internet/awx-operator
3
0
Fork 0
mirror of https://github.com/ansible/awx-operator.git synced 2026-04-11 19:30:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

Simplify vars needed for restore CR & do not garbage collect secrets

Browse Source
This commit is contained in:
Christian M. Adams
2021-04-23 17:12:54 -04:00
parent 57f9530198
commit c817a2234d
9 changed files with 62 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
ansible/templates/awxrestore_crd.yml.j2
View File

@@ -30,13 +30,16 @@ spec:
description: Name of the deployment to be restored to
type: string
tower_backup_pvc:
description: Name of the PVC to be restored from
description: Name of the PVC to be restored from, set as a status found on the awxbackup object (towerBackupClaim)
type: string
tower_backup_pvc_namespace:
description: Namespace the PVC is in
type: string
tower_backup_dir:
description: Backup directory name, a status found on the awxbackup object (towerBackupComplete)
description: Backup directory name, set as a status found on the awxbackup object (towerBackupDirectory)
type: string
tower_backup:
description: AWXBackup object name
type: string
tower_secret_key_secret:
description: Custom secret_key secret name
@@ -54,4 +57,4 @@ spec:
description: Label selector used to identify postgres pod for backing up data
type: string
oneOf:
- required: ["tower_name", "tower_backup_pvc", "tower_backup_pvc_namespace", "tower_backup_dir"]
- required: ["tower_name", "tower_backup_pvc_namespace"]

9
deploy/awx-operator.yaml
View File

@@ -482,13 +482,16 @@ spec:
description: Name of the deployment to be restored to
type: string
tower_backup_pvc:
description: Name of the PVC to be restored from
description: Name of the PVC to be restored from, set as a status found on the awxbackup object (towerBackupClaim)
type: string
tower_backup_pvc_namespace:
description: Namespace the PVC is in
type: string
tower_backup_dir:
description: Backup directory name, a status found on the awxbackup object (towerBackupComplete)
description: Backup directory name, set as a status found on the awxbackup object (towerBackupDirectory)
type: string
tower_backup:
description: AWXBackup object name
type: string
tower_secret_key_secret:
description: Custom secret_key secret name
@@ -506,7 +509,7 @@ spec:
description: Label selector used to identify postgres pod for backing up data
type: string
oneOf:
- required: ["tower_name", "tower_backup_pvc", "tower_backup_pvc_namespace", "tower_backup_dir"]
- required: ["tower_name", "tower_backup_pvc_namespace"]
---
apiVersion: rbac.authorization.k8s.io/v1

9
deploy/crds/awxrestore_v1beta1_crd.yaml
View File

@@ -30,13 +30,16 @@ spec:
description: Name of the deployment to be restored to
type: string
tower_backup_pvc:
description: Name of the PVC to be restored from
description: Name of the PVC to be restored from, set as a status found on the awxbackup object (towerBackupClaim)
type: string
tower_backup_pvc_namespace:
description: Namespace the PVC is in
type: string
tower_backup_dir:
description: Backup directory name, a status found on the awxbackup object (towerBackupComplete)
description: Backup directory name, set as a status found on the awxbackup object (towerBackupDirectory)
type: string
tower_backup:
description: AWXBackup object name
type: string
tower_secret_key_secret:
description: Custom secret_key secret name
@@ -54,4 +57,4 @@ spec:
description: Label selector used to identify postgres pod for backing up data
type: string
oneOf:
- required: ["tower_name", "tower_backup_pvc", "tower_backup_pvc_namespace", "tower_backup_dir"]
- required: ["tower_name", "tower_backup_pvc_namespace"]

2
roles/backup/README.md
View File

@@ -25,7 +25,7 @@ Then create a file named `backup-awx.yml` with the following contents:
apiVersion: awx.ansible.com/v1beta1
kind: AWXBackup
metadata:
name: awxbackup
name: awxbackup-2021-04-22
namespace: my-namespace
spec:
tower_name: mytower

