Template only what is needed from secrets and awx cro

2026-03-26 21:33:14 +00:00 · 2021-04-09 16:32:59 -04:00
parent 82efe05343
commit 8ed0b1fe61
6 changed files with 28 additions and 83 deletions
--- a/ansible/templates/awxrestore_crd.yml.j2
+++ b/ansible/templates/awxrestore_crd.yml.j2
@@ -51,4 +51,4 @@ spec:
                  description: Custom postgres_configuration secret name
                  type: string
              oneOf:
-                - required: ["tower_name", "tower_backup_pvc"]
+                - required: ["tower_name", "tower_backup_pvc", "tower_backup_dir"]
--- a/roles/backup/tasks/awx-cro.yml
+++ b/roles/backup/tasks/awx-cro.yml
@@ -20,19 +20,13 @@
  set_fact:
    awx_spec: "{{ _awx['spec'] }}"

- name: Template AWX object definition
-  template:
-    src: awx_object.yml.j2
-    dest: "{{ secrets_dir.path }}/awx_object.yml"
-    mode: '0600'
-
- name: Set AWX object template file as var
+- name: Template secrets into yaml
  set_fact:
-    awx_object_template: "{{ lookup('file', '{{ secrets_dir.path }}/awx_object.yml') }}"
+    awx_definition_file: "{{ lookup('template', 'awx_object.yml.j2')}}"

 - name: Write awx object to pvc
  k8s_exec:
    namespace: "{{ tower_backup_pvc_namespace }}"
    pod: "{{ meta.name }}-db-management"
    command: >-
-      bash -c "echo '{{ awx_object_template }}' > {{ backup_dir }}/awx_object.yml"
+      bash -c "echo '{{ awx_definition_file }}' > {{ backup_dir }}/awx_object.yml"
--- a/roles/backup/tasks/postgres.yml
+++ b/roles/backup/tasks/postgres.yml
@@ -69,13 +69,17 @@
    namespace: "{{ tower_backup_pvc_namespace }}"
    pod: "{{ meta.name }}-db-management"
    command: >-
-      chmod 0600 {{ backup_dir }}/tower.db && chown postgres:root {{ backup_dir }}/tower.db
+      bash -c "chmod 0600 {{ backup_dir }}/tower.db && chown postgres:root {{ backup_dir }}/tower.db"
+
+- name: Get the postgres pod information
+  set_fact:
+    resolvable_db_host: "{{ awx_postgres_host }}.{{ meta.namespace }}.svc.cluster.local"

 - name: Set pg_dump command
  set_fact:
    pgdump: >-
      pg_dump --clean --create
-      -h {{ awx_postgres_host }}
+      -h {{ resolvable_db_host }}
      -U {{ awx_postgres_user }}
      -d {{ awx_postgres_database }}
      -p {{ awx_postgres_port }}
--- a/roles/backup/tasks/secrets.yml
+++ b/roles/backup/tasks/secrets.yml
@@ -1,8 +1,8 @@
 ---

 - name: Make temp secrets directory
-  tempfile:
-    prefix: "secrets-"
+  file:
+    path: "/tmp/secrets" #-{{ lookup('password', '/dev/null chars=ascii_lowercase,digits length=8')}}"
    state: directory
  register: secrets_dir

@@ -17,23 +17,6 @@
  set_fact:
    secret_key: "{{ _secret_key['resources'][0]['data']['secret_key'] | b64decode }}"

- name: Template secret_key definition
-  template:
-    src: secret_key_secret.yml.j2
-    dest: "{{ secrets_dir.path }}/secret_key_secret.yml"
-    mode: '0700'
-
- name: Set secret key template
-  set_fact:
-    secret_key_template: "{{ lookup('file', '{{ secrets_dir.path }}/secret_key_secret.yml') }}"
-
- name: Write secret_key to pvc
-  k8s_exec:
-    namespace: "{{ tower_backup_pvc_namespace }}"
-    pod: "{{ meta.name }}-db-management"
-    command: >-
-      bash -c "echo '{{ secret_key_template }}' > {{ backup_dir }}/secret_key_secret.yml"
-
 - name: Get admin_password
  k8s_info:
    kind: Secret
@@ -45,23 +28,6 @@
  set_fact:
    admin_password: "{{ _admin_password['resources'][0]['data']['password'] | b64decode }}"

- name: Template admin_password definition
-  template:
-    src: admin_password_secret.yml.j2
-    dest: "{{ secrets_dir.path }}/admin_password_secret.yml"
-    mode: '0700'
-
- name: Set admin_password template
-  set_fact:
-    admin_password_template: "{{ lookup('file', '{{ secrets_dir.path }}/admin_password_secret.yml') }}"
-
- name: Write secret_key to pvc
-  k8s_exec:
-    namespace: "{{ tower_backup_pvc_namespace }}"
-    pod: "{{ meta.name }}-db-management"
-    command: >-
-      bash -c "echo '{{ admin_password_template }}' > {{ backup_dir }}/admin_password_secret.yml"
-
 - name: Get broadcast_websocket
  k8s_info:
    kind: Secret
@@ -71,24 +37,7 @@

 - name: Set broadcast_websocket key
  set_fact:
-    secret_key: "{{ _broadcast_websocket['resources'][0]['data']['secret'] | b64decode }}"
-
- name: Template broadcast_websocket definition
-  template:
-    src: broadcast_websocket_secret.yml.j2
-    dest: "{{ secrets_dir.path }}/broadcast_websocket_secret.yml"
-    mode: '0700'
-
- name: Set broadcast_websocket template
-  set_fact:
-    broadcast_websocket_template: "{{ lookup('file', '{{ secrets_dir.path }}/broadcast_websocket_secret.yml') }}"
-
- name: Write broadcast_websocket definition to pvc
-  k8s_exec:
-    namespace: "{{ tower_backup_pvc_namespace }}"
-    pod: "{{ meta.name }}-db-management"
-    command: >-
-      bash -c "echo '{{ broadcast_websocket_template }}' > {{ backup_dir }}/broadcast_websocket_secret.yml"
+    broadcast_websocket: "{{ _broadcast_websocket['resources'][0]['data']['secret'] | b64decode }}"

 - name: Get postgres configuration
  k8s_info:
@@ -106,19 +55,13 @@
    database_host: "{{ _postgres_configuration['resources'][0]['data']['host'] | b64decode }}"
    database_type: "{{ _postgres_configuration['resources'][0]['data']['type'] | b64decode }}"

- name: Template postgres configuration definition
-  template:
-    src: postgres_secret.yml.j2
-    dest: "{{ secrets_dir.path }}/postgres_secret.yml"
-    mode: '0700'
-
- name: Set postgres configuration
+- name: Template secrets into yaml
  set_fact:
-    postgres_secret_template: "{{ lookup('file', '{{ secrets_dir.path }}/postgres_secret.yml') }}"
+    secrets_file: "{{ lookup('template', 'secrets.yml.j2')}}"

 - name: Write postgres configuration to pvc
  k8s_exec:
    namespace: "{{ tower_backup_pvc_namespace }}"
    pod: "{{ meta.name }}-db-management"
    command: >-
-      bash -c "echo '{{ postgres_secret_template }}' > {{ backup_dir }}/postgres_secret.yml"
+      bash -c "echo '{{ secrets_file }}' > {{ backup_dir }}/secrets.yml"
--- a/roles/backup/templates/awx_object.yml.j2
+++ b/roles/backup/templates/awx_object.yml.j2
@@ -1,9 +1,3 @@
 ---
-apiVersion: '{{ awx_api_version }}'
-kind: AWX
-metadata:
-{% raw %}
-  name: '{{ tower_name }}'
-  namespace: '{{ meta.namespace }}'
-{% endraw %}
-spec: {{ awx_spec }}
+awx_api_version: {{ awx_api_version }}
+awx_spec: {{ awx_spec }}
--- a/roles/backup/templates/secrets.yml.j2
+++ b/roles/backup/templates/secrets.yml.j2
@@ -0,0 +1,10 @@
+---
+secret_key: {{ secret_key }}
+admin_password: {{ admin_password }}
+broadcast_websocket: {{ broadcast_websocket }}
+database_password: {{ database_password }}
+database_username: {{ database_username }}
+database_name: {{ database_name }}
+database_port: {{ database_port }}
+database_host: {{ database_host }}
+database_type: {{ database_type }}