Merge pull request #6266 from rooftopcellist/configmap_container_files

ConfigMap supervisor configs and launch scripts for k8s

Reviewed-by: https://github.com/apps/softwarefactory-project-zuul

installer/roles/kubernetes/defaults/main.yml

@@ -55,3 +55,5 @@ custom_venvs_python: "python2"
 ca_trust_bundle: "/etc/pki/tls/certs/ca-bundle.crt"
 
 container_groups_image: "ansible/ansible-runner"
+
+uwsgi_bash: "bash -c"

installer/roles/kubernetes/tasks/main.yml

@@ -212,6 +212,8 @@
     - 'configmap'
     - 'secret'
     - 'deployment'
+    - 'supervisor'
+    - 'launch_awx'
   no_log: true
 
 - name: Apply Deployment
@@ -221,6 +223,8 @@
     - "{{ configmap }}"
     - "{{ secret }}"
     - "{{ deployment }}"
+    - "{{ supervisor }}"
+    - "{{ launch_awx }}"
   no_log: true
 
 - name: Delete any existing management pod

installer/roles/kubernetes/templates/configmap.yml.j2

@@ -205,6 +205,8 @@ data:
     USE_X_FORWARDED_PORT = True
 
     AWX_CONTAINER_GROUP_DEFAULT_IMAGE = "{{ container_groups_image }}"
+    REDHAT_CANDLEPIN_HOST = "{{ candlepin_host  | default(omit) }}"
+    REDHAT_CANDLEPIN_VERIFY = "{{ candlepin_verify | default(omit) }}"
     BROADCAST_WEBSOCKET_PORT = 8052
     BROADCAST_WEBSOCKET_PROTOCOL = 'http'
 

installer/roles/kubernetes/templates/deployment.yml.j2

@@ -122,6 +122,26 @@ spec:
               mountPath: "/etc/tower/conf.d/"
               readOnly: true
 
+            - name: {{ kubernetes_deployment_name }}-launch-awx-web
+              mountPath: "/usr/bin/launch_awx.sh"
+              subPath: "launch_awx.sh"
+              readOnly: true
+
+            - name: {{ kubernetes_deployment_name }}-launch-awx-task
+              mountPath: "/usr/bin/launch_awx_task.sh"
+              subPath: "launch_awx_task.sh"
+              readOnly: true  
+
+            - name: {{ kubernetes_deployment_name }}-supervisor-web-config
+              mountPath: "/supervisor.conf"
+              subPath: supervisor.conf
+              readOnly: true
+
+            - name: {{ kubernetes_deployment_name }}-supervisor-task-config
+              mountPath: "/supervisor_task.conf"
+              subPath: supervisor_task.conf
+              readOnly: true
+
             - name: {{ kubernetes_deployment_name }}-secret-key
               mountPath: "/etc/tower/SECRET_KEY"
               subPath: SECRET_KEY
@@ -169,6 +189,26 @@ spec:
               mountPath: "/etc/tower/conf.d/"
               readOnly: true
 
+            - name: {{ kubernetes_deployment_name }}-launch-awx-web
+              mountPath: "/usr/bin/launch_awx.sh"
+              subPath: "launch_awx.sh"
+              readOnly: true
+
+            - name: {{ kubernetes_deployment_name }}-launch-awx-task
+              mountPath: "/usr/bin/launch_awx_task.sh"
+              subPath: "launch_awx_task.sh"
+              readOnly: true  
+
+            - name: {{ kubernetes_deployment_name }}-supervisor-web-config
+              mountPath: "/supervisor.conf"
+              subPath: supervisor.conf
+              readOnly: true
+
+            - name: {{ kubernetes_deployment_name }}-supervisor-task-config
+              mountPath: "/supervisor_task.conf"
+              subPath: supervisor_task.conf
+              readOnly: true
+
             - name: {{ kubernetes_deployment_name }}-secret-key
               mountPath: "/etc/tower/SECRET_KEY"
               subPath: SECRET_KEY
@@ -304,6 +344,37 @@ spec:
               - key: environment_sh
                 path: 'environment.sh'
 
