├── LICENSE ├── README.md ├── ansible.cfg ├── deploy_awx-rpm.yml ├── group_vars ├── db.yml └── nodes.yml ├── inventory └── roles ├── check_db ├── README.md ├── defaults │ └── main.yml ├── handlers │ └── main.yml ├── meta │ └── main.yml ├── tasks │ └── main.yml ├── tests │ ├── inventory │ └── test.yml └── vars │ └── main.yml ├── check_install ├── README.md ├── defaults │ └── main.yml ├── handlers │ └── main.yml ├── meta │ └── main.yml ├── tasks │ └── main.yml ├── tests │ ├── inventory │ └── test.yml └── vars │ └── main.yml ├── db_create ├── README.md ├── defaults │ └── main.yml ├── handlers │ └── main.yml ├── meta │ └── main.yml ├── tasks │ └── main.yml ├── tests │ ├── inventory │ └── test.yml └── vars │ └── main.yml ├── db_init ├── README.md ├── defaults │ └── main.yml ├── handlers │ └── main.yml ├── meta │ └── main.yml ├── tasks │ └── main.yml ├── tests │ ├── inventory │ └── test.yml └── vars │ └── main.yml ├── db_prereqs ├── README.md ├── defaults │ └── main.yml ├── handlers │ └── main.yml ├── meta │ └── main.yml ├── tasks │ └── main.yml ├── tests │ ├── inventory │ └── test.yml └── vars │ └── main.yml ├── master_init ├── README.md ├── defaults │ └── main.yml ├── handlers │ └── main.yml ├── meta │ └── main.yml ├── tasks │ └── main.yml ├── tests │ ├── inventory │ └── test.yml └── vars │ └── main.yml ├── master_instance ├── README.md ├── defaults │ └── main.yml ├── handlers │ └── main.yml ├── meta │ └── main.yml ├── tasks │ └── main.yml ├── tests │ ├── inventory │ └── test.yml └── vars │ └── main.yml ├── nodes_cluster ├── README.md ├── defaults │ └── main.yml ├── handlers │ └── main.yml ├── meta │ └── main.yml ├── tasks │ └── main.yml ├── tests │ ├── inventory │ └── test.yml └── vars │ └── main.yml ├── nodes_join ├── README.md ├── defaults │ └── main.yml ├── handlers │ └── main.yml ├── meta │ └── main.yml ├── tasks │ └── main.yml ├── tests │ ├── inventory │ └── test.yml └── vars │ └── main.yml └── nodes_prereqs ├── README.md ├── defaults └── main.yml ├── handlers └── main.yml ├── meta └── main.yml ├── tasks └── main.yml ├── templates └── nginx_awx.conf.j2 ├── tests ├── inventory └── test.yml └── vars └── main.yml /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2019 Timothée Christin 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # deploy_awx-rpm 2 | Deploy HA cluster for [AWX-RPM](https://github.com/MrMEEE/awx-build) 3 | 4 |

5 | AWX-RPM 6 |

7 | 8 | ## Summary 9 | This playbook is intended to configure a full stack of: 10 | - 1 or more external database server with PostgreSQL 10 (cluster configuration not implemented yet) 11 | - 2 or more (3 as recommended minimum) AWX worker nodes in clustered configuration 12 | 13 | ## Audience 14 | RHEL7 / CentOS7 system administrators with knowledge of Ansible. 15 | 16 | ## Inventory 17 | An inventory file must be used with the following structure: 18 | ``` 19 | [db] 20 | db_server_hostname 21 | 22 | [nodes] 23 | awx_worker_node_#1_hostname 24 | awx_worker_node_#2_hostname 25 | awx_worker_node_#3_hostname 26 | ``` 27 | ## Variables 28 | All variables are configurable at the [group_vars](https://github.com/powertim/deploy_awx-rpm/tree/master/group_vars) level: 29 | - **db**: 30 | - **default_db_disk_mount:** mount point of the disk used for storing PostgreSQL data 31 | - **db_disk_src:** device used for the disk mounted for storing PostgreSQL data 32 | - **db_disk_fs_type:** filesystem used for the disk mounted for storing PostgreSQL data 33 | - **nodes** 34 | - **awx_repo**: name of the Satellite repository which contains [AWX-RPM](https://github.com/MrMEEE/awx-build) binaries 35 | - **awx_dependencies_repo:** name of the Satellite repository which contains dependencies used by [AWX-RPM](https://github.com/MrMEEE/awx-build) binaries 36 | - **rabbitmq_repo:** name of the Satellite repository which contains RabbitMQ binaries 37 | - **erlang_repo:** name of the Satellite repository which contains Erlang binaries used by RabbitMQ 38 | - **epel_repo:** name of the Satellite repository for EPEL 39 | 40 | ## Prerequisites 41 | - Ansible 2.7 installed on 1 server as minimum configuration 42 | - Passwordless SSH authentication for 1 user on all nodes 43 | 44 | ## Execution 45 | ``` 46 | $ ansible-playbook -i inventory deploy_awx-rpm.yml 47 | ``` 48 | 49 | ## Known issues 50 | - Idempotence not fully working 51 | - Re-running the playbook can throw errors (most related to django) 52 | 53 | ## Contributing 54 | Any help is welcome ! 55 | Main milestones are: 56 | - Adaptating for use without Satellite repositories 57 | - Supporting CentOS7 x86_64 (only tested on RHEL7 x86_64 now) 58 | - Improving idempotence 59 | 60 | Feel free to submit pull requests on [dev](https://github.com/powertim/deploy_awx-rpm/tree/dev) branch and your ideas to improve this work. 61 | 62 | ## Reporting issues 63 | All issues can be submitted in the appropriate [section](https://github.com/powertim/deploy_awx-rpm/issues). 64 | I will provide my help as best effort to anyone, so if you want to help me, you're welcome ! 65 | 66 | ## License 67 | [MIT](https://github.com/powertim/deploy_awx-rpm/blob/master/LICENSE) 68 | -------------------------------------------------------------------------------- /ansible.cfg: -------------------------------------------------------------------------------- 1 | [defaults] 2 | inventory = inventory 3 | host_key_checking = False 4 | stdout_callback=debug 5 | -------------------------------------------------------------------------------- /deploy_awx-rpm.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: db 3 | gather_facts: true 4 | become: true 5 | tasks: 6 | - name: Check if db exists 7 | include_role: 8 | name: check_db 9 | tags: 10 | - checkdb 11 | 12 | - hosts: nodes 13 | gather_facts: true 14 | become: true 15 | tasks: 16 | - name: Check if already installed 17 | include_role: 18 | name: check_install 19 | tags: 20 | - checkinstall 21 | 22 | - hosts: all 23 | tasks: 24 | - name: Get pre check value and compute total 25 | set_fact: total="{{ ( groups['nodes'] | map('extract', hostvars, ['precheck', 'matched']) | sum() ) + ((hostvars[item].precheck.stdout) | int )}}" 26 | with_items: "{{ groups['db'][0] }}" 27 | 28 | - name: Manual - Pause when AWX is already installed 29 | pause: 30 | prompt: " <<<<< AWX is already installed. Do you want to overwrite existing installation ? (yes / no) >>>>>" 31 | echo: yes 32 | register: choice 33 | delegate_to: localhost 34 | when: total !="0" 35 | 36 | - name: Register choice to all hosts 37 | set_fact: 38 | user_choice: "{{ hostvars[item].choice.user_input }}" 39 | with_items: "{{ groups['all'][0] }}" 40 | when: total !="0" 41 | 42 | # Start operations on DB servers 43 | - hosts: db 44 | gather_facts: true 45 | become: true 46 | tasks: 47 | 48 | - name: Install prerequisites, PostgreSQL and prepare DB storage 49 | include_role: 50 | name: db_prereqs 51 | tags: 52 | - dbprereqs 53 | when: (hostvars[inventory_hostname].user_choice is not defined) or (hostvars[inventory_hostname].user_choice | bool) 54 | 55 | - name: Initialize and configure DB 56 | include_role: 57 | name: db_init 58 | tags: 59 | - dbinit 60 | when: (hostvars[inventory_hostname].user_choice is not defined) or (hostvars[inventory_hostname].user_choice | bool) 61 | 62 | - name: Create user & DB 63 | include_role: 64 | name: db_create 65 | tags: 66 | - dbcreate 67 | when: (hostvars[inventory_hostname].user_choice is not defined) or (hostvars[inventory_hostname].user_choice | bool) 68 | 69 | # Start operations on all AWX nodes 70 | - hosts: nodes 71 | become: true 72 | tasks: 73 | - name: Install prerequisites on AWX nodes 74 | include_role: 75 | name: nodes_prereqs 76 | tags: 77 | - nodesprereqs 78 | when: (hostvars[inventory_hostname].user_choice is not defined) or (hostvars[inventory_hostname].user_choice | bool) 79 | 80 | # On first AWX node only: 81 | - hosts: nodes[0] 82 | become: true 83 | tasks: 84 | - name: Initialize master node 85 | include_role: 86 | name: master_init 87 | tags: 88 | - masterinit 89 | when: (hostvars[inventory_hostname].user_choice is not defined) or (hostvars[inventory_hostname].user_choice | bool) 90 | 91 | # On remaining AWX nodes: 92 | - hosts: nodes[1:] 93 | become: true 94 | tasks: 95 | - name: Join RabbitMQ cluster 96 | include_role: 97 | name: nodes_join 98 | tags: 99 | - nodesjoin 100 | when: (hostvars[inventory_hostname].user_choice is not defined) or (hostvars[inventory_hostname].user_choice | bool) 101 | 102 | # On all AWX nodes: 103 | - hosts: nodes 104 | become: true 105 | tasks: 106 | - name: Setup RabbitMQ cluster & register instances in AWX 107 | include_role: 108 | name: nodes_cluster 109 | tags: 110 | - nodescluster 111 | when: (hostvars[inventory_hostname].user_choice is not defined) or (hostvars[inventory_hostname].user_choice | bool) 112 | 113 | # On first AWX node only: 114 | - hosts: nodes[0] 115 | become: true 116 | tasks: 117 | - name: Add instances to tower instance group 118 | include_role: 119 | name: master_instance 120 | tags: 121 | - masterinstance 122 | when: (hostvars[inventory_hostname].user_choice is not defined) or (hostvars[inventory_hostname].user_choice | bool) -------------------------------------------------------------------------------- /group_vars/db.yml: -------------------------------------------------------------------------------- 1 | --- 2 | default_db_disk_mount: /data 3 | db_disk_src: /dev/mapper/data-data 4 | db_disk_fs_type: xfs -------------------------------------------------------------------------------- /group_vars/nodes.yml: -------------------------------------------------------------------------------- 1 | --- 2 | awx_repo: awx_ansible_awx_repo 3 | awx_dependencies_repo: awx_ansible-awx_dependencies 4 | rabbitmq_repo: rabbitMQ_rabbitmq-repo 5 | erlang_repo: rabbitMQ_erlang21-repo 6 | epel_repo: rhel_7_epel_-_rhel_7_repository -------------------------------------------------------------------------------- /inventory: -------------------------------------------------------------------------------- 1 | [db] 2 | srvawxdb01 3 | 4 | [nodes] 5 | srvawxnd01 6 | srvawxnd02 7 | srvawxnd03 -------------------------------------------------------------------------------- /roles/check_db/README.md: -------------------------------------------------------------------------------- 1 | Role Name 2 | ========= 3 | 4 | A brief description of the role goes here. 5 | 6 | Requirements 7 | ------------ 8 | 9 | Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. 10 | 11 | Role Variables 12 | -------------- 13 | 14 | A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. 15 | 16 | Dependencies 17 | ------------ 18 | 19 | A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. 20 | 21 | Example Playbook 22 | ---------------- 23 | 24 | Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: 25 | 26 | - hosts: servers 27 | roles: 28 | - { role: username.rolename, x: 42 } 29 | 30 | License 31 | ------- 32 | 33 | BSD 34 | 35 | Author Information 36 | ------------------ 37 | 38 | An optional section for the role authors to include contact information, or a website (HTML is not allowed). 39 | -------------------------------------------------------------------------------- /roles/check_db/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for check_db -------------------------------------------------------------------------------- /roles/check_db/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for check_db -------------------------------------------------------------------------------- /roles/check_db/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: your name 3 | description: your description 4 | company: your company (optional) 5 | 6 | # If the issue tracker for your role is not on github, uncomment the 7 | # next line and provide a value 8 | # issue_tracker_url: http://example.com/issue/tracker 9 | 10 | # Some suggested licenses: 11 | # - BSD (default) 12 | # - MIT 13 | # - GPLv2 14 | # - GPLv3 15 | # - Apache 16 | # - CC-BY 17 | license: license (GPLv2, CC-BY, etc) 18 | 19 | min_ansible_version: 1.2 20 | 21 | # If this a Container Enabled role, provide the minimum Ansible Container version. 22 | # min_ansible_container_version: 23 | 24 | # Optionally specify the branch Galaxy will use when accessing the GitHub 25 | # repo for this role. During role install, if no tags are available, 26 | # Galaxy will use this branch. During import Galaxy will access files on 27 | # this branch. If Travis integration is configured, only notifications for this 28 | # branch will be accepted. Otherwise, in all cases, the repo's default branch 29 | # (usually master) will be used. 30 | #github_branch: 31 | 32 | # 33 | # platforms is a list of platforms, and each platform has a name and a list of versions. 34 | # 35 | # platforms: 36 | # - name: Fedora 37 | # versions: 38 | # - all 39 | # - 25 40 | # - name: SomePlatform 41 | # versions: 42 | # - all 43 | # - 1.0 44 | # - 7 45 | # - 99.99 46 | 47 | galaxy_tags: [] 48 | # List tags for your role here, one per line. A tag is a keyword that describes 49 | # and categorizes the role. Users find roles by searching for tags. Be sure to 50 | # remove the '[]' above, if you add tags to this list. 51 | # 52 | # NOTE: A tag is limited to a single word comprised of alphanumeric characters. 53 | # Maximum 20 tags per role. 54 | 55 | dependencies: [] 56 | # List your role dependencies here, one per line. Be sure to remove the '[]' above, 57 | # if you add dependencies to this list. -------------------------------------------------------------------------------- /roles/check_db/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Check if postgres user exists 3 | shell: /usr/bin/getent passwd postgres | /usr/bin/wc -l | tr -d '' 4 | register: user_check 5 | 6 | - debug: 7 | var: user_check 8 | 9 | - name: Check if PostgreSQL database already exists 10 | become_user: postgres 11 | become: true 12 | shell: /opt/rh/rh-postgresql10/root/usr/bin/psql -lqt | cut -d \| -f 1 | grep -w awx | wc -l 13 | register: db_check 14 | when: user_check.stdout != "0" 15 | 16 | - debug: 17 | var: db_check 18 | 19 | - set_fact: precheck="{{ user_check }}" 20 | when: db_check.skipped is defined and db_check.skipped == true 21 | 22 | - set_fact: precheck="{{ db_check }}" 23 | when: user_check.stdout != "0" -------------------------------------------------------------------------------- /roles/check_db/tests/inventory: -------------------------------------------------------------------------------- 1 | localhost 2 | 3 | -------------------------------------------------------------------------------- /roles/check_db/tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | remote_user: root 4 | roles: 5 | - check_db -------------------------------------------------------------------------------- /roles/check_db/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for check_db -------------------------------------------------------------------------------- /roles/check_install/README.md: -------------------------------------------------------------------------------- 1 | Role Name 2 | ========= 3 | 4 | A brief description of the role goes here. 5 | 6 | Requirements 7 | ------------ 8 | 9 | Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. 10 | 11 | Role Variables 12 | -------------- 13 | 14 | A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. 15 | 16 | Dependencies 17 | ------------ 18 | 19 | A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. 20 | 21 | Example Playbook 22 | ---------------- 23 | 24 | Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: 25 | 26 | - hosts: servers 27 | roles: 28 | - { role: username.rolename, x: 42 } 29 | 30 | License 31 | ------- 32 | 33 | BSD 34 | 35 | Author Information 36 | ------------------ 37 | 38 | An optional section for the role authors to include contact information, or a website (HTML is not allowed). 39 | -------------------------------------------------------------------------------- /roles/check_install/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for check_install -------------------------------------------------------------------------------- /roles/check_install/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for check_install -------------------------------------------------------------------------------- /roles/check_install/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: your name 3 | description: your description 4 | company: your company (optional) 5 | 6 | # If the issue tracker for your role is not on github, uncomment the 7 | # next line and provide a value 8 | # issue_tracker_url: http://example.com/issue/tracker 9 | 10 | # Some suggested licenses: 11 | # - BSD (default) 12 | # - MIT 13 | # - GPLv2 14 | # - GPLv3 15 | # - Apache 16 | # - CC-BY 17 | license: license (GPLv2, CC-BY, etc) 18 | 19 | min_ansible_version: 1.2 20 | 21 | # If this a Container Enabled role, provide the minimum Ansible Container version. 22 | # min_ansible_container_version: 23 | 24 | # Optionally specify the branch Galaxy will use when accessing the GitHub 25 | # repo for this role. During role install, if no tags are available, 26 | # Galaxy will use this branch. During import Galaxy will access files on 27 | # this branch. If Travis integration is configured, only notifications for this 28 | # branch will be accepted. Otherwise, in all cases, the repo's default branch 29 | # (usually master) will be used. 30 | #github_branch: 31 | 32 | # 33 | # platforms is a list of platforms, and each platform has a name and a list of versions. 34 | # 35 | # platforms: 36 | # - name: Fedora 37 | # versions: 38 | # - all 39 | # - 25 40 | # - name: SomePlatform 41 | # versions: 42 | # - all 43 | # - 1.0 44 | # - 7 45 | # - 99.99 46 | 47 | galaxy_tags: [] 48 | # List tags for your role here, one per line. A tag is a keyword that describes 49 | # and categorizes the role. Users find roles by searching for tags. Be sure to 50 | # remove the '[]' above, if you add tags to this list. 51 | # 52 | # NOTE: A tag is limited to a single word comprised of alphanumeric characters. 53 | # Maximum 20 tags per role. 54 | 55 | dependencies: [] 56 | # List your role dependencies here, one per line. Be sure to remove the '[]' above, 57 | # if you add dependencies to this list. -------------------------------------------------------------------------------- /roles/check_install/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Check AWX directory is empty 3 | find: 4 | paths: "/etc/tower" 5 | patterns: "[A-Za-z0-9_-]+" 6 | use_regex: True 7 | file_type: any 8 | recurse: yes 9 | register: precheck -------------------------------------------------------------------------------- /roles/check_install/tests/inventory: -------------------------------------------------------------------------------- 1 | localhost 2 | 3 | -------------------------------------------------------------------------------- /roles/check_install/tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | remote_user: root 4 | roles: 5 | - check_install -------------------------------------------------------------------------------- /roles/check_install/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for check_install -------------------------------------------------------------------------------- /roles/db_create/README.md: -------------------------------------------------------------------------------- 1 | Role Name 2 | ========= 3 | 4 | A brief description of the role goes here. 5 | 6 | Requirements 7 | ------------ 8 | 9 | Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. 10 | 11 | Role Variables 12 | -------------- 13 | 14 | A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. 15 | 16 | Dependencies 17 | ------------ 18 | 19 | A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. 20 | 21 | Example Playbook 22 | ---------------- 23 | 24 | Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: 25 | 26 | - hosts: servers 27 | roles: 28 | - { role: username.rolename, x: 42 } 29 | 30 | License 31 | ------- 32 | 33 | BSD 34 | 35 | Author Information 36 | ------------------ 37 | 38 | An optional section for the role authors to include contact information, or a website (HTML is not allowed). 39 | -------------------------------------------------------------------------------- /roles/db_create/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for db_create -------------------------------------------------------------------------------- /roles/db_create/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for db_create -------------------------------------------------------------------------------- /roles/db_create/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: your name 3 | description: your description 4 | company: your company (optional) 5 | 6 | # If the issue tracker for your role is not on github, uncomment the 7 | # next line and provide a value 8 | # issue_tracker_url: http://example.com/issue/tracker 9 | 10 | # Some suggested licenses: 11 | # - BSD (default) 12 | # - MIT 13 | # - GPLv2 14 | # - GPLv3 15 | # - Apache 16 | # - CC-BY 17 | license: license (GPLv2, CC-BY, etc) 18 | 19 | min_ansible_version: 1.2 20 | 21 | # If this a Container Enabled role, provide the minimum Ansible Container version. 22 | # min_ansible_container_version: 23 | 24 | # Optionally specify the branch Galaxy will use when accessing the GitHub 25 | # repo for this role. During role install, if no tags are available, 26 | # Galaxy will use this branch. During import Galaxy will access files on 27 | # this branch. If Travis integration is configured, only notifications for this 28 | # branch will be accepted. Otherwise, in all cases, the repo's default branch 29 | # (usually master) will be used. 30 | #github_branch: 31 | 32 | # 33 | # platforms is a list of platforms, and each platform has a name and a list of versions. 34 | # 35 | # platforms: 36 | # - name: Fedora 37 | # versions: 38 | # - all 39 | # - 25 40 | # - name: SomePlatform 41 | # versions: 42 | # - all 43 | # - 1.0 44 | # - 7 45 | # - 99.99 46 | 47 | galaxy_tags: [] 48 | # List tags for your role here, one per line. A tag is a keyword that describes 49 | # and categorizes the role. Users find roles by searching for tags. Be sure to 50 | # remove the '[]' above, if you add tags to this list. 51 | # 52 | # NOTE: A tag is limited to a single word comprised of alphanumeric characters. 53 | # Maximum 20 tags per role. 54 | 55 | dependencies: [] 56 | # List your role dependencies here, one per line. Be sure to remove the '[]' above, 57 | # if you add dependencies to this list. -------------------------------------------------------------------------------- /roles/db_create/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create awx DB 3 | become: true 4 | become_user: postgres 5 | postgresql_db: 6 | name: awx 7 | 8 | - name: Generate password for awx db user 9 | set_fact: 10 | password: "{{ lookup('password', '/dev/null length=24 chars=ascii_letters,digits') }}" 11 | 12 | - name : Display password for awx db user 13 | debug: 14 | msg: "Randomly generated password for awx db user is : {{ password }}" 15 | 16 | - name: Create awx user for DB 17 | become: true 18 | become_user: postgres 19 | postgresql_user: 20 | db: awx 21 | name: awx 22 | password: "{{ password }}" -------------------------------------------------------------------------------- /roles/db_create/tests/inventory: -------------------------------------------------------------------------------- 1 | localhost 2 | 3 | -------------------------------------------------------------------------------- /roles/db_create/tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | remote_user: root 4 | roles: 5 | - db_create -------------------------------------------------------------------------------- /roles/db_create/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for db_create -------------------------------------------------------------------------------- /roles/db_init/README.md: -------------------------------------------------------------------------------- 1 | Role Name 2 | ========= 3 | 4 | A brief description of the role goes here. 5 | 6 | Requirements 7 | ------------ 8 | 9 | Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. 10 | 11 | Role Variables 12 | -------------- 13 | 14 | A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. 15 | 16 | Dependencies 17 | ------------ 18 | 19 | A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. 20 | 21 | Example Playbook 22 | ---------------- 23 | 24 | Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: 25 | 26 | - hosts: servers 27 | roles: 28 | - { role: username.rolename, x: 42 } 29 | 30 | License 31 | ------- 32 | 33 | BSD 34 | 35 | Author Information 36 | ------------------ 37 | 38 | An optional section for the role authors to include contact information, or a website (HTML is not allowed). 39 | -------------------------------------------------------------------------------- /roles/db_init/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for db_init -------------------------------------------------------------------------------- /roles/db_init/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for db_init -------------------------------------------------------------------------------- /roles/db_init/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: your name 3 | description: your description 4 | company: your company (optional) 5 | 6 | # If the issue tracker for your role is not on github, uncomment the 7 | # next line and provide a value 8 | # issue_tracker_url: http://example.com/issue/tracker 9 | 10 | # Some suggested licenses: 11 | # - BSD (default) 12 | # - MIT 13 | # - GPLv2 14 | # - GPLv3 15 | # - Apache 16 | # - CC-BY 17 | license: license (GPLv2, CC-BY, etc) 18 | 19 | min_ansible_version: 1.2 20 | 21 | # If this a Container Enabled role, provide the minimum Ansible Container version. 22 | # min_ansible_container_version: 23 | 24 | # Optionally specify the branch Galaxy will use when accessing the GitHub 25 | # repo for this role. During role install, if no tags are available, 26 | # Galaxy will use this branch. During import Galaxy will access files on 27 | # this branch. If Travis integration is configured, only notifications for this 28 | # branch will be accepted. Otherwise, in all cases, the repo's default branch 29 | # (usually master) will be used. 30 | #github_branch: 31 | 32 | # 33 | # platforms is a list of platforms, and each platform has a name and a list of versions. 34 | # 35 | # platforms: 36 | # - name: Fedora 37 | # versions: 38 | # - all 39 | # - 25 40 | # - name: SomePlatform 41 | # versions: 42 | # - all 43 | # - 1.0 44 | # - 7 45 | # - 99.99 46 | 47 | galaxy_tags: [] 48 | # List tags for your role here, one per line. A tag is a keyword that describes 49 | # and categorizes the role. Users find roles by searching for tags. Be sure to 50 | # remove the '[]' above, if you add tags to this list. 51 | # 52 | # NOTE: A tag is limited to a single word comprised of alphanumeric characters. 53 | # Maximum 20 tags per role. 54 | 55 | dependencies: [] 56 | # List your role dependencies here, one per line. Be sure to remove the '[]' above, 57 | # if you add dependencies to this list. -------------------------------------------------------------------------------- /roles/db_init/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Check if PostgreSQL data directory is empty 3 | find: 4 | paths: "/var/opt/rh/rh-postgresql10/lib/pgsql/data" 5 | patterns: "[A-Za-z0-9_-]+" 6 | use_regex: True 7 | file_type: any 8 | recurse: yes 9 | register: postgresql_directory 10 | 11 | - name: Initialize DB 12 | shell: scl enable rh-postgresql10 "postgresql-setup initdb" 13 | register: initdb 14 | ignore_errors: True 15 | when: postgresql_directory.matched == 0 16 | 17 | - name: Start & enable PostgreSQL service at boot 18 | service: 19 | name: rh-postgresql10-postgresql 20 | state: started 21 | enabled: yes 22 | 23 | - name: Edit PostgreSQL configuration to trust AWX servers remote connections 24 | lineinfile: 25 | path: /var/opt/rh/rh-postgresql10/lib/pgsql/data/pg_hba.conf 26 | regexp: "^host all all {{ hostvars[item]['ansible_default_ipv4']['address'] }}/32 trust$" 27 | insertafter: '# IPv4 local connections:' 28 | line: "host all all {{ hostvars[item]['ansible_default_ipv4']['address'] }}/32 trust" 29 | with_items: "{{ groups['nodes'] }}" 30 | 31 | - name: Edit PostgreSQL configuration file to listen to all addresses 32 | lineinfile: 33 | path: /var/opt/rh/rh-postgresql10/lib/pgsql/data/postgresql.conf 34 | regexp: '^listen_addresses' 35 | line: "listen_addresses = '*'" 36 | state: present 37 | 38 | - name: Edit PostgreSQL configuration file to configure default port 39 | lineinfile: 40 | path: /var/opt/rh/rh-postgresql10/lib/pgsql/data/postgresql.conf 41 | regexp: '^port' 42 | line: "port = 5432" 43 | state: present 44 | 45 | - name: Restart PostgreSQL service 46 | systemd: 47 | state: restarted 48 | daemon_reload: yes 49 | name: rh-postgresql10-postgresql -------------------------------------------------------------------------------- /roles/db_init/tests/inventory: -------------------------------------------------------------------------------- 1 | localhost 2 | 3 | -------------------------------------------------------------------------------- /roles/db_init/tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | remote_user: root 4 | roles: 5 | - db_init -------------------------------------------------------------------------------- /roles/db_init/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for db_init -------------------------------------------------------------------------------- /roles/db_prereqs/README.md: -------------------------------------------------------------------------------- 1 | Role Name 2 | ========= 3 | 4 | A brief description of the role goes here. 5 | 6 | Requirements 7 | ------------ 8 | 9 | Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. 10 | 11 | Role Variables 12 | -------------- 13 | 14 | A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. 15 | 16 | Dependencies 17 | ------------ 18 | 19 | A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. 20 | 21 | Example Playbook 22 | ---------------- 23 | 24 | Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: 25 | 26 | - hosts: servers 27 | roles: 28 | - { role: username.rolename, x: 42 } 29 | 30 | License 31 | ------- 32 | 33 | BSD 34 | 35 | Author Information 36 | ------------------ 37 | 38 | An optional section for the role authors to include contact information, or a website (HTML is not allowed). 39 | -------------------------------------------------------------------------------- /roles/db_prereqs/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for db_prereqs -------------------------------------------------------------------------------- /roles/db_prereqs/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for db_prereqs -------------------------------------------------------------------------------- /roles/db_prereqs/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: your name 3 | description: your description 4 | company: your company (optional) 5 | 6 | # If the issue tracker for your role is not on github, uncomment the 7 | # next line and provide a value 8 | # issue_tracker_url: http://example.com/issue/tracker 9 | 10 | # Some suggested licenses: 11 | # - BSD (default) 12 | # - MIT 13 | # - GPLv2 14 | # - GPLv3 15 | # - Apache 16 | # - CC-BY 17 | license: license (GPLv2, CC-BY, etc) 18 | 19 | min_ansible_version: 1.2 20 | 21 | # If this a Container Enabled role, provide the minimum Ansible Container version. 22 | # min_ansible_container_version: 23 | 24 | # Optionally specify the branch Galaxy will use when accessing the GitHub 25 | # repo for this role. During role install, if no tags are available, 26 | # Galaxy will use this branch. During import Galaxy will access files on 27 | # this branch. If Travis integration is configured, only notifications for this 28 | # branch will be accepted. Otherwise, in all cases, the repo's default branch 29 | # (usually master) will be used. 30 | #github_branch: 31 | 32 | # 33 | # platforms is a list of platforms, and each platform has a name and a list of versions. 34 | # 35 | # platforms: 36 | # - name: Fedora 37 | # versions: 38 | # - all 39 | # - 25 40 | # - name: SomePlatform 41 | # versions: 42 | # - all 43 | # - 1.0 44 | # - 7 45 | # - 99.99 46 | 47 | galaxy_tags: [] 48 | # List tags for your role here, one per line. A tag is a keyword that describes 49 | # and categorizes the role. Users find roles by searching for tags. Be sure to 50 | # remove the '[]' above, if you add tags to this list. 51 | # 52 | # NOTE: A tag is limited to a single word comprised of alphanumeric characters. 53 | # Maximum 20 tags per role. 54 | 55 | dependencies: [] 56 | # List your role dependencies here, one per line. Be sure to remove the '[]' above, 57 | # if you add dependencies to this list. -------------------------------------------------------------------------------- /roles/db_prereqs/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Activate Satellite repositories 3 | rhsm_repository: 4 | name: "{{ item }}" 5 | state: enabled 6 | with_items: 7 | - rhel-server-rhscl-7-rpms 8 | 9 | - name: Install PostgreSQL 10 | yum: 11 | name: rh-postgresql10 12 | state: present 13 | 14 | - name: Install python psycopg2 module 15 | yum: 16 | name: python-psycopg2 17 | state: present 18 | 19 | - name: Unmount DB data volume from default location 20 | mount: 21 | path: "{{ default_db_disk_mount }}" 22 | src: "{{ db_disk_src }}" 23 | fstype: "{{ db_disk_fs_type }}" 24 | state: absent 25 | 26 | - name: Mount /data volume to PostgreSQL directory 27 | mount: 28 | path: /var/lib/pgsql 29 | src: "{{ db_disk_src }}" 30 | fstype: "{{ db_disk_fs_type }}" 31 | state: present -------------------------------------------------------------------------------- /roles/db_prereqs/tests/inventory: -------------------------------------------------------------------------------- 1 | localhost 2 | 3 | -------------------------------------------------------------------------------- /roles/db_prereqs/tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | remote_user: root 4 | roles: 5 | - db_prereqs -------------------------------------------------------------------------------- /roles/db_prereqs/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for db_prereqs -------------------------------------------------------------------------------- /roles/master_init/README.md: -------------------------------------------------------------------------------- 1 | Role Name 2 | ========= 3 | 4 | A brief description of the role goes here. 5 | 6 | Requirements 7 | ------------ 8 | 9 | Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. 10 | 11 | Role Variables 12 | -------------- 13 | 14 | A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. 15 | 16 | Dependencies 17 | ------------ 18 | 19 | A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. 20 | 21 | Example Playbook 22 | ---------------- 23 | 24 | Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: 25 | 26 | - hosts: servers 27 | roles: 28 | - { role: username.rolename, x: 42 } 29 | 30 | License 31 | ------- 32 | 33 | BSD 34 | 35 | Author Information 36 | ------------------ 37 | 38 | An optional section for the role authors to include contact information, or a website (HTML is not allowed). 39 | -------------------------------------------------------------------------------- /roles/master_init/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for master_init -------------------------------------------------------------------------------- /roles/master_init/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for master_init -------------------------------------------------------------------------------- /roles/master_init/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: your name 3 | description: your description 4 | company: your company (optional) 5 | 6 | # If the issue tracker for your role is not on github, uncomment the 7 | # next line and provide a value 8 | # issue_tracker_url: http://example.com/issue/tracker 9 | 10 | # Some suggested licenses: 11 | # - BSD (default) 12 | # - MIT 13 | # - GPLv2 14 | # - GPLv3 15 | # - Apache 16 | # - CC-BY 17 | license: license (GPLv2, CC-BY, etc) 18 | 19 | min_ansible_version: 1.2 20 | 21 | # If this a Container Enabled role, provide the minimum Ansible Container version. 22 | # min_ansible_container_version: 23 | 24 | # Optionally specify the branch Galaxy will use when accessing the GitHub 25 | # repo for this role. During role install, if no tags are available, 26 | # Galaxy will use this branch. During import Galaxy will access files on 27 | # this branch. If Travis integration is configured, only notifications for this 28 | # branch will be accepted. Otherwise, in all cases, the repo's default branch 29 | # (usually master) will be used. 30 | #github_branch: 31 | 32 | # 33 | # platforms is a list of platforms, and each platform has a name and a list of versions. 34 | # 35 | # platforms: 36 | # - name: Fedora 37 | # versions: 38 | # - all 39 | # - 25 40 | # - name: SomePlatform 41 | # versions: 42 | # - all 43 | # - 1.0 44 | # - 7 45 | # - 99.99 46 | 47 | galaxy_tags: [] 48 | # List tags for your role here, one per line. A tag is a keyword that describes 49 | # and categorizes the role. Users find roles by searching for tags. Be sure to 50 | # remove the '[]' above, if you add tags to this list. 51 | # 52 | # NOTE: A tag is limited to a single word comprised of alphanumeric characters. 53 | # Maximum 20 tags per role. 54 | 55 | dependencies: [] 56 | # List your role dependencies here, one per line. Be sure to remove the '[]' above, 57 | # if you add dependencies to this list. -------------------------------------------------------------------------------- /roles/master_init/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Launch import of DB 3 | become: true 4 | become_user: awx 5 | shell: scl enable rh-python36 rh-postgresql10 "awx-manage migrate" 6 | ignore_errors: true 7 | 8 | - name: Generate password for AWX admin user 9 | set_fact: 10 | password: "{{ lookup('password', '/dev/null length=20 chars=ascii_letters,digits') }}" 11 | 12 | - name : Display password for AWX admin user 13 | debug: 14 | msg: "Randomly generated password for AWX admin user is : {{ password }}" 15 | 16 | - name: Launch initial configuration of AWX 17 | become: true 18 | become_user: awx 19 | shell: | 20 | echo "from django.contrib.auth.models import User; User.objects.create_superuser('admin', 'root@localhost', '{{ password }}')" | scl enable rh-python36 rh-postgresql10 "awx-manage shell" 21 | scl enable rh-python36 rh-postgresql10 "awx-manage create_preload_data" 22 | 23 | - name: Get value of Erlang cookie for RabbitMQ 24 | become: true 25 | shell: cat /var/lib/rabbitmq/.erlang.cookie 26 | register: cookie 27 | 28 | - name: Display value of Erlang cookie for RabbitMQ 29 | debug: 30 | msg: "Erlang cookie for RabbitMQ value is : {{ cookie.stdout }}" -------------------------------------------------------------------------------- /roles/master_init/tests/inventory: -------------------------------------------------------------------------------- 1 | localhost 2 | 3 | -------------------------------------------------------------------------------- /roles/master_init/tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | remote_user: root 4 | roles: 5 | - master_init -------------------------------------------------------------------------------- /roles/master_init/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for master_init -------------------------------------------------------------------------------- /roles/master_instance/README.md: -------------------------------------------------------------------------------- 1 | Role Name 2 | ========= 3 | 4 | A brief description of the role goes here. 5 | 6 | Requirements 7 | ------------ 8 | 9 | Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. 10 | 11 | Role Variables 12 | -------------- 13 | 14 | A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. 15 | 16 | Dependencies 17 | ------------ 18 | 19 | A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. 20 | 21 | Example Playbook 22 | ---------------- 23 | 24 | Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: 25 | 26 | - hosts: servers 27 | roles: 28 | - { role: username.rolename, x: 42 } 29 | 30 | License 31 | ------- 32 | 33 | BSD 34 | 35 | Author Information 36 | ------------------ 37 | 38 | An optional section for the role authors to include contact information, or a website (HTML is not allowed). 39 | -------------------------------------------------------------------------------- /roles/master_instance/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for master_instance -------------------------------------------------------------------------------- /roles/master_instance/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for master_instance -------------------------------------------------------------------------------- /roles/master_instance/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: your name 3 | description: your description 4 | company: your company (optional) 5 | 6 | # If the issue tracker for your role is not on github, uncomment the 7 | # next line and provide a value 8 | # issue_tracker_url: http://example.com/issue/tracker 9 | 10 | # Some suggested licenses: 11 | # - BSD (default) 12 | # - MIT 13 | # - GPLv2 14 | # - GPLv3 15 | # - Apache 16 | # - CC-BY 17 | license: license (GPLv2, CC-BY, etc) 18 | 19 | min_ansible_version: 1.2 20 | 21 | # If this a Container Enabled role, provide the minimum Ansible Container version. 22 | # min_ansible_container_version: 23 | 24 | # Optionally specify the branch Galaxy will use when accessing the GitHub 25 | # repo for this role. During role install, if no tags are available, 26 | # Galaxy will use this branch. During import Galaxy will access files on 27 | # this branch. If Travis integration is configured, only notifications for this 28 | # branch will be accepted. Otherwise, in all cases, the repo's default branch 29 | # (usually master) will be used. 30 | #github_branch: 31 | 32 | # 33 | # platforms is a list of platforms, and each platform has a name and a list of versions. 34 | # 35 | # platforms: 36 | # - name: Fedora 37 | # versions: 38 | # - all 39 | # - 25 40 | # - name: SomePlatform 41 | # versions: 42 | # - all 43 | # - 1.0 44 | # - 7 45 | # - 99.99 46 | 47 | galaxy_tags: [] 48 | # List tags for your role here, one per line. A tag is a keyword that describes 49 | # and categorizes the role. Users find roles by searching for tags. Be sure to 50 | # remove the '[]' above, if you add tags to this list. 51 | # 52 | # NOTE: A tag is limited to a single word comprised of alphanumeric characters. 53 | # Maximum 20 tags per role. 54 | 55 | dependencies: [] 56 | # List your role dependencies here, one per line. Be sure to remove the '[]' above, 57 | # if you add dependencies to this list. -------------------------------------------------------------------------------- /roles/master_instance/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Add instances to ‘tower’ instance group 3 | become: true 4 | become_user: awx 5 | shell: scl enable rh-python36 rh-postgresql10 'awx-manage register_queue --queuename=tower --hostnames="{{ groups['nodes'] | join(',') }}"' -------------------------------------------------------------------------------- /roles/master_instance/tests/inventory: -------------------------------------------------------------------------------- 1 | localhost 2 | 3 | -------------------------------------------------------------------------------- /roles/master_instance/tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | remote_user: root 4 | roles: 5 | - master_instance -------------------------------------------------------------------------------- /roles/master_instance/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for master_instance -------------------------------------------------------------------------------- /roles/nodes_cluster/README.md: -------------------------------------------------------------------------------- 1 | Role Name 2 | ========= 3 | 4 | A brief description of the role goes here. 5 | 6 | Requirements 7 | ------------ 8 | 9 | Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. 10 | 11 | Role Variables 12 | -------------- 13 | 14 | A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. 15 | 16 | Dependencies 17 | ------------ 18 | 19 | A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. 20 | 21 | Example Playbook 22 | ---------------- 23 | 24 | Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: 25 | 26 | - hosts: servers 27 | roles: 28 | - { role: username.rolename, x: 42 } 29 | 30 | License 31 | ------- 32 | 33 | BSD 34 | 35 | Author Information 36 | ------------------ 37 | 38 | An optional section for the role authors to include contact information, or a website (HTML is not allowed). 39 | -------------------------------------------------------------------------------- /roles/nodes_cluster/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for nodes_cluster -------------------------------------------------------------------------------- /roles/nodes_cluster/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for nodes_cluster -------------------------------------------------------------------------------- /roles/nodes_cluster/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: your name 3 | description: your description 4 | company: your company (optional) 5 | 6 | # If the issue tracker for your role is not on github, uncomment the 7 | # next line and provide a value 8 | # issue_tracker_url: http://example.com/issue/tracker 9 | 10 | # Some suggested licenses: 11 | # - BSD (default) 12 | # - MIT 13 | # - GPLv2 14 | # - GPLv3 15 | # - Apache 16 | # - CC-BY 17 | license: license (GPLv2, CC-BY, etc) 18 | 19 | min_ansible_version: 1.2 20 | 21 | # If this a Container Enabled role, provide the minimum Ansible Container version. 22 | # min_ansible_container_version: 23 | 24 | # Optionally specify the branch Galaxy will use when accessing the GitHub 25 | # repo for this role. During role install, if no tags are available, 26 | # Galaxy will use this branch. During import Galaxy will access files on 27 | # this branch. If Travis integration is configured, only notifications for this 28 | # branch will be accepted. Otherwise, in all cases, the repo's default branch 29 | # (usually master) will be used. 30 | #github_branch: 31 | 32 | # 33 | # platforms is a list of platforms, and each platform has a name and a list of versions. 34 | # 35 | # platforms: 36 | # - name: Fedora 37 | # versions: 38 | # - all 39 | # - 25 40 | # - name: SomePlatform 41 | # versions: 42 | # - all 43 | # - 1.0 44 | # - 7 45 | # - 99.99 46 | 47 | galaxy_tags: [] 48 | # List tags for your role here, one per line. A tag is a keyword that describes 49 | # and categorizes the role. Users find roles by searching for tags. Be sure to 50 | # remove the '[]' above, if you add tags to this list. 51 | # 52 | # NOTE: A tag is limited to a single word comprised of alphanumeric characters. 