satellite_prep.yml

---
- name: Ensure Satellite systems are registered with access to required repositories, the firewall is set up, and the base software is installed
  hosts: "{{ hostlist | default('all') }}"
  become: True
  vars:
    satellite_version: "6.12"

  tasks:

    - name: Block for Satellite 6.8/6.9/6.10/6.11 and RHEL 7 (6.11 not tested)
      block:

        - name: Ensure system is registered with RHSM and that the proper repos are enabled for RHEL 7
          include_role:
            name: rhportal_reg
          vars:
            rhportal_reg_rhsm_supplemental_repo_list:
              - "rhel-7-server-satellite-{{ satellite_version }}-rpms"
              - "rhel-7-server-satellite-maintenance-6-rpms"
              - "rhel-server-rhscl-7-rpms"
              - "rhel-7-server-ansible-2.9-rpms"
              - "rhel-7-server-extras-rpms"

        - name: Define incoming firewall ports to open
          set_fact:
            satellite_incoming_firewall_ports:
              - "53/udp"
              - "53/tcp"
              - "67/udp"
              - "69/udp"
              - "80/tcp"
              - "443/tcp"
              - "5000/tcp"
              - "5647/tcp"
              - "8000/tcp"
              - "8140/tcp"
              - "9090/tcp"

      when: ansible_facts.distribution is defined and ansible_facts.distribution == "RedHat" and ansible_facts.distribution_major_version is defined and ansible_facts.distribution_major_version == "7"

    - name: Block for Satellite 6.11 and RHEL 8
      block:

        - name: Ensure system is registered with RHSM and that the proper repos are enabled for RHEL 8
          include_role:
            name: rhportal_reg
          vars:
            rhportal_reg_rhsm_supplemental_repo_list:
              - "satellite-{{ satellite_version }}-for-rhel-8-x86_64-rpms"
              - "satellite-maintenance-{{ satellite_version }}-for-rhel-8-x86_64-rpms"

        - name: Enable the Satellite module
          command:
            cmd: "dnf module enable -y satellite:el8"

        - name: Define incoming firewall ports to open
          set_fact:
            satellite_incoming_firewall_ports:
              - "53/udp"
              - "53/tcp"
              - "67/udp"
              - "69/udp"
              - "80/tcp"
              - "443/tcp"
              - "5647/tcp"
              - "8000/tcp"
              - "8140/tcp"
              - "9090/tcp"

      when: ansible_facts.distribution is defined and ansible_facts.distribution == "RedHat" and ansible_facts.distribution_major_version is defined and ansible_facts.distribution_major_version == "8"

    - name: Ensure firewalld is installed
      ansible.builtin.yum:
        name: firewalld
        state: installed

    - name: Ensure firewalld is enabled and started
      service:
        name: firewalld
        enabled: True
        state: started

    - name: Ensure firewall ports are open
      ansible.posix.firewalld:
        immediate: True
        permanent: True
        port: "{{ item }}"
        state: enabled
      with_items: "{{ satellite_incoming_firewall_ports }}"

    - name: Ensure RHEL release version is not set
      command: "subscription-manager release --unset"
      args:
        warn: No

    - name: Ensure kernel is up-to-date; if so a reboot will occur
      ansible.builtin.yum:
        name: kernel
        state: latest
      register: kernel_status

    - name: Reboot server if needed
      ansible.builtin.reboot:
      when: kernel_status.changed

    - name: Ensure all packages are updated
      ansible.builtin.yum:
        name: '*'
        state: latest

    - name: Ensure Satellite and other required software is installed (RHEL system roles and screen not strictly required)
      ansible.builtin.yum:
        name: "{{ satellite_sw_list }}"
        state: latest
      vars:
        satellite_sw_list:
          - satellite
          - chrony
          - sos
          - rhel-system-roles
#          - screen

    - name: Ensure chronyd is enabled and started
      service:
        name: chronyd
        enabled: True
        state: started