From d39c70d9f2145d8a10c1ff59cd4868ad6d5b9363 Mon Sep 17 00:00:00 2001 From: Matthew Jones Date: Tue, 15 Aug 2017 21:42:18 -0400 Subject: [PATCH 01/10] Initial awx installer --- .../files}/launch_awx.sh | 0 .../files}/launch_awx_task.sh | 0 .../files}/nginx.conf | 0 .../files}/settings.py | 0 .../files}/supervisor.conf | 0 .../files}/supervisor_task.conf | 0 installer/image_build/tasks/main.yml | 138 ++++++++++++++++++ .../templates/Dockerfile.j2} | 19 +-- .../templates/Dockerfile.task.j2} | 2 +- installer/install.yml | 7 + installer/inventory | 24 +++ installer/openshift/inventory | 5 - installer/openshift/tasks/main.yml | 95 ++++++++++++ .../configmap.yml.j2} | 22 +-- .../deployment.yml.j2} | 52 +++---- installer/openshift/tower_setup_conf.yml | 5 - 16 files changed, 312 insertions(+), 57 deletions(-) rename installer/{openshift => image_build/files}/launch_awx.sh (100%) rename installer/{openshift => image_build/files}/launch_awx_task.sh (100%) rename installer/{openshift => image_build/files}/nginx.conf (100%) rename installer/{openshift => image_build/files}/settings.py (100%) rename installer/{openshift => image_build/files}/supervisor.conf (100%) rename installer/{openshift => image_build/files}/supervisor_task.conf (100%) create mode 100644 installer/image_build/tasks/main.yml rename installer/{openshift/Dockerfile => image_build/templates/Dockerfile.j2} (78%) rename installer/{openshift/Dockerfile.celery => image_build/templates/Dockerfile.task.j2} (67%) create mode 100644 installer/install.yml create mode 100644 installer/inventory delete mode 100644 installer/openshift/inventory create mode 100644 installer/openshift/tasks/main.yml rename installer/openshift/{config/configmap.yml => templates/configmap.yml.j2} (90%) rename installer/openshift/{config/deployment.yml => templates/deployment.yml.j2} (56%) delete mode 100644 installer/openshift/tower_setup_conf.yml diff --git a/installer/openshift/launch_awx.sh b/installer/image_build/files/launch_awx.sh similarity index 100% rename from installer/openshift/launch_awx.sh rename to installer/image_build/files/launch_awx.sh diff --git a/installer/openshift/launch_awx_task.sh b/installer/image_build/files/launch_awx_task.sh similarity index 100% rename from installer/openshift/launch_awx_task.sh rename to installer/image_build/files/launch_awx_task.sh diff --git a/installer/openshift/nginx.conf b/installer/image_build/files/nginx.conf similarity index 100% rename from installer/openshift/nginx.conf rename to installer/image_build/files/nginx.conf diff --git a/installer/openshift/settings.py b/installer/image_build/files/settings.py similarity index 100% rename from installer/openshift/settings.py rename to installer/image_build/files/settings.py diff --git a/installer/openshift/supervisor.conf b/installer/image_build/files/supervisor.conf similarity index 100% rename from installer/openshift/supervisor.conf rename to installer/image_build/files/supervisor.conf diff --git a/installer/openshift/supervisor_task.conf b/installer/image_build/files/supervisor_task.conf similarity index 100% rename from installer/openshift/supervisor_task.conf rename to installer/image_build/files/supervisor_task.conf diff --git a/installer/image_build/tasks/main.yml b/installer/image_build/tasks/main.yml new file mode 100644 index 0000000000..4358c32313 --- /dev/null +++ b/installer/image_build/tasks/main.yml @@ -0,0 +1,138 @@ +--- + +- name: Get Version from checkout if not provided + shell: "git describe --long | sed 's/\\-g.*//' | sed 's/\\-/\\./'" + delegate_to: localhost + register: awx_version_command + when: awx_version is not defined + +- name: Set global version if not provided + set_fact: + awx_version: "{{ awx_version_command.stdout }}" + use_local_awx: true + when: awx_version is not defined + +- name: Set sdist file name + set_fact: + awx_sdist_file: "awx-{{ awx_version }}.tar.gz" + +- name: AWX Distribution + debug: + msg: "{{ awx_sdist_file }}" + +- name: Build AWX distribution + shell: make sdist + args: + chdir: .. + creates: "../dist/{{ awx_sdist_file }}" + delegate_to: localhost + when: use_local_awx is not defined + +- name: Set docker build base path + set_fact: + docker_base_path: "{{ awx_local_base_config_path|default('/tmp') }}/docker-image" + +- name: Set awx_web image name + set_fact: + awx_web_image: "{{ awx_web_image|default('awx_web') }}" + +- name: Set awx_task image name + set_fact: + awx_task_image: "{{ awx_task_image|default('awx_task') }}" + +- name: Ensure directory exists + file: + path: "{{ docker_base_path }}" + state: directory + delegate_to: localhost + +- name: Stage sdist + copy: + src: "../dist/{{ awx_sdist_file }}" + dest: "{{ docker_base_path }}/{{ awx_sdist_file }}" + delegate_to: localhost + +- name: Template web Dockerfile + template: + src: Dockerfile.j2 + dest: "{{ docker_base_path }}/Dockerfile" + delegate_to: localhost + +- name: Template task Dockerfile + template: + src: Dockerfile.task.j2 + dest: "{{ docker_base_path }}/Dockerfile.task" + delegate_to: localhost + +- name: Stage launch_awx + copy: + src: launch_awx.sh + dest: "{{ docker_base_path }}/launch_awx.sh" + mode: '0700' + delegate_to: localhost + +- name: Stage launch_awx_task + copy: + src: launch_awx_task.sh + dest: "{{ docker_base_path }}/launch_awx_task.sh" + mode: '0700' + delegate_to: localhost + +- name: Stage nginx.conf + copy: + src: nginx.conf + dest: "{{ docker_base_path }}/nginx.conf" + delegate_to: localhost + +- name: Stage supervisor.conf + copy: + src: supervisor.conf + dest: "{{ docker_base_path }}/supervisor.conf" + delegate_to: localhost + +- name: Stage supervisor_task.conf + copy: + src: supervisor_task.conf + dest: "{{ docker_base_path }}/supervisor_task.conf" + delegate_to: localhost + +- name: Stage settings.py + copy: + src: settings.py + dest: "{{ docker_base_path }}/settings.py" + delegate_to: localhost + +- name: Stage requirements + copy: + src: ../requirements/ + dest: "{{ docker_base_path }}/requirements" + delegate_to: localhost + +- name: Stage Makefile + copy: + src: ../Makefile + dest: "{{ docker_base_path }}/Makefile" + delegate_to: localhost + +- name: Build base web image + docker_image: + path: "{{ docker_base_path }}" + dockerfile: Dockerfile + name: "{{ awx_web_image }}" + tag: "{{ awx_version }}" + delegate_to: localhost + +- name: Build base task image + docker_image: + path: "{{ docker_base_path }}" + dockerfile: Dockerfile.task + name: "{{ awx_task_image }}" + tag: "{{ awx_version }}" + pull: no + delegate_to: localhost + +- name: Clean docker base directory + file: + path: "{{ docker_base_path }}" + state: absent + when: cleanup_docker_base|default(True) diff --git a/installer/openshift/Dockerfile b/installer/image_build/templates/Dockerfile.j2 similarity index 78% rename from installer/openshift/Dockerfile rename to installer/image_build/templates/Dockerfile.j2 index 627d5abfe2..67bbbfea53 100644 --- a/installer/openshift/Dockerfile +++ b/installer/image_build/templates/Dockerfile.j2 @@ -32,16 +32,17 @@ RUN mkdir -p /var/log/tower RUN mkdir -p /etc/tower RUN echo "awxsecret" > /etc/tower/SECRET_KEY RUN VENV_BASE=/var/lib/awx/venv make requirements_ansible && VENV_BASE=/var/lib/awx/venv make requirements_awx -COPY dist/awx-{{ version }}.tar.gz /tmp/awx-{{ version }}.tar.gz -RUN OFFICIAL=yes pip install /tmp/awx-{{ version }}.tar.gz +COPY {{ awx_sdist_file }} /tmp/{{ awx_sdist_file }} +RUN OFFICIAL=yes pip install /tmp/{{ awx_sdist_file }} -RUN echo "{{ version }}" > /var/lib/awx/.tower_version -ADD installer/openshift/nginx.conf /etc/nginx/nginx.conf -ADD installer/openshift/supervisor.conf /supervisor.conf -ADD installer/openshift/supervisor_task.conf /supervisor_task.conf -ADD installer/openshift/launch_awx.sh /usr/bin/launch_awx.sh -ADD installer/openshift/launch_awx_task.sh /usr/bin/launch_awx_task.sh -ADD installer/openshift/settings.py /etc/tower/settings.py +RUN echo "{{ awx_version }}" > /var/lib/awx/.tower_version +ADD nginx.conf /etc/nginx/nginx.conf +ADD supervisor.conf /supervisor.conf +ADD supervisor_task.conf /supervisor_task.conf +ADD launch_awx.sh /usr/bin/launch_awx.sh +ADD launch_awx_task.sh /usr/bin/launch_awx_task.sh +RUN chmod +rx /usr/bin/launch_awx.sh && chmod +rx /usr/bin/launch_awx_task.sh +ADD settings.py /etc/tower/settings.py RUN yum -y remove gcc postgresql-devel libxml2-devel libxslt-devel cyrus-sasl-devel openldap-devel xmlsec1-devel krb5-devel xmlsec1-openssl-devel libtool-ltdl-devel gcc-c++ python-devel && yum -y clean all RUN rm -rf /root/.cache RUN chmod g+w /etc/passwd diff --git a/installer/openshift/Dockerfile.celery b/installer/image_build/templates/Dockerfile.task.j2 similarity index 67% rename from installer/openshift/Dockerfile.celery rename to installer/image_build/templates/Dockerfile.task.j2 index d878e0ccf7..b72160cb68 100644 --- a/installer/openshift/Dockerfile.celery +++ b/installer/image_build/templates/Dockerfile.task.j2 @@ -1,4 +1,4 @@ -FROM awx_web +FROM {{ awx_web_image }}:{{ awx_version }} USER 0 RUN sudo yum -y remove nginx USER 1000 diff --git a/installer/install.yml b/installer/install.yml new file mode 100644 index 0000000000..0102cd98e7 --- /dev/null +++ b/installer/install.yml @@ -0,0 +1,7 @@ +--- + +- hosts: all + gather_facts: false + roles: + - role: image_build + - role: openshift diff --git a/installer/inventory b/installer/inventory new file mode 100644 index 0000000000..d9334a8d38 --- /dev/null +++ b/installer/inventory @@ -0,0 +1,24 @@ +localhost ansible_connection=local + +[all:vars] +# Local Openshift +# Will need to set -e openshift_password=developer -e docker_registry_password=$(oc whoami -t) +# +# openshift_host=127.0.0.1:8443 +# awx_openshift_project=awx +# openshift_user=developer +# docker_registry=172.30.1.1:5000 +# docker_registry_repository=awx +# docker_registry_username=developer +# awx_node_port=30083 + +# Set this if you have an external postgres you are pointing at +# otherwise a new ephemeral awx postgres service will be created +# pg_hostname=postgresql +pg_username=awx +pg_password=awxpass +pg_database=awx +pg_port=5432 + +# AWX Tunables +awx_secret_key=aabbcc diff --git a/installer/openshift/inventory b/installer/openshift/inventory deleted file mode 100644 index c4f03c7fbc..0000000000 --- a/installer/openshift/inventory +++ /dev/null @@ -1,5 +0,0 @@ -[primary] -localhost - -[all:children] -primary diff --git a/installer/openshift/tasks/main.yml b/installer/openshift/tasks/main.yml new file mode 100644 index 0000000000..e904f6b507 --- /dev/null +++ b/installer/openshift/tasks/main.yml @@ -0,0 +1,95 @@ +--- +- name: Authenticate with OpenShift + shell: "oc login {{ openshift_host }} -u {{ openshift_user }} -p {{ openshift_password }}" + +- name: Get Project Detail + shell: "oc get project {{ awx_openshift_project }}" + register: project_details + ignore_errors: yes + +- name: Get Postgres Service Detail + shell: "oc describe svc postgresql -n {{ awx_openshift_project }}" + register: postgres_svc_details + ignore_errors: yes + when: "pg_hostname is not defined or pg_hostname == ''" + +- name: Create AWX Openshift Project + shell: "oc new-project {{ awx_openshift_project }}" + when: project_details.rc != 0 + +# This might could/should be optional based on certain circumstances +- name: Mark Openshift User as Admin + shell: "oc adm policy add-role-to-user admin {{ openshift_user }} -n {{ awx_openshift_project }}" + +- name: Authenticate with Docker registry + docker_login: + registry: "{{ docker_registry }}" + username: "{{ docker_registry_username }}" + password: "{{ docker_registry_password }}" + when: docker_registry is defined + delegate_to: localhost + +- name: Tag and push web image to registry + docker_image: + name: "{{ awx_web_image }}" + repository: "{{ docker_registry }}/{{ docker_registry_repository }}/{{ awx_web_image }}" + tag: "{{ awx_version }}" + push: yes + when: docker_registry is defined + delegate_to: localhost + +- name: Tag and push task image to registry + docker_image: + name: "{{ awx_task_image }}" + repository: "{{ docker_registry }}/{{ docker_registry_repository }}/{{ awx_task_image }}" + tag: "{{ awx_version }}" + push: yes + when: docker_registry is defined + delegate_to: localhost + +- name: Deploy and Activate Postgres + shell: "oc new-app --template=postgresql-persistent -e MEMORY_LIMIT={{ pg_memory_limit|default('512') }}Mi -e NAMESPACE=openshift -e DATABASE_SERVICE_NAME=postgresql -e POSTGRESQL_USER={{ pg_username }} -e POSTGRESQL_PASSWORD={{ pg_password }} -e POSTGRESQL_DATABASE={{ pg_database }} -e VOLUME_CAPACITY={{ pg_volume_capacity|default('1')}}Gi -e POSTGRESQL_VERSION=9.5 -n {{ awx_openshift_project }}" + when: (pg_hostname is not defined or pg_hostname == '') and (postgres_svc_details is defined and postgres_svc_details.rc != 0) + register: openshift_pg_activate + +- name: Wait for Postgres to activate + pause: + seconds: 15 + when: openshift_pg_activate|changed + +- name: Set full web image path + set_fact: + awx_web_openshift_image: "{{ docker_registry }}/{{ docker_registry_repository }}/{{ awx_web_image }}:{{ awx_version }}" + when: awx_web_openshift_image is not defined + +- name: Set full task image path + set_fact: + awx_task_openshift_image: "{{ docker_registry }}/{{ docker_registry_repository }}/{{ awx_task_image }}:{{ awx_version }}" + when: awx_task_openshift_image is not defined + +- name: Set openshift base path + set_fact: + openshift_base_path: "{{ awx_local_base_config_path|default('/tmp') }}/awx-config" + +- name: Ensure directory exists + file: + path: "{{ openshift_base_path }}" + state: directory + +- name: Template Openshift AWX Config + template: + src: configmap.yml.j2 + dest: "{{ openshift_base_path }}/configmap.yml" + mode: '0600' + +- name: Template Openshift AWX Deployment + template: + src: deployment.yml.j2 + dest: "{{ openshift_base_path }}/deployment.yml" + mode: '0600' + +- name: Apply Configmap + shell: "oc apply -f {{ openshift_base_path }}/configmap.yml" + +- name: Apply Deployment + shell: "oc apply -f {{ openshift_base_path }}/deployment.yml" diff --git a/installer/openshift/config/configmap.yml b/installer/openshift/templates/configmap.yml.j2 similarity index 90% rename from installer/openshift/config/configmap.yml rename to installer/openshift/templates/configmap.yml.j2 index 064e7076d6..da91d9e706 100644 --- a/installer/openshift/config/configmap.yml +++ b/installer/openshift/templates/configmap.yml.j2 @@ -1,11 +1,11 @@ apiVersion: v1 kind: ConfigMap metadata: - name: tower-config - namespace: tower + name: awx-config + namespace: {{ awx_openshift_project }} data: - secret_key: AAABBBCCC - tower_settings: | + secret_key: {{ awx_secret_key }} + awx_settings: | import os import socket ADMINS = () @@ -59,19 +59,19 @@ data: 'default': { 'ATOMIC_REQUESTS': True, 'ENGINE': 'transaction_hooks.backends.postgresql_psycopg2', - 'NAME': "tower", - 'USER': "tower", - 'PASSWORD': "password123", - 'HOST': "postgresql", - 'PORT': "5432", + 'NAME': "{{ pg_database }}", + 'USER': "{{ pg_username }}", + 'PASSWORD': "{{ pg_password }}", + 'HOST': "{{ pg_hostname|default('postgresql') }}", + 'PORT': "{{ pg_port }}", } } BROKER_URL = 'amqp://{}:{}@{}:{}/{}'.format( - "tower", + "awx", "abcdefg", "localhost", "5672", - "tower") + "awx") CHANNEL_LAYERS = { 'default': {'BACKEND': 'asgi_amqp.AMQPChannelLayer', 'ROUTING': 'awx.main.routing.channel_routing', diff --git a/installer/openshift/config/deployment.yml b/installer/openshift/templates/deployment.yml.j2 similarity index 56% rename from installer/openshift/config/deployment.yml rename to installer/openshift/templates/deployment.yml.j2 index 1d464b20c6..b6de8bb729 100644 --- a/installer/openshift/config/deployment.yml +++ b/installer/openshift/templates/deployment.yml.j2 @@ -2,59 +2,59 @@ apiVersion: extensions/v1beta1 kind: Deployment metadata: - name: tower - namespace: tower + name: awx + namespace: {{ awx_openshift_project }} spec: replicas: 1 template: metadata: labels: - name: tower-web-deploy + name: awx-web-deploy service: django spec: containers: - - name: tower-web - image: 172.30.1.1:5000/tower/tower_web:latest + - name: awx-web + image: {{ awx_web_openshift_image }} ports: - containerPort: 8052 volumeMounts: - mountPath: /etc/tower - name: tower-application-config - - name: tower-celery - image: 172.30.1.1:5000/tower/tower_task:latest + name: awx-application-config + - name: awx-celery + image: {{ awx_task_openshift_image }} volumeMounts: - mountPath: /etc/tower - name: tower-application-config + name: awx-application-config env: - name: DATABASE_USER - value: tower + value: {{ pg_username }} - name: DATABASE_NAME - value: tower + value: {{ pg_database }} - name: DATABASE_HOST - value: postgresql + value: {{ pg_hostname|default('postgresql') }} - name: DATABASE_PASSWORD - value: password123 - - name: tower-rabbit + value: {{ pg_password }} + - name: awx-rabbit image: rabbitmq:3 env: - name: RABBITMQ_ERLANG_COOKIE - value: secret + value: secretb - name: RABBITMQ_NODENAME value: rabbitmq - name: RABBITMQ_DEFAULT_USER - value: tower + value: awx - name: RABBITMQ_DEFAULT_PASS value: abcdefg - name: RABBITMQ_DEFAULT_VHOST - value: tower - - name: tower-memcached + value: awx + - name: awx-memcached image: memcached volumes: - - name: tower-application-config + - name: awx-application-config configMap: - name: tower-config + name: awx-config items: - - key: tower_settings + - key: awx_settings path: settings.py - key: secret_key path: SECRET_KEY @@ -62,15 +62,15 @@ spec: apiVersion: v1 kind: Service metadata: - name: tower-web-svc - namespace: tower + name: awx-web-svc + namespace: {{ awx_openshift_project }} labels: - name: tower-web-svc + name: awx-web-svc spec: type: "NodePort" ports: - name: http port: 8052 - nodePort: 30083 + nodePort: {{ awx_node_port }} selector: - name: tower-web-deploy + name: awx-web-deploy diff --git a/installer/openshift/tower_setup_conf.yml b/installer/openshift/tower_setup_conf.yml deleted file mode 100644 index 53453a5dcc..0000000000 --- a/installer/openshift/tower_setup_conf.yml +++ /dev/null @@ -1,5 +0,0 @@ -admin_password: password -database: internal -pg_password: CJUWsyKHp5P9AZZqC8Rgk7qFnVVFAPBCJbkzr3bb -primary_machine: localhost -redis_password: xrQ5uWpfH8ELWyKzfkS8UCRVAjaFruKQq3EvR4a6 \ No newline at end of file From 6e4d886ea44091aa3892b24006de57e49f7c5152 Mon Sep 17 00:00:00 2001 From: Matthew Jones Date: Tue, 22 Aug 2017 09:02:32 -0400 Subject: [PATCH 02/10] Reduce the size of the production container image --- Makefile | 6 ------ installer/image_build/tasks/main.yml | 2 -- installer/image_build/templates/Dockerfile.j2 | 17 +++++++++++------ 3 files changed, 11 insertions(+), 14 deletions(-) diff --git a/Makefile b/Makefile index e2cb881fa3..ec3d5db8a1 100644 --- a/Makefile +++ b/Makefile @@ -608,9 +608,3 @@ psql-container: VERSION: echo $(VERSION_TARGET) > $@ -production-openshift-image: sdist - cat installer/openshift/Dockerfile | sed "s/{{ version }}/$(VERSION_TARGET)/g" | sed "s/{{ tar }}/$(SDIST_TAR_FILE)/g" > ./Dockerfile.production - cp installer/openshift/Dockerfile.celery ./Dockerfile.celery.production - docker build -t awx_web -f ./Dockerfile.production . - docker build -t awx_task -f ./Dockerfile.celery.production . - diff --git a/installer/image_build/tasks/main.yml b/installer/image_build/tasks/main.yml index 4358c32313..ab7a31de79 100644 --- a/installer/image_build/tasks/main.yml +++ b/installer/image_build/tasks/main.yml @@ -9,7 +9,6 @@ - name: Set global version if not provided set_fact: awx_version: "{{ awx_version_command.stdout }}" - use_local_awx: true when: awx_version is not defined - name: Set sdist file name @@ -26,7 +25,6 @@ chdir: .. creates: "../dist/{{ awx_sdist_file }}" delegate_to: localhost - when: use_local_awx is not defined - name: Set docker build base path set_fact: diff --git a/installer/image_build/templates/Dockerfile.j2 b/installer/image_build/templates/Dockerfile.j2 index 67bbbfea53..ba37539b4c 100644 --- a/installer/image_build/templates/Dockerfile.j2 +++ b/installer/image_build/templates/Dockerfile.j2 @@ -23,15 +23,23 @@ ADD requirements/requirements_ansible.txt \ /tmp/requirements/ # OS Dependencies -RUN yum -y install epel-release && yum -y localinstall http://download.postgresql.org/pub/repos/yum/9.6/redhat/rhel-7-x86_64/pgdg-centos96-9.6-3.noarch.rpm && yum -y update && yum -y install ansible git curl python-psycopg2 python-pip python-setuptools libselinux-python setools-libs yum-utils sudo acl make postgresql-devel nginx python-psutil libxml2-devel libxslt-devel libstdc++.so.6 gcc cyrus-sasl-devel cyrus-sasl openldap-devel libffi-devel python-pip xmlsec1-devel swig krb5-devel xmlsec1-openssl xmlsec1 xmlsec1-openssl-devel libtool-ltdl-devel bubblewrap gcc-c++ python-devel -RUN pip install virtualenv supervisor WORKDIR /tmp RUN mkdir -p /var/lib/awx/public/static +RUN chgrp -Rf root /var/lib/awx && chmod -Rf g+w /var/lib/awx +RUN yum -y install epel-release && \ + yum -y localinstall http://download.postgresql.org/pub/repos/yum/9.6/redhat/rhel-7-x86_64/pgdg-centos96-9.6-3.noarch.rpm && \ + yum -y update && \ + yum -y install ansible git curl python-psycopg2 python-pip python-setuptools libselinux-python setools-libs yum-utils sudo acl make postgresql-devel nginx python-psutil libxml2-devel libxslt-devel libstdc++.so.6 gcc cyrus-sasl-devel cyrus-sasl openldap-devel libffi-devel python-pip xmlsec1-devel swig krb5-devel xmlsec1-openssl xmlsec1 xmlsec1-openssl-devel libtool-ltdl-devel bubblewrap gcc-c++ python-devel && \ + pip install virtualenv supervisor && \ + VENV_BASE=/var/lib/awx/venv make requirements_ansible && \ + VENV_BASE=/var/lib/awx/venv make requirements_awx && \ + yum -y remove gcc postgresql-devel libxml2-devel libxslt-devel cyrus-sasl-devel openldap-devel xmlsec1-devel krb5-devel xmlsec1-openssl-devel libtool-ltdl-devel gcc-c++ python-devel && \ + yum -y clean all && \ + rm -rf /root/.cache RUN mkdir -p /var/log/tower RUN mkdir -p /etc/tower RUN echo "awxsecret" > /etc/tower/SECRET_KEY -RUN VENV_BASE=/var/lib/awx/venv make requirements_ansible && VENV_BASE=/var/lib/awx/venv make requirements_awx COPY {{ awx_sdist_file }} /tmp/{{ awx_sdist_file }} RUN OFFICIAL=yes pip install /tmp/{{ awx_sdist_file }} @@ -43,10 +51,7 @@ ADD launch_awx.sh /usr/bin/launch_awx.sh ADD launch_awx_task.sh /usr/bin/launch_awx_task.sh RUN chmod +rx /usr/bin/launch_awx.sh && chmod +rx /usr/bin/launch_awx_task.sh ADD settings.py /etc/tower/settings.py -RUN yum -y remove gcc postgresql-devel libxml2-devel libxslt-devel cyrus-sasl-devel openldap-devel xmlsec1-devel krb5-devel xmlsec1-openssl-devel libtool-ltdl-devel gcc-c++ python-devel && yum -y clean all -RUN rm -rf /root/.cache RUN chmod g+w /etc/passwd -RUN chgrp -Rf root /var/lib/awx && chmod -Rf g+w /var/lib/awx RUN chmod -R 777 /var/log/nginx && chmod -R 777 /var/lib/nginx USER 1000 EXPOSE 8052 From ddbb845e36a8a8efad32b6353607a7d4874899fd Mon Sep 17 00:00:00 2001 From: Matthew Jones Date: Fri, 25 Aug 2017 11:39:56 -0400 Subject: [PATCH 03/10] Force reauth docker registry login in installer --- installer/openshift/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/installer/openshift/tasks/main.yml b/installer/openshift/tasks/main.yml index e904f6b507..2e9eeac442 100644 --- a/installer/openshift/tasks/main.yml +++ b/installer/openshift/tasks/main.yml @@ -26,6 +26,7 @@ registry: "{{ docker_registry }}" username: "{{ docker_registry_username }}" password: "{{ docker_registry_password }}" + reauthorize: yes when: docker_registry is defined delegate_to: localhost From c0c6170ba6677067037dd626523f5d7aa6b6cf35 Mon Sep 17 00:00:00 2001 From: Chris Houseknecht Date: Mon, 28 Aug 2017 14:48:28 -0400 Subject: [PATCH 04/10] Ignore Pycharm droppings --- .gitignore | 2 ++ .idea/vcs.xml | 6 ++++++ 2 files changed, 8 insertions(+) create mode 100644 .idea/vcs.xml diff --git a/.gitignore b/.gitignore index ee2a0211ce..8828f1b1b4 100644 --- a/.gitignore +++ b/.gitignore @@ -114,3 +114,5 @@ awx/lib/.deps_built awx/lib/site-packages venv/* use_dev_supervisor.txt + +.idea/* diff --git a/.idea/vcs.xml b/.idea/vcs.xml new file mode 100644 index 0000000000..94a25f7f4c --- /dev/null +++ b/.idea/vcs.xml @@ -0,0 +1,6 @@ + + + + + + \ No newline at end of file From 291d5fb0b5b38d0c337afc9eab4f25c5be633e15 Mon Sep 17 00:00:00 2001 From: Chris Houseknecht Date: Mon, 28 Aug 2017 14:49:50 -0400 Subject: [PATCH 05/10] Adds edge terminated route --- installer/openshift/templates/deployment.yml.j2 | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/installer/openshift/templates/deployment.yml.j2 b/installer/openshift/templates/deployment.yml.j2 index b6de8bb729..5b8d11fd1f 100644 --- a/installer/openshift/templates/deployment.yml.j2 +++ b/installer/openshift/templates/deployment.yml.j2 @@ -74,3 +74,20 @@ spec: nodePort: {{ awx_node_port }} selector: name: awx-web-deploy +--- +apiVersion: v1 +kind: Route +metadata: + name: awx-web-svc + namespace: {{ awx_openshift_project }} +spec: + port: + targetPort: http + tls: + insecureEdgeTerminationPolicy: Allow + termination: edge + to: + kind: Service + name: awx-web-svc + weight: 100 + wildcardPolicy: None From a14473809426d76773e01ca7cce69baa92f41edd Mon Sep 17 00:00:00 2001 From: Chris Houseknecht Date: Mon, 28 Aug 2017 16:41:21 -0400 Subject: [PATCH 06/10] First iteration on INSTALL --- INSTALL.md | 114 ++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 112 insertions(+), 2 deletions(-) diff --git a/INSTALL.md b/INSTALL.md index 105e63961d..6aeb30a672 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -1,2 +1,112 @@ -Installing AWX -============== +# Installing AWX + +This document provides instructions for installing AWX on the following platforms: + +- [OpenShift container platform](#openshift) +- [Standalone Docker daemon](#docker) + +It is intended to be a guide only. The instructions and examples that follow enable you to build a working AWX server. However, this document makes no guarantees regarding the production worthiness of the resulting server. + + +## OpenShift + +The [installer](./installer) directory contains an Ansible playbook, inventory file, and roles for deploying AWX to an OpenShift cluster. The playbook automates the process of building AWX, creating container images, and deploying the application. + +### Prerequisites + +Before running the deployment for the first time, you'll need to install the following: + +- [Ansible](http://docs.ansible.com/ansible/latest/intro_installation.html) +- gettext package for your platform (See [Installing gettext](#installing-gettext)) +- [Docker](https://docs.docker.com/engine/installation/) +- Access to an OpenShift cluster (See [Using Minishift](#using-minishift)) + +#### Installing gettext + +On Fedora / CentOS / RHEL: + +```bash +$ yum install gettext +``` + +On macOS: + +```bash +$ brew install gettext +$ brew link gettext --force +``` + +#### Using Minishift + +If you do not have access to an OpenShift cluster, you can install [Minishift](https://github.com/minishift/minishift), and create a single node cluster running inside a virtual machine. It's a convenient way to create a demo environment, suitable for trying out AWX. + +Once you have Minishift running, you can optionally use the Docker daemon that runs inside the virtual machine, rather than running a second Docker daemon (or Docker for Mac) on your development host. The following will set your environment to use it: + +```bash +$ minishift $(docker-env) +``` + +### Pre-build Steps + +Before kicking off the build, review the [inventory](./installer/inventory) file, and uncomment and provide values for the following variables within the `[all:vars]` section: + +**openshift_host** + +> IP address or hostname of the OpenShift cluster. If you're using Minishift, this will be the value returned by `minishift ip`. + +**awx_openshift_project** + +> Name of the OpenShift project that will be created, and used as the namespace for the AWX app. Defaults to *awx*. + +**openshift_user** + +> Username of the OpenShift user that will create the project, and deploy the application. Defaults to *developer*. + +**docker_registry** + +> IP address and port, or URL, for accessing a registry that the OpenShift cluster can access. Defaults to *172.30.1.1:5000*, the internal registry delivered with Minishift. + +**docker_registry_repository** + +> Namespace to use when pushing and pulling images to and from the registry. Generally this will match the project name. It defaults to *awx*. + +**docker_registry_username** + +> Username of the user that will push images to the registry. Will generally match the *openshift_user* value. Defaults to *developer*. + +### PostgreSQL + +**TODO** + +Add notes regarding optional Postgres service here. + + +### Start the build + +To start the build, you will pass in two *extra* variables on the command line. The first is *openshift_password*, which you will set to the password of the user that will deploy the app. This is the same user you specified for the value of *openshsift_user* + +The second variable is *docker_registry_password*. This is the password of the user that will push images to the registry. It's the same user you specified for *docker_registry_username* above. + +If you're using Mnishift, and the internal registry, then you'll pass an access token for the *docker_registry_token* value, rather than a password. The `oc whoami -t` command will generate the required token, as long as you're logged into the cluster via `oc cluster login` as the user that will access the registry. + +Here's the build command to run, if you're using Minishift, and the internal registry: + +```bash +$ ansible-playbook -i inventory install.yml -e openshift_password=developer -e docker_registry_password=$(oc whoami -t) +``` + +### Post build, and accessing AWX + +Once the build completes, log into the OpenShift console and view the project. For Minishift users, access the console with the following command: + +```bash +$ open https://$(minishift ip):8443 +``` + +Open the `awx` project. Assuming you chose to use the PostgreSQL service, you'll see two pods running: *postgresql* and *awx*. The web server is running inside the *awx* pod. To access it, click on *Applications*, and choose *Routes* from the menu. You'll see a route named *awx-web-svc*, click on the highlighted URL in the second column, under *Hostname*. This will open the AWX login dialog. The username is *admin*, and the password is *password*. + +## Docker + +**TODO** + +Document Docker deployment here. From 067beb90c991ee60783f074e08352ca12e739edb Mon Sep 17 00:00:00 2001 From: Matthew Jones Date: Tue, 29 Aug 2017 16:14:28 -0400 Subject: [PATCH 07/10] Add support for standalone docker install --- installer/image_build/files/nginx.conf | 2 +- installer/image_build/files/settings.py | 37 ++- installer/install.yml | 5 +- installer/inventory | 7 + installer/local_docker/tasks/main.yml | 210 ++++++++++++++++++ installer/openshift/tasks/main.yml | 20 +- .../openshift/templates/configmap.yml.j2 | 7 + 7 files changed, 281 insertions(+), 7 deletions(-) create mode 100644 installer/local_docker/tasks/main.yml diff --git a/installer/image_build/files/nginx.conf b/installer/image_build/files/nginx.conf index ddc41d0f94..f96b4a9316 100644 --- a/installer/image_build/files/nginx.conf +++ b/installer/image_build/files/nginx.conf @@ -1,4 +1,4 @@ -user awx; +#user awx; worker_processes 1; diff --git a/installer/image_build/files/settings.py b/installer/image_build/files/settings.py index 06d2dbcb1e..45454fcba2 100644 --- a/installer/image_build/files/settings.py +++ b/installer/image_build/files/settings.py @@ -2,6 +2,13 @@ import os + +def get_secret(): + if os.path.exists("/etc/tower/SECRET_KEY"): + return file('/etc/tower/SECRET_KEY', 'rb').read().strip() + return os.getenv("SECRET_KEY", "privateawx"), + + ADMINS = () STATIC_ROOT = '/var/lib/awx/public/static' @@ -10,14 +17,25 @@ PROJECTS_ROOT = '/var/lib/awx/projects' JOBOUTPUT_ROOT = '/var/lib/awx/job_status' -SECRET_KEY = file('/etc/tower/SECRET_KEY', 'rb').read().strip() +SECRET_KEY = get_secret() ALLOWED_HOSTS = ['*'] -INTERNAL_API_URL = 'http://127.0.0.1:80' +INTERNAL_API_URL = 'http://awxweb:8052' AWX_TASK_ENV['HOME'] = '/var/lib/awx' +# Container environments don't like chroots +AWX_PROOT_ENABLED = False + + +CLUSTER_HOST_ID = "awx" +SYSTEM_UUID = '00000000-0000-0000-0000-000000000000' +CELERY_QUEUES += (Queue(CLUSTER_HOST_ID, Exchange(CLUSTER_HOST_ID), routing_key=CLUSTER_HOST_ID),) +CELERY_ROUTES['awx.main.tasks.cluster_node_heartbeat'] = {'queue': CLUSTER_HOST_ID, 'routing_key': CLUSTER_HOST_ID} +CELERY_ROUTES['awx.main.tasks.purge_old_stdout_files'] = {'queue': CLUSTER_HOST_ID, 'routing_key': CLUSTER_HOST_ID} + + ############################################################################### # EMAIL SETTINGS ############################################################################### @@ -32,6 +50,12 @@ EMAIL_HOST_USER = '' EMAIL_HOST_PASSWORD = '' EMAIL_USE_TLS = False +LOGGING['handlers']['console'] = { + '()': 'logging.StreamHandler', + 'level': 'DEBUG', + 'formatter': 'simple', +} + LOGGING['loggers']['django.request']['handlers'] = ['console'] LOGGING['loggers']['rest_framework.request']['handlers'] = ['console'] LOGGING['loggers']['awx']['handlers'] = ['console'] @@ -39,11 +63,18 @@ LOGGING['loggers']['awx.main.commands.run_callback_receiver']['handlers'] = ['co LOGGING['loggers']['awx.main.commands.inventory_import']['handlers'] = ['console'] LOGGING['loggers']['awx.main.tasks']['handlers'] = ['console'] LOGGING['loggers']['awx.main.scheduler']['handlers'] = ['console'] -LOGGING['loggers']['awx.main.commands.run_fact_cache_receiver']['handlers'] = ['console'] LOGGING['loggers']['django_auth_ldap']['handlers'] = ['console'] LOGGING['loggers']['social']['handlers'] = ['console'] LOGGING['loggers']['system_tracking_migrations']['handlers'] = ['console'] LOGGING['loggers']['rbac_migrations']['handlers'] = ['console'] +LOGGING['loggers']['awx.isolated.manager.playbooks']['handlers'] = ['console'] +LOGGING['handlers']['callback_receiver'] = {'class': 'logging.NullHandler'} +LOGGING['handlers']['fact_receiver'] = {'class': 'logging.NullHandler'} +LOGGING['handlers']['task_system'] = {'class': 'logging.NullHandler'} +LOGGING['handlers']['tower_warnings'] = {'class': 'logging.NullHandler'} +LOGGING['handlers']['rbac_migrations'] = {'class': 'logging.NullHandler'} +LOGGING['handlers']['system_tracking_migrations'] = {'class': 'logging.NullHandler'} +LOGGING['handlers']['management_playbooks'] = {'class': 'logging.NullHandler'} DATABASES = { 'default': { diff --git a/installer/install.yml b/installer/install.yml index 0102cd98e7..0be29fc951 100644 --- a/installer/install.yml +++ b/installer/install.yml @@ -3,5 +3,6 @@ - hosts: all gather_facts: false roles: - - role: image_build - - role: openshift + - { role: image_build } + - { role: openshift, when: "openshift_host is defined" } + - { role: local_docker, when: "openshift_host is not defined" } diff --git a/installer/inventory b/installer/inventory index d9334a8d38..62d7a1e9d0 100644 --- a/installer/inventory +++ b/installer/inventory @@ -1,6 +1,9 @@ localhost ansible_connection=local [all:vars] + +awx_official=false + # Local Openshift # Will need to set -e openshift_password=developer -e docker_registry_password=$(oc whoami -t) # @@ -12,6 +15,10 @@ localhost ansible_connection=local # docker_registry_username=developer # awx_node_port=30083 +# Standalone Docker Install +# postgres_data_dir=/tmp/pgdocker +# host_port=80 + # Set this if you have an external postgres you are pointing at # otherwise a new ephemeral awx postgres service will be created # pg_hostname=postgresql diff --git a/installer/local_docker/tasks/main.yml b/installer/local_docker/tasks/main.yml new file mode 100644 index 0000000000..efe9750bdc --- /dev/null +++ b/installer/local_docker/tasks/main.yml @@ -0,0 +1,210 @@ +--- + +- name: Export Docker web image if it isnt local and there isnt a registry defined + docker_image: + name: "{{ awx_web_image }}" + tag: "{{ awx_version }}" + archive_path: "{{ awx_local_base_config_path|default('/tmp') }}/{{ awx_web_image }}_{{ awx_version }}.tar" + when: ansible_connection != "local" and docker_registry is not defined + delegate_to: localhost + +- name: Export Docker task image if it isnt local and there isnt a registry defined + docker_image: + name: "{{ awx_task_image }}" + tag: "{{ awx_version }}" + archive_path: "{{ awx_local_base_config_path|default('/tmp') }}/{{ awx_task_image }}_{{ awx_version }}.tar" + when: ansible_connection != "local" and docker_registry is not defined + delegate_to: localhost + +- name: Authenticate with Docker registry if registry password given + docker_login: + registry: "{{ docker_registry }}" + username: "{{ docker_registry_username }}" + password: "{{ docker_registry_password }}" + reauthorize: yes + when: docker_registry is defined and docker_registry_password is defined + delegate_to: localhost + +- name: Set docker base path + set_fact: + docker_deploy_base_path: "{{ awx_base_path|default('/tmp') }}/docker_deploy" + when: ansible_connection != "local" and docker_registry is not defined + +- name: Ensure directory exists + file: + path: "{{ docker_deploy_base_path }}" + state: directory + when: ansible_connection != "local" and docker_registry is not defined + +- name: Copy web image to docker execution + copy: + src: "{{ awx_local_base_config_path|default('/tmp') }}/{{ awx_web_image }}_{{ awx_version }}.tar" + dest: "{{ docker_deploy_base_path }}/{{ awx_web_image }}_{{ awx_version }}.tar" + when: ansible_connection != "local" and docker_registry is not defined + +- name: Copy task image to docker execution + copy: + src: "{{ awx_local_base_config_path|default('/tmp') }}/{{ awx_task_image }}_{{ awx_version }}.tar" + dest: "{{ docker_deploy_base_path }}" + when: ansible_connection != "local" and docker_registry is not defined + +- name: Load web image + docker_image: + name: "{{ awx_web_image }}" + tag: "{{ awx_version }}" + load_path: "{{ docker_deploy_base_path }}/{{ awx_web_image }}_{{ awx_version }}.tar" + when: ansible_connection != "local" and docker_registry is not defined + +- name: Load task image + docker_image: + name: "{{ awx_task_image }}" + tag: "{{ awx_version }}" + load_path: "{{ docker_deploy_base_path }}/{{ awx_task_image }}_{{ awx_version }}.tar" + when: ansible_connection != "local" and docker_registry is not defined + +- name: Tag and push web image to registry + docker_image: + name: "{{ awx_web_image }}" + repository: "{{ docker_registry }}/{{ docker_registry_repository }}/{{ awx_web_image }}" + tag: "{{ awx_version }}" + push: yes + when: docker_registry is defined + delegate_to: localhost + +- name: Tag and push task image to registry + docker_image: + name: "{{ awx_task_image }}" + repository: "{{ docker_registry }}/{{ docker_registry_repository }}/{{ awx_task_image }}" + tag: "{{ awx_version }}" + push: yes + when: docker_registry is defined + delegate_to: localhost + +- name: Set full image path for Registry + set_fact: + awx_web_docker_actual_image: "{{ docker_registry }}/{{ docker_registry_repository }}/{{ awx_web_image }}" + awx_task_docker_actual_image: "{{ docker_registry }}/{{ docker_registry_repository }}/{{ awx_task_image }}" + when: docker_registry is defined + +- name: Set full image path for local install + set_fact: + awx_web_docker_actual_image: "{{ awx_web_image }}" + awx_task_docker_actual_image: "{{ awx_task_image }}" + when: docker_registry is not defined + +## Docker-compose instead? + +- name: Activate postgres container + docker_container: + name: postgres + state: started + image: postgres:9.6 + volumes: + - "{{ postgres_data_dir }}:/var/lib/postgresql/data" + env: + POSTGRES_USER: "{{ pg_username }}" + POSTGRES_PASSWORD: "{{ pg_password }}" + POSTGRES_DB: "{{ pg_database }}" + when: pg_hostname is not defined or pg_hostname == '' + +- name: Activate rabbitmq container + docker_container: + name: rabbitmq + state: started + image: rabbitmq:3 + env: + RABBITMQ_DEFAULT_VHOST: "awx" + +- name: Activate memcached container + docker_container: + name: memcached + state: started + image: memcached:alpine + +- name: Wait for postgres and rabbitmq to activate + pause: + seconds: 15 + +- name: Set properties without postgres for awx_web + set_fact: + pg_hostname_actual: "{{ pg_hostname }}" + awx_web_container_links: + - rabbitmq + - memcached + when: pg_hostname is defined + +- name: Set properties with postgres for awx_web + set_fact: + pg_hostname_actual: postgres + awx_web_container_links: + - rabbitmq + - memcached + - postgres + when: pg_hostname is not defined or pg_hostname == '' + +- name: Set properties without postgres for awx_task + set_fact: + pg_hostname_actual: "{{ pg_hostname }}" + awx_task_container_links: + - rabbitmq + - memcached + - awx_web + when: pg_hostname is defined + +- name: Set properties with postgres for awx_web + set_fact: + pg_hostname_actual: postgres + awx_task_container_links: + - rabbitmq + - memcached + - awx_web + - postgres + when: pg_hostname is not defined or pg_hostname == '' + +- name: Activate AWX Web Container + docker_container: + name: awx_web + state: started + image: "{{ awx_web_docker_actual_image }}:{{ awx_version }}" + user: root + ports: + - "{{ host_port }}:8052" + links: "{{ awx_web_container_links|list }}" + hostname: awxweb + env: + SECRET_KEY: "{{ awx_secret_key }}" + DATABASE_NAME: "{{ pg_database }}" + DATABASE_USER: "{{ pg_username }}" + DATABASE_PASSWORD: "{{ pg_password }}" + DATABASE_PORT: "{{ pg_port }}" + DATABASE_HOST: "{{ pg_hostname_actual }}" + RABBITMQ_USER: "guest" + RABBITMQ_PASSWORD: "guest" + RABBITMQ_HOST: "rabbitmq" + RABBITMQ_PORT: "5672" + RABBITMQ_VHOST: "awx" + MEMCACHED_HOST: "memcached" + MEMCACHED_PORT: "11211" + +- name: Activate AWX Task Container + docker_container: + name: awx_task + state: started + image: "{{ awx_task_docker_actual_image }}:{{ awx_version }}" + links: "{{ awx_task_container_links|list }}" + user: root + hostname: awx + env: + SECRET_KEY: "{{ awx_secret_key }}" + DATABASE_NAME: "{{ pg_database }}" + DATABASE_USER: "{{ pg_username }}" + DATABASE_PASSWORD: "{{ pg_password }}" + DATABASE_HOST: "{{ pg_hostname_actual }}" + DATABASE_PORT: "{{ pg_port }}" + RABBITMQ_USER: "guest" + RABBITMQ_PASSWORD: "guest" + RABBITMQ_HOST: "rabbitmq" + RABBITMQ_PORT: "5672" + RABBITMQ_VHOST: "awx" + MEMCACHED_HOST: "memcached" + MEMCACHED_PORT: "11211" diff --git a/installer/openshift/tasks/main.yml b/installer/openshift/tasks/main.yml index 2e9eeac442..e7b063f8c9 100644 --- a/installer/openshift/tasks/main.yml +++ b/installer/openshift/tasks/main.yml @@ -21,15 +21,29 @@ - name: Mark Openshift User as Admin shell: "oc adm policy add-role-to-user admin {{ openshift_user }} -n {{ awx_openshift_project }}" +- name: Get docker registry password from oc if needed + block: + - name: Set docker registry password + shell: oc whoami -t + register: docker_registry_password_shell + - name: Set docker registry password + set_fact: + docker_registry_password: "{{ docker_registry_password_shell.stdout }}" + when: docker_registry_password is not defined + - name: Authenticate with Docker registry docker_login: registry: "{{ docker_registry }}" username: "{{ docker_registry_username }}" password: "{{ docker_registry_password }}" reauthorize: yes - when: docker_registry is defined + when: docker_registry is defined and docker_registry_password is defined delegate_to: localhost +- name: Wait for Openshift + pause: + seconds: 30 + - name: Tag and push web image to registry docker_image: name: "{{ awx_web_image }}" @@ -39,6 +53,10 @@ when: docker_registry is defined delegate_to: localhost +- name: Wait for openshift + pause: + seconds: 10 + - name: Tag and push task image to registry docker_image: name: "{{ awx_task_image }}" diff --git a/installer/openshift/templates/configmap.yml.j2 b/installer/openshift/templates/configmap.yml.j2 index da91d9e706..0ef1fd3008 100644 --- a/installer/openshift/templates/configmap.yml.j2 +++ b/installer/openshift/templates/configmap.yml.j2 @@ -35,6 +35,13 @@ data: EMAIL_HOST_USER = '' EMAIL_HOST_PASSWORD = '' EMAIL_USE_TLS = False + + LOGGING['handlers']['console'] = { + '()': 'logging.StreamHandler', + 'level': 'DEBUG', + 'formatter': 'simple', + } + LOGGING['loggers']['django.request']['handlers'] = ['console'] LOGGING['loggers']['rest_framework.request']['handlers'] = ['console'] LOGGING['loggers']['awx']['handlers'] = ['console'] From f1af6b9bf241f38efcd5c8b4726dd6cbf4df81bc Mon Sep 17 00:00:00 2001 From: Matthew Jones Date: Wed, 30 Aug 2017 13:40:18 -0400 Subject: [PATCH 08/10] Support official image builds with awx logos --- installer/image_build/tasks/main.yml | 21 +++++++++++++++++++++ installer/inventory | 17 ++++++++++++----- 2 files changed, 33 insertions(+), 5 deletions(-) diff --git a/installer/image_build/tasks/main.yml b/installer/image_build/tasks/main.yml index ab7a31de79..6d74fabaff 100644 --- a/installer/image_build/tasks/main.yml +++ b/installer/image_build/tasks/main.yml @@ -11,6 +11,21 @@ awx_version: "{{ awx_version_command.stdout }}" when: awx_version is not defined +- name: Verify awx-logos directory exists for official install + stat: + path: "../../awx-logos" + delegate_to: localhost + register: logosdir + failed_when: logosdir.stat.isdir is not defined or not logosdir.stat.isdir + when: awx_official + +- name: Copy logos for inclusion in sdist + synchronize: + src: "../../awx-logos/awx/ui/client/assets" + dest: "../awx/ui/client/" + delegate_to: localhost + when: awx_official + - name: Set sdist file name set_fact: awx_sdist_file: "awx-{{ awx_version }}.tar.gz" @@ -19,6 +34,12 @@ debug: msg: "{{ awx_sdist_file }}" +- name: Clean distribution + shell: make clean + args: + chdir: .. + delegate_to: localhost + - name: Build AWX distribution shell: make sdist args: diff --git a/installer/inventory b/installer/inventory index 62d7a1e9d0..ba88da284e 100644 --- a/installer/inventory +++ b/installer/inventory @@ -2,6 +2,9 @@ localhost ansible_connection=local [all:vars] +# Build AWX with official logos +# Agree to acceptance of trademark guidelines +# Requires awx-logos be checked out in the directory containing the awx repository awx_official=false # Local Openshift @@ -10,14 +13,18 @@ awx_official=false # openshift_host=127.0.0.1:8443 # awx_openshift_project=awx # openshift_user=developer -# docker_registry=172.30.1.1:5000 -# docker_registry_repository=awx -# docker_registry_username=developer # awx_node_port=30083 # Standalone Docker Install -# postgres_data_dir=/tmp/pgdocker -# host_port=80 +postgres_data_dir=/tmp/pgdocker +host_port=80 + +# Required for Openshift, Optional for Standalone Docker install +# Define if you want the image pushed to a registry. The container definition +# will also use these images +# docker_registry=172.30.1.1:5000 +# docker_registry_repository=awx +# docker_registry_username=developer # Set this if you have an external postgres you are pointing at # otherwise a new ephemeral awx postgres service will be created From c1ffa6e5d914b17f3d5f21825496f678e40de1ae Mon Sep 17 00:00:00 2001 From: Matthew Jones Date: Wed, 30 Aug 2017 15:02:06 -0400 Subject: [PATCH 09/10] Call out eval for setting up the minishift environment --- INSTALL.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/INSTALL.md b/INSTALL.md index 6aeb30a672..aa321b8239 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -43,7 +43,7 @@ If you do not have access to an OpenShift cluster, you can install [Minishift](h Once you have Minishift running, you can optionally use the Docker daemon that runs inside the virtual machine, rather than running a second Docker daemon (or Docker for Mac) on your development host. The following will set your environment to use it: ```bash -$ minishift $(docker-env) +$ eval $(minishift docker-env) ``` ### Pre-build Steps From e2a0fd7b0b04ad6e2ca0a98eef25e69406ccf189 Mon Sep 17 00:00:00 2001 From: Chris Houseknecht Date: Thu, 31 Aug 2017 22:21:25 -0400 Subject: [PATCH 10/10] Adds docker installation steps (#15) --- .gitignore | 1 + .idea/vcs.xml | 6 - INSTALL.md | 383 ++++++++++++++++-- installer/check_vars/tasks/check_docker.yml | 15 + .../check_vars/tasks/check_openshift.yml | 49 +++ installer/check_vars/tasks/main.yml | 9 + installer/image_build/tasks/main.yml | 11 +- installer/install.yml | 6 +- installer/inventory | 12 +- installer/local_docker/tasks/main.yml | 7 +- 10 files changed, 445 insertions(+), 54 deletions(-) delete mode 100644 .idea/vcs.xml create mode 100644 installer/check_vars/tasks/check_docker.yml create mode 100644 installer/check_vars/tasks/check_openshift.yml create mode 100644 installer/check_vars/tasks/main.yml diff --git a/.gitignore b/.gitignore index 8828f1b1b4..8fe472e310 100644 --- a/.gitignore +++ b/.gitignore @@ -108,6 +108,7 @@ local/ requirements/vendor .i18n_built VERSION +.idea/* # AWX python libs populated by requirements.txt awx/lib/.deps_built diff --git a/.idea/vcs.xml b/.idea/vcs.xml deleted file mode 100644 index 94a25f7f4c..0000000000 --- a/.idea/vcs.xml +++ /dev/null @@ -1,6 +0,0 @@ - - - - - - \ No newline at end of file diff --git a/INSTALL.md b/INSTALL.md index aa321b8239..63b9474663 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -1,25 +1,59 @@ # Installing AWX -This document provides instructions for installing AWX on the following platforms: +This document provides a guide for intalling AWX. -- [OpenShift container platform](#openshift) -- [Standalone Docker daemon](#docker) +## Table of contents -It is intended to be a guide only. The instructions and examples that follow enable you to build a working AWX server. However, this document makes no guarantees regarding the production worthiness of the resulting server. +- [Getting started](#getting-started) + - [Clone the repo](#clone-the-repo) + - [AWX branding](#awx-branding) + - [Prerequisites](#prerequisites) + - [Installing gettext](#installing-gettext) + - [AWX Tunables](#awx-tunables) + - [Choose a deployment platform](#choose-a-deployment-platform) +- [OpenShift](#openshift) + - [Prerequisites](#prerequisites) + - [Deploying to Minishift](#deploying-to-minishift) + - [Pre-build steps](#pre-build-steps) + - [PostgreSQL](#postgresql) + - [Start the build](#start-the-build) + - [Post build](#post-build) + - [Accessing AWX](#accessing-awx) +- [Docker](#Docker) + - [Prerequisites](#prerequisites-1) + - [Pre-build steps](#pre-build-steps-1) + - [Deploying to a remote host](#deploying-to-a-remote-host) + - [Inventory variables](#inventory-variables) + - [Docker registry](#docker-registry) + - [PostgreSQL](#postgresql-1) + - [Start the build](#start-the-build-1) + - [Post build](#post-build-1) + - [Accessing AWX](#accessing-awx-1) +## Getting started -## OpenShift +### Clone the repo -The [installer](./installer) directory contains an Ansible playbook, inventory file, and roles for deploying AWX to an OpenShift cluster. The playbook automates the process of building AWX, creating container images, and deploying the application. +If you have not already done so, you will need to clone, or create a local copy, of the [AWX repo](https://github.com/ansible/awx). For more on how to clone the repo, view [git clone help](https://git-scm.com/docs/git-clone). + +Once you have a local copy, run commands within the root of the project tree. + +### AWX branding + +You can optionally install the AWX branding assets from the [awx-logos repo](https://github.com/ansible/awx-logos). Prior to installing, please review and agree to the [trademark guidelines](https://github.com/ansible/awx-logos/blob/master/TRADEMARKS.md). + +To install the assets, clone the awx-logos repo into the root of your local AWX clone. The `awx-logos` directory should be next to the `awx` directory. As you progress through the installation steps, you'll be setting variables in the [inventory](./installer/inventory) file. To include the assets in the build, set `awx_official=true`. ### Prerequisites -Before running the deployment for the first time, you'll need to install the following: +Before you can run a deployment, you'll need the following installed in your local environment: - [Ansible](http://docs.ansible.com/ansible/latest/intro_installation.html) - gettext package for your platform (See [Installing gettext](#installing-gettext)) - [Docker](https://docs.docker.com/engine/installation/) -- Access to an OpenShift cluster (See [Using Minishift](#using-minishift)) +- [docker-py](https://github.com/docker/docker-py) Python module +- [Node 6.x LTS version](https://nodejs.org/en/download/) +- [NPM 3.x LTS](https://docs.npmjs.com/) #### Installing gettext @@ -33,80 +67,357 @@ On macOS: ```bash $ brew install gettext -$ brew link gettext --force +$ brew link gettext --force ``` -#### Using Minishift +### AWX Tunables -If you do not have access to an OpenShift cluster, you can install [Minishift](https://github.com/minishift/minishift), and create a single node cluster running inside a virtual machine. It's a convenient way to create a demo environment, suitable for trying out AWX. - -Once you have Minishift running, you can optionally use the Docker daemon that runs inside the virtual machine, rather than running a second Docker daemon (or Docker for Mac) on your development host. The following will set your environment to use it: +**TODO** add tunable bits + +### Choose a deployment platform + +We currently support running AWX as a containerized application using Docker images deployed to either an OpenShift cluster, or a standalone Docker daemon. The remainder of this document will walk you through the process of building the images, and deploying them to either platform. + +The [installer](./installer) directory contains an [inventory](./installer/inventory) file, and a playbook, [install.yml](./installer/install.yml). You'll begin by setting variables in the inventory file according to the platform you wish to use, and then you'll start the image build and deployment process by running the playbook. + +In the sections below, you'll find deployment details and instructions for each platform. To deploy to Docker, view the [Docker section](#docker), and for OpenShift, view the [OpenShift section](#openshift). + +## OpenShift + +### Prerequisites + +To complete a deployment to OpenShift, you will obviously need access to an OpenShift cluster. For demo and testing purposes, you can use [Minishift](https://github.com/minishift/minishift) to create a single node cluster running inside a virtual machine. + +You will also need to have the `oc` command in your PATH. The `install.yml` playbook will call out to `oc` when logging into, and creating objects on the cluster. + +#### Deploying to Minishift + +Install Minishift by following the [installation guide](https://docs.openshift.org/latest/minishift/getting-started/installing.html). + +The Minishift VM contains a Docker daemon, which you can use to build the AWX images. This is generally the approach you should take, and we recommend doing so. To use this instance, run the following command to setup your environment: ```bash +# Set DOCKER environment variable to point to the Minishift VM $ eval $(minishift docker-env) ``` -### Pre-build Steps +**Note** -Before kicking off the build, review the [inventory](./installer/inventory) file, and uncomment and provide values for the following variables within the `[all:vars]` section: +> If you choose to not use the Docker instance running inside the VM, and build the images externally, you will have to enable the OpenShift cluster to access the images. This involves pushing the images to an external Docker registry, and granting the cluster access to it, or exposing the internal registry, and pushing the images into it. -**openshift_host** +### Pre-build steps + +Before starting the build process, review the [inventory](./installer/inventory) file, and uncomment and provide values for the following variables found in the `[all:vars]` section: + +*openshift_host* > IP address or hostname of the OpenShift cluster. If you're using Minishift, this will be the value returned by `minishift ip`. -**awx_openshift_project** +*awx_openshift_project* > Name of the OpenShift project that will be created, and used as the namespace for the AWX app. Defaults to *awx*. -**openshift_user** +*awx_node_port* + +> The web server port running inside the AWX pod. Defaults to *30083*. + +*openshift_user* > Username of the OpenShift user that will create the project, and deploy the application. Defaults to *developer*. -**docker_registry** +*docker_registry* > IP address and port, or URL, for accessing a registry that the OpenShift cluster can access. Defaults to *172.30.1.1:5000*, the internal registry delivered with Minishift. -**docker_registry_repository** +*docker_registry_repository* > Namespace to use when pushing and pulling images to and from the registry. Generally this will match the project name. It defaults to *awx*. -**docker_registry_username** +*docker_registry_username* > Username of the user that will push images to the registry. Will generally match the *openshift_user* value. Defaults to *developer*. -### PostgreSQL +#### PostgreSQL -**TODO** - -Add notes regarding optional Postgres service here. +AWX requires access to a PostgreSQL database, and by default, one will be created and deployed in a container. In this scenario, the database is ephemeral, and all data persisted to it will be lost when the container stops running. +If you wish to use an external database, in the inventory file, set the value of `pg_hostname`, and update `pg_username`, `pg_password`, `pg_database`, and `pg_port` with the connection information. ### Start the build -To start the build, you will pass in two *extra* variables on the command line. The first is *openshift_password*, which you will set to the password of the user that will deploy the app. This is the same user you specified for the value of *openshsift_user* +To start the build, you will pass two *extra* variables on the command line. The first is *openshift_password*, which is the password for the *openshift_user*, and the second is *docker_registry_password*, which is the password associated with *docker_registry_username*. -The second variable is *docker_registry_password*. This is the password of the user that will push images to the registry. It's the same user you specified for *docker_registry_username* above. +If you're using the OpenShift internal registry, then you'll pass an access token for the *docker_registry_password* value, rather than a password. The `oc whoami -t` command will generate the required token, as long as you're logged into the cluster via `oc cluster login`. -If you're using Mnishift, and the internal registry, then you'll pass an access token for the *docker_registry_token* value, rather than a password. The `oc whoami -t` command will generate the required