mirror of
https://github.com/ansible/awx.git
synced 2026-02-02 01:58:09 -03:30
3ae72219b4
This is a non-functional change. The way os_info is populated with docker info and grep 'Operating System' breaks on podman and likely in other places. This makes it work on both podman and docker, and it will continue to return the exact same strings everywhere else.
156 lines
4.5 KiB
YAML
156 lines
4.5 KiB
YAML
---
|
|
|
|
- name: Create _sources directories
|
|
file:
|
|
path: "{{ sources_dest }}/{{ item }}"
|
|
state: 'directory'
|
|
mode: '0700'
|
|
loop:
|
|
- secrets
|
|
- receptor
|
|
|
|
- name: Detect secrets
|
|
stat:
|
|
path: "{{ sources_dest }}/secrets/{{ item }}.yml"
|
|
register: secrets
|
|
when: not lookup('vars', item, default='')
|
|
loop:
|
|
- pg_password
|
|
- secret_key
|
|
- broadcast_websocket_secret
|
|
- admin_password
|
|
|
|
- name: Generate secrets if needed
|
|
template:
|
|
src: 'secrets.yml.j2'
|
|
dest: '{{ sources_dest }}/secrets/{{ item.item }}.yml'
|
|
mode: '0600'
|
|
when: not lookup('vars', item.item, default='') and not item.stat.exists
|
|
loop: "{{ secrets.results }}"
|
|
loop_control:
|
|
label: '{{ item.item }}'
|
|
|
|
- name: Include generated secrets unless they are explicitly passed in
|
|
include_vars: "{{ sources_dest }}/secrets/{{ item.item }}.yml"
|
|
no_log: true
|
|
when: not lookup('vars', item.item, default='')
|
|
loop: "{{ secrets.results }}"
|
|
|
|
- name: Write out SECRET_KEY
|
|
copy:
|
|
content: "{{ secret_key }}"
|
|
dest: "{{ sources_dest }}/SECRET_KEY"
|
|
no_log: true
|
|
|
|
- name: Find custom error pages
|
|
set_fact:
|
|
custom_error_pages: "{{ (custom_error_pages | default([])) + [new_error_page] }}"
|
|
vars:
|
|
new_error_page:
|
|
error_code: "{{ item | basename() | regex_replace('custom_(\\d+).html', '\\1') }}"
|
|
web_path: "{{ item | regex_replace('^.*/static', '/static') }}"
|
|
loop: "{{ lookup('ansible.builtin.fileglob', playbook_dir + '/../../../awx/static/custom_*.html', wantlist=True) }}"
|
|
when: (item | basename()) is regex("custom_\d+\.html")
|
|
|
|
- name: Render configuration templates
|
|
template:
|
|
src: "{{ item }}.j2"
|
|
dest: "{{ sources_dest }}/{{ item }}"
|
|
mode: '0600'
|
|
with_items:
|
|
- "database.py"
|
|
- "local_settings.py"
|
|
- "websocket_secret.py"
|
|
- "haproxy.cfg"
|
|
- "nginx.conf"
|
|
- "nginx.locations.conf"
|
|
|
|
- name: Get OS info for sdb
|
|
shell: |
|
|
docker info 2> /dev/null | awk '/Os:/ { gsub(/Os:/, "Operating System:"); }/Operating System/ { print; }'
|
|
register: os_info
|
|
changed_when: false
|
|
|
|
- name: Get user UID
|
|
shell: id -u
|
|
register: current_user
|
|
changed_when: false
|
|
|
|
- name: Set fact with user UID
|
|
set_fact:
|
|
user_id: "'{{ current_user.stdout }}'"
|
|
|
|
- name: Set global version if not provided
|
|
set_fact:
|
|
awx_image_tag: "{{ lookup('file', playbook_dir + '/../../../VERSION') }}"
|
|
when: awx_image_tag is not defined
|
|
|
|
- name: Generate Private RSA key for signing work
|
|
command: openssl genrsa -out {{ work_sign_private_keyfile }} {{ receptor_rsa_bits }}
|
|
args:
|
|
creates: "{{ work_sign_private_keyfile }}"
|
|
when: sign_work | bool
|
|
|
|
- name: Generate public RSA key for signing work
|
|
command: openssl rsa -in {{ work_sign_private_keyfile }} -out {{ work_sign_public_keyfile }} -outform PEM -pubout
|
|
args:
|
|
creates: "{{ work_sign_public_keyfile }}"
|
|
when: sign_work | bool
|
|
|
|
- name: Include LDAP tasks if enabled
|
|
include_tasks: ldap.yml
|
|
when: enable_ldap | bool
|
|
|
|
- name: Include vault TLS tasks if enabled
|
|
include_tasks: vault_tls.yml
|
|
when: enable_vault | bool
|
|
|
|
- name: Render Docker-Compose
|
|
template:
|
|
src: docker-compose.yml.j2
|
|
dest: "{{ sources_dest }}/{{ compose_name }}"
|
|
mode: '0600'
|
|
|
|
- name: Render Receptor Config(s) for Control Plane
|
|
template:
|
|
src: "receptor-awx.conf.j2"
|
|
dest: "{{ sources_dest }}/receptor/receptor-awx-{{ item }}.conf"
|
|
mode: '0600'
|
|
with_sequence: start=1 end={{ control_plane_node_count }}
|
|
|
|
- name: Create Receptor Config Lock File
|
|
file:
|
|
path: "{{ sources_dest }}/receptor/receptor-awx-{{ item }}.conf.lock"
|
|
state: touch
|
|
mode: '0600'
|
|
with_sequence: start=1 end={{ control_plane_node_count }}
|
|
|
|
- name: Render Receptor Config(s) for Control Plane
|
|
template:
|
|
src: "receptor-awx.conf.j2"
|
|
dest: "{{ sources_dest }}/receptor/receptor-awx-{{ item }}.conf"
|
|
mode: '0600'
|
|
with_sequence: start=1 end={{ control_plane_node_count }}
|
|
|
|
- name: Render Receptor Hop Config
|
|
template:
|
|
src: "receptor-hop.conf.j2"
|
|
dest: "{{ sources_dest }}/receptor/receptor-hop.conf"
|
|
mode: '0600'
|
|
when:
|
|
- execution_node_count | int > 0
|
|
|
|
- name: Render Receptor Worker Config(s)
|
|
template:
|
|
src: "receptor-worker.conf.j2"
|
|
dest: "{{ sources_dest }}/receptor/receptor-worker-{{ item }}.conf"
|
|
mode: '0600'
|
|
with_sequence: start=1 end={{ execution_node_count if execution_node_count | int > 0 else 1}}
|
|
when: execution_node_count | int > 0
|
|
|
|
- name: Render prometheus config
|
|
template:
|
|
src: "prometheus.yml.j2"
|
|
dest: "{{ sources_dest }}/prometheus.yml"
|
|
when: enable_prometheus|bool
|