Commit 19a1d63a authored by Thorstein Buind Nordby's avatar Thorstein Buind Nordby
Browse files

Merge branch 'dev' into 'master'

Dev to master

See merge request oslo-devops/ansible-awx-role-docker!1
parents 50891389 509993ff
name: Ansible Lint # feel free to pick your own name
on: [push, pull_request]
jobs:
build:
runs-on: ubuntu-latest
steps:
# Important: This sets up your GITHUB_WORKSPACE environment variable
- uses: actions/checkout@v2
- name: Lint Ansible Playbook
# replace "master" with any valid ref
uses: ansible/ansible-lint-action@master
with:
# [required]
# Paths to ansible files (i.e., playbooks, tasks, handlers etc..)
# or valid Ansible directories according to the Ansible role
# directory structure.
# If you want to lint multiple ansible files, use the following syntax
# targets: |
# playbook_1.yml
# playbook_2.yml
targets: |
"tasks"
# [optional]
# Arguments to be passed to the ansible-lint
# Options:
# -q quieter, although not silent output
# -p parseable output in the format of pep8
# --parseable-severity parseable output including severity of rule
# -r RULESDIR specify one or more rules directories using one or
# more -r arguments. Any -r flags override the default
# rules in ansiblelint/rules, unless -R is also used.
# -R Use default rules in ansiblelint/rules in addition to
# any extra
# rules directories specified with -r. There is no need
# to specify this if no -r flags are used
# -t TAGS only check rules whose id/tags match these values
# -x SKIP_LIST only check rules whose id/tags do not match these
# values
# --nocolor disable colored output
# --exclude=EXCLUDE_PATHS
# path to directories or files to skip. This option is
# repeatable.
# -c C Specify configuration file to use. Defaults to ".ansible-lint"
args: ""
\ No newline at end of file
The MIT License (MIT)
Copyright (c) 2020 Thorstein B. Nordby
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
---
# defaults file for ansible-role-awx-docker
\ No newline at end of file
# defaults file for ansible-role-awx-docker
awx_repo_url: https://github.com/ansible/awx.git # Where to pull the AWX code from
awx_repo_dir: ~/awx # Where to store the AWX code locally
awx_update_repo: true # Signals if we shold keep the local repo updated
awx_repo_version: 9.2.0 # What AWX Repo version to use
awx_postgres_data_dir: /var/lib/pgdocker # Where to store persistent postgres data files
awx_compose_dir: /var/lib/awx_docker # Path to place AWX docker compose file(s)
awx_web_ssl: true # Should AWX use https
awx_web_ssl_selfsigned: true # Will the cert be selfsigned (the role will create it), currently only selfsigned is supported
awx_web_ssl_cert: "" # If we're not using selfsigned, where can we copy the cert from. Only used if awx_web_ssl_selfsigned == false
awx_web_ssl_key: "" # If we're not using selfsigned, where can we copy the key from. Only used if awx_web_ssl_selfsigned == false
awx_web_ssl_cert_folder: /etc/ssl #the destination on the host where we'll place the cert
awx_web_ssl_key_folder: /etc/ssl/private #the destination on the host where we'll place the key
awx_awx_password: password # Admin password for logging in to AWX (you'll want to encrypt this)
awx_postgres_password: password # Password for postgres database (you'll want to encrypt this)
awx_rabbitmq_password: password # Password for rabbitmq (you'll want to encrypt this)
awx_secret_key: verysecretkey #Ansible secret key used to decrypt secrets. You'll definitly want to encrypt this.
awx_docker_registry: "" # If not using official docker registry, use this variable to define internal registry
#Package related settings
setup_epel: true #set to fale if setting up epel from other places than official yum !# REMOVE THIS AND PUT EPEL AS A REQUIREMENT
awx_required_pip_dependencies: # Required pip packages
- pip
- pyOpenSSL
- docker
- docker-compose
- ansible-tower-cli
- zipp
\ No newline at end of file
---
# handlers file for ansible-role-awx-docker
\ No newline at end of file
# handlers file for ansible-role-awx-docker
galaxy_info:
author: your name
description: your description
company: your company (optional)
author: thorsteinbn
description: Ansible role for setup awx with local docker
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
license: MIT
# Some suggested licenses:
# - BSD (default)
# - MIT
# - GPLv2
# - GPLv3
# - Apache
# - CC-BY
license: license (GPLv2, CC-BY, etc)
min_ansible_version: 1.2
min_ansible_version: 2.9
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
......@@ -43,7 +31,11 @@ galaxy_info:
# - 1.0
# - 7
# - 99.99
platforms:
- name: Centos
versions:
- 7
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
......
---
- name: Change memcached docker registry
lineinfile:
path: "{{ awx_repo_dir }}/installer/roles/local_docker/defaults/main.yml"
- name: Change docker registry
lineinfile:
path: "{{ item.path }}"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
loop:
- path: "{{ awx_repo_dir }}/installer/roles/local_docker/defaults/main.yml"
regexp: '^rabbitmq_image'
line: rabbitmq_image{{':'}} "{{ '{{ awx_docker_registry }}' }}/ansible/awx_rabbitmq:{{ '{{ rabbitmq_version }}' }}"
- path: "{{ awx_repo_dir }}/installer/roles/local_docker/defaults/main.yml"
regexp: '^postgresql_image'
line: postgresql_image{{':'}} "{{ '{{ awx_docker_registry }}' }}/postgres:{{ '{{ postgresql_version }}' }}"
- path: "{{ awx_repo_dir }}/installer/roles/local_docker/defaults/main.yml"
regexp: '^memcached_image'
line: memcached_image{{':'}} "{{ '{{ awx_docker_registry }}' }}/memcached"
...
\ No newline at end of file
---
- name: Make cert folder
file:
path: "{{ awx_web_ssl_cert_folder }}"
state: directory
- name: Make cert Key folder
file:
path: "{{ awx_web_ssl_key_folder }}"
state: directory
#Work in progress, need to handle different cert extentions
# - name: Insert cert
# copy:
# src: "{{ awx_web_ssl_cert }}"
# dest: "{{ awx_web_ssl_cert_folder }}/"
# - name: Insert cert key
# copy:
# src:
...
\ No newline at end of file
---
- name: Set dockerhub base with local registry
set_fact:
awx_docker_registry_ansible_base: "{{ awx_docker_registry }}/ansible"
when: awx_docker_registry != ""
- name: Run AWX playbook from source with local registry
command: "ansible-playbook -i inventory install.yml -e postgres_data_dir={{ awx_postgres_data_dir }} -e dockerhub_base={{ awx_docker_registry_ansible_base }}"
args:
chdir: "{{ awx_repo_dir }}/installer"
when: awx_docker_registry != ""
- name: Run AWX playbook from source whith official registry
command: "ansible-playbook -i inventory install.yml -e postgres_data_dir={{ awx_postgres_data_dir }}"
args:
chdir: "{{ awx_repo_dir }}/installer"
when: awx_docker_registry == ""
- name: Set SELinux label
sefcontext:
target: '{{ awx_compose_dir }}(/.*)?'
