Add receptor_log_level (#1444 )

There was a typo in the CRD for the ephemeral storage which was ephemeral_storage instead of ephemeral-storage (#1476 )
Updated image pull policy for backup and restore policy as variable (#1473 )
2026-03-27 05:43:11 +00:00 · 2023-07-10 11:49:58 -04:00 · 2023-07-05 14:40:47 -04:00 · 2023-07-05 14:39:43 -04:00 · 2023-06-30 16:06:55 -05:00 · 2023-06-29 23:24:52 -04:00
24 changed files with 364 additions and 50 deletions
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -14,7 +14,7 @@ jobs:
    runs-on: ubuntu-latest
    name: molecule
    env:
-      DOCKER_API_VERSION: "1.38"
+      DOCKER_API_VERSION: "1.41"
    steps:
      - uses: actions/checkout@v2

--- a/.gitignore
+++ b/.gitignore
@@ -9,3 +9,4 @@ gh-pages/
 /.cr-release-packages
 .vscode/
 __pycache__
+/site
--- a/README.md
+++ b/README.md
@@ -716,23 +716,29 @@ spec:
    requests:
      cpu: 250m
      memory: 2Gi
+      ephemeral-storage: 100M
    limits:
      cpu: 1000m
      memory: 4Gi
+      ephemeral-storage: 500M
  task_resource_requirements:
    requests:
      cpu: 250m
      memory: 1Gi
+      ephemeral-storage: 100M
    limits:
      cpu: 2000m
      memory: 2Gi
+      ephemeral-storage: 500M
  ee_resource_requirements:
    requests:
      cpu: 250m
      memory: 100Mi
+      ephemeral-storage: 100M
    limits:
      cpu: 500m
      memory: 2Gi
+      ephemeral-storage: 500M
 ```

 #### Priority Classes
@@ -998,6 +1004,7 @@ In a scenario where custom volumes and volume mounts are required to either over
 | extra_volumes                      | Specify extra volumes to add to the application pod      | ''      |
 | web_extra_volume_mounts            | Specify volume mounts to be added to Web container       | ''      |
 | task_extra_volume_mounts           | Specify volume mounts to be added to Task container      | ''      |
+| rsyslog_extra_volume_mounts        | Specify volume mounts to be added to Rsyslog container   | ''      |
 | ee_extra_volume_mounts             | Specify volume mounts to be added to Execution container | ''      |
 | init_container_extra_volume_mounts | Specify volume mounts to be added to Init container      | ''      |
 | init_container_extra_commands      | Specify additional commands for Init container           | ''      |
@@ -1159,11 +1166,12 @@ type: kubernetes.io/dockerconfigjson

 If you need to export custom environment variables to your containers.

-| Name           | Description                                         | Default |
-| -------------- | --------------------------------------------------- | ------- |
-| task_extra_env | Environment variables to be added to Task container | ''      |
-| web_extra_env  | Environment variables to be added to Web container  | ''      |
-| ee_extra_env   | Environment variables to be added to EE container   | ''      |
+| Name              | Description                                            | Default |
+| ----------------- | ------------------------------------------------------ | ------- |
+| task_extra_env    | Environment variables to be added to Task container    | ''      |
+| web_extra_env     | Environment variables to be added to Web container     | ''      |
+| rsyslog_extra_env | Environment variables to be added to Rsyslog container | ''      |
+| ee_extra_env      | Environment variables to be added to EE container      | ''      |

 > :warning: The `ee_extra_env` will only take effect to the globally available Execution Environments. For custom `ee`, please [customize the Pod spec](https://docs.ansible.com/ansible-tower/latest/html/administration/external_execution_envs.html#customize-the-pod-spec).

@@ -1177,6 +1185,9 @@ Example configuration of environment variables
    web_extra_env: |
      - name: MYCUSTOMVAR
        value: foo
+    rsyslog_extra_env: |
+      - name: MYCUSTOMVAR
+        value: foo
    ee_extra_env: |
      - name: MYCUSTOMVAR
        value: foo
@@ -1220,6 +1231,8 @@ With`extra_settings`, you can pass multiple custom settings via the `awx-operato
 | -------------- | -------------- | ------- |
 | extra_settings | Extra settings | ''      |

+**Note:** Parameters configured in `extra_settings` are set as read-only settings in AWX.  As a result, they cannot be changed in the UI after deployment. If you need to change the setting after the initial deployment, you need to change it on the AWX CR spec.  
+
 Example configuration of `extra_settings` parameter

 ```yaml
--- a/ansible/helm-release.yml
+++ b/ansible/helm-release.yml
@@ -95,7 +95,7 @@

