implement an initial development environment for receptor-based clusters

tools/docker-compose-cluster.yml

@@ -1,119 +0,0 @@
----
-version: '2'
-services:
-  haproxy:
-    build:
-      context: ./docker-compose
-      dockerfile: Dockerfile-haproxy
-    container_name: tools_haproxy_1
-    depends_on:
-      - "awx-1"
-      - "awx-2"
-      - "awx-3"
-    ports:
-      - "8013:8013"
-      - "8043:8043"
-      - "1936:1936"
-
-  awx-1:
-    user: ${CURRENT_UID}
-    container_name: tools_awx_1_1
-    privileged: true
-    image: ${DEV_DOCKER_TAG_BASE}/awx_devel:${TAG}
-    hostname: awx-1
-    environment:
-      CURRENT_UID:
-      SDB_HOST: 0.0.0.0
-      SDB_PORT: 5899
-      AWX_GROUP_QUEUES: alpha,tower
-    command: launch_awx.sh
-    working_dir: "/awx_devel"
-    volumes:
-      - "../:/awx_devel"
-      - "./redis/redis_socket_ha_1:/var/run/redis/"
-      - "./docker-compose/supervisor.conf:/etc/supervisord.conf"
-      - "./docker-compose-cluster/awx-1-receptor.conf:/etc/receptor/receptor.conf"
-    ports:
-      - "2222:2222"
-      - "5899-5999:5899-5999"
-
-  awx-2:
-    user: ${CURRENT_UID}
-    container_name: tools_awx_2_1
-    privileged: true
-    image: ${DEV_DOCKER_TAG_BASE}/awx_devel:${TAG}
-    hostname: awx-2
-    command: launch_awx.sh
-    working_dir: "/awx_devel"
-    environment:
-      CURRENT_UID:
-      SDB_HOST: 0.0.0.0
-      SDB_PORT: 7899
-      AWX_GROUP_QUEUES: bravo,tower
-    volumes:
-      - "../:/awx_devel"
-      - "./redis/redis_socket_ha_2:/var/run/redis/"
-      - "./docker-compose/supervisor.conf:/etc/supervisord.conf"
-      - "./docker-compose-cluster/awx-2-receptor.conf:/etc/receptor/receptor.conf"
-    ports:
-      - "2223:2222"
-      - "7899-7999:7899-7999"
-
-  awx-3:
-    user: ${CURRENT_UID}
-    container_name: tools_awx_3_1
-    privileged: true
-    image: ${DEV_DOCKER_TAG_BASE}/awx_devel:${TAG}
-    hostname: awx-3
-    command: launch_awx.sh
-    working_dir: "/awx_devel"
-    environment:
-      CURRENT_UID:
-      SDB_HOST: 0.0.0.0
-      SDB_PORT: 8899
-      AWX_GROUP_QUEUES: charlie,tower
-    volumes:
-      - "../:/awx_devel"
-      - "./redis/redis_socket_ha_3:/var/run/redis/"
-      - "./docker-compose/supervisor.conf:/etc/supervisord.conf"
-      - "./docker-compose-cluster/awx-3-receptor.conf:/etc/receptor/receptor.conf"
-    ports:
-      - "2224:2222"
-      - "8899-8999:8899-8999"
-
-  redis_1:
-    user: ${CURRENT_UID}
-    image: redis:latest
-    container_name: tools_redis_1_1
-    command: ["/usr/local/etc/redis/redis.conf"]
-    volumes:
-      - "./redis/redis.conf:/usr/local/etc/redis/redis.conf"
-      - "./redis/redis_socket_ha_1:/var/run/redis/"
-
-  redis_2:
-    user: ${CURRENT_UID}
-    image: redis:latest
-    container_name: tools_redis_2_1
-    command: ["/usr/local/etc/redis/redis.conf"]
-    volumes:
-      - "./redis/redis.conf:/usr/local/etc/redis/redis.conf"
-      - "./redis/redis_socket_ha_2:/var/run/redis/"
-  redis_3:
-    user: ${CURRENT_UID}
-    image: redis:latest
-    container_name: tools_redis_3_1
-    command: ["/usr/local/etc/redis/redis.conf"]
-    volumes:
-      - "./redis/redis.conf:/usr/local/etc/redis/redis.conf"
-      - "./redis/redis_socket_ha_3:/var/run/redis/"
-
-  postgres:
-    image: postgres:12
-    container_name: tools_postgres_1
-    environment:
-      POSTGRES_HOST_AUTH_METHOD: trust
-    volumes:
-      - "awx_db:/var/lib/postgresql/data"
-
-volumes:
-  awx_db:

tools/docker-compose-cluster/awx-1-receptor.conf

@@ -1,23 +1,25 @@
 ---
+- node:
+    id: receptor-1
+
 - log-level: info
 
+#- tls-client:
+#    name: mutual-tls-client
+#    cert: /etc/receptor/certs/receptor-1.crt
+#    key: /etc/receptor/certs/receptor-1.key
+#    rootcas: /etc/receptor/certs/ca.crt
+
+- tcp-peer:
+    address: receptor-hop:5555
+    redial: true
+    #tls: mutual-tls-client
+
+- work-command:
+    worktype: ansible-runner
+    command: ansible-runner
+    params: worker
+    allowruntimeparams: true
+
 - control-service:
     service: control
-    filename: /var/run/receptor/receptor.sock
-
-- tcp-listener:
-    port: 2200
-
-- tcp-peer:
-    address: awx-2:2200
-
-- work-command:
-    worktype: worker
-    command: ansible-runner
-    params: worker
-
-- work-kubernetes:
-    worktype: ocp
-    namespace: receptor
-    image: quay.io/shanemcd/ee
-    authmethod: kubeconfig

tools/docker-compose-cluster/awx-2-receptor.conf

@@ -1,23 +1,25 @@
 ---
+- node:
+    id: receptor-2
+
 - log-level: info
 
+#- tls-client:
+#    name: mutual-tls-client
+#    cert: /etc/receptor/certs/receptor-2.crt
+#    key: /etc/receptor/certs/receptor-2.key
+#    rootcas: /etc/receptor/certs/ca.crt
+
+- tcp-peer:
+    address: receptor-hop:5555
+    redial: true
+    #tls: mutual-tls-client
+
+- work-command:
+    worktype: ansible-runner
+    command: ansible-runner
+    params: worker
+    allowruntimeparams: true
+
 - control-service:
     service: control
-    filename: /var/run/receptor/receptor.sock
-
-- tcp-listener:
-    port: 2200
-
-- tcp-peer:
-    address: awx-3:2200
-
-- work-command:
-    worktype: worker
-    command: ansible-runner
-    params: worker
-
-- work-kubernetes:
-    worktype: ocp
-    namespace: receptor
-    image: quay.io/shanemcd/ee
-    authmethod: kubeconfig

tools/docker-compose-cluster/awx-3-receptor.conf

@@ -1,23 +1,25 @@
 ---
+- node:
+    id: receptor-3
+
 - log-level: info
 
+#- tls-client:
+#    name: mutual-tls-client
+#    cert: /etc/receptor/certs/receptor-3.crt
+#    key: /etc/receptor/certs/receptor-3.key
+#    rootcas: /etc/receptor/certs/ca.crt
+
+- tcp-peer:
+    address: receptor-hop:5555
+    redial: true
+    #tls: mutual-tls-client
+
+- work-command:
+    worktype: ansible-runner
+    command: ansible-runner
+    params: worker
+    allowruntimeparams: true
+
 - control-service:
     service: control
-    filename: /var/run/receptor/receptor.sock
-
-- tcp-listener:
-    port: 2200
-
-- tcp-peer:
-    address: awx-1:2200
-
-- work-command:
-    worktype: worker
-    command: ansible-runner
-    params: worker
-
-- work-kubernetes:
-    worktype: ocp
-    namespace: receptor
-    image: quay.io/shanemcd/ee
-    authmethod: kubeconfig

tools/docker-compose-cluster/awx-hop-receptor.conf

@@ -0,0 +1,26 @@
+---
+- node:
+    id: receptor-hop
+
+- log-level: info
+
+#- tls-server:
+#    name: mutual-tls-server
+#    cert: /etc/receptor/certs/receptor-hop.crt
+#    key: /etc/receptor/certs/receptor-hop.key
+#    clientcas: /etc/receptor/certs/ca.crt
+
+- tls-client:
+    name: mutual-tls-client
+    cert: /etc/receptor/certs/receptor-hop.crt
+    key: /etc/receptor/certs/receptor-hop.key
+    rootcas: /etc/receptor/certs/ca.crt
+
+- tcp-peer:
+    address: awx_1:4444
+    redial: true
+    #tls: mutual-tls-client
+
+- tcp-listener:
+    port: 5555
+    #tls: mutual-tls-server

tools/docker-compose-cluster/certs/.gitignore

@@ -0,0 +1,2 @@
+*
+!.gitignore

tools/docker-compose/ansible/roles/sources/templates/docker-compose.yml.j2

@@ -36,6 +36,7 @@ services:
       - "../../docker-compose/_sources/local_settings.py:/etc/tower/conf.d/local_settings.py"
       - "../../docker-compose/_sources/SECRET_KEY:/etc/tower/SECRET_KEY"
       - "../../docker-compose/receptor.conf:/etc/receptor/receptor.conf"
+      - "../../docker-compose-cluster/certs:/etc/receptor/certs"
       - "/sys/fs/cgroup:/sys/fs/cgroup"
       - "~/.kube/config:/var/lib/awx/.kube/config"
       - "redis_socket_{{ container_postfix }}:/var/run/redis/:rw"

tools/docker-compose/receptor.conf

@@ -1,12 +1,20 @@
 ---
 - node:
-    id: foo
+    id: awx_1
 
-- log-level: debug
+- log-level:
+    debug
 
 - tcp-listener:
     port: 2222
 
+#- tls-server:
+#    name: mutual-tls
+#    cert: /etc/receptor/certs/awx.crt
+#    key: /etc/receptor/certs/awx.key
+#    requireclientcert: true
+#    clientcas: /etc/receptor/certs/ca.crt
+
 - control-service:
     service: control
     filename: /var/run/receptor/receptor.sock
@@ -30,3 +38,7 @@
     allowruntimeauth: true
     allowruntimepod: true
     allowruntimeparams: true
+
+- tcp-listener:
+     port: 4444
+     #tls: mutual-tls

tools/docker-receptor.yml

@@ -0,0 +1,60 @@
+#
+# a simple receptor network with a single control plane node and one hop
+# to nodes where receptor + runner are installed
+#
+# <awx:4444>
+#       <receptor-hop:5555>
+#               ^-------------- <receptor-1>
+#               ^-------------- <receptor-2>
+#               ^-------------- <receptor-3>
+#
+---
+version: '2'
+services:
+  awx_1:
+    environment:
+      RECEPTOR_MUTUAL_TLS: awx receptor-hop receptor-1 receptor-2 receptor-3
+    volumes:
+      - "./docker-compose-cluster:/etc/receptor"
+  receptor-hop:
+    image: quay.io/ansible/awx-ee
+    user: root
+    container_name: tools_receptor_hop
+    hostname: receptor-hop
+    command: 'receptor --config /etc/receptor/awx-hop-receptor.conf'
+    links:
+      - awx_1
+    ports:
+      - "5555:5555"
+    volumes:
+      - "../../docker-compose-cluster:/etc/receptor"
+  receptor-1:
+    image: quay.io/ansible/awx-ee
+    user: root
+    container_name: tools_receptor_1
+    hostname: receptor-1
+    command: 'receptor --config /etc/receptor/awx-1-receptor.conf'
+    links:
+      - receptor-hop
+    volumes:
+      - "../../docker-compose-cluster:/etc/receptor"
+  receptor-2:
+    image: quay.io/ansible/awx-ee
+    user: root
+    container_name: tools_receptor_2
+    hostname: receptor-2
+    command: 'receptor --config /etc/receptor/awx-2-receptor.conf'
+    links:
+      - receptor-hop
+    volumes:
+      - "../../docker-compose-cluster:/etc/receptor"
+  receptor-3:
+    image: quay.io/ansible/awx-ee
+    user: root
+    container_name: tools_receptor_3
+    hostname: receptor-3
+    command: 'receptor --config /etc/receptor/awx-3-receptor.conf'
+    links:
+      - receptor-hop
+    volumes:
+      - "../../docker-compose-cluster:/etc/receptor"