From 346b9b9e3ee482210782ee7b486e04ee59aa7eca Mon Sep 17 00:00:00 2001 From: Christian Adams Date: Wed, 11 Mar 2020 16:42:51 -0400 Subject: [PATCH] ConfigMap supervisor configs and launch scripts for k8s --- installer/roles/kubernetes/tasks/main.yml | 4 + .../kubernetes/templates/deployment.yml.j2 | 71 ++++++++++ .../kubernetes/templates/launch_awx.yml.j2 | 59 ++++++++ .../kubernetes/templates/supervisor.yml.j2 | 130 ++++++++++++++++++ 4 files changed, 264 insertions(+) create mode 100644 installer/roles/kubernetes/templates/launch_awx.yml.j2 create mode 100644 installer/roles/kubernetes/templates/supervisor.yml.j2 diff --git a/installer/roles/kubernetes/tasks/main.yml b/installer/roles/kubernetes/tasks/main.yml index a73dc7f8e5..3ff39968b4 100644 --- a/installer/roles/kubernetes/tasks/main.yml +++ b/installer/roles/kubernetes/tasks/main.yml @@ -212,6 +212,8 @@ - 'configmap' - 'secret' - 'deployment' + - 'supervisor' + - 'launch_awx' no_log: true - name: Apply Deployment @@ -221,6 +223,8 @@ - "{{ configmap }}" - "{{ secret }}" - "{{ deployment }}" + - "{{ supervisor }}" + - "{{ launch_awx }}" no_log: true - name: Delete any existing management pod diff --git a/installer/roles/kubernetes/templates/deployment.yml.j2 b/installer/roles/kubernetes/templates/deployment.yml.j2 index 0c5f1e5798..8f0ef43e56 100644 --- a/installer/roles/kubernetes/templates/deployment.yml.j2 +++ b/installer/roles/kubernetes/templates/deployment.yml.j2 @@ -121,6 +121,26 @@ spec: - name: "{{ kubernetes_deployment_name }}-application-credentials" mountPath: "/etc/tower/conf.d/" readOnly: true + + - name: {{ kubernetes_deployment_name }}-launch-awx-web + mountPath: "/usr/bin/launch_awx.sh" + subPath: "launch_awx.sh" + readOnly: true + + - name: {{ kubernetes_deployment_name }}-launch-awx-task + mountPath: "/usr/bin/launch_awx_task.sh" + subPath: "launch_awx_task.sh" + readOnly: true + + - name: {{ kubernetes_deployment_name }}-supervisor-web-config + mountPath: "/supervisor.conf" + subPath: supervisor.conf + readOnly: true + + - name: {{ kubernetes_deployment_name }}-supervisor-task-config + mountPath: "/supervisor_task.conf" + subPath: supervisor_task.conf + readOnly: true - name: {{ kubernetes_deployment_name }}-secret-key mountPath: "/etc/tower/SECRET_KEY" @@ -168,6 +188,26 @@ spec: - name: "{{ kubernetes_deployment_name }}-application-credentials" mountPath: "/etc/tower/conf.d/" readOnly: true + + - name: {{ kubernetes_deployment_name }}-launch-awx-web + mountPath: "/usr/bin/launch_awx.sh" + subPath: "launch_awx.sh" + readOnly: true + + - name: {{ kubernetes_deployment_name }}-launch-awx-task + mountPath: "/usr/bin/launch_awx_task.sh" + subPath: "launch_awx_task.sh" + readOnly: true + + - name: {{ kubernetes_deployment_name }}-supervisor-web-config + mountPath: "/supervisor.conf" + subPath: supervisor.conf + readOnly: true + + - name: {{ kubernetes_deployment_name }}-supervisor-task-config + mountPath: "/supervisor_task.conf" + subPath: supervisor_task.conf + readOnly: true - name: {{ kubernetes_deployment_name }}-secret-key mountPath: "/etc/tower/SECRET_KEY" @@ -303,6 +343,37 @@ spec: path: 'credentials.py' - key: environment_sh path: 'environment.sh' + + - name: {{ kubernetes_deployment_name }}-launch-awx-web + configMap: + name: {{ kubernetes_deployment_name }}-launch-awx + items: + - key: launch-awx-web + path: 'launch_awx.sh' + defaultMode: 0755 + + - name: {{ kubernetes_deployment_name }}-launch-awx-task + configMap: + name: {{ kubernetes_deployment_name }}-launch-awx + items: + - key: launch-awx-task + path: 'launch_awx_task.sh' + defaultMode: 0755 + + - name: {{ kubernetes_deployment_name }}-supervisor-web-config + configMap: + name: {{ kubernetes_deployment_name }}-supervisor-config + items: + - key: supervisor-web-config + path: 'supervisor.conf' + + - name: {{ kubernetes_deployment_name }}-supervisor-task-config + configMap: + name: {{ kubernetes_deployment_name }}-supervisor-config + items: + - key: supervisor-task-config + path: 'supervisor_task.conf' + - name: {{ kubernetes_deployment_name }}-secret-key secret: diff --git a/installer/roles/kubernetes/templates/launch_awx.yml.j2 b/installer/roles/kubernetes/templates/launch_awx.yml.j2 new file mode 100644 index 0000000000..46b3b7a16b --- /dev/null +++ b/installer/roles/kubernetes/templates/launch_awx.yml.j2 @@ -0,0 +1,59 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ kubernetes_deployment_name }}-launch-awx + namespace: {{ kubernetes_namespace }} +data: + launch-awx-task: | + #!/usr/bin/env bash + if [ `id -u` -ge 500 ]; then + echo "awx:x:`id -u`:`id -g`:,,,:/var/lib/awx:/bin/bash" >> /tmp/passwd + cat /tmp/passwd > /etc/passwd + rm /tmp/passwd + fi + + source /etc/tower/conf.d/environment.sh + + ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m wait_for -a "host=$DATABASE_HOST port=$DATABASE_PORT" all + ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m wait_for -a "host=$MEMCACHED_HOST port=11211" all + ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m wait_for -a "host=$RABBITMQ_HOST port=5672" all + + + if [ -z "$AWX_SKIP_MIGRATIONS" ]; then + awx-manage migrate --noinput + fi + + if [ ! -z "$AWX_ADMIN_USER" ]&&[ ! -z "$AWX_ADMIN_PASSWORD" ]; then + echo "from django.contrib.auth.models import User; User.objects.create_superuser('$AWX_ADMIN_USER', 'root@localhost', '$AWX_ADMIN_PASSWORD')" | awx-manage shell + awx-manage create_preload_data + else + echo "from django.contrib.auth.models import User; User.objects.create_superuser('admin', 'root@localhost', 'password')" | awx-manage shell + awx-manage create_preload_data + fi + echo 'from django.conf import settings; x = settings.AWX_TASK_ENV; x["HOME"] = "/var/lib/awx"; settings.AWX_TASK_ENV = x' | awx-manage shell + awx-manage provision_instance --hostname=$(hostname) + awx-manage register_queue --queuename=tower --instance_percent=100 + + unset $(cut -d = -f -1 /etc/tower/conf.d/environment.sh) + + supervisord -c /supervisor_task.conf + + launch-awx-web: | + #!/usr/bin/env bash + if [ `id -u` -ge 500 ]; then + echo "awx:x:`id -u`:`id -g`:,,,:/var/lib/awx:/bin/bash" >> /tmp/passwd + cat /tmp/passwd > /etc/passwd + rm /tmp/passwd + fi + + source /etc/tower/conf.d/environment.sh + + ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m wait_for -a "host=$DATABASE_HOST port=$DATABASE_PORT" all + ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m wait_for -a "host=$MEMCACHED_HOST port=11211" all + ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m wait_for -a "host=$RABBITMQ_HOST port=5672" all + + awx-manage collectstatic --noinput --clear + + unset $(cut -d = -f -1 /etc/tower/conf.d/environment.sh) + + supervisord -c /supervisor.conf diff --git a/installer/roles/kubernetes/templates/supervisor.yml.j2 b/installer/roles/kubernetes/templates/supervisor.yml.j2 new file mode 100644 index 0000000000..407651e6f9 --- /dev/null +++ b/installer/roles/kubernetes/templates/supervisor.yml.j2 @@ -0,0 +1,130 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ kubernetes_deployment_name }}-supervisor-config + namespace: {{ kubernetes_namespace }} +data: + supervisor-web-config: | + [supervisord] + nodaemon = True + umask = 022 + + [program:nginx] + command = nginx -g "daemon off;" + autostart = true + autorestart = true + stopwaitsecs = 5 + stdout_logfile=/dev/stdout + stdout_logfile_maxbytes=0 + stderr_logfile=/dev/stderr + stderr_logfile_maxbytes=0 + + [program:uwsgi] + command = /var/lib/awx/venv/awx/bin/uwsgi --socket 127.0.0.1:8050 --module=awx.wsgi:application --vacuum --processes=5 --harakiri=120 --no-orphans --master --max-requests=1000 --master-fifo=/var/lib/awx/awxfifo --lazy-apps -b 32768 + directory = /var/lib/awx + autostart = true + autorestart = true + stopwaitsecs = 15 + stopsignal = INT + stdout_logfile=/dev/stdout + stdout_logfile_maxbytes=0 + stderr_logfile=/dev/stderr + stderr_logfile_maxbytes=0 + + [program:daphne] + command = /var/lib/awx/venv/awx/bin/daphne -b 127.0.0.1 -p 8051 --websocket_timeout -1 awx.asgi:channel_layer + directory = /var/lib/awx + autostart = true + autorestart = true + stopwaitsecs = 5 + stdout_logfile=/dev/stdout + stdout_logfile_maxbytes=0 + stderr_logfile=/dev/stderr + stderr_logfile_maxbytes=0 + + [group:tower-processes] + programs=nginx,uwsgi,daphne + priority=5 + + # TODO: Exit Handler + + [eventlistener:awx-config-watcher] + command=/usr/bin/config-watcher + stderr_logfile=/dev/stdout + stderr_logfile_maxbytes=0 + stdout_logfile=/dev/stdout + stdout_logfile_maxbytes=0 + events=TICK_60 + priority=0 + + [unix_http_server] + file=/tmp/supervisor.sock + + [supervisorctl] + serverurl=unix:///tmp/supervisor.sock ; use a unix:// URL for a unix socket + + [rpcinterface:supervisor] + supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface + + supervisor-task-config: | + [supervisord] + nodaemon = True + umask = 022 + + [program:dispatcher] + command = awx-manage run_dispatcher + directory = /var/lib/awx + environment = LANGUAGE="en_US.UTF-8",LANG="en_US.UTF-8",LC_ALL="en_US.UTF-8",LC_CTYPE="en_US.UTF-8" + autostart = true + autorestart = true + stopwaitsecs = 5 + stdout_logfile=/dev/stdout + stdout_logfile_maxbytes=0 + stderr_logfile=/dev/stderr + stderr_logfile_maxbytes=0 + + [program:callback-receiver] + command = awx-manage run_callback_receiver + directory = /var/lib/awx + autostart = true + autorestart = true + stopwaitsecs = 5 + stdout_logfile=/dev/stdout + stdout_logfile_maxbytes=0 + stderr_logfile=/dev/stderr + stderr_logfile_maxbytes=0 + + [program:channels-worker] + command = awx-manage runworker --only-channels websocket.* + directory = /var/lib/awx + autostart = true + autorestart = true + stopwaitsecs = 5 + stdout_logfile=/dev/stdout + stdout_logfile_maxbytes=0 + stderr_logfile=/dev/stderr + stderr_logfile_maxbytes=0 + + [group:tower-processes] + programs=dispatcher,callback-receiver,channels-worker + priority=5 + + # TODO: Exit Handler + + [eventlistener:awx-config-watcher] + command=/usr/bin/config-watcher + stderr_logfile=/dev/stdout + stderr_logfile_maxbytes=0 + stdout_logfile=/dev/stdout + stdout_logfile_maxbytes=0 + events=TICK_60 + priority=0 + + [unix_http_server] + file=/tmp/supervisor.sock + + [supervisorctl] + serverurl=unix:///tmp/supervisor.sock ; use a unix:// URL for a unix socket + + [rpcinterface:supervisor] + supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface