diff --git a/ansible/templates/awx-operator.yaml.j2 b/ansible/templates/awx-operator.yaml.j2 index 31fe55b6..21a74d67 100644 --- a/ansible/templates/awx-operator.yaml.j2 +++ b/ansible/templates/awx-operator.yaml.j2 @@ -3,6 +3,10 @@ # Update templates under ansible/templates/ {% include 'crd.yml.j2' %} +{% include 'awxbackup_crd.yml.j2' %} + +{% include 'awxrestore_crd.yml.j2' %} + {% include 'role.yml.j2' %} {% include 'role_binding.yml.j2' %} @@ -10,9 +14,3 @@ {% include 'service_account.yml.j2' %} {% include 'operator.yml.j2' %} - -{% include 'crd.yml.j2' %} - -{% include 'awxbackup_crd.yml.j2' %} - -{% include 'awxbackup_crd.yml.j2' %} diff --git a/deploy/awx-operator.yaml b/deploy/awx-operator.yaml index 109337a2..d5119824 100644 --- a/deploy/awx-operator.yaml +++ b/deploy/awx-operator.yaml @@ -1,155 +1,5 @@ # This file is generated by Ansible. Changes will be lost. # Update templates under ansible/templates/ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - name: awx-operator -rules: - - apiGroups: - - route.openshift.io - resources: - - routes - - routes/custom-host - verbs: - - '*' - - apiGroups: - - "" - - "rbac.authorization.k8s.io" - resources: - - pods - - services - - services/finalizers - - serviceaccounts - - endpoints - - persistentvolumeclaims - - events - - configmaps - - secrets - - roles - - rolebindings - verbs: - - '*' - - apiGroups: - - apps - - extensions - resources: - - deployments - - daemonsets - - replicasets - - statefulsets - - ingresses - verbs: - - '*' - - apiGroups: - - monitoring.coreos.com - resources: - - servicemonitors - verbs: - - get - - create - - apiGroups: - - apps - resourceNames: - - awx-operator - resources: - - deployments/finalizers - verbs: - - update - - apiGroups: - - apps - resources: - - deployments/scale - verbs: - - patch - - apiGroups: - - "" - resources: - - pods/exec - verbs: - - create - - get - - apiGroups: - - apps - resources: - - replicasets - verbs: - - get - - apiGroups: - - awx.ansible.com - resources: - - '*' - - awxbackups - verbs: - - '*' - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: awx-operator -subjects: - - kind: ServiceAccount - name: awx-operator - namespace: default -roleRef: - kind: ClusterRole - name: awx-operator - apiGroup: rbac.authorization.k8s.io - ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: awx-operator - namespace: default - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: awx-operator -spec: - replicas: 1 - selector: - matchLabels: - name: awx-operator - template: - metadata: - labels: - name: awx-operator - spec: - serviceAccountName: awx-operator - containers: - - name: awx-operator - image: "quay.io/ansible/awx-operator:0.7.0" - imagePullPolicy: "Always" - volumeMounts: - - mountPath: /tmp/ansible-operator/runner - name: runner - env: - # Watch all namespaces (cluster-scoped). - - name: WATCH_NAMESPACE - value: "" - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: OPERATOR_NAME - value: awx-operator - - name: ANSIBLE_GATHERING - value: explicit - livenessProbe: - httpGet: - path: /healthz - port: 6789 - initialDelaySeconds: 15 - periodSeconds: 20 - volumes: - - name: runner - emptyDir: {} - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -561,7 +411,6 @@ spec: description: Name of the PVC to be used for storing the backup type: string tower_backup_pvc_namespace: - default: 'default' description: Namespace PVC is in type: string tower_backup_size: @@ -589,14 +438,14 @@ spec: apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: awxbackups.awx.ansible.com + name: awxrestores.awx.ansible.com spec: group: awx.ansible.com names: - kind: AWXBackup - listKind: AWXBackupList - plural: awxbackups - singular: awxbackup + kind: AWXRestore + listKind: AWXRestoreList + plural: awxrestores + singular: awxrestore scope: Namespaced versions: - name: v1beta1 @@ -614,20 +463,16 @@ spec: type: object properties: tower_name: - description: Name of the deployment to be backed up + description: Name of the deployment to be restored to type: string tower_backup_pvc: description: Name of the PVC to be used for storing the backup type: string tower_backup_pvc_namespace: - default: 'default' description: Namespace PVC is in type: string - tower_backup_size: - description: Size of PVC - type: string - tower_backup_storage_class: - description: Storage class to use when creating PVC for backup + tower_backup_dir: + description: Backup directory name, a status found on the awxbackup object (towerBackupComplete) type: string tower_secret_key_secret: description: Custom secret_key secret name @@ -642,4 +487,154 @@ spec: description: Custom postgres_configuration secret name type: string oneOf: - - required: ["tower_name"] + - required: ["tower_name", "tower_backup_pvc"] + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: awx-operator +rules: + - apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - '*' + - apiGroups: + - "" + - "rbac.authorization.k8s.io" + resources: + - pods + - services + - services/finalizers + - serviceaccounts + - endpoints + - persistentvolumeclaims + - events + - configmaps + - secrets + - roles + - rolebindings + verbs: + - '*' + - apiGroups: + - apps + - extensions + resources: + - deployments + - daemonsets + - replicasets + - statefulsets + - ingresses + verbs: + - '*' + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - apiGroups: + - apps + resourceNames: + - awx-operator + resources: + - deployments/finalizers + verbs: + - update + - apiGroups: + - apps + resources: + - deployments/scale + verbs: + - patch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - get + - apiGroups: + - apps + resources: + - replicasets + verbs: + - get + - apiGroups: + - awx.ansible.com + resources: + - '*' + - awxbackups + verbs: + - '*' + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: awx-operator +subjects: + - kind: ServiceAccount + name: awx-operator + namespace: default +roleRef: + kind: ClusterRole + name: awx-operator + apiGroup: rbac.authorization.k8s.io + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: awx-operator + namespace: default + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: awx-operator +spec: + replicas: 1 + selector: + matchLabels: + name: awx-operator + template: + metadata: + labels: + name: awx-operator + spec: + serviceAccountName: awx-operator + containers: + - name: awx-operator + image: "quay.io/chadams/awx-operator:new-crd" + imagePullPolicy: "Always" + volumeMounts: + - mountPath: /tmp/ansible-operator/runner + name: runner + env: + # Watch all namespaces (cluster-scoped). + - name: WATCH_NAMESPACE + value: "" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: awx-operator + - name: ANSIBLE_GATHERING + value: explicit + livenessProbe: + httpGet: + path: /healthz + port: 6789 + initialDelaySeconds: 15 + periodSeconds: 20 + volumes: + - name: runner + emptyDir: {} diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml index 76ce4ad0..118388ea 100644 --- a/molecule/default/prepare.yml +++ b/molecule/default/prepare.yml @@ -19,7 +19,7 @@ k8s: definition: "{{ lookup('file', '/'.join([deploy_dir, 'crds/awxbackup_v1beta1_crd.yaml'])) }}" - - name: Create AWXBackup Custom Resource Definition + - name: Create AWXRestore Custom Resource Definition k8s: definition: "{{ lookup('file', '/'.join([deploy_dir, 'crds/awxrestore_v1beta1_crd.yaml'])) }}" diff --git a/roles/backup/tasks/awx-cro.yml b/roles/backup/tasks/awx-cro.yml index 2c5f93ac..4db2f218 100644 --- a/roles/backup/tasks/awx-cro.yml +++ b/roles/backup/tasks/awx-cro.yml @@ -31,7 +31,7 @@ awx_object_template: "{{ lookup('file', '_secrets/awx_object.yml') }}" - name: Write awx object to pvc - community.kubernetes.k8s_exec: + k8s_exec: namespace: "{{ tower_backup_pvc_namespace }}" pod: "{{ meta.name }}-db-management" command: >- diff --git a/roles/backup/tasks/cleanup.yml b/roles/backup/tasks/cleanup.yml index 3cfc89c9..aa9c6b11 100644 --- a/roles/backup/tasks/cleanup.yml +++ b/roles/backup/tasks/cleanup.yml @@ -2,12 +2,12 @@ # After copying secret files to the PVC, delete the local tmp copies - name: Clean up _secrets directory - ansible.builtin.file: + file: path: "_secrets" state: absent - name: Delete any existing management pod - community.kubernetes.k8s: + k8s: name: "{{ meta.name }}-db-management" kind: Pod namespace: "{{ tower_backup_pvc_namespace }}" diff --git a/roles/backup/tasks/error_handling.yml b/roles/backup/tasks/error_handling.yml index f3361d6c..de1c28ce 100644 --- a/roles/backup/tasks/error_handling.yml +++ b/roles/backup/tasks/error_handling.yml @@ -10,7 +10,7 @@ now: '{{ lookup("pipe", "date +%FT%TZ") }}' - name: Emit ocp event with error - community.kubernetes.k8s: + k8s: kind: Event namespace: "{{ meta.namespace }}" template: "event.yml.j2" diff --git a/roles/backup/tasks/init.yml b/roles/backup/tasks/init.yml index f72e4006..119c68e1 100644 --- a/roles/backup/tasks/init.yml +++ b/roles/backup/tasks/init.yml @@ -1,7 +1,7 @@ --- - name: Delete any existing management pod - community.kubernetes.k8s: + k8s: name: "{{ meta.name }}-db-management" kind: Pod namespace: "{{ tower_backup_pvc_namespace }}" @@ -46,14 +46,14 @@ backup_pvc: "{{ tower_backup_pvc | default(_default_backup_pvc, true) }}" - name: Create PVC for backup - community.kubernetes.k8s: + k8s: kind: PersistentVolumeClaim template: "backup_pvc.yml.j2" when: - tower_backup_pvc == '' or tower_backup_pvc is not defined - name: Create management pod from templated deployment config - community.kubernetes.k8s: + k8s: name: "{{ meta.name }}-db-management" kind: Deployment state: present diff --git a/roles/backup/tasks/postgres.yml b/roles/backup/tasks/postgres.yml index a8eb5ec5..fa065780 100644 --- a/roles/backup/tasks/postgres.yml +++ b/roles/backup/tasks/postgres.yml @@ -51,21 +51,21 @@ backup_dir: "/backups/tower-openshift-backup-{{ now }}" - name: Create directory for backup - community.kubernetes.k8s_exec: + k8s_exec: namespace: "{{ tower_backup_pvc_namespace }}" pod: "{{ meta.name }}-db-management" command: >- mkdir -p {{ backup_dir }} - name: Precreate file for database dump - community.kubernetes.k8s_exec: + k8s_exec: namespace: "{{ tower_backup_pvc_namespace }}" pod: "{{ meta.name }}-db-management" command: >- touch {{ backup_dir }}/tower.db - name: Set permissions on file for database dump - community.kubernetes.k8s_exec: + k8s_exec: namespace: "{{ tower_backup_pvc_namespace }}" pod: "{{ meta.name }}-db-management" command: >- @@ -81,7 +81,7 @@ -p {{ awx_postgres_port }} - name: Write pg_dump to backup on PVC - community.kubernetes.k8s_exec: + k8s_exec: namespace: "{{ tower_backup_pvc_namespace }}" pod: "{{ meta.name }}-db-management" command: >- diff --git a/roles/backup/tasks/secrets.yml b/roles/backup/tasks/secrets.yml index c7b8a520..bab87c52 100644 --- a/roles/backup/tasks/secrets.yml +++ b/roles/backup/tasks/secrets.yml @@ -28,7 +28,7 @@ secret_key_template: "{{ lookup('file', '_secrets/secret_key_secret.yml') }}" - name: Write secret_key to pvc - community.kubernetes.k8s_exec: + k8s_exec: namespace: "{{ tower_backup_pvc_namespace }}" pod: "{{ meta.name }}-db-management" command: >- @@ -56,7 +56,7 @@ admin_password_template: "{{ lookup('file', '_secrets/admin_password_secret.yml') }}" - name: Write secret_key to pvc - community.kubernetes.k8s_exec: + k8s_exec: namespace: "{{ tower_backup_pvc_namespace }}" pod: "{{ meta.name }}-db-management" command: >- @@ -84,7 +84,7 @@ broadcast_websocket_template: "{{ lookup('file', '_secrets/broadcast_websocket_secret.yml') }}" - name: Write broadcast_websocket definition to pvc - community.kubernetes.k8s_exec: + k8s_exec: namespace: "{{ tower_backup_pvc_namespace }}" pod: "{{ meta.name }}-db-management" command: >- @@ -117,7 +117,7 @@ postgres_secret_template: "{{ lookup('file', '_secrets/postgres_secret.yml') }}" - name: Write postgres configuration to pvc - community.kubernetes.k8s_exec: + k8s_exec: namespace: "{{ tower_backup_pvc_namespace }}" pod: "{{ meta.name }}-db-management" command: >- diff --git a/roles/installer/tasks/initialize_django.yml b/roles/installer/tasks/initialize_django.yml index 62849d7e..cb6a6e1b 100644 --- a/roles/installer/tasks/initialize_django.yml +++ b/roles/installer/tasks/initialize_django.yml @@ -1,6 +1,6 @@ --- - name: Check if there are any super users defined. - community.kubernetes.k8s_exec: + k8s_exec: namespace: "{{ meta.namespace }}" pod: "{{ tower_pod_name }}" container: "{{ meta.name }}-task" @@ -14,7 +14,7 @@ changed_when: users_result.return_code > 0 - name: Create super user via Django if it doesn't exist. - community.kubernetes.k8s_exec: + k8s_exec: namespace: "{{ meta.namespace }}" pod: "{{ tower_pod_name }}" container: "{{ meta.name }}-task" @@ -25,7 +25,7 @@ when: users_result.return_code > 0 - name: Create preload data if necessary. # noqa 305 - community.kubernetes.k8s_exec: + k8s_exec: namespace: "{{ meta.namespace }}" pod: "{{ tower_pod_name }}" container: "{{ meta.name }}-task" diff --git a/roles/installer/tasks/load_ldap_cacert_secret.yml b/roles/installer/tasks/load_ldap_cacert_secret.yml index 41667a1b..ebf5fcc2 100644 --- a/roles/installer/tasks/load_ldap_cacert_secret.yml +++ b/roles/installer/tasks/load_ldap_cacert_secret.yml @@ -1,6 +1,6 @@ --- - name: Retrieve LDAP CA Certificate Secret - community.kubernetes.k8s_info: + k8s_info: kind: Secret namespace: '{{ meta.namespace }}' name: '{{ ldap_cacert_secret }}' diff --git a/roles/installer/tasks/load_route_tls_secret.yml b/roles/installer/tasks/load_route_tls_secret.yml index 03b50226..529e5851 100644 --- a/roles/installer/tasks/load_route_tls_secret.yml +++ b/roles/installer/tasks/load_route_tls_secret.yml @@ -1,6 +1,6 @@ --- - name: Retrieve Route TLS Secret - community.kubernetes.k8s_info: + k8s_info: kind: Secret namespace: '{{ meta.namespace }}' name: '{{ tower_route_tls_secret }}' diff --git a/roles/installer/tasks/migrate_data.yml b/roles/installer/tasks/migrate_data.yml index e49b6e91..28604306 100644 --- a/roles/installer/tasks/migrate_data.yml +++ b/roles/installer/tasks/migrate_data.yml @@ -44,7 +44,7 @@ -p {{ awx_postgres_port }} - name: Stream backup from pg_dump to the new postgresql container - community.kubernetes.k8s_exec: + k8s_exec: namespace: "{{ meta.namespace }}" pod: "{{ postgres_pod_name }}" command: | diff --git a/roles/installer/tasks/update_status.yml b/roles/installer/tasks/update_status.yml index ec4b3d54..0b123d9a 100644 --- a/roles/installer/tasks/update_status.yml +++ b/roles/installer/tasks/update_status.yml @@ -18,7 +18,7 @@ towerAdminUser: "{{ tower_admin_user }}" - name: Retrieve instance version - community.kubernetes.k8s_exec: + k8s_exec: namespace: "{{ meta.namespace }}" pod: "{{ tower_pod_name }}" container: "{{ meta.name }}-task" @@ -47,7 +47,7 @@ - block: - name: Retrieve route URL - community.kubernetes.k8s_info: + k8s_info: kind: Route namespace: '{{ meta.namespace }}' name: '{{ meta.name }}' diff --git a/roles/restore/tasks/apply_secret.yml