diff --git a/README.md b/README.md index a4e6471..8a2bfae 100644 --- a/README.md +++ b/README.md @@ -29,17 +29,17 @@ An example implementation of AWX on single node K3s using AWX Operator, with eas - Tested on: - CentOS Stream 8 (Minimal) - - K3s v1.25.7+k3s1 + - K3s v1.26.3+k3s1 - Products that will be deployed: - - AWX Operator 1.4.0 - - AWX 21.14.0 + - AWX Operator 2.0.0 + - AWX 22.0.0 - PostgreSQL 13 ## References - [K3s - Lightweight Kubernetes](https://docs.k3s.io/) -- [INSTALL.md on ansible/awx](https://github.com/ansible/awx/blob/21.14.0/INSTALL.md) @21.14.0 -- [README.md on ansible/awx-operator](https://github.com/ansible/awx-operator/blob/1.4.0/README.md) @1.4.0 +- [INSTALL.md on ansible/awx](https://github.com/ansible/awx/blob/22.0.0/INSTALL.md) @22.0.0 +- [README.md on ansible/awx-operator](https://github.com/ansible/awx-operator/blob/2.0.0/README.md) @2.0.0 ## Requirements @@ -90,7 +90,7 @@ Install specified version of AWX Operator. Note that this procedure is applicabl cd ~ git clone https://github.com/ansible/awx-operator.git cd awx-operator -git checkout 1.4.0 +git checkout 2.0.0 ``` Export the name of the namespace where you want to deploy AWX Operator as the environment variable `NAMESPACE` and run `make deploy`. The default namespace is `awx`. @@ -127,7 +127,7 @@ If you want to use files suitable for the specific version of AWX Operator, [ref cd ~ git clone https://github.com/kurokobo/awx-on-k3s.git cd awx-on-k3s -git checkout 1.4.0 +git checkout 2.0.0 ``` Generate a Self-Signed certificate. Note that IP address can't be specified. If you want to use a certificate from public ACME CA such as Let's Encrypt or ZeroSSL instead of Self-Signed certificate, follow the guide on [📁 **Use SSL Certificate from Public ACME CA**](acme) first and come back to this step when done. @@ -200,7 +200,7 @@ $ kubectl -n awx logs -f deployments/awx-operator-controller-manager ... ----- Ansible Task Status Event StdOut (awx.ansible.com/v1beta1, Kind=AWX, awx/awx) ----- PLAY RECAP ********************************************************************* -localhost : ok=80 changed=0 unreachable=0 failed=0 skipped=78 rescued=0 ignored=1 +localhost : ok=83 changed=0 unreachable=0 failed=0 skipped=79 rescued=0 ignored=1 ``` Required objects has been deployed next to AWX Operator in `awx` namespace. @@ -208,42 +208,45 @@ Required objects has been deployed next to AWX Operator in `awx` namespace. ```bash $ kubectl -n awx get awx,all,ingress,secrets NAME AGE -awx.awx.ansible.com/awx 5m +awx.awx.ansible.com/awx 6m15s NAME READY STATUS RESTARTS AGE -pod/awx-operator-controller-manager-5d5d58758c-7xcrl 2/2 Running 0 5m35s -pod/awx-postgres-13-0 1/1 Running 0 4m46s -pod/awx-5b859c644-zp6x5 4/4 Running 0 4m26s +pod/awx-operator-controller-manager-57867569c4-ggl29 2/2 Running 0 6m50s +pod/awx-postgres-13-0 1/1 Running 0 5m56s +pod/awx-task-5d8cd9b6b9-8ptjt 4/4 Running 0 5m25s +pod/awx-web-66f89bc9cf-6zck5 3/3 Running 0 4m39s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE -service/awx-operator-controller-manager-metrics-service ClusterIP 10.43.229.20 8443/TCP 5m45s -service/awx-postgres-13 ClusterIP None 5432/TCP 4m46s -service/awx-service ClusterIP 10.43.135.205 80/TCP 4m28s +service/awx-operator-controller-manager-metrics-service ClusterIP 10.43.18.30 8443/TCP 7m +service/awx-postgres-13 ClusterIP None 5432/TCP 5m55s +service/awx-service ClusterIP 10.43.237.218 80/TCP 5m28s NAME READY UP-TO-DATE AVAILABLE AGE -deployment.apps/awx-operator-controller-manager 1/1 1 1 5m45s -deployment.apps/awx 1/1 1 1 4m26s +deployment.apps/awx-operator-controller-manager 1/1 1 1 7m +deployment.apps/awx-task 1/1 1 1 5m25s +deployment.apps/awx-web 1/1 1 1 4m39s NAME DESIRED CURRENT READY AGE -replicaset.apps/awx-operator-controller-manager-5d5d58758c 1 1 1 5m35s -replicaset.apps/awx-5b859c644 1 1 1 4m26s +replicaset.apps/awx-operator-controller-manager-57867569c4 1 1 1 6m50s +replicaset.apps/awx-task-5d8cd9b6b9 1 1 1 5m25s +replicaset.apps/awx-web-66f89bc9cf 1 1 1 4m39s NAME READY AGE -statefulset.apps/awx-postgres-13 1/1 4m46s +statefulset.apps/awx-postgres-13 1/1 5m56s -NAME CLASS HOSTS ADDRESS PORTS AGE -ingress.networking.k8s.io/awx-ingress awx.example.com 192.168.0.219 80, 443 4m27s +NAME CLASS HOSTS ADDRESS PORTS AGE +ingress.networking.k8s.io/awx-ingress traefik awx.example.com 192.168.0.219 80, 443 5m27s NAME TYPE DATA AGE -secret/awx-admin-password Opaque 1 5m -secret/awx-postgres-configuration Opaque 6 5m -secret/awx-secret-tls kubernetes.io/tls 2 3m54s -secret/redhat-operators-pull-secret Opaque 1 4m30s -secret/awx-app-credentials Opaque 3 4m30s -secret/awx-secret-key Opaque 1 4m55s -secret/awx-broadcast-websocket Opaque 1 4m52s -secret/awx-receptor-ca Opaque 2 4m26s -secret/awx-receptor-work-signing Opaque 2 4m29s +secret/awx-admin-password Opaque 1 6m15s +secret/awx-postgres-configuration Opaque 6 6m15s +secret/awx-secret-tls kubernetes.io/tls 2 6m15s +secret/redhat-operators-pull-secret Opaque 1 6m11s +secret/awx-app-credentials Opaque 3 5m30s +secret/awx-secret-key Opaque 1 6m6s +secret/awx-broadcast-websocket Opaque 1 6m2s +secret/awx-receptor-ca kubernetes.io/tls 2 5m37s +secret/awx-receptor-work-signing Opaque 2 5m33s ``` Now your AWX is available at `https://awx.example.com/` or the hostname you specified. diff --git a/backup/ansible/README.md b/backup/ansible/README.md index f8cdce5..3d573fd 100644 --- a/backup/ansible/README.md +++ b/backup/ansible/README.md @@ -32,7 +32,7 @@ An example simple playbook for Ansible is also provided in this repository. This | - | - | - | | `awxbackup_namespace` | The name of the NameSpace where the `AWXBackup` resource will be created. | `awx` | | `awxbackup_name` | The name of the `AWXBackup` resource. Dynamically generated using execution time by default. | `awxbackup-{{ lookup('pipe', 'date +%Y-%m-%d-%H-%M-%S') }}` | -| `awxbackup_spec` | The `spec` of the `AWXBackup` resource. Refer [official documentation](https://github.com/ansible/awx-operator/tree/1.4.0/roles/backup) for acceptable fields. | `deployment_name: awx`
`backup_pvc: awx-backup-claim`
`clean_backup_on_delete: true` | +| `awxbackup_spec` | The `spec` of the `AWXBackup` resource. Refer [official documentation](https://github.com/ansible/awx-operator/tree/2.0.0/roles/backup) for acceptable fields. | `deployment_name: awx`
`backup_pvc: awx-backup-claim`
`clean_backup_on_delete: true` | | `awxbackup_timeout` | Time to wait for backup to complete, in seconds. If exceeded, the playbook will fail. | `600` | | `awxbackup_keep_days` | Number of days to keep `AWXBackup` resources. `AWXBackup` resources older than this value will be deleted by this playbook. Set `0` to keep forever. | `30` | diff --git a/base/awx.yaml b/base/awx.yaml index 8d6b52f..32f908c 100644 --- a/base/awx.yaml +++ b/base/awx.yaml @@ -5,10 +5,10 @@ metadata: name: awx spec: # These parameters are designed for use with: - # - AWX Operator: 1.4.0 - # https://github.com/ansible/awx-operator/blob/1.4.0/README.md - # - AWX: 21.14.0 - # https://github.com/ansible/awx/blob/21.14.0/INSTALL.md + # - AWX Operator: 2.0.0 + # https://github.com/ansible/awx-operator/blob/2.0.0/README.md + # - AWX: 22.0.0 + # https://github.com/ansible/awx/blob/22.0.0/INSTALL.md admin_user: admin admin_password_secret: awx-admin-password @@ -27,6 +27,9 @@ spec: projects_persistence: true projects_existing_claim: awx-projects-claim + web_replicas: 1 + task_replicas: 1 + postgres_init_container_resource_requirements: {} postgres_resource_requirements: {} web_resource_requirements: {} @@ -35,3 +38,14 @@ spec: # Uncomment to reveal "censored" logs #no_log: false + + # A workaround to allow Manual type projects. This have to be removed in the next release + # https://github.com/ansible/awx-operator/issues/1323 + extra_volumes: | + - name: awx-projects + persistentVolumeClaim: + claimName: awx-projects-claim + + web_extra_volume_mounts: | + - name: awx-projects + mountPath: /var/lib/awx/projects diff --git a/restore/README.md b/restore/README.md index c8ccb16..629706f 100644 --- a/restore/README.md +++ b/restore/README.md @@ -100,7 +100,7 @@ $ kubectl -n awx logs -f deployments/awx-operator-controller-manager ... ----- Ansible Task Status Event StdOut (awx.ansible.com/v1beta1, Kind=AWX, awx/awx) ----- PLAY RECAP ********************************************************************* -localhost : ok=82 changed=0 unreachable=0 failed=0 skipped=76 rescued=0 ignored=1 +localhost : ok=85 changed=0 unreachable=0 failed=0 skipped=77 rescued=0 ignored=1 ``` This will create AWXRestore object in the namespace, and now your AWX is restored. diff --git a/tips/troubleshooting.md b/tips/troubleshooting.md index 4ac9c0e..05c49d5 100644 --- a/tips/troubleshooting.md +++ b/tips/troubleshooting.md @@ -43,9 +43,10 @@ If the Pods are working properly, its `STATUS` are `Running`. If your Pods are n ```bash $ kubectl -n awx get pod NAME READY STATUS RESTARTS AGE -awx-operator-controller-manager-68d787cfbd-j6k7z 2/2 Running 0 7m43s -awx-postgres-13-0 1/1 Running 0 4m6s -awx-84d5c45999-h7xm4 0/4 Pending 0 3m59s +awx-operator-controller-manager-57867569c4-ggl29 2/2 Running 0 8m20s +awx-postgres-13-0 1/1 Running 0 7m26s +awx-task-5d8cd9b6b9-8ptjt 0/4 Pending 0 6m55s +awx-web-66f89bc9cf-6zck5 0/3 Pending 0 6m9s ``` If you have the Pods which has the unexpected state instead of `Running`, the next step is checking `Events` for the Pod. The command to get `Events` for the pod is: @@ -57,7 +58,7 @@ kubectl -n awx describe pod By this command, you can get the `Events` for the Pod you specified at the end of the output. ```bash -$ kubectl -n awx describe pod awx-84d5c45999-h7xm4 +$ kubectl -n awx describe pod awx-task-5d8cd9b6b9-8ptjt ... Events: Type Reason Age From Message @@ -77,18 +78,18 @@ The commands to get the logs are following. `-f` is optional, useful to watch th ```bash # Get the logs of specific Pod. # If the Pod includes multiple containers, container name has to be specified. -kubectl -n awx logs -f -kubectl -n awx logs -f -c +kubectl -n awx logs -f +kubectl -n awx logs -f -c # Get the logs of specific Pod which is handled by Deployment resource. # If the Pod includes multiple containers, container name has to be specified. -kubectl -n awx logs -f deployment/ -kubectl -n awx logs -f deployment/ -c +kubectl -n awx logs -f deployment/ +kubectl -n awx logs -f deployment/ -c # Get the logs of specific Pod which is handled by StatefulSet resource # If the Pod includes multiple containers, container name has to be specified. -kubectl -n awx logs -f statefulset/ -kubectl -n awx logs -f statefulset/ -c +kubectl -n awx logs -f statefulset/ +kubectl -n awx logs -f statefulset/ -c ``` For AWX Operator and AWX, specifically, the following commands are helpful. @@ -96,13 +97,16 @@ For AWX Operator and AWX, specifically, the following commands are helpful. - Logs of AWX Operator - `kubectl -n awx logs -f deployment/awx-operator-controller-manager` - Logs of AWX related init containers - - `kubectl -n awx logs -f deployment/awx -c init` - - `kubectl -n awx logs -f deployment/awx -c init-projects` + - `kubectl -n awx logs -f deployment/awx-task -c init` + - `kubectl -n awx logs -f deployment/awx-task -c init-projects` - Logs of AWX related containers - - `kubectl -n awx logs -f deployment/awx -c awx-web` - - `kubectl -n awx logs -f deployment/awx -c awx-task` - - `kubectl -n awx logs -f deployment/awx -c awx-ee` - - `kubectl -n awx logs -f deployment/awx -c redis` + - `kubectl -n awx logs -f deployment/awx-web -c awx-web` + - `kubectl -n awx logs -f deployment/awx-web -c awx-rsyslog` + - `kubectl -n awx logs -f deployment/awx-web -c redis` + - `kubectl -n awx logs -f deployment/awx-task -c awx-task` + - `kubectl -n awx logs -f deployment/awx-task -c awx-ee` + - `kubectl -n awx logs -f deployment/awx-task -c awx-rsyslog` + - `kubectl -n awx logs -f deployment/awx-task -c redis` - Logs of PostgreSQL - `kubectl -n awx logs -f statefulset/awx-postgres-13` @@ -157,7 +161,7 @@ To solve this, you can simply wait until the limit is freed up, or [consider giv If your Pod is in `Pending` state and its `Events` shows following events, the reason is that the node does not have enough CPU and memory to start the Pod. By default AWX requires at least 2 CPUs and 4 GB RAM. In addition more resources are required to run K3s and the OS itself. ```bash -$ kubectl -n awx describe pod awx-84d5c45999-h7xm4 +$ kubectl -n awx describe pod awx-task-5d8cd9b6b9-8ptjt ... Events: Type Reason Age From Message @@ -182,7 +186,7 @@ Typical solutions are one of the following: ee_resource_requirements: {} 👈👈👈 ``` - - You can specify more specific value for each containers. Refer [official documentation](https://github.com/ansible/awx-operator/blob/1.4.0/README.md#containers-resource-requirements) for details. + - You can specify more specific value for each containers. Refer [official documentation](https://github.com/ansible/awx-operator/blob/2.0.0/README.md#containers-resource-requirements) for details. - In this way you can run AWX with fewer resources, but you may encounter performance issues. ### The Pod is `Pending` with "1 pod has unbound immediate PersistentVolumeClaims." event @@ -190,7 +194,7 @@ Typical solutions are one of the following: If your Pod is in `Pending` state and its `Events` shows following events, the reason is that no usable Persistent Volumes are available. ```bash -$ kubectl -n awx describe pod awx-84d5c45999-h7xm4 +$ kubectl -n awx describe pod awx-task-5d8cd9b6b9-8ptjt ... Events: Type Reason Age From Message @@ -240,7 +244,7 @@ To solve this, typical solutions are one of the following: Sometimes your AWX pod is `Running` state correctly but not functional at all, and its log shows following message repeatedly. ```bash -kubectl -n awx logs -f deployment/awx -c awx-web +kubectl -n awx logs -f deployment/awx-web -c awx-web [wait-for-migrations] Waiting for database migrations... [wait-for-migrations] Attempt 1 of 30 [wait-for-migrations] Waiting 0.5 seconds before next attempt @@ -277,9 +281,10 @@ In this situation, your Pod for PostgreSQL is in `CrashLoopBackOff` state and it ```bash $ kubectl -n awx get pod NAME READY STATUS RESTARTS AGE -awx-operator-controller-manager-68d787cfbd-j6k7z 2/2 Running 0 7m43s -awx-postgres-13-0 1/1 CrashLoopBackOff 3 4m6s -awx-84d5c45999-h7xm4 4/4 Running 0 3m59s +awx-operator-controller-manager-57867569c4-ggl29 2/2 Running 0 8m20s +awx-postgres-13-0 1/1 CrashLoopBackOff 5 7m26s +awx-task-5d8cd9b6b9-8ptjt 0/4 Running 0 6m55s +awx-web-66f89bc9cf-6zck5 0/3 Running 0 6m9s $ kubectl -n awx logs statefulset/awx-postgres mkdir: cannot create directory '/var/lib/postgresql/data': Permission denied diff --git a/tips/trust-custom-ca.md b/tips/trust-custom-ca.md index 17d036b..7f45aba 100644 --- a/tips/trust-custom-ca.md +++ b/tips/trust-custom-ca.md @@ -27,7 +27,7 @@ Trusting custom Certificate Authority can be achieved by following steps: There are two kinds of certificate, one is used to trust LDAP server, and the other is used as the CA bundle. -| Fields in the specification for AWX | Keys in Secret | Containers in AWX pod that the certificate will be mounted | Paths that the certificate will be mounted as | +| Fields in the specification for AWX | Keys in Secret | Containers that the certificate will be mounted | Paths that the certificate will be mounted as | |-|-|-|-| | `ldap_cacert_secret` | `ldap-ca.crt` | `awx-web` | `/etc/openldap/certs/ldap-ca.crt` | | `bundle_cacert_secret` | `bundle-ca.crt` | `awx-web`, `awx-task`, and `awx-ee` | `/etc/pki/ca-trust/source/anchors/bundle-ca.crt` | @@ -131,7 +131,7 @@ If you have problem with SSL connection such as LDAPS, you can verify your certi ```bash # Open Bash shell of the "awx-web" container -$ kubectl -n awx exec -it deployment/awx -c awx-web -- bash +$ kubectl -n awx exec -it deployment/awx-web -c awx-web -- bash bash-5.1$ ``` diff --git a/tips/version-mapping.md b/tips/version-mapping.md index 4c61b42..27feaea 100644 --- a/tips/version-mapping.md +++ b/tips/version-mapping.md @@ -10,6 +10,7 @@ The table below maps the AWX Operator versions and bundled AWX versions. | AWX Operator | AWX | | - | - | +| 2.0.0 | 22.0.0 | | 1.4.0 | 21.14.0 | | 1.3.0 | 21.13.0 | | 1.2.0 | 21.12.0 |