From 821739f982b28975b211936f5d6208008adbcaa1 Mon Sep 17 00:00:00 2001 From: "jasonpage.tas" Date: Wed, 14 Aug 2024 16:39:14 +1000 Subject: [PATCH 01/11] feat(playbook): Add playbook for inventory collection and publish to centurion https://github.com/nofusscomputing/ansible_collection_centurion/pull/17 #13 --- playbooks/inventory.yaml | 172 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 172 insertions(+) create mode 100644 playbooks/inventory.yaml diff --git a/playbooks/inventory.yaml b/playbooks/inventory.yaml new file mode 100644 index 0000000..a935c9c --- /dev/null +++ b/playbooks/inventory.yaml @@ -0,0 +1,172 @@ +- name: Inventory + hosts: |- + {%- if nfc_pb_host is defined -%} + {{ nfc_pb_host }} + {%- else -%} + all + {%- endif %} + become: true + + + tasks: + + + - name: Inventory host + block: + + - name: Test Packages + ansible.builtin.package_facts: + manager: auto + become: true + + + - name: Inventory Details + ansible.builtin.set_fact: + details: { + "name": "{{ ansible_hostname }}", + "serial_number": "{{ ansible_product_serial }}", + "uuid": "{{ ansible_product_uuid }}" + } + + + - name: Inventory Software [a-k] + ansible.builtin.set_fact: + cacheable: false + software: "{{ software | default([]) + [{ + 'name': package.value[0].name, + 'category': package.value[0].category | default(''), + 'version': package.value[0].version + }] }}" + # no_log: true + loop: "{{ ansible_facts.packages | dict2items() }}" + loop_control: + loop_var: package + label: "{{ package.key }}" + when: > + package.value[0].name | regex_search("^[a-k]") + + +# - name: Inventory Software [l] +# ansible.builtin.set_fact: +# cacheable: false +# software: "{{ software | default([]) + [{ +# 'name': package.value[0].name, +# 'category': package.value[0].category | default(''), +# 'version': package.value[0].version +# }] }}" +# # no_log: true +# loop: "{{ ansible_facts.packages | dict2items() }}" +# loop_control: +# loop_var: package +# label: "{{ package.key }}" +# when: > +# package.value[0].name | regex_search("^[l]") + + + - name: Inventory Software [m-z] + ansible.builtin.set_fact: + cacheable: false + software: "{{ software | default([]) + [{ + 'name': package.value[0].name, + 'category': package.value[0].category | default(''), + 'version': package.value[0].version + }] }}" + # no_log: true + loop: "{{ ansible_facts.packages | dict2items() }}" + loop_control: + loop_var: package + label: "{{ package.key }}" + when: > + package.value[0].name | regex_search("^[m-z]") + + + - name: Inventory Document + ansible.builtin.set_fact: + report: { + "details": "{{ details }}", + "os": { + "name": "{{ ansible_distribution | lower }}", + "version": "{{ ansible_distribution_version }}", + "version_major": "{{ ansible_distribution_major_version }}" + }, + "software": "{{ software }}" + } + + + - name: Save report + ansible.builtin.copy: + content: "{{ report | to_nice_json }}" + dest: "/tmp/{{ ansible_hostname }}.json" + + + - name: Upload inventory - {{ ansible_hostname }} + ansible.builtin.uri: + url: |- + {{ lookup('env', 'ITSM_API') }}/api/device/inventory + + method: POST + body_format: json + src: "/tmp/{{ ansible_hostname }}.json" + remote_src: true + headers: + Authorization: Token {{ lookup('env', 'ITSM_TOKEN') }} + validate_certs: "{{ lookup('env', 'ITSM_VALIDATE_CERTS') | default(true) | bool }}" + timeout: 300 + status_code: + - 200 + - 201 + no_log: > # Contains a secret that logging shows + {{ nfc_pb_disable_log | default(true) }} + + + always: + - name: Remove report + ansible.builtin.file: + path: "/tmp/{{ ansible_hostname }}.json" + state: absent + + vars: + + nfc_pb_awx_tower_template: + + - name: "Centurion/ITAM/Inventory" + ask_tags_on_launch: false + ask_inventory_on_launch: true + ask_credential_on_launch: true + ask_limit_on_launch: true + concurrent_jobs_enabled: true + description: Collect inventory of host machines and publish to centurion_erp + execution_environment: "No Fuss Computing EE" + job_type: "run" + # job_tags: complete + labels: + - itsm + - itam + - inventory + - centurion + use_fact_cache: true + credential_types: + - name: 'Playbook/Inventory/Centurion' + description: | + Credentials for authentication to Centurion_erp + inputs: | + fields: + - id: centurion_url + type: string + label: centurion url + help_text: Ensure that `https://` is prefixed to url + - id: centurion_token + type: string + label: api token + secret: true + - id: centurion_validate_certs + type: boolean + label: Validate SSL Certificate + required: + - itsm_api + - itsm_token + injectors: > + env: + CENTURION_API: '{{ centurion_url }}' + CENTURION_TOKEN: '{{ centurion_token }}' + CENTURION_VALIDATE_CERTS: '{{ centurion_validate_certs | default(true) }}' \ No newline at end of file From ae180f0a2fe8072fd880623077c3ea4d7d4783ec Mon Sep 17 00:00:00 2001 From: "jasonpage.tas" Date: Wed, 14 Aug 2024 16:39:27 +1000 Subject: [PATCH 02/11] feat(playbook): Add playbook for teams creation and permissions https://github.com/nofusscomputing/ansible_collection_centurion/pull/17 #14 --- playbooks/teams.yaml | 293 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 293 insertions(+) create mode 100644 playbooks/teams.yaml diff --git a/playbooks/teams.yaml b/playbooks/teams.yaml new file mode 100644 index 0000000..17d05c8 --- /dev/null +++ b/playbooks/teams.yaml @@ -0,0 +1,293 @@ +- name: Centurion ERP Teams Setup + hosts: |- + {%- if nfc_pb_host is defined -%} + {{ nfc_pb_host }} + {%- else -%} + all + {%- endif %} + become: false + gather_facts: false + connection: local # Play uses HTTP requests ONLY! + + + tasks: + + + - name: Confirm required vars exist + ansible.builtin.assert: + that: + - centurion_erp.teams is defined + - | + centurion_erp.teams is not mapping + and + centurion_erp.teams is iterable + and + centurion_erp.teams is not string + + msg: "Missing required variable or it's of the incorrect type[list]" + run_once: true + delegate_to: localhost + + + - name: Collect organizations from centurion ERP + ansible.builtin.uri: + url: |- + {{ lookup('env', 'CENTURION_API') }}/api/organization/ + method: GET + body_format: json + headers: + authorization: Token {{ lookup('env', 'CENTURION_TOKEN') }} + validate_certs: "{{ lookup('env', 'VALIDATE_CENTURION_CERTS') | default(true) | bool }}" + return_content: true + status_code: + - 200 + register: api_get_organizations + run_once: true + delegate_to: localhost + no_log: > # Contains a secret that logging shows + {{ nfc_pb_disable_log | default(true) }} + + + - name: Collect teams from centurion ERP + ansible.builtin.uri: + url: "{{ item }}" + method: GET + body_format: json + headers: + authorization: Token {{ lookup('env', 'CENTURION_TOKEN') }} + validate_certs: "{{ lookup('env', 'VALIDATE_CENTURION_CERTS') | default(true) | bool }}" + return_content: true + status_code: + - 200 + loop: "{{ api_get_organizations.json.results | map(attribute='url') | list }}" + register: api_get_permissions + run_once: true + delegate_to: localhost + no_log: > # Contains a secret that logging shows + {{ nfc_pb_disable_log | default(true) }} + + + - name: Create list of Teams + ansible.builtin.set_fact: + team_permissions: | + [ + {% for config_organisation in centurion_erp.teams %} + + {% set ns = namespace(added_teams = []) %} + + {% for config_team in config_organisation.teams %} + + {% for organization in api_get_permissions.results %} + + {% if organization.json.name == config_organisation.name %} + + {% for team in organization.json.teams %} + + {% if team.team_name == config_team.name %} + + { + "organization_id": "{{ organization.json.id }}", + "team_name": "{{ team.team_name }}", + "url": "{{ team.url }}", + "notes": "{{ config_team.notes }}", + "permissions": + {{ config_team.permissions }} + }, + + {% set ns.added_teams = ns.added_teams + [ config_team.name ] %} + + {% endif %} + + {% endfor %} + + {% endif %} + + {% endfor %} + + {% if config_team.name not in ns.added_teams %} + { + "organization_id": + {% for organization in api_get_permissions.results %} + {% if organization.json.name == config_organisation.name %} + "{{ organization.json.id }}", + {% endif %} + {% endfor %} + "team_name": "{{ config_team.name }}", + "notes": "{{ config_team.notes }}", + "permissions": + {{ config_team.permissions }} + }, + {% set ns.added_teams = ns.added_teams + [ config_team.name ] %} + + {% endif %} + + {% endfor %} + + {% endfor %} + ] + delegate_to: localhost + run_once: true + no_log: > # Contains a secret that logging shows + {{ nfc_pb_disable_log | default(true) }} + + + - name: Create new teams in centurion_ERP + ansible.builtin.uri: + url: |- + {{ lookup('env', 'CENTURION_API') }}/api/organization/{{ item.organization_id }}/team + method: POST + body_format: json + body: |- + { + "team_name": "{{ item.team_name }}" + } + headers: + Authorization: Token {{ lookup('env', 'CENTURION_TOKEN') }} + validate_certs: "{{ lookup('env', 'VALIDATE_CENTURION_CERTS') | default(true) | bool }}" + status_code: + - 201 + when: > + item.url is not defined + loop: "{{ team_permissions | list }}" + register: api_post_teams + delegate_to: localhost + run_once: true + no_log: > # Contains a secret that logging shows + {{ nfc_pb_disable_log | default(true) }} + + + - name: update permissions to include newly created teams + ansible.builtin.set_fact: + team_permissions: | + [ + {% for team in team_permissions %} + + { + "organization_id": "{{ team.organization_id }}", + "team_name": "{{ team.team_name }}", + "notes": "{{ team.notes }}", + "permissions": + {{ team.permissions }}, + "url": + {% if team.url is defined %} + "{{ team.url }}", + + {% elif team.url is not defined %} + + {% for api_values in api_post_teams.results %} + + {% if api_values.item.organization_id == team.organization_id %} + + {% if api_values.json.team_name == team.team_name %} + + "{{ api_values.json.url }}", + + {% endif %} + + {% endif %} + + {% endfor %} + + {% endif %} + }, + + {% endfor %} + ] + delegate_to: localhost + run_once: true + no_log: > # Contains a secret that logging shows + {{ nfc_pb_disable_log | default(true) }} + + + - name: Patch team permissions + ansible.builtin.uri: + url: |- + {{ item.url }}permissions + method: PATCH + body_format: json + body: "{{ item.permissions }}" + headers: + Authorization: Token {{ lookup('env', 'CENTURION_TOKEN') }} + validate_certs: "{{ lookup('env', 'VALIDATE_CENTURION_CERTS') | default(true) | bool }}" + status_code: + - 200 + when: > + item.url is defined + loop: "{{ team_permissions | list }}" + delegate_to: localhost + run_once: true + no_log: > # Contains a secret that logging shows + {{ nfc_pb_disable_log | default(true) }} + + + - name: Patch team notes + ansible.builtin.uri: + url: |- + {{ item.url }} + method: PATCH + body_format: json + body: |- + { + "model_notes": "{{ item.notes }}" + } + headers: + Authorization: Token {{ lookup('env', 'CENTURION_TOKEN') }} + validate_certs: "{{ lookup('env', 'VALIDATE_CENTURION_CERTS') | default(true) | bool }}" + status_code: + - 200 + when: > + item.url is defined + loop: "{{ team_permissions | list }}" + delegate_to: localhost + run_once: true + no_log: > # Contains a secret that logging shows + {{ nfc_pb_disable_log | default(true) }} + + + vars: + + nfc_pb_awx_tower_template: + + - name: "Centurion/access/teams" + ask_tags_on_launch: false + ask_inventory_on_launch: true + ask_credential_on_launch: true + ask_limit_on_launch: true + concurrent_jobs_enabled: true + description: Creation and patching of teams and permissions + execution_environment: "No Fuss Computing EE" + job_type: "run" + # job_tags: complete + labels: + - centurion_erp + - itsm + - itam + - access + - permissions + - teams + use_fact_cache: true + credential_types: + - name: 