gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Feature/smarch 59

Browse Source
master
Dziedzicki, Daniel 4 years ago committed by Ketelsen, Sven
parent 736c89b6c1
commit b6d1bd171e
12 changed files with 961 additions and 10 deletions
Show Stats Download Patch File Download Diff File

1
.gitignore vendored
Unescape Escape View File

@ -4,3 +4,4 @@
image.tar.gz image.tar.gz
checkout checkout
*.iml

62
roles/awx/tasks/awx-add-credential-to-job-template.yml
Unescape Escape View File

@ -0,0 +1,62 @@
---
- set_fact:
found_credential_id: ""
no_log: true
tags:
- awx_communication
- name: "Get {{jobinfo.name}} job_template credential id's from awx server"
uri:
url: "{{ awx_base_url }}/api/v2/job_templates/{{ awx_job_template_id }}/credentials"
method: GET
user: "{{ awx_rest_api_access_user }}"
password: "{{ awx_rest_api_access_pw }}"
return_content: true
validate_certs: false
force_basic_auth: yes
status_code: 200
no_log: true
register: awx_job_template_info
when: (awx_job_template_id | default("") | length > 0)
tags:
- awx_communication
- name: "Check for credential id {{ awx_credential_id }} in {{ jobinfo.name }} job_template"
vars:
query: '[? id==`{{ awx_credential_id }}`].id'
set_fact:
found_credential_id: "{{ item.results | json_query(query) | first }}"
when: >
(item.results is defined) and (item.results | length > 0) and
(item.results | json_query(query) | length > 0)
loop:
- "{{ awx_job_template_info['content'] }}"
no_log: true
tags:
- awx_communication
- name: "Add credential id {{ awx_credential_id }} to {{ jobinfo.name }} job_template"
uri:
url: "{{ awx_base_url }}/api/v2/job_templates/{{ awx_job_template_id }}/credentials/"
method: POST
user: "{{ awx_rest_api_access_user }}"
password: "{{ awx_rest_api_access_pw }}"
headers:
Content-Type: "application/json"
Accept: "application/json"
body_format: "json"
body: >
{
'associate': true,
'id': {{ awx_credential_id | int }}
}
force_basic_auth: true
validate_certs: false
status_code: 204
no_log: true
tags:
- awx_communication
when: >
(found_credential_id | default("") | length == 0) and
(awx_credential_id is defined) and
(awx_job_template_id | default("") | length > 0)

