From 3fa10804be48717a4320f0fd658b649481c443f1 Mon Sep 17 00:00:00 2001 From: Tom Page Date: Fri, 21 Aug 2020 10:06:31 +0100 Subject: [PATCH] Add tower_install and tower_cert roles --- roles/.gitkeep | 0 roles/tower_cert/README.md | 62 +++++++++++++++ roles/tower_cert/defaults/main.yml | 3 + roles/tower_cert/handlers/main.yml | 6 ++ roles/tower_cert/meta/main.yml | 24 ++++++ roles/tower_cert/tasks/main.yml | 16 ++++ roles/tower_install/README.md | 86 +++++++++++++++++++++ roles/tower_install/defaults/main.yml | 41 ++++++++++ roles/tower_install/meta/main.yml | 22 ++++++ roles/tower_install/tasks/main.yml | 12 +++ roles/tower_install/tasks/tower_install.yml | 52 +++++++++++++ roles/tower_install/templates/inventory.j2 | 29 +++++++ 12 files changed, 353 insertions(+) delete mode 100644 roles/.gitkeep create mode 100644 roles/tower_cert/README.md create mode 100644 roles/tower_cert/defaults/main.yml create mode 100644 roles/tower_cert/handlers/main.yml create mode 100644 roles/tower_cert/meta/main.yml create mode 100644 roles/tower_cert/tasks/main.yml create mode 100644 roles/tower_install/README.md create mode 100644 roles/tower_install/defaults/main.yml create mode 100644 roles/tower_install/meta/main.yml create mode 100644 roles/tower_install/tasks/main.yml create mode 100644 roles/tower_install/tasks/tower_install.yml create mode 100644 roles/tower_install/templates/inventory.j2 diff --git a/roles/.gitkeep b/roles/.gitkeep deleted file mode 100644 index e69de29..0000000 diff --git a/roles/tower_cert/README.md b/roles/tower_cert/README.md new file mode 100644 index 0000000..e21306e --- /dev/null +++ b/roles/tower_cert/README.md @@ -0,0 +1,62 @@ +# ansible-tower-cert + +Ansible role to install Ansible Tower Certificate. + +## Requirements + +None + +## Role Variables + +Available variables are listed below, along with default values defined (see defaults/main.yml) + +```yaml +tower_cert_location: "{{ playbook_dir }}/tower.cert" +tower_cert_key_location: "{{ playbook_dir }}/tower.key" +``` + +## Example Playbook + +The following playbook and accompanying vars file containing the defined seed objects can be invoked in the following manner. + +```sh +$ ansible-playbook playbook.yml -e @tower_vars.yml tower +``` + +```yaml +--- +# Playbook to install Ansible Tower as a single node + +- name: Install Ansible Tower + hosts: tower + become: true + vars: + tower_tower_releases_url: https://releases.ansible.com/ansible-tower/setup-bundle + tower_tower_release_version: bundle-3.6.3-1.tar.gz + roles: + - ansible-tower-install +``` + +```yaml +--- +# Playbook to install Ansible Tower as a cluster + +- name: Setup Ansible Tower + hosts: localhost + become: true + vars: + tower_hosts: + - "clusternode[1:3].example.com" + tower_database: "dbnode.example.com" + tower_database_port: "5432" + roles: + - ansible-tower-install +``` + +## License + +MIT + +## Author Information + +Tom Page diff --git a/roles/tower_cert/defaults/main.yml b/roles/tower_cert/defaults/main.yml new file mode 100644 index 0000000..c915cb1 --- /dev/null +++ b/roles/tower_cert/defaults/main.yml @@ -0,0 +1,3 @@ +--- +tower_cert_location: "{{ playbook_dir }}/tower.cert" +tower_cert_key_location: "{{ playbook_dir }}/tower.key" diff --git a/roles/tower_cert/handlers/main.yml b/roles/tower_cert/handlers/main.yml new file mode 100644 index 0000000..233410f --- /dev/null +++ b/roles/tower_cert/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: Restart Ansible tower service + become: true + command: ansible-tower-service restart + tags: + - tower_certs diff --git a/roles/tower_cert/meta/main.yml b/roles/tower_cert/meta/main.yml new file mode 100644 index 0000000..da52087 --- /dev/null +++ b/roles/tower_cert/meta/main.yml @@ -0,0 +1,24 @@ +--- +galaxy_info: + role_name: ansible-tower-cert + author: Tom Page + description: Role to install Ansible Tower Certificates + company: Red Hat + + license: license (MIT) + + min_ansible_version: 2.7 + + platforms: + - name: EL + versions: + - 7 + + galaxy_tags: + - linux + - system + - ansible + - cert + - certs + +dependencies: [] diff --git a/roles/tower_cert/tasks/main.yml b/roles/tower_cert/tasks/main.yml new file mode 100644 index 0000000..3c6940b --- /dev/null +++ b/roles/tower_cert/tasks/main.yml @@ -0,0 +1,16 @@ +--- +- name: Copy cert into place + become: true + copy: + src: "{{ tower_cert_location }}" + dest: /etc/tower/tower.cert + notify: + - Restart Ansible tower service + +- name: Copy cert key into place + become: true + copy: + src: "{{ tower_cert_key_location }}" + dest: /etc/tower/tower.key + notify: + - Restart Ansible tower service diff --git a/roles/tower_install/README.md b/roles/tower_install/README.md new file mode 100644 index 0000000..666839a --- /dev/null +++ b/roles/tower_install/README.md @@ -0,0 +1,86 @@ +# ansible-tower-install + +Ansible role to install Ansible Tower. + +## Requirements + +None + +## Role Variables + +Available variables are listed below, along with default values defined (see defaults/main.yml) + +```yaml +tower_working_location: "/root/" + +# Tower variables +tower_admin_password: "password" + +# Postgresql variables +tower_pg_database: "awx" +tower_pg_username: "awx" +tower_pg_password: "password" + +# RabbitMQ variables +tower_rabbitmq_username: tower +tower_rabbitmq_password: "password" +tower_rabbitmq_cookie: "cookiemonster" +tower_rabbitmq_port: 5672 +tower_rabbitmq_vhost: tower +tower_rabbitmq_use_long_name: false + +tower_releases_url: https://releases.ansible.com/ansible-tower/setup +tower_setup_file: ansible-tower-setup-{{ tower_release_version }}.tar.gz + +tower_hosts: + - "localhost ansible_connection=local" + +tower_database: "" +tower_database_port: "" +``` + +## Example Playbook + +The following playbook and accompanying vars file containing the defined seed objects can be invoked in the following manner. + +```sh +$ ansible-playbook playbook.yml -e @tower_vars.yml tower +``` + +```yaml +--- +# Playbook to install Ansible Tower as a single node + +- name: Install Ansible Tower + hosts: tower + become: true + vars: + tower_tower_releases_url: https://releases.ansible.com/ansible-tower/setup-bundle + tower_tower_release_version: bundle-3.6.3-1.tar.gz + roles: + - ansible-tower-install +``` + +```yaml +--- +# Playbook to install Ansible Tower as a cluster + +- name: Setup Ansible Tower + hosts: localhost + become: true + vars: + tower_hosts: + - "clusternode[1:3].example.com" + tower_database: "dbnode.example.com" + tower_database_port: "5432" + roles: + - ansible-tower-install +``` + +## License + +MIT + +## Author Information + +Tom Page diff --git a/roles/tower_install/defaults/main.yml b/roles/tower_install/defaults/main.yml new file mode 100644 index 0000000..2da4ee4 --- /dev/null +++ b/roles/tower_install/defaults/main.yml @@ -0,0 +1,41 @@ +--- +# defaults file for ansible-tower-manage + +############################################################ +# Tower Installation Vars # +############################################################ + +# Working location for installation files +tower_working_location: "/var/tmp" + +# Tower variables +tower_admin_password: "password" + +# Postgresql variables +tower_pg_database: "awx" +tower_pg_username: "awx" +tower_pg_password: "password" + +# RabbitMQ variables +tower_rabbitmq_username: tower +tower_rabbitmq_password: "password" +tower_rabbitmq_cookie: "cookiemonster" +tower_rabbitmq_port: 5672 +tower_rabbitmq_vhost: tower +tower_rabbitmq_use_long_name: false + +tower_releases_url: https://releases.ansible.com/ansible-tower/setup +tower_setup_file: ansible-tower-setup-{{ tower_release_version }}.tar.gz + +tower_server: "https://localhost" + +############################################################ +# Ansible host settings. # +############################################################ + +# Default setup for a single node instance with internal DB +tower_hosts: + - "localhost ansible_connection=local" + +tower_database: "" +tower_database_port: "" diff --git a/roles/tower_install/meta/main.yml b/roles/tower_install/meta/main.yml new file mode 100644 index 0000000..736f614 --- /dev/null +++ b/roles/tower_install/meta/main.yml @@ -0,0 +1,22 @@ +--- +galaxy_info: + role_name: ansible-tower-install + author: Tom Page + description: Role to install Ansible Tower + company: Red Hat + + license: license (MIT) + + min_ansible_version: 2.7 + + platforms: + - name: EL + versions: + - 7 + + galaxy_tags: + - linux + - system + - ansible + +dependencies: [] diff --git a/roles/tower_install/tasks/main.yml b/roles/tower_install/tasks/main.yml new file mode 100644 index 0000000..36ce027 --- /dev/null +++ b/roles/tower_install/tasks/main.yml @@ -0,0 +1,12 @@ +--- +# tasks file for ansible-tower-manage + +# +# ----------------------------------------------------------------------------- +# Install Tasks +# ----------------------------------------------------------------------------- +# + +- include: tower_install.yml + tags: + - tower-install diff --git a/roles/tower_install/tasks/tower_install.yml b/roles/tower_install/tasks/tower_install.yml new file mode 100644 index 0000000..d903fbf --- /dev/null +++ b/roles/tower_install/tasks/tower_install.yml @@ -0,0 +1,52 @@ +--- +# Assert tower version specified +- name: "Assert tower version specified" + assert: + that: + - tower_release_version is defined + fail_msg: "tower_release_version must be defined" + +- name: "Determine whether RabbitMQ vars are required" + set_fact: + rabbitmq_required: "{{ not ((tower_release_version is version(3.7, '>=')) or (tower_release_version == 'latest')) }}" + +# Download and Extract +- name: "[Tower] Download and Extract Tower" + unarchive: + src: "{{ tower_releases_url }}/{{ tower_setup_file }}" + dest: "{{ tower_working_location }}" + list_files: true + remote_src: true + exclude: "inventory" + register: tower_download_extract + +- name: Set tower_setup_dir + set_fact: + tower_setup_dir: "{{ tower_working_location }}/{{ tower_download_extract.files[0] }}" + +# Create Inventory +- name: "[Tower] Populate Tower Setup Inventory from Template" + template: + src: inventory.j2 + dest: "{{ tower_setup_dir }}/inventory" + +# Run the Setup +- name: "[Tower] Run the Ansible Tower Setup Program" + become: true + command: ./setup.sh + args: + chdir: "{{ tower_setup_dir }}" + async: 10000 + poll: 20 + changed_when: false # these will always run and will always report “changed” otherwise + +- name: Wait for ansible tower to be running. + uri: + url: "{{ tower_server }}" + status_code: 200 + validate_certs: false + register: result + until: result.status == 200 + retries: 90 + delay: 10 +... diff --git a/roles/tower_install/templates/inventory.j2 b/roles/tower_install/templates/inventory.j2 new file mode 100644 index 0000000..9313416 --- /dev/null +++ b/roles/tower_install/templates/inventory.j2 @@ -0,0 +1,29 @@ +[tower] +{% for item in tower_hosts %} + {{ item }} +{% endfor %} + +[database] +{{ tower_database }} + +[all:vars] +admin_password='{{ tower_admin_password }}' + +# Define Remote PostgreSQL for Tower +pg_host='{{ tower_database }}' +pg_port='{{ tower_database_port }}' + +pg_database='{{ tower_pg_database }}' +pg_username='{{ tower_pg_username }}' +pg_password='{{ tower_pg_password }}' + +{% if rabbitmq_required %} + +rabbitmq_username='{{ tower_rabbitmq_username }}' +rabbitmq_password='{{ tower_rabbitmq_password }}' +rabbitmq_cookie='{{ tower_rabbitmq_cookie }}' +rabbitmq_port="{{ tower_rabbitmq_port }}" +rabbitmq_vhost="{{ tower_rabbitmq_vhost }}" +rabbitmq_use_long_name="{{ tower_rabbitmq_use_long_name }}" + +{% endif %}