Merge branch 'sean-m-sullivan-playbook_update' into legacy_tower_v1

.github/playbooks/configure_tower.yml

@@ -0,0 +1,101 @@
+---
+- name: Playbook to configure ansible tower post installation
+  hosts: localhost
+  connection: local
+  vars:
+    tower_validate_certs: false
+  collections:
+    - awx.awx
+    - redhat_cop.controller_configuration
+  # Define following vars here, or in tower_configs/tower_auth.yml
+  # tower_hostname: ansible-tower-web-svc-test-project.example.com
+  # tower_username: admin
+  # tower_password: changeme
+  pre_tasks:
+
+    - name: Wait for Tower to come up
+      uri:
+        url: "{{ tower_hostname }}/api/v2/ping"
+        status_code: 200
+      register: result
+      until: result.status == 200
+      retries: 80
+      delay: 30
+      ignore_errors: true
+
+    - name: Sleep for 60 seconds and allow awx to come up.
+      wait_for:
+        timeout: 60
+      delegate_to: localhost
+
+    - name: Include vars from tower_configs directory
+      include_vars:
+        dir: ./tower_configs
+        ignore_files: [tower_config.yml.template]
+        extensions: ["yml"]
+      tags:
+        - always
+
+  roles:
+    - {role: tower_settings, when: tower_settings is defined, tags: tower_settings}
+    - {role: organizations, when: tower_organizations is defined, tags: organizations}
+    - {role: labels, when: tower_labels is defined, tags: labels}
+    - {role: users, when: tower_user_accounts is defined, tags: users}
+    - {role: teams, when: tower_teams is defined, tags: teams}
+    - {role: credential_types, when: tower_credential_types is defined, tags: credential_types}
+    - {role: credentials, when: tower_credentials is defined, tags: credentials}
+    - {role: credential_input_sources, when: tower_credential_input_sources is defined, tags: credential_input_sources}
+    - {role: notification_templates, when: tower_notifications is defined, tags: notification_templates}
+    - {role: projects, when: tower_projects is defined, tags: projects}
+    - {role: execution_environments, when: tower_execution_environments is defined, tags: execution_environments}
+    - {role: applications, when: tower_applications is defined, tags: applications}
+    - {role: inventories, when: tower_inventories is defined, tags: inventories}
+    - {role: instance_groups, when: tower_instance_groups is defined, tags: instance_groups}
+    - {role: project_update, when: tower_projects is defined, tags: projects}
+    - {role: inventory_sources, when: tower_inventory_sources is defined, tags: inventory_sources}
+    - {role: inventory_source_update, when: tower_inventory_sources is defined, tags: inventory_sources}
+    - {role: hosts, when: tower_hosts is defined, tags: hosts}
+    - {role: groups, when: tower_groups is defined, tags: inventories}
+    - {role: job_templates, when: tower_templates is defined, tags: job_templates}
+    - {role: workflow_job_templates, when: tower_workflows is defined, tags: workflow_job_templates}
+    - {role: schedules, when: tower_schedules is defined, tags: schedules}
+    - {role: tower_role, when: tower_rbac is defined, tags: tower_role}
+
+  tasks:
+
+    - name: Add Tower Settings Individually
+      include_role:
+        name: tower_settings
+      vars:
+        tower_settings: "{{ tower_settings_individuale }}"
+
+    - name: Run ad hoc commands
+      include_role:
+        name: ad_hoc_command
+      when: tower_ad_hoc_commands is defined
+
+    - name: Cancel Ad hoc commands
+      include_tasks: "./tasks/ad_hoc_cancel.yml"
+      when: tower_ad_hoc_commands is defined
+
+    - name: Launch Tower Jobs
+      include_role:
+        name: job_launch
+      when: tower_launch_jobs is defined
+
+    - name: Show launched tower jobs
+      debug:
+        var: launched_tower_jobs
+
+    - name: Cancel Tower Jobs
+      include_role:
+        name: jobs_cancel
+      vars:
+        tower_cancel_jobs: "{{ launched_tower_jobs.results }}"
+      when: launched_tower_jobs is defined
+
+    - name: Launch Tower workflows
+      include_role:
+        name: workflow_launch
+      when: tower_workflow_launch_jobs is defined
+...

playbooks/configure_tower_export_model.yml → .github/playbooks/configure_tower_export_model.yml

