Ansible playbooks for Red Hat Enterprise Linux day-2 operations — subscription management, patching, user provisioning, Insights, and demo environment setup. Designed to run from Ansible Automation Platform (AAP) Controller with variables supplied via surveys or credential types.
Registers a RHEL host with Red Hat Subscription Manager (RHSM) using username/password and attaches a specific pool. Sets system purpose (role, usage, SLA).
Variables:
username: '' # RHSM username
password: '' # RHSM password
pool_id: '' # Subscription pool ID
systemrole: "Red Hat Enterprise Server"
usage: "Dev/Test"
sla: "Self-Support"Registers a RHEL host to a Red Hat Satellite server using an organization ID and activation key.
Variables:
server_hostname: '' # Satellite FQDN
org: '' # Organization ID
activationkey: '' # Activation key name
pool_id: ''
systemrole: "Red Hat Enterprise Server"
usage: "Dev/Test"
sla: "Self-Support"Unregisters a host from RHSM (state: absent). Use before decommissioning or rebuilding.
No variables required.
Disables all repositories and enables the standard RHEL 7 repositories:
rhel-7-server-rpmsrhel-7-server-extras-rpms
Only runs when ansible_distribution == "RedHat" and major version is 7.
Disables all repositories and enables the Satellite 6.7 repository set for RHEL 7:
rhel-7-server-rpmsrhel-7-server-satellite-6.7-rpmsrhel-server-rhscl-7-rpmsrhel-7-server-satellite-maintenance-6-rpmsrhel-7-server-ansible-2.9-rpms
Runs yum clean metadata after enabling. Only runs on RHEL 7.
Updates all installed packages to the latest available version.
# No variables required
- yum:
name: '*'
state: latestInstalls a single package by name using yum. Sends a Slack notification on success if slack_token is defined.
Variables:
package: '' # Name of the package to install
slack_token: '' # Optional: Slack bot token for install notificationInstalls a package using dnf (RHEL 8+). Runs serially (serial: 1) across hosts.
Variables:
package: '' # Name of the package to installRemoves a package from all target hosts using yum. Runs serially (serial: 1) so removals happen one host at a time, reducing the risk of taking down a service across the entire inventory simultaneously.
Tasks:
Removing {{ package }}— runsyumwithstate: absentto uninstall the named package
Variables:
package: '' # Name of the package to removeRolls back the last yum transaction using yum history rollback last-1. Useful for undoing a bad update. Prints the rollback output.
No variables required.
Rolls back the last yum transaction and runs insights-client to sync the new state with Red Hat Insights.
No variables required.
Registers a host with Red Hat Insights by running insights-client --register.
No variables required.
Unregisters a host from Red Hat Insights by running insights-client --unregister.
No variables required.
Applies the RedHatInsights.insights-client Ansible role. Runs only on RedHat family OS, version 6 or higher.
Requires the RedHatInsights.insights-client role to be installed.
Creates an Ansible service account on target hosts with optional sudo access.
Variables:
svcansible_username: '' # Service account name
svcansible_home: '' # Home directory base path
svcansible_public_key: '' # SSH public key string
svcansible_sudoer: 'false' # Set to 'true' to add NOPASSWD sudo ruleDeploys an SSH public key from a local file (/home/sshkey/redpub) to the authorized_keys of a specified user.
Variables:
key_user: '' # The user account to add the key toStarts the httpd service on all target hosts. Uses state: started so it is idempotent.
No variables required.
Stops the httpd service on all target hosts. Used in demos to trigger a Dynatrace problem alert.
No variables required.
Clones a source file repository, compares a file to its live version in /etc/ using check_mode: yes and diff: yes, and generates an HTML diff report on a container host. Does not apply changes.
Variables:
sourcefilerepo: '' # Git repo URL containing source config files
file2comp: '' # Filename to compare (e.g. resolv.conf)
home_dir: '' # Directory on container host for report output
container_host: '' # Hostname of the container/report hostSame as above but applies the change if the file differs. Does not generate an HTML report.
Variables:
sourcefilerepo: '' # Git repo URL containing source config files
file2comp: '' # Filename to compare and applyGenerates an HTML OS inventory report using a Jinja2 template (report-osversion.j2) and saves it to a web-accessible directory on a report host. Sends a Slack notification with the report URL when complete.
Variables:
www_dir: '' # Target directory for the HTML report on the report host
slack_token: '' # Slack bot tokenQueries an external URL (http://www.canzahip.com) from each host to determine its current public IP address. Runs serially (serial: 1) across the inventory. Sends a Slack notification with the result if slack_token is defined.
Variables:
slack_token: '' # Optional: Slack bot token for IP notificationTests SSH reachability across the inventory. Reachable hosts are dynamically added to the running_hosts group (used by downstream plays). Hosts that fail send a Slack alert with task failure details.
Variables:
slack_token: '' # Slack bot token
channel: '' # Slack channel (e.g. #ansible-alerts)
slackuser: '' # Display name for the Slack messageSends a formatted Slack alert containing the hostname, failed task name, action, and full error JSON. Designed to be called from an on_error notification template or a rescue block.
Variables:
slack_token: '' # Slack bot token
message: '' # Custom message text
channel: '' # Slack channel
slackuser: '' # Display name for the Slack messageFull baseline provisioning playbook for demo RHEL machines. Performs the complete setup sequence:
- Waits for SSH connectivity and groups live hosts as
running_hosts - Subscribes to RHSM (supports both RHEL-only and RHEL+Ansible pool combos)
- Configures correct repositories for RHEL 7 or RHEL 8
- Installs and starts Cockpit on RHEL 8 AWS instances (creates
cockpitadminuser) - Deploys SSH banner, MOTD, and
/etc/issuefrom local files - Installs baseline packages:
insights-client,net-tools,wget,mlocate,nc,telnet - Updates all packages to latest
- Registers with Red Hat Insights
- Records timestamps at key stages via
set_statsfor workflow visibility
Variables:
username: '' # RHSM username
password: '' # RHSM password
pool_id: '' # Subscription pool ID
ansiblenode: '' # 'true' to attach Ansible pool alongside RHEL pool
slack_token: '' # Slack bot token (for SSH wait failure alerts)
channel: '' # Slack channel
slackuser: '' # Slack display name
systemrole: "Red Hat Enterprise Server"
usage: "Dev/Test"
sla: "Self-Support"Resets a demo machine by unregistering from Insights and removing the RHSM subscription. Run this before re-provisioning a demo host.
No variables required.
Development/debug playbook. Gathers service facts, pauses for 20 minutes, then prints the state of nginx.service. Used to inspect service state mid-workflow or simulate a delay during demos.
No variables required.
# collections/requirements.yml
collections:
- name: community.general
- name: ansible.posix
- name: redhat.insightsAll sensitive values (RHSM credentials, Slack tokens, Satellite activation keys) should be stored in AAP Controller as custom credential types or passed via job template surveys — never hardcoded in playbooks.
Example custom credential type for RHSM:
Input Configuration:
fields:
- id: username
type: string
label: RHSM Username
- id: password
type: string
label: RHSM Password
secret: true
- id: pool_id
type: string
label: Pool IDInjector Configuration:
extra_vars:
username: '{{ username }}'
password: '{{ password }}'
pool_id: '{{ pool_id }}'