libretic/ansible-libretic-aap
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Ajout d'environnement d'exécution libretic

Browse source
This commit is contained in:
Navas 2024-08-08 17:58:20 +02:00
parent 1ee15c664f
commit 3f4c2f4885
9 changed files with 41 additions and 54 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

71
configure-awx.yml
View file

@ -9,16 +9,20 @@
tasks:
# Configuration d'awx - préparatifs
- name: Définit _state
ansible.builtin.set_fact:
_state: "{{ awx_state | default('present') }}"
- name: Définition des organisations de base
awx.awx.organization:
- name: Obtention d'un token
awx.awx.token:
controller_host: "{{ awx_controller_host }}"
controller_username: "{{ awx_controller_username }}"
controller_password: "{{ awx_controller_password }}"
- name: Définition des organisations de base
awx.awx.organization:
controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}"
name: "{{ awx_organization }}"
state: "{{ _state }}"
galaxy_credentials:
@ -27,8 +31,7 @@
- name: Définition du secret pour récuperer les projets depuis git
awx.awx.credential:
controller_host: "{{ awx_controller_host }}"
controller_username: "{{ awx_controller_username }}"
controller_password: "{{ awx_controller_password }}"
controller_oauthtoken: "{{ controller_token }}"
name: "{{ item.name }}"
organization: "{{ awx_organization }}"
credential_type: "Source Control"
@ -43,8 +46,7 @@
- name: Définition du secret ansible-vault utilisé dans les projets git
awx.awx.credential:
controller_host: "{{ awx_controller_host }}"
controller_username: "{{ awx_controller_username }}"
controller_password: "{{ awx_controller_password }}"
controller_oauthtoken: "{{ controller_token }}"
name: "{{ item.name }}"
organization: "{{ awx_organization }}"
credential_type: "Vault"
@ -58,8 +60,7 @@
- name: Définition du secret de connexion aux machines
awx.awx.credential:
controller_host: "{{ awx_controller_host }}"
controller_username: "{{ awx_controller_username }}"
controller_password: "{{ awx_controller_password }}"
controller_oauthtoken: "{{ controller_token }}"
name: "{{ item.name }}"
description: "Clé d'accès pour se connecter aux machines"
organization: "{{ awx_organization }}"
@ -74,8 +75,7 @@
- name: Définition du type de secret aap_ressources
awx.awx.credential_type:
controller_host: "{{ awx_controller_host }}"
controller_username: "{{ awx_controller_username }}"
controller_password: "{{ awx_controller_password }}"
controller_oauthtoken: "{{ controller_token }}"
name: "aap_ressources"
description: "Secrets pour se connecter à un serveur de ressources ansible"
state: "{{ _state }}"
@ -86,8 +86,7 @@
- name: Définition du secret de connexion au serveur de ressources Ansible
awx.awx.credential:
controller_host: "{{ awx_controller_host }}"
controller_username: "{{ awx_controller_username }}"
controller_password: "{{ awx_controller_password }}"
controller_oauthtoken: "{{ controller_token }}"
name: "{{ awx_aap_ressources_credential_name }}"
description: "Secrets pour se connecter au serveur de ressources ansible"
organization: "{{ awx_organization }}"
@ -99,25 +98,18 @@
no_log: true
when: _state == "present"
# - name: Définition des environnements d'exécution
# awx.awx.execution_environment:
# controller_host: "{{ awx_controller_host }}"
# controller_username: "{{ awx_controller_username }}"
# controller_password: "{{ awx_controller_username }}"
# name: "{{ item.name }}-{{ item.version }}"
# image: "{{ item.image }}:{{ item.version }}"
# state: "{{ _state }}"
# with_items:
# - name: awx-ee-libretic
# image: "{{ awx_ee_image }}"
# version: "{{ awx_ee_version }}"
- name: Définition des environnements d'exécution
awx.awx.execution_environment:
controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}"
name: "{{ awx_ee }}"
image: "{{ awx_ee_image }}:{{ awx_ee_version }}"
state: "{{ _state }}"
- name: Creation des équipes pour application des droits
awx.awx.team:
controller_host: "{{ awx_controller_host }}"
controller_username: "{{ awx_controller_username }}"
controller_password: "{{ awx_controller_password }}"
controller_oauthtoken: "{{ controller_token }}"
name: "{{ item.team }}"
organization: "{{ item.organization }}"
with_items:
@ -127,8 +119,7 @@
- name: Affectation des droits aux équipes
awx.awx.role:
controller_host: "{{ awx_controller_host }}"
controller_username: "{{ awx_controller_username }}"
controller_password: "{{ awx_controller_password }}"
controller_oauthtoken: "{{ controller_token }}"
organizations: "{{ item.organization }}"
teams: "{{ item.team }}"
role: "{{ item.role }}"
@ -145,8 +136,7 @@
- name: Définition de paramètres spécifiques
awx.awx.settings:
controller_host: "{{ awx_controller_host }}"
controller_username: "{{ awx_controller_username }}"
controller_password: "{{ awx_controller_password }}"
controller_oauthtoken: "{{ controller_token }}"
settings: "{{ awx_custom_settings }}"
no_log: true
@ -156,8 +146,7 @@
- name: Définition du projet
awx.awx.project:
controller_host: "{{ awx_controller_host }}"
controller_username: "{{ awx_controller_username }}"
controller_password: "{{ awx_controller_password }}"
controller_oauthtoken: "{{ controller_token }}"
name: "{{ awx_project_name }}"
scm_type: git
scm_url: "{{ awx_project_url }}"
@ -172,8 +161,7 @@
- name: Définition de l'inventaire
awx.awx.inventory:
controller_host: "{{ awx_controller_host }}"
controller_username: "{{ awx_controller_username }}"
controller_password: "{{ awx_controller_password }}"
controller_oauthtoken: "{{ controller_token }}"
name: "{{ awx_project_name }}_{{ environnement }}"
state: "{{ _state }}"
organization: "{{ awx_organization }}"
@ -181,8 +169,7 @@
- name: Définition de la source d'inventaire
awx.awx.inventory_source:
controller_host: "{{ awx_controller_host }}"
controller_username: "{{ awx_controller_username }}"
controller_password: "{{ awx_controller_password }}"
controller_oauthtoken: "{{ controller_token }}"
name: "{{ awx_project_name }}_{{ environnement }}"
inventory: "{{ awx_project_name }}_{{ environnement }}"
state: "{{ _state }}"
@ -198,8 +185,7 @@
- name: Définition du playbook setup-env
awx.awx.job_template:
controller_host: "{{ awx_controller_host }}"
controller_username: "{{ awx_controller_username }}"
controller_password: "{{ awx_controller_password }}"
controller_oauthtoken: "{{ controller_token }}"
name: "{{ awx_project_name }}_{{ environnement }}_{{ item }}"
project: "{{ awx_project_name }}"
inventory: "{{ awx_project_name }}_{{ environnement }}"
@ -219,12 +205,11 @@
- name: Planification remise en conformité régulière
awx.awx.schedule:
controller_host: "{{ awx_controller_host }}"
controller_username: "{{ awx_controller_username }}"
controller_password: "{{ awx_controller_password }}"
controller_oauthtoken: "{{ controller_token }}"
name: "{{ awx_project_name }}_{{ environnement }}_{{ item }}-schedule-daily"
unified_job_template: "{{ awx_project_name }}_{{ environnement }}_{{ item }}"
rrule: "{{ query('awx.awx.schedule_rrule', 'day', start_date='2024-01-01 12:30:00', timezone='Europe/Paris') }}"
enabled: true
enabled: false # TODO: corriger un souci avec les variables quand exécution depuis awx
with_items:
- setup-env.yml
when: _state == "present"

