Initial Commit

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2018 ArctiqTeam
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,26 @@
+# Custom Webhook for Ansible Tower
+
+The main purpose of this project is to provide an automated Ansible installer for a custom webhook that works with Ansible Tower.  The webhook can be used in conjunction with GitHub (more providers planned to be added later) to allow webhooks in Git to intitiate Tower project (and inventory if hosted inside) updates upon commit/push to a repository.
+
+## Built With
+
+The project consists of an Ansible playbook to install and configure the webhook.  The webhook binary is provided by [Hookdoo](https://github.com/adnanh/webhook)
+
+## Requirements
+
+ 1. A host that is accessible from Git (currently over Port 9000)
+ 2. Ansible Tower server (currently only a single Tower server is supported) accessible from the webhook target
+
+## Installing
+
+ * Customize the vars.yml file accordingly
+ * Customize the hosts file as needed - this is the host that will run the webhook
+ * Run the playbook
+
+## License
+
+This project is licensed under the MIT License - see the [LICENSE.md](LICENSE.md) file for details
+
+## Acknowledgments
+
+* [Hookdoo](https://github.com/adnanh/webhook)

ansible.cfg

@@ -0,0 +1,7 @@
+[defaults]
+host_key_checking = False
+connection_timeout=300
+jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n
+display_skipped_hosts = False
+deprecation_warnings = False
+inventory = hosts

hosts

@@ -0,0 +1,2 @@
+[webhook]
+webhookserver ansible_host=147.75.96.67 ansible_ssh_port=22

install.retry

@@ -0,0 +1 @@
+webhookserver

install.yml

@@ -0,0 +1,9 @@
+---
+- name: Install the GH Webhook
+  hosts: all
+  become: yes
+  gather_facts: no
+  vars_files:
+    - vars.yml
+  roles:
+    - "tower-webhook" 

roles/tower-webhook/README.md

@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

roles/tower-webhook/defaults/main.yml

@@ -0,0 +1,5 @@
+---
+# defaults file for tower-webhook
+    gh_secret: "{{ lookup('env','GH_SECRET') }}"
+    tower_host: "127.0.0.1"
+    tower_password: "{{ lookup('env','TOWER_PASSWORD') }}"

roles/tower-webhook/handlers/main.yml

@@ -0,0 +1,7 @@
+---
+# handlers file for tower-webhook
+- name: enable webhook
+  service:
+    name: webhook
+    state: restarted
+    enabled: yes

roles/tower-webhook/meta/main.yml

@@ -0,0 +1,57 @@
+galaxy_info:
+  author: your name
+  description: your description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Some suggested licenses:
+  # - BSD (default)
+  # - MIT
+  # - GPLv2
+  # - GPLv3
+  # - Apache
+  # - CC-BY
+  license: license (GPLv2, CC-BY, etc)
+
+  min_ansible_version: 1.2
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  # Optionally specify the branch Galaxy will use when accessing the GitHub
+  # repo for this role. During role install, if no tags are available,
+  # Galaxy will use this branch. During import Galaxy will access files on
+  # this branch. If Travis integration is configured, only notifications for this
+  # branch will be accepted. Otherwise, in all cases, the repo's default branch
+  # (usually master) will be used.
+  #github_branch:
+
+  #
+  # platforms is a list of platforms, and each platform has a name and a list of versions.
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

roles/tower-webhook/tasks/main.yml

@@ -0,0 +1,43 @@
+---
+# tasks file for tower-webhook
+
+- name: Download Webhook binary
+  unarchive:
+    src: https://github.com/adnanh/webhook/releases/download/2.6.8/webhook-linux-amd64.tar.gz
+    dest: /tmp
+    remote_src: yes
+  notify: enable webhook
+
+- name: Move the Webhook binary
+  copy:
+    src: /tmp/webhook-linux-amd64/webhook
+    dest: /usr/local/bin/webhook
+    remote_src: yes
+    mode: 0755
+  notify: enable webhook
+
+- name: Ensure the config directory exists
+  file:
+    path: /etc/webhook
+    state: directory
+    mode: 0755
+
+- name: Template the systemd unit
+  template:
+    src: "{{ item.name }}.j2"
+    dest: "{{ item.dest }}{{ item.name }}"
+    mode: 0755
+  with_items:
+    - { name: 'webhook.service', dest: '/etc/systemd/system/' }
+    - { name: 'webhook.conf', dest: '/etc/webhook/' }
+  failed_when: gh_secret == "" or tower_password == ""
+  notify: enable webhook
+
+- name: Template the webhook executables
+  template:
+    src: curl.sh.j2
+    dest: "/usr/local/bin/{{ item.name }}.sh"
+    mode: 0700
+  with_items: "{{ projects }}"
+  failed_when: gh_secret == "" or tower_password == ""
+  notify: enable webhook

roles/tower-webhook/templates/curl.sh.j2

@@ -0,0 +1,2 @@
+#!/bin/sh
+curl -qs -X POST -H 'Content-type: application/json' -u admin:'{{ tower_password }}' 'http://{{ tower_host }}/api/v2/projects/{{ item.id }}/update/'

roles/tower-webhook/templates/webhook.conf.j2

@@ -0,0 +1,21 @@
+{% for project in projects %}
+[
+  {
+    "id": "{{ project.name }}",
+    "execute-command": "/usr/local/bin/{{ project.name }}.sh",
+    "trigger-rule":
+    {
+      "match":
+      {
+        "type": "payload-hash-sha1",
+        "secret": "{{ gh_secret }}",
+        "parameter":
+        {
+          "source": "header",
+          "name": "X-Hub-Signature"
+        }
+      }
+    }
+  }
+]{% if not loop.last %},{% endif %}
+{% endfor %}

roles/tower-webhook/templates/webhook.service.j2

@@ -0,0 +1,12 @@
+[Unit]
+Description=Webhook for GH and Tower
+After=network.target
+Documentation=https://github.com/ArctiqTeam/tower-webhook
+
+[Service]
+ExecStart=/usr/local/bin/webhook -hooks /etc/webhook/webhook.conf -verbose
+RestartSec=5
+Restart=always
+
+[Install]
+WantedBy=default.target

vars.yml

@@ -0,0 +1,4 @@
+---
+projects:
+  - id: 6
+    name: ansible-self-healing