├── .github └── workflows │ └── build_images.yml ├── LICENSE ├── README.md ├── cicd-templates └── configure-controller.gitlab-ci.yml ├── container_images ├── README.md ├── ansible-builder │ ├── README.md │ ├── bindep.txt │ ├── context │ │ ├── Containerfile │ │ └── _build │ │ │ ├── bindep.txt │ │ │ ├── requirements.txt │ │ │ └── requirements.yml │ ├── execution-environment.yml │ ├── requirements.txt │ └── requirements.yml └── buildah │ └── cicd_ansible.bash └── example_repositories ├── global └── system-settings │ ├── .gitlab-ci.yml │ ├── README.md │ └── controller_configs.d │ ├── credentials.yml │ ├── organizations.yml │ ├── settings..yml │ └── teams.yml └── org-1 ├── README.md ├── inventories └── example_inventory │ ├── .gitlab-ci.yml │ ├── README.md │ ├── controller_configs.yml │ ├── host_vars │ └── host1 │ │ └── main.yml │ └── inventory.ini ├── job-templates └── my_job_template │ ├── .gitlab-ci.yml │ ├── README.md │ ├── collections │ └── requirements.yml │ ├── controller_configs.yml │ ├── playbook.yml │ └── roles │ └── requirements.yml └── system-settings ├── .gitlab-ci.yml ├── README.md └── controller_configs.d ├── credentials.yml ├── settings..yml └── teams.yml /.github/workflows/build_images.yml: -------------------------------------------------------------------------------- 1 | name: Build images 2 | 3 | on: 4 | push: 5 | branches: [ main ] 6 | pull_request: 7 | branches: [ main ] 8 | workflow_dispatch: 9 | 10 | jobs: 11 | build_and_push: 12 | runs-on: ubuntu-latest 13 | 14 | steps: 15 | - name: Log in to Quay.io 16 | env: 17 | REGISTRY_USER: ${{ secrets.REGISTRY_USER }} 18 | IMAGE_REGISTRY: quay.io 19 | REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} 20 | uses: redhat-actions/podman-login@v1 21 | with: 22 | username: ${{ env.REGISTRY_USER }} 23 | password: ${{ env.REGISTRY_PASSWORD }} 24 | registry: ${{ env.IMAGE_REGISTRY }} 25 | 26 | - name: Checkout the Repo 27 | uses: actions/checkout@v2 28 | 29 | - name: Source vars 30 | run: | 31 | cat ${GITHUB_WORKSPACE}/container_images/buildah/cicd_ansible.bash | grep -Po '\K^[A-Z_]*\=.*' | cut -d'#' -f1 >> ${GITHUB_ENV} 32 | 33 | - name: Build the image 34 | run: bash ${GITHUB_WORKSPACE}/container_images/buildah/cicd_ansible.bash 35 | 36 | - name: Push to quay.io 37 | id: push-to-quay 38 | uses: redhat-actions/push-to-registry@v2 39 | with: 40 | image: ${{ env.IMAGE }} 41 | tags: ${{ env.VERSION }} latest 42 | registry: quay.io/anestero/ 43 | 44 | - name: Print image url 45 | run: echo "Image pushed to ${{ steps.push-to-quay.outputs.registry-paths }}" 46 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2021 Anton Nesterov 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Everything as code and GitOps for AWX/RedHat Ansible Automation Platform 2 | 3 | This project is about two things: 4 | 5 | 1. An example of repository structure (see [example_repositories](example_repositories)) to hold the entire configuration of AWX/AAP 6 | 7 | 2. Assets to help implement a full GitOps style delivery of this configuration using GitLab 8 | -------------------------------------------------------------------------------- /cicd-templates/configure-controller.gitlab-ci.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # yamllint disable rule:line-length 3 | 4 | image: quay.io/anestero/cicd-ansible:ansible29-latest 5 | # For newer versions of AWX/AAP use the latest (ansible 2.11) image 6 | # image: quay.io/anestero/cicd-ansible:latest 7 | 8 | 9 | stages: 10 | - lint 11 | - controller_configuration 12 | 13 | 14 | lint: 15 | interruptible: true 16 | stage: lint 17 | rules: 18 | # Run for detached Merge Request pipelines 19 | - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' 20 | when: always 21 | # Run on non-default branches, e.g. feature- fix- or devel- branches 22 | - if: '$CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH' 23 | when: always 24 | script: 25 | - yamllint $(find . -name '*.y*ml'| xargs) 26 | 27 | 28 | controller_configuration: 29 | stage: controller_configuration 30 | rules: 31 | # Do