From 60199f79aa11968818225144534b47b1c1618ae4 Mon Sep 17 00:00:00 2001 From: Julen Landa Alustiza Date: Mon, 22 Mar 2021 18:08:51 +0100 Subject: [PATCH 1/5] Check the default old PostgreSQL configuration Signed-off-by: Julen Landa Alustiza --- roles/installer/tasks/database_configuration.yml | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/roles/installer/tasks/database_configuration.yml b/roles/installer/tasks/database_configuration.yml index 622bbc7a..a79f55c4 100644 --- a/roles/installer/tasks/database_configuration.yml +++ b/roles/installer/tasks/database_configuration.yml @@ -14,14 +14,26 @@ name: '{{ meta.name }}-postgres-configuration' register: _default_pg_config_resources -- name: Check for old PostgreSQL configuration secret +- name: Check for specified old PostgreSQL configuration secret k8s_info: kind: Secret namespace: '{{ meta.namespace }}' name: '{{ tower_old_postgres_configuration_secret }}' - register: old_pg_config + register: _custom_old_pg_config_resources when: tower_old_postgres_configuration_secret | length +- name: Check for default old PostgreSQL configuration + k8s_info: + kind: Secret + namespace: '{{ meta.namespace }}' + name: '{{ meta.name }}-old-postgres-configuration' + register: _default_old_pg_config_resources + +- name: Set old PostgreSQL configuration + set_fact: + # yamllint disable-line rule:line-length + old_pg_config: '{{ _custom_old_pg_config_resources["resources"] | default([]) | length | ternary(_custom_old_pg_config_resources, _default_old_pg_config_resources) }}' # noqa 204 + - name: Set proper database name when migrating from old deployment set_fact: database_name: "{{ old_pg_config['resources'][0]['data']['database'] | b64decode }}" From 451e2b6497cba7fa2bb6621ba13b3f07e644f8dc Mon Sep 17 00:00:00 2001 From: Yanis Guenane Date: Mon, 22 Mar 2021 10:51:14 +0100 Subject: [PATCH 2/5] Update bundle variables to catchup with latest commits --- ansible/templates/crd.yml.j2 | 2 + deploy/awx-operator.yaml | 2 + deploy/crds/awx_v1beta1_crd.yaml | 2 + .../awx-operator.clusterserviceversion.yaml | 73 +++++++++++++++++++ .../manifests/awx.ansible.com_awxs_crd.yaml | 2 + 5 files changed, 81 insertions(+) diff --git a/ansible/templates/crd.yml.j2 b/ansible/templates/crd.yml.j2 index b7cd32bc..0cbda243 100644 --- a/ansible/templates/crd.yml.j2 +++ b/ansible/templates/crd.yml.j2 @@ -29,9 +29,11 @@ spec: tower_task_privileged: description: If a privileged security context should be enabled type: boolean + default: false tower_admin_user: description: Username to use for the admin account type: string + default: admin tower_hostname: description: The hostname of the instance type: string diff --git a/deploy/awx-operator.yaml b/deploy/awx-operator.yaml index 18a76fa5..5d3b7f3f 100644 --- a/deploy/awx-operator.yaml +++ b/deploy/awx-operator.yaml @@ -180,9 +180,11 @@ spec: tower_task_privileged: description: If a privileged security context should be enabled type: boolean + default: false tower_admin_user: description: Username to use for the admin account type: string + default: admin tower_hostname: description: The hostname of the instance type: string diff --git a/deploy/crds/awx_v1beta1_crd.yaml b/deploy/crds/awx_v1beta1_crd.yaml index b7cd32bc..0cbda243 100644 --- a/deploy/crds/awx_v1beta1_crd.yaml +++ b/deploy/crds/awx_v1beta1_crd.yaml @@ -29,9 +29,11 @@ spec: tower_task_privileged: description: If a privileged security context should be enabled type: boolean + default: false tower_admin_user: description: Username to use for the admin account type: string + default: admin tower_hostname: description: The hostname of the instance type: string diff --git a/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml b/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml index e73702ee..2b465798 100644 --- a/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml +++ b/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml @@ -99,6 +99,7 @@ spec: x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:io.kubernetes:Secret + - displayName: Old Database configuration secret path: tower_old_postgres_configuration_secret x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced @@ -207,6 +208,18 @@ spec: x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - displayName: Deploy the instance in development mode ? + path: development_mode + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - urn:alm:descriptor:com.tectonic.ui:hidden + - displayName: Should Tower Task container deployed with prileged level ? + path: tower_task_privileged + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - urn:alm:descriptor:com.tectonic.ui:hidden - displayName: Deployment Type path: deployment_type x-descriptors: @@ -217,16 +230,76 @@ spec: x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:hidden + - displayName: Redis Image + path: tower_redis_image + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:com.tectonic.ui:hidden + - displayName: PostgreSQL Image + path: tower_postgres_image + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:com.tectonic.ui:hidden - displayName: Tower Postgres Storage Class path: tower_postgres_storage_class x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:hidden + - displayName: Tower Postgres Datapath + path: tower_postgres_data_path + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:com.tectonic.ui:hidden - displayName: Certificate Authorirty Trust Bundle path: ca_trust_bundle x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:hidden + - displayName: Tower Task Args + path: tower_task_args + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:com.tectonic.ui:hidden + - displayName: Tower Task Command + path: tower_task_command + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:com.tectonic.ui:hidden + - displayName: Tower Task Extra Env + path: tower_task_extra_env + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:com.tectonic.ui:hidden + - displayName: Tower Task Extra Volume Mounts + path: tower_task_extra_volume_mounts + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:com.tectonic.ui:hidden + - displayName: Tower Web Args + path: tower_web_args + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:com.tectonic.ui:hidden + - displayName: Tower Web Command + path: tower_web_command + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:com.tectonic.ui:hidden + - displayName: Tower Web Extra Env + path: tower_web_extra_env + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:com.tectonic.ui:hidden + - displayName: Tower Web Extra Volume Mounts + path: tower_web_extra_volume_mounts + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:com.tectonic.ui:hidden + - displayName: Tower Extra Volumes + path: tower_extra_volumes + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:com.tectonic.ui:hidden statusDescriptors: - description: Route to access the instance deployed displayName: URL diff --git a/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml b/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml index 667e0ce3..ecb933df 100644 --- a/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml +++ b/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml @@ -37,6 +37,7 @@ spec: tower_admin_user: description: Username to use for the admin account type: string + default: admin tower_broadcast_websocket_secret: description: Secret where the broadcast websocket secret can be found type: string @@ -177,6 +178,7 @@ spec: tower_task_privileged: description: If a privileged security context should be enabled type: boolean + default: false tower_task_resource_requirements: description: Resource requirements for the task container properties: From 7010ab1fc67cde12b04bc77d57d7f58fd6c56101 Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Wed, 24 Mar 2021 11:52:33 -0400 Subject: [PATCH 3/5] Update deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml --- .../manifests/awx-operator.clusterserviceversion.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml b/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml index 2b465798..0f08f1c3 100644 --- a/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml +++ b/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml @@ -214,7 +214,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:booleanSwitch - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Should Tower Task container deployed with prileged level ? + - displayName: Should Tower Task container deployed with privileged level ? path: tower_task_privileged x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced From 746dc2738f14aadd4099997ada0c3930fc0f5ed5 Mon Sep 17 00:00:00 2001 From: "Christian M. Adams" Date: Wed, 24 Mar 2021 13:37:32 -0400 Subject: [PATCH 4/5] Name pg pod in a more unique way - this is to make it possible to run migration with multiple deployments in the same pod --- README.md | 2 ++ roles/installer/tasks/migrate_data.yml | 2 +- roles/installer/templates/tower_postgres.yaml.j2 | 10 +++++----- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index d6bf18fb..83fc864a 100644 --- a/README.md +++ b/README.md @@ -62,6 +62,8 @@ metadata: name: awx ``` +> The metadata.name you provide, will be the name of the resulting AWX deployment. If you deploy more than one to the same namespace, be sure to use unique names. + Finally, use `kubectl` to create the awx instance in your cluster: ```bash diff --git a/roles/installer/tasks/migrate_data.yml b/roles/installer/tasks/migrate_data.yml index ae04e8ca..59b5c744 100644 --- a/roles/installer/tasks/migrate_data.yml +++ b/roles/installer/tasks/migrate_data.yml @@ -13,7 +13,7 @@ kind: Pod namespace: '{{ meta.namespace }}' label_selectors: - - "app={{ deployment_type }}-postgres" + - "app={{ meta.name }}-{{ deployment_type }}-postgres" register: postgres_pod until: "postgres_pod['resources'][0]['status']['phase'] == 'Running'" delay: 5 diff --git a/roles/installer/templates/tower_postgres.yaml.j2 b/roles/installer/templates/tower_postgres.yaml.j2 index 5cdd17e2..c2629861 100644 --- a/roles/installer/templates/tower_postgres.yaml.j2 +++ b/roles/installer/templates/tower_postgres.yaml.j2 @@ -6,11 +6,11 @@ metadata: name: '{{ meta.name }}-postgres' namespace: '{{ meta.namespace }}' labels: - app: '{{ deployment_type }}-postgres' + app: '{{ meta.name }}-{{ deployment_type }}-postgres' spec: selector: matchLabels: - app: '{{ deployment_type }}-postgres' + app: '{{ meta.name }}-{{ deployment_type }}-postgres' serviceName: '{{ meta.name }}' replicas: 1 updateStrategy: @@ -18,7 +18,7 @@ spec: template: metadata: labels: - app: '{{ deployment_type }}-postgres' + app: '{{ meta.name }}-{{ deployment_type }}-postgres' spec: containers: - image: '{{ tower_postgres_image }}' @@ -71,10 +71,10 @@ metadata: name: '{{ meta.name }}-postgres' namespace: '{{ meta.namespace }}' labels: - app: '{{ deployment_type }}-postgres' + app: '{{ meta.name }}-{{ deployment_type }}-postgres' spec: ports: - port: 5432 clusterIP: None selector: - app: '{{ deployment_type }}-postgres' + app: '{{ meta.name }}-{{ deployment_type }}-postgres' From 387932e960260e1834182a2fdcfd6d3564da9e57 Mon Sep 17 00:00:00 2001 From: Yanis Guenane Date: Wed, 24 Mar 2021 20:33:03 +0100 Subject: [PATCH 5/5] Update liveness probe defaults The liveness probes default are too agressive and can lead to undeployable operators[1][2] - We are bumping them as per the operator-sdk default in 1.0[3] [1] https://github.com/operator-framework/operator-sdk/issues/3216 [2] https://github.com/operator-framework/operator-sdk/issues/3267 [3] https://github.com/operator-framework/operator-sdk/commit/ea43495073a543ede5f10ea5790660004cf750be Fixes: https://github.com/ansible/awx-operator/issues/131 --- ansible/templates/operator.yml.j2 | 4 ++-- deploy/awx-operator.yaml | 7 ++----- deploy/crds/awx_v1beta1_crd.yaml | 3 --- .../manifests/awx-operator.clusterserviceversion.yaml | 4 ++-- 4 files changed, 6 insertions(+), 12 deletions(-) diff --git a/ansible/templates/operator.yml.j2 b/ansible/templates/operator.yml.j2 index 8fd88f92..f4256339 100644 --- a/ansible/templates/operator.yml.j2 +++ b/ansible/templates/operator.yml.j2 @@ -37,8 +37,8 @@ spec: httpGet: path: /healthz port: 6789 - initialDelaySeconds: 5 - periodSeconds: 3 + initialDelaySeconds: 15 + periodSeconds: 20 volumes: - name: runner emptyDir: {} diff --git a/deploy/awx-operator.yaml b/deploy/awx-operator.yaml index c352d1f4..58e2c141 100644 --- a/deploy/awx-operator.yaml +++ b/deploy/awx-operator.yaml @@ -143,8 +143,8 @@ spec: httpGet: path: /healthz port: 6789 - initialDelaySeconds: 5 - periodSeconds: 3 + initialDelaySeconds: 15 + periodSeconds: 20 volumes: - name: runner emptyDir: {} @@ -350,9 +350,6 @@ spec: type: string tower_web_extra_volume_mounts: type: string - tower_ee_image: - description: Registry path to the Execution Environment container to use - type: string tower_redis_image: description: Registry path to the redis container to use type: string diff --git a/deploy/crds/awx_v1beta1_crd.yaml b/deploy/crds/awx_v1beta1_crd.yaml index 7684cb64..0cbda243 100644 --- a/deploy/crds/awx_v1beta1_crd.yaml +++ b/deploy/crds/awx_v1beta1_crd.yaml @@ -199,9 +199,6 @@ spec: type: string tower_web_extra_volume_mounts: type: string - tower_ee_image: - description: Registry path to the Execution Environment container to use - type: string tower_redis_image: description: Registry path to the redis container to use type: string diff --git a/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml b/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml index d58dbfc6..c3e66461 100644 --- a/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml +++ b/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml @@ -440,8 +440,8 @@ spec: httpGet: path: /healthz port: 6789 - initialDelaySeconds: 5 - periodSeconds: 3 + initialDelaySeconds: 15 + periodSeconds: 20 name: awx-operator resources: {} volumeMounts: