diff --git a/.gitignore b/.gitignore index a9b8bb4..1d2dcdf 100644 --- a/.gitignore +++ b/.gitignore @@ -3,4 +3,5 @@ image.tar.gz -checkout \ No newline at end of file +checkout +*.iml diff --git a/roles/awx/tasks/awx-add-credential-to-job-template.yml b/roles/awx/tasks/awx-add-credential-to-job-template.yml new file mode 100644 index 0000000..303e67a --- /dev/null +++ b/roles/awx/tasks/awx-add-credential-to-job-template.yml @@ -0,0 +1,62 @@ +--- +- set_fact: + found_credential_id: "" + no_log: true + tags: + - awx_communication + +- name: "Get {{jobinfo.name}} job_template credential id's from awx server" + uri: + url: "{{ awx_base_url }}/api/v2/job_templates/{{ awx_job_template_id }}/credentials" + method: GET + user: "{{ awx_rest_api_access_user }}" + password: "{{ awx_rest_api_access_pw }}" + return_content: true + validate_certs: false + force_basic_auth: yes + status_code: 200 + no_log: true + register: awx_job_template_info + when: (awx_job_template_id | default("") | length > 0) + tags: + - awx_communication + +- name: "Check for credential id {{ awx_credential_id }} in {{ jobinfo.name }} job_template" + vars: + query: '[? id==`{{ awx_credential_id }}`].id' + set_fact: + found_credential_id: "{{ item.results | json_query(query) | first }}" + when: > + (item.results is defined) and (item.results | length > 0) and + (item.results | json_query(query) | length > 0) + loop: + - "{{ awx_job_template_info['content'] }}" + no_log: true + tags: + - awx_communication + +- name: "Add credential id {{ awx_credential_id }} to {{ jobinfo.name }} job_template" + uri: + url: "{{ awx_base_url }}/api/v2/job_templates/{{ awx_job_template_id }}/credentials/" + method: POST + user: "{{ awx_rest_api_access_user }}" + password: "{{ awx_rest_api_access_pw }}" + headers: + Content-Type: "application/json" + Accept: "application/json" + body_format: "json" + body: > + { + 'associate': true, + 'id': {{ awx_credential_id | int }} + } + force_basic_auth: true + validate_certs: false + status_code: 204 + no_log: true + tags: + - awx_communication + when: > + (found_credential_id | default("") | length == 0) and + (awx_credential_id is defined) and + (awx_job_template_id | default("") | length > 0) \ No newline at end of file diff --git a/roles/awx/tasks/awx-configurator.yml b/roles/awx/tasks/awx-configurator.yml new file mode 100644 index 0000000..ef7d8d1 --- /dev/null +++ b/roles/awx/tasks/awx-configurator.yml @@ -0,0 +1,611 @@ +--- +- name: "Add basic configuration awx server" + block: + - name: "Authenticating with awx server" + uri: + url: "{{ awx_base_url }}/api/v2/me/" + method: GET + user: "{{ awx_rest_api_access_user }}" + password: "{{ awx_rest_api_access_pw }}" + return_content: true + validate_certs: false + force_basic_auth: yes + status_code: 200 + no_log: true + tags: + - awx_communication + + - name: "Search 'Ansible' user to awx server" + include_tasks: awx-get-typ-id.yml + vars: + awx_rest_api_type: users + awx_search_key: username + awx_search_name: "Ansible" + awx_type_id: "" + tags: + - awx_communication + + - name: "Update ansible_awx_user_id" + set_fact: + ansible_awx_user_id: "{{ awx_type_id }}" + awx_type_id: "" + when: (awx_type_id is defined) and (awx_type_id | length > 0) + no_log: true + tags: + - awx_communication + + - name: "Add Ansible user to awx server" + vars: + username: "Ansible" + password: "Ansible" + uri: + url: "{{ awx_base_url }}/api/v2/users/" + method: POST + user: "{{ awx_rest_api_access_user }}" + password: "{{ awx_rest_api_access_pw }}" + headers: + Content-Type: "application/json" + Accept: "application/json" + body_format: "json" + body: "{{ lookup('template','awx-create-user-config.json.j2') }}" + force_basic_auth: true + validate_certs: false + status_code: 200, 201 + no_log: true + when: (ansible_awx_user_id is not defined) and (ansible_awx_user_id | length > 0) + tags: + - awx_communication + + - name: "Search 'Ansible' user on awx server" + include_tasks: awx-get-typ-id.yml + vars: + awx_rest_api_type: users + awx_search_key: username + awx_search_name: "Ansible" + awx_type_id: "" + when: (ansible_awx_user_id is not defined) + tags: + - awx_communication + + - name: "Update ansible_awx_user_id" + set_fact: + ansible_awx_user_id: "{{ awx_type_id }}" + awx_type_id: "" + when: > + (ansible_awx_user_id is not defined) and + (awx_type_id is defined) and + (awx_type_id | length > 0) + no_log: true + tags: + - awx_communication + + - name: "Get 'Machine' type id from awx server" + include_tasks: awx-get-typ-id.yml + vars: + awx_rest_api_type: credential_types + awx_search_key: name + awx_search_name: "Machine" + awx_type_id: "" + tags: + - awx_communication + + - name: "Update awx_credential_type_machine_id" + set_fact: + awx_credential_type_machine_id: "{{ awx_type_id }}" + awx_type_id: "" + when: (awx_type_id is defined) and (awx_type_id | length > 0) + no_log: true + tags: + - awx_communication + + - name: "Get 'Machine' type 'Hetzner-Ansible' type id from awx server" + include_tasks: awx-get-typ-id.yml + vars: + awx_rest_api_type: credentials + awx_search_key: name + awx_search_name: "Hetzner-Ansible" + awx_type_id: "" + tags: + - awx_communication + + - name: "Update awx_credential_hetzner_ansible_id" + set_fact: + awx_credential_hetzner_ansible_id: "{{ awx_type_id }}" + awx_type_id: "" + when: (awx_type_id is defined) and (awx_type_id | length > 0) + no_log: true + tags: + - awx_communication + + - name: "Add 'Machine' type 'Hetzner_Ansible' credential to awx server" + vars: + name: "Hetzner-Ansible" + user_id: "{{ ansible_awx_user_id }}" + credential_type_id: "{{ awx_credential_type_machine_id }}" + credential_type_name: "Machine" + username: "Ansible" + ssh_public_key_data: "{{ lookup('file', '{{ playbook_dir }}/users/ansible/id_rsa.pub') | replace('\n', '') }}" + ssh_key_data: "{{ lookup('file', '{{ playbook_dir }}/users/ansible_ssh_key') | replace('\n', '') }}" + uri: + url: "{{ awx_base_url }}/api/v2/credentials/" + method: POST + user: "{{ awx_rest_api_access_user }}" + password: "{{ awx_rest_api_access_pw }}" + headers: + Content-Type: "application/json" + Accept: "application/json" + body_format: "json" + body: "{{ lookup('template','awx-create-credential-config.json.j2') }}" + force_basic_auth: true + validate_certs: false + status_code: 200, 201 + no_log: true + tags: + - awx_communication + when: > + (awx_credential_hetzner_ansible_id is not defined) and + (ansible_awx_user_id is defined) and + (ansible_awx_user_id | length > 0) and + (awx_credential_type_machine_id is defined) and + (awx_credential_type_machine_id | length > 0) + + - name: "Get 'Machine' type 'Hetzner_Ansible' type id from awx server" + include_tasks: awx-get-typ-id.yml + vars: + awx_rest_api_type: credentials + awx_search_key: name + awx_search_name: "Hetzner-Ansible" + awx_type_id: "" + when: (awx_credential_hetzner_ansible_id is not defined) + tags: + - awx_communication + + - name: "Update awx_credential_hetzner_ansible_id" + set_fact: + awx_credential_hetzner_ansible_id: "{{ awx_type_id }}" + awx_type_id: "" + when: > + (awx_credential_hetzner_ansible_id is not defined) and + (awx_type_id is defined) and + (awx_type_id | length > 0) + no_log: true + tags: + - awx_communication + + - name: "Get 'Vault' type id from awx server" + include_tasks: awx-get-typ-id.yml + vars: + awx_rest_api_type: credential_types + awx_search_key: name + awx_search_name: "Vault" + awx_type_id: "" + tags: + - awx_communication + + - name: "Update awx_credential_type_vault_id" + set_fact: + awx_credential_type_vault_id: "{{ awx_type_id }}" + awx_type_id: "" + when: (awx_type_id is defined) and (awx_type_id | length > 0) + no_log: true + tags: + - awx_communication + + - name: "Get 'Vault' type 'Hetzner_Ansible_Vault' type id from awx server" + include_tasks: awx-get-typ-id.yml + vars: + awx_rest_api_type: credentials + awx_search_key: name + awx_search_name: "Hetzner-Ansible-Vault" + awx_type_id: "" + tags: + - awx_communication + + - name: "Update awx_credential_hetzner_ansible_vault_id" + set_fact: + awx_credential_hetzner_ansible_vault_id: "{{ awx_type_id }}" + awx_type_id: "" + when: (awx_type_id is defined) and (awx_type_id | length > 0) + no_log: true + tags: + - awx_communication + + - name: "Add 'Vault' type 'Hetzner-Ansible-Vault' credential to awx server" + vars: + name: "Hetzner-Ansible-Vault" + user_id: "{{ ansible_awx_user_id }}" + credential_type_id: "{{ awx_credential_type_vault_id }}" + credential_type_name: "Vault" + #should be more secure + vault_password: devops123 + uri: + url: "{{ awx_base_url }}/api/v2/credentials/" + method: POST + user: "{{ awx_rest_api_access_user }}" + password: "{{ awx_rest_api_access_pw }}" + headers: + Content-Type: "application/json" + Accept: "application/json" + body_format: "json" + body: "{{ lookup('template','awx-create-credential-config.json.j2') }}" + force_basic_auth: true + validate_certs: false + status_code: 200, 201 + no_log: true + tags: + - awx_communication + when: > + (awx_credential_hetzner_ansible_vault_id is not defined) and + (ansible_awx_user_id is defined) and + (ansible_awx_user_id | length > 0) and + (awx_credential_type_vault_id is defined) and + (awx_credential_type_vault_id | length > 0) + + - name: "Get 'Vault' type 'Hetzner-Ansible-Vault' type id from awx server" + include_tasks: awx-get-typ-id.yml + vars: + awx_rest_api_type: credentials + awx_search_key: name + awx_search_name: "Hetzner-Ansible-Vault" + awx_type_id: "" + when: (awx_credential_hetzner_ansible_vault_id is not defined) + tags: + - awx_communication + + - name: "Update awx_credential_hetzner_ansible_vault_id" + set_fact: + awx_credential_hetzner_ansible_vault_id: "{{ awx_type_id }}" + awx_type_id: "" + when: > + (awx_credential_hetzner_ansible_vault_id is not defined) and + (awx_type_id is defined) and + (awx_type_id | length > 0) + no_log: true + tags: + - awx_communication + + - name: "Search 'Container Registry' type id to awx server" + include_tasks: awx-get-typ-id.yml + vars: + awx_rest_api_type: credential_types + awx_search_key: name + awx_search_name: "Container Registry" + awx_type_id: "" + tags: + - awx_communication + + - name: "Update awx_credential_type_container_registry_id" + set_fact: + awx_credential_type_container_registry_id: "{{ awx_type_id }}" + awx_type_id: "" + when: (awx_type_id is defined) and (awx_type_id | length > 0) + no_log: true + tags: + - awx_communication + + - name: "Get 'Docker Registry' id from awx server" + include_tasks: awx-get-typ-id.yml + vars: + awx_rest_api_type: credentials + awx_search_key: name + awx_search_name: "Docker Registry" + awx_type_id: "" + tags: + - awx_communication + + - name: "Update awx_credential_docker_registry_id" + set_fact: + awx_credential_docker_registry_id: "{{ awx_type_id }}" + awx_type_id: "" + when: (awx_type_id is defined) and (awx_type_id | length > 0) + no_log: true + tags: + - awx_communication + + - name: "Add 'Container Registry' credential to awx server" + vars: + name: "Docker Registry" + description: "Docker Registry Smardigo Credentials" + user_id: "{{ ansible_awx_user_id }}" + credential_type_id: "{{ awx_credential_type_container_registry_id }}" + credential_type_name: "Container Registry" + host: "dev-docker-registry-01.smardigo.digital" + username: "{{ docker_registry_username }}" + password: "{{ docker_registry_token }}" + uri: + url: "{{ awx_base_url }}/api/v2/credentials/" + method: POST + user: "{{ awx_rest_api_access_user }}" + password: "{{ awx_rest_api_access_pw }}" + headers: + Content-Type: "application/json" + Accept: "application/json" + body_format: "json" + body: "{{ lookup('template','awx-create-credential-config.json.j2') }}" + force_basic_auth: true + validate_certs: false + status_code: 200, 201 + no_log: true + tags: + - awx_communication + when: > + (awx_credential_docker_registry_id is not defined) and + (ansible_awx_user_id is defined) and + (ansible_awx_user_id | length > 0) and + (awx_credential_type_container_registry_id is defined) and + (awx_credential_type_container_registry_id | length > 0) + + - name: "Get 'Docker Registry' id from awx server" + include_tasks: awx-get-typ-id.yml + vars: + awx_rest_api_type: credentials + awx_search_key: name + awx_search_name: "Docker Registry" + awx_type_id: "" + when: (awx_credential_docker_registry_id is not defined) + tags: + - awx_communication + + - name: "Update awx_credential_docker_registry_id" + set_fact: + awx_credential_docker_registry_id: "{{ awx_type_id }}" + awx_type_id: "" + when: > + (awx_credential_docker_registry_id is not defined) and + (awx_type_id is defined) and + (awx_type_id | length > 0) + no_log: true + tags: + - awx_communication + + - name: "Get 