infra.aap_configuration.workflow_job_templates

Description

An Ansible Role to create/update/remove Workflow Job Templates on Ansible Controller.

Requirements

ansible-galaxy collection install -r tests/collections/requirements.yml to be installed Currently: awx.awx or ansible.controller

Variables

Variable Name Default Value Required Description Example
platform_state “present” no The state all objects will take unless overridden by object default ‘absent’
aap_hostname ”” yes URL to the Ansible Automation Platform Server. 127.0.0.1
aap_validate_certs true no Whether or not to validate the Ansible Automation Platform Server’s SSL certificate.  
aap_username ”” no Admin User on the Ansible Automation Platform Server. Either username / password or oauthtoken need to be specified.  
aap_password ”” no Platform Admin User’s password on the Server. This should be stored in an Ansible Vault at vars/platform-secrets.yml or elsewhere and called from a parent playbook.  
aap_token ”” no Controller Admin User’s token on the Ansible Automation Platform Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified.  
aap_request_timeout 10 no Specify the timeout in seconds Ansible should use in requests to the Ansible Automation Platform host.  
controller_workflows see below yes Data structure describing your workflow job templates described below. Alias: workflow_job_templates  

Enforcing defaults

The following Variables compliment each other. If Both variables are not set, enforcing default values is not done. Enabling these variables enforce default values on options that are optional in the controller API. This should be enabled to enforce configuration and prevent configuration drift. It is recomended to be enabled, however it is not enforced by default.

Enabling this will enforce configurtion without specifying every option in the configuration files.

‘controller_configuration_workflows_enforce_defaults’ defaults to the value of ‘aap_configuration_enforce_defaults’ if it is not explicitly called. This allows for enforced defaults to be toggled for the entire suite of controller configuration roles with a single variable, or for the user to selectively use it.

Variable Name Default Value Required Description
controller_configuration_workflows_enforce_defaults false no Whether or not to enforce default option values on only the applications role
aap_configuration_enforce_defaults false no This variable enables enforced default values as well, but is shared across multiple roles, see above.

Secure Logging Variables

The following Variables compliment each other. If Both variables are not set, secure logging defaults to false. The role defaults to false as normally the add Workflow Job Templates task does not include sensitive information. workflow_job_templates_secure_logging defaults to the value of aap_configuration_secure_logging if it is not explicitly called. This allows for secure logging to be toggled for the entire suite of genie roles with a single variable, or for the user to selectively use it.

Variable Name Default Value Required Description
workflow_job_templates_secure_logging false no Whether or not to include the sensitive Workflow Job Templates role tasks in the log. Set this value to true if you will be providing your sensitive values from elsewhere.
aap_configuration_secure_logging false no This variable enables secure logging as well, but is shared across multiple roles, see above.

Asynchronous Retry Variables

The following Variables set asynchronous retries for the role. If neither of the retries or delay or retries are set, they will default to their respective defaults. This allows for all items to be created, then checked that the task finishes successfully. This also speeds up the overall role.

Variable Name Default Value Required Description
aap_configuration_async_retries 30 no This variable sets the number of retries to attempt for the role globally.
controller_configuration_workflow_async_retries `` no This variable sets the number of retries to attempt for the role.
aap_configuration_async_delay 1 no This sets the delay between retries for the role globally.
controller_configuration_workflow_async_delay aap_configuration_async_delay no This sets the delay between retries for the role.
aap_configuration_loop_delay 0 no This sets the pause between each item in the loop for the roles globally. To help when API is getting overloaded.
controller_configuration_workflow_loop_delay aap_configuration_loop_delay no This sets the pause between each item in the loop for the role. To help when API is getting overloaded.
aap_configuration_async_dir null no Sets the directory to write the results file for async tasks. The default value is set to null which uses the Ansible Default of /root/.ansible_async/.