53 | # Maximum 20 tags per role. 54 | 55 | dependencies: [] 56 | # List your role dependencies here, one per line. Be sure to remove the '[]' above, 57 | # if you add dependencies to this list. -------------------------------------------------------------------------------- /roles/nodes_cluster/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set the HA RabbitMQ policy 3 | shell: | 4 | rabbitmq-plugins enable rabbitmq_management 5 | rabbitmqctl set_policy ha-all "" '{"ha-mode":"all","ha-sync-mode":"automatic"}' 6 | 7 | - name: Fix permissions on RabbitMQ plugin folder 8 | file: 9 | path: /etc/rabbitmq/enabled_plugins 10 | state: file 11 | owner: root 12 | group: rabbitmq 13 | mode: 0644 14 | 15 | - name: Restart RabbitMQ service 16 | systemd: 17 | state: restarted 18 | daemon_reload: yes 19 | name: rabbitmq-server 20 | 21 | - name: Restart dispatcher service 22 | systemd: 23 | state: restarted 24 | daemon_reload: yes 25 | name: awx-dispatcher 26 | 27 | - name: Register instances for AWX cluster 28 | become: true 29 | become_user: awx 30 | shell: scl enable rh-python36 rh-postgresql10 "awx-manage provision_instance --hostname=$(hostname)" -------------------------------------------------------------------------------- /roles/nodes_cluster/tests/inventory: -------------------------------------------------------------------------------- 1 | localhost 2 | 3 | -------------------------------------------------------------------------------- /roles/nodes_cluster/tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | remote_user: root 4 | roles: 5 | - nodes_cluster -------------------------------------------------------------------------------- /roles/nodes_cluster/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for nodes_cluster -------------------------------------------------------------------------------- /roles/nodes_join/README.md: -------------------------------------------------------------------------------- 1 | Role Name 2 | ========= 3 | 4 | A brief description of the role goes here. 5 | 6 | Requirements 7 | ------------ 8 | 9 | Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. 10 | 11 | Role Variables 12 | -------------- 13 | 14 | A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. 15 | 16 | Dependencies 17 | ------------ 18 | 19 | A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. 20 | 21 | Example Playbook 22 | ---------------- 23 | 24 | Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: 25 | 26 | - hosts: servers 27 | roles: 28 | - { role: username.rolename, x: 42 } 29 | 30 | License 31 | ------- 32 | 33 | BSD 34 | 35 | Author Information 36 | ------------------ 37 | 38 | An optional section for the role authors to include contact information, or a website (HTML is not allowed). 39 | -------------------------------------------------------------------------------- /roles/nodes_join/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for nodes_join -------------------------------------------------------------------------------- /roles/nodes_join/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for nodes_join -------------------------------------------------------------------------------- /roles/nodes_join/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: your name 3 | description: your description 4 | company: your company (optional) 5 | 6 | # If the issue tracker for your role is not on github, uncomment the 7 | # next line and provide a value 8 | # issue_tracker_url: http://example.com/issue/tracker 9 | 10 | # Some suggested licenses: 11 | # - BSD (default) 12 | # - MIT 13 | # - GPLv2 14 | # - GPLv3 15 | # - Apache 16 | # - CC-BY 17 | license: license (GPLv2, CC-BY, etc) 18 | 19 | min_ansible_version: 1.2 20 | 21 | # If this a Container Enabled role, provide the minimum Ansible Container version. 22 | # min_ansible_container_version: 23 | 24 | # Optionally specify the branch Galaxy will use when accessing the GitHub 25 | # repo for this role. During role install, if no tags are available, 26 | # Galaxy will use this branch. During import Galaxy will access files on 27 | # this branch. If Travis integration is configured, only notifications for this 28 | # branch will be accepted. Otherwise, in all cases, the repo's default branch 29 | # (usually master) will be used. 30 | #github_branch: 31 | 32 | # 33 | # platforms is a list of platforms, and each platform has a name and a list of versions. 34 | # 35 | # platforms: 36 | # - name: Fedora 37 | # versions: 38 | # - all 39 | # - 25 40 | # - name: SomePlatform 41 | # versions: 42 | # - all 43 | # - 1.0 44 | # - 7 45 | # - 99.99 46 | 47 | galaxy_tags: [] 48 | # List tags for your role here, one per line. A tag is a keyword that describes 49 | # and categorizes the role. Users find roles by searching for tags. Be sure to 50 | # remove the '[]' above, if you add tags to this list. 51 | # 52 | # NOTE: A tag is limited to a single word comprised of alphanumeric characters. 53 | # Maximum 20 tags per role. 54 | 55 | dependencies: [] 56 | # List your role dependencies here, one per line. Be sure to remove the '[]' above, 57 | # if you add dependencies to this list. -------------------------------------------------------------------------------- /roles/nodes_join/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Restart RabbitMQ service 3 | systemd: 4 | state: restarted 5 | daemon_reload: yes 6 | name: rabbitmq-server 7 | 8 | - name: Stop RabbitMQ app 9 | shell: rabbitmqctl stop_app 10 | 11 | - name: Change the value of the Erlang cookie from first AWX node 12 | copy: 13 | content: "{{ hostvars[item]['cookie']['stdout'] }}" 14 | dest: /var/lib/rabbitmq/.erlang.cookie 15 | with_items: "{{ groups['nodes'][0] }}" 16 | 17 | - name: Restart RabbitMQ service 18 | systemd: 19 | state: restarted 20 | daemon_reload: yes 21 | name: rabbitmq-server 22 | 23 | - name: Start RabbitMQ app 24 | shell: rabbitmqctl start_app 25 | 26 | - name: Create RabbitMQ cluster 27 | shell: | 28 | rabbitmqctl stop_app 29 | rabbitmqctl join_cluster rabbit@"{{ groups['nodes'][0] }}" 30 | 31 | - name: Start RabbitMQ app 32 | shell: rabbitmqctl start_app -------------------------------------------------------------------------------- /roles/nodes_join/tests/inventory: -------------------------------------------------------------------------------- 1 | localhost 2 | 3 | -------------------------------------------------------------------------------- /roles/nodes_join/tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | remote_user: root 4 | roles: 5 | - nodes_join -------------------------------------------------------------------------------- /roles/nodes_join/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for nodes_join -------------------------------------------------------------------------------- /roles/nodes_prereqs/README.md: -------------------------------------------------------------------------------- 1 | Role Name 2 | ========= 3 | 4 | A brief description of the role goes here. 5 | 6 | Requirements 7 | ------------ 8 | 9 | Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. 10 | 11 | Role Variables 12 | -------------- 13 | 14 | A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. 15 | 16 | Dependencies 17 | ------------ 18 | 19 | A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. 20 | 21 | Example Playbook 22 | ---------------- 23 | 24 | Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: 25 | 26 | - hosts: servers 27 | roles: 28 | - { role: username.rolename, x: 42 } 29 | 30 | License 31 | ------- 32 | 33 | BSD 34 | 35 | Author Information 36 | ------------------ 37 | 38 | An optional section for the role authors to include contact information, or a website (HTML is not allowed). 39 | -------------------------------------------------------------------------------- /roles/nodes_prereqs/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for nodes_prereqs -------------------------------------------------------------------------------- /roles/nodes_prereqs/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for nodes_prereqs -------------------------------------------------------------------------------- /roles/nodes_prereqs/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: your name 3 | description: your description 4 | company: your company (optional) 5 | 6 | # If the issue tracker for your role is not on github, uncomment the 7 | # next line and provide a value 8 | # issue_tracker_url: http://example.com/issue/tracker 9 | 10 | # Some suggested licenses: 11 | # - BSD (default) 12 | # - MIT 13 | # - GPLv2 14 | # - GPLv3 15 | # - Apache 16 | # - CC-BY 17 | license: license (GPLv2, CC-BY, etc) 18 | 19 | min_ansible_version: 1.2 20 | 21 | # If this a Container Enabled role, provide the minimum Ansible Container version. 