JonTheNiceGuy/Install_AWX.yml Secret

## Install_AWX.yml
---
- name: Install Docker
  hosts: localhost
  become: true
  handlers:
  - name: Start Docker
    systemd:
      name: docker
      state: started

  tasks:
  - name: Update all packages
    dnf:
      name: "*"
      state: latest

  - name: Add dependency for "yum config-manager"
    dnf:
      name: yum-utils
      state: present

  - name: Add the Docker Repo
    shell: yum config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
    args:
      creates: /etc/yum.repos.d/docker-ce.repo
      warn: false

  - name: Install Docker
    dnf:
      name:
      - docker-ce
      - docker-ce-cli
      - containerd.io
      state: present
    notify: Start Docker

  - name: Flush Handlers
    meta: flush_handlers

- name: Load AWX sources, configure and install
  hosts: localhost
  become: true
  tasks:
  - name: Set or Read admin password
    set_fact:
      admin_password_was_generated: "{{ (admin_password is defined or lookup('env', 'admin_password') != '') | ternary(false, true) }}"
      admin_password: "{{ admin_password | default (lookup('env', 'admin_password') | default(lookup('password', 'pw.admin_password chars=ascii_letters,digits length=20'), true) ) }}"

  - name: Clone AWX repo to local path
    git:
      repo: https://github.com/ansible/awx.git
      dest: /opt/awx

  - name: Get latest AWX tag
    shell: |
      if [ $(git status -s | wc -l) -gt 0 ]
      then
        git stash >/dev/null 2>&1
      fi
      git fetch --tags && git describe --tags $(git rev-list --tags --max-count=1)
      if [ $(git stash list | wc -l) -gt 0 ]
      then
        git stash pop >/dev/null 2>&1
      fi
    args:
      chdir: /opt/awx
    register: latest_tag
    changed_when: false

  - name: Use latest released version of AWX
    git:
      repo: https://github.com/ansible/awx.git
      dest: /opt/awx
      version: "{{ latest_tag.stdout }}"

  - name: Set or Read admin password
    set_fact:
      admin_password_was_generated: "{{ (admin_password is defined or lookup('env', 'admin_password') != '') | ternary(false, true) }}"
      admin_password: "{{ admin_password | default (lookup('env', 'admin_password') | default(lookup('password', 'pw.admin_password chars=ascii_letters,digits length=20'), true) ) }}"

  - name: Configure AWX installer
    lineinfile:
      path: /opt/awx/installer/inventory
      regexp: "^#?{{ item.key }}="
      line: "{{ item.key }}={{ item.value }}"
    loop:
    - key: "awx_web_hostname"
      value: "{{ ansible_fqdn }}"
    - key: "pg_password"
      value: "{{ lookup('password', 'pw.pg_password chars=ascii_letters,digits length=20') }}"
    - key: "rabbitmq_password"
      value: "{{ lookup('password', 'pw.rabbitmq_password chars=ascii_letters,digits length=20') }}"
    - key: "rabbitmq_erlang_cookie"
      value: "{{ lookup('password', 'pw.rabbitmq_erlang_cookie chars=ascii_letters,digits length=20') }}"
    - key: "admin_password"
      value: "{{ admin_password }}"
    - key: "secret_key"
      value: "{{ lookup('password', 'pw.secret_key chars=ascii_letters,digits length=64') }}"
    - key: "create_preload_data"
      value: "False"
    loop_control:
      label: "{{ item.key }}"

  - name: Run the AWX install.
    shell: /usr/local/bin/ansible-playbook -i inventory install.yml
    args:
      chdir: /opt/awx/installer

  - name: Test access to AWX
    tower_user:
      tower_host: "http://{{ ansible_fqdn }}"
      tower_username: admin
      tower_password: "{{ admin_password }}"
      email: "admin@{{ ansible_fqdn }}"
      first_name: "admin"
      last_name: ""
      password: "{{ admin_password }}"
      username: admin
      superuser: yes
      auditor: no
    register: _result
    until: _result.failed == false
    retries: 240 # retry 240 times
    delay: 5 # pause for 5 sec between each try

  - name: Output admin password
    when: admin_password_was_generated
    copy:
      dest: /var/log/AWX_Password
      content: |
        {{ admin_password }}

