libretic/ansible-libretic-aap
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Gestion token

Browse source
This commit is contained in:
Navas 2024-08-11 20:47:04 +02:00
parent 121fbbc405
commit beba2692e8
1 changed files with 187 additions and 177 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

364
configure-awx.yml
View file

@ -19,197 +19,207 @@
controller_username: "{{ awx_controller_username }}" controller_username: "{{ awx_controller_username }}"
controller_password: "{{ awx_controller_password }}" controller_password: "{{ awx_controller_password }}"
- name: Définition des organisations de base - name: Block avec token
awx.awx.organization: block:
controller_host: "{{ awx_controller_host }}" - name: Définition des organisations de base
controller_oauthtoken: "{{ controller_token }}" awx.awx.organization:
name: "{{ awx_organization }}" controller_host: "{{ awx_controller_host }}"
state: "{{ _state }}" controller_oauthtoken: "{{ controller_token }}"
galaxy_credentials: name: "{{ awx_organization }}"
- "Ansible Galaxy" state: "{{ _state }}"
galaxy_credentials:
- "Ansible Galaxy"
- name: Définition du secret pour récuperer les projets depuis git - name: Définition du secret pour récuperer les projets depuis git
awx.awx.credential: awx.awx.credential:
controller_host: "{{ awx_controller_host }}" controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}" controller_oauthtoken: "{{ controller_token }}"
name: "{{ item.name }}" name: "{{ item.name }}"
organization: "{{ awx_organization }}" organization: "{{ awx_organization }}"
credential_type: "Source Control" credential_type: "Source Control"
description: "Secret d'accès d'AWX au repo git" description: "Secret d'accès d'AWX au repo git"
inputs: inputs:
username: "{{ item.username }}" username: "{{ item.username }}"
password: "{{ item.password }}" password: "{{ item.password }}"
with_items: "{{ awx_git_credentials }}" with_items: "{{ awx_git_credentials }}"
no_log: true no_log: true
when: _state == "present" when: _state == "present"
- name: Définition du secret ansible-vault utilisé dans les projets git - name: Définition du secret ansible-vault utilisé dans les projets git
awx.awx.credential: awx.awx.credential:
controller_host: "{{ awx_controller_host }}" controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}" controller_oauthtoken: "{{ controller_token }}"
name: "{{ item.name }}" name: "{{ item.name }}"
organization: "{{ awx_organization }}" organization: "{{ awx_organization }}"
credential_type: "Vault" credential_type: "Vault"
description: "Secret du ansible-vault pour le chiffrement dans les projets git" description: "Secret du ansible-vault pour le chiffrement dans les projets git"
inputs: inputs:
vault_password: "{{ item.password }}" vault_password: "{{ item.password }}"
with_items: "{{ awx_vault_credentials }}" with_items: "{{ awx_vault_credentials }}"
no_log: true no_log: true
when: _state == "present" when: _state == "present"
- name: Définition du secret de connexion aux machines - name: Définition du secret de connexion aux machines
awx.awx.credential: awx.awx.credential:
controller_host: "{{ awx_controller_host }}" controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}" controller_oauthtoken: "{{ controller_token }}"
name: "{{ item.name }}" name: "{{ item.name }}"
description: "Clé d'accès pour se connecter aux machines" description: "Clé d'accès pour se connecter aux machines"
organization: "{{ awx_organization }}" organization: "{{ awx_organization }}"
credential_type: "Machine" credential_type: "Machine"
inputs: inputs:
username: "{{ item.username }}" username: "{{ item.username }}"
ssh_key_data: "{{ item.ssh_key_data }}" ssh_key_data: "{{ item.ssh_key_data }}"
with_items: "{{ awx_machine_credentials }}" with_items: "{{ awx_machine_credentials }}"
no_log: true no_log: true
when: _state == "present" when: _state == "present"
- name: Définition du type de secret aap_ressources - name: Définition du type de secret aap_ressources
awx.awx.credential_type: awx.awx.credential_type:
controller_host: "{{ awx_controller_host }}" controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}" controller_oauthtoken: "{{ controller_token }}"
name: "aap_ressources" name: "aap_ressources"
description: "Secrets pour se connecter à un serveur de ressources ansible" description: "Secrets pour se connecter à un serveur de ressources ansible"
state: "{{ _state }}" state: "{{ _state }}"
kind: net kind: net
