Merge branch 'devel' into patch-1

CONTRIBUTING.md

@@ -10,6 +10,7 @@ Have questions about this document or anything not covered here? Please file a n
   - [Table of contents](#table-of-contents)
   - [Things to know prior to submitting code](#things-to-know-prior-to-submitting-code)
   - [Submmiting your work](#submmiting-your-work)
+  - [Development](#development)
   - [Testing](#testing)
       - [Testing in Kind](#testing-in-kind)
       - [Testing in Minikube](#testing-in-minikube)
@@ -42,7 +43,8 @@ Have questions about this document or anything not covered here? Please file a n
 
 **Note**: If you have multiple commits, make sure to `squash` your commits into a single commit which will facilitate our release process.
 
-
+## Development
+The development environment consists of running an [`up.sh`](./up.sh) and a [`down.sh`](./down.sh) script, which applies or deletes yaml on the Openshift or K8s cluster you are connected to. See the [development.md](docs/development.md) for information on how to deploy and test changes from your branch.
 
 ## Testing
 

README.md

@@ -20,6 +20,8 @@ Please visit [our contributing guidelines](https://github.com/ansible/awx-operat
 
 For docs changes, create PRs on the appropriate files in the `/docs` folder.
 
+The development environment consists of running an [`up.sh`](https://github.com/ansible/awx-operator/blob/devel/up.sh) and a [`down.sh`](https://github.com/ansible/awx-operator/blob/devel/down.sh) script, which applies or deletes yaml on the Openshift or K8s cluster you are connected to. See the [development.md](https://github.com/ansible/awx-operator/blob/devel/docs/development.md) for information on how to deploy and test changes from your branch.
+
 ## Author
 
 This operator was originally built in 2019 by [Jeff Geerling](https://www.jeffgeerling.com) and is now maintained by the Ansible Team

config/crd/bases/awx.ansible.com_awxs.yaml

@@ -2009,6 +2009,9 @@ spec:
                 description: Enable metrics utility shipping to Red Hat Hybrid Cloud Console
                 type: boolean
                 default: false
+              public_base_url:
+                description: Public base URL
+                type: string
             type: object
           status:
             properties:

config/manifests/bases/awx-operator.clusterserviceversion.yaml

@@ -173,6 +173,12 @@ spec:
         path: db_management_pod_node_selector
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:advanced
+      - displayName: Public Base URL
+        path: public_base_url
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:text
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
       statusDescriptors:
       - description: Persistent volume claim name used during backup
         displayName: Backup Claim

dev/awx-cr/awx-cr-settings.yml

@@ -0,0 +1,24 @@
+---
+apiVersion: awx.ansible.com/v1beta1
+kind: AWX
+metadata:
+  name: awx
+spec:
+  service_type: clusterip
+  ingress_type: route
+  no_log: false
+
+  # Secrets
+  admin_password_secret: custom-admin-password
+  postgres_configuration_secret: custom-pg-configuration
+  secret_key_secret: custom-secret-key
+
+  # Resource Requirements
+  postgres_storage_requirements:
+    requests:
+      storage: 10Gi
+
+  # Extra Settings
+  extra_settings:
+    - setting: MAX_PAGE_SIZE
+      value: "500"

dev/awx-cr/awx-k8s-ingress.yml

@@ -0,0 +1,13 @@
+---
+apiVersion: awx.ansible.com/v1beta1
+kind: AWX
+metadata:
+  name: awx
+spec:
+  service_type: nodeport
+  ingress_type: ingress
+
+  # Secrets
+  admin_password_secret: custom-admin-password
+  postgres_configuration_secret: custom-pg-configuration
+  secret_key_secret: custom-secret-key

dev/awx-cr/awx-openshift-cr.yml

@@ -0,0 +1,13 @@
+---
+apiVersion: awx.ansible.com/v1beta1
+kind: AWX
+metadata:
+  name: awx
+spec:
+  service_type: clusterip
+  ingress_type: Route
+
+  # Secrets
+  admin_password_secret: custom-admin-password
+  postgres_configuration_secret: custom-pg-configuration
+  secret_key_secret: custom-secret-key

dev/secrets/admin-password-secret.yml

@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: custom-admin-password
+stringData:
+  password: 'password'

dev/secrets/custom-secret-key.yml

@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: custom-secret-key
+stringData:
+  secret_key: 'awxsecret'

