Merge of RedHatGov/product-demos (#56)

Co-authored-by: MKletz <michael.kletz.27@gmail.com> Co-authored-by: Ajay Chenampara <ajay.chenampara@gmail.com> Co-authored-by: dlemons-redhat <69318976+dlemons-redhat@users.noreply.github.com> Co-authored-by: Nicolas Leiva <nicolasleiva@gmail.com> Co-authored-by: benblasco <42140583+benblasco@users.noreply.github.com> Co-authored-by: Benjamin Blasco <bblasco@redhat.com> Co-authored-by: calvingsmith <4283930+calvingsmith@users.noreply.github.com> Co-authored-by: Calvin Smith <calvingsmith@users.noreply.github.com> Co-authored-by: Hicham Mourad <43329991+HichamMourad@users.noreply.github.com>
2023-03-17 09:07:02 -04:00
parent 8acff9c9b1
commit c18a206499
279 changed files with 5191 additions and 4649 deletions
--- a/satellite/README.md
+++ b/satellite/README.md
@@ -0,0 +1,27 @@
+# Satellite Demos
+
+## Table of Contents
+- [Satellite Demos](#satellite-demos)
+  - [Table of Contents](#table-of-contents)
+  - [About These Demos](#about-these-demos)
+    - [Jobs](#jobs)
+    - [Inventory](#inventory)
+  - [Suggested Usage](#suggested-usage)
+
+## About These Demos
+This category of demos shows examples of linux operations and management with Ansible Automation Platform and Red Hat Satellite Server. The list of demos can be found below. See the [Suggested Usage](#suggested-usage) section of this document for recommendations on how to best use these demos.
+
+### Jobs
+- [**LINUX / Register with Satellite**](server_register.yml) - Register a RHEL server with Red Hat Satellite.
+- [**LINUX / Compliance Scan with Satellite**](server_openscap.yml) - Run OpenSCAP scan and report to Satellite.
+- [**SATELLITE / Publish Content View Version**](satellite_publish.yml) - Publish a new version of a content view.
+- [**SATELLITE / Promote Content View Version**](satellite_promote.yml) - Promote a content view version to the next lifecycle environment.
+
+### Inventory
+
+A dymanic inventory is created to pull inventory hosts from Red Hat Satellite. Groups will automatically be created
+
+## Suggested Usage
+**Linux / Register with Satellite** - Register a server with Red Hat Satellite using an activation key in the format `RHEL<major version>_<environment>`.
+
+**SATELLITE / Publish Content View Version** - Publish a new version of a content view to start a patching process. By default this will publish the version and promote to the 'Dev' environment.
--- a/satellite/files/ssg-rhel7-ds-tailoring.xml
+++ b/satellite/files/ssg-rhel7-ds-tailoring.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xccdf:Tailoring xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2" id="xccdf_scap-workbench_tailoring_default">
+  <xccdf:benchmark href="/tmp/scap-workbench-iwLkek/ssg-rhel7-ds.xml"/>
+  <xccdf:version time="2022-07-21T09:19:44">1</xccdf:version>
+  <xccdf:Profile id="xccdf_org.ssgproject.content_profile_stig_customized" extends="xccdf_org.ssgproject.content_profile_stig">
+    <xccdf:title xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US" override="true">DISA STIG for Red Hat Enterprise Linux 7 [CUSTOMIZED]</xccdf:title>
+    <xccdf:description xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US" override="true">This profile contains configuration checks that align to the
+DISA STIG for Red Hat Enterprise Linux V3R7.
+
+In addition to being applicable to Red Hat Enterprise Linux 7, DISA recognizes this
+configuration baseline as applicable to the operating system tier of
+Red Hat technologies that are based on Red Hat Enterprise Linux 7, such as:
+
+- Red Hat Enterprise Linux Server
+- Red Hat Enterprise Linux Workstation and Desktop
+- Red Hat Enterprise Linux for HPC
+- Red Hat Storage
+- Red Hat Containers with a Red Hat Enterprise Linux 7 image</xccdf:description>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_rpm_verify_ownership" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_aide_use_fips_hashes" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_aide_verify_acls" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_aide_verify_ext_attributes" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_install_antivirus" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_agent_mfetpd_running" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_package_mcafeetp_installed" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_group_mcafee_endpoint_security_software" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_group_mcafee_security_software" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_group_endpoint_security_software" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_partition_for_home" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_partition_for_var" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_partition_for_tmp" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_partition_for_var_log_audit" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_group_disk_partitioning" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_sudo_remove_nopasswd" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny_root" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_interval" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_install_smartcard_packages" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_smartcard_auth" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_account_disable_post_pw_expiration" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_group_account_expiration" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_accounts_authorized_local_users" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_grub2_admin_username" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_grub2_password" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_service_firewalld_enabled" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_group_firewalld_activation" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_configure_firewalld_ports" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_set_firewalld_default_zone" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_group_ruleset_modifications" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_group_network-firewalld" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_network_configure_name_resolution" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_mount_option_home_nosuid" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_postfix_prevent_unrestricted_relay" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_group_postfix_server_relay" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_group_postfix_server_cfg" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_group_postfix_harden_os" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_group_mail" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_chronyd_or_ntpd_set_maxpoll" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_group_ntp" selected="false"/>
+  </xccdf:Profile>
+</xccdf:Tailoring>
--- a/satellite/files/ssg-rhel8-ds-tailoring-stig-gui.xml
+++ b/satellite/files/ssg-rhel8-ds-tailoring-stig-gui.xml
--- a/satellite/host_vars/satellite.example.com/activation_keys.yml
+++ b/satellite/host_vars/satellite.example.com/activation_keys.yml
@@ -0,0 +1,22 @@
+---
+satellite_activation_keys:
+  # Red Hat Enterprise Linux 7
+  - name: "RHEL7_Dev"
+    lifecycle_environment: "RHEL7_Dev"
+    content_view: "RHEL7"
+  - name: "RHEL7_QA"
+    lifecycle_environment: "RHEL7_QA"
+    content_view: "RHEL7"
+  - name: "RHEL7_Prod"
+    lifecycle_environment: "RHEL7_Prod"
+    content_view: "RHEL7"
+  # Red Hat Enterprise Linux 8
+  - name: "RHEL8_Dev"
+    lifecycle_environment: "RHEL8_Dev"
+    content_view: "RHEL8"
+  - name: "RHEL8_QA"
+    lifecycle_environment: "RHEL8_QA"
+    content_view: "RHEL8"
+  - name: "RHEL8_Prod"
+    lifecycle_environment: "RHEL8_Prod"
+    content_view: "RHEL8"
--- a/satellite/host_vars/satellite.example.com/content_views.yml
+++ b/satellite/host_vars/satellite.example.com/content_views.yml
@@ -0,0 +1,29 @@
+---
+satellite_content_views:
+  # Red Hat Enterprise Linux 7
+  - name: RHEL7
+    content_view: RHEL7
+    repositories:
+      - name: Red Hat Enterprise Linux 7 Server (RPMs)
+        basearch: x86_64
+        releasever: 7Server
+        product: 'Red Hat Enterprise Linux Server'
+      - name: Red Hat Enterprise Linux 7 Server - Extras (RPMs)
+        basearch: x86_64
+        product: 'Red Hat Enterprise Linux Server'
+      - name: Red Hat Satellite Tools 6.8 (for RHEL 7 Server) (RPMs)
+        basearch: x86_64
+        product: 'Red Hat Enterprise Linux Server'
+  # Red Hat Enterprise Linux 8
+  - name: RHEL8
+    content_view: RHEL8
+    content_view_update: true
+    repositories:
+      - name: Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs)
+        releasever: 8
+        product: Red Hat Enterprise Linux for x86_64
+      - name: Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs)
+        releasever: 8
+        product: Red Hat Enterprise Linux for x86_64
+      - name: Red Hat Satellite Tools 6.8 for RHEL 8 x86_64 (RPMs)
+        product: Red Hat Enterprise Linux for x86_64
--- a/satellite/host_vars/satellite.example.com/defaults.yml
+++ b/satellite/host_vars/satellite.example.com/defaults.yml
@@ -0,0 +1,3 @@
+---
+satellite_organization: "Default Organization"
+satellite_validate_certs: false
--- a/satellite/host_vars/satellite.example.com/lifecycle_environments.yml
+++ b/satellite/host_vars/satellite.example.com/lifecycle_environments.yml
@@ -0,0 +1,16 @@
+---
+satellite_lifecycle_environments:
+  # Red Hat Enterprise Linux 7
+  - name: "RHEL7_Dev"
+    prior: "Library"
+  - name: "RHEL7_QA"
+    prior: "RHEL7_Dev"
+  - name: "RHEL7_Prod"
+    prior: "RHEL7_QA"
+  # Red Hat Enterprise Linux 8
+  - name: "RHEL8_Dev"
+    prior: "Library"
+  - name: "RHEL8_QA"
+    prior: "RHEL8_Dev"
+  - name: "RHEL8_Prod"
+    prior: "RHEL8_QA"
--- a/satellite/satellite_promote.yml
+++ b/satellite/satellite_promote.yml
@@ -0,0 +1,18 @@
+---
+- name: Promote content view version
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  vars:
+    organization: Default Organization
+    lifecycle_environment: undef
+    current_lifecycle_environment: undef
+    content_view: undef
+
+  tasks:
+    - name: Promote Content View # noqa: args[module] - required parameters provided with environment vars
+      redhat.satellite.content_view_version:
+        content_view: "{{ content_view }}"
+        organization: "{{ organization }}"
+        lifecycle_environments: "{{ lifecycle_environment }}"
+        current_lifecycle_environment: "{{ current_lifecycle_environment }}"
--- a/satellite/satellite_publish.yml
+++ b/satellite/satellite_publish.yml
@@ -0,0 +1,30 @@
+---
+- name: Publish content view version
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  vars:
+    content_view: undef
+    env: undef
+    organization: Default Organization
+    lifecycle_environment: "{{ content_view }}_{{ env }}"
+    publish_timeout: 14400
+    publish_retry_interval: 15
+
+  tasks:
+    - name: Publish content view # noqa: args[module] - required parameters provided with environment vars
+      redhat.satellite.content_view_version:
+        content_view: "{{ content_view }}"
+        organization: "{{ organization }}"
+        lifecycle_environments: "{{ lifecycle_environment }}"
+#    async: "{{ publish_timeout }}"
+#    poll: 0
+#    register: publish_async
+
+#  - name: check if content view is finished
+#    async_status:
+#      jid: "{{ publish_async.ansible_job_id }}"
+#    register: job_result
+#    until: job_result.finished
+#    retries: "{{ ( publish_timeout / publish_retry_interval ) | int }}"
+#   delay: "{{ publish_retry_interval }}"
--- a/satellite/server_openscap.yml
+++ b/satellite/server_openscap.yml
@@ -0,0 +1,20 @@
+---
+- name: Run openSCAP scan
+  hosts: "{{ _hosts | default(omit) }}"
+  become: true
+  vars:
+    policy_name: all
+  roles:
+    - demo.satellite.scap_client
+
+  tasks:
+    - name: Randomized startup delay...
+      ansible.builtin.pause:
+        seconds: "{{ 5 | random }}"
+
+    - name: Run SCAP Scan # noqa: no-changed-when - purpose is to run everytime
+      ansible.builtin.command: "/usr/bin/foreman_scap_client {{ item.id }}"
+      loop: "{{ policy }}"
+      when: policy_scan == 'all' or item.name in policy_scan
+      register: scap_cmd_output
+      failed_when: "'Error' in command_result.stderr"
--- a/satellite/server_register.yml
+++ b/satellite/server_register.yml
@@ -0,0 +1,9 @@
+---
+- name: Register host to Satellite
+  hosts: "{{ _hosts | default(omit) }}"
+  become: true
+  vars:
+    # env: undef
+    satellite_url: "{{ lookup('ansible.builtin.env', 'SATELLITE_SERVER') }}"
+  roles:
+    - demo.satellite.register_host
--- a/satellite/setup.yml
+++ b/satellite/setup.yml
@@ -0,0 +1,334 @@
+user_message:
+
+controller_components:
+  - credential_types
+  - credentials
+  - inventory_sources
+  - job_templates
+  - job_launch
+  - workflow_job_templates
+
+controller_credential_types:
+  - name: Satellite Collection
+    kind: cloud
+    inputs:
+      fields:
+        - id: username
+          type: string
+          label: Satellite Username
+        - id: password
+          type: string
+          label: Satellite Password
+          secret: true
+        - id: host
+          type: string
+          label: Satellite Hostname
+      required:
+        - username
+        - password
+        - host
+    injectors:
+      env:
+        SATELLITE_SERVER: "{% raw %}{  { host  }}{% endraw %}"
+        SATELLITE_USERNAME: "{% raw %}{  { username  }}{% endraw %}"
+        SATELLITE_PASSWORD: "{% raw %}{  { password  }}{% endraw %}"
+        SATELLITE_VALIDATE_CERTS: 'false'
+
+controller_credentials:
+  - name: Satellite Inventory
+    credential_type: Red Hat Satellite 6
+    organization: Default
+    inputs:
+      host: https://satellite.example.com
+      username: admin
+      password: ansible123!
