Added capability to set the rsyslog container resources (#1410)

* Update awx.ansible.com_awxs.yaml with rsyslog resource containers
* Update awx-operator.clusterserviceversion.yaml with x-descriptors
* Add default values in main.yml
* Template resource_requirements in web.yaml.j2 and task.yaml.j2

Dockerfile

@@ -1,4 +1,4 @@
-FROM quay.io/operator-framework/ansible-operator:v1.26.0
+FROM quay.io/operator-framework/ansible-operator:v1.28.1
 
 USER 0
 

README.md

@@ -676,6 +676,25 @@ $ oc adm policy add-scc-to-user privileged -z awx
 
 Again, this is the most relaxed SCC that is provided by OpenShift, so be sure to familiarize yourself with the security concerns that accompany this action.
 
+#### Containers HostAliases Requirements
+
+Sometimes you might need to use [HostAliases](https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/) in web/task containers.
+
+| Name         | Description           | Default |
+| ------------ | --------------------- | ------- |
+| host_aliases | A list of HostAliases | None    |
+
+Example of customization could be:
+
+```yaml
+---
+spec:
+  ...
+  host_aliases:
+    - ip: <name-of-your-ip>
+      hostnames:
+        - <name-of-your-domain>
+```
 
 #### Containers Resource Requirements
 
@@ -1064,6 +1083,33 @@ Using the [extra_volumes feature](#custom-volume-and-volume-mount-options), it i
 
 The AWX nginx config automatically includes /etc/nginx/conf.d/*.conf if present.
 
+##### Custom Favicon
+
+You can use custom volume mounts to mount in your own favicon to be displayed in your AWX browser tab.
+
+First, Create the configmap from a local favicon.ico file.
+
+```bash
+$ oc create configmap favicon-configmap --from-file favicon.ico
+```
+
+Then specify the extra_volume and web_extra_volume_mounts on your AWX CR spec
+
+```yaml
+spec:
+  extra_volumes: |
+    - name: favicon
+      configMap:
+        defaultMode: 420
+        items:
+          - key: favicon.ico
+            path: favicon.ico
+        name: favicon-configmap
+  web_extra_volume_mounts: |
+    - name: favicon
+      mountPath: /var/lib/awx/public/static/media/favicon.ico
+      subPath: favicon.ico
+```
 
 #### Default execution environments from private registries
 

ansible/helm-release.yml

@@ -99,7 +99,7 @@
           loop:
             - git add index.yaml
             - git commit -m "{{ commit_message }}"
-            #- git push
+            - git push
           args:
             chdir: "{{ temp_dir.path }}/"
           environment:

config/crd/bases/awx.ansible.com_awxs.yaml

@@ -1345,6 +1345,18 @@ spec:
               image_pull_secret:  # deprecated
                 description: (Deprecated) Image pull secret for app and database containers
                 type: string
+              host_aliases:
+                description: HostAliases for app containers
+                type: array
+                items:
+                  type: object
+                  properties:
+                    ip:
+                      type: string
+                    hostnames:
+                      type: array
+                      items:
+                        type: string
               task_resource_requirements:
                 description: Resource requirements for the task container
                 properties:
@@ -1455,6 +1467,28 @@ spec:
                         type: string
                     type: object
                 type: object
+              rsyslog_resource_requirements:
+                description: Resource requirements for the rsyslog container
+                properties:
+                  requests:
+                    properties:
+                      cpu:
+                        type: string
+                      memory:
+                        type: string
+                      storage:
+                        type: string
+                    type: object
+                  limits:
+                    properties:
+                      cpu:
+                        type: string
+                      memory:
+                        type: string
+                      storage:
+                        type: string
+                    type: object
+                type: object
               service_account_annotations:
                 description: ServiceAccount annotations
                 type: string
@@ -1596,6 +1630,25 @@ spec:
                 type: array
                 items:
                   type: string
+              postgres_keepalives:
+                description: Controls whether client-side TCP keepalives are used for Postgres connections.
+                default: true
+                type: boolean
+              postgres_keepalives_count:
+                description: Controls the number of TCP keepalives that can be lost before the client's connection to the server is considered dead.
+                type: integer
+                default: 5
+                format: int32
+              postgres_keepalives_idle:
+                description: Controls the number of seconds of inactivity after which TCP should send a keepalive message to the server.
+                type: integer
+                default: 5
+                format: int32
+              postgres_keepalives_interval:
+                description: Controls the number of seconds after which a TCP keepalive message that is not acknowledged by the server should be retransmitted.
+                type: integer
+                default: 5
+                format: int32
               ca_trust_bundle:
                 description: Path where the trusted CA bundle is available
                 type: string

config/manifests/bases/awx-operator.clusterserviceversion.yaml

@@ -323,6 +323,11 @@ spec:
         path: image_pull_secret
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:hidden
+      - displayName: HostAliases for app containers
+        path: host_aliases
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:text
       - displayName: Web Container Resource Requirements
         path: web_resource_requirements
         x-descriptors:
@@ -350,6 +355,11 @@ spec:
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:advanced
         - urn:alm:descriptor:com.tectonic.ui:resourceRequirements
+      - displayName: Rsyslog Container Resource Requirements
+        path: rsyslog_resource_requirements
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:resourceRequirements
       - description: The PostgreSQL container is not used when an external DB is configured
         displayName: PostgreSQL Container Resource Requirements
         path: postgres_resource_requirements
@@ -483,6 +493,26 @@ spec:
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:advanced
         - urn:alm:descriptor:com.tectonic.ui:hidden
+      - displayName: Enable Postgres Keepalives
+        path: postgres_keepalives
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+      - displayName: Postgres Keepalives Count
+        path: postgres_keepalives_count
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+      - displayName: Postgres Keepalives Idle
+        path: postgres_keepalives_idle
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+      - displayName: Postgres Keepalives Interval
+        path: postgres_keepalives_interval
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
       - displayName: Certificate Authorirty Trust Bundle
         path: ca_trust_bundle
         x-descriptors:

roles/installer/defaults/main.yml

@@ -303,10 +303,6 @@ ee_resource_requirements:
     memory: 64Mi
 
 # TODO: validate default resource requirements
-rsyslog_resource_requirements:
-  requests:
-    cpu: 100m
-    memory: 128Mi
 
 # Customize CSRF options
 csrf_cookie_secure: False
@@ -319,6 +315,12 @@ redis_resource_requirements:
   requests:
     cpu: 50m
     memory: 64Mi
+
+rsyslog_resource_requirements:
+  requests:
+    cpu: 100m
+    memory: 128Mi
+
 # Add extra environment variables to the AWX task/web containers. Specify as
 # literal block. E.g.:
 # task_extra_env: |
@@ -384,6 +386,12 @@ projects_existing_claim: ''
 # Define postgres configuration arguments to use
 postgres_extra_args: ''
 
+# Configure postgres connection keepalive
+postgres_keepalives: true
+postgres_keepalives_idle: 5
+postgres_keepalives_interval: 5
+postgres_keepalives_count: 5
+
 # Define the storage_class, size and access_mode
 # when not using an existing claim
 projects_storage_size: 8Gi
@@ -425,3 +433,10 @@ set_self_labels: true
 
 # Disable web container's nginx ipv6 listener
 ipv6_disabled: false
+
+# Set hostAliases on deployments
+#       hostAliases:
+#       - ip: 10.10.0.10
+#         hostnames:
+#         - hostname
+host_aliases: ''

roles/installer/templates/deployments/task.yaml.j2

@@ -59,6 +59,16 @@ spec:
         - name: {{ secret }}
 {% endfor %}
 {% endif %}
+{% if host_aliases is defined and host_aliases | length > 0 %}
+      hostAliases:
+{% for item in host_aliases %}
+      - ip: {{ item.ip }}
+        hostnames:
+{% for hostname in item.hostnames %}
+        - {{ hostname }}
+{% endfor %}
+{% endfor %}
+{% endif %}
 {% if control_plane_priority_class is defined %}
       priorityClassName: '{{ control_plane_priority_class }}'
 {% endif %}
@@ -333,6 +343,7 @@ spec:
 {% if ee_extra_env -%}
             {{ ee_extra_env | indent(width=12, first=True) }}
 {% endif %}
+          resources: {{ rsyslog_resource_requirements }}
         - image: '{{ _image }}'
           name: '{{ ansible_operator_meta.name }}-rsyslog'
 {% if rsyslog_command %}

roles/installer/templates/deployments/web.yaml.j2

@@ -60,6 +60,16 @@ spec:
         - name: {{ secret }}
 {% endfor %}
 {% endif %}
+{% if host_aliases is defined and host_aliases | length > 0 %}
+      hostAliases:
+{% for item in host_aliases %}
+      - ip: {{ item.ip }}
+        hostnames:
+{% for hostname in item.hostnames %}
+        - {{ hostname }}
+{% endfor %}
+{% endfor %}
+{% endif %}
 {% if control_plane_priority_class is defined %}
       priorityClassName: '{{ control_plane_priority_class }}'
 {% endif %}
@@ -267,6 +277,7 @@ spec:
               mountPath: "/var/run/redis"
             - name: rsyslog-socket
               mountPath: "/var/run/awx-rsyslog"
+          resources: {{ rsyslog_resource_requirements }}   
 {% if bundle_ca_crt  %}
             - name: "ca-trust-extracted"
               mountPath: "/etc/pki/ca-trust/extracted"

roles/installer/templates/settings/credentials.py.j2

@@ -10,6 +10,14 @@ DATABASES = {
         'OPTIONS': { 'sslmode': '{{ awx_postgres_sslmode }}',
 {% if awx_postgres_sslmode in ['verify-ca', 'verify-full'] %}
                      'sslrootcert': '{{ ca_trust_bundle }}',
+{% endif %}
+{% if postgres_keepalives %}
+                     'keepalives': 1,
+                     'keepalives_idle': {{ postgres_keepalives_idle }},
+                     'keepalives_interval': {{ postgres_keepalives_interval }},
+                     'keepalives_count': {{ postgres_keepalives_count }},
+{% else %}
+                     'keepalives': 0,
 {% endif %}
         },
     }