Skip to content

Commit

Permalink
Merge pull request #48 from Tompage1994/license_update
Browse files Browse the repository at this point in the history
Update license role
Jonathan Lozada D authored Jul 8, 2020
2 parents 7310848 + b1a50b3 commit 86ba83a
Showing 9 changed files with 179 additions and 40 deletions.
119 changes: 95 additions & 24 deletions roles/license/README.md
Original file line number Diff line number Diff line change
@@ -1,38 +1,109 @@
Role Name
=========
# tower_configuration.license
## Description
An Ansible Role to deploy a license to Ansible Tower.

A brief description of the role goes here.
## Requirements
ansible-galaxy collection install -r tests/collections/requirements.yml to be installed
Currently:
awx.awx

Requirements
------------
## Variables
|Variable Name|Default Value|Required|Description|Example|
|:---:|:---:|:---:|:---:|:---:|
|`tower_hostname`|""|yes|URL to the Ansible Tower Server.|127.0.0.1|
|`validate_certs`|`False`|no|Whether or not to validate the Ansible Tower Server's SSL certificate.||
|`tower_username`|""|yes|Admin User on the Ansible Tower Server.||
|`tower_password`|""|yes|Tower Admin User's password on the Ansible Tower Server. This should be stored in an Ansible Vault at vars/tower-secrets.yml or elsewhere and called from a parent playbook.||
|`tower_oauthtoken`|""|yes|Tower Admin User's token on the Ansible Tower Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook.||
|`tower_license`|`see below`|yes|Data structure describing your license for Tower, described below.||

Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
### Secure Logging Variables
The following Variables compliment each other.
If Both variables are not set, secure logging defaults to false.
The role defaults to False as normally the add credential input source task does not include sensative information.
tower_configuration_credential_input_sources_secure_logging defaults to the value of tower_configuration_secure_logging if it is not explicitly called. This allows for secure logging to be toggled for the entire suite of tower configuration roles with a single variable, or for the user to selectively use it.

Role Variables
--------------
|Variable Name|Default Value|Required|Description|
|:---:|:---:|:---:|:---:|
|`tower_configuration_license_secure_logging`|`False`|no|Whether or not to include the sensative license role tasks in the log. Set this value to `True` if you will be providing your sensitive values from elsewhere.|
|`tower_configuration_secure_logging`|`False`|no|This variable enables secure logging as well, but is shared accross multiple roles, see above.|

A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
## Data Structure
### Varibles
|Variable Name|Default Value|Required|Type|Description|
|:---:|:---:|:---:|:---:|:---:|
|`data`|""|yes|obj|The contents of the license file (Suggested usage with lookup plugin)|
|`eula_accepted`|""|yes|bool|Whether to accept the End User License Agreement for Ansible Tower|

Dependencies
------------
For further details on fields see https://docs.ansible.com/ansible-tower/latest/html/userguide/credential_plugins.html

A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
### Standard Project Data Structure
#### Json Example
```json
---
{
"tower_license": {
"data": "{{ lookup('file', '/tmp/my_tower.license') }}",
"eula_accepted": true
}
}
```
#### Yaml Example
```yaml
---
tower_credential_input_sources:
data: "{{ lookup('file', '/tmp/my_tower.license') }}"
eula_accepted: true
```
Example Playbook
----------------
## Playbook Examples
### Standard Role Usage
```yaml
---
- name: Add License to Tower
hosts: localhost
gather_facts: false
connection: local

Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
# Bring in vaulted Ansible Tower secrets
vars_files:
- "../var/tower-secrets.yml"

- hosts: servers
roles:
- { role: username.rolename, x: 42 }
tasks:

License
-------
- name: Get token for use during play
uri:
url: "https://{{ tower_hostname }}/api/v2/tokens/"
method: POST
user: "{{ tower_username }}"
password: "{{ tower_passname }}"
force_basic_auth: true
status_code: 201
validate_certs: false
register: user_token
no_log: true

BSD
- name: Set Tower oath Token
set_fact:
tower_oauthtoken: "{{ user_token.json.token }}"

Author Information
------------------
- name: Import vars
include_vars:
file: "vars/extra_vars.yml"

An optional section for the role authors to include contact information, or a website (HTML is not allowed).
- name: Import JSON
include_vars:
file: "json/license.json"
name: "license_json"

- name: Add License
include_role:
name: redhat_cop.tower_configuration.license
vars:
tower_credential_input_sources: "{{ license_json.tower_license }}"
```
## License
[MIT](LICENSE)
## Author
[Tom Page](https://github.com/Tompage1994)
10 changes: 9 additions & 1 deletion roles/license/defaults/main.yml
Original file line number Diff line number Diff line change
@@ -1,2 +1,10 @@
---
# defaults file for license role
tower_hostname: ""
tower_oauthtoken: ""
tower_validate_certs: false
tower_configuration_license_secure_logging: "{{tower_configuration_secure_logging | default(false)}}"

