From 584d45d315ab3363d2e2b90596ceec26ad71786e Mon Sep 17 00:00:00 2001 From: Marcelo Moreira de Mello Date: Mon, 5 Apr 2021 16:21:10 -0400 Subject: [PATCH 1/2] Introducing ability to mount /var/lib/projects --- README.md | 24 ++++++++++++ ansible/templates/crd.yml.j2 | 24 ++++++++++++ deploy/awx-operator.yaml | 24 ++++++++++++ deploy/crds/awx_v1beta1_crd.yaml | 24 ++++++++++++ .../awx-operator.clusterserviceversion.yaml | 39 +++++++++++++++++++ .../manifests/awx.ansible.com_awxs_crd.yaml | 24 ++++++++++++ roles/installer/defaults/main.yml | 13 +++++++ roles/installer/tasks/main.yml | 1 + .../templates/tower_deployment.yaml.j2 | 9 +++++ .../templates/tower_persistent.yaml.j2 | 21 ++++++++++ roles/installer/vars/main.yml | 1 + 11 files changed, 204 insertions(+) create mode 100644 roles/installer/templates/tower_persistent.yaml.j2 diff --git a/README.md b/README.md index b72541a1..3db75e76 100644 --- a/README.md +++ b/README.md @@ -25,6 +25,7 @@ An [Ansible AWX](https://github.com/ansible/awx) operator for Kubernetes built w * [Privileged Tasks](#privileged-tasks) * [Containers Resource Requirements](#containers-resource-requirements) * [LDAP Certificate Authority](#ldap-certificate-authority) + * [Persisting Projects Directory](#persisting-projects-directory) * [Development](#development) * [Testing](#testing) * [Testing in Docker](#testing-in-docker) @@ -375,6 +376,29 @@ To create the secret, you can use the command below: # kubectl create secret generic -ldap-ca-cert --from-file=ldap-ca.crt= ``` +#### Persisting Projects Directory + +In cases which you want to persist the `/var/lib/projects` directory, there are few variables that are customizable for the `awx-operator`. + +| Name | Description | Default | +| -----------------------------------| ---------------------------------------------------------------------------------------------------- | ---------------| +| tower_projects_persistence | Whether or not the /var/lib/projects directory will be persistent | false | +| tower_projects_storage_class | Define the PersistentVolume storage class | '' | +| tower_projects_storage_size | Define the PersistentVolume size | 8Gi | +| tower_projects_storage_access_mode | Define the PersistentVolume access mode | ReadWriteMany | +| tower_projects_existing_claim | Define an existing PersistentVolumeClaim to use (cannot be combined with `tower_projects_storage_*`) | '' | + +Example of customization when the `awx-operator` automatically handles the persistent volume could be: + +```yaml +--- +spec: + ... + tower_projects_persistence: true + tower_projects_storage_class: rook-ceph + tower_projects_storage_size: 20Gi +``` + ## Development ### Testing diff --git a/ansible/templates/crd.yml.j2 b/ansible/templates/crd.yml.j2 index 77dc23c6..a6fa5c48 100644 --- a/ansible/templates/crd.yml.j2 +++ b/ansible/templates/crd.yml.j2 @@ -258,6 +258,30 @@ spec: ldap_cacert_secret: description: Secret where can be found the LDAP trusted Certificate Authority Bundle type: string + tower_projects_persistence: + description: Whether or not the /var/lib/projects directory will be persistent + default: false + type: boolean + tower_projects_use_existing_claim: + description: Using existing PersistentVolumeClaim + type: string + enum: + - _Yes_ + - _No_ + tower_projects_existing_claim: + description: PersistentVolumeClaim to mount /var/lib/projects directory + type: string + tower_projects_storage_class: + description: Storage class for the /var/lib/projects PersistentVolumeClaim + type: string + tower_projects_storage_size: + description: Size for the /var/lib/projects PersistentVolumeClaim + default: 8Gi + type: string + tower_projects_storage_access_mode: + description: AccessMode for the /var/lib/projects PersistentVolumeClaim + default: ReadWriteMany + type: string type: object status: properties: diff --git a/deploy/awx-operator.yaml b/deploy/awx-operator.yaml index 3ef26181..b47a798c 100644 --- a/deploy/awx-operator.yaml +++ b/deploy/awx-operator.yaml @@ -409,6 +409,30 @@ spec: ldap_cacert_secret: description: Secret where can be found the LDAP trusted Certificate Authority Bundle type: string + tower_projects_persistence: + description: Whether or not the /var/lib/projects directory will be persistent + default: false + type: boolean + tower_projects_use_existing_claim: + description: Using existing PersistentVolumeClaim + type: string + enum: + - _Yes_ + - _No_ + tower_projects_existing_claim: + description: PersistentVolumeClaim to mount /var/lib/projects