diff --git a/installer/roles/kubernetes/defaults/main.yml b/installer/roles/kubernetes/defaults/main.yml index b4bd738e60..f5bdc08280 100644 --- a/installer/roles/kubernetes/defaults/main.yml +++ b/installer/roles/kubernetes/defaults/main.yml @@ -55,3 +55,5 @@ custom_venvs_python: "python2" ca_trust_bundle: "/etc/pki/tls/certs/ca-bundle.crt" container_groups_image: "ansible/ansible-runner" + +uwsgi_bash: "bash -c" diff --git a/installer/roles/kubernetes/tasks/main.yml b/installer/roles/kubernetes/tasks/main.yml index a73dc7f8e5..3ff39968b4 100644 --- a/installer/roles/kubernetes/tasks/main.yml +++ b/installer/roles/kubernetes/tasks/main.yml @@ -212,6 +212,8 @@ - 'configmap' - 'secret' - 'deployment' + - 'supervisor' + - 'launch_awx' no_log: true - name: Apply Deployment @@ -221,6 +223,8 @@ - "{{ configmap }}" - "{{ secret }}" - "{{ deployment }}" + - "{{ supervisor }}" + - "{{ launch_awx }}" no_log: true - name: Delete any existing management pod diff --git a/installer/roles/kubernetes/templates/configmap.yml.j2 b/installer/roles/kubernetes/templates/configmap.yml.j2 index 9c91eebba7..1e705c42d5 100644 --- a/installer/roles/kubernetes/templates/configmap.yml.j2 +++ b/installer/roles/kubernetes/templates/configmap.yml.j2 @@ -205,6 +205,8 @@ data: USE_X_FORWARDED_PORT = True AWX_CONTAINER_GROUP_DEFAULT_IMAGE = "{{ container_groups_image }}" + REDHAT_CANDLEPIN_HOST = "{{ candlepin_host | default(omit) }}" + REDHAT_CANDLEPIN_VERIFY = "{{ candlepin_verify | default(omit) }}" BROADCAST_WEBSOCKET_PORT = 8052 BROADCAST_WEBSOCKET_PROTOCOL = 'http' diff --git a/installer/roles/kubernetes/templates/deployment.yml.j2 b/installer/roles/kubernetes/templates/deployment.yml.j2 index 0c5f1e5798..ab2731274e 100644 --- a/installer/roles/kubernetes/templates/deployment.yml.j2 +++ b/installer/roles/kubernetes/templates/deployment.yml.j2 @@ -122,6 +122,26 @@ spec: mountPath: "/etc/tower/conf.d/" readOnly: true + - name: {{ kubernetes_deployment_name }}-launch-awx-web + mountPath: "/usr/bin/launch_awx.sh" + subPath: "launch_awx.sh" + readOnly: true + + - name: {{ kubernetes_deployment_name }}-launch-awx-task + mountPath: "/usr/bin/launch_awx_task.sh" + subPath: "launch_awx_task.sh" + readOnly: true + + - name: {{ kubernetes_deployment_name }}-supervisor-web-config + mountPath: "/supervisor.conf" + subPath: supervisor.conf + readOnly: true + + - name: {{ kubernetes_deployment_name }}-supervisor-task-config + mountPath: "/supervisor_task.conf" + subPath: supervisor_task.conf + readOnly: true + - name: {{ kubernetes_deployment_name }}-secret-key mountPath: "/etc/tower/SECRET_KEY" subPath: SECRET_KEY @@ -169,6 +189,26 @@ spec: mountPath: "/etc/tower/conf.d/" readOnly: true + - name: {{ kubernetes_deployment_name }}-launch-awx-web + mountPath: "/usr/bin/launch_awx.sh" + subPath: "launch_awx.sh" + readOnly: true + + - name: {{ kubernetes_deployment_name }}-launch-awx-task + mountPath: "/usr/bin/launch_awx_task.sh" + subPath: "launch_awx_task.sh" + readOnly: true + + - name: {{ kubernetes_deployment_name }}-supervisor-web-config + mountPath: "/supervisor.conf" + subPath: supervisor.conf + readOnly: true + + - name: {{ kubernetes_deployment_name }}-supervisor-task-config + mountPath: "/supervisor_task.conf" + subPath: supervisor_task.conf + readOnly: true + - name: {{ kubernetes_deployment_name }}-secret-key mountPath: "/etc/tower/SECRET_KEY" subPath: SECRET_KEY @@ -304,6 +344,37 @@ spec: - key: environment_sh path: 'environment.sh' + - name: {{ kubernetes_deployment_name }}-launch-awx-web + configMap: + name: {{ kubernetes_deployment_name }}-launch-awx + items: + - key: launch-awx-web + path: 'launch_awx.sh' + defaultMode: 0755 + + - name: {{ kubernetes_deployment_name }}-launch-awx-task + configMap: + name: {{ kubernetes_deployment_name }}-launch-awx + items: + - key: launch-awx-task + path: 'launch_awx_task.sh' + defaultMode: 0755 + + - name: {{ kubernetes_deployment_name }}-supervisor-web-config + configMap: + name: {{ kubernetes_deployment_name }}-supervisor-config + items: + - key: supervisor-web-config + path: 'supervisor.conf' + + - name: {{ kubernetes_deployment_name }}-supervisor-task-config + configMap: + name: {{ kubernetes_deployment_name }}-supervisor-config + items: + - key: supervisor-task-config + path: 'supervisor_task.conf' + + - name: {{ kubernetes_deployment_name }}-secret-key secret: secretName: "{{ kubernetes_deployment_name }}-secrets" diff --git a/installer/roles/kubernetes/templates/launch_awx.yml.j2 b/installer/roles/kubernetes/templates/launch_awx.yml.j2 new file mode 100644 index 0000000000..665511b0e6 --- /dev/null +++ b/installer/roles/kubernetes/templates/launch_awx.yml.j2 @@ -0,0 +1,60 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ kubernetes_deployment_name }}-launch-awx + namespace: {{ kubernetes_namespace }} +data: + launch-awx-task: | + #!/usr/bin/env bash + if [ `id -u` -ge 500 ]; then + echo "awx:x:`id -u`:`id -g`:,,,:/var/lib/awx:/bin/bash" >> /tmp/passwd + cat /tmp/passwd > /etc/passwd + rm /tmp/passwd + fi + + source /etc/tower/conf.d/environment.sh + + ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m wait_for -a "host=$DATABASE_HOST port=$DATABASE_PORT" all + ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m wait_for -a "host=$MEMCACHED_HOST port=11211" all + ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m wait_for -a "path=/var/run/redis/redis.sock" all + + + if [ -z "$AWX_SKIP_MIGRATIONS" ]; then + awx-manage migrate --noinput + fi + + if [ ! -z "$AWX_ADMIN_USER" ]&&[ ! -z "$AWX_ADMIN_PASSWORD" ]; then + echo "from django.contrib.auth.models import User; User.objects.create_superuser('$AWX_ADMIN_USER', 'root@localhost', '$AWX_ADMIN_PASSWORD')" | awx-manage shell + awx-manage create_preload_data + else + echo "from django.contrib.auth.models import User; User.objects.create_superuser('admin', 'root@localhost', 'password')" | awx-manage shell + awx-manage create_preload_data + fi + echo 'from django.conf import settings; x = settings.AWX_TASK_ENV; x["HOME"] = "/var/lib/awx"; settings.AWX_TASK_ENV = x' | awx-manage shell + awx-manage provision_instance --hostname=$(hostname) + awx-manage register_queue --queuename=tower --instance_percent=100 + + unset $(cut -d = -f -1 /etc/tower/conf.d/environment.sh) + + supervisord -c /supervisor_task.conf + + launch-awx-web: | + #!/usr/bin/env bash + if [ `id -u` -ge 500 ]; then + echo "awx:x:`id -u`:`id -g`:,,,:/var/lib/awx:/bin/bash" >> /tmp/passwd + cat /tmp/passwd > /etc/passwd + rm /tmp/passwd + fi + + source /etc/tower/conf.d/environment.sh + + ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m wait_for -a "host=$DATABASE_HOST port=$DATABASE_PORT" all + ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m wait_for -a "host=$MEMCACHED_HOST port=11211" all + ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m wait_for -a "path=/var/run/redis/redis.sock" all + + awx-manage collectstatic --noinput --clear + + unset $(cut -d = -f -1 /etc/tower/conf.d/environment.sh) + + supervisord -c /supervisor.conf + diff --git a/installer/roles/kubernetes/templates/supervisor.yml.j2 b/installer/roles/kubernetes/templates/supervisor.yml.j2 new file mode 100644 index 0000000000..2ba5ba0e27 --- /dev/null +++ b/installer/roles/kubernetes/templates/supervisor.yml.j2 @@ -0,0 +1,131 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ kubernetes_deployment_name }}-supervisor-config + namespace: {{ kubernetes_namespace }} +data: + supervisor-web-config: | + [supervisord] + nodaemon = True + umask = 022 + + [program:nginx] + command = nginx -g "daemon off;" + autostart = true + autorestart = true + stopwaitsecs = 5 + stdout_logfile=/dev/stdout + stdout_logfile_maxbytes=0 + stderr_logfile=/dev/stderr + stderr_logfile_maxbytes=0 + + [program:uwsgi] + command = {{ uwsgi_bash }} '/var/lib/awx/venv/awx/bin/uwsgi --socket 127.0.0.1:8050 --module=awx.wsgi:application --vacuum --processes=5 --harakiri=120 --no-orphans --master --max-requests=1000 --master-fifo=/var/lib/awx/awxfifo --lazy-apps -b 32768' + directory = /var/lib/awx + autostart = true + autorestart = true + stopwaitsecs = 15 + stopsignal = INT + stdout_logfile=/dev/stdout + stdout_logfile_maxbytes=0 + stderr_logfile=/dev/stderr + stderr_logfile_maxbytes=0 + + [program:daphne] + command = {{ uwsgi_bash }} '/var/lib/awx/venv/awx/bin/daphne -b 127.0.0.1 -p 8051 awx.asgi:channel_layer' + directory = /var/lib/awx + autostart = true + autorestart = true + stopwaitsecs = 5 + stdout_logfile=/dev/stdout + stdout_logfile_maxbytes=0 + stderr_logfile=/dev/stderr + stderr_logfile_maxbytes=0 + + [program:wsbroadcast] + command = awx-manage run_wsbroadcast + directory = /var/lib/awx + autostart = true + autorestart = true + stopwaitsecs = 5 + stdout_logfile=/dev/stdout + stdout_logfile_maxbytes=0 + stderr_logfile=/dev/stderr + stderr_logfile_maxbytes=0 + + [group:tower-processes] + programs=nginx,uwsgi,daphne,wsbroadcast + priority=5 + + # TODO: Exit Handler + + [eventlistener:awx-config-watcher] + command=/usr/bin/config-watcher + stderr_logfile=/dev/stdout + stderr_logfile_maxbytes=0 + stdout_logfile=/dev/stdout + stdout_logfile_maxbytes=0 + events=TICK_60 + priority=0 + + [unix_http_server] + file=/tmp/supervisor.sock + + [supervisorctl] + serverurl=unix:///tmp/supervisor.sock ; use a unix:// URL for a unix socket + + [rpcinterface:supervisor] + supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface + + supervisor-task-config: | + [supervisord] + nodaemon = True + umask = 022 + + [program:dispatcher] + command = awx-manage run_dispatcher + directory = /var/lib/awx + environment = LANGUAGE="en_US.UTF-8",LANG="en_US.UTF-8",LC_ALL="en_US.UTF-8",LC_CTYPE="en_US.UTF-8" + autostart = true + autorestart = true + stopwaitsecs = 5 + stdout_logfile=/dev/stdout + stdout_logfile_maxbytes=0 + stderr_logfile=/dev/stderr + stderr_logfile_maxbytes=0 + + [program:callback-receiver] + command = awx-manage run_callback_receiver + directory = /var/lib/awx + autostart = true + autorestart = true + stopwaitsecs = 5 + stdout_logfile=/dev/stdout + stdout_logfile_maxbytes=0 + stderr_logfile=/dev/stderr + stderr_logfile_maxbytes=0 + + [group:tower-processes] + programs=dispatcher,callback-receiver + priority=5 + + # TODO: Exit Handler + + [eventlistener:awx-config-watcher] + command=/usr/bin/config-watcher + stderr_logfile=/dev/stdout + stderr_logfile_maxbytes=0 + stdout_logfile=/dev/stdout + stdout_logfile_maxbytes=0 + events=TICK_60 + priority=0 + + [unix_http_server] + file=/tmp/supervisor.sock + + [supervisorctl] + serverurl=unix:///tmp/supervisor.sock ; use a unix:// URL for a unix socket + + [rpcinterface:supervisor] + supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface + diff --git a/installer/roles/kubernetes/vars/openshift.yml b/installer/roles/kubernetes/vars/openshift.yml index 95f3d01eb8..32608d0da3 100644 --- a/installer/roles/kubernetes/vars/openshift.yml +++ b/installer/roles/kubernetes/vars/openshift.yml @@ -1,3 +1,4 @@ --- openshift_oc_config_file: "{{ kubernetes_base_path }}/.kube/config" openshift_oc_bin: "oc --config={{ openshift_oc_config_file }}" +uwsgi_bash: "scl enable rh-postgresql10"