From fb612c24df737a4854fbf8c404d700fd46d14df7 Mon Sep 17 00:00:00 2001 From: "Christian M. Adams" Date: Mon, 12 Apr 2021 21:00:58 -0400 Subject: [PATCH] Only write values for spec section of awx object in backup --- roles/backup/tasks/awx-cro.yml | 8 +--- roles/backup/templates/awx_object.yml.j2 | 3 -- roles/restore/tasks/init_awx.yml | 13 ++---- roles/restore/tasks/init_secrets.yml | 22 +++++++--- roles/restore/tasks/secrets.yml | 21 ---------- roles/restore/templates/awx_object.yml.j2 | 7 ++++ roles/restore/templates/secrets.yml.j2 | 50 +++++++++++++++++++++++ 7 files changed, 79 insertions(+), 45 deletions(-) delete mode 100644 roles/backup/templates/awx_object.yml.j2 delete mode 100644 roles/restore/tasks/secrets.yml create mode 100644 roles/restore/templates/awx_object.yml.j2 create mode 100644 roles/restore/templates/secrets.yml.j2 diff --git a/roles/backup/tasks/awx-cro.yml b/roles/backup/tasks/awx-cro.yml index b4d4056e..3587ce70 100644 --- a/roles/backup/tasks/awx-cro.yml +++ b/roles/backup/tasks/awx-cro.yml @@ -12,21 +12,17 @@ set_fact: _awx: "{{ _awx_cro['resources'][0] }}" -- name: Set apiVersion - set_fact: - awx_api_version: "{{ _awx['apiVersion'] }}" - - name: Set user specified spec set_fact: awx_spec: "{{ _awx['spec'] }}" - name: Template secrets into yaml set_fact: - awx_definition_file: "{{ lookup('template', 'awx_object.yml.j2')}}" + awx_definition_file: "{{ awx_spec }}" - name: Write awx object to pvc k8s_exec: namespace: "{{ tower_backup_pvc_namespace }}" pod: "{{ meta.name }}-db-management" command: >- - bash -c "echo '{{ awx_definition_file }}' > {{ backup_dir }}/awx_object.yml" + bash -c "echo '{{ awx_definition_file }}' > {{ backup_dir }}/awx_object" diff --git a/roles/backup/templates/awx_object.yml.j2 b/roles/backup/templates/awx_object.yml.j2 deleted file mode 100644 index 4165a370..00000000 --- a/roles/backup/templates/awx_object.yml.j2 +++ /dev/null @@ -1,3 +0,0 @@ ---- -awx_api_version: {{ awx_api_version }} -awx_spec: {{ awx_spec }} diff --git a/roles/restore/tasks/init_awx.yml b/roles/restore/tasks/init_awx.yml index 0ae71ad0..eb8c3bf9 100644 --- a/roles/restore/tasks/init_awx.yml +++ b/roles/restore/tasks/init_awx.yml @@ -5,15 +5,11 @@ namespace: "{{ tower_backup_pvc_namespace }}" pod: "{{ meta.name }}-db-management" command: >- - bash -c "cat '{{ tower_backup_dir }}/awx_object.yml'" + bash -c "cat '{{ tower_backup_dir }}/awx_object'" register: awx_object -- name: Write temp AWX definition template file - copy: - dest: "{{ definitions_dir.path }}/awx_object.yml.j2" - content: | - {{ awx_object.stdout }} - mode: '0600' +- set_fact: + awx_spec: "{{ awx_object.stdout }}" - name: Deploy AWX k8s: @@ -21,8 +17,7 @@ namespace: "{{ meta.namespace | default('default') }}" apply: yes wait: yes - template: "{{ definitions_dir.path }}/awx_object.yml.j2" - + template: awx_object.yml.j2 # TODO: The awx object and secrets need to be applied from the awx-operator, because that is where the service account is? # So we will need to either copy them over or pipe them into a template command diff --git a/roles/restore/tasks/init_secrets.yml b/roles/restore/tasks/init_secrets.yml index dab44259..636c4f68 100644 --- a/roles/restore/tasks/init_secrets.yml +++ b/roles/restore/tasks/init_secrets.yml @@ -1,9 +1,19 @@ --- - name: Get secret definition from pvc - include_tasks: apply_secrets.yml - with_items: - - secret_key_secret - - admin_password_secret - - broadcast_websocket_secret - - postgres_secret + k8s_exec: + namespace: "{{ tower_backup_pvc_namespace }}" + pod: "{{ meta.name }}-db-management" + command: >- + bash -c "cat '{{ tower_backup_dir }}/secrets.yml'" + register: secrets + +- include_vars: "{{ secrets.stdout | from_yaml }}" + +- name: Apply secret + k8s: + state: present + namespace: "{{ meta.namespace | default('default') }}" + apply: yes + wait: yes + template: "secrets.yml.j2" diff --git a/roles/restore/tasks/secrets.yml b/roles/restore/tasks/secrets.yml deleted file mode 100644 index 705cf133..00000000 --- a/roles/restore/tasks/secrets.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- - -- name: Create secret_key secret - k8s: - definition: "{{ lookup('file', '/'.join([tower_backup_dir, 'secret_key_secret.yml'])) }}" - -- name: Create admin_password secret - k8s: - definition: "{{ lookup('file', '/'.join([tower_backup_dir, 'admin_password_secret.yml'])) }}" - -- name: Create broadcast_websocket secret - k8s: - definition: "{{ lookup('file', '/'.join([tower_backup_dir, 'broadcast_websocket_secret.yml'])) }}" - -- name: Create postgres configuration secret - k8s: - definition: "{{ lookup('file', '/'.join([tower_backup_dir, 'postgres_secret.yml'])) }}" - -- name: Create secret_key secret - k8s: - definition: "{{ lookup('file', '/'.join([tower_backup_dir, 'secret_key_secret.yml'])) }}" diff --git a/roles/restore/templates/awx_object.yml.j2 b/roles/restore/templates/awx_object.yml.j2 new file mode 100644 index 00000000..e9638b48 --- /dev/null +++ b/roles/restore/templates/awx_object.yml.j2 @@ -0,0 +1,7 @@ +--- +apiVersion: '{{ awx_api_version }}' +kind: AWX +metadata: + name: '{{ tower_name }}' + namespace: '{{ meta.namespace }}' +spec: {{ awx_spec }} diff --git a/roles/restore/templates/secrets.yml.j2 b/roles/restore/templates/secrets.yml.j2 new file mode 100644 index 00000000..a4fee4fe --- /dev/null +++ b/roles/restore/templates/secrets.yml.j2 @@ -0,0 +1,50 @@ +# Postgres Secret +--- +apiVersion: v1 +kind: Secret +metadata: + name: '{{ tower_name }}-postgres-configuration' + namespace: '{{ meta.namespace }}' +stringData: + password: '{{ database_password }}' + username: '{{ database_username }}' + database: '{{ database_name }}' + port: '{{ database_port }}' + host: '{{ database_host }}' + type: '{{ database_type }}' + +# Secret Key Secret +--- +apiVersion: v1 +kind: Secret +metadata: +{% raw %} + name: '{{ tower_name }}' + namespace: '{{ meta.namespace }}' +{% endraw %} +stringData: + secret_key: '{{ secret_key }}' + +# Admin Password Secret +--- +apiVersion: v1 +kind: Secret +metadata: +{% raw %} + name: '{{ tower_name }}' + namespace: '{{ meta.namespace }}' +{% endraw %} +stringData: + password: '{{ admin_password }}' + +# Broadcast Websocket Secret +--- +apiVersion: v1 +kind: Secret +metadata: +{% raw %} + name: '{{ tower_name }}-broadcast-websocket' + namespace: '{{ meta.namespace }}' +{% endraw %} +stringData: + secret: '{{ lookup('password', '/dev/null length=32 chars=ascii_letters,digits') }}'