Add Satellite Demos (#41)

* add satellite demos * move satellite vars to setup.yml * fix var * fix playbook path * remove async * fix = * fix condition * fix lookup * add credential * update tools version * fix scap role * add satellite setup * add satellite stuff * remove local * stupid * stupid * params * these vars arent right * these vars arent right * add compliance workflow * work on landing page * work on landing page * work on landing page * landing page * landing page * landing page * landing page * landing page * landing page * landing page * landing page * landing page * landing page * landing page * add files * derp * add link * add link * add link * add link * add link * add link * add link * add link * add link * add link * add link * add link * add link * add ee * add ee * add ee * fix landing page * fix landing page * fix landing page * fix landing page * fix landing page * remove commented out sections * remove default ee * set local admin password * set ee for fact scan * fall back to default ee for patching * check for valid org_id * check for valid org_id * no gpg * no gpg * add satllite stuff * update cred type * update cred type * raw * raw * work on landing page * work on landing page * work on landing page * landing page * landing page * landing page * landing page * landing page * landing page * landing page * landing page * landing page * landing page * landing page * add files * derp * add link * add link * add link * add link * add link * add link * add link * add link * add link * add link * add link * add link * add link * add ee * add ee * add ee * fix landing page * fix landing page * fix landing page * fix landing page * fix landing page * remove commented out sections * remove default ee * set local admin password * set ee for fact scan * fall back to default ee for patching * check for valid org_id * check for valid org_id * no gpg * no gpg * add satllite stuff * update cred type * update cred type * raw * raw * raw * merge satellite * fix vars * fix vars * fix vars * fix vars * add publish * add lifecycle and actviation keys * workaround for publish issue * use module to publish * use module to publish * use module to publish * use module to publish * change sat version * change sat version * change sat version * remove maint repos * launch sat setup * reorder * reorder * moar inventory * add manifest refresh * add telemetry * run linux setup * parent efcf729fa0 author willtome <willtome@gmail.com> 1663173584 -0400 committer willtome <willtome@gmail.com> 1668183942 -0500 parent efcf729fa0 author willtome <willtome@gmail.com> 1663173584 -0400 committer willtome <willtome@gmail.com> 1668183785 -0500 parent efcf729fa0 author willtome <willtome@gmail.com> 1663173584 -0400 committer willtome <willtome@gmail.com> 1668183318 -0500 parent efcf729fa0 author willtome <willtome@gmail.com> 1663173584 -0400 committer willtome <willtome@gmail.com> 1668182787 -0500 parent efcf729fa0 author willtome <willtome@gmail.com> 1663173584 -0400 committer willtome <willtome@gmail.com> 1668182651 -0500 add satellite demos work on landing page landing page landing page landing page landing page landing page landing page landing page landing page landing page landing page landing page add files derp add link add link add link add link add link add link add link add link add link add link add link add link add ee add ee add ee fix landing page fix landing page fix landing page fix landing page fix landing page remove commented out sections remove default ee set local admin password set ee for fact scan fall back to default ee for patching check for valid org_id check for valid org_id no gpg no gpg add satllite stuff update cred type update cred type raw raw raw add satellite demos move satellite vars to setup.yml fix var fix playbook path remove async fix = fix condition fix lookup add credential update tools version fix scap role add satellite setup add satellite stuff remove local stupid stupid params these vars arent right these vars arent right add compliance workflow work on landing page work on landing page work on landing page landing page landing page landing page landing page landing page landing page landing page landing page landing page landing page landing page add files derp add link add link add link add link add link add link add link add link add link add link add link add link add ee add ee add ee fix landing page fix landing page fix landing page fix landing page fix landing page remove commented out sections remove default ee set local admin password set ee for fact scan fall back to default ee for patching check for valid org_id check for valid org_id no gpg no gpg update cred type update cred type raw merge satellite fix vars fix vars fix vars fix vars add publish add lifecycle and actviation keys workaround for publish issue use module to publish use module to publish use module to publish use module to publish change sat version change sat version change sat version remove maint repos launch sat setup reorder reorder moar inventory add manifest refresh add telemetry run linux setup * Updates to node1 (#42) clean up satellite config clean up server registration add web console job Co-authored-by: Calvin Smith <calvingsmith@users.noreply.github.com> * add rhel 8 tailoring * add ee * dont verify certs * Update setup.yml * Update setup.yml * what the heck Co-authored-by: calvingsmith <4283930+calvingsmith@users.noreply.github.com> Co-authored-by: Calvin Smith <calvingsmith@users.noreply.github.com>
2023-01-19 10:17:45 -05:00
parent eeb1f2109c
commit a19615eaf3
40 changed files with 2934 additions and 14 deletions
--- a/satellite/README.md
+++ b/satellite/README.md
@@ -0,0 +1,27 @@
+# Satellite Demos
+
+## Table of Contents
+- [Satellite Demos](#satellite-demos)
+  - [Table of Contents](#table-of-contents)
+  - [About These Demos](#about-these-demos)
+    - [Jobs](#jobs)
+    - [Inventory](#inventory)
+  - [Suggested Usage](#suggested-usage)
+
+## About These Demos
+This category of demos shows examples of linux operations and management with Ansible Automation Platform and Red Hat Satellite Server. The list of demos can be found below. See the [Suggested Usage](#suggested-usage) section of this document for recommendations on how to best use these demos.
