From dcbb2813b5fdcbaa12a54ec29e963653dd6b49ae Mon Sep 17 00:00:00 2001
From: Shane McDonald <me@shanemcd.com>
Date: Fri, 29 Nov 2019 11:34:23 -0500
Subject: [PATCH] Pull in downstream changes to k8s installer

---
 .../check_vars/tasks/check_openshift.yml      |   7 --
 installer/roles/kubernetes/tasks/main.yml     |   3 +-
 installer/roles/kubernetes/tasks/restore.yml  | 118 +++++++++---------
 .../kubernetes/templates/environment.sh.j2    |   3 -
 .../templates/postgresql-persistent.yml.j2    |  11 --
 5 files changed, 62 insertions(+), 80 deletions(-)

diff --git a/installer/roles/check_vars/tasks/check_openshift.yml b/installer/roles/check_vars/tasks/check_openshift.yml
index 03f96d5be5..38d66b352c 100644
--- a/installer/roles/check_vars/tasks/check_openshift.yml
+++ b/installer/roles/check_vars/tasks/check_openshift.yml
@@ -46,10 +46,3 @@
     - docker_registry_password is defined and docker_registry_password != ''
     msg: "Set the value of 'docker_registry_password' in the inventory file."
   when: dockerhub_base is not defined
-
-- name: pg_admin_password should be defined
-  assert:
-    that:
-      - pg_admin_password is defined and pg_admin_password != ''
-  when:
-    - pg_hostname is not defined or pg_hostname == ''
diff --git a/installer/roles/kubernetes/tasks/main.yml b/installer/roles/kubernetes/tasks/main.yml
index 1acd4422fd..c91112f947 100644
--- a/installer/roles/kubernetes/tasks/main.yml
+++ b/installer/roles/kubernetes/tasks/main.yml
@@ -67,8 +67,7 @@
           -e POSTGRESQL_MAX_CONNECTIONS={{ pg_max_connections|default(1024) }} \
           -e POSTGRESQL_USER={{ pg_username }} \
           -e POSTGRESQL_PASSWORD={{ pg_password | quote }} \
-          -e POSTGRESQL_ADMIN_PASSWORD={{ pg_admin_password | quote }} \
-          -e POSTGRESQL_DATABASE={{ pg_database }} \
+          -e POSTGRESQL_DATABASE={{ pg_database | quote }} \
           -e POSTGRESQL_VERSION=10 \
           -n {{ kubernetes_namespace }}
       register: openshift_pg_activate
diff --git a/installer/roles/kubernetes/tasks/restore.yml b/installer/roles/kubernetes/tasks/restore.yml
index 3acb394c57..4917a8a4c7 100644
--- a/installer/roles/kubernetes/tasks/restore.yml
+++ b/installer/roles/kubernetes/tasks/restore.yml
@@ -39,11 +39,6 @@
     {{ kubectl_or_oc }} -n {{ kubernetes_namespace }} \
       scale {{ deployment_object }} {{ kubernetes_deployment_name }} --replicas=0
 
-- name: Delete any existing management pod
-  shell: |
-    {{ kubectl_or_oc }} -n {{ kubernetes_namespace }} \
-      delete pod ansible-tower-management --grace-period=0 --ignore-not-found
-
 - name: Wait for scale down
   shell: |
     {{ kubectl_or_oc }} -n {{ kubernetes_namespace }} get pods \
@@ -55,63 +50,72 @@
   until: (tower_pods.stdout | trim) == '0'
   retries: 30
 
-- name: Template management pod
-  set_fact:
-    management_pod: "{{ lookup('template', 'management-pod.yml.j2') }}"
+- name: Setup Management Pod & Restore (External DB)
+  block:
+    - name: Delete any existing management pod
+      shell: |
+        {{ kubectl_or_oc }} -n {{ kubernetes_namespace }} \
+          delete pod ansible-tower-management --grace-period=0 --ignore-not-found
 
-- name: Create management pod
-  shell: |
-    echo {{ management_pod | quote }} | {{ kubectl_or_oc }} apply -f -
+    - name: Template management pod
+      set_fact:
+        management_pod: "{{ lookup('template', 'management-pod.yml.j2') }}"
 
-- name: Wait for management pod to start
-  shell: |
-    {{ kubectl_or_oc }} -n {{ kubernetes_namespace }} \
-      get pod ansible-tower-management -o jsonpath="{.status.phase}"
-  register: result
-  until: result.stdout == "Running"
-  retries: 60
-  delay: 10
+    - name: Create management pod
+      shell: |
+        echo {{ management_pod | quote }} | {{ kubectl_or_oc }} apply -f -
 
-- name: Temporarily grant createdb role
-  shell: |
-    {{ kubectl_or_oc }} -n {{ kubernetes_namespace }} \
-      exec -i ansible-tower-management -- bash -c "PGPASSWORD={{ pg_password | quote }} \
-        scl enable rh-postgresql10 -- psql \
-        --host={{ pg_hostname | default('postgresql') }} \
-        --port={{ pg_port | default('5432') }} \
-        --username=postgres \
-        --dbname=template1 -c 'ALTER USER {{ pg_username }} CREATEDB;'"
-  no_log: true
+    - name: Wait for management pod to start
+      shell: |
+        {{ kubectl_or_oc }} -n {{ kubernetes_namespace }} \
+          get pod ansible-tower-management -o jsonpath="{.status.phase}"
+      register: result
+      until: result.stdout == "Running"
+      retries: 60
+      delay: 10
+
+    - name: Perform a PostgreSQL restore (for External Postgres)
+      shell: |
+        {{ kubectl_or_oc }} -n {{ kubernetes_namespace }} \
+          exec -i ansible-tower-management -- bash -c "PGPASSWORD={{ pg_password | quote }} \
+            scl enable rh-postgresql10 -- psql \
+            --host={{ pg_hostname | default('postgresql') }} \
+            --port={{ pg_port | default('5432') }} \
+            --username={{ pg_username }} \
+            --dbname=template1" < {{ playbook_dir }}/tower-openshift-restore/tower.db
+      no_log: yes
+
+    - name: Delete management pod
+      shell: |
+        {{ kubectl_or_oc }} -n {{ kubernetes_namespace }} \
+          delete pod ansible-tower-management --grace-period=0 --ignore-not-found
+  when: pg_hostname is defined or pg_hostname != ''
+
+- name: Restore (Containerized DB)
+  block:
+    - name: Temporarily grant createdb role
+      shell: |
+        POD=$({{ kubectl_or_oc }} -n {{ kubernetes_namespace }} \
+          get pods -l=name=postgresql --field-selector status.phase=Running -o jsonpath="{.items[0].metadata.name}")
+        {{ kubectl_or_oc }} exec $POD -n {{ kubernetes_namespace }} -- bash -c "\
+          psql --dbname=template1 -c 'ALTER USER {{ pg_username }} CREATEDB;'"
+
+    - name: Perform a PostgreSQL restore
+      shell: |
+        POD=$({{ kubectl_or_oc }} -n {{ kubernetes_namespace }} \
+          get pods -l=name=postgresql --field-selector status.phase=Running -o jsonpath="{.items[0].metadata.name}")
+        {{ kubectl_or_oc }} exec -i $POD -n {{ kubernetes_namespace }} -- bash -c "\
+          psql --dbname=template1" < {{ playbook_dir }}/tower-openshift-restore/tower.db
+      no_log: yes
+
+    - name: Revoke createdb role
+      shell: |
+        POD=$({{ kubectl_or_oc }} -n {{ kubernetes_namespace }} \
+          get pods -l=name=postgresql --field-selector status.phase=Running -o jsonpath="{.items[0].metadata.name}")
+        {{ kubectl_or_oc }} exec $POD -n {{ kubernetes_namespace }} -- bash -c "\
+          psql --dbname=template1 -c 'ALTER USER {{ pg_username }} NOCREATEDB;'"
   when: pg_hostname is not defined or pg_hostname == ''
 
-- name: Perform a PostgreSQL restore
-  shell: |
-    {{ kubectl_or_oc }} -n {{ kubernetes_namespace }} \
-      exec -i ansible-tower-management -- bash -c "PGPASSWORD={{ pg_password | quote }} \
-        scl enable rh-postgresql10 -- psql \
-        --host={{ pg_hostname | default('postgresql') }} \
-        --port={{ pg_port | default('5432') }} \
-        --username={{ pg_username }} \
-        --dbname=template1" < {{ playbook_dir }}/tower-openshift-restore/tower.db
-  no_log: true
-
-- name: Revoke createdb role
-  shell: |
-    {{ kubectl_or_oc }} -n {{ kubernetes_namespace }} \
-      exec -i ansible-tower-management -- bash -c "PGPASSWORD={{ pg_password | quote }} \
-        scl enable rh-postgresql10 -- psql \
-        --host={{ pg_hostname | default('postgresql') }} \
-        --port={{ pg_port | default('5432') }} \
-        --username=postgres \
-        --dbname=template1 -c 'ALTER USER {{ pg_username }} NOCREATEDB;'"
-  no_log: true
-  when: pg_hostname is not defined or pg_hostname == ''
-
-- name: Delete management pod
-  shell: |
-    {{ kubectl_or_oc }} -n {{ kubernetes_namespace }} \
-      delete pod ansible-tower-management --grace-period=0 --ignore-not-found
-
 - name: Remove restore directory
   file:
     state: absent
diff --git a/installer/roles/kubernetes/templates/environment.sh.j2 b/installer/roles/kubernetes/templates/environment.sh.j2
index 917d20f6d3..1c5497c922 100644
--- a/installer/roles/kubernetes/templates/environment.sh.j2
+++ b/installer/roles/kubernetes/templates/environment.sh.j2
@@ -3,9 +3,6 @@ DATABASE_NAME={{ pg_database }}
 DATABASE_HOST={{ pg_hostname|default('postgresql') }}
 DATABASE_PORT={{ pg_port|default('5432') }}
 DATABASE_PASSWORD={{ pg_password | quote }}
-{% if pg_admin_password is defined %}
-DATABASE_ADMIN_PASSWORD={{ pg_admin_password|quote }}
-{% endif %}
 MEMCACHED_HOST={{ memcached_hostname|default('localhost') }}
 MEMCACHED_PORT={{ memcached_port|default('11211') }}
 RABBITMQ_HOST={{ rabbitmq_hostname|default('localhost') }}
diff --git a/installer/roles/kubernetes/templates/postgresql-persistent.yml.j2 b/installer/roles/kubernetes/templates/postgresql-persistent.yml.j2
index 3bc82ae6f3..8db579a0c3 100644
--- a/installer/roles/kubernetes/templates/postgresql-persistent.yml.j2
+++ b/installer/roles/kubernetes/templates/postgresql-persistent.yml.j2
@@ -92,11 +92,6 @@ objects:
               secretKeyRef:
                 key: database-password
                 name: ${DATABASE_SERVICE_NAME}
-          - name: POSTGRESQL_ADMIN_PASSWORD
-            valueFrom:
-              secretKeyRef:
-                key: database-admin-password
-                name: ${DATABASE_SERVICE_NAME}
           - name: POSTGRESQL_DATABASE
             valueFrom:
               secretKeyRef:
@@ -176,12 +171,6 @@ parameters:
   generate: expression
   name: POSTGRESQL_PASSWORD
   required: true
-- description: Password for the PostgreSQL connection admin user.
-  displayName: PostgreSQL Connection Admin Password
-  from: '[a-zA-Z0-9]{16}'
-  generate: expression
-  name: POSTGRESQL_ADMIN_PASSWORD
-  required: true
 - description: Name of the PostgreSQL database accessed.
   displayName: PostgreSQL Database Name
   name: POSTGRESQL_DATABASE