1
0
mirror of https://github.com/ansible/awx.git synced 2024-10-31 15:21:13 +03:00
Commit Graph

268 Commits

Author SHA1 Message Date
Mathieu Mallet
dce3795e0c update-ca-trust: Ensure CA trust is updated in awx_task container
Related #3010

Both awx_web and awx_task containers can have a volume mounted in
specified by the ca_trust_dir variable. Unfortunately only the
awx_web container's trust is updated. This patch makes sure the
awx_task container's trust is updated as well

Testing Done: ansible-playbook --syntax-check installer/install.yml

Signed-off-by: Mathieu Mallet <mmallet@digipok.io>
2019-02-06 16:51:14 +00:00
Marius Rieder
072919040b Omit DATABASE_SSLMODE if not set. 2019-01-22 17:24:44 +01:00
Marius Rieder
589531163a Add pg_sslmode option.
Allows to use PostgreSQL over SSL #709
2019-01-21 19:47:34 +01:00
Yanis Guenane
44c48d1d66 Nginx: Specify X-Frame-Options "DENY" header
Adding the X-Frame-Options "DENY"; header to avoid possible clickjacking
attack.

More info of the why available here:
https://www.owasp.org/index.php/Testing_for_Clickjacking_(OTG-CLIENT-009)

Signed-off-by: Yanis Guenane <yguenane@redhat.com>
2019-01-21 12:34:17 +01:00
softwarefactory-project-zuul[bot]
5f01c3f5a8
Merge pull request #2994 from coreywan/pod-limits
Add POD Limits

Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2019-01-18 04:28:11 +00:00
softwarefactory-project-zuul[bot]
7b39198f26
Merge pull request #2995 from coreywan/postgres_helm
adds persistence.storageClass and limits to postgress helm install

Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2019-01-18 04:24:18 +00:00
softwarefactory-project-zuul[bot]
474876872e
Merge pull request #2999 from themr0c/issue-2991
related #2991 - Helm creation of postgreql on multiple namespaces

Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2019-01-17 14:28:05 +00:00
Corey Wanless
aebeeb170e adds pod limits
Signed-off-by: Corey Wanless <corey.wanless@wwt.com>
2019-01-16 09:23:18 -06:00
Fabrice Flore-Thebault
c434d38876 adding helm chart version for postgresql
Signed-off-by: Fabrice Flore-Thebault <themr0c@users.noreply.github.com>
2019-01-16 09:40:49 +01:00
Shane McDonald
04da4503db
Python 3 / Upstream Kubernetes 2019-01-15 14:09:05 -05:00
Ryan Petrello
96b9bd6ab6
make py3 packaging work for k8s 2019-01-15 14:09:05 -05:00
Fabrice Flore-Thebault
7b32262f75 revert pg_hostname
Signed-off-by: Fabrice Flore-Thebault <themr0c@users.noreply.github.com>
2019-01-15 14:59:17 +01:00
Fabrice Flore-Thebault
d69f6acf64 add helm repo update and fix helm upgrade
Signed-off-by: Fabrice Flore-Thebault <themr0c@users.noreply.github.com>
2019-01-15 14:48:26 +01:00
Fabrice Flore-Thebault
ef3aab1357 related #2991 - unify postgresql_service_name
Signed-off-by: Fabrice Flore-Thebault <themr0c@users.noreply.github.com>
2019-01-15 11:44:08 +01:00
Corey Wanless
0c074e0988 * adds persistence.storageClass and limits to postgress helm install
* adds new variables to the inventory

Signed-off-by: Corey Wanless <corey.wanless@wwt.com>
2019-01-14 11:28:21 -06:00
softwarefactory-project-zuul[bot]
32c705a62a
Merge pull request #2996 from coreywan/setup-postgress-activation-wait
adds wait time for postgres setup as a variable

Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2019-01-14 17:22:54 +00:00
Fabrice Flore-Thebault
d43521bb77 fix #2991 - make Helm creation of postgreql succeed when installing multiple AWX on different namespaces on same kubernetes
Signed-off-by: Fabrice Flore-Thebault <themr0c@users.noreply.github.com>
2019-01-14 10:32:21 +01:00
Corey Wanless
b1710f9523 adds wait time for postgres setup as a variable 2019-01-11 22:23:43 -06:00
Ryan Petrello
4858868428
configure an HA policy for openshift/k8s installs 2018-12-14 14:08:30 -05:00
Hideki Saito
f16a72081a Fixed issue where admin_user and password change are not reflected
- No effect of changing admin_user and admin_password when using docker-compose #2666
2018-11-13 18:21:18 +09:00
Idan Bidani
a213e01491 updating default Postgresql version to 9.6 2018-11-10 18:27:22 -05:00
westfood
694e494484 Using new Helm parameters for PostgreSQL access. 2018-10-28 11:55:36 +01:00
softwarefactory-project-zuul[bot]
3e4738d948
Merge pull request #2430 from dmt/devel
Fix installer volume definitions

Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2018-10-25 22:12:25 +00:00
softwarefactory-project-zuul[bot]
94083f55c7
Merge pull request #2510 from Intermax-Cloudsourcing/awx-web-dockerfile-tmp
Empties /tmp in awx_web Dockerfile

Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2018-10-25 21:59:42 +00:00
Daniel Temme
6ecd18b2e2 make volume concatenation work
The second list gets interpreted as part of the else block, effectively
dropping it. Separating both list definitions with braces seems to work.

# Conflicts:
#	installer/roles/local_docker/tasks/standalone.yml
2018-10-25 17:54:10 -04:00
Daniel Temme
4e9c705997 Partial revert for "Bugfix for ca_trust_dir"
# Conflicts:
#	installer/roles/local_docker/tasks/standalone.yml

# Conflicts:
#	installer/roles/local_docker/tasks/standalone.yml
2018-10-25 17:53:12 -04:00
softwarefactory-project-zuul[bot]
1803a76a4d
Merge pull request #2485 from wwt/fix-tiller-namespace
Pass tiller namespace down to helm task

Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2018-10-25 21:40:08 +00:00
softwarefactory-project-zuul[bot]
86ca1875f1
Merge pull request #2486 from wwt/remove-rabbit-cluster-name
Remove .cluster.local from service name for rabbitmq

Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2018-10-25 21:37:54 +00:00
wilmardo
bf5c259d92 Empties /tmp in web Dockerfile 2018-10-25 17:12:26 -04:00
Igor Vuk
c133b35162 Update variable names for local Docker daemon installation
Signed-off-by: Igor Vuk <parcijala@gmail.com>
2018-10-25 12:47:25 -04:00
David Moreau Simard
1dd44df471
Let users disable create_preload_data if it isn't necessary
The demo things might not be desirable in a production environment.
2018-10-24 11:36:33 -04:00
James Evans
88819ada6b Remove .cluster.local from service name for rabbitmq
FQDNs are not required for service discovery, and having the FQDN in the
name prevents the discovery from working in clusters not named
cluster.local.
2018-10-18 14:00:05 -05:00
James Evans
4198227116 Pass tiller namespace down to helm task 2018-10-18 09:34:13 -05:00
Ilkka Tengvall
42a0192425
Merge branch 'devel' into ikke-t-selinux-fix 2018-10-17 21:44:48 +03:00
softwarefactory-project-zuul[bot]
0a964b2bf6
Merge pull request #2266 from ansible/celery-tastes-bad
replace the celery-based task queue with a kombu-based implementation

Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2018-10-12 18:40:54 +00:00
Daniel Temme
921231fe3d fix indentation for register variable 2018-10-12 11:13:42 +02:00
softwarefactory-project-zuul[bot]
6721ea54e9
Merge pull request #1956 from droopy4096/devel
allow nginx config extension

Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2018-10-11 22:38:36 +00:00
softwarefactory-project-zuul[bot]
99a42e91fe
Merge pull request #2235 from ChrisRo89/devel
Extracted more variables which a related to rabbitmq/postgresql from tasks to defaults

Reviewed-by: Shane McDonald <me@shanemcd.com>
             https://github.com/shanemcd
2018-10-11 21:54:38 +00:00
softwarefactory-project-zuul[bot]
9a580ba644
Merge pull request #2416 from fantashley/fix-openshift-auth
Fix openshift auth broken by undefined vars

Reviewed-by: Ashley Nelson <fantashley@gmail.com>
             https://github.com/fantashley
2018-10-11 21:51:20 +00:00
softwarefactory-project-zuul[bot]
74fcdabc22
Merge pull request #2156 from Decstasy/patch-1
Bugfix for ca_trust_dir

Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2018-10-11 21:31:45 +00:00
Ashley Nelson
9bec7cf3b0 Fix openshift auth broken by undefined vars
Signed-off-by: Ashley Nelson <fantashley@gmail.com>
2018-10-11 16:25:55 -05:00
softwarefactory-project-zuul[bot]
f79debac42
Merge pull request #2164 from atgreen/devel
Fix token based openshift logins during installation - fixes #489

Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2018-10-11 20:36:39 +00:00
softwarefactory-project-zuul[bot]
a9f3eeef05
Merge pull request #2131 from walkafwalka/docker_install_awx_hostnames
Add inventory vars to set docker install hostnames

Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2018-10-11 20:29:32 +00:00
softwarefactory-project-zuul[bot]
6f55cde6d3
Merge pull request #2091 from stoned/force_boolean_eval
force boolean evaluation

Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2018-10-11 20:17:48 +00:00
Ashley Nelson
2bf2412759 Add serviceName to Kubernetes StatefulSet spec
Signed-off-by: Ashley Nelson <fantashley@gmail.com>
2018-10-11 11:49:08 -05:00
Christian.Rohr
96ad2b2b28 Extracted more variables which a related to rabbitmq 2018-10-11 12:16:01 -04:00
Anthony Green
c39370dbd0 Fix token based openshift logins 2018-10-11 12:10:41 -04:00
Ryan Petrello
ff1e8cc356
replace celery task decorators with a kombu-based publisher
this commit implements the bulk of `awx-manage run_dispatcher`, a new
command that binds to RabbitMQ via kombu and balances messages across
a pool of workers that are similar to celeryd workers in spirit.
Specifically, this includes:

- a new decorator, `awx.main.dispatch.task`, which can be used to
  decorate functions or classes so that they can be designated as
  "Tasks"
- support for fanout/broadcast tasks (at this point in time, only
  `conf.Setting` memcached flushes use this functionality)
- support for job reaping
- support for success/failure hooks for job runs (i.e.,
  `handle_work_success` and `handle_work_error`)
- support for auto scaling worker pool that scale processes up and down
  on demand
- minimal support for RPC, such as status checks and pool recycle/reload
2018-10-11 10:53:30 -04:00
Shane McDonald
ee1d5e43b9 Fix fallout from https://github.com/ansible/awx/pull/2392
There were some upstream changes that I overwrote but shouldn’t have.
2018-10-10 11:41:34 -04:00
Ilkka Tengvall
b4919f9ebd
Merge branch 'devel' into ikke-t-selinux-fix 2018-10-10 08:23:46 +03:00
Shane McDonald
b9279ebd5e Port downstream installer changes 2018-10-09 14:39:39 -04:00
Shane McDonald
b75f8ceca6 Do not default to pulling latest from DockerHub 2018-10-03 17:50:07 -05:00
Shane McDonald
bfc74497b0 Fix error in image_build role
I think I derped up and commited something in an old stash.
2018-10-03 14:44:26 -05:00
Shane McDonald
3701567ad7 Revert "first-parent requires git >= 1.8.4"
This reverts commit 1af0ee2f8c.

# Conflicts:
#	installer/roles/image_build/templates/Dockerfile.j2
2018-09-28 15:48:33 -04:00
Shane McDonald
86140dec08 Revert "Fix sdist builder image"
This reverts commit 97472cb91b.

# Conflicts:
#	installer/roles/image_build/tasks/main.yml
2018-09-28 15:48:33 -04:00
Shane McDonald
50fe0392ed Updates to versioning system.
https://github.com/ansible/awx/issues?q=%22--first-parent%22
2018-09-28 15:48:33 -04:00
Dmytro Makovey
f8d2a32756 merge and resolve conflict 2018-09-18 11:35:35 -07:00
Shane McDonald
1b4c3f56fa
Merge pull request #2113 from kialam/upgrade-node-lts
Upgrade Node and NPM to LTS
2018-09-18 12:46:30 -04:00
Shane McDonald
89e656b2a4 Update Node version in sdist builder 2018-09-18 12:17:52 -04:00
Shane McDonald
2b9954c373 Pull in downstream k8s installer changes
- Secretification of secret stuff
- Backup / restore
2018-08-14 12:37:19 -04:00
Shane McDonald
2e6a7205e7 Fix broken conditional 2018-08-14 11:19:15 -04:00
Matthew Jones
14685901aa skip migrations If an environment variable is set
This is to help k8s/openshift migrations which will perform migrations
in a separate pod.
2018-08-14 11:00:51 -04:00
Matthew Jones
4dcd379d1e Add some env variables to the web deployment
This allows the start script to properly wait on services to come
online rather than getting stuck and waiting for the full timeout
2018-08-13 13:27:00 -04:00
Ryan Petrello
18f6f68540
Merge remote-tracking branch 'tower/release_3.3.0' into devel 2018-08-10 11:54:34 -04:00
Dennis U
a294a6f06e
Bugfix for ca_trust_dir
Changed syntax as ca_trust_dir was not correctly mounted in awx_web container and added command to update CA trust inside awx_web container after creation.
2018-08-09 14:07:29 +02:00
Ryan Petrello
2d4fbffb91
set the correct X-Forwarded-Port header to fix SAML auth
see: https://github.com/ansible/tower/issues/2314
2018-08-07 10:07:06 -04:00
walkafwalka
d2ab7bd54d Add inventory vars to set docker install hostnames
Signed-off-by: walkafwalka <41709139+walkafwalka@users.noreply.github.com>
2018-08-04 01:49:07 -07:00
Shane McDonald
be7a40daf3 Fix syntax in nginx config
Broke in 6f5259d017
2018-08-02 11:24:51 -04:00
Ryan Petrello
6f5259d017
remove the network UI 2018-07-30 11:03:53 -04:00
Ryan Petrello
7588e65786
change openshift edge termination policy to redirect (enforce https)
see: https://github.com/ansible/tower/issues/2591
related: https://docs.openshift.org/latest/architecture/networking/routes.html
2018-07-27 10:34:07 -04:00
Stoned Elipot
ada2d65547 force boolean evaluation 2018-07-25 19:10:31 +02:00
Shane McDonald
467a1fafcc
Merge pull request #1880 from luisico/compose-web-wait-for
AWX launchers should wait for other containers to be ready
2018-07-16 13:11:06 -04:00
Shane McDonald
ad33dff6af
Merge pull request #1949 from willthames/k8s_use_context
Use use-context to set Kubernetes context
2018-07-16 12:59:36 -04:00
Shane McDonald
9b941e8b05
Merge pull request #2040 from kivio/tiller-namespace-configuration
#2039 add tiller-namespace as argument
2018-07-16 10:10:23 -04:00
Marcin Karkocha
a19df9b3b3 #2039 add tiller-namespace as argument 2018-07-02 12:33:26 +00:00
Ilkka Tengvall
0443bd3099
fixes selinux permissions for awx data.
fixes issue #2036 and  #1896
2018-07-02 09:22:36 +03:00
V.Gouvalas
1239195289 FIX nginx use selected log formatting 2018-06-28 14:09:13 +03:00
Ryan Petrello
471ff69257
stop setting celery's hostname dynamically (it's passed via the cli) 2018-06-19 12:16:00 -04:00
Ryan Petrello
88e3c46810
add a background process to spot celery hangs and reload the worker pool
see: https://github.com/ansible/tower/issues/2085
2018-06-11 12:22:21 -04:00
Will Thames
b899096f99 Use use-context to set Kubernetes context
`kubectl config use-context` is the command to set the current context,
not `set-context`

Signed-off-by: Will Thames <will@thames.id.au>
2018-06-06 13:02:26 +10:00
Dmytro Makovey
adaa164a19 allow nginx config extension 2018-06-05 08:16:08 -07:00
Matthew Jones
72f2994cc5
Merge branch 'release_3.3.0' into devel 2018-05-17 16:07:47 -04:00
chris meyers
ceedc135b2 add variables to inventory mentioned in docs
* Also better error message when openshift cert failure
2018-05-15 14:44:43 -04:00
Luis Gracia
8e85a57c1a AWX launchers should wait for other containers to be ready 2018-05-15 11:45:54 -04:00
Wayne Witzel III
5d016c0dcb
Merge pull request #1705 from benthomasson/network_ui_openshift_fix
Adds websocket for network_ui to the installer version of nginx.conf
2018-05-10 09:41:11 -04:00
Ben Thomasson
33ef12002f Adds websocket for network_ui to the installer version of nginx.conf 2018-05-07 13:42:29 -04:00
AlanCoding
59744e421f
send our oddball loggers to external logger too 2018-05-02 15:33:58 -04:00
Shane McDonald
4fdf462b98 Merge branch 'release_3.3.0' into awx/devel
# Conflicts:
#	awx/ui/client/src/standard-out/standard-out-factories/main.js
#	awx/ui/package.json
2018-04-27 10:17:59 -04:00
Shane McDonald
5313e069ca
Merge pull request #1799 from shanemcd/devel
Fix Helm PostgreSQL deployment name
2018-04-25 11:22:39 -04:00
Shane McDonald
e5faf0798f Always pull memcached image 2018-04-25 11:17:37 -04:00
Shane McDonald
e623c3d7cd Don’t hardcode Helm PostgreSQL deployment name 2018-04-25 11:17:26 -04:00
Matthew Jones
d04bbde3c2
Merge pull request #1786 from shanemcd/devel
Fix image build role when not deploying to localhost
2018-04-20 13:46:50 -04:00
Shane McDonald
e2deab485e
Merge pull request #1776 from enginvardar/devel
Install unzip for awx_task docker image to enable usage of unarchive …
2018-04-20 09:11:23 -04:00
Engin Vardar
6b06d1896e Install unzip to enable usage of unarchive module
Signed-off-by: Engin Vardar <enginvardar@gmail.com>
2018-04-20 09:17:27 +02:00
Shane McDonald
98a9e82d2d Fix image build role when not deploying to localhost 2018-04-20 00:07:25 -04:00
Shane McDonald
590d5ccad1
Merge pull request #1718 from soumikgh/devel
Bind mount to custom certs to `source/anchors` subfolder
2018-04-19 22:33:36 -04:00
Shane McDonald
cf5149ecf4 Use Deployment on Kubernetes
I messed this up when rebasing.
2018-04-18 10:28:50 -04:00
Shane McDonald
40d7751fbd Remove image push logic from installer roles
I’m going to be reusing this code on the Tower side, and I’m trying to refactor some of the AWX specific bits out. There will probably be more to come, but this is a good start.
2018-04-16 19:01:43 -04:00
Shane McDonald
2b6fe7969f Move rabbitmq and memcached images into variables 2018-04-16 17:43:15 -04:00
Shane McDonald
0786b41ac6 Allow for customizing kubernetes deployment name 2018-04-16 17:43:15 -04:00
Shane McDonald
479a56c6d3 Generalize variable names in installer
secret_key
2018-04-16 17:43:15 -04:00
Shane McDonald
bebc37b3eb Set kubernetes_namespace when deploying on OpenShift
kubernetes_namespace is referenced later it the role but may not be set if deploying on openshift
2018-04-16 15:51:36 -04:00
Shane McDonald
534b2f1601 Fix openshift_pg_emptydir logic 2018-04-16 15:51:36 -04:00
Shane McDonald
db02bd7531 Remove explicit nodePort declarations for RabbitMQ service
This lets Kubernetes handle the port mapping, which resolves a port collision issue when running multiple deployments of AWX in a single cluster.
2018-04-16 15:51:36 -04:00
Shane McDonald
e9ddf7b9db Use a DeploymentConfig in OpenShift 2018-04-16 15:51:36 -04:00
Shane McDonald
3720c57c63 Fix whitespace issues with docker-compose jinja template
See https://github.com/ansible/awx/issues/1710
2018-04-11 11:06:34 -04:00
Matthew Jones
62e2be9c4b
Merge pull request #1722 from avantassel/devel
Added nginx_status to nginx.conf
2018-04-05 11:26:53 -04:00
Andrew Van Tassel
84329fc735
Update nginx.conf (#1)
* Update nginx.conf

Added nginx_status, Sysdig is relentless...
2018-04-03 11:24:30 -06:00
Ben Thomasson
43601be8a7 Removes --fake-initial from awx-manage migrate.
The --fake-initial option is no longer needed and can cause
application with an initial migration to fail as was seen
in the network_ui application.
2018-04-02 15:34:39 -04:00
Soumik Ghosh
41c3e69450
Bind mount to custom certs to 2018-04-02 14:23:23 -04:00
Shane McDonald
1ef7d73bc9 Customizable template for OpenShift PostgreSQL deployment
`oc new-app --template=postgresql-persistent` has been kind of a pain. It would attempt to create a Persistent Volume, but does not allow you to specify the storageClass.

This code assumes that a Persistent Volume is already available and will fail with a helpful error message if it is not.

Signed-off-by: Shane McDonald <me@shanemcd.com>
2018-03-28 16:25:43 -04:00
Shane McDonald
c8ea03e67b Move rabbitmq_version out of inventory file
Signed-off-by: Shane McDonald <me@shanemcd.com>
2018-03-28 12:45:05 -04:00
Shane McDonald
935dc8bca7 Upgrade to RabbitMQ 3.7, remove need for etcd2
Signed-off-by: Shane McDonald <me@shanemcd.com>
2018-03-28 11:45:33 -04:00
Shane McDonald
98f5dc3fcc Consolidate OpenShift and Kubernetes roles
Signed-off-by: Shane McDonald <me@shanemcd.com>
2018-03-28 11:36:08 -04:00
Shane McDonald
7002c6f1b1 Delete unused namespace file
Signed-off-by: Shane McDonald <me@shanemcd.com>
2018-03-27 10:57:22 -04:00
Shane McDonald
3072c3bd8d Whitespace fix
Signed-off-by: Shane McDonald <me@shanemcd.com>
2018-03-27 10:57:22 -04:00
Jake McDermott
4a8f24becc
update reference to role file path to work with roles dir 2018-03-23 12:43:13 -04:00
Shane McDonald
84cd933702 Move installer roles into roles directory
Signed-off-by: Shane McDonald <me@shanemcd.com>
2018-03-22 14:34:03 -04:00