Automation HubæŽ¥ç¶šã«ä½¿ç”¨ã™ã‚‹ã‚ªãƒ•ãƒ©ã‚¤ãƒ³ãƒˆãƒ¼ã‚¯ãƒ³æœŸé™åˆ‡ã‚Œé˜²æ¢ã®Playbookä½œæˆ

Automation HubæŽ¥ç¶šã«ä½¿ç”¨ã™ã‚‹ã‚ªãƒ•ãƒ©ã‚¤ãƒ³ãƒˆãƒ¼ã‚¯ãƒ³ã¯30æ—¥é–“ã‚¢ã‚¯ãƒ†ã‚£ãƒ–ã§ãªã„çŠ¶æ…‹ãŒç¶šãã¨æœŸé™åˆ‡ã‚Œã¨ãªã£ã¦ã—ã¾ã†ã€‚
å…¬å¼ã§ã¯curlã‚³ãƒžãƒ³ãƒ‰ã‚’å®Ÿè¡Œã™ã‚‹ã¨è¨˜è¼‰ãŒã‚ã‚‹ãŒã©ã†ã›ãªã‚‰Playbookã«ã—ã¦ã¿ã‚‹

æ¦‚è¦

å…¬å¼ã§æä¾›ã•ã‚Œã‚‹curlã‚³ãƒžãƒ³ãƒ‰ã‚’ã‚‚ã¨ã«uriãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ã‚’ä½¿ç”¨ã—ãŸPlaybookã‚µãƒ³ãƒ—ãƒ«ã‚’ä½œæˆ

ç’°å¢ƒ

ansible
- 2.14.2

ã‚ªãƒ•ãƒ©ã‚¤ãƒ³ãƒˆãƒ¼ã‚¯ãƒ³æœŸé™åˆ‡ã‚Œé˜²æ¢ã®Playbookä½œæˆ

Red Hatå…¬å¼ã‚µã‚¤ãƒˆã§æä¾›ã•ã‚Œã‚‹curlã‚³ãƒžãƒ³ãƒ‰

Private Automation Hubã‹ã‚‰Automation Hubã«ã‚¢ã‚¯ã‚»ã‚¹ã™ã‚‹ãŸã‚ã®ãƒˆãƒ¼ã‚¯ãƒ³ç™ºè¡Œç”»é¢ã«ã¦æœŸé™åˆ‡ã‚Œé˜²æ¢ã®ãŸã‚ã®curlã‚³ãƒžãƒ³ãƒ‰ãŒç´¹ä»‹ã•ã‚Œã¦ã„ã‚‹
curlã‚³ãƒžãƒ³ãƒ‰

curl https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token -d grant_type=refresh_token -d client_id="cloud-services" -d refresh_token="{{ user_token }}" --fail --silent --show-error --output /dev/null

å®Ÿè¡Œã‚³ãƒžãƒ³ãƒ‰
- ãƒ¬ã‚¹ãƒãƒ³ã‚¹ã¯æ¬²ã—ã„ã®ã§å¾ŒåŠã®ã‚ªãƒ—ã‚·ãƒ§ãƒ³ã‚’çœã

curl https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token -d grant_type=refresh_token -d client_id="cloud-services" -d refresh_token="{{ user_token }}" | python -m json.tool

å®Ÿè¡Œãƒã‚°
- ã‚ªãƒ•ãƒ©ã‚¤ãƒ³ãƒˆãƒ¼ã‚¯ãƒ³ã¨åˆ¥ã®ãƒˆãƒ¼ã‚¯ãƒ³ãŒå‡ºåŠ›ã•ã‚Œã¦ã„ãŸãŒå…¬é–‹ã—ã¦ã„ã„ã®ã‹åˆ†ã‹ã‚‰ãªã„ã®ã§ä¼ã›ã¦ã¾ã™ï½ï½

{
    "access_token": "ã‚ˆãã‚ã‹ã‚‰ãªã„ãƒˆãƒ¼ã‚¯ãƒ³",
    "expires_in": 900,
    "refresh_expires_in": 0,
    "refresh_token": "ã‚ˆãã‚ã‹ã‚‰ãªã„ãƒˆãƒ¼ã‚¯ãƒ³",
    "token_type": "Bearer",
    "id_token": "ã‚ˆãã‚ã‹ã‚‰ãªã„ãƒˆãƒ¼ã‚¯ãƒ³",
    "not-before-policy": 0,
    "session_state": "beb141b6-1b55-4586-9ac7-a0090a201359",
    "scope": "openid api.iam.service_accounts api.iam.organization offline_access"
}

ã‚ªãƒ•ãƒ©ã‚¤ãƒ³ãƒˆãƒ¼ã‚¯ãƒ³æœŸé™åˆ‡ã‚Œé˜²æ¢ã®ã‚µãƒ³ãƒ—ãƒ«Playbookä½œæˆ

Playbook

- hosts: localhost
  gather_facts: false
  connection: local
  vars:
    ah_offline_token: <ã‚ªãƒ•ãƒ©ã‚¤ãƒ³ãƒˆãƒ¼ã‚¯ãƒ³æ›¸ã„ã¦ã>
  tasks:
    - name: "Automation Hub Offline Token Expiration Prevention API"
      ansible.builtin.uri:
        url: "https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token"
        method: POST
        body_format: "form-urlencoded"
        body:
          grant_type: "refresh_token"
          client_id: "cloud-services"
          refresh_token: "{{ ah_offline_token }}"
      register: response