        - name: Set url base swap in gitconfig
          command:
-            cmd: "git config --global url.https://{{ gh_user }}:{{ gh_token }}@github.com/.insteadOf https://github.com/"
+            cmd: "git config --local url.https://{{ gh_user }}:{{ gh_token }}@github.com/.insteadOf https://github.com/"
          args:
            chdir: "{{ temp_dir.path }}/"
          no_log: true
--- a/config/crd/bases/awx.ansible.com_awxbackups.yaml
+++ b/config/crd/bases/awx.ansible.com_awxbackups.yaml
@@ -90,6 +90,20 @@ spec:
              postgres_image_version:
                description: PostgreSQL container image version to use
                type: string
+              image_pull_policy:
+                description: The image pull policy
+                type: string
+                default: IfNotPresent
+                enum:
+                - Always
+                - always
+                - Never
+                - never
+                - IfNotPresent
+                - ifnotpresent
+              db_management_pod_node_selector:
+                description: nodeSelector for the Postgres pods to backup
+                type: string
              no_log:
                description: Configure no_log for no_log tasks
                type: boolean
--- a/config/crd/bases/awx.ansible.com_awxrestores.yaml
+++ b/config/crd/bases/awx.ansible.com_awxrestores.yaml
@@ -94,6 +94,20 @@ spec:
              postgres_image_version:
                description: PostgreSQL container image version to use
                type: string
+              image_pull_policy:
+                description: The image pull policy
+                type: string
+                default: IfNotPresent
+                enum:
+                - Always
+                - always
+                - Never
+                - never
+                - IfNotPresent
+                - ifnotpresent
+              db_management_pod_node_selector:
+                description: nodeSelector for the Postgres pods to backup
+                type: string
              no_log:
                description: Configure no_log for no_log tasks
                type: boolean
--- a/config/crd/bases/awx.ansible.com_awxs.yaml
+++ b/config/crd/bases/awx.ansible.com_awxs.yaml
@@ -1368,6 +1368,8 @@ spec:
                        type: string
                      storage:
                        type: string
+                      ephemeral-storage:
+                        type: string
                    type: object
                  limits:
                    properties:
@@ -1377,6 +1379,8 @@ spec:
                        type: string
                      storage:
                        type: string
+                      ephemeral-storage:
+                        type: string
                    type: object
                type: object
              web_resource_requirements:
@@ -1390,6 +1394,8 @@ spec:
                        type: string
                      storage:
                        type: string
+                      ephemeral-storage:
+                        type: string
                    type: object
                  limits:
                    properties:
@@ -1399,6 +1405,8 @@ spec:
                        type: string
                      storage:
                        type: string
+                      ephemeral-storage:
+                        type: string
                    type: object
                type: object
              ee_resource_requirements:
@@ -1412,6 +1420,8 @@ spec:
                        type: string
                      storage:
                        type: string
+                      ephemeral-storage:
+                        type: string
                    type: object
                  limits:
                    properties:
@@ -1421,6 +1431,8 @@ spec:
                        type: string
                      storage:
                        type: string
+                      ephemeral-storage:
+                        type: string
                    type: object
                type: object
              postgres_init_container_resource_requirements:
@@ -1456,6 +1468,8 @@ spec:
                        type: string
                      storage:
                        type: string
+                      ephemeral-storage:
+                        type: string
                    type: object
                  limits:
                    properties:
@@ -1465,6 +1479,8 @@ spec:
                        type: string
                      storage:
                        type: string
+                      ephemeral-storage:
+                        type: string
                    type: object
                type: object
              rsyslog_resource_requirements:
@@ -1478,6 +1494,8 @@ spec:
                        type: string
                      storage:
                        type: string
+                      ephemeral-storage:
+                        type: string
                    type: object
                  limits:
                    properties:
@@ -1487,6 +1505,34 @@ spec:
                        type: string
                      storage:
                        type: string
+                      ephemeral-storage:
+                        type: string
+                    type: object
+                type: object
+              init_container_resource_requirements:
+                description: Resource requirements for the init container
+                properties:
+                  requests:
+                    properties:
+                      cpu:
+                        type: string
+                      memory:
+                        type: string
+                      storage:
+                        type: string
+                      ephemeral-storage:
+                        type: string
+                    type: object
+                  limits:
+                    properties:
+                      cpu:
+                        type: string
+                      memory:
+                        type: string
+                      storage:
+                        type: string
+                      ephemeral-storage:
+                        type: string
                    type: object
                type: object
              service_account_annotations:
@@ -1529,10 +1575,20 @@ spec:
                type: array
                items:
                  type: string
+              rsyslog_args:
+                type: array
+                items:
+                  type: string
+              rsyslog_command:
+                type: array
+                items:
+                  type: string
              task_extra_env:
                type: string
              web_extra_env:
                type: string
+              rsyslog_extra_env:
+                type: string
              ee_extra_env:
                type: string
              ee_extra_volume_mounts:
@@ -1544,6 +1600,9 @@ spec:
              web_extra_volume_mounts:
                description: Specify volume mounts to be added to the Web container
