Add a tower subscription from manifest.zip (#581)

* first pass at adding a tower subscription from manifest.zip

* Fix comma in template lookup

* Allow configuration of retries/delay and update README

playbooks/ansible/tower/configure-ansible-tower.yml

@@ -4,6 +4,7 @@
   roles:
   - role: ansible/tower/config-ansible-tower
   - role: ansible/tower/config-ansible-tower-license
+  - role: ansible/tower/config-ansible-tower-subscription-manifest
   - role: ansible/tower/config-ansible-tower-ldap
   - role: config-packages
   - role: config-pip-packages

roles/ansible/tower/config-ansible-tower-subscription-manifest/README.md

@@ -0,0 +1,55 @@
+config-ansible-tower-subscription-manifest
+=========================
+
+This role is used to provide an Ansible Tower instance with a subscription manifest
+
+## Requirements
+
+A running Ansible Tower with admin permission level access.
+
+
+## Role Variables
+
+The variables used to configure Ansible Tower LDAP are outlined in the table below.
+
+| Variable | Description | Required | Defaults |
+|:---------|:------------|:---------|:---------|
+|ansible_tower.admin_password|Admin password for the Ansible Tower install|yes||
+|ansible_tower.admin_username|Admin username for the Ansible Tower install|no|admin|
+|ansible_tower.install.manifest_file|Path to valid Ansible Tower manifest content|yes||
+|ansible_tower.install.wait_delay|Number of seconds between retries|no|5|
+|ansible_tower.install.wait_retries|Number of retries while waiting for the Tower API to become available|no|6|
+|ansible_tower.validate_certs|Wheter or not to validate Ansible Tower SSL Certificate, use `false` when using not trusted certificates |no|true|
+
+**Note:** You should ensure that the ansible_tower.url variable that is being used is not being redirected (i.e. redirected from http -> https, etc.). If there are concerns with how you're getting/setting this URL, you can use the `discover-url-redirect` role found in this repo.
+
+## Example Inventory
+```yaml
+ansible_tower:
+  admin_username: "admin"
+  admin_password: "admin123"
+  install:
+    manifest_file: "{{ inventory_dir }}/../files/example-manifest.json"
+```
+
+## Example Playbook
+
+```yaml
+---
+
+- hosts: tower
+  roles:
+  - role: config-ansible-tower-subscription-manifest
+```
+
+
+License
+-------
+
+Apache License 2.0
+
+
+Author Information
+------------------
+
+Red Hat Community of Practice & staff of the Red Hat Open Innovation Labs.

roles/ansible/tower/config-ansible-tower-subscription-manifest/defaults/main.yml

@@ -0,0 +1,4 @@
+---
+
+default_ansible_tower_url: 'https://localhost'
+default_ansible_tower_admin_username: 'admin'

roles/ansible/tower/config-ansible-tower-subscription-manifest/tasks/main.yml

@@ -0,0 +1,3 @@
+---
+
+- import_tasks: subscription-manifest.yml

roles/ansible/tower/config-ansible-tower-subscription-manifest/tasks/subscription-manifest.yml

@@ -0,0 +1,31 @@
+---
+
+- name: "Wait for Tower to become available before proceeding (30 sec max)"
+  uri:
+    url: "{{ ansible_tower.url | default(default_ansible_tower_url) }}"
+    user: "{{ ansible_tower.admin_username | default(default_ansible_tower_admin_username) }}"
+    password: "{{ ansible_tower.admin_password }}"
+    force_basic_auth: yes
+    method: GET
+    validate_certs: "{{ ansible_tower.validate_certs | default(validate_tower_certs) | default(true) }}"
+  register: status_output
+  until: status_output.status == 200
+  retries: "{{ ansible_tower.install.wait_retries | default(6) }}"
+  delay: "{{ ansible_tower.install.wait_delay | default(5) }}"
+
+- name: "Add Tower subscription manfiest"
+  uri:
+    url: "{{ ansible_tower.url | regex_replace('\\/$','')}}/api/v2/config/"
+    user: "{{ ansible_tower.admin_username | default(default_ansible_tower_admin_username) }}"
+    password: "{{ ansible_tower.admin_password }}"
+    force_basic_auth: yes
+    method: POST
+    body: "{{ lookup('template', 'manifest.j2') }}"
+    body_format: 'json'
+    headers:
+      Content-Type: "application/json"
+      Accept: "application/json"
+    validate_certs: "{{ ansible_tower.validate_certs | default(validate_tower_certs) | default(true) }}"
+  when:
+    - ansible_tower.install.manifest_file is defined
+

roles/ansible/tower/config-ansible-tower-subscription-manifest/templates/manifest.j2

@@ -0,0 +1,4 @@
+{
+  "manifest": "{{ lookup('file', ansible_tower.install.manifest_file) | b64encode }}",
+  "eula_accepted": true
+}

roles/ansible/tower/config-ansible-tower-subscription-manifest/tests/inventory/group_vars/tower.yml

@@ -0,0 +1,13 @@
+---
+
+ansible_connection: local
+
+# NOTE: below is an example on how these params and files can be specified
+#       - please replace with valid values and files
+
+ansible_tower:
+  admin_username: "admin"
+  admin_password: "secret"
+  url: https://tower.example.com
+  install:
+    manifest_file: "{{ inventory_dir }}/../files/example-manifest.zip"

roles/ansible/tower/config-ansible-tower-subscription-manifest/tests/inventory/hosts

@@ -0,0 +1,3 @@
+
+[tower]
+localhost

roles/ansible/tower/config-ansible-tower-subscription-manifest/tests/roles

@@ -0,0 +1 @@
+../../../../../roles/

roles/ansible/tower/config-ansible-tower-subscription-manifest/tests/test.yml

@@ -0,0 +1,5 @@
+---
+
+- hosts: tower
+  roles:
+  - role: ansible/tower/config-ansible-tower-subscription-manifest