ptoal/product-demos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Satellite Demos (#41)

Browse Source 
* add satellite demos

* move satellite vars to setup.yml

* fix var

* fix playbook path

* remove async

* fix =

* fix condition

* fix lookup

* add credential

* update tools version

* fix scap role

* add satellite setup

* add satellite stuff

* remove local

* stupid

* stupid

* params

* these vars arent right

* these vars arent right

* add compliance workflow

* work on landing page

* work on landing page

* work on landing page

* landing page

* landing page

* landing page

* landing page

* landing page

* landing page

* landing page

* landing page

* landing page

* landing page

* landing page

* add files

* derp

* add link

* add link

* add link

* add link

* add link

* add link

* add link

* add link

* add link

* add link

* add link

* add link

* add link

* add ee

* add ee

* add ee

* fix landing page

* fix landing page

* fix landing page

* fix landing page

* fix landing page

* remove commented out sections

* remove default ee

* set local admin password

* set ee for fact scan

* fall back to default ee for patching

* check for valid org_id

* check for valid org_id

* no gpg

* no gpg

* add satllite stuff

* update cred type

* update cred type

* raw

* raw

* work on landing page

* work on landing page

* work on landing page

* landing page

* landing page

* landing page

* landing page

* landing page

* landing page

* landing page

* landing page

* landing page

* landing page

* landing page

* add files

* derp

* add link

* add link

* add link

* add link

* add link

* add link

* add link

* add link

* add link

* add link

* add link

* add link

* add link

* add ee

* add ee

* add ee

* fix landing page

* fix landing page

* fix landing page

* fix landing page

* fix landing page

* remove commented out sections

* remove default ee

* set local admin password

* set ee for fact scan

* fall back to default ee for patching

* check for valid org_id

* check for valid org_id

* no gpg

* no gpg

* add satllite stuff

* update cred type

* update cred type

* raw

* raw

* raw

* merge satellite

* fix vars

* fix vars

* fix vars

* fix vars

* add publish

* add lifecycle and actviation keys

* workaround for publish issue

* use module to publish

* use module to publish

* use module to publish

* use module to publish

* change sat version

* change sat version

* change sat version

* remove maint repos

* launch sat setup

* reorder

* reorder

* moar inventory

* add manifest refresh

* add telemetry

* run linux setup

* parent efcf729fa0
author willtome <willtome@gmail.com> 1663173584 -0400
committer willtome <willtome@gmail.com> 1668183942 -0500

parent efcf729fa0
author willtome <willtome@gmail.com> 1663173584 -0400
committer willtome <willtome@gmail.com> 1668183785 -0500

parent efcf729fa0
author willtome <willtome@gmail.com> 1663173584 -0400
committer willtome <willtome@gmail.com> 1668183318 -0500

parent efcf729fa0
author willtome <willtome@gmail.com> 1663173584 -0400
committer willtome <willtome@gmail.com> 1668182787 -0500

parent efcf729fa0
author willtome <willtome@gmail.com> 1663173584 -0400
committer willtome <willtome@gmail.com> 1668182651 -0500

add satellite demos

work on landing page

landing page

landing page

landing page

landing page

landing page

landing page

landing page

landing page

landing page

landing page

landing page

add files

derp

add link

add link

add link

add link

add link

add link

add link

add link

add link

add link

add link

add link

add ee

add ee

add ee

fix landing page

fix landing page

fix landing page

fix landing page

fix landing page

remove commented out sections

remove default ee

set local admin password

set ee for fact scan

fall back to default ee for patching

check for valid org_id

check for valid org_id

no gpg

no gpg

add satllite stuff

update cred type

update cred type

raw

raw

raw

add satellite demos

move satellite vars to setup.yml

fix var

fix playbook path

remove async

fix =

fix condition

fix lookup

add credential

update tools version

fix scap role

add satellite setup

add satellite stuff

remove local

stupid

stupid

params

these vars arent right

these vars arent right

add compliance workflow

work on landing page

work on landing page

work on landing page

landing page

landing page

landing page

landing page

landing page

landing page

landing page

landing page

landing page

landing page

landing page

add files

derp

add link

add link

add link

add link

add link

add link

add link

add link

add link

add link

add link

add link

add ee

add ee

add ee

fix landing page

fix landing page

fix landing page

fix landing page

fix landing page

remove commented out sections

remove default ee

set local admin password

set ee for fact scan

fall back to default ee for patching

check for valid org_id

check for valid org_id

no gpg

no gpg

update cred type

update cred type

raw

merge satellite

 fix vars

 fix vars

 fix vars

 fix vars

add publish

add lifecycle and actviation keys

workaround for publish issue

use module to publish

use module to publish

use module to publish

use module to publish

change sat version

change sat version

change sat version

remove maint repos

launch sat setup

reorder

reorder

moar inventory

add manifest refresh

add telemetry

run linux setup

* Updates to node1 (#42)

clean up satellite config
clean up server registration
add web console job

Co-authored-by: Calvin Smith <calvingsmith@users.noreply.github.com>

* add rhel 8 tailoring

* add ee

* dont verify certs

* Update setup.yml

* Update setup.yml

* what the heck

Co-authored-by: calvingsmith <4283930+calvingsmith@users.noreply.github.com>
Co-authored-by: Calvin Smith <calvingsmith@users.noreply.github.com>
This commit is contained in:
willtome
2023-01-19 10:17:45 -05:00
committed by GitHub
parent eeb1f2109c
commit a19615eaf3
40 changed files with 2934 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

202
collections/ansible_collections/demo/reporting/roles/report_server/files/css/new.css Normal file
View File

@@ -0,0 +1,202 @@
p.hostname {
color: #000000;
font-weight: bolder;
font-size: large;
margin: auto;
width: 50%;
}
#subtable {
background: #ebebeb;
margin: 0px;
width: 100%;
}
#subtable tbody tr td {
padding: 5px 5px 5px 5px;
}
#subtable thead th {
padding: 5px;
}
* {
-moz-box-sizing: border-box;
-webkit-box-sizing: border-box;
box-sizing: border-box;
font-family: "Open Sans", "Helvetica";
}
a {
color: #000000;
}
p {
color: #ffffff;
}
h1 {
text-align: center;
color: #ffffff;
}
body {
background:#353a40;
padding: 0px;
margin: 0px;
font-family: "Helvetica Neue", Helvetica, Arial, sans-serif;
}
table {
border-collapse: separate;
background:#fff;
@include border-radius(5px);
@include box-shadow(0px 0px 5px rgba(0,0,0,0.3));
}
.main_net_table {
margin:50px auto;
}
thead {
@include border-radius(5px);
}
thead th {
font-size:16px;
font-weight:400;
color:#fff;
@include text-shadow(1px 1px 0px rgba(0,0,0,0.5));
text-align:left;
padding:20px;
border-top:1px solid #858d99;
background: #353a40;
&:first-child {
@include border-top-left-radius(5px);
}
&:last-child {
@include border-top-right-radius(5px);
}
}
tbody tr td {
font-weight:400;
color:#5f6062;
font-size:13px;
padding:20px 20px 20px 20px;
border-bottom:1px solid #e0e0e0;
}
tbody tr:nth-child(2n) {
background:#f0f3f5;
}
tbody tr:last-child td {
border-bottom:none;
&:first-child {
@include border-bottom-left-radius(5px);
}
&:last-child {
@include border-bottom-right-radius(5px);
}
}
td {
vertical-align: top;
}
span.highlight {
background-color: yellow;
}
.expandclass {
color: #5f6062;
}
.content{
display:none;
margin: 10px;
}
header {
width: 100%;
position: initial;
float: initial;
padding: 0;
margin: 0;
border-radius: 0;
height: 88px;
background-color: #171717;
}
.header-container {
margin: 0 auto;
width: 100%;
height: 100%;
max-width: 1170px;
padding: 0;
float: initial;
display: flex;
align-items: center;
}
.header-logo {
width: 137px;
border: 0;
margin: 0;
margin-left: 15px;
}
.header-link {
margin-left: 40px;
text-decoration: none;
cursor: pointer;
text-transform: uppercase;
font-size: 15px;
font-family: 'Red Hat Text';
font-weight: 500;
}
.header-link:hover {
text-shadow: 0 0 0.02px white;
text-decoration: none;
}
table.net_info td {
padding: 5px;
}
p.expandclass:hover {
text-decoration: underline;
color: #EE0000;
cursor: pointer;
}
.summary_info {
}
.ui-state-active, .ui-widget-content .ui-state-active, .ui-widget-header .ui-state-active, a.ui-button:active, .ui-button:active, .ui-button.ui-state-active:hover {
border: 1px solid #5F0000;
background: #EE0000;
}
div#net_content {
padding: 0px;
height: auto !important;
}
img.router_image {
vertical-align: middle;
padding: 0px 10px 10px 10px;
width: 50px;
}
table.net_info {
width: 100%;
}
p.internal_label {
color: #000000;
}

