mirror of
https://github.com/ansible/awx.git
synced 2024-10-31 06:51:10 +03:00
e52cebc28e
after some prolonged RFC reading and tinkering w/ rsyslogd... cpython's SysLogHandler doesn't emit RFC3164 formatted messages in the format you'd expect; it's missing the ISO date, hostname, etc... along with other header values; the handler implementation relies on you to specify a syslog-like formatter (we've replaced all of this with our own *custom* logstash-esque formatter that effectively outputs valid JSON - without dates and other syslog header values prepended) because of this unanticipated format, rsyslogd chokes when trying to parse the message's parts; AWX is emitting: <priority>RAWJSON ...so the usage of `%msg%` isn't going to work for us, because rsyslog tries to parse *all* of the possible headers (and yells, because it can't find a date to parse): see: https://www.rsyslog.com/files/temp/doc-indent/configuration/properties.html#message-properties this is fine, because we don't *need* any of that message parsing anyways; in the end, we're *just* interested in forwarding the raw JSON/text content to the third party log handler
490 lines
16 KiB
Django/Jinja
490 lines
16 KiB
Django/Jinja
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: awx
|
|
namespace: {{ kubernetes_namespace }}
|
|
{% if kubernetes_service_account_annotations is defined %}
|
|
annotations:
|
|
{% for key, value in kubernetes_service_account_annotations.items() %}
|
|
{{ key }}: {{ value }}
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% if kubernetes_image_pull_secrets is defined %}
|
|
imagePullSecrets:
|
|
- name: "{{ kubernetes_image_pull_secrets }}"
|
|
{% endif %}
|
|
|
|
---
|
|
apiVersion: {{ kubernetes_deployment_api_version }}
|
|
kind: Deployment
|
|
metadata:
|
|
name: {{ kubernetes_deployment_name }}
|
|
namespace: {{ kubernetes_namespace }}
|
|
{% if openshift_host is defined %}
|
|
labels:
|
|
app: {{ kubernetes_deployment_name }}
|
|
{% endif %}
|
|
spec:
|
|
replicas: 1
|
|
{% if kubernetes_deployment_api_version == "apps/v1" %}
|
|
selector:
|
|
matchLabels:
|
|
app: {{ kubernetes_deployment_name }}
|
|
{% endif %}
|
|
template:
|
|
metadata:
|
|
labels:
|
|
name: {{ kubernetes_deployment_name }}-web-deploy
|
|
service: django
|
|
app: {{ kubernetes_deployment_name }}
|
|
spec:
|
|
serviceAccountName: awx
|
|
terminationGracePeriodSeconds: 10
|
|
{% if custom_venvs is defined %}
|
|
{% set trusted_hosts = "" %}
|
|
initContainers:
|
|
- image: 'centos:7'
|
|
name: init-custom-venvs
|
|
{% if http_proxy is defined or https_proxy is defined %}
|
|
{% set trusted_hosts = "--trusted-host pypi.org --trusted-host files.pythonhosted.org --trusted-host pypi.python.org" %}
|
|
env:
|
|
{% if http_proxy is defined %}
|
|
- name: http_proxy
|
|
value: {{ http_proxy }}
|
|
{% endif %}
|
|
{% if https_proxy is defined %}
|
|
- name: https_proxy
|
|
value: {{ https_proxy }}
|
|
{% endif %}
|
|
{% if no_proxy is defined %}
|
|
- name: no_proxy
|
|
value: {{ no_proxy }}
|
|
{% endif %}
|
|
{% endif %}
|
|
command:
|
|
- sh
|
|
- '-c'
|
|
- >-
|
|
yum install -y ansible curl python-setuptools epel-release \
|
|
openssl openssl-devel gcc python-devel &&
|
|
yum install -y python-virtualenv python36 python36-devel &&
|
|
mkdir -p {{ custom_venvs_path }} &&
|
|
{% for custom_venv in custom_venvs %}
|
|
virtualenv -p {{ custom_venv.python | default(custom_venvs_python) }} \
|
|
{{ custom_venvs_path }}/{{ custom_venv.name }} &&
|
|
source {{ custom_venvs_path }}/{{ custom_venv.name }}/bin/activate &&
|
|
{{ custom_venvs_path }}/{{ custom_venv.name }}/bin/pip install {{ trusted_hosts }} -U psutil \
|
|
"ansible=={{ custom_venv.python_ansible_version }}" &&
|
|
{% if custom_venv.python_modules is defined %}
|
|
{{ custom_venvs_path }}/{{ custom_venv.name }}/bin/pip install {{ trusted_hosts }} -U \
|
|
{% for module in custom_venv.python_modules %}{{ module }} {% endfor %} &&
|
|
{% endif %}
|
|
deactivate &&
|
|
{% endfor %}
|
|
:
|
|
volumeMounts:
|
|
- name: custom-venvs
|
|
mountPath: {{ custom_venvs_path }}
|
|
{% endif %}
|
|
containers:
|
|
- name: {{ kubernetes_deployment_name }}-web
|
|
image: "{{ kubernetes_web_image }}:{{ kubernetes_web_version }}"
|
|
imagePullPolicy: Always
|
|
ports:
|
|
- containerPort: 8052
|
|
volumeMounts:
|
|
- name: supervisor-socket
|
|
mountPath: "/var/run/supervisor"
|
|
- name: rsyslog-socket
|
|
mountPath: "/var/run/rsyslog"
|
|
{% if ca_trust_dir is defined %}
|
|
- name: {{ kubernetes_deployment_name }}-ca-trust-dir
|
|
mountPath: "/etc/pki/ca-trust/source/anchors/"
|
|
readOnly: true
|
|
{% endif %}
|
|
{% if project_data_dir is defined %}
|
|
- name: {{ kubernetes_deployment_name }}-project-data-dir
|
|
mountPath: "/var/lib/awx/projects"
|
|
readOnly: false
|
|
{% endif %}
|
|
{% if custom_venvs is defined %}
|
|
- name: custom-venvs
|
|
mountPath: {{ custom_venvs_path }}
|
|
{% endif %}
|
|
- name: {{ kubernetes_deployment_name }}-application-config
|
|
mountPath: "/etc/tower/settings.py"
|
|
subPath: settings.py
|
|
readOnly: true
|
|
|
|
- name: {{ kubernetes_deployment_name }}-nginx-config
|
|
mountPath: /etc/nginx/nginx.conf
|
|
subPath: nginx.conf
|
|
readOnly: true
|
|
|
|
- name: "{{ kubernetes_deployment_name }}-application-credentials"
|
|
mountPath: "/etc/tower/conf.d/"
|
|
readOnly: true
|
|
|
|
- name: {{ kubernetes_deployment_name }}-launch-awx-web
|
|
mountPath: "/usr/bin/launch_awx.sh"
|
|
subPath: "launch_awx.sh"
|
|
readOnly: true
|
|
|
|
- name: {{ kubernetes_deployment_name }}-launch-awx-task
|
|
mountPath: "/usr/bin/launch_awx_task.sh"
|
|
subPath: "launch_awx_task.sh"
|
|
readOnly: true
|
|
|
|
- name: {{ kubernetes_deployment_name }}-supervisor-web-config
|
|
mountPath: "/supervisor.conf"
|
|
subPath: supervisor.conf
|
|
readOnly: true
|
|
|
|
- name: {{ kubernetes_deployment_name }}-supervisor-task-config
|
|
mountPath: "/supervisor_task.conf"
|
|
subPath: supervisor_task.conf
|
|
readOnly: true
|
|
|
|
- name: {{ kubernetes_deployment_name }}-secret-key
|
|
mountPath: "/etc/tower/SECRET_KEY"
|
|
subPath: SECRET_KEY
|
|
readOnly: true
|
|
|
|
- name: {{ kubernetes_deployment_name }}-redis-socket
|
|
mountPath: "/var/run/redis"
|
|
|
|
- name: {{ kubernetes_deployment_name }}-memcached-socket
|
|
mountPath: "/var/run/memcached"
|
|
|
|
resources:
|
|
requests:
|
|
memory: "{{ web_mem_request }}Gi"
|
|
cpu: "{{ web_cpu_request }}m"
|
|
{% if web_mem_limit is defined or web_cpu_limit is defined %}
|
|
limits:
|
|
{% endif %}
|
|
{% if web_mem_limit is defined %}
|
|
memory: "{{ web_mem_limit }}Gi"
|
|
{% endif %}
|
|
{% if web_cpu_limit is defined %}
|
|
cpu: "{{ web_cpu_limit }}m"
|
|
{% endif %}
|
|
- name: {{ kubernetes_deployment_name }}-task
|
|
securityContext:
|
|
privileged: true
|
|
image: "{{ kubernetes_task_image }}:{{ kubernetes_task_version }}"
|
|
command:
|
|
- /usr/bin/launch_awx_task.sh
|
|
imagePullPolicy: Always
|
|
volumeMounts:
|
|
- name: supervisor-socket
|
|
mountPath: "/var/run/supervisor"
|
|
- name: rsyslog-socket
|
|
mountPath: "/var/run/rsyslog"
|
|
{% if ca_trust_dir is defined %}
|
|
- name: {{ kubernetes_deployment_name }}-ca-trust-dir
|
|
mountPath: "/etc/pki/ca-trust/source/anchors/"
|
|
readOnly: true
|
|
{% endif %}
|
|
{% if custom_venvs is defined %}
|
|
- name: custom-venvs
|
|
mountPath: {{ custom_venvs_path }}
|
|
{% endif %}
|
|
- name: {{ kubernetes_deployment_name }}-application-config
|
|
mountPath: "/etc/tower/settings.py"
|
|
subPath: settings.py
|
|
readOnly: true
|
|
|
|
- name: "{{ kubernetes_deployment_name }}-application-credentials"
|
|
mountPath: "/etc/tower/conf.d/"
|
|
readOnly: true
|
|
|
|
- name: {{ kubernetes_deployment_name }}-launch-awx-web
|
|
mountPath: "/usr/bin/launch_awx.sh"
|
|
subPath: "launch_awx.sh"
|
|
readOnly: true
|
|
|
|
- name: {{ kubernetes_deployment_name }}-launch-awx-task
|
|
mountPath: "/usr/bin/launch_awx_task.sh"
|
|
subPath: "launch_awx_task.sh"
|
|
readOnly: true
|
|
|
|
- name: {{ kubernetes_deployment_name }}-supervisor-web-config
|
|
mountPath: "/supervisor.conf"
|
|
subPath: supervisor.conf
|
|
readOnly: true
|
|
|
|
- name: {{ kubernetes_deployment_name }}-supervisor-task-config
|
|
mountPath: "/supervisor_task.conf"
|
|
subPath: supervisor_task.conf
|
|
readOnly: true
|
|
|
|
- name: {{ kubernetes_deployment_name }}-secret-key
|
|
mountPath: "/etc/tower/SECRET_KEY"
|
|
subPath: SECRET_KEY
|
|
readOnly: true
|
|
|
|
- name: {{ kubernetes_deployment_name }}-redis-socket
|
|
mountPath: "/var/run/redis"
|
|
|
|
- name: {{ kubernetes_deployment_name }}-memcached-socket
|
|
mountPath: "/var/run/memcached"
|
|
env:
|
|
- name: SUPERVISOR_WEB_CONFIG_PATH
|
|
value: "/supervisor.conf"
|
|
- name: AWX_SKIP_MIGRATIONS
|
|
value: "1"
|
|
- name: MY_POD_UID
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.uid
|
|
- name: MY_POD_IP
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: status.podIP
|
|
resources:
|
|
requests:
|
|
memory: "{{ task_mem_request }}Gi"
|
|
cpu: "{{ task_cpu_request }}m"
|
|
{% if task_mem_limit is defined or task_cpu_limit is defined %}
|
|
limits:
|
|
{% endif %}
|
|
{% if task_mem_limit is defined %}
|
|
memory: "{{ task_mem_limit }}Gi"
|
|
{% endif %}
|
|
{% if task_cpu_limit is defined %}
|
|
cpu: "{{ task_cpu_limit }}m"
|
|
{% endif %}
|
|
- name: {{ kubernetes_deployment_name }}-redis
|
|
image: {{ kubernetes_redis_image }}:{{ kubernetes_redis_image_tag }}
|
|
imagePullPolicy: Always
|
|
args: ["redis-server", "{{ kubernetes_redis_config_mount_path }}"]
|
|
ports:
|
|
- name: redis
|
|
protocol: TCP
|
|
containerPort: 6379
|
|
volumeMounts:
|
|
- name: {{ kubernetes_deployment_name }}-redis-config
|
|
mountPath: "{{ kubernetes_redis_config_mount_path }}"
|
|
subPath: redis.conf
|
|
readOnly: true
|
|
|
|
- name: {{ kubernetes_deployment_name }}-redis-socket
|
|
mountPath: "/var/run/redis"
|
|
resources:
|
|
requests:
|
|
memory: "{{ redis_mem_request }}Gi"
|
|
cpu: "{{ redis_cpu_request }}m"
|
|
{% if redis_mem_limit is defined or redis_cpu_limit is defined %}
|
|
limits:
|
|
{% endif %}
|
|
{% if redis_mem_limit is defined %}
|
|
memory: "{{ redis_mem_limit }}Gi"
|
|
{% endif %}
|
|
{% if redis_cpu_limit is defined %}
|
|
cpu: "{{ redis_cpu_limit }}m"
|
|
{% endif %}
|
|
- name: {{ kubernetes_deployment_name }}-memcached
|
|
image: "{{ kubernetes_memcached_image }}:{{ kubernetes_memcached_version }}"
|
|
imagePullPolicy: Always
|
|
command:
|
|
- 'memcached'
|
|
- '-s'
|
|
- '/var/run/memcached/memcached.sock'
|
|
- '-a'
|
|
- '0666'
|
|
volumeMounts:
|
|
- name: {{ kubernetes_deployment_name }}-memcached-socket
|
|
mountPath: "/var/run/memcached"
|
|
resources:
|
|
requests:
|
|
memory: "{{ memcached_mem_request }}Gi"
|
|
cpu: "{{ memcached_cpu_request }}m"
|
|
{% if memcached_mem_limit is defined or memcached_cpu_limit is defined %}
|
|
limits:
|
|
{% endif %}
|
|
{% if memcached_mem_limit is defined %}
|
|
memory: "{{ memcached_mem_limit }}Gi"
|
|
{% endif %}
|
|
{% if memcached_cpu_limit is defined %}
|
|
cpu: "{{ memcached_cpu_limit }}m"
|
|
{% endif %}
|
|
{% if tolerations is defined %}
|
|
tolerations:
|
|
{{ tolerations | to_nice_yaml(indent=2) | indent(width=8, indentfirst=True) }}
|
|
{% endif %}
|
|
{% if node_selector is defined %}
|
|
nodeSelector:
|
|
{{ node_selector | to_nice_yaml(indent=2) | indent(width=8, indentfirst=True) }}
|
|
{% endif %}
|
|
{% if affinity is defined %}
|
|
affinity:
|
|
{{ affinity | to_nice_yaml(indent=2) | indent(width=8, indentfirst=True) }}
|
|
{% endif %}
|
|
volumes:
|
|
- name: supervisor-socket
|
|
emptyDir: {}
|
|
- name: rsyslog-socket
|
|
emptyDir: {}
|
|
{% if ca_trust_dir is defined %}
|
|
- name: {{ kubernetes_deployment_name }}-ca-trust-dir
|
|
hostPath:
|
|
path: "{{ ca_trust_dir }}"
|
|
type: Directory
|
|
{% endif %}
|
|
{% if project_data_dir is defined %}
|
|
- name: {{ kubernetes_deployment_name }}-project-data-dir
|
|
hostPath:
|
|
path: "{{ project_data_dir }}"
|
|
type: Directory
|
|
{% endif %}
|
|
{% if custom_venvs is defined %}
|
|
- name: custom-venvs
|
|
emptyDir: {}
|
|
{% endif %}
|
|
- name: {{ kubernetes_deployment_name }}-application-config
|
|
configMap:
|
|
name: {{ kubernetes_deployment_name }}-config
|
|
items:
|
|
- key: {{ kubernetes_deployment_name }}_settings
|
|
path: settings.py
|
|
|
|
- name: {{ kubernetes_deployment_name }}-nginx-config
|
|
configMap:
|
|
name: {{ kubernetes_deployment_name }}-config
|
|
items:
|
|
- key: {{ kubernetes_deployment_name }}_nginx_conf
|
|
path: nginx.conf
|
|
|
|
- name: {{ kubernetes_deployment_name }}-redis-config
|
|
configMap:
|
|
name: {{ kubernetes_deployment_name }}-config
|
|
items:
|
|
- key: {{ kubernetes_deployment_name }}_redis_conf
|
|
path: redis.conf
|
|
|
|
- name: "{{ kubernetes_deployment_name }}-application-credentials"
|
|
secret:
|
|
secretName: "{{ kubernetes_deployment_name }}-secrets"
|
|
items:
|
|
- key: credentials_py
|
|
path: 'credentials.py'
|
|
- key: environment_sh
|
|
path: 'environment.sh'
|
|
|
|
- name: {{ kubernetes_deployment_name }}-launch-awx-web
|
|
configMap:
|
|
name: {{ kubernetes_deployment_name }}-launch-awx
|
|
items:
|
|
- key: launch-awx-web
|
|
path: 'launch_awx.sh'
|
|
defaultMode: 0755
|
|
|
|
- name: {{ kubernetes_deployment_name }}-launch-awx-task
|
|
configMap:
|
|
name: {{ kubernetes_deployment_name }}-launch-awx
|
|
items:
|
|
- key: launch-awx-task
|
|
path: 'launch_awx_task.sh'
|
|
defaultMode: 0755
|
|
|
|
- name: {{ kubernetes_deployment_name }}-supervisor-web-config
|
|
configMap:
|
|
name: {{ kubernetes_deployment_name }}-supervisor-config
|
|
items:
|
|
- key: supervisor-web-config
|
|
path: 'supervisor.conf'
|
|
|
|
- name: {{ kubernetes_deployment_name }}-supervisor-task-config
|
|
configMap:
|
|
name: {{ kubernetes_deployment_name }}-supervisor-config
|
|
items:
|
|
- key: supervisor-task-config
|
|
path: 'supervisor_task.conf'
|
|
|
|
- name: {{ kubernetes_deployment_name }}-secret-key
|
|
secret:
|
|
secretName: "{{ kubernetes_deployment_name }}-secrets"
|
|
items:
|
|
- key: secret_key
|
|
path: SECRET_KEY
|
|
|
|
- name: {{ kubernetes_deployment_name }}-redis-socket
|
|
emptyDir: {}
|
|
|
|
- name: {{ kubernetes_deployment_name }}-memcached-socket
|
|
emptyDir: {}
|
|
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: {{ kubernetes_deployment_name }}-web-svc
|
|
namespace: {{ kubernetes_namespace }}
|
|
labels:
|
|
name: {{ kubernetes_deployment_name }}-web-svc
|
|
spec:
|
|
type: "NodePort"
|
|
ports:
|
|
- name: http
|
|
port: 80
|
|
targetPort: 8052
|
|
selector:
|
|
name: {{ kubernetes_deployment_name }}-web-deploy
|
|
|
|
{% if kubernetes_context is defined %}
|
|
---
|
|
apiVersion: extensions/v1beta1
|
|
kind: Ingress
|
|
metadata:
|
|
name: {{ kubernetes_deployment_name }}-web-svc
|
|
namespace: {{ kubernetes_namespace }}
|
|
{% if kubernetes_ingress_annotations is defined %}
|
|
annotations:
|
|
{% for key, value in kubernetes_ingress_annotations.items() %}
|
|
{{ key }}: {{ value }}
|
|
{% endfor %}
|
|
|
|
spec:
|
|
{% if kubernetes_ingress_tls_secret is defined %}
|
|
tls:
|
|
- hosts:
|
|
- {{ kubernetes_ingress_hostname }}
|
|
secretName: {{ kubernetes_ingress_tls_secret }}
|
|
{% endif %}
|
|
rules:
|
|
- host: {{ kubernetes_ingress_hostname }}
|
|
http:
|
|
paths:
|
|
- path: /
|
|
backend:
|
|
serviceName: {{ kubernetes_deployment_name }}-web-svc
|
|
servicePort: 80
|
|
{% else %}
|
|
spec:
|
|
backend:
|
|
serviceName: {{ kubernetes_deployment_name }}-web-svc
|
|
servicePort: 80
|
|
{% endif %}
|
|
{% endif %}
|
|
{% if openshift_host is defined %}
|
|
---
|
|
apiVersion: v1
|
|
kind: Route
|
|
metadata:
|
|
name: {{ kubernetes_deployment_name }}-web-svc
|
|
namespace: {{ kubernetes_namespace }}
|
|
spec:
|
|
port:
|
|
targetPort: http
|
|
tls:
|
|
insecureEdgeTerminationPolicy: Redirect
|
|
termination: edge
|
|
to:
|
|
kind: Service
|
|
name: {{ kubernetes_deployment_name }}-web-svc
|
|
weight: 100
|
|
wildcardPolicy: None
|
|
{% endif %}
|