22 | # min_ansible_container_version: 23 | 24 | # Optionally specify the branch Galaxy will use when accessing the GitHub 25 | # repo for this role. During role install, if no tags are available, 26 | # Galaxy will use this branch. During import Galaxy will access files on 27 | # this branch. If Travis integration is configured, only notifications for this 28 | # branch will be accepted. Otherwise, in all cases, the repo's default branch 29 | # (usually master) will be used. 30 | #github_branch: 31 | 32 | # 33 | # platforms is a list of platforms, and each platform has a name and a list of versions. 34 | # 35 | # platforms: 36 | # - name: Fedora 37 | # versions: 38 | # - all 39 | # - 25 40 | # - name: SomePlatform 41 | # versions: 42 | # - all 43 | # - 1.0 44 | # - 7 45 | # - 99.99 46 | 47 | galaxy_tags: [] 48 | # List tags for your role here, one per line. A tag is a keyword that describes 49 | # and categorizes the role. Users find roles by searching for tags. Be sure to 50 | # remove the '[]' above, if you add tags to this list. 51 | # 52 | # NOTE: A tag is limited to a single word comprised of alphanumeric characters. 53 | # Maximum 20 tags per role. 54 | 55 | dependencies: [] 56 | # List your role dependencies here, one per line. Be sure to remove the '[]' above, 57 | # if you add dependencies to this list. -------------------------------------------------------------------------------- /roles/nodes_prereqs/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Activate Satellite repositories 3 | rhsm_repository: 4 | name: "{{ item }}" 5 | state: enabled 6 | with_items: 7 | - rhel-7-server-extras-rpms 8 | - rhel-server-rhscl-7-rpms 9 | - rhel-7-server-optional-rpms 10 | - "{{ awx_repo }}" 11 | - "{{ epel_repo }}" 12 | - "{{ awx_dependencies_repo }}" 13 | 14 | - name: Install rh-python36-build 15 | yum: 16 | name: rh-python36-build 17 | disable_gpg_check: yes 18 | state: present 19 | 20 | - name: Remove rh-python36-python-six 21 | yum: 22 | name: rh-python36-python-six 23 | state: absent 24 | 25 | - name: Install Python dependencies 26 | shell: yum install -y -x "*-debuginfo, rh-python36-python-wheel-0.30.0a0-1.el7.noarch, rh-python36-Babel-2.6.0-1.noarch, rh-python36-python-sqlalchemy-1.1.14-1.el7.x86_64, rh-python36-python-six-1.11.0-1.el7.noarch, rh-python36-python-psycopg2-2.7.3-1.el7.x86_64, rh-python36-python-psycopg2-doc-2.7.3-1.el7.x86_64" "rh-python36*" 27 | 28 | - name: Install Ansible & tower-cli 29 | yum: 30 | name: 31 | - ansible 32 | - tower-cli 33 | state: present 34 | 35 | - name: Install RabbitMQ 36 | yum: 37 | name: rabbitmq-server 38 | state: present 39 | 40 | - name: Install Memcached 41 | yum: 42 | name: memcached 43 | state: present 44 | 45 | - name: Install AWX 46 | yum: 47 | name: ansible-awx 48 | state: latest 49 | 50 | - name: Start & enable RabbitMQ service at boot 51 | service: 52 | name: rabbitmq-server 53 | state: started 54 | enabled: yes 55 | 56 | - name: Start & enable Memcached service at boot 57 | service: 58 | name: memcached 59 | state: started 60 | enabled: yes 61 | 62 | - name: Edit AWX configuration to connect to external DB 63 | lineinfile: 64 | path: /etc/tower/settings.py 65 | regexp: "{{ item.regexp }}" 66 | line: "{{ item.line }}" 67 | state: present 68 | with_items: 69 | - { regexp: "'NAME':", line: " 'NAME': 'awx'," } 70 | - { regexp: "'USER':", line: " 'USER': 'awx'," } 71 | - { regexp: "'HOST':", line: " 'HOST': '{{ groups['db'][0] }}'," } 72 | - { regexp: "'PORT':", line: " 'PORT': '5432'," } 73 | - { regexp: "'PASSWORD':", line: " 'PASSWORD': '{{ hostvars[groups['db'][0]]['password'] }}'," } 74 | 75 | - name: Install NGINX 76 | yum: 77 | name: nginx 78 | state: present 79 | 80 | - name: Add AWX configuration to NGINX 81 | template: 82 | src: nginx_awx.conf.j2 83 | dest: /etc/nginx/nginx.conf 84 | owner: root 85 | group: root 86 | mode: 0644 87 | 88 | - name: Edit SELinux to permit AWX needed ports 89 | seport: 90 | ports: 8050-8052 91 | proto: tcp 92 | setype: http_port_t 93 | state: present 94 | 95 | - name: Start & enable NGINX service at boot 96 | service: 97 | name: nginx 98 | state: started 99 | enabled: yes 100 | 101 | - name: Start & enable AWX services 102 | service: 103 | name: "{{ item }}" 104 | state: restarted 105 | enabled: yes 106 | with_items: 107 | - 'awx-cbreceiver' 108 | - 'awx-dispatcher' 109 | - 'awx-channels-worker' 110 | - 'awx-daphne' 111 | - 'awx-web' 112 | -------------------------------------------------------------------------------- /roles/nodes_prereqs/templates/nginx_awx.conf.j2: -------------------------------------------------------------------------------- 1 | #user awx; 2 | 3 | worker_processes 1; 4 | 5 | error_log /var/log/nginx/error_log warn; 6 | pid /var/run/nginx.pid; 7 | 8 | events { 9 | worker_connections 1024; 10 | } 11 | 12 | http { 13 | include /etc/nginx/mime.types; 14 | default_type application/octet-stream; 15 | 16 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 17 | '$status $body_bytes_sent "$http_referer" ' 18 | '"$http_user_agent" "$http_x_forwarded_for"'; 19 | 20 | access_log /var/log/nginx/access_log main; 21 | 22 | map $http_upgrade $connection_upgrade { 23 | default upgrade; 24 | '' close; 25 | } 26 | 27 | sendfile on; 28 | #tcp_nopush on; 29 | #gzip on; 30 | 31 | upstream uwsgi { 32 | server 127.0.0.1:8050; 33 | } 34 | 35 | upstream daphne { 36 | server 127.0.0.1:8051; 37 | } 38 | 39 | server { 40 | listen 8052 default_server; 41 | 42 | # If you have a domain name, this is where to add it 43 | server_name _; 44 | keepalive_timeout 65; 45 | 46 | # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) 47 | add_header Strict-Transport-Security max-age=15768000; 48 | 49 | location /static/ { 50 | alias /opt/awx/static/; 51 | } 52 | 53 | location /favicon.ico { alias /opt/awx/static/favicon.ico; } 54 | 55 | location /websocket { 56 | # Pass request to the upstream alias 57 | proxy_pass http://daphne; 58 | # Require http version 1.1 to allow for upgrade requests 59 | proxy_http_version 1.1; 60 | # We want proxy_buffering off for proxying to websockets. 61 | proxy_buffering off; 62 | # http://en.wikipedia.org/wiki/X-Forwarded-For 63 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 64 | # enable this if you use HTTPS: 65 | proxy_set_header X-Forwarded-Proto https; 66 | # pass the Host: header from the client for the sake of redirects 67 | proxy_set_header Host $http_host; 68 | # We've set the Host header, so we don't need Nginx to muddle 69 | # about with redirects 70 | proxy_redirect off; 71 | # Depending on the request value, set the Upgrade and 72 | # connection headers 73 | proxy_set_header Upgrade $http_upgrade; 74 | proxy_set_header Connection $connection_upgrade; 75 | } 76 | 77 | location / { 78 | # Add trailing / if missing 79 | rewrite ^(.*)$http_host(.*[^/])$ $1$http_host$2/ permanent; 80 | uwsgi_read_timeout 120s; 81 | uwsgi_pass uwsgi; 82 | include /etc/nginx/uwsgi_params; 83 | proxy_set_header X-Forwarded-Port 443; 84 | } 85 | } 86 | } -------------------------------------------------------------------------------- /roles/nodes_prereqs/tests/inventory: -------------------------------------------------------------------------------- 1 | localhost 2 | 3 | -------------------------------------------------------------------------------- /roles/nodes_prereqs/tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | remote_user: root 4 | roles: 5 | - nodes_prereqs -------------------------------------------------------------------------------- /roles/nodes_prereqs/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for nodes_prereqs --------------------------------------------------------------------------------