Red Hat ブログ
Blog menu
table { border: #ddd solid 1px; } td, th { padding: 8px; border: #ddd solid 1px; } td p { font-size: 15px !important; }
In this post:
-
Learn how Ansible and Satellite can work together to automate the installation of the Ansible Automation Platform by automatically downloading the installer and publishing it into Red Hat Satellite.
With the release of Red Hat Ansible Automation Platform 2, the installer download method has been centralized on the Customer Portal changing the requirements for an automated download.
As automation is a must in modern IT, we can leverage the power from Ansible together with Red Hat Satellite to automate this process as well as facilitate the version control for larger environments.
This sparked my interest in developing a solution for sysadmins and others who want to automate this process further using features available on Red Hat Satellite, such as Repository Management and Content Views.
What do you need?
Use a physical or virtual machine running Linux with Ansible installed. You also need an Automation Hub token configured for downloading the required collections. Optionally, use a physical or virtual machine running Linux with a Red Hat Satellite Instance. Detailed information for the installation and configuration of Red Hat Satellite can be found on the official documentation.
The configuration of the ansible-galaxy client with the Automation Hub token will be mentioned in this post, for further options and details, refer to the official documentation.
Additional information about the configuration of ansible.cfg and collections/roles installation can be found respectively at Configuring Ansible Galaxy Client and Installing Collections.
Getting started
To start, we must acquire the token for the authentication with the Red Hat services API.
Note: You will need to log in with your Red Hat Credentials
We will generate this token by clicking on the "GENERATE TOKEN" button.
Figure 1: Generating Token
Next, we must create a playbook that will perform the following steps:
-
Login to with the Red Hat API with the User Token
-
Collect the Available versions for the Ansible Automation Platform 2.x installer
-
Download the latest installers online and bundled versions
# vi installer_downloader.yml --- - name: Installer Downloader hosts: localhost vars: aap_version: "ansible-automation-platform-2.0-early-access-for-rhel-8-x86_64-files" tasks: - name: Checking For necessary variables fail: msg: | Please, set the variable offline_token prior to executing this playbook ansible-playbook installer_downloader.yml -e "offline_token=xxxxx" Acquire your token at https://access.redhat.com/management/api/ ( https://access.redhat.com/articles/3626371 ) when: offline_token is not defined - name: Login to Red Hat APIs uri: url: 'https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token' method: POST body_format: form-urlencoded body: grant_type: refresh_token client_id: rhsm-api refresh_token: "{{ offline_token }}" register: login - name: Collecting the available installers uri: url: 'https://api.access.redhat.com/management/v1/images/cset/{{ aap_version }}' method: GET return_content: yes headers: Authorization: "Bearer {{ login.json.access_token }}" register: output - name: reversing downloader list set_fact: downloader_list: "{{ output.json.body | sort(attribute='imageName', reverse=True) }}" - name: Downloading the latest online installer "{{ downloader_list[1].imageName }}" get_url: url: "https://api.access.redhat.com/management/v1/images/{{ downloader_list[1].checksum }}/download" dest: ./ansible-automation-platform-latest-installer.tar.gz headers: Authorization: "Bearer {{ login.json.access_token }}" - name: Downloading the latest bundled installer "{{ downloader_list[0].imageName }}" get_url: url: "https://api.access.redhat.com/management/v1/images/{{ downloader_list[0].checksum }}/download" dest: ./ansible-automation-platform-latest-bundle-installer.tar.gz headers: Authorization: "Bearer {{ login.json.access_token }}"
With the playbook written, we can run the playbook passing the API token as an extra variable and the installer files will be downloaded on the current directory and may be used for installing Red Hat Ansible Automation Platform 2.x.
ansible-playbook installer_downloader.yml -e "offline_token=<api token value>"
E.g.:
PLAY [Installer Downloader] ******************************************************************************************************** TASK [Gathering Facts] ************************************************************************************************************* ok: [localhost] TASK [Checking For necessary variables] ******************************************************************************************** skipping: [localhost] TASK [Login to Red Hat APIs] ******************************************************************************************************* ok: [localhost] TASK [Collecting the available installers] ***************************************************************************************** ok: [localhost] TASK [reversing downloader list] *************************************************************************************************** ok: [localhost] TASK [Downloading the latest online installer "Ansible Automation Platform 2.0.1 Setup"] ******************************************* changed: [localhost] TASK [Downloading the latest bundled installer "Ansible Automation Platform 2.0.1 Setup Bundle"] *********************************** changed: [localhost] PLAY RECAP ************************************************************************************************************************* localhost : ok=6 changed=2 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 # # ls ansible-automation-platform-latest-* ansible-automation-platform-latest-bundle-installer.tar.gz ansible-automation-platform-latest-installer.tar.gz #
Managing Content in Red Hat Satellite
Now that we have the Red Hat Ansible Automation Platform 2.x Installer files downloaded, we can go one step further and make this content available in Satellite.
Why should we Manage Content with Satellite 6?