b/roles/restore/tasks/apply_secret.yml index 69e87505..095ac470 100644 --- a/roles/restore/tasks/apply_secret.yml +++ b/roles/restore/tasks/apply_secret.yml @@ -1,7 +1,7 @@ --- - name: Get secret definition from pvc - community.kubernetes.k8s_exec: + k8s_exec: namespace: "{{ tower_backup_pvc_namespace }}" pod: "{{ meta.name }}-db-management" command: >- diff --git a/roles/restore/tasks/cleanup.yml b/roles/restore/tasks/cleanup.yml index e9ea732e..6706916c 100644 --- a/roles/restore/tasks/cleanup.yml +++ b/roles/restore/tasks/cleanup.yml @@ -1,12 +1,12 @@ --- - name: Clean up _secrets directory - ansible.builtin.file: + file: path: "_definitions" state: absent - name: Delete any existing management pod - community.kubernetes.k8s: + k8s: name: "{{ meta.name }}-db-management" kind: Pod namespace: "{{ tower_backup_pvc_namespace }}" diff --git a/roles/restore/tasks/error_handling.yml b/roles/restore/tasks/error_handling.yml index f3361d6c..de1c28ce 100644 --- a/roles/restore/tasks/error_handling.yml +++ b/roles/restore/tasks/error_handling.yml @@ -10,7 +10,7 @@ now: '{{ lookup("pipe", "date +%FT%TZ") }}' - name: Emit ocp event with error - community.kubernetes.k8s: + k8s: kind: Event namespace: "{{ meta.namespace }}" template: "event.yml.j2" diff --git a/roles/restore/tasks/init.yml b/roles/restore/tasks/init.yml index c6a500bb..3a2280c8 100644 --- a/roles/restore/tasks/init.yml +++ b/roles/restore/tasks/init.yml @@ -35,7 +35,7 @@ - provided_pvc.resources | length == 0 - name: Delete any existing management pod - community.kubernetes.k8s: + k8s: name: "{{ meta.name }}-db-management" kind: Pod namespace: "{{ tower_backup_pvc_namespace }}" @@ -44,7 +44,7 @@ wait: true - name: Create management pod from templated deployment config - community.kubernetes.k8s: + k8s: name: "{{ meta.name }}-db-management" kind: Deployment state: present @@ -52,16 +52,13 @@ wait: true - name: Check to make sure backup directory exists on PVC - community.kubernetes.k8s_exec: + k8s_exec: namespace: "{{ tower_backup_pvc_namespace }}" pod: "{{ meta.name }}-db-management" command: >- bash -c "stat {{ tower_backup_dir }}" register: stat_backup_dir -- debug: - msg: "{{stat_backup_dir}}" - - name: Error if backup dir is missing block: - name: Set error message diff --git a/roles/restore/tasks/init_awx.yml b/roles/restore/tasks/init_awx.yml index 47c74322..f3a215c1 100644 --- a/roles/restore/tasks/init_awx.yml +++ b/roles/restore/tasks/init_awx.yml @@ -1,7 +1,7 @@ --- - name: Get AWX object definition from pvc - community.kubernetes.k8s_exec: + k8s_exec: namespace: "{{ tower_backup_pvc_namespace }}" pod: "{{ meta.name }}-db-management" command: >- @@ -22,10 +22,10 @@ apply: yes wait: yes template: "_definitions/awx_object.yml.j2" - wait: true -# TODO: The awx object and secrets need to be applied from the awx-operator, because that is where the service account is?. So we will need to either copy them over or pipe them into a template command +# TODO: The awx object and secrets need to be applied from the awx-operator, because that is where the service account is? +# So we will need to either copy them over or pipe them into a template command # TODO: Add logic to allow users to provide override values here, # or to specify spec values that were not in the backed up AWX object. diff --git a/roles/restore/tasks/postgres.yml b/roles/restore/tasks/postgres.yml index 44acf750..d1e4b980 100644 --- a/roles/restore/tasks/postgres.yml +++ b/roles/restore/tasks/postgres.yml @@ -67,7 +67,7 @@ -p {{ awx_postgres_port }} - name: Restore database dump to the new postgresql container - community.kubernetes.k8s_exec: + k8s_exec: namespace: "{{ meta.namespace }}" pod: "{{ postgres_pod_name }}" command: |