internet/awx-operator
3
0
Fork 0
mirror of https://github.com/ansible/awx-operator.git synced 2026-03-26 21:33:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove unneeded fqcn for modules & fix CI

Browse Source
This commit is contained in:
Christian M. Adams
2021-04-08 11:20:56 -04:00
parent ce8c58f542
commit 2cbf60fa17
20 changed files with 198 additions and 208 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
ansible/templates/awx-operator.yaml.j2
View File

@@ -3,6 +3,10 @@
# Update templates under ansible/templates/
{% include 'crd.yml.j2' %}
{% include 'awxbackup_crd.yml.j2' %}
{% include 'awxrestore_crd.yml.j2' %}
{% include 'role.yml.j2' %}
{% include 'role_binding.yml.j2' %}
@@ -10,9 +14,3 @@
{% include 'service_account.yml.j2' %}
{% include 'operator.yml.j2' %}
{% include 'crd.yml.j2' %}
{% include 'awxbackup_crd.yml.j2' %}
{% include 'awxbackup_crd.yml.j2' %}

323
deploy/awx-operator.yaml
View File

@@ -1,155 +1,5 @@
# This file is generated by Ansible. Changes will be lost.
# Update templates under ansible/templates/
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: awx-operator
rules:
- apiGroups:
- route.openshift.io
resources:
- routes
- routes/custom-host
verbs:
- '*'
- apiGroups:
- ""
- "rbac.authorization.k8s.io"
resources:
- pods
- services
- services/finalizers
- serviceaccounts
- endpoints
- persistentvolumeclaims
- events
- configmaps
- secrets
- roles
- rolebindings
verbs:
- '*'
- apiGroups:
- apps
- extensions
resources:
- deployments
- daemonsets
- replicasets
- statefulsets
- ingresses
verbs:
- '*'
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
- apiGroups:
- apps
resourceNames:
- awx-operator
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- apps
resources:
- deployments/scale
verbs:
- patch
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- get
- apiGroups:
- apps
resources:
- replicasets
verbs:
- get
- apiGroups:
- awx.ansible.com
resources:
- '*'
- awxbackups
verbs:
- '*'
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: awx-operator
subjects:
- kind: ServiceAccount
name: awx-operator
namespace: default
roleRef:
kind: ClusterRole
name: awx-operator
apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: awx-operator
namespace: default
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: awx-operator
spec:
replicas: 1
selector:
matchLabels:
name: awx-operator
template:
metadata:
labels:
name: awx-operator
spec:
serviceAccountName: awx-operator
containers:
- name: awx-operator
image: "quay.io/ansible/awx-operator:0.7.0"
imagePullPolicy: "Always"
volumeMounts:
- mountPath: /tmp/ansible-operator/runner
name: runner
env:
# Watch all namespaces (cluster-scoped).
- name: WATCH_NAMESPACE
value: ""
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: OPERATOR_NAME
value: awx-operator
- name: ANSIBLE_GATHERING
value: explicit
livenessProbe:
httpGet:
path: /healthz
port: 6789
initialDelaySeconds: 15
periodSeconds: 20
volumes:
- name: runner
emptyDir: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
@@ -561,7 +411,6 @@ spec:
description: Name of the PVC to be used for storing the backup
type: string
tower_backup_pvc_namespace:
default: 'default'
description: Namespace PVC is in
type: string
tower_backup_size:
@@ -589,14 +438,14 @@ spec:
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awxbackups.awx.ansible.com
name: awxrestores.awx.ansible.com
spec:
group: awx.ansible.com
names:
kind: AWXBackup
listKind: AWXBackupList
plural: awxbackups
singular: awxbackup
kind: AWXRestore
listKind: AWXRestoreList
plural: awxrestores
singular: awxrestore
scope: Namespaced
versions:
- name: v1beta1
@@ -614,20 +463,16 @@ spec:
type: object
properties:
tower_name:
description: Name of the deployment to be backed up
description: Name of the deployment to be restored to
type: string
tower_backup_pvc:
description: Name of the PVC to be used for storing the backup
type: string
tower_backup_pvc_namespace:
default: 'default'
description: Namespace PVC is in
type: string
tower_backup_size:
description: Size of PVC
type: string
tower_backup_storage_class:
description: Storage class to use when creating PVC for backup
tower_backup_dir:
description: Backup directory name, a status found on the awxbackup object (towerBackupComplete)
type: string
tower_secret_key_secret:
description: Custom secret_key secret name
@@ -642,4 +487,154 @@ spec:
description: Custom postgres_configuration secret name
type: string
oneOf:
- required: ["tower_name"]
- required: ["tower_name", "tower_backup_pvc"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: awx-operator
rules:
- apiGroups:
- route.openshift.io
resources:
- routes
- routes/custom-host
verbs:
- '*'
- apiGroups:
- ""
- "rbac.authorization.k8s.io"
resources:
- pods
- services
- services/finalizers
- serviceaccounts
- endpoints
- persistentvolumeclaims
- events
- configmaps
- secrets
- roles
- rolebindings
verbs:
- '*'
- apiGroups:
- apps
- extensions
resources:
- deployments
- daemonsets
- replicasets
- statefulsets
- ingresses
verbs:
- '*'
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
- apiGroups:
- apps
resourceNames:
- awx-operator
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- apps
resources:
- deployments/scale
verbs:
- patch
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- get
- apiGroups:
- apps
resources:
- replicasets
verbs:
- get
- apiGroups:
- awx.ansible.com
resources:
- '*'
- awxbackups
verbs:
- '*'
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: awx-operator
subjects:
- kind: ServiceAccount
name: awx-operator
namespace: default
roleRef:
kind: ClusterRole
name: awx-operator
apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: awx-operator
namespace: default
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: awx-operator
spec:
replicas: 1
selector:
matchLabels:
name: awx-operator
template:
metadata:
labels:
name: awx-operator
spec:
serviceAccountName: awx-operator
containers:
- name: awx-operator
image: "quay.io/chadams/awx-operator:new-crd"
imagePullPolicy: "Always"
volumeMounts:
- mountPath: /tmp/ansible-operator/runner
name: runner
env:
# Watch all namespaces (cluster-scoped).
- name: WATCH_NAMESPACE
value: ""
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: OPERATOR_NAME
value: awx-operator
- name: ANSIBLE_GATHERING
value: explicit
livenessProbe:
httpGet:
path: /healthz
port: 6789
initialDelaySeconds: 15
periodSeconds: 20
volumes:
- name: runner
emptyDir: {}

2
molecule/default/prepare.yml
View File

@@ -19,7 +19,7 @@
k8s:
definition: "{{ lookup('file', '/'.join([deploy_dir, 'crds/awxbackup_v1beta1_crd.yaml'])) }}"
- name: Create AWXBackup Custom Resource Definition
- name: Create AWXRestore Custom Resource Definition
k8s:
definition: "{{ lookup('file', '/'.join([deploy_dir, 'crds/awxrestore_v1beta1_crd.yaml'])) }}"

2
roles/backup/tasks/awx-cro.yml
View File

@@ -31,7 +31,7 @@
awx_object_template: "{{ lookup('file', '_secrets/awx_object.yml') }}"
- name: Write awx object to pvc
community.kubernetes.k8s_exec:
k8s_exec:
namespace: "{{ tower_backup_pvc_namespace }}"
pod: "{{ meta.name }}-db-management"
command: >-

4
roles/backup/tasks/cleanup.yml
View File

@@ -2,12 +2,12 @@
# After copying secret files to the PVC, delete the local tmp copies
- name: Clean up _secrets directory
ansible.builtin.file:
file:
path: "_secrets"
state: absent
- name: Delete any existing management pod
community.kubernetes.k8s:
k8s:
name: "{{ meta.name }}-db-management"
kind: Pod
namespace: "{{ tower_backup_pvc_namespace }}"

2
roles/backup/tasks/error_handling.yml
View File

@@ -10,7 +10,7 @@
now: '{{ lookup("pipe", "date +%FT%TZ") }}'
- name: Emit ocp event with error
community.kubernetes.k8s:
k8s:
kind: Event
namespace: "{{ meta.namespace }}"
template: "event.yml.j2"

6
roles/backup/tasks/init.yml
View File

@@ -1,7 +1,7 @@
---
- name: Delete any existing management pod
community.kubernetes.k8s:
k8s:
name: "{{ meta.name }}-db-management"
kind: Pod
namespace: "{{ tower_backup_pvc_namespace }}"
@@ -46,14 +46,14 @@
backup_pvc: "{{ tower_backup_pvc | default(_default_backup_pvc, true) }}"
- name: Create PVC for backup
community.kubernetes.k8s:
k8s:
kind: PersistentVolumeClaim
template: "backup_pvc.yml.j2"
when:
- tower_backup_pvc == '' or tower_backup_pvc is not defined
- name: Create management pod from templated deployment config
community.kubernetes.k8s:
k8s:
name: "{{ meta.name }}-db-management"
kind: Deployment
state: present

8
roles/backup/tasks/postgres.yml
View File

@@ -51,21 +51,21 @@
backup_dir: "/backups/tower-openshift-backup-{{ now }}"
- name: Create directory for backup
community.kubernetes.k8s_exec:
k8s_exec:
namespace: "{{ tower_backup_pvc_namespace }}"
pod: "{{ meta.name }}-db-management"
command: >-
mkdir -p {{ backup_dir }}
- name: Precreate file for database dump
community.kubernetes.k8s_exec:
k8s_exec:
namespace: "{{ tower_backup_pvc_namespace }}"
pod: "{{ meta.name }}-db-management"
command: >-
touch {{ backup_dir }}/tower.db
- name: Set permissions on file for database dump
community.kubernetes.k8s_exec:
k8s_exec:
namespace: "{{ tower_backup_pvc_namespace }}"
pod: "{{ meta.name }}-db-management"
command: >-
@@ -81,7 +81,7 @@
-p {{ awx_postgres_port }}
- name: Write pg_dump to backup on PVC
community.kubernetes.k8s_exec:
k8s_exec:
namespace: "{{ tower_backup_pvc_namespace }}"
pod: "{{ meta.name }}-db-management"
command: >-

8
roles/backup/tasks/secrets.yml
View File

@@ -28,7 +28,7 @@
secret_key_template: "{{ lookup('file', '_secrets/secret_key_secret.yml') }}"
- name: Write secret_key to pvc
community.kubernetes.k8s_exec:
k8s_exec:
namespace: "{{ tower_backup_pvc_namespace }}"
pod: "{{ meta.name }}-db-management"
command: >-
@@ -56,7 +56,7 @@
admin_password_template: "{{ lookup('file', '_secrets/admin_password_secret.yml') }}"
- name: Write secret_key to pvc
community.kubernetes.k8s_exec:
k8s_exec:
namespace: "{{ tower_backup_pvc_namespace }}"
pod: "{{ meta.name }}-db-management"
command: >-
@@ -84,7 +84,7 @@
broadcast_websocket_template: "{{ lookup('file', '_secrets/broadcast_websocket_secret.yml') }}"
- name: Write broadcast_websocket definition to pvc
community.kubernetes.k8s_exec:
k8s_exec:
namespace: "{{ tower_backup_pvc_namespace }}"
pod: "{{ meta.name }}-db-management"
command: >-
@@ -117,7 +117,7 @@
postgres_secret_template: "{{ lookup('file', '_secrets/postgres_secret.yml') }}"
- name: Write postgres configuration to pvc
community.kubernetes.k8s_exec:
k8s_exec:
namespace: "{{ tower_backup_pvc_namespace }}"
pod: "{{ meta.name }}-db-management"
command: >-

6
roles/installer/tasks/initialize_django.yml
View File

@@ -1,6 +1,6 @@
---
- name: Check if there are any super users defined.
community.kubernetes.k8s_exec:
k8s_exec:
namespace: "{{ meta.namespace }}"
pod: "{{ tower_pod_name }}"
container: "{{ meta.name }}-task"
@@ -14,7 +14,7 @@
changed_when: users_result.return_code > 0
- name: Create super user via Django if it doesn't exist.
community.kubernetes.k8s_exec:
k8s_exec:
namespace: "{{ meta.namespace }}"
pod: "{{ tower_pod_name }}"
container: "{{ meta.name }}-task"
@@ -25,7 +25,7 @@
when: users_result.return_code > 0
- name: Create preload data if necessary. # noqa 305
community.kubernetes.k8s_exec:
k8s_exec:
namespace: "{{ meta.namespace }}"
pod: "{{ tower_pod_name }}"
container: "{{ meta.name }}-task"

2
roles/installer/tasks/load_ldap_cacert_secret.yml
View File

@@ -1,6 +1,6 @@
---
- name: Retrieve LDAP CA Certificate Secret
community.kubernetes.k8s_info:
k8s_info:
kind: Secret
namespace: '{{ meta.namespace }}'
name: '{{ ldap_cacert_secret }}'

2
roles/installer/tasks/load_route_tls_secret.yml
View File

@@ -1,6 +1,6 @@
---
- name: Retrieve Route TLS Secret
community.kubernetes.k8s_info:
k8s_info:
kind: Secret
namespace: '{{ meta.namespace }}'
name: '{{ tower_route_tls_secret }}'

