I’m having a bit of trouble wrapping my head around Foreman/Ansible. We currently have an AWX instance stood up, and I know I can import inventories from Foreman into AWX. What I would also like to do though is import the job templates that I have defined in AWX into foreman. Is that possible? I poked around in the various ansible and job options in foreman and if it is, the way to do it is not jumping out at me. I also have all of the playbooks stored in a git repo which is how I get them into AWX. If I can’t get them into foreman from AWX, is there a way to pull the playbooks in directly from GIT?
And a related question, assuming I have playbook jobs defined in Foreman, can I schedule them to run on a group of machines, and then if a machine is offline at a given time, will it eventually pick up the job? This is my biggest concern going from something like Spacewalk that made sure jobs would be picked up the next time a client phoned home. Want to make sure I can do that with Foreman/Ansible as well. I know that simply using ansible doesn’t meet that need.
I apologise in advance if this is a redundant post, just want to tease out some different parts.
So, from what I gather, you’ve an AWX instance and are investigating if Foreman is worth your while? The main scenario that is concerning you is running remote jobs?
I’m unsure whether you’ve seen it already, but we’ve a guide here for Foreman/AWX integration. This would be the first piece:
We have both AWX and Foreman/Katello. Right now, we are using the latter for inventory/patch management but in the past, we used Spacewalk. That part works great, but the configuration management piece of Spacewalk is what I’m trying to replicate with Foreman. I kind of have an idea of how to do this with ansible roles/playbooks and the associated files that need to be managed, but the main piece I am concerned about is making sure hosts that aren’t online when a job is executed will pick up the job when they come online, i.e. laptops that may be offline or not VPN’d in.
Thank you for the links, I will take a look through those. I have seen the documents about integrating AWX, and I do currently sync my foreman hosts into my AWX inventory. However, I also would like to go the other way around and get my AWX jobs into foreman so I can use them when scheduling jobs through the Foreman hosts UI. I had not seen that piece before regarding executing the callback, but from the documentation, that sounds like its designed to be used during kickstart/provisioning and not ongoing operations?
Example scenario for you, I have a file on all my linux hosts that specifies credentials for a service account. Each time those credentials change, I need all my hosts to get the new config. In spacewalk, I would update the config file and then schedule a file deployment on all machines, and any that were online would get it right away, those that weren’t would pick up the job the next time they came online. I have this converted to a playbook, and I update the file in git each time it needs to be changed, but what would be the easiest and most efficient way to make sure it runs on all the machines in my Foreman inventory?
I’ve never really used AWX, so take this with a grain of salt, but I don’t think there’s currently a way to do this.
If I can’t get them into foreman from AWX, is there a way to pull the playbooks in directly from GIT?
Foreman can import templates from a git repo, but they have to contain metadata in them, which I assume your playbooks currently don’t. However if you were willing to go the extra mile and have the metadata there, then you could consider your git repo the source of truth. @mcorr posted a link to the docs about it in a post above.
Currently no. When you run the job, it expects all the target hosts to be online. If they are down, the job is marked as failed for them, just as if you run ansible from the commandline. We are currently working on implementing a pull provider for remote execution, which would have this ability, however current plans are limited to it being “general script” (non-ansible) only.
Wish I had a solution for you, but I’m currently not aware of any official one. This might get better in the future with the remote execution pull provider, but it probably still wouldn’t exactly what you expect.
You could always use puppet which should be able to handle this scenario pretty well, but that’s up for you to decide if you want to go down that route.
Maybe it would also make sense to have a look at Application Centric Deployment Guide and the foreman_acd plugin which is able to deploy applications and run ansible playbooks.
I’d be also interested in reasons behind the move from AWX → Foreman. I think Foreman with Katello does a good job when it comes to the patching, but I wonder how did you compared the two. Also what you do today with playbooks could likely be achieved with other, Foreman native, mechanisms. E.g. katello-agent, remote execution functionality, default Foreman playbooks and in a near future the afformentioned pull provider.
Thanks everyone. Im kind of bummed, not sure how or why but I thought for sure managing hosts with Foreman/Katello would give me the ability to ensure that playbooks are run on hosts that miss jobs for whatever reason. I think the Puppet modules would give me what I am looking for, but I was hoping to avoid learning and managing another significant component.
Am I missing something though? I feel like this is a pretty common need amongst IT folks, that is the ability to execute a job that needs to run on every machine including systems that are offline or unreachable at a given time. With Spacewalk, rhn_check would run by default every 4 hours and if OSAD/Jabber was configured, they would pick up jobs instantly as soon as they came back online. Spacewalk has been EoL for a while now though, and even though OSAD wasn’t the most reliable mechanism, it worked reasonably well and it wasn’t a heavy lift to set up or require learning how to use Puppet or anything else. Foreman/Katello does a great job of inventory/patch management and Ansible is super powerful for provisioning and initial configuration, but there seems to be a gap for the ongoing lifecycle management unless you also use Puppet.
We’re improving the Ansbile integration so you could use it for the regular runs. It won’t support systems that are offline though. That’s something the pull provider could support in future but it’s not ready yet. However if you’re searching for something now, Puppet can help, since it’s triggered from the target machine (when it’s on). Foreman has also integration with Salt and Chef. These are the tranditional on-going configuration management tools you can pick from.
