From 10566b46b19e00986a7a064e1cd59ba6482cd831 Mon Sep 17 00:00:00 2001 From: Yanis Guenane Date: Tue, 9 Mar 2021 11:39:02 +0100 Subject: [PATCH 01/23] PostgreSQL: Set scram-sha-256 as default host auth method --- roles/installer/templates/tower_postgres.yaml.j2 | 4 ++++ roles/installer/vars/main.yml | 3 +++ 2 files changed, 7 insertions(+) create mode 100644 roles/installer/vars/main.yml diff --git a/roles/installer/templates/tower_postgres.yaml.j2 b/roles/installer/templates/tower_postgres.yaml.j2 index cdfc3d5e..5cdd17e2 100644 --- a/roles/installer/templates/tower_postgres.yaml.j2 +++ b/roles/installer/templates/tower_postgres.yaml.j2 @@ -41,6 +41,10 @@ spec: key: password - name: PGDATA value: '{{ tower_postgres_data_path }}' + - name: POSTGRES_INITDB_ARGS + value: '{{ postgres_initdb_args }}' + - name: POSTGRES_HOST_AUTH_METHOD + value: '{{ postgres_host_auth_method }}' ports: - containerPort: 5432 name: postgres diff --git a/roles/installer/vars/main.yml b/roles/installer/vars/main.yml new file mode 100644 index 00000000..81c42a1e --- /dev/null +++ b/roles/installer/vars/main.yml @@ -0,0 +1,3 @@ +--- +postgres_initdb_args: '--auth-host=scram-sha-256' +postgres_host_auth_method: 'scram-sha-256' From 74425558690deac86d742ae8dd93022186478584 Mon Sep 17 00:00:00 2001 From: Yanis Guenane Date: Mon, 15 Mar 2021 12:58:10 +0100 Subject: [PATCH 02/23] tower_deployment: Use the proper conditional variable fixes: https://github.com/ansible/awx-operator/issues/118 --- roles/installer/templates/tower_deployment.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/installer/templates/tower_deployment.yaml.j2 b/roles/installer/templates/tower_deployment.yaml.j2 index dffa3ea8..1a979321 100644 --- a/roles/installer/templates/tower_deployment.yaml.j2 +++ b/roles/installer/templates/tower_deployment.yaml.j2 @@ -90,7 +90,7 @@ spec: - name: AWX_KUBE_DEVEL value: "1" {% endif %} -{% if tower_task_extra_env %} +{% if tower_web_extra_env -%} {{ tower_web_extra_env | indent(width=12, indentfirst=True) }} {% endif %} resources: {{ tower_web_resource_requirements }} From 7a559b9f3b3e3301e98cef43cba584e1a4b74470 Mon Sep 17 00:00:00 2001 From: Deric Crago Date: Fri, 18 Sep 2020 11:46:43 -0400 Subject: [PATCH 03/23] added 'tower_image_pull_secret' --- roles/installer/defaults/main.yml | 1 + roles/installer/templates/tower_deployment.yaml.j2 | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/roles/installer/defaults/main.yml b/roles/installer/defaults/main.yml index f92a19e2..bfcfe5b3 100644 --- a/roles/installer/defaults/main.yml +++ b/roles/installer/defaults/main.yml @@ -57,6 +57,7 @@ tower_extra_volumes: '' tower_image: quay.io/ansible/awx:execution-environments tower_image_pull_policy: IfNotPresent +tower_image_pull_secret: '' default_ee: quay.io/ansible/awx-ee tower_create_preload_data: true diff --git a/roles/installer/templates/tower_deployment.yaml.j2 b/roles/installer/templates/tower_deployment.yaml.j2 index dffa3ea8..dccd3902 100644 --- a/roles/installer/templates/tower_deployment.yaml.j2 +++ b/roles/installer/templates/tower_deployment.yaml.j2 @@ -18,6 +18,10 @@ spec: app: '{{ deployment_type }}' spec: serviceAccountName: '{{ meta.name }}' +{% if tower_image_pull_secret %} + imagePullSecrets: + - name: {{ tower_image_pull_secret }} +{% endif %} containers: - image: '{{ tower_redis_image }}' name: redis From 1beae86c1de5511665958247bc6cfff4b5eb7271 Mon Sep 17 00:00:00 2001 From: Deric Crago Date: Mon, 15 Mar 2021 11:47:07 -0400 Subject: [PATCH 04/23] added 'tower_image_pull_secret' to 'README.md' --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index d4e88c9c..8a6c9ca2 100644 --- a/README.md +++ b/README.md @@ -211,12 +211,13 @@ spec: #### Deploying a specific version of AWX -There are two variables that are customizable for awx the image management. +There are a few variables that are customizable for awx the image management. | Name | Description | Default | | ----------------------- | -------------------------- | ------------------ | | tower_image | Path of the image to pull | ansible/awx:15.0.0 | | tower_image_pull_policy | The pull policy to adopt | IfNotPresent | +| tower_image_pull_secret | The pull secret to use | '' | Example of customization could be: @@ -226,6 +227,7 @@ spec: ... tower_image: myorg/my-custom-awx tower_image_pull_policy: Always + tower_image_pull_secret: pull_secret_name ``` #### Privileged Tasks From 6a5bdaf2f72b894adc73e5f46b1a7c59cc85a1a5 Mon Sep 17 00:00:00 2001 From: "Christian M. Adams" Date: Thu, 4 Mar 2021 00:32:39 -0500 Subject: [PATCH 05/23] init backup & restore --- .../tasks/database_configuration.yml | 6 ++- roles/installer/tasks/migrate_data.yml | 51 +++++++++++++++++++ 2 files changed, 56 insertions(+), 1 deletion(-) create mode 100644 roles/installer/tasks/migrate_data.yml diff --git a/roles/installer/tasks/database_configuration.yml b/roles/installer/tasks/database_configuration.yml index 36987b57..3690ebc4 100644 --- a/roles/installer/tasks/database_configuration.yml +++ b/roles/installer/tasks/database_configuration.yml @@ -30,7 +30,6 @@ namespace: '{{ meta.namespace }}' name: '{{ meta.name }}-postgres-configuration' register: _generated_pg_config_resources - when: not _pg_config['resources'] | default([]) | length - name: Set PostgreSQL Configuration @@ -51,3 +50,8 @@ awx_postgres_database: "{{ pg_config['resources'][0]['data']['database'] | b64decode }}" awx_postgres_port: "{{ pg_config['resources'][0]['data']['port'] | b64decode }}" awx_postgres_host: "{{ pg_config['resources'][0]['data']['host'] | b64decode }}" + # no_log: true #TODO uncomment + +- name: Migrate data from old Openshift instance + import_tasks: migrate_data.yml + when: tower_old_postgres_host is defined diff --git a/roles/installer/tasks/migrate_data.yml b/roles/installer/tasks/migrate_data.yml new file mode 100644 index 00000000..7805faeb --- /dev/null +++ b/roles/installer/tasks/migrate_data.yml @@ -0,0 +1,51 @@ +--- + +# - name: Use kubectl or oc +# set_fact: +# kubectl_or_oc: "{{ openshift_oc_bin if openshift_oc_bin is defined else 'kubectl' }}" + +# TODO: Either make everything below a block or included tasks +- name: Get Postgres container name + shell: | + oc -n {{ tower_namespace }} get pods -o jsonpath={.items[*].metadata.name} --selector app=tower-postgres + register: postgres_pod + +- name: oc exec command #TODO: Make this work with Kubectl too + set_fact: + container_exec: oc -n chadams-restore exec -i {{ postgres_pod.stdout }} -- bash -c + +# - name: Set psql command +# set_fact: +# psql_conn: 'psql -h {{ tower_old_postgres_host }} -U {{ tower_old_postgres_user }} -d {{ tower_old_postgres_database }} -p {{ tower_old_postgres_port }}' + +- name: Set pg_dump command + set_fact: + pgdump: | + pg_dump -h {{ tower_old_postgres_host }} \ + -U {{ tower_old_postgres_user }} \ + -d {{ tower_old_postgres_database }} \ + -p {{ tower_old_postgres_port }} + +- name: Set pg_restore command + set_fact: + psql_restore: | + psql \ + -U {{ awx_postgres_user }} \ + -d {{ awx_postgres_database }} \ + -p {{ awx_postgres_port }} + +- pause: + +- name: Set backup & restore command + set_fact: + psql_backup_restore: | + PGPASSWORD={{ tower_old_postgres_password }} {{ pgdump }} | PGPASSWORD={{ awx_postgres_pass }} {{ psql_restore }} + + # no_log: true #TODO uncomment + +- name: Migrate data from old postgresql if defined + shell: | + {{ container_exec }} '{{ psql_backup_restore }}' + # environment: + # PGPASSWORD: "{{ tower_old_postgres_password }}" + register: data_migration From 93d53c712c72101d9b7d8256376f90f7ec9cb73f Mon Sep 17 00:00:00 2001 From: "Christian M. Adams" Date: Thu, 4 Mar 2021 09:13:01 -0500 Subject: [PATCH 06/23] Use k8s_exec tasks --- roles/installer/tasks/migrate_data.yml | 59 ++++++++++++-------------- 1 file changed, 26 insertions(+), 33 deletions(-) diff --git a/roles/installer/tasks/migrate_data.yml b/roles/installer/tasks/migrate_data.yml index 7805faeb..aca925ca 100644 --- a/roles/installer/tasks/migrate_data.yml +++ b/roles/installer/tasks/migrate_data.yml @@ -1,51 +1,44 @@ --- -# - name: Use kubectl or oc -# set_fact: -# kubectl_or_oc: "{{ openshift_oc_bin if openshift_oc_bin is defined else 'kubectl' }}" - -# TODO: Either make everything below a block or included tasks -- name: Get Postgres container name - shell: | - oc -n {{ tower_namespace }} get pods -o jsonpath={.items[*].metadata.name} --selector app=tower-postgres +- name: Get the postgres pod information + k8s_info: + kind: Pod + namespace: '{{ meta.namespace }}' + label_selectors: + - "app={{ deployment_type }}-postgres" register: postgres_pod + until: "postgres_pod['resources'][0]['status']['phase'] == 'Running'" + delay: 5 + retries: 60 -- name: oc exec command #TODO: Make this work with Kubectl too +- name: Set the resource pod name as a variable. set_fact: - container_exec: oc -n chadams-restore exec -i {{ postgres_pod.stdout }} -- bash -c + postgres_pod_name: "{{ postgres_pod['resources'][0]['metadata']['name'] }}" -# - name: Set psql command -# set_fact: -# psql_conn: 'psql -h {{ tower_old_postgres_host }} -U {{ tower_old_postgres_user }} -d {{ tower_old_postgres_database }} -p {{ tower_old_postgres_port }}' - name: Set pg_dump command set_fact: pgdump: | - pg_dump -h {{ tower_old_postgres_host }} \ - -U {{ tower_old_postgres_user }} \ - -d {{ tower_old_postgres_database }} \ + pg_dump -h {{ tower_old_postgres_host }} + -U {{ tower_old_postgres_user }} + -d {{ tower_old_postgres_database }} -p {{ tower_old_postgres_port }} - name: Set pg_restore command set_fact: psql_restore: | - psql \ - -U {{ awx_postgres_user }} \ - -d {{ awx_postgres_database }} \ + psql -U {{ awx_postgres_user }} + -d {{ awx_postgres_database }} -p {{ awx_postgres_port }} -- pause: - -- name: Set backup & restore command - set_fact: - psql_backup_restore: | - PGPASSWORD={{ tower_old_postgres_password }} {{ pgdump }} | PGPASSWORD={{ awx_postgres_pass }} {{ psql_restore }} - - # no_log: true #TODO uncomment - -- name: Migrate data from old postgresql if defined - shell: | - {{ container_exec }} '{{ psql_backup_restore }}' - # environment: - # PGPASSWORD: "{{ tower_old_postgres_password }}" +- name: Stream backup from pg_dump to the new postgresql container + community.kubernetes.k8s_exec: + namespace: "{{ meta.namespace }}" + pod: "{{ postgres_pod_name }}" + command: >- + {{ pgdump }} | PGPASSWORD={{ awx_postgres_pass }} {{ psql_restore }} + environment: + PGPASSWORD: "{{ tower_old_postgres_password }}" + ignore_errors: true register: data_migration + # changed_when: success_condition? From 0e1b12f4b1bca0b25890c8921f4d016dc8623807 Mon Sep 17 00:00:00 2001 From: "Christian M. Adams" Date: Fri, 5 Mar 2021 16:41:45 -0500 Subject: [PATCH 07/23] Data migration from 3.8 to 4.0 via pg_dump streamed to psql --- README.md | 72 +++++++++++++------ ansible/templates/crd.yml.j2 | 3 + deploy/awx-operator.yaml | 3 + deploy/crds/awx_v1beta1_crd.yaml | 3 + .../manifests/awx.ansible.com_awxs_crd.yaml | 3 + .../tasks/database_configuration.yml | 11 ++- roles/installer/tasks/migrate_data.yml | 17 +++-- 7 files changed, 83 insertions(+), 29 deletions(-) diff --git a/README.md b/README.md index 8a6c9ca2..c1c4abae 100644 --- a/README.md +++ b/README.md @@ -7,28 +7,31 @@ An [Ansible AWX](https://github.com/ansible/awx) operator for Kubernetes built w # Table of Contents -* [Purpose](#purpose) -* [Usage](#usage) - * [Basic Install](#basic-install) - * [Admin user account configuration](#admin-user-account-configuration) - * [Network And TLS Configuration](#network-and-tls-configuration) - * [Ingress Type](#ingress-type) - * [TLS Termination](#tls-termination) - * [Database Configuration](#database-configuration) - * [External PostgreSQL Service](#external-postgresql-service) - * [Managed PostgreSQL Service](#managed-postgresql-service) - * [Advanced Configuration](#advanced-configuration) - * [Deploying a specific version of AWX](#deploying-a-specific-version-of-awx) - * [Privilged Tasks](#privileged-tasks) - * [Containers Resource Requirements](#containers-resource-requirements) -* [Development](#development) - * [Testing](#testing) - * [Testing in Docker](#testing-in-docker) - * [Testing in Minikube](#testing-in-minikube) -* [Release Process](#release-process) - * [Build a new release](#build-a-new-release) - * [Build a new version of the operator yaml file](#build-a-new-version-of-the-operator-yaml-file) -* [Author](#author) +* [AWX Operator](#awx-operator) +* [Table of Contents](#table-of-contents) + * [Purpose](#purpose) + * [Usage](#usage) + * [Basic Install](#basic-install) + * [Admin user account configuration](#admin-user-account-configuration) + * [Network and TLS Configuration](#network-and-tls-configuration) + * [Ingress Type](#ingress-type) + * [TLS Termination](#tls-termination) + * [Database Configuration](#database-configuration) + * [External PostgreSQL Service](#external-postgresql-service) + * [Migrating data from an old AWX instance](#migrating-data-from-an-old-awx-instance) + * [Managed PostgreSQL Service](#managed-postgresql-service) + * [Advanced Configuration](#advanced-configuration) + * [Deploying a specific version of AWX](#deploying-a-specific-version-of-awx) + * [Privileged Tasks](#privileged-tasks) + * [Containers Resource Requirements](#containers-resource-requirements) + * [Development](#development) + * [Testing](#testing) + * [Testing in Docker](#testing-in-docker) + * [Testing in Minikube](#testing-in-minikube) + * [Release Process](#release-process) + * [Build a new release](#build-a-new-release) + * [Build a new version of the operator yaml file](#build-a-new-version-of-the-operator-yaml-file) + * [Author](#author) ## Purpose @@ -176,6 +179,31 @@ stringData: type: Opaque ``` +#### Migrating data from an old AWX instance + +To migrate data from the postgresql pod of an AWX deployment in Openshift for Kubernetes, the Custom Resource needs to know about the connection details. Those connection details should be stored as a secret and either specified as `tower_old_postgres_configuration_secret` at the CR spec level, or simply be present on the namespace under the name `-old-postgres-configuration`. + + +The secret should be formatted as follows: + +```yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: -old-postgres-configuration + namespace: +stringData: + host: + port: + database: + username: + password: +type: Opaque +``` + +> For `host`, a URL resolvable by the cluster could look something like `postgresql..svc.cluster.local`, where `` is filled in with the namespace of the AWX deployment you are migrating data from. + #### Managed PostgreSQL Service If you don't have access to an external PostgreSQL service, the AWX operator can deploy one for you along side the AWX instance itself. diff --git a/ansible/templates/crd.yml.j2 b/ansible/templates/crd.yml.j2 index 72cb649c..1d1b2733 100644 --- a/ansible/templates/crd.yml.j2 +++ b/ansible/templates/crd.yml.j2 @@ -44,6 +44,9 @@ spec: tower_postgres_configuration_secret: description: Secret where the database configuration can be found type: string + tower_old_postgres_configuration_secret: + description: Secret where the database configuration can be found + type: string tower_secret_key_secret: description: Secret where the secret key can be found type: string diff --git a/deploy/awx-operator.yaml b/deploy/awx-operator.yaml index e7c195ae..8d42b848 100644 --- a/deploy/awx-operator.yaml +++ b/deploy/awx-operator.yaml @@ -189,6 +189,9 @@ spec: tower_postgres_configuration_secret: description: Secret where the database configuration can be found type: string + tower_old_postgres_configuration_secret: + description: Secret where the old database configuration can be found for data migration + type: string tower_secret_key_secret: description: Secret where the secret key can be found type: string diff --git a/deploy/crds/awx_v1beta1_crd.yaml b/deploy/crds/awx_v1beta1_crd.yaml index 72cb649c..08cd4044 100644 --- a/deploy/crds/awx_v1beta1_crd.yaml +++ b/deploy/crds/awx_v1beta1_crd.yaml @@ -44,6 +44,9 @@ spec: tower_postgres_configuration_secret: description: Secret where the database configuration can be found type: string + tower_old_postgres_configuration_secret: + description: Secret where the old database configuration can be found for data migration + type: string tower_secret_key_secret: description: Secret where the secret key can be found type: string diff --git a/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml b/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml index 52ffaf57..3f4d706a 100644 --- a/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml +++ b/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml @@ -86,6 +86,9 @@ spec: tower_postgres_configuration_secret: description: Secret where the database configuration can be found type: string + tower_old_postgres_configuration_secret: + description: Secret where the old database configuration can be found for data migration + type: string tower_postgres_data_path: description: Path where the PostgreSQL data are located type: string diff --git a/roles/installer/tasks/database_configuration.yml b/roles/installer/tasks/database_configuration.yml index 3690ebc4..342dc8cd 100644 --- a/roles/installer/tasks/database_configuration.yml +++ b/roles/installer/tasks/database_configuration.yml @@ -52,6 +52,15 @@ awx_postgres_host: "{{ pg_config['resources'][0]['data']['host'] | b64decode }}" # no_log: true #TODO uncomment +- name: Check for old PostgreSQL configuration secret + k8s_info: + kind: Secret + namespace: '{{ meta.namespace }}' + name: '{{ tower_old_postgres_configuration_secret }}' + register: old_pg_config + when: tower_old_postgres_configuration_secret | length + - name: Migrate data from old Openshift instance import_tasks: migrate_data.yml - when: tower_old_postgres_host is defined + when: old_pg_config['resources'][0]['data']['host'] is defined + ignore_errors: true diff --git a/roles/installer/tasks/migrate_data.yml b/roles/installer/tasks/migrate_data.yml index aca925ca..d9845444 100644 --- a/roles/installer/tasks/migrate_data.yml +++ b/roles/installer/tasks/migrate_data.yml @@ -1,5 +1,13 @@ --- +- name: Store Database Configuration + set_fact: + tower_old_postgres_user: "{{ old_pg_config['resources'][0]['data']['username'] | b64decode }}" + tower_old_postgres_pass: "{{ old_pg_config['resources'][0]['data']['password'] | b64decode }}" + tower_old_postgres_database: "{{ old_pg_config['resources'][0]['data']['database'] | b64decode }}" + tower_old_postgres_port: "{{ old_pg_config['resources'][0]['data']['port'] | b64decode }}" + tower_old_postgres_host: "{{ old_pg_config['resources'][0]['data']['host'] | b64decode }}" + - name: Get the postgres pod information k8s_info: kind: Pod @@ -15,10 +23,9 @@ set_fact: postgres_pod_name: "{{ postgres_pod['resources'][0]['metadata']['name'] }}" - - name: Set pg_dump command set_fact: - pgdump: | + pgdump: >- pg_dump -h {{ tower_old_postgres_host }} -U {{ tower_old_postgres_user }} -d {{ tower_old_postgres_database }} @@ -26,7 +33,7 @@ - name: Set pg_restore command set_fact: - psql_restore: | + psql_restore: >- psql -U {{ awx_postgres_user }} -d {{ awx_postgres_database }} -p {{ awx_postgres_port }} @@ -36,9 +43,7 @@ namespace: "{{ meta.namespace }}" pod: "{{ postgres_pod_name }}" command: >- - {{ pgdump }} | PGPASSWORD={{ awx_postgres_pass }} {{ psql_restore }} - environment: - PGPASSWORD: "{{ tower_old_postgres_password }}" + bash -c "PGPASSWORD={{ tower_old_postgres_pass }} {{ pgdump }} | PGPASSWORD={{ awx_postgres_pass }} {{ psql_restore }}" ignore_errors: true register: data_migration # changed_when: success_condition? From 5b89c5c433472a8c5393dd8de1ba118a5a55f874 Mon Sep 17 00:00:00 2001 From: "Christian M. Adams" Date: Mon, 15 Mar 2021 16:19:27 -0400 Subject: [PATCH 08/23] Clean db on Tower data is restored to --- roles/installer/tasks/database_configuration.yml | 11 +++++++++-- roles/installer/tasks/migrate_data.yml | 13 +++++++++---- 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/roles/installer/tasks/database_configuration.yml b/roles/installer/tasks/database_configuration.yml index 342dc8cd..9ba0fdff 100644 --- a/roles/installer/tasks/database_configuration.yml +++ b/roles/installer/tasks/database_configuration.yml @@ -6,6 +6,7 @@ name: '{{ tower_postgres_configuration_secret }}' register: _custom_pg_config_resources when: tower_postgres_configuration_secret | length + no_log: true - name: Check for default PostgreSQL configuration k8s_info: @@ -13,10 +14,12 @@ namespace: '{{ meta.namespace }}' name: '{{ meta.name }}-postgres-configuration' register: _default_pg_config_resources + no_log: true - name: Set PostgreSQL configuration set_fact: _pg_config: '{{ _custom_pg_config_resources["resources"] | default([]) | length | ternary(_custom_pg_config_resources, _default_pg_config_resources) }}' + no_log: true - block: - name: Create Database configuration @@ -31,10 +34,12 @@ name: '{{ meta.name }}-postgres-configuration' register: _generated_pg_config_resources when: not _pg_config['resources'] | default([]) | length + no_log: true - name: Set PostgreSQL Configuration set_fact: pg_config: '{{ _generated_pg_config_resources["resources"] | default([]) | length | ternary(_generated_pg_config_resources, _pg_config) }}' + no_log: true - name: Create Database if no database is specified k8s: @@ -42,6 +47,7 @@ definition: "{{ lookup('template', 'tower_postgres.yaml.j2') }}" when: - pg_config['resources'][0]['data']['type'] | default('') | b64decode == 'managed' + no_log: true - name: Store Database Configuration set_fact: @@ -50,7 +56,7 @@ awx_postgres_database: "{{ pg_config['resources'][0]['data']['database'] | b64decode }}" awx_postgres_port: "{{ pg_config['resources'][0]['data']['port'] | b64decode }}" awx_postgres_host: "{{ pg_config['resources'][0]['data']['host'] | b64decode }}" - # no_log: true #TODO uncomment + no_log: true - name: Check for old PostgreSQL configuration secret k8s_info: @@ -59,8 +65,9 @@ name: '{{ tower_old_postgres_configuration_secret }}' register: old_pg_config when: tower_old_postgres_configuration_secret | length + no_log: true - name: Migrate data from old Openshift instance import_tasks: migrate_data.yml - when: old_pg_config['resources'][0]['data']['host'] is defined + when: old_pg_config['resources'][0]['data']['host'] is defined ignore_errors: true diff --git a/roles/installer/tasks/migrate_data.yml b/roles/installer/tasks/migrate_data.yml index d9845444..3894337c 100644 --- a/roles/installer/tasks/migrate_data.yml +++ b/roles/installer/tasks/migrate_data.yml @@ -7,6 +7,7 @@ tower_old_postgres_database: "{{ old_pg_config['resources'][0]['data']['database'] | b64decode }}" tower_old_postgres_port: "{{ old_pg_config['resources'][0]['data']['port'] | b64decode }}" tower_old_postgres_host: "{{ old_pg_config['resources'][0]['data']['host'] | b64decode }}" + no_log: true - name: Get the postgres pod information k8s_info: @@ -24,19 +25,22 @@ postgres_pod_name: "{{ postgres_pod['resources'][0]['metadata']['name'] }}" - name: Set pg_dump command - set_fact: + set_fact: pgdump: >- - pg_dump -h {{ tower_old_postgres_host }} + pg_dump --clean --create + -h {{ tower_old_postgres_host }} -U {{ tower_old_postgres_user }} -d {{ tower_old_postgres_database }} -p {{ tower_old_postgres_port }} + no_log: true - name: Set pg_restore command - set_fact: + set_fact: psql_restore: >- - psql -U {{ awx_postgres_user }} + psql -U {{ awx_postgres_user }} -d {{ awx_postgres_database }} -p {{ awx_postgres_port }} + no_log: true - name: Stream backup from pg_dump to the new postgresql container community.kubernetes.k8s_exec: @@ -44,6 +48,7 @@ pod: "{{ postgres_pod_name }}" command: >- bash -c "PGPASSWORD={{ tower_old_postgres_pass }} {{ pgdump }} | PGPASSWORD={{ awx_postgres_pass }} {{ psql_restore }}" + no_log: true ignore_errors: true register: data_migration # changed_when: success_condition? From e83e54419a096c8279a6c200da68c77702670772 Mon Sep 17 00:00:00 2001 From: "Christian M. Adams" Date: Tue, 16 Mar 2021 00:36:53 -0400 Subject: [PATCH 09/23] Add no_log where needed, scale down pods before migration --- README.md | 2 +- .../installer/tasks/admin_password_configuration.yml | 4 ++++ .../tasks/broadcast_websocket_configuration.yml | 4 ++++ roles/installer/tasks/database_configuration.yml | 1 + roles/installer/tasks/migrate_data.yml | 12 +++++++++--- roles/installer/tasks/secret_key_configuration.yml | 4 ++++ 6 files changed, 23 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index c1c4abae..dcc5b4bb 100644 --- a/README.md +++ b/README.md @@ -181,7 +181,7 @@ type: Opaque #### Migrating data from an old AWX instance -To migrate data from the postgresql pod of an AWX deployment in Openshift for Kubernetes, the Custom Resource needs to know about the connection details. Those connection details should be stored as a secret and either specified as `tower_old_postgres_configuration_secret` at the CR spec level, or simply be present on the namespace under the name `-old-postgres-configuration`. +To migrate data from an older AWX installation, the Custom Resource needs to know about the connection details. Those connection details should be stored as a secret and specified as `tower_old_postgres_configuration_secret` at the CR spec level. The secret should be formatted as follows: diff --git a/roles/installer/tasks/admin_password_configuration.yml b/roles/installer/tasks/admin_password_configuration.yml index 9f58e966..51b35664 100644 --- a/roles/installer/tasks/admin_password_configuration.yml +++ b/roles/installer/tasks/admin_password_configuration.yml @@ -13,10 +13,12 @@ namespace: '{{ meta.namespace }}' name: '{{ meta.name }}-admin-password' register: _default_admin_password + no_log: true - name: Set admin password secret set_fact: _admin_password_secret: '{{ _custom_admin_password["resources"] | default([]) | length | ternary(_custom_admin_password, _default_admin_password) }}' + no_log: true - block: - name: Create admin password secret @@ -36,7 +38,9 @@ - name: Set admin password secret set_fact: admin_password_secret: '{{ _generated_admin_password["resources"] | default([]) | length | ternary(_generated_admin_password, _admin_password_secret) }}' + no_log: true - name: Store admin password set_fact: tower_admin_password: "{{ admin_password_secret['resources'][0]['data']['password'] | b64decode }}" + no_log: true diff --git a/roles/installer/tasks/broadcast_websocket_configuration.yml b/roles/installer/tasks/broadcast_websocket_configuration.yml index e4b387ce..4bae70a5 100644 --- a/roles/installer/tasks/broadcast_websocket_configuration.yml +++ b/roles/installer/tasks/broadcast_websocket_configuration.yml @@ -13,11 +13,13 @@ namespace: '{{ meta.namespace }}' name: '{{ meta.name }}-broadcast-websocket' register: _default_broadcast_websocket + no_log: true - name: Set broadcast websocket secret set_fact: # yamllint disable-line rule:line-length _broadcast_websocket_secret: '{{ _custom_broadcast_websocket["resources"] | default([]) | length | ternary(_custom_broadcast_websocket, _default_broadcast_websocket) }}' # noqa 204 + no_log: true - block: - name: Create broadcast websocket secret @@ -38,7 +40,9 @@ set_fact: # yamllint disable-line rule:line-length broadcast_websocket_secret: '{{ _generated_broadcast_websocket["resources"] | default([]) | length | ternary(_generated_broadcast_websocket, _broadcast_websocket_secret) }}' # noqa 204 + no_log: true - name: Store broadcast websocket secret name set_fact: broadcast_websocket_secret_value: "{{ broadcast_websocket_secret['resources'][0]['data']['secret'] | b64decode }}" + no_log: true diff --git a/roles/installer/tasks/database_configuration.yml b/roles/installer/tasks/database_configuration.yml index 9ba0fdff..06962381 100644 --- a/roles/installer/tasks/database_configuration.yml +++ b/roles/installer/tasks/database_configuration.yml @@ -65,6 +65,7 @@ name: '{{ tower_old_postgres_configuration_secret }}' register: old_pg_config when: tower_old_postgres_configuration_secret | length + ignore_errors: true no_log: true - name: Migrate data from old Openshift instance diff --git a/roles/installer/tasks/migrate_data.yml b/roles/installer/tasks/migrate_data.yml index 3894337c..119a89ff 100644 --- a/roles/installer/tasks/migrate_data.yml +++ b/roles/installer/tasks/migrate_data.yml @@ -24,6 +24,14 @@ set_fact: postgres_pod_name: "{{ postgres_pod['resources'][0]['metadata']['name'] }}" +- name: Scale deployment down when current replicas match + community.kubernetes.k8s_scale: + api_version: v1 + kind: Deployment + name: "{{ meta.name }}" + namespace: "{{ meta.namespace }}" + replicas: 0 + - name: Set pg_dump command set_fact: pgdump: >- @@ -32,15 +40,13 @@ -U {{ tower_old_postgres_user }} -d {{ tower_old_postgres_database }} -p {{ tower_old_postgres_port }} - no_log: true - name: Set pg_restore command set_fact: psql_restore: >- psql -U {{ awx_postgres_user }} - -d {{ awx_postgres_database }} + -d template1 -p {{ awx_postgres_port }} - no_log: true - name: Stream backup from pg_dump to the new postgresql container community.kubernetes.k8s_exec: diff --git a/roles/installer/tasks/secret_key_configuration.yml b/roles/installer/tasks/secret_key_configuration.yml index 2769126c..26b6ea9d 100644 --- a/roles/installer/tasks/secret_key_configuration.yml +++ b/roles/installer/tasks/secret_key_configuration.yml @@ -23,6 +23,7 @@ k8s: apply: true definition: "{{ lookup('template', 'tower_secret_key.yaml.j2') }}" + no_log: true - name: Read secret key secret k8s_info: @@ -30,13 +31,16 @@ namespace: '{{ meta.namespace }}' name: '{{ meta.name }}-secret-key' register: _generated_secret_key + no_log: true when: not _secret_key_secret['resources'] | default([]) | length - name: Set secret key secret set_fact: secret_key_secret: '{{ _generated_secret_key["resources"] | default([]) | length | ternary(_generated_secret_key, _secret_key_secret) }}' + no_log: true - name: Store secret key secret name set_fact: secret_key_secret_name: "{{ secret_key_secret['resources'][0]['metadata']['name'] }}" + no_log: true From c22577bc808aea57414b3015b259c3d0ef8dc6fd Mon Sep 17 00:00:00 2001 From: "Christian M. Adams" Date: Tue, 16 Mar 2021 01:16:27 -0400 Subject: [PATCH 10/23] Make data migration idempotent --- .../manifests/awx-operator.clusterserviceversion.yaml | 4 ++++ roles/installer/tasks/database_configuration.yml | 2 -- roles/installer/tasks/main.yml | 7 ++----- roles/installer/tasks/migrate_data.yml | 5 ++--- roles/installer/tasks/secret_key_configuration.yml | 2 ++ 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml b/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml index f4ff94d9..56d98093 100644 --- a/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml +++ b/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml @@ -98,6 +98,10 @@ spec: x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:io.kubernetes:Secret + path: tower_old_postgres_configuration_secret + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:io.kubernetes:Secret - displayName: Secret key secret path: tower_secret_key_secret x-descriptors: diff --git a/roles/installer/tasks/database_configuration.yml b/roles/installer/tasks/database_configuration.yml index 06962381..a2af97c8 100644 --- a/roles/installer/tasks/database_configuration.yml +++ b/roles/installer/tasks/database_configuration.yml @@ -65,10 +65,8 @@ name: '{{ tower_old_postgres_configuration_secret }}' register: old_pg_config when: tower_old_postgres_configuration_secret | length - ignore_errors: true no_log: true - name: Migrate data from old Openshift instance import_tasks: migrate_data.yml when: old_pg_config['resources'][0]['data']['host'] is defined - ignore_errors: true diff --git a/roles/installer/tasks/main.yml b/roles/installer/tasks/main.yml index 22e68471..5e739a10 100644 --- a/roles/installer/tasks/main.yml +++ b/roles/installer/tasks/main.yml @@ -63,10 +63,7 @@ pod: "{{ tower_pod_name }}" container: "{{ meta.name }}-task" command: >- - bash -c "echo 'from django.db import connection; - tbl = \"auth_user\" in connection.introspection.table_names(); - exit(0 if tbl else 1)' - | awx-manage shell" + bash -c "awx-manage showmigrations | grep -v '[X]' | grep '[ ]' | wc -l" ignore_errors: true changed_when: false register: database_check @@ -80,7 +77,7 @@ command: >- bash -c "awx-manage migrate --noinput" register: migrate_result - when: (k8s_defs_result is changed) or (database_check is defined and database_check.return_code != 0) + when: (k8s_defs_result is changed) or (database_check is defined and database_check.stdout != 0) - include_tasks: initialize.yml diff --git a/roles/installer/tasks/migrate_data.yml b/roles/installer/tasks/migrate_data.yml index 119a89ff..55fa3b20 100644 --- a/roles/installer/tasks/migrate_data.yml +++ b/roles/installer/tasks/migrate_data.yml @@ -53,8 +53,7 @@ namespace: "{{ meta.namespace }}" pod: "{{ postgres_pod_name }}" command: >- - bash -c "PGPASSWORD={{ tower_old_postgres_pass }} {{ pgdump }} | PGPASSWORD={{ awx_postgres_pass }} {{ psql_restore }}" + bash -c "PGPASSWORD={{ tower_old_postgres_pass }} {{ pgdump }} | PGPASSWORD={{ awx_postgres_pass }} {{ psql_restore }} && echo 'Finished'" no_log: true - ignore_errors: true register: data_migration - # changed_when: success_condition? + changed_when: false diff --git a/roles/installer/tasks/secret_key_configuration.yml b/roles/installer/tasks/secret_key_configuration.yml index 26b6ea9d..8d27f81f 100644 --- a/roles/installer/tasks/secret_key_configuration.yml +++ b/roles/installer/tasks/secret_key_configuration.yml @@ -6,6 +6,7 @@ name: '{{ tower_secret_key_secret }}' register: _custom_secret_key when: tower_secret_key_secret | length + no_log: true - name: Check for default secret key configuration k8s_info: @@ -17,6 +18,7 @@ - name: Set secret key secret set_fact: _secret_key_secret: '{{ _custom_secret_key["resources"] | default([]) | length | ternary(_custom_secret_key, _default_secret_key) }}' + no_log: true - block: - name: Create secret key secret From da26472a0342c05982b713e03b4190a991889931 Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Wed, 17 Mar 2021 22:13:21 -0400 Subject: [PATCH 11/23] Fix reconcilation loop after data migration changes --- ansible/templates/crd.yml.j2 | 5 ++++- ansible/templates/role.yml.j2 | 6 +++++ deploy/awx-operator.yaml | 11 +++++++++- deploy/crds/awx_v1beta1_crd.yaml | 3 +++ roles/installer/defaults/main.yml | 4 ++++ .../tasks/database_configuration.yml | 13 +++++++++-- roles/installer/tasks/main.yml | 17 +++++++------- roles/installer/tasks/migrate_data.yml | 22 ++++++++++++++----- roles/installer/tasks/update_status.yml | 10 +++++++++ 9 files changed, 73 insertions(+), 18 deletions(-) diff --git a/ansible/templates/crd.yml.j2 b/ansible/templates/crd.yml.j2 index 1d1b2733..70544f83 100644 --- a/ansible/templates/crd.yml.j2 +++ b/ansible/templates/crd.yml.j2 @@ -45,7 +45,7 @@ spec: description: Secret where the database configuration can be found type: string tower_old_postgres_configuration_secret: - description: Secret where the database configuration can be found + description: Secret where the old database configuration can be found for data migration type: string tower_secret_key_secret: description: Secret where the secret key can be found @@ -233,6 +233,9 @@ spec: towerAdminPasswordSecret: description: Admin password of the deployed instance type: string + towerMigratedFromSecret: + description: The secret used for migrating an old Tower. + type: string towerVersion: description: Version of the deployed instance type: string diff --git a/ansible/templates/role.yml.j2 b/ansible/templates/role.yml.j2 index fb5aae94..d12272a2 100644 --- a/ansible/templates/role.yml.j2 +++ b/ansible/templates/role.yml.j2 @@ -55,6 +55,12 @@ rules: - deployments/finalizers verbs: - update + - apiGroups: + - apps + resources: + - deployments/scale + verbs: + - patch - apiGroups: - "" resources: diff --git a/deploy/awx-operator.yaml b/deploy/awx-operator.yaml index 8d42b848..b8ccf1fa 100644 --- a/deploy/awx-operator.yaml +++ b/deploy/awx-operator.yaml @@ -57,6 +57,12 @@ rules: - deployments/finalizers verbs: - update + - apiGroups: + - apps + resources: + - deployments/scale + verbs: + - patch - apiGroups: - "" resources: @@ -116,7 +122,7 @@ spec: serviceAccountName: awx-operator containers: - name: awx-operator - image: "quay.io/ansible/awx-operator:0.6.0" + image: "quay.io/shanemcd/awx-operator:latest" imagePullPolicy: "Always" volumeMounts: - mountPath: /tmp/ansible-operator/runner @@ -378,6 +384,9 @@ spec: towerAdminPasswordSecret: description: Admin password of the deployed instance type: string + towerMigratedFromSecret: + description: The secret used for migrating an old Tower. + type: string towerVersion: description: Version of the deployed instance type: string diff --git a/deploy/crds/awx_v1beta1_crd.yaml b/deploy/crds/awx_v1beta1_crd.yaml index 08cd4044..70544f83 100644 --- a/deploy/crds/awx_v1beta1_crd.yaml +++ b/deploy/crds/awx_v1beta1_crd.yaml @@ -233,6 +233,9 @@ spec: towerAdminPasswordSecret: description: Admin password of the deployed instance type: string + towerMigratedFromSecret: + description: The secret used for migrating an old Tower. + type: string towerVersion: description: Version of the deployed instance type: string diff --git a/roles/installer/defaults/main.yml b/roles/installer/defaults/main.yml index bfcfe5b3..ef0b4176 100644 --- a/roles/installer/defaults/main.yml +++ b/roles/installer/defaults/main.yml @@ -47,6 +47,10 @@ tower_broadcast_websocket_secret: '' # tower_secret_key_secret: '' +# Secret to lookup that provides old database credentials (for migration) + +tower_old_postgres_configuration_secret: '' + # Add extra volumes to the AWX pod. Specify as literal block. E.g.: # tower_extra_volumes: | # - name: my-volume diff --git a/roles/installer/tasks/database_configuration.yml b/roles/installer/tasks/database_configuration.yml index a2af97c8..14985e66 100644 --- a/roles/installer/tasks/database_configuration.yml +++ b/roles/installer/tasks/database_configuration.yml @@ -58,6 +58,14 @@ awx_postgres_host: "{{ pg_config['resources'][0]['data']['host'] | b64decode }}" no_log: true +- name: Check to see if this instance has already been migrated + k8s_info: + api_version: 'v1beta1' # TODO: How to parameterize this? + kind: "AWX" # TODO: How to parameterize this? + name: "{{ meta.name }}" + namespace: "{{ meta.namespace }}" + register: this_awx + - name: Check for old PostgreSQL configuration secret k8s_info: kind: Secret @@ -65,8 +73,9 @@ name: '{{ tower_old_postgres_configuration_secret }}' register: old_pg_config when: tower_old_postgres_configuration_secret | length - no_log: true - name: Migrate data from old Openshift instance import_tasks: migrate_data.yml - when: old_pg_config['resources'][0]['data']['host'] is defined + when: + - old_pg_config['resources'][0]['data']['host'] is defined + - this_awx['resources'][0]['status']['towerMigratedFromSecret'] is not defined diff --git a/roles/installer/tasks/main.yml b/roles/installer/tasks/main.yml index 5e739a10..7bd2a640 100644 --- a/roles/installer/tasks/main.yml +++ b/roles/installer/tasks/main.yml @@ -21,7 +21,6 @@ k8s: apply: yes definition: "{{ lookup('template', item) | from_yaml_all | list }}" - register: k8s_defs_result with_items: - tower_config.yaml.j2 @@ -57,29 +56,29 @@ that: tower_pod_name != '' fail_msg: "Could not find the tower pod's name." -- name: Check if database is populated (auth_user table exists). - community.kubernetes.k8s_exec: +- name: Check for pending migrations + k8s_exec: namespace: "{{ meta.namespace }}" pod: "{{ tower_pod_name }}" container: "{{ meta.name }}-task" command: >- bash -c "awx-manage showmigrations | grep -v '[X]' | grep '[ ]' | wc -l" - ignore_errors: true changed_when: false register: database_check - when: k8s_defs_result is not changed - name: Migrate the database if the K8s resources were updated. # noqa 305 - community.kubernetes.k8s_exec: + k8s_exec: namespace: "{{ meta.namespace }}" pod: "{{ tower_pod_name }}" container: "{{ meta.name }}-task" command: >- bash -c "awx-manage migrate --noinput" register: migrate_result - when: (k8s_defs_result is changed) or (database_check is defined and database_check.stdout != 0) + when: + - database_check is defined + - (database_check.stdout|trim) != '0' - include_tasks: initialize.yml -- name: Update status variables - include_tasks: update_status.yml +# - name: Update status variables +# include_tasks: update_status.yml diff --git a/roles/installer/tasks/migrate_data.yml b/roles/installer/tasks/migrate_data.yml index 55fa3b20..405c91a0 100644 --- a/roles/installer/tasks/migrate_data.yml +++ b/roles/installer/tasks/migrate_data.yml @@ -24,13 +24,22 @@ set_fact: postgres_pod_name: "{{ postgres_pod['resources'][0]['metadata']['name'] }}" -- name: Scale deployment down when current replicas match - community.kubernetes.k8s_scale: +- name: Check for presence of Deployment + k8s_info: + api_version: v1 + kind: Deployment + name: "{{ meta.name }}" + namespace: "{{ meta.namespace }}" + register: tower_deployment + +- name: Scale down Deployment for migration + k8s_scale: api_version: v1 kind: Deployment name: "{{ meta.name }}" namespace: "{{ meta.namespace }}" replicas: 0 + when: tower_deployment['resources'] | length - name: Set pg_dump command set_fact: @@ -53,7 +62,10 @@ namespace: "{{ meta.namespace }}" pod: "{{ postgres_pod_name }}" command: >- - bash -c "PGPASSWORD={{ tower_old_postgres_pass }} {{ pgdump }} | PGPASSWORD={{ awx_postgres_pass }} {{ psql_restore }} && echo 'Finished'" - no_log: true + bash -c "set -o pipefail; PGPASSWORD={{ tower_old_postgres_pass }} {{ pgdump }} | PGPASSWORD={{ awx_postgres_pass }} {{ psql_restore }} && echo 'Successful'" register: data_migration - changed_when: false + failed_when: "'Successful' not in data_migration.stdout" + +- name: Set flag signifying that this instance has been migrated + set_fact: + tower_migrated_from_secret: "{{ tower_old_postgres_configuration_secret }}" diff --git a/roles/installer/tasks/update_status.yml b/roles/installer/tasks/update_status.yml index f8120fd5..473912ee 100644 --- a/roles/installer/tasks/update_status.yml +++ b/roles/installer/tasks/update_status.yml @@ -68,3 +68,13 @@ towerURL: "https://{{ route_url['resources'][0]['status']['ingress'][0]['host'] }}" when: tower_ingress_type | lower == 'route' + +- name: Update towerMigratedFromSecret status + operator_sdk.util.k8s_status: + api_version: '{{ api_version }}' + kind: "{{ kind }}" + name: "{{ meta.name }}" + namespace: "{{ meta.namespace }}" + status: + towerMigratedFromSecret: "{{ tower_migrated_from_secret }}" + when: tower_migrated_from_secret is defined From 94a4861d13f3bc10d90028b007a628310f04d847 Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Wed, 17 Mar 2021 22:13:46 -0400 Subject: [PATCH 12/23] Bulk removal of no_log statements The operator would be impossible to debug with these --- roles/installer/tasks/admin_password_configuration.yml | 4 ---- .../installer/tasks/broadcast_websocket_configuration.yml | 4 ---- roles/installer/tasks/database_configuration.yml | 7 ------- roles/installer/tasks/initialize.yml | 1 - roles/installer/tasks/migrate_data.yml | 1 - roles/installer/tasks/secret_key_configuration.yml | 6 ------ 6 files changed, 23 deletions(-) diff --git a/roles/installer/tasks/admin_password_configuration.yml b/roles/installer/tasks/admin_password_configuration.yml index 51b35664..9f58e966 100644 --- a/roles/installer/tasks/admin_password_configuration.yml +++ b/roles/installer/tasks/admin_password_configuration.yml @@ -13,12 +13,10 @@ namespace: '{{ meta.namespace }}' name: '{{ meta.name }}-admin-password' register: _default_admin_password - no_log: true - name: Set admin password secret set_fact: _admin_password_secret: '{{ _custom_admin_password["resources"] | default([]) | length | ternary(_custom_admin_password, _default_admin_password) }}' - no_log: true - block: - name: Create admin password secret @@ -38,9 +36,7 @@ - name: Set admin password secret set_fact: admin_password_secret: '{{ _generated_admin_password["resources"] | default([]) | length | ternary(_generated_admin_password, _admin_password_secret) }}' - no_log: true - name: Store admin password set_fact: tower_admin_password: "{{ admin_password_secret['resources'][0]['data']['password'] | b64decode }}" - no_log: true diff --git a/roles/installer/tasks/broadcast_websocket_configuration.yml b/roles/installer/tasks/broadcast_websocket_configuration.yml index 4bae70a5..e4b387ce 100644 --- a/roles/installer/tasks/broadcast_websocket_configuration.yml +++ b/roles/installer/tasks/broadcast_websocket_configuration.yml @@ -13,13 +13,11 @@ namespace: '{{ meta.namespace }}' name: '{{ meta.name }}-broadcast-websocket' register: _default_broadcast_websocket - no_log: true - name: Set broadcast websocket secret set_fact: # yamllint disable-line rule:line-length _broadcast_websocket_secret: '{{ _custom_broadcast_websocket["resources"] | default([]) | length | ternary(_custom_broadcast_websocket, _default_broadcast_websocket) }}' # noqa 204 - no_log: true - block: - name: Create broadcast websocket secret @@ -40,9 +38,7 @@ set_fact: # yamllint disable-line rule:line-length broadcast_websocket_secret: '{{ _generated_broadcast_websocket["resources"] | default([]) | length | ternary(_generated_broadcast_websocket, _broadcast_websocket_secret) }}' # noqa 204 - no_log: true - name: Store broadcast websocket secret name set_fact: broadcast_websocket_secret_value: "{{ broadcast_websocket_secret['resources'][0]['data']['secret'] | b64decode }}" - no_log: true diff --git a/roles/installer/tasks/database_configuration.yml b/roles/installer/tasks/database_configuration.yml index 14985e66..899a3a0a 100644 --- a/roles/installer/tasks/database_configuration.yml +++ b/roles/installer/tasks/database_configuration.yml @@ -6,7 +6,6 @@ name: '{{ tower_postgres_configuration_secret }}' register: _custom_pg_config_resources when: tower_postgres_configuration_secret | length - no_log: true - name: Check for default PostgreSQL configuration k8s_info: @@ -14,12 +13,10 @@ namespace: '{{ meta.namespace }}' name: '{{ meta.name }}-postgres-configuration' register: _default_pg_config_resources - no_log: true - name: Set PostgreSQL configuration set_fact: _pg_config: '{{ _custom_pg_config_resources["resources"] | default([]) | length | ternary(_custom_pg_config_resources, _default_pg_config_resources) }}' - no_log: true - block: - name: Create Database configuration @@ -34,12 +31,10 @@ name: '{{ meta.name }}-postgres-configuration' register: _generated_pg_config_resources when: not _pg_config['resources'] | default([]) | length - no_log: true - name: Set PostgreSQL Configuration set_fact: pg_config: '{{ _generated_pg_config_resources["resources"] | default([]) | length | ternary(_generated_pg_config_resources, _pg_config) }}' - no_log: true - name: Create Database if no database is specified k8s: @@ -47,7 +42,6 @@ definition: "{{ lookup('template', 'tower_postgres.yaml.j2') }}" when: - pg_config['resources'][0]['data']['type'] | default('') | b64decode == 'managed' - no_log: true - name: Store Database Configuration set_fact: @@ -56,7 +50,6 @@ awx_postgres_database: "{{ pg_config['resources'][0]['data']['database'] | b64decode }}" awx_postgres_port: "{{ pg_config['resources'][0]['data']['port'] | b64decode }}" awx_postgres_host: "{{ pg_config['resources'][0]['data']['host'] | b64decode }}" - no_log: true - name: Check to see if this instance has already been migrated k8s_info: diff --git a/roles/installer/tasks/initialize.yml b/roles/installer/tasks/initialize.yml index a0676cdd..62849d7e 100644 --- a/roles/installer/tasks/initialize.yml +++ b/roles/installer/tasks/initialize.yml @@ -23,7 +23,6 @@ User.objects.create_superuser('{{ tower_admin_user }}', '{{ tower_admin_email }}', '{{ tower_admin_password }}')\" | awx-manage shell" when: users_result.return_code > 0 - no_log: true - name: Create preload data if necessary. # noqa 305 community.kubernetes.k8s_exec: diff --git a/roles/installer/tasks/migrate_data.yml b/roles/installer/tasks/migrate_data.yml index 405c91a0..7fcb2038 100644 --- a/roles/installer/tasks/migrate_data.yml +++ b/roles/installer/tasks/migrate_data.yml @@ -7,7 +7,6 @@ tower_old_postgres_database: "{{ old_pg_config['resources'][0]['data']['database'] | b64decode }}" tower_old_postgres_port: "{{ old_pg_config['resources'][0]['data']['port'] | b64decode }}" tower_old_postgres_host: "{{ old_pg_config['resources'][0]['data']['host'] | b64decode }}" - no_log: true - name: Get the postgres pod information k8s_info: diff --git a/roles/installer/tasks/secret_key_configuration.yml b/roles/installer/tasks/secret_key_configuration.yml index 8d27f81f..2769126c 100644 --- a/roles/installer/tasks/secret_key_configuration.yml +++ b/roles/installer/tasks/secret_key_configuration.yml @@ -6,7 +6,6 @@ name: '{{ tower_secret_key_secret }}' register: _custom_secret_key when: tower_secret_key_secret | length - no_log: true - name: Check for default secret key configuration k8s_info: @@ -18,14 +17,12 @@ - name: Set secret key secret set_fact: _secret_key_secret: '{{ _custom_secret_key["resources"] | default([]) | length | ternary(_custom_secret_key, _default_secret_key) }}' - no_log: true - block: - name: Create secret key secret k8s: apply: true definition: "{{ lookup('template', 'tower_secret_key.yaml.j2') }}" - no_log: true - name: Read secret key secret k8s_info: @@ -33,16 +30,13 @@ namespace: '{{ meta.namespace }}' name: '{{ meta.name }}-secret-key' register: _generated_secret_key - no_log: true when: not _secret_key_secret['resources'] | default([]) | length - name: Set secret key secret set_fact: secret_key_secret: '{{ _generated_secret_key["resources"] | default([]) | length | ternary(_generated_secret_key, _secret_key_secret) }}' - no_log: true - name: Store secret key secret name set_fact: secret_key_secret_name: "{{ secret_key_secret['resources'][0]['metadata']['name'] }}" - no_log: true From 64c10f29c4df376ea5f0b3da06cfe81db5232594 Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Wed, 17 Mar 2021 22:14:53 -0400 Subject: [PATCH 13/23] Uncomment status tasks --- roles/installer/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/installer/tasks/main.yml b/roles/installer/tasks/main.yml index 7bd2a640..58763199 100644 --- a/roles/installer/tasks/main.yml +++ b/roles/installer/tasks/main.yml @@ -80,5 +80,5 @@ - include_tasks: initialize.yml -# - name: Update status variables -# include_tasks: update_status.yml +- name: Update status variables + include_tasks: update_status.yml From 79534a1465273589451ea20032d511402e1b3caa Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Thu, 18 Mar 2021 11:03:03 -0400 Subject: [PATCH 14/23] Dont require database names to match when doing migration --- roles/installer/defaults/main.yml | 3 +++ .../tasks/database_configuration.yml | 25 ++++++++++++------- .../templates/tower_postgres_secret.yaml.j2 | 4 +-- 3 files changed, 21 insertions(+), 11 deletions(-) diff --git a/roles/installer/defaults/main.yml b/roles/installer/defaults/main.yml index ef0b4176..a529c3b3 100644 --- a/roles/installer/defaults/main.yml +++ b/roles/installer/defaults/main.yml @@ -1,6 +1,9 @@ --- deployment_type: awx +database_name: "{{ deployment_type }}" +database_username: "{{ deployment_type }}" + tower_task_privileged: false tower_ingress_type: none diff --git a/roles/installer/tasks/database_configuration.yml b/roles/installer/tasks/database_configuration.yml index 899a3a0a..43fdd6c5 100644 --- a/roles/installer/tasks/database_configuration.yml +++ b/roles/installer/tasks/database_configuration.yml @@ -14,6 +14,21 @@ name: '{{ meta.name }}-postgres-configuration' register: _default_pg_config_resources +- name: Check for old PostgreSQL configuration secret + k8s_info: + kind: Secret + namespace: '{{ meta.namespace }}' + name: '{{ tower_old_postgres_configuration_secret }}' + register: old_pg_config + when: tower_old_postgres_configuration_secret | length + +- name: Set proper database name when migrating from old deployment + set_fact: + database_name: "{{ old_pg_config['resources'][0]['data']['database'] | b64decode }}" + database_username: "{{ old_pg_config['resources'][0]['data']['username'] | b64decode }}" + when: + - old_pg_config['resources'][0]['data']['database'] is defined + - name: Set PostgreSQL configuration set_fact: _pg_config: '{{ _custom_pg_config_resources["resources"] | default([]) | length | ternary(_custom_pg_config_resources, _default_pg_config_resources) }}' @@ -51,7 +66,7 @@ awx_postgres_port: "{{ pg_config['resources'][0]['data']['port'] | b64decode }}" awx_postgres_host: "{{ pg_config['resources'][0]['data']['host'] | b64decode }}" -- name: Check to see if this instance has already been migrated +- name: Look up details for this deployment k8s_info: api_version: 'v1beta1' # TODO: How to parameterize this? kind: "AWX" # TODO: How to parameterize this? @@ -59,14 +74,6 @@ namespace: "{{ meta.namespace }}" register: this_awx -- name: Check for old PostgreSQL configuration secret - k8s_info: - kind: Secret - namespace: '{{ meta.namespace }}' - name: '{{ tower_old_postgres_configuration_secret }}' - register: old_pg_config - when: tower_old_postgres_configuration_secret | length - - name: Migrate data from old Openshift instance import_tasks: migrate_data.yml when: diff --git a/roles/installer/templates/tower_postgres_secret.yaml.j2 b/roles/installer/templates/tower_postgres_secret.yaml.j2 index 51514d49..ed4ed037 100644 --- a/roles/installer/templates/tower_postgres_secret.yaml.j2 +++ b/roles/installer/templates/tower_postgres_secret.yaml.j2 @@ -7,8 +7,8 @@ metadata: namespace: '{{ meta.namespace }}' stringData: password: '{{ lookup('password', '/dev/null length=32 chars=ascii_letters,digits') }}' - username: '{{ deployment_type }}' - database: '{{ deployment_type }}' + username: '{{ database_username }}' + database: '{{ database_name }}' port: '5432' host: {{ meta.name }}-postgres type: 'managed' From 851ff16c0fa4aa9c95538cf7023163559c3b60b0 Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Thu, 18 Mar 2021 11:03:33 -0400 Subject: [PATCH 15/23] Allow for overriding namespace when deploying via playbook --- ansible/instantiate-awx-deployment.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/instantiate-awx-deployment.yml b/ansible/instantiate-awx-deployment.yml index a94c9d0d..c157e092 100644 --- a/ansible/instantiate-awx-deployment.yml +++ b/ansible/instantiate-awx-deployment.yml @@ -9,7 +9,7 @@ - name: Deploy AWX k8s: state: "{{ state | default('present') }}" - namespace: default + namespace: "{{ namespace | default('default') }}" apply: yes wait: yes definition: From 92a7bf22a1f54126094e774f193fc31ce6fa1107 Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Thu, 18 Mar 2021 12:31:02 -0400 Subject: [PATCH 16/23] Tweak migration logic --- roles/installer/tasks/database_configuration.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/installer/tasks/database_configuration.yml b/roles/installer/tasks/database_configuration.yml index 43fdd6c5..78d9d463 100644 --- a/roles/installer/tasks/database_configuration.yml +++ b/roles/installer/tasks/database_configuration.yml @@ -27,7 +27,8 @@ database_name: "{{ old_pg_config['resources'][0]['data']['database'] | b64decode }}" database_username: "{{ old_pg_config['resources'][0]['data']['username'] | b64decode }}" when: - - old_pg_config['resources'][0]['data']['database'] is defined + - old_pg_config['resources'] is defined + - old_pg_config['resources'] | length - name: Set PostgreSQL configuration set_fact: @@ -77,5 +78,6 @@ - name: Migrate data from old Openshift instance import_tasks: migrate_data.yml when: - - old_pg_config['resources'][0]['data']['host'] is defined + - old_pg_config['resources'] is defined + - old_pg_config['resources'] | length - this_awx['resources'][0]['status']['towerMigratedFromSecret'] is not defined From bb519664cdcf3406a91945c537c4caa95e7ce928 Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Thu, 18 Mar 2021 12:31:24 -0400 Subject: [PATCH 17/23] Add seperate docs for migration --- README.md | 23 +------------------ docs/migration.md | 58 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+), 22 deletions(-) create mode 100644 docs/migration.md diff --git a/README.md b/README.md index dcc5b4bb..560b326b 100644 --- a/README.md +++ b/README.md @@ -181,28 +181,7 @@ type: Opaque #### Migrating data from an old AWX instance -To migrate data from an older AWX installation, the Custom Resource needs to know about the connection details. Those connection details should be stored as a secret and specified as `tower_old_postgres_configuration_secret` at the CR spec level. - - -The secret should be formatted as follows: - -```yaml ---- -apiVersion: v1 -kind: Secret -metadata: - name: -old-postgres-configuration - namespace: -stringData: - host: - port: - database: - username: - password: -type: Opaque -``` - -> For `host`, a URL resolvable by the cluster could look something like `postgresql..svc.cluster.local`, where `` is filled in with the namespace of the AWX deployment you are migrating data from. +For instructions on how to migrate from an older version of AWX, see [migration.md](./docs/migration.md). #### Managed PostgreSQL Service diff --git a/docs/migration.md b/docs/migration.md new file mode 100644 index 00000000..5431c51c --- /dev/null +++ b/docs/migration.md @@ -0,0 +1,58 @@ +# Migrating data from an old AWX instance + +To migrate data from an older AWX installation, you must provide some information via Secrets. + +## Creating Secrets for Migration + +### Secret Key + +You can find your old secret key in the inventory file you used to deploy AWX in releases prior to version 18. + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: -secret-key + namespace: +stringData: + secret_key: +type: Opaque +``` + +**Note**: `` must match the `name` of the AWX object you are creating. In our example below, it is `awx`. + +### Old Databse Credentials + +The secret should be formatted as follows: + +```yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: -old-postgres-configuration + namespace: +stringData: + host: + port: + database: + username: + password: +type: Opaque +``` + +> For `host`, a URL resolvable by the cluster could look something like `postgresql..svc.cluster.local`, where `` is filled in with the namespace of the AWX deployment you are migrating data from. + +## Deploy AWX + +When you apply your AWX object, you must specify the name to the database secret you created above: + +```yaml +apiVersion: awx.ansible.com/v1beta1 +kind: AWX +metadata: + name: awx +spec: + tower_old_postgres_configuration_secret: -old-postgres-configuration + ... +``` From 7d6743c44dcc7f7ba792b5b914476d3e44685b16 Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Thu, 18 Mar 2021 12:59:18 -0400 Subject: [PATCH 18/23] Fix linter --- .ansible-lint | 1 + roles/installer/tasks/database_configuration.yml | 4 ++-- roles/installer/tasks/migrate_data.yml | 8 ++++++-- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.ansible-lint b/.ansible-lint index 56e6654c..712a34e0 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,3 +1,4 @@ +--- skip_list: - '306' - '602' diff --git a/roles/installer/tasks/database_configuration.yml b/roles/installer/tasks/database_configuration.yml index 78d9d463..622bbc7a 100644 --- a/roles/installer/tasks/database_configuration.yml +++ b/roles/installer/tasks/database_configuration.yml @@ -69,8 +69,8 @@ - name: Look up details for this deployment k8s_info: - api_version: 'v1beta1' # TODO: How to parameterize this? - kind: "AWX" # TODO: How to parameterize this? + api_version: 'v1beta1' # TODO: How to parameterize this? + kind: "AWX" # TODO: How to parameterize this? name: "{{ meta.name }}" namespace: "{{ meta.namespace }}" register: this_awx diff --git a/roles/installer/tasks/migrate_data.yml b/roles/installer/tasks/migrate_data.yml index 7fcb2038..ae04e8ca 100644 --- a/roles/installer/tasks/migrate_data.yml +++ b/roles/installer/tasks/migrate_data.yml @@ -60,8 +60,12 @@ community.kubernetes.k8s_exec: namespace: "{{ meta.namespace }}" pod: "{{ postgres_pod_name }}" - command: >- - bash -c "set -o pipefail; PGPASSWORD={{ tower_old_postgres_pass }} {{ pgdump }} | PGPASSWORD={{ awx_postgres_pass }} {{ psql_restore }} && echo 'Successful'" + command: | + bash -c """ + set -e -o pipefail + PGPASSWORD={{ tower_old_postgres_pass }} {{ pgdump }} | PGPASSWORD={{ awx_postgres_pass }} {{ psql_restore }} + echo 'Successful' + """ register: data_migration failed_when: "'Successful' not in data_migration.stdout" From c320dc835ba39cd991f9182fd4e95d0b41433143 Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Thu, 18 Mar 2021 14:17:13 -0400 Subject: [PATCH 19/23] Fix image --- deploy/awx-operator.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/awx-operator.yaml b/deploy/awx-operator.yaml index b8ccf1fa..dfe6bb6f 100644 --- a/deploy/awx-operator.yaml +++ b/deploy/awx-operator.yaml @@ -122,7 +122,7 @@ spec: serviceAccountName: awx-operator containers: - name: awx-operator - image: "quay.io/shanemcd/awx-operator:latest" + image: "quay.io/ansible/awx-operator:0.6.0" imagePullPolicy: "Always" volumeMounts: - mountPath: /tmp/ansible-operator/runner From c81266af66770c9ec85d2c4c84162667e858961d Mon Sep 17 00:00:00 2001 From: Yanis Guenane Date: Fri, 19 Mar 2021 11:13:17 +0100 Subject: [PATCH 20/23] olm-catalog: Add displayName for the resource --- .../manifests/awx-operator.clusterserviceversion.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml b/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml index 56d98093..07468d5d 100644 --- a/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml +++ b/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml @@ -71,6 +71,7 @@ spec: owned: - description: A AWX Instance kind: AWX + displayName: AWX name: awxs.awx.ansible.com specDescriptors: - displayName: Hostname From 385a4f65a1cd7e67ec2e70f6de3cfbbaec1ec461 Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Tue, 23 Mar 2021 11:07:09 -0400 Subject: [PATCH 21/23] Bump version --- ansible/group_vars/all | 2 +- deploy/awx-operator.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/group_vars/all b/ansible/group_vars/all index 13b5706d..03348228 100644 --- a/ansible/group_vars/all +++ b/ansible/group_vars/all @@ -1,3 +1,3 @@ operator_image: quay.io/ansible/awx-operator -operator_version: 0.6.0 +operator_version: 0.7.0 pull_policy: Always diff --git a/deploy/awx-operator.yaml b/deploy/awx-operator.yaml index 62ebba5d..fee8caa8 100644 --- a/deploy/awx-operator.yaml +++ b/deploy/awx-operator.yaml @@ -122,7 +122,7 @@ spec: serviceAccountName: awx-operator containers: - name: awx-operator - image: "quay.io/ansible/awx-operator:0.6.0" + image: "quay.io/ansible/awx-operator:0.7.0" imagePullPolicy: "Always" volumeMounts: - mountPath: /tmp/ansible-operator/runner From 693ce5a17ecb44c00264cea66922c5621ec1592e Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Tue, 23 Mar 2021 11:11:55 -0400 Subject: [PATCH 22/23] Fix CRD Fallout from https://github.com/ansible/awx-operator/pull/128 --- ansible/templates/crd.yml.j2 | 2 +- deploy/awx-operator.yaml | 2 +- deploy/crds/awx_v1beta1_crd.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/templates/crd.yml.j2 b/ansible/templates/crd.yml.j2 index 33241d98..b7cd32bc 100644 --- a/ansible/templates/crd.yml.j2 +++ b/ansible/templates/crd.yml.j2 @@ -85,7 +85,7 @@ spec: - https tower_loadbalancer_port: description: Port to use for the loadbalancer - type: int32 + type: integer default: 80 tower_route_host: description: The DNS to use to points to the instance diff --git a/deploy/awx-operator.yaml b/deploy/awx-operator.yaml index fee8caa8..18a76fa5 100644 --- a/deploy/awx-operator.yaml +++ b/deploy/awx-operator.yaml @@ -236,7 +236,7 @@ spec: - https tower_loadbalancer_port: description: Port to use for the loadbalancer - type: number + type: integer default: 80 tower_route_host: description: The DNS to use to points to the instance diff --git a/deploy/crds/awx_v1beta1_crd.yaml b/deploy/crds/awx_v1beta1_crd.yaml index 1d1bbc9c..b7cd32bc 100644 --- a/deploy/crds/awx_v1beta1_crd.yaml +++ b/deploy/crds/awx_v1beta1_crd.yaml @@ -85,7 +85,7 @@ spec: - https tower_loadbalancer_port: description: Port to use for the loadbalancer - type: number + type: integer default: 80 tower_route_host: description: The DNS to use to points to the instance From 62ec946e4f65415ebab40853289e3ac8a2b791b3 Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Tue, 23 Mar 2021 11:14:56 -0400 Subject: [PATCH 23/23] Use latest version of quay.io/ansible/awx --- deploy/crds/awx_v1beta1_cr.yaml | 2 +- deploy/crds/awx_v1beta1_molecule.yaml | 2 +- .../manifests/awx-operator.clusterserviceversion.yaml | 4 ++-- roles/installer/defaults/main.yml | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/deploy/crds/awx_v1beta1_cr.yaml b/deploy/crds/awx_v1beta1_cr.yaml index bc1ae23c..dd2708b4 100644 --- a/deploy/crds/awx_v1beta1_cr.yaml +++ b/deploy/crds/awx_v1beta1_cr.yaml @@ -13,7 +13,7 @@ spec: tower_admin_user: test tower_admin_email: test@example.com - tower_image: quay.io/ansible/awx:execution-environments + tower_image: quay.io/ansible/awx:18.0.0 tower_create_preload_data: true diff --git a/deploy/crds/awx_v1beta1_molecule.yaml b/deploy/crds/awx_v1beta1_molecule.yaml index 7ba58551..6f4b69a0 100644 --- a/deploy/crds/awx_v1beta1_molecule.yaml +++ b/deploy/crds/awx_v1beta1_molecule.yaml @@ -11,7 +11,7 @@ spec: tower_admin_email: test@example.com - tower_image: quay.io/ansible/awx:execution-environments + tower_image: quay.io/ansible/awx:18.0.0 tower_web_resource_requirements: requests: diff --git a/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml b/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml index bb2edd98..e73702ee 100644 --- a/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml +++ b/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml @@ -17,7 +17,7 @@ metadata: "tower_broadcast_websocket_secret": "changeme", "tower_create_preload_data": true, "tower_hostname": "example-awx.test", - "tower_image": "quay.io/ansible/awx:execution-environments", + "tower_image": "quay.io/ansible/awx:18.0.0", "tower_ingress_type": "none", "tower_memcached_image": "memcached:alpine", "tower_postgres_storage_class": "", @@ -37,7 +37,7 @@ metadata: "tower_admin_email": "test@example.com", "tower_broadcast_websocket_secret": "changeme", "tower_create_preload_data": true, - "tower_image": "quay.io/ansible/awx:execution-environments", + "tower_image": "quay.io/ansible/awx:18.0.0", "tower_ingress_type": "ingress", "tower_memcached_image": "memcached:alpine", "tower_postgres_image": "postgres:12", diff --git a/roles/installer/defaults/main.yml b/roles/installer/defaults/main.yml index 4e6c1786..76f9fadd 100644 --- a/roles/installer/defaults/main.yml +++ b/roles/installer/defaults/main.yml @@ -65,7 +65,7 @@ tower_extra_volumes: '' # Use these image versions for Ansible AWX. -tower_image: quay.io/ansible/awx:execution-environments +tower_image: quay.io/ansible/awx:18.0.0 tower_image_pull_policy: IfNotPresent tower_image_pull_secret: '' default_ee: quay.io/ansible/awx-ee