libretic/ansible-libretic-aap
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Ajout d'environnement d'exécution libretic

Browse source
This commit is contained in:
Navas 2024-08-08 17:58:20 +02:00
parent 1ee15c664f
commit 3f4c2f4885
9 changed files with 41 additions and 54 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

71
configure-awx.yml
View file

@ -9,16 +9,20 @@
tasks: tasks:
# Configuration d'awx - préparatifs # Configuration d'awx - préparatifs
- name: Définit _state - name: Définit _state
ansible.builtin.set_fact: ansible.builtin.set_fact:
_state: "{{ awx_state | default('present') }}" _state: "{{ awx_state | default('present') }}"
- name: Définition des organisations de base - name: Obtention d'un token
awx.awx.organization: awx.awx.token:
controller_host: "{{ awx_controller_host }}" controller_host: "{{ awx_controller_host }}"
controller_username: "{{ awx_controller_username }}" controller_username: "{{ awx_controller_username }}"
controller_password: "{{ awx_controller_password }}" controller_password: "{{ awx_controller_password }}"
- name: Définition des organisations de base
awx.awx.organization:
controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}"
name: "{{ awx_organization }}" name: "{{ awx_organization }}"
state: "{{ _state }}" state: "{{ _state }}"
galaxy_credentials: galaxy_credentials:
@ -27,8 +31,7 @@
- name: Définition du secret pour récuperer les projets depuis git - name: Définition du secret pour récuperer les projets depuis git
awx.awx.credential: awx.awx.credential:
controller_host: "{{ awx_controller_host }}" controller_host: "{{ awx_controller_host }}"
controller_username: "{{ awx_controller_username }}" controller_oauthtoken: "{{ controller_token }}"
controller_password: "{{ awx_controller_password }}"
name: "{{ item.name }}" name: "{{ item.name }}"
organization: "{{ awx_organization }}" organization: "{{ awx_organization }}"
credential_type: "Source Control" credential_type: "Source Control"
@ -43,8 +46,7 @@
- name: Définition du secret ansible-vault utilisé dans les projets git - name: Définition du secret ansible-vault utilisé dans les projets git
awx.awx.credential: awx.awx.credential:
controller_host: "{{ awx_controller_host }}" controller_host: "{{ awx_controller_host }}"
controller_username: "{{ awx_controller_username }}" controller_oauthtoken: "{{ controller_token }}"
controller_password: "{{ awx_controller_password }}"
name: "{{ item.name }}" name: "{{ item.name }}"
organization: "{{ awx_organization }}" organization: "{{ awx_organization }}"
credential_type: "Vault" credential_type: "Vault"
@ -58,8 +60,7 @@
- name: Définition du secret de connexion aux machines - name: Définition du secret de connexion aux machines
awx.awx.credential: awx.awx.credential:
controller_host: "{{ awx_controller_host }}" controller_host: "{{ awx_controller_host }}"
controller_username: "{{ awx_controller_username }}" controller_oauthtoken: "{{ controller_token }}"
controller_password: "{{ awx_controller_password }}"
name: "{{ item.name }}" name: "{{ item.name }}"
description: "Clé d'accès pour se connecter aux machines" description: "Clé d'accès pour se connecter aux machines"
organization: "{{ awx_organization }}" organization: "{{ awx_organization }}"
@ -74,8 +75,7 @@
- name: Définition du type de secret aap_ressources - name: Définition du type de secret aap_ressources
awx.awx.credential_type: awx.awx.credential_type:
controller_host: "{{ awx_controller_host }}" controller_host: "{{ awx_controller_host }}"
controller_username: "{{ awx_controller_username }}" controller_oauthtoken: "{{ controller_token }}"
