The default paramater from the jinja map filter has been added in the
2.11.0 release.
However, the downstream ansible operator is still using ansible 2.9
with jinja 2.10.x so using the default parameter leads to the
following error:
TASK [Dump ingress tls secret names from awx spec and data into file]
********************************
The error was: jinja2.exceptions.FilterArgumentError: Unexpected
keyword argument 'default'
fatal: [localhost]: FAILED! => {
"msg": "Unexpected failure during module execution.",
"stdout": ""
}
Rather than using the default parameter with the map filter then add the
selectattr filter to get only the items with tls_secret defined and then
get the tls_secret attribute with the map filter.
This also gets rid of the when statement since we always get an empty
list when no tls_secret are present in ingress_hosts so the loop statement
will be skipped on the empty list.
Finally this changes the default value from the ingress_hosts field because
it's a list rather than a string.
https://jinja.palletsprojects.com/en/latest/templates/#jinja-filters.map
Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
adding new variables for redhat hybrid cloud console shipping
simplifying configmap and secret setup
making pvc creation conditional on ship_target type being directory
Add postgres init container if
postgres_data_volume_init is true
This is aimed to solve the issue where users may
need to chmod or chown the postgres
data volume for user 26, which is the user
that is running postgres in the sclorg image.
For example, one can now set the follow on the AWX spec:
spec:
postgres_init_container_commands: |
chown 26:0 /var/lib/pgsql/data
chmod 700 /var/lib/pgsql/data
Deprecate postgres_init_container_resource_requirements param in favor
of postgres_resource_requirements param.
Signed-off-by: Seth Foster <fosterbseth@gmail.com>
Co-authored-by: craph <14820052+craph@users.noreply.github.com>
Co-authored-by: kurokobo <kuro664@gmail.com>
Co-authored-by: Christian M. Adams <chadams@redhat.com>
* in the sclorg Postgresql 15 image, the PGDATA directory is hardcoded
* if users were to modify this directory, they would only change the
directory the pvc is mounted to, not the directory PostgreSQL uses.
This would result in loss of data.
* switch from /var/lib/pgsql/data/pgdata to /var/lib/pgsql/data/userdata
With ansible 2.9.27 (operator-sdk v1.27.0) then the reverse filter
returns an iterator so we need to cast it to list.
The behavior doesn't exist when using a more recent operator-sdk
version like v1.34.0 (ansible-core 2.15.8) but using the list
filter on that version works too (even if not needed)
"sorted_old_postgres_pods": "<list_reverseiterator object at 0x7f539eaa5610>"
Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
* Change default value for postgres_data_path
/var/lib/postgresql/data/pgdata
to
/var/lib/pgsql/data/pgdata
postgres 15 uses a different location for
postgres data directory.
Fixes issue were database was not being written
to the mounted in volume, and if the postgres
container restarted, data would be lost.
Signed-off-by: Seth Foster <fosterbseth@gmail.com>
---------
Signed-off-by: Seth Foster <fosterbseth@gmail.com>
Co-authored-by: Hao Liu <44379968+TheRealHaoLiu@users.noreply.github.com>
Leave old postgres-13 volume alone in case of unforseen upgrade failure for restore purposes
User can manually delete old PVC after verifying upgrade is completed
- This will avoid the operator changing the host value of the original
deployments postgres_configuration_secret. As it was, restores broke
the original deployment if it was still around before this change.
Signed-off-by: Christian M. Adams <chadams@redhat.com>
* Fix awx_kube_devel
* Sanitize version name for kube_dev
When in development mode, awx version may look
like 23.9.1.dev18+gee9eac15dc.d20240311
k8s job to the migration can only have
a name with alphanumeric, and '.', '-'
so we can just drop off the +
Signed-off-by: Seth Foster <fosterbseth@gmail.com>
---------
Signed-off-by: Seth Foster <fosterbseth@gmail.com>
Co-authored-by: Seth Foster <fosterbseth@gmail.com>
* bind ee_images, control_plane_ee_image and init_container_image with DEFAULT_AWX_VERSION instead of "latest"
* fix when condition on init_container_image_version check
* Use DEFAULT_AWX_VERSION for AWXMeshIngress
* Add back AWX EE latest for backward compatibility
---------
Co-authored-by: Hao Liu <44379968+TheRealHaoLiu@users.noreply.github.com>
* Upgrading to postgres:15
* Changing image from postgres to sclorg
* Handle scenario where upgrade status is not defined & correct pg tag
* Rework the upgrade logic to be more resiliant for multiple upgrades
---------
Co-authored-by: john-westcott-iv <john-westcott-iv@users.noreply.github.com>
Co-authored-by: Christian M. Adams <chadams@redhat.com>
* Previously, the nginx location would match on /foo/websocket... or
/foo/api/websocket... Now, we require these two paths to start at the
root i.e. <host>/websocket/... /api/websocket/...
* Note: We now also require an ending / and do NOT support
<host>/websocket_foobar but DO support <host>/websocket/foobar. This
was always the intended behavior. We want to keep
<host>/api/websocket/... "open" and routing to daphne in case we want
to add more websocket urls in the future.
* fix: correct port number for internal receptor address
* feat: add support for ingress for awxmeshingress cr
* feat: add support for ingressroutetcp (for traefik) for awxmeshingress cr
When pod loses connection with k8s api server,
a statefulset can take a while (5 minutes) before
it is rescheduled. Deployments quicker turnaround
in this situation, which should help mesh
stability.
Signed-off-by: Seth Foster <fosterbseth@gmail.com>
The mesh role now calls
1. awx-manage provision instance to register the hop
node to the database
2. awx-manage add_receptor_address to register the
internal address
3. awx-manage add_receptor_address to register the
external address (to be used by remote nodes)
CRD expanded to include external_ipaddress and
external_hostname
external_ipaddress is added as ipaddress in the
hop node certificate
external_hostname is added as dnsname in the
hop node certificate
the mesh role now checks for is_openshift and
only creates a Route if true. Otherwise it
will use external_hostname set in the spec
file in place of Route name.
Signed-off-by: Seth Foster <fosterbseth@gmail.com>
sample are used in CI for validation test
in current implementation we only support openshift route this will not work on kind clusters correctly and having the sample is causing CI failure
* Replace api version for deployment kind to apps/v1
* Add new multiple ingress spec and deprecate hostname and ingress_tls_secret
* Manage new ingress_hosts.tls_secret backup separately
* Fix ci molecule lint warnings and error
* Fix documentation
* Fix ingress_hosts tls_secret key being optional
* Remove fieldDependency:ingress_type:Ingress for Ingress Hosts
* Fix scenario when neither hostname or ingress_hosts is defined
---------
Co-authored-by: Guillaume Lefevre <guillaume.lefevre@agoda.com>
Co-authored-by: Seth Foster <fosterseth@users.noreply.github.com>
Co-authored-by: Christian Adams <chadams@redhat.com>
