├── .ansible-lint ├── .gitattributes ├── .github ├── requirements.txt ├── requirements.yml ├── workflow-config │ ├── kube │ │ ├── awx.yaml │ │ └── kustomization.yaml │ └── kustomization.yaml └── workflows │ └── ansible-lint.yml ├── .gitignore ├── .markdownlint.yml ├── .pre-commit-config.yaml ├── .yamllint ├── LICENSE ├── README.md ├── ansible.cfg ├── changelogs ├── changelog.yaml ├── config.yaml └── fragments │ ├── .gitkeep │ ├── requirements_update.yml │ └── updates.yml ├── collections └── requirements.yml ├── group_vars ├── all │ ├── auth.yml │ ├── controller_credential_input_sources.yml │ ├── controller_credential_types.yml │ ├── controller_credentials.yml │ ├── controller_execution_environments.yml │ ├── controller_groups.yml │ ├── controller_hosts.yml │ ├── controller_instance_groups.yml │ ├── controller_inventories.yml │ ├── controller_inventory_sources.yml │ ├── controller_job_templates.yml │ ├── controller_labels.yml │ ├── controller_notifications.yml │ ├── controller_projects.yml │ ├── controller_roles.yml │ ├── controller_schedule.yml │ ├── controller_settings.yml │ ├── controller_workflows.yml │ ├── eda_credentials.yml │ ├── eda_decision_environments.yml │ ├── eda_projects.yml │ ├── eda_rulebook_activations.yml │ ├── ee_list.yml │ ├── gateway_applications.yml │ ├── gateway_organizations.yml │ ├── gateway_teams.yml │ ├── gateway_users.yml │ ├── hub_collection_namespaces.yml │ ├── hub_collection_publish.yml │ ├── hub_ee_images.yml │ ├── hub_ee_registries.yml │ ├── hub_ee_repositories.yml │ ├── hub_group_roles.yml │ └── hub_repositories.yml ├── dev │ ├── aap_install.yml │ ├── controller_credential_input_sources.yml │ ├── controller_credential_types.yml │ ├── controller_credentials.yml │ ├── controller_execution_environments.yml │ ├── controller_groups.yml │ ├── controller_hosts.yml │ ├── controller_instance_groups.yml │ ├── controller_inventories.yml │ ├── controller_inventory_sources.yml │ ├── controller_job_templates.yml │ ├── controller_labels.yml │ ├── controller_notifications.yml │ ├── controller_projects.yml │ ├── controller_roles.yml │ ├── controller_schedule.yml │ ├── controller_settings.yml │ ├── controller_workflows.yml │ ├── gateway_applications.yml │ ├── gateway_organizations.yml │ ├── gateway_teams.yml │ ├── gateway_users.yml │ └── main.yml ├── prod │ ├── aap_install.yml │ ├── controller_credential_input_sources.yml │ ├── controller_credential_types.yml │ ├── controller_credentials.yml │ ├── controller_execution_environments.yml │ ├── controller_groups.yml │ ├── controller_hosts.yml │ ├── controller_instance_groups.yml │ ├── controller_inventories.yml │ ├── controller_inventory_sources.yml │ ├── controller_job_templates.yml │ ├── controller_labels.yml │ ├── controller_notifications.yml │ ├── controller_projects.yml │ ├── controller_roles.yml │ ├── controller_schedule.yml │ ├── controller_settings.yml │ ├── controller_workflows.yml │ ├── gateway_applications.yml │ ├── gateway_organizations.yml │ ├── gateway_teams.yml │ ├── gateway_users.yml │ └── main.yml └── test │ ├── aap_install.yml │ ├── controller_credential_input_sources.yml │ ├── controller_credential_types.yml │ ├── controller_credentials.yml │ ├── controller_execution_environments.yml │ ├── controller_groups.yml │ ├── controller_hosts.yml │ ├── controller_instance_groups.yml │ ├── controller_inventories.yml │ ├── controller_inventory_sources.yml │ ├── controller_job_templates.yml │ ├── controller_labels.yml │ ├── controller_notifications.yml │ ├── controller_projects.yml │ ├── controller_roles.yml │ ├── controller_schedule.yml │ ├── controller_settings.yml │ ├── controller_workflows.yml │ ├── gateway_applications.yml │ ├── gateway_organizations.yml │ ├── gateway_teams.yml │ ├── gateway_users.yml │ └── main.yml ├── inventory_ci.yml ├── inventory_dev.yml ├── inventory_prod.yml ├── inventory_test.yml ├── playbooks ├── aap_config.yml ├── build_ee.yml ├── console_token_refresh.yml ├── custom_collection.yml ├── install_aap.yml ├── install_configure.yml └── sync_collections.yml └── vaults ├── dev.yml ├── prod.yml └── test.yml /.ansible-lint: -------------------------------------------------------------------------------- 1 | --- 2 | # .ansible-lint 3 | 4 | profile: production # min, basic, moderate,safety, shared, production 5 | 6 | # Allows dumping of results in SARIF format 7 | # sarif_file: result.sarif 8 | 9 | # exclude_paths included in this file are parsed relative to this file's location 10 | # and not relative to the CWD of execution. CLI arguments passed to the --exclude 11 | # option are parsed relative to the CWD of execution. 12 | exclude_paths: 13 | - '.github/' 14 | - 'changelogs/' 15 | - 'playbooks/install_configure.yml' 16 | - 'aap_configuration_template/playbooks/install_configure.yml' 17 | 18 | parseable: true 19 | # quiet: true 20 | # strict: true 21 | verbosity: 1 22 | 23 | # Mock modules or roles in order to pass ansible-playbook --syntax-check 24 | mock_modules: 25 | - ansible.controller.controller_api 26 | 27 | # mock_roles: 28 | # - mocked_role 29 | # - author.role_name # old standalone galaxy role 30 | # - fake_namespace.fake_collection.fake_role # role within a collection 31 | 32 | # Enable checking of loop variable prefixes in roles 33 | loop_var_prefix: "^(__|{role}_)" 34 | 35 | # Enforce variable names to follow pattern below, in addition to Ansible own 36 | # requirements, like avoiding python identifiers. To disable add `var-naming` 37 | # to skip_list. 38 | # var_naming_pattern: "^[a-z_][a-z0-9_]*$" 39 | 40 | use_default_rules: true 41 | # Load custom rules from this specific folder 42 | # rulesdir: 43 | # - ./rule/directory/ 44 | 45 | # Ansible-lint is able to recognize and load skip rules stored inside 46 | # `.ansible-lint-ignore` (or `.config/ansible-lint-ignore.txt`) files. 47 | # To skip a rule just enter filename and tag, like "playbook.yml package-latest" 48 | # on a new line. 49 | # Optionally you can add comments after the tag, prefixed by "#". We discourage 50 | # the use of skip_list below because that will hide violations from the output. 51 | # When putting ignores inside the ignore file, they are marked as ignored, but 52 | # still visible, making it easier to address later. 53 | skip_list: 54 | - yaml[colons] # Violations reported by yamllint. 55 | - yaml[line-length] # Violations reported by yamllint. 56 | - yaml[new-line-at-end-of-file] # Violations reported by yamllint. 57 | - var-naming[no-role-prefix] # Because I don't want to follow this rule at this time 58 | 59 | # Ansible-lint does not automatically load rules that have the 'opt-in' tag. 60 | # You must enable opt-in rules by listing each rule 'id' below. 61 | enable_list: 62 | - args 63 | - empty-string-compare # opt-in 64 | - no-log-password # opt-in 65 | - no-same-owner # opt-in 66 | - name[prefix] # opt-in 67 | # add yaml here if you want to avoid ignoring yaml checks when yamllint 68 | # library is missing. Normally its absence just skips using that rule. 69 | - yaml 70 | # Report only a subset of tags and fully ignore any others 71 | # tags: 72 | # - jinja[spacing] 73 | 74 | # Ansible-lint does not fail on warnings from the rules or tags listed below 75 | warn_list: 76 | - git-latest # Allow for newest git version 77 | - package-latest # Allow newest package version 78 | - template-instead-of-copy # Templated files should use template instead of copy 79 | - command-instead-of-shell # Use shell only when shell functionality is required. 80 | 81 | # Some rules can transform files to fix (or make it easier to fix) identified 82 | # errors. `ansible-lint --fix` will reformat YAML files and run these transforms. 83 | # By default it will run all transforms (effectively `write_list: ["all"]`). 84 | # You can disable running transforms by setting `write_list: ["none"]`. 85 | # Or only enable a subset of rule transforms by listing rules/tags here. 86 | # write_list: 87 | # - all 88 | 89 | # Offline mode disables installation of requirements.yml and schema refreshing 90 | offline: true 91 | 92 | # Define required Ansible's variables to satisfy syntax check 93 | # extra_vars: 94 | # foo: bar 95 | # multiline_string_variable: | 96 | # line1 97 | # line2 98 | # complex_variable: ":{;\t$()" 99 | 100 | # Uncomment to enforce action validation with tasks, usually is not 101 | # needed as Ansible syntax check also covers it. 102 | # skip_action_validation: false 103 | 104 | # List of additional kind:pattern to be added at the top of the default 105 | # match list, first match determines the file kind. 106 | kinds: 107 | # - playbook: "**/examples/*.{yml,yaml}" 108 | # - galaxy: "**/folder/galaxy.yml" 109 | # - tasks: "**/tasks/*.yml" 110 | # - vars: "**/vars/*.yml" 111 | # - meta: "**/meta/main.yml" 112 | - yaml: "**/*.yaml-too" 113 | 114 | # List of additional collections to allow in only-builtins rule. 115 | # only_builtins_allow_collections: 116 | # - example_ns.example_collection 117 | 118 | # List of additions modules to allow in only-builtins rule. 119 | # only_builtins_allow_modules: 120 | # - example_module 121 | 122 | # Allow setting custom prefix for name[prefix] rule 123 | task_name_prefix: "{stem} | " 124 | # Complexity related settings 125 | 126 | # Limit the depth of the nested blocks: 127 | # max_block_depth: 20 128 | ... 129 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | *.yml linguist-detectable 2 | *.yaml linguist-detectable 3 | -------------------------------------------------------------------------------- /.github/requirements.txt: -------------------------------------------------------------------------------- 1 | ansible-core 2 | docker 3 | docker-compose 4 | jmespath 5 | requests 6 | requests-oauthlib 7 | openshift 8 | kubernetes 9 | -------------------------------------------------------------------------------- /.github/requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | collections: 3 | - name: infra.aap_configuration 4 | - name: infra.ee_utilities 5 | - name: infra.aap_utilities 6 | # - name: containers.podman 7 | # - name: ansible.platform 8 | # - name: ansible.hub 9 | # - name: ansible.controller 10 | # - name: ansible.eda 11 | ... 12 | -------------------------------------------------------------------------------- /.github/workflow-config/kube/awx.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: awx.ansible.com/v1beta1 3 | kind: AWX 4 | metadata: 5 | name: awx 6 | spec: 7 | service_type: nodeport 8 | nodeport_port: 30080 9 | ... 10 | -------------------------------------------------------------------------------- /.github/workflow-config/kube/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # Find the latest tag here: https://github.com/ansible/awx-operator/releases 6 | - github.com/ansible/awx-operator/config/default?ref=1.0.0 7 | - awx.yaml 8 | 9 | # Set the image tags to match the git version from above 10 | images: 11 | - name: quay.io/ansible/awx-operator 12 | newTag: 1.0.0 13 | 14 | # Specify a custom namespace in which to install AWX 15 | namespace: default 16 | ... 17 | -------------------------------------------------------------------------------- /.github/workflow-config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # Find the latest tag here: https://github.com/ansible/awx-operator/releases 6 | - github.com/ansible/awx-operator/config/default?ref=1.0.0 7 | 8 | # Set the image tags to match the git version from above 9 | images: 10 | - name: quay.io/ansible/awx-operator 11 | newTag: 1.0.0 12 | 13 | # Specify a custom namespace in which to install AWX 14 | namespace: default 15 | ... 16 | -------------------------------------------------------------------------------- /.github/workflows/ansible-lint.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: ansible-lint 3 | concurrency: 4 | group: ${{ github.head_ref || github.run_id }} 5 | cancel-in-progress: true 6 | 7 | on: 8 | push: 9 | pull_request: 10 | workflow_call: 11 | workflow_dispatch: 12 | schedule: 13 | - cron: "0 0 * * *" 14 | 15 | jobs: 16 | build: 17 | name: Ansible Lint # Naming the build is important to use it as a status check 18 | runs-on: ubuntu-24.04 19 | steps: 20 | - uses: actions/checkout@v4 21 | - name: Run ansible-lint 22 | uses: ansible/ansible-lint@main 23 | # optional (see below): 24 | with: 25 | # args: "" 26 | setup_python: "true" 27 | # working_directory: "" 28 | requirements_file: ".github/requirements.yml" 29 | ... 30 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | collections/* 2 | !collections/requirements.yml 3 | .ansible/ 4 | .vscode/ -------------------------------------------------------------------------------- /.markdownlint.yml: -------------------------------------------------------------------------------- 1 | --- 2 | default: true 3 | 4 | # MD003/heading-style/header-style - Heading style 5 | # This will ensure that the heading format is consistent across all markdown files 6 | MD003: 7 | style: "atx" 8 | 9 | # MD013/line-length - Line length 10 | # Setting to false to match the yamllint setting 11 | MD013: false 12 | 13 | # MD033/no-inline-html: Inline HTML 14 | MD033: false 15 | 16 | # MD046/code-block-style - Code block style 17 | # This will ensure that code block format is consistent across all markdown files 18 | MD0046: 19 | style: fenced 20 | ... 21 | -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | repos: 3 | - repo: 'https://github.com/pre-commit/pre-commit-hooks' 4 | rev: v4.5.0 5 | hooks: 6 | - id: end-of-file-fixer 7 | - id: trailing-whitespace 8 | 9 | - repo: 'https://github.com/ansible-community/ansible-lint.git' 10 | rev: v24.2.2 11 | hooks: 12 | - id: ansible-lint 13 | pass_filenames: false 14 | always_run: true 15 | entry: "ansible-lint" 16 | args: 17 | - "--profile=production" 18 | 19 | - repo: https://github.com/DavidAnson/markdownlint-cli2 20 | rev: v0.13.0 21 | hooks: 22 | - id: markdownlint-cli2 23 | ... 24 | -------------------------------------------------------------------------------- /.yamllint: -------------------------------------------------------------------------------- 1 | --- 2 | ignore: | 3 | '.github/' 4 | 'changelogs/' 5 | 6 | rules: 7 | braces: 8 | level: warning 9 | min-spaces-inside: 0 10 | max-spaces-inside: 0 11 | min-spaces-inside-empty: 0 12 | max-spaces-inside-empty: 0 13 | brackets: 14 | level: warning 15 | min-spaces-inside: 0 16 | max-spaces-inside: 0 17 | min-spaces-inside-empty: 0 18 | max-spaces-inside-empty: 0 19 | colons: 20 | level: warning 21 | max-spaces-before: 0 22 | max-spaces-after: 1 23 | commas: 24 | level: warning 25 | max-spaces-before: 0 26 | min-spaces-after: 1 27 | max-spaces-after: 1 28 | comments: 29 | require-starting-space: true 30 | ignore-shebangs: true 31 | min-spaces-from-content: 1 32 | comments-indentation: false 33 | document-end: 34 | present: true 35 | document-start: 36 | present: true 37 | empty-lines: 38 | max: 1 39 | max-start: 0 40 | max-end: 0 41 | hyphens: 42 | level: warning 43 | max-spaces-after: 1 44 | indentation: 45 | spaces: 2 46 | indent-sequences: true 47 | check-multi-line-strings: false 48 | key-duplicates: enable 49 | new-line-at-end-of-file: enable 50 | new-lines: 51 | type: unix 52 | trailing-spaces: {} 53 | truthy: 54 | allowed-values: ['true', 'false'] 55 | check-keys: true 56 | ... 57 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2022 Red Hat Automation Community of Practice 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Ansible Automation Platform Configuration as Code examples template 2 | 3 | This is a combination of all the Red Hat CoP Config as Code collections to deploy and configure AAP. This is built for multi environment (meaning multiple AAP instances/clusters). If you want an object across all environments put it in the correct file/list under the all group. If there is a specific object for only one environment then put it under that environments folder[^1]. 4 | 5 | [^1]: If you only have/want one environment you could delete dev/test/prod folders in group_vars and remove all the _all added to vars in all group. Also if you want to have each team/group maintain their own org/code in their own repo, see the repo_per_org branch. 6 | 7 | The main branch is built for 2.5+ AAP if you are running 2.4 or lower make sure to copy the template branch aap2.4 8 | 9 | You will need to replace the vault files with your own with these variables: 10 | 11 | ```yaml 12 | --- 13 | console_token: 'this is the one from console.redhat.com' 14 | redhat_api_token: 'this is the one linked below about api token' 15 | rh_username: 'redhat user login (this is used to attach your subs to controller)' 16 | rh_password: 'password for redhat account' 17 | root_machine_pass: 'password for root user on builder (if not root user more changes will need to be made)' 18 | hub_api_user_pass: 'this will create and use this password can be generated' 19 | controller_api_user_pass: 'this will create and use this password can be generated' 20 | aap_pass: 'admin account pass for gateway, if none is given it will default to Password1234!' 21 | hub_pass: 'hub admin account pass, if none is given it will default to Password1234!' 22 | # hub_token: 'hub token to pull collections, it is best to save in vault for more reliable usage vs generating on the fly' 23 | vault_pass: 'the password to decrypt this vault' 24 | ... 25 | ``` 26 | 27 | **_NOTE:_** Do not forget to update your inventory files replacing the `HERE` lines, if you do not have a `builder` server you can use `hub` for this. Also update `scm_url` in `group_vars/all/projects.yml` with your git URL. 28 | 29 | ## Getting Help 30 | 31 | We are on the Ansible Forums and Matrix, if you want to discuss something, ask for help, or participate in the community, please use the #infra-config-as-code tag on the fourm, or post to the chat in Matrix. 32 | 33 | [Ansible Forums](https://forum.ansible.com/tag/infra-config-as-code) 34 | 35 | [Matrix Chat Room](https://matrix.to/#/#aap_config_as_code:ansible.com) 36 | 37 | ## Requirements 38 | 39 | The supported collections that contains the modules are required for this collection to work, you can copy this requirements.yml file example. 40 | 41 | ```yaml 42 | --- 43 | collections: 44 | - name: ansible.platform 45 | - name: ansible.hub 46 | - name: ansible.controller 47 | - name: ansible.eda 48 | - name: infra.aap_configuration 49 | ... 50 | ``` 51 | 52 | 53 | ## Links to Ansible Automation Platform Collections 54 | 55 | | Collection Name | Purpose | 56 | |:-----------------------------------------------------------------------------------:|:-----------------------------:| 57 | | ansible.platform repo (no public repo for this collection) | gateway/platform modules | 58 | | [ansible.hub repo](https://github.com/ansible-collections/ansible_hub) | Automation hub modules | 59 | | [ansible.controller repo](https://github.com/ansible/awx/tree/devel/awx_collection) | Automation controller modules | 60 | | [ansible.eda repo](https://github.com/ansible/event-driven-ansible) | Event Driven Ansible modules | 61 | 62 | ## Links to other Validated Configuration Collections for Ansible Automation Platform 63 | 64 | | Collection Name | Purpose | 65 | |:------------------------------------------------------------------------------------------:|:-------------------------------------------------:| 66 | | [AAP Configuration Extended](https://github.com/redhat-cop/aap_configuration_extended) | Where other useful roles that don't fit here live | 67 | | [EE Utilities](https://github.com/redhat-cop/ee_utilities) | Execution Environment creation utilities | 68 | | [AAP installation Utilities](https://github.com/redhat-cop/aap_utilities) | Ansible Automation Platform Utilities | 69 | | [AAP Configuration Template](https://github.com/redhat-cop/aap_configuration_template) | Configuration Template for this suite | 70 | 71 | ## AAP config 72 | 73 | `ansible-playbook -i inventory_dev.yml -l dev playbooks/aap_config.yml --ask-vault-pass` 74 | 75 | ## custom ee 76 | 77 | currently doesn't work in CLI, expected to be run in Controller 78 | 79 | ## custom collections 80 | 81 | currently doesn't work in CLI, expected to be run in Controller 82 | 83 | ## aap utilities (aap installer) 84 | 85 | `ansible-playbook -i inventory_dev.yml playbooks/install_aap.yml --ask-vault-pass` 86 | 87 | Acquire your token at [redhat api](https://access.redhat.com/management/api/) see [access article](https://access.redhat.com/articles/3626371) 88 | 89 | ## install and configure 90 | 91 | `ansible-playbook -i inventory_dev.yml -l dev playbooks/install_configure.yml --ask-vault-pass -e "env=dev"` 92 | 93 | Acquire your token at [redhat api](https://access.redhat.com/management/api/) see [access article](https://access.redhat.com/articles/3626371) 94 | -------------------------------------------------------------------------------- /ansible.cfg: -------------------------------------------------------------------------------- 1 | [defaults] 2 | roles_path = roles 3 | -------------------------------------------------------------------------------- /changelogs/changelog.yaml: -------------------------------------------------------------------------------- 1 | ancestor: null 2 | releases: 3 | 0.1.0: 4 | changes: 5 | major_changes: 6 | - Initial release. 7 | fragments: 8 | - initial.yml 9 | release_date: '2022-10-18' 10 | -------------------------------------------------------------------------------- /changelogs/config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | changelog_filename_template: ../CHANGELOG.rst 3 | changelog_filename_version_depth: 0 4 | changes_file: changelog.yaml 5 | changes_format: combined 6 | ignore_other_fragment_extensions: true 7 | keep_fragments: false 8 | mention_ancestor: true 9 | new_plugins_after_name: removed_features 10 | notesdir: fragments 11 | prelude_section_name: release_summary 12 | prelude_section_title: Release Summary 13 | sanitize_changelog: true 14 | sections: 15 | - - major_changes 16 | - Major Changes 17 | - - minor_changes 18 | - Minor Changes 19 | - - breaking_changes 20 | - Breaking Changes / Porting Guide 21 | - - deprecated_features 22 | - Deprecated Features 23 | - - removed_features 24 | - Removed Features (previously deprecated) 25 | - - security_fixes 26 | - Security Fixes 27 | - - bugfixes 28 | - Bugfixes 29 | - - known_issues 30 | - Known Issues 31 | title: aap_configuration_template 32 | trivial_section_name: trivial 33 | use_fqcn: true 34 | ... 35 | -------------------------------------------------------------------------------- /changelogs/fragments/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-cop/aap_configuration_template/a1b8c33dbb6d26262ffa2e6a59b20118663bf40b/changelogs/fragments/.gitkeep -------------------------------------------------------------------------------- /changelogs/fragments/requirements_update.yml: -------------------------------------------------------------------------------- 1 | --- 2 | major_changes: 3 | - updating requirements and playbooks to use ansible.hub and ansible.eda both available on galaxy 4 | 5 | ... 6 | 7 | -------------------------------------------------------------------------------- /changelogs/fragments/updates.yml: -------------------------------------------------------------------------------- 1 | --- 2 | major_changes: 3 | - updating ee_list to use name instead of the old ee_name. 4 | 5 | minor_changes: 6 | - Documentation added to help inventory to be easier to understand 7 | - Updated default AAP install to 2.4 8 | - Updated minikube workflow 9 | - Updated ansible-lint rules 10 | - added limits to build_custom_collections and console_token_refresh JTs 11 | - updated install_configure playbook to match linting guidelines 12 | - fixed typos of 172.0.0.1 to the correct 127.0.0.1 13 | - added a block section to hub_config to also do custom collections 14 | - updated custom_collection playbook to run locally vs remote host 15 | - commented out vault file from build_ee playbook because I don't think it should be needed most of the time, leaving in case people do 16 | - commented out block/rescue section in controller_config because probably causes more issues then fixes 17 | ... 18 | 19 | -------------------------------------------------------------------------------- /collections/requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | collections: 3 | - name: infra.aap_configuration 4 | - name: infra.ee_utilities 5 | - name: infra.aap_utilities 6 | - name: containers.podman 7 | - name: ansible.platform 8 | - name: ansible.hub 9 | - name: ansible.controller 10 | - name: ansible.eda 11 | ... 