controller_password: "{{ awx_controller_password }}"
name: "aap_ressources" name: "aap_ressources"
description: "Secrets pour se connecter à un serveur de ressources ansible" description: "Secrets pour se connecter à un serveur de ressources ansible"
state: "{{ _state }}" state: "{{ _state }}"
@ -86,8 +86,7 @@
- name: Définition du secret de connexion au serveur de ressources Ansible - name: Définition du secret de connexion au serveur de ressources Ansible
awx.awx.credential: awx.awx.credential:
controller_host: "{{ awx_controller_host }}" controller_host: "{{ awx_controller_host }}"
controller_username: "{{ awx_controller_username }}" controller_oauthtoken: "{{ controller_token }}"
controller_password: "{{ awx_controller_password }}"
name: "{{ awx_aap_ressources_credential_name }}" name: "{{ awx_aap_ressources_credential_name }}"
description: "Secrets pour se connecter au serveur de ressources ansible" description: "Secrets pour se connecter au serveur de ressources ansible"
organization: "{{ awx_organization }}" organization: "{{ awx_organization }}"
@ -99,25 +98,18 @@
no_log: true no_log: true
when: _state == "present" when: _state == "present"
- name: Définition des environnements d'exécution
# - name: Définition des environnements d'exécution awx.awx.execution_environment:
# awx.awx.execution_environment: controller_host: "{{ awx_controller_host }}"
# controller_host: "{{ awx_controller_host }}" controller_oauthtoken: "{{ controller_token }}"
# controller_username: "{{ awx_controller_username }}" name: "{{ awx_ee }}"
# controller_password: "{{ awx_controller_username }}" image: "{{ awx_ee_image }}:{{ awx_ee_version }}"
# name: "{{ item.name }}-{{ item.version }}" state: "{{ _state }}"
# image: "{{ item.image }}:{{ item.version }}"
# state: "{{ _state }}"
# with_items:
# - name: awx-ee-libretic
# image: "{{ awx_ee_image }}"
# version: "{{ awx_ee_version }}"
- name: Creation des équipes pour application des droits - name: Creation des équipes pour application des droits
awx.awx.team: awx.awx.team:
controller_host: "{{ awx_controller_host }}" controller_host: "{{ awx_controller_host }}"
controller_username: "{{ awx_controller_username }}" controller_oauthtoken: "{{ controller_token }}"
controller_password: "{{ awx_controller_password }}"
name: "{{ item.team }}" name: "{{ item.team }}"
organization: "{{ item.organization }}" organization: "{{ item.organization }}"
with_items: with_items:
@ -127,8 +119,7 @@
- name: Affectation des droits aux équipes - name: Affectation des droits aux équipes
awx.awx.role: awx.awx.role:
controller_host: "{{ awx_controller_host }}" controller_host: "{{ awx_controller_host }}"
controller_username: "{{ awx_controller_username }}" controller_oauthtoken: "{{ controller_token }}"
controller_password: "{{ awx_controller_password }}"
organizations: "{{ item.organization }}" organizations: "{{ item.organization }}"
teams: "{{ item.team }}" teams: "{{ item.team }}"
role: "{{ item.role }}" role: "{{ item.role }}"
@ -145,8 +136,7 @@
- name: Définition de paramètres spécifiques - name: Définition de paramètres spécifiques
awx.awx.settings: awx.awx.settings:
controller_host: "{{ awx_controller_host }}" controller_host: "{{ awx_controller_host }}"
controller_username: "{{ awx_controller_username }}" controller_oauthtoken: "{{ controller_token }}"
controller_password: "{{ awx_controller_password }}"
settings: "{{ awx_custom_settings }}" settings: "{{ awx_custom_settings }}"
no_log: true no_log: true
@ -156,8 +146,7 @@