setype: container_file_t
state: present
when: ansible_os_family == "RedHat"
register: selinux_change
- name: Apply new SELinux file context to filesystem
command: restorecon -irv {{ awx_compose_dir }}
when: selinux_change.changed
- name: restart the containers
docker_compose:
restarted: yes
project_src: '{{ awx_compose_dir }}'
when: selinux_change.changed
---
- name: Make cert folder
file:
path: "{{ awx_web_ssl_cert_folder }}"
state: directory
- name: Make cert Key folder
file:
path: "{{ awx_web_ssl_key_folder }}"
state: directory
- name: Make CSR folder
file:
path: "{{ awx_web_ssl_cert_folder }}/csr"
state: directory
- name: Make cert private Key
openssl_privatekey:
path: "{{ awx_web_ssl_key_folder }}/{{ inventory_hostname }}.key"
- name: Make cert CSR
openssl_csr:
path: "{{ awx_web_ssl_cert_folder }}/csr/{{ inventory_hostname }}.csr"
privatekey_path: "{{ awx_web_ssl_key_folder }}/{{ inventory_hostname }}.key"
common_name: "{{ inventory_hostname }}"
- name: Make self signet cert
openssl_certificate:
path: "{{ awx_web_ssl_cert_folder }}/{{ inventory_hostname }}.crt"
privatekey_path: "{{ awx_web_ssl_key_folder }}/{{ inventory_hostname }}.key"
csr_path: "{{ awx_web_ssl_cert_folder }}/csr/{{ inventory_hostname }}.csr"
provider: selfsigned
register: cert_created
- name: Make pem from self-signed
shell: cat {{ awx_web_ssl_key_folder }}/{{ inventory_hostname }}.key {{ awx_web_ssl_cert_folder }}/{{ inventory_hostname }}.crt > {{ awx_web_ssl_cert_folder }}/{{ inventory_hostname }}.pem # noqa 204
when: cert_created.changed
- name: Add cert to awx inventory file
lineinfile:
path: "{{ awx_repo_dir }}/installer/inventory"
line: "ssl_certificate={{ awx_web_ssl_cert_folder }}/{{ inventory_hostname }}.pem"
state: present
- name: Fix SElinux for certs
sefcontext:
target: '{{ awx_web_ssl_cert_folder }}/{{ inventory_hostname }}.pem'
setype: container_file_t
state: present
when: ansible_os_family == "RedHat"
register: ssl_selinux
- name: Apply new SELinux file context to filesystem
command: restorecon -irv {{ awx_web_ssl_cert_folder }}/{{ inventory_hostname }}.pem
when: ssl_selinux.changed
...
---
- name: Set default passwords
lineinfile:
path: "{{ awx_repo_dir }}/installer/inventory"
state: "{{ item.state | default('present') }}"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
no_log: True
loop: '{{ passwords }}'
...
\ No newline at end of file
---
# tasks file for ansible-role-awx-docker
\ No newline at end of file
# tasks file for ansible-role-awx-docker
- name: Include variables for target OS
include_vars: '{{ ansible_os_family }}.yml'
- name: Enable epel
package:
name: epel-release
state: present
when:
- setup_epel
- ansible_os_family == "RedHat"
- name: Install requirements for target OS
package:
name: '{{ item }}'
state: present
loop: '{{ awx_package_dependencies|flatten(levels=1) }}'
- name: Install required pip packages
pip:
name: '{{ item }}'
state: latest
loop: '{{ awx_required_pip_dependencies|flatten(levels=1) }}'
- name: Clone AWX into configured directory.
git:
repo: '{{ awx_repo_url }}'
dest: '{{ awx_repo_dir }}'
version: '{{ awx_repo_version }}'
update: '{{ awx_update_repo }}'
force: true
accept_hostkey: true
- name: Setup passwords
include: awx-set-passwords.yml
- name: Set AWX compose dir
lineinfile:
path: "{{ awx_repo_dir }}/installer/inventory"
state: present
regexp: "^docker_compose_dir="
line: "docker_compose_dir={{ awx_compose_dir }}"
when: awx_compose_dir is defined
- name: Setup self-signed certs
include: awx-self-signed-cert.yml
when:
- awx_web_ssl
- awx_web_ssl_selfsigned
- name: Setup certs
include: awx-install-cert.yml
when:
- awx_web_ssl
- awx_web_ssl_cert
- awx_web_ssl_key
- name: Ensure docker service is running
systemd:
name: docker
state: started
enabled: yes
- name: Setup awx
include: awx-install.yml
...
\ No newline at end of file
awx_package_dependencies:
- '@Development tools'
- gettext
- gcc-c++
- bzip2
- python-devel
- python-pip
- ansible
- docker
\ No newline at end of file
---
# vars file for ansible-role-awx-docker
\ No newline at end of file
# vars file for ansible-role-awx-docker
passwords:
- regexp: '^admin_password='
line: "admin_password='{{ awx_awx_password }}'"
- regexp: '^pg_password='
line: "pg_password='{{ awx_postgres_password }}'"
- regexp: '^rabbitmq_password='
line: "rabbitmq_password='{{ awx_rabbitmq_password }}'"
- regexp: '^secret_key='
line: "secret_key='{{ awx_secret_key }}'"
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment