From ebc402141a6872fca7e184c191baf3af7846fd34 Mon Sep 17 00:00:00 2001 From: Matthew Jones Date: Fri, 17 Jul 2020 14:47:29 -0400 Subject: [PATCH] idiomatic postgres configuration renaming some files to match the awx operator status --- ..._tower_cr_awx.yaml => awx_v1beta1_cr.yaml} | 2 - deploy/crds/awx_v1beta1_crd.yaml | 55 +++++++++++++++++++ ...olecule.yaml => awx_v1beta1_molecule.yaml} | 0 deploy/crds/tower_v1beta1_tower_cr_tower.yaml | 38 ------------- deploy/crds/tower_v1beta1_tower_crd.yaml | 33 ----------- roles/awx/tasks/main.yml | 37 ++++++++----- roles/awx/templates/credentials.py.j2 | 10 ++-- roles/awx/templates/environment.sh.j2 | 10 ++-- roles/awx/templates/tower_postgres.yaml.j2 | 25 ++++++--- 9 files changed, 105 insertions(+), 105 deletions(-) rename deploy/crds/{tower_v1beta1_tower_cr_awx.yaml => awx_v1beta1_cr.yaml} (92%) create mode 100644 deploy/crds/awx_v1beta1_crd.yaml rename deploy/crds/{tower_v1beta1_tower_cr_molecule.yaml => awx_v1beta1_molecule.yaml} (100%) delete mode 100644 deploy/crds/tower_v1beta1_tower_cr_tower.yaml delete mode 100644 deploy/crds/tower_v1beta1_tower_crd.yaml diff --git a/deploy/crds/tower_v1beta1_tower_cr_awx.yaml b/deploy/crds/awx_v1beta1_cr.yaml similarity index 92% rename from deploy/crds/tower_v1beta1_tower_cr_awx.yaml rename to deploy/crds/awx_v1beta1_cr.yaml index bd7f3b6b..543a9b89 100644 --- a/deploy/crds/tower_v1beta1_tower_cr_awx.yaml +++ b/deploy/crds/awx_v1beta1_cr.yaml @@ -32,7 +32,5 @@ spec: tower_redis_image: redis:latest - tower_postgres_pass: awxpass - tower_postgres_image: postgres:10 tower_postgres_storage_request: 8Gi tower_postgres_storage_class: '' diff --git a/deploy/crds/awx_v1beta1_crd.yaml b/deploy/crds/awx_v1beta1_crd.yaml new file mode 100644 index 00000000..4b43674f --- /dev/null +++ b/deploy/crds/awx_v1beta1_crd.yaml @@ -0,0 +1,55 @@ +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: awxs.awx.ansible.com +spec: + group: awx.ansible.com + names: + kind: AWX + listKind: AWXList + plural: awxs + singular: awx + scope: Namespaced + subresources: + status: {} + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true + validation: + openAPIV3Schema: + description: Schema validation for the AWX CRD + type: object + properties: + spec: + type: object + properties: + deployment_type: + type: string + pattern: "^(tower|awx)(-)?.*$" + external_database: + type: bool + description: | + If true you must supply a secret containing the location and credentials for + connecting to the external database by a user who has permission to create + and apply a schema. + + The secret should have the name: -postgres-configuration and + should look like: + + apiVersion: v1 + kind: Secret + metadata: + name: -postgres-configuration + namespace: + stringData: + address: + port: + database: + username: + password: + type: Opaque + required: + - deployment_type diff --git a/deploy/crds/tower_v1beta1_tower_cr_molecule.yaml b/deploy/crds/awx_v1beta1_molecule.yaml similarity index 100% rename from deploy/crds/tower_v1beta1_tower_cr_molecule.yaml rename to deploy/crds/awx_v1beta1_molecule.yaml diff --git a/deploy/crds/tower_v1beta1_tower_cr_tower.yaml b/deploy/crds/tower_v1beta1_tower_cr_tower.yaml deleted file mode 100644 index 55501c90..00000000 --- a/deploy/crds/tower_v1beta1_tower_cr_tower.yaml +++ /dev/null @@ -1,38 +0,0 @@ ---- -apiVersion: awx.ansible.com/v1beta1 -kind: AWX -metadata: - name: example-tower - namespace: example-tower -spec: - deployment_type: tower - tower_ingress_type: none - tower_task_privileged: false - - tower_hostname: example-tower.test - tower_secret_key: aabbcc - tower_broadcast_websocket_secret: changeme - - tower_admin_user: test - tower_admin_email: test@example.com - tower_admin_password: changeme - - tower_task_image: registry.redhat.io/ansible-tower-37/ansible-tower-rhel7:3.7.0 - tower_web_image: registry.redhat.io/ansible-tower-37/ansible-tower-rhel7:3.7.0 - - tower_task_mem_request: 1Gi - tower_task_cpu_request: 500m - - tower_web_mem_request: 2Gi - tower_web_cpu_request: 1000m - - tower_create_preload_data: true - - tower_memcached_image: memcached:alpine - - tower_redis_image: redis:latest - - tower_postgres_pass: awxpass - tower_postgres_image: postgres:10 - tower_postgres_storage_request: 8Gi - tower_postgres_storage_class: '' diff --git a/deploy/crds/tower_v1beta1_tower_crd.yaml b/deploy/crds/tower_v1beta1_tower_crd.yaml deleted file mode 100644 index 09be8e3a..00000000 --- a/deploy/crds/tower_v1beta1_tower_crd.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: awxs.awx.ansible.com -spec: - group: awx.ansible.com - names: - kind: AWX - listKind: AWXList - plural: awxs - singular: awx - scope: Namespaced - subresources: - status: {} - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true - validation: - openAPIV3Schema: - description: Schema validation for the AWX CRD - type: object - properties: - spec: - type: object - properties: - deployment_type: - type: string - pattern: "^(tower|awx)(-)?.*$" - required: - - deployment_type diff --git a/roles/awx/tasks/main.yml b/roles/awx/tasks/main.yml index d4d4429e..b71b3bff 100644 --- a/roles/awx/tasks/main.yml +++ b/roles/awx/tasks/main.yml @@ -2,13 +2,34 @@ - name: Include deployment type vars include_vars: "{{ deployment_type }}.yml" +- name: Create Database if External Database not selected + k8s: + apply: yes + definition: "{{ lookup('template', 'tower_postgres.yaml.j2') }}" + register: k8s_postgres_result + when: not external_database | default(False) | bool + +- name: Read Database Configuration + k8s_info: + kind: Secret + namespace: '{{ meta.namespace }}' + name: '{{ meta.name }}-postgres-configuration' + register: postgres_configuration + +- name: Store Database Configuration + set_fact: + awx_postgres_user: "{{ postgres_configuration['resources'][0]['data']['username'] | b64decode }}" + awx_postgres_pass: "{{ postgres_configuration['resources'][0]['data']['password'] | b64decode }}" + awx_postgres_database: "{{ postgres_configuration['resources'][0]['data']['database'] | b64decode }}" + awx_postgres_port: "{{ postgres_configuration['resources'][0]['data']['port'] | b64decode }}" + awx_postgres_host: "{{ postgres_configuration['resources'][0]['data']['host'] | b64decode }}" + - name: Ensure configured AWX resources exist in the cluster. k8s: apply: yes definition: "{{ lookup('template', item) | from_yaml_all | list }}" register: k8s_defs_result with_items: - - tower_postgres.yaml.j2 - tower_config.yaml.j2 - launch_awx.yaml.j2 - supervisor.yaml.j2 @@ -54,17 +75,3 @@ when: (k8s_defs_result is changed) or (database_check is defined and database_check.rc != 0) - include_tasks: initialize.yml - -- name: Scale the awx deployment to 0 replicas after migration. - k8s: - definition: "{{ lookup('template', 'tower.yaml.j2') | from_yaml_all | list }}" - vars: - tower_replicas: "0" - when: migrate_result and migrate_result.changed - -- name: Scale the awx deployment back to 1 replica after migration. - k8s: - definition: "{{ lookup('template', 'tower.yaml.j2') | from_yaml_all | list }}" - vars: - tower_replicas: "1" - when: migrate_result and migrate_result.changed diff --git a/roles/awx/templates/credentials.py.j2 b/roles/awx/templates/credentials.py.j2 index abb074d0..3a566752 100644 --- a/roles/awx/templates/credentials.py.j2 +++ b/roles/awx/templates/credentials.py.j2 @@ -2,11 +2,11 @@ DATABASES = { 'default': { 'ATOMIC_REQUESTS': True, 'ENGINE': 'awx.main.db.profiled_pg', - 'NAME': "awx", - 'USER': "awx", - 'PASSWORD': "{{ tower_postgres_pass }}", - 'HOST': '{{ meta.name }}-postgres', - 'PORT': "{{ tower_postgres_port }}", + 'NAME': "{{ awx_postgres_database }}", + 'USER': "{{ awx_postgres_user }}", + 'PASSWORD': "{{ awx_postgres_pass }}", + 'HOST': '{{ awx_postgres_host }}', + 'PORT': "{{ awx_postgres_port }}", 'OPTIONS': { 'sslmode': '{{ pg_sslmode|default("prefer") }}', 'sslrootcert': '{{ ca_trust_bundle }}', }, diff --git a/roles/awx/templates/environment.sh.j2 b/roles/awx/templates/environment.sh.j2 index 420c99bd..a8821d49 100644 --- a/roles/awx/templates/environment.sh.j2 +++ b/roles/awx/templates/environment.sh.j2 @@ -1,5 +1,5 @@ -DATABASE_USER=awx -DATABASE_NAME=awx -DATABASE_HOST={{ meta.name }}-postgres -DATABASE_PORT={{ tower_postgres_port }} -DATABASE_PASSWORD={{ tower_postgres_pass }} +DATABASE_USER={{ awx_postgres_user }} +DATABASE_NAME={{ awx_postgres_database }} +DATABASE_HOST={{ awx_postgres_host }} +DATABASE_PORT={{ awx_postgres_port }} +DATABASE_PASSWORD={{ awx_postgres_pass }} diff --git a/roles/awx/templates/tower_postgres.yaml.j2 b/roles/awx/templates/tower_postgres.yaml.j2 index 54feebc3..8962bf0c 100644 --- a/roles/awx/templates/tower_postgres.yaml.j2 +++ b/roles/awx/templates/tower_postgres.yaml.j2 @@ -3,10 +3,15 @@ apiVersion: v1 kind: Secret metadata: - name: '{{ meta.name }}-postgres-pass' + name: '{{ meta.name }}-postgres-configuration' namespace: '{{ meta.namespace }}' -data: - password: '{{ tower_postgres_pass | b64encode }}' +stringData: + password: '{{ lookup('password', 'p' + meta.name + 'pg length=32 chars=ascii_letters,digits') }}' + username: 'awx' + database: 'awx' + port: '5432' + host: {{ meta.name }}-postgres + # Postgres StatefulSet. --- @@ -35,18 +40,24 @@ spec: name: postgres env: - name: POSTGRES_DB - value: awx + valueFrom: + secretKeyRef: + name: '{{ meta.name }}-postgres-configuration' + key: database - name: POSTGRES_USER - value: awx + valueFrom: + secretKeyRef: + name: '{{ meta.name }}-postgres-configuration' + key: username - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - name: '{{ meta.name }}-postgres-pass' + name: '{{ meta.name }}-postgres-configuration' key: password - name: PGDATA value: '{{ tower_postgres_data_path }}' ports: - - containerPort: 3306 + - containerPort: 5432 name: postgres volumeMounts: - name: postgres