diff --git a/README.md b/README.md index 2316cf68..f4cbc584 100644 --- a/README.md +++ b/README.md @@ -25,6 +25,7 @@ So instead of having to maintain a separate playbook, inventory, and installatio tower_secret_key: aabbcc tower_admin_user: test + tower_admin_email: test@example.com tower_admin_password: changeme After a few minutes, your new Tower instance will be accessible at `http://tower.mycompany.com/` (assuming your cluster has an Ingress controller configured). diff --git a/build/Dockerfile b/build/Dockerfile index 84b4b7e1..f4f04453 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -1,5 +1,8 @@ FROM quay.io/operator-framework/ansible-operator:v0.10.0 +# Install kubectl. +COPY --from=lachlanevenson/k8s-kubectl:v1.16.2 /usr/local/bin/kubectl /usr/local/bin/kubectl + COPY watches.yaml ${HOME}/watches.yaml COPY main.yml ${HOME}/main.yml diff --git a/deploy/crds/tower_v1alpha1_tower_cr.yaml b/deploy/crds/tower_v1alpha1_tower_cr_awx.yaml similarity index 57% rename from deploy/crds/tower_v1alpha1_tower_cr.yaml rename to deploy/crds/tower_v1alpha1_tower_cr_awx.yaml index 5ef2e375..fafd9d43 100644 --- a/deploy/crds/tower_v1alpha1_tower_cr.yaml +++ b/deploy/crds/tower_v1alpha1_tower_cr_awx.yaml @@ -8,15 +8,13 @@ spec: tower_secret_key: aabbcc tower_admin_user: test + tower_admin_email: test@example.com tower_admin_password: changeme - # Use these for Ansible Tower. - tower_task_image: registry.access.redhat.com/ansible-tower-35/ansible-tower:3.5.3 - tower_web_image: registry.access.redhat.com/ansible-tower-35/ansible-tower:3.5.3 + tower_task_image: ansible/awx_task:9.0.1 + tower_web_image: ansible/awx_web:9.0.1 - # Use these for Ansible AWX. - # tower_task_image: ansible/awx_task:9.0.1 - # tower_web_image: ansible/awx_web:9.0.1 + tower_create_preload_data: true tower_memcached_image: memcached:alpine diff --git a/deploy/crds/tower_v1alpha1_tower_cr_tower.yaml b/deploy/crds/tower_v1alpha1_tower_cr_tower.yaml new file mode 100644 index 00000000..bedb2bbc --- /dev/null +++ b/deploy/crds/tower_v1alpha1_tower_cr_tower.yaml @@ -0,0 +1,25 @@ +apiVersion: tower.ansible.com/v1alpha1 +kind: Tower +metadata: + name: example-tower + namespace: example-tower +spec: + tower_hostname: example-tower.test + tower_secret_key: aabbcc + + tower_admin_user: test + tower_admin_email: test@example.com + tower_admin_password: changeme + + tower_task_image: quay.io/ansible-tower/ansible-tower:3.6.0 + tower_web_image: quay.io/ansible-tower/ansible-tower:3.6.0 + + tower_create_preload_data: true + + tower_memcached_image: memcached:alpine + + tower_rabbitmq_image: rabbitmq:3 + + tower_postgres_pass: awxpass + tower_postgres_image: postgres:9.6 + tower_postgres_storage_request: 8Gi diff --git a/deploy/role.yaml b/deploy/role.yaml index 4a8553f4..73e9eff5 100644 --- a/deploy/role.yaml +++ b/deploy/role.yaml @@ -46,8 +46,9 @@ rules: - apiGroups: - "" resources: - - pods + - pods/exec verbs: + - create - get - apiGroups: - apps diff --git a/molecule/test-local/playbook.yml b/molecule/test-local/playbook.yml index 51367183..ebfdf32d 100644 --- a/molecule/test-local/playbook.yml +++ b/molecule/test-local/playbook.yml @@ -26,7 +26,7 @@ deploy_dir: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/deploy" pull_policy: Never operator_image: tower.ansible.com/tower-operator:testing - custom_resource: "{{ lookup('file', '/'.join([deploy_dir, 'crds/tower_v1alpha1_tower_cr.yaml'])) | from_yaml }}" + custom_resource: "{{ lookup('file', '/'.join([deploy_dir, 'crds/tower_v1alpha1_tower_cr_awx.yaml'])) | from_yaml }}" tasks: @@ -72,7 +72,7 @@ namespace: '{{ custom_resource.metadata.namespace }}' definition: '{{ custom_resource }}' - - name: Wait 5m for reconciliation to run + - name: Wait 15m for reconciliation to run k8s_info: api_version: '{{ custom_resource.apiVersion }}' kind: '{{ custom_resource.kind }}' @@ -82,7 +82,7 @@ until: - "'Successful' in (cr | json_query('resources[].status.conditions[].reason'))" delay: 6 - retries: 50 + retries: 150 rescue: diff --git a/molecule/test-minikube/playbook.yml b/molecule/test-minikube/playbook.yml index 38b88f55..ae6a37c0 100644 --- a/molecule/test-minikube/playbook.yml +++ b/molecule/test-minikube/playbook.yml @@ -34,7 +34,7 @@ deploy_dir: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/deploy" pull_policy: Never operator_image: tower.ansible.com/tower-operator:testing - custom_resource: "{{ lookup('file', '/'.join([deploy_dir, 'crds/tower_v1alpha1_tower_cr.yaml'])) | from_yaml }}" + custom_resource: "{{ lookup('file', '/'.join([deploy_dir, 'crds/tower_v1alpha1_tower_cr_tower.yaml'])) | from_yaml }}" tasks: - block: @@ -78,7 +78,7 @@ namespace: '{{ custom_resource.metadata.namespace }}' definition: '{{ custom_resource }}' - - name: Wait 5m for reconciliation to run + - name: Wait 15m for reconciliation to run k8s_info: api_version: '{{ custom_resource.apiVersion }}' kind: '{{ custom_resource.kind }}' @@ -88,7 +88,7 @@ until: - "'Successful' in (cr | json_query('resources[].status.conditions[].reason'))" delay: 6 - retries: 50 + retries: 150 rescue: diff --git a/roles/tower/defaults/main.yml b/roles/tower/defaults/main.yml index bf139f29..48e6fd80 100644 --- a/roles/tower/defaults/main.yml +++ b/roles/tower/defaults/main.yml @@ -3,6 +3,7 @@ tower_hostname: example-tower.test tower_secret_key: aabbcc tower_admin_user: test +tower_admin_email: test@example.com tower_admin_password: changeme # Use these image versions for Ansible Tower. @@ -13,6 +14,8 @@ tower_web_image: registry.access.redhat.com/ansible-tower-35/ansible-tower:3.5.3 # tower_task_image: ansible/awx_task:9.0.1 # tower_web_image: ansible/awx_web:9.0.1 +tower_create_preload_data: true + tower_memcached_image: memcached:alpine tower_rabbitmq_image: rabbitmq:3 diff --git a/roles/tower/tasks/main.yml b/roles/tower/tasks/main.yml index 2b3f5e84..c6d5a2df 100644 --- a/roles/tower/tasks/main.yml +++ b/roles/tower/tasks/main.yml @@ -2,6 +2,7 @@ - name: Ensure configured Tower resources exist in the cluster. k8s: definition: "{{ lookup('template', item) | from_yaml_all | list }}" + register: k8s_defs_result with_items: - tower_memcached.yaml.j2 - tower_postgres.yaml.j2 @@ -9,3 +10,67 @@ - tower_config.yaml.j2 - tower.yaml.j2 - tower_task.yaml.j2 + +- name: Get the Tower web pod information. + # TODO: Change to k8s_info after Ansible 2.9.0 is available in Operator image. + k8s_facts: + kind: Pod + namespace: '{{ meta.namespace }}' + label_selectors: + - app=tower + register: tower_pods + +- name: Set the tower pod name as a variable. + set_fact: + tower_pod_name: "{{ tower_pods['resources'][0]['metadata']['name'] }}" + +- name: Verify tower_pod_name is populated. + assert: + that: tower_pod_name != '' + fail_msg: "Could not find the tower pod's name." + +- name: Check if database is populated (auth_user table exists). + shell: >- + kubectl exec -n {{ meta.namespace }} {{ tower_pod_name }} -- bash -c + "echo 'from django.db import connection; + tbl = \"auth_user\" in connection.introspection.table_names(); + exit(0 if tbl else 1)' + | awx-manage shell" + ignore_errors: true + changed_when: false + register: database_check + when: k8s_defs_result is not changed + +- name: Migrate the database if the K8s resources were updated. + shell: >- + kubectl exec -n {{ meta.namespace }} {{ tower_pod_name }} -- bash -c + "awx-manage migrate --noinput" + when: (k8s_defs_result is changed) or (database_check is defined and database_check.rc != 0) + +- name: Check if there are any Tower super users defined. + shell: >- + kubectl exec -n {{ meta.namespace }} {{ tower_pod_name }} -- bash -c + "echo 'from django.contrib.auth.models import User; + nsu = User.objects.filter(is_superuser=True).count(); + exit(0 if nsu > 0 else 1)' + | awx-manage shell" + ignore_errors: true + changed_when: false + register: users_result + changed_when: users_result.rc > 0 + +- name: Create Tower super user via Django if it doesn't exist. + shell: >- + kubectl exec -n {{ meta.namespace }} {{ tower_pod_name }} -- bash -c + "echo \"from django.contrib.auth.models import User; + User.objects.create_superuser('{{ tower_admin_user }}', '{{ tower_admin_email }}', '{{ tower_admin_password }}')\" + | awx-manage shell" + when: users_result.rc > 0 + +- name: Create Tower super user via Django if it doesn't exist. + shell: >- + kubectl exec -n {{ meta.namespace }} {{ tower_pod_name }} -- bash -c + "awx-manage create_preload_data" + register: cdo + changed_when: "'added' in cdo.stdout" + when: tower_create_preload_data | bool diff --git a/roles/tower/templates/tower_config.yaml.j2 b/roles/tower/templates/tower_config.yaml.j2 index 650e2404..ee883ba1 100644 --- a/roles/tower/templates/tower_config.yaml.j2 +++ b/roles/tower/templates/tower_config.yaml.j2 @@ -18,6 +18,7 @@ data: MEMCACHED_PORT='11211' RABBITMQ_HOST='{{ meta.name }}-rabbitmq.{{ meta.namespace }}.svc.cluster.local' RABBITMQ_PORT='5672' + AWX_SKIP_MIGRATIONS=true settings: | import os diff --git a/roles/tower/templates/tower_task.yaml.j2 b/roles/tower/templates/tower_task.yaml.j2 index a9d3e51d..6e3c3852 100644 --- a/roles/tower/templates/tower_task.yaml.j2 +++ b/roles/tower/templates/tower_task.yaml.j2 @@ -20,6 +20,10 @@ spec: containers: - image: '{{ tower_task_image }}' name: tower-task + securityContext: + privileged: true + command: + - /usr/bin/launch_awx_task.sh envFrom: - configMapRef: name: '{{ meta.name }}-tower-configmap'