Document the need for quotes on pg secret port value

.github/workflows/promote.yaml

@@ -39,5 +39,5 @@ jobs:
             -e operator_image=quay.io/${{ github.repository }} \
             -e chart_owner=${{ github.repository_owner }} \
             -e tag=${{ github.event.release.tag_name }} \
-            -e gh_token=${{ secrets.GITHUB_TOKEN }} \
+            -e gh_token=${{ secrets.GITHUB_TOKEN }}
             -e gh_user=${{ github.actor }}

README.md

@@ -403,14 +403,12 @@ The following variables are customizable only when `service_type=LoadBalancer`
 | --------------------- | ---------------------------------------- | ------- |
 | loadbalancer_protocol | Protocol to use for Loadbalancer ingress | http    |
 | loadbalancer_port     | Port used for Loadbalancer ingress       | 80      |
-| loadbalancer_ip        | Assign Loadbalancer IP                   | ''      |  
 
 ```yaml
 ---
 spec:
   ...
   service_type: LoadBalancer
-  loadbalancer_ip: '192.168.10.25'
   loadbalancer_protocol: https
   loadbalancer_port: 443
   service_annotations: |
@@ -872,7 +870,7 @@ A sample of extra settings can be found as below. All possible options can be fo
       value: 'LDAPSearch("OU=Groups,DC=abc,DC=com",ldap.SCOPE_SUBTREE,"(objectClass=group)",)'
 
     - setting: AUTH_LDAP_GROUP_TYPE
-      value: 'GroupOfNamesType'
+      value: 'GroupOfNamesType(name_attr="cn")'
 
     - setting: AUTH_LDAP_USER_ATTR_MAP
       value: '{"first_name": "givenName","last_name": "sn","email": "mail"}'

ansible/helm-release.yml

@@ -14,78 +14,49 @@
           Release must exist before running this playbook
       when: release is not success
 
-    - name: Set helm filename and commit message
-      set_fact:
-        asset_already_attached: False
-        helm_file_name: "awx-operator-{{ tag }}.tgz"
-        commit_message: "Updated index.yaml for release {{ release.json.tag_name }}"
+    - name: Build and package helm chart
+      command: |
+        make helm-package
+      environment:
+        VERSION: "{{ tag }}"
+        IMAGE_TAG_BASE: "{{ operator_image }}"
+      args:
+        chdir: "{{ playbook_dir }}/../"
 
-    - name: See if file is already attached
-      set_fact:
-        asset_already_attached: True
-      loop: "{{ release.json.get('assets', []) }}"
-      loop_control:
-        label: "{{ item.name }}"
-      when: item.name == helm_file_name
+    # Move to chart releaser after https://github.com/helm/chart-releaser/issues/122 exists
+    - name: Upload helm chart
+      uri:
+        url: "https://uploads.github.com/repos/{{ chart_owner }}/{{ chart_repo }}/releases/{{ release.json.id }}/assets?name=awx-operator-{{ tag }}.tgz"
+        src: "{{ playbook_dir }}/../.cr-release-packages/awx-operator-{{ tag }}.tgz"
+        headers:
+          Authorization: "token {{ gh_token }}"
+          Content-Type: "application/octet-stream"
+        status_code:
+          - 200
+          - 201
+      register: asset_upload
+      changed_when: asset_upload.json.state == "uploaded"
 
-    - when: not asset_already_attached
-      block:
-        - name: Build and package helm chart
-          command: |
-            make helm-package
-          environment:
-            VERSION: "{{ tag }}"
-            IMAGE_TAG_BASE: "{{ operator_image }}"
-          args:
-            chdir: "{{ playbook_dir }}/../"
-
-        # Move to chart releaser after https://github.com/helm/chart-releaser/issues/122 exists
-        - name: Upload helm chart
-          uri:
-            url: "https://uploads.github.com/repos/{{ chart_owner }}/{{ chart_repo }}/releases/{{ release.json.id }}/assets?name={{ helm_file_name }}"
-            src: "{{ playbook_dir }}/../.cr-release-packages/awx-operator-{{ tag }}.tgz"
-            headers:
-              Authorization: "token {{ gh_token }}"
-              Content-Type: "application/octet-stream"
-            status_code:
-              - 200
-              - 201
-          register: asset_upload
-          changed_when: asset_upload.json.state == "uploaded"
-
-    - name: Ensure gh-pages exists
-      file:
-        state: directory
-        path: "{{ playbook_dir }}/../gh-pages"
-
-    - name: Check if we have published the release
-      command:
-        cmd: "git log --grep='{{ commit_message }}'"
+    - name: Configure git config
+      shell: |
+        git config user.name {{ gh_user }}
+        git config user.email {{ gh_user }}@users.noreply.github.com
+      args:
         chdir: "{{ playbook_dir }}/../gh-pages"
-      register: commits_for_release
 
-    - when: commits_for_release.stdout == ''
-      block:
-        - name: Configure git config
-          shell: |
-            git config user.name {{ gh_user }}
-            git config user.email {{ gh_user }}@users.noreply.github.com
-          args:
-            chdir: "{{ playbook_dir }}/../gh-pages"
+    - name: Publish helm index
+      command: |
+        make helm-index
+      environment:
+        CHART_OWNER: "{{ chart_owner }}"
+        CR_TOKEN: "{{ gh_token }}"
+      args:
+        chdir: "{{ playbook_dir }}/../"
 
-        - name: Publish helm index
-          command: |
-            make helm-index
-          environment:
-            CHART_OWNER: "{{ chart_owner }}"
-            CR_TOKEN: "{{ gh_token }}"
-          args:
-            chdir: "{{ playbook_dir }}/../"
-
-        - name: Stage and Push commit to gh-pages branch
-          shell: |
-            git add index.yaml
-            git commit -m "{{ commit_message }}"
-            git push
-          args:
-            chdir: "{{ playbook_dir }}/../gh-pages"
+    - name: Stage and Push commit to gh-pages branch
+      shell: |
+        git add index.yaml
+        git commit -m "Updated index.yaml latest release"
+        git push
+      args:
+        chdir: "{{ playbook_dir }}/../gh-pages"

config/crd/bases/awx.ansible.com_awxrestores.yaml

@@ -39,14 +39,12 @@ spec:
           spec:
             type: object
             x-kubernetes-preserve-unknown-fields: true
-            required:
-            - deployment_name
             properties:
               backup_source:
                 description: Backup source
                 type: string
                 enum:
-                - Backup CR
+                - CR
                 - PVC
               deployment_name:
                 description: Name of the restored deployment. This should be different from the original deployment name

config/crd/bases/awx.ansible.com_awxs.yaml

@@ -132,10 +132,6 @@ spec:
                 description: Port to use for the loadbalancer
                 type: integer
                 default: 80
-              loadbalancer_ip:
-                description: Assign LoadBalancer IP address
-                type: string
-                default: ''
               route_host:
                 description: The DNS to use to points to the instance
                 type: string

config/manifests/bases/awx-operator.clusterserviceversion.yaml

@@ -270,12 +270,6 @@ spec:
         - urn:alm:descriptor:com.tectonic.ui:advanced
         - urn:alm:descriptor:com.tectonic.ui:number
         - urn:alm:descriptor:com.tectonic.ui:fieldDependency:service_type:LoadBalancer
-      - displayName: LoadBalancer IP
-        path: loadbalancer_ip
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:string
-        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:service_type:LoadBalancer
       - displayName: Route API Version
         path: route_api_version
         x-descriptors:

docs/debugging.md

@@ -1,67 +1,4 @@
-# Debugging the AWX Operator
-
-## General Debugging
-
-When the operator is deploying AWX, it is running the `installer` role inside the operator container. If the AWX CR's status is `Failed`, it is often useful to look at the awx-operator container logs, which shows the output of the installer role. To see these logs, run:
-
-```
-kubectl logs deployments/awx-operator-controller-manager -c awx-manager -f
-```
-
-### Inspect k8s Resources
-
-Past that, it is often useful to inspect various resources the AWX Operator manages like:
-* awx
-* awxbackup
-* awxrestore
-* pod
-* deployment
-* pvc
-* service
-* ingress
-* route
-* secrets
-* serviceaccount
-
-And if installing via OperatorHub and OLM:
-* subscription
-* csv
-* installPlan
-* catalogSource
-
-To inspect these resources you can use these commands
-
-```
-# Inspecting k8s resources
-kubectl describe -n <namespace> <resource> <resource-name>
-kubectl get -n <namespace> <resource> <resource-name> -o yaml
-kubectl logs -n <namespace> <resource> <resource-name>
-
-# Inspecting Pods
-kubectl exec -it -n <namespace> <pod> <pod-name>
-```
-
-
-### Configure No Log
-
-It is possible to show task output for debugging by setting no_log to false on the AWX CR spec.
-This will show output in the awx-operator logs for any failed tasks where no_log was set to true.
-
-For example:
-
-```
----
-apiVersion: awx.ansible.com/v1beta1
-kind: AWX
-metadata:
-  name: awx-demo
-spec:
-  service_type: nodeport
-  no_log: false                  # <------------
-
-```
-
-## Iterating on the installer without deploying the operator
+# Iterating on the installer without deploying the operator
 
 Go through the [normal basic install](https://github.com/ansible/awx-operator/blob/devel/README.md#basic-install) steps.
 

molecule/requirements.txt

@@ -5,4 +5,3 @@ ansible-lint
 openshift!=0.13.0
 jmespath
 ansible-core
-ansible-compat<4  # https://github.com/ansible-community/molecule/issues/3903

roles/installer/tasks/main.yml

@@ -1,7 +1,7 @@
 ---
 - name: Check for presence of Deployment
   k8s_info:
-    api_version: apps/v1
+    api_version: v1
     kind: Deployment
     name: "{{ ansible_operator_meta.name }}"
     namespace: "{{ ansible_operator_meta.namespace }}"

roles/installer/tasks/scale_down_deployment.yml

@@ -2,7 +2,7 @@
 
 - name: Check for presence of Deployment
   k8s_info:
-    api_version: apps/v1
+    api_version: v1
     kind: Deployment
     name: "{{ ansible_operator_meta.name }}"
     namespace: "{{ ansible_operator_meta.namespace }}"
@@ -10,7 +10,7 @@
 
 - name: Scale down Deployment for migration
   kubernetes.core.k8s_scale:
-    api_version: apps/v1
+    api_version: v1
     kind: Deployment
     name: "{{ ansible_operator_meta.name }}"
     namespace: "{{ ansible_operator_meta.namespace }}"

roles/installer/templates/configmaps/config.yaml.j2

@@ -100,7 +100,6 @@ data:
         include       /etc/nginx/mime.types;
         default_type  application/octet-stream;
         server_tokens off;
-        client_max_body_size 5M;
     
         log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                           '$status $body_bytes_sent "$http_referer" '
@@ -269,7 +268,6 @@ data:
         key: /etc/receptor/tls/receptor.key
         name: tlsclient
         rootcas: /etc/receptor/tls/ca/receptor-ca.crt
-        mintls13: false
     - work-signing:
         privatekey: /etc/receptor/signing/work-private-key.pem
         tokenexpiration: 1m

roles/installer/templates/networking/service.yaml.j2

@@ -53,9 +53,6 @@ spec:
   type: NodePort
 {% elif service_type | lower == "loadbalancer" %}
   type: LoadBalancer
-{% if variable is defined and variable|length %}
-  loadbalancerip: '{{ loadbalancer_ip }}'
-{% endif %}
 {% else %}
   type: ClusterIP
 {% endif %}

roles/restore/tasks/import_vars.yml

@@ -2,19 +2,24 @@
 
 - name: Import awx_object variables
   block:
+  - name: Get AWX object definition from pvc
+    k8s_exec:
+      namespace: "{{ backup_pvc_namespace }}"
+      pod: "{{ ansible_operator_meta.name }}-db-management"
+      command: >-
+        bash -c "cat '{{ backup_dir }}/awx_object'"
+    register: awx_object
 
   - name: Create temp file for spec dict
     tempfile:
       state: file
     register: tmp_spec
 
-  - name: Get AWX object definition from pvc
-    k8s_cp:
-      namespace: "{{ backup_pvc_namespace }}"
-      pod: "{{ ansible_operator_meta.name }}-db-management"
-      remote_path: "{{ backup_dir  }}/awx_object"
-      local_path: "{{ tmp_spec.path }}"
-      state: from_pod
+  - name: Write spec vars to temp file
+    copy:
+      content: "{{ awx_object.stdout }}"
+      dest: "{{ tmp_spec.path }}"
+      mode: '0644'
 
   - name: Include spec vars to save them as a dict
     include_vars: "{{ tmp_spec.path }}"

roles/restore/tasks/postgres.yml

@@ -48,7 +48,7 @@
 
 - name: Check for presence of AWX Deployment
   k8s_info:
-    api_version: apps/v1
+    api_version: v1
     kind: Deployment
     name: "{{ deployment_name }}"
     namespace: "{{ ansible_operator_meta.namespace }}"
@@ -56,7 +56,7 @@
 
 - name: Scale down Deployment for migration
   k8s_scale:
-    api_version: apps/v1
+    api_version: v1
     kind: Deployment
     name: "{{ deployment_name }}"
     namespace: "{{ ansible_operator_meta.namespace }}"

roles/restore/tasks/secrets.yml

@@ -1,18 +1,25 @@
 ---
 
+- name: Get secret definition from pvc
+  k8s_exec:
+    namespace: "{{ backup_pvc_namespace }}"
+    pod: "{{ ansible_operator_meta.name }}-db-management"
+    command: >-
+      bash -c "cat '{{ backup_dir }}/secrets.yml'"
+  register: _secrets
+  no_log: "{{ no_log }}"
+
 - name: Create Temporary secrets file
   tempfile:
     state: file
     suffix: .json
   register: tmp_secrets
 
-- name: Get secret definition from pvc
-  k8s_cp:
-    namespace: "{{ backup_pvc_namespace }}"
-    pod: "{{ ansible_operator_meta.name }}-db-management"
-    remote_path: "{{ backup_dir  }}/secrets.yml"
-    local_path: "{{ tmp_secrets.path }}"
-    state: from_pod
+- name: Write vars to file locally
+  copy:
+    dest: "{{ tmp_secrets.path }}"
+    content: "{{ _secrets.stdout }}"
+    mode: 0640
   no_log: "{{ no_log }}"
 
 - name: Include secret vars from backup