Merge pull request #314 from Tompage1994/dispatcher_role

Add dispatch role

Author: djdanielsson

changelogs/fragments/dispatch.yml

@@ -0,0 +1,4 @@
+---
+major_changes:
+  - Adds dispatch role - A role to run all other roles.
+...

examples/configure_controller.yml

@@ -39,29 +39,7 @@
         - always
 
   roles:
-    - {role: settings, when: controller_settings is defined, tags: settings}
-    - {role: organizations, when: controller_organizations is defined, tags: organizations}
-    - {role: labels, when: controller_labels is defined, tags: labels}
-    - {role: users, when: controller_user_accounts is defined, tags: users}
-    - {role: teams, when: controller_teams is defined, tags: teams}
-    - {role: credential_types, when: controller_credential_types is defined, tags: credential_types}
-    - {role: credentials, when: controller_credentials is defined, tags: credentials}
-    - {role: credential_input_sources, when: controller_credential_input_sources is defined, tags: credential_input_sources}
-    - {role: notification_templates, when: controller_notifications is defined, tags: notification_templates}
-    - {role: projects, when: controller_projects is defined, tags: projects}
-    - {role: execution_environments, when: controller_execution_environments is defined, tags: execution_environments}
-    - {role: applications, when: controller_applications is defined, tags: applications}
-    - {role: inventories, when: controller_inventories is defined, tags: inventories}
-    - {role: instance_groups, when: controller_instance_groups is defined, tags: instance_groups}
-    - {role: project_update, when: controller_projects is defined, tags: projects}
-    - {role: inventory_sources, when: controller_inventory_sources is defined, tags: inventory_sources}
-    - {role: inventory_source_update, when: controller_inventory_sources is defined, tags: inventory_sources}
-    - {role: hosts, when: controller_hosts is defined, tags: hosts}
-    - {role: groups, when: controller_groups is defined, tags: inventories}
-    - {role: job_templates, when: controller_templates is defined, tags: job_templates}
-    - {role: workflow_job_templates, when: controller_workflows is defined, tags: workflow_job_templates}
-    - {role: schedules, when: controller_schedules is defined, tags: schedules}
-    - {role: roles, when: controller_roles is defined, tags: roles}
+    - dispatch  # The dispatch role calls all of the other roles.
 
   tasks:
 

