From 05943687fe9dddff1b9316737e116986b2a46356 Mon Sep 17 00:00:00 2001 From: Viviana Capote Date: Fri, 10 Jun 2022 13:09:48 +1000 Subject: [PATCH] Added option to also delete backup directory on PVC when AWXBackup CRD object is deleted --- .../awxbackup.ansible.com_awxbackups.yaml | 3 ++ projects/.gitkeep | 0 roles/backup/README.md | 5 ++ roles/backup/defaults/main.yml | 6 +++ roles/backup/tasks/creation.yml | 47 +++++++++++++++++ roles/backup/tasks/delete_backup.yml | 7 +++ roles/backup/tasks/finalizer.yml | 19 +++++++ roles/backup/tasks/init.yml | 5 +- roles/backup/tasks/main.yml | 51 +++---------------- watches.yaml | 5 ++ 10 files changed, 100 insertions(+), 48 deletions(-) mode change 100755 => 100644 projects/.gitkeep create mode 100644 roles/backup/tasks/creation.yml create mode 100644 roles/backup/tasks/delete_backup.yml create mode 100644 roles/backup/tasks/finalizer.yml diff --git a/config/crd/bases/awxbackup.ansible.com_awxbackups.yaml b/config/crd/bases/awxbackup.ansible.com_awxbackups.yaml index e64b5c3b..2a36f34f 100644 --- a/config/crd/bases/awxbackup.ansible.com_awxbackups.yaml +++ b/config/crd/bases/awxbackup.ansible.com_awxbackups.yaml @@ -43,6 +43,9 @@ spec: backup_storage_class: description: Storage class to use when creating PVC for backup type: string + clean_backup_on_delete: + description: Flag to indicate if backup should be deleted on PVC if AWXBackup object is deleted + type: boolean postgres_label_selector: description: Label selector used to identify postgres pod for backing up data type: string diff --git a/projects/.gitkeep b/projects/.gitkeep old mode 100755 new mode 100644 diff --git a/roles/backup/README.md b/roles/backup/README.md index 96ee2ad2..6712fc7d 100644 --- a/roles/backup/README.md +++ b/roles/backup/README.md @@ -74,7 +74,12 @@ To check the name of this secret, look at the postgresConfigurationSecret status The postgresql pod for the old deployment is used when backing up data to the new postgresql pod. If your postgresql pod has a custom label, you can pass that via the `postgres_label_selector` variable to make sure the postgresql pod can be found. +It is also possible to tie the lifetime of the backup files to that of the AWXBackup resource object. To do that you can set the +`clean_backup_on_delete` value to true. This will delete the `backupDirectory` on the pvc associated with the AWXBackup object deleted. +``` +clean_backup_on_delete: true +``` Testing ---------------- diff --git a/roles/backup/defaults/main.yml b/roles/backup/defaults/main.yml index faf7f72f..e0ffa867 100644 --- a/roles/backup/defaults/main.yml +++ b/roles/backup/defaults/main.yml @@ -13,3 +13,9 @@ backup_storage_requirements: '' # Set no_log settings on certain tasks no_log: 'true' + +# Variable to set when you want backups to be cleaned up when the CRD object is deleted +clean_backup_on_delete: false + +# Variable to signal that this role is being run as a finalizer +finalizer_run: false diff --git a/roles/backup/tasks/creation.yml b/roles/backup/tasks/creation.yml new file mode 100644 index 00000000..d4e5b240 --- /dev/null +++ b/roles/backup/tasks/creation.yml @@ -0,0 +1,47 @@ +--- +- name: Patching labels to {{ kind }} kind + k8s: + state: present + definition: + apiVersion: "{{ api_version }}" + kind: "{{ kind }}" + name: "{{ ansible_operator_meta.name }}" + namespace: "{{ ansible_operator_meta.namespace }}" + metadata: + name: "{{ ansible_operator_meta.name }}" + namespace: "{{ ansible_operator_meta.namespace }}" + labels: + app.kubernetes.io/name: "{{ ansible_operator_meta.name }}" + app.kubernetes.io/part-of: "{{ ansible_operator_meta.name }}" + app.kubernetes.io/managed-by: "{{ deployment_type }}-operator" + app.kubernetes.io/component: "{{ deployment_type }}" + app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' + +- name: Look up details for this backup object + k8s_info: + api_version: "{{ api_version }}" + kind: "{{ kind }}" + name: "{{ ansible_operator_meta.name }}" + namespace: "{{ ansible_operator_meta.namespace }}" + register: this_backup + +- block: + - include_tasks: init.yml + + - include_tasks: postgres.yml + + - include_tasks: awx-cro.yml + + - include_tasks: secrets.yml + + - name: Set flag signifying this backup was successful + set_fact: + backup_complete: true + + - include_tasks: cleanup.yml + + when: + - this_backup['resources'][0]['status']['backupDirectory'] is not defined + +- name: Update status variables + include_tasks: update_status.yml diff --git a/roles/backup/tasks/delete_backup.yml b/roles/backup/tasks/delete_backup.yml new file mode 100644 index 00000000..4a2e5bf5 --- /dev/null +++ b/roles/backup/tasks/delete_backup.yml @@ -0,0 +1,7 @@ +--- +- name: Cleanup backup associated with this option if enabled + k8s_exec: + namespace: "{{ backup_pvc_namespace }}" + pod: "{{ ansible_operator_meta.name }}-db-management" + command: >- + bash -c 'rm -rf {{ backup_dir }}' diff --git a/roles/backup/tasks/finalizer.yml b/roles/backup/tasks/finalizer.yml new file mode 100644 index 00000000..67d6a5d4 --- /dev/null +++ b/roles/backup/tasks/finalizer.yml @@ -0,0 +1,19 @@ +--- +- name: Look up details for this backup object + k8s_info: + api_version: "{{ api_version }}" + kind: "{{ kind }}" + name: "{{ ansible_operator_meta.name }}" + namespace: "{{ ansible_operator_meta.namespace }}" + register: this_backup + +- block: + - include_tasks: init.yml + + - include_tasks: delete_backup.yml + + - include_tasks: cleanup.yml + vars: + backup_dir: "{{ this_backup['resources'][0]['status']['backupDirectory'] }}" + when: + - clean_backup_on_delete and backup_dir is defined diff --git a/roles/backup/tasks/init.yml b/roles/backup/tasks/init.yml index 56abac4c..6061346e 100644 --- a/roles/backup/tasks/init.yml +++ b/roles/backup/tasks/init.yml @@ -1,5 +1,4 @@ --- - - name: Delete any existing management pod k8s: name: "{{ ansible_operator_meta.name }}-db-management" @@ -57,8 +56,8 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: '{{ deployment_name }}-backup-claim' - namespace: '{{ backup_pvc_namespace }}' + name: "{{ deployment_name }}-backup-claim" + namespace: "{{ backup_pvc_namespace }}" ownerReferences: null when: - backup_pvc == '' or backup_pvc is not defined diff --git a/roles/backup/tasks/main.yml b/roles/backup/tasks/main.yml index b2573929..77e7e69c 100644 --- a/roles/backup/tasks/main.yml +++ b/roles/backup/tasks/main.yml @@ -1,47 +1,8 @@ --- -- name: Patching labels to {{ kind }} kind - k8s: - state: present - definition: - apiVersion: '{{ api_version }}' - kind: '{{ kind }}' - name: '{{ ansible_operator_meta.name }}' - namespace: '{{ ansible_operator_meta.namespace }}' - metadata: - name: '{{ ansible_operator_meta.name }}' - namespace: '{{ ansible_operator_meta.namespace }}' - labels: - app.kubernetes.io/name: '{{ ansible_operator_meta.name }}' - app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' - app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' - app.kubernetes.io/component: '{{ deployment_type }}' - app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' +- name: Run creation tasks + include_tasks: creation.yml + when: not finalizer_run -- name: Look up details for this backup object - k8s_info: - api_version: "{{ api_version }}" - kind: "{{ kind }}" - name: "{{ ansible_operator_meta.name }}" - namespace: "{{ ansible_operator_meta.namespace }}" - register: this_backup - -- block: - - include_tasks: init.yml - - - include_tasks: postgres.yml - - - include_tasks: awx-cro.yml - - - include_tasks: secrets.yml - - - name: Set flag signifying this backup was successful - set_fact: - backup_complete: true - - - include_tasks: cleanup.yml - - when: - - this_backup['resources'][0]['status']['backupDirectory'] is not defined - -- name: Update status variables - include_tasks: update_status.yml +- name: Run finalizer tasks + include_tasks: finalizer.yml + when: finalizer_run diff --git a/watches.yaml b/watches.yaml index 1ffb988b..4cca48b7 100644 --- a/watches.yaml +++ b/watches.yaml @@ -11,6 +11,11 @@ kind: AWXBackup role: backup snakeCaseParameters: False + finalizer: + name: awx.ansible.com/finalizer + role: backup + vars: + finalizer_run: true - version: v1beta1 group: awx.ansible.com