Satellite registration playbook example

satellite.yml

---
# vim: ts=2 sw=2 ai expandtab

- name: Register to Satellite
  hosts: "{{ workflow_hosts | default('all') }}"
  connection: smart
  gather_facts: true
  become: true
  vars_files:
    - satellite_credentials.yml
  vars:
    foreman_user: root
  tasks:
    - assert:
        that:
          - ansible_distribution == "RedHat"
        fail_msg: "System can not be registered to Satellite"
        success_msg: "System will be registered"

    - name: test if system is registered
      command: subscription-manager identity
      register: registration
      failed_when: false
      changed_when:
        - registration.rc != 0

    - name: Find org and location id
      theforeman.foreman.organization_info:
        username: "{{ satellite_username }}"
        password: "{{ satellite_password }}"
        server_url: "https://{{ satellite_url }}"
        name: "{{ satellite_org }}"
        validate_certs: false
      register: orgdata
      delegate_to: localhost
      when: registration is changed
      become: false

    - name: extract location id
      set_fact:
        locdata: "{{ orgdata.organization.locations | selectattr('name', 'eq', satellite_location) | last }}"
        orgdata: "{{ orgdata.organization }}"
      when: registration is changed

    - debug:
        var: tmp
      vars:
        tmp:
          locid: "{{ locdata.id }}"
          orgid: "{{ orgdata.id }}"
      when: registration is changed

    - assert:
        that:
          - locdata and orgdata
          - "'id' in locdata"
          - "'id' in orgdata"
          - locdata.id and orgdata.id
      when: registration is changed

    - name: extract registration script
      ansible.builtin.uri:
        url: "https://{{ satellite_url }}/api/registration_commands"
        return_content: true
        body_format: json
        user: "{{ satellite_username }}"
        password: "{{ satellite_password }}"
        method: POST
        force_basic_auth: true
        validate_certs: false
        body:
          location_id: "{{ locdata.id }}"
          organization_id: "{{ orgdata.id }}"
          registration_command:
            location_id: "{{ locdata.id }}"
            organization_id: "{{ orgdata.id }}"
            setup_insights: 1
            setup_remote_execution: 1
            jwt_expiration: 1
            insecure: 1
            activation_key: "{{ satellite_activation_key }}"
      register: regcmd
      delegate_to: localhost
      when: registration is changed
      become: false

    - debug:
        var: regcmd.json.registration_command
      when: registration is changed

    - name: Write satellite registration
      ansible.builtin.copy:
        dest: /root/register.sh
        content: |
          #!/bin/bash
          {{ regcmd.json.registration_command }}
        mode: '0755'
        owner: root
        group: root
      when: registration is changed

    - name: run registration
      command: /root/register.sh
      when: registration is changed

    - name: add foreman sshkey to foreman_user
      ansible.posix.authorized_key:
        user: "{{ foreman_user }}"
        state: present
        key: "https://{{ satellite_url }}:9090/ssh/pubkey"

    - name: add hosts to satellite inventory variable
      set_stats:
        data:
          workflow_hosts: "{{ ansible_play_hosts }}"
      run_once: true

satellite_credentials.yml

---
# make sure to encrypt this with "ansible-vault encrypt satellite_credentials.yml"
satellite_username: admin
satellite_password: secret_password