Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: RedHatInsights/insights-client-role
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v1.4
Choose a base ref
...
head repository: RedHatInsights/insights-client-role
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: master
Choose a head ref
Loading
13 changes: 13 additions & 0 deletions .yamllint
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
extends: default

rules:
braces:
max-spaces-inside: 1
level: error
brackets:
max-spaces-inside: 1
level: error
line-length: disable
# NOTE(retr0h): Templates no longer fail this lint rule.
# Uncomment if running old Molecule templates.
# truthy: disable
98 changes: 77 additions & 21 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,16 +1,33 @@
insights-client
========

Installs, configures, and registers a system to the [Red Hat Insights service](http://access.redhat.com/insights). This role is intended to work on Red Hat Enterprise Linux, though it will generally work on any yum based system that has access to the redhat-access-insights RPM.
Installs, configures, and registers a system to the [Red Hat Insights service](http://access.redhat.com/insights). This role is intended to work on Red Hat Enterprise Linux, though it will generally work on any yum based system that has access to the insights-client RPM or the redhat-access-insights RPM.

Requirements
------------

N/A
**Note on managing RHEL 8 systems:**

RHEL 8 changed the default path for the python interpreter so this role will need to know the new path.
Ansible version 2.8+ can determine the correct path automatically, but if you are using Ansible version 2.7
or lower the path will need to be supplied to the role. This can be done by configuring the `ansible_python_interpreter`
parameter via the configuration file (shown in the examples further down), playbook invocation, inventory, etc.

RHEL 8 platform-python path: **/usr/libexec/platform-python**

This is only required when managing RHEL 8 systems with Ansible version 2.7 or lower.

Role Variables
**Note on managing RHEL 6 SELinux systems:**

Almost all uses of Ansible that target SELinux machines require that the python module 'selinux' is installed. On RHEL that module is provided by the rpm 'python-selinux'. This rpm will need to be installed prior to using this role on RHEL 6 (it is already included in RHEL 7).

Role Variables / Configuration
--------------

The following variables can be used to perform some initial configuration for the insights-client install.
These variables can be passed in directly with the playbook invocation or placed in a configuration yaml file.
See the section 'Example Playbook' for information on various ways to use these variables.

* insights_display_name: (optional)

Sets or resets the Display Name/System Name within Insights. Insights needs an easily identifiable
@@ -28,6 +45,7 @@ Role Variables

* redhat_portal_username: (optional)
* redhat_portal_password: (optional)

If defined, these set, change, or remove the username and password in the Insights configuration.
If undefined, this role will make no changes to the Insights configuration.

@@ -44,6 +62,27 @@ Role Variables
which is the default initial state, all interactions with the Insights server will use the
CERT provided by RHSM.

* auto_config: (optional)

True/False - attempt to auto-configure the network connection with Satellite or RHSM. Default behavior is True.

* authmethod: (optional)

BASIC/CERT - This parameter is used to set the authentication method for the Portal. Default bahavior is BASIC.
Note: when 'auto_config' is enabled (set to True), CERT will be used if RHSM or Satellite is detected.

* insights_proxy: (optional)

If the insights client is behind a proxy or firewall, a proxy can be specified. Default is unspecified.
Ex: http://user:pass@192.168.100.50:8080

* ansible_python_interpreter: (see Requirements above to determine if this is needed)

This variable allows you to provide the python interpreter path for ansible to use. This is needed when
managing RHEL 8 with older versions of Ansible (2.7 and lower).

RHEL 8 platform-python path: **/usr/libexec/platform-python**

Facts Installed
---------------

@@ -59,8 +98,6 @@ For example the task:

will display the System Id.



Dependencies
------------

@@ -69,37 +106,51 @@ N/A
Example Playbook
----------------

In the examples directory is a very basic playbook utilizing this role:

- hosts: all
roles:
- { role: RedHatInsights.insights-client, when: ansible_os_family == 'RedHat' }

If a system's hostname is not easily identifiable, but inventory_hostname is easily identifiable,
as often happens on some cloud platforms, set insights_display_name set to be inventory_hostname:
Here is an example with additional configuration (though using a separate file is preferred if including
usernames or passwords):

- hosts: all
roles:
- role: RedHatInsights.insights-client
insights_display_name: "{{ inventory_hostname }}"
vars:
insights_display_name: 'example_system'
ansible_python_interpreter: '/usr/libexec/platform-python'
when: ansible_os_family == 'RedHat'

If you need to run the Insights Client on a system that is not registered to Red Hat Subscription
Manager, as often happens in testing and demoing, set the
redhat_portal_username/redhat_portal_password in a way that keeps them out of the playbook:
Example Configuration File
----------------

Create a YAML file, say redhat-portal-creds.yaml, on your workstation containing the following,
with XXXXXX/YYYYYY replaced with our Insights/Portal/RHSM username/password:
The insights-client install can be configured by using a configuration yaml file to modify various parameters.
Here's an example, insights-client-config.yml, that configures the insights-client to register via basic auth
using the provided username/password and display_name:

redhat_portal_username: XXXXXX
redhat_portal_password: YYYYYY
```yaml
redhat_portal_username: example_user
redhat_portal_password: example_password
insights_display_name: example_system
autoconfig: False
authmethod: BASIC
```
Change the permissions on the file so that only you can read them, and then any time you invoke
this role, add the ansible-playbook --extra-vars option:
**Reminder:** Check Requirements above to determine if `ansible_python_interpreter` should be configured prior to running.