## Install_AWX_to_AWS.tf
resource "aws_vpc" "awx" {
  cidr_block = "172.16.1.0/24"
  enable_dns_support   = true
  enable_dns_hostnames = true

  tags = {
    Name     = "AWX VPC"
  }
}

resource "aws_internet_gateway" "gateway" {
  vpc_id = aws_vpc.awx.id
  tags = {
    Name = "AWX Internet Gateway"
  }
}

resource "aws_route_table" "awx" {
  vpc_id = aws_vpc.awx.id
  tags = {
    Name = "AWX"
  }
}

resource "aws_route" "awx_default" {
  route_table_id = aws_route_table.awx.id
  destination_cidr_block = "0.0.0.0/0"
  gateway_id = aws_internet_gateway.gateway.id
}

resource "aws_subnet" "awx" {
  vpc_id            = aws_vpc.awx.id
  cidr_block        = "172.16.1.0/24"

  tags = {
    Name = "AWX"
  }
}

resource "aws_route_table_association" "awx" {
  subnet_id      = aws_subnet.awx.id
  route_table_id = aws_route_table.awx.id
}

resource "aws_security_group" "awx" {
  name        = "AWX"
  description = "Allow All Egress traffic, and only specific Ingress traffic"
  vpc_id      = aws_vpc.awx.id

  tags = {
    Name = "AWX"
  }
}

resource "aws_security_group_rule" "egress_any" {
  type              = "egress"
  from_port         = 0
  to_port           = 0
  protocol          = "-1"
  cidr_blocks       = ["0.0.0.0/0"]
  security_group_id = aws_security_group.awx.id
  description       = "Anything to Anywhere"
}

resource "aws_security_group_rule" "ingress_SSH" {
  type              = "ingress"
  from_port         = 22
  to_port           = 22
  protocol          = "tcp"
  cidr_blocks       = ["0.0.0.0/0"]
  security_group_id = aws_security_group.awx.id
  description       = "SSH"
}

resource "aws_security_group_rule" "ingress_HTTP" {
  type              = "ingress"
  from_port         = 80
  to_port           = 80
  protocol          = "tcp"
  cidr_blocks       = ["0.0.0.0/0"]
  security_group_id = aws_security_group.awx.id
  description       = "HTTP"
}

resource "aws_network_interface" "awx" {
  subnet_id         = aws_subnet.awx.id
  security_groups   = [aws_security_group.awx.id]
  tags = {
    Name = "AWX"
  }
}

resource "aws_eip" "AWX" {
  depends_on        = [aws_instance.AWX]
  vpc               = true
  network_interface = aws_network_interface.awx.id
  tags = {
    Name = "AWX"
  }
}

data "aws_ami" "CentOS8" {
  most_recent = true

  filter {
    name   = "name"
    values = ["CentOS-8-ec2-*"]
  }

  filter {
    name   = "virtualization-type"
    values = ["hvm"]
  }

  owners = ["679593333241"] # AWS
}

resource "aws_key_pair" "AWX" {
  key_name   = "AWX SSH Key"
  public_key = file("./id_rsa.pub")
}

resource "aws_instance" "AWX" {
  ami           = data.aws_ami.CentOS8.id
  instance_type = "t3.micro" # This is the free tier highest spec machine we can define. Realistically, you should be going with t3.medium.
  key_name      = aws_key_pair.AWX.id
  user_data     = file("./user-data.sh")

  tags = {
    Name = "AWX"
  }

  network_interface {
    device_index         = 0
    network_interface_id = aws_network_interface.AWX.id
  }
}

output "AWX_Public_IP" {
  value = aws_eip.AWX.public_ip
}

output "CentOS_Default_Username" {
  value = "centos"
}

## user-data.sh
#!/bin/bash
if [ -e "$(which yum)" ]
then
  yum install git python3-pip -y
  pip3 install ansible docker docker-compose
else
  echo "This script only supports CentOS right now."
  exit 1
fi

git clone https://gist.github.com/JonTheNiceGuy/024d72f970d6a1c6160a6e9c3e642e07 /tmp/Install_AWX
cd /tmp/Install_AWX
/usr/local/bin/ansible-playbook Install_AWX.yml
	---
	- name: Install Docker
	hosts: localhost
	become: true
	handlers:
	- name: Start Docker
	systemd:
	name: docker
	state: started

	tasks:
	- name: Update all packages
	dnf:
	name: "*"
	state: latest

	- name: Add dependency for "yum config-manager"
	dnf:
	name: yum-utils
	state: present

