Merge pull request spantaleev#1313 from GoMatrixHosting/gomatrixhosting-testing

Gomatrixhosting testing

Author: spantaleev

roles/matrix-awx/tasks/backup_server.yml

@@ -24,14 +24,6 @@
     mode: '0660'
   tags: use-survey
 
-- name: Collect AWX admin token the hard way!
-  delegate_to: 127.0.0.1
-  shell: |
-      curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
-  register: tower_token
-  no_log: True
-  tags: use-survey
-
 - name: Recreate 'Backup Server' job template
   delegate_to: 127.0.0.1
   awx.awx.tower_job_template:
@@ -49,8 +41,8 @@
     become_enabled: yes
     state: present
     verbosity: 1
-    tower_host: "https://{{ tower_host }}"
-    tower_oauthtoken: "{{ tower_token.stdout }}"
+    tower_host: "https://{{ awx_host }}"
+    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
     validate_certs: yes
   tags: use-survey
 
@@ -90,6 +82,15 @@
   command: borgmatic -c /root/.config/borgmatic/config_2.yaml
   when: matrix_awx_backup_enabled|bool
 
+- name: Delete the AWX session token for executing modules
+  awx.awx.tower_token:
+    description: 'AWX Session Token'
+    scope: "write"
+    state: absent
+    existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}"
+    tower_host: "https://{{ awx_host }}"
+    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
+
 - name: Set boolean value to exit playbook
   set_fact:
     end_playbook: true

roles/matrix-awx/tasks/create_session_token.yml

@@ -0,0 +1,10 @@
+
+- name: Create a AWX session token for executing modules
+  awx.awx.tower_token:
+    description: 'AWX Session Token'
+    scope: "write"
+    state: present
+    tower_host: "https://{{ awx_host }}"
+    tower_oauthtoken: "{{ awx_master_token }}"
+  register: awx_session_token
+  no_log: True

roles/matrix-awx/tasks/create_user.yml

@@ -23,6 +23,15 @@
     /usr/local/bin/matrix-synapse-register-user {{ new_username | quote }} {{ new_password | quote }} {{ admin_bool }}
   register: cmd
 
+- name: Delete the AWX session token for executing modules
+  awx.awx.tower_token:
+    description: 'AWX Session Token'
+    scope: "write"
+    state: absent
+    existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}"
+    tower_host: "https://{{ awx_host }}"
+    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
+
 - name: Result
   debug: msg="{{ cmd.stdout }}"
 

roles/matrix-awx/tasks/customise_website_access_export.yml

@@ -77,13 +77,6 @@
     mode: '0660'
   when: customise_base_domain_website is undefined
 
-- name: Collect AWX admin token the hard way!
-  delegate_to: 127.0.0.1
-  shell: |
-      curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
-  register: tower_token
-  no_log: True
-
 - name: Recreate 'Configure Website + Access Export' job template
   delegate_to: 127.0.0.1
   awx.awx.tower_job_template:
@@ -101,8 +94,8 @@
     become_enabled: yes
     state: present
     verbosity: 1
-    tower_host: "https://{{ tower_host }}"
-    tower_oauthtoken: "{{ tower_token.stdout }}"
+    tower_host: "https://{{ awx_host }}"
+    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
     validate_certs: yes
   when: customise_base_domain_website is defined
 
@@ -123,8 +116,8 @@
     become_enabled: yes
     state: present
     verbosity: 1
-    tower_host: "https://{{ tower_host }}"
-    tower_oauthtoken: "{{ tower_token.stdout }}"
+    tower_host: "https://{{ awx_host }}"
+    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
     validate_certs: yes
   when: customise_base_domain_website is undefined
 

roles/matrix-awx/tasks/delete_session_token.yml

@@ -0,0 +1,9 @@
+
+- name: Delete the AWX session token for executing modules
+  awx.awx.tower_token:
+    description: 'AWX Session Token'
+    scope: "write"
+    state: absent
+    existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}"
+    tower_host: "https://{{ awx_host }}"
+    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"

roles/matrix-awx/tasks/export_server.yml

@@ -24,6 +24,15 @@
     units: days
     unique: yes
 
+- name: Delete the AWX session token for executing modules
+  awx.awx.tower_token:
+    description: 'AWX Session Token'
+    scope: "write"
+    state: absent
+    existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}"
+    tower_host: "https://{{ awx_host }}"
+    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
+
 - name: Set boolean value to exit playbook
   set_fact:
     end_playbook: true

roles/matrix-awx/tasks/load_hosting_and_org_variables.yml

@@ -9,3 +9,7 @@
     file: '/var/lib/awx/projects/hosting/hosting_vars.yml'
   no_log: True
 
+- name: Include AWX master token from awx_tokens.yml
+  include_vars:
+    file: /var/lib/awx/projects/hosting/awx_tokens.yml
+  no_log: True

roles/matrix-awx/tasks/main.yml

@@ -17,6 +17,15 @@
   tags:
     - always
 
+# Create AWX session token
+- include_tasks: 
+    file: "create_session_token.yml"
+    apply:
+      tags: always
+  when: run_setup|bool and matrix_awx_enabled|bool
+  tags:
+    - always
+
 # Perform a backup of the server
 - include_tasks: 
     file: "backup_server.yml"
@@ -188,6 +197,15 @@
   tags:
     - setup-synapse-admin
 