'Playbook/teams/centurion' + description: | + Credentials for authentication to centurion_erp + inputs: | + fields: + - id: centurion_url + type: string + label: centurion url + help_text: Ensure that `https://` is prefixed to url + - id: centurion_token + type: string + label: api token + secret: true + - id: centurion_validate_certs + type: boolean + label: Validate SSL Certificate + required: + - itsm_api + - itsm_token + injectors: > + env: + CENTURION_API: '{{ centurion_url }}' + CENTURION_TOKEN: '{{ centurion_token }}' + CENTURION_VALIDATE_CERTS: '{{ centurion_validate_certs | default(true) }}' \ No newline at end of file From e6b8a0906c062d7ecbcc259c8986638a1ca6f917 Mon Sep 17 00:00:00 2001 From: "jasonpage.tas" Date: Mon, 19 Aug 2024 12:27:18 +0930 Subject: [PATCH 03/11] docs(teams): Add Documenation for teams playbook https://github.com/nofusscomputing/ansible_collection_centurion/pull/17 #14 --- .../collection/centurion/playbooks/index.md | 11 ++++ .../collection/centurion/playbooks/teams.md | 61 +++++++++++++++++++ mkdocs.yml | 6 ++ 3 files changed, 78 insertions(+) create mode 100644 docs/projects/ansible/collection/centurion/playbooks/index.md create mode 100644 docs/projects/ansible/collection/centurion/playbooks/teams.md diff --git a/docs/projects/ansible/collection/centurion/playbooks/index.md b/docs/projects/ansible/collection/centurion/playbooks/index.md new file mode 100644 index 0000000..34813d3 --- /dev/null +++ b/docs/projects/ansible/collection/centurion/playbooks/index.md @@ -0,0 +1,11 @@ +--- +title: Playbooks +description: No Fuss Computings Companion Ansible Collection Centurion Playbooks. +date: 2024-08-18 +template: project.html +about: https://github.com/nofusscomputing/ansible_collection_centurion +--- + +Available playbooks include: + +- [Teams](./teams.md) diff --git a/docs/projects/ansible/collection/centurion/playbooks/teams.md b/docs/projects/ansible/collection/centurion/playbooks/teams.md new file mode 100644 index 0000000..03649c2 --- /dev/null +++ b/docs/projects/ansible/collection/centurion/playbooks/teams.md @@ -0,0 +1,61 @@ +--- +title: Teams +description: No Fuss Computings Companion Ansible Collection Centurion teams Playbook. +date: 2024-08-18 +template: project.html +about: https://github.com/nofusscomputing/ansible_collection_centurion +--- + +The teams playbook has been created for the purpose of creating Centurion ERP teams. It allows teams to be defined as configuration as code which allows standardisation of teams and permissions within an organisation. With this playbook it is possible to create every team within an organisation and define the permissions and notes that are to be applied to that team. + +The teams playbook includes the [AWX Feature](../../../playbooks/awx.md) to import the playbook as a job template in AWX / Ansible Automation Platform. + +The following job template will be created: + +* **Centurion/Access/Teams** Creation and patching of teams and permissions + +On import to AWX / Ansible Automation Platform a credential type will also be created, `Playbook/teams/centurion` that can be used to supply the required secrets and Centurion host. + +!!! info + The playbook is able to work with centurion ERP directly or using the inventory pluggin that is included in this collection. + + +## Play workflow + +The teams playbook gathers information regarding centurion organisations from the ansible inventory. Using this information the play is designed to create new teams, patch permissions and patch notes. The workflow for the playbook is as follows + +- Fetch all organisations from centurion +- Fetch all existing teams within each organisation from centurion +- Fetch any teams to be created from inventory +- Create new teams +- Patch all teams with required permissions +- Patch all teams with required notes + + +## Configuration + +The teams playbook uses variables that are gathered from inventory +The expected structure of the inventory file is: + +```yaml +centurion_erp: + teams: + - name: "organisation name" + teams: + - name: "team-name" + permissions: [] + notes: "permissions must be a list" + +``` + +!!! tip "common teams" + Common teams can be created by using yaml anchors. This is useful when multiple organisations require a common team and permissions to be set. + + ```yaml + centurion_erp: + common_teams: + team_name: &team-name "team_name" + team_permissions: &team-name-permissions [] + team_name_notes: &team-name-notes "team_notes" + + ``` diff --git a/mkdocs.yml b/mkdocs.yml index d5ba070..43dfa44 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -29,6 +29,12 @@ nav: - projects/ansible/collection/centurion/index.md + - Playbooks: + + - projects/ansible/collection/centurion/playbooks/index.md + + - projects/ansible/collection/centurion/playbooks/teams.md + - Plugins: - projects/ansible/collection/centurion/plugins/index.md From 83f12f063db3f1e5be7f931c2692f4df0ced6a50 Mon Sep 17 00:00:00 2001 From: "jasonpage.tas" Date: Mon, 19 Aug 2024 12:36:34 +0930 Subject: [PATCH 04/11] chore(teams): Apply suggested changes #17 #14 --- playbooks/teams.yaml | 27 +-------------------------- 1 file changed, 1 insertion(+), 26 deletions(-) diff --git a/playbooks/teams.yaml b/playbooks/teams.yaml index 17d05c8..73f0ca4 100644 --- a/playbooks/teams.yaml +++ b/playbooks/teams.yaml @@ -248,7 +248,7 @@ nfc_pb_awx_tower_template: - - name: "Centurion/access/teams" + - name: "Centurion/Access/Teams" ask_tags_on_launch: false ask_inventory_on_launch: true ask_credential_on_launch: true @@ -266,28 +266,3 @@ - permissions - teams use_fact_cache: true - credential_types: - - name: 'Playbook/teams/centurion' - description: | - Credentials for authentication to centurion_erp - inputs: | - fields: - - id: centurion_url - type: string - label: centurion url - help_text: Ensure that `https://` is prefixed to url - - id: centurion_token - type: string - label: api token - secret: true - - id: centurion_validate_certs - type: boolean - label: Validate SSL Certificate - required: - - itsm_api - - itsm_token - injectors: > - env: - CENTURION_API: '{{ centurion_url }}' - CENTURION_TOKEN: '{{ centurion_token }}' - CENTURION_VALIDATE_CERTS: '{{ centurion_validate_certs | default(true) }}' \ No newline at end of file From 975f4b6ee5be119b2281a6f15f3cae1b72827661 Mon Sep 17 00:00:00 2001 From: "jasonpage.tas" Date: Mon, 19 Aug 2024 12:41:08 +0930 Subject: [PATCH 05/11] chore(inventory): Apply suggested fixes from code review Name changes Description changes linking issue to edited out task #17 #13 --- playbooks/inventory.yaml | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/playbooks/inventory.yaml b/playbooks/inventory.yaml index a935c9c..24a965f 100644 --- a/playbooks/inventory.yaml +++ b/playbooks/inventory.yaml @@ -14,7 +14,7 @@ - name: Inventory host block: - - name: Test Packages + - name: fetch Packages ansible.builtin.package_facts: manager: auto become: true @@ -45,6 +45,9 @@ when: > package.value[0].name | regex_search("^[a-k]") +# https://github.com/nofusscomputing/ansible_collection_centurion/issues/19 + +# This teask has been commented out due to the above issue # - name: Inventory Software [l] # ansible.builtin.set_fact: @@ -135,20 +138,20 @@ ask_credential_on_launch: true ask_limit_on_launch: true concurrent_jobs_enabled: true - description: Collect inventory of host machines and publish to centurion_erp + description: Inventory host machines and publish to Centurion ERP execution_environment: "No Fuss Computing EE" job_type: "run" # job_tags: complete labels: - - itsm - - itam - - inventory - centurion + - inventory + - itam + - itsm use_fact_cache: true credential_types: - - name: 'Playbook/Inventory/Centurion' + - name: 'Collection/No Fuss Computing/Centurion/API' description: | - Credentials for authentication to Centurion_erp + Credentials for authentication to Centurion ERP inputs: | fields: - id: centurion_url @@ -169,4 +172,5 @@ env: CENTURION_API: '{{ centurion_url }}' CENTURION_TOKEN: '{{ centurion_token }}' - CENTURION_VALIDATE_CERTS: '{{ centurion_validate_certs | default(true) }}' \ No newline at end of file + CENTURION_VALIDATE_CERTS: '{{ centurion_validate_certs | default(true) }}' + \ No newline at end of file From 198337f56233ef6bb000cddeae9eaca1dd7170c9 Mon Sep 17 00:00:00 2001 From: "jasonpage.tas" Date: Mon, 19 Aug 2024 12:59:19 +0930 Subject: [PATCH 06/11] docs(inventory): Add documentation for inventory playbook --- .../collection/centurion/playbooks/index.md | 1 + .../centurion/playbooks/inventory.md | 32 +++++++++++++++++++ mkdocs.yml | 2 ++ 3 files changed, 35 insertions(+) create mode 100644 docs/projects/ansible/collection/centurion/playbooks/inventory.md diff --git a/docs/projects/ansible/collection/centurion/playbooks/index.md b/docs/projects/ansible/collection/centurion/playbooks/index.md index 34813d3..b7ee97a 100644 --- a/docs/projects/ansible/collection/centurion/playbooks/index.md +++ b/docs/projects/ansible/collection/centurion/playbooks/index.md @@ -8,4 +8,5 @@ about: https://github.com/nofusscomputing/ansible_collection_centurion Available playbooks include: +- [Inventory](./inventory.md) - [Teams](./teams.md) diff --git a/docs/projects/ansible/collection/centurion/playbooks/inventory.md b/docs/projects/ansible/collection/centurion/playbooks/inventory.md new file mode 100644 index 0000000..acfa78b --- /dev/null +++ b/docs/projects/ansible/collection/centurion/playbooks/inventory.md @@ -0,0 +1,32 @@ +--- +title: Inventory +description: Inventory host machines and publish to Centurion ERP +date: 2024-08-19 +template: project.html +about: https://github.com/nofusscomputing/ansible_collection_centurion +--- + +The inventory playbook has been created to inventory host machines and to publish the collected inventory to Centurion ERP. The inventory includes details of all software packages installed on the host machine as well as some details regarding the host machine such as UUID and serial number. + +The inventory playbook includes the [AWX Feature](../../../playbooks/awx.md) to import the playbook as a job template in AWX / Ansible Automation Platform. + +The following job template will be created: + +* **Centurion/ITAM/Inventory** Inventory host machines and publish to Centurion ERP + +On import to AWX / Ansible Automation Platform a credential type will also be created, 'Collection/No Fuss Computing/Centurion/API' that can be used to supply the required secrets and Centurion host. + + +!!! warning + The inventory playbook currently has an issue relating to gathering software starting with L. This issue has been reported and is being worked on https://github.com/nofusscomputing/ansible_collection_centurion/issues/19 + + +## Play workflow + +The inventory playbook conducts the follwoing tasks: + +- Gathers host information +- Gathers sofware information +- POSTS an inventory report to Centurion ERP +- Cleans any leftover files used to create the reports + diff --git a/mkdocs.yml b/mkdocs.yml index 43dfa44..678296c 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -32,6 +32,8 @@ nav: - Playbooks: - projects/ansible/collection/centurion/playbooks/index.md + + - projects/ansible/collection/centurion/playbooks/inventory.md - projects/ansible/collection/centurion/playbooks/teams.md From 8579a5934e61c63a5a858d8265286742ce3a4526 Mon Sep 17 00:00:00 2001 From: "jasonpage.tas" Date: Mon, 19 Aug 2024 13:21:52 +0930 Subject: [PATCH 07/11] chore(docs_teams): Update decription remove AWX credential types as they are not created #17 #14 --- .../ansible/collection/centurion/playbooks/teams.