directory + type: string + tower_projects_storage_class: + description: Storage class for the /var/lib/projects PersistentVolumeClaim + type: string + tower_projects_storage_size: + description: Size for the /var/lib/projects PersistentVolumeClaim + default: 8Gi + type: string + tower_projects_storage_access_mode: + description: AccessMode for the /var/lib/projects PersistentVolumeClaim + default: ReadWriteMany + type: string type: object status: properties: diff --git a/deploy/crds/awx_v1beta1_crd.yaml b/deploy/crds/awx_v1beta1_crd.yaml index 77dc23c6..a6fa5c48 100644 --- a/deploy/crds/awx_v1beta1_crd.yaml +++ b/deploy/crds/awx_v1beta1_crd.yaml @@ -258,6 +258,30 @@ spec: ldap_cacert_secret: description: Secret where can be found the LDAP trusted Certificate Authority Bundle type: string + tower_projects_persistence: + description: Whether or not the /var/lib/projects directory will be persistent + default: false + type: boolean + tower_projects_use_existing_claim: + description: Using existing PersistentVolumeClaim + type: string + enum: + - _Yes_ + - _No_ + tower_projects_existing_claim: + description: PersistentVolumeClaim to mount /var/lib/projects directory + type: string + tower_projects_storage_class: + description: Storage class for the /var/lib/projects PersistentVolumeClaim + type: string + tower_projects_storage_size: + description: Size for the /var/lib/projects PersistentVolumeClaim + default: 8Gi + type: string + tower_projects_storage_access_mode: + description: AccessMode for the /var/lib/projects PersistentVolumeClaim + default: ReadWriteMany + type: string type: object status: properties: diff --git a/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml b/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml index adfe68d6..494545a0 100644 --- a/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml +++ b/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml @@ -243,6 +243,45 @@ spec: x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:hidden + - displayName: Enable persistence for /var/lib/projects directory? + path: tower_projects_persistence + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - displayName: Use existing Persistent Claim? + path: tower_projects_use_existing_claim + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:com.tectonic.ui:select:_Yes_ + - urn:alm:descriptor:com.tectonic.ui:select:_No_ + - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_projects_persistence:true + - displayName: Tower Projects Existing Persistent Claim + path: tower_projects_existing_claim + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_projects_use_existing_claim:_Yes_ + - urn:alm:descriptor:com.tectonic.ui:select:persistent-claim + - displayName: Tower Projects Storage Class Name + description: Tower Projects Storage Class Name. If not present, the default storage class will be used. + path: tower_projects_storage_class + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_projects_use_existing_claim:_No_ + - urn:alm:descriptor:com.tectonic.ui:text + - displayName: Tower Projects Storage Size + description: Tower Projects Storage Size + path: tower_projects_storage_size + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_projects_use_existing_claim:_No_ + - urn:alm:descriptor:com.tectonic.ui:text + - displayName: Tower Projects Storage Access Mode + description: Tower Projects Storage Access Mode + path: tower_projects_storage_access_mode + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_projects_use_existing_claim:_No_ + - urn:alm:descriptor:com.tectonic.ui:text - displayName: Tower Task Command path: tower_task_command x-descriptors: diff --git a/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml b/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml index 8735c97c..91487401 100644 --- a/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml +++ b/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml @@ -32,6 +32,30 @@ spec: description: Secret where can be found the LDAP trusted Certificate Authority Bundle type: string + tower_projects_persistence: + description: Whether or not the /var/lib/projects directory will be persistent + default: false + type: boolean + tower_projects_use_existing_claim: + description: Using existing PersistentVolumeClaim + type: string + enum: + - _Yes_ + - _No_ + tower_projects_existing_claim: + description: PersistentVolumeClaim to mount /var/lib/projects directory + type: string + tower_projects_storage_class: + description: Storage class for the /var/lib/projects PersistentVolumeClaim + type: string + tower_projects_storage_size: + description: Size for the /var/lib/projects PersistentVolumeClaim + default: 8Gi + type: string + tower_projects_storage_access_mode: + description: AccessMode for the /var/lib/projects PersistentVolumeClaim + default: ReadWriteMany + type: string tower_admin_email: description: The admin user email type: string diff --git a/roles/installer/defaults/main.yml b/roles/installer/defaults/main.yml index 2ff7d3a1..32f4bb0b 100644 --- a/roles/installer/defaults/main.yml +++ b/roles/installer/defaults/main.yml @@ -136,6 +136,19 @@ tower_postgres_resource_requirements: tower_postgres_storage_class: '' tower_postgres_data_path: '/var/lib/postgresql/data/pgdata' +# Persistence to the AWX project data folder +# Whether or not the /var/lib/projects directory will be persistent +tower_projects_persistence: false +# +# Define an existing PersistentVolumeClaim to use +tower_projects_existing_claim: '' +# +# Define the storage_class, size and access_mode +# when not using an existing claim +tower_projects_storage_class: '' +tower_projects_storage_size: 8Gi +tower_projects_storage_access_mode: ReadWriteMany + # Secret to lookup that provide the PostgreSQL configuration # tower_postgres_configuration_secret: '' diff --git a/roles/installer/tasks/main.yml b/roles/installer/tasks/main.yml index a2fa5892..6cbd5a84 100644 --- a/roles/installer/tasks/main.yml +++ b/roles/installer/tasks/main.yml @@ -41,6 +41,7 @@ loop: - 'tower_app_credentials' - 'tower_service_account' + - 'tower_persistent' - 'tower_deployment' - 'tower_service' - 'tower_ingress' diff --git a/roles/installer/templates/tower_deployment.yaml.j2 b/roles/installer/templates/tower_deployment.yaml.j2 index 580bd396..68b4aa3c 100644 --- a/roles/installer/templates/tower_deployment.yaml.j2 +++ b/roles/installer/templates/tower_deployment.yaml.j2 @@ -283,7 +283,16 @@ spec: - key: receptor_conf path: receptor.conf - name: "{{ meta.name }}-projects" +{% if tower_projects_persistence|bool %} + persistentVolumeClaim: +{% if tower_projects_existing_claim %} + claimName: {{ tower_projects_existing_claim }} +{% else %} + claimName: '{{ meta.name }}-projects-claim' +{% endif %} +{% else %} emptyDir: {} +{% endif %} {% if development_mode | bool %} - name: awx-devel hostPath: diff --git a/roles/installer/templates/tower_persistent.yaml.j2 b/roles/installer/templates/tower_persistent.yaml.j2 new file mode 100644 index 00000000..d5edcf8b --- /dev/null +++ b/roles/installer/templates/tower_persistent.yaml.j2 @@ -0,0 +1,21 @@ +{% if tower_projects_persistence|bool and tower_projects_existing_claim == '' %} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: '{{ meta.name }}-projects-claim' + namespace: '{{ meta.namespace }}' + labels: + app.kubernetes.io/name: '{{ meta.name }}' + app.kubernetes.io/part-of: '{{ meta.name }}' + app.kubernetes.io/managed-by: awx-operator + app.kubernetes.io/component: awx +spec: + accessModes: + - {{ tower_projects_storage_access_mode }} + resources: + requests: + storage: {{ tower_projects_storage_size }} +{% if tower_projects_storage_class != '' %} + storageClassName: {{ tower_projects_storage_class }} +{% endif %} +{% endif %} diff --git a/roles/installer/vars/main.yml b/roles/installer/vars/main.yml index 7ab069c9..b454ee74 100644 --- a/roles/installer/vars/main.yml +++ b/roles/installer/vars/main.yml @@ -2,3 +2,4 @@ postgres_initdb_args: '--auth-host=scram-sha-256' postgres_host_auth_method: 'scram-sha-256' ldap_cacert_ca_crt: '' +tower_projects_existing_claim: '' From 54c8a7beef009b4fe2ba7e67e25d873186d27bec Mon Sep 17 00:00:00 2001 From: Marcelo Moreira de Mello Date: Tue, 6 Apr 2021 22:52:00 -0400 Subject: [PATCH 2/2] Fixed webUI form drop-down --- .../manifests/awx-operator.clusterserviceversion.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml b/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml index 494545a0..61802855 100644 --- a/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml +++ b/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml @@ -260,7 +260,7 @@ spec: x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_projects_use_existing_claim:_Yes_ - - urn:alm:descriptor:com.tectonic.ui:select:persistent-claim + - urn:alm:descriptor:io.kubernetes:PersistentVolumeClaim - displayName: Tower Projects Storage Class Name description: Tower Projects Storage Class Name. If not present, the default storage class will be used. path: tower_projects_storage_class