diff --git a/ansible/templates/crd.yml.j2 b/ansible/templates/crd.yml.j2 index ad8ca846..c5956c1f 100644 --- a/ansible/templates/crd.yml.j2 +++ b/ansible/templates/crd.yml.j2 @@ -346,7 +346,16 @@ spec: description: Admin user of the deployed instance type: string towerAdminPasswordSecret: - description: Admin password of the deployed instance + description: Admin password secret name of the deployed instance + type: string + towerPostgresConfigurationSecret: + description: Postgres Configuration secret name of the deployed instance + type: string + towerBroadcastWebsocketSecret: + description: Broadcast websocket secret name of the deployed instance + type: string + towerSecretKeySecret: + description: Secret key secret name of the deployed instance type: string towerMigratedFromSecret: description: The secret used for migrating an old Tower. diff --git a/deploy/awx-operator.yaml b/deploy/awx-operator.yaml index 23325e41..3513684f 100644 --- a/deploy/awx-operator.yaml +++ b/deploy/awx-operator.yaml @@ -348,7 +348,16 @@ spec: description: Admin user of the deployed instance type: string towerAdminPasswordSecret: - description: Admin password of the deployed instance + description: Admin password secret name of the deployed instance + type: string + towerPostgresConfigurationSecret: + description: Postgres Configuration secret name of the deployed instance + type: string + towerBroadcastWebsocketSecret: + description: Broadcast websocket secret name of the deployed instance + type: string + towerSecretKeySecret: + description: Secret key secret name of the deployed instance type: string towerMigratedFromSecret: description: The secret used for migrating an old Tower. diff --git a/deploy/crds/awx_v1beta1_crd.yaml b/deploy/crds/awx_v1beta1_crd.yaml index ad8ca846..c5956c1f 100644 --- a/deploy/crds/awx_v1beta1_crd.yaml +++ b/deploy/crds/awx_v1beta1_crd.yaml @@ -346,7 +346,16 @@ spec: description: Admin user of the deployed instance type: string towerAdminPasswordSecret: - description: Admin password of the deployed instance + description: Admin password secret name of the deployed instance + type: string + towerPostgresConfigurationSecret: + description: Postgres Configuration secret name of the deployed instance + type: string + towerBroadcastWebsocketSecret: + description: Broadcast websocket secret name of the deployed instance + type: string + towerSecretKeySecret: + description: Secret key secret name of the deployed instance type: string towerMigratedFromSecret: description: The secret used for migrating an old Tower. diff --git a/roles/backup/tasks/main.yml b/roles/backup/tasks/main.yml index 84f3ead3..0966577f 100644 --- a/roles/backup/tasks/main.yml +++ b/roles/backup/tasks/main.yml @@ -5,7 +5,7 @@ api_version: '{{ hostvars["localhost"]["inventory_file"].split("/")[4:6] | join("/") }}' kind: '{{ hostvars["localhost"]["inventory_file"].split("/")[6] }}' -- name: Look up details for this deployment +- name: Look up details for this backup object k8s_info: api_version: "{{ api_version }}" kind: "{{ kind }}" diff --git a/roles/backup/tasks/secrets.yml b/roles/backup/tasks/secrets.yml index 66bc77ea..232c2ab8 100644 --- a/roles/backup/tasks/secrets.yml +++ b/roles/backup/tasks/secrets.yml @@ -1,10 +1,22 @@ --- +- name: Set apiVersion and kind variables + set_fact: + api_version: '{{ hostvars["localhost"]["inventory_file"].split("/")[4:6] | join("/") }}' + +- name: Look up details for this deployment + k8s_info: + api_version: "{{ api_version }}" + kind: "AWX" # Find a way to dynamically get this + name: "{{ tower_name }}" + namespace: "{{ meta.namespace }}" + register: this_awx + - name: Get secret_key k8s_info: kind: Secret namespace: '{{ meta.namespace }}' - name: '{{ tower_secret_key_secret }}' + name: "{{ this_awx['resources'][0]['status']['towerSecretKeySecret'] }}" register: _secret_key - name: Set secret key @@ -15,7 +27,7 @@ k8s_info: kind: Secret namespace: '{{ meta.namespace }}' - name: '{{ tower_admin_password_secret }}' + name: "{{ this_awx['resources'][0]['status']['towerAdminPasswordSecret'] }}" register: _admin_password - name: Set admin_password @@ -26,7 +38,7 @@ k8s_info: kind: Secret namespace: '{{ meta.namespace }}' - name: '{{ tower_broadcast_websocket_secret }}' + name: "{{ this_awx['resources'][0]['status']['towerBroadcastWebsocketSecret'] }}" register: _broadcast_websocket - name: Set broadcast_websocket key @@ -37,7 +49,7 @@ k8s_info: kind: Secret namespace: '{{ meta.namespace }}' - name: '{{ tower_postgres_configuration_secret }}' + name: "{{ this_awx['resources'][0]['status']['towerPostgresConfigurationSecret'] }}" register: _postgres_configuration - name: Set postgres configuration @@ -47,7 +59,7 @@ database_name: "{{ _postgres_configuration['resources'][0]['data']['database'] | b64decode }}" database_port: "{{ _postgres_configuration['resources'][0]['data']['port'] | b64decode }}" database_host: "{{ _postgres_configuration['resources'][0]['data']['host'] | b64decode }}" - database_type: "{{ _postgres_configuration['resources'][0]['data']['type'] | b64decode | default('unmanaged')}}" + database_type: "{{ _postgres_configuration['resources'][0]['data']['type'] | b64decode | default('unmanaged') }}" - name: Template secrets into yaml set_fact: diff --git a/roles/installer/tasks/database_configuration.yml b/roles/installer/tasks/database_configuration.yml index ecebe506..9c24b1fb 100644 --- a/roles/installer/tasks/database_configuration.yml +++ b/roles/installer/tasks/database_configuration.yml @@ -100,7 +100,6 @@ definition: "{{ lookup('template', 'tower_postgres.yaml.j2') }}" when: pg_config['resources'][0]['data']['type'] | default('') | b64decode == 'managed' - - name: Store Database Configuration set_fact: awx_postgres_user: "{{ pg_config['resources'][0]['data']['username'] | b64decode }}" @@ -110,12 +109,6 @@ awx_postgres_host: "{{ pg_config['resources'][0]['data']['host'] | b64decode }}" awx_postgres_sslmode: "{{ pg_config['resources'][0]['data']['sslmode'] | default('prefer'|b64encode) | b64decode }}" -- name: Create Database if no database is specified - k8s: - apply: true - definition: "{{ lookup('template', 'tower_postgres.yaml.j2') }}" - when: - - pg_config['resources'][0]['data']['type'] | default('') | b64decode == 'managed' - name: Set apiVersion and kind variables set_fact: diff --git a/roles/installer/tasks/migrate_data.yml b/roles/installer/tasks/migrate_data.yml index ca1bb7ae..e6bbab80 100644 --- a/roles/installer/tasks/migrate_data.yml +++ b/roles/installer/tasks/migrate_data.yml @@ -1,5 +1,9 @@ --- +- name: Set actual old postgres configuration secret name + set_fact: + old_postgres_configuration_name: "{{ old_pg_config['resources'][0]['metadata']['name'] }}" + - name: Store Database Configuration set_fact: awx_old_postgres_user: "{{ old_pg_config['resources'][0]['data']['username'] | b64decode }}" @@ -60,4 +64,4 @@ - name: Set flag signifying that this instance has been migrated set_fact: - tower_migrated_from_secret: "{{ tower_old_postgres_configuration_secret }}" + tower_migrated_from_secret: "{{ old_postgres_configuration_name }}" diff --git a/roles/installer/tasks/update_status.yml b/roles/installer/tasks/update_status.yml index 0b123d9a..c3194992 100644 --- a/roles/installer/tasks/update_status.yml +++ b/roles/installer/tasks/update_status.yml @@ -17,6 +17,33 @@ status: towerAdminUser: "{{ tower_admin_user }}" +- name: Update