roles/dispatch/README.md

@@ -0,0 +1,103 @@
+# controller_configuration.projects
+## Description
+An Ansible Role to run all roles on Ansible Controller.
+
+## Requirements
+ansible-galaxy collection install -r tests/collections/requirements.yml to be installed
+Currently:
+  awx.awx
+  or
+  ansible.controller
+
+## Variables
+Each role has its own variables, for information on those please see each role which this role will call. This role has one key variable `controller_configuration_dispatcher_roles` and its default value is shown below:
+
+```yaml
+controller_configuration_dispatcher_roles:
+  - {role: settings, var: controller_settings, tags: settings}
+  - {role: organizations, var: controller_organizations, tags: organizations}
+  - {role: labels, var: controller_labels, tags: labels}
+  - {role: users, var: controller_user_accounts, tags: users}
+  - {role: teams, var: controller_teams, tags: teams}
+  - {role: credential_types, var: controller_credential_types, tags: credential_types}
+  - {role: credentials, var: controller_credentials, tags: credentials}
+  - {role: credential_input_sources, var: controller_credential_input_sources, tags: credential_input_sources}
+  - {role: notification_templates, var: controller_notifications, tags: notification_templates}
+  - {role: projects, var: controller_projects, tags: projects}
+  - {role: execution_environments, var: controller_execution_environments, tags: execution_environments}
+  - {role: applications, var: controller_applications, tags: applications}
+  - {role: inventories, var: controller_inventories, tags: inventories}
+  - {role: instance_groups, var: controller_instance_groups, tags: instance_groups}
+  - {role: project_update, var: controller_projects, tags: projects}
+  - {role: inventory_sources, var: controller_inventory_sources, tags: inventory_sources}
+  - {role: inventory_source_update, var: controller_inventory_sources, tags: inventory_sources}
+  - {role: hosts, var: controller_hosts, tags: hosts}
+  - {role: groups, var: controller_groups, tags: inventories}
+  - {role: job_templates, var: controller_templates, tags: job_templates}
+  - {role: workflow_job_templates, var: controller_workflows, tags: workflow_job_templates}
+  - {role: schedules, var: controller_schedules, tags: schedules}
+  - {role: roles, var: controller_roles, tags: roles}
+```
+
+Note that each item has three elements:
+- `role` which is the name of the role within redhat_cop.controller_configuration
+- `var` which is the variable which is used in that role. We use this to prevent the role being called if the variable is not set
+- `tags` the tags which are applied to the role so it is possible to apply tags to a playbook using the dispatcher with these tags.
+
+It is possible to redefine this variable with a subset of roles or with different tags. In general we suggest keeping the same structure and perhaps just using a subset.
+
+
+### Authentication
+|Variable Name|Default Value|Required|Description|Example|
+|:---:|:---:|:---:|:---:|:---:|
+|`controller_state`|"present"|no|The state all objects will take unless overridden by object default|'absent'|
+|`controller_hostname`|""|yes|URL to the Ansible Controller Server.|127.0.0.1|
+|`controller_validate_certs`|`True`|no|Whether or not to validate the Ansible Controller Server's SSL certificate.||
+|`controller_username`|""|yes|Admin User on the Ansible Controller Server.||
+|`controller_password`|""|yes|Controller Admin User's password on the Ansible Controller Server. This should be stored in an Ansible Vault at vars/controller-secrets.yml or elsewhere and called from a parent playbook.||
+|`controller_oauthtoken`|""|yes|Controller Admin User's token on the Ansible Controller Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook.||
+
+### Secure Logging Variables
+The role defaults to False as normally most projects task does not include sensitive information.
+Each role the dispatch role calls has a separate variable which can be turned on to enforce secure logging for that role but defaults to the value of controller_configuration_secure_logging if it is not explicitly called. This allows for secure logging to be toggled for the entire suite of configuration roles with a single variable, or for the user to selectively use it. If neither value is set then each role has a default value of true or false depending on the Red Hat COP suggestions.
+
+|Variable Name|Default Value|Required|Description|
+|:---:|:---:|:---:|:---:|
+|`controller_configuration_secure_logging`|""|no|This variable enables secure logging as well, but is shared across multiple roles, see above.|
+
+### Asynchronous Retry Variables
+The following Variables set asynchronous retries for the role.
+If neither of the retries or delay or retries are set, they will default to their respective defaults.
+This allows for all items to be created, then checked that the task finishes successfully.
+This also speeds up the overall role. Each individual role has its own variable which can allow the individual setting of values. See each role for more the variable names.
+
+|Variable Name|Default Value|Required|Description|
+|:---:|:---:|:---:|:---:|
+|`controller_configuration_async_retries`|30|no|This variable sets the number of retries to attempt for the role globally.|
+|`controller_configuration_async_delay`|1|no|This sets the delay between retries for the role globally.|
+
+## Playbook Examples
+### Standard Role Usage
+```yaml
+---
+- name: Playbook to configure ansible controller post installation
+  hosts: localhost
+  connection: local
+  # Define following vars here, or in controller_configs/controller_auth.yml
+  # controller_hostname: ansible-controller-web-svc-test-project.example.com
+  # controller_username: admin
+  # controller_password: changeme
+  pre_tasks:
+    - name: Include vars from controller_configs directory
+      include_vars:
+        dir: ./yaml
+        ignore_files: [controller_config.yml.template]
+        extensions: ["yml"]
+  roles:
+    - redhat_cop.controller_configuration.dispatch
+```
+## License
+[MIT](LICENSE)
+
+## Author
+[Tom Page](https://github.com/Tompage1994)

