Merge pull request #129 from sean-m-sullivan/devel

FQDN prep, additional workflow, other issues fixed

.github/openshift/awx_pvc.yml

@@ -0,0 +1,10 @@
+apiVersion: "v1"
+kind: "PersistentVolumeClaim"
+metadata:
+  name: "awx-github-postgres"
+spec:
+  accessModes:
+    - "ReadWriteOnce"
+  resources:
+    requests:
+      storage: "5Gi"

.github/requirements.txt

@@ -2,3 +2,6 @@ ansible
 docker
 docker-compose
 jmespath
+requests
+requests-oauthlib
+openshift

.github/tower_install_inventories/openshift_awx

@@ -0,0 +1,24 @@
+localhost ansible_connection=local ansible_python_interpreter="/usr/bin/env python3"
+
+[all:vars]
+
+dockerhub_base=ansible
+
+openshift_host=https://api.crc.testing:6443
+openshift_project=awx-github
+openshift_user=developer
+openshift_skip_tls_verify=True
+openshift_pg_pvc_name=awx-github-postgres
+
+pg_username=awx
+pg_password=awxpass
+pg_database=awx
+pg_port=5432
+
+
+admin_user=admin
+admin_password=password
+
+create_preload_data=false
+
+secret_key=awxsecret

.github/workflow-config/.ansiblelint.yml

@@ -4,6 +4,8 @@
 # https://github.com/ansible/ansible-lint/issues/371
 # exclude_paths:
 #  - roles/master_role_example/
+exclude_paths:
+  - ${PWD}/roles/master_role_example/
 parseable: true
 use_default_rules: true
 # https://github.com/ansible/ansible-lint/issues/808

.github/workflow-config/.pre-commit-config.yml

@@ -13,7 +13,7 @@ repos:
         types:
           - yaml
   - repo: 'https://github.com/ansible/ansible-lint.git'
-    rev: v4.3.3
+    rev: v4.3.7
     hooks:
       # see discussions here about what arguments are used, and behavior
       # https://github.com/ansible/ansible-lint/issues/649

.github/workflows/pre-commit.yml

@@ -17,6 +17,7 @@ jobs:
         sudo apt-add-repository --yes --update ppa:ansible/ansible
         sudo apt install ansible
         ansible-galaxy collection install -f -r .github/collections/requirements.yml
+        ansible-config view -vvv
     - name: Hack pre-commit
       # https://github.com/pre-commit/action/issues/44
       run: |

.github/workflows/testing_playbooks_awx.yml

@@ -0,0 +1,68 @@
+---
+name: Run AWX Openshift Test Playbooks
+
+on: [push, pull_request]
+
+jobs:
+  Integration-test:
+
+    runs-on: [self-hosted, linux, awx]
+
+    steps:
+      - name: "Checkout Project"
+        uses: actions/checkout@v2
+
+      - name: "Clone AWX"
+        run: cd .github && git clone https://github.com/ansible/awx.git
+
+      - name: Install oc
+        uses: redhat-actions/oc-installer@v1
+        with:
+          version: '4.6'
+
+      - name: Authenticate and set context
+        uses: redhat-actions/oc-login@v1
+
+        with:
+          # URL to your OpenShift cluster.
+          # Refer to Step 2.
+          openshift_server_url: https://api.crc.testing:6443
+
+          # Credentials, if desired instead of token.
+          # Username and password override token if they are set.
+          openshift_username: ${{ secrets.OPENSHIFT_USER }}
+          openshift_password: ${{ secrets.OPENSHIFT_PASSWORD }}
+
+          # Disables SSL cert checking. Use this if you don't have the certificate authority data.
+          insecure_skip_tls_verify: true
+
+      - name: "Create Awx project"
+        run: oc new-project awx-github
+
+      - name: "Create Persistent Volume Claim"
+        run: oc create -f .github/openshift/awx_pvc.yml
+
+      - name: "Copy Awx inventory to install dir"
+        run: cp .github/tower_install_inventories/openshift_awx .github/awx/installer/openshift
+
+      - name: "Install dependencies"
+        run: pip3 install -r .github/requirements.txt
+
+      - name: Ansible Version
+        run: ansible --version
+
+      - name: "Build AWX stack"
+        run: cd .github/awx/installer && ansible-playbook -i openshift install.yml -e openshift_password=${{ secrets.OPENSHIFT_PASSWORD }} -e docker_registry_password=$(oc whoami -t)
+
+      - name: "Install Galaxy dependencies"
+        run: ansible-galaxy collection install -r .github/collections/requirements.yml
+
+      - name: "Perform playbook tests"
+        run: ansible-playbook playbooks/configure_tower.yml --skip-tags "tower_license" -e tower_hostname=https://awx-web-svc-awx-github.apps-crc.testing -e tower_username=admin -e tower_password=password
+
+      - name: "Perform export model playbook tests"
+        run: ansible-playbook playbooks/configure_tower_export_model.yml -e tower_hostname=https://awx-web-svc-awx-github.apps-crc.testing -e tower_username=admin -e tower_password=password
+
+      - name: "Delete Awx project"
+        run: oc delete project awx-github
+        if: ${{ always() }}