12 | -------------------------------------------------------------------------------- /group_vars/all/auth.yml: -------------------------------------------------------------------------------- 1 | # User may add controller auth creds to this file and encrypt it using `ansible-vault` 2 | --- 3 | aap_hostname: "{{ aap_host | default(groups['automationcontroller'][0]) }}:{{ controller_port | default(443) }}" 4 | aap_username: "{{ aap_user | default('admin') }}" 5 | aap_password: "{{ aap_pass }}" 6 | aap_validate_certs: false 7 | ... 8 | -------------------------------------------------------------------------------- /group_vars/all/controller_credential_input_sources.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_credential_input_sources_all: [] 3 | # - source_credential: cyberark 4 | # target_credential: gitlab 5 | # input_field_name: password 6 | # metadata: 7 | # object_query: "Safe=MY_SAFE;Object=AWX-user" 8 | # object_query_format: "Exact" 9 | # description: Fill the gitlab credential from CyberArk 10 | ... 11 | -------------------------------------------------------------------------------- /group_vars/all/controller_credential_types.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_credential_types_all: 3 | - name: automation_hub 4 | description: automation hub 5 | kind: cloud 6 | inputs: 7 | fields: 8 | - id: verify_ssl 9 | type: boolean 10 | label: Verify SSL 11 | - id: hostname 12 | type: string 13 | label: Hostname 14 | - id: username 15 | type: string 16 | label: Username 17 | - id: password 18 | type: string 19 | label: Password 20 | secret: true 21 | - id: token 22 | type: string 23 | label: Token 24 | secret: true 25 | required: 26 | - hostname 27 | injectors: 28 | env: 29 | aap_password: !unsafe "{{ password }}" 30 | aap_username: !unsafe "{{ username }}" 31 | aap_hostname: !unsafe "{{ hostname }}" 32 | AH_API_TOKEN: !unsafe "{{ token }}" 33 | AH_VERIFY_SSL: !unsafe "{{ verify_ssl }}" 34 | extra_vars: 35 | aap_password: !unsafe "{{ password }}" 36 | aap_username: !unsafe "{{ username }}" 37 | aap_hostname: !unsafe "{{ hostname }}" 38 | hub_token: !unsafe "{{ token }}" 39 | aap_validate_certs: !unsafe "{{ verify_ssl }}" 40 | 41 | - name: ssh_priv_file 42 | kind: cloud 43 | description: creates temp ssh priv key to use (cannot have passphrase) 44 | inputs: 45 | fields: 46 | - id: priv_key 47 | type: string 48 | label: Certificate 49 | format: ssh_private_key 50 | multiline: true 51 | secret: true 52 | injectors: 53 | env: 54 | MY_CERT_FILE_PATH: !unsafe "{{ tower.filename.cert_file }}" 55 | file: 56 | template.cert_file: !unsafe "{{ priv_key }}" 57 | ... 58 | -------------------------------------------------------------------------------- /group_vars/all/controller_credentials.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_credentials_all: 3 | - name: aap_admin 4 | credential_type: Red Hat Ansible Automation Platform 5 | organization: config_as_code 6 | description: aap admin account 7 | inputs: 8 | host: "{{ aap_hostname }}" 9 | username: "{{ aap_username }}" 10 | password: "{{ aap_password }}" 11 | verify_ssl: false 12 | 13 | - name: ah_admin_user_pass 14 | credential_type: automation_hub 15 | organization: config_as_code 16 | description: automation hub admin account 17 | inputs: 18 | hostname: "{{ aap_hostname }}" 19 | username: "{{ aap_username }}" 20 | password: "{{ aap_password }}" 21 | verify_ssl: false 22 | 23 | - name: ah_token_user 24 | credential_type: automation_hub 25 | organization: config_as_code 26 | description: automation hub api account 27 | inputs: 28 | hostname: "{{ aap_hostname }}" 29 | username: "{{ ah_token_username }}" 30 | token: "{{ hub_token }}" 31 | verify_ssl: false 32 | 33 | - name: ah_certified 34 | credential_type: Ansible Galaxy/Automation Hub API Token 35 | organization: config_as_code 36 | inputs: 37 | url: https://{{ aap_hostname }}/pulp_ansible/galaxy/rh-certified/ 38 | token: "{{ hub_token }}" 39 | 40 | - name: ah_published 41 | credential_type: Ansible Galaxy/Automation Hub API Token 42 | organization: config_as_code 43 | inputs: 44 | url: https://{{ aap_hostname }}/pulp_ansible/galaxy/published/ 45 | token: "{{ hub_token }}" 46 | 47 | - name: ah_validated 48 | credential_type: Ansible Galaxy/Automation Hub API Token 49 | organization: config_as_code 50 | inputs: 51 | url: https://{{ aap_hostname }}/pulp_ansible/galaxy/validated/ 52 | token: "{{ hub_token }}" 53 | 54 | - name: ah_community 55 | credential_type: Ansible Galaxy/Automation Hub API Token 56 | organization: config_as_code 57 | inputs: 58 | url: https://{{ aap_hostname }}/pulp_ansible/galaxy/community/ 59 | token: "{{ hub_token }}" 60 | 61 | - name: cr_ah 62 | credential_type: Container Registry 63 | organization: config_as_code 64 | inputs: 65 | host: "{{ aap_hostname }}" 66 | username: "{{ aap_username }}" 67 | password: "{{ aap_password }}" 68 | verify_ssl: false 69 | 70 | - name: root 71 | credential_type: Machine 72 | organization: config_as_code 73 | description: root local password 74 | inputs: 75 | username: root 76 | password: "{{ root_machine_pass }}" 77 | 78 | - name: vault 79 | credential_type: Vault 80 | organization: config_as_code 81 | description: vault password 82 | inputs: 83 | vault_password: "{{ vault_pass }}" 84 | 85 | # here is an example for getting git ssh cred working 86 | # - name: github 87 | # credential_type: Source Control 88 | # organization: config_as_code 89 | # description: github 90 | # inputs: 91 | # username: "" 92 | # ssh_key_data: "{{ ssh_priv_key }}" 93 | # ssh_key_unlock: "{{ ssh_key_unlock }}" 94 | ... 95 | -------------------------------------------------------------------------------- /group_vars/all/controller_execution_environments.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_execution_environments_all: 3 | - name: supported 4 | image: "{{ aap_hostname }}/ee-supported-rhel8" 5 | pull: always 6 | credential: cr_ah 7 | 8 | - name: minimal 9 | image: "{{ aap_hostname }}/ee-minimal-rhel8" 10 | pull: always 11 | credential: cr_ah 12 | 13 | - name: old_29_ee 14 | image: "{{ aap_hostname }}/ee-29-rhel8" 15 | pull: always 16 | credential: cr_ah 17 | ... 18 | -------------------------------------------------------------------------------- /group_vars/all/controller_groups.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_groups_all: [] 3 | # - name: group1 4 | # inventory: localhost 5 | # variables: 6 | # some_var: some_val 7 | # ansible_connection: local 8 | ... 9 | -------------------------------------------------------------------------------- /group_vars/all/controller_hosts.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_hosts_all: [] 3 | # - name: localhost 4 | # inventory: localhost 5 | # variables: 6 | # ansible_connection: local 7 | ... 8 | -------------------------------------------------------------------------------- /group_vars/all/controller_instance_groups.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_instance_groups_all: [] 3 | # - name: test_instance_group 4 | ... -------------------------------------------------------------------------------- /group_vars/all/controller_inventories.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_inventories_all: 3 | - name: config_as_code 4 | description: inventory for configuring as code 5 | organization: config_as_code 6 | ... 7 | -------------------------------------------------------------------------------- /group_vars/all/controller_inventory_sources.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_inventory_sources_all: 3 | - name: config_as_code_source 4 | organization: config_as_code 5 | source: scm 6 | source_project: config_as_code 7 | source_path: inventory_{{ env }}.yml 8 | inventory: config_as_code 9 | credential: "" 10 | overwrite: true 11 | overwrite_vars: true 12 | update_cache_timeout: 0 13 | ... 14 | -------------------------------------------------------------------------------- /group_vars/all/controller_job_templates.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_templates_all: 3 | - name: controller_config 4 | project: config_as_code 5 | job_type: run 6 | playbook: playbooks/controller_config.yml 7 | inventory: config_as_code 8 | execution_environment: supported 9 | concurrent_jobs_enabled: false 10 | ask_variables_on_launch: true 11 | limit: "{{ env }}" 12 | verbosity: 0 13 | credentials: 14 | - aap_admin 15 | - ah_token_user 16 | - vault 17 | extra_vars: 18 | # for debugging errors with creds change to false 19 | controller_configuration_credentials_secure_logging: true 20 | 21 | - name: ah_config 22 | project: config_as_code 23 | job_type: run 24 | playbook: playbooks/hub_config.yml 25 | inventory: config_as_code 26 | execution_environment: supported 27 | concurrent_jobs_enabled: false 28 | limit: "{{ env }}" 29 | verbosity: 0 30 | credentials: 31 | - ah_token_user 32 | - vault 33 | 34 | - name: eda_config 35 | project: config_as_code 36 | job_type: run 37 | playbook: playbooks/eda_config.yml 38 | inventory: config_as_code 39 | execution_environment: supported 40 | concurrent_jobs_enabled: false 41 | ask_variables_on_launch: true 42 | limit: "{{ env }}" 43 | verbosity: 0 44 | credentials: 45 | - vault 46 | 47 | - name: build_execution_environments 48 | project: config_as_code 49 | job_type: run 50 | playbook: playbooks/build_ee.yml 51 | inventory: config_as_code 52 | execution_environment: supported 53 | concurrent_jobs_enabled: false 54 | verbosity: 0 55 | credentials: 56 | - root 57 | - ah_admin_user_pass 58 | labels: 59 | - EE 60 | 61 | - name: build_custom_collections 62 | project: config_as_code 63 | job_type: run 64 | playbook: playbooks/custom_collection.yml 65 | inventory: config_as_code 66 | execution_environment: supported 67 | concurrent_jobs_enabled: false 68 | limit: "{{ env }}" 69 | verbosity: 0 70 | credentials: 71 | - root 72 | - ah_token_user 73 | 74 | - name: console_token_refresh 75 | project: config_as_code 76 | job_type: run 77 | playbook: playbooks/console_token_refresh.yml 78 | inventory: config_as_code 79 | execution_environment: minimal 80 | concurrent_jobs_enabled: false 81 | limit: "{{ env }}" 82 | verbosity: 0 83 | credentials: 84 | - vault 85 | 86 | - name: collection_sync 87 | project: config_as_code 88 | job_type: run 89 | playbook: playbooks/sync_collections.yml 90 | inventory: config_as_code 91 | execution_environment: minimal 92 | concurrent_jobs_enabled: false 93 | limit: "{{ env }}" 94 | verbosity: 0 95 | credentials: 96 | - ah_token_user 97 | - vault 98 | ... 99 | -------------------------------------------------------------------------------- /group_vars/all/controller_labels.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_labels_all: 3 | - name: EE 4 | organization: config_as_code 5 | ... 6 | -------------------------------------------------------------------------------- /group_vars/all/controller_notifications.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_notifications_all: [] 3 | # - name: Email notification differential 4 | # description: Send out emails for tower jobs 5 | # organization: Default 6 | # notification_type: email 7 | # notification_configuration: 8 | # username: '' # this is required even if there's no username 9 | # sender: tower0@example.com 10 | # recipients: 11 | # - admin@example.com 12 | # use_tls: false 13 | # host: smtp.example.com 14 | # use_ssl: false 15 | # password: '' # this is required even if there's no password 16 | # port: 25 17 | ... 18 | -------------------------------------------------------------------------------- /group_vars/all/controller_projects.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_projects_all: 3 | - name: config_as_code 4 | description: config as code project 5 | organization: config_as_code 6 | scm_type: git 7 | scm_url: https://github.com/redhat-cop/aap_configuration_template.git 8 | scm_branch: "{{ scm_branch }}" 9 | scm_clean: true 10 | scm_update_on_launch: false 11 | scm_credential: "" 12 | update_project: true 13 | wait: true 14 | ... 