Add receptor_log_level (#1444)

Fixes #1474

.github/workflows/ci.yaml

@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     name: molecule
     env:
-      DOCKER_API_VERSION: "1.38"
+      DOCKER_API_VERSION: "1.41"
     steps:
       - uses: actions/checkout@v2
 

.github/workflows/publish-helm.yml

@@ -0,0 +1,26 @@
+---
+name: Re-publish helm chart
+on:
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: 'Release tag'
+        required: true
+        type: string
+jobs:
+  promote:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          depth: 0
+
+      - name: Release Helm chart
+        run: |
+          ansible-playbook ansible/helm-release.yml -v \
+            -e operator_image=quay.io/${{ github.repository }} \
+            -e chart_owner=${{ github.repository_owner }} \
+            -e tag=${{ inputs.tag }} \
+            -e gh_token=${{ secrets.GITHUB_TOKEN }} \
+            -e gh_user=${{ github.actor }} \
+            -e repo_type=https

.gitignore

@@ -9,3 +9,4 @@ gh-pages/
 /.cr-release-packages
 .vscode/
 __pycache__
+/site

README.md

@@ -716,23 +716,29 @@ spec:
     requests:
       cpu: 250m
       memory: 2Gi
+      ephemeral-storage: 100M
     limits:
       cpu: 1000m
       memory: 4Gi
+      ephemeral-storage: 500M
   task_resource_requirements:
     requests:
       cpu: 250m
       memory: 1Gi
+      ephemeral-storage: 100M
     limits:
       cpu: 2000m
       memory: 2Gi
+      ephemeral-storage: 500M
   ee_resource_requirements:
     requests:
       cpu: 250m
       memory: 100Mi
+      ephemeral-storage: 100M
     limits:
       cpu: 500m
       memory: 2Gi
+      ephemeral-storage: 500M
 ```
 
 #### Priority Classes
@@ -998,6 +1004,7 @@ In a scenario where custom volumes and volume mounts are required to either over
 | extra_volumes                      | Specify extra volumes to add to the application pod      | ''      |
 | web_extra_volume_mounts            | Specify volume mounts to be added to Web container       | ''      |
 | task_extra_volume_mounts           | Specify volume mounts to be added to Task container      | ''      |
+| rsyslog_extra_volume_mounts        | Specify volume mounts to be added to Rsyslog container   | ''      |
 | ee_extra_volume_mounts             | Specify volume mounts to be added to Execution container | ''      |
 | init_container_extra_volume_mounts | Specify volume mounts to be added to Init container      | ''      |
 | init_container_extra_commands      | Specify additional commands for Init container           | ''      |
@@ -1159,11 +1166,12 @@ type: kubernetes.io/dockerconfigjson
 
 If you need to export custom environment variables to your containers.
 
-| Name           | Description                                         | Default |
+| Name              | Description                                            | Default |
-| -------------- | --------------------------------------------------- | ------- |
+| ----------------- | ------------------------------------------------------ | ------- |
-| task_extra_env | Environment variables to be added to Task container | ''      |
+| task_extra_env    | Environment variables to be added to Task container    | ''      |
-| web_extra_env  | Environment variables to be added to Web container  | ''      |
+| web_extra_env     | Environment variables to be added to Web container     | ''      |
-| ee_extra_env   | Environment variables to be added to EE container   | ''      |
+| rsyslog_extra_env | Environment variables to be added to Rsyslog container | ''      |
+| ee_extra_env      | Environment variables to be added to EE container      | ''      |
 
 > :warning: The `ee_extra_env` will only take effect to the globally available Execution Environments. For custom `ee`, please [customize the Pod spec](https://docs.ansible.com/ansible-tower/latest/html/administration/external_execution_envs.html#customize-the-pod-spec).
 
@@ -1177,6 +1185,9 @@ Example configuration of environment variables
     web_extra_env: |
       - name: MYCUSTOMVAR
         value: foo
+    rsyslog_extra_env: |
+      - name: MYCUSTOMVAR
+        value: foo
     ee_extra_env: |
       - name: MYCUSTOMVAR
         value: foo
@@ -1220,6 +1231,8 @@ With`extra_settings`, you can pass multiple custom settings via the `awx-operato
 | -------------- | -------------- | ------- |
 | extra_settings | Extra settings | ''      |
 
+**Note:** Parameters configured in `extra_settings` are set as read-only settings in AWX.  As a result, they cannot be changed in the UI after deployment. If you need to change the setting after the initial deployment, you need to change it on the AWX CR spec.  
+
 Example configuration of `extra_settings` parameter
 
 ```yaml

ansible/helm-release.yml

@@ -93,6 +93,13 @@
           args:
             chdir: "{{ playbook_dir }}/.."
 
+        - name: Set url base swap in gitconfig
+          command:
+            cmd: "git config --local url.https://{{ gh_user }}:{{ gh_token }}@github.com/.insteadOf https://github.com/"
+          args:
+            chdir: "{{ temp_dir.path }}/"
+          no_log: true
+
         - name: Stage and Push commit to gh-pages branch
           command:
             cmd: "{{ item }}"

config/crd/bases/awx.ansible.com_awxbackups.yaml

@@ -90,6 +90,20 @@ spec:
               postgres_image_version:
                 description: PostgreSQL container image version to use
                 type: string
+              image_pull_policy:
+                description: The image pull policy
+                type: string
+                default: IfNotPresent
+                enum:
+                - Always
+                - always
+                - Never
+                - never
+                - IfNotPresent
+                - ifnotpresent
+              db_management_pod_node_selector:
+                description: nodeSelector for the Postgres pods to backup
+                type: string
               no_log:
                 description: Configure no_log for no_log tasks
                 type: boolean

config/crd/bases/awx.ansible.com_awxrestores.yaml

@@ -94,6 +94,20 @@ spec:
               postgres_image_version:
                 description: PostgreSQL container image version to use
                 type: string
+              image_pull_policy:
+                description: The image pull policy
+                type: string
+                default: IfNotPresent
+                enum:
+                - Always
+                - always
+                - Never
+                - never
+                - IfNotPresent
+                - ifnotpresent
+              db_management_pod_node_selector:
+                description: nodeSelector for the Postgres pods to backup
+                type: string
               no_log:
                 description: Configure no_log for no_log tasks
                 type: boolean

