Determine if k8s or ocp and set var accordingly (#1051)

* conditionally set fsGroup for projects_persistence based on cluster type
2026-03-26 21:33:14 +00:00 · 2022-09-20 23:03:05 -04:00
parent e8096a5f33
commit 57b5795aab
5 changed files with 66 additions and 5 deletions
--- a/roles/common/defaults/main.yml
+++ b/roles/common/defaults/main.yml
@@ -0,0 +1,8 @@
+---
+deployment_type: awx
+kind: 'AWX'
+api_version: '{{ deployment_type }}.ansible.com/v1beta1'
+
+# Used to determine some cluster specific logic regarding projects_persistence pvc permissions
+is_k8s: false
+is_openshift: false
--- a/roles/common/meta/main.yml
+++ b/roles/common/meta/main.yml
@@ -0,0 +1,32 @@
+---
+galaxy_info:
+  author: Ansible
+  description: AWX role for AWX Operator for Kubernetes.
+  company: Red Hat, Inc.
+
+  license: MIT
+
+  min_ansible_version: 2.8
+
+  platforms:
+    - name: EL
+      versions:
+        - all
+    - name: Debian
+      versions:
+        - all
+
+  galaxy_tags:
+    - tower
+    - awx
+    - ansible
+    - automation
+    - ci
+    - cd
+    - deployment
+
+dependencies: []
+
+collections:
+  - kubernetes.core
+  - operator_sdk.util
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -0,0 +1,20 @@
+---
+
+- name: Get information about the cluster
+  set_fact:
+    api_groups: "{{ lookup('k8s', cluster_info='api_groups') }}"
+  when:
+  - not is_openshift | bool
+  - not is_k8s | bool
+
+- name: Determine the cluster type
+  set_fact:
+    is_openshift: "{{ True if 'route.openshift.io' in api_groups else False }}"
+    is_k8s: "{{ False if 'route.openshift.io' in api_groups else True }}"
+  when:
+  - not is_openshift | bool
+  - not is_k8s | bool
+
+# Indicate what kind of cluster we are in (OpenShift or Kubernetes).
+- debug:
+    msg: "CLUSTER TYPE: is_openshift={{ is_openshift }}; is_k8s={{ is_k8s }}"
--- a/roles/installer/meta/main.yml
+++ b/roles/installer/meta/main.yml
@@ -25,7 +25,8 @@ galaxy_info:
    - cd
    - deployment

-dependencies: []
+dependencies:
+  - role: common

 collections:
  - kubernetes.core
--- a/roles/installer/templates/deployments/deployment.yaml.j2
+++ b/roles/installer/templates/deployments/deployment.yaml.j2
@@ -53,7 +53,7 @@ spec:
              mkdir -p /etc/pki/ca-trust/extracted/{java,pem,openssl,edk2}
              update-ca-trust
 {% endif %}
-{% if projects_persistence|bool %}
+{% if projects_persistence|bool and is_k8s|bool %}
              chmod 775 /var/lib/awx/projects
              chgrp 1000 /var/lib/awx/projects
 {% endif %}
@@ -79,7 +79,7 @@ spec:
              subPath: bundle-ca.crt
              readOnly: true
 {% endif %}
-{% if projects_persistence|bool %}
+{% if projects_persistence|bool and is_k8s|bool %}
            - name: "{{ ansible_operator_meta.name }}-projects"
              mountPath: "/var/lib/awx/projects"
 {% endif %}
@@ -361,9 +361,9 @@ spec:
      tolerations:
        {{ tolerations | indent(width=8) }}
 {% endif %}
-{% if projects_persistence|bool or (security_context_settings|length) %}
+{% if (projects_persistence|bool and is_k8s|bool) or (security_context_settings|length) %}
      securityContext:
-{% if projects_persistence|bool %}
+{% if projects_persistence|bool and is_k8s|bool %}
        fsGroup: 1000
 {% endif %}
 {% if security_context_settings|length %}