Provision instance and add receptor address

The mesh role now calls 1. awx-manage provision instance to register the hop node to the database 2. awx-manage add_receptor_address to register the internal address 3. awx-manage add_receptor_address to register the external address (to be used by remote nodes) CRD expanded to include external_ipaddress and external_hostname external_ipaddress is added as ipaddress in the hop node certificate external_hostname is added as dnsname in the hop node certificate the mesh role now checks for is_openshift and only creates a Route if true. Otherwise it will use external_hostname set in the spec file in place of Route name. Signed-off-by: Seth Foster <fosterbseth@gmail.com>
2026-05-07 05:42:55 +00:00 · 2023-10-05 12:38:23 -04:00
parent 3fe42ed4b9
commit 6ef4aed024
4 changed files with 45 additions and 11 deletions
--- a/config/crd/bases/awx.ansible.com_awxmeshingresses.yaml
+++ b/config/crd/bases/awx.ansible.com_awxmeshingresses.yaml
@@ -41,6 +41,12 @@ spec:
              deployment_name:
                description: Name of the AWX deployment to create the Mesh Ingress for.
                type: string
              external_hostname:
                description: External hostname to use for the Mesh Ingress.
                type: string
              external_ipaddress:
                description: External IP address to use for the Mesh Ingress.
                type: string
          status:
            description: Status defines the observed state of AWXMeshIngress
            type: object
--- a/roles/mesh_ingress/tasks/main.yml
+++ b/roles/mesh_ingress/tasks/main.yml
@@ -1,4 +1,12 @@
 ---
 - name: Import common role
  import_role:
    name: common
 - name: Debug is_openshift
  debug:
    msg: "is_openshift={{ is_openshift }}"
 - name: Check for presence of AWX instance that we will use to create the Mesh Ingress for.
  k8s_info:
    api_version: awx.ansible.com/v1beta1
@@ -37,12 +45,14 @@
    wait: yes
    wait_timeout: "120"
  register: route
  when: is_openshift | bool
 # TODO: need to wait until the route is ready before we can get the hostname
 - name: Set external_hostname
  set_fact:
    external_hostname: "{{ route.result.status.ingress[0].host }}"
  when: is_openshift | bool
 - name: Create other resources
  k8s:
@@ -81,12 +91,27 @@
  set_fact:
    awx_task_pod_name: "{{ awx_task_pod['metadata']['name'] | default('') }}"
-## TODO: awx-manage provision_instance does not currently support peer from control nodes
+# TODO: awx-manage provision_instance does not currently support peer from control nodes
-## !!!dependent on API/CLI changes!!!
+# !!!dependent on API/CLI changes!!!
-# - name: Add new instance to AWX
+- name: Add new instance to AWX
-#   k8s_exec:
+  kubernetes.core.k8s_exec:
-#     namespace: "{{ ansible_operator_meta.namespace }}"
+    namespace: "{{ ansible_operator_meta.namespace }}"
-#     pod: "{{ awx_task_pod_name }}"
+    pod: "{{ awx_task_pod_name }}"
-#     container: "{{ deployment_name }}-task"
+    container: "{{ deployment_name }}-task"
-#     command: awx-manage provision_instance ...
+    command: "awx-manage provision_instance --hostname {{ ansible_operator_meta.name }} --node_type hop --listener_port 6667 --peers_from_control_nodes"
-#   register: result
+  register: result
 - name: Add internal receptor address
  kubernetes.core.k8s_exec:
    namespace: "{{ ansible_operator_meta.namespace }}"
    pod: "{{ awx_task_pod_name }}"
    container: "{{ deployment_name }}-task"
    command: "awx-manage add_receptor_address --hostname {{ ansible_operator_meta.name  }} --address {{ ansible_operator_meta.name }} --port 27199 --protocol ws --is_internal"
 - name: Add external receptor address
  kubernetes.core.k8s_exec:
    namespace: "{{ ansible_operator_meta.namespace }}"
    pod: "{{ awx_task_pod_name }}"
    container: "{{ deployment_name }}-task"
    command: "awx-manage add_receptor_address --hostname {{ ansible_operator_meta.name }} --address {{ external_hostname }} --protocol ws"
--- a/roles/mesh_ingress/templates/receptor_conf.configmap.yml.j2
+++ b/roles/mesh_ingress/templates/receptor_conf.configmap.yml.j2
@@ -10,6 +10,8 @@ data:
    - node:
        id: {{ ansible_operator_meta.name }}
    - log-level: debug
    - control-service:
        service: control
    - ws-listener:
        port: 27199
        tls: tlsserver
--- a/roles/mesh_ingress/templates/statefulset.yml.j2
+++ b/roles/mesh_ingress/templates/statefulset.yml.j2
@@ -19,7 +19,8 @@ spec:
        - |
          internal_hostname={{ ansible_operator_meta.name }}
          external_hostname={{ external_hostname }}
-          receptor --cert-makereq bits=2048 commonname=$internal_hostname dnsname=$internal_hostname dnsname=$external_hostname nodeid=$internal_hostname outreq=/etc/receptor/tls/receptor.req outkey=/etc/receptor/tls/receptor.key
+          external_ipaddress={{ external_ipaddress }}
          receptor --cert-makereq bits=2048 commonname=$internal_hostname dnsname=$internal_hostname dnsname=$external_hostname nodeid=$internal_hostname ipaddress=$external_ipaddress outreq=/etc/receptor/tls/receptor.req outkey=/etc/receptor/tls/receptor.key
          receptor --cert-signreq req=/etc/receptor/tls/receptor.req cacert=/etc/receptor/tls/ca/mesh-CA.crt cakey=/etc/receptor/tls/ca/mesh-CA.key outcert=/etc/receptor/tls/receptor.crt verify=yes
          exec receptor --config /etc/receptor/receptor.conf
        image: '{{ _control_plane_ee_image }}'