trigger_job_template_from_curl
To trigger a job_template (by name) through a curl command is not that well documented. We try to make things a bit clearer and complete in one place. We use curl here, but this can be any browser on any type of platform (even Windows ). So we can initiate jobs from a windows host to be run on the redhat ansible automation platform controller.
By default, the controller api will accept the id of a job_template to run. That part is well documented.
But let's start at the beginning:
Needs to run a job_template
What do we need to run a job_template: - a user that can run the template - a password for that user - more secure could be a token instead of user/pass - the url for the AAP controller - the job_template name - the organization the job_template is in (including the user) - the extra_vars for that job_template that need to be passed
NEVER USE ADMIN FOR THIS! for obvious reasons... Create a special(local) user for the triggering from remote hosts, this wil ensure you stay in control of automation. Preferable, create an organization explicitly for these actions, so you can easily control and interfere when something goes awall.
Having said that, let's rock 'n roll
Start configuration in AAP
Create a new organization for remote triggers, in this organization all playbooks, job_templates and users will be created that can run jobs from remote sites. Create a normal user in this organization, with a username that refers to the task to run.
as an example, we will configure a job that adds a user to a AD domain group, this will be done through automation, not manually (as it is just an example to keep it simple). The configuration in AAP will contain the following items:
- the organization name (trg_demo)
- the user (usr_ad_domain_group_add)
- the project (domain_actions.git)
- the job_template (add_user_to_domain_group) has a survey asking for the "user_name" and the "AD_group_names" to him to
- the user only has execute rights on the job_template
When configuring this, you should be able to login into AAP and run this by hand, it should do what we want it to.. If this is complete, you can start on the triggering side of this..
The curl command
The complete commandline for the curl command is as follows: Due to differences between linux and the windows implementation of curl, we show you both:
On Linux:
curl -s -k -k -u usr_ad_domain_group_add:<password> \
-H"Content-type: application/json" \
-X POST \
-d '{"extra_vars": {"user_name": "<AD_username>","AD_group_names":["<group1>","<group2>"]}}' \
https://<aap_url>/api/v2/job_templates/add_user_to_domain_group++trg_demo/launch/
On Windows:
curl -s -k -k -u usr_ad_domain_group_add:<password> \
-H"Content-type: application/json" \
-X POST \
-d "{\"extra_vars\":{\"user_name\":\"<AD_username>\",\"AD_group_names\":[\"<group1>\",\"<group2>\"]}}" \
https://<aap_url>/api/v2/job_templates/add_user_to_domain_group++trg_demo/launch/
As you can see the format of the json data block in windows is diffentent, all double quotes must be escaped with a backslash and no spaces are allowed in the json data on windows.
Always ensure there is exactly 1 user that has the rights to run 1 template.
This keeps security happy and disables string replacements that could potentially run different playbooks.
The options used, are the following:
-s silent, suppress progress and errors
-k insecure, ignore cert errors
-d data, pass data to the server on the POST commandline
-u <user>:<password>
-H header, pass the following header information
-X request method, POST or GET
Trigger a job_template from ansible
If you want to trigger a job_template from another playbook, you could use the infra.aap_configuration.controller_job_launch.
- name: Launch job template "{{ template_name }}"
ansible.builtin.include_role:
name: infra.aap_configuration.controller_job_launch
vars:
controller_launch_jobs:
- name: "{{ template_name }}"
organization: "{{ organization }}"
extra_vars:
instances: "{{ inventory_hostname }}"
buildingblock: "{{ template_name }}"
wait: true
register: job
The following vars will be needed by the collection to be able to login to rhaap and start the template:
aap_hostname: <hostname of controller>
aap_username: <username>
aap_password: <password>
or
aap_token: <oauth2 token>