+
+### Jobs
+- [**LINUX / Register with Satellite**](server_register.yml) - Register a RHEL server with Red Hat Satellite.
+- [**LINUX / Compliance Scan with Satellite**](server_openscap.yml) - Run OpenSCAP scan and report to Satellite.
+- [**SATELLITE / Publish Content View Version**](satellite_publish.yml) - Publish a new version of a content view.
+- [**SATELLITE / Promote Content View Version**](satellite_promote.yml) - Promote a content view version to the next lifecycle environment.
+
+### Inventory
+
+A dymanic inventory is created to pull inventory hosts from Red Hat Satellite. Groups will automatically be created
+
+## Suggested Usage
+**Linux / Register with Satellite** - Register a server with Red Hat Satellite using an activation key in the format `RHEL<major version>_<environment>`.
+
+**SATELLITE / Publish Content View Version** - Publish a new version of a content view to start a patching process. By default this will publish the version and promote to the 'Dev' environment.
--- a/satellite/files/ssg-rhel7-ds-tailoring.xml
+++ b/satellite/files/ssg-rhel7-ds-tailoring.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xccdf:Tailoring xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2" id="xccdf_scap-workbench_tailoring_default">
+  <xccdf:benchmark href="/tmp/scap-workbench-iwLkek/ssg-rhel7-ds.xml"/>
+  <xccdf:version time="2022-07-21T09:19:44">1</xccdf:version>
+  <xccdf:Profile id="xccdf_org.ssgproject.content_profile_stig_customized" extends="xccdf_org.ssgproject.content_profile_stig">
+    <xccdf:title xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US" override="true">DISA STIG for Red Hat Enterprise Linux 7 [CUSTOMIZED]</xccdf:title>
+    <xccdf:description xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US" override="true">This profile contains configuration checks that align to the
+DISA STIG for Red Hat Enterprise Linux V3R7.
+
+In addition to being applicable to Red Hat Enterprise Linux 7, DISA recognizes this
+configuration baseline as applicable to the operating system tier of
+Red Hat technologies that are based on Red Hat Enterprise Linux 7, such as:
+
+- Red Hat Enterprise Linux Server
+- Red Hat Enterprise Linux Workstation and Desktop
+- Red Hat Enterprise Linux for HPC
+- Red Hat Storage
+- Red Hat Containers with a Red Hat Enterprise Linux 7 image</xccdf:description>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_rpm_verify_ownership" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_aide_use_fips_hashes" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_aide_verify_acls" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_aide_verify_ext_attributes" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_install_antivirus" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_agent_mfetpd_running" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_package_mcafeetp_installed" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_group_mcafee_endpoint_security_software" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_group_mcafee_security_software" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_group_endpoint_security_software" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_partition_for_home" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_partition_for_var" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_partition_for_tmp" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_partition_for_var_log_audit" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_group_disk_partitioning" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_sudo_remove_nopasswd" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny_root" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_interval" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_install_smartcard_packages" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_smartcard_auth" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_account_disable_post_pw_expiration" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_group_account_expiration" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_accounts_authorized_local_users" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_grub2_admin_username" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_grub2_password" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_service_firewalld_enabled" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_group_firewalld_activation" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_configure_firewalld_ports" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_set_firewalld_default_zone" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_group_ruleset_modifications" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_group_network-firewalld" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_network_configure_name_resolution" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_mount_option_home_nosuid" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_postfix_prevent_unrestricted_relay" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_group_postfix_server_relay" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_group_postfix_server_cfg" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_group_postfix_harden_os" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_group_mail" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_chronyd_or_ntpd_set_maxpoll" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_group_ntp" selected="false"/>
+  </xccdf:Profile>
+</xccdf:Tailoring>
--- a/satellite/files/ssg-rhel8-ds-tailoring-stig-gui.xml
+++ b/satellite/files/ssg-rhel8-ds-tailoring-stig-gui.xml
--- a/satellite/host_vars/satellite.example.com/activation_keys.yml
+++ b/satellite/host_vars/satellite.example.com/activation_keys.yml
@@ -0,0 +1,22 @@
+---
+satellite_activation_keys:
+  # Red Hat Enterprise Linux 7
+  - name: "RHEL7_Dev"
+    lifecycle_environment: "RHEL7_Dev"
+    content_view: "RHEL7"
+  - name: "RHEL7_QA"
+    lifecycle_environment: "RHEL7_QA"
+    content_view: "RHEL7"
+  - name: "RHEL7_Prod"
+    lifecycle_environment: "RHEL7_Prod"
+    content_view: "RHEL7"
+  # Red Hat Enterprise Linux 8
+  - name: "RHEL8_Dev"
+    lifecycle_environment: "RHEL8_Dev"
+    content_view: "RHEL8"
+  - name: "RHEL8_QA"
+    lifecycle_environment: "RHEL8_QA"
+    content_view: "RHEL8"
+  - name: "RHEL8_Prod"
+    lifecycle_environment: "RHEL8_Prod"
+    content_view: "RHEL8"
--- a/satellite/host_vars/satellite.example.com/content_views.yml
+++ b/satellite/host_vars/satellite.example.com/content_views.yml
@@ -0,0 +1,29 @@
+---
+satellite_content_views:
+  # Red Hat Enterprise Linux 7
+  - name: RHEL7
+    content_view: RHEL7
+    repositories:
+    - name: Red Hat Enterprise Linux 7 Server (RPMs)
+      basearch: x86_64
+      releasever: 7Server
+      product: 'Red Hat Enterprise Linux Server'
+    - name: Red Hat Enterprise Linux 7 Server - Extras (RPMs)
+      basearch: x86_64
+      product: 'Red Hat Enterprise Linux Server'
+    - name: Red Hat Satellite Tools 6.8 (for RHEL 7 Server) (RPMs)
+      basearch: x86_64
+      product: 'Red Hat Enterprise Linux Server'
+  # Red Hat Enterprise Linux 8
+  - name: RHEL8
+    content_view: RHEL8
+    content_view_update: true
+    repositories:
+    - name: Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs)
+      releasever: 8
+      product: Red Hat Enterprise Linux for x86_64
+    - name: Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs)
+      releasever: 8
+      product: Red Hat Enterprise Linux for x86_64
+    - name: Red Hat Satellite Tools 6.8 for RHEL 8 x86_64 (RPMs)
+      product: Red Hat Enterprise Linux for x86_64
--- a/satellite/host_vars/satellite.example.com/defaults.yml
+++ b/satellite/host_vars/satellite.example.com/defaults.yml
@@ -0,0 +1,3 @@
+---
+satellite_organization: "Default Organization"
+satellite_validate_certs: false
--- a/satellite/host_vars/satellite.example.com/lifecycle_environments.yml
+++ b/satellite/host_vars/satellite.example.com/lifecycle_environments.yml
@@ -0,0 +1,16 @@
+---
+satellite_lifecycle_environments:
+  # Red Hat Enterprise Linux 7