As Red Hat Satellite 6 manages content using a set of Content Views promoted across the application lifecycle, these content views eventually form the basis for provisioning and updating hosts in your Red Hat Satellite 6 environment.
This facilitates access to the installation files as well as management of the application lifecycle. Read more about it in Content View Management Guide.
For this next step, we will need to install the Certified Collection for Satellite provided by Red Hat.
Let's start by configuring the ansible.cfg with the Automation Hub source:
# vi ansible.cfg [galaxy] server_list = automation_hub, ansible_galaxy [galaxy_server.automation_hub] url=https://console.redhat.com/api/automation-hub/ auth_url=https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token token=my_ah_token [galaxy_server.ansible_galaxy] url=https://galaxy.ansible.com/ #
Note: Replace my_ah_token with the value generated at Connect to Hub
Next, let’s install both the collection and role:
# ansible-galaxy collection install redhat.satellite Process install dependency map Starting collection install process Installing 'redhat.satellite:2.1.2' to '/home/testing/.ansible/collections/ansible_collections/redhat/satellite' #
With the collection downloaded, we are ready to write your playbook and the required variables file.
# vi satellite_content_manager.yml --- - name: Configuring Content View in Satellite hosts: localhost vars_files: - vars.yml tasks: - name: "Creating product in Satellite" redhat.satellite.product: username: "{{ satellite_username }}" password: "{{ satellite_password }}" server_url: "{{ satellite_server_url }}" organization: "{{ satellite_organization }}" validate_certs: "{{ satellite_validate_certs | default('False') }}" name: "{{ satellite_product }}" state: present - name: "Creating repository" redhat.satellite.repository: username: "{{ satellite_username }}" password: "{{ satellite_password }}" server_url: "{{ satellite_server_url }}" organization: "{{ satellite_organization }}" validate_certs: "{{ satellite_validate_certs | default('False') }}" name: "{{ satellite_repository }}" content_type: file product: "{{ satellite_product }}" state: present - name: "Creating content view" redhat.satellite.content_view: username: "{{ satellite_username }}" password: "{{ satellite_password }}" server_url: "{{ satellite_server_url }}" organization: "{{ satellite_organization }}" validate_certs: "{{ satellite_validate_certs | default('False') }}" name: "{{ satellite_content_view_name }}" repositories: - name: "{{ satellite_repository }}" product: "{{ satellite_product }}" - name: "Uploading online installer to Satellite" redhat.satellite.content_upload: username: "{{ satellite_username }}" password: "{{ satellite_password }}" server_url: "{{ satellite_server_url }}" organization: "{{ satellite_organization }}" validate_certs: "{{ satellite_validate_certs | default('False') }}" src: "ansible-automation-platform-latest-installer.tar.gz" repository: "{{ satellite_repository }}" product: "{{ satellite_product }}" - name: "Uploading bundled installer to Satellite ( This task may take a while )" redhat.satellite.content_upload: username: "{{ satellite_username }}" password: "{{ satellite_password }}" server_url: "{{ satellite_server_url }}" organization: "{{ satellite_organization }}" validate_certs: "{{ satellite_validate_certs | default('False') }}" src: "ansible-automation-platform-latest-bundle-installer.tar.gz" repository: "{{ satellite_repository }}" product: "{{ satellite_product }}" # # vi vars.yml --- satellite_username: "admin" satellite_password: "changeme" satellite_server_url: "https://satellite.example.com" satellite_organization: "Default Organization" satellite_repository: "AAP Installer" satellite_product: "AAP" satellite_content_view_name: "AAP Installer"
Note: The vars.yml may be encrypted with ansible-vault to ensure its contents are not in clear text. Read more about Ansible Vault.
With our files ready, we can run the playbook and review the content created in Red Hat Satellite:
# ansible-playbook satellite_content_manager.yml
E.g.:
PLAY [Configuring Content View in Satellite] *************************************************************************************** TASK [Gathering Facts] *************************************************************************************** ok: [localhost] TASK [Creating product in Satellite] *************************************************************************************** changed: [localhost] TASK [Creating repository] *************************************************************************************** changed: [localhost] TASK [Creating content view] *************************************************************************************** changed: [localhost] TASK [Uploading online installer to Satellite] ************************************************************************************* changed: [localhost] TASK [Uploading bundled installer to Satellite ( This task may take a while )] ***************************************************** changed: [localhost] PLAY RECAP *************************************************************************************** localhost : ok=6 changed=5 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Satellite:
If you want this as a standalone Ansible role, check out my Galaxy repo. Red Hat provides no expressed support claims to the correctness of this code. All content is deemed unsupported unless otherwise specified.
Takeaways and where to go next
Now that you’ve successfully downloaded and published the Ansible Automation Platform 2.0 Installers into your Satellite Content Views, you are ready to install the Ansible Automation Platform into your systems manually or by adjusting your current automation with the new installer.
For more information about Ansible Automation Platform and Satellite, check out the following resources:
About the author
Lucas Benedito joined Red Hat in 2020, having worked as AIX Subject Matter Expert for seven years in IBM Brazil and Brno.
