From 88a0e6397fa37e372610b8d807a1e74241a57e70 Mon Sep 17 00:00:00 2001
From: "Dziedzicki, Daniel" <daniel.dziedzicki@arxes-tolina.de>
Date: Tue, 13 Jul 2021 08:23:00 +0000
Subject: [PATCH] Feature/awx

---
 README.md                                    |   4 +-
 host_vars/{dev-awx-01.yml => dev-awx-02.yml} |   0
 roles/awx/defaults/main.yml                  |  18 ++++
 roles/awx/handlers/main.yml                  |   1 +
 roles/awx/meta/main.yml                      |   1 +
 roles/awx/tasks/main.yml                     | 106 +++++++++++++++++++
 roles/awx/templates/awx-deployment.yml.j2    |  97 +++++++++++++++++
 roles/awx/vars/main.yml                      |   1 +
 roles/common/tasks/main.yml                  |  18 ++++
 smardigo.yml                                 |   3 +
 stage-dev                                    |   4 +
 11 files changed, 252 insertions(+), 1 deletion(-)
 rename host_vars/{dev-awx-01.yml => dev-awx-02.yml} (100%)
 create mode 100644 roles/awx/defaults/main.yml
 create mode 100644 roles/awx/handlers/main.yml
 create mode 100644 roles/awx/meta/main.yml
 create mode 100644 roles/awx/tasks/main.yml
 create mode 100644 roles/awx/templates/awx-deployment.yml.j2
 create mode 100644 roles/awx/vars/main.yml

diff --git a/README.md b/README.md
index 3a0958b..b27a4fa 100644
--- a/README.md
+++ b/README.md
@@ -12,6 +12,8 @@ Install ansible role for managing hetzner cloud servers.
     pip3 install hcloud
     ansible-galaxy collection install hetzner.hcloud
     ansible-galaxy collection install community.general
+    ansible-galaxy install geerlingguy.kubernetes
+    ansible-galaxy collection install community.kubernetes
 
 # Setup
 Create/Start servers for stage-dev
@@ -38,4 +40,4 @@ Docker-Registry
   Use Installation from Keycloak Client 'docker-registry'
 Prometheus (Grafana)
   docker exec -i df4d6b176f5e sh -c 'grafana-cli plugins install grafana-piechart-panel'
-  docker restart df4d6b176f5e
\ No newline at end of file
+  docker restart df4d6b176f5e
diff --git a/host_vars/dev-awx-01.yml b/host_vars/dev-awx-02.yml
similarity index 100%
rename from host_vars/dev-awx-01.yml
rename to host_vars/dev-awx-02.yml
diff --git a/roles/awx/defaults/main.yml b/roles/awx/defaults/main.yml
new file mode 100644
index 0000000..f38700a
--- /dev/null
+++ b/roles/awx/defaults/main.yml
@@ -0,0 +1,18 @@
+---
+
+awx_operator_version: "0.12.0"
+awx_operator_url: "https://raw.githubusercontent.com/ansible/awx-operator/{{ awx_operator_version }}/deploy/awx-operator.yaml"
+kubernetes_awx_namespace: "awx-test"
+kubernetes_awx_postgres_volume_size: "50Gi"
+kubernetes_awx_postgres_volume_accessMode: "ReadWriteOnce"
+kubernetes_awx_postgres_volume_path: "/mnt/data/postgres"
+kubernetes_awx_postgres_pvc_size: "50Gi"
+kubernetes_awx_postgres_pvc_accessMode: "ReadWriteOnce"
+kubernetes_awx_project_volume_size: "10Gi"
+kubernetes_awx_project_volume_accessMode: "ReadWriteOnce"
+kubernetes_awx_project_volume_path: "/mnt/data/project"
+kubernetes_awx_project_pvc_size: "10Gi"
+kubernetes_awx_project_pvc_accessMode: "ReadWriteOnce"
+kubernetes_awx_service_port: "80"
+kubernetes_awx_service_targetPort: "80"
+awx_admin_password: "awx-admin"
diff --git a/roles/awx/handlers/main.yml b/roles/awx/handlers/main.yml
new file mode 100644
index 0000000..ed97d53
--- /dev/null
+++ b/roles/awx/handlers/main.yml
@@ -0,0 +1 @@
+---
diff --git a/roles/awx/meta/main.yml b/roles/awx/meta/main.yml
new file mode 100644
index 0000000..ed97d53
--- /dev/null
+++ b/roles/awx/meta/main.yml
@@ -0,0 +1 @@
+---
diff --git a/roles/awx/tasks/main.yml b/roles/awx/tasks/main.yml
new file mode 100644
index 0000000..14f2e01
--- /dev/null
+++ b/roles/awx/tasks/main.yml
@@ -0,0 +1,106 @@
+---
+
+- name: "Install Pip3 for {{ service_name }}"
+  apt:
+    name: python3-pip
+    state: present
+  become: True
+  tags:
+    - kube_apply
+
+- name: "Install Kubernetes over Pip3 for {{ service_name }}"
+  pip:
+    name: kubernetes    
+    state: present
+  become: True
+  tags:
+    - kube_apply
+
+- name: "Install and Setup Kubernetes (Single node, Master-only cluster) for {{ service_name }}"
+  include_role:
+    name: geerlingguy.kubernetes
+  vars:
+    kubernetes_allow_pods_on_master: true
+  tags: 
+    - kube_install
+
+- name: "Download AWX {{ awx_operator_version }} to Kubernetes Template for {{ service_name }}"
+  get_url:
+    url: "{{ awx_operator_url }}"
+    dest: /tmp/awx-operator.yaml
+    mode: '0664'
+  tags:
+    - kube_apply
+
+- name: "Apply AWX {{ awx_operator_version }} to Kubernetes {{ service_name }}"
+  k8s:
+    state: present
+    src: /tmp/awx-operator.yaml
+    namespace: default
+    wait: yes
+    wait_timeout: 300
+  tags:
+    - kube_apply
+
+- name: "Ensure that postgres volume directory exists for {{ service_name }}"
+  file:
+    path: "{{ item }}"
+    state: directory
+    owner: 'root'
+    group: 'root'
+  loop:
+    - "{{ kubernetes_awx_postgres_volume_path }}"
+    - "{{ kubernetes_awx_project_volume_path }}"
+  tags:
+    - kube_apply
+
+- name: "Copy Deployment Template for {{ service_name }}"
+  template:
+    src: awx-deployment.yml.j2
+    dest: /tmp/awx-deployment.yml
+    owner: root
+    group: root
+    mode: '0644'
+  tags:
+    - kube_apply
+
+- name: "Create a AWX k8s namespace for {{ service_name }}"
+  k8s:
+    name: "{{ kubernetes_awx_namespace }}"
+    api_version: v1
+    kind: Namespace
+    state: present
+  tags:
+    - kube_apply
+
+- name: "Apply AWX Deployment for {{ service_name }}"
+  k8s:
+    state: present
+    src: /tmp/awx-deployment.yml
+    namespace: "{{ kubernetes_awx_namespace }}"
+    wait: yes
+    wait_timeout: 300
+  tags:
+    - kube_apply
+
+- name: "Cleanup for {{ service_name }}"
+  file:
+    path: "{{ item }}"
+    state: absent
+  loop:
+    - /tmp/awx-operator.yaml
+    - /tmp/awx-deployment.yml
+  tags:
+    - kube_apply
+
+- name: "Wait for AWX service {{ service_name }}"
+  uri:
+    url: "http://{{ stage_server_ip }}:{{ kubernetes_awx_service_port }}"
+    status_code: 200
+    validate_certs: False
+  register: result
+  until: result.status == 200
+  retries: 60
+  delay: 20
+  tags:
+    - kube_apply
diff --git a/roles/awx/templates/awx-deployment.yml.j2 b/roles/awx/templates/awx-deployment.yml.j2
new file mode 100644
index 0000000..e2cd0d2
--- /dev/null
+++ b/roles/awx/templates/awx-deployment.yml.j2
@@ -0,0 +1,97 @@
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: postgres-awx-volume
+  namespace: {{ kubernetes_awx_namespace }}
+  labels:
+    type: local
+spec:
+  storageClassName: manual
+  capacity:
+    storage: {{ kubernetes_awx_postgres_volume_size }}
+  accessModes:
+    - {{ kubernetes_awx_postgres_volume_accessMode }}
+  hostPath:
+    path: "{{ kubernetes_awx_postgres_volume_path }}"
+
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: awx-project-volume
+  namespace: {{ kubernetes_awx_namespace }}
+  labels:
+    type: local
+spec:
+  storageClassName: manual
+  capacity:
+    storage: {{ kubernetes_awx_project_volume_size }}
+  accessModes:
+    - {{ kubernetes_awx_project_volume_accessMode }}
+  hostPath:
+    path: "{{ kubernetes_awx_project_volume_path }}"
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: postgres-awx-postgres-0
+  namespace: {{ kubernetes_awx_namespace }}
+spec:
+  storageClassName: manual
+  accessModes:
+    - {{ kubernetes_awx_postgres_pvc_accessMode }}
+  resources:
+    requests:
+      storage: {{ kubernetes_awx_postgres_pvc_size }}
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: awx-project-claim-0
+  namespace: {{ kubernetes_awx_namespace }}
+spec:
+  storageClassName: manual
+  accessModes:
+    - {{ kubernetes_awx_project_pvc_accessMode }}
+  resources:
+    requests:
+      storage: {{ kubernetes_awx_project_pvc_size }}
+
+---
+apiVersion: awx.ansible.com/v1beta1
+kind: AWX
+metadata:
+  name: awx
+  namespace: {{ kubernetes_awx_namespace }}
+spec:
+  projects_persistence: true
+  projects_existing_claim: awx-project-claim-0
+  projects_storage_access_mode: {{ kubernetes_awx_project_pvc_accessMode }}
+  projects_storage_size: {{ kubernetes_awx_project_pvc_size }}
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: awx-service
+  namespace: {{ kubernetes_awx_namespace }}
+spec:
+  ports:
+    - name: http
+      protocol: TCP
+      port: {{ kubernetes_awx_service_port }}
+      targetPort: {{ kubernetes_awx_service_targetPort }}
+  externalIPs:
+    - {{ stage_server_ip }}
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: awx-admin-password
+  namespace: {{ kubernetes_awx_namespace }}
+stringData:
+  password: {{ awx_admin_password }}
diff --git a/roles/awx/vars/main.yml b/roles/awx/vars/main.yml
new file mode 100644
index 0000000..ed97d53
--- /dev/null
+++ b/roles/awx/vars/main.yml
@@ -0,0 +1 @@
+---
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index cc2d65a..ff3ac81 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -168,6 +168,24 @@
   tags:
     - config
 