48
collections/ansible_collections/demo/reporting/roles/report_server/files/redhat-ansible-logo.svg Normal file
View File

@@ -0,0 +1,48 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Generator: Adobe Illustrator 24.0.3, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<svg version="1.1" id="Logos" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
width="930.2px" height="350px" viewBox="0 0 930.2 350" style="enable-background:new 0 0 930.2 350;" xml:space="preserve">
<style type="text/css">
.st0{fill:#FFFFFF;}
.st1{fill:#EE0000;}
</style>
<title>Logo-Red_Hat-Ansible_Automation_Platform-A-Reverse-RGB</title>
<path class="st0" d="M383.3,228.5h18.8L446,335.7h-17.5l-12.4-31.4h-48l-12.6,31.4h-16.7L383.3,228.5z M410.9,291l-18.7-47l-18.7,47
H410.9z"/>
<path class="st0" d="M455.2,257.7h15.3v7.8c6.2-6.2,14.7-9.6,23.5-9.3c17.9,0,30.5,12.4,30.5,30.5v49h-15.3v-46.5
c0-12.3-7.5-19.8-19.3-19.8c-7.8-0.3-15.1,3.6-19.3,10.1v56.1h-15.3V257.7z"/>
<path class="st0" d="M543,315.5c8.1,6.4,16.7,9.8,25.4,9.8c11,0,18.7-4.8,18.7-11.7c0-5.5-4-8.7-12.6-10l-14.1-2
c-15.5-2.3-23.3-9.5-23.3-21.6c0-14.1,12.3-23.6,30.5-23.6c11.3-0.1,22.3,3.4,31.5,9.9l-7.8,10.1c-8.6-5.7-16.4-8.1-24.7-8.1
c-9.3,0-15.6,4.3-15.6,10.6c0,5.7,3.7,8.4,12.9,9.8l14.1,2c15.5,2.3,23.6,9.7,23.6,21.7c0,14-14.1,24.5-32.6,24.5
c-13.5,0-25.6-4-34.2-11.5L543,315.5z"/>
<path class="st0" d="M611.6,235.6c0-5.2,4.1-9.4,9.3-9.5c0,0,0,0,0,0c5.2-0.2,9.7,3.9,9.9,9.1c0.2,5.2-3.9,9.7-9.1,9.9
c-0.2,0-0.5,0-0.7,0C615.8,245.1,611.6,240.9,611.6,235.6C611.6,235.7,611.6,235.7,611.6,235.6z M628.6,335.7h-15.3v-78h15.3V335.7z
"/>
<path class="st0" d="M685.5,336.9c-8.5,0-16.8-2.7-23.6-7.8v6.6h-15.2V228.5l15.3-3.4v40c6.6-5.6,15.1-8.7,23.7-8.6
c22.1,0,39.4,17.7,39.4,40.1C725.2,319.1,707.9,336.9,685.5,336.9z M662,279.2v35.2c4.9,5.7,13,9.2,21.8,9.2
c15,0,26.4-11.5,26.4-26.8c0-15.3-11.5-27-26.4-27C674.9,269.8,667.1,273.2,662,279.2z"/>
<path class="st0" d="M755,335.7h-15.3V228.5l15.3-3.4V335.7z"/>
<path class="st0" d="M810.5,337.1c-23,0-40.9-17.7-40.9-40.4c0-22.5,17.2-40.1,39.1-40.1c21.5,0,37.7,17.8,37.7,40.8v4.4h-61.6
c2,13,13.2,22.5,26.4,22.4c7.2,0.2,14.2-2.3,19.8-6.8l9.8,9.7C832.1,333.7,821.5,337.4,810.5,337.1z M784.9,290.2h46.3
c-2.3-11.9-11.5-20.8-22.8-20.8C796.5,269.4,787.2,277.8,784.9,290.2z"/>
<path class="st1" d="M202.8,137.5c18.4,0,45.1-3.8,45.1-25.7c0.1-1.7-0.1-3.4-0.5-5l-11-47.7c-2.5-10.5-4.8-15.2-23.2-24.5
c-14.3-7.3-45.5-19.4-54.7-19.4c-8.6,0-11.1,11.1-21.3,11.1c-9.8,0-17.1-8.3-26.4-8.3c-8.8,0-14.6,6-19,18.4c0,0-12.4,34.9-14,40
c-0.3,0.9-0.4,1.9-0.4,2.9C77.6,92.9,131.1,137.5,202.8,137.5 M250.8,120.7c2.5,12.1,2.5,13.3,2.5,14.9c0,20.6-23.2,32.1-53.7,32.1
c-69,0-129.3-40.3-129.3-67c0-3.7,0.8-7.4,2.2-10.8c-24.8,1.3-56.9,5.7-56.9,34c0,46.4,109.9,103.5,196.9,103.5
c66.7,0,83.5-30.2,83.5-54C296.1,154.6,279.9,133.4,250.8,120.7"/>
<path d="M250.7,120.7c2.5,12.1,2.5,13.3,2.5,14.9c0,20.6-23.2,32.1-53.7,32.1c-69,0-129.3-40.3-129.3-67c0-3.7,0.8-7.4,2.2-10.8
l5.4-13.3c-0.3,0.9-0.4,1.9-0.4,2.8c0,13.6,53.5,58.1,125.2,58.1c18.4,0,45.1-3.8,45.1-25.7c0.1-1.7-0.1-3.4-0.5-5L250.7,120.7z"/>
<path class="st0" d="M869.1,151.2c0,17.5,10.5,26,29.7,26c5.9-0.1,11.8-1,17.5-2.5v-20.3c-3.7,1.2-7.5,1.7-11.3,1.7
c-7.9,0-10.8-2.5-10.8-9.9v-31.1h22.9V94.2h-22.9V67.7l-25,5.4v21.1h-16.6v20.9h16.6L869.1,151.2z M791,151.7
c0-5.4,5.4-8.1,13.6-8.1c5,0,10,0.7,14.9,1.9V156c-4.8,2.6-10.2,3.9-15.6,3.9C795.9,159.9,791.1,156.8,791,151.7 M798.7,177.5
c8.8,0,16-1.9,22.6-6.3v5h24.8v-52.5c0-20-13.5-30.9-35.9-30.9c-12.6,0-25,2.9-38.3,9l9,18.4c9.6-4,17.7-6.5,24.8-6.5
c10.3,0,15.6,4,15.6,12.2v4c-6.1-1.6-12.3-2.4-18.6-2.3c-21.1,0-33.8,8.8-33.8,24.6C768.9,166.6,780.4,177.6,798.7,177.5
M662.5,176.2h26.7v-42.5h44.6v42.5h26.7V67.7h-26.6v41.7h-44.6V67.7h-26.7L662.5,176.2z M561,135.1c0-11.8,9.3-20.8,21.5-20.8
c6.4-0.1,12.6,2.1,17.4,6.4v28.6c-4.7,4.4-10.9,6.7-17.4,6.5C570.5,155.8,561,146.8,561,135.1 M600.2,176.1H625V62.3l-25,5.4v30.8
c-6.4-3.6-13.6-5.5-20.9-5.4c-23.9,0-42.6,18.4-42.6,42c-0.3,23,18.1,41.9,41.1,42.2c0.2,0,0.5,0,0.7,0c7.9,0,15.6-2.5,22-7.1V176.1
z M486.5,113.2c7.9,0,14.6,5.1,17.2,13h-34.2C471.9,118,478.2,113.2,486.5,113.2 M444.2,135.2c0,23.9,19.5,42.5,44.6,42.5
c13.8,0,23.9-3.7,34.3-12.4l-16.6-14.7c-3.9,4-9.6,6.2-16.4,6.2c-8.8,0.2-16.8-4.9-20.2-13h58.4v-6.2c0-26-17.5-44.8-41.4-44.8
c-23.2-0.4-42.4,18.2-42.7,41.5C444.2,134.6,444.2,134.9,444.2,135.2 M400.9,90.5c8.8,0,13.8,5.6,13.8,12.2s-5,12.2-13.8,12.2h-26.3
V90.5H400.9z M347.9,176.2h26.7v-39.5h20.3l20.5,39.5h29.7l-23.9-43.4c12.4-5,20.5-17.1,20.4-30.5c0-19.5-15.3-34.5-38.3-34.5H348
L347.9,176.2z"/>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 4.3 KiB

BIN
collections/ansible_collections/demo/reporting/roles/report_server/files/report.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.0 KiB

BIN
collections/ansible_collections/demo/reporting/roles/report_server/files/webpage_logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 45 KiB

34
collections/ansible_collections/demo/reporting/roles/report_server/tasks/linux_landing_page.yml Normal file
View File

@@ -0,0 +1,34 @@
---
- include_vars: "{{ ansible_system }}.yml"
- name: get reports
ansible.builtin.find:
paths: "{{ doc_root }}/{{ reports_dir }}"
patterns: '*.html'
register: reports
check_mode: no
- name: publish landing page
ansible.builtin.template:
src: linux_report.j2
dest: "{{ doc_root }}/index.html"
check_mode: no
- name: copy CSS over
ansible.builtin.copy:
src: "css"
dest: "{{ doc_root }}"
directory_mode: true
check_mode: no
- name: copy logos over
ansible.builtin.copy:
src: "{{ item }}"
dest: "{{ doc_root }}"
directory_mode: true
loop:
- "webpage_logo.png"
- "redhat-ansible-logo.svg"
- "report.png"
check_mode: no

6
collections/ansible_collections/demo/reporting/roles/report_server/tasks/main.yml Normal file
View File

@@ -0,0 +1,6 @@
---
- include_tasks: apache.yml
when: ansible_system == 'Linux'
- include_tasks: iis.yml
when: ansible_system == 'Win32NT'

34
collections/ansible_collections/demo/reporting/roles/report_server/tasks/windows_landing_page.yml Normal file
View File

@@ -0,0 +1,34 @@
---
- include_vars: "{{ ansible_system }}.yml"
- name: get reports
ansible.windows.win_find:
paths: "{{ doc_root }}/{{ reports_dir }}"
patterns: '*.html'
register: reports
check_mode: no
- name: publish landing page
ansible.builtin.win_template:
src: windows_report.j2
dest: "{{ doc_root }}/index.html"
check_mode: no
- name: copy CSS over
ansible.builtin.win_copy:
src: "css"
dest: "{{ doc_root }}"
directory_mode: true
check_mode: no
- name: copy logos over
ansible.builtin.win_copy:
src: "{{ item }}"
dest: "{{ doc_root }}"
directory_mode: true
loop:
- "webpage_logo.png"
- "redhat-ansible-logo.svg"
- "report.png"
check_mode: no

15
collections/ansible_collections/demo/reporting/roles/report_server/templates/header.j2 Normal file
View File

@@ -0,0 +1,15 @@
<div class="wrapper">
<header>
<div class="header-container">
<a href="https://ansible.com">
<img
class="header-logo"
src="redhat-ansible-logo.svg"
title="Red Hat Ansible"
alt="Red Hat Ansible"
/>
</a>
</div>
</header>

42
collections/ansible_collections/demo/reporting/roles/report_server/templates/linux_report.j2 Normal file
View File

@@ -0,0 +1,42 @@
<!DOCTYPE html>
<html>
<head>
<title> Ansible Linux Automation Report </title>
<link rel="stylesheet" type="text/css" href="//fonts.googleapis.com/css?family=Open+Sans" />
<link rel="stylesheet" href="//code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css">
<link rel="stylesheet" href="css/new.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js"></script>
<script src="https://code.jquery.com/jquery-1.12.4.js"></script>
<script src="https://code.jquery.com/ui/1.12.1/jquery-ui.js"></script>
<script src="https://www.kryogenix.org/code/browser/sorttable/sorttable.js"></script>
</head>
<body>
<div class="wrapper">
{% include 'header.j2' %}
<section>
<center>
<h1>Ansible Automation Reports</h1>
<h3><input type="search" placeholder="Search..." class="form-control search-input" data-table="main_net_table"/>
</center>
<table class="table table-striped mt32 main_net_table">
<tbody>
{% for report in reports.files %}
{% set page = report.path.split('/')[-1] %}
<tr>
<td class="summary_info">
<div id="hostname">
<p class="hostname"> <img class="router_image" src="report.png"></p>
</div>
</td>
<td>
<a href="{{ reports_dir }}/{{ page }}"> {{ page }} <a>
</td>
{% endfor %}
</tbody>
</table>
<center><p>Created with</p><br><img src="webpage_logo.png" width="300">
</center>
</section>
</div>
</body>
</html>

42
collections/ansible_collections/demo/reporting/roles/report_server/templates/windows_report.j2 Normal file
View File

@@ -0,0 +1,42 @@
<!DOCTYPE html>
<html>
<head>
<title> Ansible Linux Automation Report </title>
<link rel="stylesheet" type="text/css" href="//fonts.googleapis.com/css?family=Open+Sans" />
<link rel="stylesheet" href="//code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css">
<link rel="stylesheet" href="css/new.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js"></script>
<script src="https://code.jquery.com/jquery-1.12.4.js"></script>
<script src="https://code.jquery.com/ui/1.12.1/jquery-ui.js"></script>
<script src="https://www.kryogenix.org/code/browser/sorttable/sorttable.js"></script>
</head>
<body>
<div class="wrapper">
{% include 'header.j2' %}
<section>
<center>
<h1>Ansible Automation Reports</h1>
<h3><input type="search" placeholder="Search..." class="form-control search-input" data-table="main_net_table"/>
</center>
<table class="table table-striped mt32 main_net_table">
<tbody>
{% for report in reports.files %}
{% set page = report.path.split('\\')[-1] %}
<tr>
<td class="summary_info">
<div id="hostname">
<p class="hostname"> <img class="router_image" src="report.png"></p>
</div>
</td>
<td>
<a href="{{ reports_dir }}/{{ page }}"> {{ page }} <a>
</td>
{% endfor %}
</tbody>
</table>
<center><p>Created with</p><br><img src="webpage_logo.png" width="300">
</center>
</section>
</div>
</body>
</html>

3
collections/ansible_collections/demo/reporting/roles/report_server/vars/Win32NT.yml Normal file
View File

@@ -0,0 +1,3 @@
---
doc_root: C:\Inetpub\wwwroot
reports_dir: reports

4
collections/ansible_collections/demo/satellite/roles/register_host/defaults/main.yml Normal file
View File

@@ -0,0 +1,4 @@
---
instance_name: "{{ inventory_hostname | regex_replace('_','-') }}"
activation_key: "{{ 'RHEL' + ansible_distribution_major_version + '_' + env }}"
rex_user: root # "{{ ansible_user }}"

67
collections/ansible_collections/demo/satellite/roles/register_host/tasks/main.yml Normal file
View File

@@ -0,0 +1,67 @@
---
- name: verify operating system
assert:
that:
- ansible_os_family == 'RedHat'
- (ansible_distribution_major_version == '7') or (ansible_distribution_major_version == '8')
- name: set hostname
hostname:
name: "{{ instance_name }}"
- name: remove rhui client packages
yum:
name:
- google-rhui-client*
- rh-amazon-rhui-client*
state: removed
- name: get current repos
command:
cmd: ls /etc/yum.repos.d/
register: repos
changed_when: False
- name: remove existing rhui repos
file:
path: "/etc/yum.repos.d/{{ item }}"
state: absent
loop: "{{ repos.stdout_lines }}"
- name: install satellite certificate
yum:
name: "{{ satellite_url }}/pub/katello-ca-consumer-latest.noarch.rpm"
state: present
validate_certs: no
disable_gpg_check: true
- name: register system via subscription-mangler
redhat_subscription:
state: present
activationkey: "{{ activation_key }}"
consumer_name: "{{ instance_name }}"
org_id: "{{ org_id | default('Default_Organization')}}"
throttle: 1
- name: include repos
include_vars: "vars/{{ ansible_distribution + ansible_distribution_major_version }}.yml"
- name: enable repos
rhsm_repository:
name: "{{ rhsm_enabled_repos }}"
state: enabled
- name: install satellite client
yum:
name:
- katello-host-tools
- katello-host-tools-tracer
state: latest
- name: enable remote execution
authorized_key:
user: "{{ rex_user }}"
state: present
key: "{{ satellite_url }}:9090/ssh/pubkey"
validate_certs: no

4
collections/ansible_collections/demo/satellite/roles/register_host/vars/RedHat7.yml Normal file
View File

@@ -0,0 +1,4 @@
---
rhsm_enabled_repos:
- rhel-7-server-rpms
#- rhel-7-server-satellite-maintenance-6.11-rpms

5
collections/ansible_collections/demo/satellite/roles/register_host/vars/RedHat8.yml Normal file
View File

@@ -0,0 +1,5 @@
---
rhsm_enabled_repos:
- rhel-8-for-x86_64-baseos-rpms
- rhel-8-for-x86_64-appstream-rpms
- satellite-client-6-for-rhel-8-x86_64-rpms

17
collections/ansible_collections/demo/satellite/roles/scap_client/Changelog.md Normal file
View File

@@ -0,0 +1,17 @@
# Change Log
All notable changes to this project will be documented in this file.
## [0.0.1] - 20/03/2018 - First Release
### Added
- Install required packages
- Obtain data from satellite API
- Configure crontab and config.yaml
### Changed
### Removed
### Pending
- Allow a list of policies to be applied (only one is allowed at the moment)
- Get schedule from the policy instead of configure it using parameters
- Configure URI tasks to ask capsule instead of Satellite (for hosts without network access to the satellite api)
- Add tests to vars to be correctly formatted

21
collections/ansible_collections/demo/satellite/roles/scap_client/LICENSE Normal file
View File

@@ -0,0 +1,21 @@
MIT License
Copyright (c) 2018 morenod
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

45
collections/ansible_collections/demo/satellite/roles/scap_client/README.md Normal file
View File

@@ -0,0 +1,45 @@
# Openscap client configuration Role
## About
Role created to configure a client to execute openscap policies based on the information obtained from a Red Hat Satellite/Foreman Host.
Steps and configuration changes obtained from the [foreman_scap_client puppet module](https://github.com/theforeman/puppet-foreman_scap_client)
The role has to be executed with root permission, using the root user or via sudo because it will modify system parameters.
## Ansible Requirements
RPM Repositories have to be enabled and containing required packages.
## Configuration parameters
### Required vars to be overwritten
- `satellite_server`: Used to obtain policy parameters
- `satellite_username`: Used to obtain policy parameters
- `satellite_password`: Used to obtain policy parameters
- `capsule_server`: Used to configure openscap client config.yaml file
- `capsule_port`: Used to configure openscap client config.yaml file
- `policy_name`: Name of the SCAP Policy to be configured
## Example playbook
```yml
---
- name: openscap client
hosts: <<host list>>
remote_user: <<user>>
gather_facts: true
become: yes
become_user: root
become_method: sudo
vars:
satellite_server: satellite.example.com
satellite_username`: admin
satellite_password`: verycomplexpassword
capsule_server`: capsule.example.com
policy_name`: 'rhel7-pci'
roles:
- ansible-ipaRegister
```

12
collections/ansible_collections/demo/satellite/roles/scap_client/defaults/main.yaml Normal file
View File

@@ -0,0 +1,12 @@
foreman_server_url: "{{ lookup('env', 'SATELLITE_SERVER') }}"
foreman_username: "{{ lookup('env', 'SATELLITE_USERNAME') }}"
foreman_password: "{{ lookup('env', 'SATELLITE_PASSWORD') }}"
foreman_validate_certs: "{{ lookup('env', 'FOREMAN_VALIDATE_CERTS') | default(true) }}"
capsule_server: "{{ foreman_server_url }}"
capsule_port: '9090'
policy_name: 'all'
policy_scan: "{{ policy_name }}"
crontab_hour: 2
crontab_minute: 0
crontab_weekdays: 0
foreman_operations_scap_client_secure_logging: true

3
collections/ansible_collections/demo/satellite/roles/scap_client/meta/main.yml Normal file
View File

@@ -0,0 +1,3 @@
galaxy_info:
author: morenod
description: Role created to configure a client to execute openscap policies based on the information obtained from a Red Hat Satellite/Foreman Host.

85
collections/ansible_collections/demo/satellite/roles/scap_client/tasks/main.yaml Normal file
View File

@@ -0,0 +1,85 @@
---
- name: Install openscap client packages
yum:
name:
- openscap-scanner
- rubygem-foreman_scap_client
state: present
- name: Get Policy parameters
uri:
url: "{{ foreman_server_url }}/api/v2/compliance/policies"
method: GET
user: "{{ foreman_username }}"
password: "{{ foreman_password }}"
force_basic_auth: yes
body_format: json
validate_certs: False
register: policies
no_log: "{{ foreman_operations_scap_client_secure_logging }}"
- name: Build policy {{ policy_name }} parameters
set_fact:
policy: "{{ policy | default([]) }} + {{ [item] }}"
loop: "{{policies.json.results}}"
when: item.name in policy_name or policy_name == 'all'
- name: Fail if no policy found with required name
fail:
when: policy is not defined
- name: Get scap content information
uri:
url: "{{ foreman_server_url }}/api/v2/compliance/scap_contents/{{item.scap_content_id}}"
method: GET
user: "{{ foreman_username }}"
password: "{{ foreman_password }}"
force_basic_auth: yes
body_format: json
validate_certs: False
register: scapcontents
loop: "{{ policy }}"
no_log: "{{ foreman_operations_scap_client_secure_logging }}"
- name: Get tailoring content information
uri:
url: "{{ foreman_server_url }}/api/v2/compliance/tailoring_files/{{item.tailoring_file_id}}"
method: GET
user: "{{ foreman_username }}"
password: "{{ foreman_password }}"
force_basic_auth: yes
body_format: json
validate_certs: False
register: tailoringfiles
when: item.tailoring_file_id | int > 0 | d(False)
loop: "{{ policy }}"
no_log: "{{ foreman_operations_scap_client_secure_logging }}"
- name: Build scap content parameters
set_fact:
scap_content: "{{ scap_content | default({}) | combine({item.json.id: item.json }) }}"
loop: "{{ scapcontents.results }}"
- name: Build tailoring content parameters
set_fact:
tailoring_files: "{{ tailoring_files | default({}) | combine({item.json.id: item.json }) }}"
when: item.json is defined
loop: "{{ tailoringfiles.results }}"
- name: Apply openscap client configuration template
template:
src: openscap_client_config.yaml.j2
dest: /etc/foreman_scap_client/config.yaml
mode: 0644
owner: root
group: root
#- name: Configure execution crontab
# cron:
# name: "Openscap Execution"
# cron_file: 'foreman_openscap_client'
# job: '/usr/bin/foreman_scap_client {{policy.id}} > /dev/null'
# weekday: "{{crontab_weekdays}}"
# hour: "{{crontab_hour}}"
# minute: "{{crontab_minute}}"
# user: root

47
collections/ansible_collections/demo/satellite/roles/scap_client/templates/openscap_client_config.yaml.j2 Normal file
View File

@@ -0,0 +1,47 @@
# Foreman proxy to which reports should be uploaded
:server: {{ capsule_server | urlsplit('hostname') }}
:port: {{ capsule_port }}
## SSL specific options ##
# Client CA file.
# It could be Puppet CA certificate (e.g., '/var/lib/puppet/ssl/certs/ca.pem')
# Or (recommended for client reporting to Katello) subscription manager CA file, (e.g., '/etc/rhsm/ca/katello-server-ca.pem')
:ca_file: '/etc/rhsm/ca/katello-server-ca.pem'
# Client host certificate.
# It could be Puppet agent host certificate (e.g., '/var/lib/puppet/ssl/certs/myhost.example.com.pem')
# Or (recommended for client reporting to Katello) consumer certificate (e.g., '/etc/pki/consumer/cert.pem')
:host_certificate: '/etc/pki/consumer/cert.pem'
#
# Client private key
# It could be Puppet agent private key (e.g., '/var/lib/puppet/ssl/private_keys/myhost.example.com.pem')
# Or (recommended for client reporting to Katello) consumer private key (e.g., '/etc/pki/consumer/key.pem')
:host_private_key: '/etc/pki/consumer/key.pem'
# policy (key is id as in Foreman)
{% for item in policy %}
{{ item.id }}:
{% if item.tailoring_file_id | int > 0 | d(False) %}
{% for profile in tailoring_files[item.tailoring_file_id].tailoring_file_profiles %}
{% if profile.id == item.tailoring_file_profile_id %}
:profile: {{profile.profile_id}}
{% endif%}
{% endfor %}
:content_path: '/var/lib/openscap/content/{{scap_content[item.scap_content_id].digest}}.xml'
# Download path
# A path to download SCAP content from proxy
:download_path: '/compliance/policies/{{item.id}}/content/{{scap_content[item.scap_content_id].digest}}'
:tailoring_path: '/var/lib/openscap/content/{{tailoring_files[item.tailoring_file_id].digest}}.xml'
:tailoring_download_path: '/compliance/policies/{{item.id}}/tailoring/{{tailoring_files[item.tailoring_file_id].digest}}'
{% else %}
{% for profile in scap_content[item.scap_content_id].scap_content_profiles %}
{% if profile.id == item.scap_content_profile_id %}
:profile: {{profile.profile_id}}
{% endif%}
{% endfor %}
:content_path: '/var/lib/openscap/content/{{scap_content[item.scap_content_id].digest}}.xml'
# Download path
# A path to download SCAP content from proxy
:download_path: '/compliance/policies/{{item.id}}/content/{{scap_content[item.scap_content_id].digest}}'
:tailoring_path: ''
:tailoring_download_path: ''
{% endif %}
{% endfor %}

4
collections/requirements.yml
View File

@@ -23,6 +23,9 @@ collections:
version: 1.13.0
- name: amazon.aws
version: 3.1.1
#satellite
- name: redhat.satellite
version: 3.3.0
#network
- name: cisco.ios
version: 3.1.0
@@ -30,4 +33,3 @@ collections:
version: 3.0.0
- name: cisco.iosxr
version: 3.0.0

9
linux/ec2_register.yml
View File

@@ -40,6 +40,7 @@
name: "https://{{ sat_url }}/pub/katello-ca-consumer-latest.noarch.rpm"
state: present
validate_certs: no
disable_gpg_check: true
when: sat_url is defined
- name: manage repos with subscription mangler
@@ -54,12 +55,6 @@
activationkey: "{{ activation_key }}"
org_id: "{{ org_id }}"
- name: disable htb repo
community.general.rhsm_repository:
name: rhel-7-server-htb*
state: disabled
ignore_errors: yes
- name: configure Red Hat insights
import_role:
name: redhat.insights.insights_client
@@ -68,4 +63,4 @@
insights_tags:
env: "{{ env }}"
purpose: demo
group: "{{ ansible_group }}"
group: "{{ insights_tag }}"

