From fde4a47a1404ac3f63d5ff60f306c14f4eb5f27c Mon Sep 17 00:00:00 2001 From: Christian Adams Date: Fri, 29 Jul 2022 13:21:51 -0400 Subject: [PATCH] Bump dependencies stream (#841) * Bump Postgresql, Nginx and Redis versions * pg12 --> pg13 upgrade path * Set supported pg version as a variable to remain DRY * Make deleting the old db data pvc after upgrade configurable * Use labels to find the postgres pod * backup/restore: fix postgres label selector value We need to use the deployment_name variable for the postgres instance name. Signed-off-by: Dimitri Savineau * backup/restore: add missing default supported_pg_version variable Signed-off-by: Dimitri Savineau * restore: update database_host fact with pg suffix Signed-off-by: Dimitri Savineau Co-authored-by: Dimitri Savineau --- README.md | 17 ++- config/crd/bases/awx.ansible.com_awxs.yaml | 8 +- .../awx-operator.clusterserviceversion.yaml | 4 + roles/backup/tasks/postgres.yml | 2 +- roles/backup/vars/main.yml | 3 +- roles/installer/defaults/main.yml | 5 +- .../tasks/database_configuration.yml | 92 +++++++++--- roles/installer/tasks/migrate_data.yml | 4 +- .../tasks/resources_configuration.yml | 8 +- .../installer/tasks/scale_down_deployment.yml | 4 +- roles/installer/tasks/update_status.yml | 10 ++ roles/installer/tasks/upgrade_postgres.yml | 132 ++++++++++++++++++ roles/installer/templates/postgres.yaml.j2 | 46 +++--- .../templates/postgres_secret.yaml.j2 | 2 +- .../templates/postgres_upgrade_secret.yaml.j2 | 20 +++ roles/installer/vars/main.yml | 1 + roles/restore/tasks/postgres.yml | 4 +- roles/restore/tasks/secrets.yml | 2 +- roles/restore/vars/main.yml | 3 +- 19 files changed, 301 insertions(+), 66 deletions(-) create mode 100644 roles/installer/tasks/upgrade_postgres.yml create mode 100644 roles/installer/templates/postgres_upgrade_secret.yaml.j2 diff --git a/README.md b/README.md index 4db6bfc7..bf6b706b 100644 --- a/README.md +++ b/README.md @@ -699,8 +699,8 @@ The ability to specify topologySpreadConstraints is also allowed through `topolo | Name | Description | Default | | --------------------------- | ----------------------------------- | ------- | -| postgres_image | Path of the image to pull | 12 | -| postgres_image_version | Image version to pull | 12 | +| postgres_image | Path of the image to pull | postgres | +| postgres_image_version | Image version to pull | 13 | | node_selector | AWX pods' nodeSelector | '' | | topology_spread_constraints | AWX pods' topologySpreadConstraints | '' | | tolerations | AWX pods' tolerations | '' | @@ -1155,6 +1155,19 @@ Apply the awx-operator.yml for that release to upgrade the operator, and in turn The first part of any upgrade should be a backup. Note, there are secrets in the pod which work in conjunction with the database. Having just a database backup without the required secrets will not be sufficient for recovering from an issue when upgrading to a new version. See the [backup role documentation](https://github.com/ansible/awx-operator/tree/devel/roles/backup) for information on how to backup your database and secrets. In the event you need to recover the backup see the [restore role documentation](https://github.com/ansible/awx-operator/tree/devel/roles/restore). +#### PostgreSQL Upgrade Considerations + +If there is a PostgreSQL major version upgrade, after the data directory on the PVC is migrated to the new version, the old PVC is kept by default. +This provides the ability to roll back if needed, but can take up extra storage space in your cluster unnecessarily. You can configure it to be deleted automatically +after a successful upgrade by setting the following variable on the AWX spec. + + +```yaml + spec: + postgres_keep_pvc_after_upgrade: False +``` + + #### v0.14.0 ##### Cluster-scope to Namespace-scope considerations diff --git a/config/crd/bases/awx.ansible.com_awxs.yaml b/config/crd/bases/awx.ansible.com_awxs.yaml index 619cbc4e..06399885 100644 --- a/config/crd/bases/awx.ansible.com_awxs.yaml +++ b/config/crd/bases/awx.ansible.com_awxs.yaml @@ -379,6 +379,9 @@ spec: postgres_selector: description: nodeSelector for the Postgres pods type: string + postgres_keep_pvc_after_upgrade: + description: Specify whether or not to keep the old PVC after PostgreSQL upgrades + type: boolean postgres_tolerations: description: node tolerations for the Postgres pods type: string @@ -519,7 +522,10 @@ spec: description: Secret key secret name of the deployed instance type: string migratedFromSecret: - description: The secret used for migrating an old instance. + description: The secret used for migrating an old instance + type: string + upgradedPostgresVersion: + description: Status to indicate that the database has been upgraded to the version in the status type: string version: description: Version of the deployed instance diff --git a/config/manifests/bases/awx-operator.clusterserviceversion.yaml b/config/manifests/bases/awx-operator.clusterserviceversion.yaml index e567c7d2..453135f8 100644 --- a/config/manifests/bases/awx-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/awx-operator.clusterserviceversion.yaml @@ -380,6 +380,10 @@ spec: x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:hidden + - displayName: Postgres Keep Old Data PVC After Upgrade + path: postgres_keep_pvc_after_upgrade + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:hidden - displayName: Postgres Tolerations path: postgres_tolerations x-descriptors: diff --git a/roles/backup/tasks/postgres.yml b/roles/backup/tasks/postgres.yml index 84db5b49..2e8de973 100644 --- a/roles/backup/tasks/postgres.yml +++ b/roles/backup/tasks/postgres.yml @@ -26,7 +26,7 @@ - block: - name: Delete pod to reload a resource configuration set_fact: - postgres_label_selector: "app.kubernetes.io/instance=postgres-{{ deployment_name }}" + postgres_label_selector: "app.kubernetes.io/instance=postgres-{{ supported_pg_version }}-{{ deployment_name }}" when: postgres_label_selector is not defined - name: Get the postgres pod information diff --git a/roles/backup/vars/main.yml b/roles/backup/vars/main.yml index 5ed894f1..4ca8a410 100644 --- a/roles/backup/vars/main.yml +++ b/roles/backup/vars/main.yml @@ -1,6 +1,7 @@ --- deployment_type: "awx" _postgres_image: postgres -_postgres_image_version: 12 +_postgres_image_version: 13 backup_complete: false database_type: "unmanaged" +supported_pg_version: 13 diff --git a/roles/installer/defaults/main.yml b/roles/installer/defaults/main.yml index 2515d591..8c855e16 100644 --- a/roles/installer/defaults/main.yml +++ b/roles/installer/defaults/main.yml @@ -129,7 +129,7 @@ _image_version: "{{ lookup('env', 'DEFAULT_AWX_VERSION') or 'latest' }}" _redis_image: docker.io/redis _redis_image_version: 7 _postgres_image: postgres -_postgres_image_version: 12 +_postgres_image_version: 13 _init_container_image: quay.io/centos/centos _init_container_image_version: stream8 image_pull_policy: IfNotPresent @@ -223,6 +223,9 @@ ee_extra_volume_mounts: '' # kubernetes.io/os: linux postgres_selector: '' +# Specify whether or not to keep the old PVC after PostgreSQL upgrades +postgres_keep_pvc_after_upgrade: True + # Add node tolerations for the Postgres pods. # Specify as literal block. E.g.: # postgres_tolerations: | diff --git a/roles/installer/tasks/database_configuration.yml b/roles/installer/tasks/database_configuration.yml index dc327da8..9847aa40 100644 --- a/roles/installer/tasks/database_configuration.yml +++ b/roles/installer/tasks/database_configuration.yml @@ -92,6 +92,62 @@ set_fact: __postgres_configuration_secret: "{{ pg_config['resources'][0]['metadata']['name'] }}" +- name: Store Database Configuration + set_fact: + awx_postgres_user: "{{ pg_config['resources'][0]['data']['username'] | b64decode }}" + awx_postgres_pass: "{{ pg_config['resources'][0]['data']['password'] | b64decode }}" + awx_postgres_database: "{{ pg_config['resources'][0]['data']['database'] | b64decode }}" + awx_postgres_port: "{{ pg_config['resources'][0]['data']['port'] | b64decode }}" + awx_postgres_host: "{{ pg_config['resources'][0]['data']['host'] | b64decode }}" + awx_postgres_sslmode: "{{ pg_config['resources'][0]['data']['sslmode'] | default('prefer'|b64encode) | b64decode }}" + no_log: "{{ no_log }}" + +- name: Set database as managed + set_fact: + managed_database: "{{ pg_config['resources'][0]['data']['type'] | default('') | b64decode == 'managed' }}" + +- name: Get the old postgres pod information + k8s_info: + kind: Pod + namespace: "{{ ansible_operator_meta.namespace }}" + name: "{{ ansible_operator_meta.name }}-postgres-0" + field_selectors: + - status.phase=Running + register: old_postgres_pod + +- name: Look up details for this deployment + k8s_info: + api_version: "{{ api_version }}" + kind: "{{ kind }}" + name: "{{ ansible_operator_meta.name }}" + namespace: "{{ ansible_operator_meta.namespace }}" + register: this_awx + +- name: Check if postgres pod is running and version 12 + block: + - name: Set path to PG_VERSION file for given container image + set_fact: + path_to_pg_version: '{{ postgres_data_path }}/PG_VERSION' + + - name: Get old PostgreSQL version + k8s_exec: + namespace: "{{ ansible_operator_meta.namespace }}" + pod: "{{ ansible_operator_meta.name }}-postgres-0" + command: | + bash -c """ + cat {{ path_to_pg_version }} + """ + register: _old_pg_version + + - name: Upgrade data dir from Postgres 12 to 13 if applicable + include_tasks: upgrade_postgres.yml + when: + - _old_pg_version.stdout | default('0') | trim == '12' + when: + - managed_database + - this_awx['resources'][0]['status']['upgradedPostgresVersion'] | default('none') != '12' + - old_postgres_pod['resources'] | length # upgrade is complete and old pg pod has been removed + - block: - name: Create Database if no database is specified k8s: @@ -111,7 +167,7 @@ kubernetes.core.k8s_scale: api_version: apps/v1 kind: StatefulSet - name: "{{ ansible_operator_meta.name }}-postgres" + name: "{{ ansible_operator_meta.name }}-postgres-13" namespace: "{{ ansible_operator_meta.namespace }}" replicas: 0 wait: yes @@ -121,7 +177,7 @@ state: absent api_version: apps/v1 kind: StatefulSet - name: "{{ ansible_operator_meta.name }}-postgres" + name: "{{ ansible_operator_meta.name }}-postgres-13" namespace: "{{ ansible_operator_meta.namespace }}" wait: yes when: create_statefulset_result.error == 422 @@ -130,23 +186,29 @@ k8s: apply: true definition: "{{ lookup('template', 'postgres.yaml.j2') }}" - when: pg_config['resources'][0]['data']['type'] | default('') | b64decode == 'managed' + when: managed_database -- name: Store Database Configuration +- name: Set Default label selector for custom resource generated postgres set_fact: - awx_postgres_user: "{{ pg_config['resources'][0]['data']['username'] | b64decode }}" - awx_postgres_pass: "{{ pg_config['resources'][0]['data']['password'] | b64decode }}" - awx_postgres_database: "{{ pg_config['resources'][0]['data']['database'] | b64decode }}" - awx_postgres_port: "{{ pg_config['resources'][0]['data']['port'] | b64decode }}" - awx_postgres_host: "{{ pg_config['resources'][0]['data']['host'] | b64decode }}" - awx_postgres_sslmode: "{{ pg_config['resources'][0]['data']['sslmode'] | default('prefer'|b64encode) | b64decode }}" - no_log: "{{ no_log }}" + postgres_label_selector: "app.kubernetes.io/instance=postgres-{{ supported_pg_version }}-{{ ansible_operator_meta.name }}" + when: postgres_label_selector is not defined + +- name: Get the postgres pod information + k8s_info: + kind: Pod + namespace: "{{ ansible_operator_meta.namespace }}" + label_selectors: + - "{{ postgres_label_selector }}" + field_selectors: + - status.phase=Running + register: postgres_pod - name: Wait for Database to initialize if managed DB k8s_info: kind: Pod namespace: '{{ ansible_operator_meta.namespace }}' - name: '{{ ansible_operator_meta.name }}-postgres-0' # using name to keep compatibility + label_selectors: + - "{{ postgres_label_selector }}" field_selectors: - status.phase=Running register: postgres_pod @@ -156,11 +218,7 @@ - "postgres_pod['resources'][0]['status']['containerStatuses'][0]['ready'] == true" delay: 5 retries: 60 - when: pg_config['resources'][0]['data']['type'] | default('') | b64decode == 'managed' - -- name: Set database as managed - set_fact: - managed_database: "{{ pg_config['resources'][0]['data']['type'] | default('') | b64decode == 'managed' }}" + when: managed_database - name: Look up details for this deployment k8s_info: diff --git a/roles/installer/tasks/migrate_data.yml b/roles/installer/tasks/migrate_data.yml index b12b825c..a2ce51bb 100644 --- a/roles/installer/tasks/migrate_data.yml +++ b/roles/installer/tasks/migrate_data.yml @@ -13,9 +13,9 @@ awx_old_postgres_host: "{{ old_pg_config['resources'][0]['data']['host'] | b64decode }}" no_log: "{{ no_log }}" -- name: Default label selector to custom resource generated postgres +- name: Set Default label selector for custom resource generated postgres set_fact: - postgres_label_selector: "app.kubernetes.io/instance=postgres-{{ ansible_operator_meta.name }}" + postgres_label_selector: "app.kubernetes.io/instance=postgres-{{ supported_pg_version }}-{{ ansible_operator_meta.name }}" when: postgres_label_selector is not defined - name: Get the postgres pod information diff --git a/roles/installer/tasks/resources_configuration.yml b/roles/installer/tasks/resources_configuration.yml index e4f5e5af..0ce935e3 100644 --- a/roles/installer/tasks/resources_configuration.yml +++ b/roles/installer/tasks/resources_configuration.yml @@ -11,11 +11,11 @@ - "app.kubernetes.io/component={{ deployment_type }}" field_selectors: - status.phase=Running - register: tower_pods + register: tower_pod - name: Set the resource pod name as a variable. set_fact: - tower_pod_name: "{{ tower_pods['resources'][0]['metadata']['name'] | default('') }}" + tower_pod_name: "{{ tower_pod['resources'][0]['metadata']['name'] | default('') }}" - name: Set user provided control plane ee image set_fact: @@ -77,7 +77,7 @@ apply: yes definition: "{{ lookup('template', 'deployment.yaml.j2') }}" wait: yes - register: tower_deployment_result + register: this_deployment_result - block: - name: Delete pod to reload a resource configuration @@ -113,7 +113,7 @@ set_fact: tower_pod_name: '{{ _new_pod["resources"][0]["metadata"]["name"] }}' when: - - tower_resources_result.changed or tower_deployment_result.changed + - tower_resources_result.changed or this_deployment_result.changed - name: Verify the resource pod name is populated. assert: diff --git a/roles/installer/tasks/scale_down_deployment.yml b/roles/installer/tasks/scale_down_deployment.yml index 91182610..ada8ba83 100644 --- a/roles/installer/tasks/scale_down_deployment.yml +++ b/roles/installer/tasks/scale_down_deployment.yml @@ -6,7 +6,7 @@ kind: Deployment name: "{{ ansible_operator_meta.name }}" namespace: "{{ ansible_operator_meta.namespace }}" - register: tower_deployment + register: this_deployment - name: Scale down Deployment for migration kubernetes.core.k8s_scale: @@ -16,4 +16,4 @@ namespace: "{{ ansible_operator_meta.namespace }}" replicas: 0 wait: yes - when: tower_deployment['resources'] | length + when: this_deployment['resources'] | length diff --git a/roles/installer/tasks/update_status.yml b/roles/installer/tasks/update_status.yml index bab23c41..f557f1f4 100644 --- a/roles/installer/tasks/update_status.yml +++ b/roles/installer/tasks/update_status.yml @@ -101,3 +101,13 @@ status: migratedFromSecret: "{{ tower_migrated_from_secret }}" when: tower_migrated_from_secret is defined + +- name: Update upgradedPostgresVersion status + operator_sdk.util.k8s_status: + api_version: '{{ api_version }}' + kind: "{{ kind }}" + name: "{{ ansible_operator_meta.name }}" + namespace: "{{ ansible_operator_meta.namespace }}" + status: + upgradedPostgresVersion: "{{ upgraded_postgres_version }}" + when: upgraded_postgres_version is defined diff --git a/roles/installer/tasks/upgrade_postgres.yml b/roles/installer/tasks/upgrade_postgres.yml new file mode 100644 index 00000000..edcc3d01 --- /dev/null +++ b/roles/installer/tasks/upgrade_postgres.yml @@ -0,0 +1,132 @@ +--- + +# Upgrade Posgres (Managed Databases only) +# * If postgres version is not 12, and not an external postgres instance (when managed_database is yes), +# then run this playbook with include_tasks from database_configuration.yml +# * Data will be streamed via a pg_dump from the postgres 12 pod to the postgres 13 +# pod via a pg_restore. + + +- name: Scale down Deployment for migration + include_tasks: scale_down_deployment.yml + +- name: Delete existing postgres configuration secret + k8s: + api_version: v1 + kind: Secret + name: "{{ ansible_operator_meta.name }}-postgres-configuration" + namespace: "{{ ansible_operator_meta.namespace }}" + state: absent + wait: yes + +- name: Create Database configuration with new -postgres-{{ supported_pg_version }} hostname + k8s: + apply: true + definition: "{{ lookup('template', 'postgres_upgrade_secret.yaml.j2') }}" + no_log: "{{ no_log }}" + +- name: Set new database var to be used when configuring app credentials (resources_configuration.yml) + set_fact: + awx_postgres_host: "{{ ansible_operator_meta.name }}-postgres-{{ supported_pg_version }}" + no_log: "{{ no_log }}" + +- name: Create Database if no database is specified + k8s: + apply: true + definition: "{{ lookup('template', 'postgres.yaml.j2') }}" + wait: true + register: create_statefulset_result + +- name: Set postgres label if not defined by user + set_fact: + postgres_label_selector: "app.kubernetes.io/instance=postgres-{{ supported_pg_version }}-{{ ansible_operator_meta.name }}" + when: postgres_label_selector is not defined + +- name: Get new postgres pod information + k8s_info: + kind: Pod + namespace: "{{ ansible_operator_meta.namespace }}" + label_selectors: + - "{{ postgres_label_selector }}" + field_selectors: + - status.phase=Running + register: postgres_pod + until: + - "postgres_pod['resources'] | length" + - "postgres_pod['resources'][0]['status']['phase'] == 'Running'" + - "postgres_pod['resources'][0]['status']['containerStatuses'][0]['ready'] == true" + delay: 5 + retries: 60 + +- name: Set the resource pod name as a variable. + set_fact: + postgres_pod_name: "{{ postgres_pod['resources'][0]['metadata']['name'] }}" + +- name: Set full resolvable host name for postgres pod + set_fact: + resolvable_db_host: "{{ ansible_operator_meta.name }}-postgres.{{ ansible_operator_meta.namespace }}.svc.cluster.local" # yamllint disable-line rule:line-length + no_log: "{{ no_log }}" + +- name: Set pg_dump command + set_fact: + pgdump: >- + pg_dump + -h {{ resolvable_db_host }} + -U {{ awx_postgres_user }} + -d {{ awx_postgres_database }} + -p {{ awx_postgres_port }} + -F custom + no_log: "{{ no_log }}" + +- name: Set pg_restore command + set_fact: + pg_restore: >- + pg_restore + -U {{ awx_postgres_user }} + -d {{ awx_postgres_database }} + no_log: "{{ no_log }}" + +- name: Stream backup from pg_dump to the new postgresql container + k8s_exec: + namespace: "{{ ansible_operator_meta.namespace }}" + pod: "{{ postgres_pod_name }}" + command: | + bash -c """ + set -e -o pipefail + PGPASSWORD={{ awx_postgres_pass }} {{ pgdump }} | PGPASSWORD={{ awx_postgres_pass }} {{ pg_restore }} + echo 'Successful' + """ + no_log: "{{ no_log }}" + register: data_migration + failed_when: "'Successful' not in data_migration.stdout" + +- name: Set flag signifying that this instance has been migrated + set_fact: + upgraded_postgres_version: '13' + +# Cleanup old Postgres resources +- name: Remove old Postgres StatefulSet + k8s: + kind: StatefulSet + api_version: v1 + namespace: "{{ ansible_operator_meta.namespace }}" + name: "{{ ansible_operator_meta.name }}-postgres" + state: absent + wait: true + +- name: Remove old Postgres Service + k8s: + kind: Service + api_version: v1 + namespace: "{{ ansible_operator_meta.namespace }}" + name: "{{ ansible_operator_meta.name }}-postgres" + state: absent + +- name: Remove old persistent volume claim + k8s: + kind: PersistentVolumeClaim + api_version: v1 + namespace: "{{ ansible_operator_meta.namespace }}" + name: "postgres-{{ ansible_operator_meta.name }}-postgres-0" + state: absent + when: postgres_keep_pvc_after_upgrade diff --git a/roles/installer/templates/postgres.yaml.j2 b/roles/installer/templates/postgres.yaml.j2 index 6caef41a..399c6ee0 100644 --- a/roles/installer/templates/postgres.yaml.j2 +++ b/roles/installer/templates/postgres.yaml.j2 @@ -3,11 +3,11 @@ apiVersion: apps/v1 kind: StatefulSet metadata: - name: '{{ ansible_operator_meta.name }}-postgres' + name: '{{ ansible_operator_meta.name }}-postgres-{{ supported_pg_version }}' namespace: '{{ ansible_operator_meta.namespace }}' labels: - app.kubernetes.io/name: 'postgres' - app.kubernetes.io/instance: 'postgres-{{ ansible_operator_meta.name }}' + app.kubernetes.io/name: 'postgres-{{ supported_pg_version }}' + app.kubernetes.io/instance: 'postgres-{{ supported_pg_version }}-{{ ansible_operator_meta.name }}' app.kubernetes.io/component: 'database' app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' @@ -16,8 +16,8 @@ metadata: spec: selector: matchLabels: - app.kubernetes.io/name: 'postgres' - app.kubernetes.io/instance: 'postgres-{{ ansible_operator_meta.name }}' + app.kubernetes.io/name: 'postgres-{{ supported_pg_version }}' + app.kubernetes.io/instance: 'postgres-{{ supported_pg_version }}-{{ ansible_operator_meta.name }}' app.kubernetes.io/component: 'database' app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' serviceName: '{{ ansible_operator_meta.name }}' @@ -27,8 +27,8 @@ spec: template: metadata: labels: - app.kubernetes.io/name: 'postgres' - app.kubernetes.io/instance: 'postgres-{{ ansible_operator_meta.name }}' + app.kubernetes.io/name: 'postgres-{{ supported_pg_version }}' + app.kubernetes.io/instance: 'postgres-{{ supported_pg_version }}-{{ ansible_operator_meta.name }}' app.kubernetes.io/component: 'database' app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' @@ -45,20 +45,6 @@ spec: {% if postgres_priority_class is defined %} priorityClassName: '{{ postgres_priority_class }}' {% endif %} - initContainers: - - name: database-check - image: '{{ _init_container_image }}' - resources: {{ postgres_init_container_resource_requirements }} - imagePullPolicy: '{{ image_pull_policy }}' - command: - - /bin/sh - - -c - - | - [[ -d /check-db/pgsql/data ]] && rm -rf /check-db/data && mv /check-db/pgsql/data/ /check-db/data/ && rm -rf /check-db/pgsql || exit 0 - volumeMounts: - - name: postgres - mountPath: /check-db - subPath: '' containers: - image: '{{ _postgres_image }}' imagePullPolicy: '{{ image_pull_policy }}' @@ -67,7 +53,7 @@ spec: args: {{ postgres_extra_args }} {% endif %} env: - # For postgres_image based on rhel8/postgresql-12 + # For postgres_image based on rhel8/postgresql-13 - name: POSTGRESQL_DATABASE valueFrom: secretKeyRef: @@ -108,9 +94,9 @@ spec: value: '{{ postgres_host_auth_method }}' ports: - containerPort: {{ awx_postgres_port | default('5432')}} - name: postgres + name: postgres-{{ supported_pg_version }} volumeMounts: - - name: postgres + - name: postgres-{{ supported_pg_version }} mountPath: '{{ postgres_data_path | dirname }}' subPath: '{{ postgres_data_path | dirname | basename }}' resources: {{ postgres_resource_requirements }} @@ -124,7 +110,7 @@ spec: {% endif %} volumeClaimTemplates: - metadata: - name: postgres + name: postgres-{{ supported_pg_version }} spec: accessModes: - ReadWriteOnce @@ -138,11 +124,11 @@ spec: apiVersion: v1 kind: Service metadata: - name: '{{ ansible_operator_meta.name }}-postgres' + name: '{{ ansible_operator_meta.name }}-postgres-{{ supported_pg_version }}' namespace: '{{ ansible_operator_meta.namespace }}' labels: - app.kubernetes.io/name: 'postgres' - app.kubernetes.io/instance: 'postgres-{{ ansible_operator_meta.name }}' + app.kubernetes.io/name: 'postgres-{{ supported_pg_version }}' + app.kubernetes.io/instance: 'postgres-{{ supported_pg_version }}-{{ ansible_operator_meta.name }}' app.kubernetes.io/component: 'database' app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' @@ -153,8 +139,8 @@ spec: - port: 5432 clusterIP: None selector: - app.kubernetes.io/name: 'postgres' - app.kubernetes.io/instance: 'postgres-{{ ansible_operator_meta.name }}' + app.kubernetes.io/name: 'postgres-{{ supported_pg_version }}' + app.kubernetes.io/instance: 'postgres-{{ supported_pg_version }}-{{ ansible_operator_meta.name }}' app.kubernetes.io/component: 'database' app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' diff --git a/roles/installer/templates/postgres_secret.yaml.j2 b/roles/installer/templates/postgres_secret.yaml.j2 index 7175f391..2af45b9a 100644 --- a/roles/installer/templates/postgres_secret.yaml.j2 +++ b/roles/installer/templates/postgres_secret.yaml.j2 @@ -16,5 +16,5 @@ stringData: username: '{{ database_username }}' database: '{{ database_name }}' port: '5432' - host: {{ ansible_operator_meta.name }}-postgres + host: {{ ansible_operator_meta.name }}-postgres-{{ supported_pg_version }} type: 'managed' diff --git a/roles/installer/templates/postgres_upgrade_secret.yaml.j2 b/roles/installer/templates/postgres_upgrade_secret.yaml.j2 new file mode 100644 index 00000000..2f49792a --- /dev/null +++ b/roles/installer/templates/postgres_upgrade_secret.yaml.j2 @@ -0,0 +1,20 @@ +# Postgres Secret. +--- +apiVersion: v1 +kind: Secret +metadata: + name: '{{ ansible_operator_meta.name }}-postgres-configuration' + namespace: '{{ ansible_operator_meta.namespace }}' + labels: + app.kubernetes.io/name: '{{ ansible_operator_meta.name }}' + app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' + app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' + app.kubernetes.io/component: '{{ deployment_type }}' + app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' +stringData: + password: '{{ awx_postgres_pass }}' + username: '{{ awx_postgres_user }}' + database: '{{ awx_postgres_database }}' + port: '{{ awx_postgres_port }}' + host: '{{ ansible_operator_meta.name }}-postgres-{{ supported_pg_version }}' + type: 'managed' diff --git a/roles/installer/vars/main.yml b/roles/installer/vars/main.yml index 196f2f33..8c341b2c 100644 --- a/roles/installer/vars/main.yml +++ b/roles/installer/vars/main.yml @@ -4,3 +4,4 @@ postgres_host_auth_method: 'scram-sha-256' ldap_cacert_ca_crt: '' bundle_ca_crt: '' projects_existing_claim: '' +supported_pg_version: 13 diff --git a/roles/restore/tasks/postgres.yml b/roles/restore/tasks/postgres.yml index c307114e..406c7f26 100644 --- a/roles/restore/tasks/postgres.yml +++ b/roles/restore/tasks/postgres.yml @@ -22,9 +22,9 @@ awx_postgres_type: "{{ pg_config['resources'][0]['data']['type'] | b64decode | default('unmanaged') }}" no_log: "{{ no_log }}" -- name: Default label selector to custom resource generated postgres +- name: Set Default label selector for custom resource generated postgres set_fact: - postgres_label_selector: "app.kubernetes.io/instance=postgres-{{ deployment_name }}" + postgres_label_selector: "app.kubernetes.io/instance=postgres-{{ supported_pg_version }}-{{ deployment_name }}" when: postgres_label_selector is not defined - block: diff --git a/roles/restore/tasks/secrets.yml b/roles/restore/tasks/secrets.yml index 7b550a0b..d1b12693 100644 --- a/roles/restore/tasks/secrets.yml +++ b/roles/restore/tasks/secrets.yml @@ -30,7 +30,7 @@ block: - name: Set new database host set_fact: - database_host: "{{ deployment_name }}-postgres" + database_host: "{{ deployment_name }}-postgres-{{ supported_pg_version }}" no_log: "{{ no_log }}" - name: Set tmp postgres secret dict diff --git a/roles/restore/vars/main.yml b/roles/restore/vars/main.yml index 382b4569..e425f86e 100644 --- a/roles/restore/vars/main.yml +++ b/roles/restore/vars/main.yml @@ -2,7 +2,7 @@ deployment_type: "awx" _postgres_image: postgres -_postgres_image_version: 12 +_postgres_image_version: 13 backup_api_version: '{{ deployment_type }}.ansible.com/v1beta1' backup_kind: 'AWXBackup' @@ -12,3 +12,4 @@ secret_key_secret: '{{ deployment_name }}-secret-key' admin_password_secret: '{{ deployment_name }}-admin-password' broadcast_websocket_secret: '{{ deployment_name }}-broadcast-websocket' postgres_configuration_secret: '{{ deployment_name }}-postgres-configuration' +supported_pg_version: 13