awx/tools/docker-compose/ansible/roles/sources/tasks/main.yml

---

- name: Create _sources directories
  file:
    path: "{{ sources_dest }}/{{ item }}"
    state: 'directory'
    mode: '0700'
  loop:
    - secrets
    - receptor

- name: Detect secrets
  stat:
    path: "{{ sources_dest }}/secrets/{{ item }}.yml"
  register: secrets
  when: not lookup('vars', item, default='')
  loop:
    - pg_password
    - secret_key
    - broadcast_websocket_secret
    - admin_password

- name: Generate secrets if needed
  template:
    src: 'secrets.yml.j2'
    dest: '{{ sources_dest }}/secrets/{{ item.item }}.yml'
    mode: '0600'
  when: not lookup('vars', item.item, default='') and not item.stat.exists
  loop: "{{ secrets.results }}"
  loop_control:
    label: '{{ item.item }}'

- name: Include generated secrets unless they are explicitly passed in
  include_vars: "{{ sources_dest }}/secrets/{{ item.item }}.yml"
  no_log: true
  when: not lookup('vars', item.item, default='')
  loop: "{{ secrets.results }}"

- name: Write out SECRET_KEY
  copy:
    content: "{{ secret_key }}"
    dest: "{{ sources_dest }}/SECRET_KEY"
  no_log: true

- name: Render configuration templates
  template:
    src: "{{ item }}.j2"
    dest: "{{ sources_dest }}/{{ item }}"
    mode: '0600'
  with_items:
    - "database.py"
    - "websocket_secret.py"
    - "haproxy.cfg"

- name: Delete old local_settings.py
  file:
    path: "{{ playbook_dir }}/../../../awx/settings/local_settings.py"
    state: absent

- name: Copy local_settings.py
  copy:
    src: "local_settings.py"
    dest: "{{ sources_dest }}/local_settings.py"

- name: Get OS info for sdb
  shell: |
    docker info | grep 'Operating System'
  register: os_info
  changed_when: false

- name: Get user UID
  shell: id -u
  register: current_user
  changed_when: false

- name: Set fact with user UID
  set_fact:
    user_id: "'{{ current_user.stdout }}'"

- name: Set global version if not provided
  set_fact:
    awx_image_tag: "{{ lookup('file', playbook_dir + '/../../../VERSION') }}"
  when: awx_image_tag is not defined

- name: Generate Private RSA key for signing work
  command: openssl genrsa -out {{ work_sign_private_keyfile }} {{ receptor_rsa_bits }}
  args:
    creates: "{{ work_sign_private_keyfile }}"
  when: sign_work | bool

- name: Generate public RSA key for signing work
  command: openssl rsa -in {{ work_sign_private_keyfile }} -out {{ work_sign_public_keyfile }} -outform PEM -pubout
  args:
    creates: "{{ work_sign_public_keyfile }}"
  when: sign_work | bool

- name: Include LDAP tasks if enabled
  include_tasks: ldap.yml
  when: enable_ldap | bool

- name: Render Docker-Compose
  template:
    src: docker-compose.yml.j2
    dest: "{{ sources_dest }}/{{ compose_name }}"
    mode: '0600'

- name: Render Receptor Config(s) for Control Plane
  template:
    src: "receptor-awx.conf.j2"
    dest: "{{ sources_dest }}/receptor/receptor-awx-{{ item }}.conf"
    mode: '0600'
  with_sequence: start=1 end={{ control_plane_node_count }}

- name: Create Receptor Config Lock File
  file:
    path: "{{ sources_dest }}/receptor/receptor-awx-{{ item }}.conf.lock"
    state: touch
    mode: '0600'
  with_sequence: start=1 end={{ control_plane_node_count }}

- name: Render Receptor Config(s) for Control Plane
  template:
    src: "receptor-awx.conf.j2"
    dest: "{{ sources_dest }}/receptor/receptor-awx-{{ item }}.conf"
    mode: '0600'
  with_sequence: start=1 end={{ control_plane_node_count }}

- name: Render Receptor Hop Config
  template:
    src: "receptor-hop.conf.j2"
    dest: "{{ sources_dest }}/receptor/receptor-hop.conf"
    mode: '0600'
  when:
    - execution_node_count | int > 0

- name: Render Receptor Worker Config(s)
  template:
    src: "receptor-worker.conf.j2"
    dest: "{{ sources_dest }}/receptor/receptor-worker-{{ item }}.conf"
    mode: '0600'
  with_sequence: start=1 end={{ execution_node_count if execution_node_count | int > 0 else 1}}
  when: execution_node_count | int > 0

- name: Render prometheus config
  template:
    src: "prometheus.yml.j2"
    dest: "{{ sources_dest }}/prometheus.yml"
  when: enable_prometheus|bool