playbooks/configure_tower.yml

@@ -2,6 +2,10 @@
 - name: Playbook to configure ansible tower post installation
   hosts: localhost
   connection: local
+  vars:
+    tower_validate_certs: false
+  collections:
+    - awx.awx
   # Define following vars here, or in tower_configs/tower_auth.yml
   # tower_hostname: ansible-tower-web-svc-test-project.example.com
   # tower_username: admin
@@ -14,6 +18,11 @@
         extensions: ["yml"]
       tags:
         - always
+    - debug:
+        var: playbook_dir
+    - debug:
+        var: ansible_config_file
+
   roles:
     - {role: tower_settings, when: tower_settings is defined, tags: tower_settings}
     - {role: organizations, when: tower_organizations is defined, tags: organizations}
@@ -25,6 +34,7 @@
     - {role: credential_input_sources, when: tower_credential_input_sources is defined, tags: credential_input_sources}
     - {role: applications, when: tower_applications is defined, tags: applications}
     - {role: inventories, when: tower_inventories is defined, tags: inventories}
+    - {role: instance_groups, when: tower_instance_groups is defined, tags: instance_groups}
     - {role: inventory_sources, when: tower_inventory_sources is defined, tags: inventory_sources}
     - {role: projects, when: tower_projects is defined, tags: projects}
     - {role: hosts, when: tower_hosts is defined, tags: hosts}

playbooks/configure_tower_export_model.yml

@@ -4,6 +4,9 @@
   connection: local
   vars:
     workflow_job_templates_secure_logging: false
+    tower_validate_certs: false
+  collections:
+    - awx.awx
   # Define following vars here, or in tower_configs/tower_auth.yml
   # tower_hostname: ansible-tower-web-svc-test-project.example.com
   # tower_username: admin

playbooks/tower_configs/tower_credentials.yml

@@ -5,6 +5,7 @@ tower_credentials:
     name: Demo Credential
     inputs:
       username: username
+    organization: Default
   - kind: rhv
     name: admin@internal-RHVM-01
     description: infra-rhvm-01 creds for inventory sources.

playbooks/tower_configs/tower_instance_groups.yml

@@ -0,0 +1,3 @@
+---
+tower_instance_groups:
+  - name: test_instance_group

roles/applications/meta/main.yml

@@ -37,6 +37,10 @@ galaxy_info:
     - "application"
     - "applications"
 
+collections:
+  - awx.awx
+  - ansible.tower
+
 dependencies: []
 # List your role dependencies here, one per line. Be sure to remove the '[]' above,
 # if you add dependencies to this list.

roles/credential_input_sources/meta/main.yml

@@ -41,6 +41,10 @@ galaxy_info:
     - "credentialinputsource"
     - "credentialinputsources"
 
+collections:
+  - awx.awx
+  - ansible.tower
+
 dependencies: []
 # List your role dependencies here, one per line. Be sure to remove the '[]' above,
 # if you add dependencies to this list.

roles/credential_types/meta/main.yml

@@ -36,6 +36,10 @@ galaxy_info:
     - "credentialtype"
     - "credentialtypes"
 
+collections:
+  - awx.awx
+  - ansible.tower
+
 dependencies: []
 # List your role dependencies here, one per line. Be sure to remove the '[]' above,
 # if you add dependencies to this list.

roles/credentials/README.md

@@ -45,6 +45,7 @@ tower_configuration_credentials_secure_logging defaults to the value of tower_co
 |`user`|""|no|User that should own this credential. If provided, do not give either team or organization. |
 |`team`|""|no|Team that should own this credential. If provided, do not give either user or organization. |
 |`state`|`present`|no|Desired state of the resource.|
+|`update_secrets`|true|no|bool| True will always change password if user specifies password, even if API gives $encrypted$ for password. False will only set the password if other values change too.|
 
 ### Credential types
 |Credential types|

roles/credentials/meta/main.yml

@@ -36,6 +36,10 @@ galaxy_info:
     - "credential"
     - "credentials"
 
+collections:
+  - awx.awx
+  - ansible.tower
+
 dependencies: []
 # List your role dependencies here, one per line. Be sure to remove the '[]' above,
 # if you add dependencies to this list.

roles/credentials/tasks/main.yml

@@ -11,6 +11,7 @@
     inputs:                         "{{ tower_credentials_item.inputs | default(omit) }}"
     user:                           "{{ tower_credentials_item.user.username | default( tower_credentials_item.user | default(omit)) }}"
     team:                           "{{ tower_credentials_item.team.name | default( tower_credentials_item.team | default(omit)) }}"
+    update_secrets:                 "{{ tower_credentials_item.update_secrets | default('true') }}"
     state:                          "{{ tower_credentials_item.state | default(tower_state | default('present')) }}"
     tower_username:                 "{{ tower_username | default(omit) }}"
     tower_password:                 "{{ tower_password | default(omit) }}"

roles/groups/meta/main.yml

@@ -36,6 +36,10 @@ galaxy_info:
     - "group"
     - "groups"
 
