Uyuni Ansible-Collection

calendar Oct 11, 2023 · 4 min read · ansible uyuni  ·
Share on: linkedin copy

When it comes to managing larger system landscapes, SUSE Manager and the open source upstream project Uyuni are useful tools. They can be used to set up new systems, deploy patches and also support Infrastructure as Code via SaltStack.

In the context of customer projects, I have carried out numerous installations and configurations and have thus been looking for automation. On the one hand to reduce my workload (to have more time to watch cat videos) - on the other hand to prevent volatility errors**. The Uyuni project provides a salt formula for this - but most customers actually rely on Ansible. Uyuni also provides rudimentary Ansible integration to control managed client systems with Ansible. However, I was looking for exactly the opposite way: to install and control Uyuni via Ansible.

From this requirement, an Ansible Collection was created over the last few months, which contains various roles:

  • storage - Preparing the storage for the Uyuni server
  • server - Installation and configuration of the server
  • client - Registering client systems
Note

This topic was also presented on at SUSECON 2023 (📽️).

Roles

A complete Uyuni server can be deployed with Ansible in under 10 minutes:

1---
2- name: Install Uyuni
3  hosts: uyuni.giertz.loc
4  become: true
5  roles:
6    - role: stdevel.uyuni.server

To install SUSE Manager, you only need to add the registration code and SCC mail (SUSE Customer Center):

1---
2- name: Install SUSE Manager
3  hosts: suma.giertz.loc
4  become: true
5  roles:
6    - role: stdevel.uyuni.server
7      uyuni_scc_reg_code: DERP1337LULZ
8      uyuni_scc_mail: simone@gier.tz

The role offers additional parameters, for example to configure software channels via spacewalk-common-utils or monitoring:

 1---
 2- name: Install Uyuni
 3  hosts: uyuni.giertz.loc
 4  become: true
 5  roles:
 6    - role: stdevel.uyuni.server
 7      uyuni_channels:
 8        - name: almalinux9
 9          arch: x86_64
10        - name: almalinux9-appstream
11          arch: x86_64
12      uyuni_enable_monitoring: true
13      uyuni_install_monitoring_formulas: true

Provided that software channels have been synchronised, clients can be registered as follows:

1- hosts: clients
2  become: true
3  roles:
4    - role: stdevel.uyuni.client
5      uyuni_server: uyuni.giertz.loc

Module

The collection contains various modules for executing Uyuni functions from Ansible:

  • install_patches - Installing patches
  • install_upgrades - Installing package upgrades
  • openscap_run - Running OpenSCAP checks
  • reboot_host - Rebooting hosts

For example, a full patch cycle can be implemented in Ansible:

 1- name: Installing patches
 2  stdevel.uyuni.install_patches:
 3    uyuni_host: 192.168.1.10
 4    uyuni_user: admin
 5    uyuni_password: admin
 6    name: chad.giertz.loc
 7    exclude_patches:
 8      - openSUSE-2022-10013
 9      - openSUSE-SLE-15.3-2022-2118
10
11- name: Check compliance
12  stdevel.uyuni.openscap_run:
13    uyuni_host: 192.168.1.10
14    uyuni_user: admin
15    uyuni_password: admin
16    name: chad.giertz.loc
17    document: /opt/scap-yast2sec-xccdf.xml
18    arguments: --profile Default
19
20- name: Reboot host
21  stdevel.uyuni.reboot_host:
22    uyuni_host: 192.168.1.10
23    uyuni_user: admin
24    uyuni_password: admin
25    name: chad.giertz.loc

Dynamic Inventory

As soon as systems are installed and managed with Uyuni, they can be addressed from Ansible with the Dynamic Inventory Plugin. This eliminates the need to maintain an inventory manually - which, depending on the system landscape, would represent a great deal of effort.

For this purpose, a configuration file with .uyuni.yml postfix must be created. This defines the access data to the Uyuni system:

1plugin: stdevel.uyuni.inventory
2host: 192.168.1.10
3user: admin
4password: admin
5verify_ssl: false

Further parameters allow the display of Custom System Information and IPv6 addresses as well as filtering by groups and required reboot:

 1plugin: stdevel.uyuni.inventory
 2host: 192.168.1.10
 3user: admin
 4password: admin
 5verify_ssl: false
 6show_custom_values: true
 7pending_reboot_only: true
 8ipv6_only: true
 9groups:
10  - dev
11  - demo

Afterwards, the inventory can be used - for example with ansible-inventory to check the functionality:

 1$ ansible-inventory homelab.uyuni.yml --list
 2{
 3  "Test": {
 4    "hosts": [
 5      "uyuni-client-opensuse-leap15"
 6    ]
 7  },
 8  "_meta": {
 9    "hostvars": {
10      "uyuni-client-opensuse-leap15": {
11        "ansible_host": "192.168.1.2",
12        "susecon23_system": "1"
13      }
14    }
15  }
16  ...
17}

Outlook

In connection with further Ansible collections, a complete maintenance cycle can be completely automated, e.g. as follows:

  • Creating VM snapshots
  • Creation of monitoring downtimes
  • Installing patches and restarting the system
  • Testing the application
  • Removing snapshots and downtimes

Feedback is welcome! There are already more feature ideas noted on GitHub.

Translations: