create pvc in namespace of old awx by default, update docs, fix bug with secret statuses

2026-05-06 13:22:50 +00:00 · 2021-04-22 12:37:13 -04:00
parent 38a6a02f85
commit ff9248e971
13 changed files with 45 additions and 57 deletions
--- a/ansible/templates/awxrestore_crd.yml.j2
+++ b/ansible/templates/awxrestore_crd.yml.j2
@@ -51,4 +51,4 @@ spec:
                  description: Custom postgres_configuration secret name
                  type: string
              oneOf:
-                - required: ["tower_name", "tower_backup_pvc", "tower_backup_dir"]
+                - required: ["tower_name", "tower_backup_pvc", "tower_backup_pvc_namespace", "tower_backup_dir"]
--- a/deploy/awx-operator.yaml
+++ b/deploy/awx-operator.yaml
@@ -496,7 +496,7 @@ spec:
                  description: Custom postgres_configuration secret name
                  type: string
              oneOf:
-                - required: ["tower_name", "tower_backup_pvc", "tower_backup_dir"]
+                - required: ["tower_name", "tower_backup_pvc", "tower_backup_pvc_namespace", "tower_backup_dir"]

 ---
 apiVersion: rbac.authorization.k8s.io/v1
--- a/deploy/crds/awxrestore_v1beta1_crd.yaml
+++ b/deploy/crds/awxrestore_v1beta1_crd.yaml
@@ -51,4 +51,4 @@ spec:
                  description: Custom postgres_configuration secret name
                  type: string
              oneOf:
-                - required: ["tower_name", "tower_backup_pvc", "tower_backup_dir"]
+                - required: ["tower_name", "tower_backup_pvc", "tower_backup_pvc_namespace", "tower_backup_dir"]
--- a/roles/backup/README.md
+++ b/roles/backup/README.md
@@ -10,8 +10,8 @@ The purpose of this role is to create a backup of your AWX deployment which incl
 Requirements
 ------------

-This role assumes you are authenticated with an Openshift or Kubernetes cluster which:
-  - The awx-operator has been deployed to
+This role assumes you are authenticated with an Openshift or Kubernetes cluster:
+  - The awx-operator has been deployed to the cluster
  - AWX is deployed to via the operator


@@ -60,7 +60,7 @@ tower_backup_storage_class: 'standard'
 tower_backup_size: '20Gi'
 ```

-By default, the backup pvc will be created in the `default` namespace.  If you want your backup to be stored
+By default, the backup pvc will be created in the same namespace the awxbackup object is created in.  If you want your backup to be stored
 in a specific namespace, you can do so by specifying `tower_backup_pvc_namespace`.  Keep in mind that you will
 need to provide the same namespace when restoring.  

@@ -68,12 +68,8 @@ need to provide the same namespace when restoring.
 tower_backup_pvc_namespace: 'custom-namespace'
 ```

-If a custom postgres configuration secret was used when deploying AWX, it must be set:
-
-```
-tower_postgres_configuration_secret: 'awx-postgres-configuration'
-```
-
+If a custom postgres configuration secret was used when deploying AWX, it will automatically be used by the backup role.  
+To check the name of this secret, look at the towerPostgresConfigurationSecret status on your AWX object.  

 Testing
 ----------------
--- a/roles/backup/defaults/main.yml
+++ b/roles/backup/defaults/main.yml
@@ -4,16 +4,10 @@ tower_name: ''

 # Specify a pre-created PVC (name) to backup to
 tower_backup_pvc: ''
-tower_backup_pvc_namespace: 'default'
+tower_backup_pvc_namespace: "{{ meta.namespace }}"

 # Size of backup PVC if created dynamically
 tower_backup_size: ''

 # Specify storage class to determine how to dynamically create PVC's with
 tower_backup_storage_class: ''
-
-# Secret Names
-tower_secret_key_secret: "{{ tower_name }}-secret-key"
-tower_admin_password_secret: "{{ tower_name }}-admin-password"
-tower_broadcast_websocket_secret: "{{ tower_name }}-broadcast-websocket"
-tower_postgres_configuration_secret: "{{ tower_name }}-postgres-configuration"
--- a/roles/backup/tasks/init.yml
+++ b/roles/backup/tasks/init.yml
@@ -59,3 +59,16 @@
    state: present
    template: "management-pod.yml.j2"
    wait: true
+
+# Retrieve AWX object for use in postgres.yml and secrets.yml
+- name: Set apiVersion and kind variables
+  set_fact:
+    api_version: '{{ hostvars["localhost"]["inventory_file"].split("/")[4:6] | join("/")  }}'
+
+- name: Look up details for this deployment
+  k8s_info:
+    api_version: "{{ api_version }}"
+    kind: "AWX"  # Find a way to dynamically get this
+    name: "{{ tower_name }}"
+    namespace: "{{ meta.namespace }}"
+  register: this_awx
--- a/roles/backup/tasks/postgres.yml
+++ b/roles/backup/tasks/postgres.yml
@@ -1,23 +1,16 @@
 ---

- name: Check for specified PostgreSQL configuration
-  k8s_info:
-    kind: Secret
-    namespace: '{{ meta.namespace }}'
-    name: '{{ tower_postgres_configuration_secret }}'
-  register: _custom_pg_config_resources
-  when: tower_postgres_configuration_secret | length
-
 - name: Check for default PostgreSQL configuration
  k8s_info:
    kind: Secret
    namespace: '{{ meta.namespace }}'
-    name: '{{ tower_name }}-postgres-configuration'
-  register: _default_pg_config_resources
+    name: "{{ this_awx['resources'][0]['status']['towerPostgresConfigurationSecret'] }}"
+  register: pg_config

- name: Set PostgreSQL configuration
-  set_fact:
-    pg_config: '{{ _custom_pg_config_resources["resources"] | default([]) | length | ternary(_custom_pg_config_resources, _default_pg_config_resources) }}'
+- name: Fail if postgres configuration secret status does not exist
+  fail:
+    msg: "The towerPostgresConfigurationSecret status is not set on the AWX object yet or the secret has been deleted."
+  when: not pg_config | default([]) | length

 - name: Store Database Configuration
  set_fact:
--- a/roles/backup/tasks/secrets.yml
+++ b/roles/backup/tasks/secrets.yml
@@ -1,17 +1,5 @@
 ---

- name: Set apiVersion and kind variables
-  set_fact:
-    api_version: '{{ hostvars["localhost"]["inventory_file"].split("/")[4:6] | join("/")  }}'
-
- name: Look up details for this deployment
-  k8s_info:
-    api_version: "{{ api_version }}"
-    kind: "AWX"  # Find a way to dynamically get this
-    name: "{{ tower_name }}"
-    namespace: "{{ meta.namespace }}"
-  register: this_awx
-
 - name: Get secret_key
  k8s_info:
    kind: Secret
--- a/roles/restore/README.md
+++ b/roles/restore/README.md
@@ -12,9 +12,10 @@ The purpose of this role is to restore your AWX deployment from an existing PVC
 Requirements
 ------------

-This role assumes you are authenticated with an Openshift or Kubernetes cluster which:
-  - The awx-operator has been deployed to
+This role assumes you are authenticated with an Openshift or Kubernetes cluster:
+  - The awx-operator has been deployed to the cluster
  - AWX is deployed to via the operator
+  - An AWX backup is available on a PVC in your cluster (see the backup [README.md](../backup/README.md))


 Usage
@@ -32,6 +33,7 @@ metadata:
 spec:
  tower_name: mytower
  tower_backup_pvc: awxbackup1-backup-claim
+  tower_backup_pvc_namespace: 'old-awx-namespace'
  tower_backup_dir: /backups/tower-openshift-backup-2021-04-02-03:25:08
 ```

@@ -78,6 +80,11 @@ awx-backup-volume-claim
 tower_backup_pvc: 'awx-backup-volume-claim'
 ```

+By default, the backup pvc will be created in the same namespace the awxbackup object is created in. This namespace must be specified using the `tower_backup_pvc_namespace` variable.
+
+```
+tower_backup_pvc_namespace: 'custom-namespace'
+```

 If a custom postgres configuration secret was used when deploying AWX, it must be set:

--- a/roles/restore/defaults/main.yml
+++ b/roles/restore/defaults/main.yml
@@ -4,7 +4,7 @@ tower_name: ''

 # Required: specify a pre-created PVC (name) to restore from
 tower_backup_pvc: ''
-tower_backup_pvc_namespace: 'default'
+tower_backup_pvc_namespace: ''

 # TODO: If the backup_dir is not provided, it should default to the most recent backup based on the timestamp at the end of the file name.
 # Required: backup name, found on the awxbackup object
@@ -13,7 +13,10 @@ tower_backup_dir: ''
 # TODO: Should we add a unique id at the end of the secret when backing up, then use it here?
 # or will that make future backups more complicated because the user will have to specify the names of all the secrets?
 # Names of any secrets you want to use instead of the ones in the backup
-tower_secret_key_secret: "{{ tower_name }}-secret-key"
+
+# TODO: Is this necessary?  User's will be able to use the rekey role
+
 tower_admin_password_secret: "{{ tower_name }}-admin-password"
-tower_broadcast_websocket_secret: "{{ tower_name }}-broadcast-websocket"
 tower_postgres_configuration_secret: "{{ tower_name }}-postgres-configuration"
+tower_secret_key_secret: "{{ tower_name }}-secret-key"
+tower_broadcast_websocket_secret: "{{ tower_name }}-broadcast-websocket"
--- a/roles/restore/tasks/deploy_awx.yml
+++ b/roles/restore/tasks/deploy_awx.yml
@@ -15,7 +15,7 @@
 - name: Deploy AWX
  k8s:
    state: "{{ state | default('present') }}"
-    namespace: "{{ meta.namespace | default('default') }}"
+    namespace: "{{ meta.namespace }}"
    apply: yes
    template: awx_object.yml.j2
    wait: true
--- a/roles/restore/tasks/init.yml
+++ b/roles/restore/tasks/init.yml
@@ -74,9 +74,3 @@
  when:
    - tower_backup_dir != ''
    - stat_backup_dir.return_code != 0
-
- name: Make temp definitions directory
-  tempfile:
-    prefix: "definitions-"
-    state: directory
-  register: definitions_dir
--- a/roles/restore/tasks/secrets.yml
+++ b/roles/restore/tasks/secrets.yml
@@ -31,7 +31,7 @@
 - name: Apply secret
  k8s:
    state: present
-    namespace: "{{ meta.namespace | default('default') }}"
+    namespace: "{{ meta.namespace }}"
    apply: yes
    wait: yes
    template: "secrets.yml.j2"