Add CV Publishing

2021-09-01 09:15:48 -04:00
parent caf10019e2
commit 4a8ab6fc84
12 changed files with 96 additions and 52 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -114,3 +114,4 @@ keys/
 collections/ansible_collections/
 .vscode/
 .vaultpw
+context/
--- a/bindep.txt
+++ b/bindep.txt
@@ -1 +0,0 @@
-python38-devel
--- a/build_ansible.yml
+++ b/build_ansible.yml
@@ -53,8 +53,6 @@
            state: absent
            ovirt_auth: "{{ ovirt_auth }}"

-  collections:
-    - redhat.rhv

 # - name: VM Configuration
 # - name: Automation Platform Installer
--- a/collections/requirements.yml
+++ b/collections/requirements.yml
@@ -35,3 +35,4 @@ collections:
    source: https://galaxy.ansible.com

  - name: onepassword.connect
+  - name: ansible.posix
--- a/context/Containerfile
+++ b/context/Containerfile
@@ -1,23 +1,29 @@
-ARG ANSIBLE_RUNNER_IMAGE=quay.io/ansible/ansible-runner:stable-2.9-devel
-ARG PYTHON_BUILDER_IMAGE=quay.io/ansible/python-builder:latest
+ARG EE_BASE_IMAGE=quay.io/ansible/ansible-runner:stable-2.10-devel
+ARG EE_BUILDER_IMAGE=quay.io/ansible/ansible-builder:latest

-FROM $ANSIBLE_RUNNER_IMAGE as galaxy
+FROM $EE_BASE_IMAGE as galaxy
+ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS=
+USER root

 ADD _build/ansible.cfg ~/.ansible.cfg

-ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS=
 ADD _build /build
-
 WORKDIR /build
+
 RUN ansible-galaxy role install -r requirements.yml --roles-path /usr/share/ansible/roles
 RUN ansible-galaxy collection install $ANSIBLE_GALAXY_CLI_COLLECTION_OPTS -r requirements.yml --collections-path /usr/share/ansible/collections

-FROM $PYTHON_BUILDER_IMAGE as builder
-ADD _build/requirements_combined.txt /tmp/src/requirements.txt
-ADD _build/bindep_combined.txt /tmp/src/bindep.txt
+FROM $EE_BUILDER_IMAGE as builder
+
+COPY --from=galaxy /usr/share/ansible /usr/share/ansible
+
+ADD _build/requirements.txt requirements.txt
+ADD _build/bindep.txt bindep.txt
+RUN ansible-builder introspect --sanitize --user-pip=requirements.txt --user-bindep=bindep.txt --write-bindep=/tmp/src/bindep.txt --write-pip=/tmp/src/requirements.txt
 RUN assemble

-FROM $ANSIBLE_RUNNER_IMAGE
+FROM $EE_BASE_IMAGE
+USER root

 COPY --from=galaxy /usr/share/ansible /usr/share/ansible

--- a/context/_build/ansible.cfg
+++ b/context/_build/ansible.cfg
@@ -1,6 +1,8 @@
 [defaults]
 # Use the YAML callback plugin.
-stdout_callback = yaml
+#stdout_callback = yaml
+stdout_callback = community.general.yaml
+callback_enabled = community.general.yaml
 # Profile
 #stdout_callback = profile_tasks
 # Turn on pipelining for speed
@@ -22,8 +24,8 @@ deprecation_warnings=False
 force_valid_group_names = always
 interpreter_python = auto
 # Installs roles into [current dir]/roles/namespace.rolename
-roles_path = ./roles
-inventory=/Users/ptoal/.ansible/inventories/toallab/inventory
+#roles_path = ./roles
+inventory=/home/ptoal/.ansible/inventories/toallab/inventory
 inventory_plugins = host_list, script, yaml, ini, auto
 #vault_identity_list = toallab@/home/ptoal/.toallab.vault

@@ -37,23 +39,11 @@ connect_timeout = 60
 ssh_type = libssh

 [galaxy]
-server_list = automation_hub, public, staging
-
-[galaxy_server.published_repo]
-url=https://hub.mgmt.toal.ca/api/galaxy/content/published/
-token="1a8b080f80ce789e64bd81257cffef3f8368f4b5"
+server_list = automation_hub, public

 [galaxy_server.automation_hub]
 url=https://cloud.redhat.com/api/automation-hub/
-
-
 auth_url=https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token
-
-token="eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJhZDUyMjdhMy1iY2ZkLTRjZjAtYTdiNi0zOTk4MzVhMDg1NjYifQ.eyJpYXQiOjE2MTg4NDU3NTIsImp0aSI6IjNkYTBjMTRkLTAyMGEtNGYxNC05YTFlLWI4NzA5MWQ4NWM1OSIsImlzcyI6Imh0dHBzOi8vc3NvLnJlZGhhdC5jb20vYXV0aC9yZWFsbXMvcmVkaGF0LWV4dGVybmFsIiwiYXVkIjoiaHR0cHM6Ly9zc28ucmVkaGF0LmNvbS9hdXRoL3JlYWxtcy9yZWRoYXQtZXh0ZXJuYWwiLCJzdWIiOiJmOjUyOGQ3NmZmLWY3MDgtNDNlZC04Y2Q1LWZlMTZmNGZlMGNlNjpwdG9hbCIsInR5cCI6Ik9mZmxpbmUiLCJhenAiOiJjbG91ZC1zZXJ2aWNlcyIsIm5vbmNlIjoiNDVhOTA4NTUtZjNiYi00Mjg5LTlhZWMtY2VmNjQyNWZkZGNmIiwic2Vzc2lvbl9zdGF0ZSI6ImM0ZjRmODc1LTk3ZDMtNDljYy04MzIxLTQ3NGI1ZjFjYTg4NCIsInNjb3BlIjoib3BlbmlkIG9mZmxpbmVfYWNjZXNzIn0.KQCwoU5V46Pmi0F9dcGasHC02cKbh68whrYtCP3lz60"
+token="eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJhZDUyMjdhMy1iY2ZkLTRjZjAtYTdiNi0zOTk4MzVhMDg1NjYifQ.eyJpYXQiOjE2MjY3NDkxNzUsImp0aSI6ImRlYjhjOWIxLWI5MzQtNDU1OC1hOTVlLWM4NTQwZGQ1ZjhiYiIsImlzcyI6Imh0dHBzOi8vc3NvLnJlZGhhdC5jb20vYXV0aC9yZWFsbXMvcmVkaGF0LWV4dGVybmFsIiwiYXVkIjoiaHR0cHM6Ly9zc28ucmVkaGF0LmNvbS9hdXRoL3JlYWxtcy9yZWRoYXQtZXh0ZXJuYWwiLCJzdWIiOiJmOjUyOGQ3NmZmLWY3MDgtNDNlZC04Y2Q1LWZlMTZmNGZlMGNlNjpwdG9hbCIsInR5cCI6Ik9mZmxpbmUiLCJhenAiOiJjbG91ZC1zZXJ2aWNlcyIsIm5vbmNlIjoiYTI2NDVlNzYtNjAwMy00NmQ4LThiMjEtNWNmODI2NDc2NzVmIiwic2Vzc2lvbl9zdGF0ZSI6IjU2MGFhYjI1LTYyNDItNGM5Mi1iNDUzLWZmMGNhMzU0ZGVjMyIsInNjb3BlIjoib3BlbmlkIG9mZmxpbmVfYWNjZXNzIn0.X_1cui-ZSK5FnLgCL881OvNHHol4oqFiY2Yo1-9QbEc"
 [galaxy_server.public]
 url=https://galaxy.ansible.com/
-
-
-[galaxy_server.staging]
-url=https://hub.mgmt.toal.ca/api/galaxy/content/staging/
-token="1a8b080f80ce789e64bd81257cffef3f8368f4b5"
--- a/context/_build/requirements.yml
+++ b/context/_build/requirements.yml
@@ -35,3 +35,4 @@ collections:
    source: https://galaxy.ansible.com

  - name: onepassword.connect
+  - name: ansible.posix
--- a/cvpublish.yml
+++ b/cvpublish.yml
@@ -0,0 +1,46 @@
+- name: Publish CVs
+  hosts: satellite1.mgmt.toal.ca
+  vars:
+    sat_env_name: Library
+    sat_org: Toal.ca
+    sat_publish_description: Automated CV Update
+
+  tasks:
+  - name: Pre-tasks | Find all CVs
+    redhat.satellite.resource_info:
+      username: "{{ satellite_admin_user }}"
+      password: "{{ satellite_admin_pass }}"
+      server_url: "{{ satellite_url }}"
+      organization: "{{ sat_org }}"
+      resource: content_views
+      validate_certs: no
+    register: raw_list_cvs
+
+  - name: Pre-tasks | Get resource information
+    set_fact:
+      list_all_cvs: "{{ raw_list_cvs['resources'] | json_query(jmesquery) | list }}"
+    vars: 
+      jmesquery: "[*].{name: name, composite: composite, id: id}"
+    
+  - name: Pre-tasks | Extract list of content views
+    set_fact:
+      sat6_content_views_list: "{{ sat6_content_views_list|default([]) }} + ['{{ item.name }}' ]"
+    loop: "{{ list_all_cvs | reject('search', 'Default_Organization_View') | list }}"
+    when: item.composite == false 
+
+  - name: Publish content
+    redhat.satellite.content_view_version:
+      username: "{{ satellite_admin_user }}"
+      password: "{{ satellite_admin_pass }}"
+      server_url: "{{ satellite_url }}"
+      organization: "{{ sat_org }}"
+      content_view: "{{ item }}"
+      validate_certs: no
+      description: "{{ sat_publish_description }}"
+      lifecycle_environments:
+        - Library
+        - "{{ sat_env_name }}"
+    loop: "{{ sat6_content_views_list | list }}"
+    loop_control:
+      loop_var: "item"
+    register: cv_publish_sleeper
--- a/execution-environment.yml
+++ b/execution-environment.yml
@@ -2,7 +2,7 @@
 version: 1

 build_arg_defaults:
-  ANSIBLE_RUNNER_IMAGE: 'quay.io/ansible/ansible-runner:stable-2.9-devel'
+  EE_BASE_IMAGE: 'quay.io/ansible/ansible-runner:stable-2.10-devel'

 ansible_config: '../../../.ansible.cfg'

--- a/rhv_setup.yml
+++ b/rhv_setup.yml
@@ -2,6 +2,9 @@
 - name: Check for existing cert
  hosts: rhv.mgmt.toal.ca
  connection: local
+  vars:
+    ansible_python_interpreter: "/usr/bin/python3"
+

  tasks:
    - name: Information from existing key
@@ -66,6 +69,7 @@
  become: true
  vars:
    key_files_prefix: "keys/{{ acme_certificate_domains|first }}"
+    ansible_python_interpreter: "/usr/bin/python3"

  tasks:
    - name: Certificate trust in store
@@ -104,22 +108,28 @@
    - name: Private key installed
      copy:
        src: "{{ key_files_prefix }}.key"
-        dest: /etc/pki/ovirt-engine/keys/apache.key.nopass
+        dest: "{{ item }}"
        backup: yes
        owner: root
        group: ovirt
-        mode: 640
+        mode: 0640
      notify: restart httpd
+      loop:
+        - /etc/pki/ovirt-engine/keys/apache.key.nopass
+        - /etc/pki/ovirt-engine/keys/websocket-proxy.key.nopass

    - name: Certificate installed
      copy:
        src: "{{ key_files_prefix }}.pem"
-        dest: /etc/pki/ovirt-engine/certs/apache.cer
+        dest: "{{ item }}"
        backup: yes
        owner: root
        group: ovirt
-        mode: 644
+        mode: 0644
      notify: restart httpd
+      loop:
+        - /etc/pki/ovirt-engine/certs/websocket-proxy.cer
+        - /etc/pki/ovirt-engine/certs/apache.cer

    - name: Trust Store Configuration
      copy:
@@ -136,10 +146,15 @@
          path: /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf
          state: present
          backup: yes
-          line: "{{ item }}"
+          line: "{{ item.name }}={{ item.value }}"
+          regexp: "^{{ item.name }}="
      loop:
-        - SSL_CERTIFICATE=/etc/pki/ovirt-engine/apache.cer
-        - SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass
+        - name: SSL_CERTIFICATE
+          value: /etc/pki/ovirt-engine/certs/websocket-proxy.cer
+        - name: SSL_KEY
+          value: /etc/pki/ovirt-engine/keys/websocket-proxy.key.nopass
+        # - SSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/apache.cer
+        # - SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass
      notify:
        - restart ovirt-websocket-proxy

@@ -177,10 +192,9 @@
  tasks:
    - name: Obtain SSO token for RHV
      ovirt_auth:
-        url: "{{ ovirt_url }}"
-        username: "{{ ovirt_username }}"
+        state: present
        insecure: true
-        password: "{{ ovirt_password }}"
+  

    - ovirt_network:
        auth: "{{ ovirt_auth }}"
--- a/roles/requirements.yml
+++ b/roles/requirements.yml
@@ -20,8 +20,3 @@
 - name: oatakan.rhel_ovirt_template
 - name: ikke_t.podman_container_systemd
 - name: ikke_t.container_image_cleanup
-
-# Infra
- name: sage905.dhcp
-  src: https://github.com/ptoal/ansible-role-dhcp.git
- name: linux-system-roles.network
--- a/toallab-automation/build_rhel_template-artifact-2021-05-16
+++ b/toallab-automation/build_rhel_template-artifact-2021-05-16
@@ -1,7 +0,0 @@
-{
-    "version": "1.0.0",
-    "plays": [],
-    "stdout": [],
-    "status": "failed",
-    "status_color": 9
-}