and details, refer to the official documentation.

Additional information about the configuration of ansible.cfg and collections/roles installation can be found respectively at Configuring Ansible Galaxy Client and Installing Collections.

Getting started

To start, we must acquire the token for the authentication with the Red Hat services API.

Note: You will need to log in with your Red Hat Credentials

We will generate this token by clicking on the "GENERATE TOKEN" button.

Figure 1.

Figure 1: Generating Token

Next, we must create a playbook that will perform the following steps:

  • Login to with the Red Hat API with the User Token

  • Collect the Available versions for the Ansible Automation Platform 2.x installer

  • Download the latest installers online and bundled versions

# vi installer_downloader.yml
---
- name: Installer Downloader
  hosts: localhost
  vars:
        aap_version: "ansible-automation-platform-2.0-early-access-for-rhel-8-x86_64-files"
  tasks:
  - name: Checking For necessary variables
fail:
   msg: |
        Please, set the variable offline_token prior to executing this playbook
        ansible-playbook installer_downloader.yml -e "offline_token=xxxxx"
        Acquire your token at https://access.redhat.com/management/api/  ( https://access.redhat.com/articles/3626371 )
when: offline_token is not defined

  - name: Login to Red Hat APIs
   uri:
   url: 'https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token'
   method: POST
   body_format: form-urlencoded
   body:
     grant_type: refresh_token
     client_id: rhsm-api
     refresh_token: "{{ offline_token }}"
register: login

  - name: Collecting the available installers
uri:
   url: 'https://api.access.redhat.com/management/v1/images/cset/{{ aap_version }}'
   method: GET
   return_content: yes
   headers:
     Authorization: "Bearer {{ login.json.access_token }}"
register: output

  - name: reversing downloader list
set_fact:
   downloader_list: "{{ output.json.body | sort(attribute='imageName', reverse=True) }}"

  - name: Downloading the latest online installer "{{ downloader_list[1].imageName }}"
   get_url:
   url: "https://api.access.redhat.com/management/v1/images/{{ downloader_list[1].checksum }}/download"
   dest: ./ansible-automation-platform-latest-installer.tar.gz
   headers:
     Authorization: "Bearer {{ login.json.access_token }}"

  - name: Downloading the latest bundled installer "{{ downloader_list[0].imageName }}"
get_url:
   url: "https://api.access.redhat.com/management/v1/images/{{ downloader_list[0].checksum }}/download"
   dest: ./ansible-automation-platform-latest-bundle-installer.tar.gz
   headers:
     Authorization: "Bearer {{ login.json.access_token }}"

With the playbook written, we can run the playbook passing the API token as an extra variable and the installer files will be downloaded on the current directory and may be used for installing Red Hat Ansible Automation Platform 2.x.

ansible-playbook installer_downloader.yml -e "offline_token=<api token value>"

E.g.:

PLAY [Installer Downloader] ********************************************************************************************************

TASK [Gathering Facts] *************************************************************************************************************
ok: [localhost]

TASK [Checking For necessary variables] ********************************************************************************************
skipping: [localhost]

TASK [Login to Red Hat APIs] *******************************************************************************************************
ok: [localhost]

TASK [Collecting the available installers] *****************************************************************************************
ok: [localhost]

TASK [reversing downloader list] ***************************************************************************************************
ok: [localhost]

TASK [Downloading the latest online installer "Ansible Automation Platform 2.0.1 Setup"] *******************************************
changed: [localhost]

TASK [Downloading the latest bundled installer "Ansible Automation Platform 2.0.1 Setup Bundle"] ***********************************
changed: [localhost]

PLAY RECAP *************************************************************************************************************************
localhost               : ok=6 changed=2 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0  

#

# ls ansible-automation-platform-latest-*
ansible-automation-platform-latest-bundle-installer.tar.gz  ansible-automation-platform-latest-installer.tar.gz
#

Managing Content in Red Hat Satellite

Now that we have the Red Hat Ansible Automation Platform 2.x Installer files downloaded, we can go one step further and make this content available in Satellite.

Why should we Manage Content with Satellite 6?

As Red Hat Satellite 6 manages content using a set of Content Views promoted across the application lifecycle, these content views eventually form the basis for provisioning and updating hosts in your Red Hat Satellite 6 environment.

This facilitates access to the installation files as well as management of the application lifecycle. Read more about it in Content View Management Guide.

For this next step, we will need to install the Certified Collection for Satellite provided by Red Hat.