token, as long as you're logged into the cluster via `oc cluster login` as the user that will access the registry. - -Here's the build command to run, if you're using Minishift, and the internal registry: +To start the build and deployment, run the following: ```bash +# Start the build and deployment $ ansible-playbook -i inventory install.yml -e openshift_password=developer -e docker_registry_password=$(oc whoami -t) ``` -### Post build, and accessing AWX +### Post build -Once the build completes, log into the OpenShift console and view the project. For Minishift users, access the console with the following command: +After the playbook run completes, check the status of the deployment by running `oc get pods`: ```bash -$ open https://$(minishift ip):8443 +# View the running pods +$ oc get pods + +NAME READY STATUS RESTARTS AGE +awx-3886581826-5mv0l 4/4 Running 0 8s +postgresql-1-l85fh 1/1 Running 0 20m + ``` -Open the `awx` project. Assuming you chose to use the PostgreSQL service, you'll see two pods running: *postgresql* and *awx*. The web server is running inside the *awx* pod. To access it, click on *Applications*, and choose *Routes* from the menu. You'll see a route named *awx-web-svc*, click on the highlighted URL in the second column, under *Hostname*. This will open the AWX login dialog. The username is *admin*, and the password is *password*. +In the above example, the name of the AWX pod is `awx-3886581826-5mv0l`. Before accessing the AWX web interface, setup tasks and database migrations need to complete. These tasks are running in the `awx_task` container inside the AWX pod. To monitor their status, tail the container's STDOUT by running the following command, replacing the AWX pod name with the pod name from your environment: + +```bash +# Follow the awx_task log output +$ oc logs -f awx-3886581826-5mv0l -c awx-celery +``` + +You will see the following indicating that database migrations are running: + +```bash +Using /etc/ansible/ansible.cfg as config file +127.0.0.1 | SUCCESS => { + "changed": false, + "db": "awx" +} +Operations to perform: + Synchronize unmigrated apps: solo, api, staticfiles, messages, channels, django_extensions, ui, rest_framework, polymorphic + Apply all migrations: sso, taggit, sessions, djcelery, sites, kombu_transport_django, social_auth, contenttypes, auth, conf, main +Synchronizing apps without migrations: + Creating tables... + Running deferred SQL... + Installing custom SQL... +Running migrations: + Rendering model states... DONE + Applying contenttypes.0001_initial... OK + Applying contenttypes.0002_remove_content_type_name... OK + Applying auth.0001_initial... OK + Applying auth.0002_alter_permission_name_max_length... OK + Applying auth.0003_alter_user_email_max_length... OK + Applying auth.0004_alter_user_username_opts... OK + Applying auth.0005_alter_user_last_login_null... OK + Applying auth.0006_require_contenttypes_0002... OK + Applying taggit.0001_initial... OK + Applying taggit.0002_auto_20150616_2121... OK + ... +``` + +When you see output similar to the following, you'll know that database migrations have completed, and you can access the web interface: + +```bash +Python 2.7.5 (default, Nov 6 2016, 00:28:07) +[GCC 4.8.5 20150623 (Red Hat 4.8.5-11)] on linux2 +Type "help", "copyright", "credits" or "license" for more information. +(InteractiveConsole) + +>>> +>>> Default organization added. +Demo Credential, Inventory, and Job Template added. +Successfully registered instance awx-3886581826-5mv0l +(changed: True) +Creating instance group tower +Added instance awx-3886581826-5mv0l to tower +``` + +Once database migrations complete, the web interface will be accessible. + +### Accessing AWX + +The AWX web interface is running in the AWX pod, behind the `awx-web-svc` service. To view the service, and its port value, run the following command: + +```bash +# View available services +$ oc get services + +NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE +awx-web-svc 172.30.111.74 8052:30083/TCP 37m +postgresql 172.30.102.9 5432/TCP 38m +``` + +The deployment process creates a route, `awx-web-svc`, to expose the service. How the ingres is actually created will vary depending on your environment, and how the cluster is configured. You can view the route, and the external IP address and hostname assigned to it, by running the following command: + +```bash +# View available routes +$ oc get routes + +NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD +awx-web-svc awx-web-svc-awx.192.168.64.2.nip.io awx-web-svc http edge/Allow None +``` + +The above example is taken from a Minishift instance. From a web browser, use `https` to access the `HOST/PORT` value from your environment. Using the above example, the URL to access the server would be [https://awx-web-svc-awx.192.168.64.2.nip.io](https://awx-web-svc-awx.192.168.64.2.nip.io). + +Once you access the AWX server, you will be prompted with a login dialog. The default administrator username is `admin`, and the password is `password`. ## Docker -**TODO** +### Prerequisites + +You will need the following installed on the host where AWX will be deployed: + +- [Docker](https://docs.docker.com/engine/installation/) +- [docker-py](https://github.com/docker/docker-py) Python module + +### Pre-build steps + +#### Deploying to a remote host + +By default, the delivered [inventory](./installer/inventory) file will deploy AWX to the local host. It is possible; however, to deploy to a remote host. The [install.yml](./installer/install.yml) playbook can be used to build images on the local host, and ship the built images to, and run deployment tasks on, a remote host. To do this, modify the *inventory* file, by commenting out `localhost`, and adding the remote host. + +For example, suppose you wish to build images locally on your CI/CD host, and deploy them to a remote host named *awx-server*. To do this, add *awx-server* to the *inventory* file, and comment out or remove `localhost`, as demonstrated by the following: + +```yaml +# localhost ansible_connection=local +awx-server + +[all:vars] +... +``` + +In the above example, image build tasks will be delegated to `localhost`, which is typically where the clone of the AWX project exists. Built images will be archived, copied to remote host, and imported into the remote Docker image cache. Tasks to start the AWX containers will then execute on the remote host. + +**Note** + +> You may also want to set additional variables to control how Ansible connects to the host. For more information about this, view [Behavioral Inventory Parameters](http://docs.ansible.com/ansible/latest/intro_inventory.html#id12). + +> As mentioned above, in Prerequisites](#prerequisites-1), the prerequisites are required on the remote host. + + +#### Inventory variables + +Before starting the build process, review the [inventory](./installer/inventory) file, and uncomment and provide values for the following variables found in the `[all:vars]` section: + +*postgres_data_dir* + +> If you're using the default PostgreSQL container (see [PostgreSQL](#postgresql-1) below), provide a path that can be mounted to the container, and where the database can be persisted. + +*host_port* + +> Proide a port number that can be mapped from the Docker daemon host to the web server running inside the AWX container. Defaults to *80*. + + +#### Docker registry + +If you wish to tag and push built images to a Docker registry, set the following variables in the inventory file: + +*docker_registry* + +> IP address and port, or URL, for accessing a registry. + +*docker_registry_repository* + +> Namespace to use when pushing and pulling images to and from the registry. Defaults to *awx*. + +*docker_registry_username* + +> Username of the user that will push images to the registry. Defaults to *developer*. + +#### PostgreSQL + +AWX requires access to a PostgreSQL database, and by default, one will be created and deployed in a container, and data will be persisted to a host volume. In this scenario, you must set the value of `postgres_data_dir` to a path that can be mounted to the container. When the container is stopped, the database files will still exist in the specified path. + +If you wish to use an external database, in the inventory file, set the value of `pg_hostname`, and update `pg_username`, `pg_password`, `pg_database`, and `pg_port` with the connection information. + +### Start the build + +If you are not pushing images to a Docker registry, start the build by running the following: + +```bash +# Set the working director to installer +$ cd installer + +# Run the Ansible playbook +$ ansible-playbook -i inventory install.yml +``` + +If you're pushing built images to a repository, then use the `-e` option to pass the registry password as follows, replacing *password* with the password of the username assigned to `docker_registry_username`: + +```bash +# Set the working directory to installer +$ cd installer + +# Run the Ansible playbook +$ ansible-playbook -i inventory -e docker_registry_password=password install.yml +``` + +### Post build + +After the playbook run completes, Docker will report up to 5 running containers. If you chose to use an existing PostgresSQL database, then it will report 4. You can view the running containers using the `docker ps` command, as follows: + +```bash +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +e240ed8209cd awx_task:1.0.0.8 "/tini -- /bin/sh ..." 2 minutes ago Up About a minute 8052/tcp awx_task +1cfd02601690 awx_web:1.0.0.8 "/tini -- /bin/sh ..." 2 minutes ago Up About a minute 0.0.0.0:80->8052/tcp awx_web +55a552142bcd memcached:alpine "docker-entrypoint..." 2 minutes ago Up 2 minutes 11211/tcp memcached +84011c072aad rabbitmq:3 "docker-entrypoint..." 