From c8744ef9a9bb12707fc803adb6703d587ddb12da Mon Sep 17 00:00:00 2001 From: Michael Collins Date: Fri, 1 Oct 2021 18:56:38 +0800 Subject: [PATCH] update deploy role for new awx token authentication method --- roles/matrix-awx/tasks/backup_server.yml | 21 ++++---- .../matrix-awx/tasks/create_session_token.yml | 9 ++++ roles/matrix-awx/tasks/create_user.yml | 9 ++++ .../tasks/customise_website_access_export.yml | 15 ++---- .../matrix-awx/tasks/delete_session_token.yml | 9 ++++ roles/matrix-awx/tasks/export_server.yml | 9 ++++ .../tasks/load_hosting_and_org_variables.yml | 4 ++ roles/matrix-awx/tasks/main.yml | 18 +++++++ .../matrix-awx/tasks/purge_database_main.yml | 52 ++++++++++--------- roles/matrix-awx/tasks/purge_media_main.yml | 11 +++- roles/matrix-awx/tasks/rotate_ssh.yml | 9 ++++ .../tasks/set_variables_corporal.yml | 11 +--- .../tasks/set_variables_dimension.yml | 11 +--- .../tasks/set_variables_element.yml | 11 +--- .../tasks/set_variables_element_subdomain.yml | 11 +--- .../matrix-awx/tasks/set_variables_jitsi.yml | 11 +--- .../matrix-awx/tasks/set_variables_ma1sd.yml | 11 +--- .../matrix-awx/tasks/set_variables_mailer.yml | 11 +--- .../tasks/set_variables_synapse.yml | 11 +--- .../tasks/set_variables_synapse_admin.yml | 11 +--- 20 files changed, 137 insertions(+), 128 deletions(-) create mode 100644 roles/matrix-awx/tasks/create_session_token.yml create mode 100644 roles/matrix-awx/tasks/delete_session_token.yml diff --git a/roles/matrix-awx/tasks/backup_server.yml b/roles/matrix-awx/tasks/backup_server.yml index b7a82b96..c328e868 100644 --- a/roles/matrix-awx/tasks/backup_server.yml +++ b/roles/matrix-awx/tasks/backup_server.yml @@ -24,14 +24,6 @@ mode: '0660' tags: use-survey -- name: Collect AWX admin token the hard way! - delegate_to: 127.0.0.1 - shell: | - curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' - register: tower_token - no_log: True - tags: use-survey - - name: Recreate 'Backup Server' job template delegate_to: 127.0.0.1 awx.awx.tower_job_template: @@ -49,8 +41,8 @@ become_enabled: yes state: present verbosity: 1 - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" validate_certs: yes tags: use-survey @@ -90,6 +82,15 @@ command: borgmatic -c /root/.config/borgmatic/config_2.yaml when: matrix_awx_backup_enabled|bool +- name: Delete the AWX session token for executing modules + awx.awx.tower_token: + description: 'AWX Session Token' + scope: "write" + state: absent + existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" + - name: Set boolean value to exit playbook set_fact: end_playbook: true diff --git a/roles/matrix-awx/tasks/create_session_token.yml b/roles/matrix-awx/tasks/create_session_token.yml new file mode 100644 index 00000000..ce607503 --- /dev/null +++ b/roles/matrix-awx/tasks/create_session_token.yml @@ -0,0 +1,9 @@ + +- name: Create a AWX session token for executing modules + awx.awx.tower_token: + description: 'AWX Session Token' + scope: "write" + state: present + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_master_token }}" + register: awx_session_token diff --git a/roles/matrix-awx/tasks/create_user.yml b/roles/matrix-awx/tasks/create_user.yml index 13a30596..3f4131c4 100755 --- a/roles/matrix-awx/tasks/create_user.yml +++ b/roles/matrix-awx/tasks/create_user.yml @@ -23,6 +23,15 @@ /usr/local/bin/matrix-synapse-register-user {{ new_username | quote }} {{ new_password | quote }} {{ admin_bool }} register: cmd +- name: Delete the AWX session token for executing modules + awx.awx.tower_token: + description: 'AWX Session Token' + scope: "write" + state: absent + existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" + - name: Result debug: msg="{{ cmd.stdout }}" diff --git a/roles/matrix-awx/tasks/customise_website_access_export.yml