Add secret names as statuses on the AWX object

- set migrate data status even if custom name for old postgres config is not used
 - Allow users to change pg name, pw & db name for a managed postgres
 - set default value for postgres-configuration type as unmanaged if secret is created
 - Make pg port configurable for managed deployments

ansible/templates/crd.yml.j2

@@ -346,7 +346,16 @@ spec:
                   description: Admin user of the deployed instance
                   type: string
                 towerAdminPasswordSecret:
-                  description: Admin password of the deployed instance
+                  description: Admin password secret name of the deployed instance
+                  type: string
+                towerPostgresConfigurationSecret:
+                  description: Postgres Configuration secret name of the deployed instance
+                  type: string
+                towerBroadcastWebsocketSecret:
+                  description: Broadcast websocket secret name of the deployed instance
+                  type: string
+                towerSecretKeySecret:
+                  description: Secret key secret name of the deployed instance
                   type: string
                 towerMigratedFromSecret:
                   description: The secret used for migrating an old Tower.

deploy/awx-operator.yaml

@@ -348,7 +348,16 @@ spec:
                   description: Admin user of the deployed instance
                   type: string
                 towerAdminPasswordSecret:
-                  description: Admin password of the deployed instance
+                  description: Admin password secret name of the deployed instance
+                  type: string
+                towerPostgresConfigurationSecret:
+                  description: Postgres Configuration secret name of the deployed instance
+                  type: string
+                towerBroadcastWebsocketSecret:
+                  description: Broadcast websocket secret name of the deployed instance
+                  type: string
+                towerSecretKeySecret:
+                  description: Secret key secret name of the deployed instance
                   type: string
                 towerMigratedFromSecret:
                   description: The secret used for migrating an old Tower.

deploy/crds/awx_v1beta1_crd.yaml

@@ -346,7 +346,16 @@ spec:
                   description: Admin user of the deployed instance
                   type: string
                 towerAdminPasswordSecret:
-                  description: Admin password of the deployed instance
+                  description: Admin password secret name of the deployed instance
+                  type: string
+                towerPostgresConfigurationSecret:
+                  description: Postgres Configuration secret name of the deployed instance
+                  type: string
+                towerBroadcastWebsocketSecret:
+                  description: Broadcast websocket secret name of the deployed instance
+                  type: string
+                towerSecretKeySecret:
+                  description: Secret key secret name of the deployed instance
                   type: string
                 towerMigratedFromSecret:
                   description: The secret used for migrating an old Tower.

roles/backup/tasks/main.yml

@@ -5,7 +5,7 @@
     api_version: '{{ hostvars["localhost"]["inventory_file"].split("/")[4:6] | join("/")  }}'
     kind: '{{ hostvars["localhost"]["inventory_file"].split("/")[6]  }}'
 
-- name: Look up details for this deployment
+- name: Look up details for this backup object
   k8s_info:
     api_version: "{{ api_version }}"
     kind: "{{ kind }}"

roles/backup/tasks/secrets.yml

@@ -1,10 +1,22 @@
 ---
 
+- name: Set apiVersion and kind variables
+  set_fact:
+    api_version: '{{ hostvars["localhost"]["inventory_file"].split("/")[4:6] | join("/")  }}'
+
+- name: Look up details for this deployment
+  k8s_info:
+    api_version: "{{ api_version }}"
+    kind: "AWX"  # Find a way to dynamically get this
+    name: "{{ tower_name }}"
+    namespace: "{{ meta.namespace }}"
+  register: this_awx
+
 - name: Get secret_key
   k8s_info:
     kind: Secret
     namespace: '{{ meta.namespace }}'
-    name: '{{ tower_secret_key_secret }}'
+    name: "{{ this_awx['resources'][0]['status']['towerSecretKeySecret'] }}"
   register: _secret_key
 
 - name: Set secret key
@@ -15,7 +27,7 @@
   k8s_info:
     kind: Secret
     namespace: '{{ meta.namespace }}'
-    name: '{{ tower_admin_password_secret }}'
+    name: "{{ this_awx['resources'][0]['status']['towerAdminPasswordSecret'] }}"
   register: _admin_password
 
 - name: Set admin_password
@@ -26,7 +38,7 @@
   k8s_info:
     kind: Secret
     namespace: '{{ meta.namespace }}'
-    name: '{{ tower_broadcast_websocket_secret }}'
+    name: "{{ this_awx['resources'][0]['status']['towerBroadcastWebsocketSecret'] }}"
   register: _broadcast_websocket
 
 - name: Set broadcast_websocket key
@@ -37,7 +49,7 @@
   k8s_info:
     kind: Secret
     namespace: '{{ meta.namespace }}'
-    name: '{{ tower_postgres_configuration_secret }}'
+    name: "{{ this_awx['resources'][0]['status']['towerPostgresConfigurationSecret'] }}"
   register: _postgres_configuration
 
 - name: Set postgres configuration
@@ -47,7 +59,7 @@
     database_name: "{{ _postgres_configuration['resources'][0]['data']['database'] | b64decode }}"
     database_port: "{{ _postgres_configuration['resources'][0]['data']['port'] | b64decode }}"
     database_host: "{{ _postgres_configuration['resources'][0]['data']['host'] | b64decode }}"
-    database_type: "{{ _postgres_configuration['resources'][0]['data']['type'] | b64decode | default('unmanaged')}}"
+    database_type: "{{ _postgres_configuration['resources'][0]['data']['type'] | b64decode | default('unmanaged') }}"
 
 - name: Template secrets into yaml
   set_fact:

roles/installer/tasks/database_configuration.yml

@@ -100,7 +100,6 @@
         definition: "{{ lookup('template', 'tower_postgres.yaml.j2') }}"
   when: pg_config['resources'][0]['data']['type'] | default('') | b64decode == 'managed'
 
-
 - name: Store Database Configuration
   set_fact:
     awx_postgres_user: "{{ pg_config['resources'][0]['data']['username'] | b64decode }}"
@@ -110,12 +109,6 @@
     awx_postgres_host: "{{ pg_config['resources'][0]['data']['host'] | b64decode }}"
     awx_postgres_sslmode: "{{ pg_config['resources'][0]['data']['sslmode'] |  default('prefer'|b64encode) | b64decode }}"
 
-- name: Create Database if no database is specified
-  k8s:
-    apply: true
-    definition: "{{ lookup('template', 'tower_postgres.yaml.j2') }}"
-  when:
-    - pg_config['resources'][0]['data']['type'] | default('') | b64decode == 'managed'
 
 - name: Set apiVersion and kind variables
   set_fact:

roles/installer/tasks/migrate_data.yml

@@ -1,5 +1,9 @@
 ---
 
+- name: Set actual old postgres configuration secret name
+  set_fact:
+    old_postgres_configuration_name: "{{ old_pg_config['resources'][0]['metadata']['name'] }}"
+
 - name: Store Database Configuration
   set_fact:
     awx_old_postgres_user: "{{ old_pg_config['resources'][0]['data']['username'] | b64decode }}"
@@ -60,4 +64,4 @@
 
 - name: Set flag signifying that this instance has been migrated
   set_fact:
-    tower_migrated_from_secret: "{{ tower_old_postgres_configuration_secret }}"
+    tower_migrated_from_secret: "{{ old_postgres_configuration_name }}"

roles/installer/tasks/update_status.yml

@@ -17,6 +17,33 @@
     status:
       towerAdminUser: "{{ tower_admin_user }}"
 
+- name: Update postgres configuration status
+  operator_sdk.util.k8s_status:
+    api_version: '{{ api_version }}'
+    kind: "{{ kind }}"
+    name: "{{ meta.name }}"
+    namespace: "{{ meta.namespace }}"
+    status:
+      towerPostgresConfigurationSecret: "{{ pg_config['resources'][0]['metadata']['name'] }}"
+
+- name: Update broadcast websocket status
+  operator_sdk.util.k8s_status:
+    api_version: '{{ api_version }}'
+    kind: "{{ kind }}"
+    name: "{{ meta.name }}"
+    namespace: "{{ meta.namespace }}"
+    status:
+      towerBroadcastWebsocketSecret: "{{ broadcast_websocket_secret['resources'][0]['metadata']['name'] }}"
+
+- name: Update secret key status
+  operator_sdk.util.k8s_status:
+    api_version: '{{ api_version }}'
+    kind: "{{ kind }}"
+    name: "{{ meta.name }}"
+    namespace: "{{ meta.namespace }}"
+    status:
+      towerSecretKeySecret: "{{ secret_key_secret_name }}"
+
 - name: Retrieve instance version
   k8s_exec:
     namespace: "{{ meta.namespace }}"

roles/installer/templates/tower_postgres.yaml.j2

@@ -53,17 +53,17 @@ spec:
             - name: POSTGRES_DB
               valueFrom:
                 secretKeyRef:
-                  name: '{{ tower_postgres_configuration_secret }}'
+                  name: '{{ postgres_configuration_secret }}'
                   key: database
             - name: POSTGRES_USER
               valueFrom:
                 secretKeyRef:
-                  name: '{{ tower_postgres_configuration_secret }}'
+                  name: '{{ postgres_configuration_secret }}'
                   key: username
             - name: POSTGRES_PASSWORD
               valueFrom:
                 secretKeyRef:
-                  name: '{{ tower_postgres_configuration_secret }}'
+                  name: '{{ postgres_configuration_secret }}'
                   key: password
             - name: PGDATA
               value: '{{ tower_postgres_data_path }}'
@@ -72,7 +72,7 @@ spec:
             - name: POSTGRES_HOST_AUTH_METHOD
               value: '{{ postgres_host_auth_method }}'
           ports:
-            - containerPort: '{{ awx_postgres_port }}'
+            - containerPort: {{ awx_postgres_port | default('5432')}}
               name: postgres
           volumeMounts:
             - name: postgres

roles/restore/tasks/main.yml

@@ -5,7 +5,7 @@
     api_version: '{{ hostvars["localhost"]["inventory_file"].split("/")[4:6] | join("/")  }}'
     kind: '{{ hostvars["localhost"]["inventory_file"].split("/")[6]  }}'
 
-- name: Look up details for this deployment
+- name: Look up details for this restore object
   k8s_info:
     api_version: "{{ api_version }}"
     kind: "{{ kind }}"
@@ -34,4 +34,4 @@
 - name: Update status variables
   include_tasks: update_status.yml
 
-# TODO: backup tower settings or make sure that users only specify settigns/config changes via AWX object.  See ticket
+# TODO: backup tower settings or make sure that users only specify settings/config changes via AWX object.  See ticket

roles/restore/templates/secrets.yml.j2

@@ -18,7 +18,7 @@ stringData:
 apiVersion: v1
 kind: Secret
 metadata:
-  name: '{{ tower_name }}'
+  name: '{{ tower_name }}-secret-key'
   namespace: '{{ meta.namespace }}'
 stringData:
   secret_key: '{{ secret_key }}'
@@ -28,7 +28,7 @@ stringData:
 apiVersion: v1
 kind: Secret
 metadata:
-  name: '{{ tower_name }}'
+  name: '{{ tower_name }}-admin-password'
   namespace: '{{ meta.namespace }}'
 stringData:
   password: '{{ admin_password }}'
@@ -41,4 +41,4 @@ metadata:
   name: '{{ tower_name }}-broadcast-websocket'
   namespace: '{{ meta.namespace }}'
 stringData:
-  secret: '{{ lookup('password', '/dev/null length=32 chars=ascii_letters,digits') }}'
+  secret: '{{ broadcast_websocket }}'