linux-system-roles.rhc
rhc
This is an Ansible role for connecting Red Hat Enterprise Linux (RHEL) systems to Red Hat.
Requirements
To use this role, you'll need the subscription-manager, which is generally available in standard RHEL repositories and usually installed by default on RHEL systems. If you are using another distribution, it will be installed if it's not already present.
You also need the insights-client, which comes from the standard RHEL repositories, especially if Insights support is enabled (it usually is).
Finally, you need rhc, also from standard RHEL repositories, if Insights remediation is enabled (which it is by default).
Collection Requirements
The role needs modules from external collections. To install them, run this command:
ansible-galaxy collection install -vv -r meta/collection-requirements.yml
Role Variables
rhc_state: present
This variable determines if the system is connected to Red Hat. The options are present (default, to ensure connection), absent, or reconnect. If you use reconnect, the system will be disconnected first if it is already connected, and the role will always report a "changed" status.
rhc_organization: "your-organization"
This is the user's organization. You must specify this if:
- The user belongs to more than one organization.
- You are using activation keys (see
rhc_authbelow).
rhc_auth: {}
This specifies the authentication method for connecting to the system. If a system needs to connect (e.g., if it wasn't connected before), you need to specify this. You can use several authentication methods, but only one at a time.
Note: The credentials are sensitive information and should be secured. We recommend using Ansible Vault to manage them.
To authenticate with a username and password, use the following setup:
rhc_auth:
login:
username: "your-username"
password: "your-password"
Use rhc_organization if needed.
To authenticate with activation keys, use this setup:
rhc_auth:
activation_keys:
keys: ["key-1", ...]
rhc_organization: "your-organization"
rhc_server: {}
This contains the information about the registration server to connect to, including optional settings:
rhc_server:
hostname: "hostname"
port: 443
prefix: "server-prefix"
insecure: false
hostname: The server's hostname.port: The port to connect to.prefix: The prefix for API calls (starts with/).insecure: If true, disables SSL certificate validation.
rhc_baseurl: ""
This is the base URL for content from the subscription server.
rhc_repositories: []
A list of repositories to enable or disable. Each item includes:
name: The name of the repository (mandatory).state: The state (eitherenabledordisabled; default isenabledif unspecified).
rhc_repositories:
- {name: "repository-1", state: enabled}
- {name: "repository-2", state: disabled}
rhc_release: "release"
This indicates the RHEL version to lock the system to. To unset the release, use {"state":"absent"}.
rhc_insights:
state: present
This determines whether the system is connected to Insights. Options are present (default) or absent.
rhc_insights:
autoupdate: true
This controls if the system automatically updates its configuration, which is enabled by default.
rhc_insights:
ansible_host: "example-host"
This sets a custom hostname for the system record in Inventory.
Possible values:
nullor empty string: No change.{state: absent}: Unsets the host name to use the default.- Any other string: Changes the ansible host name.
rhc_insights:
display_name: "Example Host"
This configures a custom display name for the host in Inventory.
Possible values:
nullor empty: No change.- Any other string: Changes the display name.
rhc_insights:
remediation: present
This controls whether the system is set to run Insights remediation. Valid values are present (default) or absent.
Remember, remediation is only supported on RHEL 8.4 or later.
rhc_insights:
tags: {}
This is a list of tags for organizing and searching systems in Inventory.
Example:
rhc_insights:
tags:
group: _group-name-value_
location: _location-name-value_
description:
- RHEL8
- SAP
rhc_proxy: {}
This contains details about the proxy server for connections:
rhc_proxy:
hostname: "proxy-hostname"
scheme: http
port: 4321
username: "proxy-username"
password: "proxy-password"
hostname: Proxy server's hostname.scheme: Usually "http" or "https" (defaults to "http").port: Port for connecting to the proxy.username: Username for proxy authentication (may be omitted if not needed).password: Password for proxy authentication (may be omitted if not needed).
Use {"state":"absent"} to remove all proxy settings.
rhc_environments: []
List of environments to register with when connecting the system.
Note:
- This only works if the system is connected for the first time; it cannot alter environments for already connected systems.
- Environments need to be enabled on the registration server.
Example Playbooks
- Register systems with Insights, using username & password:
- name: Register systems
hosts: all
vars:
rhc_auth:
login:
username: "your-username"
password: !vault |
$ANSIBLE_VAULT;1.2;AES256;dev
....
roles:
- linux-system-roles.rhc
- Enable specific RHEL 9 repositories:
- name: Ensure RHEL 9 repositories are enabled
hosts: all
vars:
rhc_repositories:
- {name: "rhel-9-for-x86_64-baseos-rpms", state: enabled}
- {name: "rhel-9-for-x86_64-appstream-rpms", state: enabled}
- {name: "codeready-builder-for-rhel-9-x86_64-rpms", state: disabled}
roles:
- linux-system-roles.rhc
- Lock a RHEL 8 system on version 8.6:
- name: Ensure systems are locked at RHEL 8.6
hosts: all
vars:
rhc_release: 8.6
roles:
- linux-system-roles.rhc
- Connect to Insights without optional features:
- name: Ensure systems are connected to Insights
hosts: all
vars:
rhc_insights:
autoupdate: false
remediation: absent
roles:
- linux-system-roles.rhc
License
MIT
Configure connectivity of systems to Red Hat
ansible-galaxy install linux-system-roles.rhc