roles/dispatch/defaults/main.yml

@@ -0,0 +1,26 @@
+---
+controller_configuration_dispatcher_roles:
+  - {role: settings, var: controller_settings, tags: settings}
+  - {role: organizations, var: controller_organizations, tags: organizations}
+  - {role: labels, var: controller_labels, tags: labels}
+  - {role: users, var: controller_user_accounts, tags: users}
+  - {role: teams, var: controller_teams, tags: teams}
+  - {role: credential_types, var: controller_credential_types, tags: credential_types}
+  - {role: credentials, var: controller_credentials, tags: credentials}
+  - {role: credential_input_sources, var: controller_credential_input_sources, tags: credential_input_sources}
+  - {role: notification_templates, var: controller_notifications, tags: notification_templates}
+  - {role: projects, var: controller_projects, tags: projects}
+  - {role: execution_environments, var: controller_execution_environments, tags: execution_environments}
+  - {role: applications, var: controller_applications, tags: applications}
+  - {role: inventories, var: controller_inventories, tags: inventories}
+  - {role: instance_groups, var: controller_instance_groups, tags: instance_groups}
+  - {role: project_update, var: controller_projects, tags: projects}
+  - {role: inventory_sources, var: controller_inventory_sources, tags: inventory_sources}
+  - {role: inventory_source_update, var: controller_inventory_sources, tags: inventory_sources}
+  - {role: hosts, var: controller_hosts, tags: hosts}
+  - {role: groups, var: controller_groups, tags: inventories}
+  - {role: job_templates, var: controller_templates, tags: job_templates}
+  - {role: workflow_job_templates, var: controller_workflows, tags: workflow_job_templates}
+  - {role: schedules, var: controller_schedules, tags: schedules}
+  - {role: roles, var: controller_roles, tags: roles}
+...

roles/dispatch/meta/main.yml

@@ -0,0 +1,45 @@
+---
+galaxy_info:
+  role_name: "dispatch"
+  author: "Tom Page"
+  description: "An Ansible Role which launches all of the roles within the controller_configuration Collection."
+  company: "Red Hat"
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+  license: "MIT"
+
+  min_ansible_version: "2.8"
+
+  # Optionally specify the branch Galaxy will use when accessing the GitHub
+  # repo for this role. During role install, if no tags are available,
+  # Galaxy will use this branch. During import Galaxy will access files on
+  # this branch. If Travis integration is configured, only notifications for this
+  # branch will be accepted. Otherwise, in all cases, the repo's default branch
+  # (usually master) will be used.
+  # github_branch:
+
+  #
+  # platforms is a list of platforms, and each platform has a name and a list of versions.
+  #
+  platforms:
+    - name: "EL"
+      versions:
+        - "all"
+
+  galaxy_tags:
+    - "controller"
+    - "aap"
+    - "awx"
+    - "configuration"
+    - "dispatch"
+
+collections:
+  - ansible.controller
+  - awx.awx
+
+dependencies: []
+# List your role dependencies here, one per line. Be sure to remove the '[]' above,
+# if you add dependencies to this list.
+...

roles/dispatch/tasks/main.yml

@@ -0,0 +1,14 @@
+---
+
+- name: "Run redhat_cop.controller_configuration.{{ __role.role }} role"
+  include_role:
+    name: "{{ __role.role }}"
+    apply:
+      tags: "{{ __role.tags }}"
+  when: hostvars[inventory_hostname][__role.var] is defined
+  tags: always
+  loop: "{{ controller_configuration_dispatcher_roles }}"
+  loop_control:
+    loop_var: __role
+
+...

roles/dispatch/tests/configs/inventories.yml

@@ -0,0 +1,11 @@
+---
+controller_inventories:
+  - name: test1
+    description: test inventory
+    organization: Default
+  - name: test2
+    organization: Default
+    kind: smart
+    host_filter: "name__icontains=test"
+    variables: '{"key1":"val1", "key2":"val2"}'
+...

roles/dispatch/tests/configs/projects.yml

@@ -0,0 +1,24 @@
+---
+controller_projects:
+  - name: Test Project
+    scm_type: git
+    scm_url: https://github.com/ansible/tower-example.git
+    scm_branch: master
+    scm_clean: true
+    description: Test Project 1
+    organization: Satellite
+    update: true
+    wait: true
+  - name: Test Project 2
+    scm_type: git
+    scm_url: https://github.com/ansible/tower-example.git
+    description: Test Project 2
+    organization: Satellite
+    wait: true
+  - name: Test Inventory source project
+    scm_type: git
+    scm_url: https://github.com/ansible/ansible-examples.git
+    description: ansible-examples
+    organization: Satellite
+    wait: true
+...

roles/dispatch/tests/test.yml

@@ -0,0 +1,24 @@
+---
+- name: Run dispatch job to Controller
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  vars:
+    controller_validate_certs: false
+    controller_hostname: controller.example.com
+    controller_username: admin
+    controller_password: changeme
+
+  collections:
+    - awx.awx
+
+  pre_tasks:
+    - name: Include vars from controller_configs directory
+      include_vars:
+        dir: ./configs
+        extensions: ["yml"]
+      tags: always
+
+  roles:
+    - ../..
+...