inputs: "{{ lookup('file', 'files/aap_ressources_credential_type_inputs.json') }}" inputs: "{{ lookup('file', 'files/aap_ressources_credential_type_inputs.json') }}"
injectors: "{{ lookup('file', 'files/aap_ressources_credential_type_injectors.json') }}" injectors: "{{ lookup('file', 'files/aap_ressources_credential_type_injectors.json') }}"
- name: Définition du secret de connexion au serveur de ressources Ansible - name: Définition du secret de connexion au serveur de ressources Ansible
awx.awx.credential: awx.awx.credential:
controller_host: "{{ awx_controller_host }}" controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}" controller_oauthtoken: "{{ controller_token }}"
name: "{{ awx_aap_ressources_credential_name }}" name: "{{ awx_aap_ressources_credential_name }}"
description: "Secrets pour se connecter au serveur de ressources ansible" description: "Secrets pour se connecter au serveur de ressources ansible"
organization: "{{ awx_organization }}" organization: "{{ awx_organization }}"
credential_type: "aap_ressources" credential_type: "aap_ressources"
inputs: inputs:
url: "{{ awx_aap_ressources_url }}" url: "{{ awx_aap_ressources_url }}"
username: "{{ awx_aap_ressources_username }}" username: "{{ awx_aap_ressources_username }}"
password: "{{ awx_aap_ressources_password }}" password: "{{ awx_aap_ressources_password }}"
no_log: true no_log: true
when: _state == "present" when: _state == "present"
- name: Définition des environnements d'exécution - name: Définition des environnements d'exécution
awx.awx.execution_environment: awx.awx.execution_environment:
controller_host: "{{ awx_controller_host }}" controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}" controller_oauthtoken: "{{ controller_token }}"
name: "{{ awx_ee }}" name: "{{ awx_ee }}"
image: "{{ awx_ee_image }}:{{ awx_ee_version }}" image: "{{ awx_ee_image }}:{{ awx_ee_version }}"
state: "{{ _state }}" state: "{{ _state }}"
- name: Creation des équipes pour application des droits - name: Creation des équipes pour application des droits
awx.awx.team: awx.awx.team:
controller_host: "{{ awx_controller_host }}" controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}" controller_oauthtoken: "{{ controller_token }}"
name: "{{ item.team }}" name: "{{ item.team }}"
organization: "{{ item.organization }}" organization: "{{ item.organization }}"
with_items: with_items:
- "{{ awx_team_list }}" - "{{ awx_team_list }}"
when: _state == "present" when: _state == "present"
- name: Affectation des droits aux équipes - name: Affectation des droits aux équipes
awx.awx.role: awx.awx.role:
controller_host: "{{ awx_controller_host }}" controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}" controller_oauthtoken: "{{ controller_token }}"
organizations: "{{ item.organization }}" organizations: "{{ item.organization }}"
teams: "{{ item.team }}" teams: "{{ item.team }}"
role: "{{ item.role }}" role: "{{ item.role }}"
with_items: with_items:
- "{{ awx_team_roles_list }}" - "{{ awx_team_roles_list }}"
when: _state == "present" when: _state == "present"
# on vérifie ici car no_log de la tâche qui utilise empêche d'avoir une explication en cas d'oubli # on vérifie ici car no_log de la tâche qui utilise empêche d'avoir une explication en cas d'oubli
- name: Vérifie que awx_custom_settings est défini (besoin que l'environnement soit précisé) - name: Vérifie que awx_custom_settings est défini (besoin que l'environnement soit précisé)
ansible.builtin.assert: ansible.builtin.assert:
that: that:
- awx_custom_settings is defined - awx_custom_settings is defined
- name: Définition de paramètres spécifiques - name: Définition de paramètres spécifiques
awx.awx.settings: awx.awx.settings:
controller_host: "{{ awx_controller_host }}" controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}" controller_oauthtoken: "{{ controller_token }}"
settings: "{{ awx_custom_settings }}" settings: "{{ awx_custom_settings }}"
no_log: true no_log: true
# Configuration d'awx - projet # Configuration d'awx - projet
- name: Définition du projet - name: Définition du projet
awx.awx.project: awx.awx.project:
controller_host: "{{ awx_controller_host }}" controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}" controller_oauthtoken: "{{ controller_token }}"
name: "{{ awx_project_name }}" name: "{{ awx_project_name }}"
scm_type: git scm_type: git
scm_url: "{{ awx_project_url }}" scm_url: "{{ awx_project_url }}"
scm_update_on_launch: true scm_update_on_launch: true
scm_update_cache_timeout: 60 scm_update_cache_timeout: 60
scm_credential: "{{ awx_git_credential_name }}" scm_credential: "{{ awx_git_credential_name }}"
state: "{{ _state }}" state: "{{ _state }}"
allow_override: true allow_override: true
organization: "{{ awx_organization }}" organization: "{{ awx_organization }}"
default_environment: "{{ awx_ee }}" default_environment: "{{ awx_ee }}"
- name: Définition de l'inventaire - name: Définition de l'inventaire
awx.awx.inventory: awx.awx.inventory:
controller_host: "{{ awx_controller_host }}" controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}" controller_oauthtoken: "{{ controller_token }}"
name: "{{ awx_project_name }}_{{ environnement }}" name: "{{ awx_project_name }}_{{ environnement }}"
state: "{{ _state }}" state: "{{ _state }}"
organization: "{{ awx_organization }}" organization: "{{ awx_organization }}"
- name: Définition de la source d'inventaire - name: Définition de la source d'inventaire
awx.awx.inventory_source: awx.awx.inventory_source:
controller_host: "{{ awx_controller_host }}" controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}" controller_oauthtoken: "{{ controller_token }}"
name: "{{ awx_project_name }}_{{ environnement }}" name: "{{ awx_project_name }}_{{ environnement }}"
inventory: "{{ awx_project_name }}_{{ environnement }}" inventory: "{{ awx_project_name }}_{{ environnement }}"
state: "{{ _state }}" state: "{{ _state }}"
organization: "{{ awx_organization }}" organization: "{{ awx_organization }}"
source: scm source: scm
source_project: "{{ awx_project_name }}" source_project: "{{ awx_project_name }}"
source_path: "inventory/{{ environnement }}/hosts" source_path: "inventory/{{ environnement }}/hosts"
overwrite: true overwrite: true
update_on_launch: true update_on_launch: true
# les sources disparaissent avec l'inventaire qui les contient # les sources disparaissent avec l'inventaire qui les contient
when: _state == "present" when: _state == "present"
- name: Définition du playbook setup-env - name: Définition du playbook setup-env
awx.awx.job_template: awx.awx.job_template:
controller_host: "{{ awx_controller_host }}" controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}" controller_oauthtoken: "{{ controller_token }}"
name: "{{ awx_project_name }}_{{ environnement }}_{{ item }}" name: "{{ awx_project_name }}_{{ environnement }}_{{ item }}"
project: "{{ awx_project_name }}" project: "{{ awx_project_name }}"
inventory: "{{ awx_project_name }}_{{ environnement }}" inventory: "{{ awx_project_name }}_{{ environnement }}"
state: "{{ _state }}" state: "{{ _state }}"
organization: "{{ awx_organization }}" organization: "{{ awx_organization }}"
job_type: run job_type: run
ask_job_type_on_launch: true ask_job_type_on_launch: true
playbook: "{{ item }}" playbook: "{{ item }}"
become_enabled: true become_enabled: true
credentials: credentials:
- "{{ awx_vault_credential_name }}" - "{{ awx_vault_credential_name }}"
- "{{ awx_machine_credential_name }}" - "{{ awx_machine_credential_name }}"
- "{{ awx_aap_ressources_credential_name }}" - "{{ awx_aap_ressources_credential_name }}"
with_items: with_items:
- setup-env.yml - setup-env.yml
- name: Planification remise en conformité régulière - name: Planification remise en conformité régulière
awx.awx.schedule: awx.awx.schedule:
controller_host: "{{ awx_controller_host }}" controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}" controller_oauthtoken: "{{ controller_token }}"
name: "{{ awx_project_name }}_{{ environnement }}_{{ item }}-schedule-daily" name: "{{ awx_project_name }}_{{ environnement }}_{{ item }}-schedule-daily"
unified_job_template: "{{ awx_project_name }}_{{ environnement }}_{{ item }}" unified_job_template: "{{ awx_project_name }}_{{ environnement }}_{{ item }}"
rrule: "{{ query('awx.awx.schedule_rrule', 'day', start_date='2024-01-01 12:30:00', timezone='Europe/Paris') }}" rrule: "{{ query('awx.awx.schedule_rrule', 'day', start_date='2024-01-01 12:30:00', timezone='Europe/Paris') }}"
enabled: false # TODO: corriger un souci avec les variables quand exécution depuis awx enabled: false # TODO: corriger un souci avec les variables quand exécution depuis awx
with_items: with_items:
- setup-env.yml - setup-env.yml
when: _state == "present" when: _state == "present"
always:
- name: Destruction du token
awx.awx.token:
controller_host: "{{ awx_controller_host }}"
controller_oauthtoken: "{{ controller_token }}"
existing_token: "{{ controller_token }}"
state: absent