From 4f160c6aef1022d7e944f1288a5c308630fa0d23 Mon Sep 17 00:00:00 2001 From: Matthew Jones Date: Fri, 29 May 2020 16:09:07 -0400 Subject: [PATCH] Work towards supporting 3.7 --- .gitignore | 1 + deploy/tower-operator.yaml | 4 +- roles/tower/defaults/main.yml | 2 + roles/tower/tasks/main.yml | 3 +- roles/tower/templates/launch_awx.yaml.j2 | 60 ++++++++ roles/tower/templates/supervisor.yaml.j2 | 145 ++++++++++++++++++ roles/tower/templates/tower_memcached.yaml.j2 | 25 --- roles/tower/templates/tower_redis.yaml.j2 | 25 --- roles/tower/templates/tower_task.yaml.j2 | 69 --------- roles/tower/templates/tower_web.yaml.j2 | 92 +++++++++++ 10 files changed, 304 insertions(+), 122 deletions(-) create mode 100644 .gitignore create mode 100644 roles/tower/templates/launch_awx.yaml.j2 create mode 100644 roles/tower/templates/supervisor.yaml.j2 delete mode 100644 roles/tower/templates/tower_task.yaml.j2 diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..b25c15b8 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +*~ diff --git a/deploy/tower-operator.yaml b/deploy/tower-operator.yaml index 393efaf2..4ca22cc9 100644 --- a/deploy/tower-operator.yaml +++ b/deploy/tower-operator.yaml @@ -113,14 +113,14 @@ spec: - /usr/local/bin/ao-logs - /tmp/ansible-operator/runner - stdout - image: "geerlingguy/tower-operator:0.3.0" + image: "matburt/tower-operator:latest" imagePullPolicy: "Always" volumeMounts: - mountPath: /tmp/ansible-operator/runner name: runner readOnly: true - name: operator - image: "geerlingguy/tower-operator:0.3.0" + image: "matburt/tower-operator:latest" imagePullPolicy: "Always" volumeMounts: - mountPath: /tmp/ansible-operator/runner diff --git a/roles/tower/defaults/main.yml b/roles/tower/defaults/main.yml index a21548c8..4b1e321c 100644 --- a/roles/tower/defaults/main.yml +++ b/roles/tower/defaults/main.yml @@ -37,3 +37,5 @@ tower_postgres_storage_request: 8Gi tower_postgres_storage_class: '' tower_postgres_data_path: '/var/lib/postgresql/data/pgdata' + +uwsgi_bash: "bash -c" diff --git a/roles/tower/tasks/main.yml b/roles/tower/tasks/main.yml index 086b4771..369501fd 100644 --- a/roles/tower/tasks/main.yml +++ b/roles/tower/tasks/main.yml @@ -8,8 +8,9 @@ - tower_postgres.yaml.j2 - tower_config.yaml.j2 - tower_redis.yaml.j2 + - launch_awx.yaml.j2 + - supervisor.yaml.j2 - tower_web.yaml.j2 - - tower_task.yaml.j2 - name: Get the Tower pod information. k8s_info: diff --git a/roles/tower/templates/launch_awx.yaml.j2 b/roles/tower/templates/launch_awx.yaml.j2 new file mode 100644 index 00000000..e9e0409e --- /dev/null +++ b/roles/tower/templates/launch_awx.yaml.j2 @@ -0,0 +1,60 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ meta.name }}-launch-awx + namespace: {{ meta.namespace }} + labels: + app: tower +data: + launch-awx-task: | + #!/usr/bin/env bash + if [ `id -u` -ge 500 ]; then + echo "awx:x:`id -u`:`id -g`:,,,:/var/lib/awx:/bin/bash" >> /tmp/passwd + cat /tmp/passwd > /etc/passwd + rm /tmp/passwd + fi + + source /etc/tower/conf.d/environment.sh + + ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m wait_for -a "host=$DATABASE_HOST port=$DATABASE_PORT" all + ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m wait_for -a "path=/var/run/redis/redis.sock" all + + + if [ -z "$AWX_SKIP_MIGRATIONS" ]; then + awx-manage migrate --noinput + fi + + if [ ! -z "$AWX_ADMIN_USER" ]&&[ ! -z "$AWX_ADMIN_PASSWORD" ]; then + echo "from django.contrib.auth.models import User; User.objects.create_superuser('$AWX_ADMIN_USER', 'root@localhost', '$AWX_ADMIN_PASSWORD')" | awx-manage shell + awx-manage create_preload_data + else + echo "from django.contrib.auth.models import User; User.objects.create_superuser('admin', 'root@localhost', 'password')" | awx-manage shell + awx-manage create_preload_data + fi + echo 'from django.conf import settings; x = settings.AWX_TASK_ENV; x["HOME"] = "/var/lib/awx"; settings.AWX_TASK_ENV = x' | awx-manage shell + awx-manage provision_instance --hostname=$(hostname) + awx-manage register_queue --queuename=tower --instance_percent=100 + + unset $(cut -d = -f -1 /etc/tower/conf.d/environment.sh) + + supervisord -c /supervisor_task.conf + + launch-awx-web: | + #!/usr/bin/env bash + if [ `id -u` -ge 500 ]; then + echo "awx:x:`id -u`:`id -g`:,,,:/var/lib/awx:/bin/bash" >> /tmp/passwd + cat /tmp/passwd > /etc/passwd + rm /tmp/passwd + fi + + source /etc/tower/conf.d/environment.sh + + ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m wait_for -a "host=$DATABASE_HOST port=$DATABASE_PORT" all + ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m wait_for -a "path=/var/run/redis/redis.sock" all + + awx-manage collectstatic --noinput --clear + + unset $(cut -d = -f -1 /etc/tower/conf.d/environment.sh) + + supervisord -c /supervisor.conf diff --git a/roles/tower/templates/supervisor.yaml.j2 b/roles/tower/templates/supervisor.yaml.j2 new file mode 100644 index 00000000..740515d4 --- /dev/null +++ b/roles/tower/templates/supervisor.yaml.j2 @@ -0,0 +1,145 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ meta.name }}-supervisor-config + namespace: {{ meta.namespace }} + labels: + app: tower +data: + supervisor-web-config: | + [supervisord] + nodaemon = True + umask = 022 + + [program:nginx] + command = nginx -g "daemon off;" + autostart = true + autorestart = true + stopwaitsecs = 5 + stdout_logfile=/dev/stdout + stdout_logfile_maxbytes=0 + stderr_logfile=/dev/stderr + stderr_logfile_maxbytes=0 + + [program:uwsgi] + command = {{ uwsgi_bash }} '/var/lib/awx/venv/awx/bin/uwsgi --socket 127.0.0.1:8050 --module=awx.wsgi:application --vacuum --processes=5 --harakiri=120 --no-orphans --master --max-requests=1000 --master-fifo=/var/lib/awx/awxfifo --lazy-apps -b 32768' + directory = /var/lib/awx + autostart = true + autorestart = true + stopwaitsecs = 15 + stopsignal = INT + stdout_logfile=/dev/stdout + stdout_logfile_maxbytes=0 + stderr_logfile=/dev/stderr + stderr_logfile_maxbytes=0 + + [program:daphne] + command = {{ uwsgi_bash }} '/var/lib/awx/venv/awx/bin/daphne -b 127.0.0.1 -p 8051 awx.asgi:channel_layer' + directory = /var/lib/awx + autostart = true + autorestart = true + stopwaitsecs = 5 + stdout_logfile=/dev/stdout + stdout_logfile_maxbytes=0 + stderr_logfile=/dev/stderr + stderr_logfile_maxbytes=0 + + [program:wsbroadcast] + command = awx-manage run_wsbroadcast + directory = /var/lib/awx + autostart = true + autorestart = true + stopwaitsecs = 5 + stdout_logfile=/dev/stdout + stdout_logfile_maxbytes=0 + stderr_logfile=/dev/stderr + stderr_logfile_maxbytes=0 + + [program:awx-rsyslogd] + command = rsyslogd -n -i /var/run/awx-rsyslog/rsyslog.pid -f /var/lib/awx/rsyslog/rsyslog.conf + autostart = true + autorestart = true + stopwaitsecs = 5 + stopsignal=TERM + stopasgroup=true + killasgroup=true + redirect_stderr=true + stdout_logfile=/dev/stderr + stdout_logfile_maxbytes=0 + + [group:tower-processes] + programs=nginx,uwsgi,daphne,wsbroadcast,awx-rsyslogd + priority=5 + + # TODO: Exit Handler + + [eventlistener:awx-config-watcher] + command=/usr/bin/config-watcher + stderr_logfile=/dev/stdout + stderr_logfile_maxbytes=0 + stdout_logfile=/dev/stdout + stdout_logfile_maxbytes=0 + events=TICK_60 + priority=0 + + [unix_http_server] + file=/var/run/supervisor/supervisor.web.sock + + [supervisorctl] + serverurl=unix:///var/run/supervisor/supervisor.web.sock ; use a unix:// URL for a unix socket + + [rpcinterface:supervisor] + supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface + + supervisor-task-config: | + [supervisord] + nodaemon = True + umask = 022 + + [program:dispatcher] + command = awx-manage run_dispatcher + directory = /var/lib/awx + environment = LANGUAGE="en_US.UTF-8",LANG="en_US.UTF-8",LC_ALL="en_US.UTF-8",LC_CTYPE="en_US.UTF-8" + autostart = true + autorestart = true + stopwaitsecs = 5 + stdout_logfile=/dev/stdout + stdout_logfile_maxbytes=0 + stderr_logfile=/dev/stderr + stderr_logfile_maxbytes=0 + + [program:callback-receiver] + command = awx-manage run_callback_receiver + directory = /var/lib/awx + autostart = true + autorestart = true + stopwaitsecs = 5 + stdout_logfile=/dev/stdout + stdout_logfile_maxbytes=0 + stderr_logfile=/dev/stderr + stderr_logfile_maxbytes=0 + + [group:tower-processes] + programs=dispatcher,callback-receiver + priority=5 + + # TODO: Exit Handler + + [eventlistener:awx-config-watcher] + command=/usr/bin/config-watcher + stderr_logfile=/dev/stdout + stderr_logfile_maxbytes=0 + stdout_logfile=/dev/stdout + stdout_logfile_maxbytes=0 + events=TICK_60 + priority=0 + + [unix_http_server] + file=/tmp/supervisor.sock + + [supervisorctl] + serverurl=unix:///tmp/supervisor.sock ; use a unix:// URL for a unix socket + + [rpcinterface:supervisor] + supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface diff --git a/roles/tower/templates/tower_memcached.yaml.j2 b/roles/tower/templates/tower_memcached.yaml.j2 index 94897803..f442b5d5 100644 --- a/roles/tower/templates/tower_memcached.yaml.j2 +++ b/roles/tower/templates/tower_memcached.yaml.j2 @@ -1,28 +1,3 @@ -# Memcached Deployment. ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: '{{ meta.name }}-memcached' - namespace: '{{ meta.namespace }}' - labels: - app: tower-memcached -spec: - replicas: 1 - selector: - matchLabels: - app: tower-memcached - template: - metadata: - labels: - app: tower-memcached - spec: - containers: - - name: memcached - image: '{{ tower_memcached_image }}' - ports: - - containerPort: 11211 - # Memcached Service. --- apiVersion: v1 diff --git a/roles/tower/templates/tower_redis.yaml.j2 b/roles/tower/templates/tower_redis.yaml.j2 index 5c2df139..1ad047e6 100644 --- a/roles/tower/templates/tower_redis.yaml.j2 +++ b/roles/tower/templates/tower_redis.yaml.j2 @@ -1,28 +1,3 @@ -# Redis Deployment. ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: '{{ meta.name }}-redis' - namespace: '{{ meta.namespace }}' - labels: - app: tower-redis -spec: - replicas: 1 - selector: - matchLabels: - app: tower-redis - template: - metadata: - labels: - app: tower-redis - spec: - containers: - - image: '{{ tower_redis_image }}' - name: redis - ports: - - containerPort: 6379 - # Redis Service. --- apiVersion: v1 diff --git a/roles/tower/templates/tower_task.yaml.j2 b/roles/tower/templates/tower_task.yaml.j2 deleted file mode 100644 index 09685778..00000000 --- a/roles/tower/templates/tower_task.yaml.j2 +++ /dev/null @@ -1,69 +0,0 @@ -# Tower Task Deployment. ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: '{{ meta.name }}-tower-task' - namespace: '{{ meta.namespace }}' - labels: - app: tower-task -spec: - replicas: {{ tower_task_replicas | int }} - selector: - matchLabels: - app: tower-task - template: - metadata: - labels: - app: tower-task - spec: - containers: - - image: '{{ tower_task_image }}' - name: tower-task -{% if tower_task_privileged == true %} - securityContext: - privileged: true -{% endif %} - command: - - /usr/bin/launch_awx_task.sh - envFrom: - - configMapRef: - name: '{{ meta.name }}-tower-configmap' - - secretRef: - name: '{{ meta.name }}-tower-secret' - volumeMounts: - - name: secret-key - mountPath: /etc/tower/SECRET_KEY - subPath: SECRET_KEY - readOnly: true - - name: environment - mountPath: /etc/tower/conf.d/environment.sh - subPath: environment.sh - readOnly: true - - name: settings - mountPath: /etc/tower/settings.py - subPath: settings.py - readOnly: true - resources: - requests: - memory: '{{ tower_task_mem_request }}' - cpu: '{{ tower_task_cpu_request }}' - volumes: - - name: secret-key - secret: - secretName: '{{ meta.name }}-tower-secret' - items: - - key: secret_key - path: SECRET_KEY - - name: environment - configMap: - name: '{{ meta.name }}-tower-configmap' - items: - - key: environment - path: environment.sh - - name: settings - configMap: - name: '{{ meta.name }}-tower-configmap' - items: - - key: settings - path: settings.py diff --git a/roles/tower/templates/tower_web.yaml.j2 b/roles/tower/templates/tower_web.yaml.j2 index 9105f38f..8b11c9b9 100644 --- a/roles/tower/templates/tower_web.yaml.j2 +++ b/roles/tower/templates/tower_web.yaml.j2 @@ -29,6 +29,14 @@ spec: app: tower spec: containers: + - name: memcached + image: '{{ tower_memcached_image }}' + ports: + - containerPort: 11211 + - image: '{{ tower_redis_image }}' + name: redis + ports: + - containerPort: 6379 - image: '{{ tower_web_image }}' name: tower ports: @@ -50,10 +58,64 @@ spec: mountPath: /etc/nginx/nginx.conf subPath: nginx.conf readOnly: true + - name: launch-awx-web + mountPath: /usr/bin/launch_awx.sh + subPath: launch_awx.sh + readOnly: true + - name: supervisor-web-config + mountPath: /supervisor.conf + subPath: supervisor.conf + readOnly: true + - name: {{ meta.name }}-redis-socket + mountPath: "/var/run/redis" + - name: {{ meta.name }}-memcached-socket + mountPath: "/var/run/memcached" resources: requests: memory: '{{ tower_web_mem_request }}' cpu: '{{ tower_web_cpu_request }}' + - image: '{{ tower_task_image }}' + name: tower-task +{% if tower_task_privileged == true %} + securityContext: + privileged: true +{% endif %} + command: + - /usr/bin/launch_awx_task.sh + envFrom: + - configMapRef: + name: '{{ meta.name }}-tower-configmap' + - secretRef: + name: '{{ meta.name }}-tower-secret' + volumeMounts: + - name: secret-key + mountPath: /etc/tower/SECRET_KEY + subPath: SECRET_KEY + readOnly: true + - name: environment + mountPath: /etc/tower/conf.d/environment.sh + subPath: environment.sh + readOnly: true + - name: settings + mountPath: /etc/tower/settings.py + subPath: settings.py + readOnly: true + - name: launch-awx-task + mountPath: /usr/bin/launch_awx_task.sh + subPath: launch_awx_task.sh + readOnly: true + - name: supervisor-task-config + mountPath: /supervisor_task.conf + subPath: supervisor_task.conf + readOnly: true + - name: {{ meta.name }}-redis-socket + mountPath: "/var/run/redis" + - name: {{ meta.name }}-memcached-socket + mountPath: "/var/run/memcached" + resources: + requests: + memory: '{{ tower_task_mem_request }}' + cpu: '{{ tower_task_cpu_request }}' volumes: - name: secret-key secret: @@ -79,6 +141,36 @@ spec: items: - key: nginx_conf path: nginx.conf + - name: launch-awx-web + configMap: + name: '{{meta.name }}-launch-awx' + items: + - key: launch-awx-web + path: launch_awx.sh + defaultMode: 0755 + - name: supervisor-web-config + configMap: + name: '{{ meta.name }}-supervisor-config' + items: + - key: supervisor-web-config + path: supervisor.conf + - name: launch-awx-task + configMap: + name: '{{ meta.name }}-launch-awx' + items: + - key: launch-awx-task + path: 'launch_awx_task.sh' + defaultMode: 0755 + - name: supervisor-task-config + configMap: + name: '{{ meta.name }}-supervisor-config' + items: + - key: supervisor-task-config + path: 'supervisor_task.conf' + - name: {{ meta.name }}-redis-socket + emptyDir: {} + - name: {{ meta.name }}-memcached-socket + emptyDir: {} # Tower Service. ---