# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. --- # Get Current AWX configuration - name: Get the awx services command: "kubectl get svc -n {{ awx_namespace }}" changed_when: false register: awx_services - name: Expose the service for awx deployment on 8052 port command: "kubectl expose deployment awx --type=NodePort --name={{ awx_service_name }} --port={{ awx_port }} -n {{ awx_namespace }}" changed_when: false when: awx_service_name not in awx_services.stdout - name: Get awx-service Cluster-IP command: "kubectl get svc {{ awx_service_name }} -n {{ awx_namespace }} -o jsonpath='{.spec.clusterIP}'" register: awx_cluster_ip changed_when: false - name: Get AWX admin password shell: > set -o pipefail && \ kubectl get secret awx-admin-password -n {{ awx_namespace }} -o jsonpath='{.data.password}' | base64 --decode register: awx_admin_password changed_when: false - name: Check if config file exists stat: path: "{{ tower_config_file }}" register: config_file - name: Create tower config file copy: dest: "{{ tower_config_file }}" content: | [general] host: http://{{ awx_cluster_ip.stdout }}:{{ awx_port }} username: admin password: {{ awx_admin_password.stdout }} verify_ssl: false use_token: false owner: root mode: "{{ file_perm }}" when: not config_file.stat.exists - name: Check if tower_vault_key exists stat: path: "{{ tower_vault_file }}" register: tower_vault - name: Create ansible vault key if it does not exist set_fact: tower_vault_key: "{{ lookup('password', '/dev/null chars=ascii_letters') }}" when: not tower_vault.stat.exists - name: Save vault key copy: dest: "{{ tower_vault_file }}" content: | {{ tower_vault_key }} owner: root force: yes mode: "{{ vault_file_perm }}" when: not tower_vault.stat.exists - name: Check if {{ tower_config_file }} file is encrypted command: cat {{ tower_config_file }} changed_when: false no_log: true register: config_content run_once: true - name: Encrypt {{ tower_config_file }} command: >- ansible-vault encrypt {{ tower_config_file }} --vault-password-file {{ tower_vault_file }} changed_when: false when: "'$ANSIBLE_VAULT;' not in config_content.stdout" run_once: true - name: Change file permissions file: path: "{{ tower_config_file }}" mode: "{{ file_perm }}" - name: Open awx TCP ports on the firewall firewalld: port: "{{ item }}/tcp" permanent: yes state: enabled with_items: "{{ awx_tcp_ports }}" - name: Masquerade the firewall firewalld: masquerade: yes permanent: yes state: enabled zone: public - name: Reload firewalld service systemd: name: firewalld state: reloaded - name: Waiting for the AWX UI to be up uri: url: "http://{{ awx_cluster_ip.stdout }}:{{ awx_port }}" status_code: "{{ return_status }}" register: display until: display.status == 200 retries: "{{ max_retries }}" delay: "{{ max_delay }}" changed_when: false - name: Waiting for the AWX UI to be in running state uri: url: "http://{{ awx_cluster_ip.stdout }}:{{ awx_port }}" status_code: "{{ return_status }}" return_content: true register: display until: awx_ui_msg not in display.content retries: "{{ max_retries }}" delay: "{{ max_delay }}" changed_when: false