Initial awx installer

installer/image_build/tasks/main.yml

@@ -0,0 +1,138 @@
+---
+
+- name: Get Version from checkout if not provided
+  shell: "git describe --long | sed 's/\\-g.*//' | sed 's/\\-/\\./'"
+  delegate_to: localhost
+  register: awx_version_command
+  when: awx_version is not defined
+
+- name: Set global version if not provided
+  set_fact:
+    awx_version: "{{ awx_version_command.stdout }}"
+    use_local_awx: true
+  when: awx_version is not defined
+
+- name: Set sdist file name
+  set_fact:
+    awx_sdist_file: "awx-{{ awx_version }}.tar.gz"
+
+- name: AWX Distribution
+  debug:
+    msg: "{{ awx_sdist_file }}"
+
+- name: Build AWX distribution
+  shell: make sdist
+  args:
+    chdir: ..
+    creates: "../dist/{{ awx_sdist_file }}"
+  delegate_to: localhost
+  when: use_local_awx is not defined
+
+- name: Set docker build base path
+  set_fact:
+    docker_base_path: "{{ awx_local_base_config_path|default('/tmp') }}/docker-image"
+
+- name: Set awx_web image name
+  set_fact:
+    awx_web_image: "{{ awx_web_image|default('awx_web') }}"
+
+- name: Set awx_task image name
+  set_fact:
+    awx_task_image: "{{ awx_task_image|default('awx_task') }}"
+
+- name: Ensure directory exists
+  file:
+    path: "{{ docker_base_path }}"
+    state: directory
+  delegate_to: localhost
+
+- name: Stage sdist
+  copy:
+    src: "../dist/{{ awx_sdist_file }}"
+    dest: "{{ docker_base_path }}/{{ awx_sdist_file }}"
+  delegate_to: localhost
+
+- name: Template web Dockerfile
+  template:
+    src: Dockerfile.j2
+    dest: "{{ docker_base_path }}/Dockerfile"
+  delegate_to: localhost
+
+- name: Template task Dockerfile
+  template:
+    src: Dockerfile.task.j2
+    dest: "{{ docker_base_path }}/Dockerfile.task"
+  delegate_to: localhost
+
+- name: Stage launch_awx
+  copy:
+    src: launch_awx.sh
+    dest: "{{ docker_base_path }}/launch_awx.sh"
+    mode: '0700'
+  delegate_to: localhost
+
+- name: Stage launch_awx_task
+  copy:
+    src: launch_awx_task.sh
+    dest: "{{ docker_base_path }}/launch_awx_task.sh"
+    mode: '0700'
+  delegate_to: localhost
+
+- name: Stage nginx.conf
+  copy:
+    src: nginx.conf
+    dest: "{{ docker_base_path }}/nginx.conf"
+  delegate_to: localhost
+
+- name: Stage supervisor.conf
+  copy:
+    src: supervisor.conf
+    dest: "{{ docker_base_path }}/supervisor.conf"
+  delegate_to: localhost
+
+- name: Stage supervisor_task.conf
+  copy:
+    src: supervisor_task.conf
+    dest: "{{ docker_base_path }}/supervisor_task.conf"
+  delegate_to: localhost
+
+- name: Stage settings.py
+  copy:
+    src: settings.py
+    dest: "{{ docker_base_path }}/settings.py"
+  delegate_to: localhost
+
+- name: Stage requirements
+  copy:
+    src: ../requirements/
+    dest: "{{ docker_base_path }}/requirements"
+  delegate_to: localhost
+
+- name: Stage Makefile
+  copy:
+    src: ../Makefile
+    dest: "{{ docker_base_path }}/Makefile"
+  delegate_to: localhost
+
+- name: Build base web image
+  docker_image:
+    path: "{{ docker_base_path }}"
+    dockerfile: Dockerfile
+    name: "{{ awx_web_image }}"
+    tag: "{{ awx_version }}"
+  delegate_to: localhost
+
+- name: Build base task image
+  docker_image:
+    path: "{{ docker_base_path }}"
+    dockerfile: Dockerfile.task
+    name: "{{ awx_task_image }}"
+    tag: "{{ awx_version }}"
+    pull: no
+  delegate_to: localhost
+    
+- name: Clean docker base directory
+  file:
+    path: "{{ docker_base_path }}"
+    state: absent
+  when: cleanup_docker_base|default(True)