2
roles/installer/tasks/migrate_data.yml
View File

@@ -44,7 +44,7 @@
-p {{ awx_postgres_port }}
- name: Stream backup from pg_dump to the new postgresql container
community.kubernetes.k8s_exec:
k8s_exec:
namespace: "{{ meta.namespace }}"
pod: "{{ postgres_pod_name }}"
command: |

4
roles/installer/tasks/update_status.yml
View File

@@ -18,7 +18,7 @@
towerAdminUser: "{{ tower_admin_user }}"
- name: Retrieve instance version
community.kubernetes.k8s_exec:
k8s_exec:
namespace: "{{ meta.namespace }}"
pod: "{{ tower_pod_name }}"
container: "{{ meta.name }}-task"
@@ -47,7 +47,7 @@
- block:
- name: Retrieve route URL
community.kubernetes.k8s_info:
k8s_info:
kind: Route
namespace: '{{ meta.namespace }}'
name: '{{ meta.name }}'

2
roles/restore/tasks/apply_secret.yml
View File

@@ -1,7 +1,7 @@
---
- name: Get secret definition from pvc
community.kubernetes.k8s_exec:
k8s_exec:
namespace: "{{ tower_backup_pvc_namespace }}"
pod: "{{ meta.name }}-db-management"
command: >-

4
roles/restore/tasks/cleanup.yml
View File

@@ -1,12 +1,12 @@
---
- name: Clean up _secrets directory
ansible.builtin.file:
file:
path: "_definitions"
state: absent
- name: Delete any existing management pod
community.kubernetes.k8s:
k8s:
name: "{{ meta.name }}-db-management"
kind: Pod
namespace: "{{ tower_backup_pvc_namespace }}"

2
roles/restore/tasks/error_handling.yml
View File

@@ -10,7 +10,7 @@
now: '{{ lookup("pipe", "date +%FT%TZ") }}'
- name: Emit ocp event with error
community.kubernetes.k8s:
k8s:
kind: Event
namespace: "{{ meta.namespace }}"
template: "event.yml.j2"

9
roles/restore/tasks/init.yml
View File

@@ -35,7 +35,7 @@
- provided_pvc.resources | length == 0
- name: Delete any existing management pod
community.kubernetes.k8s:
k8s:
name: "{{ meta.name }}-db-management"
kind: Pod
namespace: "{{ tower_backup_pvc_namespace }}"
@@ -44,7 +44,7 @@
wait: true
- name: Create management pod from templated deployment config
community.kubernetes.k8s:
k8s:
name: "{{ meta.name }}-db-management"
kind: Deployment
state: present
@@ -52,16 +52,13 @@
wait: true
- name: Check to make sure backup directory exists on PVC
community.kubernetes.k8s_exec:
k8s_exec:
namespace: "{{ tower_backup_pvc_namespace }}"
pod: "{{ meta.name }}-db-management"
command: >-
bash -c "stat {{ tower_backup_dir }}"
register: stat_backup_dir
- debug:
msg: "{{stat_backup_dir}}"
- name: Error if backup dir is missing
block:
- name: Set error message

6
roles/restore/tasks/init_awx.yml
View File

@@ -1,7 +1,7 @@
---
- name: Get AWX object definition from pvc
community.kubernetes.k8s_exec:
k8s_exec:
namespace: "{{ tower_backup_pvc_namespace }}"
pod: "{{ meta.name }}-db-management"
command: >-
@@ -22,10 +22,10 @@
apply: yes
wait: yes
template: "_definitions/awx_object.yml.j2"
wait: true
# TODO: The awx object and secrets need to be applied from the awx-operator, because that is where the service account is?. So we will need to either copy them over or pipe them into a template command
# TODO: The awx object and secrets need to be applied from the awx-operator, because that is where the service account is?
# So we will need to either copy them over or pipe them into a template command
# TODO: Add logic to allow users to provide override values here,
# or to specify spec values that were not in the backed up AWX object.

2
roles/restore/tasks/postgres.yml
View File

@@ -67,7 +67,7 @@
-p {{ awx_postgres_port }}
- name: Restore database dump to the new postgresql container
community.kubernetes.k8s_exec:
k8s_exec:
namespace: "{{ meta.namespace }}"
pod: "{{ postgres_pod_name }}"
command: |