idiomatic postgres configuration

renaming some files to match the awx operator status
2026-03-27 05:43:11 +00:00 · 2020-07-17 14:47:29 -04:00
parent 8e683ab950
commit ebc402141a
9 changed files with 105 additions and 105 deletions
--- a/deploy/crds/tower_v1beta1_tower_cr_awx.yaml
+++ b/deploy/crds/tower_v1beta1_tower_cr_awx.yaml
@@ -32,7 +32,5 @@ spec:

  tower_redis_image: redis:latest

-  tower_postgres_pass: awxpass
-  tower_postgres_image: postgres:10
  tower_postgres_storage_request: 8Gi
  tower_postgres_storage_class: ''
--- a/deploy/crds/awx_v1beta1_crd.yaml
+++ b/deploy/crds/awx_v1beta1_crd.yaml
@@ -0,0 +1,55 @@
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: awxs.awx.ansible.com
+spec:
+  group: awx.ansible.com
+  names:
+    kind: AWX
+    listKind: AWXList
+    plural: awxs
+    singular: awx
+  scope: Namespaced
+  subresources:
+    status: {}
+  version: v1beta1
+  versions:
+    - name: v1beta1
+      served: true
+      storage: true
+  validation:
+    openAPIV3Schema:
+      description: Schema validation for the AWX CRD
+      type: object
+      properties:
+        spec:
+          type: object
+          properties:
+            deployment_type:
+              type: string
+              pattern: "^(tower|awx)(-)?.*$"
+            external_database:
+              type: bool
+              description: |
+                If true you must supply a secret containing the location and credentials for
+                connecting to the external database by a user who has permission to create
+                and apply a schema.
+
+                The secret should have the name: <custom resource name>-postgres-configuration and
+                should look like:
+                
+                apiVersion: v1
+                kind: Secret
+                metadata:
+                  name: <crname>-postgres-configuration
+                  namespace: <target namespace>
+                stringData:
+                  address: <external ip or url resolvable by the cluster>
+                  port: <external port, this usually defaults to 5432>
+                  database: <desired database name>
+                  username: <username to connect as>
+                  password: <password to connect with>
+                type: Opaque
+          required:
+            - deployment_type
--- a/deploy/crds/tower_v1beta1_tower_cr_molecule.yaml
+++ b/deploy/crds/tower_v1beta1_tower_cr_molecule.yaml
--- a/deploy/crds/tower_v1beta1_tower_cr_tower.yaml
+++ b/deploy/crds/tower_v1beta1_tower_cr_tower.yaml
@@ -1,38 +0,0 @@
---
-apiVersion: awx.ansible.com/v1beta1
-kind: AWX
-metadata:
-  name: example-tower
-  namespace: example-tower
-spec:
-  deployment_type: tower
-  tower_ingress_type: none
-  tower_task_privileged: false
-
-  tower_hostname: example-tower.test
-  tower_secret_key: aabbcc
-  tower_broadcast_websocket_secret: changeme
-
-  tower_admin_user: test
-  tower_admin_email: test@example.com
-  tower_admin_password: changeme
-
-  tower_task_image: registry.redhat.io/ansible-tower-37/ansible-tower-rhel7:3.7.0
-  tower_web_image: registry.redhat.io/ansible-tower-37/ansible-tower-rhel7:3.7.0
-
-  tower_task_mem_request: 1Gi
-  tower_task_cpu_request: 500m
-
-  tower_web_mem_request: 2Gi
-  tower_web_cpu_request: 1000m
-
-  tower_create_preload_data: true
-
-  tower_memcached_image: memcached:alpine
-
-  tower_redis_image: redis:latest
-
-  tower_postgres_pass: awxpass
-  tower_postgres_image: postgres:10
-  tower_postgres_storage_request: 8Gi
-  tower_postgres_storage_class: ''
--- a/deploy/crds/tower_v1beta1_tower_crd.yaml
+++ b/deploy/crds/tower_v1beta1_tower_crd.yaml
@@ -1,33 +0,0 @@
---
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: awxs.awx.ansible.com
-spec:
-  group: awx.ansible.com
-  names:
-    kind: AWX
-    listKind: AWXList
-    plural: awxs
-    singular: awx
-  scope: Namespaced
-  subresources:
-    status: {}
-  version: v1beta1
-  versions:
-    - name: v1beta1
-      served: true
-      storage: true
-  validation:
-    openAPIV3Schema:
-      description: Schema validation for the AWX CRD
-      type: object
-      properties:
-        spec:
-          type: object
-          properties:
-            deployment_type:
-              type: string
-              pattern: "^(tower|awx)(-)?.*$"
-          required:
-            - deployment_type
--- a/roles/awx/tasks/main.yml
+++ b/roles/awx/tasks/main.yml
@@ -2,13 +2,34 @@
 - name: Include deployment type vars
  include_vars: "{{ deployment_type }}.yml"

