Update devops-controller track to AAP 2.4

images/ansible/common/10_image_cleanup.yml

@@ -15,7 +15,7 @@
     - item != ansible_user
     - item != "awx"
     - item != "pulp"
-    - item != student_user
+    - item != student_username
 
 - name: Disable dnf automatic services
   ansible.builtin.service:
@@ -40,7 +40,7 @@
     dest: /etc/yum.repos.d/rh-cloud.repo
     owner: root
     group: root
-    mode: 0644
+    mode: '0644'
 
 - name: Update dnf cache
   ansible.builtin.command: dnf -y makecache

images/ansible/common/50_install_controller.yml

@@ -6,16 +6,7 @@
     name:
       - ansible-core
     state: present
-
-# - name: Download and upgrade collections for install - {{ inventory_hostname }}
-#   community.general.ansible_galaxy_install:
-#     name: "{{ item }}"
-#     type: collection
-#   become_user: "{{ ansible_user }}"
-#   loop: "{{ controller_collections }}"
-#   register: __collection_install
-#   delegate_to: localhost
-#   when: (controller_collections is defined) and (controller_collections | length > 0)
+  become: true
 
 - name: Check if AAP bundle file exists
   ansible.builtin.stat:
@@ -48,7 +39,7 @@
           Authorization: "Bearer {{ temp_token.json.access_token }}"
         dest: "/tmp/aap.tar.gz"
         checksum: "sha256: {{ provided_sha_value }}"
-        mode: 0644
+        mode: '0644'
         owner: "{{ ansible_user }}"
       register: download_aap_tarball
       until: download_aap_tarball is not failed
@@ -60,7 +51,7 @@
     path: "{{ aap_dir }}"
     state: directory
     owner: "{{ ansible_user }}"
-    mode: 0755
+    mode: '0755'
 
 - name: Extract AAP tar.gz install
   ansible.builtin.unarchive:
@@ -82,7 +73,7 @@
     src: "{{ track_slug }}_inv.j2"
     dest: "{{ aap_dir }}/inventory"
     owner: "{{ ansible_user }}"
-    mode: 0644
+    mode: '0644'
 
 - name: Run controller setup - {{ inventory_hostname }}
   ansible.builtin.shell: "{{ controller_install_command }}" # noqa command-instead-of-shell
@@ -115,7 +106,7 @@
       ansible.builtin.copy: # noqa template-instead-of-copy
         dest: "{{ playbook_dir }}/manifest.zip"
         content: "{{ base64_manifest | b64decode }}"
-        mode: "0644"
+        mode: '0644'
       when: base64_manifest is defined
 
     - name: Apply license with manifest.zip
@@ -129,9 +120,9 @@
         that:
           - manifest_file is defined
           - manifest_file | length > 0
-        fail_msg: | 
+        fail_msg: |
           AAP subscription manifest not found or empty.
-        success_msg: 
+        success_msg:
           Successfully loaded AAP subscription manifest file
 
 - name: Post manifest file
@@ -159,5 +150,3 @@
   until: check2.json is defined and check2.json.instances[0].capacity > 0 and check2.json.instance_groups[0].capacity > 0
   retries: 60
   delay: 1
-
-

images/ansible/common/5_configure_users.yml

@@ -16,13 +16,14 @@
     line: >-
       PasswordAuthentication yes
 
-- name: Setup sudo for rhel user
-  ansible.builtin.copy:
-    content: "%rhel ALL=(ALL:ALL) NOPASSWD:ALL"
-    dest: "/etc/sudoers.d/rhel_sudoers"
-    mode: "0644"
-    owner: root
-    group: root
+- name: Configure sudoers for wheel group
+  community.general.sudoers:
+    name: wheel_sudooers
+    state: present
+    commands:
+      - ALL
+    nopassword: true
+    group: wheel
 
 - name: Create receptor group
   ansible.builtin.group:
@@ -37,9 +38,9 @@
     home: /var/lib/awx
     shell: /bin/bash
 
-- name: Create restricted user - {{ student_user }}
+- name: Create restricted user - {{ student_username }}
   ansible.builtin.user:
-    name: "{{ student_user }}"
+    name: "{{ student_username }}"
     shell: /bin/bash
     groups: users
     password: "{{ student_password | password_hash('sha512', '98263y4krwf7400') }}"

images/ansible/common/60_check_vars.yml

@@ -16,19 +16,20 @@
     - lookup('ansible.builtin.env', 'TRACK_SLUG')
 