611
roles/awx/tasks/awx-configurator.yml
Unescape Escape View File

@ -0,0 +1,611 @@
---
- name: "Add basic configuration awx server"
block:
- name: "Authenticating with awx server"
uri:
url: "{{ awx_base_url }}/api/v2/me/"
method: GET
user: "{{ awx_rest_api_access_user }}"
password: "{{ awx_rest_api_access_pw }}"
return_content: true
validate_certs: false
force_basic_auth: yes
status_code: 200
no_log: true
tags:
- awx_communication
- name: "Search 'Ansible' user to awx server"
include_tasks: awx-get-typ-id.yml
vars:
awx_rest_api_type: users
awx_search_key: username
awx_search_name: "Ansible"
awx_type_id: ""
tags:
- awx_communication
- name: "Update ansible_awx_user_id"
set_fact:
ansible_awx_user_id: "{{ awx_type_id }}"
awx_type_id: ""
when: (awx_type_id is defined) and (awx_type_id | length > 0)
no_log: true
tags:
- awx_communication
- name: "Add Ansible user to awx server"
vars:
username: "Ansible"
password: "Ansible"
uri:
url: "{{ awx_base_url }}/api/v2/users/"
method: POST
user: "{{ awx_rest_api_access_user }}"
password: "{{ awx_rest_api_access_pw }}"
headers:
Content-Type: "application/json"
Accept: "application/json"
body_format: "json"
body: "{{ lookup('template','awx-create-user-config.json.j2') }}"
force_basic_auth: true
validate_certs: false
status_code: 200, 201
no_log: true
when: (ansible_awx_user_id is not defined) and (ansible_awx_user_id | length > 0)
tags:
- awx_communication
- name: "Search 'Ansible' user on awx server"
include_tasks: awx-get-typ-id.yml
vars:
awx_rest_api_type: users
awx_search_key: username
awx_search_name: "Ansible"
awx_type_id: ""
when: (ansible_awx_user_id is not defined)
tags:
- awx_communication
- name: "Update ansible_awx_user_id"
set_fact:
ansible_awx_user_id: "{{ awx_type_id }}"
awx_type_id: ""
when: >
(ansible_awx_user_id is not defined) and
(awx_type_id is defined) and
(awx_type_id | length > 0)
no_log: true
tags:
- awx_communication
- name: "Get 'Machine' type id from awx server"
include_tasks: awx-get-typ-id.yml
vars:
awx_rest_api_type: credential_types
awx_search_key: name
awx_search_name: "Machine"
awx_type_id: ""
tags:
- awx_communication
- name: "Update awx_credential_type_machine_id"
set_fact:
awx_credential_type_machine_id: "{{ awx_type_id }}"
awx_type_id: ""
when: (awx_type_id is defined) and (awx_type_id | length > 0)
no_log: true
tags:
- awx_communication
- name: "Get 'Machine' type 'Hetzner-Ansible' type id from awx server"
include_tasks: awx-get-typ-id.yml
vars:
awx_rest_api_type: credentials
awx_search_key: name
awx_search_name: "Hetzner-Ansible"
awx_type_id: ""
tags:
- awx_communication
- name: "Update awx_credential_hetzner_ansible_id"
set_fact:
awx_credential_hetzner_ansible_id: "{{ awx_type_id }}"
awx_type_id: ""
when: (awx_type_id is defined) and (awx_type_id | length > 0)
no_log: true
tags:
- awx_communication
- name: "Add 'Machine' type 'Hetzner_Ansible' credential to awx server"
vars:
name: "Hetzner-Ansible"
user_id: "{{ ansible_awx_user_id }}"
credential_type_id: "{{ awx_credential_type_machine_id }}"
credential_type_name: "Machine"
username: "Ansible"
ssh_public_key_data: "{{ lookup('file', '{{ playbook_dir }}/users/ansible/id_rsa.pub') | replace('\n', '') }}"
ssh_key_data: "{{ lookup('file', '{{ playbook_dir }}/users/ansible_ssh_key') | replace('\n', '') }}"
uri:
url: "{{ awx_base_url }}/api/v2/credentials/"
method: POST
user: "{{ awx_rest_api_access_user }}"
password: "{{ awx_rest_api_access_pw }}"
headers:
Content-Type: "application/json"
Accept: "application/json"
body_format: "json"
body: "{{ lookup('template','awx-create-credential-config.json.j2') }}"
force_basic_auth: true
validate_certs: false
status_code: 200, 201
no_log: true
tags:
- awx_communication
when: >
(awx_credential_hetzner_ansible_id is not defined) and
(ansible_awx_user_id is defined) and
(ansible_awx_user_id | length > 0) and
(awx_credential_type_machine_id is defined) and
(awx_credential_type_machine_id | length > 0)
- name: "Get 'Machine' type 'Hetzner_Ansible' type id from awx server"
include_tasks: awx-get-typ-id.yml
vars:
awx_rest_api_type: credentials
awx_search_key: name
awx_search_name: "Hetzner-Ansible"
