External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-07 03:31:10 -03:30
Code Issues Packages Projects Releases Wiki Activity

Downstream k8s installer changes

Browse Source
This commit is contained in:
Shane McDonald
2019-10-22 15:48:46 -04:00
parent cafac2338d
commit 8356327c2b
9 changed files with 129 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
installer/roles/kubernetes/defaults/main.yml
View File

@@ -30,7 +30,7 @@ rabbitmq_cpu_request: 500
memcached_mem_request: 1 memcached_mem_request: 1
memcached_cpu_request: 500 memcached_cpu_request: 500
kubernetes_rabbitmq_version: "3.7.4" kubernetes_rabbitmq_version: "3.7.15"
kubernetes_rabbitmq_image: "ansible/awx_rabbitmq" kubernetes_rabbitmq_image: "ansible/awx_rabbitmq"
kubernetes_memcached_version: "latest" kubernetes_memcached_version: "latest"
@@ -45,7 +45,13 @@ kubernetes_deployment_replica_size: 1
postgress_activate_wait: 60 postgress_activate_wait: 60
restore_backup_file: "./tower-openshift-backup-latest.tar.gz"
insights_url_base: "https://example.org" insights_url_base: "https://example.org"
custom_venvs_path: "/opt/custom-venvs" custom_venvs_path: "/opt/custom-venvs"
custom_venvs_python: "python2" custom_venvs_python: "python2"
ca_trust_bundle: "/etc/pki/tls/certs/ca-bundle.crt"
rabbitmq_use_ssl: False

2
installer/roles/kubernetes/tasks/backup.yml
View File

@@ -50,7 +50,7 @@
shell: | shell: |
{{ kubectl_or_oc }} -n {{ kubernetes_namespace }} exec ansible-tower-management -- \ {{ kubectl_or_oc }} -n {{ kubernetes_namespace }} exec ansible-tower-management -- \
bash -c "PGPASSWORD={{ pg_password | quote }} \ bash -c "PGPASSWORD={{ pg_password | quote }} \
pg_dump --clean --create \ scl enable rh-postgresql10 -- pg_dump --clean --create \
--host='{{ pg_hostname | default('postgresql') }}' \ --host='{{ pg_hostname | default('postgresql') }}' \
--port={{ pg_port | default('5432') }} \ --port={{ pg_port | default('5432') }} \
--username='{{ pg_username }}' \ --username='{{ pg_username }}' \

57
installer/roles/kubernetes/tasks/main.yml
View File

@@ -113,6 +113,59 @@
seconds: "{{ postgress_activate_wait }}" seconds: "{{ postgress_activate_wait }}"
when: openshift_pg_activate.changed or kubernetes_pg_activate.changed when: openshift_pg_activate.changed or kubernetes_pg_activate.changed
- name: Check if Postgres 9.6 is being used
shell: |
POD=$({{ kubectl_or_oc }} -n {{ kubernetes_namespace }} \
get pods -l=name=postgresql --field-selector status.phase=Running -o jsonpath="{.items[0].metadata.name}")
oc exec -ti $POD -n {{ kubernetes_namespace }} -- bash -c "psql -tAc 'select version()'"
register: pg_version
- name: Upgrade Postgres if necessary
block:
- name: Set new pg image
shell: |
IMAGE=registry.access.redhat.com/rhscl/postgresql-10-rhel7
{{ kubectl_or_oc }} -n {{ kubernetes_namespace }} set image dc/postgresql postgresql=$IMAGE
- name: Wait for change to take affect
pause:
seconds: 5
- name: Set env var for pg upgrade
shell: |
{{ kubectl_or_oc }} -n {{ kubernetes_namespace }} set env dc/postgresql POSTGRESQL_UPGRADE=copy
- name: Wait for change to take affect
pause:
seconds: 5
- name: Set env var for new pg version
shell: |
{{ kubectl_or_oc }} -n {{ kubernetes_namespace }} set env dc/postgresql POSTGRESQL_VERSION=10
- name: Wait for Postgres to redeploy
pause:
seconds: "{{ postgress_activate_wait }}"
- name: Wait for Postgres to finish upgrading
shell: |
POD=$({{ kubectl_or_oc }} -n {{ kubernetes_namespace }} \
get pods -l=name=postgresql -o jsonpath="{.items[0].metadata.name}")
{{ kubectl_or_oc }} -n {{ kubernetes_namespace }} logs $POD | grep 'Upgrade DONE'
register: pg_upgrade_logs
retries: 360
delay: 10
until: pg_upgrade_logs is success
- name: Unset upgrade env var
shell: |
{{ kubectl_or_oc }} -n {{ kubernetes_namespace }} set env dc/postgresql POSTGRESQL_UPGRADE-
- name: Wait for Postgres to redeploy
pause:
seconds: "{{ postgress_activate_wait }}"
when: "pg_version is success and '9.6' in pg_version.stdout"
- name: Set image names if using custom registry - name: Set image names if using custom registry
block: block:
- name: Set task image name - name: Set task image name
@@ -126,6 +179,10 @@
when: kubernetes_web_image is not defined when: kubernetes_web_image is not defined
when: docker_registry is defined when: docker_registry is defined
- name: Generate SSL certificates for RabbitMQ, if needed
include_tasks: ssl_cert_gen.yml
when: "rabbitmq_use_ssl|default(False)|bool"
- name: Render deployment templates - name: Render deployment templates
set_fact: set_fact:
"{{ item }}": "{{ lookup('template', item + '.yml.j2') }}" "{{ item }}": "{{ lookup('template', item + '.yml.j2') }}"

