From f24355c66ba641354c71c17f166a25378fbcf7ff Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Tue, 12 Nov 2019 17:38:45 -0600 Subject: [PATCH] Issue #5: More work towards getting k8s_exec module working in Operator. --- README.md | 1 + deploy/crds/tower_v1alpha1_tower_cr.yaml | 1 + deploy/role.yaml | 3 +- roles/tower/defaults/main.yml | 1 + roles/tower/library/k8s_exec.py | 16 +++++-- roles/tower/tasks/main.yml | 55 ++++++++++++++++++++++++ 6 files changed, 72 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 2316cf68..f4cbc584 100644 --- a/README.md +++ b/README.md @@ -25,6 +25,7 @@ So instead of having to maintain a separate playbook, inventory, and installatio tower_secret_key: aabbcc tower_admin_user: test + tower_admin_email: test@example.com tower_admin_password: changeme After a few minutes, your new Tower instance will be accessible at `http://tower.mycompany.com/` (assuming your cluster has an Ingress controller configured). diff --git a/deploy/crds/tower_v1alpha1_tower_cr.yaml b/deploy/crds/tower_v1alpha1_tower_cr.yaml index 5ef2e375..50dcf5ab 100644 --- a/deploy/crds/tower_v1alpha1_tower_cr.yaml +++ b/deploy/crds/tower_v1alpha1_tower_cr.yaml @@ -8,6 +8,7 @@ spec: tower_secret_key: aabbcc tower_admin_user: test + tower_admin_email: test@example.com tower_admin_password: changeme # Use these for Ansible Tower. diff --git a/deploy/role.yaml b/deploy/role.yaml index 4a8553f4..73e9eff5 100644 --- a/deploy/role.yaml +++ b/deploy/role.yaml @@ -46,8 +46,9 @@ rules: - apiGroups: - "" resources: - - pods + - pods/exec verbs: + - create - get - apiGroups: - apps diff --git a/roles/tower/defaults/main.yml b/roles/tower/defaults/main.yml index bf139f29..7df25cef 100644 --- a/roles/tower/defaults/main.yml +++ b/roles/tower/defaults/main.yml @@ -3,6 +3,7 @@ tower_hostname: example-tower.test tower_secret_key: aabbcc tower_admin_user: test +tower_admin_email: test@example.com tower_admin_password: changeme # Use these image versions for Ansible Tower. diff --git a/roles/tower/library/k8s_exec.py b/roles/tower/library/k8s_exec.py index a1a6dee9..a7a9efe6 100644 --- a/roles/tower/library/k8s_exec.py +++ b/roles/tower/library/k8s_exec.py @@ -1,6 +1,3 @@ -#!/usr/bin/python -# See: https://github.com/ansible/ansible/pull/55029 - from __future__ import absolute_import, division, print_function __metaclass__ = type @@ -39,6 +36,11 @@ options: - The pod name type: str required: yes + container: + description: + - The name of the container in the pod to connect to. Defaults to only container if there is only one container in the pod. + type: str + required: no command: description: - The command to execute @@ -94,6 +96,7 @@ class KubernetesExecCommand(KubernetesAnsibleModule): spec = copy.deepcopy(AUTH_ARG_SPEC) spec['namespace'] = {'type': 'str'} spec['pod'] = {'type': 'str'} + spec['container'] = {'type': 'str'} spec['command'] = {'type': 'str'} return spec @@ -103,6 +106,11 @@ def main(): # Load kubernetes.client.Configuration module.get_api_client() api = core_v1_api.CoreV1Api() + + # hack because passing the container as None breaks things + optional_kwargs = {} + if module.params.get('container'): + optional_kwargs['container'] = module.params['container'] resp = stream( api.connect_get_namespaced_pod_exec, module.params["pod"], @@ -112,7 +120,7 @@ def main(): stderr=True, stdin=False, tty=False, - _preload_content=False) + _preload_content=False, **optional_kwargs) stdout, stderr = [], [] while resp.is_open(): resp.update(timeout=1) diff --git a/roles/tower/tasks/main.yml b/roles/tower/tasks/main.yml index 2b3f5e84..9ac065af 100644 --- a/roles/tower/tasks/main.yml +++ b/roles/tower/tasks/main.yml @@ -2,6 +2,7 @@ - name: Ensure configured Tower resources exist in the cluster. k8s: definition: "{{ lookup('template', item) | from_yaml_all | list }}" + register: k8s_defs_result with_items: - tower_memcached.yaml.j2 - tower_postgres.yaml.j2 @@ -9,3 +10,57 @@ - tower_config.yaml.j2 - tower.yaml.j2 - tower_task.yaml.j2 + +- name: Get the Tower web pod information. + # TODO: Change to k8s_info after Ansible 2.9.0 is available in Operator image. + k8s_facts: + kind: Pod + namespace: example-tower + label_selectors: + - app=tower + register: tower_pods + +- name: Set the tower pod name as a variable. + set_fact: + tower_pod_name: "{{ tower_pods['resources'][0]['metadata']['name'] }}" + +- name: Verify tower_pod_name is populated. + assert: + that: tower_pod_name != '' + fail_msg: "Could not find the tower pod's name." + +- name: Migrate the database if the K8s resources were updated. + k8s_exec: + namespace: '{{ meta.namespace }}' + pod: '{{ tower_pod_name }}' + command: awx-manage migrate --noinput + when: k8s_defs_result is changed + +- name: Check if there are any Tower super users defined. + k8s_exec: + namespace: '{{ meta.namespace }}' + pod: '{{ tower_pod_name }}' + command: > + echo 'from django.contrib.auth.models import User; + nsu = User.objects.filter(is_superuser=True).count(); + exit(0 if nsu > 0 else 1)' + | awx-manage shell + ignore_errors: yes + register: users_result + changed_when: users_result.rc > 0 + +- name: Create Tower super user via Django if it doesn't exist. + k8s_exec: + namespace: '{{ meta.namespace }}' + pod: '{{ tower_pod_name }}' + command: > + echo "from django.contrib.auth.models import User; + User.objects.create_superuser('{{ tower_admin_user }}', '{{ tower_admin_email }}', '{{ tower_admin_password }}')" + | awx-manage shell + when: users_result.rc > 0 + +# - name: Create the default organization if configured. +# k8s_exec: +# namespace: TODO +# pod: TODO +# command: TODO