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/projects/ansible/collection/centurion/playbooks/teams.md b/docs/projects/ansible/collection/centurion/playbooks/teams.md index 03649c2..18efd8c 100644 --- a/docs/projects/ansible/collection/centurion/playbooks/teams.md +++ b/docs/projects/ansible/collection/centurion/playbooks/teams.md @@ -1,6 +1,6 @@ --- title: Teams -description: No Fuss Computings Companion Ansible Collection Centurion teams Playbook. +description: Creation and patching of teams and permissions. date: 2024-08-18 template: project.html about: https://github.com/nofusscomputing/ansible_collection_centurion @@ -14,7 +14,6 @@ The following job template will be created: * **Centurion/Access/Teams** Creation and patching of teams and permissions -On import to AWX / Ansible Automation Platform a credential type will also be created, `Playbook/teams/centurion` that can be used to supply the required secrets and Centurion host. !!! info The playbook is able to work with centurion ERP directly or using the inventory pluggin that is included in this collection. @@ -59,3 +58,6 @@ centurion_erp: team_name_notes: &team-name-notes "team_notes" ``` + +!!! info "Upcoming feature" + With the release of Centurion ERP V1.1 an API request to fetch all permissions that can be applied will be available. From eee170f5cce0538eb9bd41d49b9c80218578c7cd Mon Sep 17 00:00:00 2001 From: "jasonpage.tas" Date: Mon, 19 Aug 2024 15:25:44 +0930 Subject: [PATCH 08/11] chore(make_docs): apply linting fixes remove trailing spaces fix relative links indentation add error to ansible-lint-ignore Capitalise Centurion ERP --- .ansible-lint-ignore | 6 +- .../centurion/playbooks/inventory.md | 3 +- .../collection/centurion/playbooks/teams.md | 6 +- docs/projects/ansible/playbooks/awx.md | 0 playbooks/inventory.yaml | 177 +++++++++--------- playbooks/teams.yaml | 131 +++++++------ 6 files changed, 163 insertions(+), 160 deletions(-) create mode 100644 docs/projects/ansible/playbooks/awx.md diff --git a/.ansible-lint-ignore b/.ansible-lint-ignore index d025a99..28e6563 100644 --- a/.ansible-lint-ignore +++ b/.ansible-lint-ignore @@ -1 +1,5 @@ -galaxy.yml galaxy[version-incorrect] \ No newline at end of file +galaxy.yml galaxy[version-incorrect] +# This playbook will only ever be run against the centurion host +playbooks/teams.yaml run-once[task] +# This task only saves the report on the local machine and is deleted after uploading +playbooks/inventory.yaml risky-file-permissions \ No newline at end of file diff --git a/docs/projects/ansible/collection/centurion/playbooks/inventory.md b/docs/projects/ansible/collection/centurion/playbooks/inventory.md index acfa78b..658dcf5 100644 --- a/docs/projects/ansible/collection/centurion/playbooks/inventory.md +++ b/docs/projects/ansible/collection/centurion/playbooks/inventory.md @@ -18,7 +18,8 @@ On import to AWX / Ansible Automation Platform a credential type will also be cr !!! warning - The inventory playbook currently has an issue relating to gathering software starting with L. This issue has been reported and is being worked on https://github.com/nofusscomputing/ansible_collection_centurion/issues/19 + The inventory playbook currently has an issue relating to gathering software starting with L. This issue has been reported and is being worked on + [github issue 19](https://github.com/nofusscomputing/ansible_collection_centurion/issues/19) ## Play workflow diff --git a/docs/projects/ansible/collection/centurion/playbooks/teams.md b/docs/projects/ansible/collection/centurion/playbooks/teams.md index 18efd8c..0c25a79 100644 --- a/docs/projects/ansible/collection/centurion/playbooks/teams.md +++ b/docs/projects/ansible/collection/centurion/playbooks/teams.md @@ -16,15 +16,15 @@ The following job template will be created: !!! info - The playbook is able to work with centurion ERP directly or using the inventory pluggin that is included in this collection. + The playbook is able to work with Centurion ERP directly or using the inventory pluggin that is included in this collection. ## Play workflow The teams playbook gathers information regarding centurion organisations from the ansible inventory. Using this information the play is designed to create new teams, patch permissions and patch notes. The workflow for the playbook is as follows -- Fetch all organisations from centurion -- Fetch all existing teams within each organisation from centurion +- Fetch all organisations from Centurion ERP +- Fetch all existing teams within each organisation from Centurion ERP - Fetch any teams to be created from inventory - Create new teams - Patch all teams with required permissions diff --git a/docs/projects/ansible/playbooks/awx.md b/docs/projects/ansible/playbooks/awx.md new file mode 100644 index 0000000..e69de29 diff --git a/playbooks/inventory.yaml b/playbooks/inventory.yaml index 24a965f..b72565b 100644 --- a/playbooks/inventory.yaml +++ b/playbooks/inventory.yaml @@ -13,37 +13,37 @@ - name: Inventory host block: - - - name: fetch Packages - ansible.builtin.package_facts: - manager: auto - become: true - - - - name: Inventory Details - ansible.builtin.set_fact: - details: { - "name": "{{ ansible_hostname }}", - "serial_number": "{{ ansible_product_serial }}", - "uuid": "{{ ansible_product_uuid }}" - } - - - - name: Inventory Software [a-k] - ansible.builtin.set_fact: - cacheable: false - software: "{{ software | default([]) + [{ - 'name': package.value[0].name, - 'category': package.value[0].category | default(''), - 'version': package.value[0].version - }] }}" - # no_log: true - loop: "{{ ansible_facts.packages | dict2items() }}" - loop_control: - loop_var: package - label: "{{ package.key }}" - when: > - package.value[0].name | regex_search("^[a-k]") + + - name: Fetch Packages + ansible.builtin.package_facts: + manager: auto + become: true + + + - name: Inventory Details + ansible.builtin.set_fact: + details: { + "name": "{{ ansible_hostname }}", + "serial_number": "{{ ansible_product_serial }}", + "uuid": "{{ ansible_product_uuid }}" + } + + + - name: Inventory Software [a-k] + ansible.builtin.set_fact: + cacheable: false + software: "{{ software | default([]) + [{ + 'name': package.value[0].name, + 'category': package.value[0].category | default(''), + 'version': package.value[0].version + }] }}" + # no_log: true + loop: "{{ ansible_facts.packages | dict2items() }}" + loop_control: + loop_var: package + label: "{{ package.key }}" + when: > + package.value[0].name | regex_search("^[a-k]") # https://github.com/nofusscomputing/ansible_collection_centurion/issues/19 @@ -55,7 +55,7 @@ # software: "{{ software | default([]) + [{ # 'name': package.value[0].name, # 'category': package.value[0].category | default(''), -# 'version': package.value[0].version +# 'version': package.value[0].version # }] }}" # # no_log: true # loop: "{{ ansible_facts.packages | dict2items() }}" @@ -66,66 +66,66 @@ # package.value[0].name | regex_search("^[l]") - - name: Inventory Software [m-z] - ansible.builtin.set_fact: - cacheable: false - software: "{{ software | default([]) + [{ - 'name': package.value[0].name, - 'category': package.value[0].category | default(''), - 'version': package.value[0].version - }] }}" - # no_log: true - loop: "{{ ansible_facts.packages | dict2items() }}" - loop_control: - loop_var: package - label: "{{ package.key }}" - when: > - package.value[0].name | regex_search("^[m-z]") - - - - name: Inventory Document - ansible.builtin.set_fact: - report: { - "details": "{{ details }}", - "os": { - "name": "{{ ansible_distribution | lower }}", - "version": "{{ ansible_distribution_version }}", - "version_major": "{{ ansible_distribution_major_version }}" - }, - "software": "{{ software }}" - } - - - - name: Save report - ansible.builtin.copy: - content: "{{ report | to_nice_json }}" - dest: "/tmp/{{ ansible_hostname }}.json" - - - - name: Upload inventory - {{ ansible_hostname }} - ansible.builtin.uri: - url: |- - {{ lookup('env', 'ITSM_API') }}/api/device/inventory - - method: POST - body_format: json - src: "/tmp/{{ ansible_hostname }}.json" - remote_src: true - headers: - Authorization: Token {{ lookup('env', 'ITSM_TOKEN') }} - validate_certs: "{{ lookup('env', 'ITSM_VALIDATE_CERTS') | default(true) | bool }}" - timeout: 300 - status_code: - - 200 - - 201 - no_log: > # Contains a secret that logging shows - {{ nfc_pb_disable_log | default(true) }} - + - name: Inventory Software [m-z] + ansible.builtin.set_fact: + cacheable: false + software: "{{ software | default([]) + [{ + 'name': package.value[0].name, + 'category': package.value[0].category | default(''), + 'version': package.value[0].version + }] }}" + # no_log: true + loop: "{{ ansible_facts.packages | dict2items() }}" + loop_control: + loop_var: package + label: "{{ package.key }}" + when: > + package.value[0].name | regex_search("^[m-z]") + + + - name: Inventory Document + ansible.builtin.set_fact: + report: { + "details": "{{ details }}", + "os": { + "name": "{{ ansible_distribution | lower }}", + "version": "{{ ansible_distribution_version }}", + "version_major": "{{ ansible_distribution_major_version }}" + }, + "software": "{{ software }}" + } + + + - name: Save report + ansible.builtin.copy: + content: "{{ report | to_nice_json }}" + dest: "/tmp/{{ ansible_hostname }}.json" + + + - name: Upload inventory - {{ ansible_hostname }} + ansible.builtin.uri: + url: |- + {{ lookup('env', 'ITSM_API') }}/api/device/inventory + + method: POST + body_format: json + src: "/tmp/{{ ansible_hostname }}.json" + remote_src: true + headers: + Authorization: Token {{ lookup('env', 'ITSM_TOKEN') }} + validate_certs: "{{ lookup('env', 'ITSM_VALIDATE_CERTS') | default(true) | bool }}" + timeout: 300 + status_code: + - 200 + - 201 + no_log: > # Contains a secret that logging shows + {{ nfc_pb_disable_log | default(true) }} + always: - name: Remove report ansible.builtin.file: - path: "/tmp/{{ ansible_hostname }}.json" + path: "/tmp/{{ ansible_hostname }}.json" state: absent vars: @@ -173,4 +173,3 @@ CENTURION_API: '{{ centurion_url }}' CENTURION_TOKEN: '{{ centurion_token }}' CENTURION_VALIDATE_CERTS: '{{ centurion_validate_certs | default(true) }}' - \ No newline at end of file diff --git a/playbooks/teams.yaml b/playbooks/teams.yaml index 73f0ca4..5c2c42f 100644 --- a/playbooks/teams.yaml +++ b/playbooks/teams.yaml @@ -1,3 +1,4 @@ +--- - name: Centurion ERP Teams Setup hosts: |- {%- if nfc_pb_host is defined -%} @@ -35,7 +36,7 @@ {{ lookup('env', 'CENTURION_API') }}/api/organization/ method: GET body_format: json - headers: + headers: authorization: Token {{ lookup('env', 'CENTURION_TOKEN') }} validate_certs: "{{ lookup('env', 'VALIDATE_CENTURION_CERTS') | default(true) | bool }}" return_content: true @@ -53,7 +54,7 @@ url: "{{ item }}" method: GET body_format: json - headers: + headers: authorization: Token {{ lookup('env', 'CENTURION_TOKEN') }} validate_certs: "{{ lookup('env', 'VALIDATE_CENTURION_CERTS') | default(true) | bool }}" return_content: true @@ -70,60 +71,60 @@ - name: Create list of Teams ansible.builtin.set_fact: team_permissions: | - [ - {% for config_organisation in centurion_erp.teams %} + [ + {% for config_organisation in centurion_erp.teams %} - {% set ns = namespace(added_teams = []) %} + {% set ns = namespace(added_teams = []) %} - {% for config_team in config_organisation.teams %} + {% for config_team in config_organisation.teams %} - {% for organization in api_get_permissions.results %} + {% for organization in api_get_permissions.results %} - {% if organization.json.name == config_organisation.name %} + {% if organization.json.name == config_organisation.name %} - {% for team in organization.json.teams %} + {% for team in organization.json.teams %} - {% if team.team_name == config_team.name %} + {% if team.team_name == config_team.name %} - { - "organization_id": "{{ organization.json.id }}", - "team_name": "{{ team.team_name }}", - "url": "{{ team.url }}", - "notes": "{{ config_team.notes }}", - "permissions": - {{ config_team.permissions }} - }, + { + "organization_id": "{{ organization.json.id }}", + "team_name": "{{ team.team_name }}", + "url": "{{ team.url }}", + "notes": "{{ config_team.notes }}", + "permissions": + {{ config_team.permissions }} + }, - {% set ns.added_teams = ns.added_teams + [ config_team.name ] %} + {% set ns.added_teams = ns.added_teams + [ config_team.name ] %} - {% endif %} + {% endif %} - {% endfor %} + {% endfor %} - {% endif %} + {% endif %} - {% endfor %} - - {% if config_team.name not in ns.added_teams %} - { - "organization_id": - {% for organization in api_get_permissions.results %} - {% if organization.json.name == config_organisation.name %} - "{{ organization.json.id }}", - {% endif %} - {% endfor %} - "team_name": "{{ config_team.name }}", - "notes": "{{ config_team.notes }}", - "permissions": - {{ config_team.permissions }} - }, - {% set ns.added_teams = ns.added_teams + [ config_team.name ] %} + {% endfor %} - {% endif %} + {% if config_team.name not in ns.added_teams %} + { + "organization_id": + {% for organization in api_get_permissions.results %} + {% if organization.json.name == config_organisation.name %} + "{{ organization.json.id }}", + {% endif %} + {% endfor %} + "team_name": "{{ config_team.name }}", + "notes": "{{ config_team.notes }}", + "permissions": + {{ config_team.permissions }} + }, + {% set ns.added_teams = ns.added_teams + [ config_team.name ] %} - {% endfor %} + {% endif %} + + {% endfor %} - {% endfor %} + {% endfor %} ] delegate_to: localhost run_once: true @@ -156,7 +157,7 @@ {{ nfc_pb_disable_log | default(true) }} - - name: update permissions to include newly created teams + - name: Update permissions to include newly created teams ansible.builtin.set_fact: team_permissions: | [ @@ -166,14 +167,12 @@ "organization_id": "{{ team.organization_id }}", "team_name": "{{ team.team_name }}", "notes": "{{ team.notes }}", - "permissions": + "permissions": {{ team.permissions }}, - "url": + "url": {% if team.url is defined %} "{{ team.url }}", - {% elif team.url is not defined %} - {% for api_values in api_post_teams.results %} {% if api_values.item.organization_id == team.organization_id %} @@ -246,23 +245,23 @@ vars: - nfc_pb_awx_tower_template: - - - name: "Centurion/Access/Teams" - ask_tags_on_launch: false - ask_inventory_on_launch: true - ask_credential_on_launch: true - ask_limit_on_launch: true - concurrent_jobs_enabled: true - description: Creation and patching of teams and permissions - execution_environment: "No Fuss Computing EE" - job_type: "run" - # job_tags: complete - labels: - - centurion_erp - - itsm - - itam - - access - - permissions - - teams - use_fact_cache: true + nfc_pb_awx_tower_template: + + - name: "Centurion/Access/Teams" + ask_tags_on_launch: false + ask_inventory_on_launch: true + ask_credential_on_launch: true + ask_limit_on_launch: true + concurrent_jobs_enabled: true + description: Creation and patching of teams and permissions + execution_environment: "No Fuss Computing EE" + job_type: "run" + # job_tags: complete + labels: + - centurion_erp + - itsm + - itam + - access + - permissions + - teams + use_fact_cache: true From 1ef25b31d9699ea073d850a123073250cab1110d Mon Sep 17 00:00:00 2001 From: "jasonpage.tas" Date: Mon, 19 Aug 2024 16:16:59 +0930 Subject: [PATCH 09/11] chore(): Update changes from code review Blank lines at end of documents rewording some docs Spacing between ansible-lint-ignore rules Variable names remove uneccessry info in teams.md changed description index changed description teams.md --- .ansible-lint-ignore | 9 +++++--- .../collection/centurion/playbooks/index.md | 3 ++- .../centurion/playbooks/inventory.md | 6 ++--- .../collection/centurion/playbooks/teams.md | 23 +++++++++++-------- playbooks/inventory.yaml | 7 +++--- playbooks/teams.yaml | 5 ++-- 6 files changed, 32 insertions(+), 21 deletions(-) diff --git a/.ansible-lint-ignore b/.ansible-lint-ignore index 28e6563..fb27c95 100644 --- a/.ansible-lint-ignore +++ b/.ansible-lint-ignore @@ -1,5 +1,8 @@ galaxy.yml galaxy[version-incorrect] -# This playbook will only ever be run against the centurion host + +# N/A as the play runs on the ansible controller and should only run once. playbooks/teams.yaml run-once[task] -# This task only saves the report on the local machine and is deleted after uploading -playbooks/inventory.yaml risky-file-permissions \ No newline at end of file + +# N/A as the play runs on the ansible controller using permissions of executing user. +playbooks/inventory.yaml risky-file-permissions + diff --git a/docs/projects/ansible/collection/centurion/playbooks/index.md b/docs/projects/ansible/collection/centurion/playbooks/index.md index b7ee97a..12a94c8 100644 --- a/docs/projects/ansible/collection/centurion/playbooks/index.md +++ b/docs/projects/ansible/collection/centurion/playbooks/index.md @@ -1,6 +1,6 @@ --- title: Playbooks -description: No Fuss Computings Companion Ansible Collection Centurion Playbooks. +description: Playbooks as part of No Fuss Computings Companion Ansible Collection, Centurion date: 2024-08-18 template: project.html about: https://github.com/nofusscomputing/ansible_collection_centurion @@ -10,3 +10,4 @@ Available playbooks include: - [Inventory](./inventory.md) - [Teams](./teams.md) + diff --git a/docs/projects/ansible/collection/centurion/playbooks/inventory.md b/docs/projects/ansible/collection/centurion/playbooks/inventory.md index 658dcf5..434fa88 100644 --- a/docs/projects/ansible/collection/centurion/playbooks/inventory.md +++ b/docs/projects/ansible/collection/centurion/playbooks/inventory.md @@ -1,12 +1,12 @@ --- title: Inventory -description: Inventory host machines and publish to Centurion ERP +description: Inventory devices and publish to Centurion ERP date: 2024-08-19 template: project.html