71
linux/setup.yml
View File

@@ -11,7 +11,7 @@ controller_components:
- job_templates
controller_credential_types:
- name: "Insights Collection"
- name: Insights Collection
kind: cloud
inputs:
fields:
@@ -34,6 +34,13 @@ controller_credentials:
inputs:
insights_user: REPLACEME
insights_password: REPLACEME
- name: Satellite Inventory
credential_type: Red Hat Satellite 6
organization: Default
inputs:
host: https://satellite.example.com
username: admin
password: ansible123!
controller_inventory_sources:
- name: Insights Inventory
@@ -42,6 +49,25 @@ controller_inventory_sources:
source_project: Ansible official demo project
source_path: linux/inventory.insights.yml
credential: Insights Inventory
- name: Satellite Inventory
inventory: Workshop Inventory
source: satellite6
overwrite: true
credential: Satellite Inventory
source_vars:
hostnames:
- name.split('.')[0]
groups:
patch_bugs: foreman_content_facet_attributes.errata_counts.bugfix
patch_enhancements: foreman_content_facet_attributes.errata_counts.enhancement
patch_security: foreman_content_facet_attributes.errata_counts.security
keyed_groups:
- prefix: env
key: foreman_content_facet_attributes.lifecycle_environment_name
- prefix: cv
key: foreman_content_facet_attributes.content_view_name
- prefix: os
key: foreman_operatingsystem_name
controller_templates:
@@ -57,8 +83,9 @@ controller_templates:
- "Workshop Credential"
survey_enabled: true
extra_vars:
activation_key: undef
org_id: undef
activation_key: !unsafe "RHEL{{ ansible_distribution_major_version }}_{{ env }}"
org_id: Default_Organization
sat_url: satellite.example.com
survey:
name: ''
description: ''
@@ -77,7 +104,7 @@ controller_templates:
required: true
- question_name: Ansible Inventory Group (and Insights tag) to be created
type: text
variable: ansible_group
variable: insights_tag
required: true
- name: "LINUX / Troubleshoot"
@@ -135,6 +162,7 @@ controller_templates:
inventory: "Workshop Inventory"
project: "Ansible official demo project"
playbook: "linux/patching.yml"
execution_environment: Default execution environment
notification_templates_started: Telemetry
notification_templates_success: Telemetry
notification_templates_error: Telemetry
@@ -230,6 +258,7 @@ controller_templates:
project: "Ansible official demo project"
playbook: linux/fact_scan.yml
inventory: Workshop Inventory
execution_environment: Default execution environment
notification_templates_started: Telemetry
notification_templates_success: Telemetry
notification_templates_error: Telemetry
@@ -295,6 +324,40 @@ controller_templates:
variable: HOSTS
required: true
- name: "LINUX / Install web console"
job_type: run
inventory: "Workshop Inventory"
project: "Ansible official demo project"
playbook: "linux/system_roles.yml"
notification_templates_started: Telemetry
notification_templates_success: Telemetry
notification_templates_error: Telemetry
diff_mode: yes
ask_job_type_on_launch: yes
extra_vars:
system_roles:
- cockpit
credentials:
- "Workshop Credential"
survey_enabled: true
survey:
name: ''
description: ''
spec:
- question_name: Server Name or Pattern
type: text
variable: HOSTS
required: true
- question_name: Cockpit package load
type: multiplechoice
variable: cockpit_packages
default: minimal
choices:
- default
- minimal
- full
required: true
- name: "LINUX / Compliance Enforce"
job_type: run
inventory: "Workshop Inventory"

27
satellite/README.md Normal file
View File

@@ -0,0 +1,27 @@
# Satellite Demos
## Table of Contents
- [Satellite Demos](#satellite-demos)
- [Table of Contents](#table-of-contents)
- [About These Demos](#about-these-demos)
- [Jobs](#jobs)
- [Inventory](#inventory)
- [Suggested Usage](#suggested-usage)
## About These Demos
This category of demos shows examples of linux operations and management with Ansible Automation Platform and Red Hat Satellite Server. The list of demos can be found below. See the [Suggested Usage](#suggested-usage) section of this document for recommendations on how to best use these demos.
### Jobs
- [**LINUX / Register with Satellite**](server_register.yml) - Register a RHEL server with Red Hat Satellite.
- [**LINUX / Compliance Scan with Satellite**](server_openscap.yml) - Run OpenSCAP scan and report to Satellite.
- [**SATELLITE / Publish Content View Version**](satellite_publish.yml) - Publish a new version of a content view.
- [**SATELLITE / Promote Content View Version**](satellite_promote.yml) - Promote a content view version to the next lifecycle environment.
### Inventory
A dymanic inventory is created to pull inventory hosts from Red Hat Satellite. Groups will automatically be created
## Suggested Usage
**Linux / Register with Satellite** - Register a server with Red Hat Satellite using an activation key in the format `RHEL<major version>_<environment>`.
**SATELLITE / Publish Content View Version** - Publish a new version of a content view to start a patching process. By default this will publish the version and promote to the 'Dev' environment.

61
satellite/files/ssg-rhel7-ds-tailoring.xml Normal file
View File

@@ -0,0 +1,61 @@
<?xml version="1.0" encoding="UTF-8"?>
<xccdf:Tailoring xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2" id="xccdf_scap-workbench_tailoring_default">
<xccdf:benchmark href="/tmp/scap-workbench-iwLkek/ssg-rhel7-ds.xml"/>
<xccdf:version time="2022-07-21T09:19:44">1</xccdf:version>
<xccdf:Profile id="xccdf_org.ssgproject.content_profile_stig_customized" extends="xccdf_org.ssgproject.content_profile_stig">
<xccdf:title xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US" override="true">DISA STIG for Red Hat Enterprise Linux 7 [CUSTOMIZED]</xccdf:title>
<xccdf:description xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US" override="true">This profile contains configuration checks that align to the
DISA STIG for Red Hat Enterprise Linux V3R7.
In addition to being applicable to Red Hat Enterprise Linux 7, DISA recognizes this
configuration baseline as applicable to the operating system tier of
Red Hat technologies that are based on Red Hat Enterprise Linux 7, such as:
- Red Hat Enterprise Linux Server
- Red Hat Enterprise Linux Workstation and Desktop
- Red Hat Enterprise Linux for HPC
- Red Hat Storage
- Red Hat Containers with a Red Hat Enterprise Linux 7 image</xccdf:description>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_rpm_verify_ownership" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_aide_use_fips_hashes" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_aide_verify_acls" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_aide_verify_ext_attributes" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_install_antivirus" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_agent_mfetpd_running" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_package_mcafeetp_installed" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_mcafee_endpoint_security_software" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_mcafee_security_software" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_endpoint_security_software" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_partition_for_home" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_partition_for_var" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_partition_for_tmp" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_partition_for_var_log_audit" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_disk_partitioning" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_sudo_remove_nopasswd" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny_root" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_interval" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_install_smartcard_packages" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_smartcard_auth" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_account_disable_post_pw_expiration" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_account_expiration" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_accounts_authorized_local_users" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_grub2_admin_username" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_grub2_password" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_service_firewalld_enabled" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_firewalld_activation" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_configure_firewalld_ports" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_set_firewalld_default_zone" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_ruleset_modifications" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_network-firewalld" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_network_configure_name_resolution" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_mount_option_home_nosuid" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_postfix_prevent_unrestricted_relay" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_postfix_server_relay" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_postfix_server_cfg" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_postfix_harden_os" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_mail" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_chronyd_or_ntpd_set_maxpoll" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_ntp" selected="false"/>
</xccdf:Profile>
</xccdf:Tailoring>

1562
satellite/files/ssg-rhel8-ds-tailoring-stig-gui.xml Normal file
View File

File diff suppressed because it is too large Load Diff

22
satellite/host_vars/satellite.example.com/activation_keys.yml Normal file
View File

@@ -0,0 +1,22 @@
---
satellite_activation_keys:
# Red Hat Enterprise Linux 7
- name: "RHEL7_Dev"
lifecycle_environment: "RHEL7_Dev"
content_view: "RHEL7"
- name: "RHEL7_QA"
lifecycle_environment: "RHEL7_QA"
content_view: "RHEL7"
- name: "RHEL7_Prod"
lifecycle_environment: "RHEL7_Prod"
content_view: "RHEL7"
# Red Hat Enterprise Linux 8
- name: "RHEL8_Dev"
lifecycle_environment: "RHEL8_Dev"
content_view: "RHEL8"
- name: "RHEL8_QA"
lifecycle_environment: "RHEL8_QA"
content_view: "RHEL8"
- name: "RHEL8_Prod"
lifecycle_environment: "RHEL8_Prod"
content_view: "RHEL8"