b/roles/matrix-awx/tasks/customise_website_access_export.yml index d4f48f42..076e3188 100755 --- a/roles/matrix-awx/tasks/customise_website_access_export.yml +++ b/roles/matrix-awx/tasks/customise_website_access_export.yml @@ -77,13 +77,6 @@ mode: '0660' when: customise_base_domain_website is undefined -- name: Collect AWX admin token the hard way! - delegate_to: 127.0.0.1 - shell: | - curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' - register: tower_token - no_log: True - - name: Recreate 'Configure Website + Access Export' job template delegate_to: 127.0.0.1 awx.awx.tower_job_template: @@ -101,8 +94,8 @@ become_enabled: yes state: present verbosity: 1 - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" validate_certs: yes when: customise_base_domain_website is defined @@ -123,8 +116,8 @@ become_enabled: yes state: present verbosity: 1 - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" validate_certs: yes when: customise_base_domain_website is undefined diff --git a/roles/matrix-awx/tasks/delete_session_token.yml b/roles/matrix-awx/tasks/delete_session_token.yml new file mode 100644 index 00000000..2a8d2da6 --- /dev/null +++ b/roles/matrix-awx/tasks/delete_session_token.yml @@ -0,0 +1,9 @@ + +- name: Delete the AWX session token for executing modules + awx.awx.tower_token: + description: 'AWX Session Token' + scope: "write" + state: absent + existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" diff --git a/roles/matrix-awx/tasks/export_server.yml b/roles/matrix-awx/tasks/export_server.yml index c70b0beb..1347c5b9 100644 --- a/roles/matrix-awx/tasks/export_server.yml +++ b/roles/matrix-awx/tasks/export_server.yml @@ -24,6 +24,15 @@ units: days unique: yes +- name: Delete the AWX session token for executing modules + awx.awx.tower_token: + description: 'AWX Session Token' + scope: "write" + state: absent + existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" + - name: Set boolean value to exit playbook set_fact: end_playbook: true diff --git a/roles/matrix-awx/tasks/load_hosting_and_org_variables.yml b/roles/matrix-awx/tasks/load_hosting_and_org_variables.yml index ea866254..aab7250a 100644 --- a/roles/matrix-awx/tasks/load_hosting_and_org_variables.yml +++ b/roles/matrix-awx/tasks/load_hosting_and_org_variables.yml @@ -9,3 +9,7 @@ file: '/var/lib/awx/projects/hosting/hosting_vars.yml' no_log: True +- name: Include AWX master token from awx_tokens.yml + include_vars: + file: /var/lib/awx/projects/hosting/awx_tokens.yml + no_log: True diff --git a/roles/matrix-awx/tasks/main.yml b/roles/matrix-awx/tasks/main.yml index 0b804e17..ceb697ec 100755 --- a/roles/matrix-awx/tasks/main.yml +++ b/roles/matrix-awx/tasks/main.yml @@ -17,6 +17,15 @@ tags: - always +# Create AWX session token +- include_tasks: + file: "create_session_token.yml" + apply: + tags: always + when: run_setup|bool and matrix_awx_enabled|bool + tags: + - always + # Perform a backup of the server - include_tasks: file: "backup_server.yml" @@ -188,6 +197,15 @@ tags: - setup-synapse-admin +# Delete AWX session token +- include_tasks: + file: "delete_session_token.yml" + apply: + tags: always + when: run_setup|bool and matrix_awx_enabled|bool + tags: + - always + # Load newly formed matrix variables from AWX volume - include_tasks: file: "load_matrix_variables.yml" diff --git a/roles/matrix-awx/tasks/purge_database_main.yml b/roles/matrix-awx/tasks/purge_database_main.yml index 76a437e1..e7e98627 100644 --- a/roles/matrix-awx/tasks/purge_database_main.yml +++ b/roles/matrix-awx/tasks/purge_database_main.yml @@ -5,18 +5,18 @@ name: dateutils state: latest -- name: Ensure dateutils, curl and jq intalled on target machine +- name: Include vars in matrix_vars.yml + include_vars: + file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + no_log: True + +- name: Ensure curl and jq intalled on target machine apt: pkg: - curl - jq state: present -- name: Include vars in matrix_vars.yml - include_vars: - file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - no_log: True - - name: Collect before shrink size of Synapse database shell: du -sh /matrix/postgres/data register: db_size_before_stat @@ -144,13 +144,6 @@ loop: "{{ room_list_state_events.splitlines() | flatten(levels=1) }}" when: purge_mode.find("Number of events [slower]") != -1 -- name: Collect AWX admin token the hard way! - delegate_to: 127.0.0.1 - shell: | - curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' - register: tower_token - no_log: True - - name: Adjust 'Deploy/Update a Server' job template delegate_to: 127.0.0.1 awx.awx.tower_job_template: @@ -165,8 +158,8 @@ credential: "{{ member_id }} - AWX SSH Key" state: present verbosity: 1 - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" validate_certs: yes when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1) or (purge_mode.find("Skip purging rooms [faster]") != -1) @@ -175,8 +168,8 @@ awx.awx.tower_job_launch: job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server" wait: yes - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" validate_certs: yes when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1) or (purge_mode.find("Skip purging rooms [faster]") != -1) @@ -194,8 +187,8 @@ credential: "{{ member_id }} - AWX SSH Key" state: present verbosity: 1 - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" validate_certs: yes when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1) or (purge_mode.find("Skip purging rooms [faster]") != -1) @@ -231,8 +224,8 @@ credential: "{{ member_id }} - AWX SSH Key" state: present verbosity: 1 - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" validate_certs: yes when: (purge_mode.find("Perform final shrink") != -1) @@ -241,8 +234,8 @@ awx.awx.tower_job_launch: job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server" wait: yes - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" validate_certs: yes when: (purge_mode.find("Perform final shrink") != -1) @@ -260,8 +253,8 @@ credential: "{{ member_id }} - AWX SSH Key" state: present verbosity: 1 - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" validate_certs: yes when: (purge_mode.find("Perform final shrink") != -1) @@ -308,6 +301,15 @@ msg: "{{ db_size_after_stat.stdout.split('\n') }}" when: (db_size_after_stat is defined) and (purge_mode.find("Perform final shrink") != -1) +- name: Delete the AWX session token for executing modules + awx.awx.tower_token: + description: 'AWX Session Token' + scope: "write" + state: absent + existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" + - name: Set boolean value to exit playbook set_fact: end_playbook: true diff --git a/roles/matrix-awx/tasks/purge_media_main.yml b/roles/matrix-awx/tasks/purge_media_main.yml index 84e73a8b..b24ac368 100644 --- a/roles/matrix-awx/tasks/purge_media_main.yml +++ b/roles/matrix-awx/tasks/purge_media_main.yml @@ -1,5 +1,5 @@ -- name: Ensure dateutils and curl is installed in AWX +- name: Ensure dateutils is installed in AWX delegate_to: 127.0.0.1 yum: name: dateutils @@ -90,6 +90,15 @@ msg: "{{ remote_media_size_after.stdout.split('\n') }}" when: matrix_purge_media_type == "Remote Media" +- name: Delete the AWX session token for executing modules + awx.awx.tower_token: + description: 'AWX Session Token' + scope: "write" + state: absent + existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" + - name: Set boolean value to exit playbook set_fact: end_playbook: true diff --git a/roles/matrix-awx/tasks/rotate_ssh.yml b/roles/matrix-awx/tasks/rotate_ssh.yml index 8383e81e..109dd8e2 100644 --- a/roles/matrix-awx/tasks/rotate_ssh.yml +++ b/roles/matrix-awx/tasks/rotate_ssh.yml @@ -6,6 +6,15 @@ exclusive: yes key: "{{ lookup('file', '/var/lib/awx/projects/hosting/client_public.key') }}" +- name: Delete the AWX session token for executing modules + awx.awx.tower_token: + description: 'AWX Session Token' + scope: "write" + state: absent + existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" + - name: Set boolean value to exit playbook set_fact: end_playbook: true diff --git a/roles/matrix-awx/tasks/set_variables_corporal.yml b/roles/matrix-awx/tasks/set_variables_corporal.yml index 6ae187c7..27a428cd 100755 --- a/roles/matrix-awx/tasks/set_variables_corporal.yml +++ b/roles/matrix-awx/tasks/set_variables_corporal.yml @@ -218,13 +218,6 @@ - debug: msg: "matrix_corporal_matrix_registration_shared_secret: {{ matrix_corporal_matrix_registration_shared_secret }}" -- name: Collect AWX admin token the hard way! - delegate_to: 127.0.0.1 - shell: | - curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' - register: tower_token - no_log: True - - name: Recreate 'Configure Corporal (Advanced)' job template delegate_to: 127.0.0.1 awx.awx.tower_job_template: @@ -242,6 +235,6 @@ become_enabled: yes state: present verbosity: 1 - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" validate_certs: yes diff --git a/roles/matrix-awx/tasks/set_variables_dimension.yml b/roles/matrix-awx/tasks/set_variables_dimension.yml index 53a4dbfc..338cd82c 100644 --- a/roles/matrix-awx/tasks/set_variables_dimension.yml +++ b/roles/matrix-awx/tasks/set_variables_dimension.yml @@ -82,13 +82,6 @@ dest: '/matrix/awx/configure_dimension.json' mode: '0660' -- name: Collect AWX admin token the hard way! - delegate_to: 127.0.0.1 - shell: | - curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' - register: tower_token - no_log: True - - name: Recreate 'Configure Dimension' job template delegate_to: 127.0.0.1 awx.awx.tower_job_template: @@ -106,6 +99,6 @@ become_enabled: yes state: present verbosity: 1 - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" validate_certs: yes diff --git a/roles/matrix-awx/tasks/set_variables_element.yml b/roles/matrix-awx/tasks/set_variables_element.yml index 29aac37f..233a49fe 100755 --- a/roles/matrix-awx/tasks/set_variables_element.yml +++ b/roles/matrix-awx/tasks/set_variables_element.yml @@ -40,13 +40,6 @@ dest: '/matrix/awx/configure_element.json' mode: '0660' -- name: Collect AWX admin token the hard way! - delegate_to: 127.0.0.1 - shell: | - curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' - register: tower_token - no_log: True - - name: Recreate 'Configure Element' job template delegate_to: 127.0.0.1 awx.awx.tower_job_template: @@ -64,6 +57,6 @@ become_enabled: yes state: present verbosity: 1 - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" validate_certs: yes diff --git a/roles/matrix-awx/tasks/set_variables_element_subdomain.yml b/roles/matrix-awx/tasks/set_variables_element_subdomain.yml index 87259d0f..f6f36393 100644 --- a/roles/matrix-awx/tasks/set_variables_element_subdomain.yml +++ b/roles/matrix-awx/tasks/set_variables_element_subdomain.yml @@ -21,13 +21,6 @@ dest: '/matrix/awx/configure_element_subdomain.json' mode: '0660' -- name: Collect AWX admin token the hard way! - delegate_to: 127.0.0.1 - shell: | - curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' - register: tower_token - no_log: True - - name: Recreate 'Configure Element Subdomain' job template delegate_to: 127.0.0.1 awx.awx.tower_job_template: @@ -44,6 +37,6 @@ survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element_subdomain.json') }}" state: present verbosity: 1 - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" validate_certs: yes diff --git a/roles/matrix-awx/tasks/set_variables_jitsi.yml b/roles/matrix-awx/tasks/set_variables_jitsi.yml index 