ansible · softwarefactory-project-zuul · Mar 26, 2019 · Mar 26, 2019 · Mar 26, 2019 · sumkincpp
diff --git a/installer/inventory b/installer/inventory
@@ -55,12 +55,6 @@ postgres_data_dir=/tmp/pgdocker
 host_port=80
 #ssl_certificate=
 
-# Docker Compose Install
-# use_docker_compose=false
-# The docker_compose.yml file will be created in this directory
-# The name of the directory (here "awx") will be the prefix of the docker containers
-docker_compose_dir=/var/lib/awx
-
 # Required for Openshift when building the image on your own
 # Optional for Openshift if using Dockerhub or another prebuilt registry
 # Required for Standalone Docker Install if building the image on your own

diff --git a/installer/roles/image_build/files/launch_awx.sh b/installer/roles/image_build/files/launch_awx.sh
@@ -5,10 +5,15 @@ if [ `id -u` -ge 500 ]; then
     rm /tmp/passwd
 fi
 
+source /etc/tower/conf.d/environment.sh
+
 ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m wait_for -a "host=$DATABASE_HOST port=$DATABASE_PORT" all
 ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m wait_for -a "host=$MEMCACHED_HOST port=11211" all
 ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m wait_for -a "host=$RABBITMQ_HOST port=5672" all
 ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m postgresql_db --become-user $DATABASE_USER -a "name=$DATABASE_NAME owner=$DATABASE_USER login_user=$DATABASE_USER login_host=$DATABASE_HOST login_password=$DATABASE_PASSWORD port=$DATABASE_PORT" all
 
 awx-manage collectstatic --noinput --clear
+
+unset $(cut -d = -f -1 /etc/tower/conf.d/environment.sh)
+
 supervisord -c /supervisor.conf
diff --git a/installer/roles/image_build/files/launch_awx_task.sh b/installer/roles/image_build/files/launch_awx_task.sh
@@ -5,6 +5,8 @@ if [ `id -u` -ge 500 ]; then
     rm /tmp/passwd
 fi
 
+source /etc/tower/conf.d/environment.sh
+
 ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m wait_for -a "host=$DATABASE_HOST port=$DATABASE_PORT" all
 ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m wait_for -a "host=$MEMCACHED_HOST port=11211" all
 ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -i "127.0.0.1," -c local -v -m wait_for -a "host=$RABBITMQ_HOST port=5672" all
@@ -24,4 +26,7 @@ fi
 echo 'from django.conf import settings; x = settings.AWX_TASK_ENV; x["HOME"] = "/var/lib/awx"; settings.AWX_TASK_ENV = x' | awx-manage shell
 awx-manage provision_instance --hostname=$(hostname)
 awx-manage register_queue --queuename=tower --instance_percent=100
+
+unset $(cut -d = -f -1 /etc/tower/conf.d/environment.sh)
+
 supervisord -c /supervisor_task.conf
diff --git a/installer/roles/image_build/files/settings.py b/installer/roles/image_build/files/settings.py
@@ -6,7 +6,6 @@
 def get_secret():
     if os.path.exists("/etc/tower/SECRET_KEY"):
         return open('/etc/tower/SECRET_KEY', 'rb').read().strip()
-    return os.getenv("SECRET_KEY", "privateawx")
 
 
 ADMINS = ()

diff --git a/installer/roles/kubernetes/templates/deployment.yml.j2 b/installer/roles/kubernetes/templates/deployment.yml.j2
@@ -145,27 +145,9 @@ spec:
               mountPath: "/etc/tower"
               readOnly: true
 
-            - name: "{{ kubernetes_deployment_name }}-confd"
+            - name: "{{ kubernetes_deployment_name }}-application-credentials"
               mountPath: "/etc/tower/conf.d/"
               readOnly: true
-          env:
-            - name: DATABASE_USER
-              value: {{ pg_username }}
-            - name: DATABASE_NAME
-              value: {{ pg_database }}
-            - name: DATABASE_HOST
-              value: {{ pg_hostname|default('postgresql') }}
-            - name: DATABASE_PORT
-              value: "{{ pg_port|default('5432') }}"
-            - name: DATABASE_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: "{{ kubernetes_deployment_name }}-secrets"
-                  key: pg_password
-            - name: MEMCACHED_HOST
-              value: {{ memcached_hostname|default('localhost') }}
-            - name: RABBITMQ_HOST
-              value: {{ rabbitmq_hostname|default('localhost') }}
           resources:
             requests:
               memory: "{{ web_mem_request }}Gi"
@@ -191,36 +173,9 @@ spec:
               mountPath: "/etc/tower"
               readOnly: true
 
-            - name: "{{ kubernetes_deployment_name }}-confd"
+            - name: "{{ kubernetes_deployment_name }}-application-credentials"
               mountPath: "/etc/tower/conf.d/"
               readOnly: true
-          env:
-            - name: AWX_SKIP_MIGRATIONS
-              value: "1"
-            - name: DATABASE_USER
-              value: {{ pg_username }}
-            - name: DATABASE_NAME
-              value: {{ pg_database }}
-            - name: DATABASE_HOST
-              value: {{ pg_hostname|default('postgresql') }}
-            - name: DATABASE_PORT
-              value: "{{ pg_port|default('5432') }}"
-            - name: DATABASE_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: "{{ kubernetes_deployment_name }}-secrets"
-                  key: pg_password
-            - name: MEMCACHED_HOST
-              value: {{ memcached_hostname|default('localhost') }}
-            - name: RABBITMQ_HOST
-              value: {{ rabbitmq_hostname|default('localhost') }}
-            - name: AWX_ADMIN_USER
-              value: {{ admin_user }}
-            - name: AWX_ADMIN_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: "{{ kubernetes_deployment_name }}-secrets"
-                  key: admin_password
           resources:
             requests:
               memory: "{{ task_mem_request }}Gi"
@@ -312,12 +267,14 @@ spec:
               - key: secret_key
                 path: SECRET_KEY
 
-        - name: "{{ kubernetes_deployment_name }}-confd"
+        - name: "{{ kubernetes_deployment_name }}-application-credentials"
           secret:
             secretName: "{{ kubernetes_deployment_name }}-secrets"
             items:
-              - key: confd_contents
-                path: 'secrets.py'
+              - key: credentials_py
+                path: 'credentials.py'
+              - key: environment_sh
+                path: 'environment.sh'
 
         - name: rabbitmq-config
           configMap:

diff --git a/installer/roles/kubernetes/templates/environment.sh.j2 b/installer/roles/kubernetes/templates/environment.sh.j2
@@ -0,0 +1,7 @@
+DATABASE_USER={{ pg_username }}
+DATABASE_NAME={{ pg_database }}
+DATABASE_HOST={{ pg_hostname|default('postgresql') }}
+DATABASE_PORT={{ pg_port|default('5432') }}
+DATABASE_PASSWORD={{ pg_password }}
+MEMCACHED_HOST={{ memcached_hostname|default('localhost') }}
+RABBITMQ_HOST={{ rabbitmq_hostname|default('localhost') }}
diff --git a/installer/roles/kubernetes/templates/management-pod.yml.j2 b/installer/roles/kubernetes/templates/management-pod.yml.j2
@@ -14,7 +14,7 @@ spec:
           mountPath: "/etc/tower"
           readOnly: true
 
-        - name: "{{ kubernetes_deployment_name }}-confd"
+        - name: "{{ kubernetes_deployment_name }}-application-credentials"
           mountPath: "/etc/tower/conf.d/"
           readOnly: true
       resources:
@@ -37,11 +37,11 @@ spec:
           - key: secret_key
             path: SECRET_KEY
 
-    - name: "{{ kubernetes_deployment_name }}-confd"
+    - name: "{{ kubernetes_deployment_name }}-application-credentials"
       secret:
         secretName: "{{ kubernetes_deployment_name }}-secrets"
         items:
-          - key: confd_contents
-            path: 'secrets.py'
+          - key: credentials_py
+            path: 'credentials.py'
 
   restartPolicy: Never
diff --git a/installer/roles/kubernetes/templates/secret.yml.j2 b/installer/roles/kubernetes/templates/secret.yml.j2
@@ -10,4 +10,5 @@ data:
   pg_password: "{{ pg_password | b64encode }}"
   rabbitmq_password: "{{ rabbitmq_password | b64encode }}"
   rabbitmq_erlang_cookie: "{{ rabbitmq_erlang_cookie | b64encode }}"
-  confd_contents: "{{ lookup('template', 'credentials.py.j2') | b64encode }}"
+  credentials_py: "{{ lookup('template', 'credentials.py.j2') | b64encode }}"
+  environment_sh: "{{ lookup('template', 'environment.sh.j2') | b64encode }}"
diff --git a/installer/roles/local_docker/defaults/main.yml b/installer/roles/local_docker/defaults/main.yml
@@ -10,4 +10,6 @@ rabbitmq_default_username: "guest"
 rabbitmq_default_password: "guest"
 
 postgresql_version: "9.6"
-postgresql_image: "postgres:{{postgresql_version}}"
+postgresql_image: "postgres:{{postgresql_version}}"
+
+docker_compose_dir: "/var/lib/awx"
diff --git a/installer/roles/local_docker/tasks/compose.yml b/installer/roles/local_docker/tasks/compose.yml
@@ -10,6 +10,21 @@
     dest: "{{ docker_compose_dir }}/docker-compose.yml"
   register: awx_compose_config
 
+- name: Render secrets file
+  template:
+    src: environment.sh.j2
+    dest: "{{ docker_compose_dir }}/environment.sh"
+
+- name: Render application credentials
+  template:
+    src: credentials.py.j2
+    dest: "{{ docker_compose_dir }}/credentials.py"
+
+- name: Render SECRET_KEY file
+  copy:
+    content: "{{ secret_key }}"
+    dest: "{{ docker_compose_dir }}/SECRET_KEY"
+
 - name: Start the containers
   docker_service:
     project_src: "{{ docker_compose_dir }}"

diff --git a/installer/roles/local_docker/tasks/main.yml b/installer/roles/local_docker/tasks/main.yml
@@ -1,7 +1,2 @@
 - import_tasks: set_image.yml
-
-- import_tasks: standalone.yml
-  when: not (use_docker_compose | default(False) | bool)
-
 - import_tasks: compose.yml
-  when: use_docker_compose | default(False) | bool
diff --git a/installer/roles/local_docker/tasks/standalone.yml b/installer/roles/local_docker/tasks/standalone.yml