 - name: Include vars file from extra_vars directory
-  no_log: true
   block:
     - name: Include vars files - {{ track_slug }}
       ansible.builtin.include_vars:
-        file: "{{ item }}"
-      loop:
-        - "vault_{{ track_slug }}_vars.yml"
-        - "{{ track_slug }}_vars.yml"
-  rescue:
-    - name: Rescue - Include vars file
-      ansible.builtin.debug:
-        msg: |
-          "Rescue - Vars file '{{ track_slug }}_vars.yml' not found. Skipping
+        file: "{{ track_slug }}_vars.yml"
+
+    - name: Check if vault_{{ track_slug }} vars file is present
+      ansible.builtin.stat:
+        path: "vault_{{ track_slug }}_vars.yml"
+      register: vault_vars_file
+
+    - name: Include vault vars files - {{ track_slug }}
+      ansible.builtin.include_vars:
+        file: "vault_{{ track_slug }}_vars.yml"
+      when: vault_vars_file.stat.exists
   when: (track_slug is defined) and (track_slug | length > 0)
 
 - name: Map required variables to facts

images/ansible/common/70_controller_post_install.yml

@@ -41,15 +41,13 @@
   ansible.builtin.pip:
     name: "{{ controller_pip_packages }}"
     state: present
-  become: true
   when: (controller_pip_packages is defined) and (controller_pip_packages | length > 0)
 
 - name: Download and upgrade controller collections - {{ inventory_hostname }}
   community.general.ansible_galaxy_install:
     name: "{{ item }}"
     dest: /usr/share/ansible/collections
     type: collection
-  become: true
   loop: "{{ controller_collections }}"
   register: __collection_install
   when: (controller_collections is defined) and (controller_collections | length > 0)
@@ -61,33 +59,41 @@
     remote_src: true
     owner: "{{ ansible_user }}"
     group: "{{ ansible_user }}"
+  become: false
   register: __aws_cli_download
 
 
 - name: Install generic ansible.cfg in home directory
   ansible.builtin.template:
     src: ansible.cfg.j2
     dest: "/etc/ansible/ansible.cfg"
-    mode: 0644
+    mode: '644'
 
 #  Added for student command line tasks
 - name: Copy ansible-navigator.yml template - {{ student_username }}
   ansible.builtin.template:
     src: "ansible-navigator.yml.j2"
     dest: "~{{ student_username }}/.ansible-navigator.yml"
-    mode: "0644"
+    mode: "644"
     owner: "{{ student_username }}"
     group: "{{ student_username }}"
+  become: false
   when: lab.navigator_execution_environment is defined
 
+- name: Check '{{ track_slug }}_ansible_vault_password.j2' template exists # noqa name[template]
+  ansible.builtin.stat:
+    path: "{{ playbook_dir }}/templates/{{ track_slug }}_ansible_vault_password_file.j2"
+  delegate_to: localhost
+  become: false
+  register: __ansible_vault_password_file
+
  # root because of become: true
 - name: Copy vault_password file - {{ ansible_user_id }}
-  when: lab.navigator_execution_environment is defined
-  become: true
+  when: __ansible_vault_password_file.stat.exists
   ansible.builtin.template:
     src: "{{ track_slug }}_ansible_vault_password.j2"
     dest: "~{{ ansible_user_id }}/.{{ track_slug }}_ansible_vault_password"
-    mode: "0640"
+    mode: "640"
     owner: "{{ ansible_user_id }}"
     group: "wheel"
 
@@ -96,10 +102,9 @@
     cmd: /tmp/aws/install --install-dir /usr/local/aws --bin-dir /usr/bin/ --update
     creates: /usr/bin/aws
 
-- name: Download setup scripts to controller /opt directory - {{ lab.s3_bucket_name }}
+- name: Download setup scripts to controller /opt directory - {{ lab.s3.bucket_path }}
   ansible.builtin.command:
-    cmd: "/usr/bin/aws s3 sync --no-sign-request s3://{{ lab.s3_bucket_name }}/{{ track_slug }} /opt/setup-scripts/{{ track_slug }}"
-  become: true
+    cmd: "/usr/bin/aws s3 sync --no-sign-request {{ lab.s3.bucket_path }} /opt/setup-scripts/{{ track_slug }}"
   register: __s3_sync_output
   changed_when: '"download:" in __s3_sync_output.stdout'
 
@@ -200,11 +205,10 @@
 
     #  Added for track lifecycle scripts - root
     - name: Pull execution environment images - {{ ansible_user_id }}
-      become: true
       containers.podman.podman_image:
         name: "{{ item.image }}"
       loop: "{{ controller_execution_environments }}"
       register: __podman_pull_supported_student
       until: __podman_pull_supported_student is not failed
       retries: 40
-      delay: 2
+      delay: 2