infra.aap_configuration.ansible_config

Description

An Ansible Role to create ansible.cfg files based on your Automation Hub servers

Requirements

ansible-galaxy collection install -r tests/collections/requirements.yml to be installed Currently: awx.awx

Variables

Variable Name Default Value Required Description Example
ansible_config_mode ‘0644’ no str The permissions the resulting ansible config file or directory should have.
ansible_config_owner ”” no str The owner the resulting ansible config file or directory should have.
ansible_config_group ”” no str The group the resulting ansible config file or directory should have.
aap_configuration_working_dir “/var/tmp” no path Location to render the ansible config file to.
automation_hub_list [] no list A list of Automation hubs and galaxies to put in the ansible config, see below for details.
ansible_config_list [{"header":"galaxy","keypairs":[{"key":"ignore_certs","value":""}]}] no list A set of ansible config settings, a default is set, but can be overridden, see below for details.
ah_token ”” no Tower Admin User’s token on the Automation Hub Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook.  
ah_path_prefix galaxy no Tower Admin User’s token on the Automation Hub Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook.  

Secure Logging Variables

The following Variables compliment each other. If Both variables are not set, secure logging defaults to false. The role defaults to false as normally the ansible config task does not by default include sensitive information, we highly recommend the use of ansible vault for passwords and tokens. aap_configuration_ansible_config_secure_logging defaults to the value of aap_configuration_secure_logging if it is not explicitly called. This allows for secure logging to be toggled for the entire suite of automation hub configuration roles with a single variable, or for the user to selectively use it.

Variable Name Default Value Required Description
aap_configuration_ansible_config_secure_logging false no Whether or not to include the sensitive ansible config role tasks in the log. Set this value to true if you will be providing your sensitive values from elsewhere.
aap_configuration_secure_logging false no This variable enables secure logging as well, but is shared across multiple roles, see above.

Data Structures

automation_hub_list

Variable Name Default Value Required Type Description
name ”” yes str Name of the Automation Hub or Galaxy Server.
url ”” yes str URL to the Automation Hub or Galaxy Server
auth_url ”” no str URL to the authentication for Automation Hub or Galaxy Server
token ”” no str Automation Hub or Galaxy Server token.

ansible_config_list

Variable Name Default Value Required Type Description
header ”” yes str Header of the section that contains keypairs.
keypairs [] no list List key value pairs for settings in the ansible.cfg.

ansible_config_list[].keypairs

Variable Name Default Value Required Type Description
key ”” yes str Key for entry under this header.
value ”” yes str Value for entry for the corresponding key.

Standard Project Data Structure

Yaml Example

ansible_config_list:
  - header: galaxy
    keypairs:
      - key: ignore_certs
        value: ""
      - key: server_list
        value: ""

automation_hub_list:
  - name: automation_hub
    url: "/api/automation-hub/content/0000001-synclist/"
    auth_url: https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token
    token: changeme

Playbook Examples

Standard Role Usage

- name: Set up Ansible Configuration for usage with PAH
  hosts: localhost
  connection: local
  gather_facts: false
  vars:
    aap_validate_certs: false
  # Define following vars here, or in ah_configs/ah_auth.yml
  # ah_host: ansible-ah-web-svc-test-project.example.com
  # ah_token: changeme
  pre_tasks:
    - name: Include vars from ah_configs directory
      ansible.builtin.include_vars:
        dir: ./vars
        extensions: ["yml"]
      tags:
        - always
  roles:
    - infra.aap_configuration.ansible_config

License

GPLv3+

Author

Sean Sullivan