Only write values for spec section of awx object in backup

2026-03-26 21:33:14 +00:00 · 2021-04-12 21:00:58 -04:00
parent 8ed0b1fe61
commit fb612c24df
7 changed files with 79 additions and 45 deletions
--- a/roles/backup/tasks/awx-cro.yml
+++ b/roles/backup/tasks/awx-cro.yml
@@ -12,21 +12,17 @@
  set_fact:
    _awx: "{{ _awx_cro['resources'][0] }}"

- name: Set apiVersion
-  set_fact:
-    awx_api_version: "{{ _awx['apiVersion'] }}"
-
 - name: Set user specified spec
  set_fact:
    awx_spec: "{{ _awx['spec'] }}"

 - name: Template secrets into yaml
  set_fact:
-    awx_definition_file: "{{ lookup('template', 'awx_object.yml.j2')}}"
+    awx_definition_file: "{{ awx_spec }}"

 - name: Write awx object to pvc
  k8s_exec:
    namespace: "{{ tower_backup_pvc_namespace }}"
    pod: "{{ meta.name }}-db-management"
    command: >-
-      bash -c "echo '{{ awx_definition_file }}' > {{ backup_dir }}/awx_object.yml"
+      bash -c "echo '{{ awx_definition_file }}' > {{ backup_dir }}/awx_object"
--- a/roles/backup/templates/awx_object.yml.j2
+++ b/roles/backup/templates/awx_object.yml.j2
@@ -1,3 +0,0 @@
---
-awx_api_version: {{ awx_api_version }}
-awx_spec: {{ awx_spec }}
--- a/roles/restore/tasks/init_awx.yml
+++ b/roles/restore/tasks/init_awx.yml
@@ -5,15 +5,11 @@
    namespace: "{{ tower_backup_pvc_namespace }}"
    pod: "{{ meta.name }}-db-management"
    command: >-
-      bash -c "cat '{{ tower_backup_dir }}/awx_object.yml'"
+      bash -c "cat '{{ tower_backup_dir }}/awx_object'"
  register: awx_object

- name: Write temp AWX definition template file
-  copy:
-    dest: "{{ definitions_dir.path }}/awx_object.yml.j2"
-    content: |
-      {{ awx_object.stdout }}
-    mode: '0600'
+- set_fact:
+    awx_spec: "{{ awx_object.stdout }}"

 - name: Deploy AWX
  k8s:
@@ -21,8 +17,7 @@
    namespace: "{{ meta.namespace | default('default') }}"
    apply: yes
    wait: yes
-    template: "{{ definitions_dir.path }}/awx_object.yml.j2"
-
+    template: awx_object.yml.j2

 # TODO: The awx object and secrets need to be applied from the awx-operator, because that is where the service account is?
 #       So we will need to either copy them over or pipe them into a template command
--- a/roles/restore/tasks/init_secrets.yml
+++ b/roles/restore/tasks/init_secrets.yml
@@ -1,9 +1,19 @@
 ---

 - name: Get secret definition from pvc
-  include_tasks: apply_secrets.yml
-  with_items:
-    - secret_key_secret
-    - admin_password_secret
-    - broadcast_websocket_secret
-    - postgres_secret
+  k8s_exec:
+    namespace: "{{ tower_backup_pvc_namespace }}"
+    pod: "{{ meta.name }}-db-management"
+    command: >-
+      bash -c "cat '{{ tower_backup_dir }}/secrets.yml'"
+  register: secrets
+
+- include_vars: "{{ secrets.stdout | from_yaml }}"
+
+- name: Apply secret
+  k8s:
+    state: present
+    namespace: "{{ meta.namespace | default('default') }}"
+    apply: yes
+    wait: yes
+    template: "secrets.yml.j2"
--- a/roles/restore/tasks/secrets.yml
+++ b/roles/restore/tasks/secrets.yml
@@ -1,21 +0,0 @@
---
-
- name: Create secret_key secret
-  k8s:
-    definition: "{{ lookup('file', '/'.join([tower_backup_dir, 'secret_key_secret.yml'])) }}"
-
- name: Create admin_password secret
-  k8s:
-    definition: "{{ lookup('file', '/'.join([tower_backup_dir, 'admin_password_secret.yml'])) }}"
-
- name: Create broadcast_websocket secret
-  k8s:
-    definition: "{{ lookup('file', '/'.join([tower_backup_dir, 'broadcast_websocket_secret.yml'])) }}"
-
- name: Create postgres configuration secret
-  k8s:
-    definition: "{{ lookup('file', '/'.join([tower_backup_dir, 'postgres_secret.yml'])) }}"
-
- name: Create secret_key secret
-  k8s:
-    definition: "{{ lookup('file', '/'.join([tower_backup_dir, 'secret_key_secret.yml'])) }}"
--- a/roles/restore/templates/awx_object.yml.j2
+++ b/roles/restore/templates/awx_object.yml.j2
@@ -0,0 +1,7 @@
+---
+apiVersion: '{{ awx_api_version }}'
+kind: AWX
+metadata:
+  name: '{{ tower_name }}'
+  namespace: '{{ meta.namespace }}'
+spec: {{ awx_spec }}
--- a/roles/restore/templates/secrets.yml.j2
+++ b/roles/restore/templates/secrets.yml.j2
@@ -0,0 +1,50 @@
+# Postgres Secret
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: '{{ tower_name }}-postgres-configuration'
+  namespace: '{{ meta.namespace }}'
+stringData:
+  password: '{{ database_password }}'
+  username: '{{ database_username }}'
+  database: '{{ database_name }}'
+  port: '{{ database_port }}'
+  host: '{{ database_host }}'
+  type: '{{ database_type }}'
+
+# Secret Key Secret
+---
+apiVersion: v1
+kind: Secret
+metadata:
+{% raw %}
+  name: '{{ tower_name }}'
+  namespace: '{{ meta.namespace }}'
+{% endraw %}
+stringData:
+  secret_key: '{{ secret_key }}'
+
+# Admin Password Secret
+---
+apiVersion: v1
+kind: Secret
+metadata:
+{% raw %}
+  name: '{{ tower_name }}'
+  namespace: '{{ meta.namespace }}'
+{% endraw %}
+stringData:
+  password: '{{ admin_password }}'
+
+# Broadcast Websocket Secret
+---
+apiVersion: v1
+kind: Secret
+metadata:
+{% raw %}
+  name: '{{ tower_name }}-broadcast-websocket'
+  namespace: '{{ meta.namespace }}'
+{% endraw %}
+stringData:
+  secret: '{{ lookup('password', '/dev/null length=32 chars=ascii_letters,digits') }}'