215 lines
8.2 KiB
YAML
215 lines
8.2 KiB
YAML
# code: language=ansible
|
|
|
|
- name: Setup awx configuration
|
|
hosts: localhost
|
|
gather_facts: false
|
|
vars_files:
|
|
- awx.yml
|
|
|
|
tasks:
|
|
|
|
# Configuration d'awx - préparatifs
|
|
- name: Définit _state
|
|
ansible.builtin.set_fact:
|
|
_state: "{{ awx_state | default('present') }}"
|
|
|
|
- name: Obtention d'un token
|
|
awx.awx.token:
|
|
controller_host: "{{ awx_controller_host }}"
|
|
controller_username: "{{ awx_controller_username }}"
|
|
controller_password: "{{ awx_controller_password }}"
|
|
|
|
- name: Définition des organisations de base
|
|
awx.awx.organization:
|
|
controller_host: "{{ awx_controller_host }}"
|
|
controller_oauthtoken: "{{ controller_token }}"
|
|
name: "{{ awx_organization }}"
|
|
state: "{{ _state }}"
|
|
galaxy_credentials:
|
|
- "Ansible Galaxy"
|
|
|
|
- name: Définition du secret pour récuperer les projets depuis git
|
|
awx.awx.credential:
|
|
controller_host: "{{ awx_controller_host }}"
|
|
controller_oauthtoken: "{{ controller_token }}"
|
|
name: "{{ item.name }}"
|
|
organization: "{{ awx_organization }}"
|
|
credential_type: "Source Control"
|
|
description: "Secret d'accès d'AWX au repo git"
|
|
inputs:
|
|
username: "{{ item.username }}"
|
|
password: "{{ item.password }}"
|
|
with_items: "{{ awx_git_credentials }}"
|
|
no_log: true
|
|
when: _state == "present"
|
|
|
|
- name: Définition du secret ansible-vault utilisé dans les projets git
|
|
awx.awx.credential:
|
|
controller_host: "{{ awx_controller_host }}"
|
|
controller_oauthtoken: "{{ controller_token }}"
|
|
name: "{{ item.name }}"
|
|
organization: "{{ awx_organization }}"
|
|
credential_type: "Vault"
|
|
description: "Secret du ansible-vault pour le chiffrement dans les projets git"
|
|
inputs:
|
|
vault_password: "{{ item.password }}"
|
|
with_items: "{{ awx_vault_credentials }}"
|
|
no_log: true
|
|
when: _state == "present"
|
|
|
|
- name: Définition du secret de connexion aux machines
|
|
awx.awx.credential:
|
|
controller_host: "{{ awx_controller_host }}"
|
|
controller_oauthtoken: "{{ controller_token }}"
|
|
name: "{{ item.name }}"
|
|
description: "Clé d'accès pour se connecter aux machines"
|
|
organization: "{{ awx_organization }}"
|
|
credential_type: "Machine"
|
|
inputs:
|
|
username: "{{ item.username }}"
|
|
ssh_key_data: "{{ item.ssh_key_data }}"
|
|
with_items: "{{ awx_machine_credentials }}"
|
|
no_log: true
|
|
when: _state == "present"
|
|
|
|
- name: Définition du type de secret aap_ressources
|
|
awx.awx.credential_type:
|
|
controller_host: "{{ awx_controller_host }}"
|
|
controller_oauthtoken: "{{ controller_token }}"
|
|
name: "aap_ressources"
|
|
description: "Secrets pour se connecter à un serveur de ressources ansible"
|
|
state: "{{ _state }}"
|
|
kind: net
|
|
inputs: "{{ lookup('file', 'files/aap_ressources_credential_type_inputs.json') }}"
|
|
injectors: "{{ lookup('file', 'files/aap_ressources_credential_type_injectors.json') }}"
|
|
|
|
- name: Définition du secret de connexion au serveur de ressources Ansible
|
|
awx.awx.credential:
|
|
controller_host: "{{ awx_controller_host }}"
|
|
controller_oauthtoken: "{{ controller_token }}"
|
|
name: "{{ awx_aap_ressources_credential_name }}"
|
|
description: "Secrets pour se connecter au serveur de ressources ansible"
|
|
organization: "{{ awx_organization }}"
|
|
credential_type: "aap_ressources"
|
|
inputs:
|
|
url: "{{ awx_aap_ressources_url }}"
|
|
username: "{{ awx_aap_ressources_username }}"
|
|
password: "{{ awx_aap_ressources_password }}"
|
|
no_log: true
|
|
when: _state == "present"
|
|
|
|
- name: Définition des environnements d'exécution
|
|
awx.awx.execution_environment:
|
|
controller_host: "{{ awx_controller_host }}"
|
|
controller_oauthtoken: "{{ controller_token }}"
|
|
name: "{{ awx_ee }}"
|
|
image: "{{ awx_ee_image }}:{{ awx_ee_version }}"
|
|
state: "{{ _state }}"
|
|
|
|