10
roles/restore/README.md
View File

@@ -32,9 +32,8 @@ metadata:
namespace: my-namespace
spec:
tower_name: mytower
tower_backup_pvc: myoldtower-backup-claim
tower_backup: awxbackup-2021-04-22
tower_backup_pvc_namespace: 'old-awx-namespace'
tower_backup_dir: /backups/tower-openshift-backup-2021-04-02-03:25:08
```
Note that the `tower_name` above is the name of the AWX deployment you intend to create and restore to.
@@ -92,6 +91,13 @@ If a custom postgres configuration secret was used when deploying AWX, it must b
tower_postgres_configuration_secret: 'awx-postgres-configuration'
```
If the awxbackup object no longer exists, it is still possible to restore from the backup it created by specifying the pvc name and the back directory.
```
tower_backup_pvc: myoldtower-backup-claim
tower_backup_dir: /backups/tower-openshift-backup-2021-04-02-03:25:08
```
Testing
----------------

5
roles/restore/defaults/main.yml
View File

@@ -6,14 +6,9 @@ tower_name: ''
tower_backup_pvc: ''
tower_backup_pvc_namespace: ''
# TODO: If the backup_dir is not provided, it should default to the most recent backup based on the timestamp at the end of the file name.
# Required: backup name, found on the awxbackup object
tower_backup_dir: ''
# TODO: Should we add a unique id at the end of the secret when backing up, then use it here?
# or will that make future backups more complicated because the user will have to specify the names of all the secrets?
# Names of any secrets you want to use instead of the ones in the backup
# TODO: Is this necessary? User's will be able to use the rekey role
tower_admin_password_secret: "{{ tower_name }}-admin-password"

15
roles/restore/tasks/cleanup.yml
View File

@@ -7,3 +7,18 @@
namespace: "{{ tower_backup_pvc_namespace }}"
state: absent
force: true
- name: Remove ownerReferences from secrets to avoid garbage collection
k8s:
definition:
apiVersion: v1
kind: Secret
metadata:
name: '{{ item }}'
namespace: '{{ meta.namespace }}'
ownerReferences: null
loop:
- '{{ tower_name }}-admin-password'
- '{{ tower_name }}-secret-key'
- '{{ tower_name }}-postgres-configuration'
- '{{ tower_name }}-broadcast-websocket'

26
roles/restore/tasks/init.yml
View File

@@ -1,12 +1,24 @@
---
- name: Set default pvc name
set_fact:
_default_backup_pvc: "{{ tower_name }}-backup-claim"
# by default, it will re-use the old pvc if already created (unless pvc is provided)
- name: Set PVC to use for backup
set_fact:
backup_pvc: "{{ tower_backup_pvc | default(_default_backup_pvc, true) }}"
- name: Set variables from awxbackup object statuses if provided
block:
- name: Look up details for the backup object
k8s_info:
api_version: "{{ api_version }}"
kind: "AWXBackup"
name: "{{ tower_backup }}"
namespace: "{{ tower_backup_pvc_namespace }}"
register: this_backup
- name: Set backup pvc name from status
set_fact:
tower_backup_pvc: "{{ this_backup['resources'][0]['status']['towerBackupClaim'] }}"
- name: Set tmp backup directory from status
set_fact:
tower_backup_dir: "{{ this_backup['resources'][0]['status']['towerBackupDirectory'] }}"
when:
- tower_backup != '' or tower_backup is defined
# Check to make sure provided pvc exists, error loudly if not. Otherwise, the management pod will just stay in pending state forever.
- name: Check provided PVC exists

2
roles/restore/templates/management-pod.yml.j2
View File

@@ -17,6 +17,6 @@ spec:
volumes:
- name: {{ meta.name }}-backup
persistentVolumeClaim:
claimName: {{ backup_pvc }}
claimName: {{ tower_backup_pvc }}
readOnly: false
restartPolicy: Never