mirror of
https://github.com/ansible/awx-operator.git
synced 2026-03-26 21:33:14 +00:00
78864b3653
* fix: Correct the image_version conditional When image is set and image_version is unset, the conditional is failing due to the unset variable causes and error. Implemented the correct conditional and added an assert to validate that both variables are set properly when image is set. Signed-off-by: Lucas Benedito <lbenedit@redhat.com>
295 lines
9.8 KiB
YAML
295 lines
9.8 KiB
YAML
---
|
|
- name: Get the current resource web pod information.
|
|
k8s_info:
|
|
api_version: v1
|
|
kind: Pod
|
|
namespace: '{{ ansible_operator_meta.namespace }}'
|
|
label_selectors:
|
|
- "app.kubernetes.io/name={{ ansible_operator_meta.name }}-web"
|
|
- "app.kubernetes.io/managed-by={{ deployment_type }}-operator"
|
|
- "app.kubernetes.io/component={{ deployment_type }}"
|
|
field_selectors:
|
|
- status.phase=Running
|
|
register: awx_web_pod
|
|
|
|
- name: Set the resource pod as a variable.
|
|
set_fact:
|
|
awx_web_pod: >-
|
|
{{ awx_web_pod['resources']
|
|
| rejectattr('metadata.deletionTimestamp', 'defined')
|
|
| sort(attribute='metadata.creationTimestamp')
|
|
| first | default({}) }}
|
|
|
|
- name: Set the resource pod name as a variable.
|
|
set_fact:
|
|
awx_web_pod_name: "{{ awx_web_pod['metadata']['name'] | default('') }}"
|
|
|
|
- name: Set user provided control plane ee image
|
|
set_fact:
|
|
_custom_control_plane_ee_image: "{{ control_plane_ee_image }}"
|
|
when:
|
|
- control_plane_ee_image | default([]) | length
|
|
|
|
- name: Set Control Plane EE image URL
|
|
set_fact:
|
|
_control_plane_ee_image: "{{ _custom_control_plane_ee_image | default(lookup('env', 'RELATED_IMAGE_CONTROL_PLANE_EE')) | default(_control_plane_ee_image, true) }}"
|
|
|
|
- name: Check for Receptor CA Secret
|
|
k8s_info:
|
|
kind: Secret
|
|
namespace: '{{ ansible_operator_meta.namespace }}'
|
|
name: '{{ ansible_operator_meta.name }}-receptor-ca'
|
|
register: receptor_ca
|
|
no_log: "{{ no_log }}"
|
|
|
|
- name: Migrate Receptor CA Secret
|
|
when:
|
|
- receptor_ca['resources'] | default([]) | length
|
|
- receptor_ca['resources'][0]['type'] != "kubernetes.io/tls"
|
|
block:
|
|
- name: Delete old Receptor CA Secret
|
|
k8s:
|
|
state: absent
|
|
kind: Secret
|
|
namespace: '{{ ansible_operator_meta.namespace }}'
|
|
name: '{{ ansible_operator_meta.name }}-receptor-ca'
|
|
- name: Create tempfile for receptor-ca.key
|
|
tempfile:
|
|
state: file
|
|
suffix: .key
|
|
register: _receptor_ca_key_file
|
|
- name: Copy Receptor CA key from old secret to tempfile
|
|
copy:
|
|
content: "{{ receptor_ca['resources'][0]['data']['receptor-ca.key'] | b64decode }}"
|
|
dest: "{{ _receptor_ca_key_file.path }}"
|
|
no_log: "{{ no_log }}"
|
|
- name: Create tempfile for receptor-ca.crt
|
|
tempfile:
|
|
state: file
|
|
suffix: .crt
|
|
register: _receptor_ca_crt_file
|
|
- name: Copy Receptor CA cert from old secret to tempfile
|
|
copy:
|
|
content: "{{ receptor_ca['resources'][0]['data']['receptor-ca.crt'] | b64decode }}"
|
|
dest: "{{ _receptor_ca_crt_file.path }}"
|
|
no_log: "{{ no_log }}"
|
|
- name: Create New Receptor CA secret
|
|
k8s:
|
|
apply: true
|
|
definition: "{{ lookup('template', 'secrets/receptor_ca_secret.yaml.j2') }}"
|
|
no_log: "{{ no_log }}"
|
|
- name: Read New Receptor CA Secret
|
|
k8s_info:
|
|
kind: Secret
|
|
namespace: '{{ ansible_operator_meta.namespace }}'
|
|