# Example license datastructure but no sensible default.
# tower_license:
# data: "{{ lookup('file', '/tmp/my_tower.license') }}"
# eula_accepted: true
13 changes: 6 additions & 7 deletions roles/license/meta/main.yml
Original file line number Diff line number Diff line change
@@ -33,13 +33,12 @@ galaxy_info:
versions:
- "all"

galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
galaxy_tags:
- "ansibletower"
- "tower"
- "awx"
- "configuration"
- "license"

dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
18 changes: 16 additions & 2 deletions roles/license/tasks/main.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,20 @@
---
# tasks file for license role
- name: Ensure EULA Accepted
assert:
that:
- tower_license.eula_accepted
fail_msg: "You must accept the EULA by passing in the param eula_accepted as true"

- name: Install the tower license
awx.awx.tower_license:
data: "{{ lookup('file', '/tmp/my_tower.license') }}"
eula_accepted: true
data: "{{ tower_license.data }}"
eula_accepted: "{{ tower_license.eula_accepted }}"
tower_username: "{{ tower_username | default(omit) }}"
tower_password: "{{ tower_password | default(omit) }}"
tower_oauthtoken: "{{ tower_oauthtoken | default(omit) }}"
tower_host: "{{ tower_hostname }}"
tower_config_file: "{{ tower_config_file | default(omit) }}"
validate_certs: "{{ tower_validate_certs | default('true') }}"
no_log: "{{ tower_configuration_license_secure_logging }}"
when: tower_license is defined
4 changes: 4 additions & 0 deletions roles/license/tests/collections/requirements.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
---
collections:
- name: awx.awx
version: 13.0.0
2 changes: 0 additions & 2 deletions roles/license/tests/inventory

This file was deleted.

6 changes: 6 additions & 0 deletions roles/license/tests/json/license.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
{
"tower_license": {
"data": "{{ lookup('file', '/tmp/my_tower.license') }}",
"eula_accepted": true
}
}
45 changes: 41 additions & 4 deletions roles/license/tests/test.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,42 @@
---
- hosts: localhost
remote_user: root
roles:
- license
- name: Add License to Ttower
hosts: localhost
gather_facts: false
connection: local

# Bring in vaulted Ansible Tower secrets
vars_files:
- "../var/tower-secrets.yml"

tasks:

- name: Get token for use during play
uri:
url: "https://{{ tower_hostname }}/api/v2/tokens/"
method: POST
user: "{{ tower_username }}"
password: "{{ tower_passname }}"
force_basic_auth: true
status_code: 201
validate_certs: false
register: user_token
no_log: true

- name: Set Tower oath Token
set_fact:
tower_oauthtoken: "{{ user_token.json.token }}"

- name: Import vars
include_vars:
file: "vars/extra_vars.yml"

- name: Import JSON
include_vars:
file: "json/license.json"
name: "license_json"

- name: Add License
include_role:
name: redhat_cop.tower_configuration.license
vars:
tower_credential_input_sources: "{{ license_json.tower_license }}"
2 changes: 2 additions & 0 deletions roles/license/tests/vars/tower-secrets.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
# Placeholder file
# You should create an Ansible vault here when tower_secrets: true

0 comments on commit 86ba83a

Please sign in to comment.