- name: Creation des équipes pour application des droits
|
|
awx.awx.team:
|
|
controller_host: "{{ awx_controller_host }}"
|
|
controller_oauthtoken: "{{ controller_token }}"
|
|
name: "{{ item.team }}"
|
|
organization: "{{ item.organization }}"
|
|
with_items:
|
|
- "{{ awx_team_list }}"
|
|
when: _state == "present"
|
|
|
|
- name: Affectation des droits aux équipes
|
|
awx.awx.role:
|
|
controller_host: "{{ awx_controller_host }}"
|
|
controller_oauthtoken: "{{ controller_token }}"
|
|
organizations: "{{ item.organization }}"
|
|
teams: "{{ item.team }}"
|
|
role: "{{ item.role }}"
|
|
with_items:
|
|
- "{{ awx_team_roles_list }}"
|
|
when: _state == "present"
|
|
|
|
# on vérifie ici car no_log de la tâche qui utilise empêche d'avoir une explication en cas d'oubli
|
|
- name: Vérifie que awx_custom_settings est défini (besoin que l'environnement soit précisé)
|
|
ansible.builtin.assert:
|
|
that:
|
|
- awx_custom_settings is defined
|
|
|
|
- name: Définition de paramètres spécifiques
|
|
awx.awx.settings:
|
|
controller_host: "{{ awx_controller_host }}"
|
|
controller_oauthtoken: "{{ controller_token }}"
|
|
settings: "{{ awx_custom_settings }}"
|
|
no_log: true
|
|
|
|
|
|
# Configuration d'awx - projet
|
|
|
|
- name: Définition du projet
|
|
awx.awx.project:
|
|
controller_host: "{{ awx_controller_host }}"
|
|
controller_oauthtoken: "{{ controller_token }}"
|
|
name: "{{ awx_project_name }}"
|
|
scm_type: git
|
|
scm_url: "{{ awx_project_url }}"
|
|
scm_update_on_launch: true
|
|
scm_update_cache_timeout: 60
|
|
scm_credential: "{{ awx_git_credential_name }}"
|
|
state: "{{ _state }}"
|
|
allow_override: true
|
|
organization: "{{ awx_organization }}"
|
|
default_environment: "{{ awx_ee }}"
|
|
|
|
- name: Définition de l'inventaire
|
|
awx.awx.inventory:
|
|
controller_host: "{{ awx_controller_host }}"
|
|
controller_oauthtoken: "{{ controller_token }}"
|
|
name: "{{ awx_project_name }}_{{ environnement }}"
|
|
state: "{{ _state }}"
|
|
organization: "{{ awx_organization }}"
|
|
|
|
- name: Définition de la source d'inventaire
|
|
awx.awx.inventory_source:
|
|
controller_host: "{{ awx_controller_host }}"
|
|
controller_oauthtoken: "{{ controller_token }}"
|
|
name: "{{ awx_project_name }}_{{ environnement }}"
|
|
inventory: "{{ awx_project_name }}_{{ environnement }}"
|
|
state: "{{ _state }}"
|
|
organization: "{{ awx_organization }}"
|
|
source: scm
|
|
source_project: "{{ awx_project_name }}"
|
|
source_path: "inventory/{{ environnement }}/hosts"
|
|
overwrite: true
|
|
update_on_launch: true
|
|
# les sources disparaissent avec l'inventaire qui les contient
|
|
when: _state == "present"
|
|
|
|
- name: Définition du playbook setup-env
|
|
awx.awx.job_template:
|
|
controller_host: "{{ awx_controller_host }}"
|
|
controller_oauthtoken: "{{ controller_token }}"
|
|
name: "{{ awx_project_name }}_{{ environnement }}_{{ item }}"
|
|
project: "{{ awx_project_name }}"
|
|
inventory: "{{ awx_project_name }}_{{ environnement }}"
|
|
state: "{{ _state }}"
|
|
organization: "{{ awx_organization }}"
|
|
job_type: run
|
|
ask_job_type_on_launch: true
|
|
playbook: "{{ item }}"
|
|
become_enabled: true
|
|
credentials:
|
|
- "{{ awx_vault_credential_name }}"
|
|
- "{{ awx_machine_credential_name }}"
|
|
- "{{ awx_aap_ressources_credential_name }}"
|
|
with_items:
|
|
- setup-env.yml
|
|
|
|
- name: Planification remise en conformité régulière
|
|
awx.awx.schedule:
|
|
controller_host: "{{ awx_controller_host }}"
|
|
controller_oauthtoken: "{{ controller_token }}"
|
|
name: "{{ awx_project_name }}_{{ environnement }}_{{ item }}-schedule-daily"
|
|
unified_job_template: "{{ awx_project_name }}_{{ environnement }}_{{ item }}"
|
|
rrule: "{{ query('awx.awx.schedule_rrule', 'day', start_date='2024-01-01 12:30:00', timezone='Europe/Paris') }}"
|
|
enabled: false # TODO: corriger un souci avec les variables quand exécution depuis awx
|
|
with_items:
|
|
- setup-env.yml
|
|
when: _state == "present"
|