+        - name: {{ kubernetes_deployment_name }}-launch-awx-web
+          configMap:
+            name: {{ kubernetes_deployment_name }}-launch-awx
+            items:
+              - key: launch-awx-web
+                path: 'launch_awx.sh'
+            defaultMode: 0755
+
+        - name: {{ kubernetes_deployment_name }}-launch-awx-task
+          configMap:
+            name: {{ kubernetes_deployment_name }}-launch-awx
+            items:
+              - key: launch-awx-task
+                path: 'launch_awx_task.sh'
+            defaultMode: 0755
+
+        - name: {{ kubernetes_deployment_name }}-supervisor-web-config
+          configMap:
+            name: {{ kubernetes_deployment_name }}-supervisor-config
+            items:
+              - key: supervisor-web-config
+                path: 'supervisor.conf'
+
+        - name: {{ kubernetes_deployment_name }}-supervisor-task-config
+          configMap:
+            name: {{ kubernetes_deployment_name }}-supervisor-config
+            items:
+              - key: supervisor-task-config
+                path: 'supervisor_task.conf'
+
+
         - name: {{ kubernetes_deployment_name }}-secret-key
           secret:
             secretName: "{{ kubernetes_deployment_name }}-secrets"

installer/roles/kubernetes/templates/launch_awx.yml.j2

@@ -0,0 +1,60 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ kubernetes_deployment_name }}-launch-awx
+  namespace: {{ kubernetes_namespace }}
+data:
+  launch-awx-task: |
+    #!/usr/bin/env bash
+    if [ `id -u` -ge 500 ]; then
+        echo "awx:x:`id -u`:`id -g`:,,,:/var/lib/awx:/bin/bash" >> /tmp/passwd
+        cat /tmp/passwd > /etc/passwd
+        rm /tmp/passwd
+    fi
+
+    source /etc/tower/conf.d/environment.sh
+
+    ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m wait_for -a "host=$DATABASE_HOST port=$DATABASE_PORT" all
+    ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m wait_for -a "host=$MEMCACHED_HOST port=11211" all
+    ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m wait_for -a "path=/var/run/redis/redis.sock" all
+
+
+    if [ -z "$AWX_SKIP_MIGRATIONS" ]; then
+        awx-manage migrate --noinput
+    fi
+
+    if [ ! -z "$AWX_ADMIN_USER" ]&&[ ! -z "$AWX_ADMIN_PASSWORD" ]; then
+        echo "from django.contrib.auth.models import User; User.objects.create_superuser('$AWX_ADMIN_USER', 'root@localhost', '$AWX_ADMIN_PASSWORD')" | awx-manage shell
+        awx-manage create_preload_data
+    else
+        echo "from django.contrib.auth.models import User; User.objects.create_superuser('admin', 'root@localhost', 'password')" | awx-manage shell
+        awx-manage create_preload_data
+    fi
+    echo 'from django.conf import settings; x = settings.AWX_TASK_ENV; x["HOME"] = "/var/lib/awx"; settings.AWX_TASK_ENV = x' | awx-manage shell
+    awx-manage provision_instance --hostname=$(hostname)
+    awx-manage register_queue --queuename=tower --instance_percent=100
+
+    unset $(cut -d = -f -1 /etc/tower/conf.d/environment.sh)
+
+    supervisord -c /supervisor_task.conf
+
+  launch-awx-web: |
+    #!/usr/bin/env bash
+    if [ `id -u` -ge 500 ]; then
+        echo "awx:x:`id -u`:`id -g`:,,,:/var/lib/awx:/bin/bash" >> /tmp/passwd
+        cat /tmp/passwd > /etc/passwd
+        rm /tmp/passwd
+    fi
+
+    source /etc/tower/conf.d/environment.sh
+
+    ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m wait_for -a "host=$DATABASE_HOST port=$DATABASE_PORT" all
+    ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m wait_for -a "host=$MEMCACHED_HOST port=11211" all
+    ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m wait_for -a "path=/var/run/redis/redis.sock" all
+
+    awx-manage collectstatic --noinput --clear
+
+    unset $(cut -d = -f -1 /etc/tower/conf.d/environment.sh)
+
+    supervisord -c /supervisor.conf
+

installer/roles/kubernetes/templates/supervisor.yml.j2

@@ -0,0 +1,131 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ kubernetes_deployment_name }}-supervisor-config
+  namespace: {{ kubernetes_namespace }}
+data:
+  supervisor-web-config: |
+    [supervisord]
+    nodaemon = True
+    umask = 022
+
+    [program:nginx]
+    command = nginx -g "daemon off;"
+    autostart = true
+    autorestart = true
+    stopwaitsecs = 5
+    stdout_logfile=/dev/stdout
+    stdout_logfile_maxbytes=0
+    stderr_logfile=/dev/stderr
+    stderr_logfile_maxbytes=0
+
+    [program:uwsgi]
+    command = {{ uwsgi_bash }} '/var/lib/awx/venv/awx/bin/uwsgi --socket 127.0.0.1:8050 --module=awx.wsgi:application --vacuum --processes=5 --harakiri=120 --no-orphans --master --max-requests=1000 --master-fifo=/var/lib/awx/awxfifo --lazy-apps -b 32768'
+    directory = /var/lib/awx
+    autostart = true
+    autorestart = true
+    stopwaitsecs = 15
+    stopsignal = INT
+    stdout_logfile=/dev/stdout
+    stdout_logfile_maxbytes=0
+    stderr_logfile=/dev/stderr
+    stderr_logfile_maxbytes=0
+
+    [program:daphne]
+    command = {{ uwsgi_bash }} '/var/lib/awx/venv/awx/bin/daphne -b 127.0.0.1 -p 8051 awx.asgi:channel_layer'
+    directory = /var/lib/awx
+    autostart = true
+    autorestart = true
+    stopwaitsecs = 5
+    stdout_logfile=/dev/stdout
+    stdout_logfile_maxbytes=0
+    stderr_logfile=/dev/stderr
+    stderr_logfile_maxbytes=0
+
+    [program:wsbroadcast]
+    command = awx-manage run_wsbroadcast
+    directory = /var/lib/awx
+    autostart = true
+    autorestart = true
+    stopwaitsecs = 5
+    stdout_logfile=/dev/stdout
+    stdout_logfile_maxbytes=0
+    stderr_logfile=/dev/stderr
+    stderr_logfile_maxbytes=0
+
+    [group:tower-processes]
+    programs=nginx,uwsgi,daphne,wsbroadcast
+    priority=5
+
+    # TODO: Exit Handler
+
+    [eventlistener:awx-config-watcher]
+    command=/usr/bin/config-watcher
+    stderr_logfile=/dev/stdout
+    stderr_logfile_maxbytes=0
+    stdout_logfile=/dev/stdout
+    stdout_logfile_maxbytes=0
+    events=TICK_60
+    priority=0
+
+    [unix_http_server]
+    file=/tmp/supervisor.sock
+
+    [supervisorctl]
+    serverurl=unix:///tmp/supervisor.sock ; use a unix:// URL  for a unix socket
+
+    [rpcinterface:supervisor]
+    supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+  supervisor-task-config: |
+    [supervisord]
+    nodaemon = True
+    umask = 022
+
+    [program:dispatcher]
+    command = awx-manage run_dispatcher
+    directory = /var/lib/awx
+    environment = LANGUAGE="en_US.UTF-8",LANG="en_US.UTF-8",LC_ALL="en_US.UTF-8",LC_CTYPE="en_US.UTF-8"
+    autostart = true
+    autorestart = true
+    stopwaitsecs = 5
+    stdout_logfile=/dev/stdout
+    stdout_logfile_maxbytes=0
+    stderr_logfile=/dev/stderr
+    stderr_logfile_maxbytes=0
+
+    [program:callback-receiver]
+    command = awx-manage run_callback_receiver
+    directory = /var/lib/awx
+    autostart = true
+    autorestart = true
+    stopwaitsecs = 5
+    stdout_logfile=/dev/stdout
+    stdout_logfile_maxbytes=0
+    stderr_logfile=/dev/stderr
+    stderr_logfile_maxbytes=0
+
+    [group:tower-processes]
+    programs=dispatcher,callback-receiver
+    priority=5
+
+    # TODO: Exit Handler
+
+    [eventlistener:awx-config-watcher]
+    command=/usr/bin/config-watcher
+    stderr_logfile=/dev/stdout
+    stderr_logfile_maxbytes=0
+    stdout_logfile=/dev/stdout
+    stdout_logfile_maxbytes=0
+    events=TICK_60
+    priority=0
+
+    [unix_http_server]
+    file=/tmp/supervisor.sock
+
+    [supervisorctl]
+    serverurl=unix:///tmp/supervisor.sock ; use a unix:// URL  for a unix socket
+
+    [rpcinterface:supervisor]
+    supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+

installer/roles/kubernetes/vars/openshift.yml

@@ -1,3 +1,4 @@
 ---
 openshift_oc_config_file: "{{ kubernetes_base_path }}/.kube/config"
 openshift_oc_bin: "oc --config={{ openshift_oc_config_file }}"
+uwsgi_bash: "scl enable rh-postgresql10"