$ ansible-playbook ... --extra-vars @redhat-portal-creds.yml ...
If you need to run the Insights Client on a system that is not registered to Red Hat Subscription
Manager, as often happens in testing and demoing, set the redhat_portal_username/redhat_portal_password.

Note: Any of the role variables mentioned earlier can be placed in this configuration file

Change the permissions on the file so that only you can read them (in case usernames/passwords are listed), and then any time you invoke
this role, add the ansible-playbook --extra-vars option:

Note that one of the really useful features of Ansible Tower is role based management of credentials
like this.
$ ansible-playbook ... --extra-vars @insights-client-config.yml ...

Note: One of the really useful features of Ansible Tower is role based management of credentials.

Example Use
-----------
@@ -110,15 +161,20 @@ Example Use
$ ansible-galaxy install RedHatInsights.insights-client
```

This will install the latest version of the role to ansible's default role directory (if using a non default role directory
update the playbook accordingly)

1. Copy the Example Playbook to a file named 'install-insights.yml'.

1. Run the following command, replacing 'myhost.example.com' with the name of the
system where you want to install, configure, and register the insights client.

```bash
$ ansible-playbook --limit=myhost.example.com install-insights.yml
$ ansible-playbook --limit=myhost.example.com install-insights.yml --extra-vars @insights-client-config.yml
```

Note: The ansible-playbook invocation will depend on ansible configuration

License and Author
------------------

42 changes: 42 additions & 0 deletions action_plugins/insights_config.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type

from ansible.plugins.action import ActionBase


class ActionModule(ActionBase):

def run(self, tmp=None, task_vars=None):

result = super(ActionModule, self).run(tmp, task_vars)

insights_name = self._task.args.get('insights_name', 'insights-client')

config_vars = dict(
username = self._task.args.get('username', None),
password = self._task.args.get('password', None),
auto_config = self._task.args.get('auto_config', None),
authmethod = self._task.args.get('authmethod', None),
display_name = self._task.args.get('display_name', None),
proxy = self._task.args.get('proxy', None)
)

for k, v in config_vars.items():
if v:
new_module_args = dict(
path = '/etc/' + insights_name + '/' + insights_name + '.conf',
section = insights_name,
option = k,
value = v,
no_extra_spaces = True,
state = "present"
)
result.update(self._execute_module(
module_name='ini_file',
module_args=new_module_args,
task_vars=task_vars,
tmp=tmp
))

return result

3 changes: 2 additions & 1 deletion examples/example-insights-client-playbook.yml
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
---
- hosts: all
roles:
- { role: RedHatInsights.insights-client }
- { role: RedHatInsights.insights-client }
4 changes: 3 additions & 1 deletion files/insights.fact
Original file line number Diff line number Diff line change
@@ -14,7 +14,9 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
if [ -e /etc/redhat-access-insights/machine-id ]; then
if [ -e /etc/insights-client/machine-id ]; then
SYSTEM_ID=$(cat /etc/insights-client/machine-id)
elif [ -e /etc/redhat-access-insights/machine-id ]; then
SYSTEM_ID=$(cat /etc/redhat-access-insights/machine-id)
fi
if [ -n "${SYSTEM_ID}" ]; then
73 changes: 73 additions & 0 deletions library/insights_config.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
ANSIBLE_METADATA = {
'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'
}

DOCUMENTATION = '''
---
module: insights_config
short_description: This module handles initial configuration of the insights client on install
description:
- Supply values for various configuration options that you would like to use. On install
this module will add those values to the insights-client.conf file prior to registering.
version_added: "3.0"
options:
username:
description:
- Insights basic auth username. If defined this will change, set, or remove the username
in the insights configuration. To remove a username set this value to an empty string.
required: false
password:
description:
- Insights basic auth password. If defined this will change, set, or remove the password
in the insights configuration. To remove a password set this value to an empty string.
required: false
auto_config:
description:
- Attempt to auto-configure the network connection with Satellite or RHSM. Default is True.
required: false
authmethod:
description:
- Authentication method for the Portal (BASIC, CERT). Default is BASIC. Note: when
auto_config is enabled, CERT will be used if RHSM or Satellite is detected.
required: false
display_name:
description:
- Custom display name to appear in the Insights web UI. Only used on machine registration.
Blank by default.
required: false
insights_name:
description:
- For now, this is just 'insights-client', but it could change in the future so having
it as a variable is just preparing for that.
required: false
proxy:
description:
- This set an optional proxy for the insights client to connect through if the client
is behind a firewall or requires a proxy. Default is unspecified (none).
required: false
'''

EXAMPLES = '''
- name: Configure the insights client to register with username and password
insights_config:
username: "rhn_support" or "{{ redhat_portal_username }}" if passing in as a role variable
password: "rhn_password" or "{{ redhat_portal_password }}"
auto_config: False or "{{ auto_config }}"
authmethod: BASIC or "{{ authmethod }}"
proxy: "{{ insights_proxy }}"
become: true
- name: Configure the insights client to register with RHSM and no display name
insights_config:
become: true
Note: The above example calls the insights_config module with no parameters. This is because auto_config defaults to True
which in turn forces the client to try RHSM (or Satellite)
- name: Configure the insights client to register with RHSM and a display name
insights_config:
display_name: "nice_name" or "{{ insights_display_name }}" if passing in as a role variable
become: true
'''
Loading