From e9ddf7b9db100c1b218ad9c665e9b4fb7236054e Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Wed, 11 Apr 2018 21:38:00 -0400 Subject: [PATCH 1/9] Use a DeploymentConfig in OpenShift --- installer/roles/kubernetes/templates/deployment.yml.j2 | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/installer/roles/kubernetes/templates/deployment.yml.j2 b/installer/roles/kubernetes/templates/deployment.yml.j2 index 12e0149e1f..472b02c3b6 100644 --- a/installer/roles/kubernetes/templates/deployment.yml.j2 +++ b/installer/roles/kubernetes/templates/deployment.yml.j2 @@ -111,8 +111,13 @@ userNames: {% endif %} --- +{% if openshift_host is defined %} +apiVersion: v1 +kind: DeploymentConfig +{% else %} apiVersion: extensions/v1beta1 -kind: Deployment +kind: DeploymentConfig +{% endif %} metadata: name: awx namespace: {{ awx_kubernetes_namespace }} From db02bd753180f20f1a2a38e3f7001415007d0aa6 Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Wed, 11 Apr 2018 22:01:15 -0400 Subject: [PATCH 2/9] Remove explicit nodePort declarations for RabbitMQ service This lets Kubernetes handle the port mapping, which resolves a port collision issue when running multiple deployments of AWX in a single cluster. --- installer/roles/kubernetes/templates/deployment.yml.j2 | 2 -- 1 file changed, 2 deletions(-) diff --git a/installer/roles/kubernetes/templates/deployment.yml.j2 b/installer/roles/kubernetes/templates/deployment.yml.j2 index 472b02c3b6..2e89334283 100644 --- a/installer/roles/kubernetes/templates/deployment.yml.j2 +++ b/installer/roles/kubernetes/templates/deployment.yml.j2 @@ -14,12 +14,10 @@ spec: protocol: TCP port: 15672 targetPort: 15672 - nodePort: 31672 - name: amqp protocol: TCP port: 5672 targetPort: 5672 - nodePort: 30672 selector: app: rabbitmq From 534b2f160105ade10e203c45be315caf4c742438 Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Wed, 11 Apr 2018 22:04:25 -0400 Subject: [PATCH 3/9] Fix openshift_pg_emptydir logic --- installer/roles/kubernetes/tasks/openshift.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/installer/roles/kubernetes/tasks/openshift.yml b/installer/roles/kubernetes/tasks/openshift.yml index 6fee202458..3b993841e7 100644 --- a/installer/roles/kubernetes/tasks/openshift.yml +++ b/installer/roles/kubernetes/tasks/openshift.yml @@ -52,7 +52,7 @@ msg: "Ensure a PVC named '{{ openshift_pg_pvc_name }}' is created and bound in the '{{ awx_openshift_project }}' namespace." when: - pg_hostname is not defined or pg_hostname == '' - - openshift_pg_emptydir is defined and openshift_pg_emptydir != true + - openshift_pg_emptydir is defined and (openshift_pg_emptydir | bool) != true - name: Set postgresql service name set_fact: From bebc37b3eb33ce430006de602cc0ad9c7e85505c Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Wed, 11 Apr 2018 22:09:40 -0400 Subject: [PATCH 4/9] Set kubernetes_namespace when deploying on OpenShift kubernetes_namespace is referenced later it the role but may not be set if deploying on openshift --- installer/roles/kubernetes/tasks/openshift.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/installer/roles/kubernetes/tasks/openshift.yml b/installer/roles/kubernetes/tasks/openshift.yml index 3b993841e7..21f5522c3a 100644 --- a/installer/roles/kubernetes/tasks/openshift.yml +++ b/installer/roles/kubernetes/tasks/openshift.yml @@ -1,6 +1,10 @@ --- - include_vars: openshift.yml +- name: Set kubernetes_namespace + set_fact: + kubernetes_namespace: "{{ awx_openshift_project }}" + - name: Ensure workspace directories exist file: path: "{{ item }}" From e4a6fc55df59d447638d3bea9d86dec0f895d265 Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Wed, 11 Apr 2018 22:23:06 -0400 Subject: [PATCH 5/9] Remove unused variable from inventory --- installer/inventory | 1 - 1 file changed, 1 deletion(-) diff --git a/installer/inventory b/installer/inventory index 72b10f8326..8579258ea9 100644 --- a/installer/inventory +++ b/installer/inventory @@ -14,7 +14,6 @@ dockerhub_version=latest # openshift_host=127.0.0.1:8443 # awx_openshift_project=awx # openshift_user=developer -# awx_node_port=30083 # Kubernetes Install # kubernetes_context=test-cluster From 479a56c6d3579b947f72bcc0604286c64b65b767 Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Wed, 11 Apr 2018 22:53:20 -0400 Subject: [PATCH 6/9] Generalize variable names in installer secret_key --- installer/inventory | 10 +-- .../check_vars/tasks/check_openshift.yml | 6 +- installer/roles/kubernetes/defaults/main.yml | 16 ++-- .../roles/kubernetes/tasks/kubernetes.yml | 6 +- installer/roles/kubernetes/tasks/main.yml | 25 +++--- .../roles/kubernetes/tasks/openshift.yml | 10 +-- .../kubernetes/templates/configmap.yml.j2 | 24 ++--- .../kubernetes/templates/deployment.yml.j2 | 88 +++++++++---------- .../roles/local_docker/tasks/standalone.yml | 4 +- .../templates/docker-compose.yml.j2 | 4 +- 10 files changed, 96 insertions(+), 97 deletions(-) diff --git a/installer/inventory b/installer/inventory index 8579258ea9..44b20ccc71 100644 --- a/installer/inventory +++ b/installer/inventory @@ -12,12 +12,12 @@ dockerhub_version=latest # Openshift Install # Will need to set -e openshift_password=developer -e docker_registry_password=$(oc whoami -t) # openshift_host=127.0.0.1:8443 -# awx_openshift_project=awx +# openshift_project=awx # openshift_user=developer # Kubernetes Install # kubernetes_context=test-cluster -# awx_kubernetes_namespace=awx +# kubernetes_namespace=awx # Kubernetes and Openshift Install Resource Requests # This is the request value for a pod's "task" container, which is the container @@ -26,8 +26,8 @@ dockerhub_version=latest # in the pod # A cpu_request of 1500 is 1.5 cores for the task container # A mem_request of 2 is for 2 gigabytes of memory for the task container -# awx_task_cpu_request=1500 -# awx_task_mem_request=2 +# task_cpu_request=1500 +# task_mem_request=2 # Common Docker parameters postgres_data_dir=/tmp/pgdocker @@ -82,7 +82,7 @@ pg_port=5432 # AWX Secret key # It's *very* important that this stay the same between upgrades or you will lose the ability to decrypt # your credentials -awx_secret_key=awxsecret +secret_key=awxsecret # Build AWX with official logos # Requires cloning awx-logos repo into the project root. diff --git a/installer/roles/check_vars/tasks/check_openshift.yml b/installer/roles/check_vars/tasks/check_openshift.yml index aa13ef5a70..38d66b352c 100644 --- a/installer/roles/check_vars/tasks/check_openshift.yml +++ b/installer/roles/check_vars/tasks/check_openshift.yml @@ -1,10 +1,10 @@ # check_openshift.yml --- -- name: awx_openshift_project should be defined +- name: openshift_project should be defined assert: that: - - awx_openshift_project is defined and awx_openshift_project != '' - msg: "Set the value of 'awx_openshift_project' in the inventory file." + - openshift_project is defined and openshift_project != '' + msg: "Set the value of 'openshift_project' in the inventory file." - name: openshift_user should be defined assert: diff --git a/installer/roles/kubernetes/defaults/main.yml b/installer/roles/kubernetes/defaults/main.yml index 18243f8afc..338be64c78 100644 --- a/installer/roles/kubernetes/defaults/main.yml +++ b/installer/roles/kubernetes/defaults/main.yml @@ -1,15 +1,15 @@ --- -awx_web_mem_request: 1 -awx_web_cpu_request: 500 +web_mem_request: 1 +web_cpu_request: 500 -awx_task_mem_request: 2 -awx_task_cpu_request: 1500 +task_mem_request: 2 +task_cpu_request: 1500 -awx_rabbitmq_mem_request: 2 -awx_rabbitmq_cpu_request: 500 +rabbitmq_mem_request: 2 +rabbitmq_cpu_request: 500 -awx_memcached_mem_request: 1 -awx_memcached_cpu_request: 500 +memcached_mem_request: 1 +memcached_cpu_request: 500 rabbitmq_version: "3.7.4" diff --git a/installer/roles/kubernetes/tasks/kubernetes.yml b/installer/roles/kubernetes/tasks/kubernetes.yml index d6fa4f1142..c2f222263a 100644 --- a/installer/roles/kubernetes/tasks/kubernetes.yml +++ b/installer/roles/kubernetes/tasks/kubernetes.yml @@ -2,15 +2,15 @@ shell: "kubectl config set-context {{ kubernetes_context }}" - name: Get Namespace Detail - shell: "kubectl get namespace {{ awx_kubernetes_namespace }}" + shell: "kubectl get namespace {{ kubernetes_namespace }}" register: namespace_details ignore_errors: yes - name: Create AWX Kubernetes Project - shell: "kubectl create namespace {{ awx_kubernetes_namespace }}" + shell: "kubectl create namespace {{ kubernetes_namespace }}" when: namespace_details.rc != 0 - name: Set postgresql service name set_fact: - postgresql_service_name: "{{ awx_kubernetes_namespace }}-postgresql" + postgresql_service_name: "{{ kubernetes_namespace }}-postgresql" when: "pg_hostname is not defined or pg_hostname == ''" diff --git a/installer/roles/kubernetes/tasks/main.yml b/installer/roles/kubernetes/tasks/main.yml index b5dbb43b43..a362c092b5 100644 --- a/installer/roles/kubernetes/tasks/main.yml +++ b/installer/roles/kubernetes/tasks/main.yml @@ -5,7 +5,7 @@ - name: Set kubernetes base path set_fact: - kubernetes_base_path: "{{ awx_local_base_config_path|default('/tmp') }}/awx-config" + kubernetes_base_path: "{{ local_base_config_path|default('/tmp') }}/{{ kubernetes_deployment_name }}-config" - include_tasks: openshift.yml when: openshift_host is defined @@ -18,7 +18,7 @@ kubectl_or_oc: "{{ openshift_oc_bin if openshift_oc_bin is defined else 'kubectl' }}" - name: Get Postgres Service Detail - shell: "{{ kubectl_or_oc }} describe svc {{ postgresql_service_name }} -n {{ awx_kubernetes_namespace }}" + shell: "{{ kubectl_or_oc }} describe svc {{ postgresql_service_name }} -n {{ kubernetes_namespace }}" register: postgres_svc_details ignore_errors: yes when: "pg_hostname is not defined or pg_hostname == ''" @@ -31,24 +31,24 @@ - name: Set image names block: - name: Enable image stream lookups for awx images - shell: "{{ openshift_oc_bin }} set image-lookup --all -n {{ awx_kubernetes_namespace }}" + shell: "{{ openshift_oc_bin }} set image-lookup --all -n {{ kubernetes_namespace }}" when: openshift_host is defined - name: Set full web image path set_fact: - awx_web_kubernetes_image: "{{ awx_web_image }}:{{ awx_version }}" - when: awx_web_kubernetes_image is not defined + web_kubernetes_image: "{{ web_image }}:{{ version }}" + when: web_kubernetes_image is not defined - name: Set full task image path set_fact: - awx_task_kubernetes_image: "{{ awx_task_image }}:{{ awx_version }}" - when: awx_task_kubernetes_image is not defined + task_kubernetes_image: "{{ task_image }}:{{ version }}" + when: task_kubernetes_image is not defined when: dockerhub_base is not defined - name: Set DockerHub Image Paths set_fact: - awx_web_kubernetes_image: "{{ dockerhub_base }}/awx_web:{{ dockerhub_version }}" - awx_task_kubernetes_image: "{{ dockerhub_base }}/awx_task:{{ dockerhub_version }}" + web_kubernetes_image: "{{ dockerhub_base }}/awx_web:{{ dockerhub_version }}" + task_kubernetes_image: "{{ dockerhub_base }}/awx_task:{{ dockerhub_version }}" when: dockerhub_base is defined - name: Deploy PostgreSQL (OpenShift) @@ -69,7 +69,7 @@ -e POSTGRESQL_PASSWORD={{ pg_password }} \ -e POSTGRESQL_DATABASE={{ pg_database }} \ -e POSTGRESQL_VERSION=9.5 \ - -n {{ awx_kubernetes_namespace }} + -n {{ kubernetes_namespace }} register: openshift_pg_activate when: - pg_hostname is not defined or pg_hostname == '' @@ -78,7 +78,7 @@ - name: Deploy and Activate Postgres (Kubernetes) shell: | - helm install --name awx --namespace {{ awx_kubernetes_namespace }} \ + helm install --name awx --namespace {{ kubernetes_namespace }} \ --set postgresUser={{ pg_username }} \ --set postgresPassword={{ pg_password }} \ --set postgresDatabase={{ pg_database }} \ @@ -92,7 +92,7 @@ - name: Set postgresql hostname to helm package service set_fact: - pg_hostname: awx-postgresql + pg_hostname: "{{ kubernetes_deployment_name }}-postgresql" when: - pg_hostname is not defined or pg_hostname == '' - kubernetes_context is defined @@ -107,7 +107,6 @@ path: "{{ kubernetes_base_path }}" state: directory - - name: Template Kubernetes AWX Config template: src: configmap.yml.j2 diff --git a/installer/roles/kubernetes/tasks/openshift.yml b/installer/roles/kubernetes/tasks/openshift.yml index 21f5522c3a..6a93ca9b2c 100644 --- a/installer/roles/kubernetes/tasks/openshift.yml +++ b/installer/roles/kubernetes/tasks/openshift.yml @@ -3,7 +3,7 @@ - name: Set kubernetes_namespace set_fact: - kubernetes_namespace: "{{ awx_openshift_project }}" + kubernetes_namespace: "{{ openshift_project }}" - name: Ensure workspace directories exist file: @@ -34,18 +34,18 @@ no_log: true - name: Get Project Detail - shell: "{{ openshift_oc_bin }} get project {{ awx_openshift_project }}" + shell: "{{ openshift_oc_bin }} get project {{ openshift_project }}" register: project_details ignore_errors: yes - name: Create AWX Openshift Project - shell: "{{ openshift_oc_bin }} new-project {{ awx_openshift_project }}" + shell: "{{ openshift_oc_bin }} new-project {{ openshift_project }}" when: project_details.rc != 0 - name: Ensure PostgreSQL PVC is available block: - name: Check PVC status - command: "{{ openshift_oc_bin }} get pvc {{ openshift_pg_pvc_name }} -n {{ awx_openshift_project }} -o=jsonpath='{.status.phase}'" + command: "{{ openshift_oc_bin }} get pvc {{ openshift_pg_pvc_name }} -n {{ openshift_project }} -o=jsonpath='{.status.phase}'" register: pg_pvc_status ignore_errors: yes @@ -53,7 +53,7 @@ assert: that: - pg_pvc_status.stdout == "Bound" - msg: "Ensure a PVC named '{{ openshift_pg_pvc_name }}' is created and bound in the '{{ awx_openshift_project }}' namespace." + msg: "Ensure a PVC named '{{ openshift_pg_pvc_name }}' is created and bound in the '{{ openshift_project }}' namespace." when: - pg_hostname is not defined or pg_hostname == '' - openshift_pg_emptydir is defined and (openshift_pg_emptydir | bool) != true diff --git a/installer/roles/kubernetes/templates/configmap.yml.j2 b/installer/roles/kubernetes/templates/configmap.yml.j2 index 47eff32c89..871d7af5ab 100644 --- a/installer/roles/kubernetes/templates/configmap.yml.j2 +++ b/installer/roles/kubernetes/templates/configmap.yml.j2 @@ -1,33 +1,33 @@ apiVersion: v1 kind: ConfigMap metadata: - name: awx-config - namespace: {{ awx_kubernetes_namespace }} + name: {{ kubernetes_deployment_name }}-config + namespace: {{ kubernetes_namespace }} data: - secret_key: {{ awx_secret_key }} - awx_settings: | + secret_key: {{ secret_key }} + {{ kubernetes_deployment_name }}_settings: | import os import socket ADMINS = () - + # Container environments don't like chroots AWX_PROOT_ENABLED = False # Automatically deprovision pods that go offline AWX_AUTO_DEPROVISION_INSTANCES = True - SYSTEM_TASK_ABS_CPU = {{ ((awx_task_cpu_request|int / 1000) * 4)|int }} - SYSTEM_TASK_ABS_MEM = {{ ((awx_task_mem_request|int * 1024) / 100)|int }} + SYSTEM_TASK_ABS_CPU = {{ ((task_cpu_request|int / 1000) * 4)|int }} + SYSTEM_TASK_ABS_MEM = {{ ((task_mem_request|int * 1024) / 100)|int }} #Autoprovisioning should replace this CLUSTER_HOST_ID = socket.gethostname() SYSTEM_UUID = '00000000-0000-0000-0000-000000000000' SESSION_COOKIE_SECURE = False - CSRF_COOKIE_SECURE = False + CSRF_COOKIE_SECURE = False REMOTE_HOST_HEADERS = ['HTTP_X_FORWARDED_FOR'] - + STATIC_ROOT = '/var/lib/awx/public/static' PROJECTS_ROOT = '/var/lib/awx/projects' JOBOUTPUT_ROOT = '/var/lib/awx/job_status' @@ -42,13 +42,13 @@ data: EMAIL_HOST_USER = '' EMAIL_HOST_PASSWORD = '' EMAIL_USE_TLS = False - + LOGGING['handlers']['console'] = { '()': 'logging.StreamHandler', 'level': 