AWX / Tower / Automation Platform Playbook
This playbook configures an AWX / Tower / Automation Platform instance(s) using configuration from within your inventory.
Items supported for configuration:
-
Credential Types
-
Organization
-
Project
-
Inventory
-
Inventory Sources
-
Roles for access to Inventories, organizations and projects
-
Job Templates from playbooks
- Renaming of job_templates that have already been imported
-
Workflow Templates from code
Note
This playbook adds items ONLY. maybe in the future it will remove items no longer within the project. Merge requests welcome.
Tip
Cloning a repository that requires credentials is possible if you put credentials in your ~/.gitconfig
file. If your using Ansible Automation Platform / AWX on playbook import a custom Git credential will be created that will setup the ~/.gitconfig
file, that you can use in job templates.
Security
As there is an expectation that git credentials will be saved to ~/.gitconfig
for use when cloning private repositories. It's strongly recommended that you assess if this is viable within your threat model. The stance taken within this role is that credentials would only be saved to ~/.gitconfig
when running the play within an execution environment container that would dissapear post the job running.
Playbook AWX / Ansible Automation Platform Template Import
This playbook includes the AWX feature where it imports the playbook as job templates in to AWX / Ansible Automation Platform. The following job templates that will be created:
-
Configure/AWX/All Configures all AWX items/settings available within the inventory
-
Configure/AWX/Credential Type Configures AWX Credential Type(s)
-
Configure/AWX/Instance Configures AWX Instance(s)
-
Configure/AWX/Instance Groups Configures AWX Instance Group(s)
-
Configure/AWX/Job Template Configures AWX Job Tempalte(s)
-
Configure/AWX/Organization Configures AWX Organization(s)
-
Configure/AWX/Project Configures AWX Project(s)
-
Configure/AWX/Settings Configures AWX Settings
-
Configure/AWX/Workflow Template Configures Workflow Template(s)
Configure ALL
- Job tag is
complete
This play utilizes the variables from each listed section below.
Prior to the play completing the following artifact/stats are set:
Credential Type
- Job tag is
credential_types
This play utilizes the following variables.
The dict keys are derived from Ansible module awx.awx.credential_type
. please refer to the module documentation.
Prior to the play completing the following artifact/stats are set:
Instance
- Job tag is
instances
This play utilizes the following variables.
The dict keys are derived from Ansible module awx.awx.instance
. please refer to the module documentation.
Prior to the play completing the following artifact/stats are set:
Instance Groups
- Job tag is
instance_groups
This play utilizes the following variables.
The dict keys are derived from Ansible module awx.awx.instance_group
. please refer to the module documentation.
Prior to the play completing the following artifact/stats are set:
Job Templates
- Job tag is
job_templates
This play utilizes the following variables.
my_awx_config:
organizations: # Mandatory, list of dict.
- name: "" # Mandatory, string. An organization that exists within AWX.
projects: # Mandatory, list of dict.
- name: "" # Mandatory, string. A project that exists within AWX.
playbook_path: "" # Mandatory, string. Project root directory relative path to location of playbooks
scm_url: "" # Mandatory, string. the full git clone url
scm_branch: "" # mandatory, string. The git branch to checkout when cloning repo
rbac: # Optional, dict.
job: # Optional, list of dict. RBAC Permissions for the job templates imported.
- name: Technician
type: team
state: present
role: read
........
Prior to the play completing the following artifact/stats are set:
Playbook import as AWX / Ansible Automation Platform Job Template
As part of our playbooks we have defined a method wherein you can add a yaml variable to your playbook yaml
files and this playbook will import them into Ansible AWX / Tower / Automation Platform. This provides the opportunity for job templates from AWX to be stored as code with a full history offered by SCM.
Example Playbook with the import template variable vars.nfc_pb_awx_tower_template
:
- name: AWX / Tower Setup
hosts: localhost
become: false
gather_facts: true
tasks: []
roles: []
vars:
nfc_pb_awx_tower_template:
- name: "AWX / Tower Configure"
ask_tags_on_launch: false
ask_inventory_on_launch: true
ask_credential_on_launch: true
description: Configure AWX from Inventory
execution_environment: "No Fuss Computing EE"
job_type: "run"
labels:
- awx
- configure
verbosity: 2
use_fact_cache: true
survey_enabled: true
survey_spec:
credential_types:
- name:
#{rest of credential type fileds here}
for a description of the fields under list item vars.nfc_pb_awx_tower_template
see awx.awx.job_template module documentation. credential_types
fields under list item vars.nfc_pb_awx_tower_template[0].credential_types
see awx.awx.credential_type module documentation.
Organizations
- Job tag is
organization
This play utilizes the following variables.
my_awx_config:
organizations: # Mandatory, list of dict.
- name: ...
.....
teams:
- name: ""
description: ""
rbac:
# Valid Roles for org:
# admin, read, member, execute, adhoc, update, use, approval, auditor, project_admin, inventory_admin,
# credential_admin, workflow_admin, notification_admin, job_template_admin, execution_environment_admin
- name: ""
type: team
state: present
role: credential_admin
The dict keys are derived from Ansible module awx.awx.organization
. please refer to the module documentation.
Prior to the play completing the following artifact/stats are set:
Projects
- Job tag is
project
This play utilizes the following variables.
my_awx_config:
organizations: # Mandatory, list of dict.
- name: "" # Mandatory, string. An organization that exists within AWX.
projects:
- name: ...
.....
The dict keys are derived from Ansible module awx.awx.project
. please refer to the module documentation.
Prior to the play completing the following artifact/stats are set:
Settings
- Job tag is
settings
This play utilizes no variables as it uses jinja templates. To configure standard AWX Settings template {{ project_dir }}/templates/groups/awx/config-awx-system.json.j2
and to configure SAML settings template {{ project_dir }}/templates/groups/awx/config-awx-authentication_saml.json.j2
is used.
Prior to the play completing the following artifact/stats are set:
Workflow Templates
- Job tag is
workflow_templates
This play utilizes the following variables.
my_awx_config:
organizations: # Mandatory, list of dict.
- name: "" # Mandatory, string. An organization that exists within AWX.
projects: # Mandatory, list of dict.
- name: "" # Mandatory, string. A project that exists within AWX.
workflow_path: "" # Mandatory, string. Project root directory relative path to location of playbooks
scm_url: "" # Mandatory, string. the full git clone url
scm_branch: "" # mandatory, string. The git branch to checkout when cloning repo
rbac: # Optional, dict.
job: # Optional, list of dict. RBAC Permissions for the job templates imported.
- name: Technician
type: team
state: present
role: read
........
Prior to the play completing the following artifact/stats are set:
To Do
- add details on how job template creation works
About:
This page forms part of our Project Ansible Playbooks.
Page Metadata
Version: ToDo: place files short git commit hereDate Created: 2023-10-23
Date Edited: 2024-01-21
Contribution:
Would You like to contribute to our Ansible Playbooks project? You can assist in the following ways:
- Edit This Page If there is a mistake or a way you can improve it.
- Add a Page to the Manual if you would like to add an item to our manual
- Raise an Issue if there is something about this page you would like to improve, and git is unfamiliar to you.
ToDo: Add the page list of contributors