+  - name: Satellite Credential
+    credential_type: Satellite Collection
+    organization: Default
+    inputs:
+      host: https://satellite.example.com
+      username: admin
+      password: ansible123!
+
+controller_inventory_sources:
+  - name: Satellite Inventory
+    inventory: Workshop Inventory
+    credential: Satellite Inventory
+    source: satellite6
+    update_on_launch: false
+    execution_environment: Control Plane Execution Environment
+    overwrite: true
+    source_vars:
+      hostnames:
+        - name.split('.')[0]
+      groups:
+        patch_bugs: foreman_content_attributes.errata_counts.bugfix
+        patch_enhancements: foreman_content_attributes.errata_counts.enhancement
+        patch_security: foreman_content_attributes.errata_counts.security
+      keyed_groups:
+        - prefix: env
+          key: foreman_content_attributes.lifecycle_environment_name
+        - prefix: cv
+          key: foreman_content_attributes.content_view_name
+        - prefix: os
+          key: foreman_operatingsystem_name
+        - prefix: scap
+          key: foreman_compliance_status_label
+      validate_certs: false
+      group_prefix: satellite_
+
+controller_templates:
+  - name: LINUX / Register with Satellite
+    project: Ansible official demo project
+    playbook: satellite/server_register.yml
+    inventory: Workshop Inventory
+    notification_templates_started: Telemetry
+    notification_templates_success: Telemetry
+    notification_templates_error: Telemetry
+    credentials:
+      - Workshop Credential
+      - Satellite Credential
+    extra_vars:
+      org_id: "Default_Organization"
+    survey_enabled: true
+    survey:
+      name: ''
+      description: ''
+      spec:
+        - question_name: Server Name or Pattern
+          type: text
+          variable: HOSTS
+          required: false
+        - question_name: Choose Environment
+          type: multiplechoice
+          variable: env
+          choices:
+            - Dev
+            - QA
+            - Prod
+          required: true
+
+  - name: LINUX / Compliance Scan with Satellite
+    project: Ansible official demo project
+    playbook: satellite/server_openscap.yml
+    inventory: Workshop Inventory
+    execution_environment: Ansible Engine 2.9 execution environment
+    notification_templates_started: Telemetry
+    notification_templates_success: Telemetry
+    notification_templates_error: Telemetry
+    credentials:
+      - Satellite Credential
+      - Workshop Credential
+    extra_vars:
+      policy_scan: all
+    survey_enabled: true
+    survey:
+      name: ''
+      description: ''
+      spec:
+        - question_name: Server Name or Pattern
+          type: text
+          variable: HOSTS
+          required: false
+
+  - name: SATELLITE / Publish Content View Version
+    project: Ansible official demo project
+    playbook: satellite/satellite_publish.yml
+    inventory: Workshop Inventory
+    notification_templates_started: Telemetry
+    notification_templates_success: Telemetry
+    notification_templates_error: Telemetry
+    credentials:
+      - Satellite Credential
+    extra_vars:
+      env: Dev
+    survey_enabled: true
+    survey:
+      name: ''
+      description: ''
+      spec:
+        - question_name: Select Content View
+          variable: content_view
+          type: multiplechoice
