libretic/ansible-libretic-aap
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Gestion token

Browse source
This commit is contained in:
Navas 2024-08-11 20:47:04 +02:00
parent 121fbbc405
commit beba2692e8
1 changed files with 187 additions and 177 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

364
configure-awx.yml
View file

@ -19,197 +19,207 @@
controller_username: "{{ awx_controller_username }}"
controller_password: "{{ awx_controller_password }}"
- name: Définition des organisations de base
awx.awx.organization:
controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}"
name: "{{ awx_organization }}"
state: "{{ _state }}"
galaxy_credentials:
- "Ansible Galaxy"
- name: Block avec token
block:
- name: Définition des organisations de base
awx.awx.organization:
controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}"
name: "{{ awx_organization }}"
state: "{{ _state }}"
galaxy_credentials:
- "Ansible Galaxy"
- name: Définition du secret pour récuperer les projets depuis git
awx.awx.credential:
controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}"
name: "{{ item.name }}"
organization: "{{ awx_organization }}"
credential_type: "Source Control"
description: "Secret d'accès d'AWX au repo git"
inputs:
username: "{{ item.username }}"
password: "{{ item.password }}"
with_items: "{{ awx_git_credentials }}"
no_log: true
when: _state == "present"
- name: Définition du secret pour récuperer les projets depuis git
awx.awx.credential:
controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}"
name: "{{ item.name }}"
organization: "{{ awx_organization }}"
credential_type: "Source Control"
description: "Secret d'accès d'AWX au repo git"
inputs:
username: "{{ item.username }}"
password: "{{ item.password }}"
with_items: "{{ awx_git_credentials }}"
no_log: true
when: _state == "present"
- name: Définition du secret ansible-vault utilisé dans les projets git
awx.awx.credential:
controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}"
name: "{{ item.name }}"
organization: "{{ awx_organization }}"
credential_type: "Vault"
description: "Secret du ansible-vault pour le chiffrement dans les projets git"
inputs:
vault_password: "{{ item.password }}"
with_items: "{{ awx_vault_credentials }}"
no_log: true
when: _state == "present"
- name: Définition du secret ansible-vault utilisé dans les projets git
awx.awx.credential:
controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}"
name: "{{ item.name }}"
organization: "{{ awx_organization }}"
credential_type: "Vault"
description: "Secret du ansible-vault pour le chiffrement dans les projets git"
inputs:
vault_password: "{{ item.password }}"
with_items: "{{ awx_vault_credentials }}"
no_log: true
when: _state == "present"
- name: Définition du secret de connexion aux machines
awx.awx.credential:
controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}"
name: "{{ item.name }}"
description: "Clé d'accès pour se connecter aux machines"
organization: "{{ awx_organization }}"
credential_type: "Machine"
inputs:
username: "{{ item.username }}"
ssh_key_data: "{{ item.ssh_key_data }}"
with_items: "{{ awx_machine_credentials }}"
no_log: true
when: _state == "present"
- name: Définition du secret de connexion aux machines
awx.awx.credential:
controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}"
name: "{{ item.name }}"
description: "Clé d'accès pour se connecter aux machines"
organization: "{{ awx_organization }}"
credential_type: "Machine"
inputs:
username: "{{ item.username }}"
ssh_key_data: "{{ item.ssh_key_data }}"
with_items: "{{ awx_machine_credentials }}"
no_log: true
when: _state == "present"
- name: Définition du type de secret aap_ressources
awx.awx.credential_type:
controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}"
name: "aap_ressources"
description: "Secrets pour se connecter à un serveur de ressources ansible"
state: "{{ _state }}"
kind: net
inputs: "{{ lookup('file', 'files/aap_ressources_credential_type_inputs.json') }}"
injectors: "{{ lookup('file', 'files/aap_ressources_credential_type_injectors.json') }}"
- name: Définition du type de secret aap_ressources
awx.awx.credential_type:
controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}"
name: "aap_ressources"
