Automating Foreman/Katello with ansible

To take a quote of @Thulium-Drake here

Manual configs are only useful if you’re still figuring out how to automate it but in the long run, even the time you invested in automation will return itself more then once.

While I understand the benefits, to me, there’s the problem that when you start with foreman/katello/puppet/ansible and you are not already well-versed in ansible, you’ll start with the things at hand and not setting up a complex infrastructure which would allow you to install and configure the whole ecosystem automatically. I have moved from spacewalk, so my first interest was foreman/katello. Later I included puppet, mostly, because it came with foreman.

Of course, it was all manual configuration from the beginning, because I have tried to figure out how it works and what is a reasonable setup, in particular in regard to katello products, repositories, content views, life cycles etc… There are various ways how to organize it and no clear path what’s the best approach let alone what suits you best…

So yes, it’s manual. And by now, I have a system I like and understand. But it’s only manual configuration. Automation of foreman sounds like a very good idea, e.g. to quickly set up a test environment. But getting my current system automated with ansible, in particular as I am a complete ansible newbie??

Just for the content management alone I currently have 29 products with 120 repositories. And then lots of subnets, classes, parameters, activation keys, repositories sets, and on top of that a few host group or host dependent manual configurations. Only thinking about the amount of work to get all this information into ansible causes me headache…

Now, to come to my point: if there was a tool which would generate the ansible playbook(s) to automate my current configuration, that would be a huge leap. A tool which I could tell, write up my 29 products and 120 repos so that I can regenerate that, if necessary. That would be extremely helpful. I would have lots of examples how to add more if I need it. With that tool I could generate part after part and eventually have everything together…

So to me, that kind of tool is currently missing and keeps me from really going for automating foreman/katello with ansible, because right now, I don’t want to copy all that information together into an ansible playbook. That would just feel like a huge waste of my time…

I honestly have no idea if this was possible or how much effort it would be to create a tool like this. But I would be very grateful if I had something like that, because without it, I am not sure if I will ever tackle this… Or am I naive to hope for something like this?

o/

You make a very valid point, automation is worth it’s weight in gold, but at the same time, it’s also hard, as it requires knowledge on multiple fronts at the same time.

Perhaps it’s useful to share how I did it (I wrote https://github.com/Thulium-Drake/ansible-role-foreman). Before starting with this role, I had little experience with Satellite/Foreman, as I just wrapped up my first contracting assignment where it was ‘part of the job’. But it did pique my interest and I started studying up on it. And I’ve been using Ansible for a longer period.

Then the next assignment came up, a new client wanted a green field deployment of Foreman and wanted us to try and make it as “Infrastructure as Code” as possible. Coincidentally the Foreman Ansible Modules were released. So I started trying to look at the different tasks I did to manually configure a Foreman server. And I started out really basic, installing it by literally implementing the installation guide. And from that, over time, grew what now is a (for my usecases a role that automatically rolls out Foreman for me).

As I mentioned, this role works for me, because it aligns to what I want from a Foreman installation, but if you decide to build a new Foreman server, you could take the same approach. And you don’t have to make it into a (more or less) dynamic role, a playbook is also a valid form of automation. Even implementing your current working instructions (or replicating the existing situation) in a playbook is in my book already an improvement to doing it by hand.

And because you have a playbook then, you can then make as many Foreman servers as you need to refine it, test it, improve it etc.

Hope this helps

Yes. I know that. If I ever wanted to create a new foreman installation from scratch, I would use that approach. But thing is: I have a running installation which works fine for me. I don’t want to set up a new installation. I don’t think that my current installation is so bad that I would make a radically different new installation. I don’t need multiple installations either. And unless there is no way of migrating an existing installation/configuration from EL7 to EL8 I don’t see it on the horizon anytime soon.

So adding ansible automation would be right now to recreate everything in ansible what I have already set up, configured and running in my current installation. So basically, I would set up an ansible playbook which should do nothing on my current installation, because everything is already the way it’s supposed.

But only thinking of those 120+ repositories makes me wonder why there is no helper tool which would generate an ansible playbook from my current setup. Because that’s what puts me off at the moment to rewrite all my 120+ repos and everything else into an ansible playbook. Basically writing scripts for each type of configuration to generate those parts from hammer output, hoping to include everything which is necessary and everything which I may have changed (e.g. that mirror on sync setting on the EPEL repository)

I would like a tool that writes down the organizations, locations, subscriptions, products, repositories, content views, subnets, domains, proxies, classes, parameters, … into an playbook. If that tool takes into accounts default settings (which can be omitted I guess), it would be able to generate a pretty good, condensed form of the current setup in ansible.

I wouldn’t have to begin from scratch with my very limited ansible knowledge. I could go through the generated output and review it and continue from that…

There is no such tool, because nobody had the time to sit down and write one.

I know of one attempt (sync-satellite-org) which tries to do something like that by using the *_info modules to extract information, put them into a big YAML and then iterate over this creating new stuff. But it hasn’t been touched since a while (2019) and our Ansible modules evolved quite a lot since then.

Yes. I know. That’s why I started this topic. And as it’s holiday season, may I wish for one, please…