Skip to content

Latest commit

History

History
119 lines (90 loc) 路 5.07 KB

extra-settings.md

File metadata and controls

119 lines (90 loc) 路 5.07 KB
Raw

Extra Settings

With extra_settings and extra_settings_files, you can pass multiple custom settings to AWX via the AWX Operator.

!!! note Parameters configured in extra_settings or extra_settings_files are set as read-only settings in AWX. As a result, they cannot be changed in the UI after deployment.

If you need to change the setting after the initial deployment, you need to change it on the AWX CR spec (for `extra_settings`) or corresponding ConfigMap or Secret (for `extra_settings_files`). After updating ConfigMap or Secret, you need to restart the AWX pods to apply the changes.

!!! note If the same setting is set in both extra_settings and extra_settings_files, the setting in extra_settings_files will take precedence.

Add extra settings with extra_settings

You can pass extra settings by specifying the pair of the setting name and value as the extra_settings parameter.

The settings passed via extra_settings will be appended to the /etc/tower/settings.py.

Name Description Default
extra_settings Extra settings []

Example configuration of extra_settings parameter

spec:
  extra_settings:
    - setting: MAX_PAGE_SIZE
      value: "500"

    - setting: AUTH_LDAP_BIND_DN
      value: "cn=admin,dc=example,dc=com"

    - setting: LOG_AGGREGATOR_LEVEL
      value: "'DEBUG'"

Note for some settings, such as LOG_AGGREGATOR_LEVEL, the value may need double quotes.

Add extra settings with extra_settings_files

You can pass extra settings by specifying the additional settings files in the ConfigMaps or Secrets as the extra_settings_files parameter.

The settings files passed via extra_settings_files will be mounted as the files under the /etc/tower/conf.d.

Name Description Default
extra_settings_files Extra settings files {}

!!! note If the same setting is set in multiple files in extra_settings_files, it would be difficult to predict which would be adopted since these files are loaded in arbitrary order that glob returns. For a reliable setting, do not include the same key in more than one file.

Create ConfigMaps or Secrets that contain custom settings files (*.py).

AWX_TASK_ENV = {
    "HTTPS_PROXY": "http://proxy.example.com:3128",
    "HTTP_PROXY": "http://proxy.example.com:3128",
    "NO_PROXY": "127.0.0.1,localhost,.example.com"
}
GALAXY_TASK_ENV = {
    "ANSIBLE_FORCE_COLOR": "false",
    "GIT_SSH_COMMAND": "ssh -o StrictHostKeyChecking=no",
}
REMOTE_HOST_HEADERS = [
    "HTTP_X_FORWARDED_FOR",
    "REMOTE_ADDR",
    "REMOTE_HOST",
]
SUBSCRIPTIONS_PASSWORD = "my-super-secure-subscription-password123!"
REDHAT_PASSWORD = "my-super-secure-redhat-password123!"
# Create ConfigMap
kubectl create configmap my-custom-settings \
  --from-file /PATH/TO/YOUR/custom_job_settings.py \
  --from-file /PATH/TO/YOUR/custom_system_settings.py

# Create Secret
kubectl create secret generic my-custom-passwords \
  --from-file /PATH/TO/YOUR/custom_passwords.py

Then specify them in the AWX CR spec. Here is an example configuration of extra_settings_files parameter.

spec:
  extra_settings_files:
    configmaps:
      - name: my-custom-settings        # The name of the ConfigMap
        key: custom_job_settings.py     # The key in the ConfigMap, which means the file name
      - name: my-custom-settings
        key: custom_system_settings.py
    secrets:
      - name: my-custom-passwords       # The name of the Secret
        key: custom_passwords.py        # The key in the Secret, which means the file name

!!! Warning "Restriction" There are some restrictions on the ConfigMaps or Secrets used in extra_settings_files.

- The keys in ConfigMaps or Secrets MUST be the name of python files and MUST end with `.py`
- The keys in ConfigMaps or Secrets MUST consists of alphanumeric characters, `-`, `_` or `.`
- The keys in ConfigMaps or Secrets are converted to the following strings, which MUST not exceed 63 characters
    - Keys in ConfigMaps: `<instance name>-<KEY>-configmap`
    - Keys in Secrets: `<instance name>-<KEY>-secret`
- Following keys are reserved and MUST NOT be used in ConfigMaps or Secrets
    - `credentials.py`
    - `execution_environments.py`
    - `ldap.py`

Refer to the Kubernetes documentations ([[1]](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/config-map-v1/), [[2]](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1/), [[3]](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/volume/), [[4]](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/)) for more information about character types and length restrictions.