about: https://github.com/nofusscomputing/ansible_collection_centurion --- -The inventory playbook has been created to inventory host machines and to publish the collected inventory to Centurion ERP. The inventory includes details of all software packages installed on the host machine as well as some details regarding the host machine such as UUID and serial number. +The inventory playbook has been created to inventory devices and to publish the collected inventory to Centurion ERP. The inventory includes details of all software packages installed on the host machine as well as some details regarding the host machine such as UUID and serial number. The inventory playbook includes the [AWX Feature](../../../playbooks/awx.md) to import the playbook as a job template in AWX / Ansible Automation Platform. @@ -28,6 +28,6 @@ The inventory playbook conducts the follwoing tasks: - Gathers host information - Gathers sofware information -- POSTS an inventory report to Centurion ERP +- Uploads the inventory report to Centurion ERP - Cleans any leftover files used to create the reports diff --git a/docs/projects/ansible/collection/centurion/playbooks/teams.md b/docs/projects/ansible/collection/centurion/playbooks/teams.md index 0c25a79..814a1fd 100644 --- a/docs/projects/ansible/collection/centurion/playbooks/teams.md +++ b/docs/projects/ansible/collection/centurion/playbooks/teams.md @@ -1,6 +1,6 @@ --- title: Teams -description: Creation and patching of teams and permissions. +description: Ansible Playbook for Creating and patching of Centurion ERP teams, including permissions. date: 2024-08-18 template: project.html about: https://github.com/nofusscomputing/ansible_collection_centurion @@ -16,7 +16,7 @@ The following job template will be created: !!! info - The playbook is able to work with Centurion ERP directly or using the inventory pluggin that is included in this collection. + The playbook is able to work with the inventory plugin that is included in this collection. ## Play workflow @@ -33,17 +33,17 @@ The teams playbook gathers information regarding centurion organisations from th ## Configuration -The teams playbook uses variables that are gathered from inventory -The expected structure of the inventory file is: +The teams playbook uses variables that are gathered from inventory. The expected structure of the inventory file is: ```yaml + centurion_erp: teams: - name: "organisation name" teams: - - name: "team-name" - permissions: [] - notes: "permissions must be a list" + - name: "team-name" + permissions: [] + notes: "permissions must be a list" ``` @@ -57,7 +57,12 @@ centurion_erp: team_permissions: &team-name-permissions [] team_name_notes: &team-name-notes "team_notes" + teams: + - name: "organisation name" + teams: + - name: *team-name + permissions: *team-name-permissions + notes: *team-name-notes + ``` -!!! info "Upcoming feature" - With the release of Centurion ERP V1.1 an API request to fetch all permissions that can be applied will be available. diff --git a/playbooks/inventory.yaml b/playbooks/inventory.yaml index b72565b..0b90735 100644 --- a/playbooks/inventory.yaml +++ b/playbooks/inventory.yaml @@ -47,7 +47,7 @@ # https://github.com/nofusscomputing/ansible_collection_centurion/issues/19 -# This teask has been commented out due to the above issue +# This task has been commented out due to the above issue # - name: Inventory Software [l] # ansible.builtin.set_fact: @@ -166,10 +166,11 @@ type: boolean label: Validate SSL Certificate required: - - itsm_api - - itsm_token + - centurion_api + - centurion_token injectors: > env: CENTURION_API: '{{ centurion_url }}' CENTURION_TOKEN: '{{ centurion_token }}' CENTURION_VALIDATE_CERTS: '{{ centurion_validate_certs | default(true) }}' + diff --git a/playbooks/teams.yaml b/playbooks/teams.yaml index 5c2c42f..d0a652a 100644 --- a/playbooks/teams.yaml +++ b/playbooks/teams.yaml @@ -258,10 +258,11 @@ job_type: "run" # job_tags: complete labels: + - access - centurion_erp - - itsm - itam - - access + - itsm - permissions - teams use_fact_cache: true + From 9439840df69e51c507e9aa726e02543fcb422fa7 Mon Sep 17 00:00:00 2001 From: Jon Date: Mon, 19 Aug 2024 17:07:33 +0930 Subject: [PATCH 10/11] docs(playbook_teams): add link to inventory plugin ref: #17 --- docs/projects/ansible/collection/centurion/playbooks/teams.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/projects/ansible/collection/centurion/playbooks/teams.md b/docs/projects/ansible/collection/centurion/playbooks/teams.md index 814a1fd..bbc492c 100644 --- a/docs/projects/ansible/collection/centurion/playbooks/teams.md +++ b/docs/projects/ansible/collection/centurion/playbooks/teams.md @@ -16,7 +16,7 @@ The following job template will be created: !!! info - The playbook is able to work with the inventory plugin that is included in this collection. + The playbook is able to work with the [inventory plugin](../plugins/index.md) that is included in this collection. ## Play workflow From 16bd99d9bd4dfdaf5b37cc85fd919e8167222dbb Mon Sep 17 00:00:00 2001 From: Jon Date: Mon, 19 Aug 2024 17:09:30 +0930 Subject: [PATCH 11/11] docs(playbook_inventory): update meta description #17 --- .../ansible/collection/centurion/playbooks/inventory.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/projects/ansible/collection/centurion/playbooks/inventory.md b/docs/projects/ansible/collection/centurion/playbooks/inventory.md index 434fa88..7c61f77 100644 --- a/docs/projects/ansible/collection/centurion/playbooks/inventory.md +++ b/docs/projects/ansible/collection/centurion/playbooks/inventory.md @@ -1,6 +1,6 @@ --- title: Inventory -description: Inventory devices and publish to Centurion ERP +description: Ansible Playbook to inventroy devices and publish to Centurion ERP date: 2024-08-19 template: project.html about: https://github.com/nofusscomputing/ansible_collection_centurion