Commit fe941cdd authored by Thorstein Buind Nordby's avatar Thorstein Buind Nordby
Browse files

started working

parent 50891389
---
# defaults file for ansible-role-awx-docker
\ No newline at end of file
# defaults file for ansible-role-awx-docker
awx_repo_url: https://github.com/ansible/awx.git # Where to pull the AWX code from
awx_repo_dir: ~/awx # Where to store the AWX code locally
awx_update_repo: true # Signals if we shold keep the local repo updated
awx_repo_version: 9.2.0 # What AWX Repo version to use
awx_postgres_data_dir: /var/lib/pgdocker # Where to store persistent postgres data files
awx_compose_dir: /var/lib/awx_docker # Path to place AWX docker compose file(s)
awx_web_ssl: true # Should AWX use https
awx_web_ssl_selfsigned: true # Will the cert be selfsigned (the role will create it), currently only selfsigned is supported
awx_web_ssl_cert: "" # If we're not using selfsigned, where can we copy the cert from. Only used if awx_web_ssl_selfsigned == false
awx_web_ssl_key: "" # If we're not using selfsigned, where can we copy the key from. Only used if awx_web_ssl_selfsigned == false
awx_web_ssl_cert_folder: /etc/ssl #the destination on the host where we'll place the cert
awx_web_ssl_key_folder: /etc/ssl/private #the destination on the host where we'll place the key
awx_awx_password: password # Admin password for logging in to AWX (you'll want to encrypt this)
awx_postgres_password: password # Password for postgres database (you'll want to encrypt this)
awx_rabbitmq_password: password # Password for rabbitmq (you'll want to encrypt this)
awx_docker_registry: "" # If not using official docker registry, insert registry here
\ No newline at end of file
---
- name: Change memcached docker registry
lineinfile:
path: "{{ awx_repo_dir }}/installer/roles/local_docker/defaults/main.yml"
- name: Change docker registry
lineinfile:
path: "{{ item.path }}"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
loop:
- path: "{{ awx_repo_dir }}/installer/roles/local_docker/defaults/main.yml"
regexp: '^rabbitmq_image'
line: rabbitmq_image{{':'}} "{{ '{{awx_docker_registry}}' }}/ansible/awx_rabbitmq:{{ '{{rabbitmq_version}}' }}"
- path: "{{ awx_repo_dir }}/installer/roles/local_docker/defaults/main.yml"
regexp: '^postgresql_image'
line: postgresql_image{{':'}} "{{ '{{awx_docker_registry}}' }}/postgres:{{ '{{postgresql_version}}' }}"
- path: "{{ awx_repo_dir }}/installer/roles/local_docker/defaults/main.yml"
regexp: '^memcached_image'
line: memcached_image{{':'}} "{{ '{{awx_docker_registry}}' }}/memcached"
...
\ No newline at end of file
---
- name: Make cert folder
file:
path: "{{awx_web_ssl_cert_folder}}"
state: directory
- name: Make cert Key folder
file:
path: "{{awx_web_ssl_key_folder}}"
state: directory
#Work in progress, need to handle different cert extentions
# - name: Insert cert
# copy:
# src: "{{ awx_web_ssl_cert }}"
# dest: "{{ awx_web_ssl_cert_folder }}/"
# - name: Insert cert key
# copy:
# src:
...
\ No newline at end of file
---
- name: Set dockerhub base with local registry
set_fact:
awx_docker_registry_ansible_base: "{{ awx_docker_registry }}/ansible"
when: awx_docker_registry =! ""
- name: Run AWX playbook from source with local registry
command: "ansible-playbook -i inventory install.yml -e postgres_data_dir={{ awx_postgres_data_dir }} -e dockerhub_base={{ awx_docker_registry_ansible_base }}"
when: awx_docker_registry =! ""
- name: Run AWX playbook from source whith official registry
command: "ansible-playbook -i inventory install.yml -e postgres_data_dir={{ awx_postgres_data_dir }}"
when: awx_docker_registry == ""
\ No newline at end of file
---
- name: Make cert folder
file:
path: "{{awx_web_ssl_cert_folder}}"
state: directory
- name: Make cert Key folder
file:
path: "{{awx_web_ssl_key_folder}}"
state: directory
- name: Make CSR folder
file:
path: "{{awx_web_ssl_cert_folder}}/csr"
state: directory
- name: Make cert private Key
openssl_privatekey:
path: "{{awx_web_ssl_key_folder}}/{{inventory_hostname}}.key"
- name: Make cert CSR
openssl_csr:
path: "{{awx_web_ssl_cert_folder}}/csr/{{inventory_hostname}}.csr"
privatekey_path: "{{awx_web_ssl_key_folder}}/{{inventory_hostname}}.key"
common_name: "{{inventory_hostname}}"
- name: Make self signet cert
openssl_certificate:
path: "{{ awx_web_ssl_cert_folder }}/{{ inventory_hostname }}.crt"
privatekey_path: "{{awx_web_ssl_key_folder}}/{{inventory_hostname}}.key"
csr_path: "{{awx_web_ssl_cert_folder}}/csr/{{ inventory_hostname}}.csr"
selfsigned_not_after: "+3650d"
provider: selfsigned
- name: Make pem cert
shell: cat {{awx_web_ssl_key_folder}}/{{inventory_hostname}}.key {{ awx_web_ssl_cert_folder }}/{{ inventory_hostname }}.crt > {{ awx_web_ssl_cert_folder }}/{{ inventory_hostname }}.pem
- name: Add cert to awx inventory file
lineinfile:
path: "{{ awx_repo_dir }}/installer/inventory"
line: "ssl_certificate={{ awx_web_ssl_cert_folder }}/{{ inventory_hostname }}.pem"
state: present
...
---
- name: Set default passwords
lineinfile:
path: "{{ awx_repo_dir }}/installer/inventory"
state: "{{ item.state | default('present') }}"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
no_log: True
loop: '{{ passwords | flatten(levels=0) }}'
...
\ No newline at end of file
---
# tasks file for ansible-role-awx-docker
\ No newline at end of file
# tasks file for ansible-role-awx-docker
- name: Include variables for target OS
include_vars: '{{ ansible_os_family }}.yml'
- name: Install requirements for target OS
package:
name: '{{ item }}'
state: present
loop: '{{ awx_package_requirements|flatten(levels=1) }}'
- name: Clone AWX into configured directory.
git:
repo: '{{ awx_repo_url }}'
dest: '{{ awx_repo_dir }}'
version: '{{ awx_repo_version }}'
update: '{{ awx_update_repo }}'
force: true
accept_hostkey: true
- name: Setup passwords
include: awx-set-passwords.yml
- name: Setup self-signed certs
include: awx-self-signed-cert.yml
when:
- awx_web_ssl
- awx_web_ssl_selfsigned
- name: Setup certs
include: awx-install-cert.yml
when:
- awx_web_ssl
- awx_web_ssl_cert
- awx_web_ssl_key
- name: Setup awx
include: awx-install.yml
...
\ No newline at end of file
awx_package_dependencies:
- '@Development tools'
- gettext
- gcc-c++
- bzip2
\ No newline at end of file
---
# vars file for ansible-role-awx-docker
\ No newline at end of file
# vars file for ansible-role-awx-docker
passwords:
- regexp: '^admin_password='
line: "admin_password='{{ awx_awx_password }}'"
- regexp: '^pg_password='
line: "pg_password='{{ awx_postgres_password }}'"
- regexp: '^rabbitmq_password='
line: "rabbitmq_password='{{ awx_rabbitmq_password }}'"
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment