update deploy role for new awx token authentication method

2021-10-01 18:56:38 +08:00 · 2021-10-01 18:56:38 +08:00 · c8744ef9a9
parent 9a4187c852
commit c8744ef9a9
20 changed files with 137 additions and 128 deletions
--- a/roles/matrix-awx/tasks/backup_server.yml
+++ b/roles/matrix-awx/tasks/backup_server.yml
@ -24,14 +24,6 @@
    mode: '0660'
  tags: use-survey

- name: Collect AWX admin token the hard way!
-  delegate_to: 127.0.0.1
-  shell: |
-      curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
-  register: tower_token
-  no_log: True
-  tags: use-survey
-
 - name: Recreate 'Backup Server' job template
  delegate_to: 127.0.0.1
  awx.awx.tower_job_template:
@ -49,8 +41,8 @@
    become_enabled: yes
    state: present
    verbosity: 1
-    tower_host: "https://{{ tower_host }}"
-    tower_oauthtoken: "{{ tower_token.stdout }}"
+    tower_host: "https://{{ awx_host }}"
+    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
    validate_certs: yes
  tags: use-survey

@ -90,6 +82,15 @@
  command: borgmatic -c /root/.config/borgmatic/config_2.yaml
  when: matrix_awx_backup_enabled|bool

+- name: Delete the AWX session token for executing modules
+  awx.awx.tower_token:
+    description: 'AWX Session Token'
+    scope: "write"
+    state: absent
+    existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}"
+    tower_host: "https://{{ awx_host }}"
+    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
+
 - name: Set boolean value to exit playbook
  set_fact:
    end_playbook: true
--- a/roles/matrix-awx/tasks/create_session_token.yml
+++ b/roles/matrix-awx/tasks/create_session_token.yml
@ -0,0 +1,9 @@
+
+- name: Create a AWX session token for executing modules
+  awx.awx.tower_token:
+    description: 'AWX Session Token'
+    scope: "write"
+    state: present
+    tower_host: "https://{{ awx_host }}"
+    tower_oauthtoken: "{{ awx_master_token }}"
+  register: awx_session_token
--- a/roles/matrix-awx/tasks/create_user.yml
+++ b/roles/matrix-awx/tasks/create_user.yml
@ -23,6 +23,15 @@
    /usr/local/bin/matrix-synapse-register-user {{ new_username | quote }} {{ new_password | quote }} {{ admin_bool }}
  register: cmd

+- name: Delete the AWX session token for executing modules
+  awx.awx.tower_token:
+    description: 'AWX Session Token'
+    scope: "write"
+    state: absent
+    existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}"
+    tower_host: "https://{{ awx_host }}"
+    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
+
 - name: Result
  debug: msg="{{ cmd.stdout }}"

--- a/roles/matrix-awx/tasks/customise_website_access_export.yml
+++ b/roles/matrix-awx/tasks/customise_website_access_export.yml
@ -77,13 +77,6 @@
    mode: '0660'
  when: customise_base_domain_website is undefined

- name: Collect AWX admin token the hard way!
-  delegate_to: 127.0.0.1
-  shell: |
-      curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
-  register: tower_token
-  no_log: True
-
 - name: Recreate 'Configure Website + Access Export' job template
  delegate_to: 127.0.0.1
  awx.awx.tower_job_template:
@ -101,8 +94,8 @@
    become_enabled: yes
    state: present
    verbosity: 1
-    tower_host: "https://{{ tower_host }}"
-    tower_oauthtoken: "{{ tower_token.stdout }}"
+    tower_host: "https://{{ awx_host }}"
+    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
    validate_certs: yes
  when: customise_base_domain_website is defined

@ -123,8 +116,8 @@
    become_enabled: yes
    state: present
    verbosity: 1
-    tower_host: "https://{{ tower_host }}"
-    tower_oauthtoken: "{{ tower_token.stdout }}"
+    tower_host: "https://{{ awx_host }}"
+    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
    validate_certs: yes
  when: customise_base_domain_website is undefined

--- a/roles/matrix-awx/tasks/delete_session_token.yml
+++ b/roles/matrix-awx/tasks/delete_session_token.yml
@ -0,0 +1,9 @@
+
+- name: Delete the AWX session token for executing modules
+  awx.awx.tower_token:
+    description: 'AWX Session Token'
+    scope: "write"
+    state: absent
+    existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}"
+    tower_host: "https://{{ awx_host }}"
+    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
--- a/roles/matrix-awx/tasks/export_server.yml
+++ b/roles/matrix-awx/tasks/export_server.yml
@ -24,6 +24,15 @@
    units: days
    unique: yes

+- name: Delete the AWX session token for executing modules
+  awx.awx.tower_token:
+    description: 'AWX Session Token'
+    scope: "write"
+    state: absent
+    existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}"
+    tower_host: "https://{{ awx_host }}"
+    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
+
 - name: Set boolean value to exit playbook
  set_fact:
    end_playbook: true
--- a/roles/matrix-awx/tasks/load_hosting_and_org_variables.yml
+++ b/roles/matrix-awx/tasks/load_hosting_and_org_variables.yml
@ -9,3 +9,7 @@
    file: '/var/lib/awx/projects/hosting/hosting_vars.yml'
  no_log: True

+- name: Include AWX master token from awx_tokens.yml
+  include_vars:
+    file: /var/lib/awx/projects/hosting/awx_tokens.yml
+  no_log: True
--- a/roles/matrix-awx/tasks/main.yml
+++ b/roles/matrix-awx/tasks/main.yml
@ -17,6 +17,15 @@
  tags:
    - always

+# Create AWX session token
+- include_tasks: 
+    file: "create_session_token.yml"
+    apply:
+      tags: always
+  when: run_setup|bool and matrix_awx_enabled|bool
+  tags:
+    - always
+
 # Perform a backup of the server
 - include_tasks: 
    file: "backup_server.yml"
@ -188,6 +197,15 @@
  tags:
    - setup-synapse-admin

+# Delete AWX session token
+- include_tasks: 
+    file: "delete_session_token.yml"
+    apply:
+      tags: always
+  when: run_setup|bool and matrix_awx_enabled|bool
+  tags:
+    - always
+
 # Load newly formed matrix variables from AWX volume
 - include_tasks: 
    file: "load_matrix_variables.yml"
--- a/roles/matrix-awx/tasks/purge_database_main.yml
+++ b/roles/matrix-awx/tasks/purge_database_main.yml
@ -5,18 +5,18 @@
    name: dateutils
    state: latest

- name: Ensure dateutils, curl and jq intalled on target machine
+- name: Include vars in matrix_vars.yml
+  include_vars:
+    file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+  no_log: True
+
+- name: Ensure curl and jq intalled on target machine
  apt:
    pkg:
    - curl
    - jq
    state: present

- name: Include vars in matrix_vars.yml
-  include_vars:
-    file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
-  no_log: True
-
 - name: Collect before shrink size of Synapse database
  shell: du -sh /matrix/postgres/data
  register: db_size_before_stat
@ -144,13 +144,6 @@
  loop: "{{ room_list_state_events.splitlines() | flatten(levels=1) }}"
  when: purge_mode.find("Number of events [slower]") != -1

- name: Collect AWX admin token the hard way!
-  delegate_to: 127.0.0.1
-  shell: |
-      curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
-  register: tower_token
-  no_log: True
-
 - name: Adjust 'Deploy/Update a Server' job template
  delegate_to: 127.0.0.1
  awx.awx.tower_job_template:
@ -165,8 +158,8 @@
    credential: "{{ member_id }} - AWX SSH Key"
    state: present
    verbosity: 1
-    tower_host: "https://{{ tower_host }}"
-    tower_oauthtoken: "{{ tower_token.stdout }}"
+    tower_host: "https://{{ awx_host }}"
+    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
    validate_certs: yes
  when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1) or (purge_mode.find("Skip purging rooms [faster]") != -1)

@ -175,8 +168,8 @@
  awx.awx.tower_job_launch:
    job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server"
    wait: yes
-    tower_host: "https://{{ tower_host }}"
-    tower_oauthtoken: "{{ tower_token.stdout }}"
+    tower_host: "https://{{ awx_host }}"
+    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
    validate_certs: yes 
  when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1) or (purge_mode.find("Skip purging rooms [faster]") != -1)

@ -194,8 +187,8 @@
    credential: "{{ member_id }} - AWX SSH Key"
    state: present
    verbosity: 1
-    tower_host: "https://{{ tower_host }}"
-    tower_oauthtoken: "{{ tower_token.stdout }}"
+    tower_host: "https://{{ awx_host }}"
+    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
    validate_certs: yes
  when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1) or (purge_mode.find("Skip purging rooms [faster]") != -1)

@ -231,8 +224,8 @@
    credential: "{{ member_id }} - AWX SSH Key"
    state: present
    verbosity: 1
-    tower_host: "https://{{ tower_host }}"
-    tower_oauthtoken: "{{ tower_token.stdout }}"
+    tower_host: "https://{{ awx_host }}"
+    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
    validate_certs: yes
  when: (purge_mode.find("Perform final shrink") != -1)

@ -241,8 +234,8 @@
  awx.awx.tower_job_launch:
    job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server"
    wait: yes
-    tower_host: "https://{{ tower_host }}"
-    tower_oauthtoken: "{{ tower_token.stdout }}"
+    tower_host: "https://{{ awx_host }}"
+    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
    validate_certs: yes 
  when: (purge_mode.find("Perform final shrink") != -1)

@ -260,8 +253,8 @@
    credential: "{{ member_id }} - AWX SSH Key"
    state: present
    verbosity: 1
-    tower_host: "https://{{ tower_host }}"
-    tower_oauthtoken: "{{ tower_token.stdout }}"
+    tower_host: "https://{{ awx_host }}"
+    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
    validate_certs: yes
  when: (purge_mode.find("Perform final shrink") != -1)

@ -308,6 +301,15 @@
    msg: "{{ db_size_after_stat.stdout.split('\n') }}"
  when: (db_size_after_stat is defined) and (purge_mode.find("Perform final shrink") != -1)

+- name: Delete the AWX session token for executing modules
+  awx.awx.tower_token:
+    description: 'AWX Session Token'
+    scope: "write"
+    state: absent
+    existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}"
+    tower_host: "https://{{ awx_host }}"
+    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
+
 - name: Set boolean value to exit playbook
  set_fact:
    end_playbook: true
--- a/roles/matrix-awx/tasks/purge_media_main.yml
+++ b/roles/matrix-awx/tasks/purge_media_main.yml
@ -1,5 +1,5 @@

- name: Ensure dateutils and curl is installed in AWX
+- name: Ensure dateutils is installed in AWX
  delegate_to: 127.0.0.1
  yum:
    name: dateutils
@ -90,6 +90,15 @@
    msg: "{{ remote_media_size_after.stdout.split('\n') }}"
  when: matrix_purge_media_type == "Remote Media"

+- name: Delete the AWX session token for executing modules
+  awx.awx.tower_token:
+    description: 'AWX Session Token'
+    scope: "write"
+    state: absent
+    existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}"
+    tower_host: "https://{{ awx_host }}"
+    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
+
 - name: Set boolean value to exit playbook
  set_fact:
    end_playbook: true
--- a/roles/matrix-awx/tasks/rotate_ssh.yml
+++ b/roles/matrix-awx/tasks/rotate_ssh.yml
@ -6,6 +6,15 @@
    exclusive: yes
    key: "{{ lookup('file', '/var/lib/awx/projects/hosting/client_public.key') }}"

+- name: Delete the AWX session token for executing modules
+  awx.awx.tower_token:
+    description: 'AWX Session Token'
+    scope: "write"
+    state: absent
+    existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}"
+    tower_host: "https://{{ awx_host }}"
+    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
+
 - name: Set boolean value to exit playbook
  set_fact:
    end_playbook: true
--- a/roles/matrix-awx/tasks/set_variables_corporal.yml
+++ b/roles/matrix-awx/tasks/set_variables_corporal.yml
@ -218,13 +218,6 @@
 - debug:
    msg: "matrix_corporal_matrix_registration_shared_secret: {{ matrix_corporal_matrix_registration_shared_secret }}"

- name: Collect AWX admin token the hard way!
-  delegate_to: 127.0.0.1
-  shell: |
-      curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
-  register: tower_token
-  no_log: True
-
 - name: Recreate 'Configure Corporal (Advanced)' job template
  delegate_to: 127.0.0.1
  awx.awx.tower_job_template:
@ -242,6 +235,6 @@
    become_enabled: yes
    state: present
    verbosity: 1
-    tower_host: "https://{{ tower_host }}"
-    tower_oauthtoken: "{{ tower_token.stdout }}"
+    tower_host: "https://{{ awx_host }}"
+    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
    validate_certs: yes
--- a/roles/matrix-awx/tasks/set_variables_dimension.yml
+++ b/roles/matrix-awx/tasks/set_variables_dimension.yml
@ -82,13 +82,6 @@
    dest:  '/matrix/awx/configure_dimension.json'
    mode: '0660'

- name: Collect AWX admin token the hard way!
-  delegate_to: 127.0.0.1
-  shell: |
-      curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
-  register: tower_token
-  no_log: True
-
 - name: Recreate 'Configure Dimension' job template
  delegate_to: 127.0.0.1
  awx.awx.tower_job_template:
@ -106,6 +99,6 @@
    become_enabled: yes
    state: present
    verbosity: 1
-    tower_host: "https://{{ tower_host }}"
-    tower_oauthtoken: "{{ tower_token.stdout }}"
+    tower_host: "https://{{ awx_host }}"
+    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
    validate_certs: yes
--- a/roles/matrix-awx/tasks/set_variables_element.yml
+++ b/roles/matrix-awx/tasks/set_variables_element.yml
@ -40,13 +40,6 @@
    dest: '/matrix/awx/configure_element.json'
    mode: '0660'

- name: Collect AWX admin token the hard way!
-  delegate_to: 127.0.0.1
-  shell: |
-      curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
-  register: tower_token
-  no_log: True
-
 - name: Recreate 'Configure Element' job template
  delegate_to: 127.0.0.1
  awx.awx.tower_job_template:
@ -64,6 +57,6 @@
    become_enabled: yes
    state: present
    verbosity: 1
-    tower_host: "https://{{ tower_host }}"
-    tower_oauthtoken: "{{ tower_token.stdout }}"
+    tower_host: "https://{{ awx_host }}"
+    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
    validate_certs: yes
--- a/roles/matrix-awx/tasks/set_variables_element_subdomain.yml
+++ b/roles/matrix-awx/tasks/set_variables_element_subdomain.yml
@ -21,13 +21,6 @@
    dest: '/matrix/awx/configure_element_subdomain.json'
    mode: '0660'

- name: Collect AWX admin token the hard way!
-  delegate_to: 127.0.0.1
-  shell: |
-      curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
-  register: tower_token
-  no_log: True
-
 - name: Recreate 'Configure Element Subdomain' job template
  delegate_to: 127.0.0.1
  awx.awx.tower_job_template:
@ -44,6 +37,6 @@
    survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element_subdomain.json') }}"
    state: present
    verbosity: 1
-    tower_host: "https://{{ tower_host }}"
-    tower_oauthtoken: "{{ tower_token.stdout }}"
+    tower_host: "https://{{ awx_host }}"
+    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
    validate_certs: yes
--- a/roles/matrix-awx/tasks/set_variables_jitsi.yml
+++ b/roles/matrix-awx/tasks/set_variables_jitsi.yml
@ -22,13 +22,6 @@
    dest:  '/matrix/awx/configure_jitsi.json'
    mode: '0660'

- name: Collect AWX admin token the hard way!
-  delegate_to: 127.0.0.1
-  shell: |
-      curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
-  register: tower_token
-  no_log: True
-
 - name: Recreate 'Configure Jitsi' job template
  delegate_to: 127.0.0.1
  awx.awx.tower_job_template:
@ -46,6 +39,6 @@
    become_enabled: yes
    state: present
    verbosity: 1
-    tower_host: "https://{{ tower_host }}"
-    tower_oauthtoken: "{{ tower_token.stdout }}"
+    tower_host: "https://{{ awx_host }}"
+    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
    validate_certs: yes
--- a/roles/matrix-awx/tasks/set_variables_ma1sd.yml
+++ b/roles/matrix-awx/tasks/set_variables_ma1sd.yml
@ -79,13 +79,6 @@
    dest:  '/matrix/awx/configure_ma1sd.json'
    mode: '0660'

- name: Collect AWX admin token the hard way!
-  delegate_to: 127.0.0.1
-  shell: |
-      curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
-  register: tower_token
-  no_log: True
-
 - name: Recreate 'Configure ma1sd (Advanced)' job template
  delegate_to: 127.0.0.1
  awx.awx.tower_job_template:
@ -103,7 +96,7 @@
    become_enabled: yes
    state: present
    verbosity: 1
-    tower_host: "https://{{ tower_host }}"
-    tower_oauthtoken: "{{ tower_token.stdout }}"
+    tower_host: "https://{{ awx_host }}"
+    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
    validate_certs: yes

--- a/roles/matrix-awx/tasks/set_variables_mailer.yml
+++ b/roles/matrix-awx/tasks/set_variables_mailer.yml
@ -21,13 +21,6 @@
    dest: '/matrix/awx/configure_email_relay.json'
    mode: '0660'

- name: Collect AWX admin token the hard way!
-  delegate_to: 127.0.0.1
-  shell: |
-      curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
-  register: tower_token
-  no_log: True
-
 - name: Recreate 'Configure Email Relay' job template
  delegate_to: 127.0.0.1
  awx.awx.tower_job_template:
@ -45,6 +38,6 @@
    become_enabled: yes
    state: present
    verbosity: 1
-    tower_host: "https://{{ tower_host }}"
-    tower_oauthtoken: "{{ tower_token.stdout }}"
+    tower_host: "https://{{ awx_host }}"
+    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
    validate_certs: yes
--- a/roles/matrix-awx/tasks/set_variables_synapse.yml
+++ b/roles/matrix-awx/tasks/set_variables_synapse.yml
@ -200,13 +200,6 @@
    dest:  '/matrix/awx/configure_synapse.json'
    mode: '0660'

- name: Collect AWX admin token the hard way!
-  delegate_to: 127.0.0.1
-  shell: |
-      curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
-  register: tower_token
-  no_log: True
-
 - name: Recreate 'Configure Synapse' job template
  delegate_to: 127.0.0.1
  awx.awx.tower_job_template:
@ -224,6 +217,6 @@
    become_enabled: yes
    state: present
    verbosity: 1
-    tower_host: "https://{{ tower_host }}"
-    tower_oauthtoken: "{{ tower_token.stdout }}"
+    tower_host: "https://{{ awx_host }}"
+    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
    validate_certs: yes
--- a/roles/matrix-awx/tasks/set_variables_synapse_admin.yml
+++ b/roles/matrix-awx/tasks/set_variables_synapse_admin.yml
@ -21,13 +21,6 @@
    dest:  '/matrix/awx/configure_synapse_admin.json'
    mode: '0660'

- name: Collect AWX admin token the hard way!
-  delegate_to: 127.0.0.1
-  shell: |
-      curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
-  register: tower_token
-  no_log: True
-
 - name: Recreate 'Configure Synapse Admin' job template
  delegate_to: 127.0.0.1
  awx.awx.tower_job_template:
@ -45,6 +38,6 @@
    become_enabled: yes
    state: present
    verbosity: 1
-    tower_host: "https://{{ tower_host }}"
-    tower_oauthtoken: "{{ tower_token.stdout }}"
+    tower_host: "https://{{ awx_host }}"
+    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
    validate_certs: yes