@@ -7,6 +7,7 @@
     tower_validate_certs: false
   collections:
     - awx.awx
+    - redhat_cop.controller_configuration
   # Define following vars here, or in tower_configs/tower_auth.yml
   # tower_hostname: ansible-tower-web-svc-test-project.example.com
   # tower_username: admin

.github/playbooks/tasks/ad_hoc_cancel.yml

@@ -0,0 +1,16 @@
+---
+- name: Combine id output with defaults temp
+  set_fact:
+    tmp_ad_hoc: "{{ item | combine( tower_ad_hoc_command_defaults ) }}"
+  with_items: "{{ tower_ad_hoc_commands_output.results }}"
+  register: tmp_ad_hocs
+
+- name: Combine id output with defaults
+  set_fact:
+    tower_ad_hoc_commands_cancel: "{{ tmp_ad_hocs.results | map(attribute='ansible_facts.tmp_ad_hoc') | list }}"
+
+- name: Cancel ad hoc commands
+  include_role:
+    name: ad_hoc_command_cancel
+  when: tower_ad_hoc_commands is defined
+...

.github/workflows/testing_minikube.yml

@@ -76,8 +76,8 @@ jobs:
         run: echo "Service password is ${{ steps.service-password.outputs.SERVICEPASSWORD }}"
 
       - name: "Perform playbook tests"
-        run: ansible-playbook playbooks/configure_tower.yml -e tower_hostname=${{ steps.service-url.outputs.SERVICEURL }}
+        run: ansible-playbook .github/playbooks/configure_tower.yml -e tower_hostname=${{ steps.service-url.outputs.SERVICEURL }}
 
       - name: "Perform export model playbook tests"
-        run: ansible-playbook playbooks/configure_tower_export_model.yml -e tower_hostname=${{ steps.service-url.outputs.SERVICEURL }}
+        run: ansible-playbook .github/playbooks/configure_tower_export_model.yml -e tower_hostname=${{ steps.service-url.outputs.SERVICEURL }}
 ...

changelogs/fragments/playbooks.yml

@@ -0,0 +1,6 @@
+---
+major_changes:
+  - Created awx and controller playbook that users can invoke for using the collection
+minor_changes:
+  - Created Readme for playbook in the playbooks directory
+...

