internet/awx-operator
3
0
Fork 0
mirror of https://github.com/ansible/awx-operator.git synced 2026-05-08 14:22:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #379 from kdelee/register_ees

Browse Source 
Register ees
This commit is contained in:
Shane McDonald
2021-06-08 17:21:19 -04:00
committed by GitHub
parent 46f5b3dcb0 2777c5e00a
commit 5d7cd9ab1c
8 changed files with 97 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
README.md
View File

@@ -556,6 +556,30 @@ In a scenario where custom volumes and volume mounts are required to either over
Example configuration for ConfigMap Example configuration for ConfigMap
#### Default execution environments from private registries
In order to register default execution environments from private registries, the Custom Resource needs to know about the pull credentials. Those credentials should be stored as a secret and either specified as `ee_pull_credentials_secret` at the CR spec level, or simply be present on the namespace under the name `<resourcename>-ee-pull-credentials` . Instance initialization will register a `Container registry` type credential on the deployed instance and assign it to the registered default execution environments.
The secret should be formated as follows:
```yaml
---
apiVersion: v1
kind: Secret
metadata:
name: <resourcename>-ee-pull-credentials
namespace: <target namespace>
stringData:
url: <registry url. i.e. quay.io>
username: <username to connect as>
password: <password to connect with>
ssl_verify: <Optional attribute. Whether verify ssl connection or not. Accepted values "True" (default), "False" >
type: Opaque
```
##### Control plane ee from private registry
The images listed in "ee_images" will be added as globally available Execution Environments. The "control_plane_ee_image" will be used to run project updates. In order to use a private image for any of these you'll need to use `image_pull_secret` to provide a k8s pull secret to access it. Currently the same secret is used for any of these images supplied at install time.
```yaml ```yaml
--- ---
apiVersion: v1 apiVersion: v1

3
ansible/templates/crd.yml.j2
View File

@@ -152,6 +152,9 @@ spec:
control_plane_ee_image: control_plane_ee_image:
description: Registry path to the Execution Environment container image to use on control plane pods description: Registry path to the Execution Environment container image to use on control plane pods
type: string type: string
ee_pull_credentials_secret:
description: Secret where pull credentials for registered ees can be found
type: string
image_pull_policy: image_pull_policy:
description: The image pull policy description: The image pull policy
type: string type: string

3
deploy/awx-operator.yaml
View File

@@ -154,6 +154,9 @@ spec:
control_plane_ee_image: control_plane_ee_image:
description: Registry path to the Execution Environment container image to use on control plane pods description: Registry path to the Execution Environment container image to use on control plane pods
type: string type: string
ee_pull_credentials_secret:
description: Secret where pull credentials for registered ees can be found
type: string
image_pull_policy: image_pull_policy:
description: The image pull policy description: The image pull policy
type: string type: string

3
deploy/crds/awx_v1beta1_crd.yaml
View File

@@ -152,6 +152,9 @@ spec:
control_plane_ee_image: control_plane_ee_image:
description: Registry path to the Execution Environment container image to use on control plane pods description: Registry path to the Execution Environment container image to use on control plane pods
type: string type: string
ee_pull_credentials_secret:
description: Secret where pull credentials for registered ees can be found
type: string
image_pull_policy: image_pull_policy:
description: The image pull policy description: The image pull policy
type: string type: string

3
deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml
View File

@@ -64,6 +64,9 @@ spec:
type: string type: string
type: object type: object
type: array type: array
ee_pull_credentials_secret:
description: Secret where pull credentials for registered ees can be found
type: string
extra_settings: extra_settings:
description: Extra settings to specify for the API description: Extra settings to specify for the API
items: items:

4
roles/installer/defaults/main.yml
View File

@@ -93,6 +93,10 @@ postgres_configuration_secret: ''
old_postgres_configuration_secret: '' old_postgres_configuration_secret: ''
# Secret to lookup that provides default execution environment pull credentials
#
ee_pull_credentials_secret: ''
# Add extra volumes to the AWX pod. Specify as literal block. E.g.: # Add extra volumes to the AWX pod. Specify as literal block. E.g.:
# extra_volumes: | # extra_volumes: |
# - name: my-volume # - name: my-volume

64
roles/installer/tasks/initialize_django.yml
View File

@@ -6,7 +6,7 @@
container: "{{ meta.name }}-task" container: "{{ meta.name }}-task"
command: >- command: >-
bash -c "echo 'from django.contrib.auth.models import User; bash -c "echo 'from django.contrib.auth.models import User;
nsu = User.objects.filter(is_superuser=True, username='{{ admin_user }}').count(); nsu = User.objects.filter(is_superuser=True, username=\"{{ admin_user }}\").count();
exit(0 if nsu > 0 else 1)' exit(0 if nsu > 0 else 1)'
| awx-manage shell" | awx-manage shell"
ignore_errors: true ignore_errors: true
@@ -46,14 +46,6 @@
changed_when: "'added' in cdo.stdout" changed_when: "'added' in cdo.stdout"
when: create_preload_data | bool when: create_preload_data | bool
- name: Register the instance in the database
k8s_exec:
namespace: "{{ meta.namespace }}"
pod: "{{ tower_pod_name }}"
container: "{{ meta.name }}-task"
command: >-
bash -c "awx-manage provision_instance --hostname={{ tower_pod_name }}"
- name: Check if legacy queue is present - name: Check if legacy queue is present
k8s_exec: k8s_exec:
namespace: "{{ meta.namespace }}" namespace: "{{ meta.namespace }}"
@@ -72,3 +64,57 @@
command: >- command: >-
bash -c "awx-manage unregister_queue --queuename=tower" bash -c "awx-manage unregister_queue --queuename=tower"
when: "'[tower capacity=' in legacy_queue.stdout" when: "'[tower capacity=' in legacy_queue.stdout"
- name: Check for specified default execution environment pull credentials
k8s_info:
kind: Secret
namespace: '{{ meta.namespace }}'
name: '{{ ee_pull_credentials_secret }}'
register: _custom_execution_environments_pull_credentials
when: ee_pull_credentials_secret | length
- name: Check for default execution environment pull credentials
k8s_info:
kind: Secret
namespace: '{{ meta.namespace }}'
name: '{{ meta.name }}-ee-pull-credentials'
register: _default_execution_environments_pull_credentials
- name: Set admin password secret
set_fact:
_execution_environments_pull_credentials: >-
{{ _custom_execution_environments_pull_credentials["resources"] | default([]) | length
| ternary(_custom_execution_environments_pull_credentials, _default_execution_environments_pull_credentials) }}
- name: Register default execution environments (without authentication)
k8s_exec:
namespace: "{{ meta.namespace }}"
pod: "{{ tower_pod_name }}"
container: "{{ meta.name }}-task"
command: >-
bash -c "awx-manage register_default_execution_environments"
register: ree
changed_when: "'changed: True' in ree.stdout"
when: not _execution_environments_pull_credentials['resources'] | default([]) | length
- block:
- name: Store default execution environment pull credentials
set_fact:
default_execution_environment_pull_credentials_user: "{{ _execution_environments_pull_credentials['resources'][0]['data']['username'] | b64decode }}"
default_execution_environment_pull_credentials_pass: "{{ _execution_environments_pull_credentials['resources'][0]['data']['password'] | b64decode }}"
default_execution_environment_pull_credentials_url: "{{ _execution_environments_pull_credentials['resources'][0]['data']['url'] | b64decode }}"
default_execution_environment_pull_credentials_url_verify: >-
{{ _execution_environments_pull_credentials['resources'][0]['data']['ssl_verify'] | default("True"|b64encode) | b64decode }}
- name: Register default execution environments (with authentication)
k8s_exec:
namespace: "{{ meta.namespace }}"
pod: "{{ tower_pod_name }}"
container: "{{ meta.name }}-task"
command: >-
bash -c "awx-manage register_default_execution_environments
--registry-username='{{ default_execution_environment_pull_credentials_user }}'
--registry-password='{{ default_execution_environment_pull_credentials_pass }}'
--registry-url='{{ default_execution_environment_pull_credentials_url }}'
--verify-ssl='{{ default_execution_environment_pull_credentials_url_verify }}'"
register: ree
changed_when: "'changed: True' in ree.stdout"
when: _execution_environments_pull_credentials['resources'] | default([]) | length

3
roles/installer/templates/execution_environments.py.j2
View File

@@ -1,5 +1,6 @@
DEFAULT_EXECUTION_ENVIRONMENTS = [ GLOBAL_JOB_EXECUTION_ENVIRONMENTS = [
{% for item in ee_images %} {% for item in ee_images %}
{'name': '{{ item.name }}' , 'image': '{{ item.image }}'}, {'name': '{{ item.name }}' , 'image': '{{ item.image }}'},
{% endfor %} {% endfor %}
] ]
CONTROL_PLANE_EXECUTION_ENVIRONMENT = '{{ control_plane_ee_image }}'