README.adoc
@@ -5,6 +5,7 @@ to fully configured running application environments running on either public Cloud Providers or OpenShift clusters. *AgnosticD* is not an OpenShift Deployer, though it can and does that, it is however also a deployer that just happens to be used to deploy a lot of OpenShift and OpenShift workloads, amongst other things. ansible/configs/ans-tower-prod/env_vars.yml
@@ -423,3 +423,25 @@ # # cf_template_description: "{{ env_type }}-{{ guid }} Ansible Agnostic Deployer" tower_run: false default_workloads: - tower-copy-ssh - tower-license-injector - cleanup-tower-default - tower-settings-update - tower-pip-packages - tower-user-create - tower-org-create - tower-project-create - tower-inventory-create - tower-jobtemplate-create # infra_workloads|: # - tower-settings-update # - tower-pip-packages # - tower-user-create # - tower-org-create # - tower-project-create # - tower-inventory-create # - tower-jobtemplate-create ansible/configs/ans-tower-prod/files/hosts_template.j2
@@ -1,23 +1,24 @@ [tower] {% for host in groups['towers'] %} tower{{loop.index}}.{{chomped_zone_internal_dns}} public_host_name=tower{{loop.index}}.{{ guid }}{{subdomain_base_suffix}} ssh_host={{host}} {{ host }} {% endfor %} [database] ## This should be replaced by supports[0] name support1.{{chomped_zone_internal_dns}} ## Add isolated if needed, we should have an "IF" statement, only if worker groups exist and have instances. {% if target_regions is defined %} {%for i_region in target_regions %} [isolated_group_{{i_region.name}}] {% for host in groups[i_region.name] %} worker{{ i_region.name }}{{loop.index}}.{{chomped_zone_internal_dns}} public_host_name=worker{{loop.index}}.{{ guid }}{{subdomain_base_suffix}} ssh_host={{host}} {% for host in groups['workers'] %} {% if 'worker' + i_region.name in host %} {{ host }} {% endif %} {% endfor %} [isolated_group_{{i_region.name}}:vars] controller=tower @@ -29,26 +30,22 @@ ansible_become=true admin_password={{tower_admin_password}} ## This should be replaced by supports[0] name pg_host='support1.{{guid}}.internal' pg_host='support1.{{chomped_zone_internal_dns}}' pg_port='5432' pg_database='awx' pg_username='awx' pg_password={{tower_admin_password}} rabbitmq_port=5672 rabbitmq_vhost=tower rabbitmq_username=tower rabbitmq_password={{ tower_admin_password | regex_replace('[^a-zA-Z0-9]') }} rabbitmq_cookie=cookiemonster rabbitmq_use_long_name=true ### For our use, not Tower install use (so you can run ansible command line) [supports] {% for host in groups['support'] %} support{{loop.index}}.{{chomped_zone_internal_dns}} public_host_name=support{{loop.index}}.{{ guid }}{{subdomain_base_suffix}} ssh_host={{host}} {{ host }} {% endfor %} ansible/configs/ans-tower-prod/files/tower_cli.j2
@@ -1,5 +1,5 @@ [general] host = tower1.{{guid}}.example.opentlc.com host = {{ tower_hostname }} username = admin password = {{tower_admin_password}} verify_ssl = False ansible/configs/ans-tower-prod/post_software.yml
@@ -20,6 +20,7 @@ - name: PostSoftware flight-check hosts: localhost connection: local ansible/configs/ans-tower-prod/sample_vars_babylon.yml
@@ -10,7 +10,7 @@ # Env config basics env_type: ans-tower-prod # Name of config to deploy output_dir: /tmp # Writable working scratch directory output_dir: /opt/workdir # Writable working scratch directory email: name@example.com # User info for notifications #guid: hwtest2 # Unique string used in FQDN @@ -33,7 +33,9 @@ tower_version: 3.5.0-1 # tower version you want to install region: apac # region can not be with special characters in case of isolated node group software_to_deploy: tower # Define tower to install tower or none to have only infra ready. worker: yes # Set yes to add isolated node group. tower_instance_count: 1 support_instance_count: 1 worker_instance_count: 1 # Set 0 to not to provision worker(isolated) nodes. @@ -53,8 +55,8 @@ # "subscription_name": "Ansible Tower by Red Hat (50 Managed Nodes), RHT Internal", # "trial": true # } accounts: #Define users you want to create. Set superuser: yes to make user system wide System Administrator tower_host_name: "tower1.{{guid}}{{subdomain_base_suffix}}" tower_user_accounts: #Define users you want to create. Set superuser: yes to make user system wide System Administrator - user: babylon password: changeme email: babylon@example.com @@ -75,9 +77,9 @@ - name: BU target_regions: - name: eama - name: emea - name: apac - name: na ### tower project roles tower_projects: @@ -87,18 +89,57 @@ scm_url: "https://github.com/redhat-gpte-devopsautomation/babylon.git" #scm_type: #scm_credential: #scm_branch: master scm_branch: dev scm_update_on_launch: true tower_inventories: - name: null-inventory-emea - name: empty-inventory description: "Inventory for job runner" organization: gpte - name: empty-inventory-emea description: emea organization: gpte instance_group: eama - name: null-inventory-na description: na instance_group: emea - name: empty-inventory-apac description: apac organization: gpte instance_group: na instance_group: apac tower_job_templates: - name: babylon_job_runner description: "babylon job runner" job_type: run #vault_credential: project: babylon playbook: job-runner.yml become: yes # Tower settings tower_setting_params: AWX_PROOT_BASE_PATH: "/tmp" AWX_PROOT_SHOW_PATHS: "'/var/lib/awx/projects/', '/tmp'" # List of virtual environment which will be created # restart of tower service is required # ansible-tower-service restart # https://docs.ansible.com/ansible-tower/latest/html/userguide/security.html tower_virtual_environment: - /var/lib/awx/venv/ansible - /var/lib/awx/venv/test1 # Path of Virtual Env for update tower_update_venv: /var/lib/awx/venv/ansible # Pip packages with version which needs to be updated for venv pip_requirements: - boto==2.49.0 - boto3==1.9.200 - awscli==1.16.210 - ansible-tower-cli==3.3.6 key_local_path: "~/.ssh/{{key_name}}.pem" tower_job_templates: - name: babylon_deployer @@ -107,7 +148,7 @@ job_type: run #vault_credential: project: babylon playbook: "babylon-tower/ansible/run-deployer.yml" playbook: job-runner.yml become: yes ansible/configs/ans-tower-prod/tower_workloads.yml
@@ -1,48 +1,55 @@ - hosts: bastions --- - name: Install workloads hosts: bastions gather_facts: false become: yes run_once: true become: true tasks: - name: Inject License include_role: name: tower-license-injector when: tower_license is defined - set_fact: tower_hostname: "{{ item | first }}" loop: - "{{ query('inventory_hostnames', 'towers') }}" - name: Install tower-default workloads when: - default_workloads | d("") | length > 0 tags: - tower-license-injector - name: Delete Demo suff include_role: name: cleanup-tower-default tags: - tower-clean-default - name: Create tower users include_role: name: tower-user-create when: accounts is defined tags: - tower-user-create - name: Create tower org include_role: name: tower-org-create when: tower_organization is defined tags: - tower-org-create - default_workloads block: - name: Install tower-default-workloads when: - default_workloads | d("") | length >0 block: - name: Deploy tower-default workloads include_role: name: "{{ workload_loop_var }}" vars: tower_username: "admin" loop: "{{ default_workloads }}" loop_control: loop_var: workload_loop_var - name: Create tower Project include_role: name: tower-project-create when: tower_projects is defined - name: Install tower-infra workloads when: - infra_workloads|d("")|length > 0 tags: - tower-project-create - name: Create tower Inventory include_role: name: tower-inventory-create when: tower_inventories is defined tags: - tower-inventory-create - name: Create tower Job Template include_role: name: tower-jobtemplate-create when: tower_job_templates is defined tags: - tower-job-template-create - infra_workloads block: - name: Check if admin_user is set fail: msg: admin_user must be set for tower-infra workloads when: - not admin_user is defined or admin_user|length == 0 - name: Install tower-infra-workloads when: - infra_workloads|d("")|length >0 block: - name: Deploy tower-infra workloads include_role: name: "{{ workload_loop_var }}" vars: tower_username: admin ACTION: "provision" loop: "{{ infra_workloads.split(',')|list }}" loop_control: loop_var: workload_loop_var ansible/configs/ans-tower-prod/tower_workloads_workaround.yml
New file @@ -0,0 +1,156 @@ - hosts: bastions gather_facts: false become: yes tasks: - name: Inject License include_role: name: tower-license-injector when: tower_license is defined tags: - tower-license-injector ###### delete demo stuff ####### - name: Delete Demo Job Template tower_job_template: name: "Demo Job Template" state: absent job_type: run playbook: "hello_world.yml" project: "Demo Project" inventory: "Demo Inventory" tower_host: "{{ tower_host_name }}" tower_username: admin tower_password: "{{tower_admin_password}}" tower_verify_ssl: false ignore_errors: yes - name: Delete Demo Credential command: tower-cli credential delete -n "Demo Credential" ignore_errors: yes - name: Delete Demo Project tower_project: name: "Demo Project" state: absent tower_host: "{{ tower_host_name }}" tower_username: admin tower_password: "{{tower_admin_password}}" tower_verify_ssl: false ignore_errors: yes - name: Delete Demo Inventory tower_inventory: name: "Demo Inventory" organization: Default state: absent tower_host: "{{ tower_host_name }}" tower_username: admin tower_password: "{{tower_admin_password}}" tower_verify_ssl: false ignore_errors: yes ###### Create tower users ##### - name: Add tower user tower_user: username: "{{ item.user }}" password: "{{ item.password | default('change_me') }}" email: "{{ item.email | default('rhpds-admins@redhat.com') }}" first_name: "{{ item.firstname | default(item.user) }}" last_name: "{{ item.lastname | default(item.user) }}" superuser: "{{ item.superuser | default('no')}}" state: present tower_host: "{{ tower_host_name }}" tower_username: admin tower_password: "{{tower_admin_password}}" tower_verify_ssl: false loop: "{{ tower_accounts }}" when: tower_accounts is defined tags: - tower-user-create #### Create Tower Organization #### - name: Add tower org tower_organization: name: "{{ item.name }}" state: present tower_host: "{{ tower_host_name }}" tower_username: admin tower_password: "{{tower_admin_password}}" tower_verify_ssl: false loop: "{{ tower_organization }}" when: tower_organization is defined tags: - tower-org-create #### Create tower Project ##### - name: Add tower project tower_project: name: "{{ item.name }}" description: "{{ item.description }}" organization: "{{ item.organization | default('Default')}}" scm_url: "{{ item.scm_url }}" scm_type: "{{ item.scm_type | d('git')}}" scm_credential: "{{ item.scm_credential | d('')}}" scm_branch: "{{ item.scm_branch | d('master') }}" scm_update_on_launch: "{{ item.scm_update_on_launch | d('false') }}" state: present tower_host: "{{ tower_host_name }}" tower_username: admin tower_password: "{{tower_admin_password}}" tower_verify_ssl: false loop: "{{ tower_projects }}" when: tower_projects is defined tags: - tower-project-create #### Create tower Inventory #### - name: Block for Inventory when: tower_inventories is defined block: - name: Add tower inventory tower_inventory: name: "{{ item.name }}" description: "{{ item.description }}" organization: "{{ item.organization | d('gpte') }}" state: present tower_host: "{{ tower_host_name }}" tower_username: admin tower_password: "{{tower_admin_password}}" tower_verify_ssl: false loop: "{{ tower_inventories }}" tags: - tower-inventory-create - name: Associate instance group to inventory command: >- tower-cli inventory associate_ig --inventory "{{ item.name }}" --instance-group "{{ item.instance_group | d('') }}" loop: "{{ tower_inventories }}" when: - item.instance_group is defined #### Create Tower Job Template #### - name: Add tower JobTemplate tower_job_template: name: "{{ item.name }}" description: "{{ item.description }}" job_type: run ask_inventory: Yes ask_credential: Yes vault_credential: "{{ item.vault_credential | d('') }}" ask_extra_vars: Yes project: "{{ item.project }}" playbook: "{{ item.playbook | d('main.yml') }}" become_enabled: "{{ item.become | d('no') }}" concurrent_jobs_enabled: Yes state: present tower_host: "{{ tower_host_name }}" tower_username: admin tower_password: "{{tower_admin_password}}" tower_verify_ssl: false loop: "{{ tower_job_templates }}" when: tower_job_templates is defined tags: - tower-job-template-create ansible/configs/multi-region-tower/env_vars.yml
@@ -280,7 +280,7 @@ azure: Standard_A2_V2 tags: - key: "AnsibleGroup" value: "tower" value: "towers" - key: "ostype" value: "linux" - key: "instance_filter" ansible/configs/multi-region-tower/files/hosts_template.j2
@@ -1,5 +1,5 @@ [tower] {% for host in groups['tower'] %} {% for host in groups['towers'] %} {{ host }} {% endfor %} ansible/configs/multi-region-tower/sample_vars_babylon.yml
@@ -31,11 +31,11 @@ vpc_cidr: 10.1.0.0/16 subnet_cidr: 10.1.0.0/24 name: na - region: eu-central-1 stack: worker.j2 name: frankfurt vpc_cidr: 10.2.0.0/16 subnet_cidr: 10.2.0.0/24 # - region: eu-central-1 # stack: worker.j2 # name: frankfurt # vpc_cidr: 10.2.0.0/16 # subnet_cidr: 10.2.0.0/24 - region: ap-southeast-2 stack: worker.j2 name: sydney @@ -46,7 +46,10 @@ #####Ansible Tower related variables tower_admin_password: change_me #worker_instance_count: 0 # Set 0 to not to provision worker(isolated) nodes. tower_instance_count: 1 # Set 0 to not to provision worker(isolated) nodes. support_instance_count: 1 # Set 0 to not to provision worker(isolated) nodes. worker_instance_count: 1 # Set 0 to not to provision worker(isolated) nodes. ansible/configs/multi-region-tower/tower_workloads.yml
@@ -2,6 +2,10 @@ gather_facts: false become: yes tasks: - set_fact: tower_hostname: "{{ item | first }}" loop: - "{{ query('inventory_hostnames', 'towers') }}" - name: Inject License include_role: name: tower-license-injector @@ -43,4 +47,3 @@ when: tower_job_templates is defined tags: - tower-jobtempalte-create ansible/roles/cleanup-tower-default/tasks/main.yml
@@ -6,7 +6,7 @@ playbook: "hello_world.yml" project: "Demo Project" inventory: "Demo Inventory" tower_host: "tower1.{{target_regions[0].name}}.{{guid}}{{subdomain_base_suffix}}" tower_host: "{{ tower_hostname }}" tower_username: admin tower_password: "{{tower_admin_password}}" tower_verify_ssl: false @@ -19,7 +19,7 @@ tower_project: name: "Demo Project" state: absent tower_host: "tower1.{{target_regions[0].name}}.{{guid}}{{subdomain_base_suffix}}" tower_host: "{{ tower_hostname }}" tower_username: admin tower_password: "{{tower_admin_password}}" tower_verify_ssl: false @@ -30,8 +30,8 @@ name: "Demo Inventory" organization: Default state: absent tower_host: "tower1.{{target_regions[0].name}}.{{guid}}{{subdomain_base_suffix}}" tower_host: "{{ tower_hostname }}" tower_username: admin tower_password: "{{tower_admin_password}}" tower_verify_ssl: false ignore_errors: yes ignore_errors: yes ansible/roles/tower-copy-ssh/tasks/main.yml
New file @@ -0,0 +1,28 @@ --- - name: Create .ssh directory on towers file: path: /var/lib/awx/.ssh state: directory delegate_to: "{{ item }}" loop: "{{ query('inventory_hostnames', 'towers') }}" - name: Copy private key from local machine on towers copy: src: "{{ key_local_path }}" dest: /var/lib/awx/.ssh delegate_to: "{{ item }}" loop: "{{ query('inventory_hostnames', 'towers') }}" - name: Create .ssh directory on workers file: path: /var/lib/awx/.ssh state: directory delegate_to: "{{ item }}" loop: "{{ query('inventory_hostnames', 'workers') }}" - name: Copy private key from local machine on workers copy: src: "{{ key_local_path }}" dest: /var/lib/awx/.ssh delegate_to: "{{ item }}" loop: "{{ query('inventory_hostnames', 'workers') }}" ansible/roles/tower-inventory-create/tasks/main.yml
@@ -4,7 +4,7 @@ description: "{{ item.description }}" organization: "{{ item.organization | d('gpte') }}" state: present tower_host: "tower1.{{target_regions[0].name}}.{{guid}}{{subdomain_base_suffix}}" tower_host: "{{ tower_hostname }}" tower_username: admin tower_password: "{{tower_admin_password}}" tower_verify_ssl: false @@ -18,7 +18,7 @@ tower-cli inventory associate_ig --inventory "{{ item.name }}" --instance-group "{{ item.instance_group | d('') }}" --instance-group "{{ item.instance_group }}" loop: "{{ tower_inventories }}" when: - item.instance_group is defined ansible/roles/tower-jobtemplate-create/tasks/main.yml
@@ -12,7 +12,7 @@ become_enabled: "{{ item.become | d('no') }}" concurrent_jobs_enabled: Yes state: present tower_host: "tower1.{{target_regions[0].name}}.{{guid}}{{subdomain_base_suffix}}" tower_host: "{{ tower_hostname }}" tower_username: admin tower_password: "{{tower_admin_password}}" tower_verify_ssl: false ansible/roles/tower-license-injector/tasks/main.yml
@@ -1,6 +1,7 @@ - name: Copy Tower License File copy: content: "{{ tower_license | from_json }}" content: "{{ tower_license | from_json }}" dest: /root/license.txt tags: - tower-license-injector @@ -8,4 +9,6 @@ - name: Add the tower license command: tower-cli setting modify LICENSE @/root/license.txt --insecure tags: - tower-license-injector - tower-license-injector ansible/roles/tower-license-injector/templates/tower_cli.j2
@@ -1,5 +1,5 @@ [general] host = tower1.{{guid}}.example.opentlc.com host = "{{ tower_hostname }}" username = admin password = {{tower_admin_password}} verify_ssl = False ansible/roles/tower-org-create/tasks/main.yml
@@ -2,7 +2,7 @@ tower_organization: name: "{{ item.name }}" state: present tower_host: "tower1.{{target_regions[0].name}}.{{guid}}{{subdomain_base_suffix}}" tower_host: "{{ tower_hostname }}" tower_username: admin tower_password: "{{tower_admin_password}}" tower_verify_ssl: false ansible/roles/tower-pip-packages/tasks/main.yml
New file @@ -0,0 +1,36 @@ --- - name: Copying pip requirement file onto towers template: src: requirements.j2 dest: /tmp/requirements.txt delegate_to: "{{item}}" loop: "{{ query('inventory_hostnames', 'towers') }}" - name: Updating/Installing pip packages on towers shell: >- source activate && pip install -r /tmp/requirements.txt -U args: chdir: "{{tower_update_venv}}/bin" executable: /bin/bash delegate_to: "{{item}}" loop: "{{ query('inventory_hostnames', 'towers') }}" - name: Copying pip requirement file onto workers template: src: requirements.j2 dest: /tmp/requirements.txt delegate_to: "{{item}}" loop: "{{ query('inventory_hostnames', 'workers') }}" - name: Updating/Installing pip packages on workers shell: >- source activate && pip install -r /tmp/requirements.txt -U args: chdir: "{{tower_update_venv}}/bin" executable: /bin/bash delegate_to: "{{item}}" loop: "{{ query('inventory_hostnames', 'workers') }}" ansible/roles/tower-pip-packages/templates/requirements.j2
New file @@ -0,0 +1,3 @@ {% for i_packages in pip_requirements %} {{ i_packages }} {% endfor %} ansible/roles/tower-project-create/tasks/main.yml
@@ -9,7 +9,7 @@ scm_branch: "{{ item.scm_branch | d('master') }}" scm_update_on_launch: "{{ item.scm_update_on_launch | d('false') }}" state: present tower_host: "tower1.{{target_regions[0].name}}.{{guid}}{{subdomain_base_suffix}}" tower_host: "{{ tower_hostname }}" tower_username: admin tower_password: "{{tower_admin_password}}" tower_verify_ssl: false ansible/roles/tower-settings-update/tasks/main.yml
New file @@ -0,0 +1,14 @@ #update tower setting path - name: Set the value of AWX_PROOT_BASE_PATH tower_settings: name: "{{ item.key }}" value: "{{ item.value }}" tower_host: "{{ tower_hostname }}" tower_username: admin tower_password: "{{tower_admin_password}}" when: tower_setting_params is defined loop: "{{ lookup('dict', tower_setting_params) }}" ansible/roles/tower-user-create/tasks/main.yml
@@ -1,3 +1,11 @@ --- - name: Check if variable is defined debug: msg: "tower_user_accounts is not defined" when: - tower_user_accounts is not defined - name: Add tower user tower_user: username: "{{ item.user }}" @@ -7,10 +15,11 @@ last_name: "{{ item.lastname | default(item.user) }}" superuser: "{{ item.superuser | default('no')}}" state: present tower_host: "tower1.{{target_regions[0].name}}.{{guid}}{{subdomain_base_suffix}}" tower_host: "{{ tower_hostname }}" tower_username: admin tower_password: "{{tower_admin_password}}" tower_verify_ssl: false loop: "{{ tower_accounts }}" loop: "{{ tower_user_accounts }}" when: tower_user_create_tower_accounts is defined tags: - tower-user-create ansible/roles/tower-virtual-environment/tasks/main.yml
New file @@ -0,0 +1,23 @@ --- - name: Finding existing environment stat: path: "{{ item }}" register: stat_output loop: "{{ tower_virtual_environment }}" # - debug: var=stat_output. # - debug: # msg: "{{ item.0 }} {{ item.1.stat.exists }}" # when: item.1.stat.exists == False # with_together: # - "{{ tower_virtual_environment }}" # - "{{ stat_output.results }}" - name: Creating virtual environment command: /bin/virtualenv "{{ item.0 }}" when: item.1.stat.exists == False with_together: - "{{ tower_virtual_environment }}" - "{{ stat_output.results }}" ansible/software_playbooks/tower.yml
@@ -36,8 +36,14 @@ state: latest tags: - tower-cli - install-tower - set_fact: tower_hostname: "{{ item | first }}" loop: - "{{ query('inventory_hostnames', 'towers') }}" tags: - tower-cli - name: Configure the tower cli file template: src: "../configs/{{env_type}}/files/tower_cli.j2"