Commit 58d0181e authored by Thorstein Buind Nordby's avatar Thorstein Buind Nordby
Browse files

Merge branch 'dev' into 'master'

support for centos 7 and 8

See merge request oslo-devops/ansible-awx-role-docker!2
parents 19a1d63a 9c43285c
Role Name ansible-role-awx-docker
========= =========
A brief description of the role goes here. A role that can be used to install/upgrade ansible AWX. Some features of the role:
- set up https, self signed or provided cert (currently self-signed is implemented)
- define custom passwords for postgres, rabbitmq and awx.
- Sets SELinux labels.
Requirements Requirements
------------ -------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. Ansible to be able to run the role. The role installs other dependencies. See vars/OSFAMILY.yml for details.'
for RH family OS epel is required, this will be enabled unless <setup_epel> is set to false. This is only recommended if you're enabliong repos some other way.
Role Variables Role Variables
-------------- --------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. TDB
Dependencies Dependencies
------------ ------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. TBD
Example Playbook Example Playbook
---------------- ----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: ```yaml
---
- hosts: servers - hosts: all
become: yes
vars:
awx_repo_version: 11.2.0
roles: roles:
- { role: username.rolename, x: 42 } - ansible-role-awx-docker
...
```
License License
------- -------
BSD MIT
Author Information Author Information
------------------ ------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed). - [Thorstein Buind Nordby](mailto:toffe@redpill-linpro.com)
\ No newline at end of file
...@@ -20,15 +20,5 @@ awx_secret_key: verysecretkey #Ansible secret key used to decrypt secrets. You'l ...@@ -20,15 +20,5 @@ awx_secret_key: verysecretkey #Ansible secret key used to decrypt secrets. You'l
awx_docker_registry: "" # If not using official docker registry, use this variable to define internal registry awx_docker_registry: "" # If not using official docker registry, use this variable to define internal registry
#Package related settings #Package related settings
setup_epel: true #set to fale if setting up epel from other places than official yum !# REMOVE THIS AND PUT EPEL AS A REQUIREMENT setup_epel: true #set to fale if setting up epel from other places than official yum !# REMOVE THIS AND PUT EPEL AS A REQUIREMENT?
\ No newline at end of file
awx_required_pip_dependencies: # Required pip packages
- pip
- pyOpenSSL
- docker
- docker-compose
- ansible-tower-cli
- zipp
\ No newline at end of file
...@@ -9,7 +9,7 @@ ...@@ -9,7 +9,7 @@
path: "{{ awx_web_ssl_key_folder }}" path: "{{ awx_web_ssl_key_folder }}"
state: directory state: directory
#Work in progress, need to handle different cert extentions #Work in progress
# - name: Insert cert # - name: Insert cert
# copy: # copy:
# src: "{{ awx_web_ssl_cert }}" # src: "{{ awx_web_ssl_cert }}"
......
...@@ -5,31 +5,64 @@ ...@@ -5,31 +5,64 @@
when: awx_docker_registry != "" when: awx_docker_registry != ""
- name: Run AWX playbook from source with local registry - name: Run AWX playbook from source with local registry
command: "ansible-playbook -i inventory install.yml -e postgres_data_dir={{ awx_postgres_data_dir }} -e dockerhub_base={{ awx_docker_registry_ansible_base }}" command: "ansible-playbook -i inventory install.yml -e postgres_data_dir={{ awx_postgres_data_dir }} -e dockerhub_base={{ awx_docker_registry_ansible_base }} -e ansible_python_interpreter={{ python_path }}"
args: args:
chdir: "{{ awx_repo_dir }}/installer" chdir: "{{ awx_repo_dir }}/installer"
when: awx_docker_registry != "" when: awx_docker_registry != ""
- name: Run AWX playbook from source whith official registry - name: Run AWX playbook from source whith official registry
command: "ansible-playbook -i inventory install.yml -e postgres_data_dir={{ awx_postgres_data_dir }}" command: "ansible-playbook -i inventory install.yml -e postgres_data_dir={{ awx_postgres_data_dir }} -e ansible_python_interpreter={{ python_path }}"
args: args:
chdir: "{{ awx_repo_dir }}/installer" chdir: "{{ awx_repo_dir }}/installer"
when: awx_docker_registry == "" when: awx_docker_registry == ""
- name: Set SELinux label - name: SELinux normal
block:
- name: Set SELinux label for docker-compose folder
sefcontext: sefcontext:
target: '{{ awx_compose_dir }}(/.*)?' target: '{{ awx_compose_dir }}(/.*)?'
setype: container_file_t setype: container_file_t
state: present state: present
when: ansible_os_family == "RedHat" register: selinux_compose_change
register: selinux_change
- name: Apply new SELinux file context to filesystem - name: Apply new SELinux file context to filesystem
command: restorecon -irv {{ awx_compose_dir }} command: restorecon -irv {{ awx_compose_dir }}
when: selinux_change.changed when: selinux_compose_change.changed
- name: Set SELinux label for database folder
sefcontext:
target: '{{ awx_postgres_data_dir }}(/.*)?'
setype: container_file_t
state: present
register: selinux_postgre_change
- name: Apply new SELinux file context to filesystem
command: restorecon -irv {{ awx_postgres_data_dir }}
when: selinux_postgre_change.changed
when: (ansible_os_family == "RedHat") and not (ansible_distribution == "CentOS" and ansible_distribution_major_version == "7")