                type: string
+              rsyslog_extra_volume_mounts:
+                description: Specify volume mounts to be added to the Rsyslog container
+                type: string
              redis_image:
                description: Registry path to the redis container to use
                type: string
@@ -1694,6 +1753,9 @@ spec:
              session_cookie_secure:
                description: Set session cookie secure mode for web
                type: string
+              receptor_log_level:
+                description: Set log level of receptor service
+                type: string
              extra_settings:
                description: Extra settings to specify for the API
                items:
--- a/config/default/manager_auth_proxy_patch.yaml
+++ b/config/default/manager_auth_proxy_patch.yaml
@@ -15,7 +15,7 @@ spec:
          capabilities:
            drop:
            - "ALL"
-        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.0
+        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.14.1
        args:
        - "--secure-listen-address=0.0.0.0:8443"
        - "--upstream=http://127.0.0.1:8080/"
--- a/config/manifests/bases/awx-operator.clusterserviceversion.yaml
+++ b/config/manifests/bases/awx-operator.clusterserviceversion.yaml
@@ -65,6 +65,11 @@ spec:
        x-descriptors:
        - urn:alm:descriptor:com.tectonic.ui:advanced
        - urn:alm:descriptor:com.tectonic.ui:hidden
+      - displayName: Image Pull Policy
+        path: image_pull_policy
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy
      - displayName: No Log Configuration
        path: no_log
        x-descriptors:
@@ -135,6 +140,11 @@ spec:
        path: postgres_image_version
        x-descriptors:
        - urn:alm:descriptor:com.tectonic.ui:hidden
+      - displayName: Image Pull Policy
+        path: image_pull_policy
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy
      - displayName: Restore Management Pod Resource Requirements
        path: restore_resource_requirements
        x-descriptors:
@@ -371,6 +381,11 @@ spec:
        path: postgres_storage_requirements
        x-descriptors:
        - urn:alm:descriptor:com.tectonic.ui:advanced
+      - description: Init Container resource requirements
+        path: init_container_resource_requirements
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:resourceRequirements
      - displayName: Replicas
        path: replicas
        x-descriptors:
@@ -643,6 +658,28 @@ spec:
        x-descriptors:
        - urn:alm:descriptor:com.tectonic.ui:advanced
        - urn:alm:descriptor:com.tectonic.ui:hidden
+      - displayName: Rsyslog Args
+        path: rsyslog_args
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+      - displayName: Rsyslog Command
+        path: rsyslog_command
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+      - description: Environment variables to be added to Rsyslog container
+        displayName: Rsyslog Extra Env
+        path: rsyslog_extra_env
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+      - description: Specify volume mounts to be added to Rsyslog container
+        displayName: Rsyslog Extra Volume Mounts
+        path: rsyslog_extra_volume_mounts
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
      - description: Specify extra volumes to add to the application pod
        displayName: Extra Volumes
        path: extra_volumes
@@ -755,6 +792,11 @@ spec:
        x-descriptors:
        - urn:alm:descriptor:com.tectonic.ui:advanced
        - urn:alm:descriptor:com.tectonic.ui:hidden
+      - displayName: Receptor Log Level
+        path: receptor_log_level
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
      - displayName: API Extra Settings
        path: extra_settings
        x-descriptors:
--- a/docs/index.md
+++ b/docs/index.md
@@ -0,0 +1 @@
+# Welcome to the documentation of ansible awx-operator
--- a/docs/requirements.txt
+++ b/docs/requirements.txt
@@ -0,0 +1,12 @@
+cairosvg==2.7.0
+markdown-exec>=1.6.0
+mkdocs-ansible[lock]>=0.1.6
+mkdocs-gen-files>=0.4.0
+mkdocs-material-extensions>=1.1.1
+mkdocs-material>=9.1.15
+mkdocs==1.4.3
+mkdocstrings-python>=1.1.0
+mkdocstrings>=0.22.0
+pillow==9.5.0
+pipdeptree==2.7.1
+pymdown-extensions==10.0.1
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -0,0 +1,82 @@
+---
+site_name: awx-operator
+site_url: https://awx-operator.readthedocs.io/
+repo_url: https://github.com/ansible/awx-operator
+edit_uri: blob/devel/docs/
+docs_dir: docs
+strict: true
+use_directory_urls: false
+
+theme:
+  name: "material"
+  features:
+    - content.code.copy
+    - content.action.edit
+    - navigation.expand
+    - navigation.sections
+    - navigation.instant
+    - navigation.indexes
+    - navigation.tracking
+    - toc.integrate
+  palette:
+    - media: "(prefers-color-scheme: light)"
+      primary: teal
+      accent: blue
+      scheme: default
+      toggle:
+        icon: material/brightness-7
+        name: Switch to dark mode
+    - media: "(prefers-color-scheme: dark)"
+      scheme: slate
+      primary: teal
+      accent: blue
+      toggle:
+        icon: material/brightness-4
+        name: Switch to light mode
+
+nav:
+  - home: index.md
+  - debugging.md
+  - migration.md
+
+plugins:
+  - autorefs
+  - markdown-exec
+  - search
+  - mkdocstrings:
+      handlers:
+        python:
+          paths: [src]
+          options:
+            # Sphinx is for historical reasons, but we could consider switching if needed
+            # https://mkdocstrings.github.io/griffe/docstrings/
+            docstring_style: sphinx
+            merge_init_into_class: yes
+            show_submodules: yes
+          import:
+            - url: https://docs.ansible.com/ansible/latest/objects.inv
+              domains: [py, std]
+
+markdown_extensions:
+  - admonition
+  - def_list
+  - footnotes
+  - pymdownx.highlight:
+      anchor_linenums: true
+  - pymdownx.inlinehilite
+  - pymdownx.snippets:
+      check_paths: true
+  - pymdownx.superfences
+  - pymdownx.magiclink:
+      repo_url_shortener: true
+      repo_url_shorthand: true
+      social_url_shorthand: true
+      social_url_shortener: true
+      user: facelessuser
+      repo: pymdown-extensions
+      normalize_issue_symbols: true
+  - pymdownx.tabbed:
+      alternate_style: true
+  - toc:
+      toc_depth: 2
+      permalink: true
--- a/roles/backup/README.md
+++ b/roles/backup/README.md
@@ -82,6 +82,12 @@ It is also possible to tie the lifetime of the backup files to that of the AWXBa
 clean_backup_on_delete: true
 ```

+Variable to define Pull policy.You can pass other options like `Always`, `always`, `Never`, `never`, `IfNotPresent`, `ifnotpresent`.
+
+```
+image_pull_policy: 'IfNotPresent'
+```
+
 Variable to define resources limits and request for backup CR.
 ```
 backup_resource_requirements:
--- a/roles/backup/defaults/main.yml
+++ b/roles/backup/defaults/main.yml
@@ -17,6 +17,14 @@ no_log: true
 # Variable to set when you want backups to be cleaned up when the CRD object is deleted
 clean_backup_on_delete: false

+
+# Add a nodeSelector for the Postgres pods to backup.
+# Specify as literal block. E.g.:
+# db_management_pod_node_selector: |
+#   kubernetes.io/arch: amd64
+#   kubernetes.io/os: linux
+db_management_pod_node_selector: ''
+
 # Variable to signal that this role is being run as a finalizer
 finalizer_run: false

--- a/roles/backup/templates/management-pod.yml.j2
+++ b/roles/backup/templates/management-pod.yml.j2
@@ -10,7 +10,7 @@ spec:
  containers:
  - name: {{ ansible_operator_meta.name }}-db-management
    image: "{{ _postgres_image }}"
-    imagePullPolicy: Always
+    imagePullPolicy: "{{ image_pull_policy }}"
    command: ["sleep", "infinity"]
    volumeMounts:
    - name: {{ ansible_operator_meta.name }}-backup
@@ -20,6 +20,10 @@ spec:
    resources:
      {{ backup_resource_requirements | to_nice_yaml(indent=2) | indent(width=6, first=False) }}
 {%- endif %}
+{% if db_management_pod_node_selector %}
+  nodeSelector:
+        {{ db_management_pod_node_selector | indent(width=8) }}
+{% endif %}
  volumes:
    - name: {{ ansible_operator_meta.name }}-backup
      persistentVolumeClaim:
--- a/roles/backup/vars/main.yml
+++ b/roles/backup/vars/main.yml
@@ -5,3 +5,4 @@ _postgres_image_version: 13
 backup_complete: false
 database_type: "unmanaged"
 supported_pg_version: 13
+image_pull_policy: IfNotPresent
--- a/roles/installer/defaults/main.yml
+++ b/roles/installer/defaults/main.yml
@@ -321,6 +321,11 @@ rsyslog_resource_requirements:
    cpu: 100m
    memory: 128Mi

+init_container_resource_requirements:
+  requests:
+    cpu: 100m
+    memory: 128Mi
+
 # Add extra environment variables to the AWX task/web containers. Specify as
 # literal block. E.g.:
 # task_extra_env: |
@@ -330,6 +335,7 @@ rsyslog_resource_requirements:
 #     value: bing
 task_extra_env: ''
 web_extra_env: ''
+rsyslog_extra_env: ''
 ee_extra_env: ''

 # Mount extra volumes on the AWX task/web containers. Specify as literal block.
@@ -339,6 +345,7 @@ ee_extra_env: ''
 #     mountPath: /some/path
 task_extra_volume_mounts: ''
 web_extra_volume_mounts: ''
+rsyslog_extra_volume_mounts: ''
 ee_extra_volume_mounts: ''

 # Add a nodeSelector for the Postgres pods.
@@ -440,3 +447,5 @@ ipv6_disabled: false
 #         hostnames:
 #         - hostname
 host_aliases: ''
+
+receptor_log_level: info
--- a/roles/installer/templates/configmaps/config.yaml.j2
+++ b/roles/installer/templates/configmaps/config.yaml.j2
@@ -16,11 +16,11 @@ data:
    import socket
    # Import all so that extra_settings works properly
    from django_auth_ldap.config import *
-    
+
    def get_secret():
        if os.path.exists("/etc/tower/SECRET_KEY"):
            return open('/etc/tower/SECRET_KEY', 'rb').read().strip()
-    
+
    ADMINS = ()
    STATIC_ROOT = '/var/lib/awx/public/static'
    STATIC_URL = '{{ (ingress_path + '/static/').replace('//', '/') }}'
@@ -59,20 +59,20 @@ data:

    # Container environments don't like chroots
    AWX_PROOT_ENABLED = False
-    
+
    # Automatically deprovision pods that go offline
    AWX_AUTO_DEPROVISION_INSTANCES = True
-    
+
    CLUSTER_HOST_ID = socket.gethostname()
    SYSTEM_UUID = os.environ.get('MY_POD_UID', '00000000-0000-0000-0000-000000000000')
-    
+
    CSRF_COOKIE_SECURE = {{ csrf_cookie_secure | bool }}
    SESSION_COOKIE_SECURE = {{ session_cookie_secure | bool }}
-    
+
    SERVER_EMAIL = 'root@localhost'
    DEFAULT_FROM_EMAIL = 'webmaster@localhost'
    EMAIL_SUBJECT_PREFIX = '[AWX] '
-    
+
    EMAIL_HOST = 'localhost'
    EMAIL_PORT = 25
    EMAIL_HOST_USER = ''
@@ -84,6 +84,9 @@ data:
    BROADCAST_WEBSOCKET_PROTOCOL = 'http'


+    RECEPTOR_LOG_LEVEL = '{{ receptor_log_level }}'
+
+
 {% for item in extra_settings | default([]) %}
    {{ item.setting }} = {{ item.value }}
 {% endfor %}
@@ -101,30 +104,30 @@ data:
        default_type  application/octet-stream;
        server_tokens off;
        client_max_body_size 5M;
-    
+
        log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                          '$status $body_bytes_sent "$http_referer" '
                          '"$http_user_agent" "$http_x_forwarded_for"';
-    
+
        access_log /dev/stdout main;
-    
+
        map $http_upgrade $connection_upgrade {
            default upgrade;
            ''      close;
        }
-    
+
        sendfile        on;
        #tcp_nopush     on;
        #gzip  on;
-    
+
        upstream uwsgi {
            server 127.0.0.1:8050;
        }
-    
+
        upstream daphne {
            server 127.0.0.1:8051;
        }
-    
+

        {% if route_tls_termination_mechanism | lower == 'passthrough' %}
        server {
@@ -135,7 +138,7 @@ data:
            server_name _;

            # Redirect all HTTP links to the matching HTTPS page
-            return 301 https://$host$request_uri;
+            return 301 https://$host:8053$request_uri;
        }
        {% endif %}