not run for Merge Requests 32 | - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' 33 | when: never 34 | # Make real changes on the Controller only via default branch 35 | - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' 36 | when: always 37 | variables: 38 | GIT_USERNAME: '' # Override with GitLab's masked/protected CICD vars 39 | GIT_PASSWORD: '' # Override with GitLab's masked/protected CICD vars 40 | CONTROLLER_HOST: '' # Override with GitLab's CICD vars 41 | CONTROLLER_USERNAME: '' # Override with GitLab's CICD masked/protected vars 42 | CONTROLLER_PASSWORD: '' # Override with GitLab's CICD masked/protected vars 43 | CONTROLLER_VERIFY_SSL: '' # Override with GitLab's CICD vars, defaults to true 44 | ANSIBLE_FORCE_COLOR: 'true' 45 | ANSIBLE_HOST_KEY_CHECKING: 'false' 46 | before_script: 47 | - mkdir ~/.ssh 48 | - chmod 700 ~/.ssh 49 | # Inject values from GitLab CI/CD vars 50 | - mkdir -p /tmp/configs/controller_configs.d ./configs 51 | - for f in controller_configs.yml controller_configs.d/*; do [[ -f ${f} ]] && cat ${f} | envsubst > /tmp/configs/${f}; done 52 | # Merge all configs into one file 53 | # in case the same assets appear in different files 54 | # e.g. "controller_settings" for ldap and jobs are in ldap_settings.yml and jobs_settings.yml 55 | - yaml-merge $(find /tmp/configs -type f --output configs/merged_config.yml) 56 | - export CONTROLLER_CONFIGS_DIR=${PWD}/configs 57 | script: 58 | - ansible-playbook ~/.ansible/collections/ansible_collections/redhat_cop/controller_configuration/playbooks/configure_controller.yml 59 | # For newer versions of AWX/AAP that run ansible 2.11 call the playbook from its namespace 60 | # - ansible-playbook redhat_cop.controller_configuration.configure_controller 61 | 62 | 63 | # yamllint enable rule:line-length 64 | -------------------------------------------------------------------------------- /container_images/README.md: -------------------------------------------------------------------------------- 1 | # Container image sources to use with CI/CD 2 | 3 | These images were tested with GitLab CI. 4 | 5 | Built images are hosted at [quay.io/anestero/cicd-ansible](https://quay.io/anestero/cicd-ansible) 6 | 7 | # Buildah 8 | 9 | an example of image sources using buildah 10 | 11 | # ansible-builder 12 | 13 | an example of image sources using ansible-builder 14 | 15 | -------------------------------------------------------------------------------- /container_images/ansible-builder/README.md: -------------------------------------------------------------------------------- 1 | # cicd-ansible image using ansible-builder 2 | 3 | ansible-builder is a tool for creating Execution Environments for the latest versions of AWX or Red Hat AAP. 4 | 5 | This image is not exactly an EE, but it does similar things - runs playbooks. So there's no harm in making the CI/CD image with ansible-builder. 6 | 7 | In case you are using the Red Hat AAP and want this image to run supported bits, consider basing it on one of the prebuilt EE images and use ansible.controller collection instead of awx.awx 8 | 9 | ## How to build 10 | 11 | To build the image either use the [context/Containerfile](context/Containerfile) or rebuild the context and bake an image with: 12 | 13 | ```bash 14 | ansible-builder build --tag image_name 15 | ``` 16 | 17 | -------------------------------------------------------------------------------- /container_images/ansible-builder/bindep.txt: -------------------------------------------------------------------------------- 1 | jq [platform:rpm] 2 | hostname [platform:rpm] 3 | rsync [platform:rpm] 4 | 5 | -------------------------------------------------------------------------------- /container_images/ansible-builder/context/Containerfile: -------------------------------------------------------------------------------- 1 | ARG EE_BASE_IMAGE=quay.io/ansible/ansible-runner:latest 2 | ARG EE_BUILDER_IMAGE=quay.io/ansible/ansible-builder:latest 3 | 4 | FROM $EE_BASE_IMAGE as galaxy 5 | ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS= 6 | USER root 7 | 8 | ADD _build /build 9 | WORKDIR /build 10 | 11 | RUN ansible-galaxy role install -r requirements.yml --roles-path /usr/share/ansible/roles 12 | RUN ansible-galaxy collection install $ANSIBLE_GALAXY_CLI_COLLECTION_OPTS -r requirements.yml --collections-path /usr/share/ansible/collections 13 | 14 | FROM $EE_BUILDER_IMAGE as builder 15 | 16 | COPY --from=galaxy /usr/share/ansible /usr/share/ansible 17 | 18 | ADD _build/requirements.txt requirements.txt 19 | ADD _build/bindep.txt bindep.txt 20 | RUN ansible-builder introspect --sanitize --user-pip=requirements.txt --user-bindep=bindep.txt --write-bindep=/tmp/src/bindep.txt --write-pip=/tmp/src/requirements.txt 21 | RUN assemble 22 | 23 | FROM $EE_BASE_IMAGE 24 | USER root 25 | RUN pip3 install --upgrade pip setuptools 26 | 27 | COPY --from=galaxy /usr/share/ansible /usr/share/ansible 28 | 29 | COPY --from=builder /output/ /output/ 30 | RUN /output/install-from-bindep && rm -rf /output/wheels 31 | RUN sed -i 's/ansible.controller/awx.awx/' /usr/share/ansible/collections/ansible_collections/redhat_cop/controller_configuration/playbooks/configure_controller.yml 32 | RUN useradd ansible -u 10001 -g 0 33 | RUN chgrp 0 /home/ansible 34 | RUN chmod -R 0775 /home/ansible 35 | USER ansible 36 | WORKDIR /home/ansible 37 | -------------------------------------------------------------------------------- /container_images/ansible-builder/context/_build/bindep.txt: -------------------------------------------------------------------------------- 1 | jq [platform:rpm] 2 | hostname [platform:rpm] 3 | rsync [platform:rpm] 4 | 5 | -------------------------------------------------------------------------------- /container_images/ansible-builder/context/_build/requirements.txt: -------------------------------------------------------------------------------- 1 | ansible-lint 2 | yamllint 3 | jsonlint 4 | envsubst 5 | jmespath 6 | netaddr 7 | yamlpath 8 | yq 9 | 10 | -------------------------------------------------------------------------------- /container_images/ansible-builder/context/_build/requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | collections: 3 | - name: awx.awx 4 | - name: redhat_cop.controller_configuration 5 | version: 2.0.0-1 6 | 7 | -------------------------------------------------------------------------------- /container_images/ansible-builder/execution-environment.yml: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.0 3 | 4 | # build_arg_defaults: 5 | # EE_BASE_IMAGE: 6 | 7 | # ansible_config: 'ansible.cfg' 8 | 9 | dependencies: 10 | galaxy: requirements.yml 11 | python: requirements.txt 12 | system: bindep.txt 13 | 14 | additional_build_steps: 15 | prepend: | 16 | RUN pip3 install --upgrade pip setuptools 17 | append: | 18 | RUN sed -i 's/ansible.controller/awx.awx/' /usr/share/ansible/collections/ansible_collections/redhat_cop/controller_configuration/playbooks/configure_controller.yml 19 | RUN useradd ansible -u 10001 -g 0 20 | RUN chgrp 0 /home/ansible 21 | RUN chmod -R 0775 /home/ansible 22 | USER ansible 23 | WORKDIR /home/ansible 24 | 25 | -------------------------------------------------------------------------------- /container_images/ansible-builder/requirements.txt: -------------------------------------------------------------------------------- 1 | ansible-lint 2 | yamllint 3 | jsonlint 4 | envsubst 5 | jmespath 6 | netaddr 7 | yamlpath 8 | yq 9 | 10 | -------------------------------------------------------------------------------- /container_images/ansible-builder/requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | collections: 3 | - name: awx.awx 4 | - name: redhat_cop.controller_configuration 5 | version: 2.0.0-1 6 | 7 | -------------------------------------------------------------------------------- /container_images/buildah/cicd_ansible.bash: -------------------------------------------------------------------------------- 1 | #!