Let's start by configuring the ansible.cfg with the Automation Hub source:

# vi ansible.cfg
[galaxy]
server_list = automation_hub, ansible_galaxy

[galaxy_server.automation_hub]
url=https://console.redhat.com/api/automation-hub/
auth_url=https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token
token=my_ah_token

[galaxy_server.ansible_galaxy]
url=https://galaxy.ansible.com/
#

Note: Replace my_ah_token with the value generated at Connect to Hub

Next, let’s install both the collection and role:

# ansible-galaxy collection install redhat.satellite
Process install dependency map
Starting collection install process
Installing 'redhat.satellite:2.1.2' to '/home/testing/.ansible/collections/ansible_collections/redhat/satellite'
#

With the collection downloaded, we are ready to write your playbook and the required variables file.

# vi satellite_content_manager.yml
---
- name: Configuring Content View in Satellite
  hosts: localhost
  vars_files:
       - vars.yml

  tasks:
  - name: "Creating product in Satellite"
   redhat.satellite.product:
   username: "{{ satellite_username }}"
   password: "{{ satellite_password }}"
   server_url: "{{ satellite_server_url }}"
   organization: "{{ satellite_organization }}"
   validate_certs: "{{ satellite_validate_certs | default('False') }}"
   name: "{{ satellite_product }}"
   state: present

- name: "Creating repository"
   redhat.satellite.repository:
   username: "{{ satellite_username }}"
   password: "{{ satellite_password }}"
   server_url: "{{ satellite_server_url }}"
   organization: "{{ satellite_organization }}"
   validate_certs: "{{ satellite_validate_certs | default('False') }}"
   name: "{{ satellite_repository }}"
   content_type: file
   product: "{{ satellite_product }}"
   state: present

  - name: "Creating content view"
   redhat.satellite.content_view:
   username: "{{ satellite_username }}"
   password: "{{ satellite_password }}"
   server_url: "{{ satellite_server_url }}"
   organization: "{{ satellite_organization }}"
   validate_certs: "{{ satellite_validate_certs | default('False') }}"
   name: "{{ satellite_content_view_name }}"
   repositories:
     - name: "{{ satellite_repository }}"
       product: "{{ satellite_product }}"

  - name: "Uploading online installer to Satellite"
   redhat.satellite.content_upload:
   username: "{{ satellite_username }}"
   password: "{{ satellite_password }}"
   server_url: "{{ satellite_server_url }}"
   organization: "{{ satellite_organization }}"
   validate_certs: "{{ satellite_validate_certs | default('False') }}"
   src: "ansible-automation-platform-latest-installer.tar.gz"
   repository: "{{ satellite_repository }}"
   product: "{{ satellite_product }}"

  - name: "Uploading bundled installer to Satellite ( This task may take a while )"
   redhat.satellite.content_upload:
   username: "{{ satellite_username }}"
   password: "{{ satellite_password }}"
   server_url: "{{ satellite_server_url }}"
   organization: "{{ satellite_organization }}"
   validate_certs: "{{ satellite_validate_certs | default('False') }}"
   src: "ansible-automation-platform-latest-bundle-installer.tar.gz"
   repository: "{{ satellite_repository }}"
   product: "{{ satellite_product }}"

#

# vi vars.yml
---
satellite_username: "admin"
satellite_password: "changeme"
satellite_server_url: "https://satellite.example.com"
satellite_organization: "Default Organization"
satellite_repository: "AAP Installer"
satellite_product: "AAP"
satellite_content_view_name: "AAP Installer"

Note: The vars.yml may be encrypted with ansible-vault to ensure its contents are not in clear text. Read more about Ansible Vault.

With our files ready, we can run the playbook and review the content created in Red Hat Satellite:

# ansible-playbook satellite_content_manager.yml

E.g.:

PLAY [Configuring Content View in Satellite] ***************************************************************************************

TASK [Gathering Facts] ***************************************************************************************
ok: [localhost]

TASK [Creating product in Satellite] ***************************************************************************************
changed: [localhost]

TASK [Creating repository] ***************************************************************************************
changed: [localhost]

TASK [Creating content view] ***************************************************************************************
changed: [localhost]

TASK [Uploading online installer to Satellite] *************************************************************************************
changed: [localhost]

TASK [Uploading bundled installer to Satellite ( This task may take a while )] *****************************************************
changed: [localhost]

PLAY RECAP ***************************************************************************************
localhost               : ok=6 changed=5 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

Satellite:

Figure 2.

 

Figure 3.

If you want this as a standalone Ansible role, check out my Galaxy repo. Red Hat provides no expressed support claims to the correctness of this code. All content is deemed unsupported unless otherwise specified.

Takeaways and where to go next

Now that you’ve successfully downloaded and published the Ansible Automation Platform 2.0 Installers into your Satellite Content Views, you are ready to install the Ansible Automation Platform into your systems manually or by adjusting your current automation with the new installer.

For more information about Ansible Automation Platform and Satellite, check out the following resources:


About the author

Lucas Benedito joined Red Hat in 2020, having worked as AIX Subject Matter Expert for seven years in IBM Brazil and Brno.

Read full bio