15 | -------------------------------------------------------------------------------- /group_vars/all/controller_roles.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_roles_all: 3 | - team: config_as_code_admin 4 | organization: config_as_code 5 | role: execute 6 | 7 | - user: api_user 8 | team: config_as_code_admin 9 | role: member 10 | ... 11 | -------------------------------------------------------------------------------- /group_vars/all/controller_schedule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_schedules_all: 3 | - name: auto_run_console_token_refresh 4 | description: Auto run refresh token every 25 days 5 | unified_job_template: console_token_refresh # NOTE: you cannot have the same job template name as a project or this will fail 6 | rrule: DTSTART:20191219T130500Z RRULE:INTERVAL=25;FREQ=DAILY 7 | - name: auto_run_collection_sync 8 | description: Auto run sync every 7 days 9 | unified_job_template: collection_sync # NOTE: you cannot have the same job template name as a project or this will fail 10 | rrule: DTSTART:20191219T130500Z RRULE:INTERVAL=7;FREQ=DAILY 11 | ... 12 | -------------------------------------------------------------------------------- /group_vars/all/controller_settings.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_settings_all: 3 | settings: 4 | GALAXY_IGNORE_CERTS: true 5 | ... 6 | -------------------------------------------------------------------------------- /group_vars/all/controller_workflows.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_workflows_all: [] 3 | # - name: Simple workflow schema 4 | # description: a basic workflow 5 | # extra_vars: {} 6 | # survey_enabled: false 7 | # allow_simultaneous: false 8 | # ask_variables_on_launch: false 9 | # inventory: 10 | # state: present 11 | # limit: 12 | # labels: 13 | # - Prod 14 | # scm_branch: 15 | # ask_inventory_on_launch: false 16 | # ask_scm_branch_on_launch: false 17 | # ask_limit_on_launch: false 18 | # organization: Default 19 | # schedules: [] 20 | # simplified_workflow_nodes: 21 | # - all_parents_must_converge: false 22 | # identifier: node101 23 | # unified_job_template: RHVM-01 24 | # success_nodes: 25 | # - node201 26 | # - all_parents_must_converge: false 27 | # identifier: node201 28 | # unified_job_template: test-template-1 29 | # notification_templates_started: [] 30 | # notification_templates_success: [] 31 | # notification_templates_error: [] 32 | # notification_templates_approvals: [] 33 | # survey_spec: {} 34 | # - name: Simple workflow schema2 35 | # description: a basic workflow 36 | # extra_vars: {} 37 | # state: present 38 | # allow_simultaneous: false 39 | # ask_variables_on_launch: false 40 | # inventory: 41 | # limit: 42 | # labels: 43 | # - Prod 44 | # scm_branch: 45 | # ask_inventory_on_launch: false 46 | # ask_scm_branch_on_launch: false 47 | # ask_limit_on_launch: false 48 | # organization: Default 49 | # schedules: [] 50 | # simplified_workflow_nodes: 51 | # - all_parents_must_converge: false 52 | # identifier: node101 53 | # unified_job_template: RHVM-01 54 | # success_nodes: 55 | # - node201 56 | # - all_parents_must_converge: false 57 | # identifier: node201 58 | # unified_job_template: test-template-1 59 | # notification_templates_started: [] 60 | # notification_templates_success: [] 61 | # notification_templates_error: [] 62 | # notification_templates_approvals: [] 63 | ... 64 | -------------------------------------------------------------------------------- /group_vars/all/eda_credentials.yml: -------------------------------------------------------------------------------- 1 | --- 2 | eda_credentials: 3 | - name: hub 4 | description: private automation hub 5 | organization: config_as_code 6 | credential_type: 'Container Registry' 7 | inputs: 8 | username: "{{ aap_username }}" 9 | secret: "{{ aap_password }}" 10 | ... 11 | -------------------------------------------------------------------------------- /group_vars/all/eda_decision_environments.yml: -------------------------------------------------------------------------------- 1 | --- 2 | eda_decision_environments: 3 | - name: minimal 4 | description: my default decision environment 5 | image_url: "{{ aap_hostname }}/de-minimal-rhel8" 6 | credential: hub 7 | ... 8 | -------------------------------------------------------------------------------- /group_vars/all/eda_projects.yml: -------------------------------------------------------------------------------- 1 | --- 2 | eda_projects: 3 | - name: eda 4 | description: config as code eda 5 | url: https://github.com/djdanielsson/eda.git 6 | # credential: test_token 7 | wait: true 8 | interval: 10 9 | sync: true 10 | ... 11 | -------------------------------------------------------------------------------- /group_vars/all/eda_rulebook_activations.yml: -------------------------------------------------------------------------------- 1 | --- 2 | eda_rulebook_activations: 3 | - name: gitea_hook 4 | description: Hook to listen for changes in gitea 5 | project: eda 6 | rulebook: config_as_code.yml 7 | decision_environment: minimal 8 | # extra_vars: 9 | # provider: github-local 10 | # repo_url: https://github.com/ansible/ansible-rulebook.git 11 | enabled: true 12 | state: present 13 | awx_token: aap 14 | ... 15 | -------------------------------------------------------------------------------- /group_vars/all/ee_list.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # ee_base_image: registry.redhat.io/ansible-automation-platform-22/ee-supported-rhel8 3 | # ee_builder_image: registry.redhat.io/ansible-automation-platform-22/ansible-builder-rhel8 4 | ee_image_push: true 5 | ee_validate_certs: false 6 | ee_create_ansible_config: false 7 | # ee_auth_file: 8 | # ee_executable: 9 | # ee_ca_cert_dir: 10 | # ee_sign_by: 11 | 12 | ee_list: 13 | - name: config_as_code_ee 14 | dependencies: 15 | system: 16 | - unzip 17 | python: 18 | - ansible-lint 19 | - jmespath 20 | - netaddr 21 | galaxy: 22 | collections: 23 | - infra.controller_configuration 24 | - infra.ah_configuration 25 | - infra.ee_utilities 26 | - infra.aap_utilities 27 | - ansible.controller 28 | build_steps: 29 | append_final: 30 | - RUN dnf update -y 31 | ... 32 | -------------------------------------------------------------------------------- /group_vars/all/gateway_applications.yml: -------------------------------------------------------------------------------- 1 | --- 2 | aap_applications_all: 3 | - name: config_as_code_api 4 | description: launch controller config job template 5 | organization: config_as_code 6 | client_type: confidential 7 | authorization_grant_type: password 8 | ... 9 | -------------------------------------------------------------------------------- /group_vars/all/gateway_organizations.yml: -------------------------------------------------------------------------------- 1 | --- 2 | aap_organizations_all: 3 | - name: config_as_code 4 | galaxy_credentials: 5 | - ah_published 6 | - ah_certified 7 | - ah_validated 8 | - ah_community 9 | # default_environment: supported 10 | 11 | # - name: Default 12 | # state: absent 13 | ... 14 | -------------------------------------------------------------------------------- /group_vars/all/gateway_teams.yml: -------------------------------------------------------------------------------- 1 | --- 2 | aap_teams_all: 3 | - name: config_as_code_admin 4 | organization: config_as_code 5 | ... 6 | -------------------------------------------------------------------------------- /group_vars/all/gateway_users.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ah_token_username: token_user 3 | aap_user_accounts_all: 4 | - username: api_user 5 | is_superuser: false 6 | password: "{{ controller_api_user_pass }}" 7 | - username: token_user 8 | # Currently not working 9 | # groups: 10 | # - "admin" 11 | append: true 12 | is_superuser: true 13 | password: "{{ hub_api_user_pass }}" 14 | state: present 15 | ... 16 | -------------------------------------------------------------------------------- /group_vars/all/hub_collection_namespaces.yml: -------------------------------------------------------------------------------- 1 | --- 2 | hub_namespaces: 3 | - name: community_test 4 | company: Ansible by Red Hat 5 | email: ddaniels@redhat.com 6 | avatar_url: https://static.redhat.com/libs/redhat/brand-assets/latest/corp/logo.svg 7 | description: Namespace to test publishing collections 8 | resources: "# Redhat CoP\nA Namespace to test publishing collections" 9 | links: 10 | - name: Red Hat 11 | url: https://www.redhat.com 12 | ... 13 | -------------------------------------------------------------------------------- /group_vars/all/hub_collection_publish.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # ah_auto_approve: true 3 | # hub_collections: 4 | # - name: test 5 | # namespace: community_test 6 | # git_url: https://github.com/sean-m-sullivan/collection_test.git 7 | # # key_path: "{{ lookup('env', 'MY_CERT_FILE') }}" 8 | # # ssh_opts: '-o StrictHostKeyChecking=no' 9 | ... 10 | -------------------------------------------------------------------------------- /group_vars/all/hub_ee_images.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Documentation: 3 | # https://github.com/ansible/galaxy_collection/blob/devel/roles/ee_image/README.md 4 | hub_ee_images: [] 5 | # - name: 6 | # state: "{{ target_state }}" 7 | # append: false 8 | # tags: 9 | # - "latest" 10 | # - "v1.0.0" 11 | ... 12 | -------------------------------------------------------------------------------- /group_vars/all/hub_ee_registries.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Documentations: 3 | # - https://github.com/ansible/galaxy_collection/blob/devel/roles/ee_registry/README.md 4 | # - https://github.com/ansible/galaxy_collection/blob/devel/roles/ee_registry_index/README.md 5 | # - https://github.com/ansible/galaxy_collection/blob/devel/roles/ee_registry_sync/README.md 6 | hub_ee_registries: [] 7 | # - name: registry_redhat_io 8 | # url: https://registry.redhat.io 9 | # username: "{{ rh_username }}" 10 | # password: "{{ rh_password }}" 11 | # tls_validation: true 12 | # download_concurrency: 10 13 | # rate_limit: 8 14 | # proxy_url: "" 15 | # proxy_username: "" 16 | # proxy_password: "" 17 | # wait: true 18 | # state: present 19 | ... 20 | -------------------------------------------------------------------------------- /group_vars/all/hub_ee_repositories.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Documentation: 3 | # https://github.com/ansible/galaxy_collection/tree/devel/roles/ee_repository 4 | hub_ee_repositories: [] 5 | # - name: ansible-automation-platform/ee-minimal-rhel8 6 | # readme: "" # mutex with readme_file 7 | # readme_file: "" # mutex with readme 8 | # description: >- 9 | # ee-minimal is an automation execution environment for Red Hat Ansible 10 | # Automation Platform. 11 | # registry: registry_redhat_io 12 | # upstream_name: ansible-automation-platform/ee-minimal-rhel8 13 | # include_tags: 14 | # - 2.16.3-1 15 | # exclude_tags: 16 | # - latest # https://access.redhat.com/solutions/6980874 17 | # state: present 18 | ... 19 | -------------------------------------------------------------------------------- /group_vars/all/hub_group_roles.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Documentation: https://github.com/ansible/galaxy_collection/blob/devel/roles/group_roles/README.md 3 | hub_group_roles: [] 4 | # - state: present 5 | # groups: 6 | # - foo 7 | # role_list: 8 | # - roles: 9 | # - galaxy.execution_environment_namespace_owner 10 | # targets: 11 | # execution_environments: 12 | # - bar 13 | ... 14 | -------------------------------------------------------------------------------- /group_vars/all/hub_repositories.yml: -------------------------------------------------------------------------------- 1 | --- 2 | aap_configuration_async_retries: 60 3 | aap_configuration_async_delay: 5 4 | hub_collection_remotes: 5 | - name: rh-certified 6 | token: "{{ console_token }}" 7 | url: https://console.redhat.com/api/automation-hub/content/published/ 8 | auth_url: https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token 9 | - name: validated 10 | token: "{{ console_token }}" 11 | url: https://console.redhat.com/api/automation-hub/content/validated/ 12 | auth_url: https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token 13 | - name: community 14 | url: https://galaxy.ansible.com/api/ 15 | requirements: 16 | - community.docker 17 | - community.general 18 | - community.crypto 19 | - cloud.terraform 20 | 21 | hub_collection_repositories: 22 | - name: rh-certified 23 | remote: rh-certified 24 | - name: validated 25 | remote: validated 26 | - name: community 27 | remote: community 28 | ... 29 | -------------------------------------------------------------------------------- /group_vars/dev/aap_install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # WARNING THIS IS UNTESTED AND JUST AN EXAMPLE! 3 | aap_setup_down_redhat_api_token: "{{ redhat_api_token }}" 4 | aap_setup_down_version: 2.5 5 | aap_setup_rhel_version: 9 6 | aap_setup_containerized: true 7 | # aap_setup_down_dest_dir: /tmp/ 8 | # aap_setup_down_type: setup # default is bundle 9 | 10 | # aap_setup_prep_installer_file: "{{ aap_setup_down_installer_file }}" 11 | # aap_setup_prep_working_dir: "{{ aap_setup_down_dest_dir }}" 12 | # aap_setup_prep_process_template: true 13 | aap_setup_prep_inv_nodes: 14 | automationgateway: "{{ groups['automationgateway'] }}" 15 | automationcontroller: "{{ groups['automationcontroller'] }}" 16 | execution_nodes: "{{ groups['execution_nodes'] }}" 17 | automationhub: "{{ groups['automationhub'] }}" 18 | automationeda: "{{ groups['automationeda'] }}" 19 | redis: "{{ groups['redis'] | default(omit) }}" 20 | database: "{{ groups['database'] | default(omit) }}" 21 | 22 | aap_setup_prep_inv_vars: 23 | all: 24 | pulp_rhel_codeready_repo: [] # required or it will fail 25 | postgresql_admin_username: postgresql_admin 26 | postgresql_admin_password: "{{ ansible_password | default('Password1234!') }}" 27 | registry_username: "{{ aap_setup_prep_registry_username | default('admin') }}" 28 | registry_password: "{{ aap_setup_prep_registry_password | default(ansible_password) | default('Password1234!') }}" 29 | gateway_admin_password: "{{ ansible_password | default('Password1234!') }}" 30 | gateway_pg_host: "{{ ah_db_host | default(aap_setup_prep_inv_nodes['database'][1]) | default(aap_setup_prep_inv_nodes['database'][0]) }}" 31 | gateway_pg_database: gateway 32 | gateway_pg_username: gateway_user 33 | gateway_pg_password: "{{ ansible_password | default('Password1234!') }}" 34 | controller_admin_password: "{{ ansible_password | default('Password1234!') }}" 35 | controller_pg_host: "{{ ah_db_host | default(aap_setup_prep_inv_nodes['database'][1]) | default(aap_setup_prep_inv_nodes['database'][0]) }}" 36 | controller_pg_database: controller 37 | controller_pg_username: controller_user 38 | controller_pg_password: "{{ ansible_password | default('Password1234!') }}" 39 | hub_admin_password: "{{ ansible_password | default('Password1234!') }}" 40 | hub_pg_host: "{{ ah_db_host | default(aap_setup_prep_inv_nodes['database'][1]) | default(aap_setup_prep_inv_nodes['database'][0]) }}" 41 | hub_pg_database: hub 42 | hub_pg_username: hub_user 43 | hub_pg_password: "{{ ansible_password | default('Password1234!') }}" 44 | eda_admin_password: "{{ ansible_password | default('Password1234!') }}" 45 | eda_pg_host: "{{ ah_db_host | default(aap_setup_prep_inv_nodes['database'][1]) | default(aap_setup_prep_inv_nodes['database'][0]) }}" 46 | eda_pg_database: eda 47 | eda_pg_username: eda_user 48 | eda_pg_password: "{{ ansible_password | default('Password1234!') }}" 49 | 50 | aap_setup_prep_inv_secrets: 51 | 52 | # aap_setup_inst_setup_dir: "{{ aap_setup_prep_setup_dir }}" 53 | # aap_setup_inst_inventory: inventory 54 | aap_setup_inst_extra_vars: 55 | create_preload_data: false 56 | # controller_hostname/username/password/validate_certs: ??????????????????????? 57 | # ah_hostname/username/password/validate_certs: ??????????????????????? 58 | aap_setup_inst_force: true 59 | 60 | controller_hostname: "{{ aap_setup_prep_inv_nodes['automationcontroller'][0] }}" 61 | controller_username: "{{ controller_username | default('admin') }}" 62 | controller_password: "{{ ansible_password | default('Password1234!') }}" 63 | # controller_oauthtoken: "" 64 | # controller_config_file: "" 65 | controller_validate_certs: false 66 | 67 | ah_hostname: "{{ aap_setup_prep_inv_nodes['automationhub'][0] }}" 68 | ah_username: "{{ ah_username | default('admin') }}" 69 | hub_password: "{{ ansible_password | default('Password1234!') }}" 70 | # ah_oauthtoken: "" 71 | ah_validate_certs: false 72 | ... 73 | -------------------------------------------------------------------------------- /group_vars/dev/controller_credential_input_sources.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Commented out content is serving as example for you to add new content. 3 | controller_credential_input_sources_dev: [] 4 | ... 5 | -------------------------------------------------------------------------------- /group_vars/dev/controller_credential_types.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_credential_types_dev: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/dev/controller_credentials.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_credentials_dev: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/dev/controller_execution_environments.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_execution_environments_dev: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/dev/controller_groups.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_groups_dev: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/dev/controller_hosts.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_hosts_dev: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/dev/controller_instance_groups.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_instance_groups_dev: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/dev/controller_inventories.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_inventories_dev: 3 | - name: config_as_code_dev 4 | description: inventory for configuring as 5 | organization: config_as_code 6 | ... 7 | -------------------------------------------------------------------------------- /group_vars/dev/controller_inventory_sources.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_inventory_sources_dev: 3 | - name: controller_config_source_dev 4 | organization: config_as_code 5 | source: scm 6 | source_project: config_as_code_dev 7 | source_path: inventory_{{ env }}.yml 8 | inventory: config_as_code_dev 9 | credential: "" 10 | overwrite: true 11 | overwrite_vars: true 12 | update_cache_timeout: 0 13 | ... 14 | -------------------------------------------------------------------------------- /group_vars/dev/controller_job_templates.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_templates_dev: 3 | - name: controller_config_dev 4 | project: config_as_code_dev 5 | job_type: run 6 | playbook: playbooks/controller_config.yml 7 | inventory: config_as_code_dev 8 | execution_environment: supported 9 | concurrent_jobs_enabled: false 10 | ask_variables_on_launch: true 11 | verbosity: 0 12 | credentials: 13 | - aap_admin 14 | - ah_token_user 15 | - vault 16 | extra_vars: 17 | # for debugging errors with creds change to false 18 | controller_configuration_credentials_secure_logging: true 19 | ... 20 | -------------------------------------------------------------------------------- /group_vars/dev/controller_labels.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_labels_dev: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/dev/controller_notifications.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_notifications_dev: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/dev/controller_projects.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_projects_dev: 3 | - name: config_as_code_dev 4 | description: execution environments configurations 5 | organization: config_as_code 6 | scm_type: git 7 | scm_url: https://github.com/redhat-cop/aap_configuration_template.git 8 | scm_branch: "{{ scm_branch }}" 9 | scm_clean: true 10 | scm_update_on_launch: true 11 | scm_credential: "" 12 | update_project: true 13 | wait: true 14 | ... 15 | -------------------------------------------------------------------------------- /group_vars/dev/controller_roles.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_roles_dev: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/dev/controller_schedule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_schedules_dev: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/dev/controller_settings.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_settings_dev: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/dev/controller_workflows.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_workflows_dev: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/dev/gateway_applications.yml: -------------------------------------------------------------------------------- 1 | --- 2 | aap_applications_dev: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/dev/gateway_organizations.yml: -------------------------------------------------------------------------------- 1 | --- 2 | aap_organizations_dev: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/dev/gateway_teams.yml: -------------------------------------------------------------------------------- 1 | --- 2 | aap_teams_dev: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/dev/gateway_users.yml: -------------------------------------------------------------------------------- 1 | --- 2 | aap_user_accounts_dev: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/dev/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | aap_applications: "{{ aap_applications_all + aap_applications_dev }}" 3 | controller_credential_input_sources: "{{ controller_credential_input_sources_all + controller_credential_input_sources_dev }}" 4 | controller_credential_types: "{{ controller_credential_types_all + controller_credential_types_dev }}" 5 | controller_credentials: "{{ controller_credentials_all + controller_credentials_dev }}" 6 | controller_execution_environments: "{{ controller_execution_environments_all + controller_execution_environments_dev }}" 7 | controller_groups: "{{ controller_groups_all + controller_groups_dev }}" 8 | controller_hosts: "{{ controller_hosts_all + controller_hosts_dev }}" 9 | controller_instance_groups: "{{ controller_instance_groups_all + controller_instance_groups_dev }}" 10 | controller_inventories: "{{ controller_inventories_all + controller_inventories_dev }}" 11 | controller_inventory_sources: "{{ controller_inventory_sources_all + controller_inventory_sources_dev }}" 12 | controller_templates: "{{ controller_templates_all + controller_templates_dev }}" 13 | controller_labels: "{{ controller_labels_all + controller_labels_dev }}" 14 | controller_notifications: "{{ controller_notifications_all + controller_notifications_dev }}" 15 | aap_organizations: "{{ aap_organizations_all + aap_organizations_dev }}" 16 | controller_projects: "{{ controller_projects_all + controller_projects_dev }}" 17 | controller_roles: "{{ controller_roles_all + controller_roles_dev }}" 18 | controller_schedules: "{{ controller_schedules_all + controller_schedules_dev }}" 19 | controller_settings: "{{ controller_settings_all | combine(controller_settings_dev, list_merge='append', recursive=true) }}" 20 | aap_teams: "{{ aap_teams_all + aap_teams_dev }}" 21 | aap_user_accounts: "{{ aap_user_accounts_all + aap_user_accounts_dev }}" 22 | controller_workflows: "{{ controller_workflows_all + controller_workflows_dev }}" 23 | env: dev 24 | scm_branch: "" # when you want it to be default branch just set to "" 25 | ... 26 | -------------------------------------------------------------------------------- /group_vars/prod/aap_install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # WARNING THIS IS UNTESTED AND JUST AN EXAMPLE! 