Add finalizer to deprovision ingress instance

2026-03-26 21:33:14 +00:00 · 2023-11-09 14:22:35 -05:00
parent 494384c1d7
commit cb5db01406
5 changed files with 184 additions and 136 deletions
--- a/roles/mesh_ingress/defaults/main.yml
+++ b/roles/mesh_ingress/defaults/main.yml
@@ -4,3 +4,5 @@ set_self_owneref: true
 _control_plane_ee_image: quay.io/ansible/awx-ee:latest
 _image_pull_policy: Always
 finalizer_run: false
--- a/roles/mesh_ingress/tasks/creation.yml
+++ b/roles/mesh_ingress/tasks/creation.yml
@@ -0,0 +1,137 @@
 ---
 - name: Import common role
  import_role:
    name: common
 - name: Debug is_openshift
  debug:
    msg: "is_openshift={{ is_openshift }}"
 - name: Check for presence of AWX instance that we will use to create the Mesh Ingress for.
  k8s_info:
    api_version: awx.ansible.com/v1beta1
    kind: AWX
    name: "{{ deployment_name }}"
    namespace: "{{ ansible_operator_meta.namespace }}"
  register: awx_instance
 - name: Fail if awx_deployment does not exist in the same namespace
  fail:
    msg: "AWX instance {{ deployment_name }} does not exist in the same namespace as the AWXMeshIngress instance."
  when: awx_instance.resources | length == 0
 - name: Set awx_spec
  set_fact:
    awx_spec: "{{ awx_instance.resources[0].spec }}"
 - name: Set owner_reference of AWXMeshIngress to related AWX instance
  k8s:
    state: present
    definition:
      apiVersion: awx.ansible.com/v1beta1
      kind: AWX
      name: "{{ deployment_name }}"
      namespace: "{{ ansible_operator_meta.namespace }}"
      metadata:
        name: "{{ deployment_name }}"
        namespace: "{{ ansible_operator_meta.namespace }}"
        ownerReferences:
        - apiVersion: awx.ansible.com/v1beta1
          blockOwnerDeletion: true
          controller: true
          kind: AWX
          name: "{{ deployment_name }}"
          uid: "{{ awx_instance.resources[0].metadata.uid }}"
  when: set_self_owneref | bool
 - name: Set user provided control plane ee image
  set_fact:
    _custom_control_plane_ee_image: "{{ awx_spec.control_plane_ee_image }}"
  when:
    - awx_spec.control_plane_ee_image | default([]) | length
 - name: Set Control Plane EE image URL
  set_fact:
    _control_plane_ee_image: "{{ _custom_control_plane_ee_image | default(lookup('env', 'RELATED_IMAGE_CONTROL_PLANE_EE')) | default(_control_plane_ee_image, true) }}"
 - name: Set Image Pull Policy
  set_fact:
    _image_pull_policy: "{{ awx_spec.image_pull_policy | default(_image_pull_policy, true) }}"
 - name: Apply Route resource
  k8s:
    apply: yes
    definition: "{{ lookup('template', 'route.yml.j2') }}"
    wait: yes
    wait_timeout: "120"
  register: route
  when: is_openshift | bool
 # TODO: need to wait until the route is ready before we can get the hostname
 # right now this will rereconcile until the route is ready
 - name: Set external_hostname
  set_fact:
    external_hostname: "{{ route.result.status.ingress[0].host }}"
  when: is_openshift | bool
 - name: Create other resources
  k8s:
    apply: yes
    definition: "{{ lookup('template', '{{ item }}.yml.j2') }}"
    wait: yes
    wait_timeout: "120"
  loop:
  - service_account
  - receptor_conf.configmap
  - service
  - deployment
 - name: Get the current resource task pod information.
  k8s_info:
    api_version: v1
    kind: Pod
    namespace: '{{ ansible_operator_meta.namespace }}'
    label_selectors:
      - "app.kubernetes.io/name={{ deployment_name }}-task"
      - "app.kubernetes.io/managed-by={{ deployment_type }}-operator"
      - "app.kubernetes.io/component={{ deployment_type }}"
    field_selectors:
      - status.phase=Running
  register: awx_task_pod
 - name: Set the resource pod as a variable.
  set_fact:
    awx_task_pod: >-
      {{ awx_task_pod['resources']
         | rejectattr('metadata.deletionTimestamp', 'defined')
         | sort(attribute='metadata.creationTimestamp')
         | first | default({}) }}
 - name: Set the resource pod name as a variable.
