internet/awx-operator
3
0
Fork 0
mirror of https://github.com/ansible/awx-operator.git synced 2026-03-27 05:43:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update admin user password with value in provided/generated secret

Browse Source
This commit is contained in:
Christian M. Adams
2021-04-27 10:43:02 -04:00
parent c817a2234d
commit d743936ee4
4 changed files with 71 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
roles/installer/tasks/initialize_django.yml
View File

@@ -6,13 +6,24 @@
container: "{{ meta.name }}-task"
command: >-
bash -c "echo 'from django.contrib.auth.models import User;
nsu = User.objects.filter(is_superuser=True).count();
nsu = User.objects.filter(is_superuser=True, username='{{ tower_admin_user }}').count();
exit(0 if nsu > 0 else 1)'
| awx-manage shell"
ignore_errors: true
register: users_result
changed_when: users_result.return_code > 0
- name: Update super user password via Django if it does exist (same password is a noop)
k8s_exec:
namespace: "{{ meta.namespace }}"
pod: "{{ tower_pod_name }}"
container: "{{ meta.name }}-task"
command: >-
bash -c "awx-manage update_password --username '{{ tower_admin_user }}' --password '{{ tower_admin_password }}'"
register: update_pw_result
changed_when: users_result.stdout == 'Password not updated'
when: users_result.return_code == 0
- name: Create super user via Django if it doesn't exist.
k8s_exec:
namespace: "{{ meta.namespace }}"

4
roles/restore/README.md
View File

@@ -50,7 +50,9 @@ Finally, use `kubectl` to create the restore object in your cluster:
$ kubectl apply -f restore-awx.yml
```
This will create a new deployment and restore your backup to it.
This will create a new deployment and restore your backup to it.
> :warning: tower_admin_password_secret value will replace the password for the `tower_admin_user` user (by default, this is the `admin` user).
Role Variables

54
roles/restore/tasks/initialize_django.yml Normal file
View File

@@ -0,0 +1,54 @@
---
- name: Get the new deployment resource pod information.
k8s_info:
api_version: v1
kind: Pod
namespace: '{{ tower_backup_pvc_namespace }}'
label_selectors:
- "app.kubernetes.io/name={{ tower_name }}"
- "app.kubernetes.io/managed-by=awx-operator"
- "app.kubernetes.io/component=awx"
field_selectors:
- status.phase=Running
register: tower_pods
- name: Set the resource pod name as a variable.
set_fact:
tower_pod_name: "{{ tower_pods['resources'][0]['metadata']['name'] | default('') }}"
- name: Check if there are any super users defined.
k8s_exec:
namespace: "{{ meta.namespace }}"
pod: "{{ tower_pod_name }}"
container: "{{ meta.name }}-task"
command: >-
bash -c "echo 'from django.contrib.auth.models import User;
nsu = User.objects.filter(is_superuser=True, username='{{ tower_admin_user }}').count();
exit(0 if nsu > 0 else 1)'
| awx-manage shell"
ignore_errors: true
register: users_result
changed_when: users_result.return_code > 0
- name: Update super user password via Django if it does exist (same password is a noop)
k8s_exec:
namespace: "{{ meta.namespace }}"
pod: "{{ tower_pod_name }}"
container: "{{ meta.name }}-task"
command: >-
bash -c "awx-manage update_password --username '{{ tower_admin_user }}' --password '{{ tower_admin_password }}'"
register: update_pw_result
changed_when: users_result.stdout == 'Password not updated'
when: users_result.return_code == 0
- name: Create super user via Django if it doesn't exist.
k8s_exec:
namespace: "{{ meta.namespace }}"
pod: "{{ tower_pod_name }}"
container: "{{ meta.name }}-task"
command: >-
bash -c "echo \"from django.contrib.auth.models import User;
User.objects.create_superuser('{{ tower_admin_user }}', '{{ tower_admin_email }}', '{{ tower_admin_password }}')\"
| awx-manage shell"
when: users_result.return_code > 0

2
roles/restore/tasks/main.yml
View File

@@ -22,6 +22,8 @@
- include_tasks: postgres.yml
- include_tasks: initialize_django.yml
- name: Set flag signifying this restore was successful
set_fact:
tower_restore_complete: True