- name: SELinux Centos7
block:
- name: Set SELinux label for docker-compose folder
command: semanage fcontext -a -t container_file_t '{{ awx_compose_dir }}(/.*)?'
register: selinux_compose_change
- name: Apply new SELinux file context to filesystem
command: restorecon -irv {{ awx_compose_dir }}
#when: selinux_compose_change.changed
- name: Set SELinux label for database folder
command: semanage fcontext -a -t container_file_t '{{ awx_postgres_data_dir }}(/.*)?'
register: selinux_postgre_change
- name: Apply new SELinux file context to filesystem
command: restorecon -irv {{ awx_postgres_data_dir }}
#when: selinux_postgre_change.changed
when: (ansible_distribution == "CentOS" and ansible_distribution_major_version == "7")
- name: restart the containers - name: restart the containers
docker_compose: docker_compose:
restarted: yes restarted: yes
project_src: '{{ awx_compose_dir }}' project_src: '{{ awx_compose_dir }}'
when: selinux_change.changed when: (selinux_compose_change.changed) or (selinux_postgre_change.changed)
...
\ No newline at end of file
...@@ -42,15 +42,29 @@ ...@@ -42,15 +42,29 @@
line: "ssl_certificate={{ awx_web_ssl_cert_folder }}/{{ inventory_hostname }}.pem" line: "ssl_certificate={{ awx_web_ssl_cert_folder }}/{{ inventory_hostname }}.pem"
state: present state: present
- name: Fix SElinux for certs - name: SElinux normal
block:
- name: Fix SElinux for certs
sefcontext: sefcontext:
target: '{{ awx_web_ssl_cert_folder }}/{{ inventory_hostname }}.pem' target: '{{ awx_web_ssl_cert_folder }}/{{ inventory_hostname }}.pem'
setype: container_file_t setype: container_file_t
state: present state: present
when: ansible_os_family == "RedHat"
register: ssl_selinux register: ssl_selinux
- name: Apply new SELinux file context to filesystem
- name: Apply new SELinux file context to filesystem
command: restorecon -irv {{ awx_web_ssl_cert_folder }}/{{ inventory_hostname }}.pem command: restorecon -irv {{ awx_web_ssl_cert_folder }}/{{ inventory_hostname }}.pem
when: ssl_selinux.changed when: ssl_selinux.changed
when: (ansible_os_family == "RedHat") and not (ansible_distribution == "CentOS" and ansible_distribution_major_version == "7")
- name: SELinux Centos7
block:
- name: Apply new SELinux file context to filesystem
command: semanage fcontext -a -t container_file_t "{{ awx_web_ssl_cert_folder }}/{{ inventory_hostname }}.pem"
#register: ssl_selinux
- name: Apply new SELinux file context to filesystem
command: restorecon -irv {{ awx_web_ssl_cert_folder }}/{{ inventory_hostname }}.pem
#when: ssl_selinux.changed
when: (ansible_distribution == "CentOS" and ansible_distribution_major_version == "7")
... ...
--- ---
# tasks file for ansible-role-awx-docker # tasks file for ansible-role-awx-docker
- name: Include variables for target OS - name: Include variables for target OS
include_vars: '{{ ansible_os_family }}.yml' include_vars: '{{ ansible_os_family }}{{ ansible_distribution_major_version }}.yml'
- name: Enable epel - name: Setup needed repositories
package: include_tasks: 'os_tasks/repo_{{ ansible_os_family }}.yml'
name: epel-release
state: present
when:
- setup_epel
- ansible_os_family == "RedHat"
- name: Install requirements for target OS - name: Install requirements for target OS
package: package:
...@@ -17,10 +12,15 @@ ...@@ -17,10 +12,15 @@
state: present state: present
loop: '{{ awx_package_dependencies|flatten(levels=1) }}' loop: '{{ awx_package_dependencies|flatten(levels=1) }}'
- name: Set ansible python interpreter
set_fact:
ansible_python_interpreter: '{{ python_path }}'
- name: Install required pip packages - name: Install required pip packages
pip: pip:
name: '{{ item }}' name: '{{ item }}'
state: latest state: latest
executable: '{{ pip_executable }}'
loop: '{{ awx_required_pip_dependencies|flatten(levels=1) }}' loop: '{{ awx_required_pip_dependencies|flatten(levels=1) }}'
- name: Clone AWX into configured directory. - name: Clone AWX into configured directory.
......
---
- name: Add docker repo
shell: 'yum-config-manager --add-repo={{ docker_repo }}'
args:
creates: /etc/yum.repos.d/docker-cerepo
- name: Enable epel
package:
name: epel-release
state: present
when:
- setup_epel
\ No newline at end of file
awx_package_dependencies:
- '@Development tools'
- gettext
- gcc-c++
- bzip2
- python-devel
- python-pip
- ansible
- docker
\ No newline at end of file
awx_package_dependencies:
- gettext
- gcc-c++
- git
- bzip2
- python3
- python3-devel
- python3-pip
- ansible
- libselinux-python3
- docker-ce
awx_required_pip_dependencies: # Required pip packages
- pyOpenSSL
- docker
- docker-compose
- ansible-tower-cli
- zipp
python_path: '/usr/bin/python3'
pip_executable: 'pip3'
docker_repo: https://download.docker.com/linux/centos/docker-ce.repo
\ No newline at end of file
awx_package_dependencies:
- gettext
- gcc-c++
- git
- bzip2
- python3-devel
- python3-pip
- ansible
- docker-ce-3:18.09.1-3.el7 #Currently the latest version working with the yum candidate for containerd.io in Centos8
awx_required_pip_dependencies: # Required pip packages
- pyOpenSSL
- docker
- docker-compose
- ansible-tower-cli
- zipp
python_path: '/usr/bin/python3'
pip_executable: 'pip3'
docker_repo: https://download.docker.com/linux/centos/docker-ce.repo
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment