-
Notifications
You must be signed in to change notification settings - Fork 145
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #48 from Tompage1994/license_update
Update license role
Showing
9 changed files
with
179 additions
and
40 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,38 +1,109 @@ | ||
Role Name | ||
========= | ||
# tower_configuration.license | ||
## Description | ||
An Ansible Role to deploy a license to Ansible Tower. | ||
|
||
A brief description of the role goes here. | ||
## Requirements | ||
ansible-galaxy collection install -r tests/collections/requirements.yml to be installed | ||
Currently: | ||
awx.awx | ||
|
||
Requirements | ||
------------ | ||
## Variables | ||
|Variable Name|Default Value|Required|Description|Example| | ||
|:---:|:---:|:---:|:---:|:---:| | ||
|`tower_hostname`|""|yes|URL to the Ansible Tower Server.|127.0.0.1| | ||
|`validate_certs`|`False`|no|Whether or not to validate the Ansible Tower Server's SSL certificate.|| | ||
|`tower_username`|""|yes|Admin User on the Ansible Tower Server.|| | ||
|`tower_password`|""|yes|Tower Admin User's password on the Ansible Tower Server. This should be stored in an Ansible Vault at vars/tower-secrets.yml or elsewhere and called from a parent playbook.|| | ||
|`tower_oauthtoken`|""|yes|Tower Admin User's token on the Ansible Tower Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook.|| | ||
|`tower_license`|`see below`|yes|Data structure describing your license for Tower, described below.|| | ||
|
||
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. | ||
### Secure Logging Variables | ||
The following Variables compliment each other. | ||
If Both variables are not set, secure logging defaults to false. | ||
The role defaults to False as normally the add credential input source task does not include sensative information. | ||
tower_configuration_credential_input_sources_secure_logging defaults to the value of tower_configuration_secure_logging if it is not explicitly called. This allows for secure logging to be toggled for the entire suite of tower configuration roles with a single variable, or for the user to selectively use it. | ||
|
||
Role Variables | ||
-------------- | ||
|Variable Name|Default Value|Required|Description| | ||
|:---:|:---:|:---:|:---:| | ||
|`tower_configuration_license_secure_logging`|`False`|no|Whether or not to include the sensative license role tasks in the log. Set this value to `True` if you will be providing your sensitive values from elsewhere.| | ||
|`tower_configuration_secure_logging`|`False`|no|This variable enables secure logging as well, but is shared accross multiple roles, see above.| | ||
|
||
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. | ||
## Data Structure | ||
### Varibles | ||
|Variable Name|Default Value|Required|Type|Description| | ||
|:---:|:---:|:---:|:---:|:---:| | ||
|`data`|""|yes|obj|The contents of the license file (Suggested usage with lookup plugin)| | ||
|`eula_accepted`|""|yes|bool|Whether to accept the End User License Agreement for Ansible Tower| | ||
|
||
Dependencies | ||
------------ | ||
For further details on fields see https://docs.ansible.com/ansible-tower/latest/html/userguide/credential_plugins.html | ||
|
||
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. | ||
### Standard Project Data Structure | ||
#### Json Example | ||
```json | ||
--- | ||
{ | ||
"tower_license": { | ||
"data": "{{ lookup('file', '/tmp/my_tower.license') }}", | ||
"eula_accepted": true | ||
} | ||
} | ||
``` | ||
#### Yaml Example | ||
```yaml | ||
--- | ||
tower_credential_input_sources: | ||
data: "{{ lookup('file', '/tmp/my_tower.license') }}" | ||
eula_accepted: true | ||
``` | ||
Example Playbook | ||
---------------- | ||
## Playbook Examples | ||
### Standard Role Usage | ||
```yaml | ||
--- | ||
- name: Add License to Tower | ||
hosts: localhost | ||
gather_facts: false | ||
connection: local | ||
|
||
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: | ||
# Bring in vaulted Ansible Tower secrets | ||
vars_files: | ||
- "../var/tower-secrets.yml" | ||
|
||
- hosts: servers | ||
roles: | ||
- { role: username.rolename, x: 42 } | ||
