internet/awx-operator
3
0
Fork 0
mirror of https://github.com/ansible/awx-operator.git synced 2026-04-18 23:01:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Resolves #918 to make no_log configurable (#923)

Browse Source
This commit is contained in:
David Luong
2022-06-16 01:03:13 -04:00
committed by GitHub
parent 683d23dbea
commit e966e9299f
27 changed files with 118 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
README.md
View File

@@ -44,6 +44,7 @@ An [Ansible AWX](https://github.com/ansible/awx) operator for Kubernetes built w
* [CSRF Cookie Secure Setting](#csrf-cookie-secure-setting) * [CSRF Cookie Secure Setting](#csrf-cookie-secure-setting)
* [Session Cookie Secure Setting](#session-cookie-secure-setting) * [Session Cookie Secure Setting](#session-cookie-secure-setting)
* [Extra Settings](#extra-settings) * [Extra Settings](#extra-settings)
* [Configure no_log](#no-log)
* [Service Account](#service-account) * [Service Account](#service-account)
* [Uninstall](#uninstall) * [Uninstall](#uninstall)
* [Upgrading](#upgrading) * [Upgrading](#upgrading)
@@ -1019,6 +1020,21 @@ Example configuration of `extra_settings` parameter
value: "cn=admin,dc=example,dc=com" value: "cn=admin,dc=example,dc=com"
``` ```
#### No Log
Configure no_log for tasks with no_log
| Name | Description | Default |
| ------ | -------------------- | ------- |
| no_log | No log configuration | 'true' |
Example configuration of `no_log` parameter
```yaml
spec:
no_log: 'true'
```
#### Service Account #### Service Account
If you need to modify some `ServiceAccount` proprieties If you need to modify some `ServiceAccount` proprieties

3
config/crd/bases/awx.ansible.com_awxs.yaml
View File

@@ -482,6 +482,9 @@ spec:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
type: object type: object
type: array type: array
no_log:
description: Configure no_log for no_log tasks
type: string
security_context_settings: security_context_settings:
description: Key/values that will be set under the pod-level securityContext field description: Key/values that will be set under the pod-level securityContext field
type: object type: object

3
config/crd/bases/awxbackup.ansible.com_awxbackups.yaml
View File

@@ -52,6 +52,9 @@ spec:
postgres_image_version: postgres_image_version:
description: PostgreSQL container image version to use description: PostgreSQL container image version to use
type: string type: string
no_log:
description: Configure no_log for no_log tasks
type: string
status: status:
type: object type: object
properties: properties:

3
config/crd/bases/awxrestore.ansible.com_awxrestores.yaml
View File

@@ -56,6 +56,9 @@ spec:
postgres_image_version: postgres_image_version:
description: PostgreSQL container image version to use description: PostgreSQL container image version to use
type: string type: string
no_log:
description: Configure no_log for no_log tasks
type: string
status: status:
type: object type: object
properties: properties:

5
config/manifests/bases/awx-operator.clusterserviceversion.yaml
View File

@@ -574,6 +574,11 @@ spec:
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden - urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: No Log Configuration
path: no_log
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Security Context Settings - displayName: Security Context Settings
path: security_context_settings path: security_context_settings
x-descriptors: x-descriptors:

3
roles/backup/defaults/main.yml
View File

@@ -10,3 +10,6 @@ backup_pvc_namespace: "{{ ansible_operator_meta.namespace }}"
# Size of backup PVC if created dynamically # Size of backup PVC if created dynamically
backup_storage_requirements: '' backup_storage_requirements: ''
# Set no_log settings on certain tasks
no_log: 'true'

6
roles/backup/tasks/dump_generated_secret.yml
View File

@@ -25,15 +25,15 @@
namespace: '{{ ansible_operator_meta.namespace }}' namespace: '{{ ansible_operator_meta.namespace }}'
name: "{{ _name }}" name: "{{ _name }}"
register: _secret register: _secret
no_log: true no_log: "{{ no_log }}"
- name: Set secret data - name: Set secret data
set_fact: set_fact:
_data: "{{ _secret['resources'][0]['data'] }}" _data: "{{ _secret['resources'][0]['data'] }}"
_type: "{{ _secret['resources'][0]['type'] }}" _type: "{{ _secret['resources'][0]['type'] }}"
no_log: true no_log: "{{ no_log }}"
- name: Create and Add secret names and data to dictionary - name: Create and Add secret names and data to dictionary
set_fact: set_fact:
secret_dict: "{{ secret_dict | default({}) | combine({ item: {'name': _name, 'data': _data, 'type': _type }}) }}" secret_dict: "{{ secret_dict | default({}) | combine({ item: {'name': _name, 'data': _data, 'type': _type }}) }}"
no_log: true no_log: "{{ no_log }}"

6
roles/backup/tasks/dump_secret.yml
View File

@@ -13,16 +13,16 @@
namespace: '{{ ansible_operator_meta.namespace }}' namespace: '{{ ansible_operator_meta.namespace }}'
name: "{{ _name }}" name: "{{ _name }}"
register: _secret register: _secret
no_log: true no_log: "{{ no_log }}"
- name: Set secret key - name: Set secret key
set_fact: set_fact:
_data: "{{ _secret['resources'][0]['data'] }}" _data: "{{ _secret['resources'][0]['data'] }}"
_type: "{{ _secret['resources'][0]['type'] }}" _type: "{{ _secret['resources'][0]['type'] }}"
no_log: true no_log: "{{ no_log }}"
- name: Create and Add secret names and data to dictionary - name: Create and Add secret names and data to dictionary
set_fact: set_fact:
secret_dict: "{{ secret_dict | default({}) | combine({item: { 'name': _name, 'data': _data, 'type': _type }}) }}" secret_dict: "{{ secret_dict | default({}) | combine({item: { 'name': _name, 'data': _data, 'type': _type }}) }}"
no_log: true no_log: "{{ no_log }}"
when: _name != '' when: _name != ''

10
roles/backup/tasks/postgres.yml
View File

@@ -6,7 +6,7 @@
namespace: '{{ ansible_operator_meta.namespace }}' namespace: '{{ ansible_operator_meta.namespace }}'
name: "{{ this_awx['resources'][0]['status']['postgresConfigurationSecret'] }}" name: "{{ this_awx['resources'][0]['status']['postgresConfigurationSecret'] }}"
register: pg_config register: pg_config
no_log: true no_log: "{{ no_log }}"
- name: Fail if postgres configuration secret status does not exist - name: Fail if postgres configuration secret status does not exist
fail: fail:
@@ -21,7 +21,7 @@
awx_postgres_port: "{{ pg_config['resources'][0]['data']['port'] | b64decode }}" awx_postgres_port: "{{ pg_config['resources'][0]['data']['port'] | b64decode }}"
awx_postgres_host: "{{ pg_config['resources'][0]['data']['host'] | b64decode }}" awx_postgres_host: "{{ pg_config['resources'][0]['data']['host'] | b64decode }}"
awx_postgres_type: "{{ pg_config['resources'][0]['data']['type'] | default('unmanaged'|b64encode) | b64decode }}" awx_postgres_type: "{{ pg_config['resources'][0]['data']['type'] | default('unmanaged'|b64encode) | b64decode }}"
no_log: true no_log: "{{ no_log }}"
- block: - block:
- name: Delete pod to reload a resource configuration - name: Delete pod to reload a resource configuration
@@ -80,7 +80,7 @@
- name: Set full resolvable host name for postgres pod - name: Set full resolvable host name for postgres pod
set_fact: set_fact:
resolvable_db_host: '{{ (awx_postgres_type == "managed") | ternary(awx_postgres_host + "." + ansible_operator_meta.namespace + ".svc.cluster.local", awx_postgres_host) }}' # yamllint disable-line rule:line-length resolvable_db_host: '{{ (awx_postgres_type == "managed") | ternary(awx_postgres_host + "." + ansible_operator_meta.namespace + ".svc.cluster.local", awx_postgres_host) }}' # yamllint disable-line rule:line-length
no_log: true no_log: "{{ no_log }}"
- name: Set pg_dump command - name: Set pg_dump command
set_fact: set_fact:
@@ -91,7 +91,7 @@
-d {{ awx_postgres_database }} -d {{ awx_postgres_database }}
-p {{ awx_postgres_port }} -p {{ awx_postgres_port }}
-F custom -F custom
no_log: true no_log: "{{ no_log }}"
- name: Write pg_dump to backup on PVC - name: Write pg_dump to backup on PVC
k8s_exec: k8s_exec:
@@ -104,5 +104,5 @@
echo 'Successful' echo 'Successful'
""" """
register: data_migration register: data_migration
no_log: true no_log: "{{ no_log }}"
failed_when: "'Successful' not in data_migration.stdout" failed_when: "'Successful' not in data_migration.stdout"

4
roles/backup/tasks/secrets.yml
View File

@@ -39,7 +39,7 @@
- name: Nest secrets under a single variable - name: Nest secrets under a single variable
set_fact: set_fact:
secrets: {"secrets": '{{ secret_dict }}'} secrets: {"secrets": '{{ secret_dict }}'}
no_log: true no_log: "{{ no_log }}"
- name: Write postgres configuration to pvc - name: Write postgres configuration to pvc
k8s_exec: k8s_exec:
@@ -47,4 +47,4 @@
pod: "{{ ansible_operator_meta.name }}-db-management" pod: "{{ ansible_operator_meta.name }}-db-management"
command: >- command: >-
bash -c "echo '{{ secrets | to_yaml }}' > {{ backup_dir }}/secrets.yml" bash -c "echo '{{ secrets | to_yaml }}' > {{ backup_dir }}/secrets.yml"
no_log: true no_log: "{{ no_log }}"

3
roles/installer/defaults/main.yml
View File

@@ -281,3 +281,6 @@ garbage_collect_secrets: false
development_mode: false development_mode: false
security_context_settings: {} security_context_settings: {}
# Set no_log settings on certain tasks
no_log: 'true'

14
roles/installer/tasks/admin_password_configuration.yml
View File

@@ -5,7 +5,7 @@
namespace: '{{ ansible_operator_meta.namespace }}' namespace: '{{ ansible_operator_meta.namespace }}'
name: '{{ admin_password_secret }}' name: '{{ admin_password_secret }}'
register: _custom_admin_password register: _custom_admin_password
no_log: true no_log: "{{ no_log }}"
when: admin_password_secret | length when: admin_password_secret | length
- name: Check for default admin password configuration - name: Check for default admin password configuration
@@ -14,19 +14,19 @@
namespace: '{{ ansible_operator_meta.namespace }}' namespace: '{{ ansible_operator_meta.namespace }}'
name: '{{ ansible_operator_meta.name }}-admin-password' name: '{{ ansible_operator_meta.name }}-admin-password'
register: _default_admin_password register: _default_admin_password
no_log: true no_log: "{{ no_log }}"
- name: Set admin password secret - name: Set admin password secret
set_fact: set_fact:
_admin_password_secret: '{{ _custom_admin_password["resources"] | default([]) | length | ternary(_custom_admin_password, _default_admin_password) }}' _admin_password_secret: '{{ _custom_admin_password["resources"] | default([]) | length | ternary(_custom_admin_password, _default_admin_password) }}'
no_log: true no_log: "{{ no_log }}"
- block: - block:
- name: Create admin password secret - name: Create admin password secret
k8s: k8s:
apply: true apply: true
definition: "{{ lookup('template', 'admin_password_secret.yaml.j2') }}" definition: "{{ lookup('template', 'admin_password_secret.yaml.j2') }}"
no_log: true no_log: "{{ no_log }}"
- name: Read admin password secret - name: Read admin password secret
k8s_info: k8s_info:
@@ -34,16 +34,16 @@
namespace: '{{ ansible_operator_meta.namespace }}' namespace: '{{ ansible_operator_meta.namespace }}'
name: '{{ ansible_operator_meta.name }}-admin-password' name: '{{ ansible_operator_meta.name }}-admin-password'
register: _generated_admin_password register: _generated_admin_password
no_log: true no_log: "{{ no_log }}"
when: not _admin_password_secret['resources'] | default([]) | length when: not _admin_password_secret['resources'] | default([]) | length
- name: Set admin password secret - name: Set admin password secret
set_fact: set_fact:
__admin_password_secret: '{{ _generated_admin_password["resources"] | default([]) | length | ternary(_generated_admin_password, _admin_password_secret) }}' __admin_password_secret: '{{ _generated_admin_password["resources"] | default([]) | length | ternary(_generated_admin_password, _admin_password_secret) }}'
no_log: true no_log: "{{ no_log }}"
- name: Store admin password - name: Store admin password
set_fact: set_fact:
admin_password: "{{ __admin_password_secret['resources'][0]['data']['password'] | b64decode }}" admin_password: "{{ __admin_password_secret['resources'][0]['data']['password'] | b64decode }}"
no_log: true no_log: "{{ no_log }}"

14
roles/installer/tasks/broadcast_websocket_configuration.yml
View File

@@ -5,7 +5,7 @@
namespace: '{{ ansible_operator_meta.namespace }}' namespace: '{{ ansible_operator_meta.namespace }}'
name: '{{ broadcast_websocket_secret }}' name: '{{ broadcast_websocket_secret }}'
register: _custom_broadcast_websocket register: _custom_broadcast_websocket
no_log: true no_log: "{{ no_log }}"
when: broadcast_websocket_secret | length when: broadcast_websocket_secret | length
- name: Check for default broadcast websocket secret configuration - name: Check for default broadcast websocket secret configuration
@@ -14,20 +14,20 @@
namespace: '{{ ansible_operator_meta.namespace }}' namespace: '{{ ansible_operator_meta.namespace }}'
name: '{{ ansible_operator_meta.name }}-broadcast-websocket' name: '{{ ansible_operator_meta.name }}-broadcast-websocket'
register: _default_broadcast_websocket register: _default_broadcast_websocket
no_log: true no_log: "{{ no_log }}"
- name: Set broadcast websocket secret - name: Set broadcast websocket secret
set_fact: set_fact:
# yamllint disable-line rule:line-length # yamllint disable-line rule:line-length
_broadcast_websocket_secret: '{{ _custom_broadcast_websocket["resources"] | default([]) | length | ternary(_custom_broadcast_websocket, _default_broadcast_websocket) }}' # noqa 204 _broadcast_websocket_secret: '{{ _custom_broadcast_websocket["resources"] | default([]) | length | ternary(_custom_broadcast_websocket, _default_broadcast_websocket) }}' # noqa 204
no_log: true no_log: "{{ no_log }}"
- block: - block:
- name: Create broadcast websocket secret - name: Create broadcast websocket secret
k8s: k8s:
apply: true apply: true
definition: "{{ lookup('template', 'broadcast_websocket_secret.yaml.j2') }}" definition: "{{ lookup('template', 'broadcast_websocket_secret.yaml.j2') }}"
no_log: true no_log: "{{ no_log }}"
- name: Read broadcast websocket secret - name: Read broadcast websocket secret
k8s_info: k8s_info:
@@ -35,7 +35,7 @@
namespace: '{{ ansible_operator_meta.namespace }}' namespace: '{{ ansible_operator_meta.namespace }}'
name: '{{ ansible_operator_meta.name }}-broadcast-websocket' name: '{{ ansible_operator_meta.name }}-broadcast-websocket'