'Hetzner-Ansible' execution environment id from awx server" + include_tasks: awx-get-typ-id.yml + vars: + awx_rest_api_type: execution_environments + awx_search_key: name + awx_search_name: "Hetzner-Ansible" + awx_type_id: "" + tags: + - awx_communication + + - name: "Update awx_ee_hetzner_ansible_id" + set_fact: + awx_ee_hetzner_ansible_id: "{{ awx_type_id }}" + awx_type_id: "" + when: (awx_type_id is defined) and (awx_type_id | length > 0) + no_log: true + tags: + - awx_communication + + - name: "Register execution environment container image to awx server" + vars: + name: "Hetzner-Ansible" + description: "test" + image: "dev-docker-registry-01.smardigo.digital/awx/awx-custom-ee" + credential: "{{ awx_credential_docker_registry_id }}" + pull: "always" + uri: + url: "{{ awx_base_url }}/api/v2/execution_environments/" + method: POST + user: "{{ awx_rest_api_access_user }}" + password: "{{ awx_rest_api_access_pw }}" + headers: + Content-Type: "application/json" + Accept: "application/json" + body_format: "json" + body: "{{ lookup('template','awx-add-ee-config.json.j2') }}" + force_basic_auth: true + validate_certs: false + status_code: 200, 201 + no_log: true + tags: + - awx_communication + when: > + (awx_ee_hetzner_ansible_id is not defined) and + (awx_credential_docker_registry_id is defined) and + (awx_credential_docker_registry_id | length > 0) + + - name: "Get 'Hetzner-Ansible' execution environment id from awx server" + include_tasks: awx-get-typ-id.yml + vars: + awx_rest_api_type: execution_environments + awx_search_key: name + awx_search_name: "Hetzner-Ansible" + awx_type_id: "" + when: (awx_ee_hetzner_ansible_id is not defined) + tags: + - awx_communication + + - name: "Update awx_ee_hetzner_ansible_id" + set_fact: + awx_ee_hetzner_ansible_id: "{{ awx_type_id }}" + awx_type_id: "" + when: > + (awx_ee_hetzner_ansible_id is not defined) and + (awx_type_id is defined) and + (awx_type_id | length > 0) + no_log: true + tags: + - awx_communication + + - name: "Get 'localhost' inventory id from awx server" + include_tasks: awx-get-typ-id.yml + vars: + awx_rest_api_type: inventories + awx_search_key: name + awx_search_name: "localhost" + awx_type_id: "" + tags: + - awx_communication + + - name: "Update awx_localhost_inventory_id" + set_fact: + awx_localhost_inventory_id: "{{ awx_type_id }}" + awx_type_id: "" + when: (awx_type_id is defined) and (awx_type_id | length > 0) + no_log: true + tags: + - awx_communication + + - name: "Add a empty 'localhost' inventory to awx server" + vars: + name: "localhost" + description: "localhost" + uri: + url: "{{ awx_base_url }}/api/v2/inventories/" + method: POST + user: "{{ awx_rest_api_access_user }}" + password: "{{ awx_rest_api_access_pw }}" + headers: + Content-Type: "application/json" + Accept: "application/json" + body_format: "json" + body: "{{ lookup('template','awx-add-inventory-config.json.j2') }}" + force_basic_auth: true + validate_certs: false + status_code: 200, 201 + no_log: true + tags: + - awx_communication + when: (awx_localhost_inventory_id is not defined) + + - name: "Get 'localhost' inventory id from awx server" + include_tasks: awx-get-typ-id.yml + vars: + awx_rest_api_type: inventories + awx_search_key: name + awx_search_name: "localhost" + awx_type_id: "" + when: (awx_localhost_inventory_id is not defined) + tags: + - awx_communication + + - name: "Update awx_localhost_inventory_id" + set_fact: + awx_localhost_inventory_id: "{{ awx_type_id }}" + awx_type_id: "" + when: > + (awx_localhost_inventory_id is not defined) and + (awx_type_id is defined) and + (awx_type_id | length > 0) + no_log: true + tags: + - awx_communication + + - name: "Tar hetzner-ansible repository" + shell: cd {{ playbook_dir }} && tar --exclude-vcs -zcvf /tmp/hetzner-ansible.tar.gz . + delegate_to: localhost + become: false + tags: + - awx_communication + + - name: "Remove old archive awx project folder" + file: + state: absent + path: "{{ awx_project_path }}/hetzner-ansible" + tags: + - awx_communication + + - name: "Create Project Folder 'hetzner-ansible'" + file: + path: "{{ awx_project_path }}/hetzner-ansible" + state: directory + owner: root + group: root + mode: '0665' + tags: + - awx_communication + + - name: "Extract