  set_fact:
    awx_task_pod_name: "{{ awx_task_pod['metadata']['name'] | default('') }}"
 # TODO: awx-manage provision_instance does not currently support peer from control nodes
 # !!!dependent on API/CLI changes!!!
 - name: Add new instance to AWX
  kubernetes.core.k8s_exec:
    namespace: "{{ ansible_operator_meta.namespace }}"
    pod: "{{ awx_task_pod_name }}"
    container: "{{ deployment_name }}-task"
    command: "awx-manage provision_instance --hostname {{ ansible_operator_meta.name }} --node_type hop"
  register: result
 - name: Add internal receptor address
  kubernetes.core.k8s_exec:
    namespace: "{{ ansible_operator_meta.namespace }}"
    pod: "{{ awx_task_pod_name }}"
    container: "{{ deployment_name }}-task"
    command: "awx-manage add_receptor_address --hostname {{ ansible_operator_meta.name  }} --address {{ ansible_operator_meta.name }} --port 443 --protocol ws --is_internal --peers_from_control_nodes"
 - name: Add external receptor address
  kubernetes.core.k8s_exec:
    namespace: "{{ ansible_operator_meta.namespace }}"
    pod: "{{ awx_task_pod_name }}"
    container: "{{ deployment_name }}-task"
    command: "awx-manage add_receptor_address --hostname {{ ansible_operator_meta.name }} --address {{ external_hostname }} --port 443 --protocol ws"
--- a/roles/mesh_ingress/tasks/finalizer.yml
+++ b/roles/mesh_ingress/tasks/finalizer.yml
@@ -0,0 +1,33 @@
 ---
 - name: Get the current resource task pod information.
  k8s_info:
    api_version: v1
    kind: Pod
    namespace: '{{ ansible_operator_meta.namespace }}'
    label_selectors:
      - "app.kubernetes.io/name={{ deployment_name }}-task"
      - "app.kubernetes.io/managed-by={{ deployment_type }}-operator"
      - "app.kubernetes.io/component={{ deployment_type }}"
    field_selectors:
      - status.phase=Running
  register: awx_task_pod
 - name: Set the resource pod as a variable.
  set_fact:
    awx_task_pod: >-
      {{ awx_task_pod['resources']
         | rejectattr('metadata.deletionTimestamp', 'defined')
         | sort(attribute='metadata.creationTimestamp')
         | first | default({}) }}
 - name: Set the resource pod name as a variable.
  set_fact:
    awx_task_pod_name: "{{ awx_task_pod['metadata']['name'] | default('') }}"
 - name: Deprovision mesh ingress instance in AWX
  kubernetes.core.k8s_exec:
    namespace: "{{ ansible_operator_meta.namespace }}"
    pod: "{{ awx_task_pod_name }}"
    container: "{{ deployment_name }}-task"
    command: "awx-manage deprovision_instance --hostname {{ ansible_operator_meta.name }}"
  register: result
--- a/roles/mesh_ingress/tasks/main.yml
+++ b/roles/mesh_ingress/tasks/main.yml
@@ -1,138 +1,8 @@
 ---
- name: Import common role
+- name: Run creation tasks
-  import_role:
+  include_tasks: creation.yml
-    name: common
+  when: not finalizer_run
- name: Debug is_openshift
+- name: Run finalizer tasks
-  debug:
+  include_tasks: finalizer.yml
-    msg: "is_openshift={{ is_openshift }}"
+  when: finalizer_run
 - name: Check for presence of AWX instance that we will use to create the Mesh Ingress for.
  k8s_info:
    api_version: awx.ansible.com/v1beta1
    kind: AWX
    name: "{{ deployment_name }}"
    namespace: "{{ ansible_operator_meta.namespace }}"
  register: awx_instance
 - name: Fail if awx_deployment does not exist in the same namespace
  fail:
    msg: "AWX instance {{ deployment_name }} does not exist in the same namespace as the AWXMeshIngress instance."
