store secrets & definitions in a tempfile dir, fix postgres label

2026-05-08 14:22:49 +00:00 · 2021-04-08 15:18:03 -04:00
parent 2cbf60fa17
commit 82efe05343
9 changed files with 34 additions and 39 deletions
--- a/roles/restore/tasks/apply_secret.yml
+++ b/roles/restore/tasks/apply_secret.yml
@@ -10,7 +10,7 @@

 - name: Write temp secret definition template file
  copy:
-    dest: "_definitions/{{ item }}.yml.j2"
+    dest: "{{ definitions_dir.path }}/{{ item }}.yml.j2"
    content: |
      {{ awx_object.stdout }}
    mode: '0600'
@@ -21,4 +21,4 @@
    namespace: "{{ namespace | default('default') }}"
    apply: yes
    wait: yes
-    template: "_definitions/{{ item }}.yml.j2"
+    template: "{{ definitions_dir.path }}/{{ item }}.yml.j2"
--- a/roles/restore/tasks/cleanup.yml
+++ b/roles/restore/tasks/cleanup.yml
@@ -1,10 +1,5 @@
 ---

- name: Clean up _secrets directory
-  file:
-    path: "_definitions"
-    state: absent
-
 - name: Delete any existing management pod
  k8s:
    name: "{{ meta.name }}-db-management"
--- a/roles/restore/tasks/init.yml
+++ b/roles/restore/tasks/init.yml
@@ -75,8 +75,8 @@
    - tower_backup_dir != ''
    - stat_backup_dir.return_code != 0

- name: Make _definitions directory
-  file:
-    path: "_definitions"
+- name: Make temp definitions directory
+  tempfile:
+    prefix: "definitions-"
    state: directory
-    mode: '0700'
+  register: definitions_dir
--- a/roles/restore/tasks/init_awx.yml
+++ b/roles/restore/tasks/init_awx.yml
@@ -10,7 +10,7 @@

 - name: Write temp AWX definition template file
  copy:
-    dest: "_definitions/awx_object.yml.j2"
+    dest: "{{ definitions_dir.path }}/awx_object.yml.j2"
    content: |
      {{ awx_object.stdout }}
    mode: '0600'
@@ -18,10 +18,10 @@
 - name: Deploy AWX
  k8s:
    state: "{{ state | default('present') }}"
-    namespace: "{{ namespace | default('default') }}"
+    namespace: "{{ meta.namespace | default('default') }}"
    apply: yes
    wait: yes
-    template: "_definitions/awx_object.yml.j2"
+    template: "{{ definitions_dir.path }}/awx_object.yml.j2"


 # TODO: The awx object and secrets need to be applied from the awx-operator, because that is where the service account is?
--- a/roles/restore/tasks/postgres.yml
+++ b/roles/restore/tasks/postgres.yml
@@ -32,7 +32,7 @@
    kind: Pod
    namespace: '{{ meta.namespace }}'
    label_selectors:
-      - "app={{ tower_name }}-{{ deployment_type }}-postgres"
+      - "app.kubernetes.io/name={{ tower_name }}-postgres"
  register: postgres_pod
  until: "postgres_pod['resources'][0]['status']['phase'] == 'Running'"
  delay: 5
@@ -59,17 +59,23 @@
    replicas: 0
  when: this_deployment['resources'] | length

+- name: Get the postgres pod information
+  set_fact:
+    resolvable_db_host: "{{ awx_postgres_host }}.{{ meta.namespace }}.svc.cluster.local"
+
 - name: Set pg_restore command
  set_fact:
    psql_restore: >-
      psql -U {{ awx_postgres_user }}
-      -d template1
+      -h {{ resolvable_db_host }}
+      -U {{ awx_postgres_user }}
+      -d {{ awx_postgres_database }}
      -p {{ awx_postgres_port }}

 - name: Restore database dump to the new postgresql container
  k8s_exec:
-    namespace: "{{ meta.namespace }}"
-    pod: "{{ postgres_pod_name }}"
+    namespace: "{{ tower_backup_pvc_namespace }}"
+    pod: "{{ meta.name }}-db-management"
    command: |
      bash -c """
      set -e -o pipefail