Issue #5: More work towards getting k8s_exec module working in Operator.

2026-03-26 21:33:14 +00:00 · 2019-11-12 17:38:45 -06:00
parent f642f01de6
commit f24355c66b
6 changed files with 72 additions and 5 deletions
--- a/README.md
+++ b/README.md
@@ -25,6 +25,7 @@ So instead of having to maintain a separate playbook, inventory, and installatio
      tower_secret_key: aabbcc
      
      tower_admin_user: test
+      tower_admin_email: test@example.com
      tower_admin_password: changeme

 After a few minutes, your new Tower instance will be accessible at `http://tower.mycompany.com/` (assuming your cluster has an Ingress controller configured).
--- a/deploy/crds/tower_v1alpha1_tower_cr.yaml
+++ b/deploy/crds/tower_v1alpha1_tower_cr.yaml
@@ -8,6 +8,7 @@ spec:
  tower_secret_key: aabbcc

  tower_admin_user: test
+  tower_admin_email: test@example.com
  tower_admin_password: changeme

  # Use these for Ansible Tower.
--- a/deploy/role.yaml
+++ b/deploy/role.yaml
@@ -46,8 +46,9 @@ rules:
 - apiGroups:
  - ""
  resources:
-  - pods
+  - pods/exec
  verbs:
+  - create
  - get
 - apiGroups:
  - apps
--- a/roles/tower/defaults/main.yml
+++ b/roles/tower/defaults/main.yml
@@ -3,6 +3,7 @@ tower_hostname: example-tower.test
 tower_secret_key: aabbcc

 tower_admin_user: test
+tower_admin_email: test@example.com
 tower_admin_password: changeme

 # Use these image versions for Ansible Tower.
--- a/roles/tower/library/k8s_exec.py
+++ b/roles/tower/library/k8s_exec.py
@@ -1,6 +1,3 @@
-#!/usr/bin/python
-# See: https://github.com/ansible/ansible/pull/55029
-
 from __future__ import absolute_import, division, print_function

 __metaclass__ = type
@@ -39,6 +36,11 @@ options:
    - The pod name
    type: str
    required: yes
+  container:
+    description:
+    - The name of the container in the pod to connect to. Defaults to only container if there is only one container in the pod.
+    type: str
+    required: no
  command:
    description:
    - The command to execute
@@ -94,6 +96,7 @@ class KubernetesExecCommand(KubernetesAnsibleModule):
        spec = copy.deepcopy(AUTH_ARG_SPEC)
        spec['namespace'] = {'type': 'str'}
        spec['pod'] = {'type': 'str'}
+        spec['container'] = {'type': 'str'}
        spec['command'] = {'type': 'str'}
        return spec

@@ -103,6 +106,11 @@ def main():
    # Load kubernetes.client.Configuration
    module.get_api_client()
    api = core_v1_api.CoreV1Api()
+
+    # hack because passing the container as None breaks things
+    optional_kwargs = {}
+    if module.params.get('container'):
+        optional_kwargs['container'] = module.params['container']
    resp = stream(
        api.connect_get_namespaced_pod_exec,
        module.params["pod"],
@@ -112,7 +120,7 @@ def main():
        stderr=True,
        stdin=False,
        tty=False,
-        _preload_content=False)
+        _preload_content=False, **optional_kwargs)
    stdout, stderr = [], []
    while resp.is_open():
        resp.update(timeout=1)
--- a/roles/tower/tasks/main.yml
+++ b/roles/tower/tasks/main.yml
@@ -2,6 +2,7 @@
 - name: Ensure configured Tower resources exist in the cluster.
  k8s:
    definition: "{{ lookup('template', item) | from_yaml_all | list }}"
+  register: k8s_defs_result
  with_items:
    - tower_memcached.yaml.j2
    - tower_postgres.yaml.j2
@@ -9,3 +10,57 @@
    - tower_config.yaml.j2
    - tower.yaml.j2
    - tower_task.yaml.j2
+
+- name: Get the Tower web pod information.
+  # TODO: Change to k8s_info after Ansible 2.9.0 is available in Operator image.
+  k8s_facts:
+    kind: Pod
+    namespace: example-tower
+    label_selectors:
+      - app=tower
+  register: tower_pods
+
+- name: Set the tower pod name as a variable.
+  set_fact:
+    tower_pod_name: "{{ tower_pods['resources'][0]['metadata']['name'] }}"
+
+- name: Verify tower_pod_name is populated.
+  assert:
+    that: tower_pod_name != ''
+    fail_msg: "Could not find the tower pod's name."
+
+- name: Migrate the database if the K8s resources were updated.
+  k8s_exec:
+    namespace: '{{ meta.namespace }}'
+    pod: '{{ tower_pod_name }}'
+    command: awx-manage migrate --noinput
+  when: k8s_defs_result is changed
+
+- name: Check if there are any Tower super users defined.
+  k8s_exec:
+    namespace: '{{ meta.namespace }}'
+    pod: '{{ tower_pod_name }}'
+    command: >
+      echo 'from django.contrib.auth.models import User;
+      nsu = User.objects.filter(is_superuser=True).count();
+      exit(0 if nsu > 0 else 1)'
+      | awx-manage shell
+  ignore_errors: yes
+  register: users_result
+  changed_when: users_result.rc > 0
+
+- name: Create Tower super user via Django if it doesn't exist.
+  k8s_exec:
+    namespace: '{{ meta.namespace }}'
+    pod: '{{ tower_pod_name }}'
+    command: >
+      echo "from django.contrib.auth.models import User;
+      User.objects.create_superuser('{{ tower_admin_user }}', '{{ tower_admin_email }}', '{{ tower_admin_password }}')"
+      | awx-manage shell
+  when: users_result.rc > 0
+
+# - name: Create the default organization if configured.
+#   k8s_exec:
+#     namespace: TODO
+#     pod: TODO
+#     command: TODO