+  - name: "RHEL7_Dev"
+    prior: "Library"
+  - name: "RHEL7_QA"
+    prior: "RHEL7_Dev"
+  - name: "RHEL7_Prod"
+    prior: "RHEL7_QA"
+  # Red Hat Enterprise Linux 8
+  - name: "RHEL8_Dev"
+    prior: "Library"
+  - name: "RHEL8_QA"
+    prior: "RHEL8_Dev"
+  - name: "RHEL8_Prod"
+    prior: "RHEL8_QA"
--- a/satellite/satellite_promote.yml
+++ b/satellite/satellite_promote.yml
@@ -0,0 +1,17 @@
+---
+- hosts: localhost
+  connection: local
+  gather_facts: no
+  vars:
+    organization: Default Organization
+    lifecycle_environment: undef
+    current_lifecycle_environment: undef
+    content_view: undef
+
+  tasks:
+  - name: Promote Content View
+    redhat.satellite.content_view_version:
+      content_view: "{{ content_view }}"
+      organization: "{{ organization }}"
+      lifecycle_environments: "{{ lifecycle_environment }}"
+      current_lifecycle_environment: "{{ current_lifecycle_environment }}"
--- a/satellite/satellite_publish.yml
+++ b/satellite/satellite_publish.yml
@@ -0,0 +1,29 @@
+---
+- hosts: localhost
+  connection: local
+  gather_facts: no
+  vars:
+    content_view: undef
+    env: undef
+    organization: Default Organization
+    lifecycle_environment: "{{ content_view }}_{{ env }}"
+    publish_timeout: 14400
+    publish_retry_interval: 15
+
+  tasks:
+  - name: publish content view
+    redhat.satellite.content_view_version:
+      content_view: "{{ content_view }}"
+      organization: "{{ organization }}"
+      lifecycle_environments: "{{ lifecycle_environment }}"
+#    async: "{{ publish_timeout }}"
+#    poll: 0
+#    register: publish_async
+
+#  - name: check if content view is finished
+#    async_status:
+#      jid: "{{ publish_async.ansible_job_id }}"
+#    register: job_result
+#    until: job_result.finished
+#    retries: "{{ ( publish_timeout / publish_retry_interval ) | int }}"
+#   delay: "{{ publish_retry_interval }}"
--- a/satellite/server_openscap.yml
+++ b/satellite/server_openscap.yml
@@ -0,0 +1,16 @@
+---
+- hosts: "{{ HOSTS }}"
+  become: yes
+  vars:
+    policy_name: all
+  roles:
+    - demo.satellite.scap_client
+
+  tasks:
+  - name: Randomized startup delay...
+    pause: seconds="{{ 5 | random }}"
+
+  - name: "Run SCAP Scan"
+    shell: "/usr/bin/foreman_scap_client {{ item.id }}"
+    loop: "{{ policy }}"
+    when: policy_scan == 'all' or item.name in policy_scan
--- a/satellite/server_register.yml
+++ b/satellite/server_register.yml
@@ -0,0 +1,8 @@
+---
+- hosts: "{{ HOSTS }}"
+  become: yes
+  vars:
+    # env: undef
+    satellite_url: "{{ lookup('ansible.builtin.env', 'SATELLITE_SERVER') }}"
+  roles:
+    - demo.satellite.register_host
--- a/satellite/setup.yml
+++ b/satellite/setup.yml
@@ -0,0 +1,275 @@
+user_message:
+
+controller_components:
+  - credential_types
+  - credentials
+  - inventory_sources
+  - job_templates
+  - job_launch
+#  - workflow_job_templates
+
+controller_credential_types:
+  - name: Satellite Collection
+    kind: cloud
+    inputs:
+      fields:
+        - id: username
+          type: string
+          label: Satellite Username
+        - id: password
+          type: string
+          label: Satellite Password
+          secret: true
+        - id: host
+          type: string
+          label: Satellite Hostname
+      required:
+        - username
+        - password
+        - host
+    injectors:
+      env:
+        SATELLITE_SERVER: "{% raw %}{  { host  }}{% endraw %}"
+        SATELLITE_USERNAME: "{% raw %}{  { username  }}{% endraw %}"
+        SATELLITE_PASSWORD: "{% raw %}{  { password  }}{% endraw %}"
+        SATELLITE_VALIDATE_CERTS: 'false'
+
+controller_credentials:
+  - name: Satellite Inventory
+    credential_type: Red Hat Satellite 6
+    organization: Default
+    inputs:
+      host: https://satellite.example.com
+      username: admin
+      password: ansible123!
+  - name: Satellite Credential
+    credential_type: Satellite Collection
+    organization: Default
+    inputs:
+      host: https://satellite.example.com
+      username: admin
+      password: ansible123!