awx_type_id: ""
when: (awx_credential_hetzner_ansible_id is not defined)
tags:
- awx_communication
- name: "Update awx_credential_hetzner_ansible_id"
set_fact:
awx_credential_hetzner_ansible_id: "{{ awx_type_id }}"
awx_type_id: ""
when: >
(awx_credential_hetzner_ansible_id is not defined) and
(awx_type_id is defined) and
(awx_type_id | length > 0)
no_log: true
tags:
- awx_communication
- name: "Get 'Vault' type id from awx server"
include_tasks: awx-get-typ-id.yml
vars:
awx_rest_api_type: credential_types
awx_search_key: name
awx_search_name: "Vault"
awx_type_id: ""
tags:
- awx_communication
- name: "Update awx_credential_type_vault_id"
set_fact:
awx_credential_type_vault_id: "{{ awx_type_id }}"
awx_type_id: ""
when: (awx_type_id is defined) and (awx_type_id | length > 0)
no_log: true
tags:
- awx_communication
- name: "Get 'Vault' type 'Hetzner_Ansible_Vault' type id from awx server"
include_tasks: awx-get-typ-id.yml
vars:
awx_rest_api_type: credentials
awx_search_key: name
awx_search_name: "Hetzner-Ansible-Vault"
awx_type_id: ""
tags:
- awx_communication
- name: "Update awx_credential_hetzner_ansible_vault_id"
set_fact:
awx_credential_hetzner_ansible_vault_id: "{{ awx_type_id }}"
awx_type_id: ""
when: (awx_type_id is defined) and (awx_type_id | length > 0)
no_log: true
tags:
- awx_communication
- name: "Add 'Vault' type 'Hetzner-Ansible-Vault' credential to awx server"
vars:
name: "Hetzner-Ansible-Vault"
user_id: "{{ ansible_awx_user_id }}"
credential_type_id: "{{ awx_credential_type_vault_id }}"
credential_type_name: "Vault"
#should be more secure
vault_password: devops123
uri:
url: "{{ awx_base_url }}/api/v2/credentials/"
method: POST
user: "{{ awx_rest_api_access_user }}"
password: "{{ awx_rest_api_access_pw }}"
headers:
Content-Type: "application/json"
Accept: "application/json"
body_format: "json"
body: "{{ lookup('template','awx-create-credential-config.json.j2') }}"
force_basic_auth: true
validate_certs: false
status_code: 200, 201
no_log: true
tags:
- awx_communication
when: >
(awx_credential_hetzner_ansible_vault_id is not defined) and
(ansible_awx_user_id is defined) and
(ansible_awx_user_id | length > 0) and
(awx_credential_type_vault_id is defined) and
(awx_credential_type_vault_id | length > 0)
- name: "Get 'Vault' type 'Hetzner-Ansible-Vault' type id from awx server"
include_tasks: awx-get-typ-id.yml
vars:
awx_rest_api_type: credentials
awx_search_key: name
awx_search_name: "Hetzner-Ansible-Vault"
awx_type_id: ""
when: (awx_credential_hetzner_ansible_vault_id is not defined)
tags:
- awx_communication
- name: "Update awx_credential_hetzner_ansible_vault_id"
set_fact:
awx_credential_hetzner_ansible_vault_id: "{{ awx_type_id }}"
awx_type_id: ""
when: >
(awx_credential_hetzner_ansible_vault_id is not defined) and
(awx_type_id is defined) and
(awx_type_id | length > 0)
no_log: true
tags:
- awx_communication
- name: "Search 'Container Registry' type id to awx server"
include_tasks: awx-get-typ-id.yml
vars:
awx_rest_api_type: credential_types
awx_search_key: name
awx_search_name: "Container Registry"
awx_type_id: ""
tags:
- awx_communication
- name: "Update awx_credential_type_container_registry_id"
set_fact:
awx_credential_type_container_registry_id: "{{ awx_type_id }}"
awx_type_id: ""
when: (awx_type_id is defined) and (awx_type_id | length > 0)
no_log: true
tags:
- awx_communication
- name: "Get 'Docker Registry' id from awx server"
include_tasks: awx-get-typ-id.yml
vars:
awx_rest_api_type: credentials
awx_search_key: name
awx_search_name: "Docker Registry"
awx_type_id: ""
tags:
- awx_communication
- name: "Update awx_credential_docker_registry_id"
set_fact:
awx_credential_docker_registry_id: "{{ awx_type_id }}"
awx_type_id: ""
when: (awx_type_id is defined) and (awx_type_id | length > 0)
no_log: true
tags:
- awx_communication
- name: "Add 'Container Registry' credential to awx server"
vars:
name: "Docker Registry"
description: "Docker Registry Smardigo Credentials"
user_id: "{{ ansible_awx_user_id }}"
credential_type_id: "{{ awx_credential_type_container_registry_id }}"
credential_type_name: "Container Registry"
host: "dev-docker-registry-01.smardigo.digital"
username: "{{ docker_registry_username }}"
password: "{{ docker_registry_token }}"
uri:
url: "{{ awx_base_url }}/api/v2/credentials/"
method: POST
user: "{{ awx_rest_api_access_user }}"
password: "{{ awx_rest_api_access_pw }}"
headers:
Content-Type: "application/json"
Accept: "application/json"
body_format: "json"
body: "{{ lookup('template','awx-create-credential-config.json.j2') }}"
force_basic_auth: true
validate_certs: false
status_code: 200, 201
no_log: true
tags:
- awx_communication
when: >
(awx_credential_docker_registry_id is not defined) and
(ansible_awx_user_id is defined) and
(ansible_awx_user_id | length > 0) and
(awx_credential_type_container_registry_id is defined) and
(awx_credential_type_container_registry_id | length > 0)
- name: "Get 'Docker Registry' id from awx server"
include_tasks: awx-get-typ-id.yml
vars:
awx_rest_api_type: credentials
awx_search_key: name
awx_search_name: "Docker Registry"
awx_type_id: ""
when: (awx_credential_docker_registry_id is not defined)
tags:
- awx_communication
- name: "Update awx_credential_docker_registry_id"
set_fact:
awx_credential_docker_registry_id: "{{ awx_type_id }}"
awx_type_id: ""
when: >
(awx_credential_docker_registry_id is not defined) and
(awx_type_id is defined) and
(awx_type_id | length > 0)
no_log: true
tags:
- awx_communication
- name: "Get 'Hetzner-Ansible' execution environment id from awx server"
include_tasks: awx-get-typ-id.yml
vars:
awx_rest_api_type: execution_environments
awx_search_key: name
awx_search_name: "Hetzner-Ansible"
awx_type_id: ""
tags:
- awx_communication
- name: "Update awx_ee_hetzner_ansible_id"
set_fact:
awx_ee_hetzner_ansible_id: "{{ awx_type_id }}"
awx_type_id: ""
when: (awx_type_id is defined) and (awx_type_id | length > 0)
no_log: true
tags:
- awx_communication
- name: "Register execution environment container image to awx server"
vars:
name: "Hetzner-Ansible"
description: "test"
image: "dev-docker-registry-01.smardigo.digital/awx/awx-custom-ee"
credential: "{{ awx_credential_docker_registry_id }}"
pull: "always"
uri:
url: "{{ awx_base_url }}/api/v2/execution_environments/"
method: POST
user: "{{ awx_rest_api_access_user }}"
password: "{{ awx_rest_api_access_pw }}"
headers:
Content-Type: "application/json"
Accept: "application/json"
body_format: "json"
body: "{{ lookup('template','awx-add-ee-config.json.j2') }}"
force_basic_auth: true
validate_certs: false
status_code: 200, 201
no_log: true
tags:
- awx_communication
when: >
(awx_ee_hetzner_ansible_id is not defined) and
(awx_credential_docker_registry_id is defined) and
(awx_credential_docker_registry_id | length > 0)
- name: "Get 'Hetzner-Ansible' execution environment id from awx server"
include_tasks: awx-get-typ-id.yml
vars:
awx_rest_api_type: execution_environments
awx_search_key: name
awx_search_name: "Hetzner-Ansible"
awx_type_id: ""
when: (awx_ee_hetzner_ansible_id is not defined)
tags:
- awx_communication
- name: "Update awx_ee_hetzner_ansible_id"
set_fact:
awx_ee_hetzner_ansible_id: "{{ awx_type_id }}"
awx_type_id: ""
when: >
(awx_ee_hetzner_ansible_id is not defined) and
(awx_type_id is defined) and
(awx_type_id | length > 0)
no_log: true
tags:
- awx_communication
- name: "Get 'localhost' inventory id from awx server"
include_tasks: awx-get-typ-id.yml
vars:
awx_rest_api_type: inventories
awx_search_key: name
awx_search_name: "localhost"
awx_type_id: ""
tags:
- awx_communication
- name: "Update awx_localhost_inventory_id"
set_fact:
awx_localhost_inventory_id: "{{ awx_type_id }}"
awx_type_id: ""
when: (awx_type_id is defined) and (awx_type_id | length > 0)
no_log: true
tags:
- awx_communication
- name: "Add a empty 'localhost' inventory to awx server"
vars:
name: "localhost"
description: "localhost"
uri:
url: "{{ awx_base_url }}/api/v2/inventories/"
method: POST
user: "{{ awx_rest_api_access_user }}"
password: "{{ awx_rest_api_access_pw }}"
headers:
Content-Type: "application/json"
Accept: "application/json"
body_format: "json"
body: "{{ lookup('template','awx-add-inventory-config.json.j2') }}"
force_basic_auth: true
validate_certs: false
status_code: 200, 201
no_log: true
tags:
- awx_communication
when: (awx_localhost_inventory_id is not defined)
- name: "Get 'localhost' inventory id from awx server"
include_tasks: awx-get-typ-id.yml
vars:
awx_rest_api_type: inventories
awx_search_key: name
awx_search_name: "localhost"
awx_type_id: ""
when: (awx_localhost_inventory_id is not defined)
tags:
- awx_communication
- name: "Update awx_localhost_inventory_id"
set_fact:
awx_localhost_inventory_id: "{{ awx_type_id }}"
awx_type_id: ""
when: >
(awx_localhost_inventory_id is not defined) and
(awx_type_id is defined) and
(awx_type_id | length > 0)
no_log: true
tags:
- awx_communication
- name: "Tar hetzner-ansible repository"
shell: cd {{ playbook_dir }} && tar --exclude-vcs -zcvf /tmp/hetzner-ansible.tar.gz .
delegate_to: localhost
become: false
tags:
- awx_communication
- name: "Remove old archive awx project folder"
file:
state: absent
path: "{{ awx_project_path }}/hetzner-ansible"
tags:
- awx_communication
- name: "Create Project Folder 'hetzner-ansible'"
file:
path: "{{ awx_project_path }}/hetzner-ansible"
state: directory
owner: root
group: root
mode: '0665'
tags:
- awx_communication
- name: "Extract hetzner-ansible repository to the awx project folder"
unarchive:
src: /tmp/hetzner-ansible.tar.gz
dest: "{{ awx_project_path }}/hetzner-ansible"
tags:
- awx_communication
- name: "Cleanup created hetzner-ansible archive"
file:
state: absent
path: /tmp/hetzner-ansible.tar.gz
tags:
- awx_communication
- name: "Get 'Hetzner-Ansible' projects id from awx server"
include_tasks: awx-get-typ-id.yml
vars:
awx_rest_api_type: projects
awx_search_key: name
awx_search_name: "Hetzner-Ansible"
awx_type_id: ""
tags:
- awx_communication
- name: "Update awx_hetzner_ansible_project_id"
set_fact:
awx_hetzner_ansible_project_id: "{{ awx_type_id }}"
awx_type_id: ""
when: (awx_type_id is defined) and (awx_type_id | length > 0)
no_log: true
tags:
- awx_communication
- name: "Add 'Hetzner-Ansible' project to awx server"
vars:
name: "Hetzner-Ansible"
description: "Hetzner-Ansible"
local_path: "hetzner-ansible"
default_environment_id: "{{ awx_ee_hetzner_ansible_id }}"
uri:
url: "{{ awx_base_url }}/api/v2/projects/"
method: POST
user: "{{ awx_rest_api_access_user }}"
password: "{{ awx_rest_api_access_pw }}"
headers:
Content-Type: "application/json"
Accept: "application/json"
body_format: "json"
body: "{{ lookup('template','awx-add-project-config.json.j2') }}"
force_basic_auth: true
validate_certs: false
status_code: 200, 201
no_log: true
tags:
- awx_communication
when: >
(awx_hetzner_ansible_project_id is not defined) and
(awx_ee_hetzner_ansible_id is defined)
- name: "Get 'hetzner-ansible' projects id from awx server"
include_tasks: awx-get-typ-id.yml
vars:
awx_rest_api_type: projects
awx_search_key: name
awx_search_name: "Hetzner-Ansible"
awx_type_id: ""
when: (awx_hetzner_ansible_project_id is not defined)
tags:
- awx_communication
- name: "Update awx_hetzner_ansible_project_id"
set_fact:
awx_hetzner_ansible_project_id: "{{ awx_type_id }}"
awx_type_id: ""
when: >
(awx_hetzner_ansible_project_id is not defined) and
(awx_type_id is defined) and
(awx_type_id | length > 0)
no_log: true
tags:
- awx_communication
- name: "Create job templates on awx server"
include_tasks: awx-create-job-template.yml
loop:
- { name: "create-database", desc: "create-database", playbook_file: "create-database.yml", credentials: ["{{ awx_credential_hetzner_ansible_vault_id }}", "{{ awx_credential_hetzner_ansible_id }}"] }
- { name: "create-realm", desc: "create-realm", playbook_file: "create-realm.yml", credentials: ["{{ awx_credential_hetzner_ansible_vault_id }}", "{{ awx_credential_hetzner_ansible_id }}"] }
- { name: "create-server", desc: "create-server", playbook_file: "create-server.yml", credentials: ["{{ awx_credential_hetzner_ansible_vault_id }}", "{{ awx_credential_hetzner_ansible_id }}"] }
- { name: "create-service", desc: "create-service", playbook_file: "create-service.yml", credentials: ["{{ awx_credential_hetzner_ansible_vault_id }}", "{{ awx_credential_hetzner_ansible_id }}"] }
loop_control:
loop_var: jobinfo
tags:
- awx_communication

85
roles/awx/tasks/awx-create-job-template.yml
Unescape Escape View File

@ -0,0 +1,85 @@
---
- set_fact:
awx_job_template_id: ""
tags:
- awx_communication
- name: "Get {{jobinfo.name}} job_templates id from awx server"
include_tasks: awx-get-typ-id.yml
vars:
awx_rest_api_type: job_templates
awx_search_key: name
awx_search_name: "{{jobinfo.name}}"
awx_type_id: ""
tags:
- awx_communication
- name: "Update awx_create_database_job_template_id"
set_fact:
awx_job_template_id: "{{ awx_type_id }}"
awx_type_id: ""
when: (awx_type_id is defined) and (awx_type_id | length > 0)
no_log: true
tags:
- awx_communication
- name: "Add {{jobinfo.name}} job_template to awx server"
vars:
name: "{{jobinfo.name}}"
description: "{{jobinfo.desc}}"
inventory_id: "{{ awx_localhost_inventory_id }}"
project_id: "{{ awx_hetzner_ansible_project_id }}"
execution_environment_id: "{{ awx_ee_hetzner_ansible_id }}"
playbook: "{{jobinfo.playbook_file}}"
ask_variables_on_launch: true
uri:
url: "{{ awx_base_url }}/api/v2/job_templates/"
method: POST
user: "{{ awx_rest_api_access_user }}"
password: "{{ awx_rest_api_access_pw }}"
headers:
Content-Type: "application/json"
Accept: "application/json"
body_format: "json"
body: "{{ lookup('template','awx-add-job-template-config.json.j2') }}"
force_basic_auth: true
validate_certs: false
status_code: 200, 201
no_log: true
tags:
- awx_communication
when: >
(awx_job_template_id | default("") | length == 0) and
(awx_localhost_inventory_id is defined) and
(awx_hetzner_ansible_project_id is defined) and
(awx_ee_hetzner_ansible_id is defined)
- name: "Get {{jobinfo.name}} job_templates id from awx server"
include_tasks: awx-get-typ-id.yml
vars:
awx_rest_api_type: job_templates
awx_search_key: name
awx_search_name: "{{jobinfo.name}}"
awx_type_id: ""
tags:
- awx_communication
- name: "Update awx_job_template_id for {{jobinfo.name}}"
set_fact:
awx_job_template_id: "{{ awx_type_id }}"
awx_type_id: ""
when: >
(awx_type_id is defined) and
(awx_type_id | length > 0)
no_log: true
tags:
- awx_communication
- include_tasks: awx-add-credential-to-job-template.yml
loop: "{{ jobinfo.credentials }}"
loop_control:
loop_var: awx_credential_id
when: (jobinfo is defined) and (jobinfo.credentials is defined )
tags:
- awx_communication

28
roles/awx/tasks/awx-get-typ-id.yml
Unescape Escape View File

@ -0,0 +1,28 @@
---
- name: "Search {{ awx_rest_api_type }} informations for {{ awx_search_name }} on awx server"
uri:
url: "{{ awx_base_url }}/api/v2/{{ awx_rest_api_type }}/?search={{ awx_search_name | urlencode }}"
method: GET
user: "{{ awx_rest_api_access_user }}"
password: "{{ awx_rest_api_access_pw }}"
return_content: true
validate_certs: false
force_basic_auth: yes
status_code: 200
no_log: true
register: awx_type_info
tags:
- awx_communication
- name: "Get {{ awx_rest_api_type }} id for {{ awx_search_name }} on awx server"
vars:
query: '[? {{ awx_search_key }}==`{{ awx_search_name }}`].id'
set_fact:
awx_type_id: "{{ item.results | json_query(query) | first }}"
when: (item.results is defined) and (item.results | length > 0)
loop:
- "{{ awx_type_info['content'] }}"
no_log: true
tags:
- awx_communication

