From ff9248e971ad836169ac54b61046013d4bec5973 Mon Sep 17 00:00:00 2001 From: "Christian M. Adams" Date: Thu, 22 Apr 2021 12:37:13 -0400 Subject: [PATCH] create pvc in namespace of old awx by default, update docs, fix bug with secret statuses --- ansible/templates/awxrestore_crd.yml.j2 | 2 +- deploy/awx-operator.yaml | 2 +- deploy/crds/awxrestore_v1beta1_crd.yaml | 2 +- roles/backup/README.md | 14 +++++--------- roles/backup/defaults/main.yml | 8 +------- roles/backup/tasks/init.yml | 13 +++++++++++++ roles/backup/tasks/postgres.yml | 19 ++++++------------- roles/backup/tasks/secrets.yml | 12 ------------ roles/restore/README.md | 11 +++++++++-- roles/restore/defaults/main.yml | 9 ++++++--- roles/restore/tasks/deploy_awx.yml | 2 +- roles/restore/tasks/init.yml | 6 ------ roles/restore/tasks/secrets.yml | 2 +- 13 files changed, 45 insertions(+), 57 deletions(-) diff --git a/ansible/templates/awxrestore_crd.yml.j2 b/ansible/templates/awxrestore_crd.yml.j2 index 07f59d48..eb11e1a4 100644 --- a/ansible/templates/awxrestore_crd.yml.j2 +++ b/ansible/templates/awxrestore_crd.yml.j2 @@ -51,4 +51,4 @@ spec: description: Custom postgres_configuration secret name type: string oneOf: - - required: ["tower_name", "tower_backup_pvc", "tower_backup_dir"] + - required: ["tower_name", "tower_backup_pvc", "tower_backup_pvc_namespace", "tower_backup_dir"] diff --git a/deploy/awx-operator.yaml b/deploy/awx-operator.yaml index 3513684f..e303c137 100644 --- a/deploy/awx-operator.yaml +++ b/deploy/awx-operator.yaml @@ -496,7 +496,7 @@ spec: description: Custom postgres_configuration secret name type: string oneOf: - - required: ["tower_name", "tower_backup_pvc", "tower_backup_dir"] + - required: ["tower_name", "tower_backup_pvc", "tower_backup_pvc_namespace", "tower_backup_dir"] --- apiVersion: rbac.authorization.k8s.io/v1 diff --git a/deploy/crds/awxrestore_v1beta1_crd.yaml b/deploy/crds/awxrestore_v1beta1_crd.yaml index 07f59d48..eb11e1a4 100644 --- a/deploy/crds/awxrestore_v1beta1_crd.yaml +++ b/deploy/crds/awxrestore_v1beta1_crd.yaml @@ -51,4 +51,4 @@ spec: description: Custom postgres_configuration secret name type: string oneOf: - - required: ["tower_name", "tower_backup_pvc", "tower_backup_dir"] + - required: ["tower_name", "tower_backup_pvc", "tower_backup_pvc_namespace", "tower_backup_dir"] diff --git a/roles/backup/README.md b/roles/backup/README.md index 46215b85..509ffebe 100644 --- a/roles/backup/README.md +++ b/roles/backup/README.md @@ -10,8 +10,8 @@ The purpose of this role is to create a backup of your AWX deployment which incl Requirements ------------ -This role assumes you are authenticated with an Openshift or Kubernetes cluster which: - - The awx-operator has been deployed to +This role assumes you are authenticated with an Openshift or Kubernetes cluster: + - The awx-operator has been deployed to the cluster - AWX is deployed to via the operator @@ -60,7 +60,7 @@ tower_backup_storage_class: 'standard' tower_backup_size: '20Gi' ``` -By default, the backup pvc will be created in the `default` namespace. If you want your backup to be stored +By default, the backup pvc will be created in the same namespace the awxbackup object is created in. If you want your backup to be stored in a specific namespace, you can do so by specifying `tower_backup_pvc_namespace`. Keep in mind that you will need to provide the same namespace when restoring. @@ -68,12 +68,8 @@ need to provide the same namespace when restoring. tower_backup_pvc_namespace: 'custom-namespace' ``` -If a custom postgres configuration secret was used when deploying AWX, it must be set: - -``` -tower_postgres_configuration_secret: 'awx-postgres-configuration' -``` - +If a custom postgres configuration secret was used when deploying AWX, it will automatically be used by the backup role. +To check the name of this secret, look at the towerPostgresConfigurationSecret status on your AWX object. Testing ---------------- diff --git a/roles/backup/defaults/main.yml b/roles/backup/defaults/main.yml index 2076c68c..d3e11cf2 100644 --- a/roles/backup/defaults/main.yml +++ b/roles/backup/defaults/main.yml @@ -4,16 +4,10 @@ tower_name: '' # Specify a pre-created PVC (name) to backup to tower_backup_pvc: '' -tower_backup_pvc_namespace: 'default' +tower_backup_pvc_namespace: "{{ meta.namespace }}" # Size of backup PVC if created dynamically tower_backup_size: '' # Specify storage class to determine how to dynamically create PVC's with tower_backup_storage_class: '' - -# Secret Names -tower_secret_key_secret: "{{ tower_name }}-secret-key" -tower_admin_password_secret: "{{ tower_name }}-admin-password" -tower_broadcast_websocket_secret: "{{ tower_name }}-broadcast-websocket" -tower_postgres_configuration_secret: "{{ tower_name }}-postgres-configuration" diff --git a/roles/backup/tasks/init.yml b/roles/backup/tasks/init.yml index 69699796..35aa0a69 100644 --- a/roles/backup/tasks/init.yml +++ b/roles/backup/tasks/init.yml @@ -59,3 +59,16 @@ state: present template: "management-pod.yml.j2" wait: true + +# Retrieve AWX object for use in postgres.yml and secrets.yml +- name: Set apiVersion and kind variables + set_fact: + api_version: '{{ hostvars["localhost"]["inventory_file"].split("/")[4:6] | join("/") }}' + +- name: Look up details for this deployment + k8s_info: + api_version: "{{ api_version }}" + kind: "AWX" # Find a way to dynamically get this + name: "{{ tower_name }}" + namespace: "{{ meta.namespace }}" + register: this_awx diff --git a/roles/backup/tasks/postgres.yml b/roles/backup/tasks/postgres.yml index e9ca54ce..ddf9d0f4 100644 --- a/roles/backup/tasks/postgres.yml +++ b/roles/backup/tasks/postgres.yml @@ -1,23 +1,16 @@ --- -- name: Check for specified PostgreSQL configuration - k8s_info: - kind: Secret - namespace: '{{ meta.namespace }}' - name: '{{ tower_postgres_configuration_secret }}' - register: _custom_pg_config_resources - when: tower_postgres_configuration_secret | length - - name: Check for default PostgreSQL configuration k8s_info: kind: Secret namespace: '{{ meta.namespace }}' - name: '{{ tower_name }}-postgres-configuration' - register: _default_pg_config_resources + name: "{{ this_awx['resources'][0]['status']['towerPostgresConfigurationSecret'] }}" + register: pg_config -- name: Set PostgreSQL configuration - set_fact: - pg_config: '{{ _custom_pg_config_resources["resources"] | default([]) | length | ternary(_custom_pg_config_resources, _default_pg_config_resources) }}' +- name: Fail if postgres configuration secret status does not exist + fail: + msg: "The towerPostgresConfigurationSecret status is not set on the AWX object yet or the secret has been deleted." + when: not pg_config | default([]) | length - name: Store Database Configuration set_fact: diff --git a/roles/backup/tasks/secrets.yml b/roles/backup/tasks/secrets.yml index 232c2ab8..5a60475c 100644 --- a/roles/backup/tasks/secrets.yml +++ b/roles/backup/tasks/secrets.yml @@ -1,17 +1,5 @@ --- -- name: Set apiVersion and kind variables - set_fact: - api_version: '{{ hostvars["localhost"]["inventory_file"].split("/")[4:6] | join("/") }}' - -- name: Look up details for this deployment - k8s_info: - api_version: "{{ api_version }}" - kind: "AWX" # Find a way to dynamically get this - name: "{{ tower_name }}" - namespace: "{{ meta.namespace }}" - register: this_awx - - name: Get secret_key k8s_info: kind: Secret diff --git a/roles/restore/README.md b/roles/restore/README.md index 0d9eb1fb..02eb8124 100644 --- a/roles/restore/README.md +++ b/roles/restore/README.md @@ -12,9 +12,10 @@ The purpose of this role is to restore your AWX deployment from an existing PVC Requirements ------------ -This role assumes you are authenticated with an Openshift or Kubernetes cluster which: - - The awx-operator has been deployed to +This role assumes you are authenticated with an Openshift or Kubernetes cluster: + - The awx-operator has been deployed to the cluster - AWX is deployed to via the operator + - An AWX backup is available on a PVC in your cluster (see the backup [README.md](../backup/README.md)) Usage @@ -32,6 +33,7 @@ metadata: spec: tower_name: mytower tower_backup_pvc: awxbackup1-backup-claim + tower_backup_pvc_namespace: 'old-awx-namespace' tower_backup_dir: /backups/tower-openshift-backup-2021-04-02-03:25:08 ``` @@ -78,6 +80,11 @@ awx-backup-volume-claim tower_backup_pvc: 'awx-backup-volume-claim' ``` +By default, the backup pvc will be created in the same namespace the awxbackup object is created in. This namespace must be specified using the `tower_backup_pvc_namespace` variable. + +``` +tower_backup_pvc_namespace: 'custom-namespace' +``` If a custom postgres configuration secret was used when deploying AWX, it must be set: diff --git a/roles/restore/defaults/main.yml b/roles/restore/defaults/main.yml index 29a91b76..b99720be 100644 --- a/roles/restore/defaults/main.yml +++ b/roles/restore/defaults/main.yml @@ -4,7 +4,7 @@ tower_name: '' # Required: specify a pre-created PVC (name) to restore from tower_backup_pvc: '' -tower_backup_pvc_namespace: 'default' +tower_backup_pvc_namespace: '' # TODO: If the backup_dir is not provided, it should default to the most recent backup based on the timestamp at the end of the file name. # Required: backup name, found on the awxbackup object @@ -13,7 +13,10 @@ tower_backup_dir: '' # TODO: Should we add a unique id at the end of the secret when backing up, then use it here? # or will that make future backups more complicated because the user will have to specify the names of all the secrets? # Names of any secrets you want to use instead of the ones in the backup -tower_secret_key_secret: "{{ tower_name }}-secret-key" + +# TODO: Is this necessary? User's will be able to use the rekey role + tower_admin_password_secret: "{{ tower_name }}-admin-password" -tower_broadcast_websocket_secret: "{{ tower_name }}-broadcast-websocket" tower_postgres_configuration_secret: "{{ tower_name }}-postgres-configuration" +tower_secret_key_secret: "{{ tower_name }}-secret-key" +tower_broadcast_websocket_secret: "{{ tower_name }}-broadcast-websocket" diff --git a/roles/restore/tasks/deploy_awx.yml b/roles/restore/tasks/deploy_awx.yml index 4332c5e3..5d59ef9a 100644 --- a/roles/restore/tasks/deploy_awx.yml +++ b/roles/restore/tasks/deploy_awx.yml @@ -15,7 +15,7 @@ - name: Deploy AWX k8s: state: "{{ state | default('present') }}" - namespace: "{{ meta.namespace | default('default') }}" + namespace: "{{ meta.namespace }}" apply: yes template: awx_object.yml.j2 wait: true diff --git a/roles/restore/tasks/init.yml b/roles/restore/tasks/init.yml index 5bde9fae..c45f7fed 100644 --- a/roles/restore/tasks/init.yml +++ b/roles/restore/tasks/init.yml @@ -74,9 +74,3 @@ when: - tower_backup_dir != '' - stat_backup_dir.return_code != 0 - -- name: Make temp definitions directory - tempfile: - prefix: "definitions-" - state: directory - register: definitions_dir diff --git a/roles/restore/tasks/secrets.yml b/roles/restore/tasks/secrets.yml index 1a9cd864..c703de04 100644 --- a/roles/restore/tasks/secrets.yml +++ b/roles/restore/tasks/secrets.yml @@ -31,7 +31,7 @@ - name: Apply secret k8s: state: present - namespace: "{{ meta.namespace | default('default') }}" + namespace: "{{ meta.namespace }}" apply: yes wait: yes template: "secrets.yml.j2"