External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-28 06:15:04 -02:30
Code Issues Packages Projects Releases Wiki Activity

Adding tacacs+ container for testing

Browse Source
This commit is contained in:
John Westcott IV
2023-04-13 15:02:08 -04:00
parent 11d5e5c7d4
commit 8719648ff5
5 changed files with 76 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
Makefile
View File

@@ -37,6 +37,8 @@ SPLUNK ?= false
PROMETHEUS ?= false PROMETHEUS ?= false
# If set to true docker-compose will also start a grafana instance # If set to true docker-compose will also start a grafana instance
GRAFANA ?= false GRAFANA ?= false
# If set to true docker-compose will also start a tacacs+ instance
TACACS ?= false
VENV_BASE ?= /var/lib/awx/venv VENV_BASE ?= /var/lib/awx/venv
@@ -519,7 +521,9 @@ docker-compose-sources: .git/hooks/pre-commit
-e enable_ldap=$(LDAP) \ -e enable_ldap=$(LDAP) \
-e enable_splunk=$(SPLUNK) \ -e enable_splunk=$(SPLUNK) \
-e enable_prometheus=$(PROMETHEUS) \ -e enable_prometheus=$(PROMETHEUS) \
-e enable_grafana=$(GRAFANA) $(EXTRA_SOURCES_ANSIBLE_OPTS) -e enable_grafana=$(GRAFANA) \
-e enable_tacacs=$(TACACS) \
$(EXTRA_SOURCES_ANSIBLE_OPTS)
docker-compose: awx/projects docker-compose-sources docker-compose: awx/projects docker-compose-sources
$(DOCKER_COMPOSE) -f tools/docker-compose/_sources/docker-compose.yml $(COMPOSE_OPTS) up $(COMPOSE_UP_OPTS) --remove-orphans $(DOCKER_COMPOSE) -f tools/docker-compose/_sources/docker-compose.yml $(COMPOSE_OPTS) up $(COMPOSE_UP_OPTS) --remove-orphans

24
tools/docker-compose/README.md
View File

@@ -244,6 +244,7 @@ $ make docker-compose
- [SAML and OIDC Integration](#saml-and-oidc-integration) - [SAML and OIDC Integration](#saml-and-oidc-integration)
- [OpenLDAP Integration](#openldap-integration) - [OpenLDAP Integration](#openldap-integration)
- [Splunk Integration](#splunk-integration) - [Splunk Integration](#splunk-integration)
- [tacacs+ Integration](#tacacs+-integration)
### Start a Shell ### Start a Shell
@@ -472,6 +473,29 @@ ansible-playbook tools/docker-compose/ansible/plumb_splunk.yml
Once the playbook is done running Splunk should now be setup in your development environment. You can log into the admin console (see above for username/password) and click on "Searching and Reporting" in the left hand navigation. In the search box enter `source="http:tower_logging_collections"` and click search. Once the playbook is done running Splunk should now be setup in your development environment. You can log into the admin console (see above for username/password) and click on "Searching and Reporting" in the left hand navigation. In the search box enter `source="http:tower_logging_collections"` and click search.
### - tacacs+ Integration
tacacs+ is an networking protocol that provides external authentication which can be used with AWX. This section describes how to build a reference tacacs+ instance and plumb it with your AWX for testing purposes.
First, be sure that you have the awx.awx collection installed by running `make install_collection`.
Anytime you want to run a tacacs+ instance alongside AWX we can start docker-compose with the TACACS option to get a containerized instance with the command:
```bash
TACACS=true make docker-compose
```
Once the containers come up a new port (49) should be exposed and the tacacs+ server should be running on those ports.
Now we are ready to configure and plumb tacacs+ with AWX. To do this we have provided a playbook which will:
* Backup and configure the tacacsplus adapter in AWX. NOTE: this will back up your existing settings but the password fields can not be backed up through the API, you need a DB backup to recover this.
```bash
export CONTROLLER_USERNAME=<your username>
export CONTROLLER_PASSWORD=<your password>
ansible-playbook tools/docker-compose/ansible/plumb_tacacs.yml
```
Once the playbook is done running tacacs+ should now be setup in your development environment. This server has the accounts listed on https://hub.docker.com/r/dchidell/docker-tacacs
### Prometheus and Grafana integration ### Prometheus and Grafana integration

32
tools/docker-compose/ansible/plumb_tacacs.yml Normal file
View File

@@ -0,0 +1,32 @@
---
- name: Plumb a tacacs+ instance
hosts: localhost
connection: local
gather_facts: False
vars:
awx_host: "https://localhost:8043"
tasks:
- name: Load existing and new tacacs+ settings
set_fact:
existing_tacacs: "{{ lookup('awx.awx.controller_api', 'settings/tacacsplus', host=awx_host, verify_ssl=false) }}"
new_tacacs: "{{ lookup('template', 'tacacsplus_settings.json.j2') }}"
- name: Display existing tacacs+ configuration
debug:
msg:
- "Here is your existing tacacsplus configuration for reference:"
- "{{ existing_tacacs }}"
- pause:
prompt: "Continuing to run this will replace your existing tacacs settings (displayed above). They will all be captured. Be sure that is backed up before continuing"
- name: Write out the existing content
copy:
dest: "../_sources/existing_tacacsplus_adapter_settings.json"
content: "{{ existing_tacacs }}"
- name: Configure AWX tacacs+ adapter
awx.awx.settings:
settings: "{{ new_tacacs }}"
controller_host: "{{ awx_host }}"
validate_certs: False

8
tools/docker-compose/ansible/roles/sources/templates/docker-compose.yml.j2
View File

@@ -174,6 +174,14 @@ services:
- prometheus - prometheus
depends_on: depends_on:
- prometheus - prometheus
{% endif %}
{% if enable_tacacs|bool %}
tacacs:
image: dchidell/docker-tacacs
container_name: tools_tacacs_1
hostname: tacacs
ports:
- "49:49"
{% endif %} {% endif %}
# A useful container that simply passes through log messages to the console # A useful container that simply passes through log messages to the console
# helpful for testing awx/tower logging # helpful for testing awx/tower logging

7
tools/docker-compose/ansible/templates/tacacsplus_settings.json.j2 Normal file
View File

@@ -0,0 +1,7 @@
{
"TACACSPLUS_HOST": "tacacs",
"TACACSPLUS_PORT": 49,
"TACACSPLUS_SECRET": "ciscotacacskey",
"TACACSPLUS_SESSION_TIMEOUT": 5,
"TACACSPLUS_AUTH_PROTOCOL": "ascii"
}