{{tag>Brouillon Ansible Tower CA}}
= Ansible AWX - Tower Cli
Voir :
* https://docs.ansible.com/ansible-tower/latest/html/towercli/usage.html
* [[https://github.com/ansible/awx/blob/devel/INSTALL.md#installing-the-awx-cli|awxkit]]
pip3 install awxkit
export AWXKIT_API_BASE_PATH=/api/controller/
awx --help
Connexion
export TOWER_HOST=https://aap.acme.local
export TOWER_USERNAME=jean
export TOWER_VERIFY_SSL=false
read -s TOWER_PASSWORD
#awx login --conf.host "$TOWER_HOST" --conf.username "$TOWER_USERNAME" --conf.password "$TOWER_PASSWORD" -k
awx login
awx ping | jq
Export
# awx --conf.host $TOWER_HOST --conf.token "TOKEN" export --projects "PLOP" > projects_PLOP.json
# awx --conf.host $TOWER_HOST --conf.token "TOKEN" export --inventory "PLOP" > inventory_PLOP.json
awx export --job_templates 42
awx export --job_template "plop" > tpl_plop.json
awx export --credentials "IOPS_GIT" > credentials_IOPS_GIT.json
# Exemple avec : http://localhost:3000/#/inventories/inventory/4/sources/15/details
awx export --inventory 4
# Il ne faut pas le numero de l'inventaire, mais celui de la source
awx export --inventory_source 15
awx -f yaml export > all.yaml
Vérif
for fic in tpl_*.json* ; do awx export --job_templates "$(cat $fic |jq -r '.job_templates[0].name')" > $fic.verif ; done
Import
export TOWER_HOST=https://aap.acme.local
awx login
awx import -v < tpl_388.json 2>err.log
awx import < credentials_IOPS_GIT.json
awx import < tpl_388.json
Autres commandes
awx jobs list --controller_node "old-aap.acme.local" -f human --filter id,name,started,completed --all
awx job_templates get 176
awx job list -f human
awx jobs list --all -f human --filter 'id,name,status'
awx job stdout 6
--------------------------------------
Alternatives à Ansible Tower / APP :
* [[Notes Ansible SemaphoreUI]]
* [[https://polemarch.org|Polemarch]]
* [[https://blog.stephane-robert.info/post/rundeck-ansible-gerer-votre-infrastructure/|Rundeck + Ansible]]
* Gitlab-CI
Voir aussi
* [[https://linuxfr.org/news/squest-portail-de-services-pour-sre-devops-en-frontal-d-ansible-tower-awx|Squest]]
* https://fak3r.com/2019/01/17/automate-ansible-tower-cli/
''tower-job.sh''
#!/bin/bash
# tower-job
# https://gist.github.com/philcryer/fdce90d0b06517a49ff2fdba41b579df
# Variables
tower_template_id=574
# Directions
#
# install tower-cli
# sudo pip install tower-cli
#
# put this file in a root of your project
# {{ project_root }}/tower-job
#
# create a file ~/.tower-cli.cfg with contents:
#
# [general]
# host = fqdn.yourhost.com
# username = your-username
# password = ssssshhhhhhhh
#
# add variables from your tower survey to a vars file. we'll use group_vars/tower-job.yml
# ---
# survey_env: "DEV"
# survey_version: "2.0"
# survey_mychart_customer: "bob"
#
# define your job template ID # in variables above
# job_template_id=574
#
# make this file executable
# chmod 755 tower-job
#
# then run it
# ./tower-job
set -e
if [ ! -d 'group_vars' ]; then
echo "No group_vars found, run this out of root of project"; exit 1
fi
tower-cli job launch --job-template=$tower_template_id --extra-vars="@group_vars/tower-job.yml" | tee tower-job.pid
job_id=$(cat tower-job.pid | tail -n2 | head -n1 | awk '{print $1}')
rm tower-job.pid
while [ $(tower-cli job list --status=running | grep $job_id | wc -l) -lt '1' ]; do
echo -n "-"; sleep 5;
done;
tower-cli job monitor $job_id
exit 0
https://www.insentra.com.au/protecting-the-automation-engine-backup-for-ansible-awx-project/
Voir aussi :
* http://www.randomlyexpressed.com/awx-tower-cli-playbook-with-extra-variables/
* https://stackoverflow.com/questions/47662759/launching-and-monitoring-a-job-at-the-same-time-in-ansible-tower-cli?rq=1
* https://www.unixarena.com/2019/03/ansible-tower-awx-installing-configuring-tower-cli.html/
* https://medium.com/@ripon.banik/getting-started-with-ansible-tower-awx-part2-74ad8e380d34
* https://www.unixarena.com/2019/03/ansible-tower-awx-installing-configuring-tower-cli.html/
* https://techbloc.net/archives/3333
== API Tower / AWS
API Tower
pip install ansible-tower-cli
https://docs.ansible.com/ansible-tower/3.3.6/html/administration/tipsandtricks.html
https://docs.ansible.com/ansible-tower/latest/html/administration/tipsandtricks.html
tower-cli job launch --job-template=4 -v
AWX CLI
https://docs.ansible.com/ansible-tower/latest/html/towercli/usage.html
tower-cli job launch --job-template=666 --extra-vars="version=15601 githubuser=tomfotherby"
https://mitmproxy.org/#mitmproxy
https://sourceforge.net/projects/paros/
Ansible Tower API Guide
https://fixes.co.za/ansible/awx-rest-api/
https://github.com/karatelabs/karate
== Access Control - RBAC
Authentification
Controle d'acces (Authorization)
Imputabilité (Accoutability)
Tracabilité (Traceability)
Disponibilité (Availability)
Confidentialité (Confidentiality)
Habilitation :
[[https://www.youtube.com/watch?v=aJn0v9OR4K8|Vidéo - Infuser du métier dans les autorisations avec ReBAC (Geoffroy BRAUN et Pauline JAMIN)]]
RBAC :
* https://en.wikipedia.org/wiki/Computer_security_model
* https://idento.fr/modeles-dhabilitation/
* https://gandalsmart.com/controle-dacces-modeles-dac-mac-abac-rbac-historique-et-evolution/
* https://www.riskinsight-wavestone.com/2020/12/refondre-son-modele-dhabilitation-les-questions-essentielles-1-2/
Voir :
* https://docs.ansible.com/ansible-tower/latest/html/administration/tipsandtricks.html#using-the-tower-cli-tool
* https://docs.ansible.com/ansible-tower/latest/html/userguide/security.html#rbac-ug
* https://docs.ansible.com/ansible-tower/3.4.0/html/upgrade-migration-guide/rbac_considerations.html
* https://docs.ansible.com/automation-controller/latest/html/upgrade-migration-guide/rbac_considerations.html
* https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_identity_management/using-ansible-playbooks-to-manage-role-based-access-control-in-idm_configuring-and-managing-idm#using-ansible-to-ensure-an-idm-rbac-role-is-absent_using-ansible-playbooks-to-manage-role-based-access-control-in-idm
* https://docs.ansible.com/ansible-tower/latest/html/userguide/organizations.html#organizations-permissions
Execute Role
* https://goetzrieger.github.io/ansible-tower-getting-started/5-rbac/
https://www.unixarena.com/2019/03/ansible-tower-awx-configuring-role-based-access-rbac.html/
How Can I Map Organizations and Teams with LDAP in Ansible Tower?
* https://access.redhat.com/solutions/2994061
Ansible Tower Teams
Teams provide a means to implement role-based access control schemes and delegate responsibilities across organizations.
----------------
tower-cli workflow_job list -W 2389 --status running