hetzner-ansible repository to the awx project folder" + unarchive: + src: /tmp/hetzner-ansible.tar.gz + dest: "{{ awx_project_path }}/hetzner-ansible" + tags: + - awx_communication + + - name: "Cleanup created hetzner-ansible archive" + file: + state: absent + path: /tmp/hetzner-ansible.tar.gz + tags: + - awx_communication + + - name: "Get 'Hetzner-Ansible' projects id from awx server" + include_tasks: awx-get-typ-id.yml + vars: + awx_rest_api_type: projects + awx_search_key: name + awx_search_name: "Hetzner-Ansible" + awx_type_id: "" + tags: + - awx_communication + + - name: "Update awx_hetzner_ansible_project_id" + set_fact: + awx_hetzner_ansible_project_id: "{{ awx_type_id }}" + awx_type_id: "" + when: (awx_type_id is defined) and (awx_type_id | length > 0) + no_log: true + tags: + - awx_communication + + - name: "Add 'Hetzner-Ansible' project to awx server" + vars: + name: "Hetzner-Ansible" + description: "Hetzner-Ansible" + local_path: "hetzner-ansible" + default_environment_id: "{{ awx_ee_hetzner_ansible_id }}" + uri: + url: "{{ awx_base_url }}/api/v2/projects/" + method: POST + user: "{{ awx_rest_api_access_user }}" + password: "{{ awx_rest_api_access_pw }}" + headers: + Content-Type: "application/json" + Accept: "application/json" + body_format: "json" + body: "{{ lookup('template','awx-add-project-config.json.j2') }}" + force_basic_auth: true + validate_certs: false + status_code: 200, 201 + no_log: true + tags: + - awx_communication + when: > + (awx_hetzner_ansible_project_id is not defined) and + (awx_ee_hetzner_ansible_id is defined) + + - name: "Get 'hetzner-ansible' projects id from awx server" + include_tasks: awx-get-typ-id.yml + vars: + awx_rest_api_type: projects + awx_search_key: name + awx_search_name: "Hetzner-Ansible" + awx_type_id: "" + when: (awx_hetzner_ansible_project_id is not defined) + tags: + - awx_communication + + - name: "Update awx_hetzner_ansible_project_id" + set_fact: + awx_hetzner_ansible_project_id: "{{ awx_type_id }}" + awx_type_id: "" + when: > + (awx_hetzner_ansible_project_id is not defined) and + (awx_type_id is defined) and + (awx_type_id | length > 0) + no_log: true + tags: + - awx_communication + + - name: "Create job templates on awx server" + include_tasks: awx-create-job-template.yml + loop: + - { name: "create-database", desc: "create-database", playbook_file: "create-database.yml", credentials: ["{{ awx_credential_hetzner_ansible_vault_id }}", "{{ awx_credential_hetzner_ansible_id }}"] } + - { name: "create-realm", desc: "create-realm", playbook_file: "create-realm.yml", credentials: ["{{ awx_credential_hetzner_ansible_vault_id }}", "{{ awx_credential_hetzner_ansible_id }}"] } + - { name: "create-server", desc: "create-server", playbook_file: "create-server.yml", credentials: ["{{ awx_credential_hetzner_ansible_vault_id }}", "{{ awx_credential_hetzner_ansible_id }}"] } + - { name: "create-service", desc: "create-service", playbook_file: "create-service.yml", credentials: ["{{ awx_credential_hetzner_ansible_vault_id }}", "{{ awx_credential_hetzner_ansible_id }}"] } + loop_control: + loop_var: jobinfo + tags: + - awx_communication diff --git a/roles/awx/tasks/awx-create-job-template.yml b/roles/awx/tasks/awx-create-job-template.yml new file mode 100644 index 0000000..a1838f3 --- /dev/null +++ b/roles/awx/tasks/awx-create-job-template.yml @@ -0,0 +1,85 @@ +--- + +- set_fact: + awx_job_template_id: "" + tags: + - awx_communication + +- name: "Get {{jobinfo.name}} job_templates id from awx server" + include_tasks: awx-get-typ-id.yml + vars: + awx_rest_api_type: job_templates + awx_search_key: name + awx_search_name: "{{jobinfo.name}}" + awx_type_id: "" + tags: + - awx_communication + +- name: "Update awx_create_database_job_template_id" + set_fact: + awx_job_template_id: "{{ awx_type_id }}" + awx_type_id: "" + when: (awx_type_id is defined) and (awx_type_id | length > 0) + no_log: true + tags: + - awx_communication + +- name: "Add {{jobinfo.name}} job_template to awx server" + vars: + name: "{{jobinfo.name}}" + description: "{{jobinfo.desc}}" + inventory_id: "{{ awx_localhost_inventory_id }}" + project_id: "{{ awx_hetzner_ansible_project_id }}" + execution_environment_id: "{{ awx_ee_hetzner_ansible_id }}" + playbook: "{{jobinfo.playbook_file}}" + ask_variables_on_launch: true + uri: + url: "{{ awx_base_url }}/api/v2/job_templates/" + method: POST + user: "{{ awx_rest_api_access_user }}" + password: "{{ awx_rest_api_access_pw }}" + headers: + Content-Type: "application/json" + Accept: "application/json" + body_format: "json" + body: "{{ lookup('template','awx-add-job-template-config.json.j2') }}" + force_basic_auth: true + validate_certs: false + status_code: 200, 201 + no_log: true + tags: + - awx_communication + when: > + (awx_job_template_id | default("") | length == 0) and + (awx_localhost_inventory_id is defined) and + (awx_hetzner_ansible_project_id is defined) and + (awx_ee_hetzner_ansible_id is defined) + +- name: "Get {{jobinfo.name}} job_templates id from awx server" + include_tasks: awx-get-typ-id.yml + vars: + awx_rest_api_type: job_templates + awx_search_key: name + awx_search_name: "{{jobinfo.name}}" + awx_type_id: "" + tags: + - awx_communication + +- name: "Update awx_job_template_id for {{jobinfo.name}}" + set_fact: + awx_job_template_id: "{{ awx_type_id }}" + awx_type_id: "" + when: > + (awx_type_id is defined) and + (awx_type_id | length > 0) + no_log: true + tags: + - awx_communication + +- include_tasks: awx-add-credential-to-job-template.yml + loop: "{{ jobinfo.credentials }}" + loop_control: + loop_var: awx_credential_id + when: (jobinfo is defined) and (jobinfo.credentials is defined ) + tags: + - awx_communication \ No newline at end of file diff --git a/roles/awx/tasks/awx-get-typ-id.yml b/roles/awx/tasks/awx-get-typ-id.yml new file mode 100644 index 0000000..03ebf28 --- /dev/null +++ b/roles/awx/tasks/awx-get-typ-id.yml @@ -0,0 +1,28 @@ +--- + +- name: "Search {{ awx_rest_api_type }} informations for {{ awx_search_name }} on awx server" + uri: + url: "{{ awx_base_url }}/api/v2/{{ awx_rest_api_type }}/?search={{ awx_search_name | urlencode }}" + method: GET + user: "{{ awx_rest_api_access_user }}" + password: "{{ awx_rest_api_access_pw }}" + return_content: true + validate_certs: false + force_basic_auth: yes + status_code: 200 + no_log: true + register: awx_type_info + tags: + - awx_communication + +- name: "Get {{ awx_rest_api_type }} id for {{ awx_search_name }} on awx server" + vars: + query: '[? {{ awx_search_key }}==`{{ awx_search_name }}`].id' + set_fact: + awx_type_id: "{{ item.results | json_query(query) | first }}" + when: (item.results is defined) and (item.results | length > 0) + loop: + - "{{ awx_type_info['content'] }}" + no_log: true + tags: + - awx_communication \ No newline at end of file diff --git a/roles/awx/tasks/main.yml b/roles/awx/tasks/main.yml index 14f2e01..3c5bb05 100644 --- a/roles/awx/tasks/main.yml +++ b/roles/awx/tasks/main.yml @@ -1,6 +1,6 @@ --- -- name: "Install Pip3 for {{ service_name }}" +- name: "Install pip3 for {{ service_name }}" apt: name: python3-pip state: present @@ -8,7 +8,7 @@ tags: - kube_apply -- name: "Install Kubernetes over Pip3 for {{ service_name }}" +- name: "Install kubernetes over pip3 for {{ service_name }}" pip: name: kubernetes state: present @@ -16,7 +16,7 @@ tags: - kube_apply -- name: "Install and Setup Kubernetes (Single node, Master-only cluster) for {{ service_name }}" +- name: "Install and setup kubernetes (single node, master-only cluster) for {{ service_name }}" include_role: name: geerlingguy.kubernetes vars: @@ -24,7 +24,7 @@ tags: - kube_install -- name: "Download AWX {{ awx_operator_version }} to Kubernetes Template for {{ service_name }}" +- name: "Download awx {{ awx_operator_version }} to kubernetes template for {{ service_name }}" get_url: url: "{{ awx_operator_url }}" dest: /tmp/awx-operator.yaml @@ -32,7 +32,7 @@ tags: - kube_apply -- name: "Apply AWX {{ awx_operator_version }} to Kubernetes {{ service_name }}" +- name: "Apply awx {{ awx_operator_version }} to kubernetes {{ service_name }}" k8s: state: present src: /tmp/awx-operator.yaml @@ -54,7 +54,7 @@ tags: - kube_apply -- name: "Copy Deployment Template for {{ service_name }}" +- name: "Copy deployment template for {{ service_name }}" template: src: awx-deployment.yml.j2 dest: /tmp/awx-deployment.yml @@ -64,7 +64,7 @@ tags: - kube_apply -- name: "Create a AWX k8s namespace for {{ service_name }}" +- name: "Create a awx k8s namespace for {{ service_name }}" k8s: name: "{{ kubernetes_awx_namespace }}" api_version: v1 @@ -73,7 +73,7 @@ tags: - kube_apply -- name: "Apply AWX Deployment for {{ service_name }}" +- name: "Apply awx deployment for {{ service_name }}" k8s: state: present src: /tmp/awx-deployment.yml @@ -93,7 +93,7 @@ tags: - kube_apply -- name: "Wait for AWX service {{ service_name }}" +- name: "Wait for awx service {{ service_name }}" uri: url: "http://{{ stage_server_ip }}:{{ kubernetes_awx_service_port }}" status_code: 200 @@ -104,3 +104,31 @@ delay: 20 tags: - kube_apply + +- name: "Search for all pods labeled app.kubernetes.io/name=awx {{ service_name }}" + k8s_info: + kind: Pod + namespace: "{{ kubernetes_awx_namespace }}" + label_selectors: + - app.kubernetes.io/name=awx + register: pod_list + tags: + - kube_apply + +- name: "Wait for awx-task db-migration {{ service_name }}" + kubernetes.core.k8s_exec: + namespace: "{{ kubernetes_awx_namespace }}" + pod: "{{ pod_list.resources[0].metadata.name }}" + container: awx-task + command: /usr/local/bin/wait-for-migrations + tags: + - kube_apply + +- include_tasks: awx-configurator.yml + vars: + awx_base_url: "http://{{ stage_server_ip }}" + awx_rest_api_access_user: "admin" + awx_rest_api_access_pw: "{{ awx_admin_password }}" + awx_project_path: "{{ kubernetes_awx_project_volume_path }}" + tags: + - awx_communication diff --git a/roles/awx/templates/awx-add-ee-config.json.j2 b/roles/awx/templates/awx-add-ee-config.json.j2 new file mode 100644 index 0000000..f069521 --- /dev/null +++ b/roles/awx/templates/awx-add-ee-config.json.j2 @@ -0,0 +1,12 @@ +{ + "name": "{{ name }}", + "description": "{{ description | default("") }}", + {% if organization_id is defined %} + "organization": "{{ organization_id }}", + {% endif %} + "image": "{{ image }}", + "credential": "{{ credential }}", + "pull": "{{ pull }}" {# "": "---------", "always": "Always pull container before running.", + "missing": "Only pull the image if not present before running.", + "never": "Never pull container before running." #} +} \ No newline at end of file diff --git a/roles/awx/templates/awx-add-inventory-config.json.j2 b/roles/awx/templates/awx-add-inventory-config.json.j2 new file mode 100644 index 0000000..9064e70 --- /dev/null +++ b/roles/awx/templates/awx-add-inventory-config.json.j2 @@ -0,0 +1,10 @@ +{ + "name": "{{ name }}", + "description": "{{ description | default("") }}", + "organization": "{{ organization_id | default(1) }}", {# 1 means Default Organization #} + "kind": "{{ kind | default("") }}", + {% if host_filter is defined %} + "host_filter": "{{ host_filter }}", + {% endif %} + "variables": "{{ variables | default("---") }}" +} \ No newline at end of file diff --git a/roles/awx/templates/awx-add-job-template-config.json.j2 b/roles/awx/templates/awx-add-job-template-config.json.j2 new file mode 100644 index 0000000..8fd451d --- /dev/null +++ b/roles/awx/templates/awx-add-job-template-config.json.j2 @@ -0,0 +1,49 @@ +{ + "name": "{{ name }}", + "description": "{{ description | default("") }}", + "job_type": "{{ job_type | default("run") }}", + "inventory": "{{ inventory_id }}", + "project": "{{ project_id }}", + "playbook": "{{ playbook }}", + {# {% if credential_ids is defined %} + "credentials": [ + {% for id in credential_ids %} + "{{ id }}", + {% endfor %} + ] + {% endif %} #} + "scm_branch": "{{ scm_branch | default("") }}", + "forks": "{{ forks | default(0) }}", + "limit": "{{ limit | default("") }}", + "verbosity": "{{ verbosity | default(0) }}", + "extra_vars": "{{ extra_vars | default("---") }}", + "job_tags": "{{ job_tags | default("") }}", + "force_handlers": "{{ force_handlers | default(false) }}", + "skip_tags": "{{ skip_tags | default("") }}", + "start_at_task": "{{ start_at_task | default("") }}", + "timeout": "{{ timeout | default(0) }}", + "use_fact_cache": "{{ use_fact_cache | default(false) }}", + "execution_environment": "{{ execution_environment_id }}", + "host_config_key": "{{ host_config_key | default("") }}", + "ask_scm_branch_on_launch": "{{ ask_scm_branch_on_launch | default(false) }}", + "ask_diff_mode_on_launch": "{{ ask_diff_mode_on_launch | default(false) }}", + "ask_variables_on_launch": "{{ ask_variables_on_launch | default(false) }}", + "ask_limit_on_launch": "{{ ask_limit_on_launch | default(false) }}", + "ask_tags_on_launch": "{{ ask_tags_on_launch | default(false) }}", + "ask_skip_tags_on_launch": "{{ ask_skip_tags_on_launch | default(false) }}", + "ask_job_type_on_launch": "{{ ask_job_type_on_launch | default(false) }}", + "ask_verbosity_on_launch": "{{ ask_verbosity_on_launch | default(false) }}", + "ask_inventory_on_launch": "{{ ask_inventory_on_launch | default(false) }}", + "ask_credential_on_launch": "{{ ask_credential_on_launch | default(false) }}", + "survey_enabled": "{{ survey_enabled | default(false) }}", + "become_enabled": "{{ become_enabled | default(false) }}", + "diff_mode": "{{ diff_mode | default(false) }}", + "allow_simultaneous": "{{ allow_simultaneous | default(false) }}", + {% if webhook_service is defined %} + "webhook_service": "{{ webhook_service }}", + {% endif %} + {% if webhook_credential is defined %} + "webhook_credential": "{{ webhook_credential }}", + {% endif %} + "job_slice_count": "{{ job_slice_count | default(1) }}" +} \ No newline at end of file diff --git a/roles/awx/templates/awx-add-project-config.json.j2 b/roles/awx/templates/awx-add-project-config.json.j2 new file mode 100644 index 0000000..792ca35 --- /dev/null +++ b/roles/awx/templates/awx-add-project-config.json.j2 @@ -0,0 +1,23 @@ +{ + "name": "{{ name }}", + "description": "{{ description | default("") }}", + "local_path": "{{ local_path }}", + "scm_type": "{{ scm_type | default("") }}", + {% if scm_type | default("") == "Git" %} + "scm_url": "{{ scm_url }}", + "scm_branch": "{{ scm_branch }}", + "scm_refspec": "{{ scm_refspec }}", + "scm_clean": "{{ scm_clean | default(false) }}", + "scm_track_submodules": "{{ scm_track_submodules | default(false) }}", + "scm_delete_on_update": "{{ scm_delete_on_update | default(false) }}", + {% endif %} + {% if credential_id is defined %} + "credential": {{ credential_id }}, + {% endif %} + "timeout": "{{ timeout | default(0) }}", + "organization": "{{ organization_id | default(1) }}", + "scm_update_on_launch": "{{ scm_update_on_launch | default(false) }}", + "scm_update_cache_timeout": "{{ scm_update_cache_timeout | default(0) }}", + "allow_override": "{{ allow_override | default(false) }}", + "default_environment": "{{ default_environment_id | default(null) }}" +} \ No newline at end of file diff --git a/roles/awx/templates/awx-create-credential-config.json.j2 b/roles/awx/templates/awx-create-credential-config.json.j2 new file mode 100644 index 0000000..5a4fc43 --- /dev/null +++ b/roles/awx/templates/awx-create-credential-config.json.j2 @@ -0,0 +1,33 @@ +{ + "name": "{{ name }}", + "description": "{{ description | default("") }}", + "organization": "{{ organization_id | default(None) }}", + {% if user_id is defined %} + "user": "{{ user_id }}", + {% endif %} + {% if team_id is defined %} + "team": "{{ team_id }}", + {% endif %} + "credential_type": "{{ credential_type_id }}", + {% if credential_type_name == "Machine" %} + "inputs": { + "username": "{{ username }}", + "ssh_public_key_data": "{{ ssh_public_key_data }}", + "ssh_key_data": "{{ ssh_key_data }}", + {% if ssh_key_unlock is defined %} + "ssh_key_unlock": "{{ ssh_key_unlock }}" + {% endif %} + } + {% elif credential_type_name == "Container Registry" %} + "inputs": { + "host": "{{ username }}", + "username": "{{ username }}", + "password": "{{ password }}" + } + {% elif credential_type_name == "Vault" %} + "inputs": { + "vault_id": "{{ vault_id | default("") }}", + "vault_password": "{{ vault_password | default("") }}" + } + {% endif %} +} \ No newline at end of file diff --git a/roles/awx/templates/awx-create-user-config.json.j2 b/roles/awx/templates/awx-create-user-config.json.j2 new file mode 100644 index 0000000..b37de5f --- /dev/null +++ b/roles/awx/templates/awx-create-user-config.json.j2 @@ -0,0 +1,9 @@ +{ + "username": "{{ username }}", + "first_name": "{{ first_name | default("") }}", + "last_name": "{{ last_name | default("") }}", + "email": "{{ email | default("") }}", + "is_superuser": "{{ is_superuser | default(false) }}", + "is_system_auditor": "{{ is_system_auditor | default(false) }}", + "password": "{{ password | default("") }}" +}