diff --git a/ansible/templates/crd.yml.j2 b/ansible/templates/crd.yml.j2 index 768dcfaa..5f2c97d5 100644 --- a/ansible/templates/crd.yml.j2 +++ b/ansible/templates/crd.yml.j2 @@ -26,25 +26,3 @@ spec: spec: type: object properties: - external_database: - type: boolean - description: | - If true you must supply a secret containing the location and credentials for - connecting to the external database by a user who has permission to create - and apply a schema. - - The secret should have the name: -postgres-configuration and - should look like: - - apiVersion: v1 - kind: Secret - metadata: - name: -postgres-configuration - namespace: - stringData: - host: - port: - database: - username: - password: - type: Opaque diff --git a/deploy/awx-operator.yaml b/deploy/awx-operator.yaml index 9e59bea2..aeb1faf2 100644 --- a/deploy/awx-operator.yaml +++ b/deploy/awx-operator.yaml @@ -166,25 +166,3 @@ spec: spec: type: object properties: - external_database: - type: boolean - description: | - If true you must supply a secret containing the location and credentials for - connecting to the external database by a user who has permission to create - and apply a schema. - - The secret should have the name: -postgres-configuration and - should look like: - - apiVersion: v1 - kind: Secret - metadata: - name: -postgres-configuration - namespace: - stringData: - host: - port: - database: - username: - password: - type: Opaque diff --git a/deploy/crds/awx_v1beta1_crd.yaml b/deploy/crds/awx_v1beta1_crd.yaml index 768dcfaa..5f2c97d5 100644 --- a/deploy/crds/awx_v1beta1_crd.yaml +++ b/deploy/crds/awx_v1beta1_crd.yaml @@ -26,25 +26,3 @@ spec: spec: type: object properties: - external_database: - type: boolean - description: | - If true you must supply a secret containing the location and credentials for - connecting to the external database by a user who has permission to create - and apply a schema. - - The secret should have the name: -postgres-configuration and - should look like: - - apiVersion: v1 - kind: Secret - metadata: - name: -postgres-configuration - namespace: - stringData: - host: - port: - database: - username: - password: - type: Opaque diff --git a/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml b/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml index 51517651..6098bc76 100644 --- a/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml +++ b/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml @@ -20,28 +20,6 @@ spec: properties: spec: properties: - external_database: - description: | - If true you must supply a secret containing the location and credentials for - connecting to the external database by a user who has permission to create - and apply a schema. - - The secret should have the name: -postgres-configuration and - should look like: - - apiVersion: v1 - kind: Secret - metadata: - name: -postgres-configuration - namespace: - stringData: - host: - port: - database: - username: - password: - type: Opaque - type: boolean type: object type: object version: v1beta1 diff --git a/roles/installer/defaults/main.yml b/roles/installer/defaults/main.yml index 5c7cf1d1..e03df54d 100644 --- a/roles/installer/defaults/main.yml +++ b/roles/installer/defaults/main.yml @@ -75,6 +75,10 @@ tower_postgres_storage_request: 8Gi tower_postgres_storage_class: '' tower_postgres_data_path: '/var/lib/postgresql/data/pgdata' +# Secret to lookup that provide the PostgreSQL configuration +# +tower_postgres_configuration_secret: '' + ca_trust_bundle: "/etc/pki/tls/certs/ca-bundle.crt" development_mode: false diff --git a/roles/installer/tasks/database_configuration.yml b/roles/installer/tasks/database_configuration.yml new file mode 100644 index 00000000..36987b57 --- /dev/null +++ b/roles/installer/tasks/database_configuration.yml @@ -0,0 +1,53 @@ +--- +- name: Check for specified PostgreSQL configuration + k8s_info: + kind: Secret + namespace: '{{ meta.namespace }}' + name: '{{ tower_postgres_configuration_secret }}' + register: _custom_pg_config_resources + when: tower_postgres_configuration_secret | length + +- name: Check for default PostgreSQL configuration + k8s_info: + kind: Secret + namespace: '{{ meta.namespace }}' + name: '{{ meta.name }}-postgres-configuration' + register: _default_pg_config_resources + +- name: Set PostgreSQL configuration + set_fact: + _pg_config: '{{ _custom_pg_config_resources["resources"] | default([]) | length | ternary(_custom_pg_config_resources, _default_pg_config_resources) }}' + +- block: + - name: Create Database configuration + k8s: + apply: true + definition: "{{ lookup('template', 'tower_postgres_secret.yaml.j2') }}" + + - name: Read Database Configuration + k8s_info: + kind: Secret + namespace: '{{ meta.namespace }}' + name: '{{ meta.name }}-postgres-configuration' + register: _generated_pg_config_resources + + when: not _pg_config['resources'] | default([]) | length + +- name: Set PostgreSQL Configuration + set_fact: + pg_config: '{{ _generated_pg_config_resources["resources"] | default([]) | length | ternary(_generated_pg_config_resources, _pg_config) }}' + +- name: Create Database if no database is specified + k8s: + apply: true + definition: "{{ lookup('template', 'tower_postgres.yaml.j2') }}" + when: + - pg_config['resources'][0]['data']['type'] | default('') | b64decode == 'managed' + +- name: Store Database Configuration + set_fact: + awx_postgres_user: "{{ pg_config['resources'][0]['data']['username'] | b64decode }}" + awx_postgres_pass: "{{ pg_config['resources'][0]['data']['password'] | b64decode }}" + awx_postgres_database: "{{ pg_config['resources'][0]['data']['database'] | b64decode }}" + awx_postgres_port: "{{ pg_config['resources'][0]['data']['port'] | b64decode }}" + awx_postgres_host: "{{ pg_config['resources'][0]['data']['host'] | b64decode }}" diff --git a/roles/installer/tasks/main.yml b/roles/installer/tasks/main.yml index bcfe8b28..2ef5e4aa 100644 --- a/roles/installer/tasks/main.yml +++ b/roles/installer/tasks/main.yml @@ -6,42 +6,6 @@ name: '{{ meta.name }}-secret-key' register: secret_key_resources -- name: Check for existing postgres configuration - k8s_info: - kind: Secret - namespace: '{{ meta.namespace }}' - name: '{{ meta.name }}-postgres-configuration' - register: postgres_config_resources - -- name: Create Database configuration if it doesn't already exist - k8s: - apply: yes - definition: "{{ lookup('template', 'tower_postgres_secret.yaml.j2') }}" - register: k8s_postgres_config_result - when: postgres_config_resources['resources'] | length < 1 and not external_database | default(False) | bool - -- name: Create Database if External Database not selected - k8s: - apply: yes - definition: "{{ lookup('template', 'tower_postgres.yaml.j2') }}" - register: k8s_postgres_result - when: not external_database | default(False) | bool - -- name: Read Database Configuration - k8s_info: - kind: Secret - namespace: '{{ meta.namespace }}' - name: '{{ meta.name }}-postgres-configuration' - register: postgres_configuration - -- name: Store Database Configuration - set_fact: - awx_postgres_user: "{{ postgres_configuration['resources'][0]['data']['username'] | b64decode }}" - awx_postgres_pass: "{{ postgres_configuration['resources'][0]['data']['password'] | b64decode }}" - awx_postgres_database: "{{ postgres_configuration['resources'][0]['data']['database'] | b64decode }}" - awx_postgres_port: "{{ postgres_configuration['resources'][0]['data']['port'] | b64decode }}" - awx_postgres_host: "{{ postgres_configuration['resources'][0]['data']['host'] | b64decode }}" - - name: Deploy Tower Secret Key if needed k8s: apply: yes @@ -49,6 +13,9 @@ register: k8s_tower_secret_result when: secret_key_resources['resources'] | length < 1 +- name: Include database configuration tasks + include_tasks: database_configuration.yml + - name: Ensure configured instance resources exist in the cluster. k8s: apply: yes diff --git a/roles/installer/templates/tower_postgres_secret.yaml.j2 b/roles/installer/templates/tower_postgres_secret.yaml.j2 index 7cd8fb56..f9fb4c82 100644 --- a/roles/installer/templates/tower_postgres_secret.yaml.j2 +++ b/roles/installer/templates/tower_postgres_secret.yaml.j2 @@ -11,3 +11,4 @@ stringData: database: '{{ deployment_type }}' port: '5432' host: {{ meta.name }}-postgres + type: 'managed'