name: '{{ ansible_operator_meta.name }}-receptor-ca'
|
|
register: _receptor_ca
|
|
no_log: "{{ no_log }}"
|
|
- name: Set receptor_ca variable
|
|
set_fact:
|
|
receptor_ca: '{{ _receptor_ca }}'
|
|
no_log: "{{ no_log }}"
|
|
- name: Remove tempfiles
|
|
file:
|
|
path: "{{ item }}"
|
|
state: absent
|
|
loop:
|
|
- "{{ _receptor_ca_key_file.path }}"
|
|
- "{{ _receptor_ca_crt_file.path }}"
|
|
|
|
- name: Create Receptor Mesh CA
|
|
block:
|
|
- name: Create tempfile for receptor-ca.key
|
|
tempfile:
|
|
state: file
|
|
suffix: .key
|
|
register: _receptor_ca_key_file
|
|
- name: Generate Receptor CA key
|
|
command: |
|
|
openssl genrsa -out {{ _receptor_ca_key_file.path }} 4096
|
|
no_log: "{{ no_log }}"
|
|
- name: Create tempfile for receptor-ca.crt
|
|
tempfile:
|
|
state: file
|
|
suffix: .crt
|
|
register: _receptor_ca_crt_file
|
|
- name: Generate Receptor CA cert
|
|
command: |
|
|
openssl req -x509 -new -nodes -key {{ _receptor_ca_key_file.path }} \
|
|
-subj "/CN={{ ansible_operator_meta.name }} Receptor Root CA" \
|
|
-sha256 -days 3650 -out {{ _receptor_ca_crt_file.path }}
|
|
no_log: "{{ no_log }}"
|
|
- name: Create Receptor CA secret
|
|
k8s:
|
|
apply: true
|
|
definition: "{{ lookup('template', 'secrets/receptor_ca_secret.yaml.j2') }}"
|
|
no_log: "{{ no_log }}"
|
|
- name: Read Receptor CA secret
|
|
k8s_info:
|
|
kind: Secret
|
|
namespace: '{{ ansible_operator_meta.namespace }}'
|
|
name: '{{ ansible_operator_meta.name }}-receptor-ca'
|
|
register: _receptor_ca
|
|
no_log: "{{ no_log }}"
|
|
- name: Set receptor_ca variable
|
|
set_fact:
|
|
receptor_ca: '{{ _receptor_ca }}'
|
|
no_log: "{{ no_log }}"
|
|
- name: Remove tempfiles
|
|
file:
|
|
path: "{{ item }}"
|
|
state: absent
|
|
loop:
|
|
- "{{ _receptor_ca_key_file.path }}"
|
|
- "{{ _receptor_ca_crt_file.path }}"
|
|
when: not receptor_ca['resources'] | default([]) | length
|
|
|
|
- name: Check for Receptor work signing Secret
|
|
k8s_info:
|
|
kind: Secret
|
|
namespace: '{{ ansible_operator_meta.namespace }}'
|
|
name: '{{ ansible_operator_meta.name }}-receptor-work-signing'
|
|
register: receptor_work_signing
|
|
no_log: "{{ no_log }}"
|
|
|
|
- name: Generate Receptor work signing RSA key pair
|
|
block:
|
|
- name: Create tempfile for receptor work signing private key
|
|
tempfile:
|
|
state: file
|
|
suffix: .pem
|
|
register: _receptor_work_signing_private_key_file
|
|
- name: Generate Receptor work signing private key
|
|
command: |
|
|
openssl genrsa -out {{ _receptor_work_signing_private_key_file.path }} 4096
|
|
no_log: "{{ no_log }}"
|
|
- name: Create tempfile for receptor work signing public key
|
|
tempfile:
|
|
state: file
|
|
suffix: .pem
|
|
register: _receptor_work_signing_public_key_file
|
|
- name: Generate Receptor work signing public key
|
|
command: |
|
|
openssl rsa \
|
|
-in {{ _receptor_work_signing_private_key_file.path }} \
|
|
-out {{ _receptor_work_signing_public_key_file.path }} \
|
|
-outform PEM -pubout
|
|
no_log: "{{ no_log }}"
|
|
- name: Create Receptor work signing Secret
|
|
k8s:
|
|
apply: true
|
|
definition: "{{ lookup('template', 'secrets/receptor_work_signing_secret.yaml.j2') }}"
|
|
no_log: "{{ no_log }}"
|
|
- name: Read Receptor work signing Secret
|
|
k8s_info:
|
|
kind: Secret
|
|
namespace: '{{ ansible_operator_meta.namespace }}'
|
|
name: '{{ ansible_operator_meta.name }}-receptor-work-signing'
|
|
register: _receptor_work_signing
|
|
no_log: "{{ no_log }}"
|
|
- name: Set receptor_work_signing variable
|
|
set_fact:
|
|
receptor_work_signing: '{{ _receptor_work_signing }}'
|
|
no_log: "{{ no_log }}"
|
|
- name: Remove tempfiles
|
|
file:
|
|
path: "{{ item }}"
|
|
state: absent
|
|
loop:
|
|
- "{{ _receptor_work_signing_private_key_file.path }}"
|
|
- "{{ _receptor_work_signing_public_key_file.path }}"
|
|
when: not receptor_work_signing['resources'] | default([]) | length
|
|
|
|
- name: Apply Resources
|
|
k8s:
|
|
apply: yes
|
|
definition: "{{ lookup('template', item + '.yaml.j2') }}"
|
|
wait: yes
|
|
loop:
|
|
- 'configmaps/config'
|
|
- 'configmaps/pre_stop_scripts'
|
|
- 'secrets/app_credentials'
|
|
- 'rbac/service_account'
|
|
- 'storage/persistent'
|
|
- 'networking/service'
|
|
- 'networking/ingress'
|
|
no_log: "{{ no_log }}"
|
|
|
|
- name: Set default awx app image
|
|
set_fact:
|
|
_default_image: "{{ _image }}:{{ _image_version }}"
|
|
|
|
- name: Set user provided awx app image
|
|
set_fact:
|
|
_custom_image: "{{ image }}:{{ image_version }}"
|
|
when:
|
|
- image | default([]) | length
|
|
- image_version is defined and image_version != ''
|
|
|
|
- name: Set AWX app image URL
|
|
set_fact:
|
|
_image: "{{ _custom_image | default(lookup('env', 'RELATED_IMAGE_AWX')) | default(_default_image, true) }}"
|
|
|
|
- name: Set default redis image
|
|
set_fact:
|
|
_default_redis_image: "{{ _redis_image }}:{{ _redis_image_version }}"
|
|
|
|
- name: Set user provided redis image
|
|
set_fact:
|
|
_custom_redis_image: "{{ redis_image }}:{{ redis_image_version }}"
|
|
when:
|
|
- redis_image | default([]) | length
|
|
- redis_image_version is defined and redis_image_version != ''
|
|
|
|
- name: Set Redis image URL
|
|
set_fact:
|
|
_redis_image: "{{ _custom_redis_image | default(lookup('env', 'RELATED_IMAGE_AWX_REDIS')) | default(_default_redis_image, true) }}"
|
|
|
|
- name: Apply deployment resources
|
|
k8s:
|
|
apply: yes
|
|
definition: "{{ lookup('template', 'deployments/{{ item }}.yaml.j2') }}"
|
|
loop:
|
|
- web
|
|
- task
|
|
register: this_deployment_result
|
|
|
|
- block:
|
|
- name: Get the new resource pod information after updating resource.
|
|
k8s_info:
|
|
kind: Pod
|
|
namespace: '{{ ansible_operator_meta.namespace }}'
|
|
label_selectors:
|
|
- "app.kubernetes.io/name={{ ansible_operator_meta.name }}-web"
|
|
- "app.kubernetes.io/managed-by={{ deployment_type }}-operator"
|
|
- "app.kubernetes.io/component={{ deployment_type }}"
|
|
field_selectors:
|
|
- status.phase=Running
|
|
register: _new_pod
|
|
until:
|
|
- _new_pod['resources'] | length
|
|
- _new_pod['resources'] | rejectattr('metadata.deletionTimestamp', 'defined') | list | length
|
|
retries: 60
|
|
delay: 5
|
|
|
|
- name: Update new resource pod as a variable.
|
|
set_fact:
|
|
awx_web_pod: >-
|
|
{{ _new_pod['resources']
|
|
| rejectattr('metadata.deletionTimestamp', 'defined')
|
|
| sort(attribute='metadata.creationTimestamp')
|
|
| last | default({}) }}
|
|
|
|
- name: Update new resource pod name as a variable.
|
|
set_fact:
|
|
awx_web_pod_name: '{{ awx_web_pod["metadata"]["name"] | default("")}}'
|
|
when:
|
|
- this_deployment_result.changed
|
|
|
|
- name: Verify the resource pod name is populated.
|
|
assert:
|
|
that:
|
|
- awx_web_pod_name != ''
|
|
fail_msg: "Could not find the tower pod's name."
|
|
when: web_replicas | int > 0 or (web_replicas == '' and replicas > 0)
|