ptoal/toallab-automation
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add CV Publishing

Browse Source
This commit is contained in:
Patrick Toal
2021-09-01 09:15:48 -04:00
parent caf10019e2
commit 4a8ab6fc84
12 changed files with 96 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -114,3 +114,4 @@ keys/
collections/ansible_collections/ collections/ansible_collections/
.vscode/ .vscode/
.vaultpw .vaultpw
context/

1
bindep.txt
View File

@@ -1 +0,0 @@
python38-devel

2
build_ansible.yml
View File

@@ -53,8 +53,6 @@
state: absent state: absent
ovirt_auth: "{{ ovirt_auth }}" ovirt_auth: "{{ ovirt_auth }}"
collections:
- redhat.rhv
# - name: VM Configuration # - name: VM Configuration
# - name: Automation Platform Installer # - name: Automation Platform Installer

1
collections/requirements.yml
View File

@@ -35,3 +35,4 @@ collections:
source: https://galaxy.ansible.com source: https://galaxy.ansible.com
- name: onepassword.connect - name: onepassword.connect
- name: ansible.posix

24
context/Containerfile
View File

@@ -1,23 +1,29 @@
ARG ANSIBLE_RUNNER_IMAGE=quay.io/ansible/ansible-runner:stable-2.9-devel ARG EE_BASE_IMAGE=quay.io/ansible/ansible-runner:stable-2.10-devel
ARG PYTHON_BUILDER_IMAGE=quay.io/ansible/python-builder:latest ARG EE_BUILDER_IMAGE=quay.io/ansible/ansible-builder:latest
FROM $ANSIBLE_RUNNER_IMAGE as galaxy FROM $EE_BASE_IMAGE as galaxy
ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS=
USER root
ADD _build/ansible.cfg ~/.ansible.cfg ADD _build/ansible.cfg ~/.ansible.cfg
ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS=
ADD _build /build ADD _build /build
WORKDIR /build WORKDIR /build
RUN ansible-galaxy role install -r requirements.yml --roles-path /usr/share/ansible/roles RUN ansible-galaxy role install -r requirements.yml --roles-path /usr/share/ansible/roles
RUN ansible-galaxy collection install $ANSIBLE_GALAXY_CLI_COLLECTION_OPTS -r requirements.yml --collections-path /usr/share/ansible/collections RUN ansible-galaxy collection install $ANSIBLE_GALAXY_CLI_COLLECTION_OPTS -r requirements.yml --collections-path /usr/share/ansible/collections
FROM $PYTHON_BUILDER_IMAGE as builder FROM $EE_BUILDER_IMAGE as builder
ADD _build/requirements_combined.txt /tmp/src/requirements.txt
ADD _build/bindep_combined.txt /tmp/src/bindep.txt COPY --from=galaxy /usr/share/ansible /usr/share/ansible
ADD _build/requirements.txt requirements.txt
ADD _build/bindep.txt bindep.txt
RUN ansible-builder introspect --sanitize --user-pip=requirements.txt --user-bindep=bindep.txt --write-bindep=/tmp/src/bindep.txt --write-pip=/tmp/src/requirements.txt
RUN assemble RUN assemble
FROM $ANSIBLE_RUNNER_IMAGE FROM $EE_BASE_IMAGE
USER root
COPY --from=galaxy /usr/share/ansible /usr/share/ansible COPY --from=galaxy /usr/share/ansible /usr/share/ansible