9c610685..6b01a2c3 100755 --- a/roles/matrix-awx/tasks/set_variables_jitsi.yml +++ b/roles/matrix-awx/tasks/set_variables_jitsi.yml @@ -22,13 +22,6 @@ dest: '/matrix/awx/configure_jitsi.json' mode: '0660' -- name: Collect AWX admin token the hard way! - delegate_to: 127.0.0.1 - shell: | - curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' - register: tower_token - no_log: True - - name: Recreate 'Configure Jitsi' job template delegate_to: 127.0.0.1 awx.awx.tower_job_template: @@ -46,6 +39,6 @@ become_enabled: yes state: present verbosity: 1 - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" validate_certs: yes diff --git a/roles/matrix-awx/tasks/set_variables_ma1sd.yml b/roles/matrix-awx/tasks/set_variables_ma1sd.yml index 50aea14c..6b4b09e3 100755 --- a/roles/matrix-awx/tasks/set_variables_ma1sd.yml +++ b/roles/matrix-awx/tasks/set_variables_ma1sd.yml @@ -79,13 +79,6 @@ dest: '/matrix/awx/configure_ma1sd.json' mode: '0660' -- name: Collect AWX admin token the hard way! - delegate_to: 127.0.0.1 - shell: | - curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' - register: tower_token - no_log: True - - name: Recreate 'Configure ma1sd (Advanced)' job template delegate_to: 127.0.0.1 awx.awx.tower_job_template: @@ -103,7 +96,7 @@ become_enabled: yes state: present verbosity: 1 - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" validate_certs: yes diff --git a/roles/matrix-awx/tasks/set_variables_mailer.yml b/roles/matrix-awx/tasks/set_variables_mailer.yml index 924454d6..ee530e60 100644 --- a/roles/matrix-awx/tasks/set_variables_mailer.yml +++ b/roles/matrix-awx/tasks/set_variables_mailer.yml @@ -21,13 +21,6 @@ dest: '/matrix/awx/configure_email_relay.json' mode: '0660' -- name: Collect AWX admin token the hard way! - delegate_to: 127.0.0.1 - shell: | - curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' - register: tower_token - no_log: True - - name: Recreate 'Configure Email Relay' job template delegate_to: 127.0.0.1 awx.awx.tower_job_template: @@ -45,6 +38,6 @@ become_enabled: yes state: present verbosity: 1 - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" validate_certs: yes diff --git a/roles/matrix-awx/tasks/set_variables_synapse.yml b/roles/matrix-awx/tasks/set_variables_synapse.yml index 53d78081..d32d18e1 100755 --- a/roles/matrix-awx/tasks/set_variables_synapse.yml +++ b/roles/matrix-awx/tasks/set_variables_synapse.yml @@ -200,13 +200,6 @@ dest: '/matrix/awx/configure_synapse.json' mode: '0660' -- name: Collect AWX admin token the hard way! - delegate_to: 127.0.0.1 - shell: | - curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' - register: tower_token - no_log: True - - name: Recreate 'Configure Synapse' job template delegate_to: 127.0.0.1 awx.awx.tower_job_template: @@ -224,6 +217,6 @@ become_enabled: yes state: present verbosity: 1 - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" validate_certs: yes diff --git a/roles/matrix-awx/tasks/set_variables_synapse_admin.yml b/roles/matrix-awx/tasks/set_variables_synapse_admin.yml index fa922de4..972c4512 100644 --- a/roles/matrix-awx/tasks/set_variables_synapse_admin.yml +++ b/roles/matrix-awx/tasks/set_variables_synapse_admin.yml @@ -21,13 +21,6 @@ dest: '/matrix/awx/configure_synapse_admin.json' mode: '0660' -- name: Collect AWX admin token the hard way! - delegate_to: 127.0.0.1 - shell: | - curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' - register: tower_token - no_log: True - - name: Recreate 'Configure Synapse Admin' job template delegate_to: 127.0.0.1 awx.awx.tower_job_template: @@ -45,6 +38,6 @@ become_enabled: yes state: present verbosity: 1 - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" + tower_host: "https://{{ awx_host }}" + tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" validate_certs: yes