Dell-Omnia-Clusters-HPC-AI/control_plane/roles/webui_awx/tasks/configure_settings.yml

# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
# Get Current AWX configuration

- name: Get the awx services
  command: "kubectl get svc -n {{ awx_namespace }}"
  changed_when: false
  register: awx_services
  
- name: Expose the service for awx deployment on 8052 port
  command: "kubectl expose deployment awx --type=NodePort --name={{ awx_service_name }} --port={{ awx_port }} -n {{ awx_namespace }}"
  changed_when: false
  when: awx_service_name not in awx_services.stdout

- name: Get awx-service Cluster-IP
  command: "kubectl get svc {{ awx_service_name }} -n {{ awx_namespace }} -o jsonpath='{.spec.clusterIP}'"
  register: awx_cluster_ip
  changed_when: false

- name: Get AWX admin password
  shell: >
    set -o pipefail && \
    kubectl get secret awx-admin-password -n {{ awx_namespace }} -o jsonpath='{.data.password}' | base64 --decode
  register: awx_admin_password
  changed_when: false

- name: Check if config file exists
  stat:
    path: "{{ tower_config_file }}"
  register: config_file

- name: Create tower config file
  copy:
    dest:  "{{ tower_config_file }}"
    content: |
      [general]
      host: http://{{ awx_cluster_ip.stdout }}:{{ awx_port }}
      username: admin
      password: {{ awx_admin_password.stdout }}
      verify_ssl: false
      use_token: false
    owner: root
    mode: "{{ file_perm }}"
  when: not config_file.stat.exists

- name: Check if tower_vault_key exists
  stat:
    path: "{{ tower_vault_file }}"
  register: tower_vault

- name: Create ansible vault key if it does not exist
  set_fact:
    tower_vault_key: "{{ lookup('password', '/dev/null chars=ascii_letters') }}"
  when: not tower_vault.stat.exists

- name: Save vault key
  copy:
    dest: "{{ tower_vault_file }}"
    content: |
      {{ tower_vault_key }}
    owner: root
    force: yes
    mode: "{{ vault_file_perm }}"
  when: not tower_vault.stat.exists

- name: Check if {{ tower_config_file }} file is encrypted
  command: cat {{ tower_config_file }}
  changed_when: false
  no_log: true
  register: config_content
  run_once: true

- name: Encrypt {{ tower_config_file }}
  command: >-
    ansible-vault encrypt {{ tower_config_file }}
    --vault-password-file {{ tower_vault_file }}
  changed_when: false
  when: "'$ANSIBLE_VAULT;' not in config_content.stdout"
  run_once: true

- name: Change file permissions
  file:
    path: "{{ tower_config_file }}"
    mode: "{{ file_perm }}"

- name: Open awx TCP ports on the firewall
  firewalld:
    port: "{{ item }}/tcp"
    permanent: yes
    state: enabled
  with_items: "{{ awx_tcp_ports }}"

- name: Masquerade the firewall
  firewalld:
    masquerade: yes
    permanent: yes
    state: enabled
    zone: public

- name: Reload firewalld service
  systemd:
    name: firewalld
    state: reloaded

- name: Waiting for the AWX UI to be up
  uri:
    url: "http://{{ awx_cluster_ip.stdout }}:{{ awx_port }}"
    status_code: "{{ return_status }}"
  register: display
  until: display.status == 200
  retries: "{{ max_retries }}"
  delay: "{{ max_delay }}"
  changed_when: false

- name: Waiting for the AWX UI to be in running state
  uri:
    url: "http://{{ awx_cluster_ip.stdout }}:{{ awx_port }}"
    status_code: "{{ return_status }}"
    return_content: true
  register: display
  until: awx_ui_msg not in display.content
  retries: "{{ max_retries }}"
  delay: "{{ max_delay }}"
  changed_when: false