3 | aap_setup_down_redhat_api_token: "{{ redhat_api_token }}" 4 | aap_setup_down_version: 2.4 5 | aap_setup_rhel_version: 8 6 | # aap_setup_down_dest_dir: /tmp/ 7 | # aap_setup_down_type: setup # default is bundle 8 | 9 | # aap_setup_prep_installer_file: "{{ aap_setup_down_installer_file }}" 10 | # aap_setup_prep_working_dir: "{{ aap_setup_down_dest_dir }}" 11 | # aap_setup_prep_process_template: true 12 | aap_setup_prep_inv_nodes: 13 | automationcontroller: "{{ groups['automationcontroller'] }}" 14 | automationedacontroller: "{{ groups['automationedacontroller'] }}" 15 | database: "{{ groups['database'] | default(omit) }}" 16 | automationhub: "{{ groups['automationhub'] }}" 17 | # SSO: # not yet implemented 18 | aap_setup_prep_inv_vars: 19 | all: 20 | pulp_rhel_codeready_repo: [] # required or it will fail 21 | admin_password: "{{ ansible_password | default('Password1234!') }}" 22 | registry_username: "{{ aap_setup_prep_registry_username | default('admin') }}" 23 | registry_password: "{{ aap_setup_prep_registry_password | default(ansible_password) | default('Password1234!') }}" 24 | registry_url: "{{ aap_setup_prep_registry_url | default(aap_setup_prep_inv_nodes['automationhub'][0]) }}" 25 | # custom_ca_cert: /path/to/ca.crt 26 | # web_server_ssl_cert: /path/to/tower.cert 27 | # web_server_ssl_key: /path/to/tower.key 28 | pg_password: "{{ ansible_password | default('Password1234!') }}" 29 | pg_host: "{{ aap_db_host | default(aap_setup_prep_inv_nodes['database'][0]) }}" 30 | pg_port: "5432" 31 | pg_database: awx 32 | pg_username: awx 33 | pg_sslmode: prefer # set to 'verify-full' for client-side enforced SSL 34 | automationhub_admin_password: "{{ ansible_password | default('Password1234!') }}" 35 | # automationhub_importer_settings: "" 36 | automationhub_require_content_approval: true 37 | # automationhub_disable_https: false 38 | # automationhub_disable_hsts: false 39 | # automationhub_ssl_validate_certs: "" 40 | # automationhub_ssl_cert: "" 41 | # automationhub_ssl_key: "" 42 | # automationhub_backup_collections: "" 43 | automationhub_pg_host: "{{ ah_db_host | default(aap_setup_prep_inv_nodes['database'][1]) | default(aap_setup_prep_inv_nodes['database'][0]) }}" 44 | automationhub_pg_port: "5432" 45 | automationhub_pg_database: automationhub 46 | automationhub_pg_username: automationhub 47 | automationhub_pg_password: "{{ ansible_password | default('Password1234!') }}" 48 | automationhub_pg_sslmode: prefer # set to 'verify-full' for client-side enforced SSL 49 | # sso_keystore_password: "{{ ansible_password | default('Password1234!') }}" 50 | # automationhub_main_url: 'https://automationhub.ansible.com' 51 | automationedacontroller_admin_password: "{{ ansible_password | default('Password1234!') }}" 52 | automationedacontroller_pg_host: "{{ aap_db_host | default(aap_setup_prep_inv_nodes['database'][0]) }}" 53 | automationedacontroller_pg_port: "5432" 54 | automationedacontroller_pg_database: "{{ ah_db_host | default(aap_setup_prep_inv_nodes['database'][1]) | default(aap_setup_prep_inv_nodes['database'][0]) }}" 55 | automationedacontroller_pg_username: automationedacontroller 56 | automationedacontroller_pg_password: "{{ ansible_password | default('Password1234!') }}" 57 | # automation_controller_main_url = '' 58 | # automationedacontroller_controller_verify_ssl = true 59 | postgres_use_ssl: false 60 | # postgres_ssl_cert: /path/to/pgsql.crt 61 | # postgres_ssl_key: /path/to/pgsql.key 62 | # sso_console_admin_username: 'admin' 63 | # sso_console_admin_password: "{{ ansible_password | default('Password1234!') }}" 64 | aap_setup_prep_inv_secrets: 65 | 66 | # aap_setup_inst_setup_dir: "{{ aap_setup_prep_setup_dir }}" 67 | # aap_setup_inst_inventory: inventory 68 | aap_setup_inst_extra_vars: 69 | create_preload_data: false 70 | # controller_hostname/username/password/validate_certs: ??????????????????????? 71 | # ah_hostname/username/password/validate_certs: ??????????????????????? 72 | aap_setup_inst_force: true 73 | 74 | controller_hostname: "{{ aap_setup_prep_inv_nodes['automationcontroller'][0] }}" 75 | controller_username: "{{ controller_username | default('admin') }}" 76 | controller_password: "{{ ansible_password | default('Password1234!') }}" 77 | # controller_oauthtoken: "" 78 | # controller_config_file: "" 79 | controller_validate_certs: false 80 | 81 | ah_hostname: "{{ aap_setup_prep_inv_nodes['automationhub'][0] }}" 82 | ah_username: "{{ ah_username | default('admin') }}" 83 | hub_password: "{{ ansible_password | default('Password1234!') }}" 84 | # ah_oauthtoken: "" 85 | ah_validate_certs: false 86 | ... 87 | -------------------------------------------------------------------------------- /group_vars/prod/controller_credential_input_sources.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Commented out content is serving as example for you to add new content. 3 | controller_credential_input_sources_prod: [] 4 | ... 5 | -------------------------------------------------------------------------------- /group_vars/prod/controller_credential_types.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_credential_types_prod: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/prod/controller_credentials.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_credentials_prod: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/prod/controller_execution_environments.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_execution_environments_prod: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/prod/controller_groups.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_groups_prod: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/prod/controller_hosts.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_hosts_prod: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/prod/controller_instance_groups.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_instance_groups_prod: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/prod/controller_inventories.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_inventories_prod: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/prod/controller_inventory_sources.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_inventory_sources_prod: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/prod/controller_job_templates.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_templates_prod: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/prod/controller_labels.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_labels_prod: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/prod/controller_notifications.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_notifications_prod: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/prod/controller_projects.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_projects_prod: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/prod/controller_roles.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_roles_prod: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/prod/controller_schedule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_schedules_prod: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/prod/controller_settings.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_settings_prod: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/prod/controller_workflows.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_workflows_prod: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/prod/gateway_applications.yml: -------------------------------------------------------------------------------- 1 | --- 2 | aap_applications_prod: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/prod/gateway_organizations.yml: -------------------------------------------------------------------------------- 1 | --- 2 | aap_organizations_prod: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/prod/gateway_teams.yml: -------------------------------------------------------------------------------- 1 | --- 2 | aap_teams_prod: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/prod/gateway_users.yml: -------------------------------------------------------------------------------- 1 | --- 2 | aap_user_accounts_prod: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/prod/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | aap_applications: "{{ aap_applications_all + aap_applications_prod }}" 3 | controller_credential_input_sources: "{{ controller_credential_input_sources_all + controller_credential_input_sources_prod }}" 4 | controller_credential_types: "{{ controller_credential_types_all + controller_credential_types_prod }}" 5 | controller_credentials: "{{ controller_credentials_all + controller_credentials_prod }}" 6 | controller_execution_environments: "{{ controller_execution_environments_all + controller_execution_environments_prod }}" 7 | controller_groups: "{{ controller_groups_all + controller_groups_prod }}" 8 | controller_hosts: "{{ controller_hosts_all + controller_hosts_prod }}" 9 | controller_instance_groups: "{{ controller_instance_groups_all + controller_instance_groups_prod }}" 10 | controller_inventories: "{{ controller_inventories_all + controller_inventories_prod }}" 11 | controller_inventory_sources: "{{ controller_inventory_sources_all + controller_inventory_sources_prod }}" 12 | controller_templates: "{{ controller_templates_all + controller_templates_prod }}" 13 | controller_labels: "{{ controller_labels_all + controller_labels_prod }}" 14 | controller_notifications: "{{ controller_notifications_all + controller_notifications_prod }}" 15 | aap_organizations: "{{ aap_organizations_all + aap_organizations_prod }}" 16 | controller_projects: "{{ controller_projects_all + controller_projects_prod }}" 17 | controller_roles: "{{ controller_roles_all + controller_roles_prod }}" 18 | controller_schedules: "{{ controller_schedules_all + controller_schedules_prod }}" 19 | controller_settings: "{{ controller_settings_all | combine(controller_settings_prod, list_merge='append', recursive=true) }}" 20 | aap_teams: "{{ aap_teams_all + aap_teams_prod }}" 21 | aap_user_accounts: "{{ aap_user_accounts_all + aap_user_accounts_prod }}" 22 | controller_workflows: "{{ controller_workflows_all + controller_workflows_prod }}" 23 | env: prod 24 | scm_branch: "" # when you want it to be default branch just set to "" 25 | ... 26 | -------------------------------------------------------------------------------- /group_vars/test/aap_install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # WARNING THIS IS UNTESTED AND JUST AN EXAMPLE! 3 | aap_setup_down_redhat_api_token: "{{ redhat_api_token }}" 4 | aap_setup_down_version: 2.5 5 | aap_setup_rhel_version: 9 6 | # aap_setup_down_dest_dir: /tmp/ 7 | # aap_setup_down_type: setup # default is bundle 8 | 9 | # aap_setup_prep_installer_file: "{{ aap_setup_down_installer_file }}" 10 | # aap_setup_prep_working_dir: "{{ aap_setup_down_dest_dir }}" 11 | # aap_setup_prep_process_template: true 12 | aap_setup_prep_inv_nodes: 13 | automationcontroller: "{{ groups['automationcontroller'] }}" 14 | automationedacontroller: "{{ groups['automationedacontroller'] }}" 15 | database: "{{ groups['database'] | default(omit) }}" 16 | automationhub: "{{ groups['automationhub'] }}" 17 | # SSO: # not yet implemented 18 | aap_setup_prep_inv_vars: 19 | all: 20 | pulp_rhel_codeready_repo: [] # required or it will fail 21 | admin_password: "{{ ansible_password | default('Password1234!') }}" 22 | registry_username: "{{ aap_setup_prep_registry_username | default('admin') }}" 23 | registry_password: "{{ aap_setup_prep_registry_password | default(ansible_password) | default('Password1234!') }}" 24 | registry_url: "{{ aap_setup_prep_registry_url | default(aap_setup_prep_inv_nodes['automationhub'][0]) }}" 25 | # custom_ca_cert: /path/to/ca.crt 26 | # web_server_ssl_cert: /path/to/tower.cert 27 | # web_server_ssl_key: /path/to/tower.key 28 | pg_password: "{{ ansible_password | default('Password1234!') }}" 29 | pg_host: "{{ aap_db_host | default(aap_setup_prep_inv_nodes['database'][0]) }}" 30 | pg_port: "5432" 31 | pg_database: awx 32 | pg_username: awx 33 | pg_sslmode: prefer # set to 'verify-full' for client-side enforced SSL 34 | automationhub_admin_password: "{{ ansible_password | default('Password1234!') }}" 35 | # automationhub_importer_settings: "" 36 | automationhub_require_content_approval: true 37 | # automationhub_disable_https: false 38 | # automationhub_disable_hsts: false 39 | # automationhub_ssl_validate_certs: "" 40 | # automationhub_ssl_cert: "" 41 | # automationhub_ssl_key: "" 42 | # automationhub_backup_collections: "" 43 | automationhub_pg_host: "{{ ah_db_host | default(aap_setup_prep_inv_nodes['database'][1]) | default(aap_setup_prep_inv_nodes['database'][0]) }}" 44 | automationhub_pg_port: "5432" 45 | automationhub_pg_database: automationhub 46 | automationhub_pg_username: automationhub 47 | automationhub_pg_password: "{{ ansible_password | default('Password1234!') }}" 48 | automationhub_pg_sslmode: prefer # set to 'verify-full' for client-side enforced SSL 49 | # sso_keystore_password: "{{ ansible_password | default('Password1234!') }}" 50 | # automationhub_main_url: 'https://automationhub.ansible.com' 51 | automationedacontroller_admin_password: "{{ ansible_password | default('Password1234!') }}" 52 | automationedacontroller_pg_host: "{{ aap_db_host | default(aap_setup_prep_inv_nodes['database'][0]) }}" 53 | automationedacontroller_pg_port: "5432" 54 | automationedacontroller_pg_database: "{{ ah_db_host | default(aap_setup_prep_inv_nodes['database'][1]) | default(aap_setup_prep_inv_nodes['database'][0]) }}" 55 | automationedacontroller_pg_username: automationedacontroller 56 | automationedacontroller_pg_password: "{{ ansible_password | default('Password1234!') }}" 57 | # automation_controller_main_url = '' 58 | # automationedacontroller_controller_verify_ssl = true 59 | postgres_use_ssl: false 60 | # postgres_ssl_cert: /path/to/pgsql.crt 61 | # postgres_ssl_key: /path/to/pgsql.key 62 | # sso_console_admin_username: 'admin' 63 | # sso_console_admin_password: "{{ ansible_password | default('Password1234!') }}" 64 | aap_setup_prep_inv_secrets: 65 | 66 | # aap_setup_inst_setup_dir: "{{ aap_setup_prep_setup_dir }}" 67 | # aap_setup_inst_inventory: inventory 68 | aap_setup_inst_extra_vars: 69 | create_preload_data: false 70 | # controller_hostname/username/password/validate_certs: ??????????????????????? 71 | # ah_hostname/username/password/validate_certs: ??????????????????????? 72 | aap_setup_inst_force: true 73 | 74 | controller_hostname: "{{ aap_setup_prep_inv_nodes['automationcontroller'][0] }}" 75 | controller_username: "{{ controller_username | default('admin') }}" 76 | controller_password: "{{ ansible_password | default('Password1234!') }}" 77 | # controller_oauthtoken: "" 78 | # controller_config_file: "" 79 | controller_validate_certs: false 80 | 81 | ah_hostname: "{{ aap_setup_prep_inv_nodes['automationhub'][0] }}" 82 | ah_username: "{{ ah_username | default('admin') }}" 83 | hub_password: "{{ ansible_password | default('Password1234!') }}" 84 | # ah_oauthtoken: "" 85 | ah_validate_certs: false 86 | ... 87 | -------------------------------------------------------------------------------- /group_vars/test/controller_credential_input_sources.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Commented out content is serving as example for you to add new content. 3 | controller_credential_input_sources_test: [] 4 | ... 5 | -------------------------------------------------------------------------------- /group_vars/test/controller_credential_types.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_credential_types_test: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/test/controller_credentials.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_credentials_test: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/test/controller_execution_environments.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_execution_environments_test: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/test/controller_groups.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_groups_test: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/test/controller_hosts.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_hosts_test: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/test/controller_instance_groups.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_instance_groups_test: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/test/controller_inventories.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_inventories_test: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/test/controller_inventory_sources.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_inventory_sources_test: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/test/controller_job_templates.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_templates_test: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/test/controller_labels.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_labels_test: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/test/controller_notifications.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_notifications_test: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/test/controller_projects.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_projects_test: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/test/controller_roles.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_roles_test: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/test/controller_schedule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_schedules_test: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/test/controller_settings.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_settings_test: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/test/controller_workflows.yml: -------------------------------------------------------------------------------- 1 | --- 2 | controller_workflows_test: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/test/gateway_applications.yml: -------------------------------------------------------------------------------- 1 | --- 2 | aap_applications_test: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/test/gateway_organizations.yml: -------------------------------------------------------------------------------- 1 | --- 2 | aap_organizations_test: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/test/gateway_teams.yml: -------------------------------------------------------------------------------- 1 | --- 2 | aap_teams_test: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/test/gateway_users.yml: -------------------------------------------------------------------------------- 1 | --- 2 | aap_user_accounts_test: [] 3 | ... 4 | -------------------------------------------------------------------------------- /group_vars/test/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | aap_applications: "{{ aap_applications_all + aap_applications_test }}" 3 | controller_credential_input_sources: "{{ controller_credential_input_sources_all + controller_credential_input_sources_test }}" 4 | controller_credential_types: "{{ controller_credential_types_all + controller_credential_types_test }}" 5 | controller_credentials: "{{ controller_credentials_all + controller_credentials_test }}" 6 | controller_execution_environments: "{{ controller_execution_environments_all + controller_execution_environments_test }}" 7 | controller_groups: "{{ controller_groups_all + controller_groups_test }}" 8 | controller_hosts: "{{ controller_hosts_all + controller_hosts_test }}" 9 | controller_instance_groups: "{{ controller_instance_groups_all + controller_instance_groups_test }}" 10 | controller_inventories: "{{ controller_inventories_all + controller_inventories_test }}" 11 | controller_inventory_sources: "{{ controller_inventory_sources_all + controller_inventory_sources_test }}" 12 | controller_templates: "{{ controller_templates_all + controller_templates_test }}" 13 | controller_labels: "{{ controller_labels_all + controller_labels_test }}" 14 | controller_notifications: "{{ controller_notifications_all + controller_notifications_test }}" 15 | aap_organizations: "{{ aap_organizations_all + aap_organizations_test }}" 16 | controller_projects: "{{ controller_projects_all + controller_projects_test }}" 17 | controller_roles: "{{ controller_roles_all + controller_roles_test }}" 18 | controller_schedules: "{{ controller_schedules_all + controller_schedules_test }}" 19 | controller_settings: "{{ controller_settings_all | combine(controller_settings_test, list_merge='append', recursive=true) }}" 20 | aap_teams: "{{ aap_teams_all + aap_teams_test }}" 21 | aap_user_accounts: "{{ aap_user_accounts_all + aap_user_accounts_test }}" 22 | controller_workflows: "{{ controller_workflows_all + controller_workflows_test }}" 23 | env: test 24 | scm_branch: "" # when you want it to be default branch just set to "" 25 | ... 26 | -------------------------------------------------------------------------------- /inventory_ci.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This is used in a CI workflow and can be removed from your template 3 | all: 4 | children: 5 | dev: 6 | hosts: 7 | localhost: 8 | vars: 9 | connection: local 10 | controller_configuration_async_retries: 300 11 | # assign_galaxy_credentials_to_org: false 12 | 13 | automationcontroller: 14 | hosts: 15 | 127.0.0.1: 16 | vars: 17 | connection: local 18 | 19 | automationhub: 20 | hosts: 21 | 127.0.0.1: 22 | vars: 23 | connection: local 24 | 25 | automationedacontroller: 26 | hosts: 27 | 127.0.0.1: 28 | vars: 29 | connection: local 30 | 31 | # can be automationhub if you do not have a specific server for this 32 | builder: 33 | hosts: 34 | localhost: 35 | vars: 36 | connection: local 37 | 38 | # Only needed if installing AAP with automation, can be removed if you are not. See Install docs if unsure what server should be the database host. 39 | database: 40 | hosts: 41 | 127.0.0.1: 42 | vars: 43 | connection: local 44 | vars: 45 | env: dev 46 | ... 47 | -------------------------------------------------------------------------------- /inventory_dev.yml: -------------------------------------------------------------------------------- 1 | --- 2 | all: 3 | children: 4 | dev: 5 | hosts: 6 | 127.0.0.1: # Due to the way this template is configured, DO NOT CHANGE THIS! 7 | vars: 8 | connection: local 9 | automationcontroller: 10 | hosts: 11 | HERE: # FQDN of Automation Controller host(s) 12 | 13 | automationhub: 14 | hosts: 15 | HERE: # FQDN of Automation Hub host(s). Can be commented out if not in use. 16 | 17 | automationedacontroller: 18 | hosts: 19 | HERE: # FQDN of Automation EDA Controller host(s) 20 | 21 | builder: 22 | hosts: 23 | HERE: # FQDN of builder host if you have one. Otherwise, can be Automation Hub host or commented out if not in use. 24 | 25 | # Only needed if installing AAP with automation, can be removed if you are not. See Install docs if unsure what server should be the database host. 26 | database: 27 | hosts: 28 | HERE: 29 | vars: 30 | env: dev 31 | ... 32 | -------------------------------------------------------------------------------- /inventory_prod.yml: -------------------------------------------------------------------------------- 1 | --- 2 | all: 3 | children: 4 | prod: 5 | hosts: 6 | 127.0.0.1: # Due to the way this template is configured, DO NOT CHANGE THIS! 7 | vars: 8 | connection: local 9 | automationcontroller: 10 | hosts: 11 | HERE: # FQDN of Automation Controller host(s) 12 | 13 | automationhub: 14 | hosts: 15 | HERE: # FQDN of Automation Hub host(s). Can be commented out if not in use. 16 | 17 | automationedacontroller: 18 | hosts: 19 | HERE: # FQDN of Automation EDA Controller host(s) 20 | 21 | builder: 22 | hosts: 23 | HERE: # FQDN of builder host if you have one. Otherwise, can be Automation Hub host or commented out if not in use. 24 | 25 | # Only needed if installing AAP with automation, can be removed if you are not. See Install docs if unsure what server should be the database host. 26 | database: 27 | hosts: 28 | HERE: 29 | vars: 30 | env: prod 31 | ... 32 | -------------------------------------------------------------------------------- /inventory_test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | all: 3 | children: 4 | test: 5 | hosts: 6 | 127.0.0.1: # Due to the way this template is configured, DO NOT CHANGE THIS! 7 | vars: 8 | connection: local 9 | automationcontroller: 10 | hosts: 11 | HERE: # FQDN of Automation Controller host(s) 12 | 13 | automationhub: 14 | hosts: 15 | HERE: # FQDN of Automation Hub host(s). Can be commented out if not in use. 16 | 17 | automationedacontroller: 18 | hosts: 19 | HERE: # FQDN of Automation EDA Controller host(s) 20 | 21 | builder: 22 | hosts: 23 | HERE: # FQDN of builder host if you have one. Otherwise, can be Automation Hub host or commented out if not in use. 24 | 25 | # Only needed if installing AAP with automation, can be removed if you are not. See Install docs if unsure what server should be the database host. 26 | database: 27 | hosts: 28 | HERE: 29 | vars: 30 | env: test 31 | ... 