expand/awx-on-k3s
1
0
Fork 0
mirror of https://github.com/Expand-sys/awx-on-k3s synced 2025-12-16 05:52:15 +11:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #254 from kurokobo/eda-0.0.6

Browse source 
feat: bump eda server operator version to 0.0.6
This commit is contained in:
kurokobo 2023-09-27 00:14:49 +09:00 committed by GitHub
commit b83e23a260
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 103 additions and 103 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

178
rulebooks/README.md
View file

@ -1,11 +1,11 @@
<!-- omit in toc -->
# [Experimental] Integrate AWX with EDA Controller
# [Experimental] Integrate AWX with EDA Server
The guide to deploy and use Event Driven Ansible Controller (EDA Controller) with AWX on K3s.
The guide to deploy and use EDA Server with AWX on K3s.
In this guide, [EDA Controller Operator](https://github.com/ansible/eda-server-operator) is used to deploy EDA Controller.
In this guide, [EDA Server Operator](https://github.com/ansible/eda-server-operator) is used to deploy EDA Server.
**Note that [EDA Controller Operator](https://github.com/ansible/eda-server-operator) is not a fully supported installation method for EDA Controller since it's not listed in [the deployment guide](https://github.com/ansible/eda-server/blob/main/docs/deployment.md).**
**Note that [EDA Server Operator](https://github.com/ansible/eda-server-operator) is not a fully supported installation method for EDA Server since it's not listed in [the deployment guide](https://github.com/ansible/eda-server/blob/main/docs/deployment.md).**
- [Ansible Blog | Ansible.com | Event-Driven Ansible](https://www.ansible.com/blog)
- [Welcome to Ansible Rulebook documentation — Ansible Rulebook Documentation](https://ansible.readthedocs.io/projects/rulebook/en/latest/)
@ -17,14 +17,14 @@ In this guide, [EDA Controller Operator](https://github.com/ansible/eda-server-o
- [Prerequisites](#prerequisites)
- [Deployment Instruction](#deployment-instruction)
- [Install EDA Controller Operator](#install-eda-controller-operator)
- [Prepare required files to deploy EDA Controller](#prepare-required-files-to-deploy-eda-controller)
- [Deploy EDA Controller](#deploy-eda-controller)
- [Demo: Use EDA Controller](#demo-use-eda-controller)
- [Configure EDA Controller](#configure-eda-controller)
- [Issue new token for AWX and add it on EDA Controller](#issue-new-token-for-awx-and-add-it-on-eda-controller)
- [Add Decision Environment on EDA Controller](#add-decision-environment-on-eda-controller)
- [Add Project on EDA Controller](#add-project-on-eda-controller)
- [Install EDA Server Operator](#install-eda-server-operator)
- [Prepare required files to deploy EDA Server](#prepare-required-files-to-deploy-eda-server)
- [Deploy EDA Server](#deploy-eda-server)
- [Demo: Use EDA Server](#demo-use-eda-server)
- [Configure EDA Server](#configure-eda-server)
- [Issue new token for AWX and add it on EDA Server](#issue-new-token-for-awx-and-add-it-on-eda-server)
- [Add Decision Environment on EDA Server](#add-decision-environment-on-eda-server)
- [Add Project on EDA Server](#add-project-on-eda-server)
- [Activate Rulebook](#activate-rulebook)
- [Deploy Ingress resource for the webhook](#deploy-ingress-resource-for-the-webhook)
- [Trigger Rule using Webhook](#trigger-rule-using-webhook)
@ -32,11 +32,11 @@ In this guide, [EDA Controller Operator](https://github.com/ansible/eda-server-o
## Prerequisites
EDA Controller is designed to use with AWX, so we have to have working AWX instance. Refer to [the main guide on this repository](../README.md) to deploy AWX on K3s.
EDA Server is designed to use with AWX, so we have to have working AWX instance. Refer to [the main guide on this repository](../README.md) to deploy AWX on K3s.
## Deployment Instruction
### Install EDA Controller Operator
### Install EDA Server Operator
Clone this repository and change directory.
@ -46,13 +46,13 @@ git clone https://github.com/kurokobo/awx-on-k3s.git
cd awx-on-k3s
```
Then invoke `kubectl apply -k rulebooks/operator` to deploy EDA Controller Operator.
Then invoke `kubectl apply -k rulebooks/operator` to deploy EDA Server Operator.
```bash
kubectl apply -k rulebooks/operator
```
The EDA Controller Operator will be deployed to the namespace `eda`.
The EDA Server Operator will be deployed to the namespace `eda`.
```bash
$ kubectl -n eda get all
@ -69,16 +69,16 @@ NAME DESIRED CU
replicaset.apps/eda-server-operator-controller-manager-7bf7578d44 1 1 1 12s
```
### Prepare required files to deploy EDA Controller
### Prepare required files to deploy EDA Server
Generate a Self-Signed certificate for the Web UI and API for EDA Controller. Note that IP address can't be specified.
Generate a Self-Signed certificate for the Web UI and API for EDA Server. Note that IP address can't be specified.
```bash
EDA_HOST="eda.example.com"
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -out ./rulebooks/controller/tls.crt -keyout ./rulebooks/controller/tls.key -subj "/CN=${EDA_HOST}/O=${EDA_HOST}" -addext "subjectAltName = DNS:${EDA_HOST}"
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -out ./rulebooks/server/tls.crt -keyout ./rulebooks/server/tls.key -subj "/CN=${EDA_HOST}/O=${EDA_HOST}" -addext "subjectAltName = DNS:${EDA_HOST}"
```
Modify `hostname` and `automation_server_url` in `rulebooks/controller/eda.yaml`. Note `hostname` is the hostname for your EDA Controller instance, and `automation_server_url` is the URL for your AWX instance that accessible from EDA Controller.
Modify `hostname` and `automation_server_url` in `rulebooks/server/eda.yaml`. Note `hostname` is the hostname for your EDA Server instance, and `automation_server_url` is the URL for your AWX instance that accessible from EDA Server.
```yaml
...
@ -93,7 +93,7 @@ spec:
...
```
Modify two `password`s in `rulebooks/controller/kustomization.yaml`.
Modify two `password`s in `rulebooks/server/kustomization.yaml`.
```yaml
...
@ -114,7 +114,6 @@ Modify two `password`s in `rulebooks/controller/kustomization.yaml`.
...
```
<!--
Prepare directories for Persistent Volumes defined in `base/pv.yaml`. This directory will be used to store your database.
```bash
@ -122,14 +121,13 @@ sudo mkdir -p /data/eda/postgres-13/data
sudo chmod 755 /data/eda/postgres-13/data
sudo chown 26:0 /data/eda/postgres-13/data
```
-->
### Deploy EDA Controller
### Deploy EDA Server
Deploy EDA Controller, this takes few minutes to complete.
Deploy EDA Server, this takes few minutes to complete.
```bash
kubectl apply -k rulebooks/controller
kubectl apply -k rulebooks/server
```
To monitor the progress of the deployment, check the logs of `deployment/eda-server-operator-controller-manager`:
@ -145,7 +143,7 @@ $ kubectl -n eda logs -f deployment/eda-server-operator-controller-manager
...
----- Ansible Task Status Event StdOut (eda.ansible.com/v1alpha1, Kind=EDA, eda/eda) -----
PLAY RECAP *********************************************************************
localhost : ok=54 changed=0 unreachable=0 failed=0 skipped=16 rescued=0 ignored=0
localhost : ok=53 changed=0 unreachable=0 failed=0 skipped=17 rescued=0 ignored=0
```
Required objects has been deployed next to AWX Operator in `awx` namespace.
@ -153,63 +151,73 @@ Required objects has been deployed next to AWX Operator in `awx` namespace.
```bash
$ kubectl -n eda get eda,all,ingress,configmap,secret
NAME AGE
eda.eda.ansible.com/eda 3m50s
eda.eda.ansible.com/eda 4m2s
NAME READY STATUS RESTARTS AGE
pod/eda-server-operator-controller-manager-7bf7578d44-2wm69 2/2 Running 0 6m29s
pod/eda-redis-7d78cdf7d5-z87kk 1/1 Running 0 3m34s
pod/eda-postgres-13-0 1/1 Running 0 3m25s
pod/eda-ui-647b989ccb-stqkp 1/1 Running 0 2m36s
pod/eda-worker-fd594c44-96d9p 1/1 Running 0 2m32s
pod/eda-api-5c467d6c48-88m8z 2/2 Running 0 2m39s
pod/eda-server-operator-controller-manager-6ff679b85d-djcrt 2/2 Running 0 5m6s
pod/eda-redis-7d78cdf7d5-f4nsz 1/1 Running 0 3m47s
pod/eda-postgres-13-0 1/1 Running 0 3m38s
pod/eda-ui-69569559b8-k4rdq 1/1 Running 0 2m50s
pod/eda-default-worker-5cd8664bcd-zv2v8 1/1 Running 0 2m46s
pod/eda-default-worker-5cd8664bcd-7bvc6 1/1 Running 0 2m46s
pod/eda-activation-worker-65bbc877fd-g6nj4 1/1 Running 0 2m43s
pod/eda-activation-worker-65bbc877fd-6c7lm 1/1 Running 0 2m43s
pod/eda-activation-worker-65bbc877fd-wbp92 1/1 Running 0 2m43s
pod/eda-scheduler-bbf6554f4-v6x5s 1/1 Running 0 2m40s
pod/eda-api-798787c5bf-pp82t 2/2 Running 0 2m53s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/eda-server-operator-controller-manager-metrics-service ClusterIP 10.43.133.61 <none> 8443/TCP 6m29s
service/eda-redis-svc ClusterIP 10.43.144.67 <none> 6379/TCP 3m36s
service/eda-postgres-13 ClusterIP None <none> 5432/TCP 3m27s
service/eda-api ClusterIP 10.43.89.128 <none> 8000/TCP 2m41s
service/eda-daphne ClusterIP 10.43.12.68 <none> 8001/TCP 2m41s
service/eda-ui ClusterIP 10.43.136.60 <none> 80/TCP 2m38s
service/eda-worker ClusterIP 10.43.201.230 <none> 8080/TCP 2m33s
service/eda-server-operator-controller-manager-metrics-service ClusterIP 10.43.22.48 <none> 8443/TCP 5m6s
service/eda-redis-svc ClusterIP 10.43.2.121 <none> 6379/TCP 3m49s
service/eda-postgres-13 ClusterIP None <none> 5432/TCP 3m40s
service/eda-api ClusterIP 10.43.57.93 <none> 8000/TCP 2m55s
service/eda-daphne ClusterIP 10.43.249.197 <none> 8001/TCP 2m55s
service/eda-ui ClusterIP 10.43.250.22 <none> 80/TCP 2m51s
service/eda-default-worker ClusterIP 10.43.66.37 <none> 8080/TCP 2m47s
service/eda-activation-worker ClusterIP 10.43.221.86 <none> 8080/TCP 2m45s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/eda-server-operator-controller-manager 1/1 1 1 6m29s
deployment.apps/eda-redis 1/1 1 1 3m34s
deployment.apps/eda-ui 1/1 1 1 2m36s
deployment.apps/eda-worker 1/1 1 1 2m32s
deployment.apps/eda-api 1/1 1 1 2m39s
deployment.apps/eda-server-operator-controller-manager 1/1 1 1 5m6s
deployment.apps/eda-redis 1/1 1 1 3m47s
deployment.apps/eda-ui 1/1 1 1 2m50s
deployment.apps/eda-default-worker 2/2 2 2 2m46s
deployment.apps/eda-activation-worker 3/3 3 3 2m43s
deployment.apps/eda-scheduler 1/1 1 1 2m40s
deployment.apps/eda-api 1/1 1 1 2m53s
NAME DESIRED CURRENT READY AGE
replicaset.apps/eda-server-operator-controller-manager-7bf7578d44 1 1 1 6m29s
replicaset.apps/eda-redis-7d78cdf7d5 1 1 1 3m34s
replicaset.apps/eda-ui-647b989ccb 1 1 1 2m36s
replicaset.apps/eda-worker-fd594c44 1 1 1 2m32s
replicaset.apps/eda-api-5c467d6c48 1 1 1 2m39s
replicaset.apps/eda-server-operator-controller-manager-6ff679b85d 1 1 1 5m6s
replicaset.apps/eda-redis-7d78cdf7d5 1 1 1 3m47s
replicaset.apps/eda-ui-69569559b8 1 1 1 2m50s
replicaset.apps/eda-default-worker-5cd8664bcd 2 2 2 2m46s
replicaset.apps/eda-activation-worker-65bbc877fd 3 3 3 2m43s
replicaset.apps/eda-scheduler-bbf6554f4 1 1 1 2m40s
replicaset.apps/eda-api-798787c5bf 1 1 1 2m53s
NAME READY AGE
statefulset.apps/eda-postgres-13 1/1 3m25s
statefulset.apps/eda-postgres-13 1/1 3m38s
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress.networking.k8s.io/eda-ingress traefik eda.example.com 192.168.0.219 80, 443 2m35s
ingress.networking.k8s.io/eda-ingress traefik eda.example.com 192.168.0.219 80, 443 2m49s
NAME DATA AGE
configmap/kube-root-ca.crt 1 6m29s
configmap/eda-eda-configmap 2 2m43s
configmap/eda-server-operator 0 6m28s
NAME DATA AGE
configmap/kube-root-ca.crt 1 5m7s
configmap/eda-eda-env-properties 9 2m56s
configmap/eda-server-operator 0 5m5s
NAME TYPE DATA AGE
secret/redhat-operators-pull-secret Opaque 1 6m29s
secret/eda-admin-password Opaque 1 3m50s
secret/eda-database-configuration Opaque 6 3m50s
secret/eda-secret-tls kubernetes.io/tls 2 3m50s
secret/eda-db-fields-encryption-secret Opaque 1 2m51s
secret/redhat-operators-pull-secret Opaque 1 5m6s
secret/eda-admin-password Opaque 1 4m2s
secret/eda-database-configuration Opaque 6 4m2s
secret/eda-secret-tls kubernetes.io/tls 2 4m2s
secret/eda-db-fields-encryption-secret Opaque 1 3m4s
```
Now your EDA Controller is available at `https://eda.example.com/` or the hostname you specified.
Now your EDA Server is available at `https://eda.example.com/` or the hostname you specified.
## Demo: Use EDA Controller
## Demo: Use EDA Server
Here is a demo of configuring a webhook on the EDA Controller side, and triggering a Job Template on AWX by posting payload that contains a specific `message` to the webhook.
Here is a demo of configuring a webhook on the EDA Server side, and triggering a Job Template on AWX by posting payload that contains a specific `message` to the webhook.
In this demo, following example Rulebook is used. Review the Rulebook.
@ -223,19 +231,19 @@ In addition to the webhook demo, a quick demo to use MQTT as a source is also pr
- As a source of the Ruleset, subscribing MQTT topic on the MQTT broker is defined. Actual connection information for MQTT can be defined by Rulebook Variables.
- This Ruleset has a rule that if the received data contains `message` field with the body `Hello EDA`, trigger `Demo Job Template` in `Default` organization on AWX.
### Configure EDA Controller
### Configure EDA Server
In order to the webhook to be ready to receive messages, the following tasks need to be done.
- Issue new token for AWX and add it on EDA Controller
- Add Decision Environment on EDA Controller
- Add Project on EDA Controller
- Issue new token for AWX and add it on EDA Server
- Add Decision Environment on EDA Server
- Add Project on EDA Server
- Activate Rulebook
- Deploy Ingress resource for the webhook
#### Issue new token for AWX and add it on EDA Controller
#### Issue new token for AWX and add it on EDA Server
EDA Controller uses a token to access AWX. This token has to be issued by AWX and registered on EDA Controller.
EDA Server uses a token to access AWX. This token has to be issued by AWX and registered on EDA Server.
To issue new token by AWX, in the Web UI for AWX, open `User Details` page (accessible by user icon at the upper right corner), follow to the `Tokens` tab, and then click `Add` button. Specify `Write` as `Scope` and click `Save`, then keep the issued token in the safe place.
@ -246,7 +254,7 @@ $ kubectl -n awx exec deployment/awx-task -- awx-manage create_oauth2_token --us
4sIZrWXi**************8xChmahb
```
To register the token on EDA Controller, in the Web UI for EDA Controller, open `User details` page (accessible by user icon at the upper right corner), follow to the `Controller Tokens` tab, and then click `Create controller token` button.
To register the token on EDA Server, in the Web UI for EDA Server, open `User details` page (accessible by user icon at the upper right corner), follow to the `Controller Tokens` tab, and then click `Create controller token` button.
Fill the form as follows, then click `Create controller token` button on the bottom of the page:
@ -255,13 +263,13 @@ Fill the form as follows, then click `Create controller token` button on the bot
| Name | `awx.example.com` |
| Token | `<YOUR_TOKEN>` |
#### Add Decision Environment on EDA Controller
#### Add Decision Environment on EDA Server
Decision Environment (DE) is an environment for running Ansible Rulebook (`ansible-rulebook`) by the EDA Controller, like Execution Environment (EE) for running Ansible Runner (`ansible-runner`) by the AWX.
Decision Environment (DE) is an environment for running Ansible Rulebook (`ansible-rulebook`) by the EDA Server, like Execution Environment (EE) for running Ansible Runner (`ansible-runner`) by the AWX.
There is no default DE on EDA Controller, so we have to register new one.
There is no default DE on EDA Server, so we have to register new one.
Open `Decision Environments` under `Resources` on Web UI for EDA Controller, then click `Create decision environment` button.
Open `Decision Environments` under `Resources` on Web UI for EDA Server, then click `Create decision environment` button.
Fill the form as follows, then click `Create decision environment` button on the bottom of the page:
@ -270,13 +278,13 @@ Fill the form as follows, then click `Create decision environment` button on the
| Name | `Minimal DE` |
| Image | `quay.io/ansible/ansible-rulebook:latest` |
#### Add Project on EDA Controller
#### Add Project on EDA Server
To run Ansible Rulebook by EDA Controller, the repository on SCM that contains Rulebooks have to be registered as Project on EDA Controller.
To run Ansible Rulebook by EDA Server, the repository on SCM that contains Rulebooks have to be registered as Project on EDA Server.
This repository contains some example Rulebooks under [rulebooks](./) directory, so we can register this repository as Project.
Open `Projects` under `Resources` on Web UI for EDA Controller, then click `Create project` button.
Open `Projects` under `Resources` on Web UI for EDA Server, then click `Create project` button.
Fill the form as follows, then click `Create project` button on the bottom of the page:
@ -289,9 +297,9 @@ Refresh the page and wait for the `Status` for the project to be `Completed`.
#### Activate Rulebook
To run Ansible Rulebook by EDA Controller, activate the Rulebook.
To run Ansible Rulebook by EDA Server, activate the Rulebook.
Open `Rulebook Activations` under `Views` on Web UI for EDA Controller, then click `Create rulebook activation` button.
Open `Rulebook Activations` under `Views` on Web UI for EDA Server, then click `Create rulebook activation` button.
Fill the form as follows, then click `Create rulebook activation` button on the bottom of the page:
@ -324,7 +332,7 @@ NAME READY STATUS RESTARTS AGE
activation-job-1-h9kjt 1/1 Running 0 11m
```
The new Service is also created by EDA Controller. This service provides the endpoint for the webhook.
The new Service is also created by EDA Server. This service provides the endpoint for the webhook.
```bash
$ kubectl -n eda get service -l job-name=${JOB_NAME}
@ -334,11 +342,11 @@ activation-job-1-5000 ClusterIP 10.43.221.234 <none> 5000/TCP 11m
#### Deploy Ingress resource for the webhook
To make the webhook externally accessible, we have to expose the Service that created by EDA Controller.
To make the webhook externally accessible, we have to expose the Service that created by EDA Server.
To achieve this, in this example, we create new Ingress.
Modify `hosts`, `host`, and `name` under `service` in `rulebooks/webhook/ingress.yaml`. Here, the same hostname as the EDA Controller are specified so that the endpoint for webhook can be accessed under the same URL as the EDA Controller. Note that the `name` of the `service` has to be the name of the Service that created by EDA Controller, as reviewed above.
Modify `hosts`, `host`, and `name` under `service` in `rulebooks/webhook/ingress.yaml`. Here, the same hostname as the EDA Server are specified so that the endpoint for webhook can be accessed under the same URL as the EDA Server. Note that the `name` of the `service` has to be the name of the Service that created by EDA Server, as reviewed above.
```yaml
...
@ -396,7 +404,7 @@ $ curl -k \
https://eda.example.com/webhooks/demo
```
Review `Rule Audit` page under `Views` on the Web UI for EDA Controller, and `Jobs` page under `Views` on the Web UI for AWX.
Review `Rule Audit` page under `Views` on the Web UI for EDA Server, and `Jobs` page under `Views` on the Web UI for AWX.
### Appendix: Use MQTT as a source

4
rulebooks/operator/kustomization.yaml
View file

@ -12,8 +12,8 @@ secretGenerator:
- operator=eda
resources:
- github.com/ansible/eda-server-operator/config/default?ref=0.0.5
- github.com/ansible/eda-server-operator/config/default?ref=0.0.6
images:
- name: quay.io/ansible/eda-server-operator
newTag: 0.0.5
newTag: 0.0.6

21
rulebooks/controller/eda.yaml → rulebooks/server/eda.yaml
View file

@ -14,18 +14,8 @@ spec:
automation_server_url: https://awx.example.com/
automation_server_ssl_verify: no
# https://github.com/ansible/eda-server-operator/issues/111
image: quay.io/ansible/eda-server
image_version: sha-a6e4d66
# https://github.com/ansible/eda-server-operator/issues/123
image_web: quay.io/ansible/eda-ui
image_web_version: "2.4.306"
# https://github.com/ansible/eda-server-operator/issues/112
#extra_settings:
# - setting: GIT_SSL_NO_VERIFY
# value: "true"
image_web_version: "2.4.454"
api:
replicas: 1
@ -35,18 +25,21 @@ spec:
replicas: 1
resource_requirements:
requests: {}
worker:
default_worker:
replicas: 2
resource_requirements:
requests: {}
activation_worker:
replicas: 3
resource_requirements:
requests: {}
redis:
replicas: 1
resource_requirements:
requests: {}
database:
database_secret: eda-database-configuration
# https://github.com/ansible/eda-server-operator/issues/113
#postgres_storage_class: eda-postgres-volume
postgres_storage_class: eda-postgres-volume
storage_requirements:
requests:
storage: 8Gi

3
rulebooks/controller/kustomization.yaml → rulebooks/server/kustomization.yaml
View file

@ -37,6 +37,5 @@ secretGenerator:
# - secret_key=MySuperSecureDBFieldsEncryptionKey123!
resources:
# https://github.com/ansible/eda-server-operator/issues/113
# - pv.yaml
- pv.yaml
- eda.yaml

0
rulebooks/controller/pv.yaml → rulebooks/server/pv.yaml
View file