internet/awx-operator
3
0
Fork 0
mirror of https://github.com/ansible/awx-operator.git synced 2026-03-27 05:43:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: internet:0.13.0
Branches Tags
internet:devel internet:TheRealHaoLiu-CI-test-10302025 internet:uwsgi_configurable_timeout internet:dependabot/github_actions/dependencies-c216064e94 internet:dependabot/pip/docs/dependencies-9f52a38f71 internet:test-python-module-fix internet:feature_receptor-collection-python-311 internet:pg-dump-restore-in-job internet:checkpoint_v1 internet:fix-helm-release-again internet:docs-for-port-quotes internet:update-gh-pages-urls internet:pr-check-capacity-fix internet:awx-ee-latest internet:shanemcd-patch-1
internet:2.19.1 internet:2.19.0 internet:2.18.0 internet:2.17.0 internet:2.16.1 internet:2.16.0 internet:2.15.0 internet:2.14.0 internet:2.13.1 internet:2.13.0 internet:2.12.2 internet:2.12.1 internet:2.12.0 internet:2.11.0 internet:2.10.0 internet:2.9.0 internet:2.8.0 internet:2.7.2 internet:2.7.1 internet:2.7.0 internet:2.6.0 internet:2.5.3 internet:2.5.2 internet:2.5.1 internet:2.5.0 internet:2.4.0 internet:2.3.0 internet:2.2.1 internet:2.2.0 internet:2.1.0 internet:2.0.1 internet:2.0.0 internet:1.4.0 internet:1.3.0 internet:1.2.0 internet:1.1.4 internet:1.1.3 internet:1.1.2 internet:1.1.1 internet:1.1.0 internet:1.0.0 internet:0.30.0 internet:0.29.0 internet:0.28.0 internet:0.27.0 internet:0.26.0 internet:0.25.0 internet:0.24.0 internet:0.23.0 internet:0.22.0 internet:0.21.0 internet:0.20.2 internet:0.20.1 internet:0.20.0 internet:0.19.0 internet:0.18.0 internet:0.17.0 internet:0.16.1 internet:0.16.0 internet:0.15.0 internet:0.14.0 internet:0.13.0 internet:0.12.0 internet:0.11.0 internet:0.10.0 internet:0.9.0 internet:0.8.0 internet:0.7.0 internet:0.6.0
..
compare: internet:shanemcd-patch-1
Branches Tags
internet:devel internet:TheRealHaoLiu-CI-test-10302025 internet:uwsgi_configurable_timeout internet:dependabot/github_actions/dependencies-c216064e94 internet:dependabot/pip/docs/dependencies-9f52a38f71 internet:test-python-module-fix internet:feature_receptor-collection-python-311 internet:pg-dump-restore-in-job internet:checkpoint_v1 internet:fix-helm-release-again internet:docs-for-port-quotes internet:update-gh-pages-urls internet:pr-check-capacity-fix internet:awx-ee-latest internet:shanemcd-patch-1
internet:2.19.1 internet:2.19.0 internet:2.18.0 internet:2.17.0 internet:2.16.1 internet:2.16.0 internet:2.15.0 internet:2.14.0 internet:2.13.1 internet:2.13.0 internet:2.12.2 internet:2.12.1 internet:2.12.0 internet:2.11.0 internet:2.10.0 internet:2.9.0 internet:2.8.0 internet:2.7.2 internet:2.7.1 internet:2.7.0 internet:2.6.0 internet:2.5.3 internet:2.5.2 internet:2.5.1 internet:2.5.0 internet:2.4.0 internet:2.3.0 internet:2.2.1 internet:2.2.0 internet:2.1.0 internet:2.0.1 internet:2.0.0 internet:1.4.0 internet:1.3.0 internet:1.2.0 internet:1.1.4 internet:1.1.3 internet:1.1.2 internet:1.1.1 internet:1.1.0 internet:1.0.0 internet:0.30.0 internet:0.29.0 internet:0.28.0 internet:0.27.0 internet:0.26.0 internet:0.25.0 internet:0.24.0 internet:0.23.0 internet:0.22.0 internet:0.21.0 internet:0.20.2 internet:0.20.1 internet:0.20.0 internet:0.19.0 internet:0.18.0 internet:0.17.0 internet:0.16.1 internet:0.16.0 internet:0.15.0 internet:0.14.0 internet:0.13.0 internet:0.12.0 internet:0.11.0 internet:0.10.0 internet:0.9.0 internet:0.8.0 internet:0.7.0 internet:0.6.0

1 Commits
0.13.0 ... shanemcd-p

Author SHA1 Message Date
Shane McDonald
b7c67e75a4 TEST - DNM 2021-06-23 16:11:33 -04:00
40 changed files with 137 additions and 384 deletions
Expand all files Collapse all files

155
README.md
View File

@@ -2,6 +2,7 @@
[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) [![Build Status](https://github.com/ansible/awx-operator/workflows/CI/badge.svg?event=push)](https://github.com/ansible/awx-operator/actions)
An [Ansible AWX](https://github.com/ansible/awx) operator for Kubernetes built with [Operator SDK](https://github.com/operator-framework/operator-sdk) and Ansible.
# Table of Contents
@@ -78,11 +79,11 @@ $ minikube start --addons=ingress --cpus=4 --cni=flannel --install-addons=true \
Once Minikube is deployed, check if the node(s) and `kube-apiserver` communication is working as expected.
```bash
$ minikube kubectl -- get nodes
$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
minikube Ready control-plane,master 6m28s v1.20.2
$ minikube kubectl -- get pods -A
$ kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
ingress-nginx ingress-nginx-admission-create-tjk94 0/1 Completed 0 6m4s
ingress-nginx ingress-nginx-admission-patch-r4pl6 0/1 Completed 0 6m4s
@@ -97,14 +98,6 @@ kube-system kube-scheduler-minikube 1/1 Running
kube-system storage-provisioner 1/1 Running 1 6m17s
```
It is not required for `kubectl` to be separately installed since it comes already wrapped inside minikube. As demonstrated above, simply prefix `minikube kubectl --` before kubectl command, i.e. `kubectl get nodes` would become `minikube kubectl -- get nodes`
Let's create an alias for easier usage:
```bash
$ alias kubectl="minikube kubectl --"
```
Now you need to deploy AWX Operator into your cluster. Start by going to https://github.com/ansible/awx-operator/releases and making note of the latest release. Replace `<TAG>` in the URL `https://raw.githubusercontent.com/ansible/awx-operator/<TAG>/deploy/awx-operator.yaml` with the version you are deploying.
```bash
@@ -276,7 +269,6 @@ The following variables are customizable when `ingress_type=ingress`. The `ingre
| ingress_annotations | Ingress annotations | Empty string |
| ingress_tls_secret | Secret that contains the TLS information | Empty string |
| hostname | Define the FQDN | {{ meta.name }}.example.com |
| ingress_path | Define the ingress path to the service | / |
```yaml
---
@@ -543,7 +535,7 @@ To create the secret, you can use the command below:
```sh
# kubectl create secret generic <resourcename>-custom-certs \
--from-file=ldap-ca.crt=<PATH/TO/YOUR/CA/PEM/FILE> \
--from-file=bundle-ca.crt=<PATH/TO/YOUR/CA/PEM/FILE>
--from-fle=bundle-ca.crt=<PATH/TO/YOUR/CA/PEM/FILE>
```
#### Persisting Projects Directory
@@ -573,20 +565,58 @@ spec:
In a scenario where custom volumes and volume mounts are required to either overwrite defaults or mount configuration files.
| Name | Description | Default |
| --------------------------------- | -------------------------------------------------------- | ------- |
| extra_volumes | Specify extra volumes to add to the application pod | '' |
| web_extra_volume_mounts | Specify volume mounts to be added to Web container | '' |
| task_extra_volume_mounts | Specify volume mounts to be added to Task container | '' |
| ee_extra_volume_mounts | Specify volume mounts to be added to Execution container | '' |
| init_container_extra_volume_mounts| Specify volume mounts to be added to Init container | '' |
| init_container_extra_commands | Specify additional commands for Init container | '' |
> :warning: The `ee_extra_volume_mounts` and `extra_volumes` will only take effect to the globally available Execution Environments. For custom `ee`, please [customize the Pod spec](https://docs.ansible.com/ansible-tower/latest/html/administration/external_execution_envs.html#customize-the-pod-spec).
| Name | Description | Default |
| ------------------------------ | -------------------------------------------------------- | ------- |
| extra_volumes | Specify extra volumes to add to the application pod | '' |
| web_extra_volume_mounts | Specify volume mounts to be added to Web container | '' |
| task_extra_volume_mounts | Specify volume mounts to be added to Task container | '' |
| ee_extra_volume_mounts | Specify volume mounts to be added to Execution container | '' |
Example configuration for ConfigMap
#### Default execution environments from private registries
In order to register default execution environments from private registries, the Custom Resource needs to know about the pull credentials. Those credentials should be stored as a secret and either specified as `ee_pull_credentials_secret` at the CR spec level, or simply be present on the namespace under the name `<resourcename>-ee-pull-credentials` . Instance initialization will register a `Container registry` type credential on the deployed instance and assign it to the registered default execution environments.
The secret should be formated as follows:
```yaml
---
apiVersion: v1
kind: Secret
metadata:
name: <resourcename>-ee-pull-credentials
namespace: <target namespace>
stringData:
url: <registry url. i.e. quay.io>
username: <username to connect as>
password: <password to connect with>
ssl_verify: <Optional attribute. Whether verify ssl connection or not. Accepted values "True" (default), "False" >
type: Opaque
```
##### Control plane ee from private registry
The images listed in "ee_images" will be added as globally available Execution Environments. The "control_plane_ee_image" will be used to run project updates. In order to use a private image for any of these you'll need to use `image_pull_secret` to provide a k8s pull secret to access it. Currently the same secret is used for any of these images supplied at install time.
You can create `image_pull_secret`
```
kubectl create secret <resoucename>-cp-pull-credentials regcred --docker-server=<your-registry-server> --docker-username=<your-name> --docker-password=<your-pword> --docker-email=<your-email>
```
If you need more control (for example, to set a namespace or a label on the new secret) then you can customise the Secret before storing it
```yaml
---
apiVersion: v1
kind: Secret
metadata:
name: <resoucename>-cp-pull-credentials
namespace: <target namespace>
data:
.dockerconfigjson: <base64 docker config>
type: kubernetes.io/dockerconfigjson
```
Example spec file extra-config
```yaml
---
apiVersion: v1
@@ -610,6 +640,16 @@ Example spec file for volumes and volume mounts
---
spec:
...
ee_extra_volume_mounts: |
- name: ansible-cfg
mountPath: /etc/ansible/ansible.cfg
subPath: ansible.cfg
task_extra_volume_mounts: |
- name: custom-py
mountPath: /etc/tower/conf.d/custom.py
subPath: custom.py
extra_volumes: |
- name: ansible-cfg
configMap:
@@ -625,78 +665,11 @@ Example spec file for volumes and volume mounts
- key: custom.py
path: custom.py
name: <resourcename>-extra-config
- name: shared-volume
persistentVolumeClaim:
claimName: my-external-volume-claim
init_container_extra_volume_mounts: |
- name: shared-volume
mountPath: /shared
init_container_extra_commands: |
# set proper permissions (rwx) for the awx user
chmod 775 /shared
chgrp 1000 /shared
ee_extra_volume_mounts: |
- name: ansible-cfg
mountPath: /etc/ansible/ansible.cfg
subPath: ansible.cfg
task_extra_volume_mounts: |
- name: custom-py
mountPath: /etc/tower/conf.d/custom.py
subPath: custom.py
- name: shared-volume
mountPath: /shared
```
> :warning: **Volume and VolumeMount names cannot contain underscores(_)**
#### Default execution environments from private registries
In order to register default execution environments from private registries, the Custom Resource needs to know about the pull credentials. Those credentials should be stored as a secret and either specified as `ee_pull_credentials_secret` at the CR spec level, or simply be present on the namespace under the name `<resourcename>-ee-pull-credentials` . Instance initialization will register a `Container registry` type credential on the deployed instance and assign it to the registered default execution environments.
The secret should be formated as follows:
```yaml
---
apiVersion: v1
kind: Secret
metadata:
name: <resourcename>-ee-pull-credentials
namespace: <target namespace>
stringData:
url: <registry url. i.e. quay.io>
username: <username to connect as>
password: <password to connect with>
ssl_verify: <Optional attribute. Whether verify ssl connection or not. Accepted values "True" (default), "False" >
type: Opaque
```
##### Control plane ee from private registry
The images listed in "ee_images" will be added as globally available Execution Environments. The "control_plane_ee_image" will be used to run project updates. In order to use a private image for any of these you'll need to use `image_pull_secret` to provide a k8s pull secret to access it. Currently the same secret is used for any of these images supplied at install time.
You can create `image_pull_secret`
```
kubectl create secret <resoucename>-cp-pull-credentials regcred --docker-server=<your-registry-server> --docker-username=<your-name> --docker-password=<your-pword> --docker-email=<your-email>
```
If you need more control (for example, to set a namespace or a label on the new secret) then you can customise the Secret before storing it
Example spec file extra-config
```yaml
---
apiVersion: v1
kind: Secret
metadata:
name: <resoucename>-cp-pull-credentials
namespace: <target namespace>
data:
.dockerconfigjson: <base64 docker config>
type: kubernetes.io/dockerconfigjson
```
#### Exporting Environment Variables to Containers
If you need to export custom environment variables to your containers.
