From ff2c2afb893749a98fed1bfc3f1048e8358b8978 Mon Sep 17 00:00:00 2001 From: Ryan Cook Date: Mon, 15 May 2023 20:22:04 -0400 Subject: [PATCH 1/4] allow items to be reconciled or changed Signed-off-by: Ryan Cook --- roles/credential/tasks/main.yml | 3 +++ roles/instancegroup/tasks/main.yml | 3 +++ roles/job/tasks/main.yml | 3 +++ roles/project/tasks/main.yml | 5 ++++- roles/schedule/tasks/main.yml | 3 +++ roles/workflow/tasks/main.yml | 16 +++++++++------- watches.yaml | 12 +++++++----- 7 files changed, 32 insertions(+), 13 deletions(-) diff --git a/roles/credential/tasks/main.yml b/roles/credential/tasks/main.yml index a46a6f77..7b9f834b 100644 --- a/roles/credential/tasks/main.yml +++ b/roles/credential/tasks/main.yml @@ -12,6 +12,8 @@ when: - ansiblecred_info['resources'][0]['status']['isFinished'] is defined - ansiblecred_info['resources'][0]['status']['isFinished'] + - ansiblecred_info['resources'][0]['status']['generation'] is defined + - ansiblecred_info['resources'][0]['status']['generation']|int == ansiblecred_info['resources'][0]['metadata']['generation']|int - block: - name: Check number of attempts to execute the job have been made @@ -84,6 +86,7 @@ name: "{{ ansible_operator_meta.name }}" namespace: "{{ ansible_operator_meta.namespace }}" status: + generation: "{{ ansiblecred_info['resources'][0]['metadata']['generation'] }}" k8sJob: created: true message: |- diff --git a/roles/instancegroup/tasks/main.yml b/roles/instancegroup/tasks/main.yml index fe54cd48..3ac19252 100644 --- a/roles/instancegroup/tasks/main.yml +++ b/roles/instancegroup/tasks/main.yml @@ -12,6 +12,8 @@ when: - ansibleig_info['resources'][0]['status']['isFinished'] is defined - ansibleig_info['resources'][0]['status']['isFinished'] + - ansibleig_info['resources'][0]['status']['generation'] is defined + - ansibleig_info['resources'][0]['status']['generation']|int == ansibleig_info['resources'][0]['metadata']['generation']|int - block: - name: Check number of attempts to execute the job have been made @@ -98,6 +100,7 @@ name: "{{ ansible_operator_meta.name }}" namespace: "{{ ansible_operator_meta.namespace }}" status: + generation: "{{ ansibleig_info['resources'][0]['metadata']['generation'] }}" k8sJob: created: true message: |- diff --git a/roles/job/tasks/main.yml b/roles/job/tasks/main.yml index 414c0f35..75754ded 100644 --- a/roles/job/tasks/main.yml +++ b/roles/job/tasks/main.yml @@ -38,6 +38,8 @@ when: - ansiblejob_info['resources'][0]['status']['isFinished'] is defined - ansiblejob_info['resources'][0]['status']['isFinished'] + - ansiblejob_info['resources'][0]['status']['generation'] is defined + - ansiblejob_info['resources'][0]['status']['generation']|int == ansiblejob_info['resources'][0]['metadata']['generation']|int - block: - name: Check number of attempts to execute the job have been made @@ -111,6 +113,7 @@ namespace: "{{ ansible_operator_meta.namespace }}" status: k8sJob: + generation: "{{ k8s_job['resources'][0]['metadata']['generation'] }}" created: true message: |- Monitor the job.batch status for more details with the following commands: diff --git a/roles/project/tasks/main.yml b/roles/project/tasks/main.yml index d3ce8c30..9aae4298 100644 --- a/roles/project/tasks/main.yml +++ b/roles/project/tasks/main.yml @@ -12,6 +12,8 @@ when: - ansibleproj_info['resources'][0]['status']['isFinished'] is defined - ansibleproj_info['resources'][0]['status']['isFinished'] + - ansibleproj_info['resources'][0]['status']['generation'] is defined + - ansibleproj_info['resources'][0]['status']['generation']|int == ansibleproj_info['resources'][0]['metadata']['generation']|int - block: - name: Check number of attempts to execute the job have been made @@ -77,13 +79,14 @@ set_fact: _project_name: "{{ name}}" -- name: Update AnsibleProject status with K8s job info +- name: Update AnsibleProject status with K8s job info and generation operator_sdk.util.k8s_status: api_version: tower.ansible.com/v1alpha1 kind: AnsibleProject name: "{{ ansible_operator_meta.name }}" namespace: "{{ ansible_operator_meta.namespace }}" status: + generation: "{{ ansibleproj_info['resources'][0]['metadata']['generation'] }}" k8sJob: created: true message: |- diff --git a/roles/schedule/tasks/main.yml b/roles/schedule/tasks/main.yml index f7312d8e..bf9703a8 100644 --- a/roles/schedule/tasks/main.yml +++ b/roles/schedule/tasks/main.yml @@ -12,6 +12,8 @@ when: - ansiblesched_info['resources'][0]['status']['isFinished'] is defined - ansiblesched_info['resources'][0]['status']['isFinished'] + - ansiblesched_info['resources'][0]['status']['generation'] is defined + - ansiblesched_info['resources'][0]['status']['generation']|int == ansiblesched_info['resources'][0]['metadata']['generation']|int - block: - name: Check number of attempts to execute the job have been made @@ -84,6 +86,7 @@ name: "{{ ansible_operator_meta.name }}" namespace: "{{ ansible_operator_meta.namespace }}" status: + generation: "{{ ansiblesched_info['resources'][0]['metadata']['generation'] }}" k8sJob: created: true message: |- diff --git a/roles/workflow/tasks/main.yml b/roles/workflow/tasks/main.yml index d2276ff5..ae636ef5 100644 --- a/roles/workflow/tasks/main.yml +++ b/roles/workflow/tasks/main.yml @@ -1,5 +1,4 @@ --- - - name: WFJT defined assert: that: @@ -11,7 +10,7 @@ api_version: batch/v1 name: "{{ ansible_operator_meta.name }}" namespace: "{{ ansible_operator_meta.namespace }}" - register: k8s_job + register: k8s_wf - name: Update AnsibleWorkflow isFinished status if job succeeded operator_sdk.util.k8s_status: @@ -22,8 +21,8 @@ status: isFinished: true when: - - k8s_job['resources'][0]['status']['succeeded'] is defined - - k8s_job['resources'][0]['status']['succeeded'] == 1 + - k8s_wf['resources'][0]['status']['succeeded'] is defined + - k8s_wf['resources'][0]['status']['succeeded'] == 1 - name: Read AnsibleWorkflow info kubernetes.core.k8s_info: @@ -38,11 +37,13 @@ when: - ansiblejob_info['resources'][0]['status']['isFinished'] is defined - ansiblejob_info['resources'][0]['status']['isFinished'] + - ansiblejob_info['resources'][0]['status']['generation'] is defined + - ansiblejob_info['resources'][0]['status']['generation']|int == ansiblejob_info['resources'][0]['metadata']['generation']|int - block: - name: Check number of attempts to execute the job have been made set_fact: - _attempts: "{{ k8s_job['resources'][0]['status']['failed'] | default(0) }}" + _attempts: "{{ k8s_wf['resources'][0]['status']['failed'] | default(0) }}" - name: Set the maximum failed attempts allowed based on the backoffLimit set_fact: @@ -71,8 +72,8 @@ - name: End play early meta: end_play when: - - k8s_job['resources'] is defined - - (k8s_job["resources"]|length>0) + - k8s_wf['resources'] is defined + - (k8s_wf["resources"]|length>0) - name: Set user provided runner image set_fact: @@ -111,6 +112,7 @@ namespace: "{{ ansible_operator_meta.namespace }}" status: k8sJob: + generation: "{{ k8s_wf['resources'][0]['metadata']['generation'] }}" created: true message: |- Monitor the job.batch status for more details with the following commands: diff --git a/watches.yaml b/watches.yaml index bc97222c..1a1c8d4e 100644 --- a/watches.yaml +++ b/watches.yaml @@ -5,37 +5,39 @@ kind: AnsibleJob role: job watchDependentResources: True - # finalizer: - # name: finalizer.tower.ansible.com - # vars: - # tower_resource_state: absent - - version: v1alpha1 group: tower.ansible.com kind: JobTemplate role: jobtemplate + watchDependentResources: True - version: v1alpha1 group: tower.ansible.com kind: AnsibleProject role: project + watchDependentResources: True - version: v1alpha1 group: tower.ansible.com kind: AnsibleWorkflow role: workflow + watchDependentResources: True - version: v1alpha1 group: tower.ansible.com kind: AnsibleCredential role: credential + watchDependentResources: True - version: v1alpha1 group: tower.ansible.com kind: AnsibleSchedule role: schedule + watchDependentResources: True - version: v1alpha1 group: tower.ansible.com kind: AnsibleInstanceGroup role: instancegroup + watchDependentResources: True - version: v1alpha1 group: tower.ansible.com kind: WorkflowTemplate role: workflowtemplate + watchDependentResources: True #+kubebuilder:scaffold:watch From aab27b24ebece58b80bbf3f893fb1bdc2d01c3f2 Mon Sep 17 00:00:00 2001 From: Ryan Cook Date: Tue, 16 May 2023 16:15:21 -0400 Subject: [PATCH 2/4] Define ansible inventory (#125) * Add AnsibleInventory CRD and inventory role * Lower max reconciles * Add CSV parameters Signed-off-by: Ryan Cook Co-authored-by: Christian Adams Co-authored-by: Roger Lopez --- .github/workflows/kind-awx.yaml | 8 +++ PROJECT | 11 ++++ .../tower.ansible.com_ansibleinventories.yaml | 59 +++++++++++++++++ config/crd/kustomization.yaml | 1 + config/manager/kustomization.yaml | 4 ++ ...source-operator.clusterserviceversion.yaml | 27 ++++++++ config/rbac/inventory_editor_role.yaml | 31 +++++++++ config/rbac/inventory_viewer_role.yaml | 27 ++++++++ config/samples/inventory/kustomization.yaml | 5 ++ ...tower_v1alpha1_ansibleinventory-clone.yaml | 11 ++++ .../tower_v1alpha1_ansibleinventory-new.yaml | 11 ++++ config/samples/kustomization.yaml | 1 + molecule/default/tasks/inventory_test.yml | 18 ++++++ roles/inventory/README.md | 43 +++++++++++++ roles/inventory/defaults/main.yml | 5 ++ roles/inventory/files/.placeholder | 0 roles/inventory/handlers/main.yml | 2 + roles/inventory/meta/main.yml | 64 +++++++++++++++++++ roles/inventory/tasks/main.yml | 60 +++++++++++++++++ roles/inventory/vars/main.yml | 2 + .../tasks/create_instance_group.yml | 4 +- watches.yaml | 4 ++ 22 files changed, 396 insertions(+), 2 deletions(-) create mode 100644 config/crd/bases/tower.ansible.com_ansibleinventories.yaml create mode 100644 config/rbac/inventory_editor_role.yaml create mode 100644 config/rbac/inventory_viewer_role.yaml create mode 100644 config/samples/inventory/kustomization.yaml create mode 100644 config/samples/inventory/tower_v1alpha1_ansibleinventory-clone.yaml create mode 100644 config/samples/inventory/tower_v1alpha1_ansibleinventory-new.yaml create mode 100644 molecule/default/tasks/inventory_test.yml create mode 100644 roles/inventory/README.md create mode 100644 roles/inventory/defaults/main.yml create mode 100644 roles/inventory/files/.placeholder create mode 100644 roles/inventory/handlers/main.yml create mode 100644 roles/inventory/meta/main.yml create mode 100644 roles/inventory/tasks/main.yml create mode 100644 roles/inventory/vars/main.yml diff --git a/.github/workflows/kind-awx.yaml b/.github/workflows/kind-awx.yaml index d2b79a3a..e7c4617c 100644 --- a/.github/workflows/kind-awx.yaml +++ b/.github/workflows/kind-awx.yaml @@ -150,6 +150,7 @@ jobs: kubectl -n awx set env -c awx-resource-manager deployment/resource-operator-controller-manager MAX_CONCURRENT_RECONCILES_JOBTEMPLATE_TOWER_ANSIBLE_COM=2 kubectl -n awx set env -c awx-resource-manager deployment/resource-operator-controller-manager MAX_CONCURRENT_RECONCILES_WORKFLOWTEMPLATE_TOWER_ANSIBLE_COM=2 kubectl -n awx set env -c awx-resource-manager deployment/resource-operator-controller-manager MAX_CONCURRENT_RECONCILES_ANSIBLEWORKFLOW_TOWER_ANSIBLE_COM=2 + kubectl -n awx set env -c awx-resource-manager