Feature/awx

5 years ago · 88a0e6397f
parent 7632da1019
commit 88a0e6397f
11 changed files with 252 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -12,6 +12,8 @@ Install ansible role for managing hetzner cloud servers.
    pip3 install hcloud
    ansible-galaxy collection install hetzner.hcloud
    ansible-galaxy collection install community.general
+    ansible-galaxy install geerlingguy.kubernetes
+    ansible-galaxy collection install community.kubernetes

 # Setup
 Create/Start servers for stage-dev
--- a/host_vars/dev-awx-02.yml
+++ b/host_vars/dev-awx-02.yml
--- a/roles/awx/defaults/main.yml
+++ b/roles/awx/defaults/main.yml
@ -0,0 +1,18 @@
+---
+
+awx_operator_version: "0.12.0"
+awx_operator_url: "https://raw.githubusercontent.com/ansible/awx-operator/{{ awx_operator_version }}/deploy/awx-operator.yaml"
+kubernetes_awx_namespace: "awx-test"
+kubernetes_awx_postgres_volume_size: "50Gi"
+kubernetes_awx_postgres_volume_accessMode: "ReadWriteOnce"
+kubernetes_awx_postgres_volume_path: "/mnt/data/postgres"
+kubernetes_awx_postgres_pvc_size: "50Gi"
+kubernetes_awx_postgres_pvc_accessMode: "ReadWriteOnce"
+kubernetes_awx_project_volume_size: "10Gi"
+kubernetes_awx_project_volume_accessMode: "ReadWriteOnce"
+kubernetes_awx_project_volume_path: "/mnt/data/project"
+kubernetes_awx_project_pvc_size: "10Gi"
+kubernetes_awx_project_pvc_accessMode: "ReadWriteOnce"
+kubernetes_awx_service_port: "80"
+kubernetes_awx_service_targetPort: "80"
+awx_admin_password: "awx-admin"
--- a/roles/awx/handlers/main.yml
+++ b/roles/awx/handlers/main.yml
@ -0,0 +1 @@
+---
--- a/roles/awx/meta/main.yml
+++ b/roles/awx/meta/main.yml
@ -0,0 +1 @@
+---
--- a/roles/awx/tasks/main.yml
+++ b/roles/awx/tasks/main.yml
@ -0,0 +1,106 @@
+---
+
+- name: "Install Pip3 for {{ service_name }}"
+  apt:
+    name: python3-pip
+    state: present
+  become: True
+  tags:
+    - kube_apply
+
+- name: "Install Kubernetes over Pip3 for {{ service_name }}"
+  pip:
+    name: kubernetes    
+    state: present
+  become: True
+  tags:
+    - kube_apply
+
+- name: "Install and Setup Kubernetes (Single node, Master-only cluster) for {{ service_name }}"
+  include_role:
+    name: geerlingguy.kubernetes
+  vars:
+    kubernetes_allow_pods_on_master: true
+  tags: 
+    - kube_install
+
+- name: "Download AWX {{ awx_operator_version }} to Kubernetes Template for {{ service_name }}"
+  get_url:
+    url: "{{ awx_operator_url }}"
+    dest: /tmp/awx-operator.yaml
+    mode: '0664'
+  tags:
+    - kube_apply
+
+- name: "Apply AWX {{ awx_operator_version }} to Kubernetes {{ service_name }}"
+  k8s:
+    state: present
+    src: /tmp/awx-operator.yaml
+    namespace: default
+    wait: yes
+    wait_timeout: 300
+  tags:
+    - kube_apply
+
+- name: "Ensure that postgres volume directory exists for {{ service_name }}"
+  file:
+    path: "{{ item }}"
+    state: directory
+    owner: 'root'
+    group: 'root'
+  loop:
+    - "{{ kubernetes_awx_postgres_volume_path }}"
+    - "{{ kubernetes_awx_project_volume_path }}"
+  tags:
+    - kube_apply
+
+- name: "Copy Deployment Template for {{ service_name }}"
+  template:
+    src: awx-deployment.yml.j2
+    dest: /tmp/awx-deployment.yml
+    owner: root
+    group: root
+    mode: '0644'
+  tags:
+    - kube_apply
+
+- name: "Create a AWX k8s namespace for {{ service_name }}"
+  k8s:
+    name: "{{ kubernetes_awx_namespace }}"
+    api_version: v1
+    kind: Namespace
+    state: present
+  tags:
+    - kube_apply
+
+- name: "Apply AWX Deployment for {{ service_name }}"
+  k8s:
+    state: present
+    src: /tmp/awx-deployment.yml
+    namespace: "{{ kubernetes_awx_namespace }}"
+    wait: yes
+    wait_timeout: 300
+  tags:
+    - kube_apply
+
+- name: "Cleanup for {{ service_name }}"
+  file:
+    path: "{{ item }}"
+    state: absent