playbooks/README.md

@@ -0,0 +1,117 @@
+# tower_configuration.configure_tower.yml playbook
+## Description
+An Ansible playbook to run any defined configurations on Ansible tower.
+
+## Requirements
+ansible-galaxy collection install  -r tests/collections/requirements.yml to be installed
+Currently:
+  awx.awx
+  or
+  ansible.tower
+
+## Usage
+The following command will invoke the playbook with the awx collection
+```console
+ansible-playbook redhat_cop.tower_configuration.configure_awx.yml
+```
+The following command will invoke the playbook with the ansible.tower collection
+```console
+ansible-playbook redhat_cop.tower_configuration.configure_tower.yml
+```
+
+## Variables
+
+### Standard Tower Variables
+|Variable Name|Default Value|Required|Description|Example|
+|:---:|:---:|:---:|:---:|:---:|
+|`tower_state`|"present"|no|The state all objects will take unless overriden by object default|'absent'|
+|`tower_hostname`|""|yes|URL to the Ansible tower Server.|127.0.0.1|
+|`tower_validate_certs`|`True`|no|Whether or not to validate the Ansible tower Server's SSL certificate.||
+|`tower_username`|""|yes|Admin User on the Ansible tower Server.||
+|`tower_password`|""|yes|tower Admin User's password on the Ansible tower Server.  This should be stored in an Ansible Vault at vars/tower-secrets.yml or elsewhere and called from a parent playbook.||
+|`tower_oauthtoken`|""|yes|tower Admin User's token on the Ansible tower Server.  This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook.||
+|`tower_configs_dir`|`see role`|no|.|Directory with tower configs. Falls back to env TOWER_CONFIGS_DIR. Defaults to $PWD/configs|
+
+### Secure Logging Variables
+The following Variables compliment each other.
+If Both variables are not set, secure logging defaults to false.
+The role defaults to False as normally the add ad hoc commands task does not include sensitive information.
+tower_configuration_ad_hoc_command_secure_logging defaults to the value of tower_configuration_secure_logging if it is not explicitly called. This allows for secure logging to be toggled for the entire suite of tower configuration roles with a single variable, or for the user to selectively use it.
+
+|Variable Name|Default Value|Required|Description|
+|:---:|:---:|:---:|:---:|
+|`tower_configuration_secure_logging`|`False`|no|This variable enables secure logging as well, but is shared accross multiple roles, see above.|
+
+## Data Structure
+### Config Top Level Vars
+|Variable Name|Default Value|Description|
+|:---:|:---:|:---:|
+|`tower_ad_hoc_commands`|`see role`|Data structure describing your ad hoc commands to run . Described in role.|
+|`tower_ad_hoc_commands_cancel`|`see role`|Data structure describing your ad hoc jobs to cancel . Described in role.|
+|`tower_applications`|`see role`|Data structure describing your applications. Described in role.|
+|`tower_credential_input_sources`|`see role`|Data structure describing your credential input sources . Described in role.|
+|`tower_credential_types`|`see role`|Data structure describing your credential types . Described in role.|
+|`tower_credentials`|`see role`|Data structure describing your credentials . Described in role.|
+|`tower_execution_environments`|`see role`|Data structure describing your organization or organizations . Described in role.|
+|`tower_groups`|`see role`|Data structure describing your group or groups . Described in role.|
+|`tower_hosts`|`see role`|Data structure describing your host entries . Described in role.|
+|`tower_instance_groups`|`see role`|Data structure describing your instance groups . Described in role.|
+|`tower_inventories`|`see role`|Data structure describing your inventories . Described in role.|
+|`tower_inventory_sources`|`see role`|Data structure describing your inventory sources . Described in role.|
+|`tower_launch_jobs`|`see role`|Data structure describing the jobs to launch . Described in role.|
+|`tower_templates`|`see role`|Data structure describing your job template or job templates . Described in role.|
+|`tower_cancel_jobs`|`see role`|Data structure describing jobs to cancel . Described in role.|
+|`tower_labels`|`see role`|Data structure describing your label or labels . Described in role.|
+|`tower_license`|`see role`|Data structure describing your license for tower, . Described in role.|
+|`tower_notifications`|`see role`|Data structure describing your notification entries . Described in role.|
+|`tower_organizations`|`see role`|Data structure describing your organization or organizations . Described in role.|
+|`tower_projects`|`see role`|Data structure describing your project or projects . Described in role.|
+|`tower_roles`|`see role`|Data structure describing your RBAC entries . Described in role.|
+|`tower_schedules`|`see role`|Data structure describing your schedule or schedules . Described in role.|
+|`tower_settings`|`see role`|Data structure describing your settings . Described in role.|
+|`tower_teams`|`see role`|Data structure describing your Teams . Described in role.|
+|`tower_user_accounts`|`see role`|Data structure describing your user entries . Described in role.|
+|`workflow_job_templates`|`see role`|Data structure describing your workflow job templates . Described in role.|
+|`tower_workflow_launch_jobs`|`see role`|Data structure describing workflow or workflows to launch . Described in role.|
+
+
+### Standard Configs Folder Data Structure
+```yaml
+---
+└── configs
+    ├── ad_hoc_command_cancel_defaults.yml
+    ├── ad_hoc_commands.yml
+    ├── applications.yml
+    ├── tower_auth.yml
+    ├── credential_input_sources.yml
+    ├── credentials.yml
+    ├── credential_types.yml
+    ├── execution_environments.yml
+    ├── groups.yml
+    ├── hosts.yml
+    ├── instance_groups.yml
+    ├── inventories.yml
+    ├── inventory_sources.yml
+    ├── labels.yml
+    ├── launch_jobs.yml
+    ├── notifications.yml
+    ├── organizations.yml
+    ├── projects.yml
+    ├── roles.yml
+    ├── schedule.yml
+    ├── settings_individuale.yml
+    ├── settings.yml
+    ├── ssh_private_key.yml
+    ├── teams.yml
+    ├── templates.yml
+    ├── user_accounts.yml
+    ├── workflows.yml
+    └── workfows_launch.yml
+```
+
+
+## License
+[MIT](LICENSE)
+
+## Author
+[Sean Sullivan](https://github.com/sean-m-sullivan)

playbooks/configure_awx.yml

@@ -0,0 +1,83 @@
+---
+- name: Playbook to configure ansible tower post installation
+  hosts: localhost
+  connection: local
+  vars:
+    tower_validate_certs: false
+  collections:
+    - awx.awx
+    - redhat_cop.tower_configuration
+
+  pre_tasks:
+
+    - name: Include vars from configs directory
+      include_vars:
+        dir: "{{ tower_configs_dir | default((lookup('env','TOWER_CONFIGS_DIR') == '') | ternary('./configs', lookup('env','TOWER_CONFIGS_DIR'))) }}"
+        ignore_files: [tower_config.yml.template]
+        extensions: ["yml"]
+      tags:
+        - always
+
+  roles:
+    - {role: tower_settings, when: tower_settings is defined, tags: tower_settings}
+    - {role: organizations, when: tower_organizations is defined, tags: organizations}
+    - {role: labels, when: tower_labels is defined, tags: labels}
+    - {role: users, when: tower_user_accounts is defined, tags: users}
+    - {role: teams, when: tower_teams is defined, tags: teams}
+    - {role: credential_types, when: tower_credential_types is defined, tags: credential_types}
+    - {role: credentials, when: tower_credentials is defined, tags: credentials}
+    - {role: credential_input_sources, when: tower_credential_input_sources is defined, tags: credential_input_sources}
+    - {role: notification_templates, when: tower_notifications is defined, tags: notification_templates}
+    - {role: projects, when: tower_projects is defined, tags: projects}
+    - {role: execution_environments, when: tower_execution_environments is defined, tags: execution_environments}
+    - {role: applications, when: tower_applications is defined, tags: applications}
+    - {role: inventories, when: tower_inventories is defined, tags: inventories}
+    - {role: instance_groups, when: tower_instance_groups is defined, tags: instance_groups}
+    - {role: project_update, when: tower_projects is defined, tags: projects}
+    - {role: inventory_sources, when: tower_inventory_sources is defined, tags: inventory_sources}
+    - {role: inventory_source_update, when: tower_inventory_sources is defined, tags: inventory_sources}
+    - {role: hosts, when: tower_hosts is defined, tags: hosts}
+    - {role: groups, when: tower_groups is defined, tags: inventories}
+    - {role: job_templates, when: tower_templates is defined, tags: job_templates}
+    - {role: workflow_job_templates, when: tower_workflows is defined, tags: workflow_job_templates}
+    - {role: schedules, when: tower_schedules is defined, tags: schedules}
+    - {role: tower_role, when: tower_rbac is defined, tags: tower_role}
+
+  tasks:
+
+    - name: Add Tower Settings Individually
+      include_role:
+        name: tower_settings
+      vars:
+        tower_settings: "{{ tower_settings_individuale }}"
+
+    - name: Run ad hoc commands
+      include_role:
+        name: ad_hoc_command
+      when: tower_ad_hoc_commands is defined
+
+    - name: Cancel Ad hoc commands
+      include_tasks: "./tasks/ad_hoc_cancel.yml"
+      when: tower_ad_hoc_commands is defined
+
+    - name: Launch Tower Jobs
+      include_role:
+        name: job_launch
+      when: tower_launch_jobs is defined
+
+    - name: Show launched tower jobs
+      debug:
+        var: launched_tower_jobs
+
+    - name: Cancel Tower Jobs
+      include_role:
+        name: jobs_cancel
+      vars:
+        tower_cancel_jobs: "{{ launched_tower_jobs.results }}"
+      when: launched_tower_jobs is defined
+
+    - name: Launch Tower workflows
+      include_role:
+        name: workflow_launch
+      when: tower_workflow_launch_jobs is defined
+...

playbooks/configure_tower.yml

@@ -5,31 +5,14 @@
   vars:
     tower_validate_certs: false
   collections:
-    - awx.awx
-  # Define following vars here, or in tower_configs/tower_auth.yml
-  # tower_hostname: ansible-tower-web-svc-test-project.example.com
-  # tower_username: admin
-  # tower_password: changeme
-  pre_tasks:
-
-    - name: Wait for Tower to come up
-      uri:
-        url: "{{ tower_hostname }}/api/v2/ping"
-        status_code: 200
-      register: result
-      until: result.status == 200
-      retries: 80
-      delay: 30
-      ignore_errors: true
+    - ansible.tower
+    - redhat_cop.tower_configuration
 
-    - name: Sleep for 60 seconds and allow awx to come up.
-      wait_for:
-        timeout: 60
-      delegate_to: localhost
+  pre_tasks:
 
-    - name: Include vars from tower_configs directory
+    - name: Include vars from configs directory
       include_vars:
-        dir: ./tower_configs
+        dir: "{{ tower_configs_dir | default((lookup('env','TOWER_CONFIGS_DIR') == '') | ternary('./configs', lookup('env','TOWER_CONFIGS_DIR'))) }}"
         ignore_files: [tower_config.yml.template]
         extensions: ["yml"]
       tags: