Skip to content

Commit

Permalink
feat: bump AWX Operator version to 0.22.0
Browse files Browse the repository at this point in the history
  • Loading branch information
@kurokobo
kurokobo committed Jun 8, 2022
1 parent bc7b0b8 commit 5ed8dd0
Show file tree
Hide file tree
Showing 18 changed files with 169 additions and 128 deletions.
15 changes: 8 additions & 7 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,17 +27,17 @@ An example implementation of AWX on single node K3s using AWX Operator, with eas

- Tested on:
- CentOS Stream 8 (Minimal)
- K3s v1.22.7+k3s1
- K3s v1.23.6+k3s1
- Products that will be deployed:
- AWX Operator 0.21.0
- AWX 21.0.0
- AWX Operator 0.22.0
- AWX 21.1.0
- PostgreSQL 12

## References

- [K3s - Lightweight Kubernetes](https://rancher.com/docs/k3s/latest/en/)
- [INSTALL.md on ansible/awx](https://github.com/ansible/awx/blob/21.0.0/INSTALL.md) @21.0.0
- [README.md on ansible/awx-operator](https://github.com/ansible/awx-operator/blob/0.21.0/README.md) @0.21.0
- [INSTALL.md on ansible/awx](https://github.com/ansible/awx/blob/21.1.0/INSTALL.md) @21.1.0
- [README.md on ansible/awx-operator](https://github.com/ansible/awx-operator/blob/0.22.0/README.md) @0.22.0

## Requirements

Expand Down Expand Up @@ -83,7 +83,7 @@ Install specified version of AWX Operator. Note that this procedure is applicabl
cd ~
git clone https://github.com/ansible/awx-operator.git
cd awx-operator
git checkout 0.21.0
git checkout 0.22.0
```

Export the name of the namespace where you want to deploy AWX Operator as the environment variable `NAMESPACE` and run `make deploy`. The default namespace is `awx`.
Expand Down Expand Up @@ -230,6 +230,7 @@ secret/awx-operator-controller-manager-token-sz6wq kubernetes.io/service-accou
secret/awx-admin-password Opaque 1 4m17s
secret/awx-postgres-configuration Opaque 6 4m17s
secret/awx-secret-tls kubernetes.io/tls 2 4m17s
secret/redhat-operators-pull-secret kubernetes.io/dockerconfigjson 1 4m17s
secret/awx-app-credentials Opaque 3 4m2s
secret/awx-token-jfndh kubernetes.io/service-account-token 3 4m2s
secret/awx-secret-key Opaque 1 4m13s
Expand Down Expand Up @@ -277,7 +278,7 @@ Refer [📁 **Back up AWX using AWX Operator**](backup) and [📁 **Restore AWX
- [📝Trust custom Certificate Authority](tips/trust-custom-ca.md)
- [📝Expose `/etc/hosts` to Pods on K3s](tips/expose-hosts.md)
- [📝Redirect HTTP to HTTPS](tips/https-redirection.md)
- [📝Add HTTP Proxy](tips/add-http-proxy.md)
- [📝Use HTTP proxy](tips/use-http-proxy.md)
- [📝Uninstall deployed resouces](tips/uninstall.md)
- [📝Deploy older version of AWX Operator](tips/deploy-older-operator.md)
- [📝Upgrade AWX Operator and AWX](tips/upgrade-operator.md)
Expand Down
6 changes: 0 additions & 6 deletions backup/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,12 +86,6 @@ total 736
-rw-------. 1 systemd-coredump root 745302 Jun 6 06:51 tower.db
```

Note that if you are using AWX Operator `0.12.0` or earlier, the contents of the Secret that passed through `ingress_tls_secret` parameter will not be included in this backup files. If necessary, get a dump of this Secret, or keep original certificate file and key file. In `0.13.0` or later, this secret is included in the backup file therefore you can ignore this step.

```bash
kubectl get secret awx-secret-tls -n awx -o yaml > awx-secret-tls.yaml
```

## Appendix: Back up AWX using Ansible

An example simple playbook for Ansible is also provided in this repository. This can be used with `ansible-playbook`, `ansible-runner`, and AWX. It can be also used with the scheduling feature on AWX too.
Expand Down
4 changes: 2 additions & 2 deletions backup/ansible/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ An example simple playbook for Ansible is also provided in this repository. This
| - | - | - |
| `awxbackup_namespace` | The name of the NameSpace where the `AWXBackup` resource will be created. | `awx` |
| `awxbackup_name` | The name of the `AWXBackup` resource. Dynamically generated using execution time by default. | `awxbackup-{{ lookup('pipe', 'date +%Y-%m-%d-%H-%M-%S') }}` |
| `awxbackup_spec` | The `spec` of the `AWXBackup` resource. Refer [official documentation](https://github.com/ansible/awx-operator/tree/0.21.0/roles/backup) for acceptable fields. | `{'deployment_name':'awx','backup_pvc':'awx-backup-claim'}` |
| `awxbackup_spec` | The `spec` of the `AWXBackup` resource. Refer [official documentation](https://github.com/ansible/awx-operator/tree/0.22.0/roles/backup) for acceptable fields. | `{'deployment_name':'awx','backup_pvc':'awx-backup-claim'}` |
| `awxbackup_timeout` | Time to wait for backup to complete, in seconds. If exceeded, the playbook will fail. | `600` |
| `awxbackup_keep_days` | Number of days to keep `AWXBackup` resources. `AWXBackup` resources older than this value will be deleted by this playbook. Set `0` to keep forever. **Note that the actual backup data will remain in the PVC after the `AWXBackup` resource is deleted.** | `30` |

Expand All @@ -53,7 +53,7 @@ Obtain the API Token which required to authenticate the Kubernetes API. This tok

```bash
$ SECRET=$(kubectl -n ${NAMESPACE} get sa awx-backup -o jsonpath='{.secrets[0].name}')
$ kubectl -n awx get secret ${SECRET} -o jsonpath='{.data.token}' | base64 -d
$ kubectl -n ${NAMESPACE} get secret ${SECRET} -o jsonpath='{.data.token}' | base64 -d
eyJhbGciOiJSUzI...hcGsPI5MzmaMHQvw
```

Expand Down
8 changes: 4 additions & 4 deletions base/awx.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,10 @@ metadata:
name: awx
spec:
# These parameters are designed for use with:
# - AWX Operator: 0.21.0
# https://github.com/ansible/awx-operator/blob/0.21.0/README.md
# - AWX: 21.0.0
# https://github.com/ansible/awx/blob/21.0.0/INSTALL.md
# - AWX Operator: 0.22.0
# https://github.com/ansible/awx-operator/blob/0.22.0/README.md
# - AWX: 21.1.0
# https://github.com/ansible/awx/blob/21.1.0/INSTALL.md

admin_user: admin
admin_password_secret: awx-admin-password
Expand Down
2 changes: 1 addition & 1 deletion base/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ secretGenerator:
literals:
- password=Ansible123!

# Temporary workaround to suppress errors from AWX Operator 0.21.0.
# Temporary workaround to suppress errors from AWX Operator 0.22.0.
# Refer: https://github.com/kurokobo/awx-on-k3s/issues/74
- name: redhat-operators-pull-secret
files:
Expand Down
4 changes: 2 additions & 2 deletions builder/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,8 @@ This repository includes ready-to-use files as an example to use Ansible Builder

- CentOS Stream 8 (Minimal)
- Python 3.9
- Docker 20.10.12
- Ansible Builder 1.0.1
- Docker 20.10.17
- Ansible Builder 1.1.0

## Install

Expand Down
93 changes: 46 additions & 47 deletions galaxy/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -180,7 +180,7 @@ There is a Kubernetes Operator for Pulp 3 named Pulp Operator.

- [pulp/pulp-operator: Kubernetes Operator for Pulp 3](https://github.com/pulp/pulp-operator)

This project is still under active development and there is no support, however, at least the code to create a new instance seems to be implemented. In this procedure, we use [Pulp Operator 0.8.0](https://github.com/pulp/pulp-operator/tree/0.8.0)
This project is still under active development and there is no support, however, at least the code to create a new instance seems to be implemented. In this procedure, we use [Pulp Operator 0.11.0](https://github.com/pulp/pulp-operator/tree/0.11.0)

### Patch K3s

Expand Down Expand Up @@ -208,7 +208,7 @@ Install specified version of Pulp Operator.
cd ~
git clone https://github.com/pulp/pulp-operator.git
cd pulp-operator
git checkout 0.8.0
git checkout 0.11.0
```

Export the name of the namespace where you want to deploy Pulp Operator as the environment variable `NAMESPACE` and run `make deploy`. The default namespace is `pulp-operator-system`.
Expand Down Expand Up @@ -314,66 +314,65 @@ $ kubectl -n galaxy logs -f deployments/pulp-operator-controller-manager -c pulp
...
----- Ansible Task Status Event StdOut (pulp.pulpproject.org/v1beta1, Kind=Pulp, galaxy/galaxy) -----
PLAY RECAP *********************************************************************
localhost : ok=75 changed=0 unreachable=0 failed=0 skipped=62 rescued=0 ignored=0
localhost : ok=84 changed=0 unreachable=0 failed=0 skipped=67 rescued=0 ignored=0
```

Required objects has been deployed next to Pulp Operator in `galaxy` namespace.

```bash
$ kubectl -n galaxy get pulp,all,ingress,secrets
NAME AGE
pulp.pulp.pulpproject.org/galaxy 3m58s
pulp.pulp.pulpproject.org/galaxy 4m48s
NAME READY STATUS RESTARTS AGE
pod/pulp-operator-controller-manager-9b8644f46-plw72 2/2 Running 0 4m37s
pod/galaxy-redis-65c899f464-c6dhb 1/1 Running 0 3m50s
pod/galaxy-postgres-0 1/1 Running 0 3m53s
pod/galaxy-content-76f68bb68f-6tn2q 1/1 Running 0 3m37s
pod/galaxy-worker-76c986fd54-qjg28 1/1 Running 0 3m36s
pod/galaxy-api-76985868c8-vjwks 1/1 Running 0 3m39s
pod/galaxy-web-67cc96d8d6-644dh 1/1 Running 0 3m48s
pod/galaxy-resource-manager-64dbf49746-jcsfs 1/1 Running 0 118s
NAME READY STATUS RESTARTS AGE
pod/pulp-operator-controller-manager-74d4f59ddb-mtwzq 2/2 Running 0 5m4s
pod/galaxy-postgres-13-0 1/1 Running 0 4m31s
pod/galaxy-redis-6f79b47f66-4dg75 1/1 Running 0 4m5s
pod/galaxy-content-57fd45b97c-mxkdx 1/1 Running 0 3m39s
pod/galaxy-worker-6fcbd5ff47-b2h6v 1/1 Running 0 3m37s
pod/galaxy-api-5cf69c85d-vc6z8 1/1 Running 0 3m43s
pod/galaxy-web-5f7bc488fb-69mbk 1/1 Running 0 4m22s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/pulp-operator-controller-manager-metrics-service ClusterIP 10.43.173.114 <none> 8443/TCP 4m37s
service/galaxy-postgres-svc ClusterIP None <none> 5432/TCP 3m53s
service/galaxy-redis-svc ClusterIP 10.43.29.57 <none> 6379/TCP 3m51s
service/galaxy-web-svc ClusterIP 10.43.245.204 <none> 24880/TCP 3m47s
service/galaxy-api-svc ClusterIP 10.43.146.254 <none> 24817/TCP 3m40s
service/galaxy-content-svc ClusterIP 10.43.214.64 <none> 24816/TCP 3m38s
service/pulp-operator-controller-manager-metrics-service ClusterIP 10.43.145.99 <none> 8443/TCP 5m4s
service/galaxy-postgres-13 ClusterIP None <none> 5432/TCP 4m31s
service/galaxy-web-svc ClusterIP 10.43.17.192 <none> 24880/TCP 4m21s
service/galaxy-redis-svc ClusterIP 10.43.58.131 <none> 6379/TCP 4m7s
service/galaxy-api-svc ClusterIP 10.43.106.139 <none> 24817/TCP 3m52s
service/galaxy-content-svc ClusterIP 10.43.154.10 <none> 24816/TCP 3m41s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/pulp-operator-controller-manager 1/1 1 1 4m37s
deployment.apps/galaxy-redis 1/1 1 1 3m50s
deployment.apps/galaxy-content 1/1 1 1 3m37s
deployment.apps/galaxy-worker 1/1 1 1 3m36s
deployment.apps/galaxy-api 1/1 1 1 3m39s
deployment.apps/galaxy-web 1/1 1 1 3m48s
deployment.apps/galaxy-resource-manager 1/1 1 1 118s
NAME DESIRED CURRENT READY AGE
replicaset.apps/pulp-operator-controller-manager-9b8644f46 1 1 1 4m37s
replicaset.apps/galaxy-redis-65c899f464 1 1 1 3m50s
replicaset.apps/galaxy-content-76f68bb68f 1 1 1 3m37s
replicaset.apps/galaxy-worker-76c986fd54 1 1 1 3m36s
replicaset.apps/galaxy-api-76985868c8 1 1 1 3m39s
replicaset.apps/galaxy-web-67cc96d8d6 1 1 1 3m48s
replicaset.apps/galaxy-resource-manager-64dbf49746 1 1 1 118s
NAME READY AGE
statefulset.apps/galaxy-postgres 1/1 3m53s
deployment.apps/pulp-operator-controller-manager 1/1 1 1 5m4s
deployment.apps/galaxy-redis 1/1 1 1 4m5s
deployment.apps/galaxy-content 1/1 1 1 3m39s
deployment.apps/galaxy-worker 1/1 1 1 3m37s
deployment.apps/galaxy-api 1/1 1 1 3m43s
deployment.apps/galaxy-web 1/1 1 1 4m22s
NAME DESIRED CURRENT READY AGE
replicaset.apps/pulp-operator-controller-manager-74d4f59ddb 1 1 1 5m4s
replicaset.apps/galaxy-redis-6f79b47f66 1 1 1 4m5s
replicaset.apps/galaxy-content-57fd45b97c 1 1 1 3m39s
replicaset.apps/galaxy-worker-6fcbd5ff47 1 1 1 3m37s
replicaset.apps/galaxy-api-5cf69c85d 1 1 1 3m43s
replicaset.apps/galaxy-web-5f7bc488fb 1 1 1 4m22s
NAME READY AGE
statefulset.apps/galaxy-postgres-13 1/1 4m31s
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress.networking.k8s.io/galaxy-ingress <none> galaxy.example.com 192.168.0.100 80, 443 3m50s
ingress.networking.k8s.io/galaxy-ingress <none> galaxy.example.com 192.168.0.100 80, 443 4m19s
NAME TYPE DATA AGE
secret/default-token-vsnlj kubernetes.io/service-account-token 3 4m37s
secret/pulp-operator-sa-token-smzj2 kubernetes.io/service-account-token 3 4m37s
secret/galaxy-admin-password Opaque 1 3m58s
secret/galaxy-postgres-configuration Opaque 6 3m58s
secret/galaxy-secret-tls kubernetes.io/tls 2 3m58s
secret/galaxy-server Opaque 1 3m44s
secret/galaxy-db-fields-encryption Opaque 1 3m41s
secret/default-token-lhlds kubernetes.io/service-account-token 3 5m4s
secret/pulp-operator-sa-token-45zqf kubernetes.io/service-account-token 3 5m4s
secret/galaxy-admin-password Opaque 1 4m48s
secret/galaxy-postgres-configuration Opaque 6 4m48s
secret/galaxy-secret-tls kubernetes.io/tls 2 4m48s
secret/redhat-operators-pull-secret Opaque 1 4m40s
secret/galaxy-server Opaque 1 4m3s
secret/galaxy-db-fields-encryption Opaque 1 3m54s
secret/galaxy-container-auth Opaque 2 3m47s
```

Now your AWX is available at `https://galaxy.example.com/` or the hostname you specified. You can log in to the GUI by user `admin` with password you specified in `pulp/kustomization.yaml`.
Expand Down Expand Up @@ -475,7 +474,7 @@ ansible-galaxy collection build

Then create `demo` namespace on Galaxy NG, and publish your collection.