+          choices: "{{ satellite_content_views | selectattr('name', 'match', '^RHEL.*$') | map(attribute='name') | list}}"
+          required: true
+
+  - name: SATELLITE / Promote Content View Version
+    project: Ansible official demo project
+    playbook: satellite/satellite_promote.yml
+    inventory: Workshop Inventory
+    notification_templates_started: Telemetry
+    notification_templates_success: Telemetry
+    notification_templates_error: Telemetry
+    credentials:
+      - Satellite Credential
+    survey_enabled: true
+    survey:
+      name: ''
+      description: ''
+      spec:
+        - question_name: Select Content View
+          variable: content_view
+          type: multiplechoice
+          choices: "{{ satellite_content_views | selectattr('name', 'match', '^RHEL.*$') | map(attribute='name') | list}}"
+          required: true
+        - question_name: Current Lifecycle Environment
+          variable: current_lifecycle_environment
+          type: multiplechoice
+          choices: "{{ satellite_lifecycle_environments | selectattr('name', 'match', '^RHEL.*$') | map(attribute='name') | list}}"
+          required: true
+        - question_name: Next Lifecycle Environment
+          variable: lifecycle_environment
+          type: multiplechoice
+          choices: "{{ satellite_lifecycle_environments | selectattr('name', 'match', '^RHEL.*$') | map(attribute='name') | list}}"
+          required: true
+
+  - name: SETUP / Satellite
+    project: Ansible official demo project
+    playbook: satellite/setup_satellite.yml
+    inventory: Workshop Inventory
+    notification_templates_started: Telemetry
+    notification_templates_success: Telemetry
+    notification_templates_error: Telemetry
+    credentials:
+      - Satellite Credential
+
+controller_launch_jobs:
+  - name: SETUP
+    wait: false
+    extra_vars:
+      demo: linux
+
+  - name: SETUP / Satellite
+    wait: true
+
+controller_workflows:
+  - name: Patch Dev
+    description: A workflow to patch the dev environment
+    organization: Default
+    notification_templates_started: Telemetry
+    notification_templates_success: Telemetry
+    notification_templates_error: Telemetry
+    survey_enabled: true
+    survey:
+      name: ''
+      description: ''
+      spec:
+        - question_name: Email
+          type: text
+          variable: email
+          required: false
+    simplified_workflow_nodes:
+      - identifier: Update Inventory
+        unified_job_template: Satellite Inventory
+        success_nodes:
+          - Check for Updates
+      - identifier: Publish New Patches
+        unified_job_template: 'SATELLITE / Publish Content View Version'
+        extra_data:
+          content_view: RHEL8
+        success_nodes:
+          - Check for Updates
+      - identifier: Check for Updates
+        unified_job_template: 'LINUX / Patching'
+        job_type: check
+        extra_data:
+          HOSTS: env_RHEL8_Dev
+        all_parents_must_converge: true
+        success_nodes:
+          - Approve Patches
+        failure_nodes:
+          - Ticket - Update Check
+      - identifier: Ticket - Update Check
+        unified_job_template: 'SUBMIT FEEDBACK'
+        extra_data:
+          feedback: Failed to check for updates in RHEL8_Dev
+      - identifier: Approve Patches
+        approval_node:
+          name: Push patches to Dev?