    - name: "Debug response"
      ansible.builtin.debug:
        var: response

å®Ÿè¡Œãƒã‚°

PLAY [localhost] ***********************************************************************************************************************************************************************************************************

TASK [Automation Hub Offline Token Expiration Prevention API] **************************************************************************************************************************************************************
ok: [localhost]

TASK [Debug response] ******************************************************************************************************************************************************************************************************
ok: [localhost] => {
    "response": {
        "cache_control": "no-store",
        "changed": false,
        "connection": "close",
        "content_length": "5660",
        "content_type": "application/json",
        "cookies": {
            "2a4bcc483fa585dc0ad94b51550d0923": "29857b1cb4903eae4c4774926bc13f28"
        },
        "cookies_string": "2a4bcc483fa585dc0ad94b51550d0923=29857b1cb4903eae4c4774926bc13f28",
        "date": "Thu, 06 Apr 2023 12:21:19 GMT",
        "elapsed": 0,
        "failed": false,
        "json": {
            "access_token": "ã‚ˆãã‚ã‹ã‚‰ãªã„ãƒˆãƒ¼ã‚¯ãƒ³",
            "expires_in": 900,
            "id_token": "ã‚ˆãã‚ã‹ã‚‰ãªã„ãƒˆãƒ¼ã‚¯ãƒ³",
            "not-before-policy": 0,
            "refresh_expires_in": 0,
            "refresh_token": "ã‚ˆãã‚ã‹ã‚‰ãªã„ãƒˆãƒ¼ã‚¯ãƒ³",
            "scope": "openid api.iam.service_accounts api.iam.organization offline_access",
            "session_state": "beb141b6-1b55-4586-9ac7-a0090a201359",
            "token_type": "Bearer"
        },
        "keep_alive": "timeout=300",
        "msg": "OK (5660 bytes)",
        "pragma": "no-cache",
        "redirected": false,
        "referrer_policy": "strict-origin",
        "set_cookie": "2a4bcc483fa585dc0ad94b51550d0923=29857b1cb4903eae4c4774926bc13f28; path=/; HttpOnly; Secure; SameSite=None",
        "status": 200,
        "strict_transport_security": "max-age=31536000; includeSubDomains",
        "url": "https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token",
        "x_content_type_options": "nosniff",
        "x_frame_options": "SAMEORIGIN",
        "x_rh_edge_cache_status": "Miss from child, Miss from parent",
        "x_rh_edge_reference_id": "0.2f9e3a17.1680783679.40bfc1bd",
        "x_rh_edge_request_id": "40bfc1bd",
        "x_site": "prod-spoke-aws-us-east-1",
        "x_xss_protection": "1; mode=block"
    }
}

ãƒ¬ã‚¹ãƒãƒ³ã‚¹ãŒãŠãŠã‚€ãåŒã˜ãªã®ã§æˆåŠŸã£ã½ã„(ã‚¹ãƒ†ãƒ¼ã‚¿ã‚¹ã‚‚200)

å‚è€ƒLink

Ansilbe doc - uri module

æ¦‚è¦

ç’°å¢ƒ

ã‚ªãƒ•ãƒ©ã‚¤ãƒ³ãƒˆãƒ¼ã‚¯ãƒ³æœŸé™åˆ‡ã‚Œé˜²æ­¢ã®Playbookä½œæˆ

Red Hatå…¬å¼ã‚µã‚¤ãƒˆã§æä¾›ã•ã‚Œã‚‹curlã‚³ãƒžãƒ³ãƒ‰

ã‚ªãƒ•ãƒ©ã‚¤ãƒ³ãƒˆãƒ¼ã‚¯ãƒ³æœŸé™åˆ‡ã‚Œé˜²æ­¢ã®ã‚µãƒ³ãƒ—ãƒ«Playbookä½œæˆ

å‚è€ƒLink

æ¦‚è¦

ã‚ªãƒ•ãƒ©ã‚¤ãƒ³ãƒˆãƒ¼ã‚¯ãƒ³æœŸé™åˆ‡ã‚Œé˜²æ¢ã®Playbookä½œæˆ

Red Hatå…¬å¼ã‚µã‚¤ãƒˆã§æä¾›ã•ã‚Œã‚‹curlã‚³ãƒžãƒ³ãƒ‰

ã‚ªãƒ•ãƒ©ã‚¤ãƒ³ãƒˆãƒ¼ã‚¯ãƒ³æœŸé™åˆ‡ã‚Œé˜²æ¢ã®ã‚µãƒ³ãƒ—ãƒ«Playbookä½œæˆ

å‚è€ƒLink