29
satellite/host_vars/satellite.example.com/content_views.yml Normal file
View File

@@ -0,0 +1,29 @@
---
satellite_content_views:
# Red Hat Enterprise Linux 7
- name: RHEL7
content_view: RHEL7
repositories:
- name: Red Hat Enterprise Linux 7 Server (RPMs)
basearch: x86_64
releasever: 7Server
product: 'Red Hat Enterprise Linux Server'
- name: Red Hat Enterprise Linux 7 Server - Extras (RPMs)
basearch: x86_64
product: 'Red Hat Enterprise Linux Server'
- name: Red Hat Satellite Tools 6.8 (for RHEL 7 Server) (RPMs)
basearch: x86_64
product: 'Red Hat Enterprise Linux Server'
# Red Hat Enterprise Linux 8
- name: RHEL8
content_view: RHEL8
content_view_update: true
repositories:
- name: Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs)
releasever: 8
product: Red Hat Enterprise Linux for x86_64
- name: Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs)
releasever: 8
product: Red Hat Enterprise Linux for x86_64
- name: Red Hat Satellite Tools 6.8 for RHEL 8 x86_64 (RPMs)
product: Red Hat Enterprise Linux for x86_64

3
satellite/host_vars/satellite.example.com/defaults.yml Normal file
View File

@@ -0,0 +1,3 @@
---
satellite_organization: "Default Organization"
satellite_validate_certs: false

16
satellite/host_vars/satellite.example.com/lifecycle_environments.yml Normal file
View File

@@ -0,0 +1,16 @@
---
satellite_lifecycle_environments:
# Red Hat Enterprise Linux 7
- name: "RHEL7_Dev"
prior: "Library"
- name: "RHEL7_QA"
prior: "RHEL7_Dev"
- name: "RHEL7_Prod"
prior: "RHEL7_QA"
# Red Hat Enterprise Linux 8
- name: "RHEL8_Dev"
prior: "Library"
- name: "RHEL8_QA"
prior: "RHEL8_Dev"
- name: "RHEL8_Prod"
prior: "RHEL8_QA"

17
satellite/satellite_promote.yml Normal file
View File

@@ -0,0 +1,17 @@
---
- hosts: localhost
connection: local
gather_facts: no
vars:
organization: Default Organization
lifecycle_environment: undef
current_lifecycle_environment: undef
content_view: undef
tasks:
- name: Promote Content View
redhat.satellite.content_view_version:
content_view: "{{ content_view }}"
organization: "{{ organization }}"
lifecycle_environments: "{{ lifecycle_environment }}"
current_lifecycle_environment: "{{ current_lifecycle_environment }}"

29
satellite/satellite_publish.yml Normal file
View File

@@ -0,0 +1,29 @@
---
- hosts: localhost
connection: local
gather_facts: no
vars:
content_view: undef
env: undef
organization: Default Organization
lifecycle_environment: "{{ content_view }}_{{ env }}"
publish_timeout: 14400
publish_retry_interval: 15
tasks:
- name: publish content view
redhat.satellite.content_view_version:
content_view: "{{ content_view }}"
organization: "{{ organization }}"
lifecycle_environments: "{{ lifecycle_environment }}"
# async: "{{ publish_timeout }}"
# poll: 0
# register: publish_async
# - name: check if content view is finished
# async_status:
# jid: "{{ publish_async.ansible_job_id }}"
# register: job_result
# until: job_result.finished
# retries: "{{ ( publish_timeout / publish_retry_interval ) | int }}"
# delay: "{{ publish_retry_interval }}"

16
satellite/server_openscap.yml Normal file
View File

@@ -0,0 +1,16 @@
---
- hosts: "{{ HOSTS }}"
become: yes
vars:
policy_name: all
roles:
- demo.satellite.scap_client
tasks:
- name: Randomized startup delay...
pause: seconds="{{ 5 | random }}"
- name: "Run SCAP Scan"
shell: "/usr/bin/foreman_scap_client {{ item.id }}"
loop: "{{ policy }}"
when: policy_scan == 'all' or item.name in policy_scan

8
satellite/server_register.yml Normal file
View File

@@ -0,0 +1,8 @@
---
- hosts: "{{ HOSTS }}"
become: yes
vars:
# env: undef
satellite_url: "{{ lookup('ansible.builtin.env', 'SATELLITE_SERVER') }}"
roles:
- demo.satellite.register_host