tasks: | ||
|
||
License | ||
------- | ||
- name: Get token for use during play | ||
uri: | ||
url: "https://{{ tower_hostname }}/api/v2/tokens/" | ||
method: POST | ||
user: "{{ tower_username }}" | ||
password: "{{ tower_passname }}" | ||
force_basic_auth: true | ||
status_code: 201 | ||
validate_certs: false | ||
register: user_token | ||
no_log: true | ||
|
||
BSD | ||
- name: Set Tower oath Token | ||
set_fact: | ||
tower_oauthtoken: "{{ user_token.json.token }}" | ||
|
||
Author Information | ||
------------------ | ||
- name: Import vars | ||
include_vars: | ||
file: "vars/extra_vars.yml" | ||
|
||
An optional section for the role authors to include contact information, or a website (HTML is not allowed). | ||
- name: Import JSON | ||
include_vars: | ||
file: "json/license.json" | ||
name: "license_json" | ||
|
||
- name: Add License | ||
include_role: | ||
name: redhat_cop.tower_configuration.license | ||
vars: | ||
tower_credential_input_sources: "{{ license_json.tower_license }}" | ||
``` | ||
## License | ||
[MIT](LICENSE) | ||
## Author | ||
[Tom Page](https://github.com/Tompage1994) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,10 @@ | ||
--- | ||
# defaults file for license role | ||
tower_hostname: "" | ||
tower_oauthtoken: "" | ||
tower_validate_certs: false | ||
tower_configuration_license_secure_logging: "{{tower_configuration_secure_logging | default(false)}}" | ||
|
||
# Example license datastructure but no sensible default. | ||
# tower_license: | ||
# data: "{{ lookup('file', '/tmp/my_tower.license') }}" | ||
# eula_accepted: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,20 @@ | ||
--- | ||
# tasks file for license role | ||
- name: Ensure EULA Accepted | ||
assert: | ||
that: | ||
- tower_license.eula_accepted | ||
fail_msg: "You must accept the EULA by passing in the param eula_accepted as true" | ||
|
||
- name: Install the tower license | ||
awx.awx.tower_license: | ||
data: "{{ lookup('file', '/tmp/my_tower.license') }}" | ||
eula_accepted: true | ||
data: "{{ tower_license.data }}" | ||
eula_accepted: "{{ tower_license.eula_accepted }}" | ||
tower_username: "{{ tower_username | default(omit) }}" | ||
tower_password: "{{ tower_password | default(omit) }}" | ||
tower_oauthtoken: "{{ tower_oauthtoken | default(omit) }}" | ||
tower_host: "{{ tower_hostname }}" | ||
tower_config_file: "{{ tower_config_file | default(omit) }}" | ||
validate_certs: "{{ tower_validate_certs | default('true') }}" | ||
no_log: "{{ tower_configuration_license_secure_logging }}" | ||
when: tower_license is defined |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
--- | ||
collections: | ||
- name: awx.awx | ||
version: 13.0.0 |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
{ | ||
"tower_license": { | ||
"data": "{{ lookup('file', '/tmp/my_tower.license') }}", | ||
"eula_accepted": true | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,42 @@ | ||
--- | ||
- hosts: localhost | ||
remote_user: root | ||
roles: | ||
- license | ||
- name: Add License to Ttower | ||
hosts: localhost | ||
gather_facts: false | ||
connection: local | ||
|
||
# Bring in vaulted Ansible Tower secrets | ||
vars_files: | ||
- "../var/tower-secrets.yml" | ||
|
||
tasks: | ||
|
||
- name: Get token for use during play | ||
uri: | ||
url: "https://{{ tower_hostname }}/api/v2/tokens/" | ||
method: POST | ||
user: "{{ tower_username }}" | ||
password: "{{ tower_passname }}" | ||
force_basic_auth: true | ||
status_code: 201 | ||
validate_certs: false | ||
register: user_token | ||
no_log: true | ||
|
||
- name: Set Tower oath Token | ||
set_fact: | ||
tower_oauthtoken: "{{ user_token.json.token }}" | ||
|
||
- name: Import vars | ||
include_vars: | ||
file: "vars/extra_vars.yml" | ||
|
||
- name: Import JSON | ||
include_vars: | ||
file: "json/license.json" | ||
name: "license_json" | ||
|
||
- name: Add License | ||
include_role: | ||
name: redhat_cop.tower_configuration.license | ||
vars: | ||
tower_credential_input_sources: "{{ license_json.tower_license }}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
# Placeholder file | ||
# You should create an Ansible vault here when tower_secrets: true |