3
inventory/prod/group_vars/all.yml
View file

@ -6,8 +6,7 @@ ressources_fqdn: ansible-ressources.libretic.fr
awx_url: "https://{{ awx_fqdn }}"
# version d'awx-ee à configurer dans cet environnement
# awx_ee_version: "v0.1.3"
# awx_ee_image: "onavas/awx-ee-libretic"
awx_ee_version: v0.1.0
awx_custom_settings:
TOWER_URL_BASE: "{{ awx_url }}"

2
inventory/prod/group_vars/rp_awx.yml
View file

@ -1,7 +1,7 @@
rp_vhost_fqdn: "{{ awx_fqdn }}"
rp_vhost_backend_proto: https
rp_vhost_backend_host: "{{ hostvars[groups['awx'][0]].ansible_host }}"
rp_vhost_access_policy: OpenAccessPolicy
rp_vhost_access_policy: InternalAccessPolicy
rp_vhost_indexing: BlockCrawlerIndexing
rp_vhost_waf: "Off"
rp_vhost_cert: LIBRETICFR

5
roles/awx/defaults/main.yml
View file

@ -1,2 +1,5 @@
awx_operator_version: 2.19.1
awx_namespace: awx
awx_operator_version: 2.19.1
awx_postgres_volume_name: awx-postgres-15-volume
awx_postgres_host_name: awx-postgres-15

2
roles/awx/tasks/main.yml
View file

@ -28,7 +28,7 @@
mode: u=rwx,g=rwx,o=
- path: /data1/awx
mode: u=rwx,g=rwx,o=rx
- path: /data1/awx/postgres-15
- path: /data1/awx/postgres
mode: u=rwx,g=rwx,o=rx
- path: /data1/awx/projects
mode: u=rwx,g=rwx,o=rx

2
roles/awx/templates/base/awx.yaml
View file

@ -15,7 +15,7 @@ spec:
postgres_configuration_secret: awx-postgres-configuration
postgres_data_volume_init: true
#postgres_data_volume_init: true
postgres_storage_class: awx-postgres-volume
postgres_storage_requirements:
requests:

2
roles/awx/templates/base/kustomization.yaml
View file

@ -17,7 +17,7 @@ secretGenerator:
- name: awx-postgres-configuration
type: Opaque
literals:
- host=awx-postgres-15
- host={{ awx_postgres_host_name }}
- port=5432
- database=awx
- username=awx

4
roles/awx/templates/base/pv.yaml
View file

@ -3,7 +3,7 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: awx-postgres-15-volume
name: {{ awx_postgres_volume_name }}
spec:
accessModes:
- ReadWriteOnce
@ -12,7 +12,7 @@ spec:
storage: 3Gi
storageClassName: awx-postgres-volume
hostPath:
path: /data1/awx/postgres-15
path: /data1/awx/postgres
---
apiVersion: v1

4
vars/awx.yml
View file

@ -50,8 +50,8 @@ awx_aap_ressources_username: "{{ lookup('env', 'AAP_RESSOURCES_USER') }}"
awx_aap_ressources_password: "{{ lookup('env', 'AAP_RESSOURCES_PASSWORD') }}"
# Quel environnement d'exécution utiliser
awx_ee: "AWX EE (latest)"
awx_ee: "awx-ee-libretic-{{ awx_ee_version }}"
awx_ee_image: libretic/awx-ee-libretic
#####
# Pour la mise en place du projet dans awx