'DEBUG', 'formatter': 'simple', } - + LOGGING['loggers']['django.request']['handlers'] = ['console'] LOGGING['loggers']['rest_framework.request']['handlers'] = ['console'] LOGGING['loggers']['awx']['handlers'] = ['console'] @@ -68,7 +68,7 @@ data: LOGGING['handlers']['rbac_migrations'] = {'class': 'logging.NullHandler'} LOGGING['handlers']['system_tracking_migrations'] = {'class': 'logging.NullHandler'} LOGGING['handlers']['management_playbooks'] = {'class': 'logging.NullHandler'} - + DATABASES = { 'default': { 'ATOMIC_REQUESTS': True, diff --git a/installer/roles/kubernetes/templates/deployment.yml.j2 b/installer/roles/kubernetes/templates/deployment.yml.j2 index 2e89334283..5b7cb6de63 100644 --- a/installer/roles/kubernetes/templates/deployment.yml.j2 +++ b/installer/roles/kubernetes/templates/deployment.yml.j2 @@ -2,7 +2,7 @@ kind: Service apiVersion: v1 metadata: - namespace: {{ awx_kubernetes_namespace }} + namespace: {{ kubernetes_namespace }} name: rabbitmq labels: app: rabbitmq @@ -26,7 +26,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: rabbitmq-config - namespace: {{ awx_kubernetes_namespace }} + namespace: {{ kubernetes_namespace }} data: enabled_plugins: | [rabbitmq_management,rabbitmq_peer_discovery_k8s]. @@ -52,7 +52,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: rabbitmq - namespace: {{ awx_kubernetes_namespace }} + namespace: {{ kubernetes_namespace }} {% if kubernetes_context is defined %} --- @@ -60,7 +60,7 @@ kind: Role apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: endpoint-reader - namespace: {{ awx_kubernetes_namespace }} + namespace: {{ kubernetes_namespace }} rules: - apiGroups: [""] resources: ["endpoints"] @@ -70,7 +70,7 @@ kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: endpoint-reader - namespace: {{ awx_kubernetes_namespace }} + namespace: {{ kubernetes_namespace }} subjects: - kind: ServiceAccount name: rabbitmq @@ -86,7 +86,7 @@ kind: Role apiVersion: v1 metadata: name: endpoint-reader - namespace: {{ awx_kubernetes_namespace }} + namespace: {{ kubernetes_namespace }} rules: - apiGroups: [""] resources: ["endpoints"] @@ -96,16 +96,16 @@ kind: RoleBinding apiVersion: v1 metadata: name: endpoint-reader - namespace: {{ awx_kubernetes_namespace }} + namespace: {{ kubernetes_namespace }} roleRef: name: endpoint-reader - namespace: {{ awx_kubernetes_namespace }} + namespace: {{ kubernetes_namespace }} subjects: - kind: ServiceAccount name: rabbitmq - namespace: {{ awx_kubernetes_namespace }} + namespace: {{ kubernetes_namespace }} userNames: - - system:serviceaccount:{{ awx_kubernetes_namespace }}:rabbitmq + - system:serviceaccount:{{ kubernetes_namespace }}:rabbitmq {% endif %} --- @@ -124,30 +124,30 @@ spec: template: metadata: labels: - name: awx-web-deploy + name: {{ kubernetes_deployment_name }}-web-deploy service: django app: rabbitmq spec: serviceAccountName: rabbitmq containers: - - name: awx-web - image: {{ awx_web_kubernetes_image }} + - name: {{ kubernetes_deployment_name }}-web + image: {{ web_kubernetes_image }} imagePullPolicy: Always ports: - containerPort: 8052 volumeMounts: - mountPath: /etc/tower - name: awx-application-config + name: {{ kubernetes_deployment_name }}-application-config resources: requests: - memory: "{{ awx_web_mem_request }}Gi" - cpu: "{{ awx_web_cpu_request }}m" - - name: awx-celery - image: {{ awx_task_kubernetes_image }} + memory: "{{ web_mem_request }}Gi" + cpu: "{{ web_cpu_request }}m" + - name: {{ kubernetes_deployment_name }}-celery + image: {{ task_kubernetes_image }} imagePullPolicy: Always volumeMounts: - mountPath: /etc/tower - name: awx-application-config + name: {{ kubernetes_deployment_name }}-application-config env: - name: DATABASE_USER value: {{ pg_username }} @@ -169,9 +169,9 @@ spec: value: {{ default_admin_password|default('password') }} resources: requests: - memory: "{{ awx_task_mem_request }}Gi" - cpu: "{{ awx_task_cpu_request }}m" - - name: awx-rabbit + memory: "{{ task_mem_request }}Gi" + cpu: "{{ task_cpu_request }}m" + - name: {{ kubernetes_deployment_name }}-rabbit image: ansible/awx_rabbitmq:{{ rabbitmq_version }} imagePullPolicy: Always ports: @@ -209,20 +209,20 @@ spec: mountPath: /etc/rabbitmq resources: requests: - memory: "{{ awx_rabbitmq_mem_request }}Gi" - cpu: "{{ awx_rabbitmq_cpu_request }}m" - - name: awx-memcached + memory: "{{ rabbitmq_mem_request }}Gi" + cpu: "{{ rabbitmq_cpu_request }}m" + - name: {{ kubernetes_deployment_name }}-memcached image: memcached resources: requests: - memory: "{{ awx_memcached_mem_request }}Gi" - cpu: "{{ awx_memcached_cpu_request }}m" + memory: "{{ memcached_mem_request }}Gi" + cpu: "{{ memcached_cpu_request }}m" volumes: - - name: awx-application-config + - name: {{ kubernetes_deployment_name }}-application-config configMap: - name: awx-config + name: {{ kubernetes_deployment_name }}-config items: - - key: awx_settings + - key: {{ kubernetes_deployment_name }}_settings path: settings.py - key: secret_key path: SECRET_KEY @@ -238,10 +238,10 @@ spec: apiVersion: v1 kind: Service metadata: - name: awx-web-svc - namespace: {{ awx_kubernetes_namespace }} + name: {{ kubernetes_deployment_name }}-web-svc + namespace: {{ kubernetes_namespace }} labels: - name: awx-web-svc + name: {{ kubernetes_deployment_name }}-web-svc spec: type: "NodePort" ports: @@ -249,15 +249,15 @@ spec: port: 80 targetPort: 8052 selector: - name: awx-web-deploy + name: {{ kubernetes_deployment_name }}-web-deploy --- apiVersion: v1 kind: Service metadata: - name: awx-rmq-mgmt - namespace: {{ awx_kubernetes_namespace }} + name: {{ kubernetes_deployment_name }}-rmq-mgmt + namespace: {{ kubernetes_namespace }} labels: - name: awx-rmq-mgmt + name: {{ kubernetes_deployment_name }}-rmq-mgmt spec: type: ClusterIP ports: @@ -265,17 +265,17 @@ spec: port: 15672 targetPort: 15672 selector: - name: awx-web-deploy + name: {{ kubernetes_deployment_name }}-web-deploy {% if kubernetes_context is defined %} --- apiVersion: extensions/v1beta1 kind: Ingress metadata: - name: awx-web-svc - namespace: {{ awx_kubernetes_namespace }} + name: {{ kubernetes_deployment_name }}-web-svc + namespace: {{ kubernetes_namespace }} spec: backend: - serviceName: awx-web-svc + serviceName: {{ kubernetes_deployment_name }}-web-svc servicePort: 80 {% endif %} {% if openshift_host is defined %} @@ -283,8 +283,8 @@ spec: apiVersion: v1 kind: Route metadata: - name: awx-web-svc - namespace: {{ awx_kubernetes_namespace }} + name: {{ kubernetes_deployment_name }}-web-svc + namespace: {{ kubernetes_namespace }} spec: port: targetPort: http @@ -293,7 +293,7 @@ spec: termination: edge to: kind: Service - name: awx-web-svc + name: {{ kubernetes_deployment_name }}-web-svc weight: 100 wildcardPolicy: None {% endif %} diff --git a/installer/roles/local_docker/tasks/standalone.yml b/installer/roles/local_docker/tasks/standalone.yml index cba2379aa1..6bfefe9c49 100644 --- a/installer/roles/local_docker/tasks/standalone.yml +++ b/installer/roles/local_docker/tasks/standalone.yml @@ -96,7 +96,7 @@ http_proxy: "{{ http_proxy | default('') }}" https_proxy: "{{ https_proxy | default('') }}" no_proxy: "{{ no_proxy | default('') }}" - SECRET_KEY: "{{ awx_secret_key }}" + SECRET_KEY: "{{ secret_key }}" DATABASE_NAME: "{{ pg_database }}" DATABASE_USER: "{{ pg_username }}" DATABASE_PASSWORD: "{{ pg_password }}" @@ -132,7 +132,7 @@ http_proxy: "{{ http_proxy | default('') }}" https_proxy: "{{ https_proxy | default('') }}" no_proxy: "{{ no_proxy | default('') }}" - SECRET_KEY: "{{ awx_secret_key }}" + SECRET_KEY: "{{ secret_key }}" DATABASE_NAME: "{{ pg_database }}" DATABASE_USER: "{{ pg_username }}" DATABASE_PASSWORD: "{{ pg_password }}" diff --git a/installer/roles/local_docker/templates/docker-compose.yml.j2 b/installer/roles/local_docker/templates/docker-compose.yml.j2 index b3618fb706..4d6a4b5d2c 100644 --- a/installer/roles/local_docker/templates/docker-compose.yml.j2 +++ b/installer/roles/local_docker/templates/docker-compose.yml.j2 @@ -46,7 +46,7 @@ services: http_proxy: {{ http_proxy | default('') }} https_proxy: {{ https_proxy | default('') }} no_proxy: {{ no_proxy | default('') }} - SECRET_KEY: {{ awx_secret_key }} + SECRET_KEY: {{ secret_key }} DATABASE_NAME: {{ pg_database }} DATABASE_USER: {{ pg_username }} DATABASE_PASSWORD: {{ pg_password }} @@ -105,7 +105,7 @@ services: http_proxy: {{ http_proxy | default('') }} https_proxy: {{ https_proxy | default('') }} no_proxy: {{ no_proxy | default('') }} - SECRET_KEY: {{ awx_secret_key }} + SECRET_KEY: {{ secret_key }} DATABASE_NAME: {{ pg_database }} DATABASE_USER: {{ pg_username }} DATABASE_PASSWORD: {{ pg_password }} From 0786b41ac6836f8be98f731510bd97801c0ad069 Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Wed, 11 Apr 2018 22:52:38 -0400 Subject: [PATCH 7/9] Allow for customizing kubernetes deployment name --- installer/roles/kubernetes/defaults/main.yml | 2 ++ installer/roles/kubernetes/templates/deployment.yml.j2 | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/installer/roles/kubernetes/defaults/main.yml b/installer/roles/kubernetes/defaults/main.yml index 338be64c78..a3076116e5 100644 --- a/installer/roles/kubernetes/defaults/main.yml +++ b/installer/roles/kubernetes/defaults/main.yml @@ -15,3 +15,5 @@ rabbitmq_version: "3.7.4" openshift_pg_emptydir: no openshift_pg_pvc_name: postgresql + +kubernetes_deployment_name: awx diff --git a/installer/roles/kubernetes/templates/deployment.yml.j2 b/installer/roles/kubernetes/templates/deployment.yml.j2 index 5b7cb6de63..bb44542030 100644 --- a/installer/roles/kubernetes/templates/deployment.yml.j2 +++ b/installer/roles/kubernetes/templates/deployment.yml.j2 @@ -117,8 +117,8 @@ apiVersion: extensions/v1beta1 kind: DeploymentConfig {% endif %} metadata: - name: awx - namespace: {{ awx_kubernetes_namespace }} + name: {{ kubernetes_deployment_name }} + namespace: {{ kubernetes_namespace }} spec: replicas: 1 template: From 2b6fe7969fc2ece2a475bf3378d2608c118e9cb6 Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Thu, 12 Apr 2018 00:39:34 -0400 Subject: [PATCH 8/9] Move rabbitmq and memcached images into variables --- installer/roles/kubernetes/defaults/main.yml | 4 ++++ installer/roles/kubernetes/templates/deployment.yml.j2 | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/installer/roles/kubernetes/defaults/main.yml