+          description: Review the patch report before approving
+        success_nodes:
+          - Apply Patches
+      - identifier: Apply Patches
+        unified_job_template: 'LINUX / Patching'
+        job_type: run
+        extra_data:
+          HOSTS: env_RHEL8_Dev
+        failure_nodes:
+          - Ticket - Update Apply
+      - identifier: Ticket - Update Apply
+        unified_job_template: 'SUBMIT FEEDBACK'
+        extra_data:
+          feedback: Failed to apply updates to RHEL8_Dev
+
+#######################
+### Satellite Vars ###
+######################
+satellite_components:
+  - content_views
+  # - content_view_publish
+  - lifecycle_environments
+  - activation_keys
+
+satellite_organization: "Default Organization"
+satellite_validate_certs: false
+
+satellite_content_views:
+  # Red Hat Enterprise Linux 7
+  - name: RHEL7
+    content_view: RHEL7
+    repositories:
+      - name: Red Hat Enterprise Linux 7 Server RPMs x86_64 7Server
+        product: 'Red Hat Enterprise Linux Server'
+      - name: Red Hat Enterprise Linux 7 Server - Extras RPMs x86_64
+        product: 'Red Hat Enterprise Linux Server'
+      - name: Red Hat Satellite Client 6 for RHEL 7 Server RPMs x86_64
+        product: 'Red Hat Enterprise Linux Server'
+  # Red Hat Enterprise Linux 8
+  - name: RHEL8
+    content_view: RHEL8
+    repositories:
+      - name: Red Hat Enterprise Linux 8 for x86_64 - BaseOS RPMs 8
+        product: Red Hat Enterprise Linux for x86_64
+      - name: Red Hat Enterprise Linux 8 for x86_64 - AppStream RPMs 8
+        product: Red Hat Enterprise Linux for x86_64
+      - name: Red Hat Satellite Client 6 for RHEL 8 x86_64 RPMs
+        product: Red Hat Enterprise Linux for x86_64
+
+satellite_lifecycle_environments:
+  # Red Hat Enterprise Linux 7
+  - name: "RHEL7_Dev"
+    prior: "Library"
+  - name: "RHEL7_QA"
+    prior: "RHEL7_Dev"
+  - name: "RHEL7_Prod"
+    prior: "RHEL7_QA"
+  # Red Hat Enterprise Linux 8
+  - name: "RHEL8_Dev"
+    prior: "Library"
+  - name: "RHEL8_QA"
+    prior: "RHEL8_Dev"
+  - name: "RHEL8_Prod"
+    prior: "RHEL8_QA"
+
+satellite_activation_keys:
+  # Red Hat Enterprise Linux 7
+  - name: "RHEL7_Dev"
+    lifecycle_environment: "RHEL7_Dev"
+    content_view: "RHEL7"
+  - name: "RHEL7_QA"
+    lifecycle_environment: "RHEL7_QA"
+    content_view: "RHEL7"
+  - name: "RHEL7_Prod"
+    lifecycle_environment: "RHEL7_Prod"
+    content_view: "RHEL7"
+  # Red Hat Enterprise Linux 8
+  - name: "RHEL8_Dev"
+    lifecycle_environment: "RHEL8_Dev"
+    content_view: "RHEL8"
+  - name: "RHEL8_QA"
+    lifecycle_environment: "RHEL8_QA"
+    content_view: "RHEL8"
+  - name: "RHEL8_Prod"
+    lifecycle_environment: "RHEL8_Prod"
+    content_view: "RHEL8"
--- a/satellite/setup_satellite.yml
+++ b/satellite/setup_satellite.yml
@@ -0,0 +1,55 @@
+---
+- name: Setup satellite configuration
+  hosts: localhost
+  gather_facts: false
+  vars_files: setup.yml
+  vars:
+    refresh_satellite_manifest: true
+
+  tasks:
+    - name: Refresh manifest # noqa: args[module] - required parameters provided with environment vars
+      redhat.satellite.subscription_manifest:
+        organization: "Default Organization"
+        state: refreshed
+      when: refresh_satellite_manifest
+
+    - name: Setup CV
+      ansible.builtin.include_role:
+        name: redhat.satellite.content_views
+
+    - name: Publish CV
+      ansible.builtin.include_role:
+        name: redhat.satellite.content_view_publish
+      vars:
+        satellite_content_views:
+          - RHEL7
+          - RHEL8
+
+    - name: Setup Lifecycle Environment
+      ansible.builtin.include_role:
+        name: redhat.satellite.lifecycle_environments
+
+    - name: Content view publish # noqa: args[module] - required parameters provided with environment vars
+      redhat.satellite.content_view_version:
+        organization: "{{ satellite_organization }}"
+        content_view: "{{ item }}"
+        lifecycle_environments:
+          - "{{ item }}_Dev"
+          - "{{ item }}_QA"
+          - "{{ item }}_Prod"
+      loop:
+        - RHEL7
+        - RHEL8
+
+    - name: Setup activation_keys
+      ansible.builtin.include_role:
+        name: redhat.satellite.activation_keys
+
+    - name: Add SCAP Tailoring File # noqa: args[module] - required parameters provided with environment vars
+      redhat.satellite.scap_tailoring_file:
+        name: RHEL7_STIG
+        organizations: "{{ satellite_organization }}"
+        scap_file: "{{ item }}"
+      loop:
+        - files/ssg-rhel7-ds-tailoring.xml
+        - files/ssg-rhel8-ds-tailoring-stig-gui.xml