+
+controller_inventory_sources:
+- name: Satellite Inventory
+  inventory: Workshop Inventory
+  credential: Satellite Inventory
+  source: satellite6
+  update_on_launch: false
+  execution_environment: Control Plane Execution Environment
+  overwrite: true
+  source_vars:
+    hostnames:
+      - name.split('.')[0]
+    groups:
+      patch_bugs: foreman_content_facet_attributes.errata_counts.bugfix
+      patch_enhancements: foreman_content_facet_attributes.errata_counts.enhancement
+      patch_security: foreman_content_facet_attributes.errata_counts.security
+    keyed_groups:
+      - prefix: env
+        key: foreman_content_facet_attributes.lifecycle_environment_name
+      - prefix: cv
+        key: foreman_content_facet_attributes.content_view_name
+      - prefix: os
+        key: foreman_operatingsystem_name
+      - prefix: scap
+        key: foreman_compliance_status_label
+    validate_certs: no
+
+controller_templates:
+- name: LINUX / Register with Satellite
+  project: Ansible official demo project
+  playbook: satellite/server_register.yml
+  inventory: Workshop Inventory
+  notification_templates_started: Telemetry
+  notification_templates_success: Telemetry
+  notification_templates_error: Telemetry
+  credentials:
+    - Workshop Credential
+    - Satellite Credential
+  extra_vars:
+    org_id: "Default_Organization"
+  survey_enabled: true
+  survey:
+    name: ''
+    description: ''
+    spec:
+      - question_name: Server Name or Pattern
+        type: text
+        variable: HOSTS
+        required: false
+      - question_name: Choose Environment
+        type: multiplechoice
+        variable: env
+        choices:
+          - Dev
+          - QA
+          - Prod
+        required: true
+
+- name: LINUX / Compliance Scan with Satellite
+  project: Ansible official demo project
+  playbook: satellite/server_openscap.yml
+  inventory: Workshop Inventory
+  execution_environment: Ansible Engine 2.9 execution environment
+  notification_templates_started: Telemetry
+  notification_templates_success: Telemetry
+  notification_templates_error: Telemetry
+  credentials:
+    - Satellite Credential
+    - Workshop Credential
+  extra_vars:
+    policy_scan: all
+  survey_enabled: true
+  survey:
+    name: ''
+    description: ''
+    spec:
+      - question_name: Server Name or Pattern
+        type: text
+        variable: HOSTS
+        required: false
+
+- name: SATELLITE / Publish Content View Version
+  project: Ansible official demo project
+  playbook: satellite/satellite_publish.yml
+  inventory: Workshop Inventory
+  notification_templates_started: Telemetry
+  notification_templates_success: Telemetry
+  notification_templates_error: Telemetry
+  credentials:
+    - Satellite Credential
+  extra_vars:
+    env: Dev
+  survey_enabled: true
+  survey:
+    name: ''
+    description: ''
+    spec:
+      - question_name: Select Content View
+        variable: content_view
+        type: multiplechoice
+        choices: "{{ satellite_content_views | selectattr('name', 'match', '^RHEL.*$') | map(attribute='name') | list}}"
+        required: true
+
+- name: SATELLITE / Promote Content View Version
+  project: Ansible official demo project
+  playbook: satellite/satellite_promote.yml
+  inventory: Workshop Inventory
+  notification_templates_started: Telemetry
+  notification_templates_success: Telemetry
+  notification_templates_error: Telemetry
+  credentials:
+    - Satellite Credential
+  survey_enabled: true
+  survey:
+    name: ''
+    description: ''
+    spec:
+      - question_name: Select Content View
+        variable: content_view
+        type: multiplechoice
+        choices: "{{ satellite_content_views | selectattr('name', 'match', '^RHEL.*$') | map(attribute='name') | list}}"
+        required: true
+      - question_name: Current Lifecycle Environment
+        variable: current_lifecycle_environment
+        type: multiplechoice
+        choices: "{{ satellite_lifecycle_environments | selectattr('name', 'match', '^RHEL.*$') | map(attribute='name') | list}}"
+        required: true
+      - question_name: Next Lifecycle Environment
+        variable: lifecycle_environment
+        type: multiplechoice