register: _generated_broadcast_websocket register: _generated_broadcast_websocket
no_log: true no_log: "{{ no_log }}"
when: not _broadcast_websocket_secret['resources'] | default([]) | length when: not _broadcast_websocket_secret['resources'] | default([]) | length
@@ -43,9 +43,9 @@
set_fact: set_fact:
# yamllint disable-line rule:line-length # yamllint disable-line rule:line-length
__broadcast_websocket_secret: '{{ _generated_broadcast_websocket["resources"] | default([]) | length | ternary(_generated_broadcast_websocket, _broadcast_websocket_secret) }}' # noqa 204 __broadcast_websocket_secret: '{{ _generated_broadcast_websocket["resources"] | default([]) | length | ternary(_generated_broadcast_websocket, _broadcast_websocket_secret) }}' # noqa 204
no_log: true no_log: "{{ no_log }}"
- name: Store broadcast websocket secret name - name: Store broadcast websocket secret name
set_fact: set_fact:
broadcast_websocket_secret_value: "{{ __broadcast_websocket_secret['resources'][0]['data']['secret'] | b64decode }}" broadcast_websocket_secret_value: "{{ __broadcast_websocket_secret['resources'][0]['data']['secret'] | b64decode }}"
no_log: true no_log: "{{ no_log }}"

2
roles/installer/tasks/cleanup.yml
View File

@@ -23,6 +23,6 @@
- '{{ _secret_key }}' - '{{ _secret_key }}'
- '{{ _postgres_configuration }}' - '{{ _postgres_configuration }}'
- '{{ _broadcast_websocket_secret }}' - '{{ _broadcast_websocket_secret }}'
no_log: true no_log: "{{ no_log }}"
when: not garbage_collect_secrets | bool when: not garbage_collect_secrets | bool

20
roles/installer/tasks/database_configuration.yml
View File

@@ -6,7 +6,7 @@
name: '{{ postgres_configuration_secret }}' name: '{{ postgres_configuration_secret }}'
register: _custom_pg_config_resources register: _custom_pg_config_resources
when: postgres_configuration_secret | length when: postgres_configuration_secret | length
no_log: true no_log: "{{ no_log }}"
- name: Check for default PostgreSQL configuration - name: Check for default PostgreSQL configuration
k8s_info: k8s_info:
@@ -14,7 +14,7 @@
namespace: '{{ ansible_operator_meta.namespace }}' namespace: '{{ ansible_operator_meta.namespace }}'
name: '{{ ansible_operator_meta.name }}-postgres-configuration' name: '{{ ansible_operator_meta.name }}-postgres-configuration'
register: _default_pg_config_resources register: _default_pg_config_resources
no_log: true no_log: "{{ no_log }}"
- name: Check for specified old PostgreSQL configuration secret - name: Check for specified old PostgreSQL configuration secret
k8s_info: k8s_info:
@@ -23,7 +23,7 @@
name: '{{ old_postgres_configuration_secret }}' name: '{{ old_postgres_configuration_secret }}'
register: _custom_old_pg_config_resources register: _custom_old_pg_config_resources
when: old_postgres_configuration_secret | length when: old_postgres_configuration_secret | length
no_log: true no_log: "{{ no_log }}"
- name: Check for default old PostgreSQL configuration - name: Check for default old PostgreSQL configuration
k8s_info: k8s_info:
@@ -31,7 +31,7 @@
namespace: '{{ ansible_operator_meta.namespace }}' namespace: '{{ ansible_operator_meta.namespace }}'
name: '{{ ansible_operator_meta.name }}-old-postgres-configuration' name: '{{ ansible_operator_meta.name }}-old-postgres-configuration'
register: _default_old_pg_config_resources register: _default_old_pg_config_resources
no_log: true no_log: "{{ no_log }}"
- name: Set old PostgreSQL configuration - name: Set old PostgreSQL configuration
set_fact: set_fact:
@@ -45,7 +45,7 @@
when: when:
- old_pg_config['resources'] is defined - old_pg_config['resources'] is defined
- old_pg_config['resources'] | length - old_pg_config['resources'] | length
no_log: true no_log: "{{ no_log }}"
- name: Set default postgres image - name: Set default postgres image
set_fact: set_fact:
@@ -54,7 +54,7 @@
- name: Set PostgreSQL configuration - name: Set PostgreSQL configuration
set_fact: set_fact:
_pg_config: '{{ _custom_pg_config_resources["resources"] | default([]) | length | ternary(_custom_pg_config_resources, _default_pg_config_resources) }}' _pg_config: '{{ _custom_pg_config_resources["resources"] | default([]) | length | ternary(_custom_pg_config_resources, _default_pg_config_resources) }}'
no_log: true no_log: "{{ no_log }}"
- name: Set user provided postgres image - name: Set user provided postgres image
set_fact: set_fact:
@@ -72,7 +72,7 @@
k8s: k8s:
apply: true apply: true
definition: "{{ lookup('template', 'postgres_secret.yaml.j2') }}" definition: "{{ lookup('template', 'postgres_secret.yaml.j2') }}"
no_log: true no_log: "{{ no_log }}"
- name: Read Database Configuration - name: Read Database Configuration
k8s_info: k8s_info:
@@ -80,13 +80,13 @@