+- name: "Ensure docker daemon configuration directory exists"
+  file:
+    path: '/etc/docker'
+    state: directory
+    owner: 'root'
+    group: 'root'
+  tags:
+    - config
+
+- name: "Ensure docker daemon configuration directory exists"
+  file:
+    path: '/etc/docker'
+    state: directory
+    owner: 'root'
+    group: 'root'
+  tags:
+    - config
+
 - name: "Insert/Update docker daemon configuration"
   template:
     src: 'configs/docker/daemon.json.j2'
diff --git a/smardigo.yml b/smardigo.yml
index d9bb8f7..7fe1e5a 100644
--- a/smardigo.yml
+++ b/smardigo.yml
@@ -66,3 +66,6 @@
       when: "'iam' in group_names"
     - role: connect
       when: "'connect' in group_names"
+
+    - role: awx
+      when: "'awx' in group_names"
diff --git a/stage-dev b/stage-dev
index d896ca4..86ecc92 100644
--- a/stage-dev
+++ b/stage-dev
@@ -25,6 +25,9 @@ dev-mail-01
 [prometheus]
 dev-prometheus-01
 
+[awx]
+dev-awx-02
+
 [stage_dev:children]
 awx
 connect
@@ -34,6 +37,7 @@ iam
 keycloak
 postfix
 prometheus
+awx
 
 [all:children]
 stage_dev