config/crd/bases/awx.ansible.com_awxs.yaml

@@ -1368,6 +1368,8 @@ spec:
                         type: string
                       storage:
                         type: string
+                      ephemeral-storage:
+                        type: string
                     type: object
                   limits:
                     properties:
@@ -1377,6 +1379,8 @@ spec:
                         type: string
                       storage:
                         type: string
+                      ephemeral-storage:
+                        type: string
                     type: object
                 type: object
               web_resource_requirements:
@@ -1390,6 +1394,8 @@ spec:
                         type: string
                       storage:
                         type: string
+                      ephemeral-storage:
+                        type: string
                     type: object
                   limits:
                     properties:
@@ -1399,6 +1405,8 @@ spec:
                         type: string
                       storage:
                         type: string
+                      ephemeral-storage:
+                        type: string
                     type: object
                 type: object
               ee_resource_requirements:
@@ -1412,6 +1420,8 @@ spec:
                         type: string
                       storage:
                         type: string
+                      ephemeral-storage:
+                        type: string
                     type: object
                   limits:
                     properties:
@@ -1421,6 +1431,8 @@ spec:
                         type: string
                       storage:
                         type: string
+                      ephemeral-storage:
+                        type: string
                     type: object
                 type: object
               postgres_init_container_resource_requirements:
@@ -1456,6 +1468,8 @@ spec:
                         type: string
                       storage:
                         type: string
+                      ephemeral-storage:
+                        type: string
                     type: object
                   limits:
                     properties:
@@ -1465,6 +1479,8 @@ spec:
                         type: string
                       storage:
                         type: string
+                      ephemeral-storage:
+                        type: string
                     type: object
                 type: object
               rsyslog_resource_requirements:
@@ -1478,6 +1494,8 @@ spec:
                         type: string
                       storage:
                         type: string
+                      ephemeral-storage:
+                        type: string
                     type: object
                   limits:
                     properties:
@@ -1487,6 +1505,34 @@ spec:
                         type: string
                       storage:
                         type: string
+                      ephemeral-storage:
+                        type: string
+                    type: object
+                type: object
+              init_container_resource_requirements:
+                description: Resource requirements for the init container
+                properties:
+                  requests:
+                    properties:
+                      cpu:
+                        type: string
+                      memory:
+                        type: string
+                      storage:
+                        type: string
+                      ephemeral-storage:
+                        type: string
+                    type: object
+                  limits:
+                    properties:
+                      cpu:
+                        type: string
+                      memory:
+                        type: string
+                      storage:
+                        type: string
+                      ephemeral-storage:
+                        type: string
                     type: object
                 type: object
               service_account_annotations:
@@ -1529,10 +1575,20 @@ spec:
                 type: array
                 items:
                   type: string
+              rsyslog_args:
+                type: array
+                items:
+                  type: string
+              rsyslog_command:
+                type: array
+                items:
+                  type: string
               task_extra_env:
                 type: string
               web_extra_env:
                 type: string
+              rsyslog_extra_env:
+                type: string
               ee_extra_env:
                 type: string
               ee_extra_volume_mounts:
@@ -1544,6 +1600,9 @@ spec:
               web_extra_volume_mounts:
                 description: Specify volume mounts to be added to the Web container
                 type: string
+              rsyslog_extra_volume_mounts:
+                description: Specify volume mounts to be added to the Rsyslog container
+                type: string
               redis_image:
                 description: Registry path to the redis container to use
                 type: string
@@ -1694,6 +1753,9 @@ spec:
               session_cookie_secure:
                 description: Set session cookie secure mode for web
                 type: string
+              receptor_log_level:
+                description: Set log level of receptor service
+                type: string
               extra_settings:
                 description: Extra settings to specify for the API
                 items:

config/default/manager_auth_proxy_patch.yaml

@@ -15,7 +15,7 @@ spec:
           capabilities:
             drop:
             - "ALL"
-        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.0
+        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.14.1
         args:
         - "--secure-listen-address=0.0.0.0:8443"
         - "--upstream=http://127.0.0.1:8080/"

config/manifests/bases/awx-operator.clusterserviceversion.yaml

@@ -65,6 +65,11 @@ spec:
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:advanced
         - urn:alm:descriptor:com.tectonic.ui:hidden
+      - displayName: Image Pull Policy
+        path: image_pull_policy
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy
       - displayName: No Log Configuration
         path: no_log
         x-descriptors:
@@ -135,6 +140,11 @@ spec:
         path: postgres_image_version
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:hidden
+      - displayName: Image Pull Policy
+        path: image_pull_policy
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy
       - displayName: Restore Management Pod Resource Requirements
         path: restore_resource_requirements
         x-descriptors:
@@ -371,6 +381,11 @@ spec:
         path: postgres_storage_requirements
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:advanced
+      - description: Init Container resource requirements
+        path: init_container_resource_requirements
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:resourceRequirements
       - displayName: Replicas
         path: replicas
         x-descriptors:
@@ -643,6 +658,28 @@ spec:
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:advanced
         - urn:alm:descriptor:com.tectonic.ui:hidden
+      - displayName: Rsyslog Args
+        path: rsyslog_args
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+      - displayName: Rsyslog Command
+        path: rsyslog_command
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+      - description: Environment variables to be added to Rsyslog container
+        displayName: Rsyslog Extra Env
+        path: rsyslog_extra_env
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+      - description: Specify volume mounts to be added to Rsyslog container
+        displayName: Rsyslog Extra Volume Mounts
+        path: rsyslog_extra_volume_mounts
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
       - description: Specify extra volumes to add to the application pod
         displayName: Extra Volumes
         path: extra_volumes
@@ -755,6 +792,11 @@ spec:
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:advanced
         - urn:alm:descriptor:com.tectonic.ui:hidden
+      - displayName: Receptor Log Level
+        path: receptor_log_level
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
       - displayName: API Extra Settings
         path: extra_settings
         x-descriptors:

docs/index.md

@@ -0,0 +1 @@
+# Welcome to the documentation of ansible awx-operator

docs/requirements.txt

@@ -0,0 +1,12 @@
+cairosvg==2.7.0
+markdown-exec>=1.6.0
+mkdocs-ansible[lock]>=0.1.6
+mkdocs-gen-files>=0.4.0
+mkdocs-material-extensions>=1.1.1
+mkdocs-material>=9.1.15
+mkdocs==1.4.3
+mkdocstrings-python>=1.1.0
+mkdocstrings>=0.22.0
+pillow==9.5.0
+pipdeptree==2.7.1
+pymdown-extensions==10.0.1

mkdocs.yml

@@ -0,0 +1,82 @@
+---
+site_name: awx-operator
+site_url: https://awx-operator.readthedocs.io/
+repo_url: https://github.com/ansible/awx-operator
+edit_uri: blob/devel/docs/
+docs_dir: docs
+strict: true
+use_directory_urls: false
+
+theme:
+  name: "material"
+  features:
+    - content.code.copy
+    - content.action.edit
+    - navigation.expand
+    - navigation.sections
+    - navigation.instant
+    - navigation.indexes
+    - navigation.tracking
+    - toc.integrate
+  palette:
+    - media: "(prefers-color-scheme: light)"
+      primary: teal
+      accent: blue
+      scheme: default
+      toggle:
+        icon: material/brightness-7
+        name: Switch to dark mode
+    - media: "(prefers-color-scheme: dark)"
+      scheme: slate
+      primary: teal
+      accent: blue
+      toggle:
+        icon: material/brightness-4
+        name: Switch to light mode
+
+nav:
+  - home: index.md
+  - debugging.md
+  - migration.md
+
+plugins:
+  - autorefs
+  - markdown-exec
+  - search
+  - mkdocstrings:
+      handlers:
+        python:
+          paths: [src]
+          options:
+            # Sphinx is for historical reasons, but we could consider switching if needed
+            # https://mkdocstrings.github.io/griffe/docstrings/
+            docstring_style: sphinx
+            merge_init_into_class: yes
+            show_submodules: yes
+          import:
+            - url: https://docs.ansible.com/ansible/latest/objects.inv
+              domains: [py, std]
+
+markdown_extensions:
+  - admonition
+  - def_list
+  - footnotes
+  - pymdownx.highlight:
+      anchor_linenums: true
+  - pymdownx.inlinehilite
+  - pymdownx.snippets:
+      check_paths: true
+  - pymdownx.superfences
+  - pymdownx.magiclink:
+      repo_url_shortener: true
+      repo_url_shorthand: true
+      social_url_shorthand: true
+      social_url_shortener: true
+      user: facelessuser
+      repo: pymdown-extensions
+      normalize_issue_symbols: true
+  - pymdownx.tabbed:
+      alternate_style: true
+  - toc:
+      toc_depth: 2
+      permalink: true

roles/backup/README.md

@@ -82,6 +82,12 @@ It is also possible to tie the lifetime of the backup files to that of the AWXBa
 clean_backup_on_delete: true
 ```
 
+Variable to define Pull policy.You can pass other options like `Always`, `always`, `Never`, `never`, `IfNotPresent`, `ifnotpresent`.
+
+```
+image_pull_policy: 'IfNotPresent'
+```
+
 Variable to define resources limits and request for backup CR.
 ```
 backup_resource_requirements:

roles/backup/defaults/main.yml

@@ -17,6 +17,14 @@ no_log: true
 # Variable to set when you want backups to be cleaned up when the CRD object is deleted
 clean_backup_on_delete: false
 