275
satellite/setup.yml Normal file
View File

@@ -0,0 +1,275 @@
user_message:
controller_components:
- credential_types
- credentials
- inventory_sources
- job_templates
- job_launch
# - workflow_job_templates
controller_credential_types:
- name: Satellite Collection
kind: cloud
inputs:
fields:
- id: username
type: string
label: Satellite Username
- id: password
type: string
label: Satellite Password
secret: true
- id: host
type: string
label: Satellite Hostname
required:
- username
- password
- host
injectors:
env:
SATELLITE_SERVER: "{% raw %}{ { host }}{% endraw %}"
SATELLITE_USERNAME: "{% raw %}{ { username }}{% endraw %}"
SATELLITE_PASSWORD: "{% raw %}{ { password }}{% endraw %}"
SATELLITE_VALIDATE_CERTS: 'false'
controller_credentials:
- name: Satellite Inventory
credential_type: Red Hat Satellite 6
organization: Default
inputs:
host: https://satellite.example.com
username: admin
password: ansible123!
- name: Satellite Credential
credential_type: Satellite Collection
organization: Default
inputs:
host: https://satellite.example.com
username: admin
password: ansible123!
controller_inventory_sources:
- name: Satellite Inventory
inventory: Workshop Inventory
credential: Satellite Inventory
source: satellite6
update_on_launch: false
execution_environment: Control Plane Execution Environment
overwrite: true
source_vars:
hostnames:
- name.split('.')[0]
groups:
patch_bugs: foreman_content_facet_attributes.errata_counts.bugfix
patch_enhancements: foreman_content_facet_attributes.errata_counts.enhancement
patch_security: foreman_content_facet_attributes.errata_counts.security
keyed_groups:
- prefix: env
key: foreman_content_facet_attributes.lifecycle_environment_name
- prefix: cv
key: foreman_content_facet_attributes.content_view_name
- prefix: os
key: foreman_operatingsystem_name
- prefix: scap
key: foreman_compliance_status_label
validate_certs: no
controller_templates:
- name: LINUX / Register with Satellite
project: Ansible official demo project
playbook: satellite/server_register.yml
inventory: Workshop Inventory
notification_templates_started: Telemetry
notification_templates_success: Telemetry
notification_templates_error: Telemetry
credentials:
- Workshop Credential
- Satellite Credential
extra_vars:
org_id: "Default_Organization"
survey_enabled: true
survey:
name: ''
description: ''
spec:
- question_name: Server Name or Pattern
type: text
variable: HOSTS
required: false
- question_name: Choose Environment
type: multiplechoice
variable: env
choices:
- Dev
- QA
- Prod
required: true
- name: LINUX / Compliance Scan with Satellite
project: Ansible official demo project
playbook: satellite/server_openscap.yml
inventory: Workshop Inventory
execution_environment: Ansible Engine 2.9 execution environment
notification_templates_started: Telemetry
notification_templates_success: Telemetry
notification_templates_error: Telemetry
credentials:
- Satellite Credential
- Workshop Credential
extra_vars:
policy_scan: all
survey_enabled: true
survey:
name: ''
description: ''
spec:
- question_name: Server Name or Pattern
type: text
variable: HOSTS
required: false
- name: SATELLITE / Publish Content View Version
project: Ansible official demo project
playbook: satellite/satellite_publish.yml
inventory: Workshop Inventory
notification_templates_started: Telemetry
notification_templates_success: Telemetry
notification_templates_error: Telemetry
credentials:
- Satellite Credential
extra_vars:
env: Dev
survey_enabled: true
survey:
name: ''
description: ''
spec:
- question_name: Select Content View
variable: content_view
type: multiplechoice
choices: "{{ satellite_content_views | selectattr('name', 'match', '^RHEL.*$') | map(attribute='name') | list}}"
required: true
- name: SATELLITE / Promote Content View Version
project: Ansible official demo project
playbook: satellite/satellite_promote.yml
inventory: Workshop Inventory
notification_templates_started: Telemetry
notification_templates_success: Telemetry
notification_templates_error: Telemetry
credentials:
- Satellite Credential
survey_enabled: true
survey:
name: ''
description: ''
spec:
- question_name: Select Content View
variable: content_view
type: multiplechoice
choices: "{{ satellite_content_views | selectattr('name', 'match', '^RHEL.*$') | map(attribute='name') | list}}"
required: true
- question_name: Current Lifecycle Environment
variable: current_lifecycle_environment
type: multiplechoice
choices: "{{ satellite_lifecycle_environments | selectattr('name', 'match', '^RHEL.*$') | map(attribute='name') | list}}"
required: true
- question_name: Next Lifecycle Environment
variable: lifecycle_environment
type: multiplechoice
choices: "{{ satellite_lifecycle_environments | selectattr('name', 'match', '^RHEL.*$') | map(attribute='name') | list}}"
required: true
- name: SETUP / Satellite
project: Ansible official demo project
playbook: satellite/setup_satellite.yml
inventory: Workshop Inventory
notification_templates_started: Telemetry
notification_templates_success: Telemetry
notification_templates_error: Telemetry
credentials:
- Satellite Credential
controller_launch_jobs:
- name: SETUP
wait: false
extra_vars:
demo: linux
- name: SETUP / Satellite
wait: false
#######################
### Satellite Vars ###
######################
satellite_components:
- content_views
#- content_view_publish
- lifecycle_environments
- activation_keys
satellite_organization: "Default Organization"
satellite_validate_certs: false
satellite_content_views:
# Red Hat Enterprise Linux 7
- name: RHEL7
content_view: RHEL7
repositories:
- name: Red Hat Enterprise Linux 7 Server RPMs x86_64 7Server
product: 'Red Hat Enterprise Linux Server'
- name: Red Hat Enterprise Linux 7 Server - Extras RPMs x86_64
product: 'Red Hat Enterprise Linux Server'
- name: Red Hat Satellite Client 6 for RHEL 7 Server RPMs x86_64
product: 'Red Hat Enterprise Linux Server'
# Red Hat Enterprise Linux 8
- name: RHEL8
content_view: RHEL8
repositories:
- name: Red Hat Enterprise Linux 8 for x86_64 - BaseOS RPMs 8
product: Red Hat Enterprise Linux for x86_64
- name: Red Hat Enterprise Linux 8 for x86_64 - AppStream RPMs 8
product: Red Hat Enterprise Linux for x86_64
- name: Red Hat Satellite Client 6 for RHEL 8 x86_64 RPMs
product: Red Hat Enterprise Linux for x86_64
satellite_lifecycle_environments:
# Red Hat Enterprise Linux 7
- name: "RHEL7_Dev"
prior: "Library"
- name: "RHEL7_QA"
prior: "RHEL7_Dev"
- name: "RHEL7_Prod"
prior: "RHEL7_QA"
# Red Hat Enterprise Linux 8
- name: "RHEL8_Dev"
prior: "Library"
- name: "RHEL8_QA"
prior: "RHEL8_Dev"
- name: "RHEL8_Prod"
prior: "RHEL8_QA"
satellite_activation_keys:
# Red Hat Enterprise Linux 7
- name: "RHEL7_Dev"
lifecycle_environment: "RHEL7_Dev"
content_view: "RHEL7"
- name: "RHEL7_QA"
lifecycle_environment: "RHEL7_QA"
content_view: "RHEL7"
- name: "RHEL7_Prod"
lifecycle_environment: "RHEL7_Prod"
content_view: "RHEL7"
# Red Hat Enterprise Linux 8
- name: "RHEL8_Dev"
lifecycle_environment: "RHEL8_Dev"
content_view: "RHEL8"
- name: "RHEL8_QA"
lifecycle_environment: "RHEL8_QA"
content_view: "RHEL8"
- name: "RHEL8_Prod"
lifecycle_environment: "RHEL8_Prod"
content_view: "RHEL8"

54
satellite/setup_satellite.yml Normal file
View File

@@ -0,0 +1,54 @@
---
- hosts: localhost
gather_facts: no
vars_files: setup.yml
vars:
refresh_satellite_manifest: true
tasks:
- name: refresh manifest
redhat.satellite.subscription_manifest:
organization: "Default Organization"
state: refreshed
when: refresh_satellite_manifest
- name: Setup CV
include_role:
name: redhat.satellite.content_views
- name: Publish CV
include_role:
name: redhat.satellite.content_view_publish
vars:
satellite_content_views:
- RHEL7
- RHEL8
- name: Setup Lifecycle Environment
include_role:
name: redhat.satellite.lifecycle_environments
- name: redhat.satellite.content_view_publish CV
redhat.satellite.content_view_version:
organization: "{{ satellite_organization }}"
content_view: "{{ item }}"
lifecycle_environments:
- "{{ item }}_Dev"
- "{{ item }}_QA"
- "{{ item }}_Prod"
loop:
- RHEL7
- RHEL8
- name: Setup activation_keys
include_role:
name: redhat.satellite.activation_keys
- name: Add SCAP Tailoring File
redhat.satellite.scap_tailoring_file:
name: RHEL7_STIG
organizations: "{{ satellite_organization }}"
scap_file: "{{ item }}"
loop:
- files/ssg-rhel7-ds-tailoring.xml
- files/ssg-rhel8-ds-tailoring-stig-gui.xml

8
setup_demo.yml
View File

@@ -13,6 +13,12 @@
- notification_templates
- job_templates
- settings
controller_execution_environments:
- name: product-demos
image: http://quay.io/acme_corp/product-demos-ee:latest
controller_organizations:
- name: Default
default_environment: product-demos
controller_notifications:
- name: Telemetry
organization: Default
@@ -22,7 +28,7 @@
http_method: POST
headers: {}
controller_templates:
- name: "FEEDBACK"
- name: "SUBMIT FEEDBACK"
job_type: run
inventory: "Workshop Inventory"
project: "Ansible official demo project"

1
windows/create_ad_domain.yml
View File

@@ -4,7 +4,6 @@
gather_facts: false
tasks:
- name: Set Local Admin Password
ansible.windows.win_user:
name: Administrator