+# Delete AWX session token
+- include_tasks: 
+    file: "delete_session_token.yml"
+    apply:
+      tags: always
+  when: run_setup|bool and matrix_awx_enabled|bool
+  tags:
+    - always
+
 # Load newly formed matrix variables from AWX volume
 - include_tasks: 
     file: "load_matrix_variables.yml"

roles/matrix-awx/tasks/purge_database_main.yml

@@ -5,18 +5,18 @@
     name: dateutils
     state: latest
 
-- name: Ensure dateutils, curl and jq intalled on target machine
+- name: Include vars in matrix_vars.yml
+  include_vars:
+    file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+  no_log: True
+
+- name: Ensure curl and jq intalled on target machine
   apt:
     pkg:
     - curl
     - jq
     state: present
 
-- name: Include vars in matrix_vars.yml
-  include_vars:
-    file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
-  no_log: True
-
 - name: Collect before shrink size of Synapse database
   shell: du -sh /matrix/postgres/data
   register: db_size_before_stat
@@ -144,13 +144,6 @@
   loop: "{{ room_list_state_events.splitlines() | flatten(levels=1) }}"
   when: purge_mode.find("Number of events [slower]") != -1
 
-- name: Collect AWX admin token the hard way!
-  delegate_to: 127.0.0.1
-  shell: |
-      curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
-  register: tower_token
-  no_log: True
-
 - name: Adjust 'Deploy/Update a Server' job template
   delegate_to: 127.0.0.1
   awx.awx.tower_job_template:
@@ -165,8 +158,8 @@
     credential: "{{ member_id }} - AWX SSH Key"
     state: present
     verbosity: 1
-    tower_host: "https://{{ tower_host }}"
-    tower_oauthtoken: "{{ tower_token.stdout }}"
+    tower_host: "https://{{ awx_host }}"
+    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
     validate_certs: yes
   when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1) or (purge_mode.find("Skip purging rooms [faster]") != -1)
 
@@ -175,8 +168,8 @@
   awx.awx.tower_job_launch:
     job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server"
     wait: yes
-    tower_host: "https://{{ tower_host }}"
-    tower_oauthtoken: "{{ tower_token.stdout }}"
+    tower_host: "https://{{ awx_host }}"
+    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
     validate_certs: yes 
   when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1) or (purge_mode.find("Skip purging rooms [faster]") != -1)
 
@@ -194,8 +187,8 @@
     credential: "{{ member_id }} - AWX SSH Key"
     state: present
     verbosity: 1
-    tower_host: "https://{{ tower_host }}"
-    tower_oauthtoken: "{{ tower_token.stdout }}"
+    tower_host: "https://{{ awx_host }}"
+    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
     validate_certs: yes
   when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1) or (purge_mode.find("Skip purging rooms [faster]") != -1)
 
@@ -231,8 +224,8 @@
     credential: "{{ member_id }} - AWX SSH Key"
     state: present
     verbosity: 1
-    tower_host: "https://{{ tower_host }}"
-    tower_oauthtoken: "{{ tower_token.stdout }}"
+    tower_host: "https://{{ awx_host }}"
+    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
     validate_certs: yes
   when: (purge_mode.find("Perform final shrink") != -1)
 
@@ -241,8 +234,8 @@
   awx.awx.tower_job_launch:
     job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server"
     wait: yes
-    tower_host: "https://{{ tower_host }}"
-    tower_oauthtoken: "{{ tower_token.stdout }}"
+    tower_host: "https://{{ awx_host }}"
+    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
     validate_certs: yes 
   when: (purge_mode.find("Perform final shrink") != -1)
 
@@ -260,8 +253,8 @@
     credential: "{{ member_id }} - AWX SSH Key"
     state: present
     verbosity: 1
-    tower_host: "https://{{ tower_host }}"
-    tower_oauthtoken: "{{ tower_token.stdout }}"
+    tower_host: "https://{{ awx_host }}"
+    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
     validate_certs: yes
   when: (purge_mode.find("Perform final shrink") != -1)
 
@@ -308,6 +301,15 @@
     msg: "{{ db_size_after_stat.stdout.split('\n') }}"
   when: (db_size_after_stat is defined) and (purge_mode.find("Perform final shrink") != -1)
 
+- name: Delete the AWX session token for executing modules
+  awx.awx.tower_token:
+    description: 'AWX Session Token'
+    scope: "write"
+    state: absent
+    existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}"
+    tower_host: "https://{{ awx_host }}"
+    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
+
 - name: Set boolean value to exit playbook
   set_fact:
     end_playbook: true

roles/matrix-awx/tasks/purge_media_main.yml

@@ -1,5 +1,5 @@
 
-- name: Ensure dateutils and curl is installed in AWX
+- name: Ensure dateutils is installed in AWX
   delegate_to: 127.0.0.1
   yum:
     name: dateutils
@@ -90,6 +90,15 @@
     msg: "{{ remote_media_size_after.stdout.split('\n') }}"
   when: matrix_purge_media_type == "Remote Media"
 
+- name: Delete the AWX session token for executing modules
+  awx.awx.tower_token:
+    description: 'AWX Session Token'
+    scope: "write"
+    state: absent
+    existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}"
+    tower_host: "https://{{ awx_host }}"
+    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
+
 - name: Set boolean value to exit playbook
   set_fact:
     end_playbook: true