internet/awx-operator
3
0
Fork 0
mirror of https://github.com/ansible/awx-operator.git synced 2026-03-26 21:33:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '5-ansible-tower-install'

Browse Source
This commit is contained in:
Jeff Geerling
2019-11-18 20:33:17 -06:00
parent a912a256d1 4712c6aee4
commit 5a89a97147
11 changed files with 114 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@@ -25,6 +25,7 @@ So instead of having to maintain a separate playbook, inventory, and installatio
tower_secret_key: aabbcc
tower_admin_user: test
tower_admin_email: test@example.com
tower_admin_password: changeme
After a few minutes, your new Tower instance will be accessible at `http://tower.mycompany.com/` (assuming your cluster has an Ingress controller configured).

3
build/Dockerfile
View File

@@ -1,5 +1,8 @@
FROM quay.io/operator-framework/ansible-operator:v0.10.0
# Install kubectl.
COPY --from=lachlanevenson/k8s-kubectl:v1.16.2 /usr/local/bin/kubectl /usr/local/bin/kubectl
COPY watches.yaml ${HOME}/watches.yaml
COPY main.yml ${HOME}/main.yml

10
deploy/crds/tower_v1alpha1_tower_cr.yaml → deploy/crds/tower_v1alpha1_tower_cr_awx.yaml
View File

@@ -8,15 +8,13 @@ spec:
tower_secret_key: aabbcc
tower_admin_user: test
tower_admin_email: test@example.com
tower_admin_password: changeme
# Use these for Ansible Tower.
tower_task_image: registry.access.redhat.com/ansible-tower-35/ansible-tower:3.5.3
tower_web_image: registry.access.redhat.com/ansible-tower-35/ansible-tower:3.5.3
tower_task_image: ansible/awx_task:9.0.1
tower_web_image: ansible/awx_web:9.0.1
# Use these for Ansible AWX.
# tower_task_image: ansible/awx_task:9.0.1
# tower_web_image: ansible/awx_web:9.0.1
tower_create_preload_data: true
tower_memcached_image: memcached:alpine

25
deploy/crds/tower_v1alpha1_tower_cr_tower.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: tower.ansible.com/v1alpha1
kind: Tower
metadata:
name: example-tower
namespace: example-tower
spec:
tower_hostname: example-tower.test
tower_secret_key: aabbcc
tower_admin_user: test
tower_admin_email: test@example.com
tower_admin_password: changeme
tower_task_image: quay.io/ansible-tower/ansible-tower:3.6.0
tower_web_image: quay.io/ansible-tower/ansible-tower:3.6.0
tower_create_preload_data: true
tower_memcached_image: memcached:alpine
tower_rabbitmq_image: rabbitmq:3
tower_postgres_pass: awxpass
tower_postgres_image: postgres:9.6
tower_postgres_storage_request: 8Gi

3
deploy/role.yaml
View File

@@ -46,8 +46,9 @@ rules:
- apiGroups:
- ""
resources:
- pods
- pods/exec
verbs:
- create
- get
- apiGroups:
- apps

6
molecule/test-local/playbook.yml
View File

@@ -26,7 +26,7 @@
deploy_dir: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/deploy"
pull_policy: Never
operator_image: tower.ansible.com/tower-operator:testing
custom_resource: "{{ lookup('file', '/'.join([deploy_dir, 'crds/tower_v1alpha1_tower_cr.yaml'])) | from_yaml }}"
custom_resource: "{{ lookup('file', '/'.join([deploy_dir, 'crds/tower_v1alpha1_tower_cr_awx.yaml'])) | from_yaml }}"
tasks:
@@ -72,7 +72,7 @@
namespace: '{{ custom_resource.metadata.namespace }}'
definition: '{{ custom_resource }}'
- name: Wait 5m for reconciliation to run
- name: Wait 15m for reconciliation to run
k8s_info:
api_version: '{{ custom_resource.apiVersion }}'
kind: '{{ custom_resource.kind }}'
@@ -82,7 +82,7 @@
until:
- "'Successful' in (cr | json_query('resources[].status.conditions[].reason'))"
delay: 6
retries: 50
retries: 150
rescue:

6
molecule/test-minikube/playbook.yml
View File

@@ -34,7 +34,7 @@
deploy_dir: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/deploy"
pull_policy: Never
operator_image: tower.ansible.com/tower-operator:testing
custom_resource: "{{ lookup('file', '/'.join([deploy_dir, 'crds/tower_v1alpha1_tower_cr.yaml'])) | from_yaml }}"
custom_resource: "{{ lookup('file', '/'.join([deploy_dir, 'crds/tower_v1alpha1_tower_cr_tower.yaml'])) | from_yaml }}"
tasks:
- block:
@@ -78,7 +78,7 @@
namespace: '{{ custom_resource.metadata.namespace }}'
definition: '{{ custom_resource }}'
- name: Wait 5m for reconciliation to run
- name: Wait 15m for reconciliation to run
k8s_info:
api_version: '{{ custom_resource.apiVersion }}'
kind: '{{ custom_resource.kind }}'
@@ -88,7 +88,7 @@
until:
- "'Successful' in (cr | json_query('resources[].status.conditions[].reason'))"
delay: 6
retries: 50
retries: 150
rescue:

3
roles/tower/defaults/main.yml
View File

@@ -3,6 +3,7 @@ tower_hostname: example-tower.test
tower_secret_key: aabbcc
tower_admin_user: test
tower_admin_email: test@example.com
tower_admin_password: changeme
# Use these image versions for Ansible Tower.
@@ -13,6 +14,8 @@ tower_web_image: registry.access.redhat.com/ansible-tower-35/ansible-tower:3.5.3
# tower_task_image: ansible/awx_task:9.0.1
# tower_web_image: ansible/awx_web:9.0.1
tower_create_preload_data: true
tower_memcached_image: memcached:alpine
tower_rabbitmq_image: rabbitmq:3

65
roles/tower/tasks/main.yml
View File

@@ -2,6 +2,7 @@
- name: Ensure configured Tower resources exist in the cluster.
k8s:
definition: "{{ lookup('template', item) | from_yaml_all | list }}"
register: k8s_defs_result
with_items:
- tower_memcached.yaml.j2
- tower_postgres.yaml.j2
@@ -9,3 +10,67 @@
- tower_config.yaml.j2
- tower.yaml.j2
- tower_task.yaml.j2
- name: Get the Tower web pod information.
# TODO: Change to k8s_info after Ansible 2.9.0 is available in Operator image.
k8s_facts:
kind: Pod
namespace: '{{ meta.namespace }}'
label_selectors:
- app=tower
register: tower_pods
- name: Set the tower pod name as a variable.
set_fact:
tower_pod_name: "{{ tower_pods['resources'][0]['metadata']['name'] }}"
- name: Verify tower_pod_name is populated.
assert:
that: tower_pod_name != ''
fail_msg: "Could not find the tower pod's name."
- name: Check if database is populated (auth_user table exists).
shell: >-
kubectl exec -n {{ meta.namespace }} {{ tower_pod_name }} -- bash -c
"echo 'from django.db import connection;
tbl = \"auth_user\" in connection.introspection.table_names();
exit(0 if tbl else 1)'
| awx-manage shell"
ignore_errors: true
changed_when: false
register: database_check
when: k8s_defs_result is not changed
- name: Migrate the database if the K8s resources were updated.
shell: >-
kubectl exec -n {{ meta.namespace }} {{ tower_pod_name }} -- bash -c
"awx-manage migrate --noinput"
when: (k8s_defs_result is changed) or (database_check is defined and database_check.rc != 0)
- name: Check if there are any Tower super users defined.
shell: >-
kubectl exec -n {{ meta.namespace }} {{ tower_pod_name }} -- bash -c
"echo 'from django.contrib.auth.models import User;
nsu = User.objects.filter(is_superuser=True).count();
exit(0 if nsu > 0 else 1)'
| awx-manage shell"
ignore_errors: true
changed_when: false
register: users_result
changed_when: users_result.rc > 0
- name: Create Tower super user via Django if it doesn't exist.
shell: >-
kubectl exec -n {{ meta.namespace }} {{ tower_pod_name }} -- bash -c
"echo \"from django.contrib.auth.models import User;
User.objects.create_superuser('{{ tower_admin_user }}', '{{ tower_admin_email }}', '{{ tower_admin_password }}')\"
| awx-manage shell"
when: users_result.rc > 0
- name: Create Tower super user via Django if it doesn't exist.
shell: >-
kubectl exec -n {{ meta.namespace }} {{ tower_pod_name }} -- bash -c
"awx-manage create_preload_data"
register: cdo
changed_when: "'added' in cdo.stdout"
when: tower_create_preload_data | bool

1
roles/tower/templates/tower_config.yaml.j2
View File

@@ -18,6 +18,7 @@ data:
MEMCACHED_PORT='11211'
RABBITMQ_HOST='{{ meta.name }}-rabbitmq.{{ meta.namespace }}.svc.cluster.local'
RABBITMQ_PORT='5672'
AWX_SKIP_MIGRATIONS=true
settings: |
import os

4
roles/tower/templates/tower_task.yaml.j2
View File

@@ -20,6 +20,10 @@ spec:
containers:
- image: '{{ tower_task_image }}'
name: tower-task
securityContext:
privileged: true
command:
- /usr/bin/launch_awx_task.sh
envFrom:
- configMapRef:
name: '{{ meta.name }}-tower-configmap'