internet/awx-operator
3
0
Fork 0
mirror of https://github.com/ansible/awx-operator.git synced 2026-03-26 21:33:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add secret names as statuses on the AWX object

Browse Source 
- set migrate data status even if custom name for old postgres config is not used
 - Allow users to change pg name, pw & db name for a managed postgres
 - set default value for postgres-configuration type as unmanaged if secret is created
 - Make pg port configurable for managed deployments
This commit is contained in:
Christian M. Adams
2021-04-16 11:07:52 -04:00
parent 90f4d71606
commit 38a6a02f85
11 changed files with 89 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
ansible/templates/crd.yml.j2
View File

@@ -346,7 +346,16 @@ spec:
description: Admin user of the deployed instance
type: string
towerAdminPasswordSecret:
description: Admin password of the deployed instance
description: Admin password secret name of the deployed instance
type: string
towerPostgresConfigurationSecret:
description: Postgres Configuration secret name of the deployed instance
type: string
towerBroadcastWebsocketSecret:
description: Broadcast websocket secret name of the deployed instance
type: string
towerSecretKeySecret:
description: Secret key secret name of the deployed instance
type: string
towerMigratedFromSecret:
description: The secret used for migrating an old Tower.

11
deploy/awx-operator.yaml
View File

@@ -348,7 +348,16 @@ spec:
description: Admin user of the deployed instance
type: string
towerAdminPasswordSecret:
description: Admin password of the deployed instance
description: Admin password secret name of the deployed instance
type: string
towerPostgresConfigurationSecret:
description: Postgres Configuration secret name of the deployed instance
type: string
towerBroadcastWebsocketSecret:
description: Broadcast websocket secret name of the deployed instance
type: string
towerSecretKeySecret:
description: Secret key secret name of the deployed instance
type: string
towerMigratedFromSecret:
description: The secret used for migrating an old Tower.

11
deploy/crds/awx_v1beta1_crd.yaml
View File

@@ -346,7 +346,16 @@ spec:
description: Admin user of the deployed instance
type: string
towerAdminPasswordSecret:
description: Admin password of the deployed instance
description: Admin password secret name of the deployed instance
type: string
towerPostgresConfigurationSecret:
description: Postgres Configuration secret name of the deployed instance
type: string
towerBroadcastWebsocketSecret:
description: Broadcast websocket secret name of the deployed instance
type: string
towerSecretKeySecret:
description: Secret key secret name of the deployed instance
type: string
towerMigratedFromSecret:
description: The secret used for migrating an old Tower.

2
roles/backup/tasks/main.yml
View File

@@ -5,7 +5,7 @@
api_version: '{{ hostvars["localhost"]["inventory_file"].split("/")[4:6] | join("/") }}'
kind: '{{ hostvars["localhost"]["inventory_file"].split("/")[6] }}'
- name: Look up details for this deployment
- name: Look up details for this backup object
k8s_info:
api_version: "{{ api_version }}"
kind: "{{ kind }}"

22
roles/backup/tasks/secrets.yml
View File

@@ -1,10 +1,22 @@
---
- name: Set apiVersion and kind variables
set_fact:
api_version: '{{ hostvars["localhost"]["inventory_file"].split("/")[4:6] | join("/") }}'
- name: Look up details for this deployment
k8s_info:
api_version: "{{ api_version }}"
kind: "AWX" # Find a way to dynamically get this
name: "{{ tower_name }}"
namespace: "{{ meta.namespace }}"
register: this_awx
- name: Get secret_key
k8s_info:
kind: Secret
namespace: '{{ meta.namespace }}'
name: '{{ tower_secret_key_secret }}'
name: "{{ this_awx['resources'][0]['status']['towerSecretKeySecret'] }}"
register: _secret_key
- name: Set secret key
@@ -15,7 +27,7 @@
k8s_info:
kind: Secret
namespace: '{{ meta.namespace }}'
name: '{{ tower_admin_password_secret }}'
name: "{{ this_awx['resources'][0]['status']['towerAdminPasswordSecret'] }}"
register: _admin_password
- name: Set admin_password
@@ -26,7 +38,7 @@
k8s_info:
kind: Secret
namespace: '{{ meta.namespace }}'
name: '{{ tower_broadcast_websocket_secret }}'
name: "{{ this_awx['resources'][0]['status']['towerBroadcastWebsocketSecret'] }}"
register: _broadcast_websocket
- name: Set broadcast_websocket key
@@ -37,7 +49,7 @@
k8s_info:
kind: Secret
namespace: '{{ meta.namespace }}'
name: '{{ tower_postgres_configuration_secret }}'
name: "{{ this_awx['resources'][0]['status']['towerPostgresConfigurationSecret'] }}"
register: _postgres_configuration
- name: Set postgres configuration
@@ -47,7 +59,7 @@
database_name: "{{ _postgres_configuration['resources'][0]['data']['database'] | b64decode }}"
database_port: "{{ _postgres_configuration['resources'][0]['data']['port'] | b64decode }}"
database_host: "{{ _postgres_configuration['resources'][0]['data']['host'] | b64decode }}"
database_type: "{{ _postgres_configuration['resources'][0]['data']['type'] | b64decode | default('unmanaged')}}"
database_type: "{{ _postgres_configuration['resources'][0]['data']['type'] | b64decode | default('unmanaged') }}"
- name: Template secrets into yaml
set_fact:

