# code: language=ansible - name: Setup awx configuration hosts: localhost gather_facts: false vars_files: - awx.yml tasks: # Configuration d'awx - préparatifs - name: Définit _state ansible.builtin.set_fact: _state: "{{ awx_state | default('present') }}" - name: Obtention d'un token awx.awx.token: controller_host: "{{ awx_controller_host }}" controller_username: "{{ awx_controller_username }}" controller_password: "{{ awx_controller_password }}" - name: Block avec token block: - name: Définition des organisations de base awx.awx.organization: controller_host: "{{ awx_controller_host }}" controller_oauthtoken: "{{ controller_token }}" name: "{{ awx_organization }}" state: "{{ _state }}" galaxy_credentials: - "Ansible Galaxy" - name: Définition du secret pour récuperer les projets depuis git awx.awx.credential: controller_host: "{{ awx_controller_host }}" controller_oauthtoken: "{{ controller_token }}" name: "{{ item.name }}" organization: "{{ awx_organization }}" credential_type: "Source Control" description: "Secret d'accès d'AWX au repo git" inputs: username: "{{ item.username }}" password: "{{ item.password }}" with_items: "{{ awx_git_credentials }}" no_log: true when: _state == "present" - name: Définition du secret ansible-vault utilisé dans les projets git awx.awx.credential: controller_host: "{{ awx_controller_host }}" controller_oauthtoken: "{{ controller_token }}" name: "{{ item.name }}" organization: "{{ awx_organization }}" credential_type: "Vault" description: "Secret du ansible-vault pour le chiffrement dans les projets git" inputs: vault_password: "{{ item.password }}" with_items: "{{ awx_vault_credentials }}" no_log: true when: _state == "present" - name: Définition du secret de connexion aux machines awx.awx.credential: controller_host: "{{ awx_controller_host }}" controller_oauthtoken: "{{ controller_token }}" name: "{{ item.name }}" description: "Clé d'accès pour se connecter aux machines" organization: "{{ awx_organization }}" credential_type: "Machine" inputs: username: "{{ item.username }}" ssh_key_data: "{{ item.ssh_key_data }}" with_items: "{{ awx_machine_credentials }}" no_log: true when: _state == "present" - name: Définition du type de secret aap_ressources awx.awx.credential_type: controller_host: "{{ awx_controller_host }}" controller_oauthtoken: "{{ controller_token }}" name: "aap_ressources" description: "Secrets pour se connecter à un serveur de ressources ansible" state: "{{ _state }}" kind: net inputs: "{{ lookup('file', 'files/aap_ressources_credential_type_inputs.json') }}" injectors: "{{ lookup('file', 'files/aap_ressources_credential_type_injectors.json') }}" - name: Définition du secret de connexion au serveur de ressources Ansible awx.awx.credential: controller_host: "{{ awx_controller_host }}" controller_oauthtoken: "{{ controller_token }}" name: "{{ awx_aap_ressources_credential_name }}" description: "Secrets pour se connecter au serveur de ressources ansible" organization: "{{ awx_organization }}" credential_type: "aap_ressources" inputs: url: "{{ awx_aap_ressources_url }}" username: "{{ awx_aap_ressources_username }}" password: "{{ awx_aap_ressources_password }}" no_log: true when: _state == "present" - name: Définition des environnements d'exécution awx.awx.execution_environment: controller_host: "{{ awx_controller_host }}" controller_oauthtoken: "{{ controller_token }}" name: "{{ awx_ee }}" image: "{{ awx_ee_image }}:{{ awx_ee_version }}" state: "{{ _state }}" - name: Creation des équipes pour application des droits awx.awx.team: controller_host: "{{ awx_controller_host }}" controller_oauthtoken: "{{ controller_token }}" name: "{{ item.team }}" organization: "{{ item.organization }}" with_items: - "{{ awx_team_list }}" when: _state == "present" - name: Affectation des droits aux équipes awx.awx.role: controller_host: "{{ awx_controller_host }}" controller_oauthtoken: "{{ controller_token }}" organizations: "{{ item.organization }}" teams: "{{ item.team }}" role: "{{ item.role }}" with_items: - "{{ awx_team_roles_list }}" when: _state == "present" # on vérifie ici car no_log de la tâche qui utilise empêche d'avoir une explication en cas d'oubli - name: Vérifie que awx_custom_settings est défini (besoin que l'environnement soit précisé) ansible.builtin.assert: that: - awx_custom_settings is defined - name: Définition de paramètres spécifiques awx.awx.settings: controller_host: "{{ awx_controller_host }}" controller_oauthtoken: "{{ controller_token }}" settings: "{{ awx_custom_settings }}" no_log: true # Configuration d'awx - projet - name: Définition du projet awx.awx.project: controller_host: "{{ awx_controller_host }}" controller_oauthtoken: "{{ controller_token }}" name: "{{ awx_project_name }}" scm_type: git scm_url: "{{ awx_project_url }}" scm_update_on_launch: true scm_update_cache_timeout: 60 scm_credential: "{{ awx_git_credential_name }}" state: "{{ _state }}" allow_override: true organization: "{{ awx_organization }}" default_environment: "{{ awx_ee }}" - name: Définition de l'inventaire awx.awx.inventory: controller_host: "{{ awx_controller_host }}" controller_oauthtoken: "{{ controller_token }}" name: "{{ awx_project_name }}_{{ environnement }}" state: "{{ _state }}" organization: "{{ awx_organization }}" - name: Définition de la source d'inventaire awx.awx.inventory_source: controller_host: "{{ awx_controller_host }}" controller_oauthtoken: "{{ controller_token }}" name: "{{ awx_project_name }}_{{ environnement }}" inventory: "{{ awx_project_name }}_{{ environnement }}" state: "{{ _state }}" organization: "{{ awx_organization }}" source: scm source_project: "{{ awx_project_name }}" source_path: "inventory/{{ environnement }}/hosts" overwrite: true update_on_launch: true # les sources disparaissent avec l'inventaire qui les contient when: _state == "present" - name: Définition du playbook setup-env awx.awx.job_template: controller_host: "{{ awx_controller_host }}" controller_oauthtoken: "{{ controller_token }}" name: "{{ awx_project_name }}_{{ environnement }}_{{ item }}" project: "{{ awx_project_name }}" inventory: "{{ awx_project_name }}_{{ environnement }}" state: "{{ _state }}" organization: "{{ awx_organization }}" job_type: run ask_job_type_on_launch: true playbook: "{{ item }}" become_enabled: true credentials: - "{{ awx_vault_credential_name }}" - "{{ awx_machine_credential_name }}" - "{{ awx_aap_ressources_credential_name }}" with_items: - setup-env.yml - name: Planification remise en conformité régulière awx.awx.schedule: controller_host: "{{ awx_controller_host }}" controller_oauthtoken: "{{ controller_token }}" name: "{{ awx_project_name }}_{{ environnement }}_{{ item }}-schedule-daily" unified_job_template: "{{ awx_project_name }}_{{ environnement }}_{{ item }}" rrule: "{{ query('awx.awx.schedule_rrule', 'day', start_date='2024-01-01 12:30:00', timezone='Europe/Paris') }}" enabled: false # TODO: corriger un souci avec les variables quand exécution depuis awx with_items: - setup-env.yml when: _state == "present" always: - name: Destruction du token awx.awx.token: controller_host: "{{ awx_controller_host }}" controller_oauthtoken: "{{ controller_token }}" existing_token: "{{ controller_token }}" state: absent