installer/image_build/templates/Dockerfile.j2

@@ -32,16 +32,17 @@ RUN mkdir -p /var/log/tower
 RUN mkdir -p /etc/tower
 RUN echo "awxsecret" > /etc/tower/SECRET_KEY
 RUN VENV_BASE=/var/lib/awx/venv make requirements_ansible && VENV_BASE=/var/lib/awx/venv make requirements_awx
-COPY dist/awx-{{ version }}.tar.gz /tmp/awx-{{ version }}.tar.gz
-RUN OFFICIAL=yes pip install /tmp/awx-{{ version }}.tar.gz
+COPY {{ awx_sdist_file }} /tmp/{{ awx_sdist_file }}
+RUN OFFICIAL=yes pip install /tmp/{{ awx_sdist_file }}
 
-RUN echo "{{ version }}" > /var/lib/awx/.tower_version
-ADD installer/openshift/nginx.conf /etc/nginx/nginx.conf
-ADD installer/openshift/supervisor.conf /supervisor.conf
-ADD installer/openshift/supervisor_task.conf /supervisor_task.conf
-ADD installer/openshift/launch_awx.sh /usr/bin/launch_awx.sh
-ADD installer/openshift/launch_awx_task.sh /usr/bin/launch_awx_task.sh
-ADD installer/openshift/settings.py /etc/tower/settings.py
+RUN echo "{{ awx_version }}" > /var/lib/awx/.tower_version
+ADD nginx.conf /etc/nginx/nginx.conf
+ADD supervisor.conf /supervisor.conf
+ADD supervisor_task.conf /supervisor_task.conf
+ADD launch_awx.sh /usr/bin/launch_awx.sh
+ADD launch_awx_task.sh /usr/bin/launch_awx_task.sh
+RUN chmod +rx /usr/bin/launch_awx.sh && chmod +rx /usr/bin/launch_awx_task.sh
+ADD settings.py /etc/tower/settings.py
 RUN yum -y remove gcc postgresql-devel libxml2-devel libxslt-devel cyrus-sasl-devel openldap-devel xmlsec1-devel krb5-devel xmlsec1-openssl-devel libtool-ltdl-devel gcc-c++ python-devel && yum -y clean all
 RUN rm -rf /root/.cache
 RUN chmod g+w /etc/passwd

installer/image_build/templates/Dockerfile.task.j2

@@ -1,4 +1,4 @@
-FROM awx_web
+FROM {{ awx_web_image }}:{{ awx_version }}
 USER 0
 RUN sudo yum -y remove nginx
 USER 1000

installer/install.yml

@@ -0,0 +1,7 @@
+---
+
+- hosts: all
+  gather_facts: false
+  roles:
+    - role: image_build
+    - role: openshift

installer/inventory

@@ -0,0 +1,24 @@
+localhost ansible_connection=local
+
+[all:vars]
+# Local Openshift
+# Will need to set -e openshift_password=developer  -e docker_registry_password=$(oc whoami -t)
+#
+# openshift_host=127.0.0.1:8443
+# awx_openshift_project=awx
+# openshift_user=developer
+# docker_registry=172.30.1.1:5000
+# docker_registry_repository=awx
+# docker_registry_username=developer
+# awx_node_port=30083
+
+# Set this if you have an external postgres you are pointing at
+# otherwise a new ephemeral awx postgres service will be created
+# pg_hostname=postgresql
+pg_username=awx
+pg_password=awxpass
+pg_database=awx
+pg_port=5432
+
+# AWX Tunables
+awx_secret_key=aabbcc

installer/openshift/inventory

@@ -1,5 +0,0 @@
-[primary]
-localhost
-
-[all:children]
-primary

installer/openshift/tasks/main.yml

@@ -0,0 +1,95 @@
+---
+- name: Authenticate with OpenShift
+  shell: "oc login {{ openshift_host }} -u {{ openshift_user }} -p {{ openshift_password }}"
+
+- name: Get Project Detail
+  shell: "oc get project {{ awx_openshift_project }}"
+  register: project_details
+  ignore_errors: yes
+
+- name: Get Postgres Service Detail
+  shell: "oc describe svc postgresql -n {{ awx_openshift_project }}"
+  register: postgres_svc_details
+  ignore_errors: yes
+  when: "pg_hostname is not defined or pg_hostname == ''"
+
+- name: Create AWX Openshift Project
+  shell: "oc new-project {{ awx_openshift_project }}"
+  when: project_details.rc != 0
+
+# This might could/should be optional based on certain circumstances
+- name: Mark Openshift User as Admin
+  shell: "oc adm policy add-role-to-user admin {{ openshift_user }} -n {{ awx_openshift_project }}"
+
+- name: Authenticate with Docker registry
+  docker_login:
+    registry: "{{ docker_registry }}"
+    username: "{{ docker_registry_username }}"
+    password: "{{ docker_registry_password }}"
+  when: docker_registry is defined
+  delegate_to: localhost
+
+- name: Tag and push web image to registry
+  docker_image:
+    name: "{{ awx_web_image }}"
+    repository: "{{ docker_registry }}/{{ docker_registry_repository }}/{{ awx_web_image }}"
+    tag: "{{ awx_version }}"
+    push: yes
+  when: docker_registry is defined
+  delegate_to: localhost
+
+- name: Tag and push task image to registry
+  docker_image:
+    name: "{{ awx_task_image }}"
+    repository: "{{ docker_registry }}/{{ docker_registry_repository }}/{{ awx_task_image }}"
+    tag: "{{ awx_version }}"
+    push: yes
+  when: docker_registry is defined
+  delegate_to: localhost
+
+- name: Deploy and Activate Postgres
+  shell: "oc new-app --template=postgresql-persistent -e MEMORY_LIMIT={{ pg_memory_limit|default('512') }}Mi -e NAMESPACE=openshift -e DATABASE_SERVICE_NAME=postgresql  -e POSTGRESQL_USER={{ pg_username }} -e POSTGRESQL_PASSWORD={{ pg_password }} -e POSTGRESQL_DATABASE={{ pg_database }} -e VOLUME_CAPACITY={{ pg_volume_capacity|default('1')}}Gi -e POSTGRESQL_VERSION=9.5 -n {{ awx_openshift_project }}"
+  when: (pg_hostname is not defined or pg_hostname == '') and (postgres_svc_details is defined and postgres_svc_details.rc != 0)
+  register: openshift_pg_activate
+
+- name: Wait for Postgres to activate
+  pause:
+    seconds: 15
+  when: openshift_pg_activate|changed
+
+- name: Set full web image path
+  set_fact:
+    awx_web_openshift_image: "{{ docker_registry }}/{{ docker_registry_repository }}/{{ awx_web_image }}:{{ awx_version }}"
+  when: awx_web_openshift_image is not defined
+
+- name: Set full task image path
+  set_fact:
+    awx_task_openshift_image: "{{ docker_registry }}/{{ docker_registry_repository }}/{{ awx_task_image }}:{{ awx_version }}"
+  when: awx_task_openshift_image is not defined
+
+- name: Set openshift base path
+  set_fact:
+    openshift_base_path: "{{ awx_local_base_config_path|default('/tmp') }}/awx-config"
+
+- name: Ensure directory exists
+  file:
+    path: "{{ openshift_base_path  }}"
+    state: directory
+
+- name: Template Openshift AWX Config
+  template:
+    src: configmap.yml.j2
+    dest: "{{ openshift_base_path }}/configmap.yml"
+    mode: '0600'
+
+- name: Template Openshift AWX Deployment
+  template:
+    src: deployment.yml.j2
+    dest: "{{ openshift_base_path }}/deployment.yml"
+    mode: '0600'
+
+- name: Apply Configmap
+  shell: "oc apply -f {{ openshift_base_path }}/configmap.yml"
+
+- name: Apply Deployment
+  shell: "oc apply -f {{ openshift_base_path }}/deployment.yml"

installer/openshift/templates/configmap.yml.j2

@@ -1,11 +1,11 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: tower-config
-  namespace: tower
+  name: awx-config
+  namespace: {{ awx_openshift_project }}
 data:
-  secret_key: AAABBBCCC
-  tower_settings: |
+  secret_key: {{ awx_secret_key }}
+  awx_settings: |
     import os
     import socket
     ADMINS = ()
@@ -59,19 +59,19 @@ data:
         'default': {
             'ATOMIC_REQUESTS': True,
             'ENGINE': 'transaction_hooks.backends.postgresql_psycopg2',
-            'NAME': "tower",
-            'USER': "tower",
-            'PASSWORD': "password123",
-            'HOST': "postgresql",
-            'PORT': "5432",
+            'NAME': "{{ pg_database }}",
+            'USER': "{{ pg_username }}",
+            'PASSWORD': "{{ pg_password }}",
+            'HOST': "{{ pg_hostname|default('postgresql') }}",
+            'PORT': "{{ pg_port }}",
         }
     }
     BROKER_URL = 'amqp://{}:{}@{}:{}/{}'.format(
-        "tower",
+        "awx",
         "abcdefg",
         "localhost",
         "5672",
-        "tower")
+        "awx")
     CHANNEL_LAYERS = {
         'default': {'BACKEND': 'asgi_amqp.AMQPChannelLayer',
                     'ROUTING': 'awx.main.routing.channel_routing',

installer/openshift/templates/deployment.yml.j2

@@ -2,59 +2,59 @@
 apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
-  name: tower
-  namespace: tower
+  name: awx
+  namespace: {{ awx_openshift_project }}
 spec:
   replicas: 1
   template:
     metadata:
       labels:
-        name: tower-web-deploy
+        name: awx-web-deploy
         service: django
     spec:
       containers:
-        - name: tower-web
-          image: 172.30.1.1:5000/tower/tower_web:latest
+        - name: awx-web
+          image: {{ awx_web_openshift_image }}
           ports:
             - containerPort: 8052
           volumeMounts:
             - mountPath: /etc/tower
-              name: tower-application-config
-        - name: tower-celery
-          image: 172.30.1.1:5000/tower/tower_task:latest
+              name: awx-application-config
+        - name: awx-celery
+          image: {{ awx_task_openshift_image }}
           volumeMounts:
             - mountPath: /etc/tower
-              name: tower-application-config
+              name: awx-application-config
           env:
             - name: DATABASE_USER
-              value: tower
+              value: {{ pg_username }}
             - name: DATABASE_NAME
-              value: tower
+              value: {{ pg_database }}
             - name: DATABASE_HOST
-              value: postgresql
+              value: {{ pg_hostname|default('postgresql') }}
             - name: DATABASE_PASSWORD
-              value: password123
-        - name: tower-rabbit
+              value: {{ pg_password }}
+        - name: awx-rabbit
           image: rabbitmq:3
           env:
             - name: RABBITMQ_ERLANG_COOKIE
-              value: secret
+              value: secretb
             - name: RABBITMQ_NODENAME
               value: rabbitmq
             - name: RABBITMQ_DEFAULT_USER
-              value: tower
+              value: awx
             - name: RABBITMQ_DEFAULT_PASS
               value: abcdefg
             - name: RABBITMQ_DEFAULT_VHOST
-              value: tower
-        - name: tower-memcached
+              value: awx
+        - name: awx-memcached
           image: memcached
       volumes:
-        - name: tower-application-config
+        - name: awx-application-config
           configMap:
-            name: tower-config
+            name: awx-config
             items:
-              - key: tower_settings
+              - key: awx_settings
                 path: settings.py
               - key: secret_key
                 path: SECRET_KEY
@@ -62,15 +62,15 @@ spec:
 apiVersion: v1
 kind: Service
 metadata:
-  name: tower-web-svc
-  namespace: tower
+  name: awx-web-svc
+  namespace: {{ awx_openshift_project }}
   labels:
-    name: tower-web-svc
+    name: awx-web-svc
 spec:
   type: "NodePort"
   ports:
     - name: http
       port: 8052
-      nodePort: 30083
+      nodePort: {{ awx_node_port }}
   selector:
-    name: tower-web-deploy
+    name: awx-web-deploy

installer/openshift/tower_setup_conf.yml

@@ -1,5 +0,0 @@
-admin_password: password
-database: internal
-pg_password: CJUWsyKHp5P9AZZqC8Rgk7qFnVVFAPBCJbkzr3bb
-primary_machine: localhost
-redis_password: xrQ5uWpfH8ELWyKzfkS8UCRVAjaFruKQq3EvR4a6