46
roles/awx/tasks/main.yml
Unescape Escape View File

@ -1,6 +1,6 @@
--- ---
- name: "Install Pip3 for {{ service_name }}" - name: "Install pip3 for {{ service_name }}"
apt: apt:
name: python3-pip name: python3-pip
state: present state: present
@ -8,7 +8,7 @@
tags: tags:
- kube_apply - kube_apply
- name: "Install Kubernetes over Pip3 for {{ service_name }}" - name: "Install kubernetes over pip3 for {{ service_name }}"
pip: pip:
name: kubernetes name: kubernetes
state: present state: present
@ -16,7 +16,7 @@
tags: tags:
- kube_apply - kube_apply
- name: "Install and Setup Kubernetes (Single node, Master-only cluster) for {{ service_name }}" - name: "Install and setup kubernetes (single node, master-only cluster) for {{ service_name }}"
include_role: include_role:
name: geerlingguy.kubernetes name: geerlingguy.kubernetes
vars: vars:
@ -24,7 +24,7 @@
tags: tags:
- kube_install - kube_install
- name: "Download AWX {{ awx_operator_version }} to Kubernetes Template for {{ service_name }}" - name: "Download awx {{ awx_operator_version }} to kubernetes template for {{ service_name }}"
get_url: get_url:
url: "{{ awx_operator_url }}" url: "{{ awx_operator_url }}"
dest: /tmp/awx-operator.yaml dest: /tmp/awx-operator.yaml
@ -32,7 +32,7 @@
tags: tags:
- kube_apply - kube_apply
- name: "Apply AWX {{ awx_operator_version }} to Kubernetes {{ service_name }}" - name: "Apply awx {{ awx_operator_version }} to kubernetes {{ service_name }}"
k8s: k8s:
state: present state: present
src: /tmp/awx-operator.yaml src: /tmp/awx-operator.yaml
@ -54,7 +54,7 @@
tags: tags:
- kube_apply - kube_apply
- name: "Copy Deployment Template for {{ service_name }}" - name: "Copy deployment template for {{ service_name }}"
template: template:
src: awx-deployment.yml.j2 src: awx-deployment.yml.j2
dest: /tmp/awx-deployment.yml dest: /tmp/awx-deployment.yml
@ -64,7 +64,7 @@
tags: tags:
- kube_apply - kube_apply
- name: "Create a AWX k8s namespace for {{ service_name }}" - name: "Create a awx k8s namespace for {{ service_name }}"
k8s: k8s:
name: "{{ kubernetes_awx_namespace }}" name: "{{ kubernetes_awx_namespace }}"
api_version: v1 api_version: v1
@ -73,7 +73,7 @@
tags: tags:
- kube_apply - kube_apply
- name: "Apply AWX Deployment for {{ service_name }}" - name: "Apply awx deployment for {{ service_name }}"
k8s: k8s:
state: present state: present
src: /tmp/awx-deployment.yml src: /tmp/awx-deployment.yml
@ -93,7 +93,7 @@
tags: tags:
- kube_apply - kube_apply
- name: "Wait for AWX service {{ service_name }}" - name: "Wait for awx service {{ service_name }}"
uri: uri:
url: "http://{{ stage_server_ip }}:{{ kubernetes_awx_service_port }}" url: "http://{{ stage_server_ip }}:{{ kubernetes_awx_service_port }}"
status_code: 200 status_code: 200
@ -104,3 +104,31 @@
delay: 20 delay: 20
tags: tags:
- kube_apply - kube_apply
- name: "Search for all pods labeled app.kubernetes.io/name=awx {{ service_name }}"
k8s_info:
kind: Pod
namespace: "{{ kubernetes_awx_namespace }}"
label_selectors:
- app.kubernetes.io/name=awx
register: pod_list
tags:
- kube_apply
- name: "Wait for awx-task db-migration {{ service_name }}"
kubernetes.core.k8s_exec:
namespace: "{{ kubernetes_awx_namespace }}"
pod: "{{ pod_list.resources[0].metadata.name }}"
container: awx-task
command: /usr/local/bin/wait-for-migrations
tags:
- kube_apply
- include_tasks: awx-configurator.yml
vars:
awx_base_url: "http://{{ stage_server_ip }}"
awx_rest_api_access_user: "admin"
awx_rest_api_access_pw: "{{ awx_admin_password }}"
awx_project_path: "{{ kubernetes_awx_project_volume_path }}"
tags:
- awx_communication

12
roles/awx/templates/awx-add-ee-config.json.j2
Unescape Escape View File

@ -0,0 +1,12 @@
{
"name": "{{ name }}",
"description": "{{ description | default("") }}",
{% if organization_id is defined %}
"organization": "{{ organization_id }}",
{% endif %}
"image": "{{ image }}",
"credential": "{{ credential }}",
"pull": "{{ pull }}" {# "": "---------", "always": "Always pull container before running.",
"missing": "Only pull the image if not present before running.",
"never": "Never pull container before running." #}
}

10
roles/awx/templates/awx-add-inventory-config.json.j2
Unescape Escape View File

@ -0,0 +1,10 @@
{
"name": "{{ name }}",
"description": "{{ description | default("") }}",
"organization": "{{ organization_id | default(1) }}", {# 1 means Default Organization #}
"kind": "{{ kind | default("") }}",
{% if host_filter is defined %}
"host_filter": "{{ host_filter }}",
{% endif %}
"variables": "{{ variables | default("---") }}"
}

49
roles/awx/templates/awx-add-job-template-config.json.j2
Unescape Escape View File

@ -0,0 +1,49 @@
{
"name": "{{ name }}",
"description": "{{ description | default("") }}",
"job_type": "{{ job_type | default("run") }}",
"inventory": "{{ inventory_id }}",
"project": "{{ project_id }}",
"playbook": "{{ playbook }}",
{# {% if credential_ids is defined %}
"credentials": [
{% for id in credential_ids %}
"{{ id }}",
{% endfor %}
]
{% endif %} #}
"scm_branch": "{{ scm_branch | default("") }}",
"forks": "{{ forks | default(0) }}",
"limit": "{{ limit | default("") }}",
"verbosity": "{{ verbosity | default(0) }}",
"extra_vars": "{{ extra_vars | default("---") }}",
"job_tags": "{{ job_tags | default("") }}",
"force_handlers": "{{ force_handlers | default(false) }}",
"skip_tags": "{{ skip_tags | default("") }}",
"start_at_task": "{{ start_at_task | default("") }}",
"timeout": "{{ timeout | default(0) }}",
"use_fact_cache": "{{ use_fact_cache | default(false) }}",
"execution_environment": "{{ execution_environment_id }}",
"host_config_key": "{{ host_config_key | default("") }}",
"ask_scm_branch_on_launch": "{{ ask_scm_branch_on_launch | default(false) }}",
"ask_diff_mode_on_launch": "{{ ask_diff_mode_on_launch | default(false) }}",
"ask_variables_on_launch": "{{ ask_variables_on_launch | default(false) }}",
"ask_limit_on_launch": "{{ ask_limit_on_launch | default(false) }}",
"ask_tags_on_launch": "{{ ask_tags_on_launch | default(false) }}",
"ask_skip_tags_on_launch": "{{ ask_skip_tags_on_launch | default(false) }}",
"ask_job_type_on_launch": "{{ ask_job_type_on_launch | default(false) }}",
"ask_verbosity_on_launch": "{{ ask_verbosity_on_launch | default(false) }}",
"ask_inventory_on_launch": "{{ ask_inventory_on_launch | default(false) }}",
"ask_credential_on_launch": "{{ ask_credential_on_launch | default(false) }}",
"survey_enabled": "{{ survey_enabled | default(false) }}",
"become_enabled": "{{ become_enabled | default(false) }}",
"diff_mode": "{{ diff_mode | default(false) }}",
"allow_simultaneous": "{{ allow_simultaneous | default(false) }}",
{% if webhook_service is defined %}
"webhook_service": "{{ webhook_service }}",
{% endif %}
{% if webhook_credential is defined %}
"webhook_credential": "{{ webhook_credential }}",
{% endif %}
"job_slice_count": "{{ job_slice_count | default(1) }}"
}

23
roles/awx/templates/awx-add-project-config.json.j2
Unescape Escape View File

@ -0,0 +1,23 @@
{
"name": "{{ name }}",
"description": "{{ description | default("") }}",
"local_path": "{{ local_path }}",
"scm_type": "{{ scm_type | default("") }}",
{% if scm_type | default("") == "Git" %}
"scm_url": "{{ scm_url }}",
"scm_branch": "{{ scm_branch }}",
"scm_refspec": "{{ scm_refspec }}",
"scm_clean": "{{ scm_clean | default(false) }}",
"scm_track_submodules": "{{ scm_track_submodules | default(false) }}",
"scm_delete_on_update": "{{ scm_delete_on_update | default(false) }}",
{% endif %}
{% if credential_id is defined %}
"credential": {{ credential_id }},
{% endif %}
"timeout": "{{ timeout | default(0) }}",
"organization": "{{ organization_id | default(1) }}",
"scm_update_on_launch": "{{ scm_update_on_launch | default(false) }}",
"scm_update_cache_timeout": "{{ scm_update_cache_timeout | default(0) }}",
"allow_override": "{{ allow_override | default(false) }}",
"default_environment": "{{ default_environment_id | default(null) }}"
}

33
roles/awx/templates/awx-create-credential-config.json.j2
Unescape Escape View File

@ -0,0 +1,33 @@
{
"name": "{{ name }}",
"description": "{{ description | default("") }}",
"organization": "{{ organization_id | default(None) }}",
{% if user_id is defined %}
"user": "{{ user_id }}",
{% endif %}
{% if team_id is defined %}
"team": "{{ team_id }}",
{% endif %}
"credential_type": "{{ credential_type_id }}",
{% if credential_type_name == "Machine" %}
"inputs": {
"username": "{{ username }}",
"ssh_public_key_data": "{{ ssh_public_key_data }}",
"ssh_key_data": "{{ ssh_key_data }}",
{% if ssh_key_unlock is defined %}
"ssh_key_unlock": "{{ ssh_key_unlock }}"
{% endif %}
}
{% elif credential_type_name == "Container Registry" %}
"inputs": {
"host": "{{ username }}",
"username": "{{ username }}",
"password": "{{ password }}"
}
{% elif credential_type_name == "Vault" %}
"inputs": {
"vault_id": "{{ vault_id | default("") }}",
"vault_password": "{{ vault_password | default("") }}"
}
{% endif %}
}

9
roles/awx/templates/awx-create-user-config.json.j2
Unescape Escape View File

@ -0,0 +1,9 @@
{
"username": "{{ username }}",
"first_name": "{{ first_name | default("") }}",
"last_name": "{{ last_name | default("") }}",
"email": "{{ email | default("") }}",
"is_superuser": "{{ is_superuser | default(false) }}",
"is_system_auditor": "{{ is_system_auditor | default(false) }}",
"password": "{{ password | default("") }}"
}
Write Preview
Loading…
Cancel
Save