--- - name: Create _sources directories file: path: "{{ sources_dest }}/{{ item }}" state: 'directory' mode: '0700' loop: - secrets - receptor - name: Detect secrets stat: path: "{{ sources_dest }}/secrets/{{ item }}.yml" register: secrets when: not lookup('vars', item, default='') loop: - pg_password - secret_key - broadcast_websocket_secret - admin_password - name: Generate secrets if needed template: src: 'secrets.yml.j2' dest: '{{ sources_dest }}/secrets/{{ item.item }}.yml' mode: '0600' when: not lookup('vars', item.item, default='') and not item.stat.exists loop: "{{ secrets.results }}" loop_control: label: '{{ item.item }}' - name: Include generated secrets unless they are explicitly passed in include_vars: "{{ sources_dest }}/secrets/{{ item.item }}.yml" no_log: true when: not lookup('vars', item.item, default='') loop: "{{ secrets.results }}" - name: Write out SECRET_KEY copy: content: "{{ secret_key }}" dest: "{{ sources_dest }}/SECRET_KEY" no_log: true - name: Render configuration templates template: src: "{{ item }}.j2" dest: "{{ sources_dest }}/{{ item }}" mode: '0600' with_items: - "database.py" - "websocket_secret.py" - "haproxy.cfg" - name: Delete old local_settings.py file: path: "{{ playbook_dir }}/../../../awx/settings/local_settings.py" state: absent - name: Copy local_settings.py copy: src: "local_settings.py" dest: "{{ sources_dest }}/local_settings.py" - name: Get OS info for sdb shell: | docker info | grep 'Operating System' register: os_info changed_when: false - name: Get user UID shell: id -u register: current_user changed_when: false - name: Set fact with user UID set_fact: user_id: "'{{ current_user.stdout }}'" - name: Set global version if not provided set_fact: awx_image_tag: "{{ lookup('file', playbook_dir + '/../../../VERSION') }}" when: awx_image_tag is not defined - name: Generate Private RSA key for signing work command: openssl genrsa -out {{ work_sign_private_keyfile }} {{ receptor_rsa_bits }} args: creates: "{{ work_sign_private_keyfile }}" when: sign_work | bool - name: Generate public RSA key for signing work command: openssl rsa -in {{ work_sign_private_keyfile }} -out {{ work_sign_public_keyfile }} -outform PEM -pubout args: creates: "{{ work_sign_public_keyfile }}" when: sign_work | bool - name: Include LDAP tasks if enabled include_tasks: ldap.yml when: enable_ldap | bool - name: Render Docker-Compose template: src: docker-compose.yml.j2 dest: "{{ sources_dest }}/{{ compose_name }}" mode: '0600' - name: Render Receptor Config(s) for Control Plane template: src: "receptor-awx.conf.j2" dest: "{{ sources_dest }}/receptor/receptor-awx-{{ item }}.conf" mode: '0600' with_sequence: start=1 end={{ control_plane_node_count }} - name: Create Receptor Config Lock File file: path: "{{ sources_dest }}/receptor/receptor-awx-{{ item }}.conf.lock" state: touch mode: '0600' with_sequence: start=1 end={{ control_plane_node_count }} - name: Render Receptor Config(s) for Control Plane template: src: "receptor-awx.conf.j2" dest: "{{ sources_dest }}/receptor/receptor-awx-{{ item }}.conf" mode: '0600' with_sequence: start=1 end={{ control_plane_node_count }} - name: Render Receptor Hop Config template: src: "receptor-hop.conf.j2" dest: "{{ sources_dest }}/receptor/receptor-hop.conf" mode: '0600' when: - execution_node_count | int > 0 - name: Render Receptor Worker Config(s) template: src: "receptor-worker.conf.j2" dest: "{{ sources_dest }}/receptor/receptor-worker-{{ item }}.conf" mode: '0600' with_sequence: start=1 end={{ execution_node_count if execution_node_count | int > 0 else 1}} when: execution_node_count | int > 0 - name: Render prometheus config template: src: "prometheus.yml.j2" dest: "{{ sources_dest }}/prometheus.yml" when: enable_prometheus|bool