From 17647b17da97d087fb16fe19a83effd691427e38 Mon Sep 17 00:00:00 2001
From: root <root@ip-10-0-2-15>
Date: Mon, 29 Jan 2024 18:01:33 +0100
Subject: [PATCH] ajout role awx

---
 roles/awx/README.md               | 21 +++++++++++++
 roles/awx/default/main.yml        |  8 +++++
 roles/awx/handlers/main.yml       |  6 ++++
 roles/awx/tasks/main.yml          | 47 ++++++++++++++++++++++++++++
 roles/awx/templates/server.env.j2 | 52 +++++++++++++++++++++++++++++++
 s-awx.yml                         | 17 ++++++++++
 6 files changed, 151 insertions(+)
 create mode 100644 roles/awx/README.md
 create mode 100644 roles/awx/default/main.yml
 create mode 100644 roles/awx/handlers/main.yml
 create mode 100644 roles/awx/tasks/main.yml
 create mode 100644 roles/awx/templates/server.env.j2
 create mode 100644 s-awx.yml

diff --git a/roles/awx/README.md b/roles/awx/README.md
new file mode 100644
index 0000000..51cd0d9
--- /dev/null
+++ b/roles/awx/README.md
@@ -0,0 +1,21 @@
+# Rôle Kea
+***
+Rôle Kea: Configuration de 2 serveurs KEA en mode haute disponbilité.
+
+## Tables des matières
+    1. [Que fait le rôle Kea ?]
+    2. [Installation et configuration de ka]
+    3. [Remarques]
+
+
+## Que fait le rôle Kea ?
+Le rôle KEA permet de configurer 1  serveurs kea (s-kea1 et s-kea2) en mode haute disponibilité.
+- Le serveur **s-kea1** sera en mode **primary** il délivrera les baux DHCP sur le réseau n-user.
+- Le serveur **s-kea2**, sera en mode **stand-by** le service DHCP basculera donc sur **s-kea2** en cas disponibilité du serveur**s-kea1**. 
+
+### Installation et configuration de kea
+
+Le rôle kea installe les packets **kea dhcp4, hooks, admin** une fois les packets installer. Il configure un  serveur kea pour qu'il distribue les ips sur le réseau n-user et soit en haute disponibilité.
+
+### Remarquees ###
+Une fois le playbook **s-kea** correctement terminé et la machine **s-kea** redemarrée, redémarrée le service **isc-kea-dhcp4.service** afin de prendre en compte les modifications éfféctuées sur la couche réseau par le role POST.
diff --git a/roles/awx/default/main.yml b/roles/awx/default/main.yml
new file mode 100644
index 0000000..3f3e879
--- /dev/null
+++ b/roles/awx/default/main.yml
@@ -0,0 +1,8 @@
+#variable kea
+ kea_ver: "2.4.1"
+  kea_dbname: ""
+  kaa_dbuser: ""
+  kea_dbpasswd: ""
+  kea_dhcp4_dir: "/etc/kea/kea-dhcp4.conf"
+  kea_ctrl_dir: "/etc/kea/kea-ctrl-agent.conf"
+
diff --git a/roles/awx/handlers/main.yml b/roles/awx/handlers/main.yml
new file mode 100644
index 0000000..e10ea87
--- /dev/null
+++ b/roles/awx/handlers/main.yml
@@ -0,0 +1,6 @@
+---  
+- name: Restart isc-stork-server.service
+  ansible.builtin.service:
+    name: isc-stork-server.service
+    state: restarted
+    enabled: yes
diff --git a/roles/awx/tasks/main.yml b/roles/awx/tasks/main.yml
new file mode 100644
index 0000000..f2826fd
--- /dev/null
+++ b/roles/awx/tasks/main.yml
@@ -0,0 +1,47 @@
+---  
+- name: Preparation  
+  ansible.builtin.shell: curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION=v1.28.5+k3s1 sh -s - --write-kubeconfig-mode 644 --node-ip "{{ awx_ip }}" --flanel-iface "{{ awx_if }}" 
+
+- name: clonage du dépot awx-on-k3s
+  git:
+    repo: https://github.com/kurokobo/awx-on-k3s.git
+    dest: "{{ awx_dir }}"
+    clone: yes
+    force: yes
+
+- name: Deploiement AWX Operator ...
