Commit e71e61d7 authored by Thorstein Buind Nordby's avatar Thorstein Buind Nordby
Browse files

Merge branch 'dev' into 'master'

merge dev to master

See merge request oslo-devops/ansible-awx-role-docker!3
parents 58d0181e 75f3a81b
---
# Based on ansible-lint config
extends: default
rules:
braces:
max-spaces-inside: 1
level: error
brackets:
max-spaces-inside: 1
level: error
colons:
max-spaces-after: -1
level: error
commas:
max-spaces-after: -1
level: error
comments: disable
comments-indentation: disable
document-start: disable
empty-lines:
max: 3
level: error
hyphens:
level: error
indentation: disable
key-duplicates: enable
line-length: disable
new-line-at-end-of-file: disable
new-lines:
type: unix
trailing-spaces: disable
truthy: disable
......@@ -5,14 +5,24 @@ A role that can be used to install/upgrade ansible AWX. Some features of the rol
- set up https, self signed or provided cert (currently self-signed is implemented)
- define custom passwords for postgres, rabbitmq and awx.
- Sets SELinux labels.
- Sets SELinux labels (on CentOS).
- You may define a cusom docker registry for awx images.
NOTE, on installation, when first opening the web interface you may be met with a AWX is upgrading message. This may take a while, depending om the specs of the box AWX is installed on. This is normal, have some coffee..
Requirements
-------------
Ansible to be able to run the role. The role installs other dependencies. See vars/OSFAMILY.yml for details.'
Ansible to be able to run the role. The role installs other dependencies. See /vars for details for each Distro.'
for CentOS epel is required, this will be enabled unless <setup_epel> is set to false. This is only recommended if you're enabling repos some other way.
The role is made for the following distributions:
for RH family OS epel is required, this will be enabled unless <setup_epel> is set to false. This is only recommended if you're enabliong repos some other way.
- Centos 7
- Centos 8
- Debian 9
- Debian 10
Role Variables
--------------
......@@ -34,7 +44,7 @@ Example Playbook
vars:
awx_repo_version: 11.2.0
roles:
- ansible-role-awx-docker
- ansible-awx-role-docker
...
```
......
......@@ -3,7 +3,7 @@
awx_repo_url: https://github.com/ansible/awx.git # Where to pull the AWX code from
awx_repo_dir: ~/awx # Where to store the AWX code locally
awx_update_repo: true # Signals if we shold keep the local repo updated
awx_repo_version: 9.2.0 # What AWX Repo version to use
awx_repo_version: 12.0.0 # What AWX Repo version to use
awx_postgres_data_dir: /var/lib/pgdocker # Where to store persistent postgres data files
awx_compose_dir: /var/lib/awx_docker # Path to place AWX docker compose file(s)
awx_web_ssl: true # Should AWX use https
......
---
# handlers file for ansible-role-awx-docker
- name: restart containers
docker_compose:
restarted: yes
state: present
project_src: '{{ awx_compose_dir }}'
\ No newline at end of file
......@@ -35,7 +35,7 @@ galaxy_info:
- name: Centos
versions:
- 7
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
......
*********************************
Vagrant driver installation guide
*********************************
Requirements
============
* Vagrant
* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop
Install
=======
Please refer to the `Virtual environment`_ documentation for installation best
practices. If not using a virtual environment, please consider passing the
widely recommended `'--user' flag`_ when invoking ``pip``.
.. _Virtual environment: https://virtualenv.pypa.io/en/latest/
.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site
.. code-block:: bash
$ pip install 'molecule_vagrant'
---
- name: Converge
hosts: all
become: yes
tasks:
- name: "Include ansible-role-awx-docker"
include_role:
name: "ansible-role-awx-docker"
---
dependency:
name: galaxy
driver:
name: vagrant
lint: |
set -e
yamllint .
