From b861af592359932c29085d6ae7ab007ceed3c107 Mon Sep 17 00:00:00 2001 From: kurokobo <2920259+kurokobo@users.noreply.github.com> Date: Mon, 4 Oct 2021 11:20:50 -0400 Subject: [PATCH] feat: bump operator version to 0.14.0 --- README.md | 138 +++++++++++++++++++++------------- base/awx.yaml | 8 +- builder/README.md | 1 + containergroup/README.md | 8 +- galaxy/README.md | 2 +- git/README.md | 2 + runner/README.md | 1 + tips/README.md | 1 + tips/deploy-older-operator.md | 46 ++++++++++++ tips/https-redirection.md | 20 ++--- 10 files changed, 158 insertions(+), 69 deletions(-) create mode 100644 tips/deploy-older-operator.md diff --git a/README.md b/README.md index 6e2a111..acb0f6f 100644 --- a/README.md +++ b/README.md @@ -33,15 +33,15 @@ An example implementation of AWX on single node K3s using AWX Operator, with eas - Tested on: - CentOS 8 (Minimal) - Products that will be deployed: - - AWX Operator 0.13.0 - - AWX 19.3.0 + - AWX Operator 0.14.0 + - AWX 19.4.0 - PostgreSQL 12 ## References - [K3s - Lightweight Kubernetes](https://rancher.com/docs/k3s/latest/en/) -- [INSTALL.md on ansible/awx](https://github.com/ansible/awx/blob/19.3.0/INSTALL.md) @19.3.0 -- [README.md on ansible/awx-operator](https://github.com/ansible/awx-operator/blob/0.13.0/README.md) @0.13.0 +- [INSTALL.md on ansible/awx](https://github.com/ansible/awx/blob/19.4.0/INSTALL.md) @19.4.0 +- [README.md on ansible/awx-operator](https://github.com/ansible/awx-operator/blob/0.14.0/README.md) @0.14.0 ## Procedure @@ -53,6 +53,12 @@ Disable Firewalld. This is [recommended by K3s](https://rancher.com/docs/k3s/lat sudo systemctl disable firewalld --now ``` +Install required packages to deploy AWX Operator and AWX. + +```bash +sudo dnf install -y git make +``` + ### Install K3s Install K3s with `--write-kubeconfig-mode 644` to make config file (`/etc/rancher/k3s/k3s.yaml`) readable by non-root user. @@ -63,14 +69,37 @@ curl -sfL https://get.k3s.io | sh -s - --write-kubeconfig-mode 644 ### Install AWX Operator -Install specified version of AWX Operator. - -> **⚠️ NOTE ⚠️** -> An issue has been reported ([ansible/awx#10883](https://github.com/ansible/awx/issues/10883)) about LDAP authentication in AWX `19.3.0` which is mapped to AWX Operator `0.13.0`. -> Use `0.12.0` (or a future release version with the problem fixed) instead of `0.13.0` if you plan to use LDAP authentication. +Install specified version of AWX Operator. Note that this procedure is applicable only for AWX Operator `0.14.0` or later. If you want to deploy `0.13.0` or earlier version of AWX Operator, refer [📝Tips: Deploy older version of AWX Operator](tips/deploy-older-operator.md) ```bash -kubectl apply -f https://raw.githubusercontent.com/ansible/awx-operator/0.13.0/deploy/awx-operator.yaml +cd ~ +git clone https://github.com/ansible/awx-operator.git +cd awx-operator +git checkout 0.14.0 +``` + +Export the name of the namespace where you want to deploy AWX Operator as the environment variable `NAMESPACE` and run `make deploy`. The default namespace is `awx`. + +```bash +export NAMESPACE=awx +make deploy +``` + +The AWX Operator will be deployed to the namespace you specified. + +```bash +$ kubectl -n awx get all +NAME READY STATUS RESTARTS AGE +pod/awx-operator-controller-manager-68d787cfbd-kjfg7 2/2 Running 0 16s + +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +service/awx-operator-controller-manager-metrics-service ClusterIP 10.43.150.245 8443/TCP 16s + +NAME READY UP-TO-DATE AVAILABLE AGE +deployment.apps/awx-operator-controller-manager 1/1 1 1 16s + +NAME DESIRED CURRENT READY AGE +replicaset.apps/awx-operator-controller-manager-68d787cfbd 1 1 1 16s ``` ### Prepare required files @@ -78,6 +107,7 @@ kubectl apply -f https://raw.githubusercontent.com/ansible/awx-operator/0.13.0/d Clone this repository and change directory. ```bash +cd ~ git clone https://github.com/kurokobo/awx-on-k3s.git cd awx-on-k3s ``` @@ -137,58 +167,63 @@ Deploy AWX, this takes few minutes to complete. kubectl apply -k base ``` -Once this completed, the logs of `deployment/awx-operator` end with: +Once this completed, the logs of `deployments/awx-operator-controller-manager` end with: ```txt -$ kubectl logs -f deployment/awx-operator +$ kubectl -n awx logs -f deployments/awx-operator-controller-manager -c manager ... ---------------------------- Ansible Task Status Event StdOut ----------------- +----- Ansible Task Status Event StdOut (awx.ansible.com/v1beta1, Kind=AWX, awx/awx) ----- PLAY RECAP ********************************************************************* -localhost : ok=54 changed=0 unreachable=0 failed=0 skipped=37 rescued=0 ignored=0 -------------------------------------------------------------------------------- +localhost : ok=54 changed=0 unreachable=0 failed=0 skipped=37 rescued=0 ignored=0 +---------- ``` -Required objects has been deployed in `awx` namespace. +Required objects has been deployed next to AWX Operator in `awx` namespace. ```bash $ kubectl -n awx get awx,all,ingress,secrets NAME AGE -awx.awx.ansible.com/awx 4m19s +awx.awx.ansible.com/awx 4m17s -NAME READY STATUS RESTARTS AGE -pod/awx-postgres-0 1/1 Running 0 4m27s -pod/awx-59ff55b5b-qdk9p 4/4 Running 0 4m19s +NAME READY STATUS RESTARTS AGE +pod/awx-operator-controller-manager-68d787cfbd-j6k7z 2/2 Running 0 7m43s +pod/awx-postgres-0 1/1 Running 0 4m6s +pod/awx-84d5c45999-h7xm4 4/4 Running 0 3m59s -NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE -service/awx-postgres ClusterIP None 5432/TCP 4m27s -service/awx-service ClusterIP 10.43.209.222 80/TCP 4m21s +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +service/awx-operator-controller-manager-metrics-service ClusterIP 10.43.134.67 8443/TCP 7m43s +service/awx-postgres ClusterIP None 5432/TCP 4m6s +service/awx-service ClusterIP 10.43.232.137 80/TCP 4m -NAME READY UP-TO-DATE AVAILABLE AGE -deployment.apps/awx 1/1 1 1 4m19s +NAME READY UP-TO-DATE AVAILABLE AGE +deployment.apps/awx-operator-controller-manager 1/1 1 1 7m43s +deployment.apps/awx 1/1 1 1 3m59s -NAME DESIRED CURRENT READY AGE -replicaset.apps/awx-59ff55b5b 1 1 1 4m19s +NAME DESIRED CURRENT READY AGE +replicaset.apps/awx-operator-controller-manager-68d787cfbd 1 1 1 7m43s +replicaset.apps/awx-84d5c45999 1 1 1 3m59s NAME READY AGE -statefulset.apps/awx-postgres 1/1 7m27s +statefulset.apps/awx-postgres 1/1 4m6s NAME CLASS HOSTS ADDRESS PORTS AGE -ingress.networking.k8s.io/awx-ingress awx.example.com 192.168.0.100 80, 443 4m20s +ingress.networking.k8s.io/awx-ingress awx.example.com 192.168.0.100 80, 443 4m -NAME TYPE DATA AGE -secret/default-token-lxj9h kubernetes.io/service-account-token 3 5m36s -secret/awx-admin-password Opaque 1 4m45s -secret/awx-broadcast-websocket Opaque 1 4m45s -secret/awx-secret-tls kubernetes.io/tls 2 4m45s -secret/awx-postgres-configuration Opaque 6 4m45s -secret/awx-secret-key Opaque 1 4m45s -secret/awx-app-credentials Opaque 3 4m23s -secret/awx-token-6s7rj kubernetes.io/service-account-token 3 4m22s +NAME TYPE DATA AGE +secret/default-token-6tp55 kubernetes.io/service-account-token 3 7m43s +secret/awx-operator-controller-manager-token-sz6wq kubernetes.io/service-account-token 3 7m43s +secret/awx-admin-password Opaque 1 4m17s +secret/awx-postgres-configuration Opaque 6 4m17s +secret/awx-secret-tls kubernetes.io/tls 2 4m17s +secret/awx-app-credentials Opaque 3 4m2s +secret/awx-token-jfndh kubernetes.io/service-account-token 3 4m2s +secret/awx-secret-key Opaque 1 4m13s +secret/awx-broadcast-websocket Opaque 1 4m9s ``` Now your AWX is available at `https://awx.example.com/` or the hostname you specified. -At this point, however, AWX can be accessed via HTTP as well as HTTPS. If you want to redirect HTTP to HTTPS, see [the additional tips](tips/https-redirection.md). +At this point, however, AWX can be accessed via HTTP as well as HTTPS. If you want to redirect HTTP to HTTPS, see [📝Tips: Redirect HTTP to HTTPS](tips/https-redirection.md). ## Backing up and Restoring using AWX Operator @@ -229,14 +264,14 @@ Then invoke backup by applying this manifest file. kubectl apply -f backup/awxbackup.yaml ``` -Once this completed, the logs of `deployment/awx-operator` end with: +Once this completed, the logs of `deployments/awx-operator-controller-manager` end with: ```txt -$ kubectl logs -f deployment/awx-operator ---------------------------- Ansible Task Status Event StdOut ----------------- +$ kubectl -n awx logs -f deployments/awx-operator-controller-manager -c manager +----- Ansible Task Status Event StdOut (awx.ansible.com/v1beta1, Kind=AWXBackup, awxbackup-2021-06-06/awx) ----- PLAY RECAP ********************************************************************* -localhost : ok=4 changed=0 unreachable=0 failed=0 skipped=7 rescued=0 ignored=0 -------------------------------------------------------------------------------- +localhost : ok=3 changed=0 unreachable=0 failed=0 skipped=7 rescued=0 ignored=0 +---------- ``` This will create AWXBackup object in the namespace and also create backup files in the Persistent Volume. In this example those files are available at `/data/backup`. @@ -259,7 +294,7 @@ total 736 -rw-------. 1 systemd-coredump root 745302 Jun 6 06:51 tower.db ``` -Note that if you are using AWX Operator `0.12.0` or earlier, the contents of the Secret that passed through `ingress_tls_secret` parameter will not be included in this backup files. If necessary, get a dump of this Secret, or keep original certificate file and key file. In `0.13.0` or later, this secret is included in the backup file. +Note that if you are using AWX Operator `0.12.0` or earlier, the contents of the Secret that passed through `ingress_tls_secret` parameter will not be included in this backup files. If necessary, get a dump of this Secret, or keep original certificate file and key file. In `0.13.0` or later, this secret is included in the backup file therefore you can ignore this step. ```bash kubectl get secret awx-secret-tls -n awx -o yaml > awx-secret-tls.yaml @@ -269,7 +304,7 @@ kubectl get secret awx-secret-tls -n awx -o yaml > awx-secret-tls.yaml To perfom restoration, you need to have AWX Operator running on Kubernetes. If you are planning to restore to a new environment, first prepare Kubernetes and AWX Operator by referring to the instructions on this page. -It is strongly recommended that the version of AWX Operator is the same as the version when the backup was taken. This is because the structure of the backup files differs between versions and may not be compatible. If you have upgraded AWX Operator after taking the backup, it is recommended to downgrade it for the restore. +It is strongly recommended that the version of AWX Operator is the same as the version when the backup was taken. This is because the structure of the backup files differs between versions and may not be compatible. If you have upgraded AWX Operator after taking the backup, it is recommended to downgrade it for the restore. To deploy `0.13.0` or earlier version of AWX Operator, refer [📝Tips: Deploy older version of AWX Operator](tips/deploy-older-operator.md) #### Prepare for Restore @@ -329,14 +364,14 @@ Then invoke restore by applying this manifest file. kubectl apply -f restore/awxrestore.yaml ``` -Once this completed, the logs of `deployment/awx-operator` end with: +Once this completed, the logs of `deployments/awx-operator-controller-manager` end with: ```txt -$ kubectl logs -f deployment/awx-operator ---------------------------- Ansible Task Status Event StdOut ----------------- +$ kubectl -n awx logs -f deployments/awx-operator-controller-manager -c manager +----- Ansible Task Status Event StdOut (awx.ansible.com/v1beta1, Kind=AWX, awx/awx) ----- PLAY RECAP ********************************************************************* localhost : ok=56 changed=0 unreachable=0 failed=0 skipped=35 rescued=0 ignored=0 -------------------------------------------------------------------------------- +---------- ``` This will create AWXRestore object in the namespace, and now your AWX is restored. @@ -347,7 +382,7 @@ NAME AGE awxrestore-2021-06-06 137m ``` -Note that if you are using AWX Operator `0.12.0` or earlier, the Secret for TLS should be manually restored (or create newly using original certificate and key file). This is not required for `0.13.0` or later. +Note that if you are using AWX Operator `0.12.0` or earlier, the Secret for TLS should be manually restored (or create newly using original certificate and key file). This step is not required for `0.13.0` or later. ```bash kubectl apply -f awx-secret-tls.yaml @@ -380,3 +415,4 @@ kubectl apply -f awx-secret-tls.yaml - [📝Expose `/etc/hosts` to Pods on K3s](tips/expose-hosts.md) - [📝Redirect HTTP to HTTPS](tips/https-redirection.md) - [📝Uninstall deployed resouces](tips/uninstall.md) + - [📝Deploy older version of AWX Operator](tips/deploy-older-operator.md) diff --git a/base/awx.yaml b/base/awx.yaml index 51adbcf..190a4c3 100644 --- a/base/awx.yaml +++ b/base/awx.yaml @@ -5,10 +5,10 @@ metadata: name: awx spec: # These parameters are designed for use with: - # - AWX Operator: 0.13.0 - # https://github.com/ansible/awx-operator/blob/0.13.0/README.md - # - AWX: 19.3.0 - # https://github.com/ansible/awx/blob/19.3.0/INSTALL.md + # - AWX Operator: 0.14.0 + # https://github.com/ansible/awx-operator/blob/0.14.0/README.md + # - AWX: 19.4.0 + # https://github.com/ansible/awx/blob/19.4.0/INSTALL.md admin_user: admin admin_password_secret: awx-admin-password diff --git a/builder/README.md b/builder/README.md index b613f3d..cbf8c72 100644 --- a/builder/README.md +++ b/builder/README.md @@ -26,6 +26,7 @@ The base image can be chosen from the tags from [http://quay.io/ansible/ansible- `ansible-builder build` command builds Execution Environment as a container image according to the definition in `execution-environment.yml`. ```bash +cd builder ansible-builder build --tag registry.example.com/ansible/ee:2.10-custom --container-runtime docker --verbosity 3 ``` diff --git a/containergroup/README.md b/containergroup/README.md index 768283b..5aa2644 100644 --- a/containergroup/README.md +++ b/containergroup/README.md @@ -38,9 +38,9 @@ kubectl apply -k containergroup Add label to the node. ```bash -$ kubectl label nodes kuro-awx01.kuro.lab awx-node-type=demo +$ kubectl label node kuro-awx01.kuro.lab awx-node-type=demo -$ kubectl get nodes --show-labels +$ kubectl get node --show-labels NAME STATUS ROLES AGE VERSION LABELS kuro-awx01.kuro.lab Ready control-plane,master 3d7h v1.21.2+k3s1 awx-node-type=demo,... ``` @@ -86,7 +86,7 @@ metadata: app: ee-demo-pod spec: containers: - - image: 'quay.io/ansible/awx-ee:0.5.0' + - image: 'quay.io/ansible/awx-ee:latest' name: worker args: - ansible-runner @@ -118,6 +118,8 @@ This is the customized manifest to achieve; - Mounting PVC as `/etc/demo` - Running on the node with the label `awx-node-type: demo` using `nodeSelector` +You can also change `image`, but it will be overridden by specifying Execution Environment for the Job Template, Project Default, or Global Default. + ## Quick Testing The use of Container Group can be specified in the Job Template. After specifying and running the Job, you can see the result as follows. diff --git a/galaxy/README.md b/galaxy/README.md index 872033d..73cd1bc 100644 --- a/galaxy/README.md +++ b/galaxy/README.md @@ -131,7 +131,7 @@ Deploy Galaxy NG. kubectl apply -k galaxy/all-in-one ``` -Required resources has been deployed in `registry` namespace. +Required resources has been deployed in `galaxy` namespace. ```bash $ kubectl -n galaxy get all diff --git a/git/README.md b/git/README.md index f788d2d..262b29f 100644 --- a/git/README.md +++ b/git/README.md @@ -82,9 +82,11 @@ Note that this sample manifest does not include any databases, so the SQLite3 ha 2. Allow Self-Signed Certificate such as this Gitea - Open `Settings` > `Jobs settings` in AWX - Press `Edit` and scroll down to `Extra Environment Variables`, then add `"GIT_SSL_NO_VERIFY": "True"` in `{}` + ```json { "GIT_SSL_NO_VERIFY": "True" } ``` + - Press `Save` diff --git a/runner/README.md b/runner/README.md index 8c15bfc..8604dc9 100644 --- a/runner/README.md +++ b/runner/README.md @@ -26,6 +26,7 @@ Your own Execution Environment can be used using `container_image` in [`env/sett The sample playbook will help you figure out the differences between Execution Environments, such as Ansible version, `pip list`, etc. ```bash +cd runner ansible-runner run . -p demo.yml ``` diff --git a/tips/README.md b/tips/README.md index 95e31a0..e0ec78a 100644 --- a/tips/README.md +++ b/tips/README.md @@ -3,3 +3,4 @@ - [📝Expose `/etc/hosts` to Pods on K3s](expose-hosts.md) - [📝Redirect HTTP to HTTPS](https-redirection.md) - [📝Uninstall deployed resouces](uninstall.md) +- [📝Deploy older version of AWX Operator](deploy-older-operator.md) diff --git a/tips/deploy-older-operator.md b/tips/deploy-older-operator.md new file mode 100644 index 0000000..0008995 --- /dev/null +++ b/tips/deploy-older-operator.md @@ -0,0 +1,46 @@ + +# Deploy older version of AWX Operator + +The installation method for AWX Operator has been changed to `make` since version `0.14.0`. If you want to deploy `0.13.0` or earlier version of AWX Operator, the old procedure must be followed. + + +## Table of Contents + +- [Install AWX Operator](#install-awx-operator) +- [Monitor the logs of AWX Operator](#monitor-the-logs-of-awx-operator) + +## Install AWX Operator + +If you want to deploy `0.13.0` or earlier version of AWX Operator, you can directly invoke `kubectl apply` using the manifest file on GitHub instead of using `make` command. [Official old `README.md` on `ansible/awx-operator`](https://github.com/ansible/awx-operator/blob/0.13.0/README.md) is also helpful. + +```bash +kubectl apply -f https://raw.githubusercontent.com/ansible/awx-operator/0.13.0/deploy/awx-operator.yaml +``` + +The AWX Operator will be deployed to the `default` namespace. + +```bash +$ kubectl -n default get all +NAME READY STATUS RESTARTS AGE +pod/awx-operator-69c646c48f-jmtrs 1/1 Running 0 93s + +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +service/kubernetes ClusterIP 10.43.0.1 443/TCP 5m57s +service/awx-operator-metrics ClusterIP 10.43.183.1 8383/TCP,8686/TCP 70s + +NAME READY UP-TO-DATE AVAILABLE AGE +deployment.apps/awx-operator 1/1 1 1 93s + +NAME DESIRED CURRENT READY AGE +replicaset.apps/awx-operator-69c646c48f 1 1 1 93s +``` + +Once you have AWX Operator, the rest of the steps are the same as in `0.14.0` and later. + +## Monitor the logs of AWX Operator + +You can monitor the logs of AWX Operator by following command. + +```bash +kubectl logs -f deployment/awx-operator +``` diff --git a/tips/https-redirection.md b/tips/https-redirection.md index 20009eb..407e05c 100644 --- a/tips/https-redirection.md +++ b/tips/https-redirection.md @@ -80,15 +80,15 @@ persistentvolumeclaim/awx-projects-claim unchanged awx.awx.ansible.com/awx configured 👈👈👈 ``` -Once this completed, the logs of `deployment/awx-operator` end with: +Once this completed, the logs of `deployments/awx-operator-controller-manager` end with: ```txt -$ kubectl logs -f deployment/awx-operator --tail=100 +$ kubectl -n awx logs -f deployments/awx-operator-controller-manager -c manager --tail=100 ... ---------------------------- Ansible Task Status Event StdOut ----------------- +----- Ansible Task Status Event StdOut (awx.ansible.com/v1beta1, Kind=AWX, awx/awx) ----- PLAY RECAP ********************************************************************* -localhost : ok=55 changed=0 unreachable=0 failed=0 skipped=37 rescued=0 ignored=0 -------------------------------------------------------------------------------- +localhost : ok=54 changed=0 unreachable=0 failed=0 skipped=37 rescued=0 ignored=0 +---------- ``` You can confirm that the annotations will be added to the Ingress resource. @@ -112,15 +112,15 @@ kubectl -n awx patch awx awx --type=merge \ -p '{"spec": {"ingress_annotations": "traefik.ingress.kubernetes.io/router.middlewares: default-redirect@kubernetescrd"}}' ``` -Once this completed, the logs of `deployment/awx-operator` end with: +Once this completed, the logs of `deployments/awx-operator-controller-manager` end with: ```txt -$ kubectl logs -f deployment/awx-operator --tail=100 +$ kubectl -n awx logs -f deployments/awx-operator-controller-manager -c manager --tail=100 ... ---------------------------- Ansible Task Status Event StdOut ----------------- +----- Ansible Task Status Event StdOut (awx.ansible.com/v1beta1, Kind=AWX, awx/awx) ----- PLAY RECAP ********************************************************************* -localhost : ok=55 changed=0 unreachable=0 failed=0 skipped=37 rescued=0 ignored=0 -------------------------------------------------------------------------------- +localhost : ok=54 changed=0 unreachable=0 failed=0 skipped=37 rescued=0 ignored=0 +---------- ``` You can confirm that the annotations will be added to the Ingress resource.