+- name: Create Database if External Database not selected
+  k8s:
+    apply: yes
+    definition: "{{ lookup('template', 'tower_postgres.yaml.j2') }}"
+  register: k8s_postgres_result
+  when: not external_database | default(False) | bool
+
+- name: Read Database Configuration
+  k8s_info:
+    kind: Secret
+    namespace: '{{ meta.namespace }}'
+    name: '{{ meta.name }}-postgres-configuration'
+  register: postgres_configuration
+
+- name: Store Database Configuration
+  set_fact:
+    awx_postgres_user: "{{ postgres_configuration['resources'][0]['data']['username'] | b64decode }}"
+    awx_postgres_pass: "{{ postgres_configuration['resources'][0]['data']['password'] | b64decode }}"
+    awx_postgres_database: "{{ postgres_configuration['resources'][0]['data']['database'] | b64decode }}"
+    awx_postgres_port: "{{ postgres_configuration['resources'][0]['data']['port'] | b64decode }}"
+    awx_postgres_host: "{{ postgres_configuration['resources'][0]['data']['host'] | b64decode }}"
+
 - name: Ensure configured AWX resources exist in the cluster.
  k8s:
    apply: yes
    definition: "{{ lookup('template', item) | from_yaml_all | list }}"
  register: k8s_defs_result
  with_items:
-    - tower_postgres.yaml.j2
    - tower_config.yaml.j2
    - launch_awx.yaml.j2
    - supervisor.yaml.j2
@@ -54,17 +75,3 @@
  when: (k8s_defs_result is changed) or (database_check is defined and database_check.rc != 0)

 - include_tasks: initialize.yml
-
- name: Scale the awx deployment to 0 replicas after migration.
-  k8s:
-    definition: "{{ lookup('template', 'tower.yaml.j2') | from_yaml_all | list }}"
-  vars:
-    tower_replicas: "0"
-  when: migrate_result and migrate_result.changed
-
- name: Scale the awx deployment back to 1 replica after migration.
-  k8s:
-    definition: "{{ lookup('template', 'tower.yaml.j2') | from_yaml_all | list }}"
-  vars:
-    tower_replicas: "1"
-  when: migrate_result and migrate_result.changed
--- a/roles/awx/templates/credentials.py.j2
+++ b/roles/awx/templates/credentials.py.j2
@@ -2,11 +2,11 @@ DATABASES = {
    'default': {
        'ATOMIC_REQUESTS': True,
        'ENGINE': 'awx.main.db.profiled_pg',
-        'NAME': "awx",
-        'USER': "awx",
-        'PASSWORD': "{{ tower_postgres_pass }}",
-        'HOST': '{{ meta.name }}-postgres',
-        'PORT': "{{ tower_postgres_port }}",
+        'NAME': "{{ awx_postgres_database }}",
+        'USER': "{{ awx_postgres_user }}",
+        'PASSWORD': "{{ awx_postgres_pass }}",
+        'HOST': '{{ awx_postgres_host }}',
+        'PORT': "{{ awx_postgres_port }}",
        'OPTIONS': { 'sslmode': '{{ pg_sslmode|default("prefer") }}',
                     'sslrootcert': '{{ ca_trust_bundle }}',
        },
--- a/roles/awx/templates/environment.sh.j2
+++ b/roles/awx/templates/environment.sh.j2
@@ -1,5 +1,5 @@
-DATABASE_USER=awx
-DATABASE_NAME=awx
-DATABASE_HOST={{ meta.name }}-postgres
-DATABASE_PORT={{ tower_postgres_port }}
-DATABASE_PASSWORD={{ tower_postgres_pass }}
+DATABASE_USER={{ awx_postgres_user }}
+DATABASE_NAME={{ awx_postgres_database }}
+DATABASE_HOST={{ awx_postgres_host }}
+DATABASE_PORT={{ awx_postgres_port }}
+DATABASE_PASSWORD={{ awx_postgres_pass }}
--- a/roles/awx/templates/tower_postgres.yaml.j2
+++ b/roles/awx/templates/tower_postgres.yaml.j2
@@ -3,10 +3,15 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: '{{ meta.name }}-postgres-pass'
+  name: '{{ meta.name }}-postgres-configuration'
  namespace: '{{ meta.namespace }}'
-data:
-  password: '{{ tower_postgres_pass | b64encode }}'
+stringData:
+  password: '{{ lookup('password', 'p' + meta.name + 'pg length=32 chars=ascii_letters,digits') }}'
+  username: 'awx'
+  database: 'awx'
+  port: '5432'
+  host: {{ meta.name }}-postgres
+

 # Postgres StatefulSet.
 ---
@@ -35,18 +40,24 @@ spec:
          name: postgres
          env:
            - name: POSTGRES_DB
-              value: awx
+              valueFrom:
+                secretKeyRef:
+                  name: '{{ meta.name }}-postgres-configuration'
+                  key: database
            - name: POSTGRES_USER
-              value: awx
+              valueFrom:
+                secretKeyRef:
+                  name: '{{ meta.name }}-postgres-configuration'
+                  key: username
            - name: POSTGRES_PASSWORD
              valueFrom:
                secretKeyRef:
-                  name: '{{ meta.name }}-postgres-pass'
+                  name: '{{ meta.name }}-postgres-configuration'
                  key: password
            - name: PGDATA
              value: '{{ tower_postgres_data_path }}'
          ports:
-            - containerPort: 3306
+            - containerPort: 5432
              name: postgres
          volumeMounts:
            - name: postgres