top of page
Recent Posts

How To Use Ansible roles for remote management From Satellite Server

Updated: Oct 3, 2021

As we can use Ansible roles for remote management in the target system from Satellite Server. And in terms of remote management, we can do OS Hardening, Configuration Management and so on using the Ansible playbook roles. let start with OS Hardening example.


Satellite Server Preparation:

Step:1 To verify the yum repository for the Red Hat Enterprise Linux System Roles.

# subscription-manager repos --enable=rhel-7-server-extras-rpms
or 
# yum repolist

Step:2 To install the rhel-system-roles package in the Satellite Server.

# satellite-maintain packages install rhel-system-roles
Note: It will take a while, and for more details regarding Red Hat Enterprise Linux System Roles: https://access.redhat.com/articles/3050101

Step:3 To download RHEL7 Hardening Ansible Playbook role, as below.

# cd  /usr/share/ansible/roles/
# git clone git@github.com:mh2ict/RHEL7-CIS.git
Cloning into 'RHEL7-CIS'...
remote: Enumerating objects: 43, done.
remote: Counting objects: 100% (43/43), done.
remote: Compressing objects: 100% (40/40), done.
remote: Total 958 (delta 6), reused 19 (delta 0), pack-reused 915
Receiving objects: 100% (958/958), 347.64 KiB | 218.00 KiB/s, done.
Resolving deltas: 100% (537/537), done.

# ls -la
::::::::::::: CUT SOME OUTPUT :::::::::::::
drwxr-xr-x.  9 root root  159 Aug  9 13:38 project-receptor.satellite_receptor_installer
drwxr-xr-x. 10 root root  175 Aug  9 13:38 RedHatInsights.insights-client
drwxr-xr-x. 14 root root 4096 Aug 12 06:36 RHEL7-CIS
drwxr-xr-x.  9 root root  137 Aug 12 05:58 rhel-system-roles.kdump
drwxr-xr-x.  9 root root 4096 Aug 12 05:58 rhel-system-roles.network
drwxr-xr-x.  6 root root   95 Aug 12 05:58 rhel-system-roles.postfix
drwxr-xr-x.  8 root root  119 Aug 12 05:58 rhel-system-roles.selinux
drwxr-xr-x. 10 root root  213 Aug 12 05:58 rhel-system-roles.storage
drwxr-xr-x. 11 root root  168 Aug 12 05:58 rhel-system-roles.timesync
drwxr-xr-x.  8 root root  201 Aug  9 13:38 theforeman.foreman_scap_client

Target Server Preparation:

Step:1 To distribute SSH keys manually, and enter the following command on Satellite Server (or if any Capsule), as below.

# ssh-copy-id -i ~foreman-proxy/.ssh/id_rsa_foreman_proxy.pub root@192.168.122.12
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/usr/share/foreman-proxy/.ssh/id_rsa_foreman_proxy.pub"
The authenticity of host '192.168.122.12 (192.168.122.12)' can't be established.
ECDSA key fingerprint is SHA256:kqo2xEmDGgPqXnryZ0Vx1ORyDi3/CGZHgy6UWUm/AaQ.
ECDSA key fingerprint is MD5:9d:ea:1d:bc:38:e7:ee:eb:8d:41:9b:25:cf:6d:62:7f.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Authorized uses only. All activity may be monitored and reported.
root@192.168.122.12's password: *******

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.122.12'"
and check to make sure that only the key(s) you wanted were added.
# ssh -i ~foreman-proxy/.ssh/id_rsa_foreman_proxy root@192.168.122.12 date
Note: I do not have any separate Capsule server, that's why I ran it from the Satellite Server. And we need to repeat for each target host that we want to manage. for me only one host.

Ansible Role Configuration:

Step:1 In the Satellite web UI, navigate and click Configure > Roles, as below.


Step:2 And click the Satellite Server (or if any Capsule) that contains the roles, as below.

Step:3 And click the Satellite Server (or if any Capsule) that contains the roles, as below.

And finally, RHEL7-CIS roles will be listed in the imported Ansible Roles, as below.