dev/secrets/external-pg-secret.yml

@@ -0,0 +1,12 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: external-pg-secret
+stringData:
+  database: 'awx'
+  host: 'awx-postgres'
+  password: 'test'
+  port: '5432'
+  type: 'managed'
+  username: 'awx'

docs/development.md

@@ -0,0 +1,58 @@
+# Development Guide
+
+There are development scripts and yaml exaples in the [`dev/`](../dev) directory that, along with the up.sh and down.sh scripts in the root of the repo, can be used to build, deploy and test changes made to the awx-operator.
+
+
+## Build and Deploy
+
+
+If you clone the repo, and make sure you are logged in at the CLI with oc and your cluster, you can run:
+
+```
+export QUAY_USER=username
+export NAMESPACE=awx
+export TAG=test
+./up.sh
+```
+
+You can add those variables to your .bashrc file so that you can just run `./up.sh` in the future.
+
+> Note: the first time you run this, it will create quay.io repos on your fork. You will need to either make those public, or create a global pull secret on your Openshift cluster.
+
+To get the URL, if on **Openshift**, run:
+
+```
+$ oc get route
+```
+
+On **k8s with ingress**, run:
+
+```
+$ kubectl get ing
+```
+
+On **k8s with nodeport**, run:
+
+```
+$ kubectl get svc
+```
+
+The URL is then `http://<Node-IP>:<NodePort>`
+
+> Note: NodePort will only work if you expose that port on your underlying k8s node, or are accessing it from localhost.
+
+By default, the usename and password will be admin and password if using the `up.sh` script because it pre-creates a custom admin password k8s secret and specifies it on the AWX custom resource spec. Without that, a password would have been generated and stored in a k8s secret named <deployment-name>-admin-password.
+
+## Clean up
+
+
+Same thing for cleanup, just run ./down.sh and it will clean up your namespace on that cluster
+
+
+```
+./down.sh
+```
+
+## Running CI tests locally
+
+More tests coming soon...

down.sh

@@ -0,0 +1,36 @@
+#!/bin/bash
+# AWX Operator down.sh
+# Purpose:
+#   Cleanup and delete the namespace you deployed in
+
+# -- Usage
+#   NAMESPACE=awx ./down.sh
+
+# -- Variables
+TAG=${TAG:-dev}
+AWX_CR=${AWX_CR:-awx}
+CLEAN_DB=${CLEAN_DB:-false}
+
+
+# -- Check for required variables
+# Set the following environment variables
+# export NAMESPACE=awx
+
+if [ -z "$NAMESPACE" ]; then
+  echo "Error: NAMESPACE env variable is not set. Run the following with your namespace:"
+  echo "  export NAMESPACE=developer"
+  exit 1
+fi
+
+# -- Delete Backups
+kubectl delete awxbackup --all
+
+# -- Delete Restores
+kubectl delete awxrestore --all
+
+# Deploy Operator
+make undeploy NAMESPACE=$NAMESPACE
+
+# Remove PVCs
+kubectl delete pvc postgres-15-$AWX_CR-postgres-15-0
+

molecule/requirements.yml

@@ -4,4 +4,6 @@ collections:
   - name: kubernetes.core
   - name: operator_sdk.util
   - name: community.docker
-  - name: awx.awx
+  - name: https://github.com/ansible/awx.git#/awx_collection/
+    type: git
+    version: devel

roles/installer/tasks/install.yml

@@ -44,6 +44,12 @@
 - name: Include secret key configuration tasks
   include_tasks: secret_key_configuration.yml
 
+- name: Apply Redirect Page Configmap
+  k8s:
+    apply: true
+    definition: "{{ lookup('template', 'configmaps/redirect-page.configmap.html.j2') }}"
+  when: public_base_url is defined
+
 - name: Load LDAP CAcert certificate (Deprecated)
   include_tasks: load_ldap_cacert_secret.yml
   when:

