Auto Patch schedule with Satellite 6.3 and Ansible Tower Part 3

From the previous 2 parts we have set up Satellite and created our Ansible Playbooks, now we want to put it all together on Tower by creating the Job Templates and Workflows to make this happen.

First we need to create the project in Tower, I am going to point it to my github repo but consider using this against your own SCM server.

Project.png

We also need to have a machine credential for the Linux boxes we will patch, I use a service account to log in and then su to root but do what makes sense for you

machine_cred.png

We will next want to have a satellite 6 credential

satellite-cred.png

Now we want to create a dynamic inventory to our Satellite server go to inventories

Create a new inventory call it Satellite

inventory.png

Now we can go into the Sources tab and add it in

I call the inventory source the name of the server this is a good idea especially if you are running capsule servers as well so you can easily see which is which

sat_dynamic.png

We now want to sync the inventory for the first time click into sources and you will see the source you just added in to the far right of it is 3 icons

click on the circular sync icon

sync inventory.png

The Sync will bring down all hosts and group from the Satellite serverĀ  lets take a look at the groups click on the groups tab to the left of the sources

groups

You will see it brings down a series of groups ( Your Content views, environments Hostgroups, Lifecycles, locations and orgs ) you will also notice they all start with a prefix of “foreman_” I will have another article after this to go over how to remove the prefix and also filter the results but for now we will stick to the defaults.

 

We now have our Project ( Repo ) Inventory Source and Machine credentials so we can now go ahead and create the Job Templates.

Click on Templates and then click on the green + add button

add_Template

We will create the Publish content playbook.

publish_content

Note I installed the Katello-CV-Manager on my satellite server and my playbook in the hosts section was set to the satellite server hostname, you can just as easily set that hosts: to all and then specify the server name in the limit field here or set it to a different hostname if you don’t want it on the satellite server. You should also know that the satellite server is in the list of hosts on the satellite server by default so I can do this with the dynamic inventory.

Next we will create our Promote job template so click on templates again and add a new one.

promote.png

Again we have limited this to our satellite server but notice in the Extra Variables I have added lifecycle: and I also set it to prompt on launch. The lifecycle variable is set in the playbook, as we only want 1 job template but to be able to use it for all lifecycle environments. If we were to manually run this now in Tower it would ask us for the lifecycle to promote as seen here.

prompt

 

You would simply replace the null with the lifecycle environment needed, However we will set this all up as a workflow later.

Next we want the patching job templates and we have 2 of them 1 for non ha and 1 for ha

Click back on templates and add in a new one

non-ha.png

I have ticked the prompt on launch button for the limit as we will be filling this out based on the environment and I also enabled privilege escalation, to patch a Linux server you need to have elevated rights, and this will enforce to use the become = true if it is left out of the playbook itself.

You want to make a job template the same as the one above but to use the HA playbook instead. ( Remember the HA one is set to run in serial )

patching_HA.png

We also need to have a template to schedule the next environment so lets create it as follows, and make sure we add into the extra variables the variable next_sat_env: and tick prompt on launch.

next_env

We now have all of our job templates created. When you click on Templates it should look similar to this ( Note I started all my job templates with Satellite_ as it’s just easier to identify them when you have other job templates for different roles. )

templates.png

We will create our first job workflow.

Click back on templates and add but select workflow template this time

workflow

We add the name and then save it

workflow_dev

After clicking on save the Workflow Visulalizer becomes available to click on

Click on the Green Start

We want to promote the content view first so select the promote job template and then click on the blue prompt button,

Workflow_Promote

as when we created this job template we selected prompt on launch for the extra vars we want to now fill this out also and change the lifecycle: to the name of the yml file in this case its rhel7dev

prompt_life

Click on Next and Confirm the changes to the prompt and then click on add

You can now hover over the promote and you will get 2 icons a green add and a red subtract,

add_non_ha

we want to click on the green add and then select the Satellite_Patch template

Note when we select it we get some run options we want to pick on success, This wont run if the promote fails for any reason which is what we would want.

Run_Option

 

When we created this job template we also set the limit to prompt on launch so lets click the blue prompt button again and specify our limit. I created 2 hostgroups for this demo in my satellite sever the non ha group is rhel7dev so in the limit field I will add it in as to how the dynamic inventory brought it down “foreman_hostgroup_rhel7_dev”

limit_prompt1

click next and confirm.

Next we want to add another after for the HA Patching do the same on Success only, so we only touch HA boxes if we get 100% success on the non HA patching.

In the limit prompt box I will now add in my hostgroup I have for my dev web ha group”foreman_hostgroup_dev_web_ha_group”

prompt_ha_limit

( You would have multiple HA Groups in a large environment and in this case for the limit you will specify the groups like so )

multiple_limit.png

And then finally add in the Satellite_Patch_Schedule template so the end result looks like this.

workflow_Complete

And Click Save

We want to create the other ones also, we can clone this one to make our life easier click on Templates and you will see the new workflow you just created click on the 2 paper icons to copy it

clone_workflow

When you clone it you will see it copy it including name but it has a date on it

cloned

Click on it to edit it and just change the name to to represent the next patching environment in my example its QA Click on the Workflow Visualizer and change all the prompts to reflect the QA Environment.

qa_name_Change.png

Take a note of the workflow template ID its in the address bar in my example mine is 83

https://tower.example.com/#/templates/workflow_job_template/83?template_search=page_size:20;order_by:name;type:workflow_job_template,job_template

We need this to be able to tell our previous workflow to schedule the next ( next being QA )

so go back to the Dev Workflow and in the Workflow Visualizer click on the Satellite_Patch_Schedule box and then click on the blue prompt button and fill out the next_sat_env.

sched

You can now replicate this for the other patches environments you have

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *