internet/awx-operator
3
0
Fork 0
mirror of https://github.com/ansible/awx-operator.git synced 2026-03-27 22:03:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: internet:2.4.0
Branches Tags
internet:devel internet:TheRealHaoLiu-CI-test-10302025 internet:uwsgi_configurable_timeout internet:dependabot/github_actions/dependencies-c216064e94 internet:dependabot/pip/docs/dependencies-9f52a38f71 internet:test-python-module-fix internet:feature_receptor-collection-python-311 internet:pg-dump-restore-in-job internet:checkpoint_v1 internet:fix-helm-release-again internet:docs-for-port-quotes internet:update-gh-pages-urls internet:pr-check-capacity-fix internet:awx-ee-latest internet:shanemcd-patch-1
internet:2.19.1 internet:2.19.0 internet:2.18.0 internet:2.17.0 internet:2.16.1 internet:2.16.0 internet:2.15.0 internet:2.14.0 internet:2.13.1 internet:2.13.0 internet:2.12.2 internet:2.12.1 internet:2.12.0 internet:2.11.0 internet:2.10.0 internet:2.9.0 internet:2.8.0 internet:2.7.2 internet:2.7.1 internet:2.7.0 internet:2.6.0 internet:2.5.3 internet:2.5.2 internet:2.5.1 internet:2.5.0 internet:2.4.0 internet:2.3.0 internet:2.2.1 internet:2.2.0 internet:2.1.0 internet:2.0.1 internet:2.0.0 internet:1.4.0 internet:1.3.0 internet:1.2.0 internet:1.1.4 internet:1.1.3 internet:1.1.2 internet:1.1.1 internet:1.1.0 internet:1.0.0 internet:0.30.0 internet:0.29.0 internet:0.28.0 internet:0.27.0 internet:0.26.0 internet:0.25.0 internet:0.24.0 internet:0.23.0 internet:0.22.0 internet:0.21.0 internet:0.20.2 internet:0.20.1 internet:0.20.0 internet:0.19.0 internet:0.18.0 internet:0.17.0 internet:0.16.1 internet:0.16.0 internet:0.15.0 internet:0.14.0 internet:0.13.0 internet:0.12.0 internet:0.11.0 internet:0.10.0 internet:0.9.0 internet:0.8.0 internet:0.7.0 internet:0.6.0
..
compare: internet:fix-helm-release-again
Branches Tags
internet:devel internet:TheRealHaoLiu-CI-test-10302025 internet:uwsgi_configurable_timeout internet:dependabot/github_actions/dependencies-c216064e94 internet:dependabot/pip/docs/dependencies-9f52a38f71 internet:test-python-module-fix internet:feature_receptor-collection-python-311 internet:pg-dump-restore-in-job internet:checkpoint_v1 internet:fix-helm-release-again internet:docs-for-port-quotes internet:update-gh-pages-urls internet:pr-check-capacity-fix internet:awx-ee-latest internet:shanemcd-patch-1
internet:2.19.1 internet:2.19.0 internet:2.18.0 internet:2.17.0 internet:2.16.1 internet:2.16.0 internet:2.15.0 internet:2.14.0 internet:2.13.1 internet:2.13.0 internet:2.12.2 internet:2.12.1 internet:2.12.0 internet:2.11.0 internet:2.10.0 internet:2.9.0 internet:2.8.0 internet:2.7.2 internet:2.7.1 internet:2.7.0 internet:2.6.0 internet:2.5.3 internet:2.5.2 internet:2.5.1 internet:2.5.0 internet:2.4.0 internet:2.3.0 internet:2.2.1 internet:2.2.0 internet:2.1.0 internet:2.0.1 internet:2.0.0 internet:1.4.0 internet:1.3.0 internet:1.2.0 internet:1.1.4 internet:1.1.3 internet:1.1.2 internet:1.1.1 internet:1.1.0 internet:1.0.0 internet:0.30.0 internet:0.29.0 internet:0.28.0 internet:0.27.0 internet:0.26.0 internet:0.25.0 internet:0.24.0 internet:0.23.0 internet:0.22.0 internet:0.21.0 internet:0.20.2 internet:0.20.1 internet:0.20.0 internet:0.19.0 internet:0.18.0 internet:0.17.0 internet:0.16.1 internet:0.16.0 internet:0.15.0 internet:0.14.0 internet:0.13.0 internet:0.12.0 internet:0.11.0 internet:0.10.0 internet:0.9.0 internet:0.8.0 internet:0.7.0 internet:0.6.0

1 Commits
2.4.0 ... fix-helm-r

Author SHA1 Message Date
Christian M. Adams
e11edb3fcc Fix helm release push with HTTPS 2023-05-17 15:36:55 -04:00
24 changed files with 51 additions and 365 deletions
Expand all files Collapse all files

2
.github/workflows/ci.yaml vendored
View File

@@ -14,7 +14,7 @@ jobs:
runs-on: ubuntu-latest
name: molecule
env:
DOCKER_API_VERSION: "1.41"
DOCKER_API_VERSION: "1.38"
steps:
- uses: actions/checkout@v2

1
.gitignore vendored
View File

@@ -9,4 +9,3 @@ gh-pages/
/.cr-release-packages
.vscode/
__pycache__
/site

23
README.md
View File

@@ -716,29 +716,23 @@ spec:
requests:
cpu: 250m
memory: 2Gi
ephemeral-storage: 100M
limits:
cpu: 1000m
memory: 4Gi
ephemeral-storage: 500M
task_resource_requirements:
requests:
cpu: 250m
memory: 1Gi
ephemeral-storage: 100M
limits:
cpu: 2000m
memory: 2Gi
ephemeral-storage: 500M
ee_resource_requirements:
requests:
cpu: 250m
memory: 100Mi
ephemeral-storage: 100M
limits:
cpu: 500m
memory: 2Gi
ephemeral-storage: 500M
```
#### Priority Classes
@@ -1004,7 +998,6 @@ In a scenario where custom volumes and volume mounts are required to either over
| extra_volumes | Specify extra volumes to add to the application pod | '' |
| web_extra_volume_mounts | Specify volume mounts to be added to Web container | '' |
| task_extra_volume_mounts | Specify volume mounts to be added to Task container | '' |
| rsyslog_extra_volume_mounts | Specify volume mounts to be added to Rsyslog container | '' |
| ee_extra_volume_mounts | Specify volume mounts to be added to Execution container | '' |
| init_container_extra_volume_mounts | Specify volume mounts to be added to Init container | '' |
| init_container_extra_commands | Specify additional commands for Init container | '' |
@@ -1166,12 +1159,11 @@ type: kubernetes.io/dockerconfigjson
If you need to export custom environment variables to your containers.
| Name | Description | Default |
| ----------------- | ------------------------------------------------------ | ------- |
| task_extra_env | Environment variables to be added to Task container | '' |
| web_extra_env | Environment variables to be added to Web container | '' |
| rsyslog_extra_env | Environment variables to be added to Rsyslog container | '' |
| ee_extra_env | Environment variables to be added to EE container | '' |
| Name | Description | Default |
| -------------- | --------------------------------------------------- | ------- |
| task_extra_env | Environment variables to be added to Task container | '' |
| web_extra_env | Environment variables to be added to Web container | '' |
| ee_extra_env | Environment variables to be added to EE container | '' |
> :warning: The `ee_extra_env` will only take effect to the globally available Execution Environments. For custom `ee`, please [customize the Pod spec](https://docs.ansible.com/ansible-tower/latest/html/administration/external_execution_envs.html#customize-the-pod-spec).
@@ -1185,9 +1177,6 @@ Example configuration of environment variables
web_extra_env: |
- name: MYCUSTOMVAR
value: foo
rsyslog_extra_env: |
- name: MYCUSTOMVAR
value: foo
ee_extra_env: |
- name: MYCUSTOMVAR
value: foo
@@ -1231,8 +1220,6 @@ With`extra_settings`, you can pass multiple custom settings via the `awx-operato
| -------------- | -------------- | ------- |
| extra_settings | Extra settings | '' |
**Note:** Parameters configured in `extra_settings` are set as read-only settings in AWX. As a result, they cannot be changed in the UI after deployment. If you need to change the setting after the initial deployment, you need to change it on the AWX CR spec.
Example configuration of `extra_settings` parameter
```yaml

2
ansible/helm-release.yml
View File

@@ -95,7 +95,7 @@
- name: Set url base swap in gitconfig
command:
cmd: "git config --local url.https://{{ gh_user }}:{{ gh_token }}@github.com/.insteadOf https://github.com/"
cmd: "git config --global url.https://{{ gh_user }}:{{ gh_token }}@github.com/.insteadOf https://github.com/"
args:
chdir: "{{ temp_dir.path }}/"
no_log: true

14
config/crd/bases/awx.ansible.com_awxbackups.yaml
View File

@@ -90,20 +90,6 @@ spec:
postgres_image_version:
description: PostgreSQL container image version to use
type: string
image_pull_policy:
description: The image pull policy
type: string
default: IfNotPresent
enum:
- Always
- always
- Never
- never
- IfNotPresent
- ifnotpresent
db_management_pod_node_selector:
description: nodeSelector for the Postgres pods to backup
type: string
no_log:
description: Configure no_log for no_log tasks
type: boolean

14
config/crd/bases/awx.ansible.com_awxrestores.yaml
View File

@@ -94,20 +94,6 @@ spec:
postgres_image_version:
description: PostgreSQL container image version to use
type: string
image_pull_policy:
description: The image pull policy
type: string
default: IfNotPresent
enum:
- Always
- always
- Never
- never
- IfNotPresent
- ifnotpresent
db_management_pod_node_selector:
description: nodeSelector for the Postgres pods to backup
type: string
no_log:
description: Configure no_log for no_log tasks
type: boolean

62
config/crd/bases/awx.ansible.com_awxs.yaml
View File

@@ -1368,8 +1368,6 @@ spec:
type: string
storage:
type: string
ephemeral-storage:
type: string
type: object
limits:
properties:
@@ -1379,8 +1377,6 @@ spec:
type: string
storage:
type: string
ephemeral-storage:
type: string
type: object
type: object
web_resource_requirements:
@@ -1394,8 +1390,6 @@ spec:
type: string
storage:
type: string
ephemeral-storage:
type: string
type: object
limits:
properties:
@@ -1405,8 +1399,6 @@ spec:
type: string
storage:
type: string
ephemeral-storage:
type: string
type: object
type: object
ee_resource_requirements:
@@ -1420,8 +1412,6 @@ spec:
type: string
storage:
type: string
ephemeral-storage:
type: string
type: object
limits:
properties:
@@ -1431,8 +1421,6 @@ spec:
type: string
storage:
type: string
ephemeral-storage:
type: string
type: object
type: object
postgres_init_container_resource_requirements:
@@ -1468,8 +1456,6 @@ spec:
type: string
storage:
type: string
ephemeral-storage:
type: string
type: object
limits:
properties:
@@ -1479,8 +1465,6 @@ spec:
type: string
storage:
type: string
ephemeral-storage:
type: string
type: object
type: object
rsyslog_resource_requirements:
@@ -1494,8 +1478,6 @@ spec:
type: string
storage:
type: string
ephemeral-storage:
type: string
type: object
limits:
properties:
@@ -1505,34 +1487,6 @@ spec:
type: string
storage:
type: string
ephemeral-storage:
type: string
type: object
type: object
init_container_resource_requirements:
description: Resource requirements for the init container
properties:
requests:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
ephemeral-storage:
type: string
type: object
limits:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
ephemeral-storage:
type: string
type: object
type: object
service_account_annotations:
@@ -1575,20 +1529,10 @@ spec:
type: array
items:
type: string
rsyslog_args:
type: array
items:
type: string
rsyslog_command:
type: array
items:
type: string
task_extra_env:
type: string
web_extra_env:
type: string
rsyslog_extra_env:
type: string
ee_extra_env:
type: string
ee_extra_volume_mounts:
@@ -1600,9 +1544,6 @@ spec:
web_extra_volume_mounts:
description: Specify volume mounts to be added to the Web container
type: string
rsyslog_extra_volume_mounts:
description: Specify volume mounts to be added to the Rsyslog container
type: string
redis_image:
description: Registry path to the redis container to use
type: string
@@ -1753,9 +1694,6 @@ spec:
session_cookie_secure:
description: Set session cookie secure mode for web
type: string
receptor_log_level:
description: Set log level of receptor service
type: string
extra_settings:
description: Extra settings to specify for the API
items:

2
config/default/manager_auth_proxy_patch.yaml
View File

@@ -15,7 +15,7 @@ spec:
capabilities:
drop:
- "ALL"
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.14.1
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.0
args:
- "--secure-listen-address=0.0.0.0:8443"
- "--upstream=http://127.0.0.1:8080/"

42
config/manifests/bases/awx-operator.clusterserviceversion.yaml
View File

@@ -65,11 +65,6 @@ spec:
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Image Pull Policy
path: image_pull_policy
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:imagePullPolicy
- displayName: No Log Configuration
path: no_log
x-descriptors:
@@ -140,11 +135,6 @@ spec:
path: postgres_image_version
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Image Pull Policy
path: image_pull_policy
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:imagePullPolicy
- displayName: Restore Management Pod Resource Requirements
path: restore_resource_requirements
x-descriptors:
@@ -381,11 +371,6 @@ spec:
path: postgres_storage_requirements
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- description: Init Container resource requirements
path: init_container_resource_requirements
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements
- displayName: Replicas
path: replicas
x-descriptors:
@@ -658,28 +643,6 @@ spec:
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Rsyslog Args
path: rsyslog_args
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Rsyslog Command
path: rsyslog_command
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- description: Environment variables to be added to Rsyslog container
displayName: Rsyslog Extra Env
path: rsyslog_extra_env
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- description: Specify volume mounts to be added to Rsyslog container
displayName: Rsyslog Extra Volume Mounts
path: rsyslog_extra_volume_mounts
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- description: Specify extra volumes to add to the application pod
displayName: Extra Volumes
path: extra_volumes
@@ -792,11 +755,6 @@ spec:
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Receptor Log Level
path: receptor_log_level
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: API Extra Settings
path: extra_settings
x-descriptors:

1
docs/index.md
View File

@@ -1 +0,0 @@
# Welcome to the documentation of ansible awx-operator

12
docs/requirements.txt
View File

@@ -1,12 +0,0 @@
cairosvg==2.7.0
markdown-exec>=1.6.0
mkdocs-ansible[lock]>=0.1.6
mkdocs-gen-files>=0.4.0
mkdocs-material-extensions>=1.1.1
mkdocs-material>=9.1.15
mkdocs==1.4.3
mkdocstrings-python>=1.1.0
mkdocstrings>=0.22.0
pillow==9.5.0
pipdeptree==2.7.1
pymdown-extensions==10.0.1

82
mkdocs.yml
View File

@@ -1,82 +0,0 @@
---
site_name: awx-operator
site_url: https://awx-operator.readthedocs.io/
repo_url: https://github.com/ansible/awx-operator
edit_uri: blob/devel/docs/
docs_dir: docs
strict: true
use_directory_urls: false
theme:
name: "material"
features:
- content.code.copy
- content.action.edit
- navigation.expand
- navigation.sections
- navigation.instant
- navigation.indexes
- navigation.tracking
- toc.integrate
palette:
- media: "(prefers-color-scheme: light)"
primary: teal
accent: blue
scheme: default
toggle:
icon: material/brightness-7
name: Switch to dark mode
- media: "(prefers-color-scheme: dark)"
scheme: slate
primary: teal
accent: blue
toggle:
icon: material/brightness-4
name: Switch to light mode
nav:
- home: index.md
- debugging.md
- migration.md
plugins:
- autorefs
- markdown-exec
- search
- mkdocstrings:
handlers:
python:
paths: [src]
options:
# Sphinx is for historical reasons, but we could consider switching if needed
# https://mkdocstrings.github.io/griffe/docstrings/
docstring_style: sphinx
merge_init_into_class: yes
show_submodules: yes
import:
- url: https://docs.ansible.com/ansible/latest/objects.inv
domains: [py, std]
markdown_extensions:
- admonition
- def_list
- footnotes
- pymdownx.highlight:
anchor_linenums: true
- pymdownx.inlinehilite
- pymdownx.snippets:
check_paths: true
- pymdownx.superfences
- pymdownx.magiclink:
repo_url_shortener: true
repo_url_shorthand: true
social_url_shorthand: true
social_url_shortener: true
user: facelessuser
repo: pymdown-extensions
normalize_issue_symbols: true
- pymdownx.tabbed:
alternate_style: true
- toc:
toc_depth: 2
permalink: true

6
roles/backup/README.md
View File

@@ -82,12 +82,6 @@ It is also possible to tie the lifetime of the backup files to that of the AWXBa
clean_backup_on_delete: true
```
Variable to define Pull policy.You can pass other options like `Always`, `always`, `Never`, `never`, `IfNotPresent`, `ifnotpresent`.
```
image_pull_policy: 'IfNotPresent'
```
Variable to define resources limits and request for backup CR.
```
backup_resource_requirements:

8
roles/backup/defaults/main.yml
View File

@@ -17,14 +17,6 @@ no_log: true
# Variable to set when you want backups to be cleaned up when the CRD object is deleted
clean_backup_on_delete: false
# Add a nodeSelector for the Postgres pods to backup.
# Specify as literal block. E.g.:
# db_management_pod_node_selector: |
# kubernetes.io/arch: amd64
# kubernetes.io/os: linux
db_management_pod_node_selector: ''
# Variable to signal that this role is being run as a finalizer
finalizer_run: false

6
roles/backup/templates/management-pod.yml.j2
View File

@@ -10,7 +10,7 @@ spec:
containers:
- name: {{ ansible_operator_meta.name }}-db-management
image: "{{ _postgres_image }}"
imagePullPolicy: "{{ image_pull_policy }}"
imagePullPolicy: Always
command: ["sleep", "infinity"]
volumeMounts:
- name: {{ ansible_operator_meta.name }}-backup
@@ -20,10 +20,6 @@ spec:
resources:
{{ backup_resource_requirements | to_nice_yaml(indent=2) | indent(width=6, first=False) }}
{%- endif %}
{% if db_management_pod_node_selector %}
nodeSelector:
{{ db_management_pod_node_selector | indent(width=8) }}
{% endif %}
volumes:
- name: {{ ansible_operator_meta.name }}-backup
persistentVolumeClaim:

1
roles/backup/vars/main.yml
View File

@@ -5,4 +5,3 @@ _postgres_image_version: 13
backup_complete: false
database_type: "unmanaged"
supported_pg_version: 13
image_pull_policy: IfNotPresent

9
roles/installer/defaults/main.yml
View File

@@ -321,11 +321,6 @@ rsyslog_resource_requirements:
cpu: 100m
memory: 128Mi
init_container_resource_requirements:
requests:
cpu: 100m
memory: 128Mi
# Add extra environment variables to the AWX task/web containers. Specify as
# literal block. E.g.:
# task_extra_env: |
@@ -335,7 +330,6 @@ init_container_resource_requirements:
# value: bing
task_extra_env: ''
web_extra_env: ''
rsyslog_extra_env: ''
ee_extra_env: ''
# Mount extra volumes on the AWX task/web containers. Specify as literal block.
@@ -345,7 +339,6 @@ ee_extra_env: ''
# mountPath: /some/path
task_extra_volume_mounts: ''
web_extra_volume_mounts: ''
rsyslog_extra_volume_mounts: ''
ee_extra_volume_mounts: ''
# Add a nodeSelector for the Postgres pods.
@@ -447,5 +440,3 @@ ipv6_disabled: false
# hostnames:
# - hostname
host_aliases: ''
receptor_log_level: info

53
roles/installer/templates/configmaps/config.yaml.j2
View File

@@ -16,11 +16,11 @@ data:
import socket
# Import all so that extra_settings works properly
from django_auth_ldap.config import *
def get_secret():
if os.path.exists("/etc/tower/SECRET_KEY"):
return open('/etc/tower/SECRET_KEY', 'rb').read().strip()
ADMINS = ()
STATIC_ROOT = '/var/lib/awx/public/static'
STATIC_URL = '{{ (ingress_path + '/static/').replace('//', '/') }}'
@@ -59,20 +59,20 @@ data:
# Container environments don't like chroots
AWX_PROOT_ENABLED = False
# Automatically deprovision pods that go offline
AWX_AUTO_DEPROVISION_INSTANCES = True
CLUSTER_HOST_ID = socket.gethostname()
SYSTEM_UUID = os.environ.get('MY_POD_UID', '00000000-0000-0000-0000-000000000000')
CSRF_COOKIE_SECURE = {{ csrf_cookie_secure | bool }}
SESSION_COOKIE_SECURE = {{ session_cookie_secure | bool }}
SERVER_EMAIL = 'root@localhost'
DEFAULT_FROM_EMAIL = 'webmaster@localhost'
EMAIL_SUBJECT_PREFIX = '[AWX] '
EMAIL_HOST = 'localhost'
EMAIL_PORT = 25
EMAIL_HOST_USER = ''
@@ -84,9 +84,6 @@ data:
BROADCAST_WEBSOCKET_PROTOCOL = 'http'
RECEPTOR_LOG_LEVEL = '{{ receptor_log_level }}'
{% for item in extra_settings | default([]) %}
{{ item.setting }} = {{ item.value }}
{% endfor %}
@@ -104,30 +101,30 @@ data:
default_type application/octet-stream;
server_tokens off;
client_max_body_size 5M;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /dev/stdout main;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
sendfile on;
#tcp_nopush on;
#gzip on;
upstream uwsgi {
server 127.0.0.1:8050;
}
upstream daphne {
server 127.0.0.1:8051;
}
{% if route_tls_termination_mechanism | lower == 'passthrough' %}
server {
@@ -138,7 +135,7 @@ data:
server_name _;
# Redirect all HTTP links to the matching HTTPS page
return 301 https://$host:8053$request_uri;
return 301 https://$host$request_uri;
}
{% endif %}
@@ -166,30 +163,30 @@ data:
# If you have a domain name, this is where to add it
server_name _;
keepalive_timeout 65;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
# Protect against click-jacking https://www.owasp.org/index.php/Testing_for_Clickjacking_(OTG-CLIENT-009)
add_header X-Frame-Options "DENY";
# Protect against MIME content sniffing https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
add_header X-Content-Type-Options nosniff;
location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}
location {{ (ingress_path + '/static').replace('//', '/') }} {
alias /var/lib/awx/public/static/;
}
location {{ (ingress_path + '/favicon.ico').replace('//', '/') }} {
alias /var/lib/awx/public/static/media/favicon.ico;
}
location {{ (ingress_path + '/websocket').replace('//', '/') }} {
# Pass request to the upstream alias
proxy_pass http://daphne;
@@ -211,7 +208,7 @@ data:
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
location {{ ingress_path }} {
# Add trailing / if missing
rewrite ^(.*)$http_host(.*[^/])$ $1$http_host$2/ permanent;
@@ -239,7 +236,7 @@ data:
bind 127.0.0.1
receptor_conf: |
---
- log-level: {{ receptor_log_level }}
- log-level: info
- local-only: null
- node:
firewallrules:
@@ -271,8 +268,8 @@ data:
cert: /etc/receptor/tls/receptor.crt
key: /etc/receptor/tls/receptor.key
name: tlsclient
rootcas: /etc/receptor/tls/ca/mesh-CA.crt
rootcas: /etc/receptor/tls/ca/receptor-ca.crt
mintls13: false
- work-signing:
privatekey: /etc/receptor/work_private_key.pem
privatekey: /etc/receptor/signing/work-private-key.pem
tokenexpiration: 1m

36
roles/installer/templates/deployments/task.yaml.j2
View File

@@ -76,14 +76,14 @@ spec:
- name: init
image: '{{ _init_container_image }}'
imagePullPolicy: '{{ image_pull_policy }}'
resources: {{ init_container_resource_requirements }}
resources: {{ task_resource_requirements }}
command:
- /bin/sh
- -c
- |
hostname=$MY_POD_NAME
receptor --cert-makereq bits=2048 commonname=$hostname dnsname=$hostname nodeid=$hostname outreq=/etc/receptor/tls/receptor.req outkey=/etc/receptor/tls/receptor.key
receptor --cert-signreq req=/etc/receptor/tls/receptor.req cacert=/etc/receptor/tls/ca/mesh-CA.crt cakey=/etc/receptor/tls/ca/mesh-CA.key outcert=/etc/receptor/tls/receptor.crt verify=yes
receptor --cert-signreq req=/etc/receptor/tls/receptor.req cacert=/etc/receptor/tls/ca/receptor-ca.crt cakey=/etc/receptor/tls/ca/receptor-ca.key outcert=/etc/receptor/tls/receptor.crt verify=yes
{% if bundle_ca_crt %}
mkdir -p /etc/pki/ca-trust/extracted/{java,pem,openssl,edk2}
update-ca-trust
@@ -98,11 +98,11 @@ spec:
fieldPath: metadata.name
volumeMounts:
- name: "{{ ansible_operator_meta.name }}-receptor-ca"
mountPath: "/etc/receptor/tls/ca/mesh-CA.crt"
mountPath: "/etc/receptor/tls/ca/receptor-ca.crt"
subPath: "tls.crt"
readOnly: true
- name: "{{ ansible_operator_meta.name }}-receptor-ca"
mountPath: "/etc/receptor/tls/ca/mesh-CA.key"
mountPath: "/etc/receptor/tls/ca/receptor-ca.key"
subPath: "tls.key"
readOnly: true
- name: "{{ ansible_operator_meta.name }}-receptor-tls"
@@ -122,7 +122,7 @@ spec:
- name: init-projects
image: '{{ _init_projects_container_image }}'
imagePullPolicy: '{{ image_pull_policy }}'
resources: {{ init_container_resource_requirements }}
resources: {{ task_resource_requirements }}
command:
- /bin/sh
- -c
@@ -224,7 +224,7 @@ spec:
- name: "{{ ansible_operator_meta.name }}-receptor-config"
mountPath: "/etc/receptor/"
- name: "{{ ansible_operator_meta.name }}-receptor-work-signing"
mountPath: "/etc/receptor/work_private_key.pem"
mountPath: "/etc/receptor/signing/work-private-key.pem"
subPath: "work-private-key.pem"
readOnly: true
- name: receptor-socket
@@ -305,11 +305,11 @@ spec:
- name: "{{ ansible_operator_meta.name }}-receptor-config"
mountPath: "/etc/receptor/"
- name: "{{ ansible_operator_meta.name }}-receptor-ca"
mountPath: "/etc/receptor/tls/ca/mesh-CA.crt"
mountPath: "/etc/receptor/tls/ca/receptor-ca.crt"
subPath: "tls.crt"
readOnly: true
- name: "{{ ansible_operator_meta.name }}-receptor-work-signing"
mountPath: "/etc/receptor/work_private_key.pem"
mountPath: "/etc/receptor/signing/work-private-key.pem"
subPath: "work-private-key.pem"
readOnly: true
- name: "{{ ansible_operator_meta.name }}-receptor-tls"
@@ -343,6 +343,7 @@ spec:
{% if ee_extra_env -%}
{{ ee_extra_env | indent(width=12, first=True) }}
{% endif %}
resources: {{ rsyslog_resource_requirements }}
- image: '{{ _image }}'
name: '{{ ansible_operator_meta.name }}-rsyslog'
{% if rsyslog_command %}
@@ -352,7 +353,6 @@ spec:
args: {{ rsyslog_args }}
{% endif %}
imagePullPolicy: '{{ image_pull_policy }}'
resources: {{ rsyslog_resource_requirements }}
volumeMounts:
- name: "{{ ansible_operator_meta.name }}-application-credentials"
mountPath: "/etc/tower/conf.d/credentials.py"
@@ -381,21 +381,6 @@ spec:
{% if development_mode | bool %}
- name: awx-devel
mountPath: "/awx_devel"
{% endif %}
{% if rsyslog_extra_volume_mounts -%}
{{ rsyslog_extra_volume_mounts | indent(width=12, first=True) }}
{% endif %}
{% if termination_grace_period_seconds is defined %}
- name: pre-stop-data
mountPath: /var/lib/pre-stop
- name: pre-stop-scripts
mountPath: /var/lib/pre-stop/scripts
lifecycle:
preStop:
exec:
command:
- bash
- /var/lib/pre-stop/scripts/termination-waiter
{% endif %}
env:
- name: SUPERVISOR_CONFIG_PATH
@@ -404,9 +389,6 @@ spec:
- name: AWX_KUBE_DEVEL
value: "1"
{% endif %}
{% if rsyslog_extra_env -%}
{{ rsyslog_extra_env | indent(width=12, first=True) }}
{% endif %}
{% if task_node_selector %}
nodeSelector:
{{ task_node_selector | indent(width=8) }}

19
roles/installer/templates/deployments/web.yaml.j2
View File

@@ -28,6 +28,7 @@ spec:
annotations:
{% for template in [
"configmaps/config",
"configmaps/pre_stop_scripts",
"secrets/app_credentials",
"storage/persistent",
] %}
@@ -77,7 +78,7 @@ spec:
- name: init
image: '{{ _init_container_image }}'
imagePullPolicy: '{{ image_pull_policy }}'
resources: {{ init_container_resource_requirements }}
resources: {{ web_resource_requirements }}
command:
- /bin/sh
- -c
@@ -106,7 +107,7 @@ spec:
- name: init-projects
image: '{{ _init_projects_container_image }}'
imagePullPolicy: '{{ image_pull_policy }}'
resources: {{ init_container_resource_requirements }}
resources: {{ web_resource_requirements }}
command:
- /bin/sh
- -c
@@ -209,15 +210,15 @@ spec:
mountPath: "/var/lib/awx/projects"
{% endif %}
- name: "{{ ansible_operator_meta.name }}-receptor-ca"
mountPath: "/etc/receptor/tls/ca/mesh-CA.crt"
mountPath: "/etc/receptor/tls/ca/receptor-ca.crt"
subPath: "tls.crt"
readOnly: true
- name: "{{ ansible_operator_meta.name }}-receptor-ca"
mountPath: "/etc/receptor/tls/ca/mesh-CA.key"
mountPath: "/etc/receptor/tls/ca/receptor-ca.key"
subPath: "tls.key"
readOnly: true
- name: "{{ ansible_operator_meta.name }}-receptor-work-signing"
mountPath: "/etc/receptor/work_public_key.pem"
mountPath: "/etc/receptor/signing/work-public-key.pem"
subPath: "work-public-key.pem"
readOnly: true
{% if development_mode | bool %}
@@ -276,6 +277,7 @@ spec:
mountPath: "/var/run/redis"
- name: rsyslog-socket
mountPath: "/var/run/awx-rsyslog"
resources: {{ rsyslog_resource_requirements }}
{% if bundle_ca_crt %}
- name: "ca-trust-extracted"
mountPath: "/etc/pki/ca-trust/extracted"
@@ -287,9 +289,6 @@ spec:
{% if development_mode | bool %}
- name: awx-devel
mountPath: "/awx_devel"
{% endif %}
{% if rsyslog_extra_volume_mounts -%}
{{ rsyslog_extra_volume_mounts | indent(width=12, first=True) }}
{% endif %}
env:
- name: SUPERVISOR_CONFIG_PATH
@@ -298,10 +297,6 @@ spec:
- name: AWX_KUBE_DEVEL
value: "1"
{% endif %}
{% if rsyslog_extra_env -%}
{{ rsyslog_extra_env | indent(width=12, first=True) }}
{% endif %}
resources: {{ rsyslog_resource_requirements }}
{% if web_node_selector %}
nodeSelector:
{{ web_node_selector | indent(width=8) }}

6
roles/restore/README.md
View File

@@ -101,12 +101,6 @@ backup_pvc: myoldtower-backup-claim
backup_dir: /backups/tower-openshift-backup-2021-04-02-03:25:08
```
Variable to define Pull policy.You can pass other options like `Always`, `always`, `Never`, `never`, `IfNotPresent`, `ifnotpresent`.
```
image_pull_policy: 'IfNotPresent'
```
Variable to define resources limits and request for restore CR.
```

8
roles/restore/defaults/main.yml
View File

@@ -17,14 +17,6 @@ cluster_name: 'cluster.local'
# Set no_log settings on certain tasks
no_log: true
# Add a nodeSelector for the Postgres pods to backup.
# Specify as literal block. E.g.:
# db_management_pod_node_selector: |
# kubernetes.io/arch: amd64
# kubernetes.io/os: linux
db_management_pod_node_selector: ''
# Default resource requirements
restore_resource_requirements:
limits:

6
roles/restore/templates/management-pod.yml.j2
View File

@@ -10,7 +10,7 @@ spec:
containers:
- name: {{ ansible_operator_meta.name }}-db-management
image: "{{ _postgres_image }}"
imagePullPolicy: "{{ image_pull_policy }}"
imagePullPolicy: Always
command: ["sleep", "infinity"]
volumeMounts:
- name: {{ ansible_operator_meta.name }}-backup
@@ -20,10 +20,6 @@ spec:
resources:
{{ restore_resource_requirements | to_nice_yaml(indent=2) | indent(width=6, first=False) }}
{%- endif %}
{% if db_management_pod_node_selector %}
nodeSelector:
{{ db_management_pod_node_selector | indent(width=8) }}
{% endif %}
volumes:
- name: {{ ansible_operator_meta.name }}-backup
persistentVolumeClaim:

1
roles/restore/vars/main.yml
View File

@@ -13,4 +13,3 @@ admin_password_secret: '{{ deployment_name }}-admin-password'
broadcast_websocket_secret: '{{ deployment_name }}-broadcast-websocket'
postgres_configuration_secret: '{{ deployment_name }}-postgres-configuration'
supported_pg_version: 13
image_pull_policy: IfNotPresent