/bin/env bash 2 | 3 | IMAGE=cicd-ansible 4 | ANSIBLE_VERSION= #">=2.9,<2.10" # leave empty for latest 5 | VERSION=v1.1 6 | 7 | container=$(buildah from registry.access.redhat.com/ubi8:latest) 8 | buildah run -- ${container} dnf install git python3-pip jq hostname rsync -y --setopt=install_weak_deps --setopt=tsflags=nodocs --setopt=override_install_langs=en_US.utf8 9 | buildah run -- ${container} dnf clean all 10 | 11 | 12 | 13 | buildah run -- ${container} useradd ansible -u 10001 -g 0 14 | buildah run -- ${container} chgrp 0 /home/ansible 15 | buildah run -- ${container} chmod -R 0775 /home/ansible 16 | buildah config --workingdir /home/ansible ${container} 17 | buildah config --user 10001:0 ${container} 18 | 19 | buildah run --user 10001:0 -- ${container} python3 -m venv /home/ansible/venv 20 | buildah config --env PATH=/home/ansible/venv/bin:$PATH ${container} 21 | buildah run --user 10001:0 -- ${container} pip3 install --upgrade --no-cache-dir pip 22 | buildah run --user 10001:0 -- ${container} pip3 install --no-cache-dir "ansible${ANSIBLE_VERSION}" envsubst jmespath jsonlint yamllint ansible-lint yq netaddr yamlpath 23 | 24 | buildah run --user 10001:0 -- ${container} ansible-galaxy collection install awx.awx --collections-path /home/ansible/.ansible/collections 25 | buildah run --user 10001:0 -- ${container} ansible-galaxy collection install redhat_cop.controller_configuration:==2.0.0-1 --collections-path /home/ansible/.ansible/collections 26 | buildah run --user 10001:0 -- ${container} sed -i 's/ansible.controller/awx.awx/' /home/ansible/.ansible/collections/ansible_collections/redhat_cop/controller_configuration/playbooks/configure_controller.yml 27 | 28 | buildah config --cmd '/bin/bash' ${container} 29 | 30 | buildah commit ${container} ${IMAGE}:${VERSION} 31 | buildah tag ${IMAGE}:${VERSION} ${IMAGE}:latest 32 | 33 | 34 | # Container image that can lint and run ansible playbooks. 35 | # 36 | # Changelog: 37 | # v0.1 38 | # * initial version 39 | # 40 | # v0.2 41 | # * rename collection per tower rebranding 42 | # 43 | # v0.3 44 | # * Add configure_controller.yml playbook 45 | # 46 | # v0.4 47 | # * add rsync 48 | # * switch to ansible 2.9 49 | # 50 | # v1.0 51 | # * add yamlpath 52 | # * install collections into user context 53 | # * install PyPI modules into venv inside user context (this way we can use latest pip and everything else) 54 | # * build two images for ansible 2.9 and 2.11 to use with aap1.2 and aap2.0+ 55 | # * update to collection that includes the configure_controller playbook 56 | # NOTE: 2.0.0-1 is not labeled as latest for some reason 57 | # * replace Red Hat ansible.controller collection with upstream awx.awx inside the configure_controller playbook 58 | # 59 | # v1.1 60 | # * refresh software 61 | 62 | -------------------------------------------------------------------------------- /example_repositories/global/system-settings/.gitlab-ci.yml: -------------------------------------------------------------------------------- 1 | --- 2 | include: 3 | - project: 'cicd-templates' # Should be a repo, but here it's a folder in the root 4 | ref: main 5 | file: 'controller-configuration.gitlab-ci.yml' 6 | -------------------------------------------------------------------------------- /example_repositories/global/system-settings/README.md: -------------------------------------------------------------------------------- 1 | # Example of a Global AWX configs repository for GitLab 2 | 3 | (Consider this folder to be the root of a git repository) 4 | 5 | These settings are global for the entire AWX/AAP controller. Here you can create organizations, global credentials, configure settings, teams, users etc. 6 | 7 | This repo is an example of how to organize controller_configs for bulk sync from one repo. It's probably a good idea to keep here the things that normally don't need an SCM repository and only exist in AWX/AAP. 8 | 9 | 1. .gitlab-ci.yml 10 | 11 | Responsible for defining and starting the delivery pipeline. It's best to template it in another project and include in this repo. This way the file will be always the same for all configuration repos and won't need any users' contribution. 