8
installer/roles/kubernetes/tasks/restore.yml
View File

@@ -21,7 +21,7 @@
- name: Unarchive Tower backup - name: Unarchive Tower backup
unarchive: unarchive:
src: tower-openshift-backup-latest.tar.gz src: "{{ restore_backup_file }}"
dest: "{{ playbook_dir }}/tower-openshift-restore" dest: "{{ playbook_dir }}/tower-openshift-restore"
extra_opts: [--strip-components=1] extra_opts: [--strip-components=1]
@@ -76,7 +76,7 @@
shell: | shell: |
{{ kubectl_or_oc }} -n {{ kubernetes_namespace }} \ {{ kubectl_or_oc }} -n {{ kubernetes_namespace }} \
exec -i ansible-tower-management -- bash -c "PGPASSWORD={{ pg_password | quote }} \ exec -i ansible-tower-management -- bash -c "PGPASSWORD={{ pg_password | quote }} \
psql \ scl enable rh-postgresql10 -- psql \
--host={{ pg_hostname | default('postgresql') }} \ --host={{ pg_hostname | default('postgresql') }} \
--port={{ pg_port | default('5432') }} \ --port={{ pg_port | default('5432') }} \
--username=postgres \ --username=postgres \
@@ -88,7 +88,7 @@
shell: | shell: |
{{ kubectl_or_oc }} -n {{ kubernetes_namespace }} \ {{ kubectl_or_oc }} -n {{ kubernetes_namespace }} \
exec -i ansible-tower-management -- bash -c "PGPASSWORD={{ pg_password | quote }} \ exec -i ansible-tower-management -- bash -c "PGPASSWORD={{ pg_password | quote }} \
psql \ scl enable rh-postgresql10 -- psql \
--host={{ pg_hostname | default('postgresql') }} \ --host={{ pg_hostname | default('postgresql') }} \
--port={{ pg_port | default('5432') }} \ --port={{ pg_port | default('5432') }} \
--username={{ pg_username }} \ --username={{ pg_username }} \
@@ -99,7 +99,7 @@
shell: | shell: |
{{ kubectl_or_oc }} -n {{ kubernetes_namespace }} \ {{ kubectl_or_oc }} -n {{ kubernetes_namespace }} \
exec -i ansible-tower-management -- bash -c "PGPASSWORD={{ pg_password | quote }} \ exec -i ansible-tower-management -- bash -c "PGPASSWORD={{ pg_password | quote }} \
psql \ scl enable rh-postgresql10 -- psql \
--host={{ pg_hostname | default('postgresql') }} \ --host={{ pg_hostname | default('postgresql') }} \
--port={{ pg_port | default('5432') }} \ --port={{ pg_port | default('5432') }} \
--username=postgres \ --username=postgres \

3
installer/roles/kubernetes/templates/configmap.yml.j2
View File

@@ -18,6 +18,8 @@ data:
SYSTEM_TASK_ABS_MEM = {{ ((task_mem_request|int * 1024) / 100)|int }} SYSTEM_TASK_ABS_MEM = {{ ((task_mem_request|int * 1024) / 100)|int }}
INSIGHTS_URL_BASE = "{{ insights_url_base }}" INSIGHTS_URL_BASE = "{{ insights_url_base }}"
INSIGHTS_AGENT_MIME = "application/vnd.redhat.tower.analytics+tgz"
AUTOMATION_ANALYTICS_URL = 'https://cloud.redhat.com/api/ingress/v1/upload'
#Autoprovisioning should replace this #Autoprovisioning should replace this
CLUSTER_HOST_ID = socket.gethostname() CLUSTER_HOST_ID = socket.gethostname()
@@ -62,6 +64,7 @@ data:
LOGGING['loggers']['rbac_migrations']['handlers'] = ['console'] LOGGING['loggers']['rbac_migrations']['handlers'] = ['console']
LOGGING['loggers']['awx.isolated.manager.playbooks']['handlers'] = ['console'] LOGGING['loggers']['awx.isolated.manager.playbooks']['handlers'] = ['console']
LOGGING['handlers']['callback_receiver'] = {'class': 'logging.NullHandler'} LOGGING['handlers']['callback_receiver'] = {'class': 'logging.NullHandler'}
LOGGING['handlers']['fact_receiver'] = {'class': 'logging.NullHandler'}
LOGGING['handlers']['task_system'] = {'class': 'logging.NullHandler'} LOGGING['handlers']['task_system'] = {'class': 'logging.NullHandler'}
LOGGING['handlers']['tower_warnings'] = {'class': 'logging.NullHandler'} LOGGING['handlers']['tower_warnings'] = {'class': 'logging.NullHandler'}
LOGGING['handlers']['rbac_migrations'] = {'class': 'logging.NullHandler'} LOGGING['handlers']['rbac_migrations'] = {'class': 'logging.NullHandler'}

3
installer/roles/kubernetes/templates/credentials.py.j2
View File

@@ -7,6 +7,9 @@ DATABASES = {
'PASSWORD': "{{ pg_password }}", 'PASSWORD': "{{ pg_password }}",
'HOST': "{{ pg_hostname|default('postgresql') }}", 'HOST': "{{ pg_hostname|default('postgresql') }}",
'PORT': "{{ pg_port }}", 'PORT': "{{ pg_port }}",
'OPTIONS': { 'sslmode': '{{ pg_sslmode|default("prefer") }}',
'sslrootcert': '{{ ca_trust_bundle }}',
},
} }
} }
BROKER_URL = 'amqp://{}:{}@{}:{}/{}'.format( BROKER_URL = 'amqp://{}:{}@{}:{}/{}'.format(

35
installer/roles/kubernetes/templates/deployment.yml.j2
View File

@@ -61,6 +61,20 @@ data:
queue_master_locator=min-masters queue_master_locator=min-masters
## enable guest user ## enable guest user
loopback_users.guest = false loopback_users.guest = false
{% if rabbitmq_use_ssl|default(False)|bool %}
ssl_options.cacertfile=/etc/pki/rabbitmq/ca.crt
ssl_options.certfile=/etc/pki/rabbitmq/server-combined.pem
ssl_options.verify=verify_peer
{% endif %}
rabbitmq-env.conf: |
NODENAME=${RABBITMQ_NODENAME}
USE_LONGNAME=true
{% if rabbitmq_use_ssl|default(False)|bool %}
ERL_SSL_PATH=$(erl -eval 'io:format("~p", [code:lib_dir(ssl, ebin)]),halt().' -noshell)
SSL_ADDITIONAL_ERL_ARGS="-pa '$ERL_SSL_PATH' -proto_dist inet_tls -ssl_dist_opt server_certfile /etc/pki/rabbitmq/server-combined.pem -ssl_dist_opt server_secure_renegotiate true client_secure_renegotiate true"
SERVER_ADDITIONAL_ERL_ARGS="$SERVER_ADDITIONAL_ERL_ARGS $SSL_ADDITIONAL_ERL_ARGS"
CTL_ERL_ARGS="$SSL_ADDITIONAL_ERL_ARGS"
{% endif %}
{% if kubernetes_context is defined %} {% if kubernetes_context is defined %}
--- ---
@@ -307,6 +321,10 @@ spec:
mountPath: /etc/rabbitmq mountPath: /etc/rabbitmq
- name: rabbitmq-healthchecks - name: rabbitmq-healthchecks
mountPath: /usr/local/bin/healthchecks mountPath: /usr/local/bin/healthchecks
{% if rabbitmq_use_ssl|default(False)|bool %}
- name: "{{ kubernetes_deployment_name }}-rabbitmq-certs-vol"
mountPath: /etc/pki/rabbitmq
{% endif %}
resources: resources:
requests: requests:
memory: "{{ rabbitmq_mem_request }}Gi" memory: "{{ rabbitmq_mem_request }}Gi"
@@ -398,6 +416,23 @@ spec:
path: enabled_plugins path: enabled_plugins
- key: rabbitmq_definitions.json - key: rabbitmq_definitions.json
path: rabbitmq_definitions.json path: rabbitmq_definitions.json
- key: rabbitmq-env.conf
path: rabbitmq-env.conf
{% if rabbitmq_use_ssl|default(False)|bool %}
- name: "{{ kubernetes_deployment_name }}-rabbitmq-certs-vol"
secret:
secretName: "{{ kubernetes_deployment_name }}-rabbitmq-certs"
items:
- key: rabbitmq_ssl_cert
path: 'server.crt'
- key: rabbitmq_ssl_key
path: 'server.key'
- key: rabbitmq_ssl_cacert
path: 'ca.crt'
- key: rabbitmq_ssl_combined
path: 'server-combined.pem'
{% endif %}
- name: rabbitmq-healthchecks - name: rabbitmq-healthchecks
configMap: configMap:
name: {{ kubernetes_deployment_name }}-healthchecks name: {{ kubernetes_deployment_name }}-healthchecks