+  loop:
+    - /tmp/awx-operator.yaml
+    - /tmp/awx-deployment.yml
+  tags:
+    - kube_apply
+
+- name: "Wait for AWX service {{ service_name }}"
+  uri:
+    url: "http://{{ stage_server_ip }}:{{ kubernetes_awx_service_port }}"
+    status_code: 200
+    validate_certs: False
+  register: result
+  until: result.status == 200
+  retries: 60
+  delay: 20
+  tags:
+    - kube_apply
--- a/roles/awx/templates/awx-deployment.yml.j2
+++ b/roles/awx/templates/awx-deployment.yml.j2
@ -0,0 +1,97 @@
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: postgres-awx-volume
+  namespace: {{ kubernetes_awx_namespace }}
+  labels:
+    type: local
+spec:
+  storageClassName: manual
+  capacity:
+    storage: {{ kubernetes_awx_postgres_volume_size }}
+  accessModes:
+    - {{ kubernetes_awx_postgres_volume_accessMode }}
+  hostPath:
+    path: "{{ kubernetes_awx_postgres_volume_path }}"
+
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: awx-project-volume
+  namespace: {{ kubernetes_awx_namespace }}
+  labels:
+    type: local
+spec:
+  storageClassName: manual
+  capacity:
+    storage: {{ kubernetes_awx_project_volume_size }}
+  accessModes:
+    - {{ kubernetes_awx_project_volume_accessMode }}
+  hostPath:
+    path: "{{ kubernetes_awx_project_volume_path }}"
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: postgres-awx-postgres-0
+  namespace: {{ kubernetes_awx_namespace }}
+spec:
+  storageClassName: manual
+  accessModes:
+    - {{ kubernetes_awx_postgres_pvc_accessMode }}
+  resources:
+    requests:
+      storage: {{ kubernetes_awx_postgres_pvc_size }}
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: awx-project-claim-0
+  namespace: {{ kubernetes_awx_namespace }}
+spec:
+  storageClassName: manual
+  accessModes:
+    - {{ kubernetes_awx_project_pvc_accessMode }}
+  resources:
+    requests:
+      storage: {{ kubernetes_awx_project_pvc_size }}
+
+---
+apiVersion: awx.ansible.com/v1beta1
+kind: AWX
+metadata:
+  name: awx
+  namespace: {{ kubernetes_awx_namespace }}
+spec:
+  projects_persistence: true
+  projects_existing_claim: awx-project-claim-0
+  projects_storage_access_mode: {{ kubernetes_awx_project_pvc_accessMode }}
+  projects_storage_size: {{ kubernetes_awx_project_pvc_size }}
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: awx-service
+  namespace: {{ kubernetes_awx_namespace }}
+spec:
+  ports:
+    - name: http
+      protocol: TCP
+      port: {{ kubernetes_awx_service_port }}
+      targetPort: {{ kubernetes_awx_service_targetPort }}
+  externalIPs:
+    - {{ stage_server_ip }}
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: awx-admin-password
+  namespace: {{ kubernetes_awx_namespace }}
+stringData:
+  password: {{ awx_admin_password }}
--- a/roles/awx/vars/main.yml
+++ b/roles/awx/vars/main.yml
@ -0,0 +1 @@
+---
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@ -168,6 +168,24 @@
  tags:
    - config

+- name: "Ensure docker daemon configuration directory exists"
+  file:
+    path: '/etc/docker'
+    state: directory
+    owner: 'root'
+    group: 'root'
+  tags:
+    - config
+
+- name: "Ensure docker daemon configuration directory exists"
+  file:
+    path: '/etc/docker'
+    state: directory
+    owner: 'root'
+    group: 'root'
+  tags:
+    - config
+
 - name: "Insert/Update docker daemon configuration"
  template:
    src: 'configs/docker/daemon.json.j2'
--- a/smardigo.yml
+++ b/smardigo.yml
@ -66,3 +66,6 @@
      when: "'iam' in group_names"
    - role: connect
      when: "'connect' in group_names"
+
+    - role: awx
+      when: "'awx' in group_names"
--- a/4
+++ b/4
@ -25,6 +25,9 @@ dev-mail-01
 [prometheus]
 dev-prometheus-01

+[awx]
+dev-awx-02
+
 [stage_dev:children]
 awx
 connect
@ -34,6 +37,7 @@ iam
 keycloak
 postfix
 prometheus
+awx

 [all:children]
 stage_dev