12 | 13 | 2. controller_configs.d 14 | 15 | A folder with arbitrarily named controller_configs files. You can have everything in one file (then, perhaps, don't put it in the folder and just call it controller_configs.yml) or split assets into many files following some logic of ours. In this example there's a file per asset type. 16 | 17 | To get help with assets' parameters look at the examples in [redhat_cop.controller_configuration/playbooks/configs](https://github.com/redhat-cop/tower_configuration/tree/fd30b907d86ce6723c362705fe512b42f3226aa7/playbooks/configs) 18 | 19 | -------------------------------------------------------------------------------- /example_repositories/global/system-settings/controller_configs.d/credentials.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | -------------------------------------------------------------------------------- /example_repositories/global/system-settings/controller_configs.d/organizations.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_organizations: 3 | - name: org-1 4 | -------------------------------------------------------------------------------- /example_repositories/global/system-settings/controller_configs.d/settings..yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nesanton/ansible_tower_gitops/0a8f2f66c9c2e101b84ddf6e01db5d562c807e1e/example_repositories/global/system-settings/controller_configs.d/settings..yml -------------------------------------------------------------------------------- /example_repositories/global/system-settings/controller_configs.d/teams.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nesanton/ansible_tower_gitops/0a8f2f66c9c2e101b84ddf6e01db5d562c807e1e/example_repositories/global/system-settings/controller_configs.d/teams.yml -------------------------------------------------------------------------------- /example_repositories/org-1/README.md: -------------------------------------------------------------------------------- 1 | # Org-1 2 | 3 | This Organization is onboarded via the `global/system_settings/controller_configs.d/organizations.yml`. 4 | 5 | The folder structure here contains AWX/AAP assets limited to the scope of this organization. 6 | You may want to automate the creation of such folder structure via the pipeline that delivers `global/system_settings/controller_configs.d/*` 7 | -------------------------------------------------------------------------------- /example_repositories/org-1/inventories/example_inventory/.gitlab-ci.yml: -------------------------------------------------------------------------------- 1 | --- 2 | include: 3 | - project: 'cicd-templates' # Should be a repo, but here it's a folder in the root 4 | ref: main 5 | file: 'controller-configuration.gitlab-ci.yml' 6 | -------------------------------------------------------------------------------- /example_repositories/org-1/inventories/example_inventory/README.md: -------------------------------------------------------------------------------- 1 | # Example SCM-based inventory powered by GitLab 2 | 3 | (Consider this folder to be the root of a git repository) 4 | 5 | The two unusual files for an SCM-based Inventory: 6 | 7 | 1. .gitlab-ci.yml 8 | 9 | Responsible for defining and starting the delivery pipeline. It's best to template it in another project and include in this repo. This way the file will be always the same for all configuration repos and won't need any users' contribution. 10 | 11 | 2. controller_configs.yml 12 | 13 | This file describes all the objects that need to exist in AWX/AAP in order for this repo to become an Inventory there. 14 | 15 | To get help with assets' parameters look at the examples in [redhat_cop.controller_configuration/playbooks/configs](https://github.com/redhat-cop/tower_configuration/tree/fd30b907d86ce6723c362705fe512b42f3226aa7/playbooks/configs) 16 | 17 | -------------------------------------------------------------------------------- /example_repositories/org-1/inventories/example_inventory/controller_configs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_projects: 3 | - name: example_inventory_source_project 4 | organization: org-1 5 | scm_url: ${SCM_URL} 6 | scm_branch: ${SCM_BRANCH} 7 | scm_type: git 8 | scm_clean: false 9 | scm_delete_on_update: false 10 | scm_update_on_launch: true 11 | credential: git_auth 12 | allow_override: false 13 | 14 | controller_inventory_sources: 15 | - name: example_inventory_source 16 | source: scm 17 | source_path: inventory.ini 18 | source_project: example_inventory_source_project 19 | inventory: example_inventory 20 | overwrite: true 21 | overwrite_vars: true 22 | update_on_launch: false 23 | update_on_project_update: true 24 | 25 | controller_inventories: 26 | - name: example_inventory 27 | organization: org-1 28 | instance_groups: [] 29 | ... 30 | 31 | -------------------------------------------------------------------------------- /example_repositories/org-1/inventories/example_inventory/host_vars/host1/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | somevar: someval 3 | -------------------------------------------------------------------------------- /example_repositories/org-1/inventories/example_inventory/inventory.ini: -------------------------------------------------------------------------------- 1 | [test] 2 | host1 3 | host2 4 | 5 | [prod] 6 | host3 7 | host4 8 | -------------------------------------------------------------------------------- /example_repositories/org-1/job-templates/my_job_template/.gitlab-ci.yml: -------------------------------------------------------------------------------- 1 | --- 2 | include: 3 | - project: 'cicd-templates' # Should be a repo, but here it's a folder in the root 4 | ref: main 5 | file: 'controller-configuration.gitlab-ci.yml' 6 | -------------------------------------------------------------------------------- /example_repositories/org-1/job-templates/my_job_template/README.md: -------------------------------------------------------------------------------- 1 | # Example SCM-based Job Template powered by GitLab 2 | 3 | (Consider this folder to be the root of a git repository) 4 | 5 | The two unusual files for an SCM-based Job Template: 6 | 7 | 1. .gitlab-ci.yml 8 | 9 | Responsible for defining and starting the delivery pipeline. It's best to template it in another project and include in this repo. This way the file will be always the same for all configuration repos and won't need any users' contribution. 10 | 11 | 2. controller_configs.yml 12 | 13 | This file describes all the objects that need to exist in AWX/AAP in order for this repo to become a Job Template there. 14 | 15 | To get help with assets' parameters look at the examples in [redhat_cop.controller_configuration/playbooks/configs](https://github.com/redhat-cop/tower_configuration/tree/fd30b907d86ce6723c362705fe512b42f3226aa7/playbooks/configs) 16 | 17 | -------------------------------------------------------------------------------- /example_repositories/org-1/job-templates/my_job_template/collections/requirements.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nesanton/ansible_tower_gitops/0a8f2f66c9c2e101b84ddf6e01db5d562c807e1e/example_repositories/org-1/job-templates/my_job_template/collections/requirements.yml -------------------------------------------------------------------------------- /example_repositories/org-1/job-templates/my_job_template/controller_configs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_projects: 3 | - name: my_job_template_project 4 | description: "Created automatically via ${CI_PIPELINE_URL}" 5 | organization: org-1 6 | scm_clean: false 7 | scm_url: ${CI_PROJECT_URL} 8 | scm_branch: ${CI_COMMIT_BRANCH} 9 | scm_type: git 10 | scm_delete_on_update: false 11 | scm_update_on_launch: true 12 | scm_credential: gitlab_auth 13 | allow_override: false 14 | 15 | controller_templates: 16 | - name: my_job_template 17 | job_type: run 18 | organization: org-1 19 | ask_inventory_on_launch: true 20 | project: my_job_template_project 21 | playbook: playbook.yml 22 | credentials: [] 23 | 24 | controller_schedules: 25 | - name: Demo Schedule 26 | description: "Created automatically via ${CI_PIPELINE_URL}" 27 | unified_job_template: my_job_template 28 | inventory: inventory_1 29 | rrule: "DTSTART:20191219T130551Z RRULE:FREQ=DAILY;INTERVAL=1;COUNT=1" 30 | -------------------------------------------------------------------------------- /example_repositories/org-1/job-templates/my_job_template/playbook.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Nothing happens here 3 | hosts: localhost 4 | connection: local 5 | gather_facts: false 6 | tasks: 7 | 8 | - name: Do nothing 9 | debug: 10 | msg: Doing absolutely nothing 11 | -------------------------------------------------------------------------------- /example_repositories/org-1/job-templates/my_job_template/roles/requirements.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nesanton/ansible_tower_gitops/0a8f2f66c9c2e101b84ddf6e01db5d562c807e1e/example_repositories/org-1/job-templates/my_job_template/roles/requirements.yml -------------------------------------------------------------------------------- /example_repositories/org-1/system-settings/.gitlab-ci.yml: -------------------------------------------------------------------------------- 1 | --- 2 | include: 3 | - project: 'cicd-templates' # Should be a repo, but here it's a folder in the root 4 | ref: main 5 | file: 'controller-configuration.gitlab-ci.yml' 6 | -------------------------------------------------------------------------------- /example_repositories/org-1/system-settings/README.md: -------------------------------------------------------------------------------- 1 | # Example of a catch-all configs repository by GitLab 2 | 3 | (Consider this folder to be the root of a git repository) 4 | 5 | This repo is an example of how to organize controller_configs for bulk sync from one repo. It's probably a good idea to keep here the things that normally don't need an SCM repository and only exist in AWX/AAP. 6 | 7 | 1. .gitlab-ci.yml 8 | 9 | Responsible for defining and starting the delivery pipeline. It's best to template it in another project and include in this repo. This way the file will be always the same for all configuration repos and won't need any users' contribution. 10 | 11 | 2. controller_configs.d 12 | 13 | A folder with arbitrarily named controller_configs files. You can have everything in one file (then, perhaps, don't put it in the folder and just call it controller_configs.yml) or split assets into many files following some logic of ours. In this example there's a file per asset type. 14 | 15 | To get help with assets' parameters look at the examples in [redhat_cop.controller_configuration/playbooks/configs](https://github.com/redhat-cop/tower_configuration/tree/fd30b907d86ce6723c362705fe512b42f3226aa7/playbooks/configs) 16 | 17 | -------------------------------------------------------------------------------- /example_repositories/org-1/system-settings/controller_configs.d/credentials.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_credentials: 3 | - name: git_auth 4 | credential_type: Source Control 5 | organization: org-1 6 | inputs: 7 | username: ${GIT_USERNAME} 8 | password: ${GIT_PASSWORD} 9 | -------------------------------------------------------------------------------- /example_repositories/org-1/system-settings/controller_configs.d/settings..yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nesanton/ansible_tower_gitops/0a8f2f66c9c2e101b84ddf6e01db5d562c807e1e/example_repositories/org-1/system-settings/controller_configs.d/settings..yml -------------------------------------------------------------------------------- /example_repositories/org-1/system-settings/controller_configs.d/teams.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nesanton/ansible_tower_gitops/0a8f2f66c9c2e101b84ddf6e01db5d562c807e1e/example_repositories/org-1/system-settings/controller_configs.d/teams.yml --------------------------------------------------------------------------------