ansible-lint
platforms:
- name: centos7
box: centos/7
memory: 1024
cpus: 2
instance_raw_config_args:
- "vm.network 'forwarded_port', guest: 80, host: 8081"
- "vm.network 'forwarded_port', guest: 443, host: 4431"
- name: centos8
box: centos/8
memory: 1024
cpus: 2
instance_raw_config_args:
- "vm.network 'forwarded_port', guest: 80, host: 8082"
- "vm.network 'forwarded_port', guest: 443, host: 4432"
- name: debian9
box: debian/stretch64
memory: 1024
cpus: 2
instance_raw_config_args:
- "vm.network 'forwarded_port', guest: 80, host: 8083"
- "vm.network 'forwarded_port', guest: 443, host: 4433"
- name: debian10
box: debian/buster64
memory: 1024
cpus: 2
instance_raw_config_args:
- "vm.network 'forwarded_port', guest: 80, host: 8084"
- "vm.network 'forwarded_port', guest: 443, host: 4434"
provisioner:
name: ansible
verifier:
name: ansible
---
# This is an example playbook to execute Ansible tests.
- name: Verify
hosts: all
tasks:
- name: Example assertion
assert:
that: true
......@@ -2,19 +2,21 @@
- name: Set dockerhub base with local registry
set_fact:
awx_docker_registry_ansible_base: "{{ awx_docker_registry }}/ansible"
when: awx_docker_registry != ""
when: awx_docker_registry | length > 0
- name: Run AWX playbook from source with local registry
command: "ansible-playbook -i inventory install.yml -e postgres_data_dir={{ awx_postgres_data_dir }} -e dockerhub_base={{ awx_docker_registry_ansible_base }} -e ansible_python_interpreter={{ python_path }}"
command: "ansible-playbook -i inventory install.yml -e postgres_data_dir={{ awx_postgres_data_dir }} -e dockerhub_base={{ awx_docker_registry_ansible_base }} -e ansible_python_interpreter={{ python_path }}" # noqa 204
args:
chdir: "{{ awx_repo_dir }}/installer"
when: awx_docker_registry != ""
when: awx_docker_registry | length > 0
notify: restart containers
- name: Run AWX playbook from source whith official registry
command: "ansible-playbook -i inventory install.yml -e postgres_data_dir={{ awx_postgres_data_dir }} -e ansible_python_interpreter={{ python_path }}"
args:
chdir: "{{ awx_repo_dir }}/installer"
when: awx_docker_registry == ""
when: awx_docker_registry | length == 0
notify: restart containers
- name: SELinux normal
block:
......@@ -27,6 +29,7 @@
- name: Apply new SELinux file context to filesystem
command: restorecon -irv {{ awx_compose_dir }}
notify: restart containers
when: selinux_compose_change.changed
- name: Set SELinux label for database folder
......@@ -38,8 +41,9 @@
- name: Apply new SELinux file context to filesystem
command: restorecon -irv {{ awx_postgres_data_dir }}
notify: restart containers
when: selinux_postgre_change.changed
when: (ansible_os_family == "RedHat") and not (ansible_distribution == "CentOS" and ansible_distribution_major_version == "7")
when: (ansible_distribution == "CentOS") and not (ansible_distribution_major_version == "7")
- name: SELinux Centos7
block:
......@@ -47,22 +51,17 @@
command: semanage fcontext -a -t container_file_t '{{ awx_compose_dir }}(/.*)?'
register: selinux_compose_change
# Need to implememnt changedwhen
- name: Apply new SELinux file context to filesystem
command: restorecon -irv {{ awx_compose_dir }}
#when: selinux_compose_change.changed
#notify: restart containers
- name: Set SELinux label for database folder
command: semanage fcontext -a -t container_file_t '{{ awx_postgres_data_dir }}(/.*)?'
register: selinux_postgre_change
# Need to implememnt changedwhen
- name: Apply new SELinux file context to filesystem
command: restorecon -irv {{ awx_postgres_data_dir }}
#when: selinux_postgre_change.changed
#notify: restart containers
when: (ansible_distribution == "CentOS" and ansible_distribution_major_version == "7")
- name: restart the containers
docker_compose:
restarted: yes
project_src: '{{ awx_compose_dir }}'
when: (selinux_compose_change.changed) or (selinux_postgre_change.changed)
...
