--- - name: "Remove all " include_tasks: awx-config-cleanup.yml vars: awx_rest_api_type: job_templates when: (awx_hetzner_ansible_project_id is not defined) - name: "Search user <{{ awx_ansible_username }}>" include_tasks: awx-config-get-typ-id.yml vars: awx_rest_api_type: users awx_search_key: username awx_search_name: "{{ awx_ansible_username }}" - name: "Update ansible_awx_user_id" set_fact: ansible_awx_user_id: "{{ awx_type_id }}" when: - awx_type_id != "None" - name: "Add user <{{ awx_ansible_username }}>" delegate_to: localhost vars: username: "{{ awx_ansible_username }}" password: "{{ awx_ansible_password }}" is_system_auditor: "true" uri: url: "{{ shared_service_kube_url_awx }}/api/v2/users/" method: POST user: "{{ awx_rest_api_access_user }}" password: "{{ awx_rest_api_access_pw }}" headers: Content-Type: "application/json" Accept: "application/json" body_format: "json" body: "{{ lookup('template','awx-create-user.json.j2') }}" force_basic_auth: true validate_certs: false status_code: 201 register: response changed_when: response.status == 201 when: ansible_awx_user_id is not defined - name: "Search user <{{ awx_ansible_username }}>" include_tasks: awx-config-get-typ-id.yml vars: awx_rest_api_type: users awx_search_key: username awx_search_name: "{{ awx_ansible_username }}" when: ansible_awx_user_id is not defined - name: "Update ansible_awx_user_id" set_fact: ansible_awx_user_id: "{{ awx_type_id }}" when: - awx_type_id != "None" - name: "Remove all " include_tasks: awx-config-cleanup.yml vars: awx_rest_api_type: credentials - name: "Search credential type id for " include_tasks: awx-config-get-typ-id.yml vars: awx_rest_api_type: credential_types awx_search_key: name awx_search_name: "Machine" - name: "Update awx_credential_type_machine_id" set_fact: awx_credential_type_machine_id: "{{ awx_type_id }}" when: - awx_type_id != "None" - name: "Search credentials <{{ awx_credential_machine_hetzner_name }}>" include_tasks: awx-config-get-typ-id.yml vars: awx_rest_api_type: credentials awx_search_key: name awx_search_name: "{{ awx_credential_machine_hetzner_name }}" - name: "Update awx_credential_hetzner_ansible_id" set_fact: awx_credential_hetzner_ansible_id: "{{ awx_type_id }}" when: - awx_type_id != "None" - name: "Create json object for credentials <{{ awx_credential_machine_hetzner_name }}>" vars: name: "{{ awx_credential_machine_hetzner_name }}" credential_type_id: "{{ awx_credential_type_machine_id }}" credential_type_name: "Machine" username: "{{ awx_ansible_user_name }}" ssh_public_key_data: "{{ lookup('file', '{{ playbook_dir }}/users/{{ awx_ansible_user_name }}/ssh.pub') }}" ssh_key_data: "{{ awx_ansible_user_ssh_key_private | replace('\n','\\n') }}" set_fact: machine_creds: "{{ lookup('template','awx-create-credential.json.j2') }}" when: awx_credential_hetzner_ansible_id is not defined - name: "Printing..." debug: msg: "{{ machine_creds }}" delegate_to: 127.0.0.1 when: - debug - name: "Add credentials <{{ awx_credential_machine_hetzner_name }}> with user: {{ ansible_awx_user_id }}" delegate_to: localhost uri: url: "{{ shared_service_kube_url_awx }}/api/v2/credentials/" method: POST user: "{{ awx_rest_api_access_user }}" password: "{{ awx_rest_api_access_pw }}" headers: Content-Type: "application/json" Accept: "application/json" body_format: "json" body: "{{ machine_creds }}" force_basic_auth: true validate_certs: false status_code: 201 register: response changed_when: response.status == 201 when: awx_credential_hetzner_ansible_id is not defined - name: "Search credentials <{{ awx_credential_machine_hetzner_name }}>" include_tasks: awx-config-get-typ-id.yml vars: awx_rest_api_type: credentials awx_search_key: name awx_search_name: "{{ awx_credential_machine_hetzner_name }}" when: awx_credential_hetzner_ansible_id is not defined - name: "Update awx_credential_hetzner_ansible_id" set_fact: awx_credential_hetzner_ansible_id: "{{ awx_type_id }}" when: - awx_type_id != "None" - name: "Search credential type id for " include_tasks: awx-config-get-typ-id.yml vars: awx_rest_api_type: credential_types awx_search_key: name awx_search_name: "Source Control" - name: "Update awx_credential_type_scm_id" set_fact: awx_credential_type_scm_id: "{{ awx_type_id }}" when: - awx_type_id != "None" - name: "Search credentials <{{ stage}}-gitea>" include_tasks: awx-config-get-typ-id.yml vars: awx_rest_api_type: credentials awx_search_key: name awx_search_name: "{{ stage}}-gitea" - name: "Update awx_credential_stagedspecific_gitea_id" set_fact: awx_credential_stagedspecific_gitea_id: "{{ awx_type_id }}" when: - awx_type_id != "None" - name: "Add credentials <{{ stage }}-gitea>" delegate_to: localhost uri: url: "{{ shared_service_kube_url_awx }}/api/v2/credentials/" method: POST user: "{{ awx_rest_api_access_user }}" password: "{{ awx_rest_api_access_pw }}" headers: Content-Type: "application/json" Accept: "application/json" body_format: "json" body: name: "{{ stage }}-gitea" description: "{{ stage }}-gitea" user: "{{ ansible_awx_user_id }}" credential_type: "{{ awx_credential_type_scm_id }}" inputs: username: "{{ gitea_admin_username }}" password: "{{ gitea_admin_password }}" ssh_key_data: "" ssh_key_unlock: "" force_basic_auth: true validate_certs: false status_code: 201 register: response changed_when: response.status == 201 when: awx_credential_stagedspecific_gitea_id is not defined - name: "Search credentials <{{ stage}}-gitea >" include_tasks: awx-config-get-typ-id.yml vars: awx_rest_api_type: credentials awx_search_key: name awx_search_name: "{{ stage}}-gitea" when: awx_credential_stagedspecific_gitea_id is not defined - name: "Update awx_credential_stagedspecific_gitea_id" set_fact: awx_credential_stagedspecific_gitea_id: "{{ awx_type_id }}" when: - awx_type_id != "None" - name: "Search credential type id for " include_tasks: awx-config-get-typ-id.yml vars: awx_rest_api_type: credential_types awx_search_key: name awx_search_name: "Vault" - name: "Update awx_credential_type_vault_id" set_fact: awx_credential_type_vault_id: "{{ awx_type_id }}" when: - awx_type_id != "None" - name: "Search credentials " include_tasks: awx-config-get-typ-id.yml vars: awx_rest_api_type: credentials awx_search_key: name awx_search_name: "hetzner-ansible-vault" tags: - always - name: "Update awx_credential_hetzner_ansible_vault_id" set_fact: awx_credential_hetzner_ansible_vault_id: "{{ awx_type_id }}" when: - awx_type_id != "None" tags: - always - name: "Add credentials " delegate_to: localhost vars: name: "hetzner-ansible-vault" credential_type_id: "{{ awx_credential_type_vault_id }}" credential_type_name: "Vault" vault_password: "{{ ansible_vault_password }}" uri: url: "{{ shared_service_kube_url_awx }}/api/v2/credentials/" method: POST user: "{{ awx_rest_api_access_user }}" password: "{{ awx_rest_api_access_pw }}" headers: Content-Type: "application/json" Accept: "application/json" body_format: "json" body: "{{ lookup('template','awx-create-credential.json.j2') }}" force_basic_auth: true validate_certs: false status_code: 201 register: response changed_when: response.status == 201 when: awx_credential_hetzner_ansible_vault_id is not defined - name: "Search credentials " include_tasks: awx-config-get-typ-id.yml vars: awx_rest_api_type: credentials awx_search_key: name awx_search_name: "hetzner-ansible-vault" when: awx_credential_hetzner_ansible_vault_id is not defined - name: "Update awx_credential_hetzner_ansible_vault_id" set_fact: awx_credential_hetzner_ansible_vault_id: "{{ awx_type_id }}" when: - awx_type_id != "None" - name: "Search credential type id for " include_tasks: awx-config-get-typ-id.yml vars: awx_rest_api_type: credential_types awx_search_key: name awx_search_name: "Container Registry" - name: "Update awx_credential_type_container_registry_id" set_fact: awx_credential_type_container_registry_id: "{{ awx_type_id }}" when: - awx_type_id != "None" - name: "Search credentials <{{ shared_service_hostname_harbor }}>" include_tasks: awx-config-get-typ-id.yml vars: awx_rest_api_type: credentials awx_search_key: name awx_search_name: "{{ shared_service_hostname_harbor }}" - name: "Update awx_credential_harbor_id" set_fact: awx_credential_harbor_id: "{{ awx_type_id }}" when: - awx_type_id != "None" - name: "Add credentials <{{ shared_service_hostname_harbor }}>" delegate_to: localhost vars: name: "{{ shared_service_hostname_harbor }}" description: "{{ shared_service_hostname_harbor }}" credential_type_id: "{{ awx_credential_type_container_registry_id }}" credential_type_name: "Container Registry" host: "{{ shared_service_hostname_harbor }}" username: "{{ harbor_username }}" password: "{{ harbor_token }}" uri: url: "{{ shared_service_kube_url_awx }}/api/v2/credentials/" method: POST user: "{{ awx_rest_api_access_user }}" password: "{{ awx_rest_api_access_pw }}" headers: Content-Type: "application/json" Accept: "application/json" body_format: "json" body: "{{ lookup('template','awx-create-credential.json.j2') }}" force_basic_auth: true validate_certs: false status_code: 201 register: response changed_when: response.status == 201 when: awx_credential_harbor_id is not defined - name: "Search credentials <{{ shared_service_hostname_harbor }}>" include_tasks: awx-config-get-typ-id.yml vars: awx_rest_api_type: credentials awx_search_key: name awx_search_name: "{{ shared_service_hostname_harbor }}" when: awx_credential_harbor_id is not defined - name: "Update awx_credential_harbor_id" set_fact: awx_credential_harbor_id: "{{ awx_type_id }}" when: - awx_type_id != "None" - name: "Remove all " include_tasks: awx-config-cleanup.yml vars: awx_rest_api_type: execution_environments - name: "Search execution environment for " include_tasks: awx-config-get-typ-id.yml vars: awx_rest_api_type: execution_environments awx_search_key: name awx_search_name: "hetzner-ansible" - name: "Update awx_ee_hetzner_ansible_id" set_fact: awx_ee_hetzner_ansible_id: "{{ awx_type_id }}" when: - awx_type_id != "None" - name: "Add execution environment " delegate_to: localhost vars: name: "hetzner-ansible" description: "hetzner-ansible" image: "{{ shared_service_hostname_harbor }}/awx/awx-custom-ee" credential: "{{ awx_credential_harbor_id }}" pull: "always" uri: url: "{{ shared_service_kube_url_awx }}/api/v2/execution_environments/" method: POST user: "{{ awx_rest_api_access_user }}" password: "{{ awx_rest_api_access_pw }}" headers: Content-Type: "application/json" Accept: "application/json" body_format: "json" body: "{{ lookup('template','awx-create-execution-environment.json.j2') }}" force_basic_auth: true validate_certs: false status_code: 201 register: response changed_when: response.status == 201 when: awx_ee_hetzner_ansible_id is not defined - name: "Search execution environment for " include_tasks: awx-config-get-typ-id.yml vars: awx_rest_api_type: execution_environments awx_search_key: name awx_search_name: "hetzner-ansible" when: awx_ee_hetzner_ansible_id is not defined - name: "Update awx_ee_hetzner_ansible_id" set_fact: awx_ee_hetzner_ansible_id: "{{ awx_type_id }}" when: - awx_type_id != "None" - name: "Remove all " include_tasks: awx-config-cleanup.yml vars: awx_rest_api_type: inventories - name: "Search