  when: awx_instance.resources | length == 0
 - name: Set awx_spec
  set_fact:
    awx_spec: "{{ awx_instance.resources[0].spec }}"
 - name: Set owner_reference of AWXMeshIngress to related AWX instance
  k8s:
    state: present
    definition:
      apiVersion: awx.ansible.com/v1beta1
      kind: AWX
      name: "{{ deployment_name }}"
      namespace: "{{ ansible_operator_meta.namespace }}"
      metadata:
        name: "{{ deployment_name }}"
        namespace: "{{ ansible_operator_meta.namespace }}"
        ownerReferences:
        - apiVersion: awx.ansible.com/v1beta1
          blockOwnerDeletion: true
          controller: true
          kind: AWX
          name: "{{ deployment_name }}"
          uid: "{{ awx_instance.resources[0].metadata.uid }}"
  when: set_self_owneref | bool
 - name: Set user provided control plane ee image
  set_fact:
    _custom_control_plane_ee_image: "{{ awx_spec.control_plane_ee_image }}"
  when:
    - awx_spec.control_plane_ee_image | default([]) | length
 - name: Set Control Plane EE image URL
  set_fact:
    _control_plane_ee_image: "{{ _custom_control_plane_ee_image | default(lookup('env', 'RELATED_IMAGE_CONTROL_PLANE_EE')) | default(_control_plane_ee_image, true) }}"
 - name: Set Image Pull Policy
  set_fact:
    _image_pull_policy: "{{ awx_spec.image_pull_policy | default(_image_pull_policy, true) }}"
 - name: Apply Route resource
  k8s:
    apply: yes
    definition: "{{ lookup('template', 'route.yml.j2') }}"
    wait: yes
    wait_timeout: "120"
  register: route
  when: is_openshift | bool
 # TODO: need to wait until the route is ready before we can get the hostname
 # right now this will rereconcile until the route is ready
 - name: Set external_hostname
  set_fact:
    external_hostname: "{{ route.result.status.ingress[0].host }}"
  when: is_openshift | bool
 - name: Create other resources
  k8s:
    apply: yes
    definition: "{{ lookup('template', '{{ item }}.yml.j2') }}"
    wait: yes
    wait_timeout: "120"
  loop:
  - service_account
  - receptor_conf.configmap
  - service
  - deployment
 - name: Get the current resource task pod information.
  k8s_info:
    api_version: v1
    kind: Pod
    namespace: '{{ ansible_operator_meta.namespace }}'
    label_selectors:
      - "app.kubernetes.io/name={{ deployment_name }}-task"
      - "app.kubernetes.io/managed-by={{ deployment_type }}-operator"
      - "app.kubernetes.io/component={{ deployment_type }}"
    field_selectors:
      - status.phase=Running
  register: awx_task_pod
 - name: Set the resource pod as a variable.
  set_fact:
    awx_task_pod: >-
      {{ awx_task_pod['resources']
         | rejectattr('metadata.deletionTimestamp', 'defined')
         | sort(attribute='metadata.creationTimestamp')
         | first | default({}) }}
 - name: Set the resource pod name as a variable.
  set_fact:
    awx_task_pod_name: "{{ awx_task_pod['metadata']['name'] | default('') }}"
 # TODO: awx-manage provision_instance does not currently support peer from control nodes
 # !!!dependent on API/CLI changes!!!
 - name: Add new instance to AWX
  kubernetes.core.k8s_exec:
    namespace: "{{ ansible_operator_meta.namespace }}"
    pod: "{{ awx_task_pod_name }}"
    container: "{{ deployment_name }}-task"
    command: "awx-manage provision_instance --hostname {{ ansible_operator_meta.name }} --node_type hop"
  register: result
 - name: Add internal receptor address
  kubernetes.core.k8s_exec:
    namespace: "{{ ansible_operator_meta.namespace }}"
    pod: "{{ awx_task_pod_name }}"
    container: "{{ deployment_name }}-task"
    command: "awx-manage add_receptor_address --hostname {{ ansible_operator_meta.name  }} --address {{ ansible_operator_meta.name }} --port 443 --protocol ws --is_internal --peers_from_control_nodes"
 - name: Add external receptor address
  kubernetes.core.k8s_exec:
    namespace: "{{ ansible_operator_meta.namespace }}"
    pod: "{{ awx_task_pod_name }}"
    container: "{{ deployment_name }}-task"
    command: "awx-manage add_receptor_address --hostname {{ ansible_operator_meta.name }} --address {{ external_hostname }} --port 443 --protocol ws"
--- a/watches.yaml
+++ b/watches.yaml
@@ -27,4 +27,10 @@
  group: awx.ansible.com
  kind: AWXMeshIngress
  role: mesh_ingress
  snakeCaseParameters: False
  finalizer:
    name: awx.ansible.com/awx-mesh-ingress-finalizer
    role: mesh_ingress
    vars:
      finalizer_run: true
 # +kubebuilder:scaffold:watch