From c8744ef9a9bb12707fc803adb6703d587ddb12da Mon Sep 17 00:00:00 2001 From: Michael Collins Date: Fri, 1 Oct 2021 18:56:38 +0800 Subject: [PATCH 1/6] update deploy role for new awx token authentication method --- roles/matrix-awx/tasks/backup_server.yml | 21 ++++---- .../matrix-awx/tasks/create_session_token.yml | 9 ++++ roles/matrix-awx/tasks/create_user.yml | 9 ++++ .../tasks/customise_website_access_export.yml | 15 ++---- .../matrix-awx/tasks/delete_session_token.yml | 9 ++++ roles/matrix-awx/tasks/export_server.yml | 9 ++++ .../tasks/load_hosting_and_org_variables.yml | 4 ++ roles/matrix-awx/tasks/main.yml | 18 +++++++ .../matrix-awx/tasks/purge_database_main.yml | 52 ++++++++++--------- roles/matrix-awx/tasks/purge_media_main.yml | 11 +++- roles/matrix-awx/tasks/rotate_ssh.yml | 9 ++++ .../tasks/set_variables_corporal.yml | 11 +--- .../tasks/set_variables_dimension.yml | 11 +--- .../tasks/set_variables_element.yml | 11 +--- .../tasks/set_variables_element_subdomain.yml | 11 +--- .../matrix-awx/tasks/set_variables_jitsi.yml | 11 +--- .../matrix-awx/tasks/set_variables_ma1sd.yml | 11 +--- .../matrix-awx/tasks/set_variables_mailer.yml | 11 +--- .../tasks/set_variables_synapse.yml | 11 +--- .../tasks/set_variables_synapse_admin.yml | 11 +--- 20 files changed, 137 insertions(+), 128 deletions(-) create mode 100644 roles/matrix-awx/tasks/create_session_token.yml create mode 100644 roles/matrix-awx/tasks/delete_session_token.yml diff --git a/roles/matrix-awx/tasks/backup_server.yml b/roles/matrix-awx/tasks/backup_server.yml index b7a82b960..c328e868a 100644 --- a/roles/matrix-awx/tasks/backup_server.yml +++ b/roles/matrix-awx/tasks/backup_server.yml @@ -24,14 +24,6 @@ mode: '0660' tags: use-survey -- name: Collect AWX admin token the hard way! - delegate_to: 127.0.0.1 - shell: | - curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' - register: tower_token - no_log: True - tags: use-survey - - name: Recreate 'Backup Server' job template delegate_to: 127.0.0.1 awx.awx.tower_job_template: @@ -49,8 +41,8 @@ become_enabled: yes state: present verbosity: 1 - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" validate_certs: yes tags: use-survey @@ -90,6 +82,15 @@ command: borgmatic -c /root/.config/borgmatic/config_2.yaml when: matrix_awx_backup_enabled|bool +- name: Delete the AWX session token for executing modules + awx.awx.tower_token: + description: 'AWX Session Token' + scope: "write" + state: absent + existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" + - name: Set boolean value to exit playbook set_fact: end_playbook: true diff --git a/roles/matrix-awx/tasks/create_session_token.yml b/roles/matrix-awx/tasks/create_session_token.yml new file mode 100644 index 000000000..ce6075034 --- /dev/null +++ b/roles/matrix-awx/tasks/create_session_token.yml @@ -0,0 +1,9 @@ + +- name: Create a AWX session token for executing modules + awx.awx.tower_token: + description: 'AWX Session Token' + scope: "write" + state: present + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_master_token }}" + register: awx_session_token diff --git a/roles/matrix-awx/tasks/create_user.yml b/roles/matrix-awx/tasks/create_user.yml index 13a305968..3f4131c4c 100755 --- a/roles/matrix-awx/tasks/create_user.yml +++ b/roles/matrix-awx/tasks/create_user.yml @@ -23,6 +23,15 @@ /usr/local/bin/matrix-synapse-register-user {{ new_username | quote }} {{ new_password | quote }} {{ admin_bool }} register: cmd +- name: Delete the AWX session token for executing modules + awx.awx.tower_token: + description: 'AWX Session Token' + scope: "write" + state: absent + existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" + - name: Result debug: msg="{{ cmd.stdout }}" diff --git a/roles/matrix-awx/tasks/customise_website_access_export.yml b/roles/matrix-awx/tasks/customise_website_access_export.yml index d4f48f42c..076e31882 100755 --- a/roles/matrix-awx/tasks/customise_website_access_export.yml +++ b/roles/matrix-awx/tasks/customise_website_access_export.yml @@ -77,13 +77,6 @@ mode: '0660' when: customise_base_domain_website is undefined -- name: Collect AWX admin token the hard way! - delegate_to: 127.0.0.1 - shell: | - curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' - register: tower_token - no_log: True - - name: Recreate 'Configure Website + Access Export' job template delegate_to: 127.0.0.1 awx.awx.tower_job_template: @@ -101,8 +94,8 @@ become_enabled: yes state: present verbosity: 1 - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" validate_certs: yes when: customise_base_domain_website is defined @@ -123,8 +116,8 @@ become_enabled: yes state: present verbosity: 1 - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" validate_certs: yes when: customise_base_domain_website is undefined diff --git a/roles/matrix-awx/tasks/delete_session_token.yml b/roles/matrix-awx/tasks/delete_session_token.yml new file mode 100644 index 000000000..2a8d2da68 --- /dev/null +++ b/roles/matrix-awx/tasks/delete_session_token.yml @@ -0,0 +1,9 @@ + +- name: Delete the AWX session token for executing modules + awx.awx.tower_token: + description: 'AWX Session Token' + scope: "write" + state: absent + existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" diff --git a/roles/matrix-awx/tasks/export_server.yml b/roles/matrix-awx/tasks/export_server.yml index c70b0beb1..1347c5b97 100644 --- a/roles/matrix-awx/tasks/export_server.yml +++ b/roles/matrix-awx/tasks/export_server.yml @@ -24,6 +24,15 @@ units: days unique: yes +- name: Delete the AWX session token for executing modules + awx.awx.tower_token: + description: 'AWX Session Token' + scope: "write" + state: absent + existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" + - name: Set boolean value to exit playbook set_fact: end_playbook: true diff --git a/roles/matrix-awx/tasks/load_hosting_and_org_variables.yml b/roles/matrix-awx/tasks/load_hosting_and_org_variables.yml index ea8662549..aab7250ab 100644 --- a/roles/matrix-awx/tasks/load_hosting_and_org_variables.yml +++ b/roles/matrix-awx/tasks/load_hosting_and_org_variables.yml @@ -9,3 +9,7 @@ file: '/var/lib/awx/projects/hosting/hosting_vars.yml' no_log: True +- name: Include AWX master token from awx_tokens.yml + include_vars: + file: /var/lib/awx/projects/hosting/awx_tokens.yml + no_log: True diff --git a/roles/matrix-awx/tasks/main.yml b/roles/matrix-awx/tasks/main.yml index 0b804e17a..ceb697ecd 100755 --- a/roles/matrix-awx/tasks/main.yml +++ b/roles/matrix-awx/tasks/main.yml @@ -17,6 +17,15 @@ tags: - always +# Create AWX session token +- include_tasks: + file: "create_session_token.yml" + apply: + tags: always + when: run_setup|bool and matrix_awx_enabled|bool + tags: + - always + # Perform a backup of the server - include_tasks: file: "backup_server.yml" @@ -188,6 +197,15 @@ tags: - setup-synapse-admin +# Delete AWX session token +- include_tasks: + file: "delete_session_token.yml" + apply: + tags: always + when: run_setup|bool and matrix_awx_enabled|bool + tags: + - always + # Load newly formed matrix variables from AWX volume - include_tasks: file: "load_matrix_variables.yml" diff --git a/roles/matrix-awx/tasks/purge_database_main.yml b/roles/matrix-awx/tasks/purge_database_main.yml index 76a437e14..e7e98627a 100644 --- a/roles/matrix-awx/tasks/purge_database_main.yml +++ b/roles/matrix-awx/tasks/purge_database_main.yml @@ -5,18 +5,18 @@ name: dateutils state: latest -- name: Ensure dateutils, curl and jq intalled on target machine +- name: Include vars in matrix_vars.yml + include_vars: + file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + no_log: True + +- name: Ensure curl and jq intalled on target machine apt: pkg: - curl - jq state: present -- name: Include vars in matrix_vars.yml - include_vars: - file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - no_log: True - - name: Collect before shrink size of Synapse database shell: du -sh /matrix/postgres/data register: db_size_before_stat @@ -144,13 +144,6 @@ loop: "{{ room_list_state_events.splitlines() | flatten(levels=1) }}" when: purge_mode.find("Number of events [slower]") != -1 -- name: Collect AWX admin token the hard way! - delegate_to: 127.0.0.1 - shell: | - curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' - register: tower_token - no_log: True - - name: Adjust 'Deploy/Update a Server' job template delegate_to: 127.0.0.1 awx.awx.tower_job_template: @@ -165,8 +158,8 @@ credential: "{{ member_id }} - AWX SSH Key" state: present verbosity: 1 - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" validate_certs: yes when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1) or (purge_mode.find("Skip purging rooms [faster]") != -1) @@ -175,8 +168,8 @@ awx.awx.tower_job_launch: job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server" wait: yes - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" validate_certs: yes when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1) or (purge_mode.find("Skip purging rooms [faster]") != -1) @@ -194,8 +187,8 @@ credential: "{{ member_id }} - AWX SSH Key" state: present verbosity: 1 - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" validate_certs: yes when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1) or (purge_mode.find("Skip purging rooms [faster]") != -1) @@ -231,8 +224,8 @@ credential: "{{ member_id }} - AWX SSH Key" state: present verbosity: 1 - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" validate_certs: yes when: (purge_mode.find("Perform final shrink") != -1) @@ -241,8 +234,8 @@ awx.awx.tower_job_launch: job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server" wait: yes - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" validate_certs: yes when: (purge_mode.find("Perform final shrink") != -1) @@ -260,8 +253,8 @@ credential: "{{ member_id }} - AWX SSH Key" state: present verbosity: 1 - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" validate_certs: yes when: (purge_mode.find("Perform final shrink") != -1) @@ -308,6 +301,15 @@ msg: "{{ db_size_after_stat.stdout.split('\n') }}" when: (db_size_after_stat is defined) and (purge_mode.find("Perform final shrink") != -1) +- name: Delete the AWX session token for executing modules + awx.awx.tower_token: + description: 'AWX Session Token' + scope: "write" + state: absent + existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" + - name: Set boolean value to exit playbook set_fact: end_playbook: true diff --git a/roles/matrix-awx/tasks/purge_media_main.yml b/roles/matrix-awx/tasks/purge_media_main.yml index 84e73a8bb..b24ac3686 100644 --- a/roles/matrix-awx/tasks/purge_media_main.yml +++ b/roles/matrix-awx/tasks/purge_media_main.yml @@ -1,5 +1,5 @@ -- name: Ensure dateutils and curl is installed in AWX +- name: Ensure dateutils is installed in AWX delegate_to: 127.0.0.1 yum: name: dateutils @@ -90,6 +90,15 @@ msg: "{{ remote_media_size_after.stdout.split('\n') }}" when: matrix_purge_media_type == "Remote Media" +- name: Delete the AWX session token for executing modules + awx.awx.tower_token: + description: 'AWX Session Token' + scope: "write" + state: absent + existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" + - name: Set boolean value to exit playbook set_fact: end_playbook: true diff --git a/roles/matrix-awx/tasks/rotate_ssh.yml b/roles/matrix-awx/tasks/rotate_ssh.yml index 8383e81eb..109dd8e23 100644 --- a/roles/matrix-awx/tasks/rotate_ssh.yml +++ b/roles/matrix-awx/tasks/rotate_ssh.yml @@ -6,6 +6,15 @@ exclusive: yes key: "{{ lookup('file', '/var/lib/awx/projects/hosting/client_public.key') }}" +- name: Delete the AWX session token for executing modules + awx.awx.tower_token: + description: 'AWX Session Token' + scope: "write" + state: absent + existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" + - name: Set boolean value to exit playbook set_fact: end_playbook: true diff --git a/roles/matrix-awx/tasks/set_variables_corporal.yml b/roles/matrix-awx/tasks/set_variables_corporal.yml index 6ae187c70..27a428cd3 100755 --- a/roles/matrix-awx/tasks/set_variables_corporal.yml +++ b/roles/matrix-awx/tasks/set_variables_corporal.yml @@ -218,13 +218,6 @@ - debug: msg: "matrix_corporal_matrix_registration_shared_secret: {{ matrix_corporal_matrix_registration_shared_secret }}" -- name: Collect AWX admin token the hard way! - delegate_to: 127.0.0.1 - shell: | - curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' - register: tower_token - no_log: True - - name: Recreate 'Configure Corporal (Advanced)' job template delegate_to: 127.0.0.1 awx.awx.tower_job_template: @@ -242,6 +235,6 @@ become_enabled: yes state: present verbosity: 1 - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" validate_certs: yes diff --git a/roles/matrix-awx/tasks/set_variables_dimension.yml b/roles/matrix-awx/tasks/set_variables_dimension.yml index 53a4dbfc6..338cd82c4 100644 --- a/roles/matrix-awx/tasks/set_variables_dimension.yml +++ b/roles/matrix-awx/tasks/set_variables_dimension.yml @@ -82,13 +82,6 @@ dest: '/matrix/awx/configure_dimension.json' mode: '0660' -- name: Collect AWX admin token the hard way! - delegate_to: 127.0.0.1 - shell: | - curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' - register: tower_token - no_log: True - - name: Recreate 'Configure Dimension' job template delegate_to: 127.0.0.1 awx.awx.tower_job_template: @@ -106,6 +99,6 @@ become_enabled: yes state: present verbosity: 1 - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" validate_certs: yes diff --git a/roles/matrix-awx/tasks/set_variables_element.yml b/roles/matrix-awx/tasks/set_variables_element.yml index 29aac37f8..233a49fe3 100755 --- a/roles/matrix-awx/tasks/set_variables_element.yml +++ b/roles/matrix-awx/tasks/set_variables_element.yml @@ -40,13 +40,6 @@ dest: '/matrix/awx/configure_element.json' mode: '0660' -- name: Collect AWX admin token the hard way! - delegate_to: 127.0.0.1 - shell: | - curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' - register: tower_token - no_log: True - - name: Recreate 'Configure Element' job template delegate_to: 127.0.0.1 awx.awx.tower_job_template: @@ -64,6 +57,6 @@ become_enabled: yes state: present verbosity: 1 - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" validate_certs: yes diff --git a/roles/matrix-awx/tasks/set_variables_element_subdomain.yml b/roles/matrix-awx/tasks/set_variables_element_subdomain.yml index 87259d0f5..f6f36393c 100644 --- a/roles/matrix-awx/tasks/set_variables_element_subdomain.yml +++ b/roles/matrix-awx/tasks/set_variables_element_subdomain.yml @@ -21,13 +21,6 @@ dest: '/matrix/awx/configure_element_subdomain.json' mode: '0660' -- name: Collect AWX admin token the hard way! - delegate_to: 127.0.0.1 - shell: | - curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' - register: tower_token - no_log: True - - name: Recreate 'Configure Element Subdomain' job template delegate_to: 127.0.0.1 awx.awx.tower_job_template: @@ -44,6 +37,6 @@ survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element_subdomain.json') }}" state: present verbosity: 1 - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" validate_certs: yes diff --git a/roles/matrix-awx/tasks/set_variables_jitsi.yml b/roles/matrix-awx/tasks/set_variables_jitsi.yml index 9c610685f..6b01a2c3d 100755 --- a/roles/matrix-awx/tasks/set_variables_jitsi.yml +++ b/roles/matrix-awx/tasks/set_variables_jitsi.yml @@ -22,13 +22,6 @@ dest: '/matrix/awx/configure_jitsi.json' mode: '0660' -- name: Collect AWX admin token the hard way! - delegate_to: 127.0.0.1 - shell: | - curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' - register: tower_token - no_log: True - - name: Recreate 'Configure Jitsi' job template delegate_to: 127.0.0.1 awx.awx.tower_job_template: @@ -46,6 +39,6 @@ become_enabled: yes state: present verbosity: 1 - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" validate_certs: yes diff --git a/roles/matrix-awx/tasks/set_variables_ma1sd.yml b/roles/matrix-awx/tasks/set_variables_ma1sd.yml index 50aea14ca..6b4b09e3e 100755 --- a/roles/matrix-awx/tasks/set_variables_ma1sd.yml +++ b/roles/matrix-awx/tasks/set_variables_ma1sd.yml @@ -79,13 +79,6 @@ dest: '/matrix/awx/configure_ma1sd.json' mode: '0660' -- name: Collect AWX admin token the hard way! - delegate_to: 127.0.0.1 - shell: | - curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' - register: tower_token - no_log: True - - name: Recreate 'Configure ma1sd (Advanced)' job template delegate_to: 127.0.0.1 awx.awx.tower_job_template: @@ -103,7 +96,7 @@ become_enabled: yes state: present verbosity: 1 - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" validate_certs: yes diff --git a/roles/matrix-awx/tasks/set_variables_mailer.yml b/roles/matrix-awx/tasks/set_variables_mailer.yml index 924454d6e..ee530e603 100644 --- a/roles/matrix-awx/tasks/set_variables_mailer.yml +++ b/roles/matrix-awx/tasks/set_variables_mailer.yml @@ -21,13 +21,6 @@ dest: '/matrix/awx/configure_email_relay.json' mode: '0660' -- name: Collect AWX admin token the hard way! - delegate_to: 127.0.0.1 - shell: | - curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' - register: tower_token - no_log: True - - name: Recreate 'Configure Email Relay' job template delegate_to: 127.0.0.1 awx.awx.tower_job_template: @@ -45,6 +38,6 @@ become_enabled: yes state: present verbosity: 1 - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" validate_certs: yes diff --git a/roles/matrix-awx/tasks/set_variables_synapse.yml b/roles/matrix-awx/tasks/set_variables_synapse.yml index 53d78081a..d32d18e1f 100755 --- a/roles/matrix-awx/tasks/set_variables_synapse.yml +++ b/roles/matrix-awx/tasks/set_variables_synapse.yml @@ -200,13 +200,6 @@ dest: '/matrix/awx/configure_synapse.json' mode: '0660' -- name: Collect AWX admin token the hard way! - delegate_to: 127.0.0.1 - shell: | - curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' - register: tower_token - no_log: True - - name: Recreate 'Configure Synapse' job template delegate_to: 127.0.0.1 awx.awx.tower_job_template: @@ -224,6 +217,6 @@ become_enabled: yes state: present verbosity: 1 - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" validate_certs: yes diff --git a/roles/matrix-awx/tasks/set_variables_synapse_admin.yml b/roles/matrix-awx/tasks/set_variables_synapse_admin.yml index fa922de44..972c45128 100644 --- a/roles/matrix-awx/tasks/set_variables_synapse_admin.yml +++ b/roles/matrix-awx/tasks/set_variables_synapse_admin.yml @@ -21,13 +21,6 @@ dest: '/matrix/awx/configure_synapse_admin.json' mode: '0660' -- name: Collect AWX admin token the hard way! - delegate_to: 127.0.0.1 - shell: | - curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' - register: tower_token - no_log: True - - name: Recreate 'Configure Synapse Admin' job template delegate_to: 127.0.0.1 awx.awx.tower_job_template: @@ -45,6 +38,6 @@ become_enabled: yes state: present verbosity: 1 - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" validate_certs: yes From 40506d5c5ad4e27860b7e8f7c36d4f6d3363246f Mon Sep 17 00:00:00 2001 From: Michael Collins Date: Sat, 2 Oct 2021 12:43:14 +0800 Subject: [PATCH 2/6] no log --- roles/matrix-awx/tasks/create_session_token.