7
roles/installer/tasks/database_configuration.yml
View File

@@ -100,7 +100,6 @@
definition: "{{ lookup('template', 'tower_postgres.yaml.j2') }}"
when: pg_config['resources'][0]['data']['type'] | default('') | b64decode == 'managed'
- name: Store Database Configuration
set_fact:
awx_postgres_user: "{{ pg_config['resources'][0]['data']['username'] | b64decode }}"
@@ -110,12 +109,6 @@
awx_postgres_host: "{{ pg_config['resources'][0]['data']['host'] | b64decode }}"
awx_postgres_sslmode: "{{ pg_config['resources'][0]['data']['sslmode'] | default('prefer'|b64encode) | b64decode }}"
- name: Create Database if no database is specified
k8s:
apply: true
definition: "{{ lookup('template', 'tower_postgres.yaml.j2') }}"
when:
- pg_config['resources'][0]['data']['type'] | default('') | b64decode == 'managed'
- name: Set apiVersion and kind variables
set_fact:

6
roles/installer/tasks/migrate_data.yml
View File

@@ -1,5 +1,9 @@
---
- name: Set actual old postgres configuration secret name
set_fact:
old_postgres_configuration_name: "{{ old_pg_config['resources'][0]['metadata']['name'] }}"
- name: Store Database Configuration
set_fact:
awx_old_postgres_user: "{{ old_pg_config['resources'][0]['data']['username'] | b64decode }}"
@@ -60,4 +64,4 @@
- name: Set flag signifying that this instance has been migrated
set_fact:
tower_migrated_from_secret: "{{ tower_old_postgres_configuration_secret }}"
tower_migrated_from_secret: "{{ old_postgres_configuration_name }}"

27
roles/installer/tasks/update_status.yml
View File

@@ -17,6 +17,33 @@
status:
towerAdminUser: "{{ tower_admin_user }}"
- name: Update postgres configuration status
operator_sdk.util.k8s_status:
api_version: '{{ api_version }}'
kind: "{{ kind }}"
name: "{{ meta.name }}"
namespace: "{{ meta.namespace }}"
status:
towerPostgresConfigurationSecret: "{{ pg_config['resources'][0]['metadata']['name'] }}"
- name: Update broadcast websocket status
operator_sdk.util.k8s_status:
api_version: '{{ api_version }}'
kind: "{{ kind }}"
name: "{{ meta.name }}"
namespace: "{{ meta.namespace }}"
status:
towerBroadcastWebsocketSecret: "{{ broadcast_websocket_secret['resources'][0]['metadata']['name'] }}"
- name: Update secret key status
operator_sdk.util.k8s_status:
api_version: '{{ api_version }}'
kind: "{{ kind }}"
name: "{{ meta.name }}"
namespace: "{{ meta.namespace }}"
status:
towerSecretKeySecret: "{{ secret_key_secret_name }}"
- name: Retrieve instance version
k8s_exec:
namespace: "{{ meta.namespace }}"

8
roles/installer/templates/tower_postgres.yaml.j2
View File

@@ -53,17 +53,17 @@ spec:
- name: POSTGRES_DB
valueFrom:
secretKeyRef:
name: '{{ tower_postgres_configuration_secret }}'
name: '{{ postgres_configuration_secret }}'
key: database
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: '{{ tower_postgres_configuration_secret }}'
name: '{{ postgres_configuration_secret }}'
key: username
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: '{{ tower_postgres_configuration_secret }}'
name: '{{ postgres_configuration_secret }}'
key: password
- name: PGDATA
value: '{{ tower_postgres_data_path }}'
@@ -72,7 +72,7 @@ spec:
- name: POSTGRES_HOST_AUTH_METHOD
value: '{{ postgres_host_auth_method }}'
ports:
- containerPort: '{{ awx_postgres_port }}'
- containerPort: {{ awx_postgres_port | default('5432')}}
name: postgres
volumeMounts:
- name: postgres

4
roles/restore/tasks/main.yml
View File

@@ -5,7 +5,7 @@
api_version: '{{ hostvars["localhost"]["inventory_file"].split("/")[4:6] | join("/") }}'
kind: '{{ hostvars["localhost"]["inventory_file"].split("/")[6] }}'
- name: Look up details for this deployment
- name: Look up details for this restore object
k8s_info:
api_version: "{{ api_version }}"
kind: "{{ kind }}"
@@ -34,4 +34,4 @@
- name: Update status variables
include_tasks: update_status.yml
# TODO: backup tower settings or make sure that users only specify settigns/config changes via AWX object. See ticket
# TODO: backup tower settings or make sure that users only specify settings/config changes via AWX object. See ticket

6
roles/restore/templates/secrets.yml.j2
View File

@@ -18,7 +18,7 @@ stringData:
apiVersion: v1
kind: Secret
metadata:
name: '{{ tower_name }}'
name: '{{ tower_name }}-secret-key'
namespace: '{{ meta.namespace }}'
stringData:
secret_key: '{{ secret_key }}'
@@ -28,7 +28,7 @@ stringData:
apiVersion: v1
kind: Secret
metadata:
name: '{{ tower_name }}'
name: '{{ tower_name }}-admin-password'
namespace: '{{ meta.namespace }}'
stringData:
password: '{{ admin_password }}'
@@ -41,4 +41,4 @@ metadata:
name: '{{ tower_name }}-broadcast-websocket'
namespace: '{{ meta.namespace }}'
stringData:
secret: '{{ lookup('password', '/dev/null length=32 chars=ascii_letters,digits') }}'
secret: '{{ broadcast_websocket }}'