# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
# Get Current AWX configuration
- name: Get the awx services
command: "kubectl get svc -n {{ awx_namespace }}"
changed_when: false
register: awx_services
- name: Expose the service for awx deployment on 8052 port
command: "kubectl expose deployment awx --type=NodePort --name={{ awx_service_name }} --port={{ awx_port }} -n {{ awx_namespace }}"
changed_when: false
when: awx_service_name not in awx_services.stdout
- name: Get awx-service Cluster-IP
command: "kubectl get svc {{ awx_service_name }} -n {{ awx_namespace }} -o jsonpath='{.spec.clusterIP}'"
register: awx_cluster_ip
changed_when: false
- name: Get AWX admin password
shell: >
set -o pipefail && \
kubectl get secret awx-admin-password -n {{ awx_namespace }} -o jsonpath='{.data.password}' | base64 --decode
no_log: true
register: awx_admin_password
changed_when: false
- name: Check if config file exists
stat:
path: "{{ tower_config_file }}"
register: config_file
- name: Create tower config file
copy:
dest: "{{ tower_config_file }}"
content: |
[general]
host: http://{{ awx_cluster_ip.stdout }}:{{ awx_port }}
username: admin
password: {{ awx_admin_password.stdout }}
verify_ssl: false
use_token: false
owner: root
mode: "{{ file_perm }}"
when: not config_file.stat.exists
- name: Check if tower_vault_key exists
stat:
path: "{{ tower_vault_file }}"
register: tower_vault
- name: Create ansible vault key if it does not exist
set_fact:
tower_vault_key: "{{ lookup('password', '/dev/null chars=ascii_letters') }}"
when: not tower_vault.stat.exists
- name: Save vault key
copy:
dest: "{{ tower_vault_file }}"
content: |
{{ tower_vault_key }}
owner: root
force: yes
mode: "{{ vault_file_perm }}"
when: not tower_vault.stat.exists
- name: Check if {{ tower_config_file }} file is encrypted
command: cat {{ tower_config_file }}
changed_when: false
no_log: true
register: config_content
run_once: true
- name: Encrypt {{ tower_config_file }}
command: >-
ansible-vault encrypt {{ tower_config_file }}
--vault-password-file {{ tower_vault_file }}
changed_when: false
when: "'$ANSIBLE_VAULT;' not in config_content.stdout"
run_once: true
- name: Change file permissions
file:
path: "{{ tower_config_file }}"
mode: "{{ file_perm }}"
- name: Open awx TCP ports on the firewall
firewalld:
port: "{{ item }}/tcp"
permanent: yes
state: enabled
with_items: "{{ awx_tcp_ports }}"
- name: Masquerade the firewall
firewalld:
masquerade: yes
permanent: yes
state: enabled
zone: public
- name: Reload firewalld service
systemd:
name: firewalld
state: reloaded
- name: Waiting for AWX UI
wait_for:
timeout: "{{ awx_ui_wait_time }}"
- name: Waiting for the AWX UI to be up
uri:
url: "http://{{ awx_cluster_ip.stdout }}:{{ awx_port }}"
status_code: "{{ return_status }}"
register: display
until: display.status == 200
retries: "{{ max_retries }}"
delay: "{{ max_delay }}"
changed_when: false
- name: Waiting for the AWX UI to be in running state
uri:
url: "http://{{ awx_cluster_ip.stdout }}:{{ awx_port }}"
status_code: "{{ return_status }}"
return_content: true
register: display
until: awx_ui_msg not in display.content
retries: "{{ max_retries }}"
delay: "{{ max_delay }}"
changed_when: false