namespace: '{{ ansible_operator_meta.namespace }}' namespace: '{{ ansible_operator_meta.namespace }}'
name: '{{ ansible_operator_meta.name }}-postgres-configuration' name: '{{ ansible_operator_meta.name }}-postgres-configuration'
register: _generated_pg_config_resources register: _generated_pg_config_resources
no_log: true no_log: "{{ no_log }}"
when: not _pg_config['resources'] | default([]) | length when: not _pg_config['resources'] | default([]) | length
- name: Set PostgreSQL Configuration - name: Set PostgreSQL Configuration
set_fact: set_fact:
pg_config: '{{ _generated_pg_config_resources["resources"] | default([]) | length | ternary(_generated_pg_config_resources, _pg_config) }}' pg_config: '{{ _generated_pg_config_resources["resources"] | default([]) | length | ternary(_generated_pg_config_resources, _pg_config) }}'
no_log: true no_log: "{{ no_log }}"
- name: Set actual postgres configuration secret used - name: Set actual postgres configuration secret used
set_fact: set_fact:
@@ -140,7 +140,7 @@
awx_postgres_port: "{{ pg_config['resources'][0]['data']['port'] | b64decode }}" awx_postgres_port: "{{ pg_config['resources'][0]['data']['port'] | b64decode }}"
awx_postgres_host: "{{ pg_config['resources'][0]['data']['host'] | b64decode }}" awx_postgres_host: "{{ pg_config['resources'][0]['data']['host'] | b64decode }}"
awx_postgres_sslmode: "{{ pg_config['resources'][0]['data']['sslmode'] | default('prefer'|b64encode) | b64decode }}" awx_postgres_sslmode: "{{ pg_config['resources'][0]['data']['sslmode'] | default('prefer'|b64encode) | b64decode }}"
no_log: true no_log: "{{ no_log }}"
- name: Wait for Database to initialize if managed DB - name: Wait for Database to initialize if managed DB
k8s_info: k8s_info:

8
roles/installer/tasks/initialize_django.yml
View File

@@ -22,7 +22,7 @@
bash -c "echo \"from django.contrib.auth.models import User; bash -c "echo \"from django.contrib.auth.models import User;
User.objects.create_superuser('{{ admin_user }}', '{{ admin_email }}', '{{ admin_password }}')\" User.objects.create_superuser('{{ admin_user }}', '{{ admin_email }}', '{{ admin_password }}')\"
| awx-manage shell" | awx-manage shell"
no_log: true no_log: "{{ no_log }}"
when: users_result.return_code > 0 when: users_result.return_code > 0
- name: Check if legacy queue is present - name: Check if legacy queue is present
@@ -57,7 +57,7 @@
_execution_environments_pull_credentials: >- _execution_environments_pull_credentials: >-
{{ _custom_execution_environments_pull_credentials["resources"] | default([]) | length {{ _custom_execution_environments_pull_credentials["resources"] | default([]) | length
| ternary(_custom_execution_environments_pull_credentials, []) }} | ternary(_custom_execution_environments_pull_credentials, []) }}
no_log: true no_log: "{{ no_log }}"
- name: Register default execution environments (without authentication) - name: Register default execution environments (without authentication)
k8s_exec: k8s_exec:
@@ -78,7 +78,7 @@
default_execution_environment_pull_credentials_url: "{{ _execution_environments_pull_credentials['resources'][0]['data']['url'] | b64decode }}" default_execution_environment_pull_credentials_url: "{{ _execution_environments_pull_credentials['resources'][0]['data']['url'] | b64decode }}"
default_execution_environment_pull_credentials_url_verify: >- default_execution_environment_pull_credentials_url_verify: >-
{{ _execution_environments_pull_credentials['resources'][0]['data']['ssl_verify'] | default("True"|b64encode) | b64decode }} {{ _execution_environments_pull_credentials['resources'][0]['data']['ssl_verify'] | default("True"|b64encode) | b64decode }}
no_log: true no_log: "{{ no_log }}"
- name: Register default execution environments (with authentication) - name: Register default execution environments (with authentication)
k8s_exec: k8s_exec:
@@ -93,7 +93,7 @@
--verify-ssl='{{ default_execution_environment_pull_credentials_url_verify }}'" --verify-ssl='{{ default_execution_environment_pull_credentials_url_verify }}'"
register: ree register: ree
changed_when: "'changed: True' in ree.stdout" changed_when: "'changed: True' in ree.stdout"
no_log: true no_log: "{{ no_log }}"
when: _execution_environments_pull_credentials['resources'] | default([]) | length when: _execution_environments_pull_credentials['resources'] | default([]) | length
- name: Create preload data if necessary. # noqa 305 - name: Create preload data if necessary. # noqa 305

4
roles/installer/tasks/load_bundle_cacert_secret.yml
View File

@@ -5,10 +5,10 @@
namespace: '{{ ansible_operator_meta.namespace }}' namespace: '{{ ansible_operator_meta.namespace }}'
name: '{{ bundle_cacert_secret }}' name: '{{ bundle_cacert_secret }}'
register: bundle_cacert register: bundle_cacert
no_log: true no_log: "{{ no_log }}"
- name: Load bundle Certificate Authority Secret content - name: Load bundle Certificate Authority Secret content
set_fact: set_fact:
bundle_ca_crt: '{{ bundle_cacert["resources"][0]["data"]["bundle-ca.crt"] | b64decode }}' bundle_ca_crt: '{{ bundle_cacert["resources"][0]["data"]["bundle-ca.crt"] | b64decode }}'
no_log: true no_log: "{{ no_log }}"
when: '"bundle-ca.crt" in bundle_cacert["resources"][0]["data"]' when: '"bundle-ca.crt" in bundle_cacert["resources"][0]["data"]'

4
roles/installer/tasks/load_ldap_cacert_secret.yml
View File

@@ -5,10 +5,10 @@
namespace: '{{ ansible_operator_meta.namespace }}' namespace: '{{ ansible_operator_meta.namespace }}'
name: '{{ ldap_cacert_secret }}' name: '{{ ldap_cacert_secret }}'
register: ldap_cacert register: ldap_cacert
no_log: true no_log: "{{ no_log }}"
- name: Load LDAP CA Certificate Secret content - name: Load LDAP CA Certificate Secret content
set_fact: set_fact:
ldap_cacert_ca_crt: '{{ ldap_cacert["resources"][0]["data"]["ldap-ca.crt"] | b64decode }}' ldap_cacert_ca_crt: '{{ ldap_cacert["resources"][0]["data"]["ldap-ca.crt"] | b64decode }}'
no_log: true no_log: "{{ no_log }}"
when: '"ldap-ca.crt" in ldap_cacert["resources"][0]["data"]' when: '"ldap-ca.crt" in ldap_cacert["resources"][0]["data"]'

4
roles/installer/tasks/load_ldap_password_secret.yml
View File

@@ -5,10 +5,10 @@
namespace: '{{ ansible_operator_meta.namespace }}' namespace: '{{ ansible_operator_meta.namespace }}'
name: '{{ ldap_password_secret }}' name: '{{ ldap_password_secret }}'
register: ldap_password register: ldap_password
no_log: true no_log: "{{ no_log }}"
- name: Load LDAP bind password Secret content - name: Load LDAP bind password Secret content
set_fact: set_fact:
ldap_bind_password: '{{ ldap_password["resources"][0]["data"]["ldap-password"] | b64decode }}' ldap_bind_password: '{{ ldap_password["resources"][0]["data"]["ldap-password"] | b64decode }}'
no_log: true no_log: "{{ no_log }}"
when: '"ldap-password" in ldap_password["resources"][0]["data"]' when: '"ldap-password" in ldap_password["resources"][0]["data"]'

6
roles/installer/tasks/load_route_tls_secret.yml
View File

@@ -5,16 +5,16 @@
namespace: '{{ ansible_operator_meta.namespace }}' namespace: '{{ ansible_operator_meta.namespace }}'
name: '{{ route_tls_secret }}' name: '{{ route_tls_secret }}'
register: route_tls register: route_tls
no_log: true no_log: "{{ no_log }}"
- name: Load Route TLS Secret content - name: Load Route TLS Secret content
set_fact: set_fact:
route_tls_key: '{{ route_tls["resources"][0]["data"]["tls.key"] | b64decode }}' route_tls_key: '{{ route_tls["resources"][0]["data"]["tls.key"] | b64decode }}'
route_tls_crt: '{{ route_tls["resources"][0]["data"]["tls.crt"] | b64decode }}' route_tls_crt: '{{ route_tls["resources"][0]["data"]["tls.crt"] | b64decode }}'
no_log: true no_log: "{{ no_log }}"
- name: Load Route TLS Secret content - name: Load Route TLS Secret content
set_fact: set_fact:
route_ca_crt: '{{ route_tls["resources"][0]["data"]["ca.crt"] | b64decode }}' route_ca_crt: '{{ route_tls["resources"][0]["data"]["ca.crt"] | b64decode }}'
no_log: true no_log: "{{ no_log }}"
when: '"ca.crt" in route_tls["resources"][0]["data"]' when: '"ca.crt" in route_tls["resources"][0]["data"]'

8
roles/installer/tasks/migrate_data.yml
View File

@@ -11,7 +11,7 @@
awx_old_postgres_database: "{{ old_pg_config['resources'][0]['data']['database'] | b64decode }}" awx_old_postgres_database: "{{ old_pg_config['resources'][0]['data']['database'] | b64decode }}"
awx_old_postgres_port: "{{ old_pg_config['resources'][0]['data']['port'] | b64decode }}" awx_old_postgres_port: "{{ old_pg_config['resources'][0]['data']['port'] | b64decode }}"
awx_old_postgres_host: "{{ old_pg_config['resources'][0]['data']['host'] | b64decode }}" awx_old_postgres_host: "{{ old_pg_config['resources'][0]['data']['host'] | b64decode }}"
no_log: true no_log: "{{ no_log }}"
- name: Default label selector to custom resource generated postgres - name: Default label selector to custom resource generated postgres
set_fact: set_fact:
@@ -49,7 +49,7 @@
-d {{ awx_old_postgres_database }} -d {{ awx_old_postgres_database }}
-p {{ awx_old_postgres_port }} -p {{ awx_old_postgres_port }}
-F custom -F custom
no_log: true no_log: "{{ no_log }}"
- name: Set pg_restore command - name: Set pg_restore command
set_fact: set_fact:
@@ -57,7 +57,7 @@
pg_restore --clean --if-exists pg_restore --clean --if-exists
-U {{ database_username }} -U {{ database_username }}
-d {{ database_name }} -d {{ database_name }}
no_log: true no_log: "{{ no_log }}"
- name: Stream backup from pg_dump to the new postgresql container - name: Stream backup from pg_dump to the new postgresql container
k8s_exec: k8s_exec:
@@ -69,7 +69,7 @@
