Bug 2211721

Summary: Satellite 6.11 install on a VM with existing Ansible
Product: Red Hat Satellite Reporter: Glenn Eaton <glenn.eaton>
Component: InstallerAssignee: satellite6-bugs <satellite6-bugs>
Status: NEW --- QA Contact: Satellite QE Team <sat-qe-bz-list>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.11.5CC: egolov, ehelms, nalfassi, rlavi
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Glenn Eaton 2023-06-01 16:43:02 UTC 
Description of problem:
Satellite is almost never the first Ansible capable tool to arrive in an environment. The existing configuration methodology for a fresh Sat6 implementation, in effect, forces the user to create a new set of Ansible credentials which is likely to be redundant as many, if not most, customers will already have some form of Ansible or credential authorized automation in place. This is our problem here at Fiserv!

Version-Release number of selected component (if applicable):
6.11.5.3

How reproducible:
always

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 2 Evgeni Golov 2023-06-15 12:52:14 UTC 
I am not sure we understand your request correctly. Are you requesting a feature where Satellite can reuse existing credentials (username/password, ssh key, etc) for the Ansible/REX feature instead of creating an own key and having you the user enroll that key on all the machines?
Comment 3 Glenn Eaton 2023-06-15 14:22:30 UTC 
(In reply to Evgeni Golov from comment #2)
> I am not sure we understand your request correctly. Are you requesting a
> feature where Satellite can reuse existing credentials (username/password,
> ssh key, etc) for the Ansible/REX feature instead of creating an own key and
> having you the user enroll that key on all the machines?

Yes,  this is what I would like to see.  I don't want to redo alot of work that is already done with the original/Legacy Ansible ID/Account.
Comment 4 Evgeni Golov 2023-06-16 12:03:01 UTC 
You can stop Satellite from generating an SSH key by using `--foreman-proxy-plugin-remote-execution-script-generate-keys false` during installation.
Then you can provide an own SSH key in `/var/lib/foreman-proxy/ssh/id_rsa_foreman_proxy(.pub)` yourself (or even change the location with --foreman-proxy-plugin-remote-execution-script-ssh-identity-dir/--foreman-proxy-plugin-remote-execution-script-ssh-identity-file).
If you also need to alter the username used for SSH, there is the remote_execution_ssh_user setting, which can be either set globally or as a parameter for a host or hostgroup.

Would that suit your needs?
Comment 5 Glenn Eaton 2023-07-31 14:41:56 UTC 
we will test this out and let you know.