description: "Secrets pour se connecter à un serveur de ressources ansible"
state: "{{ _state }}"
kind: net
inputs: "{{ lookup('file', 'files/aap_ressources_credential_type_inputs.json') }}"
injectors: "{{ lookup('file', 'files/aap_ressources_credential_type_injectors.json') }}"
- name: Définition du secret de connexion au serveur de ressources Ansible
awx.awx.credential:
controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}"
name: "{{ awx_aap_ressources_credential_name }}"
description: "Secrets pour se connecter au serveur de ressources ansible"
organization: "{{ awx_organization }}"
credential_type: "aap_ressources"
inputs:
url: "{{ awx_aap_ressources_url }}"
username: "{{ awx_aap_ressources_username }}"
password: "{{ awx_aap_ressources_password }}"
no_log: true
when: _state == "present"
- name: Définition du secret de connexion au serveur de ressources Ansible
awx.awx.credential:
controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}"
name: "{{ awx_aap_ressources_credential_name }}"
description: "Secrets pour se connecter au serveur de ressources ansible"
organization: "{{ awx_organization }}"
credential_type: "aap_ressources"
inputs:
url: "{{ awx_aap_ressources_url }}"
username: "{{ awx_aap_ressources_username }}"
password: "{{ awx_aap_ressources_password }}"
no_log: true
when: _state == "present"
- name: Définition des environnements d'exécution
awx.awx.execution_environment:
controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}"
name: "{{ awx_ee }}"
image: "{{ awx_ee_image }}:{{ awx_ee_version }}"
state: "{{ _state }}"
- name: Définition des environnements d'exécution
awx.awx.execution_environment:
controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}"
name: "{{ awx_ee }}"
image: "{{ awx_ee_image }}:{{ awx_ee_version }}"
state: "{{ _state }}"
- name: Creation des équipes pour application des droits
awx.awx.team:
controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}"
name: "{{ item.team }}"
organization: "{{ item.organization }}"
with_items:
- "{{ awx_team_list }}"
when: _state == "present"
- name: Creation des équipes pour application des droits
awx.awx.team:
controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}"
name: "{{ item.team }}"
organization: "{{ item.organization }}"
with_items:
- "{{ awx_team_list }}"
when: _state == "present"
- name: Affectation des droits aux équipes
awx.awx.role:
controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}"
organizations: "{{ item.organization }}"
teams: "{{ item.team }}"
role: "{{ item.role }}"
with_items:
- "{{ awx_team_roles_list }}"
when: _state == "present"
- name: Affectation des droits aux équipes
awx.awx.role:
controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}"
organizations: "{{ item.organization }}"
teams: "{{ item.team }}"
role: "{{ item.role }}"
with_items:
- "{{ awx_team_roles_list }}"
when: _state == "present"
# on vérifie ici car no_log de la tâche qui utilise empêche d'avoir une explication en cas d'oubli
- name: Vérifie que awx_custom_settings est défini (besoin que l'environnement soit précisé)
ansible.builtin.assert:
that:
- awx_custom_settings is defined
# on vérifie ici car no_log de la tâche qui utilise empêche d'avoir une explication en cas d'oubli
- name: Vérifie que awx_custom_settings est défini (besoin que l'environnement soit précisé)
ansible.builtin.assert:
that:
- awx_custom_settings is defined
- name: Définition de paramètres spécifiques
awx.awx.settings:
controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}"
settings: "{{ awx_custom_settings }}"
no_log: true
- name: Définition de paramètres spécifiques
awx.awx.settings:
controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}"
settings: "{{ awx_custom_settings }}"
no_log: true
# Configuration d'awx - projet
# Configuration d'awx - projet
- name: Définition du projet
awx.awx.project:
controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}"
name: "{{ awx_project_name }}"
scm_type: git
scm_url: "{{ awx_project_url }}"
scm_update_on_launch: true
scm_update_cache_timeout: 60
scm_credential: "{{ awx_git_credential_name }}"
state: "{{ _state }}"
allow_override: true
organization: "{{ awx_organization }}"
default_environment: "{{ awx_ee }}"
- name: Définition du projet
awx.awx.project:
controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}"
name: "{{ awx_project_name }}"
scm_type: git
scm_url: "{{ awx_project_url }}"
scm_update_on_launch: true
scm_update_cache_timeout: 60
scm_credential: "{{ awx_git_credential_name }}"
state: "{{ _state }}"
allow_override: true
organization: "{{ awx_organization }}"
default_environment: "{{ awx_ee }}"
- name: Définition de l'inventaire
awx.awx.inventory:
controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}"
name: "{{ awx_project_name }}_{{ environnement }}"
state: "{{ _state }}"
organization: "{{ awx_organization }}"
- name: Définition de l'inventaire
awx.awx.inventory:
controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}"
name: "{{ awx_project_name }}_{{ environnement }}"
state: "{{ _state }}"
organization: "{{ awx_organization }}"
- name: Définition de la source d'inventaire
awx.awx.inventory_source:
controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}"
name: "{{ awx_project_name }}_{{ environnement }}"
inventory: "{{ awx_project_name }}_{{ environnement }}"
state: "{{ _state }}"
organization: "{{ awx_organization }}"
source: scm
source_project: "{{ awx_project_name }}"
source_path: "inventory/{{ environnement }}/hosts"
overwrite: true
update_on_launch: true
# les sources disparaissent avec l'inventaire qui les contient
when: _state == "present"
- name: Définition de la source d'inventaire
awx.awx.inventory_source:
controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}"
name: "{{ awx_project_name }}_{{ environnement }}"
inventory: "{{ awx_project_name }}_{{ environnement }}"
state: "{{ _state }}"
organization: "{{ awx_organization }}"
source: scm
source_project: "{{ awx_project_name }}"
source_path: "inventory/{{ environnement }}/hosts"
overwrite: true
update_on_launch: true
# les sources disparaissent avec l'inventaire qui les contient
when: _state == "present"
- name: Définition du playbook setup-env
awx.awx.job_template:
controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}"
name: "{{ awx_project_name }}_{{ environnement }}_{{ item }}"
project: "{{ awx_project_name }}"
inventory: "{{ awx_project_name }}_{{ environnement }}"
state: "{{ _state }}"
organization: "{{ awx_organization }}"
job_type: run
ask_job_type_on_launch: true
playbook: "{{ item }}"
become_enabled: true
credentials:
- "{{ awx_vault_credential_name }}"
- "{{ awx_machine_credential_name }}"
- "{{ awx_aap_ressources_credential_name }}"
with_items:
- setup-env.yml
- name: Définition du playbook setup-env
awx.awx.job_template:
controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}"
name: "{{ awx_project_name }}_{{ environnement }}_{{ item }}"
project: "{{ awx_project_name }}"
inventory: "{{ awx_project_name }}_{{ environnement }}"
state: "{{ _state }}"
organization: "{{ awx_organization }}"
job_type: run
ask_job_type_on_launch: true
playbook: "{{ item }}"
become_enabled: true
credentials:
- "{{ awx_vault_credential_name }}"
- "{{ awx_machine_credential_name }}"
- "{{ awx_aap_ressources_credential_name }}"
with_items:
- setup-env.yml
- name: Planification remise en conformité régulière
awx.awx.schedule:
controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}"
name: "{{ awx_project_name }}_{{ environnement }}_{{ item }}-schedule-daily"
unified_job_template: "{{ awx_project_name }}_{{ environnement }}_{{ item }}"
rrule: "{{ query('awx.awx.schedule_rrule', 'day', start_date='2024-01-01 12:30:00', timezone='Europe/Paris') }}"
enabled: false # TODO: corriger un souci avec les variables quand exécution depuis awx
with_items:
- setup-env.yml
when: _state == "present"
- name: Planification remise en conformité régulière
awx.awx.schedule:
controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}"
name: "{{ awx_project_name }}_{{ environnement }}_{{ item }}-schedule-daily"
unified_job_template: "{{ awx_project_name }}_{{ environnement }}_{{ item }}"
rrule: "{{ query('awx.awx.schedule_rrule', 'day', start_date='2024-01-01 12:30:00', timezone='Europe/Paris') }}"
enabled: false # TODO: corriger un souci avec les variables quand exécution depuis awx
with_items:
- setup-env.yml
when: _state == "present"
always:
- name: Destruction du token
awx.awx.token:
controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}"
existing_token: "{{ controller_token }}"
state: absent