Note that you can get appropriate URL for `--server` from `Collections` > `Namespaces` > `View collections` > `CLI Configuration` per collections. Your token is available at `Collections` > `API Token`.
Note that you can get appropriate URL for `--server` from `Collections` > `Namespaces` > `View collections` > `CLI Configuration` per collections. Your token is available at `Collections` > `API token management` > `Load token`.

```bash
ansible-galaxy collection publish \
Expand Down
12 changes: 6 additions & 6 deletions galaxy/pulp/galaxy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,15 +4,15 @@ metadata:
name: galaxy
spec:
# These parameters are designed for use with:
# - Pulp Operator: 0.8.0
# https://github.com/pulp/pulp-operator/blob/0.8.0/README.md
# - Galaxy NG: 4.4.2
# https://github.com/ansible/galaxy_ng/tree/4.4.2
# - Pulp Operator: 0.11.0
# https://github.com/pulp/pulp-operator/blob/0.11.0/README.md
# - Galaxy NG: 4.5.0
# https://github.com/ansible/galaxy_ng/tree/4.5.0

image: quay.io/pulp/galaxy
image_version: 4.4.2
image_version: 4.5.0
image_web: quay.io/pulp/galaxy-web
image_web_version: 4.4.2
image_web_version: 4.5.0

admin_password_secret: galaxy-admin-password

Expand Down
3 changes: 1 addition & 2 deletions galaxy/pulp/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ secretGenerator:
- name: galaxy-postgres-configuration
type: Opaque
literals:
- host=galaxy-postgres-svc
- host=galaxy-postgres-13
- port=5432
- database=galaxy
- username=galaxy
Expand All @@ -29,6 +29,5 @@ secretGenerator:
- password=Galaxy123!

resources:
- namespace.yaml
- pv.yaml
- galaxy.yaml
5 changes: 0 additions & 5 deletions galaxy/pulp/namespace.yaml
View file

This file was deleted.

6 changes: 0 additions & 6 deletions restore/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,9 +112,3 @@ $ kubectl -n awx get awxrestore
NAME AGE
awxrestore-2021-06-06 137m
```

Note that if you are using AWX Operator `0.12.0` or earlier, the Secret for TLS should be manually restored (or create newly using original certificate and key file). This step is not required for `0.13.0` or later.

```bash
kubectl apply -f awx-secret-tls.yaml
```
7 changes: 0 additions & 7 deletions restore/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,6 @@ namespace: awx
generatorOptions:
disableNameSuffixHash: true

#secretGenerator:
# - name: awx-secret-tls
# type: kubernetes.io/tls
# files:
# - tls.crt
# - tls.key

resources:
- pv.yaml
- pvc.yaml
4 changes: 2 additions & 2 deletions runner/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,8 @@ This repository includes ready-to-use files as an example to run Ansible Runner.

- CentOS Stream 8 (Minimal)
- Python 3.9
- Docker 20.10.12
- Ansible Runner 2.1.3
- Docker 20.10.17
- Ansible Runner 2.2.0

## Install

Expand Down
2 changes: 1 addition & 1 deletion tips/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
- [📝Trust custom Certificate Authority](trust-custom-ca.md)
- [📝Expose `/etc/hosts` to Pods on K3s](expose-hosts.md)
- [📝Redirect HTTP to HTTPS](https-redirection.md)
- [📝Add HTTP Proxy](add-http-proxy.md)
- [📝Use HTTP proxy](use-http-proxy.md)
- [📝Uninstall deployed resouces](uninstall.md)
- [📝Deploy older version of AWX Operator](deploy-older-operator.md)
- [📝Upgrade AWX Operator and AWX](upgrade-operator.md)
Expand Down
Loading

0 comments on commit 5ed8dd0

Please sign in to comment.