@@ -163,30 +166,30 @@ data:
            # If you have a domain name, this is where to add it
            server_name _;
            keepalive_timeout 65;
-    
+
            # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
            add_header Strict-Transport-Security max-age=15768000;
-    
+
            # Protect against click-jacking https://www.owasp.org/index.php/Testing_for_Clickjacking_(OTG-CLIENT-009)
            add_header X-Frame-Options "DENY";
            # Protect against MIME content sniffing https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
            add_header X-Content-Type-Options nosniff;
-    
+
            location /nginx_status {
                stub_status on;
                access_log off;
                allow 127.0.0.1;
                deny all;
            }
-    
+
            location {{ (ingress_path + '/static').replace('//', '/') }} {
                alias /var/lib/awx/public/static/;
            }
-    
+
            location {{ (ingress_path + '/favicon.ico').replace('//', '/') }} {
                alias /var/lib/awx/public/static/media/favicon.ico;
            }
-    
+
            location {{ (ingress_path + '/websocket').replace('//', '/') }} {
                # Pass request to the upstream alias
                proxy_pass http://daphne;
@@ -208,7 +211,7 @@ data:
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection $connection_upgrade;
            }
-    
+
            location {{ ingress_path }} {
                # Add trailing / if missing
                rewrite ^(.*)$http_host(.*[^/])$ $1$http_host$2/ permanent;
@@ -236,7 +239,7 @@ data:
    bind 127.0.0.1
  receptor_conf: |
    ---
-    - log-level: info
+    - log-level: {{ receptor_log_level }}
    - local-only: null
    - node:
       firewallrules:
@@ -268,8 +271,8 @@ data:
        cert: /etc/receptor/tls/receptor.crt
        key: /etc/receptor/tls/receptor.key
        name: tlsclient
-        rootcas: /etc/receptor/tls/ca/receptor-ca.crt
+        rootcas: /etc/receptor/tls/ca/mesh-CA.crt
        mintls13: false
    - work-signing:
-        privatekey: /etc/receptor/signing/work-private-key.pem
+        privatekey: /etc/receptor/work_private_key.pem
        tokenexpiration: 1m
--- a/roles/installer/templates/deployments/task.yaml.j2
+++ b/roles/installer/templates/deployments/task.yaml.j2
@@ -76,14 +76,14 @@ spec:
        - name: init
          image: '{{ _init_container_image }}'
          imagePullPolicy: '{{ image_pull_policy }}'
-          resources: {{ task_resource_requirements }}
+          resources: {{ init_container_resource_requirements }}
          command:
            - /bin/sh
            - -c
            - |
              hostname=$MY_POD_NAME
              receptor --cert-makereq bits=2048 commonname=$hostname dnsname=$hostname nodeid=$hostname outreq=/etc/receptor/tls/receptor.req outkey=/etc/receptor/tls/receptor.key
-              receptor --cert-signreq req=/etc/receptor/tls/receptor.req cacert=/etc/receptor/tls/ca/receptor-ca.crt cakey=/etc/receptor/tls/ca/receptor-ca.key outcert=/etc/receptor/tls/receptor.crt verify=yes
+              receptor --cert-signreq req=/etc/receptor/tls/receptor.req cacert=/etc/receptor/tls/ca/mesh-CA.crt cakey=/etc/receptor/tls/ca/mesh-CA.key outcert=/etc/receptor/tls/receptor.crt verify=yes
 {% if bundle_ca_crt  %}
              mkdir -p /etc/pki/ca-trust/extracted/{java,pem,openssl,edk2}
              update-ca-trust
@@ -98,11 +98,11 @@ spec:
                  fieldPath: metadata.name
          volumeMounts:
            - name: "{{ ansible_operator_meta.name }}-receptor-ca"
-              mountPath: "/etc/receptor/tls/ca/receptor-ca.crt"
+              mountPath: "/etc/receptor/tls/ca/mesh-CA.crt"
              subPath: "tls.crt"
              readOnly: true
            - name: "{{ ansible_operator_meta.name }}-receptor-ca"
-              mountPath: "/etc/receptor/tls/ca/receptor-ca.key"
+              mountPath: "/etc/receptor/tls/ca/mesh-CA.key"
              subPath: "tls.key"
              readOnly: true
            - name: "{{ ansible_operator_meta.name }}-receptor-tls"
@@ -122,7 +122,7 @@ spec:
        - name: init-projects
          image: '{{ _init_projects_container_image }}'
          imagePullPolicy: '{{ image_pull_policy }}'
-          resources: {{ task_resource_requirements }}
+          resources: {{ init_container_resource_requirements }}
          command:
            - /bin/sh
            - -c
@@ -224,7 +224,7 @@ spec:
            - name: "{{ ansible_operator_meta.name }}-receptor-config"
              mountPath: "/etc/receptor/"
            - name: "{{ ansible_operator_meta.name }}-receptor-work-signing"
-              mountPath: "/etc/receptor/signing/work-private-key.pem"
+              mountPath: "/etc/receptor/work_private_key.pem"
              subPath: "work-private-key.pem"
              readOnly: true
            - name: receptor-socket
@@ -305,11 +305,11 @@ spec:
            - name: "{{ ansible_operator_meta.name }}-receptor-config"
              mountPath: "/etc/receptor/"
            - name: "{{ ansible_operator_meta.name }}-receptor-ca"
-              mountPath: "/etc/receptor/tls/ca/receptor-ca.crt"
+              mountPath: "/etc/receptor/tls/ca/mesh-CA.crt"
              subPath: "tls.crt"
              readOnly: true
            - name: "{{ ansible_operator_meta.name }}-receptor-work-signing"
-              mountPath: "/etc/receptor/signing/work-private-key.pem"
+              mountPath: "/etc/receptor/work_private_key.pem"
              subPath: "work-private-key.pem"
              readOnly: true
            - name: "{{ ansible_operator_meta.name }}-receptor-tls"
@@ -343,7 +343,6 @@ spec:
 {% if ee_extra_env -%}
            {{ ee_extra_env | indent(width=12, first=True) }}
 {% endif %}
-          resources: {{ rsyslog_resource_requirements }}
        - image: '{{ _image }}'
          name: '{{ ansible_operator_meta.name }}-rsyslog'
 {% if rsyslog_command %}
@@ -353,6 +352,7 @@ spec:
          args: {{ rsyslog_args }}
 {% endif %}
          imagePullPolicy: '{{ image_pull_policy }}'
+          resources: {{ rsyslog_resource_requirements }}
          volumeMounts:
            - name: "{{ ansible_operator_meta.name }}-application-credentials"
              mountPath: "/etc/tower/conf.d/credentials.py"
@@ -381,6 +381,21 @@ spec:
 {% if development_mode | bool %}
            - name: awx-devel
              mountPath: "/awx_devel"
+{% endif %}
+{% if rsyslog_extra_volume_mounts -%}
+            {{ rsyslog_extra_volume_mounts | indent(width=12, first=True) }}
+{% endif %}
+{% if termination_grace_period_seconds is defined %}
+            - name: pre-stop-data
+              mountPath: /var/lib/pre-stop
+            - name: pre-stop-scripts
+              mountPath: /var/lib/pre-stop/scripts
+          lifecycle:
+            preStop:
+              exec:
+                command:
+                - bash
+                - /var/lib/pre-stop/scripts/termination-waiter
 {% endif %}
          env:
            - name: SUPERVISOR_CONFIG_PATH
@@ -389,6 +404,9 @@ spec:
            - name: AWX_KUBE_DEVEL
              value: "1"
 {% endif %}
+{% if rsyslog_extra_env -%}
+            {{ rsyslog_extra_env | indent(width=12, first=True) }}
+{% endif %}
 {% if task_node_selector %}
      nodeSelector:
        {{ task_node_selector | indent(width=8) }}
--- a/roles/installer/templates/deployments/web.yaml.j2
+++ b/roles/installer/templates/deployments/web.yaml.j2
@@ -28,7 +28,6 @@ spec:
      annotations:
 {% for template in [
    "configmaps/config",
-    "configmaps/pre_stop_scripts",
    "secrets/app_credentials",
    "storage/persistent",
  ] %}
@@ -78,7 +77,7 @@ spec:
        - name: init
          image: '{{ _init_container_image }}'
          imagePullPolicy: '{{ image_pull_policy }}'
-          resources: {{ web_resource_requirements }}
+          resources: {{ init_container_resource_requirements }}
          command:
            - /bin/sh
            - -c
@@ -107,7 +106,7 @@ spec:
        - name: init-projects
          image: '{{ _init_projects_container_image }}'
          imagePullPolicy: '{{ image_pull_policy }}'
-          resources: {{ web_resource_requirements }}
+          resources: {{ init_container_resource_requirements }}
          command:
            - /bin/sh
            - -c
@@ -210,15 +209,15 @@ spec:
              mountPath: "/var/lib/awx/projects"
 {% endif %}
            - name: "{{ ansible_operator_meta.name }}-receptor-ca"
-              mountPath: "/etc/receptor/tls/ca/receptor-ca.crt"
+              mountPath: "/etc/receptor/tls/ca/mesh-CA.crt"
              subPath: "tls.crt"
              readOnly: true
            - name: "{{ ansible_operator_meta.name }}-receptor-ca"
-              mountPath: "/etc/receptor/tls/ca/receptor-ca.key"
+              mountPath: "/etc/receptor/tls/ca/mesh-CA.key"
              subPath: "tls.key"
              readOnly: true
            - name: "{{ ansible_operator_meta.name }}-receptor-work-signing"
-              mountPath: "/etc/receptor/signing/work-public-key.pem"
+              mountPath: "/etc/receptor/work_public_key.pem"
              subPath: "work-public-key.pem"
              readOnly: true
 {% if development_mode | bool %}
@@ -288,6 +287,9 @@ spec:
 {% if development_mode | bool %}
            - name: awx-devel
              mountPath: "/awx_devel"
+{% endif %}
+{% if rsyslog_extra_volume_mounts -%}
+            {{ rsyslog_extra_volume_mounts | indent(width=12, first=True) }}
 {% endif %}
          env:
            - name: SUPERVISOR_CONFIG_PATH
@@ -295,6 +297,9 @@ spec:
 {% if development_mode | bool %}
            - name: AWX_KUBE_DEVEL
              value: "1"
+{% endif %}
+{% if rsyslog_extra_env -%}
+            {{ rsyslog_extra_env | indent(width=12, first=True) }}
 {% endif %}
          resources: {{ rsyslog_resource_requirements }}
 {% if web_node_selector %}
--- a/roles/restore/README.md
+++ b/roles/restore/README.md
@@ -101,6 +101,12 @@ backup_pvc: myoldtower-backup-claim
 backup_dir: /backups/tower-openshift-backup-2021-04-02-03:25:08
 ```

+Variable to define Pull policy.You can pass other options like `Always`, `always`, `Never`, `never`, `IfNotPresent`, `ifnotpresent`.
+
+```
+image_pull_policy: 'IfNotPresent'
+```
+
 Variable to define resources limits and request for restore CR.

 ```
--- a/roles/restore/defaults/main.yml
+++ b/roles/restore/defaults/main.yml
@@ -17,6 +17,14 @@ cluster_name: 'cluster.local'
 # Set no_log settings on certain tasks
 no_log: true

+# Add a nodeSelector for the Postgres pods to backup.
+# Specify as literal block. E.g.:
+# db_management_pod_node_selector: |
+#   kubernetes.io/arch: amd64
+#   kubernetes.io/os: linux
+db_management_pod_node_selector: ''
+
+
 # Default resource requirements
 restore_resource_requirements:
  limits:
--- a/roles/restore/templates/management-pod.yml.j2
+++ b/roles/restore/templates/management-pod.yml.j2
@@ -10,7 +10,7 @@ spec:
  containers:
  - name: {{ ansible_operator_meta.name }}-db-management
    image: "{{ _postgres_image }}"
-    imagePullPolicy: Always
+    imagePullPolicy: "{{ image_pull_policy }}"
    command: ["sleep", "infinity"]
    volumeMounts:
    - name: {{ ansible_operator_meta.name }}-backup
@@ -20,6 +20,10 @@ spec:
    resources:
      {{ restore_resource_requirements | to_nice_yaml(indent=2) | indent(width=6, first=False) }}
 {%- endif %}
+{% if db_management_pod_node_selector %}
+      nodeSelector:
+        {{ db_management_pod_node_selector | indent(width=8) }}
+{% endif %}
  volumes:
    - name: {{ ansible_operator_meta.name }}-backup
      persistentVolumeClaim:
--- a/roles/restore/vars/main.yml
+++ b/roles/restore/vars/main.yml
@@ -13,3 +13,4 @@ admin_password_secret: '{{ deployment_name }}-admin-password'
 broadcast_websocket_secret: '{{ deployment_name }}-broadcast-websocket'
 postgres_configuration_secret: '{{ deployment_name }}-postgres-configuration'
 supported_pg_version: 13
+image_pull_policy: IfNotPresent
Author	SHA1	Message	Date
Seth Foster	822b3a439f	Add receptor_log_level (#1444 )	2023-07-10 11:49:58 -04:00
rakesh561	cfb5048f85	There was a typo in the CRD for the ephemeral storage which was ephemeral_storage instead of ephemeral-storage (#1476 )	2023-07-05 14:40:47 -04:00
rakesh561	43c1f396c3	Updated image pull policy for backup and restore policy as variable (#1473 )	2023-07-05 14:39:43 -04:00
Chi Cuong HA	cbdbeb790b	Fix redirect port when route_tls_termination_mechanism: passthrough (#1475 ) Fixes #1474	2023-06-30 16:06:55 -05:00
rakesh561	d61a01321f	Allow ability to define requests and limits for ephemeral storage. (#1466 )	2023-06-29 23:24:52 -04:00
Uros Bajzelj	3afe1df555	Enable configuration of rsyslog environmental variables, volume mounts, and entrypoints (#1467 )	2023-06-29 22:38:24 -04:00
BhattacharjeeSutapa	b18d59f118	Add mkdocs scaffolding (#1363 ) Co-authored-by: Don Naro <dnaro@redhat.com>	2023-06-28 11:15:05 -04:00
loh	1d72a97ac8	Add doc note about extra_settings being read-only in AWX UI Co-authored-by: Christian Adams <rooftopcellist@gmail.com>	2023-06-23 15:14:06 -04:00
rakesh561	a8d2831b1c	Update code with capability to set the init container resources instead of using web or task container resources (#1439 )	2023-06-23 18:09:09 +00:00
Stanislav Zaprudskiy	213c1bebc4	Do not cause web deployment restart on pre-stop scripts changes (#1458 )	2023-06-23 11:25:58 -04:00
Hao Liu	ca6666d271	Fix failure in CI while creating kind cluster (#1462 )	2023-06-23 10:18:58 -04:00
soumyadeep-paul-ibm	56d1966397	Update manager_auth_proxy_patch.yaml (#1438 ) Co-authored-by: Christian Adams <chadams@redhat.com>	2023-06-21 18:30:17 +00:00
rakesh561	fcc09673cc	Add db_management_pod_node_selector for specifying nodeSelect for backup/restore mgmt pod (#1434 ) Co-authored-by: Hao Liu <44379968+TheRealHaoLiu@users.noreply.github.com> Co-authored-by: Jesse Wattenbarger <jesse.j.wattenbarger@gmail.com>	2023-06-21 10:46:29 -04:00
rakesh561	b1655479d2	Updated task.yaml.j2 rsyslog container to have preStop hook (#1422 ) Co-authored-by: Stanislav Zaprudskiy <stanislav.zaprudskiy@gmail.com>	2023-06-09 16:33:31 -04:00
Hao Liu	a5e29aefec	Relocate receptor cert and key file location (#1442 )	2023-06-09 14:19:04 -04:00
dale-mittleman	4d20079cfe	Fix rsyslog container resources in task deployment template (#1426 )	2023-05-19 13:05:37 -04:00
John Westcott IV	645f3a7cf8	Merge pull request #1420 from john-westcott-iv/change_helm_release Changing helm-release url setting from global to local	2023-05-18 08:31:10 -04:00
john-westcott-iv	b65457a056	Changing url setting from global to local	2023-05-17 16:23:14 -04:00
				`@@ -0,0 +1 @@`
				`# Welcome to the documentation of ansible awx-operator`