postgres configuration status + operator_sdk.util.k8s_status: + api_version: '{{ api_version }}' + kind: "{{ kind }}" + name: "{{ meta.name }}" + namespace: "{{ meta.namespace }}" + status: + towerPostgresConfigurationSecret: "{{ pg_config['resources'][0]['metadata']['name'] }}" + +- name: Update broadcast websocket status + operator_sdk.util.k8s_status: + api_version: '{{ api_version }}' + kind: "{{ kind }}" + name: "{{ meta.name }}" + namespace: "{{ meta.namespace }}" + status: + towerBroadcastWebsocketSecret: "{{ broadcast_websocket_secret['resources'][0]['metadata']['name'] }}" + +- name: Update secret key status + operator_sdk.util.k8s_status: + api_version: '{{ api_version }}' + kind: "{{ kind }}" + name: "{{ meta.name }}" + namespace: "{{ meta.namespace }}" + status: + towerSecretKeySecret: "{{ secret_key_secret_name }}" + - name: Retrieve instance version k8s_exec: namespace: "{{ meta.namespace }}" diff --git a/roles/installer/templates/tower_postgres.yaml.j2 b/roles/installer/templates/tower_postgres.yaml.j2 index c73bd88f..694a6940 100644 --- a/roles/installer/templates/tower_postgres.yaml.j2 +++ b/roles/installer/templates/tower_postgres.yaml.j2 @@ -53,17 +53,17 @@ spec: - name: POSTGRES_DB valueFrom: secretKeyRef: - name: '{{ tower_postgres_configuration_secret }}' + name: '{{ postgres_configuration_secret }}' key: database - name: POSTGRES_USER valueFrom: secretKeyRef: - name: '{{ tower_postgres_configuration_secret }}' + name: '{{ postgres_configuration_secret }}' key: username - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - name: '{{ tower_postgres_configuration_secret }}' + name: '{{ postgres_configuration_secret }}' key: password - name: PGDATA value: '{{ tower_postgres_data_path }}' @@ -72,7 +72,7 @@ spec: - name: POSTGRES_HOST_AUTH_METHOD value: '{{ postgres_host_auth_method }}' ports: - - containerPort: '{{ awx_postgres_port }}' + - containerPort: {{ awx_postgres_port | default('5432')}} name: postgres volumeMounts: - name: postgres diff --git a/roles/restore/tasks/main.yml b/roles/restore/tasks/main.yml index 48461ba3..7fda2e1c 100644 --- a/roles/restore/tasks/main.yml +++ b/roles/restore/tasks/main.yml @@ -5,7 +5,7 @@ api_version: '{{ hostvars["localhost"]["inventory_file"].split("/")[4:6] | join("/") }}' kind: '{{ hostvars["localhost"]["inventory_file"].split("/")[6] }}' -- name: Look up details for this deployment +- name: Look up details for this restore object k8s_info: api_version: "{{ api_version }}" kind: "{{ kind }}" @@ -34,4 +34,4 @@ - name: Update status variables include_tasks: update_status.yml -# TODO: backup tower settings or make sure that users only specify settigns/config changes via AWX object. See ticket +# TODO: backup tower settings or make sure that users only specify settings/config changes via AWX object. See ticket diff --git a/roles/restore/templates/secrets.yml.j2 b/roles/restore/templates/secrets.yml.j2 index 019af5fa..39bca5c8 100644 --- a/roles/restore/templates/secrets.yml.j2 +++ b/roles/restore/templates/secrets.yml.j2 @@ -18,7 +18,7 @@ stringData: apiVersion: v1 kind: Secret metadata: - name: '{{ tower_name }}' + name: '{{ tower_name }}-secret-key' namespace: '{{ meta.namespace }}' stringData: secret_key: '{{ secret_key }}' @@ -28,7 +28,7 @@ stringData: apiVersion: v1 kind: Secret metadata: - name: '{{ tower_name }}' + name: '{{ tower_name }}-admin-password' namespace: '{{ meta.namespace }}' stringData: password: '{{ admin_password }}' @@ -41,4 +41,4 @@ metadata: name: '{{ tower_name }}-broadcast-websocket' namespace: '{{ meta.namespace }}' stringData: - secret: '{{ lookup('password', '/dev/null length=32 chars=ascii_letters,digits') }}' + secret: '{{ broadcast_websocket }}'