internet/awx-operator
3
0
Fork 0
mirror of https://github.com/ansible/awx-operator.git synced 2026-05-07 05:42:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

Template only what is needed from secrets and awx cro

Browse Source
This commit is contained in:
Christian M. Adams
2021-04-09 16:32:59 -04:00
parent 82efe05343
commit 8ed0b1fe61
6 changed files with 28 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ansible/templates/awxrestore_crd.yml.j2
View File

@@ -51,4 +51,4 @@ spec:
description: Custom postgres_configuration secret name description: Custom postgres_configuration secret name
type: string type: string
oneOf: oneOf:
- required: ["tower_name", "tower_backup_pvc"] - required: ["tower_name", "tower_backup_pvc", "tower_backup_dir"]

12
roles/backup/tasks/awx-cro.yml
View File

@@ -20,19 +20,13 @@
set_fact: set_fact:
awx_spec: "{{ _awx['spec'] }}" awx_spec: "{{ _awx['spec'] }}"
- name: Template AWX object definition - name: Template secrets into yaml
template:
src: awx_object.yml.j2
dest: "{{ secrets_dir.path }}/awx_object.yml"
mode: '0600'
- name: Set AWX object template file as var
set_fact: set_fact:
awx_object_template: "{{ lookup('file', '{{ secrets_dir.path }}/awx_object.yml') }}" awx_definition_file: "{{ lookup('template', 'awx_object.yml.j2')}}"
- name: Write awx object to pvc - name: Write awx object to pvc
k8s_exec: k8s_exec:
namespace: "{{ tower_backup_pvc_namespace }}" namespace: "{{ tower_backup_pvc_namespace }}"
pod: "{{ meta.name }}-db-management" pod: "{{ meta.name }}-db-management"
command: >- command: >-
bash -c "echo '{{ awx_object_template }}' > {{ backup_dir }}/awx_object.yml" bash -c "echo '{{ awx_definition_file }}' > {{ backup_dir }}/awx_object.yml"

8
roles/backup/tasks/postgres.yml
View File

@@ -69,13 +69,17 @@
namespace: "{{ tower_backup_pvc_namespace }}" namespace: "{{ tower_backup_pvc_namespace }}"
pod: "{{ meta.name }}-db-management" pod: "{{ meta.name }}-db-management"
command: >- command: >-
chmod 0600 {{ backup_dir }}/tower.db && chown postgres:root {{ backup_dir }}/tower.db bash -c "chmod 0600 {{ backup_dir }}/tower.db && chown postgres:root {{ backup_dir }}/tower.db"
- name: Get the postgres pod information
set_fact:
resolvable_db_host: "{{ awx_postgres_host }}.{{ meta.namespace }}.svc.cluster.local"
- name: Set pg_dump command - name: Set pg_dump command
set_fact: set_fact:
pgdump: >- pgdump: >-
pg_dump --clean --create pg_dump --clean --create
-h {{ awx_postgres_host }} -h {{ resolvable_db_host }}
-U {{ awx_postgres_user }} -U {{ awx_postgres_user }}
-d {{ awx_postgres_database }} -d {{ awx_postgres_database }}
-p {{ awx_postgres_port }} -p {{ awx_postgres_port }}

69
roles/backup/tasks/secrets.yml
View File

@@ -1,8 +1,8 @@
--- ---
- name: Make temp secrets directory - name: Make temp secrets directory
tempfile: file:
prefix: "secrets-" path: "/tmp/secrets" #-{{ lookup('password', '/dev/null chars=ascii_lowercase,digits length=8')}}"
state: directory state: directory
register: secrets_dir register: secrets_dir
@@ -17,23 +17,6 @@
set_fact: set_fact:
secret_key: "{{ _secret_key['resources'][0]['data']['secret_key'] | b64decode }}" secret_key: "{{ _secret_key['resources'][0]['data']['secret_key'] | b64decode }}"
- name: Template secret_key definition
template:
src: secret_key_secret.yml.j2
dest: "{{ secrets_dir.path }}/secret_key_secret.yml"
mode: '0700'
- name: Set secret key template
set_fact:
secret_key_template: "{{ lookup('file', '{{ secrets_dir.path }}/secret_key_secret.yml') }}"
- name: Write secret_key to pvc
k8s_exec:
namespace: "{{ tower_backup_pvc_namespace }}"
pod: "{{ meta.name }}-db-management"
command: >-
bash -c "echo '{{ secret_key_template }}' > {{ backup_dir }}/secret_key_secret.yml"
- name: Get admin_password - name: Get admin_password
k8s_info: k8s_info:
kind: Secret kind: Secret
@@ -45,23 +28,6 @@
set_fact: set_fact:
admin_password: "{{ _admin_password['resources'][0]['data']['password'] | b64decode }}" admin_password: "{{ _admin_password['resources'][0]['data']['password'] | b64decode }}"
- name: Template admin_password definition
template:
src: admin_password_secret.yml.j2
dest: "{{ secrets_dir.path }}/admin_password_secret.yml"
mode: '0700'
- name: Set admin_password template
set_fact:
admin_password_template: "{{ lookup('file', '{{ secrets_dir.path }}/admin_password_secret.yml') }}"
- name: Write secret_key to pvc
k8s_exec:
namespace: "{{ tower_backup_pvc_namespace }}"
pod: "{{ meta.name }}-db-management"
command: >-
bash -c "echo '{{ admin_password_template }}' > {{ backup_dir }}/admin_password_secret.yml"
- name: Get broadcast_websocket - name: Get broadcast_websocket
k8s_info: k8s_info:
kind: Secret kind: Secret
@@ -71,24 +37,7 @@
- name: Set broadcast_websocket key - name: Set broadcast_websocket key
set_fact: set_fact:
secret_key: "{{ _broadcast_websocket['resources'][0]['data']['secret'] | b64decode }}" broadcast_websocket: "{{ _broadcast_websocket['resources'][0]['data']['secret'] | b64decode }}"
- name: Template broadcast_websocket definition
template:
src: broadcast_websocket_secret.yml.j2
dest: "{{ secrets_dir.path }}/broadcast_websocket_secret.yml"
mode: '0700'
- name: Set broadcast_websocket template
set_fact:
broadcast_websocket_template: "{{ lookup('file', '{{ secrets_dir.path }}/broadcast_websocket_secret.yml') }}"
- name: Write broadcast_websocket definition to pvc
k8s_exec:
namespace: "{{ tower_backup_pvc_namespace }}"
pod: "{{ meta.name }}-db-management"
command: >-
bash -c "echo '{{ broadcast_websocket_template }}' > {{ backup_dir }}/broadcast_websocket_secret.yml"
- name: Get postgres configuration - name: Get postgres configuration
k8s_info: k8s_info:
@@ -106,19 +55,13 @@
database_host: "{{ _postgres_configuration['resources'][0]['data']['host'] | b64decode }}" database_host: "{{ _postgres_configuration['resources'][0]['data']['host'] | b64decode }}"
database_type: "{{ _postgres_configuration['resources'][0]['data']['type'] | b64decode }}" database_type: "{{ _postgres_configuration['resources'][0]['data']['type'] | b64decode }}"
- name: Template postgres configuration definition - name: Template secrets into yaml
template:
src: postgres_secret.yml.j2
dest: "{{ secrets_dir.path }}/postgres_secret.yml"
mode: '0700'
- name: Set postgres configuration
set_fact: set_fact:
postgres_secret_template: "{{ lookup('file', '{{ secrets_dir.path }}/postgres_secret.yml') }}" secrets_file: "{{ lookup('template', 'secrets.yml.j2')}}"
- name: Write postgres configuration to pvc - name: Write postgres configuration to pvc
k8s_exec: k8s_exec:
namespace: "{{ tower_backup_pvc_namespace }}" namespace: "{{ tower_backup_pvc_namespace }}"
pod: "{{ meta.name }}-db-management" pod: "{{ meta.name }}-db-management"
command: >- command: >-
bash -c "echo '{{ postgres_secret_template }}' > {{ backup_dir }}/postgres_secret.yml" bash -c "echo '{{ secrets_file }}' > {{ backup_dir }}/secrets.yml"

10
roles/backup/templates/awx_object.yml.j2
View File

@@ -1,9 +1,3 @@
--- ---
apiVersion: '{{ awx_api_version }}' awx_api_version: {{ awx_api_version }}
kind: AWX awx_spec: {{ awx_spec }}
metadata:
{% raw %}
name: '{{ tower_name }}'
namespace: '{{ meta.namespace }}'
{% endraw %}
spec: {{ awx_spec }}

10
roles/backup/templates/secrets.yml.j2 Normal file
View File

@@ -0,0 +1,10 @@
---
secret_key: {{ secret_key }}
admin_password: {{ admin_password }}
broadcast_websocket: {{ broadcast_websocket }}
database_password: {{ database_password }}
database_username: {{ database_username }}
database_name: {{ database_name }}
database_port: {{ database_port }}
database_host: {{ database_host }}
database_type: {{ database_type }}