Merge pull request #956 from Cl0udius/add_auto_upgrade_parameter

added auto_upgrade flag
2026-05-08 22:33:35 +00:00 · 2022-06-27 13:39:11 -04:00
parent 801f392447 35d4954027
commit 34b6354001
5 changed files with 144 additions and 85 deletions
--- a/README.md
+++ b/README.md
@@ -45,6 +45,8 @@ An [Ansible AWX](https://github.com/ansible/awx) operator for Kubernetes built w
         * [Session Cookie Secure Setting](#session-cookie-secure-setting)
         * [Extra Settings](#extra-settings)
         * [Configure no_log](#no-log)
         * [Auto Upgrade](#auto-upgrade)
            * [Upgrade of instances without auto upgrade](#upgrade-of-instances-without-auto-upgrade)
         * [Service Account](#service-account)
      * [Uninstall](#uninstall)
      * [Upgrading](#upgrading)
@@ -1036,6 +1038,42 @@ Example configuration of `no_log` parameter
    no_log: 'true'
 ```
 #### Auto upgrade
 With this parameter you can influence the behaviour during an operator upgrade.  
 If set to `true`, the operator will upgrade the specific instance directly.  
 When the value is set to `false`, and we have a running deployment, the operator will not update the AWX instance.  
 This can be useful when you have multiple AWX instances which you want to upgrade step by step instead of all at once.  
 | Name         | Description                        | Default |
 | -------------| ---------------------------------- | ------- |
 | auto_upgrade | Automatic upgrade of AWX instances | true    |
 Example configuration of `auto_upgrade` parameter
 ```yaml
  spec:
    auto_upgrade: true
 ```
 ##### Upgrade of instances without auto upgrade
 There are two ways to upgrade instances which are marked with the 'auto_upgrade: false' flag.  
 Changing flags:
 - change the auto_upgrade flag on your AWX object to true  
 - wait until the upgrade process of that instance is finished
 - change the auto_upgrade flag on your AWX object back to false  
 Delete the deployment:
 - delete the deployment object of your AWX instance  
 ```
 $ kubectl -n awx delete deployment <yourInstanceName> 
 ```
 - wait until the instance gets redeployed  
 #### Service Account
--- a/config/crd/bases/awx.ansible.com_awxs.yaml
+++ b/config/crd/bases/awx.ansible.com_awxs.yaml
@@ -489,6 +489,10 @@ spec:
                  description: Key/values that will be set under the pod-level securityContext field
                  type: object
                  x-kubernetes-preserve-unknown-fields: true
                auto_upgrade:
                  description: Should AWX instances be automatically upgraded when operator gets upgraded
                  type: boolean
                  default: true
              type: object
            status:
              properties:
--- a/roles/installer/defaults/main.yml
+++ b/roles/installer/defaults/main.yml
@@ -284,3 +284,7 @@ security_context_settings: {}
 # Set no_log settings on certain tasks
 no_log: 'true'
 # Should AWX instances be automatically upgraded when operator gets upgraded
 #
 auto_upgrade: true
--- a/roles/installer/tasks/install.yml
+++ b/roles/installer/tasks/install.yml
@@ -0,0 +1,88 @@
 ---
 - name: Patching labels to AWX kind
  k8s:
    state: present
    definition:
      apiVersion: '{{ api_version }}'
      kind: '{{ kind }}'
      name: '{{ ansible_operator_meta.name }}'
      namespace: '{{ ansible_operator_meta.namespace }}'
      metadata:
        name: '{{ ansible_operator_meta.name }}'
        namespace: '{{ ansible_operator_meta.namespace }}'
        labels:
          app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
          app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
          app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
          app.kubernetes.io/component: '{{ deployment_type }}'
          app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
 - name: Include secret key configuration tasks
  include_tasks: secret_key_configuration.yml
 - name: Load LDAP CAcert certificate
  include_tasks: load_ldap_cacert_secret.yml
  when:
    - ldap_cacert_secret != ''
 - name: Load ldap bind password
  include_tasks: load_ldap_password_secret.yml
  when:
    - ldap_password_secret != ''
 - name: Load bundle certificate authority certificate
  include_tasks: load_bundle_cacert_secret.yml
  when:
    - bundle_cacert_secret != ''
 - name: Include admin password configuration tasks
  include_tasks: admin_password_configuration.yml
 - name: Include broadcast websocket configuration tasks
  include_tasks: broadcast_websocket_configuration.yml
 - name: Include set_images tasks
  include_tasks: set_images.yml
 - name: Include database configuration tasks
  include_tasks: database_configuration.yml
 - name: Load Route TLS certificate
  include_tasks: load_route_tls_secret.yml
  when:
    - ingress_type | lower == 'route'
    - route_tls_secret != ''
 - name: Include resources configuration tasks
  include_tasks: resources_configuration.yml
 - name: Check for pending migrations
  k8s_exec:
    namespace: "{{ ansible_operator_meta.namespace }}"
    pod: "{{ tower_pod_name }}"
    container: "{{ ansible_operator_meta.name }}-task"
    command: >-
      bash -c "awx-manage showmigrations | grep -v '[X]' | grep '[ ]' | wc -l"
  changed_when: false
  register: database_check
 - name: Migrate the database if the K8s resources were updated.  # noqa 305
  k8s_exec:
    namespace: "{{ ansible_operator_meta.namespace }}"
    pod: "{{ tower_pod_name }}"
    container: "{{ ansible_operator_meta.name }}-task"
    command: >-
      bash -c "awx-manage migrate --noinput"
  register: migrate_result
  when:
    - database_check is defined
    - (database_check.stdout|trim) != '0'
 - name: Initialize Django
  include_tasks: initialize_django.yml
 - name: Update status variables
  include_tasks: update_status.yml
 - name: Cleanup & Set garbage collection refs
  include_tasks: cleanup.yml
--- a/roles/installer/tasks/main.yml
+++ b/roles/installer/tasks/main.yml
@@ -1,88 +1,13 @@
 ---
- name: Patching labels to AWX kind
+- name: Check for presence of Deployment
-  k8s:
+  k8s_info:
-    state: present
+    api_version: v1
-    definition:
+    kind: Deployment
-      apiVersion: '{{ api_version }}'
+    name: "{{ ansible_operator_meta.name }}"
      kind: '{{ kind }}'
      name: '{{ ansible_operator_meta.name }}'
      namespace: '{{ ansible_operator_meta.namespace }}'
      metadata:
        name: '{{ ansible_operator_meta.name }}'
        namespace: '{{ ansible_operator_meta.namespace }}'
        labels:
          app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
          app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
          app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
          app.kubernetes.io/component: '{{ deployment_type }}'
          app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
 - name: Include secret key configuration tasks
  include_tasks: secret_key_configuration.yml
 - name: Load LDAP CAcert certificate
  include_tasks: load_ldap_cacert_secret.yml
  when:
    - ldap_cacert_secret != ''
 - name: Load ldap bind password
  include_tasks: load_ldap_password_secret.yml
  when:
    - ldap_password_secret != ''
 - name: Load bundle certificate authority certificate
  include_tasks: load_bundle_cacert_secret.yml
  when:
    - bundle_cacert_secret != ''
 - name: Include admin password configuration tasks
  include_tasks: admin_password_configuration.yml
 - name: Include broadcast websocket configuration tasks
  include_tasks: broadcast_websocket_configuration.yml
 - name: Include set_images tasks
  include_tasks: set_images.yml
 - name: Include database configuration tasks
  include_tasks: database_configuration.yml
 - name: Load Route TLS certificate
  include_tasks: load_route_tls_secret.yml
  when:
    - ingress_type | lower == 'route'
    - route_tls_secret != ''
 - name: Include resources configuration tasks
  include_tasks: resources_configuration.yml
 - name: Check for pending migrations
  k8s_exec:
    namespace: "{{ ansible_operator_meta.namespace }}"
-    pod: "{{ tower_pod_name }}"
+  register: tower_deployment
    container: "{{ ansible_operator_meta.name }}-task"
    command: >-
      bash -c "awx-manage showmigrations | grep -v '[X]' | grep '[ ]' | wc -l"
  changed_when: false
  register: database_check
- name: Migrate the database if the K8s resources were updated.  # noqa 305
+# Just execute deployment steps when auto_upgrade is true or when no deployment exists
-  k8s_exec:
+- name: Start installation
-    namespace: "{{ ansible_operator_meta.namespace }}"
+  include_tasks: install.yml
-    pod: "{{ tower_pod_name }}"
+  when: (tower_deployment['resources'] | length > 0 and auto_upgrade | bool ) or (tower_deployment['resources'] | length == 0)
    container: "{{ ansible_operator_meta.name }}-task"
    command: >-
      bash -c "awx-manage migrate --noinput"
  register: migrate_result
  when:
    - database_check is defined
    - (database_check.stdout|trim) != '0'
 - name: Initialize Django
  include_tasks: initialize_django.yml
 - name: Update status variables
  include_tasks: update_status.yml
 - name: Cleanup & Set garbage collection refs
  include_tasks: cleanup.yml