\ No newline at end of file
......@@ -32,7 +32,7 @@
provider: selfsigned
register: cert_created
- name: Make pem from self-signed
- name: Make pem from self-signed # noqa 503
shell: cat {{ awx_web_ssl_key_folder }}/{{ inventory_hostname }}.key {{ awx_web_ssl_cert_folder }}/{{ inventory_hostname }}.crt > {{ awx_web_ssl_cert_folder }}/{{ inventory_hostname }}.pem # noqa 204
when: cert_created.changed
......@@ -53,7 +53,7 @@
- name: Apply new SELinux file context to filesystem
command: restorecon -irv {{ awx_web_ssl_cert_folder }}/{{ inventory_hostname }}.pem
when: ssl_selinux.changed
when: (ansible_os_family == "RedHat") and not (ansible_distribution == "CentOS" and ansible_distribution_major_version == "7")
when: (ansible_distribution == "CentOS") and not (ansible_distribution_major_version == "7")
- name: SELinux Centos7
block:
......
---
# tasks file for ansible-role-awx-docker
- name: Include variables for target OS
include_vars: '{{ ansible_os_family }}{{ ansible_distribution_major_version }}.yml'
include_vars: '{{ ansible_distribution }}{{ ansible_distribution_major_version }}.yml'
- name: Setup needed repositories
include_tasks: 'os_tasks/repo_{{ ansible_os_family }}.yml'
include_tasks: 'os_tasks/repo_{{ ansible_distribution }}.yml'
- name: Install requirements for target OS
package:
......@@ -15,11 +15,11 @@
- name: Set ansible python interpreter
set_fact:
ansible_python_interpreter: '{{ python_path }}'
- name: Install required pip packages
pip:
name: '{{ item }}'
state: latest
state: present
executable: '{{ pip_executable }}'
loop: '{{ awx_required_pip_dependencies|flatten(levels=1) }}'
......
---
- name: Add docker repo
shell: 'yum-config-manager --add-repo={{ docker_repo }}'
args:
creates: /etc/yum.repos.d/docker-cerepo
get_url:
url: '{{ docker_repo }}'
dest: /etc/yum.repos.d/docker.repo
- name: Enable epel
package:
......
---
- name: Install repo prerequisites
package:
name: "{{ item }}"
loop:
- apt-transport-https
- ca-certificates
- curl
- gnupg-agent
- software-properties-common
- name: Add docker repository signing key
apt_key:
id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
url: https://download.docker.com/linux/debian/gpg
state: present
- name: Add docker repository
apt_repository:
repo: "deb {{ docker_repo }}"
state: present
- name: Add Ubuntu ansible repo apt key
apt_key:
keyserver: keyserver.ubuntu.com
id: 93C4A3FD7BB9C367
- name: Add ansible repository
apt_repository:
repo: "deb {{ ansible_repo }}"
state: present
...
\ No newline at end of file
......@@ -3,6 +3,7 @@ awx_package_dependencies:
- gcc-c++
- git
- bzip2
- python3
- python3-devel
- python3-pip
- ansible
......
awx_package_dependencies:
- gettext
- build-essential
- git
- bzip2
- python3
- python3-dev
- python3-pip
- ansible
- docker-ce
awx_required_pip_dependencies: # Required pip packages
- pyOpenSSL
- docker
- docker-compose
- ansible-tower-cli
- zipp
python_path: '/usr/bin/python3'
pip_executable: 'pip3'
docker_repo: 'https://download.docker.com/linux/debian/ {{ ansible_distribution_release }} stable'
ansible_repo: 'http://ppa.launchpad.net/ansible/ansible/ubuntu trusty main'
\ No newline at end of file
awx_package_dependencies:
- gettext
- build-essential
- git
- bzip2
- python3
- python3-dev
- python3-pip
- ansible
- docker-ce
awx_required_pip_dependencies: # Required pip packages
- pyOpenSSL
- docker
- docker-compose
- ansible-tower-cli
- zipp
python_path: '/usr/bin/python3'
pip_executable: 'pip3'
docker_repo: 'https://download.docker.com/linux/debian/ {{ ansible_distribution_release }} stable'
ansible_repo: 'http://ppa.launchpad.net/ansible/ansible/ubuntu trusty main'
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment