tools/docker-compose/ansible/roles/sources/tasks/main.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155

---

- name: Create _sources directories
  file:
    path: "{{ sources_dest }}/{{ item }}"
    state: 'directory'
    mode: '0700'
  loop:
    - secrets
    - receptor

- name: Detect secrets
  stat:
    path: "{{ sources_dest }}/secrets/{{ item }}.yml"
  register: secrets
  when: not lookup('vars', item, default='')
  loop:
    - pg_password
    - secret_key
    - broadcast_websocket_secret
    - admin_password

- name: Generate secrets if needed
  template:
    src: 'secrets.yml.j2'
    dest: '{{ sources_dest }}/secrets/{{ item.item }}.yml'
    mode: '0600'
  when: not lookup('vars', item.item, default='') and not item.stat.exists
  loop: "{{ secrets.results }}"
  loop_control:
    label: '{{ item.item }}'

- name: Include generated secrets unless they are explicitly passed in
  include_vars: "{{ sources_dest }}/secrets/{{ item.item }}.yml"
  no_log: true
  when: not lookup('vars', item.item, default='')
  loop: "{{ secrets.results }}"

- name: Write out SECRET_KEY
  copy:
    content: "{{ secret_key }}"
    dest: "{{ sources_dest }}/SECRET_KEY"
  no_log: true

- name: Find custom error pages
  set_fact:
    custom_error_pages: "{{ (custom_error_pages | default([])) + [new_error_page] }}"
  vars:
    new_error_page:
      error_code: "{{ item | basename() | regex_replace('custom_(\\d+).html', '\\1') }}"
      web_path: "{{ item | regex_replace('^.*/static', '/static') }}"
  loop: "{{ lookup('ansible.builtin.fileglob', playbook_dir + '/../../../awx/static/custom_*.html', wantlist=True) }}"
  when: (item | basename()) is regex("custom_\d+\.html")

- name: Render configuration templates
  template:
    src: "{{ item }}.j2"
    dest: "{{ sources_dest }}/{{ item }}"
    mode: '0600'
  with_items:
    - "database.py"
    - "local_settings.py"
    - "websocket_secret.py"
    - "haproxy.cfg"
    - "nginx.conf"
    - "nginx.locations.conf"

- name: Get OS info for sdb
  shell: |
    docker info | grep 'Operating System'
  register: os_info
  changed_when: false

- name: Get user UID
  shell: id -u
  register: current_user
  changed_when: false

- name: Set fact with user UID
  set_fact:
    user_id: "'{{ current_user.stdout }}'"

- name: Set global version if not provided
  set_fact:
    awx_image_tag: "{{ lookup('file', playbook_dir + '/../../../VERSION') }}"
  when: awx_image_tag is not defined

- name: Generate Private RSA key for signing work
  command: openssl genrsa -out {{ work_sign_private_keyfile }} {{ receptor_rsa_bits }}
  args:
    creates: "{{ work_sign_private_keyfile }}"
  when: sign_work | bool

- name: Generate public RSA key for signing work
  command: openssl rsa -in {{ work_sign_private_keyfile }} -out {{ work_sign_public_keyfile }} -outform PEM -pubout
  args:
    creates: "{{ work_sign_public_keyfile }}"
  when: sign_work | bool

- name: Include LDAP tasks if enabled
  include_tasks: ldap.yml
  when: enable_ldap | bool

- name: Include vault TLS tasks if enabled
  include_tasks: vault_tls.yml
  when: enable_vault | bool

- name: Render Docker-Compose
  template:
    src: docker-compose.yml.j2
    dest: "{{ sources_dest }}/{{ compose_name }}"
    mode: '0600'

- name: Render Receptor Config(s) for Control Plane
  template:
    src: "receptor-awx.conf.j2"
    dest: "{{ sources_dest }}/receptor/receptor-awx-{{ item }}.conf"
    mode: '0600'
  with_sequence: start=1 end={{ control_plane_node_count }}

- name: Create Receptor Config Lock File
  file:
    path: "{{ sources_dest }}/receptor/receptor-awx-{{ item }}.conf.lock"
    state: touch
    mode: '0600'
  with_sequence: start=1 end={{ control_plane_node_count }}

- name: Render Receptor Config(s) for Control Plane
  template:
    src: "receptor-awx.conf.j2"
    dest: "{{ sources_dest }}/receptor/receptor-awx-{{ item }}.conf"
    mode: '0600'
  with_sequence: start=1 end={{ control_plane_node_count }}

- name: Render Receptor Hop Config
  template:
    src: "receptor-hop.conf.j2"
    dest: "{{ sources_dest }}/receptor/receptor-hop.conf"
    mode: '0600'
  when:
    - execution_node_count | int > 0

- name: Render Receptor Worker Config(s)
  template:
    src: "receptor-worker.conf.j2"
    dest: "{{ sources_dest }}/receptor/receptor-worker-{{ item }}.conf"
    mode: '0600'
  with_sequence: start=1 end={{ execution_node_count if execution_node_count | int > 0 else 1}}
  when: execution_node_count | int > 0

- name: Render prometheus config
  template:
    src: "prometheus.yml.j2"
    dest: "{{ sources_dest }}/prometheus.yml"
  when: enable_prometheus|bool