In this video, we will cover the basics of configuration management with Red Hat Satellite.
- Training and certification
- 2018年 10月 2日
So, in this video, we will cover the basics of configuration management with Red Hat Satellite. System configuration in Satellite enables users to define the desired state of systems. You tell Satellite the desired end state and Satellite figures out the best way to get there. This means that administrators don't have to write scripts for each action. Satellite understands which tools to use based on the IT environment. It can also be used to manage and make changes and create new desired states. Once that desired state is defined you want it to stay that way, mainly for security reasons. In the event that the desired state changes admins need a way to figure out what changed and how to remediate the drift. If differences are detected Satellite will remediate and return that system to the desired state. Types of change that can be different might include the contents of a config file, or a previously running service that has stopped. Not only does Satellite help set and maintain the desired state, it keeps reports of when and what changes are made. Every check-in for every system is kept. Most of the time they're boring and empty. However, if a change was made, it's documented and provides a very clear audit trail of changes. In the demo we'll set up our host to use Ansible roles, and we'll use Ansible to install the Red Hat Insights client. Configuration management isn't just a Satellite feature, but the use of a configuration tool, like Ansible or Puppet, along with Satellite. Ansible and Puppet are our two primary configuration management providers in Satellite. During this demo I'll show you how Ansible can be used for configuration management, starting with Satellite 6.4. We're here on the dashboard, and I want to explicitly point out the Red Hat [Insights] Risk Summary and Red Hat Insights Actions graphs. They're both empty; that's because there's no inventory members currently present. If I go to "Insights", "Inventory", we'll see that there are no hosts. As part of this demo we will select Ansible roles and add them to host groups. And at the end of the demo all the hosts will have the Insights clients installed and registered. We do have, in this environment, we're up to nine different hosts, we've added a few more. I'm at my Satellite CLI and I just want to point out that we have enabled the Red Hat Ansible Engine repo. This is where we get our system roles from. Since this is enabled on the Satellite environment I'll be able to see it inside of the Satellite UI. So, I will go to "Configure", "Ansible", "Roles." No roles have currently been imported, so I'll select from sat.example.com, and here's a list of all of the Ansible roles that I have available to me. I will select them all and click Update. Now that we have the Ansible roles added we're going to add them into a host group. "Configure", "Host Groups", and I'm gonna use my RHEL 7 host group. If I click on the Ansible Roles tab I can select a couple of these roles, so I'll do the Insights client as well as Time Sync, and I'll Submit. So, now my host group contains those Ansible roles, let's apply these to the hosts. "Host", "All Hosts", and I will select all of my hosts, select Action and at the bottom Play Ansible roles. And when this host's completed, we've played the Ansible roles, which will have added the Insights client as well as sync the time on all nine of these hosts. We can check this by going to "Monitor", "Tasks", and we can see the remote action, that was run by Ansible, on each one of these hosts. To further confirm, we'll go the "Insights", and then "Inventory" page, and all hosts are now listed, and you can see that there are actions available, risks that were detected for each of the hosts. One last check, I'll go back to my monitor, to the dashboard, and we can see that info has been populated on the dashboard graphs for Insights. So, we have nine systems with risks, now critical risks and a total of 15 different actions that we can take against these hosts that Insights has detected. So, in this video we took hosts, we set up Ansible roles, and we applied those Ansible roles against the hosts, installing the Insights client and synchronizing the time. In the future, if the client gets uninstalled for some reason or if the time goes out of sync, Insights will automatically replay those roles and will make sure that everything is in sync. That concludes this video. We'll see you on the next one.