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/matrix-awx/tasks/create_session_token.yml b/roles/matrix-awx/tasks/create_session_token.yml index ce6075034..9f22a37ea 100644 --- a/roles/matrix-awx/tasks/create_session_token.yml +++ b/roles/matrix-awx/tasks/create_session_token.yml @@ -7,3 +7,4 @@ tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_master_token }}" register: awx_session_token + no_log: True From 01a136692fd047692926f9efb323cf9da5f4501a Mon Sep 17 00:00:00 2001 From: Michael Collins Date: Mon, 4 Oct 2021 18:49:41 +0800 Subject: [PATCH 3/6] simulate update --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index edda6f995..1a9bc9d64 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,4 @@ +#test [![Support room on Matrix](https://img.shields.io/matrix/matrix-docker-ansible-deploy:devture.com.svg?label=%23matrix-docker-ansible-deploy%3Adevture.com&logo=matrix&style=for-the-badge&server_fqdn=matrix.devture.com)](https://matrix.to/#/#matrix-docker-ansible-deploy:devture.com) [![donate](https://liberapay.com/assets/widgets/donate.svg)](https://liberapay.com/s.pantaleev/donate) # Matrix (An open network for secure, decentralized communication) server setup using Ansible and Docker From 56ad50cb97093f33cd946ea6b26b8772cfef0499 Mon Sep 17 00:00:00 2001 From: Michael Collins Date: Mon, 4 Oct 2021 20:26:07 +0800 Subject: [PATCH 4/6] test update --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 1a9bc9d64..edda6f995 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,3 @@ -#test [![Support room on Matrix](https://img.shields.io/matrix/matrix-docker-ansible-deploy:devture.com.svg?label=%23matrix-docker-ansible-deploy%3Adevture.com&logo=matrix&style=for-the-badge&server_fqdn=matrix.devture.com)](https://matrix.to/#/#matrix-docker-ansible-deploy:devture.com) [![donate](https://liberapay.com/assets/widgets/donate.svg)](https://liberapay.com/s.pantaleev/donate) # Matrix (An open network for secure, decentralized communication) server setup using Ansible and Docker From 871df86068cef03be4bf693152c65a430d0ca890 Mon Sep 17 00:00:00 2001 From: Michael Collins Date: Mon, 4 Oct 2021 21:07:05 +0800 Subject: [PATCH 5/6] simulate update --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index edda6f995..1a9bc9d64 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,4 @@ +#test [![Support room on Matrix](https://img.shields.io/matrix/matrix-docker-ansible-deploy:devture.com.svg?label=%23matrix-docker-ansible-deploy%3Adevture.com&logo=matrix&style=for-the-badge&server_fqdn=matrix.devture.com)](https://matrix.to/#/#matrix-docker-ansible-deploy:devture.com) [![donate](https://liberapay.com/assets/widgets/donate.svg)](https://liberapay.com/s.pantaleev/donate) # Matrix (An open network for secure, decentralized communication) server setup using Ansible and Docker From 71b404d9dfdce8e6034f69cca9c2a1a896116f9d Mon Sep 17 00:00:00 2001 From: Michael Collins Date: Tue, 5 Oct 2021 11:39:29 +0800 Subject: [PATCH 6/6] merge upstream --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 1a9bc9d64..edda6f995 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,3 @@ -#test [![Support room on Matrix](https://img.shields.io/matrix/matrix-docker-ansible-deploy:devture.com.svg?label=%23matrix-docker-ansible-deploy%3Adevture.com&logo=matrix&style=for-the-badge&server_fqdn=matrix.devture.com)](https://matrix.to/#/#matrix-docker-ansible-deploy:devture.com) [![donate](https://liberapay.com/assets/widgets/donate.svg)](https://liberapay.com/s.pantaleev/donate) # Matrix (An open network for secure, decentralized communication) server setup using Ansible and Docker