- name: Définition du projet - name: Définition du projet
awx.awx.project: awx.awx.project:
controller_host: "{{ awx_controller_host }}" controller_host: "{{ awx_controller_host }}"
controller_username: "{{ awx_controller_username }}" controller_oauthtoken: "{{ controller_token }}"
controller_password: "{{ awx_controller_password }}"
name: "{{ awx_project_name }}" name: "{{ awx_project_name }}"
scm_type: git scm_type: git
scm_url: "{{ awx_project_url }}" scm_url: "{{ awx_project_url }}"
@ -172,8 +161,7 @@
- name: Définition de l'inventaire - name: Définition de l'inventaire
awx.awx.inventory: awx.awx.inventory:
controller_host: "{{ awx_controller_host }}" controller_host: "{{ awx_controller_host }}"
controller_username: "{{ awx_controller_username }}" controller_oauthtoken: "{{ controller_token }}"
controller_password: "{{ awx_controller_password }}"
name: "{{ awx_project_name }}_{{ environnement }}" name: "{{ awx_project_name }}_{{ environnement }}"
state: "{{ _state }}" state: "{{ _state }}"
organization: "{{ awx_organization }}" organization: "{{ awx_organization }}"
@ -181,8 +169,7 @@
- name: Définition de la source d'inventaire - name: Définition de la source d'inventaire
awx.awx.inventory_source: awx.awx.inventory_source:
controller_host: "{{ awx_controller_host }}" controller_host: "{{ awx_controller_host }}"
controller_username: "{{ awx_controller_username }}" controller_oauthtoken: "{{ controller_token }}"
controller_password: "{{ awx_controller_password }}"
name: "{{ awx_project_name }}_{{ environnement }}" name: "{{ awx_project_name }}_{{ environnement }}"
inventory: "{{ awx_project_name }}_{{ environnement }}" inventory: "{{ awx_project_name }}_{{ environnement }}"
state: "{{ _state }}" state: "{{ _state }}"
@ -198,8 +185,7 @@
- name: Définition du playbook setup-env - name: Définition du playbook setup-env
awx.awx.job_template: awx.awx.job_template:
controller_host: "{{ awx_controller_host }}" controller_host: "{{ awx_controller_host }}"
controller_username: "{{ awx_controller_username }}" controller_oauthtoken: "{{ controller_token }}"
controller_password: "{{ awx_controller_password }}"
name: "{{ awx_project_name }}_{{ environnement }}_{{ item }}" name: "{{ awx_project_name }}_{{ environnement }}_{{ item }}"
project: "{{ awx_project_name }}" project: "{{ awx_project_name }}"
inventory: "{{ awx_project_name }}_{{ environnement }}" inventory: "{{ awx_project_name }}_{{ environnement }}"
@ -219,12 +205,11 @@
- name: Planification remise en conformité régulière - name: Planification remise en conformité régulière
awx.awx.schedule: awx.awx.schedule:
controller_host: "{{ awx_controller_host }}" controller_host: "{{ awx_controller_host }}"
controller_username: "{{ awx_controller_username }}" controller_oauthtoken: "{{ controller_token }}"
controller_password: "{{ awx_controller_password }}"
name: "{{ awx_project_name }}_{{ environnement }}_{{ item }}-schedule-daily" name: "{{ awx_project_name }}_{{ environnement }}_{{ item }}-schedule-daily"
unified_job_template: "{{ awx_project_name }}_{{ environnement }}_{{ item }}" unified_job_template: "{{ awx_project_name }}_{{ environnement }}_{{ item }}"
rrule: "{{ query('awx.awx.schedule_rrule', 'day', start_date='2024-01-01 12:30:00', timezone='Europe/Paris') }}" rrule: "{{ query('awx.awx.schedule_rrule', 'day', start_date='2024-01-01 12:30:00', timezone='Europe/Paris') }}"
enabled: true enabled: false # TODO: corriger un souci avec les variables quand exécution depuis awx
with_items: with_items:
- setup-env.yml - setup-env.yml
when: _state == "present" when: _state == "present"