24
context/_build/ansible.cfg
View File

@@ -1,6 +1,8 @@
[defaults] [defaults]
# Use the YAML callback plugin. # Use the YAML callback plugin.
stdout_callback = yaml #stdout_callback = yaml
stdout_callback = community.general.yaml
callback_enabled = community.general.yaml
# Profile # Profile
#stdout_callback = profile_tasks #stdout_callback = profile_tasks
# Turn on pipelining for speed # Turn on pipelining for speed
@@ -22,8 +24,8 @@ deprecation_warnings=False
force_valid_group_names = always force_valid_group_names = always
interpreter_python = auto interpreter_python = auto
# Installs roles into [current dir]/roles/namespace.rolename # Installs roles into [current dir]/roles/namespace.rolename
roles_path = ./roles #roles_path = ./roles
inventory=/Users/ptoal/.ansible/inventories/toallab/inventory inventory=/home/ptoal/.ansible/inventories/toallab/inventory
inventory_plugins = host_list, script, yaml, ini, auto inventory_plugins = host_list, script, yaml, ini, auto
#vault_identity_list = toallab@/home/ptoal/.toallab.vault #vault_identity_list = toallab@/home/ptoal/.toallab.vault
@@ -37,23 +39,11 @@ connect_timeout = 60
ssh_type = libssh ssh_type = libssh
[galaxy] [galaxy]
server_list = automation_hub, public, staging server_list = automation_hub, public
[galaxy_server.published_repo]
url=https://hub.mgmt.toal.ca/api/galaxy/content/published/
token="1a8b080f80ce789e64bd81257cffef3f8368f4b5"
[galaxy_server.automation_hub] [galaxy_server.automation_hub]
url=https://cloud.redhat.com/api/automation-hub/ url=https://cloud.redhat.com/api/automation-hub/
auth_url=https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token auth_url=https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token
token="eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJhZDUyMjdhMy1iY2ZkLTRjZjAtYTdiNi0zOTk4MzVhMDg1NjYifQ.eyJpYXQiOjE2MjY3NDkxNzUsImp0aSI6ImRlYjhjOWIxLWI5MzQtNDU1OC1hOTVlLWM4NTQwZGQ1ZjhiYiIsImlzcyI6Imh0dHBzOi8vc3NvLnJlZGhhdC5jb20vYXV0aC9yZWFsbXMvcmVkaGF0LWV4dGVybmFsIiwiYXVkIjoiaHR0cHM6Ly9zc28ucmVkaGF0LmNvbS9hdXRoL3JlYWxtcy9yZWRoYXQtZXh0ZXJuYWwiLCJzdWIiOiJmOjUyOGQ3NmZmLWY3MDgtNDNlZC04Y2Q1LWZlMTZmNGZlMGNlNjpwdG9hbCIsInR5cCI6Ik9mZmxpbmUiLCJhenAiOiJjbG91ZC1zZXJ2aWNlcyIsIm5vbmNlIjoiYTI2NDVlNzYtNjAwMy00NmQ4LThiMjEtNWNmODI2NDc2NzVmIiwic2Vzc2lvbl9zdGF0ZSI6IjU2MGFhYjI1LTYyNDItNGM5Mi1iNDUzLWZmMGNhMzU0ZGVjMyIsInNjb3BlIjoib3BlbmlkIG9mZmxpbmVfYWNjZXNzIn0.X_1cui-ZSK5FnLgCL881OvNHHol4oqFiY2Yo1-9QbEc"
token="eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJhZDUyMjdhMy1iY2ZkLTRjZjAtYTdiNi0zOTk4MzVhMDg1NjYifQ.eyJpYXQiOjE2MTg4NDU3NTIsImp0aSI6IjNkYTBjMTRkLTAyMGEtNGYxNC05YTFlLWI4NzA5MWQ4NWM1OSIsImlzcyI6Imh0dHBzOi8vc3NvLnJlZGhhdC5jb20vYXV0aC9yZWFsbXMvcmVkaGF0LWV4dGVybmFsIiwiYXVkIjoiaHR0cHM6Ly9zc28ucmVkaGF0LmNvbS9hdXRoL3JlYWxtcy9yZWRoYXQtZXh0ZXJuYWwiLCJzdWIiOiJmOjUyOGQ3NmZmLWY3MDgtNDNlZC04Y2Q1LWZlMTZmNGZlMGNlNjpwdG9hbCIsInR5cCI6Ik9mZmxpbmUiLCJhenAiOiJjbG91ZC1zZXJ2aWNlcyIsIm5vbmNlIjoiNDVhOTA4NTUtZjNiYi00Mjg5LTlhZWMtY2VmNjQyNWZkZGNmIiwic2Vzc2lvbl9zdGF0ZSI6ImM0ZjRmODc1LTk3ZDMtNDljYy04MzIxLTQ3NGI1ZjFjYTg4NCIsInNjb3BlIjoib3BlbmlkIG9mZmxpbmVfYWNjZXNzIn0.KQCwoU5V46Pmi0F9dcGasHC02cKbh68whrYtCP3lz60"
[galaxy_server.public] [galaxy_server.public]
url=https://galaxy.ansible.com/ url=https://galaxy.ansible.com/
[galaxy_server.staging]
url=https://hub.mgmt.toal.ca/api/galaxy/content/staging/
token="1a8b080f80ce789e64bd81257cffef3f8368f4b5"

1
context/_build/requirements.yml
View File

@@ -35,3 +35,4 @@ collections:
source: https://galaxy.ansible.com source: https://galaxy.ansible.com
- name: onepassword.connect - name: onepassword.connect
- name: ansible.posix

46
cvpublish.yml Normal file
View File

@@ -0,0 +1,46 @@
- name: Publish CVs
hosts: satellite1.mgmt.toal.ca
vars:
sat_env_name: Library
sat_org: Toal.ca
sat_publish_description: Automated CV Update
tasks:
- name: Pre-tasks | Find all CVs
redhat.satellite.resource_info:
username: "{{ satellite_admin_user }}"
password: "{{ satellite_admin_pass }}"
server_url: "{{ satellite_url }}"
organization: "{{ sat_org }}"
resource: content_views
validate_certs: no
register: raw_list_cvs
- name: Pre-tasks | Get resource information
set_fact:
list_all_cvs: "{{ raw_list_cvs['resources'] | json_query(jmesquery) | list }}"
vars:
jmesquery: "[*].{name: name, composite: composite, id: id}"
- name: Pre-tasks | Extract list of content views
set_fact:
sat6_content_views_list: "{{ sat6_content_views_list|default([]) }} + ['{{ item.name }}' ]"
loop: "{{ list_all_cvs | reject('search', 'Default_Organization_View') | list }}"
when: item.composite == false
- name: Publish content
redhat.satellite.content_view_version:
username: "{{ satellite_admin_user }}"
password: "{{ satellite_admin_pass }}"
server_url: "{{ satellite_url }}"
organization: "{{ sat_org }}"
content_view: "{{ item }}"
validate_certs: no
description: "{{ sat_publish_description }}"
lifecycle_environments:
- Library
- "{{ sat_env_name }}"
loop: "{{ sat6_content_views_list | list }}"
loop_control:
loop_var: "item"
register: cv_publish_sleeper

2
execution-environment.yml
View File

@@ -2,7 +2,7 @@
version: 1 version: 1
build_arg_defaults: build_arg_defaults:
ANSIBLE_RUNNER_IMAGE: 'quay.io/ansible/ansible-runner:stable-2.9-devel' EE_BASE_IMAGE: 'quay.io/ansible/ansible-runner:stable-2.10-devel'
ansible_config: '../../../.ansible.cfg' ansible_config: '../../../.ansible.cfg'

34
rhv_setup.yml
View File

@@ -2,6 +2,9 @@
- name: Check for existing cert - name: Check for existing cert
hosts: rhv.mgmt.toal.ca hosts: rhv.mgmt.toal.ca
connection: local connection: local
vars:
ansible_python_interpreter: "/usr/bin/python3"
tasks: tasks:
- name: Information from existing key - name: Information from existing key
@@ -66,6 +69,7 @@
become: true become: true
vars: vars:
key_files_prefix: "keys/{{ acme_certificate_domains|first }}" key_files_prefix: "keys/{{ acme_certificate_domains|first }}"
ansible_python_interpreter: "/usr/bin/python3"
tasks: tasks:
- name: Certificate trust in store - name: Certificate trust in store
@@ -104,22 +108,28 @@
- name: Private key installed - name: Private key installed
copy: copy:
src: "{{ key_files_prefix }}.key" src: "{{ key_files_prefix }}.key"
dest: /etc/pki/ovirt-engine/keys/apache.key.nopass dest: "{{ item }}"
backup: yes backup: yes
owner: root owner: root
group: ovirt group: ovirt
mode: 640 mode: 0640
notify: restart httpd notify: restart httpd
loop:
- /etc/pki/ovirt-engine/keys/apache.key.nopass
- /etc/pki/ovirt-engine/keys/websocket-proxy.key.nopass
- name: Certificate installed - name: Certificate installed
copy: copy:
src: "{{ key_files_prefix }}.pem" src: "{{ key_files_prefix }}.pem"
dest: /etc/pki/ovirt-engine/certs/apache.cer dest: "{{ item }}"
backup: yes backup: yes
owner: root owner: root
group: ovirt group: ovirt
mode: 644 mode: 0644
notify: restart httpd notify: restart httpd
loop:
- /etc/pki/ovirt-engine/certs/websocket-proxy.cer
- /etc/pki/ovirt-engine/certs/apache.cer
- name: Trust Store Configuration - name: Trust Store Configuration
copy: copy:
@@ -136,10 +146,15 @@
path: /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf path: /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf
state: present state: present
backup: yes backup: yes
line: "{{ item }}" line: "{{ item.name }}={{ item.value }}"
regexp: "^{{ item.name }}="
loop: loop:
- SSL_CERTIFICATE=/etc/pki/ovirt-engine/apache.cer - name: SSL_CERTIFICATE
- SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass value: /etc/pki/ovirt-engine/certs/websocket-proxy.cer
- name: SSL_KEY
value: /etc/pki/ovirt-engine/keys/websocket-proxy.key.nopass
# - SSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/apache.cer
# - SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass
notify: notify:
- restart ovirt-websocket-proxy - restart ovirt-websocket-proxy
@@ -177,10 +192,9 @@
tasks: tasks:
- name: Obtain SSO token for RHV - name: Obtain SSO token for RHV
ovirt_auth: ovirt_auth:
url: "{{ ovirt_url }}" state: present
username: "{{ ovirt_username }}"
insecure: true insecure: true
password: "{{ ovirt_password }}"
- ovirt_network: - ovirt_network:
auth: "{{ ovirt_auth }}" auth: "{{ ovirt_auth }}"

5
roles/requirements.yml
View File

@@ -20,8 +20,3 @@
- name: oatakan.rhel_ovirt_template - name: oatakan.rhel_ovirt_template
- name: ikke_t.podman_container_systemd - name: ikke_t.podman_container_systemd
- name: ikke_t.container_image_cleanup - name: ikke_t.container_image_cleanup
# Infra
- name: sage905.dhcp
src: https://github.com/ptoal/ansible-role-dhcp.git
- name: linux-system-roles.network

7
toallab-automation/build_rhel_template-artifact-2021-05-16 17:03:12.452115+00:00.json
View File

@@ -1,7 +0,0 @@
{
"version": "1.0.0",
"plays": [],
"stdout": [],
"status": "failed",
"status_color": 9
}