gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
prodnso
main
qa
feature/DEV-655
feature/SC-124
feature/SC-55
feature/DEV-470_2nd
feature/DEV-380_2nd
feature/DEV-380
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '42f0ae114a'
${ noResults }
hetzner-ansible/roles/kubernetes/awx/tasks/awx-config.yml

539 lines
16 KiB
YAML
Raw Blame History Unescape Escape

This file contains invisible Unicode characters!

This file contains invisible Unicode characters that may be processed differently from what appears below. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to reveal hidden characters.

---
- name: "Remove all <job_templates>"
include_tasks: awx-config-cleanup.yml
vars:
awx_rest_api_type: job_templates
when: (awx_hetzner_ansible_project_id is not defined)
- name: "Search user <{{ awx_ansible_username }}>"
include_tasks: awx-config-get-typ-id.yml
vars:
awx_rest_api_type: users
awx_search_key: username
awx_search_name: "{{ awx_ansible_username }}"
- name: "Update ansible_awx_user_id"
set_fact:
ansible_awx_user_id: "{{ awx_type_id }}"
when:
- awx_type_id != "None"
- name: "Add user <{{ awx_ansible_username }}>"
delegate_to: localhost
vars:
username: "{{ awx_ansible_username }}"
password: "{{ awx_ansible_password }}"
uri:
url: "{{ awx_base_url }}/api/v2/users/"
method: POST
user: "{{ awx_rest_api_access_user }}"
password: "{{ awx_rest_api_access_pw }}"
headers:
Content-Type: "application/json"
Accept: "application/json"
body_format: "json"
body: "{{ lookup('template','awx-create-user.json.j2') }}"
force_basic_auth: true
validate_certs: false
status_code: 201
register: response
changed_when: response.status == 201
when: ansible_awx_user_id is not defined
- name: "Search user <{{ awx_ansible_username }}>"
include_tasks: awx-config-get-typ-id.yml
vars:
awx_rest_api_type: users
awx_search_key: username
awx_search_name: "{{ awx_ansible_username }}"
when: ansible_awx_user_id is not defined
- name: "Update ansible_awx_user_id"
set_fact:
ansible_awx_user_id: "{{ awx_type_id }}"
when:
- awx_type_id != "None"
- name: "Remove all <credentials>"
include_tasks: awx-config-cleanup.yml
vars:
awx_rest_api_type: credentials
- name: "Search credential type id for <Machine>"
include_tasks: awx-config-get-typ-id.yml
vars:
awx_rest_api_type: credential_types
awx_search_key: name
awx_search_name: "Machine"
- name: "Update awx_credential_type_machine_id"
set_fact:
awx_credential_type_machine_id: "{{ awx_type_id }}"
when:
- awx_type_id != "None"
- name: "Search <Machine> credentials <{{ awx_credential_machine_hetzner_name }}>"
include_tasks: awx-config-get-typ-id.yml
vars:
awx_rest_api_type: credentials
awx_search_key: name
awx_search_name: "{{ awx_credential_machine_hetzner_name }}"
- name: "Update awx_credential_hetzner_ansible_id"
set_fact:
awx_credential_hetzner_ansible_id: "{{ awx_type_id }}"
when:
- awx_type_id != "None"
- name: "Create json object for <Machine> credentials <{{ awx_credential_machine_hetzner_name }}>"
vars:
name: "{{ awx_credential_machine_hetzner_name }}"
credential_type_id: "{{ awx_credential_type_machine_id }}"
credential_type_name: "Machine"
username: "{{ awx_ansible_user_name }}"
ssh_public_key_data: "{{ lookup('file', '{{ playbook_dir }}/users/{{ awx_ansible_user_name }}/ssh.pub') }}"
ssh_key_data: "{{ awx_ansible_user_ssh_key_private | replace('\n','\\n') }}"
set_fact:
machine_creds: "{{ lookup('template','awx-create-credential.json.j2') }}"
when: awx_credential_hetzner_ansible_id is not defined
- name: "Printing..."
debug:
msg: "{{ machine_creds }}"
delegate_to: 127.0.0.1
when:
- debug
- name: "Add <Machine> credentials <{{ awx_credential_machine_hetzner_name }}> with user: {{ ansible_awx_user_id }}"
delegate_to: localhost
uri:
url: "{{ awx_base_url }}/api/v2/credentials/"
method: POST
user: "{{ awx_rest_api_access_user }}"
password: "{{ awx_rest_api_access_pw }}"
headers:
Content-Type: "application/json"
Accept: "application/json"
body_format: "json"
body: "{{ machine_creds }}"
force_basic_auth: true
validate_certs: false
status_code: 201
register: response
changed_when: response.status == 201
when: awx_credential_hetzner_ansible_id is not defined
- name: "Search <Machine> credentials <{{ awx_credential_machine_hetzner_name }}>"
include_tasks: awx-config-get-typ-id.yml
vars:
awx_rest_api_type: credentials
awx_search_key: name
awx_search_name: "{{ awx_credential_machine_hetzner_name }}"
when: awx_credential_hetzner_ansible_id is not defined
- name: "Update awx_credential_hetzner_ansible_id"
set_fact:
awx_credential_hetzner_ansible_id: "{{ awx_type_id }}"
when:
- awx_type_id != "None"
- name: "Search credential type id for <Source Control>"
include_tasks: awx-config-get-typ-id.yml
vars:
awx_rest_api_type: credential_types
awx_search_key: name
awx_search_name: "Source Control"
- name: "Update awx_credential_type_scm_id"
set_fact:
awx_credential_type_scm_id: "{{ awx_type_id }}"
when:
- awx_type_id != "None"
- name: "Search <Source Control> credentials <{{ stage}}-gitea>"
include_tasks: awx-config-get-typ-id.yml
vars:
awx_rest_api_type: credentials
awx_search_key: name
awx_search_name: "{{ stage}}-gitea"
- name: "Update awx_credential_stagedspecific_gitea_id"
set_fact:
awx_credential_stagedspecific_gitea_id: "{{ awx_type_id }}"
when:
- awx_type_id != "None"
- name: "Add <Source Control> credentials <{{ stage }}-gitea>"
delegate_to: localhost
uri:
url: "{{ awx_base_url }}/api/v2/credentials/"
method: POST
user: "{{ awx_rest_api_access_user }}"
password: "{{ awx_rest_api_access_pw }}"
headers:
Content-Type: "application/json"
Accept: "application/json"
body_format: "json"
body:
name: "{{ stage }}-gitea"
description: "{{ stage }}-gitea"
user: "{{ ansible_awx_user_id }}"
credential_type: "{{ awx_credential_type_scm_id }}"
inputs:
username: "{{ gitea_admin_username }}"
password: "{{ gitea_admin_password }}"
ssh_key_data: ""
ssh_key_unlock: ""
force_basic_auth: true
validate_certs: false
status_code: 201
register: response
changed_when: response.status == 201
when: awx_credential_stagedspecific_gitea_id is not defined
- name: "Search <Source Control> credentials <{{ stage}}-gitea >"
include_tasks: awx-config-get-typ-id.yml
vars:
awx_rest_api_type: credentials
awx_search_key: name
awx_search_name: "{{ stage}}-gitea"
when: awx_credential_stagedspecific_gitea_id is not defined
- name: "Update awx_credential_stagedspecific_gitea_id"
set_fact:
awx_credential_stagedspecific_gitea_id: "{{ awx_type_id }}"
when:
- awx_type_id != "None"
- name: "Search credential type id for <Vault>"
include_tasks: awx-config-get-typ-id.yml
vars:
awx_rest_api_type: credential_types
awx_search_key: name
awx_search_name: "Vault"
- name: "Update awx_credential_type_vault_id"
set_fact:
awx_credential_type_vault_id: "{{ awx_type_id }}"
when:
- awx_type_id != "None"
- name: "Search <Vault> credentials <hetzner-ansible-vault>"
include_tasks: awx-config-get-typ-id.yml
vars:
awx_rest_api_type: credentials
awx_search_key: name
awx_search_name: "hetzner-ansible-vault"
- name: "Update awx_credential_hetzner_ansible_vault_id"
set_fact:
awx_credential_hetzner_ansible_vault_id: "{{ awx_type_id }}"
when:
- awx_type_id != "None"
- name: "Add <Vault> credentials <hetzner-ansible-vault>"
delegate_to: localhost
vars:
name: "hetzner-ansible-vault"
credential_type_id: "{{ awx_credential_type_vault_id }}"
credential_type_name: "Vault"
vault_password: "{{ ansible_vault_password }}"
uri:
url: "{{ awx_base_url }}/api/v2/credentials/"
method: POST
user: "{{ awx_rest_api_access_user }}"
password: "{{ awx_rest_api_access_pw }}"
headers:
Content-Type: "application/json"
Accept: "application/json"
body_format: "json"
body: "{{ lookup('template','awx-create-credential.json.j2') }}"
force_basic_auth: true
validate_certs: false
status_code: 201
register: response
changed_when: response.status == 201
when: awx_credential_hetzner_ansible_vault_id is not defined
- name: "Search <Vault> credentials <hetzner-ansible-vault>"
include_tasks: awx-config-get-typ-id.yml
vars:
awx_rest_api_type: credentials
awx_search_key: name
awx_search_name: "hetzner-ansible-vault"
when: awx_credential_hetzner_ansible_vault_id is not defined
- name: "Update awx_credential_hetzner_ansible_vault_id"
set_fact:
awx_credential_hetzner_ansible_vault_id: "{{ awx_type_id }}"
when:
- awx_type_id != "None"
- name: "Search credential type id for <Container Registry>"
include_tasks: awx-config-get-typ-id.yml
vars:
awx_rest_api_type: credential_types
awx_search_key: name
awx_search_name: "Container Registry"
- name: "Update awx_credential_type_container_registry_id"
set_fact:
awx_credential_type_container_registry_id: "{{ awx_type_id }}"
when:
- awx_type_id != "None"
- name: "Search <Container Registry> credentials <{{ shared_service_harbor_hostname }}>"
include_tasks: awx-config-get-typ-id.yml
vars:
awx_rest_api_type: credentials
awx_search_key: name
awx_search_name: "{{ shared_service_harbor_hostname }}"
- name: "Update awx_credential_harbor_id"
set_fact:
awx_credential_harbor_id: "{{ awx_type_id }}"
when:
- awx_type_id != "None"
- name: "Add <Container Registry> credentials <{{ shared_service_harbor_hostname }}>"
delegate_to: localhost
vars:
name: "{{ shared_service_harbor_hostname }}"
description: "{{ shared_service_harbor_hostname }}"
credential_type_id: "{{ awx_credential_type_container_registry_id }}"
credential_type_name: "Container Registry"
host: "{{ shared_service_harbor_hostname }}"
username: "{{ harbor_username }}"
password: "{{ harbor_token }}"
uri:
url: "{{ awx_base_url }}/api/v2/credentials/"
method: POST
user: "{{ awx_rest_api_access_user }}"
password: "{{ awx_rest_api_access_pw }}"
headers:
Content-Type: "application/json"
Accept: "application/json"
body_format: "json"
body: "{{ lookup('template','awx-create-credential.json.j2') }}"
force_basic_auth: true
validate_certs: false
status_code: 201
register: response
changed_when: response.status == 201
when: awx_credential_harbor_id is not defined
- name: "Search <Container Registry> credentials <{{ shared_service_harbor_hostname }}>"
include_tasks: awx-config-get-typ-id.yml
vars:
awx_rest_api_type: credentials
awx_search_key: name
awx_search_name: "{{ shared_service_harbor_hostname }}"
when: awx_credential_harbor_id is not defined
- name: "Update awx_credential_harbor_id"
set_fact:
awx_credential_harbor_id: "{{ awx_type_id }}"
when:
- awx_type_id != "None"
- name: "Remove all <execution_environments>"
include_tasks: awx-config-cleanup.yml
vars:
awx_rest_api_type: execution_environments
- name: "Search execution environment for <hetzner-ansible>"
include_tasks: awx-config-get-typ-id.yml
vars:
awx_rest_api_type: execution_environments
awx_search_key: name
awx_search_name: "hetzner-ansible"
- name: "Update awx_ee_hetzner_ansible_id"
set_fact:
awx_ee_hetzner_ansible_id: "{{ awx_type_id }}"
when:
- awx_type_id != "None"
- name: "Add execution environment <hetzner-ansible>"
delegate_to: localhost
vars:
name: "hetzner-ansible"
description: "hetzner-ansible"
image: "{{ shared_service_harbor_hostname }}/awx/awx-custom-ee"
credential: "{{ awx_credential_harbor_id }}"
pull: "always"
uri:
url: "{{ awx_base_url }}/api/v2/execution_environments/"
method: POST
user: "{{ awx_rest_api_access_user }}"
password: "{{ awx_rest_api_access_pw }}"
headers:
Content-Type: "application/json"
Accept: "application/json"
body_format: "json"
body: "{{ lookup('template','awx-create-execution-environment.json.j2') }}"
force_basic_auth: true
validate_certs: false
status_code: 201
register: response
changed_when: response.status == 201
when: awx_ee_hetzner_ansible_id is not defined
- name: "Search execution environment for <hetzner-ansible>"
include_tasks: awx-config-get-typ-id.yml
vars:
awx_rest_api_type: execution_environments
awx_search_key: name
awx_search_name: "hetzner-ansible"
when: awx_ee_hetzner_ansible_id is not defined
- name: "Update awx_ee_hetzner_ansible_id"
set_fact:
awx_ee_hetzner_ansible_id: "{{ awx_type_id }}"
when:
- awx_type_id != "None"
- name: "Remove all <inventories>"
include_tasks: awx-config-cleanup.yml
vars:
awx_rest_api_type: inventories
- name: "Search inventory <localhost>"
include_tasks: awx-config-get-typ-id.yml
vars:
awx_rest_api_type: inventories
awx_search_key: name
awx_search_name: "localhost"
- name: "Update awx_localhost_inventory_id"
set_fact:
awx_localhost_inventory_id: "{{ awx_type_id }}"
when:
- awx_type_id != "None"
- name: "Add inventory <localhost>"
delegate_to: localhost
vars:
name: "localhost"
description: "localhost"
uri:
url: "{{ awx_base_url }}/api/v2/inventories/"
method: POST
user: "{{ awx_rest_api_access_user }}"
password: "{{ awx_rest_api_access_pw }}"
headers:
Content-Type: "application/json"
Accept: "application/json"
body_format: "json"
body: "{{ lookup('template','awx-create-inventory.json.j2') }}"
force_basic_auth: true
validate_certs: false
status_code: 201
register: response
changed_when: response.status == 201
when: awx_localhost_inventory_id is not defined
- name: "Search inventory <localhost>"
include_tasks: awx-config-get-typ-id.yml
vars:
awx_rest_api_type: inventories
awx_search_key: name
awx_search_name: "localhost"
when: awx_localhost_inventory_id is not defined
- name: "Update awx_localhost_inventory_id"
set_fact:
awx_localhost_inventory_id: "{{ awx_type_id }}"
when:
- awx_type_id != "None"
- name: "Remove all <projects>"
include_tasks: awx-config-cleanup.yml
vars:
awx_rest_api_type: projects
- name: "Search project <hetzner-ansible>"
include_tasks: awx-config-get-typ-id.yml
vars:
awx_rest_api_type: projects
awx_search_key: name
awx_search_name: "hetzner-ansible"
- name: "Update awx_hetzner_ansible_project_id"
set_fact:
awx_hetzner_ansible_project_id: "{{ awx_type_id }}"
when:
- awx_type_id != "None"
- name: "Add project <hetzner-ansible>"
delegate_to: localhost
vars:
name: "hetzner-ansible"
description: "hetzner-ansible"
local_path: "hetzner-ansible"
scm_type: git
scm_url: 'https://{{ shared_service_gitea_hostname }}/gitea-admin/hetzner-ansible.git'
scm_branch: '{{ awx_hetzner_ansible_revision | default(stage) }}'
scm_refspec: ''
scm_clean: false
scm_track_submodules: false
scm_delete_on_update: false
scm_update_on_launch: true
scm_update_cache_timeout: 0
default_environment_id: "{{ awx_ee_hetzner_ansible_id }}"
credential_id: '{{ awx_credential_stagedspecific_gitea_id }}'
uri:
url: "{{ awx_base_url }}/api/v2/projects/"
method: POST
user: "{{ awx_rest_api_access_user }}"
password: "{{ awx_rest_api_access_pw }}"
headers:
Content-Type: "application/json"
Accept: "application/json"
body_format: "json"
body: "{{ lookup('template','awx-create-project.json.j2') }}"
force_basic_auth: true
validate_certs: false
status_code: 201
register: response
changed_when: response.status == 201
when: awx_hetzner_ansible_project_id is not defined
- name: "Search project <hetzner-ansible>"
include_tasks: awx-config-get-typ-id.yml
vars:
awx_rest_api_type: projects
awx_search_key: name
awx_search_name: "hetzner-ansible"
when: (awx_hetzner_ansible_project_id is not defined)
- name: "Update awx_hetzner_ansible_project_id"
set_fact:
awx_hetzner_ansible_project_id: "{{ awx_type_id }}"
when:
- awx_type_id != "None"
- name: "Remove all <job_templates>"
include_tasks: awx-config-cleanup.yml
vars:
awx_rest_api_type: job_templates
- name: "Setting job templates credentials as fact"
set_fact:
job_templates_credentials: [
"{{ awx_credential_hetzner_ansible_vault_id }}",
"{{ awx_credential_hetzner_ansible_id }}",
]
# step is needed otherwise ansible run will fail due to missing
# resources (playbooks) on with the job template references
- name: "Wait for project <hetzner-ansible> was updated via SCM"
pause:
seconds: 30
- name: "Create job templates"
include_tasks: awx-config-job-template.yml
loop: "{{ awx_job_templates | flatten(levels=1) }}"
loop_control:
loop_var: job
Reference in New Issue View Git Blame Copy Permalink