roles/installer/templates/configmaps/redirect-page.configmap.html.j2

@@ -0,0 +1,76 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ ansible_operator_meta.name }}-redirect-page
+  namespace: {{ ansible_operator_meta.namespace }}
+data:
+  redirect-page.html: |
+    <!DOCTYPE html>
+    <html lang="en">
+    <head>
+        <meta charset="UTF-8">
+        <meta http-equiv="refresh" content="15; url={{ public_base_url }}">
+        <meta name="viewport" content="width=device-width, initial-scale=1.0">
+        <title>Redirecting to Ansible Automation Platform</title>
+
+        <!-- Favicon links -->
+        <link rel="icon" type="image/x-icon" href="static/media/favicon.ico">
+
+        <!-- Link to DRF's CSS -->
+        <link rel="stylesheet" type="text/css" href="static/rest_framework/css/bootstrap.min.css">
+        <link rel="stylesheet" type="text/css" href="static/rest_framework/css/bootstrap-theme.min.css">
+
+        <style>
+            body {
+                font-family: Arial, sans-serif;
+                text-align: center;
+                padding-top: 0px;
+                /* background-color: rgb(34, 34, 34); */
+            }
+            .banner {
+                background-color: #151414;
+                color: rgb(255, 255, 255);
+                padding: 20px;
+                margin-bottom: 20px;
+                min-height: 70px; /* Ensure the banner is tall enough to fit the logo */
+                text-align: left;
+            }
+            .logo {
+                width: 150px;
+                margin-bottom: 20px;
+            }
+            a {
+                color: #007BFF;
+                text-decoration: none;
+            }
+            a:hover {
+                text-decoration: underline;
+            }
+            .doc-note {
+                font-size: 0.7em; /* Makes the text smaller */
+                color: #555; /* Optional: Change text color to a lighter shade */
+                background-color: #f9f9f9; /* Optional: Light background color */
+                padding: 10px; /* Optional: Add some padding */
+                margin: 10px 0; /* Optional: Add some margin */
+            }
+        </style>
+    </head>
+    <body>
+        <!-- Banner Section with Brand Logo -->
+        <div class="banner">
+            <img src="/static/media/aap-logo.svg" alt="Brand Logo">
+        </div>
+
+        <h2>Redirecting to Ansible Automation Platform...</h2>
+        <p>If you are not redirected automatically, <a href="{{ public_base_url }}">click here</a> to go to AAP.</p>
+        <p class="doc-note">
+            The API endpoints for this platform service will temporarily remain available at the URL for this service.
+            Please use the Ansible Automation Platform API endpoints corresponding to this component in the future.
+            These can be found at <a href="{{ public_base_url }}/api/{{ deployment_type }}" target="_blank">{{ public_base_url }}/api/{{ deployment_type }}</a>.
+        </p>
+
+        <!-- Include any additional scripts if needed -->
+        <script src="static/rest_framework/js/jquery-3.5.1.min.js"></script>
+        <script src="static/rest_framework/js/bootstrap.min.js"></script>
+    </body>
+    </html>

roles/installer/templates/deployments/web.yaml.j2

@@ -28,12 +28,15 @@ spec:
       annotations:
         kubectl.kubernetes.io/default-container: '{{ ansible_operator_meta.name }}-web'
 {% for template in [
-    "configmaps/config",
-    "secrets/app_credentials",
-    "storage/persistent",
+    "configmaps/config.yaml",
+    "secrets/app_credentials.yaml",
+    "storage/persistent.yaml",
   ] %}
-        checksum-{{ template | replace('/', '-') }}: "{{ lookup('template', template + '.yaml.j2') | sha1 }}"
+        checksum-{{ template | replace('/', '-') }}: "{{ lookup('template', template + '.j2') | sha1 }}"
 {% endfor %}
+{% if public_base_url is defined %}
+        checksum-configmaps-redirect-page.configmap.html: "{{ lookup('template', 'configmaps/redirect-page.configmap.html.j2') | sha1 }}"
+{% endif %}
 {% for secret in [
     "bundle_cacert",
     "route_tls",
@@ -197,6 +200,11 @@ spec:
             timeoutSeconds: {{ web_readiness_timeout }}
 {% endif %}
           volumeMounts:
+{% if public_base_url is defined %}
+            - name: redirect-page
+              mountPath: '/var/lib/awx/venv/awx/lib/python3.11/site-packages/awx/ui/build/index.html'
+              subPath: redirect-page.html
+{% endif %}
 {% if bundle_ca_crt %}
             - name: "ca-trust-extracted"
               mountPath: "/etc/pki/ca-trust/extracted"
@@ -375,6 +383,14 @@ spec:
         {{ security_context_settings | to_nice_yaml | indent(8) }}
 {% endif %}
       volumes:
+{% if public_base_url is defined %}
+        - name: redirect-page
+          configMap:
+            name: '{{ ansible_operator_meta.name }}-redirect-page'
+            items:
+              - key: redirect-page.html
+                path: redirect-page.html
+{% endif %}
         - name: "{{ ansible_operator_meta.name }}-receptor-ca"
           secret:
             secretName: "{{ ansible_operator_meta.name }}-receptor-ca"