b/installer/roles/kubernetes/defaults/main.yml index a3076116e5..85dbcdaef6 100644 --- a/installer/roles/kubernetes/defaults/main.yml +++ b/installer/roles/kubernetes/defaults/main.yml @@ -12,6 +12,10 @@ memcached_mem_request: 1 memcached_cpu_request: 500 rabbitmq_version: "3.7.4" +rabbitmq_image: "ansible/awx_rabbitmq:{{ rabbitmq_version }}" + +memcached_version: "latest" +memcached_image: "memcached:{{ memcached_version }}" openshift_pg_emptydir: no openshift_pg_pvc_name: postgresql diff --git a/installer/roles/kubernetes/templates/deployment.yml.j2 b/installer/roles/kubernetes/templates/deployment.yml.j2 index bb44542030..b9c3f95101 100644 --- a/installer/roles/kubernetes/templates/deployment.yml.j2 +++ b/installer/roles/kubernetes/templates/deployment.yml.j2 @@ -172,7 +172,7 @@ spec: memory: "{{ task_mem_request }}Gi" cpu: "{{ task_cpu_request }}m" - name: {{ kubernetes_deployment_name }}-rabbit - image: ansible/awx_rabbitmq:{{ rabbitmq_version }} + image: {{ rabbitmq_image }} imagePullPolicy: Always ports: - name: http @@ -212,7 +212,7 @@ spec: memory: "{{ rabbitmq_mem_request }}Gi" cpu: "{{ rabbitmq_cpu_request }}m" - name: {{ kubernetes_deployment_name }}-memcached - image: memcached + image: {{ memcached_image }} resources: requests: memory: "{{ memcached_mem_request }}Gi" From 40d7751fbdde7bcd68042d4528e6df1afe9cb3d2 Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Mon, 16 Apr 2018 17:56:06 -0400 Subject: [PATCH 9/9] Remove image push logic from installer roles MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit I’m going to be reusing this code on the Tower side, and I’m trying to refactor some of the AWX specific bits out. There will probably be more to come, but this is a good start. --- installer/install.yml | 1 + installer/roles/image_build/tasks/main.yml | 14 +++++-- .../image_build/templates/Dockerfile.task.j2 | 2 +- installer/roles/image_push/tasks/main.yml | 35 +++++++++++----- installer/roles/kubernetes/defaults/main.yml | 11 +++-- installer/roles/kubernetes/tasks/main.yml | 41 ++++++------------- .../kubernetes/templates/deployment.yml.j2 | 8 ++-- .../roles/local_docker/tasks/set_image.yml | 39 ++++++------------ 8 files changed, 74 insertions(+), 77 deletions(-) diff --git a/installer/install.yml b/installer/install.yml index 88c5734dde..90a8dc911c 100644 --- a/installer/install.yml +++ b/installer/install.yml @@ -5,5 +5,6 @@ roles: - { role: check_vars } - { role: image_build, when: "dockerhub_base is not defined" } + - { role: image_push, when: "docker_registry is defined and dockerhub_base is not defined" } - { role: kubernetes, when: "openshift_host is defined or kubernetes_context is defined" } - { role: local_docker, when: "openshift_host is not defined and kubernetes_context is not defined" } diff --git a/installer/roles/image_build/tasks/main.yml b/installer/roles/image_build/tasks/main.yml index 182a3fe257..401281a877 100644 --- a/installer/roles/image_build/tasks/main.yml +++ b/installer/roles/image_build/tasks/main.yml @@ -89,11 +89,11 @@ - name: Set awx_web image name set_fact: - awx_web_image: "{{ awx_web_image|default('awx_web') }}" + web_image: "{{ web_image|default('awx_web') }}" - name: Set awx_task image name set_fact: - awx_task_image: "{{ awx_task_image|default('awx_task') }}" + task_image: "{{ task_image|default('awx_task') }}" - name: Ensure directory exists file: @@ -195,7 +195,7 @@ no_proxy: "{{ no_proxy | default('') }}" path: "{{ docker_base_path }}" dockerfile: Dockerfile - name: "{{ awx_web_image }}" + name: "{{ web_image }}" tag: "{{ awx_version }}" delegate_to: localhost @@ -207,11 +207,17 @@ no_proxy: "{{ no_proxy | default('') }}" path: "{{ docker_base_path }}" dockerfile: Dockerfile.task - name: "{{ awx_task_image }}" + name: "{{ task_image }}" tag: "{{ awx_version }}" pull: no delegate_to: localhost +- name: Tag task and web images as latest + command: "docker tag {{ item }}:{{ awx_version }} {{ item }}:latest" + with_items: + - "{{ task_image }}" + - "{{ web_image }}" + - name: Clean docker base directory file: path: "{{ docker_base_path }}" diff --git a/installer/roles/image_build/templates/Dockerfile.task.j2 b/installer/roles/image_build/templates/Dockerfile.task.j2 index b72160cb68..6e3bf4e3f0 100644 --- a/installer/roles/image_build/templates/Dockerfile.task.j2 +++ b/installer/roles/image_build/templates/Dockerfile.task.j2 @@ -1,4 +1,4 @@ -FROM {{ awx_web_image }}:{{ awx_version }} +FROM {{ web_image }}:{{ awx_version }} USER 0 RUN sudo yum -y remove nginx USER 1000 diff --git a/installer/roles/image_push/tasks/main.yml b/installer/roles/image_push/tasks/main.yml index a81bdf6644..9e3c76f0ca 100644 --- a/installer/roles/image_push/tasks/main.yml +++ b/installer/roles/image_push/tasks/main.yml @@ -1,4 +1,13 @@ --- +- name: Authenticate with Docker registry if registry password given + docker_login: + registry: "{{ docker_registry }}" + username: "{{ docker_registry_username }}" + password: "{{ docker_registry_password }}" + reauthorize: yes + when: docker_registry is defined and docker_registry_password is defined + delegate_to: localhost + - name: Remove local images to ensure proper push behavior # TODO: this code will not be necessary if and when docker_image can be configured to push if the image # Already exists locally @@ -6,13 +15,13 @@ block: - name: Remove web image docker_image: - name: "{{ docker_registry }}/{{ docker_registry_repository }}/{{ awx_web_image }}" + name: "{{ docker_registry }}/{{ docker_registry_repository }}/{{ web_image }}" tag: "{{ awx_version }}" state: absent - name: Remove task image docker_image: - name: "{{ docker_registry }}/{{ docker_registry_repository }}/{{ awx_task_image }}" + name: "{{ docker_registry }}/{{ docker_registry_repository }}/{{ task_image }}" tag: "{{ awx_version }}" state: absent delegate_to: localhost @@ -22,22 +31,28 @@ block: - name: Tag and push web image to registry docker_image: - name: "{{ awx_web_image }}" - repository: "{{ docker_registry }}/{{ docker_registry_repository }}/{{ awx_web_image }}" - tag: "{{ awx_version }}" + name: "{{ web_image }}" + repository: "{{ docker_registry }}/{{ docker_registry_repository }}/{{ web_image }}" + tag: "{{ item }}" push: yes + with_items: + - "latest" + - "{{ awx_version }}" - name: Tag and push task image to registry docker_image: - name: "{{ awx_task_image }}" - repository: "{{ docker_registry }}/{{ docker_registry_repository }}/{{ awx_task_image }}" - tag: "{{ awx_version }}" + name: "{{ task_image }}" + repository: "{{ docker_registry }}/{{ docker_registry_repository }}/{{ task_image }}" + tag: "{{ item }}" push: yes + with_items: + - "latest" + - "{{ awx_version }}" delegate_to: localhost - name: Set full image path for Registry set_fact: awx_web_docker_actual_image: >- - {{ docker_registry }}/{{ docker_registry_repository }}/{{ awx_web_image }}:{{ awx_version }} + {{ docker_registry }}/{{ docker_registry_repository }}/{{ web_image }}:{{ awx_version }} awx_task_docker_actual_image: >- - {{ docker_registry }}/{{ docker_registry_repository }}/{{ awx_task_image }}:{{ awx_version }} + {{ docker_registry }}/{{ docker_registry_repository }}/{{ task_image }}:{{ awx_version }} diff --git a/installer/roles/kubernetes/defaults/main.yml b/installer/roles/kubernetes/defaults/main.yml index 85dbcdaef6..a5fd1d82bb 100644 --- a/installer/roles/kubernetes/defaults/main.yml +++ b/installer/roles/kubernetes/defaults/main.yml @@ -1,4 +1,7 @@ --- +dockerhub_web_image: "{{ dockerhub_base | default('ansible') }}/awx_web:{{ dockerhub_version | default('latest') }}" +dockerhub_task_image: "{{ dockerhub_base | default('ansible') }}/awx_task:{{ dockerhub_version | default('latest') }}" + web_mem_request: 1 web_cpu_request: 500 @@ -11,11 +14,11 @@ rabbitmq_cpu_request: 500 memcached_mem_request: 1 memcached_cpu_request: 500 -rabbitmq_version: "3.7.4" -rabbitmq_image: "ansible/awx_rabbitmq:{{ rabbitmq_version }}" +kubernetes_rabbitmq_version: "3.7.4" +kubernetes_rabbitmq_image: "ansible/awx_rabbitmq" -memcached_version: "latest" -memcached_image: "memcached:{{ memcached_version }}" +kubernetes_memcached_version: "latest" +kubernetes_memcached_image: "memcached" openshift_pg_emptydir: no openshift_pg_pvc_name: postgresql diff --git a/installer/roles/kubernetes/tasks/main.yml b/installer/roles/kubernetes/tasks/main.yml index a362c092b5..09ffc7fad8 100644 --- a/installer/roles/kubernetes/tasks/main.yml +++ b/installer/roles/kubernetes/tasks/main.yml @@ -23,34 +23,6 @@ ignore_errors: yes when: "pg_hostname is not defined or pg_hostname == ''" -- name: Manage AWX Container Images - include_role: - name: image_push - when: dockerhub_base is not defined - -- name: Set image names - block: - - name: Enable image stream lookups for awx images - shell: "{{ openshift_oc_bin }} set image-lookup --all -n {{ kubernetes_namespace }}" - when: openshift_host is defined - - - name: Set full web image path - set_fact: - web_kubernetes_image: "{{ web_image }}:{{ version }}" - when: web_kubernetes_image is not defined - - - name: Set full task image path - set_fact: - task_kubernetes_image: "{{ task_image }}:{{ version }}" - when: task_kubernetes_image is not defined - when: dockerhub_base is not defined - -- name: Set DockerHub Image Paths - set_fact: - web_kubernetes_image: "{{ dockerhub_base }}/awx_web:{{ dockerhub_version }}" - task_kubernetes_image: "{{ dockerhub_base }}/awx_task:{{ dockerhub_version }}" - when: dockerhub_base is defined - - name: Deploy PostgreSQL (OpenShift) block: - name: Template PostgreSQL Deployment @@ -113,6 +85,19 @@ dest: "{{ kubernetes_base_path }}/configmap.yml" mode: '0600' +- name: Set image names if using custom registry + block: + - name: Set task image name + set_fact: + kubernetes_task_image: "{{ docker_registry }}/{{ docker_registry_repository }}/{{ task_image }}" + when: kubernetes_task_image is not defined + + - name: Set web image name + set_fact: + kubernetes_web_image: "{{ docker_registry }}/{{ docker_registry_repository }}/{{ web_image }}" + when: kubernetes_web_image is not defined + when: docker_registry is defined + - name: Template Kubernetes AWX Deployment template: src: deployment.yml.j2 diff --git a/installer/roles/kubernetes/templates/deployment.yml.j2 b/installer/roles/kubernetes/templates/deployment.yml.j2 index b9c3f95101..569f2cdc4b 100644 --- a/installer/roles/kubernetes/templates/deployment.yml.j2 +++ b/installer/roles/kubernetes/templates/deployment.yml.j2 @@ -131,7 +131,7 @@ spec: serviceAccountName: rabbitmq containers: - name: {{ kubernetes_deployment_name }}-web - image: {{ web_kubernetes_image }} + image: {{ kubernetes_web_image | default(dockerhub_web_image) }} imagePullPolicy: Always ports: - containerPort: 8052 @@ -143,7 +143,7 @@ spec: memory: "{{ web_mem_request }}Gi" cpu: "{{ web_cpu_request }}m" - name: {{ kubernetes_deployment_name }}-celery - image: {{ task_kubernetes_image }} + image: {{ kubernetes_task_image | default(dockerhub_task_image) }} imagePullPolicy: Always volumeMounts: - mountPath: /etc/tower @@ -172,7 +172,7 @@ spec: memory: "{{ task_mem_request }}Gi" cpu: "{{ task_cpu_request }}m" - name: {{ kubernetes_deployment_name }}-rabbit - image: {{ rabbitmq_image }} + image: "{{ kubernetes_rabbitmq_image }}:{{ kubernetes_rabbitmq_version }}" imagePullPolicy: Always ports: - name: http @@ -212,7 +212,7 @@ spec: memory: "{{ rabbitmq_mem_request }}Gi" cpu: "{{ rabbitmq_cpu_request }}m" - name: {{ kubernetes_deployment_name }}-memcached - image: {{ memcached_image }} + image: "{{ kubernetes_memcached_image }}:{{ kubernetes_memcached_version }}" resources: requests: memory: "{{ memcached_mem_request }}Gi" diff --git a/installer/roles/local_docker/tasks/set_image.yml b/installer/roles/local_docker/tasks/set_image.yml index ac1bc7a079..4442da1617 100644 --- a/installer/roles/local_docker/tasks/set_image.yml +++ b/installer/roles/local_docker/tasks/set_image.yml @@ -3,29 +3,20 @@ block: - name: Export Docker web image if it isnt local and there isnt a registry defined docker_image: - name: "{{ awx_web_image }}" + name: "{{ web_image }}" tag: "{{ awx_version }}" - archive_path: "{{ awx_local_base_config_path|default('/tmp') }}/{{ awx_web_image }}_{{ awx_version }}.tar" + archive_path: "{{ awx_local_base_config_path|default('/tmp') }}/{{ web_image }}_{{ awx_version }}.tar" when: inventory_hostname != "localhost" and docker_registry is not defined delegate_to: localhost - name: Export Docker task image if it isnt local and there isnt a registry defined docker_image: - name: "{{ awx_task_image }}" + name: "{{ task_image }}" tag: "{{ awx_version }}" - archive_path: "{{ awx_local_base_config_path|default('/tmp') }}/{{ awx_task_image }}_{{ awx_version }}.tar" + archive_path: "{{ awx_local_base_config_path|default('/tmp') }}/{{ task_image }}_{{ awx_version }}.tar" when: inventory_hostname != "localhost" and docker_registry is not defined delegate_to: localhost - - name: Authenticate with Docker registry if registry password given - docker_login: - registry: "{{ docker_registry }}" - username: "{{ docker_registry_username }}" - password: "{{ docker_registry_password }}" - reauthorize: yes - when: docker_registry is defined and docker_registry_password is defined - delegate_to: localhost - - name: Set docker base path set_fact: docker_deploy_base_path: "{{ awx_base_path|default('/tmp') }}/docker_deploy" @@ -39,40 +30,36 @@ - name: Copy web image to docker execution copy: - src: "{{ awx_local_base_config_path|default('/tmp') }}/{{ awx_web_image }}_{{ awx_version }}.tar" - dest: "{{ docker_deploy_base_path }}/{{ awx_web_image }}_{{ awx_version }}.tar" + src: "{{ awx_local_base_config_path|default('/tmp') }}/{{ web_image }}_{{ awx_version }}.tar" + dest: "{{ docker_deploy_base_path }}/{{ web_image }}_{{ awx_version }}.tar" when: ansible_connection != "local" and docker_registry is not defined - name: Copy task image to docker execution copy: - src: "{{ awx_local_base_config_path|default('/tmp') }}/{{ awx_task_image }}_{{ awx_version }}.tar" + src: "{{ awx_local_base_config_path|default('/tmp') }}/{{ task_image }}_{{ awx_version }}.tar" dest: "{{ docker_deploy_base_path }}" when: ansible_connection != "local" and docker_registry is not defined - name: Load web image docker_image: - name: "{{ awx_web_image }}" + name: "{{ web_image }}" tag: "{{ awx_version }}" - load_path: "{{ docker_deploy_base_path }}/{{ awx_web_image }}_{{ awx_version }}.tar" + load_path: "{{ docker_deploy_base_path }}/{{ web_image }}_{{ awx_version }}.tar" timeout: 300 when: ansible_connection != "local" and docker_registry is not defined - name: Load task image docker_image: - name: "{{ awx_task_image }}" + name: "{{ task_image }}" tag: "{{ awx_version }}" - load_path: "{{ docker_deploy_base_path }}/{{ awx_task_image }}_{{ awx_version }}.tar" + load_path: "{{ docker_deploy_base_path }}/{{ task_image }}_{{ awx_version }}.tar" timeout: 300 when: ansible_connection != "local" and docker_registry is not defined - - include_role: - name: image_push - when: docker_registry is defined and dockerhub_base is not defined - - name: Set full image path for local install set_fact: - awx_web_docker_actual_image: "{{ awx_web_image }}:{{ awx_version }}" - awx_task_docker_actual_image: "{{ awx_task_image }}:{{ awx_version }}" + awx_web_docker_actual_image: "{{ web_image }}:{{ awx_version }}" + awx_task_docker_actual_image: "{{ task_image }}:{{ awx_version }}" when: docker_registry is not defined when: dockerhub_base is not defined