@@ -707,8 +680,6 @@ If you need to export custom environment variables to your containers.
| web_extra_env | Environment variables to be added to Web container | '' |
| ee_extra_env | Environment variables to be added to EE container | '' |
> :warning: The `ee_extra_env` will only take effect to the globally available Execution Environments. For custom `ee`, please [customize the Pod spec](https://docs.ansible.com/ansible-tower/latest/html/administration/external_execution_envs.html#customize-the-pod-spec).
Example configuration of environment variables
```yaml

2
ansible/group_vars/all
View File

@@ -1,4 +1,4 @@
operator_image: quay.io/ansible/awx-operator
operator_version: 0.13.0
operator_version: 0.11.0
pull_policy: Always
ansible_debug_logs: "false"

11
ansible/templates/crd.yml.j2
View File

@@ -86,9 +86,6 @@ spec:
- ingress
- Route
- route
ingress_path:
description: The ingress path used to reach the deployed service
type: string
ingress_annotations:
description: Annotations to add to the Ingress Controller
type: string
@@ -294,12 +291,6 @@ spec:
init_container_image_version:
description: Init container image version to use
type: string
init_container_extra_commands:
description: Extra commands for the init container
type: string
init_container_extra_volume_mounts:
description: Specify volume mounts to be added to the init container
type: string
postgres_image:
description: Registry path to the PostgreSQL container to use
type: string
@@ -393,7 +384,7 @@ spec:
setting:
type: string
value:
x-kubernetes-preserve-unknown-fields: true
type: string
type: object
type: array
type: object

15
deploy/awx-operator.yaml
View File

@@ -88,9 +88,6 @@ spec:
- ingress
- Route
- route
ingress_path:
description: The ingress path used to reach the deployed service
type: string
ingress_annotations:
description: Annotations to add to the Ingress Controller
type: string
@@ -296,12 +293,6 @@ spec:
init_container_image_version:
description: Init container image version to use
type: string
init_container_extra_commands:
description: Extra commands for the init container
type: string
init_container_extra_volume_mounts:
description: Specify volume mounts to be added to the init container
type: string
postgres_image:
description: Registry path to the PostgreSQL container to use
type: string
@@ -395,7 +386,7 @@ spec:
setting:
type: string
value:
x-kubernetes-preserve-unknown-fields: true
type: string
type: object
type: array
type: object
@@ -729,7 +720,7 @@ spec:
serviceAccountName: awx-operator
containers:
- name: awx-operator
image: "quay.io/ansible/awx-operator:0.13.0"
image: "quay.io/ansible/awx-operator:0.11.0"
imagePullPolicy: "Always"
volumeMounts:
- mountPath: /tmp/ansible-operator/runner
@@ -747,7 +738,7 @@ spec:
- name: ANSIBLE_GATHERING
value: explicit
- name: OPERATOR_VERSION
value: "0.13.0"
value: "0.11.0"
- name: ANSIBLE_DEBUG_LOGS
value: "false"
livenessProbe:

11
deploy/crds/awx_v1beta1_crd.yaml
View File

@@ -86,9 +86,6 @@ spec:
- ingress
- Route
- route
ingress_path:
description: The ingress path used to reach the deployed service
type: string
ingress_annotations:
description: Annotations to add to the Ingress Controller
type: string
@@ -294,12 +291,6 @@ spec:
init_container_image_version:
description: Init container image version to use
type: string
init_container_extra_commands:
description: Extra commands for the init container
type: string
init_container_extra_volume_mounts:
description: Specify volume mounts to be added to the init container
type: string
postgres_image:
description: Registry path to the PostgreSQL container to use
type: string
@@ -393,7 +384,7 @@ spec:
setting:
type: string
value:
x-kubernetes-preserve-unknown-fields: true
type: string
type: object
type: array
type: object

67
deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml
View File

@@ -39,7 +39,7 @@ metadata:
capabilities: Basic Install
operators.operatorframework.io/builder: operator-sdk-v0.19.4
operators.operatorframework.io/project_layout: ansible
name: awx-operator.v0.13.0
name: awx-operator.v0.11.0
namespace: placeholder
spec:
apiservicedefinitions: {}
@@ -78,16 +78,6 @@ spec:
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: PostgreSQL Image
path: postgres_image
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: PostgreSQL Image Version
path: postgres_image_version
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
statusDescriptors:
- description: The persistent volume claim name used during backup
displayName: Backup claim
@@ -114,19 +104,21 @@ spec:
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:backup_source:CR
- displayName: Name of newly restored deployment
- displayName: Deployment name
path: deployment_name
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:backup_source:PVC
- displayName: Backup persistent volume claim
path: backup_pvc
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:backup_source:PVC
- displayName: Backup namespace
- displayName: Backup persistent volume claim namespace
path: backup_pvc_namespace
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:backup_source:PVC
- displayName: Backup directory in the persistent volume claim
path: backup_dir
x-descriptors:
@@ -136,16 +128,6 @@ spec:
path: postgres_label_selector
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: PostgreSQL Image
path: postgres_image
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: PostgreSQL Image Version
path: postgres_image_version
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
statusDescriptors:
- description: The state of the restore
displayName: Restore status
@@ -276,7 +258,7 @@ spec:
path: image_pull_secret
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:Secret
- urn:alm:descriptor:com.tectonic.ui:imagePullSecret
- displayName: Web container resource requirements
path: web_resource_requirements
x-descriptors:
@@ -553,35 +535,6 @@ spec:
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- description: Registry path to the init container to use
displayName: Init Container Image
path: init_container_image
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- description: Init container image version to use
displayName: Init Container Image Version
path: init_container_image_version
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- description: Specify Extra commands for the Init container
displayName: Init Container Extra Commands
path: init_container_extra_commands
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- description: Specify volume mounts to be added to Init container
displayName: Init Container Extra Volume Mounts
path: init_container_extra_volume_mounts
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- description: Secret where can be found the trusted Certificate Authority Bundle
path: bundle_cacert_secret
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:Secret
statusDescriptors:
- description: Route to access the instance deployed
displayName: URL
@@ -725,10 +678,10 @@ spec:
- name: ANSIBLE_GATHERING
value: explicit
- name: OPERATOR_VERSION
value: 0.13.0
value: 0.11.0
- name: ANSIBLE_DEBUG_LOGS
value: "false"
image: quay.io/ansible/awx-operator:0.13.0
image: quay.io/ansible/awx-operator:0.11.0
imagePullPolicy: Always
livenessProbe:
httpGet:
@@ -767,5 +720,5 @@ spec:
provider:
name: AWX Community
url: https://github.com/ansible/awx-operator
replaces: awx-operator.v0.12.0
version: 0.13.0
replaces: awx-operator.v0.10.0
version: 0.11.0

16
deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml
View File

@@ -36,8 +36,7 @@ spec:
description: Secret where the broadcast websocket secret can be found
type: string
bundle_cacert_secret:
description: Secret where can be found the trusted Certificate Authority
Bundle
description: Secret where can be found the trusted Certificate Authority Bundle
type: string
ca_trust_bundle:
description: Path where the trusted CA bundle is available
@@ -105,7 +104,7 @@ spec:
setting:
type: string
value:
x-kubernetes-preserve-unknown-fields: true
type: string
type: object
type: array
extra_volumes:
@@ -141,9 +140,6 @@ spec:
ingress_annotations:
description: Annotations to add to the Ingress Controller
type: string
ingress_path:
description: The ingress path used to reach the deployed service
type: string
ingress_tls_secret:
description: Secret where the Ingress TLS secret can be found
type: string
@@ -156,17 +152,11 @@ spec:
- Route
- route
type: string
init_container_extra_commands:
description: Extra commands for the init container
type: string
init_container_extra_volume_mounts:
description: Specify volume mounts to be added to the init container
type: string
init_container_image:
description: Registry path to the init container to use
type: string
init_container_image_version:
description: Init container image version to use
description: Initcontainer image version to use
type: string
kind:
description: Kind of the deployment type

2
requirements.yml
View File

@@ -1,6 +1,6 @@
---
collections:
- name: kubernetes.core
version: '==1.1.1'
version: '==1.2.1'
- name: operator_sdk.util
version: '==0.1.0'

15
roles/backup/tasks/awx-cro.yml
View File

@@ -10,25 +10,24 @@
- name: Set AWX object
set_fact:
_awx: "{{ this_awx['resources'][0]['spec'] }}"
_awx: "{{ _awx_cro['resources'][0] }}"
- name: Set user specified spec
set_fact:
awx_spec: "{{ _awx['spec'] }}"
- name: Set names of backed up secrets in the CR spec
set_fact:
_awx: "{{ _awx | combine ({ item.key : item.value }) }}"
awx_spec: "{{ awx_spec | combine ({ item.key : item.value }) }}"
with_items:
- {"key": "secret_key_secret", "value": "{{ this_awx['resources'][0]['status']['secretKeySecret'] }}"}
- {"key": "admin_password_secret", "value": "{{ this_awx['resources'][0]['status']['adminPasswordSecret'] }}"}
- {"key": "broadcast_websocket_secret", "value": "{{ this_awx['resources'][0]['status']['broadcastWebsocketSecret'] }}"}
- {"key": "postgres_configuration_secret", "value": "{{ this_awx['resources'][0]['status']['postgresConfigurationSecret'] }}"}
- name: Set AWX object
set_fact:
awx_spec:
spec: "{{ _awx }}"
- name: Write awx object to pvc
k8s_exec:
namespace: "{{ backup_pvc_namespace }}"
pod: "{{ meta.name }}-db-management"
command: >-
bash -c 'echo "$0" > {{ backup_dir }}/awx_object' {{ awx_spec | to_yaml | quote }}
bash -c 'echo "$0" > {{ backup_dir }}/awx_object' {{ awx_spec | quote }}

6
roles/backup/tasks/dump_generated_secret.yml
View File

@@ -25,15 +25,11 @@
namespace: '{{ meta.namespace }}'
name: "{{ _name }}"
register: _secret
no_log: true
- name: Set secret data
set_fact:
_data: "{{ _secret['resources'][0]['data'] }}"
_type: "{{ _secret['resources'][0]['type'] }}"
no_log: true
- name: Create and Add secret names and data to dictionary
set_fact:
secret_dict: "{{ secret_dict | default({}) | combine({ item: {'name': _name, 'data': _data, 'type': _type }}) }}"
no_log: true
secret_dict: "{{ secret_dict | default({}) | combine({ item: {'name': _name, 'data': _data }}) }}"

10
roles/backup/tasks/dump_secret.yml
View File

@@ -2,9 +2,9 @@
- name: Get Secret Name
set_fact:
_name: "{{ awx_spec.spec[item] | default('') }}"
_name: "{{ awx_spec[item] | default('') }}"
- name: Backup secret if defined
- name: Skip if secret name not defined
block:
- name: Get secret
k8s_info:
@@ -13,16 +13,12 @@
namespace: '{{ meta.namespace }}'
name: "{{ _name }}"
register: _secret
no_log: true
- name: Set secret key
set_fact:
_data: "{{ _secret['resources'][0]['data'] }}"
_type: "{{ _secret['resources'][0]['type'] }}"
no_log: true
- name: Create and Add secret names and data to dictionary
set_fact:
secret_dict: "{{ secret_dict | default({}) | combine({item: { 'name': _name, 'data': _data, 'type': _type }}) }}"
no_log: true
secret_dict: "{{ secret_dict | default({}) | combine({item: { 'name': _name, 'data': _data }}) }}"
when: _name != ''

19
roles/backup/tasks/init.yml
View File

@@ -45,21 +45,10 @@
set_fact:
backup_claim: "{{ backup_pvc | default(_default_backup_pvc, true) }}"
- block:
- name: Create PVC for backup
k8s:
kind: PersistentVolumeClaim
template: "backup_pvc.yml.j2"
- name: Remove PVC ownerReference
k8s:
definition:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: '{{ deployment_name }}-backup-claim'
namespace: '{{ backup_pvc_namespace }}'
ownerReferences: null
- name: Create PVC for backup
k8s:
kind: PersistentVolumeClaim
template: "backup_pvc.yml.j2"
when:
- backup_pvc == '' or backup_pvc is not defined

5
roles/backup/tasks/postgres.yml
View File

@@ -6,7 +6,6 @@
namespace: '{{ meta.namespace }}'
name: "{{ this_awx['resources'][0]['status']['postgresConfigurationSecret'] }}"
register: pg_config
no_log: true
- name: Fail if postgres configuration secret status does not exist
fail:
@@ -21,7 +20,6 @@
awx_postgres_port: "{{ pg_config['resources'][0]['data']['port'] | b64decode }}"
awx_postgres_host: "{{ pg_config['resources'][0]['data']['host'] | b64decode }}"
awx_postgres_type: "{{ pg_config['resources'][0]['data']['type'] | default('unmanaged'|b64encode) | b64decode }}"
no_log: true
- block:
- name: Delete pod to reload a resource configuration
@@ -79,7 +77,6 @@
- name: Set full resolvable host name for postgres pod
set_fact:
resolvable_db_host: '{{ (awx_postgres_type == "managed") | ternary(awx_postgres_host + "." + meta.namespace + ".svc.cluster.local", awx_postgres_host) }}' # noqa 204
no_log: true
- name: Set pg_dump command
set_fact:
@@ -90,7 +87,6 @@
-d {{ awx_postgres_database }}
-p {{ awx_postgres_port }}
-F custom
no_log: true
- name: Write pg_dump to backup on PVC
k8s_exec:
@@ -103,5 +99,4 @@
echo 'Successful'
"""
register: data_migration
no_log: true
failed_when: "'Successful' not in data_migration.stdout"

5
roles/backup/tasks/secrets.yml
View File

@@ -18,16 +18,12 @@
include_tasks: dump_secret.yml
loop:
- route_tls_secret
- ingress_tls_secret
- ldap_cacert_secret
- bundle_cacert_secret
- image_pull_secret
- ee_pull_credentials_secret
- name: Nest secrets under a single variable
set_fact:
secrets: {"secrets": '{{ secret_dict }}'}
no_log: true
- name: Write postgres configuration to pvc
k8s_exec:
@@ -35,4 +31,3 @@
pod: "{{ meta.name }}-db-management"
command: >-
bash -c "echo '{{ secrets | to_yaml }}' > {{ backup_dir }}/secrets.yml"
no_log: true

26
roles/installer/defaults/main.yml
View File

@@ -9,7 +9,7 @@ database_username: "{{ deployment_type }}"
task_privileged: false
service_type: ClusterIP
ingress_type: none
ingress_path: '/'
# Add annotations to the service account. Specify as literal block. E.g.:
# service_account_annotations: |
# eks.amazonaws.com/role-arn: arn:aws:iam::<ACCOUNT_ID>:role/<IAM_ROLE_NAME>
@@ -106,7 +106,7 @@ extra_volumes: ''
# Use these image versions for Ansible AWX.
image: quay.io/ansible/awx
image_version: 19.3.0
image_version: 19.2.1
redis_image: docker.io/redis
redis_image_version: latest
postgres_image: postgres
@@ -116,27 +116,11 @@ init_container_image_version: 8
image_pull_policy: IfNotPresent
image_pull_secret: ''
# Extra commands which will be appended to the initContainer
# Make sure that each command entered return an exit code 0
# otherwise the initContainer will fail
# init_container_extra_commands: |
# date >> /var/lib/awx/projects/timestamp
# chgrp 1000 /shared
# chmod 775 /shared
init_container_extra_commands: ''
# Mount extra volumes on the initContainer.
# The volume used must be defined as an `extra_volumes` resource
# init_container_extra_volume_mounts: |
# - name: shared-vol
# mountPath: /shared
init_container_extra_volume_mounts: ''
ee_images:
- name: AWX EE (latest)
image: quay.io/ansible/awx-ee:latest
- name: AWX EE 0.4.0
image: quay.io/ansible/awx-ee:0.4.0
control_plane_ee_image: quay.io/ansible/awx-ee:latest
control_plane_ee_image: quay.io/ansible/awx-ee:0.4.0
create_preload_data: true

7
roles/installer/tasks/admin_password_configuration.yml
View File

@@ -5,7 +5,6 @@
namespace: '{{ meta.namespace }}'
name: '{{ admin_password_secret }}'
register: _custom_admin_password
no_log: true
when: admin_password_secret | length
- name: Check for default admin password configuration
@@ -14,19 +13,16 @@
namespace: '{{ meta.namespace }}'
name: '{{ meta.name }}-admin-password'
register: _default_admin_password
no_log: true
- name: Set admin password secret
set_fact:
_admin_password_secret: '{{ _custom_admin_password["resources"] | default([]) | length | ternary(_custom_admin_password, _default_admin_password) }}'
no_log: true
- block:
- name: Create admin password secret
k8s:
apply: true
definition: "{{ lookup('template', 'admin_password_secret.yaml.j2') }}"
no_log: true
- name: Read admin password secret
k8s_info:
@@ -34,16 +30,13 @@
namespace: '{{ meta.namespace }}'
name: '{{ meta.name }}-admin-password'
register: _generated_admin_password
no_log: true
when: not _admin_password_secret['resources'] | default([]) | length
- name: Set admin password secret
set_fact:
__admin_password_secret: '{{ _generated_admin_password["resources"] | default([]) | length | ternary(_generated_admin_password, _admin_password_secret) }}'
no_log: true
- name: Store admin password
set_fact:
admin_password: "{{ __admin_password_secret['resources'][0]['data']['password'] | b64decode }}"
no_log: true

7
roles/installer/tasks/broadcast_websocket_configuration.yml
View File

@@ -5,7 +5,6 @@
namespace: '{{ meta.namespace }}'
name: '{{ broadcast_websocket_secret }}'
register: _custom_broadcast_websocket
no_log: true
when: broadcast_websocket_secret | length
- name: Check for default broadcast websocket secret configuration
@@ -14,20 +13,17 @@
namespace: '{{ meta.namespace }}'
name: '{{ meta.name }}-broadcast-websocket'
register: _default_broadcast_websocket
no_log: true
- name: Set broadcast websocket secret
set_fact:
# yamllint disable-line rule:line-length
_broadcast_websocket_secret: '{{ _custom_broadcast_websocket["resources"] | default([]) | length | ternary(_custom_broadcast_websocket, _default_broadcast_websocket) }}' # noqa 204
no_log: true
- block:
- name: Create broadcast websocket secret
k8s:
apply: true
definition: "{{ lookup('template', 'broadcast_websocket_secret.yaml.j2') }}"
no_log: true
- name: Read broadcast websocket secret
k8s_info:
@@ -35,7 +31,6 @@
namespace: '{{ meta.namespace }}'
name: '{{ meta.name }}-broadcast-websocket'
register: _generated_broadcast_websocket
no_log: true
when: not _broadcast_websocket_secret['resources'] | default([]) | length
@@ -43,9 +38,7 @@
set_fact:
# yamllint disable-line rule:line-length
__broadcast_websocket_secret: '{{ _generated_broadcast_websocket["resources"] | default([]) | length | ternary(_generated_broadcast_websocket, _broadcast_websocket_secret) }}' # noqa 204
no_log: true
- name: Store broadcast websocket secret name
set_fact:
broadcast_websocket_secret_value: "{{ __broadcast_websocket_secret['resources'][0]['data']['secret'] | b64decode }}"
no_log: true

1
roles/installer/tasks/cleanup.yml
View File

@@ -23,6 +23,5 @@
- '{{ _secret_key }}'
- '{{ _postgres_configuration }}'
- '{{ _broadcast_websocket_secret }}'
no_log: true
when: not garbage_collect_secrets | bool

10
roles/installer/tasks/database_configuration.yml
View File

@@ -6,7 +6,6 @@
name: '{{ postgres_configuration_secret }}'
register: _custom_pg_config_resources
when: postgres_configuration_secret | length
no_log: true
- name: Check for default PostgreSQL configuration
k8s_info:
@@ -14,7 +13,6 @@
namespace: '{{ meta.namespace }}'
name: '{{ meta.name }}-postgres-configuration'
register: _default_pg_config_resources
no_log: true
- name: Check for specified old PostgreSQL configuration secret
k8s_info:
@@ -23,7 +21,6 @@
name: '{{ old_postgres_configuration_secret }}'
register: _custom_old_pg_config_resources
when: old_postgres_configuration_secret | length
no_log: true
- name: Check for default old PostgreSQL configuration
k8s_info:
@@ -31,7 +28,6 @@
namespace: '{{ meta.namespace }}'
name: '{{ meta.name }}-old-postgres-configuration'
register: _default_old_pg_config_resources
no_log: true
- name: Set old PostgreSQL configuration
set_fact:
@@ -45,19 +41,16 @@
when:
- old_pg_config['resources'] is defined
- old_pg_config['resources'] | length
no_log: true
- name: Set PostgreSQL configuration
set_fact:
_pg_config: '{{ _custom_pg_config_resources["resources"] | default([]) | length | ternary(_custom_pg_config_resources, _default_pg_config_resources) }}'
no_log: true
- block:
- name: Create Database configuration
k8s:
apply: true
definition: "{{ lookup('template', 'postgres_secret.yaml.j2') }}"
no_log: true
- name: Read Database Configuration
k8s_info:
@@ -65,13 +58,11 @@
namespace: '{{ meta.namespace }}'
name: '{{ meta.name }}-postgres-configuration'
register: _generated_pg_config_resources
no_log: true
when: not _pg_config['resources'] | default([]) | length
- name: Set PostgreSQL Configuration
set_fact:
pg_config: '{{ _generated_pg_config_resources["resources"] | default([]) | length | ternary(_generated_pg_config_resources, _pg_config) }}'
no_log: true
- name: Set actual postgres configuration secret used
set_fact:
@@ -121,7 +112,6 @@
awx_postgres_port: "{{ pg_config['resources'][0]['data']['port'] | b64decode }}"
awx_postgres_host: "{{ pg_config['resources'][0]['data']['host'] | b64decode }}"
awx_postgres_sslmode: "{{ pg_config['resources'][0]['data']['sslmode'] | default('prefer'|b64encode) | b64decode }}"
no_log: true
- name: Look up details for this deployment
k8s_info:

18
roles/installer/tasks/initialize_django.yml
View File

@@ -22,7 +22,6 @@
bash -c "awx-manage update_password --username '{{ admin_user }}' --password '{{ admin_password }}'"
register: update_pw_result
changed_when: users_result.stdout == 'Password not updated'
no_log: true
when: users_result.return_code == 0
- name: Create super user via Django if it doesn't exist.
@@ -34,7 +33,6 @@
bash -c "echo \"from django.contrib.auth.models import User;
User.objects.create_superuser('{{ admin_user }}', '{{ admin_email }}', '{{ admin_password }}')\"
| awx-manage shell"
no_log: true
when: users_result.return_code > 0
- name: Create preload data if necessary. # noqa 305
@@ -75,13 +73,18 @@
register: _custom_execution_environments_pull_credentials
when: ee_pull_credentials_secret | length
- name: Set execution environment pull credential secret
- name: Check for default execution environment pull credentials
k8s_info:
kind: Secret
namespace: '{{ meta.namespace }}'
name: '{{ meta.name }}-ee-pull-credentials'
register: _default_execution_environments_pull_credentials
- name: Set admin password secret
set_fact:
_execution_environments_pull_credentials: >-
{{ _custom_execution_environments_pull_credentials["resources"] | default([]) | length
| ternary(_custom_execution_environments_pull_credentials, []) }}
no_log: true
| ternary(_custom_execution_environments_pull_credentials, _default_execution_environments_pull_credentials) }}
- name: Register default execution environments (without authentication)
k8s_exec:
namespace: "{{ meta.namespace }}"
@@ -101,8 +104,6 @@
default_execution_environment_pull_credentials_url: "{{ _execution_environments_pull_credentials['resources'][0]['data']['url'] | b64decode }}"
default_execution_environment_pull_credentials_url_verify: >-
{{ _execution_environments_pull_credentials['resources'][0]['data']['ssl_verify'] | default("True"|b64encode) | b64decode }}
no_log: true
- name: Register default execution environments (with authentication)
k8s_exec:
namespace: "{{ meta.namespace }}"
@@ -116,5 +117,4 @@
--verify-ssl='{{ default_execution_environment_pull_credentials_url_verify }}'"
register: ree
changed_when: "'changed: True' in ree.stdout"
no_log: true
when: _execution_environments_pull_credentials['resources'] | default([]) | length

2
roles/installer/tasks/load_bundle_cacert_secret.yml
View File

@@ -5,10 +5,8 @@
namespace: '{{ meta.namespace }}'