PGPASSWORD='{{ awx_old_postgres_pass }}' {{ pgdump }} | PGPASSWORD='{{ awx_postgres_pass }}' {{ pg_restore }} PGPASSWORD='{{ awx_old_postgres_pass }}' {{ pgdump }} | PGPASSWORD='{{ awx_postgres_pass }}' {{ pg_restore }}
echo 'Successful' echo 'Successful'
""" """
no_log: true no_log: "{{ no_log }}"
register: data_migration register: data_migration
failed_when: "'Successful' not in data_migration.stdout" failed_when: "'Successful' not in data_migration.stdout"

2
roles/installer/tasks/resources_configuration.yml
View File

@@ -40,7 +40,7 @@
- 'persistent' - 'persistent'
- 'service' - 'service'
- 'ingress' - 'ingress'
no_log: true no_log: "{{ no_log }}"
- name: Set default awx app image - name: Set default awx app image
set_fact: set_fact:

14
roles/installer/tasks/secret_key_configuration.yml
View File

@@ -5,7 +5,7 @@
namespace: '{{ ansible_operator_meta.namespace }}' namespace: '{{ ansible_operator_meta.namespace }}'
name: '{{ secret_key_secret }}' name: '{{ secret_key_secret }}'
register: _custom_secret_key register: _custom_secret_key
no_log: true no_log: "{{ no_log }}"
when: secret_key_secret | length when: secret_key_secret | length
- name: Check for default secret key configuration - name: Check for default secret key configuration
@@ -14,19 +14,19 @@
namespace: '{{ ansible_operator_meta.namespace }}' namespace: '{{ ansible_operator_meta.namespace }}'
name: '{{ ansible_operator_meta.name }}-secret-key' name: '{{ ansible_operator_meta.name }}-secret-key'
register: _default_secret_key register: _default_secret_key
no_log: true no_log: "{{ no_log }}"
- name: Set secret key secret - name: Set secret key secret
set_fact: set_fact:
_secret_key_secret: '{{ _custom_secret_key["resources"] | default([]) | length | ternary(_custom_secret_key, _default_secret_key) }}' _secret_key_secret: '{{ _custom_secret_key["resources"] | default([]) | length | ternary(_custom_secret_key, _default_secret_key) }}'
no_log: true no_log: "{{ no_log }}"
- block: - block:
- name: Create secret key secret - name: Create secret key secret
k8s: k8s:
apply: true apply: true
definition: "{{ lookup('template', 'secret_key.yaml.j2') }}" definition: "{{ lookup('template', 'secret_key.yaml.j2') }}"
no_log: true no_log: "{{ no_log }}"
- name: Read secret key secret - name: Read secret key secret
k8s_info: k8s_info:
@@ -34,16 +34,16 @@
namespace: '{{ ansible_operator_meta.namespace }}' namespace: '{{ ansible_operator_meta.namespace }}'
name: '{{ ansible_operator_meta.name }}-secret-key' name: '{{ ansible_operator_meta.name }}-secret-key'
register: _generated_secret_key register: _generated_secret_key
no_log: true no_log: "{{ no_log }}"
when: not _secret_key_secret['resources'] | default([]) | length when: not _secret_key_secret['resources'] | default([]) | length
- name: Set secret key secret - name: Set secret key secret
set_fact: set_fact:
__secret_key_secret: '{{ _generated_secret_key["resources"] | default([]) | length | ternary(_generated_secret_key, _secret_key_secret) }}' __secret_key_secret: '{{ _generated_secret_key["resources"] | default([]) | length | ternary(_generated_secret_key, _secret_key_secret) }}'
no_log: true no_log: "{{ no_log }}"
- name: Store secret key secret name - name: Store secret key secret name
set_fact: set_fact:
secret_key_secret_name: "{{ __secret_key_secret['resources'][0]['metadata']['name'] }}" secret_key_secret_name: "{{ __secret_key_secret['resources'][0]['metadata']['name'] }}"
no_log: true no_log: "{{ no_log }}"

3
roles/restore/defaults/main.yml
View File

@@ -10,3 +10,6 @@ backup_pvc_namespace: '{{ ansible_operator_meta.namespace }}'
# Required: backup name, found on the awxbackup object # Required: backup name, found on the awxbackup object
backup_dir: '' backup_dir: ''
# Set no_log settings on certain tasks
no_log: 'true'

2
roles/restore/tasks/cleanup.yml
View File

@@ -22,7 +22,7 @@
- '{{ admin_password_secret }}' - '{{ admin_password_secret }}'
- '{{ broadcast_websocket_secret }}' - '{{ broadcast_websocket_secret }}'
- '{{ postgres_configuration_secret }}' - '{{ postgres_configuration_secret }}'
no_log: true no_log: "{{ no_log }}"
- name: Cleanup temp spec file - name: Cleanup temp spec file
file: file:

10
roles/restore/tasks/postgres.yml
View File

@@ -10,7 +10,7 @@
namespace: '{{ ansible_operator_meta.namespace }}' namespace: '{{ ansible_operator_meta.namespace }}'
name: '{{ postgres_configuration_secret }}' name: '{{ postgres_configuration_secret }}'
register: pg_config register: pg_config
no_log: true no_log: "{{ no_log }}"
- name: Store Database Configuration - name: Store Database Configuration
set_fact: set_fact:
@@ -20,7 +20,7 @@
awx_postgres_port: "{{ pg_config['resources'][0]['data']['port'] | b64decode }}" awx_postgres_port: "{{ pg_config['resources'][0]['data']['port'] | b64decode }}"
awx_postgres_host: "{{ pg_config['resources'][0]['data']['host'] | b64decode }}" awx_postgres_host: "{{ pg_config['resources'][0]['data']['host'] | b64decode }}"
awx_postgres_type: "{{ pg_config['resources'][0]['data']['type'] | b64decode | default('unmanaged') }}" awx_postgres_type: "{{ pg_config['resources'][0]['data']['type'] | b64decode | default('unmanaged') }}"
no_log: true no_log: "{{ no_log }}"
- name: Default label selector to custom resource generated postgres - name: Default label selector to custom resource generated postgres
set_fact: set_fact:
@@ -66,7 +66,7 @@
- name: Set full resolvable host name for postgres pod - name: Set full resolvable host name for postgres pod
set_fact: set_fact:
resolvable_db_host: "{{ awx_postgres_host }}.{{ ansible_operator_meta.namespace }}.svc.cluster.local" resolvable_db_host: "{{ awx_postgres_host }}.{{ ansible_operator_meta.namespace }}.svc.cluster.local"
no_log: true no_log: "{{ no_log }}"
when: awx_postgres_type == 'managed' when: awx_postgres_type == 'managed'
- name: Set pg_restore command - name: Set pg_restore command
@@ -78,7 +78,7 @@
-U {{ awx_postgres_user }} -U {{ awx_postgres_user }}
-d {{ awx_postgres_database }} -d {{ awx_postgres_database }}
-p {{ awx_postgres_port }} -p {{ awx_postgres_port }}
no_log: true no_log: "{{ no_log }}"
- name: Restore database dump to the new postgresql container - name: Restore database dump to the new postgresql container
k8s_exec: k8s_exec:
@@ -91,5 +91,5 @@
echo 'Successful' echo 'Successful'
""" """
register: data_migration register: data_migration
no_log: true no_log: "{{ no_log }}"
failed_when: "'Successful' not in data_migration.stdout" failed_when: "'Successful' not in data_migration.stdout"

20
roles/restore/tasks/secrets.yml
View File

@@ -7,7 +7,7 @@
command: >- command: >-
bash -c "cat '{{ backup_dir }}/secrets.yml'" bash -c "cat '{{ backup_dir }}/secrets.yml'"
register: _secrets register: _secrets
no_log: true no_log: "{{ no_log }}"
- name: Create Temporary secrets file - name: Create Temporary secrets file
tempfile: tempfile:
@@ -20,38 +20,38 @@
dest: "{{ tmp_secrets.path }}" dest: "{{ tmp_secrets.path }}"
content: "{{ _secrets.stdout }}" content: "{{ _secrets.stdout }}"
mode: 0640 mode: 0640
no_log: true no_log: "{{ no_log }}"
- name: Include secret vars from backup - name: Include secret vars from backup
include_vars: "{{ tmp_secrets.path }}" include_vars: "{{ tmp_secrets.path }}"
no_log: true no_log: "{{ no_log }}"
- name: If deployment is managed, set the database_host in the pg config secret - name: If deployment is managed, set the database_host in the pg config secret
block: block:
- name: Set new database host - name: Set new database host
set_fact: set_fact:
database_host: "{{ deployment_name }}-postgres" database_host: "{{ deployment_name }}-postgres"
no_log: true no_log: "{{ no_log }}"
- name: Set tmp postgres secret dict - name: Set tmp postgres secret dict
set_fact: set_fact:
_pg_secret: "{{ secrets['postgresConfigurationSecret'] }}" _pg_secret: "{{ secrets['postgresConfigurationSecret'] }}"
no_log: true no_log: "{{ no_log }}"
- name: Change postgres host value - name: Change postgres host value
set_fact: set_fact:
_pg_data: "{{ _pg_secret['data'] | combine({'host': database_host | b64encode }) }}" _pg_data: "{{ _pg_secret['data'] | combine({'host': database_host | b64encode }) }}"
no_log: true no_log: "{{ no_log }}"
- name: Create a postgres secret with the new host value - name: Create a postgres secret with the new host value
set_fact: set_fact:
_pg_secret: "{{ _pg_secret | combine({'data': _pg_data}) }}" _pg_secret: "{{ _pg_secret | combine({'data': _pg_data}) }}"
no_log: true no_log: "{{ no_log }}"
- name: Create a new dict of secrets with the new postgres secret - name: Create a new dict of secrets with the new postgres secret
set_fact: set_fact:
secrets: "{{ secrets | combine({'postgresConfigurationSecret': _pg_secret}) }}" secrets: "{{ secrets | combine({'postgresConfigurationSecret': _pg_secret}) }}"
no_log: true no_log: "{{ no_log }}"
when: secrets['postgresConfigurationSecret']['data']['type'] | b64decode == 'managed' when: secrets['postgresConfigurationSecret']['data']['type'] | b64decode == 'managed'
- name: Apply secret - name: Apply secret
@@ -61,7 +61,7 @@
apply: yes apply: yes
wait: yes wait: yes
definition: "{{ lookup('template', 'secrets.yml.j2') }}" definition: "{{ lookup('template', 'secrets.yml.j2') }}"
no_log: true no_log: "{{ no_log }}"
- name: Remove ownerReference on restored secrets - name: Remove ownerReference on restored secrets
k8s: k8s:
@@ -73,4 +73,4 @@
namespace: '{{ ansible_operator_meta.namespace }}' namespace: '{{ ansible_operator_meta.namespace }}'
ownerReferences: null ownerReferences: null
loop: "{{ secrets | dict2items }}" loop: "{{ secrets | dict2items }}"
no_log: true no_log: "{{ no_log }}"