4
installer/roles/kubernetes/templates/environment.sh.j2
View File

@@ -2,8 +2,8 @@ DATABASE_USER={{ pg_username }}
DATABASE_NAME={{ pg_database }} DATABASE_NAME={{ pg_database }}
DATABASE_HOST={{ pg_hostname|default('postgresql') }} DATABASE_HOST={{ pg_hostname|default('postgresql') }}
DATABASE_PORT={{ pg_port|default('5432') }} DATABASE_PORT={{ pg_port|default('5432') }}
DATABASE_PASSWORD={{ pg_password|default('awxpass') }} DATABASE_PASSWORD={{ pg_password | quote }}
DATABASE_ADMIN_PASSWORD={{ pg_admin_password|default('postgrespass') }} DATABASE_ADMIN_PASSWORD={{ pg_admin_password | quote }}
MEMCACHED_HOST={{ memcached_hostname|default('localhost') }} MEMCACHED_HOST={{ memcached_hostname|default('localhost') }}
MEMCACHED_PORT={{ memcached_port|default('11211') }} MEMCACHED_PORT={{ memcached_port|default('11211') }}
RABBITMQ_HOST={{ rabbitmq_hostname|default('localhost') }} RABBITMQ_HOST={{ rabbitmq_hostname|default('localhost') }}

15
installer/roles/kubernetes/templates/secret.yml.j2
View File

@@ -13,3 +13,18 @@ data:
rabbitmq_erlang_cookie: "{{ rabbitmq_erlang_cookie | b64encode }}" rabbitmq_erlang_cookie: "{{ rabbitmq_erlang_cookie | b64encode }}"
credentials_py: "{{ lookup('template', 'credentials.py.j2') | b64encode }}" credentials_py: "{{ lookup('template', 'credentials.py.j2') | b64encode }}"
environment_sh: "{{ lookup('template', 'environment.sh.j2') | b64encode }}" environment_sh: "{{ lookup('template', 'environment.sh.j2') | b64encode }}"
{% if rabbitmq_use_ssl|default(False)|bool %}
---
apiVersion: v1
kind: Secret
metadata:
namespace: {{ kubernetes_namespace }}
name: "{{ kubernetes_deployment_name }}-rabbitmq-certs"
type: Opaque
data:
rabbitmq_ssl_cert: "{{ lookup('file', rmq_cert_tempdir.path + '/server.crt') | b64encode }}"
rabbitmq_ssl_key: "{{ lookup('file', rmq_cert_tempdir.path + '/server.key') | b64encode }}"
rabbitmq_ssl_cacert: "{{ lookup('file', rmq_cert_tempdir.path + '/ca.crt') | b64encode }}"
rabbitmq_ssl_combined: "{{ lookup('file', rmq_cert_tempdir.path + '/server-combined.pem') | b64encode }}"
{% endif %}