Commit e08260f3 authored by Thorstein Buind Nordby's avatar Thorstein Buind Nordby
Browse files

support for centos 7 and 8

parent 9fa2f3f7
Role Name
ansible-role-awx-docker
=========
A brief description of the role goes here.
A role that can be used to install/upgrade ansible AWX. Some features of the role:
- set up https, self signed or provided cert (currently self-signed is implemented)
- define custom passwords for postgres, rabbitmq and awx.
- Sets SELinux labels.
Requirements
------------
-------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Ansible to be able to run the role. The role installs other dependencies. See vars/OSFAMILY.yml for details.'
for RH family OS epel is required, this will be enabled unless <setup_epel> is set to false. This is only recommended if you're enabliong repos some other way.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
TDB
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
TBD
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
```yaml
---
- hosts: all
become: yes
vars:
awx_repo_version: 11.2.0
roles:
- ansible-role-awx-docker
...
```
License
-------
BSD
MIT
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).
- [Thorstein Buind Nordby](mailto:toffe@redpill-linpro.com)
\ No newline at end of file
......@@ -20,15 +20,5 @@ awx_secret_key: verysecretkey #Ansible secret key used to decrypt secrets. You'l
awx_docker_registry: "" # If not using official docker registry, use this variable to define internal registry
#Package related settings
setup_epel: true #set to fale if setting up epel from other places than official yum !# REMOVE THIS AND PUT EPEL AS A REQUIREMENT
awx_required_pip_dependencies: # Required pip packages
- pip
- pyOpenSSL
- docker
- docker-compose
- ansible-tower-cli
- zipp
\ No newline at end of file
setup_epel: true #set to fale if setting up epel from other places than official yum !# REMOVE THIS AND PUT EPEL AS A REQUIREMENT?
\ No newline at end of file
......@@ -9,7 +9,7 @@
path: "{{ awx_web_ssl_key_folder }}"
state: directory
#Work in progress, need to handle different cert extentions
#Work in progress
# - name: Insert cert
# copy:
# src: "{{ awx_web_ssl_cert }}"
......
......@@ -5,31 +5,64 @@
when: awx_docker_registry != ""
- name: Run AWX playbook from source with local registry
command: "ansible-playbook -i inventory install.yml -e postgres_data_dir={{ awx_postgres_data_dir }} -e dockerhub_base={{ awx_docker_registry_ansible_base }}"
command: "ansible-playbook -i inventory install.yml -e postgres_data_dir={{ awx_postgres_data_dir }} -e dockerhub_base={{ awx_docker_registry_ansible_base }} -e ansible_python_interpreter={{ python_path }}"
args:
chdir: "{{ awx_repo_dir }}/installer"
when: awx_docker_registry != ""
- name: Run AWX playbook from source whith official registry
command: "ansible-playbook -i inventory install.yml -e postgres_data_dir={{ awx_postgres_data_dir }}"
command: "ansible-playbook -i inventory install.yml -e postgres_data_dir={{ awx_postgres_data_dir }} -e ansible_python_interpreter={{ python_path }}"
args:
chdir: "{{ awx_repo_dir }}/installer"
when: awx_docker_registry == ""
- name: Set SELinux label
sefcontext:
target: '{{ awx_compose_dir }}(/.*)?'
setype: container_file_t
state: present
when: ansible_os_family == "RedHat"
register: selinux_change
- name: SELinux normal
block:
- name: Set SELinux label for docker-compose folder
sefcontext:
target: '{{ awx_compose_dir }}(/.*)?'
setype: container_file_t
state: present
register: selinux_compose_change
- name: Apply new SELinux file context to filesystem
command: restorecon -irv {{ awx_compose_dir }}
when: selinux_change.changed
- name: Apply new SELinux file context to filesystem
command: restorecon -irv {{ awx_compose_dir }}
when: selinux_compose_change.changed
- name: Set SELinux label for database folder
sefcontext:
target: '{{ awx_postgres_data_dir }}(/.*)?'
setype: container_file_t
state: present
register: selinux_postgre_change
- name: Apply new SELinux file context to filesystem
command: restorecon -irv {{ awx_postgres_data_dir }}
when: selinux_postgre_change.changed
when: (ansible_os_family == "RedHat") and not (ansible_distribution == "CentOS" and ansible_distribution_major_version == "7")
- name: SELinux Centos7
block:
- name: Set SELinux label for docker-compose folder
command: semanage fcontext -a -t container_file_t '{{ awx_compose_dir }}(/.*)?'
register: selinux_compose_change
- name: Apply new SELinux file context to filesystem
command: restorecon -irv {{ awx_compose_dir }}
#when: selinux_compose_change.changed
- name: Set SELinux label for database folder
command: semanage fcontext -a -t container_file_t '{{ awx_postgres_data_dir }}(/.*)?'
register: selinux_postgre_change
- name: Apply new SELinux file context to filesystem
command: restorecon -irv {{ awx_postgres_data_dir }}
#when: selinux_postgre_change.changed
when: (ansible_distribution == "CentOS" and ansible_distribution_major_version == "7")
- name: restart the containers
docker_compose:
restarted: yes
project_src: '{{ awx_compose_dir }}'
when: selinux_change.changed
when: (selinux_compose_change.changed) or (selinux_postgre_change.changed)
...
\ No newline at end of file
......@@ -42,15 +42,29 @@
line: "ssl_certificate={{ awx_web_ssl_cert_folder }}/{{ inventory_hostname }}.pem"
state: present
- name: Fix SElinux for certs
sefcontext:
target: '{{ awx_web_ssl_cert_folder }}/{{ inventory_hostname }}.pem'
setype: container_file_t
state: present
when: ansible_os_family == "RedHat"
register: ssl_selinux
- name: SElinux normal
block:
- name: Fix SElinux for certs
sefcontext:
target: '{{ awx_web_ssl_cert_folder }}/{{ inventory_hostname }}.pem'
setype: container_file_t
state: present
register: ssl_selinux
- name: Apply new SELinux file context to filesystem
command: restorecon -irv {{ awx_web_ssl_cert_folder }}/{{ inventory_hostname }}.pem
when: ssl_selinux.changed
when: (ansible_os_family == "RedHat") and not (ansible_distribution == "CentOS" and ansible_distribution_major_version == "7")
- name: SELinux Centos7
block:
- name: Apply new SELinux file context to filesystem
command: semanage fcontext -a -t container_file_t "{{ awx_web_ssl_cert_folder }}/{{ inventory_hostname }}.pem"
#register: ssl_selinux
- name: Apply new SELinux file context to filesystem
command: restorecon -irv {{ awx_web_ssl_cert_folder }}/{{ inventory_hostname }}.pem
#when: ssl_selinux.changed
when: (ansible_distribution == "CentOS" and ansible_distribution_major_version == "7")
- name: Apply new SELinux file context to filesystem
command: restorecon -irv {{ awx_web_ssl_cert_folder }}/{{ inventory_hostname }}.pem
when: ssl_selinux.changed
...
---
# tasks file for ansible-role-awx-docker
- name: Include variables for target OS
include_vars: '{{ ansible_os_family }}.yml'
include_vars: '{{ ansible_os_family }}{{ ansible_distribution_major_version }}.yml'
- name: Enable epel
package:
name: epel-release
state: present
when:
- setup_epel
- ansible_os_family == "RedHat"
- name: Setup needed repositories
include_tasks: 'os_tasks/repo_{{ ansible_os_family }}.yml'
- name: Install requirements for target OS
package:
......@@ -17,10 +12,15 @@
state: present
loop: '{{ awx_package_dependencies|flatten(levels=1) }}'
- name: Set ansible python interpreter
set_fact:
ansible_python_interpreter: '{{ python_path }}'
- name: Install required pip packages
pip:
name: '{{ item }}'
state: latest
executable: '{{ pip_executable }}'
loop: '{{ awx_required_pip_dependencies|flatten(levels=1) }}'
- name: Clone AWX into configured directory.
......
---
- name: Add docker repo
shell: 'yum-config-manager --add-repo={{ docker_repo }}'
args:
creates: /etc/yum.repos.d/docker-cerepo
- name: Enable epel
package:
name: epel-release
state: present
when:
- setup_epel
\ No newline at end of file
awx_package_dependencies:
- '@Development tools'
- gettext
- gcc-c++
- bzip2
- python-devel
- python-pip
- ansible
- docker
\ No newline at end of file
awx_package_dependencies:
- gettext
- gcc-c++
- git
- bzip2
- python3
- python3-devel
- python3-pip
- ansible
- libselinux-python3
- docker-ce
awx_required_pip_dependencies: # Required pip packages
- pyOpenSSL
- docker
- docker-compose
- ansible-tower-cli
- zipp
python_path: '/usr/bin/python3'
pip_executable: 'pip3'
docker_repo: https://download.docker.com/linux/centos/docker-ce.repo
\ No newline at end of file
awx_package_dependencies:
- gettext
- gcc-c++
- git
- bzip2
- python3-devel
- python3-pip
- ansible
- docker-ce-3:18.09.1-3.el7 #Currently the latest version working with the yum candidate for containerd.io in Centos8
awx_required_pip_dependencies: # Required pip packages
- pyOpenSSL
- docker
- docker-compose
- ansible-tower-cli
- zipp
python_path: '/usr/bin/python3'
pip_executable: 'pip3'
docker_repo: https://download.docker.com/linux/centos/docker-ce.repo
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment