mirror of
https://github.com/ansible/awx.git
synced 2026-01-15 20:00:43 -03:30
176 lines
5.4 KiB
YAML
176 lines
5.4 KiB
YAML
---
|
|
|
|
- name: Create _sources directories
|
|
file:
|
|
path: "{{ sources_dest }}/{{ item }}"
|
|
state: 'directory'
|
|
mode: '0700'
|
|
loop:
|
|
- secrets
|
|
- receptor
|
|
|
|
- name: Detect secrets
|
|
stat:
|
|
path: "{{ sources_dest }}/secrets/{{ item }}.yml"
|
|
register: secrets
|
|
when: not lookup('vars', item, default='')
|
|
loop:
|
|
- pg_password
|
|
- secret_key
|
|
- broadcast_websocket_secret
|
|
- admin_password
|
|
|
|
- name: Generate secrets if needed
|
|
template:
|
|
src: 'secrets.yml.j2'
|
|
dest: '{{ sources_dest }}/secrets/{{ item.item }}.yml'
|
|
mode: '0600'
|
|
when: not lookup('vars', item.item, default='') and not item.stat.exists
|
|
loop: "{{ secrets.results }}"
|
|
loop_control:
|
|
label: '{{ item.item }}'
|
|
|
|
- name: Include generated secrets unless they are explicitly passed in
|
|
include_vars: "{{ sources_dest }}/secrets/{{ item.item }}.yml"
|
|
no_log: true
|
|
when: not lookup('vars', item.item, default='')
|
|
loop: "{{ secrets.results }}"
|
|
|
|
- name: Write out SECRET_KEY
|
|
copy:
|
|
content: "{{ secret_key }}"
|
|
dest: "{{ sources_dest }}/SECRET_KEY"
|
|
no_log: true
|
|
|
|
- name: Find custom error pages
|
|
set_fact:
|
|
custom_error_pages: "{{ (custom_error_pages | default([])) + [new_error_page] }}"
|
|
vars:
|
|
new_error_page:
|
|
error_code: "{{ item | basename() | regex_replace('custom_(\\d+).html', '\\1') }}"
|
|
web_path: "{{ item | regex_replace('^.*/static', '/static') }}"
|
|
loop: "{{ lookup('ansible.builtin.fileglob', playbook_dir + '/../../../awx/static/custom_*.html', wantlist=True) }}"
|
|
when: (item | basename()) is regex("custom_\d+\.html")
|
|
|
|
- name: Render configuration templates
|
|
template:
|
|
src: "{{ item }}.j2"
|
|
dest: "{{ sources_dest }}/{{ item }}"
|
|
mode: '0600'
|
|
with_items:
|
|
- "database.py"
|
|
- "local_settings.py"
|
|
- "websocket_secret.py"
|
|
- "haproxy.cfg"
|
|
- "nginx.conf"
|
|
- "nginx.locations.conf"
|
|
|
|
- name: Get OS info for sdb
|
|
shell: |
|
|
docker info 2> /dev/null | awk '/Os:/ { gsub(/Os:/, "Operating System:"); }/Operating System/ { print; }'
|
|
register: os_info
|
|
changed_when: false
|
|
|
|
- name: Get user UID
|
|
shell: id -u
|
|
register: current_user
|
|
changed_when: false
|
|
|
|
- name: Set fact with user UID
|
|
set_fact:
|
|
user_id: "'{{ current_user.stdout }}'"
|
|
|
|
- name: Set global version if not provided
|
|
set_fact:
|
|
awx_image_tag: "{{ lookup('file', playbook_dir + '/../../../VERSION') }}"
|
|
when: awx_image_tag is not defined
|
|
|
|
- name: Generate Private RSA key for signing work
|
|
command: openssl genrsa -out {{ work_sign_private_keyfile }} {{ receptor_rsa_bits }}
|
|
args:
|
|
creates: "{{ work_sign_private_keyfile }}"
|
|
when: sign_work | bool
|
|
|
|
- name: Generate public RSA key for signing work
|
|
command: openssl rsa -in {{ work_sign_private_keyfile }} -out {{ work_sign_public_keyfile }} -outform PEM -pubout
|
|
args:
|
|
creates: "{{ work_sign_public_keyfile }}"
|
|
when: sign_work | bool
|
|
|
|
- name: Include vault TLS tasks if enabled
|
|
include_tasks: vault_tls.yml
|
|
when: enable_vault | bool
|
|
|
|
- name: Iterate through ../editable_dependencies and get symlinked directories and register the paths
|
|
find:
|
|
paths: "{{ playbook_dir }}/../editable_dependencies"
|
|
file_type: link
|
|
recurse: no
|
|
register: _editable_dependencies_links
|
|
when: install_editable_dependencies | bool
|
|
|
|
- name: Warn about empty editable_dependnecies
|
|
fail:
|
|
msg: "[WARNING] No editable_dependencies found in ../editable_dependencies"
|
|
when: install_editable_dependencies | bool and not _editable_dependencies_links.files
|
|
ignore_errors: true
|
|
|
|
- name: Set fact with editable_dependencies
|
|
set_fact:
|
|
editable_dependencies: "{{ _editable_dependencies_links.files | map(attribute='path') | list }}"
|
|
when: install_editable_dependencies | bool and _editable_dependencies_links.files
|
|
|
|
- name: Set install_editable_dependnecies to false if no editable_dependencies are found
|
|
set_fact:
|
|
install_editable_dependencies: false
|
|
when: install_editable_dependencies | bool and not _editable_dependencies_links.files
|
|
|
|
- name: Render Docker-Compose
|
|
template:
|
|
src: docker-compose.yml.j2
|
|
dest: "{{ sources_dest }}/{{ compose_name }}"
|
|
mode: '0600'
|
|
|
|
- name: Render Receptor Config(s) for Control Plane
|
|
template:
|
|
src: "receptor-awx.conf.j2"
|
|
dest: "{{ sources_dest }}/receptor/receptor-awx-{{ item }}.conf"
|
|
mode: '0600'
|
|
with_sequence: start=1 end={{ control_plane_node_count }}
|
|
|
|
- name: Create Receptor Config Lock File
|
|
file:
|
|
path: "{{ sources_dest }}/receptor/receptor-awx-{{ item }}.conf.lock"
|
|
state: touch
|
|
mode: '0600'
|
|
with_sequence: start=1 end={{ control_plane_node_count }}
|
|
|
|
- name: Render Receptor Config(s) for Control Plane
|
|
template:
|
|
src: "receptor-awx.conf.j2"
|
|
dest: "{{ sources_dest }}/receptor/receptor-awx-{{ item }}.conf"
|
|
mode: '0600'
|
|
with_sequence: start=1 end={{ control_plane_node_count }}
|
|
|
|
- name: Render Receptor Hop Config
|
|
template:
|
|
src: "receptor-hop.conf.j2"
|
|
dest: "{{ sources_dest }}/receptor/receptor-hop.conf"
|
|
mode: '0600'
|
|
when:
|
|
- execution_node_count | int > 0
|
|
|
|
- name: Render Receptor Worker Config(s)
|
|
template:
|
|
src: "receptor-worker.conf.j2"
|
|
dest: "{{ sources_dest }}/receptor/receptor-worker-{{ item }}.conf"
|
|
mode: '0600'
|
|
with_sequence: start=1 end={{ execution_node_count if execution_node_count | int > 0 else 1}}
|
|
when: execution_node_count | int > 0
|
|
|
|
- name: Render prometheus config
|
|
template:
|
|
src: "prometheus.yml.j2"
|
|
dest: "{{ sources_dest }}/prometheus.yml"
|
|
when: enable_prometheus|bool
|