+  ansible.builtin.shell: "kubectl apply -k operator" 
+  args:
+    chdir: "{{ awx_dir }}"
+
+- name: Git checkout
+  ansible.builtin.git:
+    repo: 'https://github.com/kurokobo/awx-on-k3s.git'
+    dest: "{{ awx_dir }}"
+    version: release-2.10.0
+
+- name: Generation de certification auto-signé
+  ansible.builtin.shell: 'openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -out ./base/tls.crt -keyout ./base/tls.key -subj "/CN={{ awx_host }}/O={{ awx_host }}" -addext "subjectAltName = DNS:{{ awx_host }}"'
+  args:
+    chdir: "{{ awx_dir }}" 
+
+- name: creation du repertoire postgres-13
+  ansible.builtin.file:
+    path: /data/postgres-13
+    state: directory
+    mode: '0755'
+
+- name: Creation repertoire projects
+  ansible.builtin.file:
+    path: /data/projects
+    state: directory
+    owner: 1000:0
+
+- name: Deploiement d'AWX ...
+  ansible.builtin.shell: "kubectl apply -k base" 
+  args:
+    chdir: "{{ awx_dir }}"
+
+
+
+
diff --git a/roles/awx/templates/server.env.j2 b/roles/awx/templates/server.env.j2
new file mode 100644
index 0000000..d0fed70
--- /dev/null
+++ b/roles/awx/templates/server.env.j2
@@ -0,0 +1,52 @@
+### database settings
+### the address of a PostgreSQL database
+STORK_DATABASE_HOST=localhost
+### the port of a PostgreSQL database
+STORK_DATABASE_PORT=5432
+### the name of a database
+STORK_DATABASE_NAME={{ stork_db_name }}
+### the username for connecting to the database
+STORK_DATABASE_USER_NAME={{ stork_db_user }}
+### the SSL mode for connecting to the database
+### possible values: disable, require, verify-ca, or verify-full
+# STORK_DATABASE_SSLMODE=
+### the location of the SSL certificate used by the server to connect to the database
+# STORK_DATABASE_SSLCERT=
+### the location of the SSL key used by the server to connect to the database
+# STORK_DATABASE_SSLKEY=
+### the location of the root certificate file used to verify the database server's certificate
+# STORK_DATABASE_SSLROOTCERT=
+### the password for the username connecting to the database
+### empty password is set to avoid prompting a user for database password
+STORK_DATABASE_PASSWORD={{stork_db_passwd }}
+
+### REST API settings
+### the IP address on which the server listens
+# STORK_REST_HOST=
+### the port number on which the server listens
+# STORK_REST_PORT=
+### the file with a certificate to use for secure connections
+# STORK_REST_TLS_CERTIFICATE=
+### the file with a private key to use for secure connections
+# STORK_REST_TLS_PRIVATE_KEY=
+### the certificate authority file used for mutual TLS authentication
+# STORK_REST_TLS_CA_CERTIFICATE=
+### the directory with static files served in the UI
+STORK_REST_STATIC_FILES_DIR=/usr/share/stork/www
+### the base URL of the UI - to be used only if the UI is served from a subdirectory
+# STORK_REST_BASE_URL=
+
+### enable Prometheus /metrics HTTP endpoint for exporting metrics from
+### the server to Prometheus. It is recommended to secure this endpoint
+### (e.g. using HTTP proxy).
+# STORK_SERVER_ENABLE_METRICS=true
+
+### Logging parameters
+
+### Set logging level. Supported values are: DEBUG, INFO, WARN, ERROR
+# STORK_LOG_LEVEL=DEBUG
+### disable output colorization
+# CLICOLOR=false
+
+### path to the hook directory
+# STORK_SERVER_HOOK_DIRECTORY=
diff --git a/s-awx.yml b/s-awx.yml
new file mode 100644
index 0000000..f556c63
--- /dev/null
+++ b/s-awx.yml
@@ -0,0 +1,17 @@
+---
+- hosts: localhost
+  connection: local
+  vars:
+    awx_host: "s-awx.gsb.lan"
+    awx_dir: "/root/tools/awx-on-k3s"
+    awx_ip: "192.168.0.2"
+    awx_if: "enp0s3"
+
+  roles:
+    - base
+      # - goss
+      #- ssh-cli
+    - awx
+      # - zabbix-cli
+      #- journald-snd
+      #- post