inventory " include_tasks: awx-config-get-typ-id.yml vars: awx_rest_api_type: inventories awx_search_key: name awx_search_name: "localhost" - name: "Update awx_localhost_inventory_id" set_fact: awx_localhost_inventory_id: "{{ awx_type_id }}" when: - awx_type_id != "None" - name: "Add inventory " delegate_to: localhost vars: name: "localhost" description: "localhost" uri: url: "{{ shared_service_kube_url_awx }}/api/v2/inventories/" method: POST user: "{{ awx_rest_api_access_user }}" password: "{{ awx_rest_api_access_pw }}" headers: Content-Type: "application/json" Accept: "application/json" body_format: "json" body: "{{ lookup('template','awx-create-inventory.json.j2') }}" force_basic_auth: true validate_certs: false status_code: 201 register: response changed_when: response.status == 201 when: awx_localhost_inventory_id is not defined - name: "Search inventory " include_tasks: awx-config-get-typ-id.yml vars: awx_rest_api_type: inventories awx_search_key: name awx_search_name: "localhost" when: awx_localhost_inventory_id is not defined - name: "Update awx_localhost_inventory_id" set_fact: awx_localhost_inventory_id: "{{ awx_type_id }}" when: - awx_type_id != "None" - name: "Remove all " include_tasks: awx-config-cleanup.yml vars: awx_rest_api_type: projects - name: "Search project " include_tasks: awx-config-get-typ-id.yml vars: awx_rest_api_type: projects awx_search_key: name awx_search_name: "hetzner-ansible" - name: "Update awx_hetzner_ansible_project_id" set_fact: awx_hetzner_ansible_project_id: "{{ awx_type_id }}" when: - awx_type_id != "None" - name: "Add project " delegate_to: localhost vars: name: "hetzner-ansible" description: "hetzner-ansible" local_path: "hetzner-ansible" scm_type: git scm_url: 'https://{{ shared_service_gitea_hostname }}/gitea-admin/hetzner-ansible.git' scm_branch: '{{ awx_hetzner_ansible_revision | default(stage) }}' scm_refspec: '' scm_clean: false scm_track_submodules: false scm_delete_on_update: false scm_update_on_launch: true scm_update_cache_timeout: 0 default_environment_id: "{{ awx_ee_hetzner_ansible_id }}" credential_id: '{{ awx_credential_stagedspecific_gitea_id }}' uri: url: "{{ shared_service_kube_url_awx }}/api/v2/projects/" method: POST user: "{{ awx_rest_api_access_user }}" password: "{{ awx_rest_api_access_pw }}" headers: Content-Type: "application/json" Accept: "application/json" body_format: "json" body: "{{ lookup('template','awx-create-project.json.j2') }}" force_basic_auth: true validate_certs: false status_code: 201 register: response changed_when: response.status == 201 when: awx_hetzner_ansible_project_id is not defined - name: "Search project " include_tasks: awx-config-get-typ-id.yml vars: awx_rest_api_type: projects awx_search_key: name awx_search_name: "hetzner-ansible" when: (awx_hetzner_ansible_project_id is not defined) - name: "Update awx_hetzner_ansible_project_id" set_fact: awx_hetzner_ansible_project_id: "{{ awx_type_id }}" when: - awx_type_id != "None" - name: "Remove all " include_tasks: awx-config-cleanup.yml vars: awx_rest_api_type: job_templates - name: "Setting job templates credentials as fact" set_fact: job_templates_credentials: [ "{{ awx_credential_hetzner_ansible_vault_id }}", "{{ awx_credential_hetzner_ansible_id }}", ] # step is needed otherwise ansible run will fail due to missing # resources (playbooks) on with the job template references - name: "Wait for project was updated via SCM" pause: seconds: 30 - name: "Create job templates" include_tasks: awx-config-job-template.yml loop: "{{ awx_job_templates | flatten(levels=1) }}" loop_control: loop_var: job - name: "Create job templates" include_tasks: awx-config-pmci-template.yml with_fileglob: - "{{ playbook_dir }}/pmci-*.yml"