internet/awx-operator
3
0
Fork 0
mirror of https://github.com/ansible/awx-operator.git synced 2026-03-27 05:43:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'shanemcd/37_support' into 37_support

Browse Source
This commit is contained in:
Matthew Jones
2020-05-30 20:10:12 -04:00
parent 88db86ad9e 0bb31f2015
commit 5ea34c7ce6
10 changed files with 80 additions and 96 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
deploy/crds/tower_v1alpha1_tower_cr_awx.yaml
View File

@@ -10,6 +10,7 @@ spec:
tower_hostname: example-tower.test
tower_secret_key: aabbcc
tower_broadcast_websocket_secret: changeme
tower_admin_user: test
tower_admin_email: test@example.com

1
deploy/crds/tower_v1alpha1_tower_cr_tower.yaml
View File

@@ -10,6 +10,7 @@ spec:
tower_hostname: example-tower.test
tower_secret_key: aabbcc
tower_broadcast_websocket_secret: changeme
tower_admin_user: test
tower_admin_email: test@example.com

8
roles/tower/defaults/main.yml
View File

@@ -19,7 +19,7 @@ tower_web_image: registry.redhat.io/ansible-tower-37/ansible-tower-rhel7:3.7.0
tower_create_preload_data: true
tower_task_replicas: "1"
tower_replicas: "1"
tower_task_mem_request: 1Gi
tower_task_cpu_request: 500m
@@ -38,4 +38,8 @@ tower_postgres_storage_class: ''
tower_postgres_data_path: '/var/lib/postgresql/data/pgdata'
uwsgi_bash: "bash -c"
uwsgi_bash: "scl enable rh-postgresql10"
tower_postgres_port: 5432
ca_trust_bundle: "/etc/pki/tls/certs/ca-bundle.crt"

17
roles/tower/tasks/main.yml
View File

@@ -1,16 +1,15 @@
---
- name: Ensure configured Tower resources exist in the cluster.
k8s:
apply: yes
definition: "{{ lookup('template', item) | from_yaml_all | list }}"
register: k8s_defs_result
with_items:
- tower_memcached.yaml.j2
- tower_postgres.yaml.j2
- tower_config.yaml.j2
- tower_redis.yaml.j2
- launch_awx.yaml.j2
- supervisor.yaml.j2
- tower_web.yaml.j2
- tower.yaml.j2
- name: Get the Tower pod information.
k8s_info:
@@ -53,16 +52,16 @@
- include_tasks: initialize.yml
- name: Scale the tower_task deployment to 0 replicas after migration.
- name: Scale the tower deployment to 0 replicas after migration.
k8s:
definition: "{{ lookup('template', 'tower_task.yaml.j2') | from_yaml_all | list }}"
definition: "{{ lookup('template', 'tower.yaml.j2') | from_yaml_all | list }}"
vars:
tower_task_replicas: "0"
tower_replicas: "0"
when: migrate_result and migrate_result.changed
- name: Scale the tower_task deployment back to 1 replica after migration.
- name: Scale the tower deployment back to 1 replica after migration.
k8s:
definition: "{{ lookup('template', 'tower_task.yaml.j2') | from_yaml_all | list }}"
definition: "{{ lookup('template', 'tower.yaml.j2') | from_yaml_all | list }}"
vars:
tower_task_replicas: "1"
tower_replicas: "1"
when: migrate_result and migrate_result.changed

16
roles/tower/templates/credentials.py.j2 Normal file
View File

@@ -0,0 +1,16 @@
DATABASES = {
'default': {
'ATOMIC_REQUESTS': True,
'ENGINE': 'awx.main.db.profiled_pg',
'NAME': "awx",
'USER': "awx",
'PASSWORD': "{{ tower_postgres_pass }}",
'HOST': '{{ meta.name }}-postgres',
'PORT': "{{ tower_postgres_port }}",
'OPTIONS': { 'sslmode': '{{ pg_sslmode|default("prefer") }}',
'sslrootcert': '{{ ca_trust_bundle }}',
},
}
}
BROADCAST_WEBSOCKET_SECRET = "{{ tower_broadcast_websocket_secret | b64encode }}"

5
roles/tower/templates/environment.sh.j2 Normal file
View File

@@ -0,0 +1,5 @@
DATABASE_USER=awx
DATABASE_NAME=awx
DATABASE_HOST={{ meta.name }}-postgres
DATABASE_PORT={{ tower_postgres_port }}
DATABASE_PASSWORD={{ tower_postgres_pass }}

68
roles/tower/templates/tower_web.yaml.j2 → roles/tower/templates/tower.yaml.j2
View File

@@ -3,23 +3,24 @@
apiVersion: v1
kind: Secret
metadata:
name: '{{ meta.name }}-tower-secret'
name: '{{ meta.name }}-secrets'
namespace: '{{ meta.namespace }}'
data:
secret_key: '{{ tower_secret_key | b64encode }}'
admin_password: '{{ tower_admin_password | b64encode }}'
credentials_py: "{{ lookup('template', 'credentials.py.j2') | b64encode }}"
environment_sh: "{{ lookup('template', 'environment.sh.j2') | b64encode }}"
# Tower Deployment.
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: '{{ meta.name }}-tower-web'
name: '{{ meta.name }}'
namespace: '{{ meta.namespace }}'
labels:
app: tower
spec:
replicas: 1
replicas: {{ tower_replicas }}
selector:
matchLabels:
app: tower
@@ -44,28 +45,28 @@ spec:
mountPath: "/var/run/memcached"
- image: '{{ tower_redis_image }}'
name: redis
args: ["redis-server", "/etc/redis.conf"]
ports:
- containerPort: 6379
volumeMounts:
- name: {{ meta.name }}-redis-config
mountPath: "/usr/local/etc/redis/redis.conf"
mountPath: "/etc/redis.conf"
subPath: redis.conf
readOnly: true
- name: {{ meta.name }}-redis-socket
mountPath: "/var/run/redis"
- image: '{{ tower_web_image }}'
name: tower
name: '{{ meta.name }}-web'
ports:
- containerPort: 8052
volumeMounts:
- name: "{{ meta.name }}-application-credentials"
mountPath: "/etc/tower/conf.d/"
readOnly: true
- name: {{ meta.name }}-secret-key
mountPath: /etc/tower/SECRET_KEY
subPath: SECRET_KEY
readOnly: true
- name: {{ meta.name }}-environment
mountPath: /etc/tower/conf.d/environment.sh
subPath: environment.sh
readOnly: true
- name: {{ meta.name }}-settings
mountPath: /etc/tower/settings.py
subPath: settings.py
@@ -91,27 +92,21 @@ spec:
memory: '{{ tower_web_mem_request }}'
cpu: '{{ tower_web_cpu_request }}'
- image: '{{ tower_task_image }}'
name: tower-task
name: '{{ meta.name }}-task'
{% if tower_task_privileged == true %}
securityContext:
privileged: true
{% endif %}
command:
- /usr/bin/launch_awx_task.sh
envFrom:
- configMapRef:
name: '{{ meta.name }}-tower-configmap'
- secretRef:
name: '{{ meta.name }}-tower-secret'
volumeMounts:
- name: "{{ meta.name }}-application-credentials"
mountPath: "/etc/tower/conf.d/"
readOnly: true
- name: {{ meta.name }}-secret-key
mountPath: /etc/tower/SECRET_KEY
subPath: SECRET_KEY
readOnly: true
- name: {{ meta.name }}-environment
mountPath: /etc/tower/conf.d/environment.sh
subPath: environment.sh
readOnly: true
- name: {{ meta.name }}-settings
mountPath: /etc/tower/settings.py
subPath: settings.py
@@ -120,6 +115,10 @@ spec:
mountPath: /usr/bin/launch_awx_task.sh
subPath: launch_awx_task.sh
readOnly: true
- name: {{ meta.name }}-supervisor-web-config
mountPath: "/supervisor.conf"
subPath: supervisor.conf
readOnly: true
- name: {{ meta.name }}-supervisor-task-config
mountPath: /supervisor_task.conf
subPath: supervisor_task.conf
@@ -128,23 +127,38 @@ spec:
mountPath: "/var/run/redis"
- name: {{ meta.name }}-memcached-socket
mountPath: "/var/run/memcached"
env:
- name: SUPERVISOR_WEB_CONFIG_PATH
value: "/supervisor.conf"
- name: AWX_SKIP_MIGRATIONS
value: "1"
- name: MY_POD_UID
valueFrom:
fieldRef:
fieldPath: metadata.uid
- name: MY_POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
resources:
requests:
memory: '{{ tower_task_mem_request }}'
cpu: '{{ tower_task_cpu_request }}'
volumes:
- name: "{{ meta.name }}-application-credentials"
secret:
secretName: "{{ meta.name }}-secrets"
items:
- key: credentials_py
path: 'credentials.py'
- key: environment_sh
path: 'environment.sh'
- name: {{ meta.name }}-secret-key
secret:
secretName: '{{ meta.name }}-tower-secret'
secretName: '{{ meta.name }}-secrets'
items:
- key: secret_key
path: SECRET_KEY
- name: {{ meta.name }}-environment
configMap:
name: '{{ meta.name }}-tower-configmap'
items:
- key: environment
path: environment.sh
- name: {{ meta.name }}-settings
configMap:
name: '{{ meta.name }}-tower-configmap'

27
roles/tower/templates/tower_config.yaml.j2
View File

@@ -100,32 +100,9 @@ data:
if os.getenv("DATABASE_SSLMODE", False):
DATABASES['default']['OPTIONS'] = {'sslmode': os.getenv("DATABASE_SSLMODE")}
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': '{}:{}'.format("{{ meta.name }}-memcached.{{ meta.namespace }}.svc.cluster.local", "11211")
},
'ephemeral': {
'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
},
}
BROKER_URL = 'redis://{}:{}/'.format(
'{{ meta.name }}-redis.{{ meta.namespace }}.svc.cluster.local',
'6379')
CHANNEL_LAYERS = {
"default": {
"BACKEND": "channels_redis.core.RedisChannelLayer",
"CONFIG": {
"hosts": [BROKER_URL],
"capacity": 10000,
"group_expiry": 157784760, # 5 years
}
}
}
USE_X_FORWARDED_PORT = True
BROADCAST_WEBSOCKET_PORT = 8052
BROADCAST_WEBSOCKET_PROTOCOL = 'http'
nginx_conf: |
worker_processes 1;

17
roles/tower/templates/tower_memcached.yaml.j2
View File

@@ -1,17 +0,0 @@
# Memcached Service.
---
apiVersion: v1
kind: Service
metadata:
name: '{{ meta.name }}-memcached'
namespace: '{{ meta.namespace }}'
labels:
app: tower-memcached
spec:
clusterIP: None
ports:
- port: 11211
protocol: TCP
targetPort: 11211
selector:
app: tower-memcached

16
roles/tower/templates/tower_redis.yaml.j2
View File

@@ -1,16 +0,0 @@
# Redis Service.
---
apiVersion: v1
kind: Service
metadata:
name: '{{ meta.name }}-redis'
namespace: '{{ meta.namespace }}'
labels:
app: tower-redis
spec:
ports:
- port: 6379
protocol: TCP
targetPort: 6379
selector:
app: tower-redis