+collections:
+  - awx.awx
+  - ansible.tower
+
 dependencies: []
 # List your role dependencies here, one per line. Be sure to remove the '[]' above,
 # if you add dependencies to this list.

roles/hosts/meta/main.yml

@@ -36,6 +36,10 @@ galaxy_info:
     - "host"
     - "hosts"
 
+collections:
+  - awx.awx
+  - ansible.tower
+
 dependencies: []
 # List your role dependencies here, one per line. Be sure to remove the '[]' above,
 # if you add dependencies to this list.

roles/instance_groups/README.md

@@ -0,0 +1,65 @@
+# tower_configuration_***********
+## Description
+An Ansible Role to create ******* in Ansible Tower.
+
+## Requirements
+ansible-galaxy collection install -r tests/collections/requirements.yml to be installed
+Currently:
+  awx.awx
+
+## Variables
+|Variable Name|Default Value|Required|Description|Example|
+|:---:|:---:|:---:|:---:|:---:|
+|`tower_state`|"present"|no|The state all objects will take unless overriden by object default|'absent'|
+|`tower_hostname`|""|yes|URL to the Ansible Tower Server.|127.0.0.1|
+|`validate_certs`|`False`|no|Whether or not to validate the Ansible Tower Server's SSL certificate.||
+|`tower_username`|""|yes|Admin User on the Ansible Tower Server.||
+|`tower_password`|""|yes|Tower Admin User's password on the Ansible Tower Server.  This should be stored in an Ansible Vault at vars/tower-secrets.yml or elsewhere and called from a parent playbook.||
+|`tower_oauthtoken`|""|yes|Tower Admin User's token on the Ansible Tower Server.  This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook.||
+|`tower_************`|`see below`|yes|Data structure describing your orgainzation or orgainzations Described below.||
+
+### Secure Logging Variables
+The following Variables compliment each other.
+If Both variables are not set, secure logging defaults to false.
+The role defaults to False as normally the add ******* task does not include sensitive information.
+tower_configuration_*******_secure_logging defaults to the value of tower_configuration_secure_logging if it is not explicitly called. This allows for secure logging to be toggled for the entire suite of tower configuration roles with a single variable, or for the user to selectively use it.
+
+|Variable Name|Default Value|Required|Description|
+|:---:|:---:|:---:|:---:|
+|`tower_configuration_*******_secure_logging`|`False`|no|Whether or not to include the sensitive ******* role tasks in the log.  Set this value to `True` if you will be providing your sensitive values from elsewhere.|
+|`tower_configuration_secure_logging`|`False`|no|This variable enables secure logging as well, but is shared accross multiple roles, see above.|
+
+## Data Structure
+### Variables
+|Variable Name|Default Value|Required|Type|Description|
+|:---:|:---:|:---:|:---:|:---:|
+|`name`|""|yes|str|Name of Job Template|
+|`new_name`|""|str|no|Setting this option will change the existing name (looked up via the name field).|
+|`description`|`False`|no|str|Description to use for the job template.|
+
+|`state`|`present`|no|str|Desired state of the resource.|
+
+
+
+### Standard Project Data Structure
+#### Json Example
+```json
+---
+
+```
+#### Yaml Example
+```yaml
+---
+
+```
+
+## Playbook Examples
+### Standard Role Usage
+```yaml
+
+```
+## License
+[MIT](LICENSE)
+
+## Author
+[************](************)

roles/instance_groups/defaults/main.yml

@@ -0,0 +1,23 @@
+---
+
+# These are the default variables common to most tower_configuration and _utilities roles
+# You shouldn't need to define them again and again but they should be defined
+#tower_hostname: "{{ inventory_hostname }}"
+#tower_username: "admin"
+#tower_password: ""
+#tower_oauthtoken: ""
+#tower_config_file: ""
+#tower_validate_certs: false
+tower_instance_groups: []
+#- name: "instance_group_name"  # mandatory
+#  new_name: "new_name"  # optional
+#  credential: "credential_name"  # optional
+#  policy_instance_percentage: 100  # optional, integer percentage
+#  policy_instance_minimum: 100  # optional, integer number of instances
+#  policy_instance_list: "exact_match_instances"  # optional
+#  pod_spec_override: "pod_specfication"  # optional
+#  instances: [] # List of instances to assign to group
+#  state: # optional, choices: present, absent
+# These are the default variables specific to the **** role
+
+tower_configuration_instance_groups_secure_logging: "{{tower_configuration_secure_logging | default(false)}}"