+        choices: "{{ satellite_lifecycle_environments | selectattr('name', 'match', '^RHEL.*$') | map(attribute='name') | list}}"
+        required: true
+
+- name: SETUP / Satellite
+  project: Ansible official demo project
+  playbook: satellite/setup_satellite.yml
+  inventory: Workshop Inventory
+  notification_templates_started: Telemetry
+  notification_templates_success: Telemetry
+  notification_templates_error: Telemetry
+  credentials:
+    - Satellite Credential
+
+    
+controller_launch_jobs:
+  - name: SETUP
+    wait: false
+    extra_vars:
+      demo: linux
+
+  - name: SETUP / Satellite
+    wait: false
+
+#######################
+### Satellite Vars ###
+######################
+satellite_components: 
+  - content_views
+  #- content_view_publish
+  - lifecycle_environments
+  - activation_keys
+
+satellite_organization: "Default Organization"
+satellite_validate_certs: false
+
+satellite_content_views:
+  # Red Hat Enterprise Linux 7
+  - name: RHEL7
+    content_view: RHEL7
+    repositories:
+    - name: Red Hat Enterprise Linux 7 Server RPMs x86_64 7Server
+      product: 'Red Hat Enterprise Linux Server'
+    - name: Red Hat Enterprise Linux 7 Server - Extras RPMs x86_64
+      product: 'Red Hat Enterprise Linux Server'
+    - name: Red Hat Satellite Client 6 for RHEL 7 Server RPMs x86_64
+      product: 'Red Hat Enterprise Linux Server'
+  # Red Hat Enterprise Linux 8
+  - name: RHEL8
+    content_view: RHEL8
+    repositories:
+    - name: Red Hat Enterprise Linux 8 for x86_64 - BaseOS RPMs 8
+      product: Red Hat Enterprise Linux for x86_64
+    - name: Red Hat Enterprise Linux 8 for x86_64 - AppStream RPMs 8
+      product: Red Hat Enterprise Linux for x86_64
+    - name: Red Hat Satellite Client 6 for RHEL 8 x86_64 RPMs
+      product: Red Hat Enterprise Linux for x86_64
+
+satellite_lifecycle_environments:
+  # Red Hat Enterprise Linux 7
+  - name: "RHEL7_Dev"
+    prior: "Library"
+  - name: "RHEL7_QA"
+    prior: "RHEL7_Dev"
+  - name: "RHEL7_Prod"
+    prior: "RHEL7_QA"
+  # Red Hat Enterprise Linux 8
+  - name: "RHEL8_Dev"
+    prior: "Library"
+  - name: "RHEL8_QA"
+    prior: "RHEL8_Dev"
+  - name: "RHEL8_Prod"
+    prior: "RHEL8_QA"
+
+satellite_activation_keys:
+  # Red Hat Enterprise Linux 7
+  - name: "RHEL7_Dev"
+    lifecycle_environment: "RHEL7_Dev"
+    content_view: "RHEL7"
+  - name: "RHEL7_QA"
+    lifecycle_environment: "RHEL7_QA"
+    content_view: "RHEL7"
+  - name: "RHEL7_Prod"
+    lifecycle_environment: "RHEL7_Prod"
+    content_view: "RHEL7"
+  # Red Hat Enterprise Linux 8
+  - name: "RHEL8_Dev"
+    lifecycle_environment: "RHEL8_Dev"
+    content_view: "RHEL8"
+  - name: "RHEL8_QA"
+    lifecycle_environment: "RHEL8_QA"
+    content_view: "RHEL8"
+  - name: "RHEL8_Prod"
+    lifecycle_environment: "RHEL8_Prod"
+    content_view: "RHEL8"
--- a/satellite/setup_satellite.yml
+++ b/satellite/setup_satellite.yml
@@ -0,0 +1,54 @@
+---
+- hosts: localhost
+  gather_facts: no
+  vars_files: setup.yml
+  vars:
+    refresh_satellite_manifest: true
+
+  tasks:
+  - name: refresh manifest
+    redhat.satellite.subscription_manifest:
+      organization: "Default Organization"
+      state: refreshed
+    when: refresh_satellite_manifest
+
+  - name: Setup CV
+    include_role:
+      name: redhat.satellite.content_views
+
+  - name: Publish CV
+    include_role:
+      name: redhat.satellite.content_view_publish
+    vars:
+      satellite_content_views:
+      - RHEL7
+      - RHEL8
+
+  - name: Setup Lifecycle Environment
+    include_role:
+      name: redhat.satellite.lifecycle_environments
+
+  - name: redhat.satellite.content_view_publish CV
+    redhat.satellite.content_view_version:
+      organization: "{{ satellite_organization }}"
+      content_view: "{{ item }}"
+      lifecycle_environments:
+        - "{{ item }}_Dev"
+        - "{{ item }}_QA"
+        - "{{ item }}_Prod"
+    loop:
+      - RHEL7
+      - RHEL8
+
+  - name: Setup activation_keys
+    include_role:
+      name: redhat.satellite.activation_keys
+
+  - name: Add SCAP Tailoring File
+    redhat.satellite.scap_tailoring_file:
+      name: RHEL7_STIG
+      organizations: "{{ satellite_organization }}"
+      scap_file: "{{ item }}"
+    loop: 
+      - files/ssg-rhel7-ds-tailoring.xml
+      - files/ssg-rhel8-ds-tailoring-stig-gui.xml