3
inventory/prod/group_vars/all.yml
View file

@ -6,8 +6,7 @@ ressources_fqdn: ansible-ressources.libretic.fr
awx_url: "https://{{ awx_fqdn }}" awx_url: "https://{{ awx_fqdn }}"
# version d'awx-ee à configurer dans cet environnement # version d'awx-ee à configurer dans cet environnement
# awx_ee_version: "v0.1.3" awx_ee_version: v0.1.0
# awx_ee_image: "onavas/awx-ee-libretic"
awx_custom_settings: awx_custom_settings:
TOWER_URL_BASE: "{{ awx_url }}" TOWER_URL_BASE: "{{ awx_url }}"

2
inventory/prod/group_vars/rp_awx.yml
View file

@ -1,7 +1,7 @@
rp_vhost_fqdn: "{{ awx_fqdn }}" rp_vhost_fqdn: "{{ awx_fqdn }}"
rp_vhost_backend_proto: https rp_vhost_backend_proto: https
rp_vhost_backend_host: "{{ hostvars[groups['awx'][0]].ansible_host }}" rp_vhost_backend_host: "{{ hostvars[groups['awx'][0]].ansible_host }}"
rp_vhost_access_policy: OpenAccessPolicy rp_vhost_access_policy: InternalAccessPolicy
rp_vhost_indexing: BlockCrawlerIndexing rp_vhost_indexing: BlockCrawlerIndexing
rp_vhost_waf: "Off" rp_vhost_waf: "Off"
rp_vhost_cert: LIBRETICFR rp_vhost_cert: LIBRETICFR

5
roles/awx/defaults/main.yml
View file

@ -1,2 +1,5 @@
awx_operator_version: 2.19.1
awx_namespace: awx awx_namespace: awx
awx_operator_version: 2.19.1
awx_postgres_volume_name: awx-postgres-15-volume
awx_postgres_host_name: awx-postgres-15

2
roles/awx/tasks/main.yml
View file

@ -28,7 +28,7 @@
mode: u=rwx,g=rwx,o= mode: u=rwx,g=rwx,o=
- path: /data1/awx - path: /data1/awx
mode: u=rwx,g=rwx,o=rx mode: u=rwx,g=rwx,o=rx
- path: /data1/awx/postgres-15 - path: /data1/awx/postgres
mode: u=rwx,g=rwx,o=rx mode: u=rwx,g=rwx,o=rx
- path: /data1/awx/projects - path: /data1/awx/projects
mode: u=rwx,g=rwx,o=rx mode: u=rwx,g=rwx,o=rx

2
roles/awx/templates/base/awx.yaml
View file

@ -15,7 +15,7 @@ spec:
postgres_configuration_secret: awx-postgres-configuration postgres_configuration_secret: awx-postgres-configuration
postgres_data_volume_init: true #postgres_data_volume_init: true
postgres_storage_class: awx-postgres-volume postgres_storage_class: awx-postgres-volume
postgres_storage_requirements: postgres_storage_requirements:
requests: requests:

2
roles/awx/templates/base/kustomization.yaml
View file

@ -17,7 +17,7 @@ secretGenerator:
- name: awx-postgres-configuration - name: awx-postgres-configuration
type: Opaque type: Opaque
literals: literals:
- host=awx-postgres-15 - host={{ awx_postgres_host_name }}
- port=5432 - port=5432
- database=awx - database=awx
- username=awx - username=awx

4
roles/awx/templates/base/pv.yaml
View file

@ -3,7 +3,7 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolume kind: PersistentVolume
metadata: metadata:
name: awx-postgres-15-volume name: {{ awx_postgres_volume_name }}
spec: spec:
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
@ -12,7 +12,7 @@ spec:
storage: 3Gi storage: 3Gi
storageClassName: awx-postgres-volume storageClassName: awx-postgres-volume
hostPath: hostPath:
path: /data1/awx/postgres-15 path: /data1/awx/postgres
--- ---
apiVersion: v1 apiVersion: v1

4
vars/awx.yml
View file

@ -50,8 +50,8 @@ awx_aap_ressources_username: "{{ lookup('env', 'AAP_RESSOURCES_USER') }}"
awx_aap_ressources_password: "{{ lookup('env', 'AAP_RESSOURCES_PASSWORD') }}" awx_aap_ressources_password: "{{ lookup('env', 'AAP_RESSOURCES_PASSWORD') }}"
# Quel environnement d'exécution utiliser # Quel environnement d'exécution utiliser
awx_ee: "AWX EE (latest)" awx_ee: "awx-ee-libretic-{{ awx_ee_version }}"
awx_ee_image: libretic/awx-ee-libretic
##### #####
# Pour la mise en place du projet dans awx # Pour la mise en place du projet dans awx