Data Structure

Variables For Workflow Job Template

Variable Name Default Value Required Type Description
name ”” yes str Name of Workflow Job Template
new_name ”” str no Setting this option will change the existing name (looked up via the name field).
copy_from ”” no str Name or id to copy the Workflow template from. This will copy an existing workflow and change any parameters supplied.
description ”” no str Description to use for the job template.
organization ”” no list Organization the workflow job template exists in. Used to lookup the object, cannot be changed with this module
ask_inventory_on_launch ”” no bool Prompt user for inventory on launch.
ask_limit_on_launch ”” no bool Prompt user for a limit on launch.
ask_scm_branch_on_launch ”” no bool Prompt user for scm branch on launch.
ask_variables_on_launch ”” no bool Prompt user for extra_vars on launch.
extra_vars ”” no dict Specify extra_vars for the template.
allow_simultaneous ”” no bool Allow simultaneous runs of the workflow job template.
inventory ”” no str Inventory applied as a prompt, assuming job template prompts for inventory
limit ”” no str Limit applied as a prompt, assuming job template prompts for limit
labels ”” no str The labels applied to this job template. NOTE: Labels must be created with the labels role first, an error will occur if the label supplied to this role does not exist.
ask_labels_on_launch ”” no bool Prompt user for labels on launch.
job_tags ”” no str Comma separated list of the tags to use for the workflow job template.
skip_tags ”” no str Comma separated list of the tags to skip for the workflow job template.
ask_tags_on_launch ”” no bool Prompt user for job tags on launch.
ask_skip_tags_on_launch ”” no bool Prompt user for job tags to skip on launch.
notification_templates_approvals ”” no list The notifications on approval to use for this organization in a list.
notification_templates_error ”” no list The notifications on error to use for this organization in a list.
notification_templates_started ”” no list The notifications on started to use for this organization in a list.
notification_templates_success ”” no list The notifications on success to use for this organization in a list.
scm_branch ”” no str SCM branch applied as a prompt, assuming job template prompts for SCM branch
state present no str Desired state of the resource.
workflow_nodes ”” no dict A json list of nodes and their corresponding options. The sub-options are in the module doc.
destroy_current_nodes ”” no dict Set in order to destroy current schema on the workflow, used in cases where drastic changes to schema are happening.
survey_enabled ”” no bool Enable a survey on the job template.
survey_spec ”” no dict JSON/YAML dict formatted survey definition.
survey ”” no dict JSON/YAML dict formatted survey definition. Alias of survey_spec
webhook_service ”” no str Service that webhook requests will be accepted from (github, gitlab)
webhook_credential ”” no str Personal Access Token for posting back the status to the service API

Variables For Workflow Job Template Node

Variable Name Default Value Required Type Description
workflow_job_template ”” yes str The workflow job template the node exists in. Used for looking up the node, cannot be modified after creation.
identifier ”” yes str An identifier for this node that is unique within its workflow. It is copied to workflow job nodes corresponding to this node. This functions the same as the name field for other resources, however if it is not set, it will be set to a random UUID4 value. Recommended to use Column and row numbers for identifiers such as Node401. Refer to this documentation for more
unified_job_template ”” no str Name of unified job template to run in the workflow. Can be a job template, project, inventory source, etc. This parameter is mutually exclusive with approval_node.
lookup_organization ”” no str Organization the inventories, job templates, projects, or workflows the items exists in. Used to help lookup the object, for organization roles see organization. If not provided, will lookup by name only, which does not work with duplicates.
execution_environment Job Template default no str Execution Environment applied as a prompt. Job Template default used if not set. Only allowed if ask_execution_environment_on_launch set to true on Job Template
forks Job Template default no str Forks applied as a prompt. Job Template default used if not set. Only allowed if ask_forks_on_launch set to true on Job Template
instance_groups Job Template default no str List of Instance Groups applied as a prompt. Job Template default used if not set. Only allowed if ask_instance_groups_on_launch set to true on Job Template
job_slice_count Job Template default no str Job Slice Count to use in the job run. Job Template default used if not set. Only allowed if ask_job_slice_count_on_launch set to true on Job Template
labels Job Template default no list List of labels to use in the job run. Job Template default used if not set. Only allowed if ask_labels_on_launch set to true on Job Template. NOTE: Labels must be created with the labels role first, an error will occur if the label supplied to this role does not exist.
timeout Job Template default no str Timeout to use in the job run. Job Template default used if not set. Only allowed if ask_timeout_on_launch set to true on Job Template
approval_node ”” no str A dictionary of Name, description, and timeout values for the approval node. This parameter is mutually exclusive with unified_job_template.
organization ”” no str The organization of the workflow job template the node exists in. Used for looking up the workflow, not a direct model field.
all_parents_must_converge ”” no bool If enabled then the node will only run if all of the parent nodes have met the criteria to reach this node
always_nodes ”” no list Nodes that will run after this node completes.
failure_nodes ”” no list Nodes that will run after this node completes.
success_nodes ”” no list Nodes that will run after this node completes.
verbosity ”” no str Verbosity applied as a prompt, if job template prompts for verbosity
state ”” no str Desired state of the resource
credentials ”” no list Credentials to be applied to job as launch-time prompts.
diff_mode ”” no bool Run diff mode, applied as a prompt, if job template prompts for diff mode
extra_data ”” no dict Variables to apply at launch time. Will only be accepted if job template prompts for vars or has a survey asking for those vars. extra_data are extra_vars at the node level and named so to match the module and the API. These are only for “ask extra vars on prompt” on a given job template.
inventory ”” no str Inventory applied as a prompt, if job template prompts for inventory
job_tags ”” no str NJob tags applied as a prompt, if job template prompts for job tags
job_type ”” no str Job type applied as a prompt, if job template prompts for job type
limit ”” no str Limit to act on, applied as a prompt, if job template prompts for limit
scm_branch ”” no str SCM branch applied as a prompt, if job template prompts for SCM branch
skip_tags ”” no str Tags to skip, applied as a prompt, if job template prompts for job tags

Approval node dictionary

Variable Name Default Value Required Type Description
name ”” yes str Name of this workflow approval template.
description ”” no str Optional description of this workflow approval template.
timeout 0 no int The amount of time (in seconds) before the approval node expires and fails.

Surveys

Refer to the Controller Api Guide for more information about forming surveys

Variable Name Variable Description
name Name of the survey
description Description of the survey
spec List of survey items, each a dictionary containing the following fields
question_name Name of the field/item
question_description Longer description
required Boolean expressing if an answer is required
type One of text, password, integer, float, multiplechoiceor multiselect
variable Name of Ansible Variable where to put the answer
default Default value for the variable
min Minimum value for a number type
max Maximum value for a number type
choices List of choices for a “multi” type
new_question Boolean

Workflow Data Structures

This role accepts two data models.

Simplified Workflow nodes

A simple straightforward easy to maintain model using the var simplified_workflow_nodes. However this is, not compatible with the schema option on the controller_workflow_job_template module and will result in errors. Uses the variable ‘simplified_workflow_nodes’ to describe nodes as shown below.

Simplified Workflow Node Data structure model

Yaml Example
controller_workflows:
  - name: Simple workflow schema
    description: a basic workflow
    extra_vars: ''
    survey_enabled: false
    allow_simultaneous: false
    ask_variables_on_launch: false
    inventory:
    limit:
    scm_branch:
    ask_inventory_on_launch: false
    ask_scm_branch_on_launch: false
    ask_limit_on_launch: false
    webhook_service: ''
    webhook_credential:
    organization: Default
    schedules: []
    simplified_workflow_nodes:
      - all_parents_must_converge: false
        identifier: node101
        unified_job_template: RHVM-01
        credentials: []
        success_nodes:
          - node201
        failure_nodes: []
        always_nodes: []
      - identifier: node201
        approval_node:
          name: Simple approval node name
          description: Approve this to proceed in workflow
          timeout: 900 # 15 minutes
      - all_parents_must_converge: false
        identifier: node301
        unified_job_template: test-template-1
        credentials: []
        success_nodes: []
        failure_nodes: []
        always_nodes: []
    notification_templates_started: []
    notification_templates_success: []
    notification_templates_error: []
    notification_templates_approvals: []
    survey_spec: {}

Controller Export Model

This model is based off of the output from awx.awx.export, that is based on the API. This is more complicated, However it allows the user to use the schema input on the role which runs much faster compared to the simplified model. This can be under the subvariable ‘workflow_nodes’ or under the subvariable ‘related.workflow_nodes’ which is the output of controller_export.

