From ff9a153f877d1062fd21b53a6e07c0b3446c4af9 Mon Sep 17 00:00:00 2001 From: Matthew Jones Date: Wed, 1 Jul 2020 14:15:51 -0400 Subject: [PATCH 1/9] Moving towards AWX as the default --- README.md | 77 +++++++++---------- build/chain-operator-files.yml | 12 +-- ...{tower-operator.yaml => awx-operator.yaml} | 42 +++++----- deploy/crds/tower_v1beta1_tower_cr_awx.yaml | 14 ++-- .../crds/tower_v1beta1_tower_cr_molecule.yaml | 14 ++-- deploy/crds/tower_v1beta1_tower_cr_tower.yaml | 4 +- deploy/crds/tower_v1beta1_tower_crd.yaml | 14 ++-- deploy/operator.yaml | 10 +-- deploy/role.yaml | 6 +- deploy/role_binding.yaml | 6 +- deploy/service_account.yaml | 2 +- main.yml | 2 +- molecule/default/asserts.yml | 8 +- molecule/default/converge.yml | 2 +- molecule/test-local/converge.yml | 12 +-- molecule/test-minikube/converge.yml | 12 +-- roles/{tower => awx}/README.md | 0 roles/{tower => awx}/defaults/main.yml | 10 +-- roles/{tower => awx}/meta/main.yml | 2 +- roles/{tower => awx}/tasks/initialize.yml | 4 +- roles/{tower => awx}/tasks/main.yml | 12 +-- .../templates/credentials.py.j2 | 0 .../templates/environment.sh.j2 | 0 .../templates/launch_awx.yaml.j2 | 2 +- .../templates/supervisor.yaml.j2 | 2 +- roles/{tower => awx}/templates/tower.yaml.j2 | 24 +++--- .../templates/tower_config.yaml.j2 | 6 +- .../templates/tower_postgres.yaml.j2 | 10 +-- roles/{tower => awx}/vars/awx.yml | 0 roles/{tower => awx}/vars/tower.yml | 0 watches.yaml | 4 +- 31 files changed, 156 insertions(+), 157 deletions(-) rename deploy/{tower-operator.yaml => awx-operator.yaml} (82%) rename roles/{tower => awx}/README.md (100%) rename roles/{tower => awx}/defaults/main.yml (76%) rename roles/{tower => awx}/meta/main.yml (84%) rename roles/{tower => awx}/tasks/initialize.yml (89%) rename roles/{tower => awx}/tasks/main.yml (86%) rename roles/{tower => awx}/templates/credentials.py.j2 (100%) rename roles/{tower => awx}/templates/environment.sh.j2 (100%) rename roles/{tower => awx}/templates/launch_awx.yaml.j2 (99%) rename roles/{tower => awx}/templates/supervisor.yaml.j2 (99%) rename roles/{tower => awx}/templates/tower.yaml.j2 (96%) rename roles/{tower => awx}/templates/tower_config.yaml.j2 (98%) rename roles/{tower => awx}/templates/tower_postgres.yaml.j2 (93%) rename roles/{tower => awx}/vars/awx.yml (100%) rename roles/{tower => awx}/vars/tower.yml (100%) diff --git a/README.md b/README.md index 02aab760..1fa5417b 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ # Ansible Tower/AWX Operator -An [Ansible Tower](https://www.ansible.com/products/tower) operator for Kubernetes built with [Operator SDK](https://github.com/operator-framework/operator-sdk) and Ansible. +An [Ansible AWX](https://github.com/ansible/awx) operator for Kubernetes built with [Operator SDK](https://github.com/operator-framework/operator-sdk) and Ansible. -Also configurable to run the open source [AWX](https://github.com/ansible/awx) instead of Tower (helpful for certain use cases where a license requirement is not warranted, like CI environments). +Also configurable to be able to run [Tower](https://ansible.com/products/tower) ## Purpose @@ -11,7 +11,7 @@ There are already official OpenShift/Kubernetes installers available for both AW - [AWX on Kubernetes](https://github.com/ansible/awx/blob/devel/INSTALL.md#kubernetes) - [Ansible Tower on Kubernetes](https://docs.ansible.com/ansible-tower/latest/html/administration/openshift_configuration.html) -This operator is meant to provide a more Kubernetes-native installation method for Ansible Tower or AWX via a Tower Custom Resource Definition (CRD). +This operator is meant to provide a more Kubernetes-native installation method for Ansible Tower or AWX via an AWX Custom Resource Definition (CRD). Note that the operator is not supported by Red Hat, and is in alpha status. Long-term, this operator will become the supported method of installing on Kubernetes and Openshift, and will be listed on OperatorHub.io. For now, use it at your own risk! @@ -19,24 +19,24 @@ Note that the operator is not supported by Red Hat, and is in alpha status. Long This Kubernetes Operator is meant to be deployed in your Kubernetes cluster(s) and can manage one or more Tower or AWX instances in any namespace. -First you need to deploy Tower Operator into your cluster: +First you need to deploy AWX Operator into your cluster: - kubectl apply -f https://raw.githubusercontent.com/ansible/tower-operator/devel/deploy/tower-operator.yaml + kubectl apply -f https://raw.githubusercontent.com/ansible/awx-operator/devel/deploy/awx-operator.yaml -Then you can create instances of Tower, for example: +Then you can create instances of AWX, for example: - 1. Make sure the namespace you're deploying into already exists (e.g. `kubectl create namespace ansible-tower`). - 1. Create a file named `my-tower.yml` with the following contents: + 1. Make sure the namespace you're deploying into already exists (e.g. `kubectl create namespace ansible-awx`). + 1. Create a file named `my-awx.yml` with the following contents: ``` --- - apiVersion: tower.ansible.com/v1beta1 - kind: Tower + apiVersion: awx.ansible.com/v1beta1 + kind: AWX metadata: - name: tower - namespace: ansible-tower + name: awx + namespace: ansible-awx spec: - deployment_type: tower + deployment_type: awx tower_secret_key: aabbcc tower_admin_user: test tower_admin_email: test@example.com @@ -47,31 +47,30 @@ Then you can create instances of Tower, for example: 1. Use `kubectl` to create the mcrouter instance in your cluster: ``` - kubectl apply -f my-tower.yml + kubectl apply -f my-awx.yml ``` -After a few minutes, your new Tower instance will be accessible at `http://tower.mycompany.com/` (assuming your cluster has an Ingress controller configured). Log in using the `tower_admin_` credentials configured in the `spec`, and supply a valid license to begin using Tower. +After a few minutes, your new AWX instance will be accessible at `http://awx.mycompany.com/` (assuming your cluster has an Ingress controller configured). Log in using the `tower_admin_` credentials configured in the `spec`. -### Red Hat Registry Authentication +### Deploy Tower instead of AWX + +If you would like to deploy Tower into your cluster instead of AWX, override the default variables in the AWX `spec` for the `tower_task_image` and `tower_web_image`, so the Tower container images are used instead, and set the `deployment_type` to ``awx`: + + --- + spec: + ... + deployment_type: tower + tower_task_image: registry.redhat.io/ansible-tower-37/ansible-tower-rhel7:3.7.0 + tower_web_image: registry.redhat.io/ansible-tower-37/ansible-tower-rhel7:3.7.0 To deploy Ansible Tower, images are pulled from the Red Hat Registry. Your Kubernetes or OpenShift cluster will have to have [Authentication Enabled for the Red Hat Registry](https://access.redhat.com/documentation/en-us/openshift_container_platform/3.11/html/configuring_clusters/install-config-configuring-red-hat-registry) for this to work, otherwise the Tower image will not be pulled. If you deploy Ansible AWX, images are available from public registries, so no authentication is required. -### Deploy AWX instead of Tower - -If you would like to deploy AWX (the open source upstream of Tower) into your cluster instead of Tower, override the default variables in the Tower `spec` for the `tower_task_image` and `tower_web_image`, so the AWX container images are used instead, and set the `deployment_type` to ``awx`: - - --- - spec: - ... - deployment_type: awx - tower_task_image: ansible/awx_task:11.2.0 - tower_web_image: ansible/awx_web:11.2.0 ### Ingress Types -Depending on the cluster that you're running on, you may wish to use an `Ingress` to access your tower or you may wish to use a `Route` to access your tower. To toggle between these two options, you can add the following to your Tower custom resource: +Depending on the cluster that you're running on, you may wish to use an `Ingress` to access your tower or you may wish to use a `Route` to access your awx. To toggle between these two options, you can add the following to your Tower custom resource: --- spec: @@ -84,7 +83,7 @@ OR spec: ... tower_ingress_type: Ingress - tower_hostname: tower.mycompany.com + tower_hostname: awx.mycompany.com By default, no ingress/route is deployed as the default is set to `none`. @@ -97,9 +96,9 @@ Depending on the type of tasks that you'll be running, you may find that you nee ... tower_task_privileged: true -If you are attempting to do this on an OpenShift cluster, you will need to grant the `tower` ServiceAccount the `privileged` SCC, which can be done with: +If you are attempting to do this on an OpenShift cluster, you will need to grant the `awx` ServiceAccount the `privileged` SCC, which can be done with: - oc adm policy add-scc-to-user privileged -z tower + oc adm policy add-scc-to-user privileged -z awx Again, this is the most relaxed SCC that is provided by OpenShift, so be sure to familiarize yourself with the security concerns that accompany this action. @@ -152,8 +151,8 @@ Once the operator is deployed, you can visit the Tower UI in your browser by fol There are a few moving parts to this project: - 1. The Docker image which powers Tower Operator. - 2. The `tower-operator.yaml` Kubernetes manifest file which initially deploys the Operator into a cluster. + 1. The Docker image which powers AWX Operator. + 2. The `awx-operator.yaml` Kubernetes manifest file which initially deploys the Operator into a cluster. Each of these must be appropriately built in preparation for a new tag: @@ -161,17 +160,17 @@ Each of these must be appropriately built in preparation for a new tag: Run the following command inside this directory: - operator-sdk build ansible/tower-operator:0.4.0 + operator-sdk build ansible/awx-operator:0.4.0 Then push the generated image to Docker Hub: - docker push ansible/tower-operator:0.4.0 + docker push ansible/awx-operator:0.4.0 -#### Build a new version of the `tower-operator.yaml` file +#### Build a new version of the `awx-operator.yaml` file -Update the tower-operator version in two places: +Update the awx-operator version in two places: - 1. `deploy/tower-operator.yaml`: in the `ansible` and `operator` container definitions in the `tower-operator` Deployment. + 1. `deploy/awx-operator.yaml`: in the `ansible` and `operator` container definitions in the `awx-operator` Deployment. 2. `build/chain-operator-files.yml`: the `operator_image` variable. Once the versions are updated, run the playbook in the `build/` directory: @@ -182,8 +181,8 @@ After it is built, test it on a local cluster: minikube start --memory 6g --cpus 4 minikube addons enable ingress - kubectl apply -f deploy/tower-operator.yaml - kubectl create namespace example-tower + kubectl apply -f deploy/awx-operator.yaml + kubectl create namespace example-awx kubectl apply -f deploy/crds/tower_v1beta1_tower_cr_awx.yaml minikube delete diff --git a/build/chain-operator-files.yml b/build/chain-operator-files.yml index fb0d56d7..f624471f 100644 --- a/build/chain-operator-files.yml +++ b/build/chain-operator-files.yml @@ -6,19 +6,19 @@ gather_facts: false vars: - operator_image: ansible/tower-operator:0.4.0 + operator_image: ansible/awx-operator:0.4.0 pull_policy: Always - operator_file_path: "../deploy/tower-operator.yaml" + operator_file_path: "../deploy/awx-operator.yaml" operator_template: "../deploy/operator.yaml" tasks: - - name: Clear out current contents of tower-operator.yml + - name: Clear out current contents of awx-operator.yml copy: dest: "{{ operator_file_path }}" content: '' force: true - - name: Concatenate operator files into tower-operator.yml + - name: Concatenate operator files into awx-operator.yml blockinfile: path: "{{ operator_file_path }}" block: "{{ item }}" @@ -33,12 +33,12 @@ - "../deploy/service_account.yaml" - "../deploy/operator.yaml" - - name: Remove space at beginning of tower-operator.yml + - name: Remove space at beginning of awx-operator.yml shell: > echo "$(tail -n +2 {{ operator_file_path }})" > {{ operator_file_path }} changed_when: true - - name: Template the tower-operator.yaml file into tower-operator.yml + - name: Template the awx-operator.yaml file into awx-operator.yml template: src: "{{ operator_file_path }}" dest: "{{ operator_file_path }}" diff --git a/deploy/tower-operator.yaml b/deploy/awx-operator.yaml similarity index 82% rename from deploy/tower-operator.yaml rename to deploy/awx-operator.yaml index 62b1d055..346da8eb 100644 --- a/deploy/tower-operator.yaml +++ b/deploy/awx-operator.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: creationTimestamp: null - name: tower-operator + name: awx-operator rules: - apiGroups: - route.openshift.io @@ -45,7 +45,7 @@ rules: - apiGroups: - apps resourceNames: - - tower-operator + - awx-operator resources: - deployments/finalizers verbs: @@ -64,7 +64,7 @@ rules: verbs: - get - apiGroups: - - tower.ansible.com + - awx.ansible.com resources: - '*' verbs: @@ -74,53 +74,53 @@ rules: kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: tower-operator + name: awx-operator subjects: - kind: ServiceAccount - name: tower-operator + name: awx-operator namespace: default roleRef: kind: ClusterRole - name: tower-operator + name: awx-operator apiGroup: rbac.authorization.k8s.io --- apiVersion: v1 kind: ServiceAccount metadata: - name: tower-operator + name: awx-operator namespace: default --- apiVersion: apps/v1 kind: Deployment metadata: - name: tower-operator + name: awx-operator spec: replicas: 1 selector: matchLabels: - name: tower-operator + name: awx-operator template: metadata: labels: - name: tower-operator + name: awx-operator spec: - serviceAccountName: tower-operator + serviceAccountName: awx-operator containers: - name: ansible command: - /usr/local/bin/ao-logs - /tmp/ansible-operator/runner - stdout - image: "ansible/tower-operator:0.4.0" + image: "ansible/awx-operator:0.4.0" imagePullPolicy: "Always" volumeMounts: - mountPath: /tmp/ansible-operator/runner name: runner readOnly: true - name: operator - image: "ansible/tower-operator:0.4.0" + image: "ansible/awx-operator:0.4.0" imagePullPolicy: "Always" volumeMounts: - mountPath: /tmp/ansible-operator/runner @@ -134,7 +134,7 @@ spec: fieldRef: fieldPath: metadata.name - name: OPERATOR_NAME - value: tower-operator + value: awx-operator volumes: - name: runner emptyDir: {} @@ -143,14 +143,14 @@ spec: apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: - name: towers.tower.ansible.com + name: awxs.awx.ansible.com spec: - group: tower.ansible.com + group: awx.ansible.com names: - kind: Tower - listKind: TowerList - plural: towers - singular: tower + kind: AWX + listKind: AWXList + plural: awxs + singular: awx scope: Namespaced subresources: status: {} @@ -161,7 +161,7 @@ spec: storage: true validation: openAPIV3Schema: - description: Schema validation for the Tower CRD + description: Schema validation for the AWX CRD type: object properties: spec: diff --git a/deploy/crds/tower_v1beta1_tower_cr_awx.yaml b/deploy/crds/tower_v1beta1_tower_cr_awx.yaml index 4f34e5be..bd7f3b6b 100644 --- a/deploy/crds/tower_v1beta1_tower_cr_awx.yaml +++ b/deploy/crds/tower_v1beta1_tower_cr_awx.yaml @@ -1,15 +1,15 @@ --- -apiVersion: tower.ansible.com/v1beta1 -kind: Tower +apiVersion: awx.ansible.com/v1beta1 +kind: AWX metadata: - name: example-tower - namespace: example-tower + name: example-awx + namespace: example-awx spec: deployment_type: awx tower_ingress_type: none tower_task_privileged: false - tower_hostname: example-tower.test + tower_hostname: example-awx.test tower_secret_key: aabbcc tower_broadcast_websocket_secret: changeme @@ -17,8 +17,8 @@ spec: tower_admin_email: test@example.com tower_admin_password: changeme - tower_task_image: ansible/awx_task:11.2.0 - tower_web_image: ansible/awx_web:11.2.0 + tower_task_image: ansible/awx:13.0.0 + tower_web_image: ansible/awx:13.0.0 tower_task_mem_request: 1Gi tower_task_cpu_request: 500m diff --git a/deploy/crds/tower_v1beta1_tower_cr_molecule.yaml b/deploy/crds/tower_v1beta1_tower_cr_molecule.yaml index 987ff2d3..06d4e126 100644 --- a/deploy/crds/tower_v1beta1_tower_cr_molecule.yaml +++ b/deploy/crds/tower_v1beta1_tower_cr_molecule.yaml @@ -1,15 +1,15 @@ --- -apiVersion: tower.ansible.com/v1beta1 -kind: Tower +apiVersion: awx.ansible.com/v1beta1 +kind: AWX metadata: - name: example-tower - namespace: example-tower + name: example-awx + namespace: example-awx spec: deployment_type: awx tower_ingress_type: ingress tower_task_privileged: false - tower_hostname: example-tower.test + tower_hostname: example-awx.test tower_secret_key: aabbcc tower_broadcast_websocket_secret: changeme @@ -17,8 +17,8 @@ spec: tower_admin_email: test@example.com tower_admin_password: changeme - tower_task_image: ansible/awx_task:11.2.0 - tower_web_image: ansible/awx_web:11.2.0 + tower_task_image: ansible/awx:13.0.0 + tower_web_image: ansible/awx:13.0.0 tower_task_mem_request: 128M tower_task_cpu_request: 500m diff --git a/deploy/crds/tower_v1beta1_tower_cr_tower.yaml b/deploy/crds/tower_v1beta1_tower_cr_tower.yaml index 85fa736e..55501c90 100644 --- a/deploy/crds/tower_v1beta1_tower_cr_tower.yaml +++ b/deploy/crds/tower_v1beta1_tower_cr_tower.yaml @@ -1,6 +1,6 @@ --- -apiVersion: tower.ansible.com/v1beta1 -kind: Tower +apiVersion: awx.ansible.com/v1beta1 +kind: AWX metadata: name: example-tower namespace: example-tower diff --git a/deploy/crds/tower_v1beta1_tower_crd.yaml b/deploy/crds/tower_v1beta1_tower_crd.yaml index e24157de..09be8e3a 100644 --- a/deploy/crds/tower_v1beta1_tower_crd.yaml +++ b/deploy/crds/tower_v1beta1_tower_crd.yaml @@ -2,14 +2,14 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: - name: towers.tower.ansible.com + name: awxs.awx.ansible.com spec: - group: tower.ansible.com + group: awx.ansible.com names: - kind: Tower - listKind: TowerList - plural: towers - singular: tower + kind: AWX + listKind: AWXList + plural: awxs + singular: awx scope: Namespaced subresources: status: {} @@ -20,7 +20,7 @@ spec: storage: true validation: openAPIV3Schema: - description: Schema validation for the Tower CRD + description: Schema validation for the AWX CRD type: object properties: spec: diff --git a/deploy/operator.yaml b/deploy/operator.yaml index 2f5b38ce..43f73ea5 100644 --- a/deploy/operator.yaml +++ b/deploy/operator.yaml @@ -2,18 +2,18 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: tower-operator + name: awx-operator spec: replicas: 1 selector: matchLabels: - name: tower-operator + name: awx-operator template: metadata: labels: - name: tower-operator + name: awx-operator spec: - serviceAccountName: tower-operator + serviceAccountName: awx-operator containers: - name: ansible command: @@ -41,7 +41,7 @@ spec: fieldRef: fieldPath: metadata.name - name: OPERATOR_NAME - value: tower-operator + value: awx-operator volumes: - name: runner emptyDir: {} diff --git a/deploy/role.yaml b/deploy/role.yaml index 8f5eebde..83441b01 100644 --- a/deploy/role.yaml +++ b/deploy/role.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: creationTimestamp: null - name: tower-operator + name: awx-operator rules: - apiGroups: - route.openshift.io @@ -45,7 +45,7 @@ rules: - apiGroups: - apps resourceNames: - - tower-operator + - awx-operator resources: - deployments/finalizers verbs: @@ -64,7 +64,7 @@ rules: verbs: - get - apiGroups: - - tower.ansible.com + - awx.ansible.com resources: - '*' verbs: diff --git a/deploy/role_binding.yaml b/deploy/role_binding.yaml index 69e2fa9a..c2c64a87 100644 --- a/deploy/role_binding.yaml +++ b/deploy/role_binding.yaml @@ -2,12 +2,12 @@ kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: tower-operator + name: awx-operator subjects: - kind: ServiceAccount - name: tower-operator + name: awx-operator namespace: default roleRef: kind: ClusterRole - name: tower-operator + name: awx-operator apiGroup: rbac.authorization.k8s.io diff --git a/deploy/service_account.yaml b/deploy/service_account.yaml index 88676b7a..91d79652 100644 --- a/deploy/service_account.yaml +++ b/deploy/service_account.yaml @@ -2,5 +2,5 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: tower-operator + name: awx-operator namespace: default diff --git a/main.yml b/main.yml index cc0e4a20..2760c98d 100644 --- a/main.yml +++ b/main.yml @@ -2,4 +2,4 @@ - hosts: localhost gather_facts: no roles: - - tower + - awx diff --git a/molecule/default/asserts.yml b/molecule/default/asserts.yml index 0fc71c7b..de7bd450 100644 --- a/molecule/default/asserts.yml +++ b/molecule/default/asserts.yml @@ -7,14 +7,14 @@ ansible_python_interpreter: '{{ ansible_playbook_python }}' tasks: - - name: Get tower Pod data + - name: Get AWX Pod data k8s_info: kind: Pod - namespace: example-tower + namespace: example-awx label_selectors: - - app=tower + - app=awx register: tower_pods - - name: Verify there is one tower pod + - name: Verify there is one AWX pod assert: that: '{{ (tower_pods.resources | length) == 1 }}' diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index d926077f..ec391972 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -5,6 +5,6 @@ vars: ansible_python_interpreter: '{{ ansible_playbook_python }}' roles: - - tower + - awx - import_playbook: '{{ playbook_dir }}/asserts.yml' diff --git a/molecule/test-local/converge.yml b/molecule/test-local/converge.yml index 56e9930c..7d9418db 100644 --- a/molecule/test-local/converge.yml +++ b/molecule/test-local/converge.yml @@ -3,7 +3,7 @@ hosts: k8s vars: - image_name: tower.ansible.com/tower-operator:testing + image_name: awx.ansible.com/awx-operator:testing tasks: # using command so we don't need to install any dependencies @@ -25,7 +25,7 @@ ansible_python_interpreter: '{{ ansible_playbook_python }}' deploy_dir: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/deploy" pull_policy: Never - operator_image: tower.ansible.com/tower-operator:testing + operator_image: awx.ansible.com/awx-operator:testing custom_resource: "{{ lookup('file', '/'.join([deploy_dir, 'crds/tower_v1beta1_tower_cr_molecule.yaml'])) | from_yaml }}" tasks: @@ -59,14 +59,14 @@ namespace: '{{ operator_namespace }}' definition: "{{ lookup('template', '/'.join([deploy_dir, 'operator.yaml'])) }}" - - name: Ensure the Tower custom_resource namespace exists + - name: Ensure the AWX custom_resource namespace exists k8s: state: present name: '{{ custom_resource.metadata.namespace }}' kind: Namespace api_version: v1 - - name: Create the Tower Custom Resource + - name: Create the AWX Custom Resource k8s: state: present namespace: '{{ custom_resource.metadata.namespace }}' @@ -99,7 +99,7 @@ resource_name=custom_resource.metadata.name )}}' - - name: debug tower deployment + - name: debug awx deployment ignore_errors: yes failed_when: false debug: @@ -109,7 +109,7 @@ kind="Deployment", api_version="apps/v1", namespace=custom_resource.metadata.namespace, - label_selector="app=tower" + label_selector="app=awx" )}}' - name: get operator logs diff --git a/molecule/test-minikube/converge.yml b/molecule/test-minikube/converge.yml index fe9c38b7..e2540a31 100644 --- a/molecule/test-minikube/converge.yml +++ b/molecule/test-minikube/converge.yml @@ -7,7 +7,7 @@ connection: local vars: - image_name: tower.ansible.com/tower-operator:testing + image_name: awx.ansible.com/awx-operator:testing tasks: # Use raw Docker commands inside Minikube to avoid extra Python dependencies. @@ -33,7 +33,7 @@ ansible_python_interpreter: '{{ ansible_playbook_python }}' deploy_dir: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/deploy" pull_policy: Never - operator_image: tower.ansible.com/tower-operator:testing + operator_image: awx.ansible.com/awx-operator:testing # Change this to _awx to test AWX, _tower to test Tower. custom_resource: "{{ lookup('file', '/'.join([deploy_dir, 'crds/tower_v1beta1_tower_cr_awx.yaml'])) | from_yaml }}" @@ -66,14 +66,14 @@ namespace: '{{ operator_namespace }}' definition: "{{ lookup('template', '/'.join([deploy_dir, 'operator.yaml'])) }}" - - name: Ensure the Tower custom_resource namespace exists + - name: Ensure the AWX custom_resource namespace exists k8s: state: present name: '{{ custom_resource.metadata.namespace }}' kind: Namespace api_version: v1 - - name: Create the Tower Custom Resource + - name: Create the AWX Custom Resource k8s: state: present namespace: '{{ custom_resource.metadata.namespace }}' @@ -106,7 +106,7 @@ resource_name=custom_resource.metadata.name )}}' - - name: debug tower deployment + - name: debug awx deployment ignore_errors: yes failed_when: false debug: @@ -116,7 +116,7 @@ kind="Deployment", api_version="apps/v1", namespace=custom_resource.metadata.namespace, - label_selector="app=tower" + label_selector="app=awx" )}}' - name: get operator logs diff --git a/roles/tower/README.md b/roles/awx/README.md similarity index 100% rename from roles/tower/README.md rename to roles/awx/README.md diff --git a/roles/tower/defaults/main.yml b/roles/awx/defaults/main.yml similarity index 76% rename from roles/tower/defaults/main.yml rename to roles/awx/defaults/main.yml index ed15fd66..5cf43288 100644 --- a/roles/tower/defaults/main.yml +++ b/roles/awx/defaults/main.yml @@ -2,7 +2,7 @@ tower_task_privileged: false tower_ingress_type: none -tower_hostname: example-tower.test +tower_hostname: example-awx.test tower_secret_key: aabbcc tower_admin_user: test @@ -12,12 +12,12 @@ tower_admin_password: changeme tower_broadcast_websocket_secret: changeme # Use these image versions for Ansible Tower. -tower_task_image: registry.redhat.io/ansible-tower-37/ansible-tower-rhel7:3.7.0 -tower_web_image: registry.redhat.io/ansible-tower-37/ansible-tower-rhel7:3.7.0 +#tower_task_image: registry.redhat.io/ansible-tower-37/ansible-tower-rhel7:3.7.0 +#tower_web_image: registry.redhat.io/ansible-tower-37/ansible-tower-rhel7:3.7.0 # Use these image versions for Ansible AWX. -# tower_task_image: ansible/awx_task:11.2.0 -# tower_web_image: ansible/awx_web:11.2.0 +tower_task_image: ansible/awx:13.0.0 +tower_web_image: ansible/awx:13.0.0 tower_create_preload_data: true diff --git a/roles/tower/meta/main.yml b/roles/awx/meta/main.yml similarity index 84% rename from roles/tower/meta/main.yml rename to roles/awx/meta/main.yml index d43a34af..fff58871 100644 --- a/roles/tower/meta/main.yml +++ b/roles/awx/meta/main.yml @@ -1,7 +1,7 @@ --- galaxy_info: author: Ansible - description: Tower role for Tower Operator for Kubernetes. + description: AWX role for AWX Operator for Kubernetes. company: Red Hat, Inc. license: MIT diff --git a/roles/tower/tasks/initialize.yml b/roles/awx/tasks/initialize.yml similarity index 89% rename from roles/tower/tasks/initialize.yml rename to roles/awx/tasks/initialize.yml index 8f064fc6..64d50292 100644 --- a/roles/tower/tasks/initialize.yml +++ b/roles/awx/tasks/initialize.yml @@ -1,5 +1,5 @@ --- -- name: Check if there are any Tower super users defined. +- name: Check if there are any AWX super users defined. shell: >- kubectl exec -n {{ meta.namespace }} -c {{ meta.name }}-task {{ tower_pod_name }} -- bash -c "echo 'from django.contrib.auth.models import User; @@ -10,7 +10,7 @@ register: users_result changed_when: users_result.rc > 0 -- name: Create Tower super user via Django if it doesn't exist. +- name: Create AWX super user via Django if it doesn't exist. shell: >- kubectl exec -n {{ meta.namespace }} -c {{ meta.name }}-task {{ tower_pod_name }} -- bash -c "echo \"from django.contrib.auth.models import User; diff --git a/roles/tower/tasks/main.yml b/roles/awx/tasks/main.yml similarity index 86% rename from roles/tower/tasks/main.yml rename to roles/awx/tasks/main.yml index b2909741..d4d4429e 100644 --- a/roles/tower/tasks/main.yml +++ b/roles/awx/tasks/main.yml @@ -2,7 +2,7 @@ - name: Include deployment type vars include_vars: "{{ deployment_type }}.yml" -- name: Ensure configured Tower resources exist in the cluster. +- name: Ensure configured AWX resources exist in the cluster. k8s: apply: yes definition: "{{ lookup('template', item) | from_yaml_all | list }}" @@ -14,18 +14,18 @@ - supervisor.yaml.j2 - tower.yaml.j2 -- name: Get the Tower pod information. +- name: Get the AWX pod information. k8s_info: kind: Pod namespace: '{{ meta.namespace }}' label_selectors: - - app=tower + - app=awx register: tower_pods until: "tower_pods['resources'][0]['status']['phase'] == 'Running'" delay: 5 retries: 60 -- name: Set the tower pod name as a variable. +- name: Set the awx pod name as a variable. set_fact: tower_pod_name: "{{ tower_pods['resources'][0]['metadata']['name'] }}" @@ -55,14 +55,14 @@ - include_tasks: initialize.yml -- name: Scale the tower deployment to 0 replicas after migration. +- name: Scale the awx deployment to 0 replicas after migration. k8s: definition: "{{ lookup('template', 'tower.yaml.j2') | from_yaml_all | list }}" vars: tower_replicas: "0" when: migrate_result and migrate_result.changed -- name: Scale the tower deployment back to 1 replica after migration. +- name: Scale the awx deployment back to 1 replica after migration. k8s: definition: "{{ lookup('template', 'tower.yaml.j2') | from_yaml_all | list }}" vars: diff --git a/roles/tower/templates/credentials.py.j2 b/roles/awx/templates/credentials.py.j2 similarity index 100% rename from roles/tower/templates/credentials.py.j2 rename to roles/awx/templates/credentials.py.j2 diff --git a/roles/tower/templates/environment.sh.j2 b/roles/awx/templates/environment.sh.j2 similarity index 100% rename from roles/tower/templates/environment.sh.j2 rename to roles/awx/templates/environment.sh.j2 diff --git a/roles/tower/templates/launch_awx.yaml.j2 b/roles/awx/templates/launch_awx.yaml.j2 similarity index 99% rename from roles/tower/templates/launch_awx.yaml.j2 rename to roles/awx/templates/launch_awx.yaml.j2 index 07d1e7d0..590e63c8 100644 --- a/roles/tower/templates/launch_awx.yaml.j2 +++ b/roles/awx/templates/launch_awx.yaml.j2 @@ -5,7 +5,7 @@ metadata: name: {{ meta.name }}-launch-awx namespace: {{ meta.namespace }} labels: - app: tower + app: awx data: launch-awx-task: | #!/usr/bin/env bash diff --git a/roles/tower/templates/supervisor.yaml.j2 b/roles/awx/templates/supervisor.yaml.j2 similarity index 99% rename from roles/tower/templates/supervisor.yaml.j2 rename to roles/awx/templates/supervisor.yaml.j2 index 740515d4..97cfcd7b 100644 --- a/roles/tower/templates/supervisor.yaml.j2 +++ b/roles/awx/templates/supervisor.yaml.j2 @@ -5,7 +5,7 @@ metadata: name: {{ meta.name }}-supervisor-config namespace: {{ meta.namespace }} labels: - app: tower + app: awx data: supervisor-web-config: | [supervisord] diff --git a/roles/tower/templates/tower.yaml.j2 b/roles/awx/templates/tower.yaml.j2 similarity index 96% rename from roles/tower/templates/tower.yaml.j2 rename to roles/awx/templates/tower.yaml.j2 index 2a8aaa94..8efcb28e 100644 --- a/roles/tower/templates/tower.yaml.j2 +++ b/roles/awx/templates/tower.yaml.j2 @@ -1,4 +1,4 @@ -# Tower Secret. +# AWX Secret. --- apiVersion: v1 kind: Secret @@ -10,7 +10,7 @@ data: credentials_py: "{{ lookup('template', 'credentials.py.j2') | b64encode }}" environment_sh: "{{ lookup('template', 'environment.sh.j2') | b64encode }}" -# Tower Deployment. +# AWX Deployment. --- apiVersion: apps/v1 kind: Deployment @@ -18,16 +18,16 @@ metadata: name: '{{ meta.name }}' namespace: '{{ meta.namespace }}' labels: - app: tower + app: awx spec: replicas: {{ tower_replicas }} selector: matchLabels: - app: tower + app: awx template: metadata: labels: - app: tower + app: awx spec: containers: - name: memcached @@ -173,19 +173,19 @@ spec: path: SECRET_KEY - name: {{ meta.name }}-settings configMap: - name: '{{ meta.name }}-tower-configmap' + name: '{{ meta.name }}-awx-configmap' items: - key: settings path: settings.py - name: {{ meta.name }}-nginx-conf configMap: - name: '{{ meta.name }}-tower-configmap' + name: '{{ meta.name }}-awx-configmap' items: - key: nginx_conf path: nginx.conf - name: {{ meta.name }}-redis-config configMap: - name: {{ meta.name }}-tower-configmap + name: {{ meta.name }}-awx-configmap items: - key: redis_conf path: redis.conf @@ -226,7 +226,7 @@ spec: - name: rsyslog-dir emptyDir: {} -# Tower Service. +# AWX Service. --- apiVersion: v1 kind: Service @@ -234,7 +234,7 @@ metadata: name: '{{ meta.name }}-service' namespace: '{{ meta.namespace }}' labels: - app: tower + app: awx spec: ports: - port: 80 @@ -242,9 +242,9 @@ spec: targetPort: 8052 name: http selector: - app: tower + app: awx -# Tower Ingress. +# AWX Ingress. {% if 'ingress' == tower_ingress_type|lower %} --- apiVersion: extensions/v1beta1 diff --git a/roles/tower/templates/tower_config.yaml.j2 b/roles/awx/templates/tower_config.yaml.j2 similarity index 98% rename from roles/tower/templates/tower_config.yaml.j2 rename to roles/awx/templates/tower_config.yaml.j2 index 17e0d281..ab05c318 100644 --- a/roles/tower/templates/tower_config.yaml.j2 +++ b/roles/awx/templates/tower_config.yaml.j2 @@ -1,12 +1,12 @@ -# Tower Web ConfigMap. +# AWX Web ConfigMap. --- apiVersion: v1 kind: ConfigMap metadata: - name: '{{ meta.name }}-tower-configmap' + name: '{{ meta.name }}-awx-configmap' namespace: '{{ meta.namespace }}' labels: - app: tower + app: awx data: environment: | DATABASE_USER=awx diff --git a/roles/tower/templates/tower_postgres.yaml.j2 b/roles/awx/templates/tower_postgres.yaml.j2 similarity index 93% rename from roles/tower/templates/tower_postgres.yaml.j2 rename to roles/awx/templates/tower_postgres.yaml.j2 index acb0dcdc..54feebc3 100644 --- a/roles/tower/templates/tower_postgres.yaml.j2 +++ b/roles/awx/templates/tower_postgres.yaml.j2 @@ -16,11 +16,11 @@ metadata: name: '{{ meta.name }}-postgres' namespace: '{{ meta.namespace }}' labels: - app: tower-postgres + app: awx-postgres spec: selector: matchLabels: - app: tower-postgres + app: awx-postgres serviceName: '{{ meta.name }}' replicas: 1 updateStrategy: @@ -28,7 +28,7 @@ spec: template: metadata: labels: - app: tower-postgres + app: awx-postgres spec: containers: - image: '{{ tower_postgres_image }}' @@ -73,11 +73,11 @@ metadata: name: '{{ meta.name }}-postgres' namespace: '{{ meta.namespace }}' labels: - app: tower-postgres + app: awx-postgres spec: ports: - port: 5432 clusterIP: None selector: - app: tower-postgres + app: awx-postgres diff --git a/roles/tower/vars/awx.yml b/roles/awx/vars/awx.yml similarity index 100% rename from roles/tower/vars/awx.yml rename to roles/awx/vars/awx.yml diff --git a/roles/tower/vars/tower.yml b/roles/awx/vars/tower.yml similarity index 100% rename from roles/tower/vars/tower.yml rename to roles/awx/vars/tower.yml diff --git a/watches.yaml b/watches.yaml index 43f72fb5..5ddfbbc4 100644 --- a/watches.yaml +++ b/watches.yaml @@ -1,5 +1,5 @@ --- - version: v1beta1 - group: tower.ansible.com - kind: Tower + group: awx.ansible.com + kind: AWX playbook: /opt/ansible/main.yml From 8e683ab9502ecdb7f512cd72d4c97cbcec77101d Mon Sep 17 00:00:00 2001 From: Matthew Jones Date: Fri, 10 Jul 2020 11:32:52 -0400 Subject: [PATCH 2/9] Fixing up supervisor log configuration --- roles/awx/templates/supervisor.yaml.j2 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/awx/templates/supervisor.yaml.j2 b/roles/awx/templates/supervisor.yaml.j2 index 97cfcd7b..6570851b 100644 --- a/roles/awx/templates/supervisor.yaml.j2 +++ b/roles/awx/templates/supervisor.yaml.j2 @@ -11,6 +11,8 @@ data: [supervisord] nodaemon = True umask = 022 + logfile = /dev/stdout + logfile_maxbytes = 0 [program:nginx] command = nginx -g "daemon off;" @@ -96,6 +98,8 @@ data: [supervisord] nodaemon = True umask = 022 + logfile = /dev/stdout + logfile_maxbytes = 0 [program:dispatcher] command = awx-manage run_dispatcher From ebc402141a6872fca7e184c191baf3af7846fd34 Mon Sep 17 00:00:00 2001 From: Matthew Jones Date: Fri, 17 Jul 2020 14:47:29 -0400 Subject: [PATCH 3/9] idiomatic postgres configuration renaming some files to match the awx operator status --- ..._tower_cr_awx.yaml => awx_v1beta1_cr.yaml} | 2 - deploy/crds/awx_v1beta1_crd.yaml | 55 +++++++++++++++++++ ...olecule.yaml => awx_v1beta1_molecule.yaml} | 0 deploy/crds/tower_v1beta1_tower_cr_tower.yaml | 38 ------------- deploy/crds/tower_v1beta1_tower_crd.yaml | 33 ----------- roles/awx/tasks/main.yml | 37 ++++++++----- roles/awx/templates/credentials.py.j2 | 10 ++-- roles/awx/templates/environment.sh.j2 | 10 ++-- roles/awx/templates/tower_postgres.yaml.j2 | 25 ++++++--- 9 files changed, 105 insertions(+), 105 deletions(-) rename deploy/crds/{tower_v1beta1_tower_cr_awx.yaml => awx_v1beta1_cr.yaml} (92%) create mode 100644 deploy/crds/awx_v1beta1_crd.yaml rename deploy/crds/{tower_v1beta1_tower_cr_molecule.yaml => awx_v1beta1_molecule.yaml} (100%) delete mode 100644 deploy/crds/tower_v1beta1_tower_cr_tower.yaml delete mode 100644 deploy/crds/tower_v1beta1_tower_crd.yaml diff --git a/deploy/crds/tower_v1beta1_tower_cr_awx.yaml b/deploy/crds/awx_v1beta1_cr.yaml similarity index 92% rename from deploy/crds/tower_v1beta1_tower_cr_awx.yaml rename to deploy/crds/awx_v1beta1_cr.yaml index bd7f3b6b..543a9b89 100644 --- a/deploy/crds/tower_v1beta1_tower_cr_awx.yaml +++ b/deploy/crds/awx_v1beta1_cr.yaml @@ -32,7 +32,5 @@ spec: tower_redis_image: redis:latest - tower_postgres_pass: awxpass - tower_postgres_image: postgres:10 tower_postgres_storage_request: 8Gi tower_postgres_storage_class: '' diff --git a/deploy/crds/awx_v1beta1_crd.yaml b/deploy/crds/awx_v1beta1_crd.yaml new file mode 100644 index 00000000..4b43674f --- /dev/null +++ b/deploy/crds/awx_v1beta1_crd.yaml @@ -0,0 +1,55 @@ +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: awxs.awx.ansible.com +spec: + group: awx.ansible.com + names: + kind: AWX + listKind: AWXList + plural: awxs + singular: awx + scope: Namespaced + subresources: + status: {} + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true + validation: + openAPIV3Schema: + description: Schema validation for the AWX CRD + type: object + properties: + spec: + type: object + properties: + deployment_type: + type: string + pattern: "^(tower|awx)(-)?.*$" + external_database: + type: bool + description: | + If true you must supply a secret containing the location and credentials for + connecting to the external database by a user who has permission to create + and apply a schema. + + The secret should have the name: -postgres-configuration and + should look like: + + apiVersion: v1 + kind: Secret + metadata: + name: -postgres-configuration + namespace: + stringData: + address: + port: + database: + username: + password: + type: Opaque + required: + - deployment_type diff --git a/deploy/crds/tower_v1beta1_tower_cr_molecule.yaml b/deploy/crds/awx_v1beta1_molecule.yaml similarity index 100% rename from deploy/crds/tower_v1beta1_tower_cr_molecule.yaml rename to deploy/crds/awx_v1beta1_molecule.yaml diff --git a/deploy/crds/tower_v1beta1_tower_cr_tower.yaml b/deploy/crds/tower_v1beta1_tower_cr_tower.yaml deleted file mode 100644 index 55501c90..00000000 --- a/deploy/crds/tower_v1beta1_tower_cr_tower.yaml +++ /dev/null @@ -1,38 +0,0 @@ ---- -apiVersion: awx.ansible.com/v1beta1 -kind: AWX -metadata: - name: example-tower - namespace: example-tower -spec: - deployment_type: tower - tower_ingress_type: none - tower_task_privileged: false - - tower_hostname: example-tower.test - tower_secret_key: aabbcc - tower_broadcast_websocket_secret: changeme - - tower_admin_user: test - tower_admin_email: test@example.com - tower_admin_password: changeme - - tower_task_image: registry.redhat.io/ansible-tower-37/ansible-tower-rhel7:3.7.0 - tower_web_image: registry.redhat.io/ansible-tower-37/ansible-tower-rhel7:3.7.0 - - tower_task_mem_request: 1Gi - tower_task_cpu_request: 500m - - tower_web_mem_request: 2Gi - tower_web_cpu_request: 1000m - - tower_create_preload_data: true - - tower_memcached_image: memcached:alpine - - tower_redis_image: redis:latest - - tower_postgres_pass: awxpass - tower_postgres_image: postgres:10 - tower_postgres_storage_request: 8Gi - tower_postgres_storage_class: '' diff --git a/deploy/crds/tower_v1beta1_tower_crd.yaml b/deploy/crds/tower_v1beta1_tower_crd.yaml deleted file mode 100644 index 09be8e3a..00000000 --- a/deploy/crds/tower_v1beta1_tower_crd.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: awxs.awx.ansible.com -spec: - group: awx.ansible.com - names: - kind: AWX - listKind: AWXList - plural: awxs - singular: awx - scope: Namespaced - subresources: - status: {} - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true - validation: - openAPIV3Schema: - description: Schema validation for the AWX CRD - type: object - properties: - spec: - type: object - properties: - deployment_type: - type: string - pattern: "^(tower|awx)(-)?.*$" - required: - - deployment_type diff --git a/roles/awx/tasks/main.yml b/roles/awx/tasks/main.yml index d4d4429e..b71b3bff 100644 --- a/roles/awx/tasks/main.yml +++ b/roles/awx/tasks/main.yml @@ -2,13 +2,34 @@ - name: Include deployment type vars include_vars: "{{ deployment_type }}.yml" +- name: Create Database if External Database not selected + k8s: + apply: yes + definition: "{{ lookup('template', 'tower_postgres.yaml.j2') }}" + register: k8s_postgres_result + when: not external_database | default(False) | bool + +- name: Read Database Configuration + k8s_info: + kind: Secret + namespace: '{{ meta.namespace }}' + name: '{{ meta.name }}-postgres-configuration' + register: postgres_configuration + +- name: Store Database Configuration + set_fact: + awx_postgres_user: "{{ postgres_configuration['resources'][0]['data']['username'] | b64decode }}" + awx_postgres_pass: "{{ postgres_configuration['resources'][0]['data']['password'] | b64decode }}" + awx_postgres_database: "{{ postgres_configuration['resources'][0]['data']['database'] | b64decode }}" + awx_postgres_port: "{{ postgres_configuration['resources'][0]['data']['port'] | b64decode }}" + awx_postgres_host: "{{ postgres_configuration['resources'][0]['data']['host'] | b64decode }}" + - name: Ensure configured AWX resources exist in the cluster. k8s: apply: yes definition: "{{ lookup('template', item) | from_yaml_all | list }}" register: k8s_defs_result with_items: - - tower_postgres.yaml.j2 - tower_config.yaml.j2 - launch_awx.yaml.j2 - supervisor.yaml.j2 @@ -54,17 +75,3 @@ when: (k8s_defs_result is changed) or (database_check is defined and database_check.rc != 0) - include_tasks: initialize.yml - -- name: Scale the awx deployment to 0 replicas after migration. - k8s: - definition: "{{ lookup('template', 'tower.yaml.j2') | from_yaml_all | list }}" - vars: - tower_replicas: "0" - when: migrate_result and migrate_result.changed - -- name: Scale the awx deployment back to 1 replica after migration. - k8s: - definition: "{{ lookup('template', 'tower.yaml.j2') | from_yaml_all | list }}" - vars: - tower_replicas: "1" - when: migrate_result and migrate_result.changed diff --git a/roles/awx/templates/credentials.py.j2 b/roles/awx/templates/credentials.py.j2 index abb074d0..3a566752 100644 --- a/roles/awx/templates/credentials.py.j2 +++ b/roles/awx/templates/credentials.py.j2 @@ -2,11 +2,11 @@ DATABASES = { 'default': { 'ATOMIC_REQUESTS': True, 'ENGINE': 'awx.main.db.profiled_pg', - 'NAME': "awx", - 'USER': "awx", - 'PASSWORD': "{{ tower_postgres_pass }}", - 'HOST': '{{ meta.name }}-postgres', - 'PORT': "{{ tower_postgres_port }}", + 'NAME': "{{ awx_postgres_database }}", + 'USER': "{{ awx_postgres_user }}", + 'PASSWORD': "{{ awx_postgres_pass }}", + 'HOST': '{{ awx_postgres_host }}', + 'PORT': "{{ awx_postgres_port }}", 'OPTIONS': { 'sslmode': '{{ pg_sslmode|default("prefer") }}', 'sslrootcert': '{{ ca_trust_bundle }}', }, diff --git a/roles/awx/templates/environment.sh.j2 b/roles/awx/templates/environment.sh.j2 index 420c99bd..a8821d49 100644 --- a/roles/awx/templates/environment.sh.j2 +++ b/roles/awx/templates/environment.sh.j2 @@ -1,5 +1,5 @@ -DATABASE_USER=awx -DATABASE_NAME=awx -DATABASE_HOST={{ meta.name }}-postgres -DATABASE_PORT={{ tower_postgres_port }} -DATABASE_PASSWORD={{ tower_postgres_pass }} +DATABASE_USER={{ awx_postgres_user }} +DATABASE_NAME={{ awx_postgres_database }} +DATABASE_HOST={{ awx_postgres_host }} +DATABASE_PORT={{ awx_postgres_port }} +DATABASE_PASSWORD={{ awx_postgres_pass }} diff --git a/roles/awx/templates/tower_postgres.yaml.j2 b/roles/awx/templates/tower_postgres.yaml.j2 index 54feebc3..8962bf0c 100644 --- a/roles/awx/templates/tower_postgres.yaml.j2 +++ b/roles/awx/templates/tower_postgres.yaml.j2 @@ -3,10 +3,15 @@ apiVersion: v1 kind: Secret metadata: - name: '{{ meta.name }}-postgres-pass' + name: '{{ meta.name }}-postgres-configuration' namespace: '{{ meta.namespace }}' -data: - password: '{{ tower_postgres_pass | b64encode }}' +stringData: + password: '{{ lookup('password', 'p' + meta.name + 'pg length=32 chars=ascii_letters,digits') }}' + username: 'awx' + database: 'awx' + port: '5432' + host: {{ meta.name }}-postgres + # Postgres StatefulSet. --- @@ -35,18 +40,24 @@ spec: name: postgres env: - name: POSTGRES_DB - value: awx + valueFrom: + secretKeyRef: + name: '{{ meta.name }}-postgres-configuration' + key: database - name: POSTGRES_USER - value: awx + valueFrom: + secretKeyRef: + name: '{{ meta.name }}-postgres-configuration' + key: username - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - name: '{{ meta.name }}-postgres-pass' + name: '{{ meta.name }}-postgres-configuration' key: password - name: PGDATA value: '{{ tower_postgres_data_path }}' ports: - - containerPort: 3306 + - containerPort: 5432 name: postgres volumeMounts: - name: postgres From 88d55a870aabbba0cf4033076042851e834445ce Mon Sep 17 00:00:00 2001 From: Matthew Jones Date: Tue, 11 Aug 2020 16:41:46 -0400 Subject: [PATCH 4/9] Documentation to the awx operator deploy --- deploy/awx-operator.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/deploy/awx-operator.yaml b/deploy/awx-operator.yaml index 346da8eb..edceaffb 100644 --- a/deploy/awx-operator.yaml +++ b/deploy/awx-operator.yaml @@ -170,5 +170,27 @@ spec: deployment_type: type: string pattern: "^(tower|awx)(-)?.*$" + external_database: + type: bool + description: | + If true you must supply a secret containing the location and credentials for + connecting to the external database by a user who has permission to create + and apply a schema. + + The secret should have the name: -postgres-configuration and + should look like: + + apiVersion: v1 + kind: Secret + metadata: + name: -postgres-configuration + namespace: + stringData: + address: + port: + database: + username: + password: + type: Opaque required: - deployment_type From edc60300beacda92ddd50bf946864c439cc4ed94 Mon Sep 17 00:00:00 2001 From: Matthew Jones Date: Thu, 13 Aug 2020 14:36:49 -0400 Subject: [PATCH 5/9] Autogenerate database configuration and secret key if not provided This also persists those after removal, so the database PV is still functional --- README.md | 20 +--------- deploy/awx-operator.yaml | 1 + deploy/crds/awx_v1beta1_cr.yaml | 1 - deploy/crds/awx_v1beta1_molecule.yaml | 1 - deploy/role_binding.yaml | 1 - deploy/service_account.yaml | 1 - roles/awx/defaults/main.yml | 1 - roles/awx/tasks/main.yml | 36 +++++++++++++++++- roles/awx/templates/tower.yaml.j2 | 21 +++++------ roles/awx/templates/tower_postgres.yaml.j2 | 15 -------- .../templates/tower_postgres_secret.yaml.j2 | 13 +++++++ roles/awx/templates/tower_secret.yaml.j2 | 8 ++++ roles/awx_remove/tasks/main.yml | 37 +++++++++++++++++++ watches.yaml | 3 ++ 14 files changed, 109 insertions(+), 50 deletions(-) create mode 100644 roles/awx/templates/tower_postgres_secret.yaml.j2 create mode 100644 roles/awx/templates/tower_secret.yaml.j2 create mode 100644 roles/awx_remove/tasks/main.yml diff --git a/README.md b/README.md index 1fa5417b..3d7b52b7 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,7 @@ First you need to deploy AWX Operator into your cluster: Then you can create instances of AWX, for example: 1. Make sure the namespace you're deploying into already exists (e.g. `kubectl create namespace ansible-awx`). - 1. Create a file named `my-awx.yml` with the following contents: + 2. Create a file named `my-awx.yml` with the following contents: ``` --- @@ -37,14 +37,13 @@ Then you can create instances of AWX, for example: namespace: ansible-awx spec: deployment_type: awx - tower_secret_key: aabbcc tower_admin_user: test tower_admin_email: test@example.com tower_admin_password: changeme tower_broadcast_websocket_secret: changeme ``` - 1. Use `kubectl` to create the mcrouter instance in your cluster: + 3. Use `kubectl` to create the mcrouter instance in your cluster: ``` kubectl apply -f my-awx.yml @@ -52,21 +51,6 @@ Then you can create instances of AWX, for example: After a few minutes, your new AWX instance will be accessible at `http://awx.mycompany.com/` (assuming your cluster has an Ingress controller configured). Log in using the `tower_admin_` credentials configured in the `spec`. -### Deploy Tower instead of AWX - -If you would like to deploy Tower into your cluster instead of AWX, override the default variables in the AWX `spec` for the `tower_task_image` and `tower_web_image`, so the Tower container images are used instead, and set the `deployment_type` to ``awx`: - - --- - spec: - ... - deployment_type: tower - tower_task_image: registry.redhat.io/ansible-tower-37/ansible-tower-rhel7:3.7.0 - tower_web_image: registry.redhat.io/ansible-tower-37/ansible-tower-rhel7:3.7.0 - -To deploy Ansible Tower, images are pulled from the Red Hat Registry. Your Kubernetes or OpenShift cluster will have to have [Authentication Enabled for the Red Hat Registry](https://access.redhat.com/documentation/en-us/openshift_container_platform/3.11/html/configuring_clusters/install-config-configuring-red-hat-registry) for this to work, otherwise the Tower image will not be pulled. - -If you deploy Ansible AWX, images are available from public registries, so no authentication is required. - ### Ingress Types diff --git a/deploy/awx-operator.yaml b/deploy/awx-operator.yaml index edceaffb..9932fdb8 100644 --- a/deploy/awx-operator.yaml +++ b/deploy/awx-operator.yaml @@ -96,6 +96,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: awx-operator + namespace: default spec: replicas: 1 selector: diff --git a/deploy/crds/awx_v1beta1_cr.yaml b/deploy/crds/awx_v1beta1_cr.yaml index 543a9b89..6ca69b93 100644 --- a/deploy/crds/awx_v1beta1_cr.yaml +++ b/deploy/crds/awx_v1beta1_cr.yaml @@ -10,7 +10,6 @@ spec: tower_task_privileged: false tower_hostname: example-awx.test - tower_secret_key: aabbcc tower_broadcast_websocket_secret: changeme tower_admin_user: test diff --git a/deploy/crds/awx_v1beta1_molecule.yaml b/deploy/crds/awx_v1beta1_molecule.yaml index 06d4e126..01583a0e 100644 --- a/deploy/crds/awx_v1beta1_molecule.yaml +++ b/deploy/crds/awx_v1beta1_molecule.yaml @@ -10,7 +10,6 @@ spec: tower_task_privileged: false tower_hostname: example-awx.test - tower_secret_key: aabbcc tower_broadcast_websocket_secret: changeme tower_admin_user: test diff --git a/deploy/role_binding.yaml b/deploy/role_binding.yaml index c2c64a87..50feae1c 100644 --- a/deploy/role_binding.yaml +++ b/deploy/role_binding.yaml @@ -6,7 +6,6 @@ metadata: subjects: - kind: ServiceAccount name: awx-operator - namespace: default roleRef: kind: ClusterRole name: awx-operator diff --git a/deploy/service_account.yaml b/deploy/service_account.yaml index 91d79652..c4d60043 100644 --- a/deploy/service_account.yaml +++ b/deploy/service_account.yaml @@ -3,4 +3,3 @@ apiVersion: v1 kind: ServiceAccount metadata: name: awx-operator - namespace: default diff --git a/roles/awx/defaults/main.yml b/roles/awx/defaults/main.yml index 5cf43288..987a6239 100644 --- a/roles/awx/defaults/main.yml +++ b/roles/awx/defaults/main.yml @@ -3,7 +3,6 @@ tower_task_privileged: false tower_ingress_type: none tower_hostname: example-awx.test -tower_secret_key: aabbcc tower_admin_user: test tower_admin_email: test@example.com diff --git a/roles/awx/tasks/main.yml b/roles/awx/tasks/main.yml index b71b3bff..922d5bab 100644 --- a/roles/awx/tasks/main.yml +++ b/roles/awx/tasks/main.yml @@ -2,6 +2,27 @@ - name: Include deployment type vars include_vars: "{{ deployment_type }}.yml" +- name: Check for existing secret key + k8s_info: + kind: Secret + namespace: '{{ meta.namespace }}' + name: '{{ meta.name }}-secret-key' + register: secret_key_resources + +- name: Check for existing postgres configuration + k8s_info: + kind: Secret + namespace: '{{ meta.namespace }}' + name: '{{meta.name }}-postgres-configuration' + register: postgres_config_resources + +- name: Create Database configuration if it doesn't already exist + k8s: + apply: yes + definition: "{{ lookup('template', 'tower_postgres_secret.yaml.j2') }}" + register: k8s_postgres_config_result + when: postgres_config_resources['resources'] | length < 1 and not external_database | default(False) | bool + - name: Create Database if External Database not selected k8s: apply: yes @@ -24,6 +45,14 @@ awx_postgres_port: "{{ postgres_configuration['resources'][0]['data']['port'] | b64decode }}" awx_postgres_host: "{{ postgres_configuration['resources'][0]['data']['host'] | b64decode }}" +- name: Deploy Tower Secret Key if needed + k8s: + apply: yes + definition: "{{ lookup('template', 'tower_secret.yaml.j2') }}" + register: k8s_tower_secret_result + when: secret_key_resources['resources'] | length < 1 + + - name: Ensure configured AWX resources exist in the cluster. k8s: apply: yes @@ -33,7 +62,12 @@ - tower_config.yaml.j2 - launch_awx.yaml.j2 - supervisor.yaml.j2 - - tower.yaml.j2 + +- name: Apply Tower Deployment Configuration + k8s: + apply: yes + definition: "{{ lookup('template', 'tower.yaml.j2') }}" + register: tower_deployment_result - name: Get the AWX pod information. k8s_info: diff --git a/roles/awx/templates/tower.yaml.j2 b/roles/awx/templates/tower.yaml.j2 index 8efcb28e..99206da8 100644 --- a/roles/awx/templates/tower.yaml.j2 +++ b/roles/awx/templates/tower.yaml.j2 @@ -1,14 +1,13 @@ -# AWX Secret. +# AWX Secret Configurations --- -apiVersion: v1 -kind: Secret -metadata: - name: '{{ meta.name }}-secrets' - namespace: '{{ meta.namespace }}' -data: - secret_key: '{{ tower_secret_key | b64encode }}' - credentials_py: "{{ lookup('template', 'credentials.py.j2') | b64encode }}" - environment_sh: "{{ lookup('template', 'environment.sh.j2') | b64encode }}" + apiVersion: v1 + kind: Secret + metadata: + name: '{{ meta.name }}-secrets' + namespace: '{{ meta.namespace }}' + data: + credentials_py: "{{ lookup('template', 'credentials.py.j2') | b64encode }}" + environment_sh: "{{ lookup('template', 'environment.sh.j2') | b64encode }}" # AWX Deployment. --- @@ -167,7 +166,7 @@ spec: path: 'environment.sh' - name: {{ meta.name }}-secret-key secret: - secretName: '{{ meta.name }}-secrets' + secretName: '{{ meta.name }}-secret-key' items: - key: secret_key path: SECRET_KEY diff --git a/roles/awx/templates/tower_postgres.yaml.j2 b/roles/awx/templates/tower_postgres.yaml.j2 index 8962bf0c..318f2143 100644 --- a/roles/awx/templates/tower_postgres.yaml.j2 +++ b/roles/awx/templates/tower_postgres.yaml.j2 @@ -1,18 +1,3 @@ -# Postgres Secret. ---- -apiVersion: v1 -kind: Secret -metadata: - name: '{{ meta.name }}-postgres-configuration' - namespace: '{{ meta.namespace }}' -stringData: - password: '{{ lookup('password', 'p' + meta.name + 'pg length=32 chars=ascii_letters,digits') }}' - username: 'awx' - database: 'awx' - port: '5432' - host: {{ meta.name }}-postgres - - # Postgres StatefulSet. --- apiVersion: v1 diff --git a/roles/awx/templates/tower_postgres_secret.yaml.j2 b/roles/awx/templates/tower_postgres_secret.yaml.j2 new file mode 100644 index 00000000..cb2dc1ac --- /dev/null +++ b/roles/awx/templates/tower_postgres_secret.yaml.j2 @@ -0,0 +1,13 @@ +# Postgres Secret. +--- +apiVersion: v1 +kind: Secret +metadata: + name: '{{ meta.name }}-postgres-configuration' + namespace: '{{ meta.namespace }}' +stringData: + password: '{{ lookup('password', 'p' + meta.name + 'pg length=32 chars=ascii_letters,digits') }}' + username: 'awx' + database: 'awx' + port: '5432' + host: {{ meta.name }}-postgres diff --git a/roles/awx/templates/tower_secret.yaml.j2 b/roles/awx/templates/tower_secret.yaml.j2 new file mode 100644 index 00000000..223a4a8b --- /dev/null +++ b/roles/awx/templates/tower_secret.yaml.j2 @@ -0,0 +1,8 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: '{{ meta.name }}-secret-key' + namespace: '{{ meta.namespace }}' +stringData: + secret_key: '{{ lookup('password', 'ts' + meta.name + 'pg length=32 chars=ascii_letters,digits') }}' \ No newline at end of file diff --git a/roles/awx_remove/tasks/main.yml b/roles/awx_remove/tasks/main.yml new file mode 100644 index 00000000..e7706084 --- /dev/null +++ b/roles/awx_remove/tasks/main.yml @@ -0,0 +1,37 @@ + + +- name: Check for existing secret key + k8s_info: + kind: Secret + namespace: '{{ meta.namespace }}' + name: '{{ meta.name }}-secret-key' + register: secret_key_resources + +- name: Check for existing postgres configuration + k8s_info: + kind: Secret + namespace: '{{ meta.namespace }}' + name: '{{meta.name }}-postgres-configuration' + register: postgres_config_resources + +- name: Remove ownerReferences from PG configuration if it exists + k8s: + definition: + apiVersion: v1 + kind: Secret + metadata: + name: '{{ meta.name }}-postgres-configuration' + namespace: '{{ meta.namespace }}' + ownerReferences: null + when: postgres_config_resources['resources'] | length > 0 + +- name: Remove ownerReferences from Tower Secret if it exists + k8s: + definition: + apiVersion: v1 + kind: Secret + metadata: + name: '{{ meta.name }}-secret-key' + namespace: '{{ meta.namespace }}' + ownerReferences: null + when: secret_key_resources['resources'] | length > 0 diff --git a/watches.yaml b/watches.yaml index 5ddfbbc4..ef17892f 100644 --- a/watches.yaml +++ b/watches.yaml @@ -3,3 +3,6 @@ group: awx.ansible.com kind: AWX playbook: /opt/ansible/main.yml + finalizer: + name: finalizer.awx.ansible.com + role: awx_remove From 23ddaddbe89e6e8febc3740a70efa5f9d42341a3 Mon Sep 17 00:00:00 2001 From: Matthew Jones Date: Mon, 17 Aug 2020 15:57:43 -0400 Subject: [PATCH 6/9] Update tests and lint concerns --- build/test-framework/Dockerfile | 2 +- deploy/crds/awx_v1beta1_cr.yaml | 4 ++-- deploy/crds/awx_v1beta1_crd.yaml | 2 +- deploy/crds/awx_v1beta1_molecule.yaml | 4 ++-- deploy/role_binding.yaml | 1 + molecule/default/prepare.yml | 2 +- molecule/test-local/converge.yml | 2 +- molecule/test-minikube/converge.yml | 2 +- roles/awx/defaults/main.yml | 8 ++++---- roles/awx/tasks/main.yml | 3 +-- roles/awx_remove/tasks/main.yml | 5 ++--- 11 files changed, 17 insertions(+), 18 deletions(-) diff --git a/build/test-framework/Dockerfile b/build/test-framework/Dockerfile index 3620882b..a8fee085 100644 --- a/build/test-framework/Dockerfile +++ b/build/test-framework/Dockerfile @@ -3,7 +3,7 @@ FROM ${BASEIMAGE} USER 0 RUN yum install -y python-devel gcc libffi-devel -RUN pip install molecule==2.20.1 +RUN pip install molecule==2.20.1 jmespath ARG NAMESPACEDMAN ADD $NAMESPACEDMAN /namespaced.yaml diff --git a/deploy/crds/awx_v1beta1_cr.yaml b/deploy/crds/awx_v1beta1_cr.yaml index 6ca69b93..8e250018 100644 --- a/deploy/crds/awx_v1beta1_cr.yaml +++ b/deploy/crds/awx_v1beta1_cr.yaml @@ -16,8 +16,8 @@ spec: tower_admin_email: test@example.com tower_admin_password: changeme - tower_task_image: ansible/awx:13.0.0 - tower_web_image: ansible/awx:13.0.0 + tower_task_image: ansible/awx:14.0.0 + tower_web_image: ansible/awx:14.0.0 tower_task_mem_request: 1Gi tower_task_cpu_request: 500m diff --git a/deploy/crds/awx_v1beta1_crd.yaml b/deploy/crds/awx_v1beta1_crd.yaml index 4b43674f..d0fafcca 100644 --- a/deploy/crds/awx_v1beta1_crd.yaml +++ b/deploy/crds/awx_v1beta1_crd.yaml @@ -38,7 +38,7 @@ spec: The secret should have the name: -postgres-configuration and should look like: - + apiVersion: v1 kind: Secret metadata: diff --git a/deploy/crds/awx_v1beta1_molecule.yaml b/deploy/crds/awx_v1beta1_molecule.yaml index 01583a0e..943a9be6 100644 --- a/deploy/crds/awx_v1beta1_molecule.yaml +++ b/deploy/crds/awx_v1beta1_molecule.yaml @@ -16,8 +16,8 @@ spec: tower_admin_email: test@example.com tower_admin_password: changeme - tower_task_image: ansible/awx:13.0.0 - tower_web_image: ansible/awx:13.0.0 + tower_task_image: ansible/awx:14.0.0 + tower_web_image: ansible/awx:14.0.0 tower_task_mem_request: 128M tower_task_cpu_request: 500m diff --git a/deploy/role_binding.yaml b/deploy/role_binding.yaml index 50feae1c..c2c64a87 100644 --- a/deploy/role_binding.yaml +++ b/deploy/role_binding.yaml @@ -6,6 +6,7 @@ metadata: subjects: - kind: ServiceAccount name: awx-operator + namespace: default roleRef: kind: ClusterRole name: awx-operator diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml index 375272af..63c841d6 100644 --- a/molecule/default/prepare.yml +++ b/molecule/default/prepare.yml @@ -10,7 +10,7 @@ tasks: - name: Create Custom Resource Definition k8s: - definition: "{{ lookup('file', '/'.join([deploy_dir, 'crds/tower_v1beta1_tower_crd.yaml'])) }}" + definition: "{{ lookup('file', '/'.join([deploy_dir, 'crds/awx_v1beta1_crd.yaml'])) }}" - name: Ensure specified namespace is present k8s: diff --git a/molecule/test-local/converge.yml b/molecule/test-local/converge.yml index 7d9418db..58f94183 100644 --- a/molecule/test-local/converge.yml +++ b/molecule/test-local/converge.yml @@ -26,7 +26,7 @@ deploy_dir: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/deploy" pull_policy: Never operator_image: awx.ansible.com/awx-operator:testing - custom_resource: "{{ lookup('file', '/'.join([deploy_dir, 'crds/tower_v1beta1_tower_cr_molecule.yaml'])) | from_yaml }}" + custom_resource: "{{ lookup('file', '/'.join([deploy_dir, 'crds/awx_v1beta1_molecule.yaml'])) | from_yaml }}" tasks: diff --git a/molecule/test-minikube/converge.yml b/molecule/test-minikube/converge.yml index e2540a31..c0c56596 100644 --- a/molecule/test-minikube/converge.yml +++ b/molecule/test-minikube/converge.yml @@ -35,7 +35,7 @@ pull_policy: Never operator_image: awx.ansible.com/awx-operator:testing # Change this to _awx to test AWX, _tower to test Tower. - custom_resource: "{{ lookup('file', '/'.join([deploy_dir, 'crds/tower_v1beta1_tower_cr_awx.yaml'])) | from_yaml }}" + custom_resource: "{{ lookup('file', '/'.join([deploy_dir, 'crds/awx_v1beta1_molecule.yaml'])) | from_yaml }}" tasks: - block: diff --git a/roles/awx/defaults/main.yml b/roles/awx/defaults/main.yml index 987a6239..0a35b489 100644 --- a/roles/awx/defaults/main.yml +++ b/roles/awx/defaults/main.yml @@ -11,12 +11,12 @@ tower_admin_password: changeme tower_broadcast_websocket_secret: changeme # Use these image versions for Ansible Tower. -#tower_task_image: registry.redhat.io/ansible-tower-37/ansible-tower-rhel7:3.7.0 -#tower_web_image: registry.redhat.io/ansible-tower-37/ansible-tower-rhel7:3.7.0 +# tower_task_image: registry.redhat.io/ansible-tower-37/ansible-tower-rhel7:3.7.0 +# tower_web_image: registry.redhat.io/ansible-tower-37/ansible-tower-rhel7:3.7.0 # Use these image versions for Ansible AWX. -tower_task_image: ansible/awx:13.0.0 -tower_web_image: ansible/awx:13.0.0 +tower_task_image: ansible/awx:14.0.0 +tower_web_image: ansible/awx:14.0.0 tower_create_preload_data: true diff --git a/roles/awx/tasks/main.yml b/roles/awx/tasks/main.yml index 922d5bab..9c0733bc 100644 --- a/roles/awx/tasks/main.yml +++ b/roles/awx/tasks/main.yml @@ -13,7 +13,7 @@ k8s_info: kind: Secret namespace: '{{ meta.namespace }}' - name: '{{meta.name }}-postgres-configuration' + name: '{{ meta.name }}-postgres-configuration' register: postgres_config_resources - name: Create Database configuration if it doesn't already exist @@ -51,7 +51,6 @@ definition: "{{ lookup('template', 'tower_secret.yaml.j2') }}" register: k8s_tower_secret_result when: secret_key_resources['resources'] | length < 1 - - name: Ensure configured AWX resources exist in the cluster. k8s: diff --git a/roles/awx_remove/tasks/main.yml b/roles/awx_remove/tasks/main.yml index e7706084..133c0901 100644 --- a/roles/awx_remove/tasks/main.yml +++ b/roles/awx_remove/tasks/main.yml @@ -1,5 +1,4 @@ - - +--- - name: Check for existing secret key k8s_info: kind: Secret @@ -11,7 +10,7 @@ k8s_info: kind: Secret namespace: '{{ meta.namespace }}' - name: '{{meta.name }}-postgres-configuration' + name: '{{ meta.name }}-postgres-configuration' register: postgres_config_resources - name: Remove ownerReferences from PG configuration if it exists From f897580efbd5b916b9de3a6ee7548d8f2abc367e Mon Sep 17 00:00:00 2001 From: Matthew Jones Date: Tue, 18 Aug 2020 09:12:47 -0400 Subject: [PATCH 7/9] Pin molecule version for 3.0.7 test failures: https://github.com/ansible-community/molecule/issues/2781 --- .travis.yml | 2 +- build/test-framework/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index a0f0472f..3af991c2 100644 --- a/.travis.yml +++ b/.travis.yml @@ -3,7 +3,7 @@ services: docker language: python install: - - pip3 install docker molecule yamllint ansible-lint openshift jmespath + - pip3 install docker molecule==3.0.6 yamllint ansible-lint openshift jmespath script: - molecule test -s test-local diff --git a/build/test-framework/Dockerfile b/build/test-framework/Dockerfile index a8fee085..9738dc97 100644 --- a/build/test-framework/Dockerfile +++ b/build/test-framework/Dockerfile @@ -3,7 +3,7 @@ FROM ${BASEIMAGE} USER 0 RUN yum install -y python-devel gcc libffi-devel -RUN pip install molecule==2.20.1 jmespath +RUN pip install molecule==3.0.6 jmespath ARG NAMESPACEDMAN ADD $NAMESPACEDMAN /namespaced.yaml From 743fce09e9c611196c60aacfb8e268a46fb2ab18 Mon Sep 17 00:00:00 2001 From: Matthew Jones Date: Tue, 18 Aug 2020 09:29:58 -0400 Subject: [PATCH 8/9] Updating file modes for ansible changes --- molecule/test-local/prepare.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/molecule/test-local/prepare.yml b/molecule/test-local/prepare.yml index 506741b2..7f7d1f7b 100644 --- a/molecule/test-local/prepare.yml +++ b/molecule/test-local/prepare.yml @@ -22,6 +22,7 @@ regexp: 8443 replace: "{{ lookup('env', 'KIND_PORT') }}" path: '{{ kubeconfig }}' + mode: 0644 delegate_to: localhost - name: Wait for the Kubernetes API to become available (this could take a minute) From e98a7cfab3405d8c52ef6ae121e79186173f1128 Mon Sep 17 00:00:00 2001 From: Matthew Jones Date: Tue, 18 Aug 2020 10:01:56 -0400 Subject: [PATCH 9/9] Pin docker version for travis --- .travis.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.travis.yml b/.travis.yml index 3af991c2..8dfa4297 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,6 +2,15 @@ services: docker language: python +before_install: + - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - + - sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" + - sudo apt-get update + - sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce + +env: + - DOCKER_API_VERSION=1.38 + install: - pip3 install docker molecule==3.0.6 yamllint ansible-lint openshift jmespath