32 | -------------------------------------------------------------------------------- /playbooks/aap_config.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Playbook to configure ansible controller post installation 3 | hosts: all 4 | vars_files: 5 | - ../vaults/{{ env }}.yml 6 | connection: local 7 | tasks: 8 | - name: Call dispatch role 9 | ansible.builtin.include_role: 10 | name: infra.aap_configuration.dispatch 11 | ... 12 | -------------------------------------------------------------------------------- /playbooks/build_ee.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Playbook to configure execution environments 3 | hosts: builder 4 | gather_facts: true 5 | # vars_files: 6 | # - "../vaults/{{ env }}.yml" 7 | pre_tasks: 8 | - name: Validate that ansible-builder is installed on target system 9 | block: 10 | - name: Try command 11 | ansible.builtin.command: ansible-builder --version 12 | register: r_builder 13 | changed_when: false 14 | rescue: 15 | - name: Try to install with rpms 16 | block: 17 | - name: Install ansible-builder from rpm 18 | ansible.builtin.dnf: 19 | name: 20 | - ansible-builder 21 | - ansible-core 22 | enablerepo: ansible-automation-platform-2.4-for-rhel-8-x86_64-rpms 23 | state: present 24 | become: true 25 | rescue: 26 | - name: Install ansible-builder from pip # noqa package-latest 27 | ansible.builtin.pip: 28 | name: 29 | - ansible-builder 30 | - ansible-core 31 | state: latest 32 | 33 | tasks: 34 | - name: Include ee_builder role 35 | ansible.builtin.include_role: 36 | name: infra.ee_utilities.ee_builder 37 | ... 38 | -------------------------------------------------------------------------------- /playbooks/console_token_refresh.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Playbook to keep your console token from expiring 3 | hosts: all 4 | connection: local 5 | gather_facts: false 6 | vars_files: 7 | - ../vaults/{{ env }}.yml 8 | tasks: 9 | - name: Refresh token 10 | ansible.builtin.uri: 11 | url: https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token 12 | method: POST 13 | return_content: true 14 | body_format: form-urlencoded 15 | headers: 16 | accept: application/json 17 | body: 18 | grant_type: refresh_token 19 | client_id: cloud-services 20 | refresh_token: "{{ console_token }}" 21 | no_log: true 22 | ... 23 | -------------------------------------------------------------------------------- /playbooks/custom_collection.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Publish custom collection 3 | hosts: all 4 | connection: local 5 | gather_facts: false 6 | vars_files: 7 | - ../vaults/{{ env }}.yml 8 | tasks: 9 | - name: Include namespace role 10 | ansible.builtin.include_role: 11 | name: infra.aap_configuration.hub_namespace 12 | 13 | - name: Include publish role 14 | ansible.builtin.include_role: 15 | name: infra.aap_configuration.hub_publish 16 | ... 17 | -------------------------------------------------------------------------------- /playbooks/install_aap.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Playbook to configure ansible automation platform installation 3 | hosts: all 4 | vars_files: 5 | - ../vaults/{{ env }}.yml 6 | tasks: 7 | - name: Include aap_setup_download role 8 | ansible.builtin.include_role: 9 | name: infra.aap_utilities.aap_setup_download 10 | 11 | - name: Include aap_setup_prepare role 12 | ansible.builtin.include_role: 13 | name: infra.aap_utilities.aap_setup_prepare 14 | 15 | - name: Include aap_setup_install role 16 | ansible.builtin.include_role: 17 | name: infra.aap_utilities.aap_setup_install 18 | ... 19 | -------------------------------------------------------------------------------- /playbooks/install_configure.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Deploy Ansible Automation Platform 3 | hosts: "{{ env | default('dev') }}" # noqa: syntax-check 4 | connection: local 5 | vars_files: 6 | - "../vaults/{{ env }}.yml" 7 | tasks: 8 | - name: Include aap_setup_download role 9 | ansible.builtin.include_role: 10 | name: infra.aap_utilities.aap_setup_download 11 | 12 | - name: Include aap_setup_prepare role 13 | ansible.builtin.include_role: 14 | name: infra.aap_utilities.aap_setup_prepare 15 | 16 | - name: Include aap_setup_install role 17 | ansible.builtin.include_role: 18 | name: infra.aap_utilities.aap_setup_install 19 | 20 | - name: Configure ansible controller post installation 21 | hosts: "{{ env | default('dev') }}" # noqa: syntax-check 22 | vars_files: 23 | - "../vaults/{{ env }}.yml" 24 | connection: local 25 | tasks: 26 | - name: Get subscriptions with a filter 27 | ansible.controller.subscriptions: 28 | username: "{{ rh_username }}" 29 | password: "{{ rh_password }}" 30 | filters: 31 | product_name: Red Hat Ansible Automation Platform 32 | support_level: Self-Support 33 | controller_host: "{{ aap_hostname }}" 34 | aap_username: "{{ aap_username }}" 35 | aap_password: "{{ aap_password }}" 36 | validate_certs: false 37 | register: subscription 38 | 39 | - name: Attach to a pool 40 | ansible.controller.license: 41 | pool_id: "{{ subscription.subscriptions[0].pool_id }}" 42 | controller_host: "{{ aap_hostname }}" 43 | aap_username: "{{ aap_username }}" 44 | aap_password: "{{ aap_password }}" 45 | validate_certs: false 46 | 47 | - name: Figuring out AH token 48 | when: ah_token is not defined or ah_token['token'] is defined 49 | block: 50 | - name: Authenticate and get an API token from Automation Hub 51 | infra.ah_configuration.ah_token: 52 | ah_hostname: "{{ aap_hostname | default(groups['automationhub'][0]) }}" 53 | ah_username: "{{ ah_token_username | default('admin') }}" 54 | hub_password: "{{ hub_api_user_pass }}" 55 | ah_path_prefix: galaxy # this is for private automation hub 56 | validate_certs: false 57 | register: r_hub_token 58 | 59 | - name: Fixing format 60 | ansible.builtin.set_fact: 61 | hub_token: "{{ ah_token['token'] }}" 62 | when: r_hub_token['changed'] # noqa: no-handler 63 | 64 | - name: Call dispatch role 65 | ansible.builtin.include_role: 66 | name: infra.aap_configuration.dispatch 67 | 68 | - name: Launch build execution environment job template 69 | ansible.controller.job_launch: 70 | name: build_execution_environments 71 | controller_host: "{{ aap_hostname }}" 72 | aap_username: "{{ aap_username }}" 73 | aap_password: "{{ aap_password }}" 74 | validate_certs: "{{ aap_validate_certs }}" 75 | 76 | ... 77 | -------------------------------------------------------------------------------- /playbooks/sync_collections.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Sync collections 3 | hosts: all 4 | gather_facts: false 5 | connection: local 6 | vars_files: 7 | - ../vaults/{{ env }}.yml 8 | tasks: 9 | - name: Include collection_repository_sync role 10 | ansible.builtin.include_role: 11 | name: infra.aap_configuration.hub_collection_repository_sync 12 | ... 13 | -------------------------------------------------------------------------------- /vaults/dev.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This token is used to synchronise certifified and validated collections from 3 | # console.redhat.com. 4 | # To generate an AH token, go to the url: 5 | # https://console.redhat.com/ansible/automation-hub/token and click on 6 | # "Load Token" in the "Offline token" chapter. 7 | console_token: '' 8 | 9 | # This token use Red Hat's API to download AAP 10 | # Generate this token here: https://access.redhat.com/management/api 11 | # Keep in mind that the token will expire if it is not used for 30 days. 12 | redhat_api_token: '' 13 | 14 | # Red Hat account login (this is used to attach your subs to controller) 15 | rh_username: '' 16 | 17 | # Red Hat account password 18 | rh_password: '' 19 | 20 | # The password for the root user on builder (using a non-root user would require 21 | # further changes) 22 | root_machine_pass: '' 23 | 24 | # This is the password of the 'token_user' account that the playbook will create 25 | # in the private Automation Hub. 26 | hub_api_user_pass: '' 27 | 28 | # This is the password of the 'api_user' user that the playbook will create 29 | # in the controller(s) 30 | controller_api_user_pass: '' 31 | 32 | # The admin password for the gateway; if unspecified, the default 33 | # is Password1234! 34 | aap_pass: '' 35 | 36 | # The admin password for the private Automation Hub; if unspecified, the default 37 | # is Password1234! 38 | hub_pass: '' 39 | 40 | # The password to decrypt this vault 41 | vault_pass: '' 42 | ... 43 | -------------------------------------------------------------------------------- /vaults/prod.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This token is used to synchronise certifified and validated collections from 3 | # console.redhat.com. 4 | # To generate an AH token, go to the url: 5 | # https://console.redhat.com/ansible/automation-hub/token and click on 6 | # "Load Token" in the "Offline token" chapter. 7 | console_token: '' 8 | 9 | # This token use Red Hat's API to download AAP 10 | # Generate this token here: https://access.redhat.com/management/api 11 | # Keep in mind that the token will expire if it is not used for 30 days. 12 | redhat_api_token: '' 13 | 14 | # Red Hat account login (this is used to attach your subs to controller) 15 | rh_username: '' 16 | 17 | # Red Hat account password 18 | rh_password: '' 19 | 20 | # The password for the root user on builder (using a non-root user would require 21 | # further changes) 22 | root_machine_pass: '' 23 | 24 | # This is the password of the 'token_user' account that the playbook will create 25 | # in the private Automation Hub. 26 | hub_api_user_pass: '' 27 | 28 | # This is the password of the 'api_user' user that the playbook will create 29 | # in the controller(s) 30 | controller_api_user_pass: '' 31 | 32 | # The admin password for the gateway; if unspecified, the default 33 | # is Password1234! 34 | aap_pass: '' 35 | 36 | # The admin password for the private Automation Hub; if unspecified, the default 37 | # is Password1234! 38 | hub_pass: '' 39 | 40 | # The password to decrypt this vault 41 | vault_pass: '' 42 | ... 43 | -------------------------------------------------------------------------------- /vaults/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This token is used to synchronise certifified and validated collections from 3 | # console.redhat.com. 4 | # To generate an AH token, go to the url: 5 | # https://console.redhat.com/ansible/automation-hub/token and click on 6 | # "Load Token" in the "Offline token" chapter. 7 | console_token: '' 8 | 9 | # This token use Red Hat's API to download AAP 10 | # Generate this token here: https://access.redhat.com/management/api 11 | # Keep in mind that the token will expire if it is not used for 30 days. 12 | redhat_api_token: '' 13 | 14 | # Red Hat account login (this is used to attach your subs to controller) 15 | rh_username: '' 16 | 17 | # Red Hat account password 18 | rh_password: '' 19 | 20 | # The password for the root user on builder (using a non-root user would require 21 | # further changes) 22 | root_machine_pass: '' 23 | 24 | # This is the password of the 'token_user' account that the playbook will create 25 | # in the private Automation Hub. 26 | hub_api_user_pass: '' 27 | 28 | # This is the password of the 'api_user' user that the playbook will create 29 | # in the controller(s) 30 | controller_api_user_pass: '' 31 | 32 | # The admin password for the gateway; if unspecified, the default 33 | # is Password1234! 34 | aap_pass: '' 35 | 36 | # The admin password for the private Automation Hub; if unspecified, the default 37 | # is Password1234! 38 | hub_pass: '' 39 | 40 | # The password to decrypt this vault 41 | vault_pass: '' 42 | ... 43 | --------------------------------------------------------------------------------