+
+# Add a nodeSelector for the Postgres pods to backup.
+# Specify as literal block. E.g.:
+# db_management_pod_node_selector: |
+#   kubernetes.io/arch: amd64
+#   kubernetes.io/os: linux
+db_management_pod_node_selector: ''
+
 # Variable to signal that this role is being run as a finalizer
 finalizer_run: false
 

roles/backup/templates/management-pod.yml.j2

@@ -10,7 +10,7 @@ spec:
   containers:
   - name: {{ ansible_operator_meta.name }}-db-management
     image: "{{ _postgres_image }}"
-    imagePullPolicy: Always
+    imagePullPolicy: "{{ image_pull_policy }}"
     command: ["sleep", "infinity"]
     volumeMounts:
     - name: {{ ansible_operator_meta.name }}-backup
@@ -20,6 +20,10 @@ spec:
     resources:
       {{ backup_resource_requirements | to_nice_yaml(indent=2) | indent(width=6, first=False) }}
 {%- endif %}
+{% if db_management_pod_node_selector %}
+  nodeSelector:
+        {{ db_management_pod_node_selector | indent(width=8) }}
+{% endif %}
   volumes:
     - name: {{ ansible_operator_meta.name }}-backup
       persistentVolumeClaim:

roles/backup/vars/main.yml

@@ -5,3 +5,4 @@ _postgres_image_version: 13
 backup_complete: false
 database_type: "unmanaged"
 supported_pg_version: 13
+image_pull_policy: IfNotPresent

roles/installer/defaults/main.yml

@@ -321,6 +321,11 @@ rsyslog_resource_requirements:
     cpu: 100m
     memory: 128Mi
 
+init_container_resource_requirements:
+  requests:
+    cpu: 100m
+    memory: 128Mi
+
 # Add extra environment variables to the AWX task/web containers. Specify as
 # literal block. E.g.:
 # task_extra_env: |
@@ -330,6 +335,7 @@ rsyslog_resource_requirements:
 #     value: bing
 task_extra_env: ''
 web_extra_env: ''
+rsyslog_extra_env: ''
 ee_extra_env: ''
 
 # Mount extra volumes on the AWX task/web containers. Specify as literal block.
@@ -339,6 +345,7 @@ ee_extra_env: ''
 #     mountPath: /some/path
 task_extra_volume_mounts: ''
 web_extra_volume_mounts: ''
+rsyslog_extra_volume_mounts: ''
 ee_extra_volume_mounts: ''
 
 # Add a nodeSelector for the Postgres pods.
@@ -440,3 +447,5 @@ ipv6_disabled: false
 #         hostnames:
 #         - hostname
 host_aliases: ''
+
+receptor_log_level: info

roles/installer/templates/configmaps/config.yaml.j2

@@ -84,6 +84,9 @@ data:
     BROADCAST_WEBSOCKET_PROTOCOL = 'http'
 
 
+    RECEPTOR_LOG_LEVEL = '{{ receptor_log_level }}'
+
+
 {% for item in extra_settings | default([]) %}
     {{ item.setting }} = {{ item.value }}
 {% endfor %}
@@ -135,7 +138,7 @@ data:
             server_name _;
 
             # Redirect all HTTP links to the matching HTTPS page
-            return 301 https://$host$request_uri;
+            return 301 https://$host:8053$request_uri;
         }
         {% endif %}
 
@@ -236,7 +239,7 @@ data:
     bind 127.0.0.1
   receptor_conf: |
     ---
-    - log-level: info
+    - log-level: {{ receptor_log_level }}
     - local-only: null
     - node:
        firewallrules:
@@ -268,8 +271,8 @@ data:
         cert: /etc/receptor/tls/receptor.crt
         key: /etc/receptor/tls/receptor.key
         name: tlsclient
-        rootcas: /etc/receptor/tls/ca/receptor-ca.crt
+        rootcas: /etc/receptor/tls/ca/mesh-CA.crt
         mintls13: false
     - work-signing:
-        privatekey: /etc/receptor/signing/work-private-key.pem
+        privatekey: /etc/receptor/work_private_key.pem
         tokenexpiration: 1m

roles/installer/templates/deployments/task.yaml.j2

@@ -76,14 +76,14 @@ spec:
         - name: init
           image: '{{ _init_container_image }}'
           imagePullPolicy: '{{ image_pull_policy }}'
-          resources: {{ task_resource_requirements }}
+          resources: {{ init_container_resource_requirements }}
           command:
             - /bin/sh
             - -c
             - |
               hostname=$MY_POD_NAME
               receptor --cert-makereq bits=2048 commonname=$hostname dnsname=$hostname nodeid=$hostname outreq=/etc/receptor/tls/receptor.req outkey=/etc/receptor/tls/receptor.key
-              receptor --cert-signreq req=/etc/receptor/tls/receptor.req cacert=/etc/receptor/tls/ca/receptor-ca.crt cakey=/etc/receptor/tls/ca/receptor-ca.key outcert=/etc/receptor/tls/receptor.crt verify=yes
+              receptor --cert-signreq req=/etc/receptor/tls/receptor.req cacert=/etc/receptor/tls/ca/mesh-CA.crt cakey=/etc/receptor/tls/ca/mesh-CA.key outcert=/etc/receptor/tls/receptor.crt verify=yes
 {% if bundle_ca_crt  %}
               mkdir -p /etc/pki/ca-trust/extracted/{java,pem,openssl,edk2}
               update-ca-trust
@@ -98,11 +98,11 @@ spec:
                   fieldPath: metadata.name
           volumeMounts:
             - name: "{{ ansible_operator_meta.name }}-receptor-ca"
-              mountPath: "/etc/receptor/tls/ca/receptor-ca.crt"
+              mountPath: "/etc/receptor/tls/ca/mesh-CA.crt"
               subPath: "tls.crt"
               readOnly: true
             - name: "{{ ansible_operator_meta.name }}-receptor-ca"
-              mountPath: "/etc/receptor/tls/ca/receptor-ca.key"
+              mountPath: "/etc/receptor/tls/ca/mesh-CA.key"
               subPath: "tls.key"
               readOnly: true
             - name: "{{ ansible_operator_meta.name }}-receptor-tls"
@@ -122,7 +122,7 @@ spec:
         - name: init-projects
           image: '{{ _init_projects_container_image }}'
           imagePullPolicy: '{{ image_pull_policy }}'
-          resources: {{ task_resource_requirements }}
+          resources: {{ init_container_resource_requirements }}
           command:
             - /bin/sh
             - -c
@@ -224,7 +224,7 @@ spec:
             - name: "{{ ansible_operator_meta.name }}-receptor-config"
               mountPath: "/etc/receptor/"
             - name: "{{ ansible_operator_meta.name }}-receptor-work-signing"
-              mountPath: "/etc/receptor/signing/work-private-key.pem"
+              mountPath: "/etc/receptor/work_private_key.pem"
               subPath: "work-private-key.pem"
               readOnly: true
             - name: receptor-socket
@@ -305,11 +305,11 @@ spec:
             - name: "{{ ansible_operator_meta.name }}-receptor-config"
               mountPath: "/etc/receptor/"
             - name: "{{ ansible_operator_meta.name }}-receptor-ca"
-              mountPath: "/etc/receptor/tls/ca/receptor-ca.crt"
+              mountPath: "/etc/receptor/tls/ca/mesh-CA.crt"
               subPath: "tls.crt"
               readOnly: true
             - name: "{{ ansible_operator_meta.name }}-receptor-work-signing"
-              mountPath: "/etc/receptor/signing/work-private-key.pem"
+              mountPath: "/etc/receptor/work_private_key.pem"
               subPath: "work-private-key.pem"
               readOnly: true
             - name: "{{ ansible_operator_meta.name }}-receptor-tls"
@@ -343,7 +343,6 @@ spec:
 {% if ee_extra_env -%}
             {{ ee_extra_env | indent(width=12, first=True) }}
 {% endif %}
-          resources: {{ rsyslog_resource_requirements }}
         - image: '{{ _image }}'
           name: '{{ ansible_operator_meta.name }}-rsyslog'
 {% if rsyslog_command %}
@@ -353,6 +352,7 @@ spec:
           args: {{ rsyslog_args }}
 {% endif %}
           imagePullPolicy: '{{ image_pull_policy }}'
+          resources: {{ rsyslog_resource_requirements }}
           volumeMounts:
             - name: "{{ ansible_operator_meta.name }}-application-credentials"
               mountPath: "/etc/tower/conf.d/credentials.py"
@@ -381,6 +381,21 @@ spec:
 {% if development_mode | bool %}
             - name: awx-devel
               mountPath: "/awx_devel"
+{% endif %}
+{% if rsyslog_extra_volume_mounts -%}
+            {{ rsyslog_extra_volume_mounts | indent(width=12, first=True) }}
+{% endif %}
+{% if termination_grace_period_seconds is defined %}
+            - name: pre-stop-data
+              mountPath: /var/lib/pre-stop
+            - name: pre-stop-scripts
+              mountPath: /var/lib/pre-stop/scripts
+          lifecycle:
+            preStop:
+              exec:
+                command:
+                - bash
+                - /var/lib/pre-stop/scripts/termination-waiter
 {% endif %}
           env:
             - name: SUPERVISOR_CONFIG_PATH
@@ -389,6 +404,9 @@ spec:
             - name: AWX_KUBE_DEVEL
               value: "1"
 {% endif %}
+{% if rsyslog_extra_env -%}
+            {{ rsyslog_extra_env | indent(width=12, first=True) }}
+{% endif %}
 {% if task_node_selector %}
       nodeSelector:
         {{ task_node_selector | indent(width=8) }}

roles/installer/templates/deployments/web.yaml.j2

@@ -7,7 +7,7 @@ metadata:
   labels:
     app.kubernetes.io/name: '{{ ansible_operator_meta.name }}-web'
     {{ lookup("template", "../common/templates/labels/common.yaml.j2")  | indent(width=4) | trim }}
-    {{ lookup("template", "../common/templates/labels//version.yaml.j2") | indent(width=4) | trim }}
+    {{ lookup("template", "../common/templates/labels/version.yaml.j2") | indent(width=4) | trim }}
 spec:
 {% if web_replicas %}
   replicas: {{ web_replicas }}
@@ -24,11 +24,10 @@ spec:
       labels:
         app.kubernetes.io/name: '{{ ansible_operator_meta.name }}-web'
         {{ lookup("template", "../common/templates/labels/common.yaml.j2")  | indent(width=8) | trim }}
-        {{ lookup("template", "../common/templates/labels//version.yaml.j2") | indent(width=8) | trim }}
+        {{ lookup("template", "../common/templates/labels/version.yaml.j2") | indent(width=8) | trim }}
       annotations:
 {% for template in [
     "configmaps/config",
-    "configmaps/pre_stop_scripts",
     "secrets/app_credentials",
     "storage/persistent",
   ] %}
@@ -78,7 +77,7 @@ spec:
         - name: init
           image: '{{ _init_container_image }}'
           imagePullPolicy: '{{ image_pull_policy }}'
-          resources: {{ web_resource_requirements }}
+          resources: {{ init_container_resource_requirements }}
           command:
             - /bin/sh
             - -c
@@ -107,7 +106,7 @@ spec:
         - name: init-projects
           image: '{{ _init_projects_container_image }}'
           imagePullPolicy: '{{ image_pull_policy }}'
-          resources: {{ web_resource_requirements }}
+          resources: {{ init_container_resource_requirements }}
           command:
             - /bin/sh
             - -c
@@ -210,15 +209,15 @@ spec:
               mountPath: "/var/lib/awx/projects"
 {% endif %}
             - name: "{{ ansible_operator_meta.name }}-receptor-ca"
-              mountPath: "/etc/receptor/tls/ca/receptor-ca.crt"
+              mountPath: "/etc/receptor/tls/ca/mesh-CA.crt"
               subPath: "tls.crt"
               readOnly: true
             - name: "{{ ansible_operator_meta.name }}-receptor-ca"
-              mountPath: "/etc/receptor/tls/ca/receptor-ca.key"
+              mountPath: "/etc/receptor/tls/ca/mesh-CA.key"
               subPath: "tls.key"
               readOnly: true
             - name: "{{ ansible_operator_meta.name }}-receptor-work-signing"
-              mountPath: "/etc/receptor/signing/work-public-key.pem"
+              mountPath: "/etc/receptor/work_public_key.pem"
               subPath: "work-public-key.pem"
               readOnly: true
 {% if development_mode | bool %}
@@ -277,7 +276,6 @@ spec:
               mountPath: "/var/run/redis"
             - name: rsyslog-socket
               mountPath: "/var/run/awx-rsyslog"
-          resources: {{ rsyslog_resource_requirements }}   
 {% if bundle_ca_crt  %}
             - name: "ca-trust-extracted"
               mountPath: "/etc/pki/ca-trust/extracted"
@@ -289,6 +287,9 @@ spec:
 {% if development_mode | bool %}
             - name: awx-devel
               mountPath: "/awx_devel"
+{% endif %}
+{% if rsyslog_extra_volume_mounts -%}
+            {{ rsyslog_extra_volume_mounts | indent(width=12, first=True) }}
 {% endif %}
           env:
             - name: SUPERVISOR_CONFIG_PATH
@@ -297,6 +298,10 @@ spec:
             - name: AWX_KUBE_DEVEL
               value: "1"
 {% endif %}
+{% if rsyslog_extra_env -%}
+            {{ rsyslog_extra_env | indent(width=12, first=True) }}
+{% endif %}
+          resources: {{ rsyslog_resource_requirements }}
 {% if web_node_selector %}
       nodeSelector:
         {{ web_node_selector | indent(width=8) }}

roles/restore/README.md

@@ -101,6 +101,12 @@ backup_pvc: myoldtower-backup-claim
 backup_dir: /backups/tower-openshift-backup-2021-04-02-03:25:08
 ```
 
+Variable to define Pull policy.You can pass other options like `Always`, `always`, `Never`, `never`, `IfNotPresent`, `ifnotpresent`.
+
+```
+image_pull_policy: 'IfNotPresent'
+```
+
 Variable to define resources limits and request for restore CR.
 
 ```

roles/restore/defaults/main.yml

@@ -17,6 +17,14 @@ cluster_name: 'cluster.local'
 # Set no_log settings on certain tasks
 no_log: true
 
+# Add a nodeSelector for the Postgres pods to backup.
+# Specify as literal block. E.g.:
+# db_management_pod_node_selector: |
+#   kubernetes.io/arch: amd64
+#   kubernetes.io/os: linux
+db_management_pod_node_selector: ''
+
+
 # Default resource requirements
 restore_resource_requirements:
   limits:

roles/restore/templates/management-pod.yml.j2

@@ -10,7 +10,7 @@ spec:
   containers:
   - name: {{ ansible_operator_meta.name }}-db-management
     image: "{{ _postgres_image }}"
-    imagePullPolicy: Always
+    imagePullPolicy: "{{ image_pull_policy }}"
     command: ["sleep", "infinity"]
     volumeMounts:
     - name: {{ ansible_operator_meta.name }}-backup
@@ -20,6 +20,10 @@ spec:
     resources:
       {{ restore_resource_requirements | to_nice_yaml(indent=2) | indent(width=6, first=False) }}
 {%- endif %}
+{% if db_management_pod_node_selector %}
+      nodeSelector:
+        {{ db_management_pod_node_selector | indent(width=8) }}
+{% endif %}
   volumes:
     - name: {{ ansible_operator_meta.name }}-backup
       persistentVolumeClaim:

roles/restore/vars/main.yml

@@ -13,3 +13,4 @@ admin_password_secret: '{{ deployment_name }}-admin-password'
 broadcast_websocket_secret: '{{ deployment_name }}-broadcast-websocket'
 postgres_configuration_secret: '{{ deployment_name }}-postgres-configuration'
 supported_pg_version: 13
+image_pull_policy: IfNotPresent