2 minutes ago Up 2 minutes 4369/tcp, 5671-5672/tcp, 25672/tcp rabbitmq +97e196120ab3 postgres:9.6 "docker-entrypoint..." 2 minutes ago Up 2 minutes 5432/tcp postgres +``` + +Immediately after the containers start, the *awx_task* container will perform required setup tasks, including database migrations. These tasks need to complete before the web interface can be accessed. To monitor the progress, you can follow the container's STDOUT by running the following: + +```bash +# Tail the the awx_task log +$ docker logs -f awx_task +``` + +You will see output similar to the following: + +```bash +Using /etc/ansible/ansible.cfg as config file +127.0.0.1 | SUCCESS => { + "changed": false, + "db": "awx" +} +Operations to perform: + Synchronize unmigrated apps: solo, api, staticfiles, messages, channels, django_extensions, ui, rest_framework, polymorphic + Apply all migrations: sso, taggit, sessions, djcelery, sites, kombu_transport_django, social_auth, contenttypes, auth, conf, main +Synchronizing apps without migrations: + Creating tables... + Running deferred SQL... + Installing custom SQL... +Running migrations: + Rendering model states... DONE + Applying contenttypes.0001_initial... OK + Applying contenttypes.0002_remove_content_type_name... OK + Applying auth.0001_initial... OK + Applying auth.0002_alter_permission_name_max_length... OK + Applying auth.0003_alter_user_email_max_length... OK + Applying auth.0004_alter_user_username_opts... OK + Applying auth.0005_alter_user_last_login_null... OK + Applying auth.0006_require_contenttypes_0002... OK + Applying taggit.0001_initial... OK + Applying taggit.0002_auto_20150616_2121... OK + Applying main.0001_initial... OK +... +``` + +Once migrations complete, you will see the following log output, indicating that migrations have completed: + +```bash +Python 2.7.5 (default, Nov 6 2016, 00:28:07) +[GCC 4.8.5 20150623 (Red Hat 4.8.5-11)] on linux2 +Type "help", "copyright", "credits" or "license" for more information. +(InteractiveConsole) + +>>> +>>> Default organization added. +Demo Credential, Inventory, and Job Template added. +Successfully registered instance awx +(changed: True) +Creating instance group tower +Added instance awx to tower +(changed: True) +... +``` + +### Accessing AWX + +The AWX web server is accessible on the deployment host, using the *host_port* value set in the *inventory* file. The default URL is [http://localhost](http://localhost). + +You will prompted with a login dialog. The default administrator username is `admin`, and the password is `password`. + -Document Docker deployment here. diff --git a/installer/check_vars/tasks/check_docker.yml b/installer/check_vars/tasks/check_docker.yml new file mode 100644 index 0000000000..98407e117e --- /dev/null +++ b/installer/check_vars/tasks/check_docker.yml @@ -0,0 +1,15 @@ +# check_docker.yml +--- +- name: postgres_data_dir should be defined + assert: + that: + - postgres_data_dir is defined and postgres_data_dir != '' + msg: "Set the value of 'postgres_data_dir' in the inventory file." + when: pg_hostname is not defined or pg_hostname == '' + +- name: host_port should be defined + assert: + that: + - host_port is defined and host_port != '' + msg: "Set the value of 'host_port' in the inventory file." + diff --git a/installer/check_vars/tasks/check_openshift.yml b/installer/check_vars/tasks/check_openshift.yml new file mode 100644 index 0000000000..53164b629c --- /dev/null +++ b/installer/check_vars/tasks/check_openshift.yml @@ -0,0 +1,49 @@ +# check_openshift.yml +--- +- name: awx_openshift_project should be defined + assert: + that: + - awx_openshift_project is defined and awx_openshift_project != '' + msg: "Set the value of 'awx_openshift_project' in the inventory file." + +- name: openshift_user should be defined + assert: + that: + - openshift_user is defined and openshift_user != '' + msg: "Set the value of 'openshift_user' in the inventory file." + +- name: openshift_password should be defined + assert: + that: + - openshift_password is defined and openshift_password != '' + msg: "Set the value of 'openshift_password' in the inventory file." + +- name: awx_node_port should be defined + assert: + that: + - awx_node_port is defined and awx_node_port != '' + msg: "Set the value of 'awx_node_port' in the inventory file." + +- name: docker_registry should be defined + assert: + that: + - docker_registry is defined and docker_registry != '' + msg: "Set the value of 'docker_registry' in the inventory file." + +- name: docker_registry_repository should be defined + assert: + that: + - docker_registry_repository is defined and docker_registry_repository != '' + msg: "Set the value of 'docker_registry_repository' in the inventory file." + +- name: docker_registry_username should be defined + assert: + that: + - docker_registry_username is defined and docker_registry_username != '' + msg: "Set the value of 'docker_registry_username' in the inventory file." + +- name: docker_registry_password should be defined + assert: + that: + - docker_registry_password is defined and docker_registry_password != '' + msg: "Set the value of 'docker_registry_password' in the inventory file." diff --git a/installer/check_vars/tasks/main.yml b/installer/check_vars/tasks/main.yml new file mode 100644 index 0000000000..151144d91f --- /dev/null +++ b/installer/check_vars/tasks/main.yml @@ -0,0 +1,9 @@ +# main.yml +--- + +- include: check_openshift.yml + when: openshift_host is defined and openshift_host != '' + +- include: check_docker.yml + when: openshift_host is not defined or openshift_host == '' + diff --git a/installer/image_build/tasks/main.yml b/installer/image_build/tasks/main.yml index 6d74fabaff..9bc38a687c 100644 --- a/installer/image_build/tasks/main.yml +++ b/installer/image_build/tasks/main.yml @@ -34,17 +34,25 @@ debug: msg: "{{ awx_sdist_file }}" +- name: Stat distribution file + stat: + path: "../dist/{{ awx_sdist_file }}" + delegate_to: localhost + register: sdist + - name: Clean distribution shell: make clean args: chdir: .. + ignore_errors: yes + when: not sdist.stat.exists delegate_to: localhost - name: Build AWX distribution shell: make sdist args: chdir: .. - creates: "../dist/{{ awx_sdist_file }}" + creates: "./dist/{{ awx_sdist_file }}" delegate_to: localhost - name: Set docker build base path @@ -155,3 +163,4 @@ path: "{{ docker_base_path }}" state: absent when: cleanup_docker_base|default(True) + delegate_to: localhost diff --git a/installer/install.yml b/installer/install.yml index 0be29fc951..ee205018ef 100644 --- a/installer/install.yml +++ b/installer/install.yml @@ -1,8 +1,10 @@ --- - -- hosts: all +- name: Build and deploy AWX + hosts: all gather_facts: false roles: + - { role: check_vars } - { role: image_build } - { role: openshift, when: "openshift_host is defined" } - { role: local_docker, when: "openshift_host is not defined" } + diff --git a/installer/inventory b/installer/inventory index ba88da284e..3bb60161f9 100644 --- a/installer/inventory +++ b/installer/inventory @@ -3,12 +3,12 @@ localhost ansible_connection=local [all:vars] # Build AWX with official logos -# Agree to acceptance of trademark guidelines -# Requires awx-logos be checked out in the directory containing the awx repository +# Requires cloning awx-logos repo into the project root. +# Review the trademark guidelines at https://github.com/ansible/awx-logos/blob/master/TRADEMARKS.md awx_official=false -# Local Openshift -# Will need to set -e openshift_password=developer -e docker_registry_password=$(oc whoami -t) +# Openshift Install +# Will need to set -e openshift_password=developer -e docker_registry_password=$(oc whoami -t) # # openshift_host=127.0.0.1:8443 # awx_openshift_project=awx @@ -26,8 +26,8 @@ host_port=80 # docker_registry_repository=awx # docker_registry_username=developer -# Set this if you have an external postgres you are pointing at -# otherwise a new ephemeral awx postgres service will be created +# Set pg_hostname if you have an external postgres server, otherwise +# a new ephemeral postgres service will be created # pg_hostname=postgresql pg_username=awx pg_password=awxpass diff --git a/installer/local_docker/tasks/main.yml b/installer/local_docker/tasks/main.yml index efe9750bdc..606c658ee3 100644 --- a/installer/local_docker/tasks/main.yml +++ b/installer/local_docker/tasks/main.yml @@ -1,11 +1,10 @@ --- - - name: Export Docker web image if it isnt local and there isnt a registry defined docker_image: name: "{{ awx_web_image }}" tag: "{{ awx_version }}" archive_path: "{{ awx_local_base_config_path|default('/tmp') }}/{{ awx_web_image }}_{{ awx_version }}.tar" - when: ansible_connection != "local" and docker_registry is not defined + when: inventory_hostname != "localhost" and docker_registry is not defined delegate_to: localhost - name: Export Docker task image if it isnt local and there isnt a registry defined @@ -13,7 +12,7 @@ name: "{{ awx_task_image }}" tag: "{{ awx_version }}" archive_path: "{{ awx_local_base_config_path|default('/tmp') }}/{{ awx_task_image }}_{{ awx_version }}.tar" - when: ansible_connection != "local" and docker_registry is not defined + when: inventory_hostname != "localhost" and docker_registry is not defined delegate_to: localhost - name: Authenticate with Docker registry if registry password given @@ -53,6 +52,7 @@ name: "{{ awx_web_image }}" tag: "{{ awx_version }}" load_path: "{{ docker_deploy_base_path }}/{{ awx_web_image }}_{{ awx_version }}.tar" + timeout: 300 when: ansible_connection != "local" and docker_registry is not defined - name: Load task image @@ -60,6 +60,7 @@ name: "{{ awx_task_image }}" tag: "{{ awx_version }}" load_path: "{{ docker_deploy_base_path }}/{{ awx_task_image }}_{{ awx_version }}.tar" + timeout: 300 when: ansible_connection != "local" and docker_registry is not defined - name: Tag and push web image to registry