walkafwalka
3a7bf6a8ac
Add SSL suport for docker install
...
Signed-off-by: walkafwalka <41709139+walkafwalka@users.noreply.github.com>
2019-02-27 10:45:34 +01:00
softwarefactory-project-zuul[bot]
889dae357b
Merge pull request #3235 from ryanpetrello/sql-profiling
...
add a custom DB backend that provides system-level SQL profiling
Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2019-02-15 21:56:28 +00:00
Klaas Demter
8f36e21c97
Avoid pg password ending up in syslog/shell output
...
Currently if an error occurs the pgpassword would be exposed to syslog / shell during playbook backup.yml
2019-02-15 16:15:33 +01:00
Ryan Petrello
eed94b641e
add a custom DB backend that provides system-level SQL profiling
...
run this command on _any_ node in an awx cluster:
$ awx-manage profile_sql --threshold=2.0 --minutes=1
...and for 1 minute, the timing for _every_ SQL query in _every_ awx
Python process that uses the Django ORM will be measured
queries that run longer than (in this example) 2 seconds will be
written to a per-process sqlite database in /var/lib/awx/profile, and
the file will contain an EXPLAIN VERBOSE for the query and the full
Python stack that led to that SQL query's execution (this includes not
just WSGI requests, but background processes like the runworker and
dispatcher)
$ awx-manage profile_sql --threshold=0
...can be used to disable profiling again (if you don't want to wait for
the minute to expire)
2019-02-14 15:04:46 -05:00
softwarefactory-project-zuul[bot]
a1cef744a7
Merge pull request #3230 from impca/patch-1
...
Update compose configuration
Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2019-02-14 15:45:41 +00:00
impca
9add96a0d3
update docker compose installer
...
Only run commands to update certs when config changes.
2019-02-14 08:29:47 +01:00
impca
c29275315e
Update compose configuration
...
When running awx via docker-compose and using custom certificates (for LDAP auth or whatever else...), update-ca-trust has to be called afer starting the container to actually use new certificates (just as it is called when using docker to run - https://github.com/ansible/awx/blob/devel/installer/roles/local_docker/tasks/standalone.yml#L119-L120 ).
2019-02-13 15:39:52 +01:00
Mathieu Mallet
dce3795e0c
update-ca-trust: Ensure CA trust is updated in awx_task container
...
Related #3010
Both awx_web and awx_task containers can have a volume mounted in
specified by the ca_trust_dir variable. Unfortunately only the
awx_web container's trust is updated. This patch makes sure the
awx_task container's trust is updated as well
Testing Done: ansible-playbook --syntax-check installer/install.yml
Signed-off-by: Mathieu Mallet <mmallet@digipok.io>
2019-02-06 16:51:14 +00:00
Marius Rieder
072919040b
Omit DATABASE_SSLMODE if not set.
2019-01-22 17:24:44 +01:00
Marius Rieder
589531163a
Add pg_sslmode option.
...
Allows to use PostgreSQL over SSL #709
2019-01-21 19:47:34 +01:00
Yanis Guenane
44c48d1d66
Nginx: Specify X-Frame-Options "DENY" header
...
Adding the X-Frame-Options "DENY"; header to avoid possible clickjacking
attack.
More info of the why available here:
https://www.owasp.org/index.php/Testing_for_Clickjacking_(OTG-CLIENT-009)
Signed-off-by: Yanis Guenane <yguenane@redhat.com>
2019-01-21 12:34:17 +01:00
softwarefactory-project-zuul[bot]
5f01c3f5a8
Merge pull request #2994 from coreywan/pod-limits
...
Add POD Limits
Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2019-01-18 04:28:11 +00:00
softwarefactory-project-zuul[bot]
7b39198f26
Merge pull request #2995 from coreywan/postgres_helm
...
adds persistence.storageClass and limits to postgress helm install
Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2019-01-18 04:24:18 +00:00
softwarefactory-project-zuul[bot]
57b8aa4892
Merge pull request #3002 from themr0c/pg_password_10_character_limit
...
pg_password should be random 10 character alphanumeric string, when p…
Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2019-01-17 18:15:38 +00:00
softwarefactory-project-zuul[bot]
474876872e
Merge pull request #2999 from themr0c/issue-2991
...
related #2991 - Helm creation of postgreql on multiple namespaces
Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2019-01-17 14:28:05 +00:00
Fabrice Flore-Thebault
b6c30e8ef5
it's a limitation of the official postgres helm chart
...
Signed-off-by: Fabrice Flore-Thebault <themr0c@users.noreply.github.com>
2019-01-17 12:56:17 +01:00
Fabrice Flore-Thebault
d938c96a76
pg_password should be random 10 character alphanumeric string, when postgresql is running on kubernetes
...
Signed-off-by: Fabrice Flore-Thebault <themr0c@users.noreply.github.com>
2019-01-17 12:56:06 +01:00
Corey Wanless
aebeeb170e
adds pod limits
...
Signed-off-by: Corey Wanless <corey.wanless@wwt.com>
2019-01-16 09:23:18 -06:00
Fabrice Flore-Thebault
c434d38876
adding helm chart version for postgresql
...
Signed-off-by: Fabrice Flore-Thebault <themr0c@users.noreply.github.com>
2019-01-16 09:40:49 +01:00
Shane McDonald
04da4503db
Python 3 / Upstream Kubernetes
2019-01-15 14:09:05 -05:00
Ryan Petrello
96b9bd6ab6
make py3 packaging work for k8s
2019-01-15 14:09:05 -05:00
Fabrice Flore-Thebault
7b32262f75
revert pg_hostname
...
Signed-off-by: Fabrice Flore-Thebault <themr0c@users.noreply.github.com>
2019-01-15 14:59:17 +01:00
Fabrice Flore-Thebault
d69f6acf64
add helm repo update and fix helm upgrade
...
Signed-off-by: Fabrice Flore-Thebault <themr0c@users.noreply.github.com>
2019-01-15 14:48:26 +01:00
Fabrice Flore-Thebault
ef3aab1357
related #2991 - unify postgresql_service_name
...
Signed-off-by: Fabrice Flore-Thebault <themr0c@users.noreply.github.com>
2019-01-15 11:44:08 +01:00
Corey Wanless
0c074e0988
* adds persistence.storageClass and limits to postgress helm install
...
* adds new variables to the inventory
Signed-off-by: Corey Wanless <corey.wanless@wwt.com>
2019-01-14 11:28:21 -06:00
softwarefactory-project-zuul[bot]
32c705a62a
Merge pull request #2996 from coreywan/setup-postgress-activation-wait
...
adds wait time for postgres setup as a variable
Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2019-01-14 17:22:54 +00:00
Fabrice Flore-Thebault
d43521bb77
fix #2991 - make Helm creation of postgreql succeed when installing multiple AWX on different namespaces on same kubernetes
...
Signed-off-by: Fabrice Flore-Thebault <themr0c@users.noreply.github.com>
2019-01-14 10:32:21 +01:00
Corey Wanless
b1710f9523
adds wait time for postgres setup as a variable
2019-01-11 22:23:43 -06:00
marcel
0b3e51458d
Fix typo in ca_trust_dir
...
The correct path is used in docker-compose template:
- "{{ ca_trust_dir +':/etc/pki/ca-trust/source/anchors:ro' }}"
2019-01-07 19:29:34 +01:00
Ryan Petrello
4858868428
configure an HA policy for openshift/k8s installs
2018-12-14 14:08:30 -05:00
Hideki Saito
f16a72081a
Fixed issue where admin_user and password change are not reflected
...
- No effect of changing admin_user and admin_password when using docker-compose #2666
2018-11-13 18:21:18 +09:00
Idan Bidani
a213e01491
updating default Postgresql version to 9.6
2018-11-10 18:27:22 -05:00
westfood
694e494484
Using new Helm parameters for PostgreSQL access.
2018-10-28 11:55:36 +01:00
softwarefactory-project-zuul[bot]
3e4738d948
Merge pull request #2430 from dmt/devel
...
Fix installer volume definitions
Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2018-10-25 22:12:25 +00:00
softwarefactory-project-zuul[bot]
94083f55c7
Merge pull request #2510 from Intermax-Cloudsourcing/awx-web-dockerfile-tmp
...
Empties /tmp in awx_web Dockerfile
Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2018-10-25 21:59:42 +00:00
Daniel Temme
6ecd18b2e2
make volume concatenation work
...
The second list gets interpreted as part of the else block, effectively
dropping it. Separating both list definitions with braces seems to work.
# Conflicts:
# installer/roles/local_docker/tasks/standalone.yml
2018-10-25 17:54:10 -04:00
Daniel Temme
4e9c705997
Partial revert for "Bugfix for ca_trust_dir"
...
# Conflicts:
# installer/roles/local_docker/tasks/standalone.yml
# Conflicts:
# installer/roles/local_docker/tasks/standalone.yml
2018-10-25 17:53:12 -04:00
softwarefactory-project-zuul[bot]
1803a76a4d
Merge pull request #2485 from wwt/fix-tiller-namespace
...
Pass tiller namespace down to helm task
Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2018-10-25 21:40:08 +00:00
softwarefactory-project-zuul[bot]
86ca1875f1
Merge pull request #2486 from wwt/remove-rabbit-cluster-name
...
Remove .cluster.local from service name for rabbitmq
Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2018-10-25 21:37:54 +00:00
wilmardo
bf5c259d92
Empties /tmp in web Dockerfile
2018-10-25 17:12:26 -04:00
Igor Vuk
c133b35162
Update variable names for local Docker daemon installation
...
Signed-off-by: Igor Vuk <parcijala@gmail.com>
2018-10-25 12:47:25 -04:00
David Moreau Simard
1dd44df471
Let users disable create_preload_data if it isn't necessary
...
The demo things might not be desirable in a production environment.
2018-10-24 11:36:33 -04:00
James Evans
88819ada6b
Remove .cluster.local from service name for rabbitmq
...
FQDNs are not required for service discovery, and having the FQDN in the
name prevents the discovery from working in clusters not named
cluster.local.
2018-10-18 14:00:05 -05:00
Yanis Guenane
b185c1e0a2
Merge branch 'devel' into devel
2018-10-18 18:00:16 +02:00
James Evans
4198227116
Pass tiller namespace down to helm task
2018-10-18 09:34:13 -05:00
Ilkka Tengvall
42a0192425
Merge branch 'devel' into ikke-t-selinux-fix
2018-10-17 21:44:48 +03:00
Numblesix
6d0fed6d9a
Added some Doc for ca_trust_dir
2018-10-17 11:32:26 -04:00
softwarefactory-project-zuul[bot]
0a964b2bf6
Merge pull request #2266 from ansible/celery-tastes-bad
...
replace the celery-based task queue with a kombu-based implementation
Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2018-10-12 18:40:54 +00:00
Daniel Temme
921231fe3d
fix indentation for register variable
2018-10-12 11:13:42 +02:00
softwarefactory-project-zuul[bot]
6721ea54e9
Merge pull request #1956 from droopy4096/devel
...
allow nginx config extension
Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2018-10-11 22:38:36 +00:00
softwarefactory-project-zuul[bot]
99a42e91fe
Merge pull request #2235 from ChrisRo89/devel
...
Extracted more variables which a related to rabbitmq/postgresql from tasks to defaults
Reviewed-by: Shane McDonald <me@shanemcd.com>
https://github.com/shanemcd
2018-10-11 21:54:38 +00:00
softwarefactory-project-zuul[bot]
9a580ba644
Merge pull request #2416 from fantashley/fix-openshift-auth
...
Fix openshift auth broken by undefined vars
Reviewed-by: Ashley Nelson <fantashley@gmail.com>
https://github.com/fantashley
2018-10-11 21:51:20 +00:00
softwarefactory-project-zuul[bot]
74fcdabc22
Merge pull request #2156 from Decstasy/patch-1
...
Bugfix for ca_trust_dir
Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2018-10-11 21:31:45 +00:00
Ashley Nelson
9bec7cf3b0
Fix openshift auth broken by undefined vars
...
Signed-off-by: Ashley Nelson <fantashley@gmail.com>
2018-10-11 16:25:55 -05:00
softwarefactory-project-zuul[bot]
f79debac42
Merge pull request #2164 from atgreen/devel
...
Fix token based openshift logins during installation - fixes #489
Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2018-10-11 20:36:39 +00:00
softwarefactory-project-zuul[bot]
a9f3eeef05
Merge pull request #2131 from walkafwalka/docker_install_awx_hostnames
...
Add inventory vars to set docker install hostnames
Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2018-10-11 20:29:32 +00:00
softwarefactory-project-zuul[bot]
6f55cde6d3
Merge pull request #2091 from stoned/force_boolean_eval
...
force boolean evaluation
Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2018-10-11 20:17:48 +00:00
Ashley Nelson
2bf2412759
Add serviceName to Kubernetes StatefulSet spec
...
Signed-off-by: Ashley Nelson <fantashley@gmail.com>
2018-10-11 11:49:08 -05:00
Christian.Rohr
96ad2b2b28
Extracted more variables which a related to rabbitmq
2018-10-11 12:16:01 -04:00
Anthony Green
c39370dbd0
Fix token based openshift logins
2018-10-11 12:10:41 -04:00
Ryan Petrello
ff1e8cc356
replace celery task decorators with a kombu-based publisher
...
this commit implements the bulk of `awx-manage run_dispatcher`, a new
command that binds to RabbitMQ via kombu and balances messages across
a pool of workers that are similar to celeryd workers in spirit.
Specifically, this includes:
- a new decorator, `awx.main.dispatch.task`, which can be used to
decorate functions or classes so that they can be designated as
"Tasks"
- support for fanout/broadcast tasks (at this point in time, only
`conf.Setting` memcached flushes use this functionality)
- support for job reaping
- support for success/failure hooks for job runs (i.e.,
`handle_work_success` and `handle_work_error`)
- support for auto scaling worker pool that scale processes up and down
on demand
- minimal support for RPC, such as status checks and pool recycle/reload
2018-10-11 10:53:30 -04:00
Shane McDonald
ee1d5e43b9
Fix fallout from https://github.com/ansible/awx/pull/2392
...
There were some upstream changes that I overwrote but shouldn’t have.
2018-10-10 11:41:34 -04:00
Yanis Guenane
5d22fc2bd7
Merge branch 'devel' into non-root-docker-tests
2018-10-10 09:44:01 +02:00
Ilkka Tengvall
b4919f9ebd
Merge branch 'devel' into ikke-t-selinux-fix
2018-10-10 08:23:46 +03:00
Shane McDonald
de60165a49
Fix broken defaults in awx installer
2018-10-09 19:15:32 -04:00
Shane McDonald
b9279ebd5e
Port downstream installer changes
2018-10-09 14:39:39 -04:00
Shane McDonald
b75f8ceca6
Do not default to pulling latest from DockerHub
2018-10-03 17:50:07 -05:00
Shane McDonald
bfc74497b0
Fix error in image_build role
...
I think I derped up and commited something in an old stash.
2018-10-03 14:44:26 -05:00
Shane McDonald
3701567ad7
Revert "first-parent requires git >= 1.8.4"
...
This reverts commit 1af0ee2f8c
.
# Conflicts:
# installer/roles/image_build/templates/Dockerfile.j2
2018-09-28 15:48:33 -04:00
Shane McDonald
86140dec08
Revert "Fix sdist builder image"
...
This reverts commit 97472cb91b
.
# Conflicts:
# installer/roles/image_build/tasks/main.yml
2018-09-28 15:48:33 -04:00
Shane McDonald
50fe0392ed
Updates to versioning system.
...
https://github.com/ansible/awx/issues?q=%22--first-parent%22
2018-09-28 15:48:33 -04:00
Dmytro Makovey
f8d2a32756
merge and resolve conflict
2018-09-18 11:35:35 -07:00
Shane McDonald
1b4c3f56fa
Merge pull request #2113 from kialam/upgrade-node-lts
...
Upgrade Node and NPM to LTS
2018-09-18 12:46:30 -04:00
Shane McDonald
89e656b2a4
Update Node version in sdist builder
2018-09-18 12:17:52 -04:00
Shane McDonald
2b9954c373
Pull in downstream k8s installer changes
...
- Secretification of secret stuff
- Backup / restore
2018-08-14 12:37:19 -04:00
Shane McDonald
2e6a7205e7
Fix broken conditional
2018-08-14 11:19:15 -04:00
Matthew Jones
14685901aa
skip migrations If an environment variable is set
...
This is to help k8s/openshift migrations which will perform migrations
in a separate pod.
2018-08-14 11:00:51 -04:00
Matthew Jones
4dcd379d1e
Add some env variables to the web deployment
...
This allows the start script to properly wait on services to come
online rather than getting stuck and waiting for the full timeout
2018-08-13 13:27:00 -04:00
Ryan Petrello
18f6f68540
Merge remote-tracking branch 'tower/release_3.3.0' into devel
2018-08-10 11:54:34 -04:00
Dennis U
a294a6f06e
Bugfix for ca_trust_dir
...
Changed syntax as ca_trust_dir was not correctly mounted in awx_web container and added command to update CA trust inside awx_web container after creation.
2018-08-09 14:07:29 +02:00
Ryan Petrello
2d4fbffb91
set the correct X-Forwarded-Port header to fix SAML auth
...
see: https://github.com/ansible/tower/issues/2314
2018-08-07 10:07:06 -04:00
walkafwalka
d2ab7bd54d
Add inventory vars to set docker install hostnames
...
Signed-off-by: walkafwalka <41709139+walkafwalka@users.noreply.github.com>
2018-08-04 01:49:07 -07:00
Shane McDonald
be7a40daf3
Fix syntax in nginx config
...
Broke in 6f5259d017
2018-08-02 11:24:51 -04:00
Ryan Petrello
6f5259d017
remove the network UI
2018-07-30 11:03:53 -04:00
Ryan Petrello
7588e65786
change openshift edge termination policy to redirect (enforce https)
...
see: https://github.com/ansible/tower/issues/2591
related: https://docs.openshift.org/latest/architecture/networking/routes.html
2018-07-27 10:34:07 -04:00
Stoned Elipot
ada2d65547
force boolean evaluation
2018-07-25 19:10:31 +02:00
Shane McDonald
467a1fafcc
Merge pull request #1880 from luisico/compose-web-wait-for
...
AWX launchers should wait for other containers to be ready
2018-07-16 13:11:06 -04:00
Shane McDonald
ad33dff6af
Merge pull request #1949 from willthames/k8s_use_context
...
Use use-context to set Kubernetes context
2018-07-16 12:59:36 -04:00
Shane McDonald
9b941e8b05
Merge pull request #2040 from kivio/tiller-namespace-configuration
...
#2039 add tiller-namespace as argument
2018-07-16 10:10:23 -04:00
Marcin Karkocha
a19df9b3b3
#2039 add tiller-namespace as argument
2018-07-02 12:33:26 +00:00
Ilkka Tengvall
0443bd3099
fixes selinux permissions for awx data.
...
fixes issue #2036 and #1896
2018-07-02 09:22:36 +03:00
V.Gouvalas
1239195289
FIX nginx use selected log formatting
2018-06-28 14:09:13 +03:00
Ryan Petrello
471ff69257
stop setting celery's hostname dynamically (it's passed via the cli)
2018-06-19 12:16:00 -04:00
Ryan Petrello
88e3c46810
add a background process to spot celery hangs and reload the worker pool
...
see: https://github.com/ansible/tower/issues/2085
2018-06-11 12:22:21 -04:00
Will Thames
b899096f99
Use use-context to set Kubernetes context
...
`kubectl config use-context` is the command to set the current context,
not `set-context`
Signed-off-by: Will Thames <will@thames.id.au>
2018-06-06 13:02:26 +10:00
Dmytro Makovey
adaa164a19
allow nginx config extension
2018-06-05 08:16:08 -07:00
Matthew Jones
72f2994cc5
Merge branch 'release_3.3.0' into devel
2018-05-17 16:07:47 -04:00
chris meyers
ceedc135b2
add variables to inventory mentioned in docs
...
* Also better error message when openshift cert failure
2018-05-15 14:44:43 -04:00
Luis Gracia
8e85a57c1a
AWX launchers should wait for other containers to be ready
2018-05-15 11:45:54 -04:00
Wayne Witzel III
5d016c0dcb
Merge pull request #1705 from benthomasson/network_ui_openshift_fix
...
Adds websocket for network_ui to the installer version of nginx.conf
2018-05-10 09:41:11 -04:00
Ben Thomasson
33ef12002f
Adds websocket for network_ui to the installer version of nginx.conf
2018-05-07 13:42:29 -04:00
AlanCoding
59744e421f
send our oddball loggers to external logger too
2018-05-02 15:33:58 -04:00
Shane McDonald
4fdf462b98
Merge branch 'release_3.3.0' into awx/devel
...
# Conflicts:
# awx/ui/client/src/standard-out/standard-out-factories/main.js
# awx/ui/package.json
2018-04-27 10:17:59 -04:00
Shane McDonald
5313e069ca
Merge pull request #1799 from shanemcd/devel
...
Fix Helm PostgreSQL deployment name
2018-04-25 11:22:39 -04:00
Shane McDonald
e5faf0798f
Always pull memcached image
2018-04-25 11:17:37 -04:00
Shane McDonald
e623c3d7cd
Don’t hardcode Helm PostgreSQL deployment name
2018-04-25 11:17:26 -04:00
Matthew Jones
d04bbde3c2
Merge pull request #1786 from shanemcd/devel
...
Fix image build role when not deploying to localhost
2018-04-20 13:46:50 -04:00
Shane McDonald
e2deab485e
Merge pull request #1776 from enginvardar/devel
...
Install unzip for awx_task docker image to enable usage of unarchive …
2018-04-20 09:11:23 -04:00
Engin Vardar
6b06d1896e
Install unzip to enable usage of unarchive module
...
Signed-off-by: Engin Vardar <enginvardar@gmail.com>
2018-04-20 09:17:27 +02:00
Shane McDonald
98a9e82d2d
Fix image build role when not deploying to localhost
2018-04-20 00:07:25 -04:00
Shane McDonald
590d5ccad1
Merge pull request #1718 from soumikgh/devel
...
Bind mount to custom certs to `source/anchors` subfolder
2018-04-19 22:33:36 -04:00
Shane McDonald
cf5149ecf4
Use Deployment on Kubernetes
...
I messed this up when rebasing.
2018-04-18 10:28:50 -04:00
Shane McDonald
40d7751fbd
Remove image push logic from installer roles
...
I’m going to be reusing this code on the Tower side, and I’m trying to refactor some of the AWX specific bits out. There will probably be more to come, but this is a good start.
2018-04-16 19:01:43 -04:00
Shane McDonald
2b6fe7969f
Move rabbitmq and memcached images into variables
2018-04-16 17:43:15 -04:00
Shane McDonald
0786b41ac6
Allow for customizing kubernetes deployment name
2018-04-16 17:43:15 -04:00
Shane McDonald
479a56c6d3
Generalize variable names in installer
...
secret_key
2018-04-16 17:43:15 -04:00
Shane McDonald
e4a6fc55df
Remove unused variable from inventory
2018-04-16 15:51:36 -04:00
Shane McDonald
bebc37b3eb
Set kubernetes_namespace when deploying on OpenShift
...
kubernetes_namespace is referenced later it the role but may not be set if deploying on openshift
2018-04-16 15:51:36 -04:00
Shane McDonald
534b2f1601
Fix openshift_pg_emptydir logic
2018-04-16 15:51:36 -04:00
Shane McDonald
db02bd7531
Remove explicit nodePort declarations for RabbitMQ service
...
This lets Kubernetes handle the port mapping, which resolves a port collision issue when running multiple deployments of AWX in a single cluster.
2018-04-16 15:51:36 -04:00
Shane McDonald
e9ddf7b9db
Use a DeploymentConfig in OpenShift
2018-04-16 15:51:36 -04:00
Shane McDonald
3720c57c63
Fix whitespace issues with docker-compose jinja template
...
See https://github.com/ansible/awx/issues/1710
2018-04-11 11:06:34 -04:00
Matthew Jones
62e2be9c4b
Merge pull request #1722 from avantassel/devel
...
Added nginx_status to nginx.conf
2018-04-05 11:26:53 -04:00
Andrew Van Tassel
84329fc735
Update nginx.conf ( #1 )
...
* Update nginx.conf
Added nginx_status, Sysdig is relentless...
2018-04-03 11:24:30 -06:00
Ben Thomasson
43601be8a7
Removes --fake-initial from awx-manage migrate.
...
The --fake-initial option is no longer needed and can cause
application with an initial migration to fail as was seen
in the network_ui application.
2018-04-02 15:34:39 -04:00
Soumik Ghosh
41c3e69450
Bind mount to custom certs to
2018-04-02 14:23:23 -04:00
Shane McDonald
1ef7d73bc9
Customizable template for OpenShift PostgreSQL deployment
...
`oc new-app --template=postgresql-persistent` has been kind of a pain. It would attempt to create a Persistent Volume, but does not allow you to specify the storageClass.
This code assumes that a Persistent Volume is already available and will fail with a helpful error message if it is not.
Signed-off-by: Shane McDonald <me@shanemcd.com>
2018-03-28 16:25:43 -04:00
Shane McDonald
c8ea03e67b
Move rabbitmq_version out of inventory file
...
Signed-off-by: Shane McDonald <me@shanemcd.com>
2018-03-28 12:45:05 -04:00
Shane McDonald
935dc8bca7
Upgrade to RabbitMQ 3.7, remove need for etcd2
...
Signed-off-by: Shane McDonald <me@shanemcd.com>
2018-03-28 11:45:33 -04:00
Shane McDonald
98f5dc3fcc
Consolidate OpenShift and Kubernetes roles
...
Signed-off-by: Shane McDonald <me@shanemcd.com>
2018-03-28 11:36:08 -04:00
Shane McDonald
7002c6f1b1
Delete unused namespace file
...
Signed-off-by: Shane McDonald <me@shanemcd.com>
2018-03-27 10:57:22 -04:00
Shane McDonald
3072c3bd8d
Whitespace fix
...
Signed-off-by: Shane McDonald <me@shanemcd.com>
2018-03-27 10:57:22 -04:00
Jake McDermott
4a8f24becc
update reference to role file path to work with roles dir
2018-03-23 12:43:13 -04:00
Shane McDonald
84cd933702
Move installer roles into roles directory
...
Signed-off-by: Shane McDonald <me@shanemcd.com>
2018-03-22 14:34:03 -04:00
Antony PERIGAULT
3adcdb43ad
Replace deprecated -U option by --become-user
2018-03-21 12:28:27 +01:00
Martin Adler
ca7b6ad648
Corrected alternate dns servers entries
...
As lstrip_blocks: True was added, this broke the formating when adding alternate DNS servers within the template. Removing the extra white space removals within the if and endif statements fixed the resulting yml formating.
2018-03-19 21:08:52 +01:00
Ryan Petrello
a1f15362ab
Merge pull request #1575 from aperigault/fix_nginx_upstreams
...
Fix nginx upstreams
2018-03-16 14:53:48 -04:00
Antony PERIGAULT
8cf1c1a180
Fix nginx configuration to avoid ipv6 resolutions errors
2018-03-15 17:54:51 +01:00
Matthew Jones
3ba7095ba4
Fixing some issues defining resource requests in openshift and k8s
...
* Allow overriding all container resource requests by setting defaults/
* Fix an issue where template vars were reversed in the deployment config
* Remove `limit` usage to allow for resource ballooning if it's available
* Fix type error when using templated values in the config map for resources
2018-03-15 12:00:53 -04:00
Matthew Jones
cec77964ac
Merge pull request #1563 from matburt/container_cluster_capacity
...
Implement container-cluster aware capacity determination
2018-03-14 12:06:25 -07:00
Christian Adams
2abf4ccf3b
Merge pull request #1562 from rooftopcellist/python_saml_upgrade
...
add xmlsec flag to docker installs
2018-03-14 14:53:26 -04:00
Matthew Jones
b0cf4de072
Implement container-cluster aware capacity determination
...
* Added two settings values for declaring absolute cpu and memory
capacity that will be picked up by the capacity utility methods
* installer inventory variables for controlling the amount of cpu and
memory container requests/limits for the awx task containers
* Added fixed values for cpu and memory container requests for other
containers
* configmap uses the declared inventory variables to define the
capacity inputs that will be used by AWX to correspond to the same
inputs for requests/limits on the deployment.
2018-03-14 14:35:45 -04:00
Shane McDonald
2af085e1fe
Merge pull request #1552 from jffz/devel
...
Add ca_trust_dir to local docker installations
2018-03-14 14:32:55 -04:00
adamscmRH
8d460490c1
add xmlsec flag to docker installs
2018-03-14 14:28:35 -04:00
Alexander Bauer
709cb0ae2b
fixup! Add local_docker facility for bind-mounting ca-trust
2018-03-14 10:52:36 -04:00
Alexander Bauer
db8df5f724
Add local_docker facility for bind-mounting ca-trust
...
This implements one possible solution for #411 , but does not solve it for
Kubernetes or Openshift installations.
# Conflicts:
# installer/inventory
2018-03-14 10:52:36 -04:00
jeff
4fa0d2406a
Remove unneeded jinja endif
2018-03-14 15:16:26 +01:00
jeff
f9f91ecf81
Add ca_trust_dir to task image
2018-03-14 11:41:10 +01:00
jeff
aca74d05ae
Add 'ca_trust_dir' variable to allow Custom CA sharing between host and containers
2018-03-14 11:40:56 +01:00
chris meyers
a4859a929c
autoscale celery up to 50 workers
2018-03-12 15:36:15 -04:00
jeff
4972755ccb
Fix project_data_dir templating for local_docker install
2018-03-12 14:50:44 +01:00
jffz
ca27dee4fc
Fix dns and dns_search templating
...
Fix templating for dns and dns_search entries for both `awx_web` and `awx_task` images.
Multiple entries were templated in a oneliner style while docker-compose wanted them in a list style.
2018-03-09 11:04:26 +01:00
Shane McDonald
02102f5ba8
Fix container boots on AppArmor protected systems
...
Link https://github.com/ansible/awx/issues/1297
Signed-off-by: Shane McDonald <me@shanemcd.com>
2018-03-08 09:41:04 -05:00
Shane McDonald
2861397433
Set imagePullPolicy to Always
...
Not sure why we werent doing this before.
2018-03-08 09:41:04 -05:00
adamscmRH
0490bca268
add csrf & session settings
2018-03-07 09:32:24 -05:00
Matthew Jones
e99184656e
Apply rabbitmq and setting kubernetes changes post-celery rollback
2018-03-05 16:22:27 -05:00
Matthew Jones
105b82c436
Apply celery rollback changes to kubernetes configmap
2018-03-05 15:32:24 -05:00
Chris Meyers
f18d99d7a9
Merge pull request #1409 from chrismeyersfsu/openshift_runtime_rabbitmq_cookie
...
dynamically set rabbitmq cookie
2018-03-01 09:57:11 -05:00
chris meyers
9436e8ae25
dynamically set rabbitmq cookie
2018-03-01 09:23:45 -05:00
Shane McDonald
0e9a8d5592
Fix celery 3 broker url reference
2018-02-28 12:47:05 -05:00
Jake McDermott
877cde9a7f
add default cookie settings
2018-02-27 20:40:41 -05:00
adamscmRH
69f8304643
adds csrf flag to support http
2018-02-27 16:19:46 -05:00
Chris Meyers
d551566b4d
Merge pull request #1372 from chrismeyersfsu/old-celery3
...
celery 4.x to 3.x roll back
2018-02-27 15:26:46 -05:00
chris meyers
148baf7674
add explicit awx_celery container version
2018-02-27 11:37:10 -05:00
chris meyers
5918fa5573
remove () from postgres port value
...
* awx task container uses postgres port to wait for postgres to become
available before the container init continues. The () are problematic
and are removed.
* () was originally added to fix an openshift issues. That error does
NOT occur with this fix.
2018-02-27 11:36:55 -05:00
chris meyers
e4470aa4cf
remove uneeded celery configs
...
* Celery routes and queues are set and defined at runtime. Thus, a
static definition of routes and queues is not needed.
2018-02-27 11:36:55 -05:00
chris meyers
fe05b4c0d5
use celery 3.x BROKER_URL
...
* Celery 4.x specifies the broker via CELERY_BROKER_URL. Since we are
now on 3.x, use 3.x way of specifying the broker via BROKER_URL
2018-02-27 11:36:55 -05:00
Ryan Petrello
7741de5153
set $HOME via an API call so AWX_TASK_ENV isn't marked as readonly
...
see: https://github.com/ansible/awx/issues/1315
2018-02-26 16:35:36 -05:00
Vadim Rutkovsky
5e25859069
Allow authenticating with Openshift via a token
2018-02-18 16:24:16 +01:00
Shane McDonald
6b3ca32827
Fix wait_fors in standalone Docker installs
2018-02-08 15:08:44 -05:00
Jeff Geerling
19f0b9ba92
Fix grammar for tasks - replace 'state' with 'stage'.
2018-02-06 16:57:59 -06:00
Shane McDonald
dce934577b
Fix variable reference in k8s etcd template
2018-02-03 10:29:53 -05:00
Matthew Jones
6a85fc38dd
Add scalable cluster kubernetes support
2018-02-01 16:57:09 -05:00
Matthew Jones
d9e774c4b6
Updates for automatic triggering of policies
...
* Switch policy router queue to not be "tower" so that we don't
fall into a chicken/egg scenario
* Show fixed policy list in serializer so a user can determine if
an instance is manually managed
* Change IG membership mixin to not directly handle applying topology
changes. Instead it just makes sure the policy instance list is
accurate
* Add create/delete hooks for instances and groups to trigger policy
re-evaluation
* Update policy algorithm for fairer distribution
* Fix an issue where CELERY_ROUTES wasn't renamed after celery/django
upgrade
* Update unit tests to be more explicit
* Update count calculations used by algorithm to only consider
non-manual instances
* Adding unit tests and fixture
* Don't propagate logging messages from awx.main.tasks and
awx.main.scheduler
* Use advisory lock to prevent policy eval conflicts
* Allow updating instance groups from view
2018-02-01 16:56:16 -05:00
Matthew Jones
c819560d39
Add automatic deprovisioning support, only enabled for openshift
...
* Implement a config watcher for service restarts
* If the configmap bind point changes then restart all services
2018-02-01 16:51:40 -05:00
Chris Meyers
0e97dc4b84
Beat and celery clustering fixes
...
* use embedded beat rather than standalone
* dynamically set celeryd hostname at runtime
* add embeded beat flag to celery startup
* Embedded beat mode routes will piggyback off of celery worker setup
signal
2018-02-01 16:47:33 -05:00
Matthew Jones
624289bed7
Add support for directly managing instance groups
...
* Associating/Disassociating an instance with a group
* Triggering a topology rebuild on that change
* Force rabbitmq cleanup of offline nodes
* Automatically check for dependent service startup
* Fetch and set hostname for celery so it doesn't clobber other
celeries
* Rely on celery init signals to dyanmically set listen queues
* Removing old total_capacity instance manager property
2018-02-01 16:46:44 -05:00
Matthew Jones
6ede1dfbea
Update openshift installer to support rabbitmq autoscale
...
* Switch rabbitmq container out for one that supports autoscale
* Add etcd pod to support autoscale negotiation
2018-02-01 16:38:10 -05:00
Chris Meyers
c9ff3e99b8
celeryd attach to queues dynamically
...
* Based on the tower topology (Instance and InstanceGroup
relationships), have celery dyamically listen to queues on boot
* Add celery task capable of "refreshing" what queues each celeryd
worker listens to. This will be used to support changes in the topology.
* Cleaned up some celery task definitions.
* Converged wrongly targeted job launch/finish messages to 'tower'
queue, rather than a 1-off queue.
* Dynamically route celery tasks destined for the local node
* separate beat process
add support for separate beat process
2018-02-01 16:37:33 -05:00
Dane Elwell
c6d4a62263
Allow AWX projects directory to be a volume
...
Signed-off-by: Dane Elwell <dane.elwell@ukfast.co.uk>
2018-01-30 09:49:44 +00:00
Timon de Groot
dc96a1730e
Add rsync to Dockerfile
2018-01-27 11:54:51 +01:00
Joachim Jablon
209bdd00a1
related #491 Bacpkort #1007
2018-01-26 07:09:28 +01:00
Joachim Jablon
c4efbd62bc
related #491 Docker Compose installer
...
Signed-off-by: Joachim Jablon <ewjoachim@gmail.com>
2018-01-26 07:09:28 +01:00
Joachim Jablon
9fefc26528
related #491 Split local_docker docker into 2 task files
...
Signed-off-by: Joachim Jablon <ewjoachim@gmail.com>
2018-01-26 07:09:28 +01:00
Matthew Jones
71d23e8c81
Merge pull request #1007 from wallnerryan/alternate-dns-servers
...
support dns servers: fixes https://github.com/ansible/awx/issues/1004
2018-01-19 08:58:29 -05:00
Wayne Witzel III
1af0ee2f8c
first-parent requires git >= 1.8.4
2018-01-18 16:12:23 +00:00
Ryan Wallner
bcbda23aee
support dns servers
2018-01-18 07:46:09 -05:00
Shane McDonald
97472cb91b
Fix sdist builder image
...
Fallout from https://github.com/ansible/awx/pull/982
2018-01-15 15:39:48 -05:00
Matthew Jones
7dc0fce1aa
Use x-forwarded-for by default in openshift and kubernetes
2018-01-11 12:00:01 -05:00
Matthew Jones
648d27f28d
Merge pull request #909 from scottp-dpaw/add-openshift-hint
...
Add REMOTE_HOST_HEADERS override to OpenShift template
2018-01-11 11:56:05 -05:00
Matthew Jones
ae06cff991
Merge pull request #938 from ansible/kubernetes_install_support
...
Kubernetes install support
2018-01-10 09:57:33 -05:00
Matthew Jones
fad4a549d0
Remove oc command usage from docker registry k8s reference
2018-01-10 09:38:00 -05:00
Matthew Jones
d0b3cac72a
Remove nodeport definition
2018-01-10 09:29:12 -05:00
Matthew Jones
56aed597b2
Add initial support for kubernetes to the installer
2018-01-10 09:25:59 -05:00
Matthew Jones
f33ee03b98
Remove nodeport customization
...
This isn't strictly necessary for the Openshift routes and can
sometimes cause problems when the resource is already defined in openshift
2018-01-10 09:23:46 -05:00
Scott Percival
fde9099198
Add REMOTE_HOST_HEADERS override to OpenShift template
...
Signed-off-by: Scott Percival <scott.percival@dbca.wa.gov.au>
2018-01-03 09:53:17 +08:00
Matthew Jones
2fb0144914
Add libcurl-devel to official image build
2017-12-13 16:14:55 -05:00
Matthew Jones
282290e151
Fix an issue referencing postgres port from openshift deployment
2017-12-12 10:52:02 -05:00
Matthew Jones
a3071c2a1f
Make sure we define postgres port customization during install
2017-12-04 11:08:40 -05:00
Wayne Witzel III
a858093db8
Update to asgi_amqp 1.0.1
2017-11-27 19:41:30 +00:00