From 35d49540273b2d97b0477309e572063439c6c994 Mon Sep 17 00:00:00 2001 From: Alexander Stock Date: Thu, 23 Jun 2022 15:05:05 +0200 Subject: [PATCH] added auto_update flag --- README.md | 38 +++++++++ config/crd/bases/awx.ansible.com_awxs.yaml | 4 + roles/installer/defaults/main.yml | 4 + roles/installer/tasks/install.yml | 88 ++++++++++++++++++++ roles/installer/tasks/main.yml | 95 +++------------------- 5 files changed, 144 insertions(+), 85 deletions(-) create mode 100644 roles/installer/tasks/install.yml diff --git a/README.md b/README.md index b4d2cdb2e..b753a18cd 100644 --- a/README.md +++ b/README.md @@ -45,6 +45,8 @@ An [Ansible AWX](https://github.com/ansible/awx) operator for Kubernetes built w * [Session Cookie Secure Setting](#session-cookie-secure-setting) * [Extra Settings](#extra-settings) * [Configure no_log](#no-log) + * [Auto Upgrade](#auto-upgrade) + * [Upgrade of instances without auto upgrade](#upgrade-of-instances-without-auto-upgrade) * [Service Account](#service-account) * [Uninstall](#uninstall) * [Upgrading](#upgrading) @@ -1034,6 +1036,42 @@ Example configuration of `no_log` parameter no_log: 'true' ``` +#### Auto upgrade +With this parameter you can influence the behaviour during an operator upgrade. +If set to `true`, the operator will upgrade the specific instance directly. +When the value is set to `false`, and we have a running deployment, the operator will not update the AWX instance. +This can be useful when you have multiple AWX instances which you want to upgrade step by step instead of all at once. + + +| Name | Description | Default | +| -------------| ---------------------------------- | ------- | +| auto_upgrade | Automatic upgrade of AWX instances | true | + +Example configuration of `auto_upgrade` parameter + +```yaml + spec: + auto_upgrade: true +``` + +##### Upgrade of instances without auto upgrade + +There are two ways to upgrade instances which are marked with the 'auto_upgrade: false' flag. + +Changing flags: + +- change the auto_upgrade flag on your AWX object to true +- wait until the upgrade process of that instance is finished +- change the auto_upgrade flag on your AWX object back to false + +Delete the deployment: + +- delete the deployment object of your AWX instance +``` +$ kubectl -n awx delete deployment +``` +- wait until the instance gets redeployed + #### Service Account diff --git a/config/crd/bases/awx.ansible.com_awxs.yaml b/config/crd/bases/awx.ansible.com_awxs.yaml index 33936cfdf..284338434 100644 --- a/config/crd/bases/awx.ansible.com_awxs.yaml +++ b/config/crd/bases/awx.ansible.com_awxs.yaml @@ -489,6 +489,10 @@ spec: description: Key/values that will be set under the pod-level securityContext field type: object x-kubernetes-preserve-unknown-fields: true + auto_upgrade: + description: Should AWX instances be automatically upgraded when operator gets upgraded + type: boolean + default: true type: object status: properties: diff --git a/roles/installer/defaults/main.yml b/roles/installer/defaults/main.yml index b528c7421..1e0595a7d 100644 --- a/roles/installer/defaults/main.yml +++ b/roles/installer/defaults/main.yml @@ -284,3 +284,7 @@ security_context_settings: {} # Set no_log settings on certain tasks no_log: 'true' + +# Should AWX instances be automatically upgraded when operator gets upgraded +# +auto_upgrade: true diff --git a/roles/installer/tasks/install.yml b/roles/installer/tasks/install.yml new file mode 100644 index 000000000..85ea1ec33 --- /dev/null +++ b/roles/installer/tasks/install.yml @@ -0,0 +1,88 @@ +--- +- name: Patching labels to AWX kind + k8s: + state: present + definition: + apiVersion: '{{ api_version }}' + kind: '{{ kind }}' + name: '{{ ansible_operator_meta.name }}' + namespace: '{{ ansible_operator_meta.namespace }}' + metadata: + name: '{{ ansible_operator_meta.name }}' + namespace: '{{ ansible_operator_meta.namespace }}' + labels: + app.kubernetes.io/name: '{{ ansible_operator_meta.name }}' + app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' + app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' + app.kubernetes.io/component: '{{ deployment_type }}' + app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' + +- name: Include secret key configuration tasks + include_tasks: secret_key_configuration.yml + +- name: Load LDAP CAcert certificate + include_tasks: load_ldap_cacert_secret.yml + when: + - ldap_cacert_secret != '' + +- name: Load ldap bind password + include_tasks: load_ldap_password_secret.yml + when: + - ldap_password_secret != '' + +- name: Load bundle certificate authority certificate + include_tasks: load_bundle_cacert_secret.yml + when: + - bundle_cacert_secret != '' + +- name: Include admin password configuration tasks + include_tasks: admin_password_configuration.yml + +- name: Include broadcast websocket configuration tasks + include_tasks: broadcast_websocket_configuration.yml + +- name: Include set_images tasks + include_tasks: set_images.yml + +- name: Include database configuration tasks + include_tasks: database_configuration.yml + +- name: Load Route TLS certificate + include_tasks: load_route_tls_secret.yml + when: + - ingress_type | lower == 'route' + - route_tls_secret != '' + +- name: Include resources configuration tasks + include_tasks: resources_configuration.yml + +- name: Check for pending migrations + k8s_exec: + namespace: "{{ ansible_operator_meta.namespace }}" + pod: "{{ tower_pod_name }}" + container: "{{ ansible_operator_meta.name }}-task" + command: >- + bash -c "awx-manage showmigrations | grep -v '[X]' | grep '[ ]' | wc -l" + changed_when: false + register: database_check + +- name: Migrate the database if the K8s resources were updated. # noqa 305 + k8s_exec: + namespace: "{{ ansible_operator_meta.namespace }}" + pod: "{{ tower_pod_name }}" + container: "{{ ansible_operator_meta.name }}-task" + command: >- + bash -c "awx-manage migrate --noinput" + register: migrate_result + when: + - database_check is defined + - (database_check.stdout|trim) != '0' + +- name: Initialize Django + include_tasks: initialize_django.yml + +- name: Update status variables + include_tasks: update_status.yml + +- name: Cleanup & Set garbage collection refs + include_tasks: cleanup.yml diff --git a/roles/installer/tasks/main.yml b/roles/installer/tasks/main.yml index 85ea1ec33..847c20581 100644 --- a/roles/installer/tasks/main.yml +++ b/roles/installer/tasks/main.yml @@ -1,88 +1,13 @@ --- -- name: Patching labels to AWX kind - k8s: - state: present - definition: - apiVersion: '{{ api_version }}' - kind: '{{ kind }}' - name: '{{ ansible_operator_meta.name }}' - namespace: '{{ ansible_operator_meta.namespace }}' - metadata: - name: '{{ ansible_operator_meta.name }}' - namespace: '{{ ansible_operator_meta.namespace }}' - labels: - app.kubernetes.io/name: '{{ ansible_operator_meta.name }}' - app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' - app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' - app.kubernetes.io/component: '{{ deployment_type }}' - app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' - -- name: Include secret key configuration tasks - include_tasks: secret_key_configuration.yml - -- name: Load LDAP CAcert certificate - include_tasks: load_ldap_cacert_secret.yml - when: - - ldap_cacert_secret != '' - -- name: Load ldap bind password - include_tasks: load_ldap_password_secret.yml - when: - - ldap_password_secret != '' - -- name: Load bundle certificate authority certificate - include_tasks: load_bundle_cacert_secret.yml - when: - - bundle_cacert_secret != '' - -- name: Include admin password configuration tasks - include_tasks: admin_password_configuration.yml - -- name: Include broadcast websocket configuration tasks - include_tasks: broadcast_websocket_configuration.yml - -- name: Include set_images tasks - include_tasks: set_images.yml - -- name: Include database configuration tasks - include_tasks: database_configuration.yml - -- name: Load Route TLS certificate - include_tasks: load_route_tls_secret.yml - when: - - ingress_type | lower == 'route' - - route_tls_secret != '' - -- name: Include resources configuration tasks - include_tasks: resources_configuration.yml - -- name: Check for pending migrations - k8s_exec: +- name: Check for presence of Deployment + k8s_info: + api_version: v1 + kind: Deployment + name: "{{ ansible_operator_meta.name }}" namespace: "{{ ansible_operator_meta.namespace }}" - pod: "{{ tower_pod_name }}" - container: "{{ ansible_operator_meta.name }}-task" - command: >- - bash -c "awx-manage showmigrations | grep -v '[X]' | grep '[ ]' | wc -l" - changed_when: false - register: database_check - -- name: Migrate the database if the K8s resources were updated. # noqa 305 - k8s_exec: - namespace: "{{ ansible_operator_meta.namespace }}" - pod: "{{ tower_pod_name }}" - container: "{{ ansible_operator_meta.name }}-task" - command: >- - bash -c "awx-manage migrate --noinput" - register: migrate_result - when: - - database_check is defined - - (database_check.stdout|trim) != '0' - -- name: Initialize Django - include_tasks: initialize_django.yml - -- name: Update status variables - include_tasks: update_status.yml + register: tower_deployment -- name: Cleanup & Set garbage collection refs - include_tasks: cleanup.yml +# Just execute deployment steps when auto_upgrade is true or when no deployment exists +- name: Start installation + include_tasks: install.yml + when: (tower_deployment['resources'] | length > 0 and auto_upgrade | bool ) or (tower_deployment['resources'] | length == 0)