name: '{{ bundle_cacert_secret }}'
register: bundle_cacert
no_log: true
- name: Load bundle Certificate Authority Secret content
set_fact:
bundle_ca_crt: '{{ bundle_cacert["resources"][0]["data"]["bundle-ca.crt"] | b64decode }}'
no_log: true
when: '"bundle-ca.crt" in bundle_cacert["resources"][0]["data"]'

2
roles/installer/tasks/load_ldap_cacert_secret.yml
View File

@@ -5,10 +5,8 @@
namespace: '{{ meta.namespace }}'
name: '{{ ldap_cacert_secret }}'
register: ldap_cacert
no_log: true
- name: Load LDAP CA Certificate Secret content
set_fact:
ldap_cacert_ca_crt: '{{ ldap_cacert["resources"][0]["data"]["ldap-ca.crt"] | b64decode }}'
no_log: true
when: '"ldap-ca.crt" in ldap_cacert["resources"][0]["data"]'

3
roles/installer/tasks/load_route_tls_secret.yml
View File

@@ -5,16 +5,13 @@
namespace: '{{ meta.namespace }}'
name: '{{ route_tls_secret }}'
register: route_tls
no_log: true
- name: Load Route TLS Secret content
set_fact:
route_tls_key: '{{ route_tls["resources"][0]["data"]["tls.key"] | b64decode }}'
route_tls_crt: '{{ route_tls["resources"][0]["data"]["tls.crt"] | b64decode }}'
no_log: true
- name: Load Route TLS Secret content
set_fact:
route_ca_crt: '{{ route_tls["resources"][0]["data"]["ca.crt"] | b64decode }}'
no_log: true
when: '"ca.crt" in route_tls["resources"][0]["data"]'

4
roles/installer/tasks/migrate_data.yml
View File

@@ -11,7 +11,6 @@
awx_old_postgres_database: "{{ old_pg_config['resources'][0]['data']['database'] | b64decode }}"
awx_old_postgres_port: "{{ old_pg_config['resources'][0]['data']['port'] | b64decode }}"
awx_old_postgres_host: "{{ old_pg_config['resources'][0]['data']['host'] | b64decode }}"
no_log: true
- name: Default label selector to custom resource generated postgres
set_fact:
@@ -48,7 +47,6 @@
-d {{ awx_old_postgres_database }}
-p {{ awx_old_postgres_port }}
-F custom
no_log: true
- name: Set pg_restore command
set_fact:
@@ -56,7 +54,6 @@
pg_restore --clean --if-exists
-U {{ database_username }}
-d {{ database_name }}
no_log: true
- name: Stream backup from pg_dump to the new postgresql container
k8s_exec:
@@ -68,7 +65,6 @@
PGPASSWORD={{ awx_old_postgres_pass }} {{ pgdump }} | PGPASSWORD={{ awx_postgres_pass }} {{ pg_restore }}
echo 'Successful'
"""
no_log: true
register: data_migration
failed_when: "'Successful' not in data_migration.stdout"

1
roles/installer/tasks/resources_configuration.yml
View File

@@ -30,7 +30,6 @@
- 'persistent'
- 'service'
- 'ingress'
no_log: true
- name: Apply deployment resources
k8s:

7
roles/installer/tasks/secret_key_configuration.yml
View File

@@ -5,7 +5,6 @@
namespace: '{{ meta.namespace }}'
name: '{{ secret_key_secret }}'
register: _custom_secret_key
no_log: true
when: secret_key_secret | length
- name: Check for default secret key configuration
@@ -14,19 +13,16 @@
namespace: '{{ meta.namespace }}'
name: '{{ meta.name }}-secret-key'
register: _default_secret_key
no_log: true
- name: Set secret key secret
set_fact:
_secret_key_secret: '{{ _custom_secret_key["resources"] | default([]) | length | ternary(_custom_secret_key, _default_secret_key) }}'
no_log: true
- block:
- name: Create secret key secret
k8s:
apply: true
definition: "{{ lookup('template', 'secret_key.yaml.j2') }}"
no_log: true
- name: Read secret key secret
k8s_info:
@@ -34,16 +30,13 @@
namespace: '{{ meta.namespace }}'
name: '{{ meta.name }}-secret-key'
register: _generated_secret_key
no_log: true
when: not _secret_key_secret['resources'] | default([]) | length
- name: Set secret key secret
set_fact:
__secret_key_secret: '{{ _generated_secret_key["resources"] | default([]) | length | ternary(_generated_secret_key, _secret_key_secret) }}'
no_log: true
- name: Store secret key secret name
set_fact:
secret_key_secret_name: "{{ __secret_key_secret['resources'][0]['metadata']['name'] }}"
no_log: true

1
roles/installer/tasks/update_status.yml
View File

@@ -75,7 +75,6 @@
- block:
- name: Retrieve route URL
k8s_info:
api_version: 'route.openshift.io/v1'
kind: Route
namespace: '{{ meta.namespace }}'
name: '{{ meta.name }}'

4
roles/installer/templates/config.yaml.j2
View File

@@ -90,7 +90,11 @@ data:
BROADCAST_WEBSOCKET_PROTOCOL = 'http'
{% for item in extra_settings | default([]) %}
{% if item.value is string %}
{{ item.setting }} = '{{ item.value }}'
{% else %}
{{ item.setting }} = {{ item.value }}
{% endif %}
{% endfor %}
nginx_conf: |

24
roles/installer/templates/deployment.yaml.j2
View File

@@ -33,7 +33,7 @@ spec:
imagePullSecrets:
- name: {{ image_pull_secret }}
{% endif %}
{% if bundle_ca_crt or projects_persistence|bool or init_container_extra_commands %}
{% if bundle_ca_crt %}
initContainers:
- name: init
image: '{{ init_container_image }}:{{ init_container_image_version }}'
@@ -42,33 +42,15 @@ spec:
- /bin/sh
- -c
- |
{% if bundle_ca_crt %}
mkdir -p /etc/pki/ca-trust/extracted/{java,pem,openssl,edk2}
update-ca-trust
{% endif %}
{% if projects_persistence|bool %}
chmod 775 /var/lib/awx/projects
chgrp 1000 /var/lib/awx/projects
{% endif %}
{% if init_container_extra_commands %}
{{ init_container_extra_commands | indent(width=14) }}
{% endif %}
volumeMounts:
{% if bundle_ca_crt %}
- name: "ca-trust-extracted"
mountPath: "/etc/pki/ca-trust/extracted"
- name: "{{ meta.name }}-bundle-cacert"
mountPath: /etc/pki/ca-trust/source/anchors/bundle-ca.crt
subPath: bundle-ca.crt
readOnly: true
{% endif %}
{% if projects_persistence|bool %}
- name: "{{ meta.name }}-projects"
mountPath: "/var/lib/awx/projects"
{% endif %}
{% if init_container_extra_volume_mounts -%}
{{ init_container_extra_volume_mounts | indent(width=12, indentfirst=True) }}
{% endif %}
{% endif %}
containers:
- image: '{{ redis_image }}:{{ redis_image_version }}'
@@ -300,10 +282,6 @@ spec:
{% if tolerations %}
tolerations:
{{ tolerations | indent(width=8) }}
{% endif %}
{% if projects_persistence|bool %}
securityContext:
fsGroup: 1000
{% endif %}
volumes:
{% if bundle_ca_crt %}

2
roles/installer/templates/ingress.yaml.j2
View File

@@ -20,7 +20,7 @@ spec:
- host: '{{ hostname }}'
http:
paths:
- path: '{{ ingress_path }}'
- path: /
backend:
serviceName: '{{ meta.name }}-service'
servicePort: 80

4
roles/installer/templates/postgres.yaml.j2
View File

@@ -33,10 +33,6 @@ spec:
app.kubernetes.io/part-of: '{{ meta.name }}'
app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
spec:
{% if image_pull_secret %}
imagePullSecrets:
- name: {{ image_pull_secret }}
{% endif %}
containers:
- image: '{{ postgres_image }}:{{ postgres_image_version }}'
imagePullPolicy: '{{ image_pull_policy }}'

2
roles/restore/defaults/main.yml
View File

@@ -6,7 +6,7 @@ api_version: '{{ deployment_type }}.ansible.com/v1beta1'
# Required: specify a pre-created PVC (name) to restore from
backup_pvc: ''
backup_pvc_namespace: '{{ meta.namespace }}'
backup_pvc_namespace: ''
# Required: backup name, found on the awxbackup object
backup_dir: ''

1
roles/restore/tasks/cleanup.yml
View File

@@ -22,7 +22,6 @@
- '{{ admin_password_secret }}'
- '{{ broadcast_websocket_secret }}'
- '{{ postgres_configuration_secret }}'
no_log: true
- name: Cleanup temp spec file
file:

15
roles/restore/tasks/deploy_awx.yml
View File

@@ -1,5 +1,9 @@
---
- name: Save kind
set_fact:
_kind: "{{ kind }}"
- name: Get AWX object definition from pvc
k8s_exec:
namespace: "{{ backup_pvc_namespace }}"
@@ -21,13 +25,22 @@
- name: Include spec vars to save them as a dict
include_vars: "{{ tmp_spec.path }}"
register: spec
- name: Use include_vars to read in spec as a dict (because spec doesn't have quotes)
set_fact:
awx_spec: "{{ spec.ansible_facts }}"
- name: Restore kind
set_fact:
kind: "{{ _kind }}"
- name: Deploy AWX
k8s:
state: "{{ state | default('present') }}"
namespace: "{{ meta.namespace }}"
apply: yes
definition: "{{ lookup('template', 'awx_object.yml.j2') }}"
template: awx_object.yml.j2
wait: true
wait_condition:
type: "Running"

9
roles/restore/tasks/postgres.yml
View File

@@ -1,16 +1,11 @@
---
- name: Set Postgres Configuration Secret name
set_fact:
postgres_configuration_secret: "{{ spec['postgres_configuration_secret'] | default(postgres_configuration_secret) }}"
- name: Check for specified PostgreSQL configuration
k8s_info:
kind: Secret
namespace: '{{ meta.namespace }}'
name: '{{ postgres_configuration_secret }}'
register: pg_config
no_log: true
- name: Store Database Configuration
set_fact:
@@ -20,7 +15,6 @@
awx_postgres_port: "{{ pg_config['resources'][0]['data']['port'] | b64decode }}"
awx_postgres_host: "{{ pg_config['resources'][0]['data']['host'] | b64decode }}"
awx_postgres_type: "{{ pg_config['resources'][0]['data']['type'] | b64decode | default('unmanaged') }}"
no_log: true
- name: Default label selector to custom resource generated postgres
set_fact:
@@ -65,7 +59,6 @@
- name: Set full resolvable host name for postgres pod
set_fact:
resolvable_db_host: "{{ awx_postgres_host }}.{{ meta.namespace }}.svc.cluster.local"
no_log: true
when: awx_postgres_type == 'managed'
- name: Set pg_restore command
@@ -77,7 +70,6 @@
-U {{ awx_postgres_user }}
-d {{ awx_postgres_database }}
-p {{ awx_postgres_port }}
no_log: true
- name: Restore database dump to the new postgresql container
k8s_exec:
@@ -90,5 +82,4 @@
echo 'Successful'
"""
register: data_migration
no_log: true
failed_when: "'Successful' not in data_migration.stdout"

21
roles/restore/tasks/secrets.yml
View File

@@ -7,7 +7,6 @@
command: >-
bash -c "cat '{{ backup_dir }}/secrets.yml'"
register: _secrets
no_log: true
- name: Create Temporary secrets file
tempfile:
@@ -20,38 +19,31 @@
dest: "{{ tmp_secrets.path }}"
content: "{{ _secrets.stdout }}"
mode: 0640
no_log: true
- name: Include secret vars from backup
include_vars: "{{ tmp_secrets.path }}"
no_log: true
- name: If deployment is managed, set the database_host in the pg config secret
block:
- name: Set new database host
set_fact:
database_host: "{{ deployment_name }}-postgres"
no_log: true
- name: Set tmp postgres secret dict
set_fact:
_pg_secret: "{{ secrets['postgresConfigurationSecret'] }}"
no_log: true
- name: Change postgres host value
set_fact:
_pg_data: "{{ _pg_secret['data'] | combine({'host': database_host | b64encode }) }}"
no_log: true
- name: Create a postgres secret with the new host value
set_fact:
_pg_secret: "{{ _pg_secret | combine({'data': _pg_data}) }}"
no_log: true
- name: Create a new dict of secrets with the new postgres secret
set_fact:
secrets: "{{ secrets | combine({'postgresConfigurationSecret': _pg_secret}) }}"
no_log: true
when: secrets['postgresConfigurationSecret']['data']['type'] | b64decode == 'managed'
- name: Apply secret
@@ -61,16 +53,3 @@
apply: yes
wait: yes
template: "secrets.yml.j2"
no_log: true
- name: Remove ownerReference on restored secrets
k8s:
definition:
apiVersion: v1
kind: Secret
metadata:
name: "{{ item.value.name }}"
namespace: '{{ meta.namespace }}'
ownerReferences: null
loop: "{{ secrets | dict2items }}"
no_log: true

3
roles/restore/templates/awx_object.yml.j2
View File

@@ -4,5 +4,4 @@ kind: AWX
metadata:
name: '{{ deployment_name }}'
namespace: '{{ meta.namespace }}'
spec:
{{ spec | to_yaml | indent(2) }}
spec: {{ awx_spec }}

8
roles/restore/templates/secrets.yml.j2
View File

@@ -11,11 +11,9 @@ metadata:
app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
app.kubernetes.io/component: '{{ deployment_type }}'
app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
type: '{{ secrets[secret]['type'] }}'
stringData:
{% for key, value in secrets[secret]['data'].items() %}
{{ key }}: |-
{{ value | b64decode | indent(4) }}
{% endfor %}
{% for key, value in secrets[secret]['data'].items() %}
'{{ key }}': '{{ value | b64decode }}'
{% endfor %}
{% endfor %}

BIN
vendor/galaxy.ansible.com/kubernetes/core/kubernetes-core-1.1.1.tar.gz generated vendored
View File

Binary file not shown.

BIN
vendor/galaxy.ansible.com/kubernetes/core/kubernetes-core-1.2.1.tar.gz generated vendored Normal file
View File

Binary file not shown.