deployment/resource-operator-controller-manager MAX_CONCURRENT_RECONCILES_ANSIBLEINVENTORY_TOWER_ANSIBLE_COM=2 - name: launch a job run: | @@ -223,6 +224,13 @@ jobs: kubectl apply -f config/samples/tower_v1alpha1_ansibleinstancegroup.yaml -n awx kubectl wait ansibleinstancegroup -n awx kuber-instance-group --for condition=Successful=True --timeout=240s + - name: create two inventories + run: | + kubectl apply -f config/samples/inventory/tower_v1alpha1_ansibleinventory-clone.yaml -n awx + kubectl apply -f config/samples/inventory/tower_v1alpha1_ansibleinventory-new.yaml -n awx + kubectl wait ansibleinventory -n awx inventory-clone --for condition=Successful=True --timeout=240s + kubectl wait ansibleinventory -n awx inventory-new --for condition=Successful=True --timeout=240s + - name: validate error message run: | kubectl get ansiblejob -n awx broke-job -o yaml diff --git a/PROJECT b/PROJECT index b1bf2e64..52454a7b 100644 --- a/PROJECT +++ b/PROJECT @@ -1,3 +1,7 @@ +# Code generated by tool. DO NOT EDIT. +# This file is used to track the info used to scaffold your project +# and allow the plugins properly work. +# More info: https://book.kubebuilder.io/reference/project-config.html domain: ansible.com layout: - ansible.sdk.operatorframework.io/v1 @@ -62,4 +66,11 @@ resources: group: tower kind: WorkflowTemplate version: v1alpha1 +- api: + crdVersion: v1 + namespaced: true + domain: ansible.com + group: tower + kind: AnsibleInventory + version: v1alpha1 version: "3" diff --git a/config/crd/bases/tower.ansible.com_ansibleinventories.yaml b/config/crd/bases/tower.ansible.com_ansibleinventories.yaml new file mode 100644 index 00000000..7f49c2a3 --- /dev/null +++ b/config/crd/bases/tower.ansible.com_ansibleinventories.yaml @@ -0,0 +1,59 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: ansibleinventories.tower.ansible.com +spec: + group: tower.ansible.com + names: + kind: AnsibleInventory + listKind: AnsibleInventoryList + plural: ansibleinventories + singular: ansibleinventory + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Inventory is the Schema for the inventories API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + name: + type: string + description: + type: string + organization: + type: string + copy_from: + type: string + state: + type: string + connection_secret: + type: string + description: | + A k8s secret that contains an access token for AWX. To create an access token see these docs: https://docs.ansible.com/automation-controller/4.1.0/html/userguide/applications_auth.html#add-tokens. + description: Spec defines the desired state of Inventory + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of Inventory + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml index 09bef1c0..b80eeefe 100644 --- a/config/crd/kustomization.yaml +++ b/config/crd/kustomization.yaml @@ -10,4 +10,5 @@ resources: - bases/tower.ansible.com_ansibleschedules.yaml - bases/tower.ansible.com_ansibleinstancegroups.yaml - bases/tower.ansible.com_workflowtemplates.yaml +- bases/tower.ansible.com_ansibleinventories.yaml #+kubebuilder:scaffold:crdkustomizeresource diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 8812307e..9ddeafc6 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -10,3 +10,7 @@ configMapGenerator: name: awx-resource-manager-config apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization +images: +- name: controller + newName: quay.io/ansible/awx-resource-operator + newTag: 0.2.0 diff --git a/config/manifests/bases/awx-resource-operator.clusterserviceversion.yaml b/config/manifests/bases/awx-resource-operator.clusterserviceversion.yaml index 4e2fe5f9..2d9f6e3d 100644 --- a/config/manifests/bases/awx-resource-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/awx-resource-operator.clusterserviceversion.yaml @@ -413,6 +413,33 @@ spec: x-descriptors: - urn:alm:descriptor:com.tectonic.ui:text version: v1alpha1 + - description: Define a new Inventory in awx + displayName: AWX Schedule + kind: AnsibleInventory + name: ansibleinventories.tower.ansible.com + specDescriptors: + - displayName: Inventory Name + path: name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - displayName: Inventory Organization + path: organization + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - displayName: Inventory Description + path: description + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - displayName: Inventory Instance Group + path: instance_groups + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Copy inventory from another inventory + displayName: Copy Inventory + path: copy_from + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + version: v1alpha1 description: The Ansible Automation Platform Resource Operator manages launching Ansible Jobs and Workflows. displayName: AWX Resource Operator diff --git a/config/rbac/inventory_editor_role.yaml b/config/rbac/inventory_editor_role.yaml new file mode 100644 index 00000000..60c59526 --- /dev/null +++ b/config/rbac/inventory_editor_role.yaml @@ -0,0 +1,31 @@ +# permissions for end users to edit inventories. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: clusterrole + app.kubernetes.io/instance: inventory-editor-role + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: awx-resource-operator + app.kubernetes.io/part-of: awx-resource-operator + app.kubernetes.io/managed-by: kustomize + name: inventory-editor-role +rules: +- apiGroups: + - tower.ansible.com + resources: + - inventories + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - tower.ansible.com + resources: + - inventories/status + verbs: + - get diff --git a/config/rbac/inventory_viewer_role.yaml b/config/rbac/inventory_viewer_role.yaml new file mode 100644 index 00000000..80a549c1 --- /dev/null +++ b/config/rbac/inventory_viewer_role.yaml @@ -0,0 +1,27 @@ +# permissions for end users to view inventories. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: clusterrole + app.kubernetes.io/instance: inventory-viewer-role + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: awx-resource-operator + app.kubernetes.io/part-of: awx-resource-operator + app.kubernetes.io/managed-by: kustomize + name: inventory-viewer-role +rules: +- apiGroups: + - tower.ansible.com + resources: + - inventories + verbs: + - get + - list + - watch +- apiGroups: + - tower.ansible.com + resources: + - inventories/status + verbs: + - get diff --git a/config/samples/inventory/kustomization.yaml b/config/samples/inventory/kustomization.yaml new file mode 100644 index 00000000..91469c53 --- /dev/null +++ b/config/samples/inventory/kustomization.yaml @@ -0,0 +1,5 @@ +## Append samples you want in your CSV to this file as resources ## +resources: +- tower_v1alpha1_ansibleinventory-clone.yaml +- tower_v1alpha1_ansibleinventory-new.yaml +#+kubebuilder:scaffold:manifestskustomizesamples diff --git a/config/samples/inventory/tower_v1alpha1_ansibleinventory-clone.yaml b/config/samples/inventory/tower_v1alpha1_ansibleinventory-clone.yaml new file mode 100644 index 00000000..47a38536 --- /dev/null +++ b/config/samples/inventory/tower_v1alpha1_ansibleinventory-clone.yaml @@ -0,0 +1,11 @@ +apiVersion: tower.ansible.com/v1alpha1 +kind: AnsibleInventory +metadata: + name: inventory-clone +spec: + connection_secret: awxaccess + copy_from: Demo Inventory + description: my inventory + name: sampleinv + organization: Default + state: present diff --git a/config/samples/inventory/tower_v1alpha1_ansibleinventory-new.yaml b/config/samples/inventory/tower_v1alpha1_ansibleinventory-new.yaml new file mode 100644 index 00000000..487f95f1 --- /dev/null +++ b/config/samples/inventory/tower_v1alpha1_ansibleinventory-new.yaml @@ -0,0 +1,11 @@ +apiVersion: tower.ansible.com/v1alpha1 +kind: AnsibleInventory +metadata: + name: inventory-new +spec: + connection_secret: awxaccess + description: my new inventory + name: newinventory + organization: Default + state: present + instance_groups: default diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml index 06e65ee5..4b69e607 100644 --- a/config/samples/kustomization.yaml +++ b/config/samples/kustomization.yaml @@ -4,6 +4,7 @@ resources: - tower_v1alpha1_ansibleschedule.yaml - tower_v1alpha1_ansibleinstancegroup.yaml - ./credentials/ +- ./inventory/ - ./projects/ - ./jobtemplate/ - ./workflow/ diff --git a/molecule/default/tasks/inventory_test.yml b/molecule/default/tasks/inventory_test.yml new file mode 100644 index 00000000..726a2dcc --- /dev/null +++ b/molecule/default/tasks/inventory_test.yml @@ -0,0 +1,18 @@ +--- +- name: Create the tower.ansible.com/v1alpha1.Inventory + k8s: + state: present + namespace: '{{ namespace }}' + definition: "{{ lookup('template', '/'.join([samples_dir, cr_file])) | from_yaml }}" + wait: yes + wait_timeout: 300 + wait_condition: + type: Successful + status: "True" + vars: + cr_file: 'tower_v1alpha1_inventory.yaml' + +- name: Add assertions here + assert: + that: false + fail_msg: FIXME Add real assertions for your operator diff --git a/roles/inventory/README.md b/roles/inventory/README.md new file mode 100644 index 00000000..c37ca916 --- /dev/null +++ b/roles/inventory/README.md @@ -0,0 +1,43 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, +if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in +defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables +that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set +for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for +users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/roles/inventory/defaults/main.yml b/roles/inventory/defaults/main.yml new file mode 100644 index 00000000..59d1966e --- /dev/null +++ b/roles/inventory/defaults/main.yml @@ -0,0 +1,5 @@ +--- +# defaults file for Inventory +job_ttl: 3600 +backoff_limit: 1 + diff --git a/roles/inventory/files/.placeholder b/roles/inventory/files/.placeholder new file mode 100644 index 00000000..e69de29b diff --git a/roles/inventory/handlers/main.yml b/roles/inventory/handlers/main.yml new file mode 100644 index 00000000..58f44537 --- /dev/null +++ b/roles/inventory/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for Inventory diff --git a/roles/inventory/meta/main.yml b/roles/inventory/meta/main.yml new file mode 100644 index 00000000..dfab20d3 --- /dev/null +++ b/roles/inventory/meta/main.yml @@ -0,0 +1,64 @@ +--- +galaxy_info: + author: your name + description: your description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Some suggested licenses: + # - BSD (default) + # - MIT + # - GPLv2 + # - GPLv3 + # - Apache + # - CC-BY + license: license (GPLv2, CC-BY, etc) + + min_ansible_version: 2.9 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # Optionally specify the branch Galaxy will use when accessing the GitHub + # repo for this role. During role install, if no tags are available, + # Galaxy will use this branch. During import Galaxy will access files on + # this branch. If Travis integration is configured, only notifications for this + # branch will be accepted. Otherwise, in all cases, the repo's default branch + # (usually master) will be used. + #github_branch: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. +collections: +- operator_sdk.util +- kubernetes.core diff --git a/roles/inventory/tasks/main.yml b/roles/inventory/tasks/main.yml new file mode 100644 index 00000000..a542ed45 --- /dev/null +++ b/roles/inventory/tasks/main.yml @@ -0,0 +1,60 @@ +--- +- name: Read Secret Configuration from connection_secret + kubernetes.core.k8s_info: + kind: Secret + api_version: v1 + name: "{{ connection_secret }}" + namespace: "{{ ansible_operator_meta.namespace }}" + register: tower_connection_secret + when: connection_secret is defined + +- name: Set fact based on secret results + set_fact: + tower_config_secret: "{{ tower_connection_secret }}" + +- name: Validate Secret Exists + assert: + that: + - tower_config_secret["resources"] is defined and (tower_config_secret["resources"]|length>0) + fail_msg: "Tower Secret must exist" + +- name: Create inventory based on a copy of the source inventory + awx.awx.inventory: + name: "{{ name }}" + description: "{{ description }}" + organization: "{{ organization }}" + copy_from: "{{ copy_from | default(omit) }}" + state: "{{ state | default('present') }}" + instance_groups: "{{ instance_groups | default(omit) }}" + environment: + - TOWER_OAUTH_TOKEN: "{{ tower_config_secret['resources'][0]['data']['token'] | b64decode }}" + - TOWER_HOST: "{{ tower_config_secret['resources'][0]['data']['host'] | b64decode }}" + - TOWER_VERIFY_SSL: "False" + register: inventory + ignore_errors: true + +- name: Update the k8s status + operator_sdk.util.k8s_status: + api_version: tower.ansible.com/v1alpha1 + kind: ansibleinventory + name: '{{ ansible_operator_meta.name }}' + namespace: '{{ ansible_operator_meta.namespace }}' + status: + isFinished: true + message: "Inventory Created" + when: + - inventory.changed + +- name: Update the k8s status + operator_sdk.util.k8s_status: + api_version: tower.ansible.com/v1alpha1 + kind: ansibleinventory + name: '{{ ansible_operator_meta.name }}' + namespace: '{{ ansible_operator_meta.namespace }}' + status: + isFinished: true + error: true + message: "There was an error when creating the inventory" + when: + - inventory.failed + diff --git a/roles/inventory/vars/main.yml b/roles/inventory/vars/main.yml new file mode 100644 index 00000000..8e9c04fc --- /dev/null +++ b/roles/inventory/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for Inventory diff --git a/roles/job_runner/tasks/create_instance_group.yml b/roles/job_runner/tasks/create_instance_group.yml index 51fd80b7..def0c8a0 100644 --- a/roles/job_runner/tasks/create_instance_group.yml +++ b/roles/job_runner/tasks/create_instance_group.yml @@ -22,7 +22,7 @@ namespace: "{{ lookup('env', 'ANSIBLEINSTANCEGROUP_NAMESPACE') }}" status: isFinished: true - AnsibleCredentialsResult: + AnsibleInstanceGroupResult: status: "error" - name: End playbook run meta: end_play @@ -35,5 +35,5 @@ namespace: "{{ lookup('env', 'ANSIBLEINSTANCEGROUP_NAMESPACE') }}" status: isFinished: true - AnsibleProjectResult: + AnsibleInstanceGroupResult: changed: "{{ instance_group.changed }}" diff --git a/watches.yaml b/watches.yaml index 1a1c8d4e..26e631d3 100644 --- a/watches.yaml +++ b/watches.yaml @@ -40,4 +40,8 @@ kind: WorkflowTemplate role: workflowtemplate watchDependentResources: True +- version: v1alpha1 + group: tower.ansible.com + kind: AnsibleInventory + role: inventory #+kubebuilder:scaffold:watch From 55bc9e52ca60bc18a152da680caf6707cb6f4aea Mon Sep 17 00:00:00 2001 From: Ryan Cook Date: Tue, 16 May 2023 16:36:39 -0400 Subject: [PATCH 3/4] merging and cleaning up --- watches.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/watches.yaml b/watches.yaml index 26e631d3..1c1a2e1e 100644 --- a/watches.yaml +++ b/watches.yaml @@ -44,4 +44,5 @@ group: tower.ansible.com kind: AnsibleInventory role: inventory + watchDependentResources: True #+kubebuilder:scaffold:watch From e8ec19ecca3650502f5dc375a1fa6c2d78878464 Mon Sep 17 00:00:00 2001 From: Ryan Cook Date: Wed, 17 May 2023 08:29:36 -0400 Subject: [PATCH 4/4] remove the ability for job to rerun Signed-off-by: Ryan Cook --- roles/job/tasks/main.yml | 3 --- roles/workflow/tasks/main.yml | 16 +++++++--------- watches.yaml | 2 -- 3 files changed, 7 insertions(+), 14 deletions(-) diff --git a/roles/job/tasks/main.yml b/roles/job/tasks/main.yml index 75754ded..414c0f35 100644 --- a/roles/job/tasks/main.yml +++ b/roles/job/tasks/main.yml @@ -38,8 +38,6 @@ when: - ansiblejob_info['resources'][0]['status']['isFinished'] is defined - ansiblejob_info['resources'][0]['status']['isFinished'] - - ansiblejob_info['resources'][0]['status']['generation'] is defined - - ansiblejob_info['resources'][0]['status']['generation']|int == ansiblejob_info['resources'][0]['metadata']['generation']|int - block: - name: Check number of attempts to execute the job have been made @@ -113,7 +111,6 @@ namespace: "{{ ansible_operator_meta.namespace }}" status: k8sJob: - generation: "{{ k8s_job['resources'][0]['metadata']['generation'] }}" created: true message: |- Monitor the job.batch status for more details with the following commands: diff --git a/roles/workflow/tasks/main.yml b/roles/workflow/tasks/main.yml index ae636ef5..d2276ff5 100644 --- a/roles/workflow/tasks/main.yml +++ b/roles/workflow/tasks/main.yml @@ -1,4 +1,5 @@ --- + - name: WFJT defined assert: that: @@ -10,7 +11,7 @@ api_version: batch/v1 name: "{{ ansible_operator_meta.name }}" namespace: "{{ ansible_operator_meta.namespace }}" - register: k8s_wf + register: k8s_job - name: Update AnsibleWorkflow isFinished status if job succeeded operator_sdk.util.k8s_status: @@ -21,8 +22,8 @@ status: isFinished: true when: - - k8s_wf['resources'][0]['status']['succeeded'] is defined - - k8s_wf['resources'][0]['status']['succeeded'] == 1 + - k8s_job['resources'][0]['status']['succeeded'] is defined + - k8s_job['resources'][0]['status']['succeeded'] == 1 - name: Read AnsibleWorkflow info kubernetes.core.k8s_info: @@ -37,13 +38,11 @@ when: - ansiblejob_info['resources'][0]['status']['isFinished'] is defined - ansiblejob_info['resources'][0]['status']['isFinished'] - - ansiblejob_info['resources'][0]['status']['generation'] is defined - - ansiblejob_info['resources'][0]['status']['generation']|int == ansiblejob_info['resources'][0]['metadata']['generation']|int - block: - name: Check number of attempts to execute the job have been made set_fact: - _attempts: "{{ k8s_wf['resources'][0]['status']['failed'] | default(0) }}" + _attempts: "{{ k8s_job['resources'][0]['status']['failed'] | default(0) }}" - name: Set the maximum failed attempts allowed based on the backoffLimit set_fact: @@ -72,8 +71,8 @@ - name: End play early meta: end_play when: - - k8s_wf['resources'] is defined - - (k8s_wf["resources"]|length>0) + - k8s_job['resources'] is defined + - (k8s_job["resources"]|length>0) - name: Set user provided runner image set_fact: @@ -112,7 +111,6 @@ namespace: "{{ ansible_operator_meta.namespace }}" status: k8sJob: - generation: "{{ k8s_wf['resources'][0]['metadata']['generation'] }}" created: true message: |- Monitor the job.batch status for more details with the following commands: diff --git a/watches.yaml b/watches.yaml index 1c1a2e1e..d75bb3ce 100644 --- a/watches.yaml +++ b/watches.yaml @@ -4,7 +4,6 @@ group: tower.ansible.com kind: AnsibleJob role: job - watchDependentResources: True - version: v1alpha1 group: tower.ansible.com kind: JobTemplate @@ -19,7 +18,6 @@ group: tower.ansible.com kind: AnsibleWorkflow role: workflow - watchDependentResources: True - version: v1alpha1 group: tower.ansible.com kind: AnsibleCredential