	- name: Add the Docker Repo
	shell: yum config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
	args:
	creates: /etc/yum.repos.d/docker-ce.repo
	warn: false

	- name: Install Docker
	dnf:
	name:
	- docker-ce
	- docker-ce-cli
	- containerd.io
	state: present
	notify: Start Docker

	- name: Flush Handlers
	meta: flush_handlers

	- name: Load AWX sources, configure and install
	hosts: localhost
	become: true
	tasks:
	- name: Set or Read admin password
	set_fact:
	admin_password_was_generated: "{{ (admin_password is defined or lookup('env', 'admin_password') != '') \| ternary(false, true) }}"
	admin_password: "{{ admin_password \| default (lookup('env', 'admin_password') \| default(lookup('password', 'pw.admin_password chars=ascii_letters,digits length=20'), true) ) }}"

	- name: Clone AWX repo to local path
	git:
	repo: https://github.com/ansible/awx.git
	dest: /opt/awx

	- name: Get latest AWX tag
	shell: \|
	if [ $(git status -s \| wc -l) -gt 0 ]
	then
	git stash >/dev/null 2>&1
	fi
	git fetch --tags && git describe --tags $(git rev-list --tags --max-count=1)
	if [ $(git stash list \| wc -l) -gt 0 ]
	then
	git stash pop >/dev/null 2>&1
	fi
	args:
	chdir: /opt/awx
	register: latest_tag
	changed_when: false

	- name: Use latest released version of AWX
	git:
	repo: https://github.com/ansible/awx.git
	dest: /opt/awx
	version: "{{ latest_tag.stdout }}"

	- name: Set or Read admin password
	set_fact:
	admin_password_was_generated: "{{ (admin_password is defined or lookup('env', 'admin_password') != '') \| ternary(false, true) }}"
	admin_password: "{{ admin_password \| default (lookup('env', 'admin_password') \| default(lookup('password', 'pw.admin_password chars=ascii_letters,digits length=20'), true) ) }}"

	- name: Configure AWX installer
	lineinfile:
	path: /opt/awx/installer/inventory
	regexp: "^#?{{ item.key }}="
	line: "{{ item.key }}={{ item.value }}"
	loop:
	- key: "awx_web_hostname"
	value: "{{ ansible_fqdn }}"
	- key: "pg_password"
	value: "{{ lookup('password', 'pw.pg_password chars=ascii_letters,digits length=20') }}"
	- key: "rabbitmq_password"
	value: "{{ lookup('password', 'pw.rabbitmq_password chars=ascii_letters,digits length=20') }}"
	- key: "rabbitmq_erlang_cookie"
	value: "{{ lookup('password', 'pw.rabbitmq_erlang_cookie chars=ascii_letters,digits length=20') }}"
	- key: "admin_password"
	value: "{{ admin_password }}"
	- key: "secret_key"
	value: "{{ lookup('password', 'pw.secret_key chars=ascii_letters,digits length=64') }}"
	- key: "create_preload_data"
	value: "False"
	loop_control:
	label: "{{ item.key }}"

	- name: Run the AWX install.
	shell: /usr/local/bin/ansible-playbook -i inventory install.yml
	args:
	chdir: /opt/awx/installer

	- name: Test access to AWX
	tower_user:
	tower_host: "http://{{ ansible_fqdn }}"
	tower_username: admin
	tower_password: "{{ admin_password }}"
	email: "admin@{{ ansible_fqdn }}"
	first_name: "admin"
	last_name: ""
	password: "{{ admin_password }}"
	username: admin
	superuser: yes
	auditor: no
	register: _result
	until: _result.failed == false
	retries: 240 # retry 240 times
	delay: 5 # pause for 5 sec between each try

	- name: Output admin password
	when: admin_password_was_generated
	copy:
	dest: /var/log/AWX_Password
	content: \|
	{{ admin_password }}
	resource "aws_vpc" "awx" {
	cidr_block = "172.16.1.0/24"
	enable_dns_support = true
	enable_dns_hostnames = true

	tags = {
	Name = "AWX VPC"
	}
	}

	resource "aws_internet_gateway" "gateway" {
	vpc_id = aws_vpc.awx.id
	tags = {
	Name = "AWX Internet Gateway"
	}
	}

	resource "aws_route_table" "awx" {
	vpc_id = aws_vpc.awx.id
	tags = {
	Name = "AWX"
	}
	}

	resource "aws_route" "awx_default" {
	route_table_id = aws_route_table.awx.id
	destination_cidr_block = "0.0.0.0/0"
	gateway_id = aws_internet_gateway.gateway.id
	}

	resource "aws_subnet" "awx" {
	vpc_id = aws_vpc.awx.id
	cidr_block = "172.16.1.0/24"

	tags = {
	Name = "AWX"
	}
	}

	resource "aws_route_table_association" "awx" {
	subnet_id = aws_subnet.awx.id
	route_table_id = aws_route_table.awx.id
	}

	resource "aws_security_group" "awx" {
	name = "AWX"
	description = "Allow All Egress traffic, and only specific Ingress traffic"
	vpc_id = aws_vpc.awx.id

	tags = {
	Name = "AWX"
	}
	}

	resource "aws_security_group_rule" "egress_any" {
	type = "egress"
	from_port = 0
	to_port = 0
	protocol = "-1"
	cidr_blocks = ["0.0.0.0/0"]
	security_group_id = aws_security_group.awx.id
	description = "Anything to Anywhere"
	}

	resource "aws_security_group_rule" "ingress_SSH" {
	type = "ingress"
	from_port = 22
	to_port = 22
	protocol = "tcp"
	cidr_blocks = ["0.0.0.0/0"]
	security_group_id = aws_security_group.awx.id
	description = "SSH"
	}

	resource "aws_security_group_rule" "ingress_HTTP" {
	type = "ingress"
	from_port = 80
	to_port = 80
	protocol = "tcp"
	cidr_blocks = ["0.0.0.0/0"]
	security_group_id = aws_security_group.awx.id
	description = "HTTP"
	}

	resource "aws_network_interface" "awx" {
	subnet_id = aws_subnet.awx.id
	security_groups = [aws_security_group.awx.id]
	tags = {
	Name = "AWX"
	}
	}

	resource "aws_eip" "AWX" {
	depends_on = [aws_instance.AWX]
	vpc = true
	network_interface = aws_network_interface.awx.id
	tags = {
	Name = "AWX"
	}
	}

	data "aws_ami" "CentOS8" {
	most_recent = true

	filter {
	name = "name"
	values = ["CentOS-8-ec2-*"]
	}

	filter {
	name = "virtualization-type"
	values = ["hvm"]
	}

	owners = ["679593333241"] # AWS
	}

	resource "aws_key_pair" "AWX" {
	key_name = "AWX SSH Key"
	public_key = file("./id_rsa.pub")
	}

	resource "aws_instance" "AWX" {
	ami = data.aws_ami.CentOS8.id
	instance_type = "t3.micro" # This is the free tier highest spec machine we can define. Realistically, you should be going with t3.medium.
	key_name = aws_key_pair.AWX.id
	user_data = file("./user-data.sh")

	tags = {
	Name = "AWX"
	}

	network_interface {
	device_index = 0
	network_interface_id = aws_network_interface.AWX.id
	}
	}

	output "AWX_Public_IP" {
	value = aws_eip.AWX.public_ip
	}

	output "CentOS_Default_Username" {
	value = "centos"
	}
	#!/bin/bash
	if [ -e "$(which yum)" ]
	then
	yum install git python3-pip -y
	pip3 install ansible docker docker-compose
	else
	echo "This script only supports CentOS right now."
	exit 1
	fi

	git clone https://gist.github.com/JonTheNiceGuy/024d72f970d6a1c6160a6e9c3e642e07 /tmp/Install_AWX
	cd /tmp/Install_AWX
	/usr/local/bin/ansible-playbook Install_AWX.yml