Controller Export Data structure model

Yaml Export Example
controller_workflows:
  - name: Simple workflow schema
    description: a basic workflow
    extra_vars: ''
    survey_enabled: false
    allow_simultaneous: false
    ask_variables_on_launch: false
    inventory:
    limit:
    scm_branch:
    ask_inventory_on_launch: false
    ask_scm_branch_on_launch: false
    ask_limit_on_launch: false
    webhook_service: ''
    webhook_credential:
    organization:
      name: Default
    workflow_nodes:
      - all_parents_must_converge: false
        identifier: node101
        unified_job_template:
          name: RHVM-01
          type: job_template
          organization:
            name: Default
        related:
          success_nodes:
            - workflow_job_template:
                name: Simple workflow schema
              identifier: node201
      - all_parents_must_converge: false
        identifier: node201
        unified_job_template:
          name: test-template-1
          type: job_template
          organization:
            name: Default
      notification_templates_started: []
      notification_templates_success: []
      notification_templates_error: []
      notification_templates_approvals: []
      survey_spec:
        name: ''
        description: ''
        spec:
          - question_name: Basic Name
            question_description: Name
            required: true
            type: text
            variable: basic_name
            min: 0
            max: 1024
            default: ''
            choices: ''
            new_question: true

Json Export Example

{
  "controller_workflows": [
    {
      "name": "Simple workflow schema",
      "description": "a basic workflow",
      "extra_vars": "",
      "survey_enabled": false,
      "allow_simultaneous": false,
      "ask_variables_on_launch": false,
      "inventory": null,
      "limit": null,
      "scm_branch": null,
      "ask_inventory_on_launch": false,
      "ask_scm_branch_on_launch": false,
      "ask_limit_on_launch": false,
      "webhook_service": "",
      "webhook_credential": null,
      "organization": {
        "name": "Default"
      },
      "related": {
        "schedules": [

        ],
        "workflow_nodes": [
          {
            "all_parents_must_converge": false,
            "identifier": "node101",
            "unified_job_template": {
              "name": "RHVM-01",
              "type": "job_template",
              "organization": { "name": "Default" }
            },
            "related": {
              "credentials": [

              ],
              "success_nodes": [
                {
                  "workflow_job_template": {
                    "name": "Simple workflow schema"
                  },
                  "identifier": "node201"
                }
              ],
              "failure_nodes": [

              ],
              "always_nodes": [

              ]
            }
          },
          {
            "all_parents_must_converge": false,
            "identifier": "node201",
            "unified_job_template": {
              "name": "test-template-1",
              "type": "job_template",
              "organization": { "name": "Default" }
            },
            "related": {
              "credentials": [

              ],
              "success_nodes": [

              ],
              "failure_nodes": [

              ],
              "always_nodes": [

              ]
            }
          }
        ],
        "notification_templates_started": [

        ],
        "notification_templates_success": [

        ],
        "notification_templates_error": [

        ],
        "notification_templates_approvals": [

        ],
        "survey_spec": {
        }
      }
    }
  ]
}

Playbook Examples

Standard Role Usage

- name: Playbook to configure ansible controller post installation
  hosts: localhost
  connection: local
  # Define following vars here, or in platform_configs/controller_auth.yml
  # aap_hostname: ansible-controller-web-svc-test-project.example.com
  # aap_username: admin
  # aap_password: changeme
  pre_tasks:
    - name: Include vars from platform_configs directory
      ansible.builtin.include_vars:
        dir: ./yaml
        ignore_files: [controller_config.yml.template]
        extensions: ["yml"]
  roles:
    - {role: infra.aap_configuration.workflow_job_templates, when: controller_workflows is defined}

License

GPL-3.0

Author

Sean Sullivan