ansible / awx-operator Goto Github PK
View Code? Open in Web Editor NEWAn Ansible AWX operator for Kubernetes built with Operator SDK and Ansible. ๐ค
Home Page: https://www.github.com/ansible/awx
License: Apache License 2.0
An Ansible AWX operator for Kubernetes built with Operator SDK and Ansible. ๐ค
Home Page: https://www.github.com/ansible/awx
License: Apache License 2.0
Following the default example given awx-operator fails to create the deployments. The following error is given.
{ "level": "error", "ts": 1594441722.4744725, "logger": "cmd", "msg": "Proxy or operator exited with error.", "Namespace": "", "error": "no matches for kind \"AWX\" in version \"awx.ansible.com/v1beta1\"", "stacktrace": "github.com/go-logr/zapr.(*zapLogger).Error\n\tpkg/mod/github.com/go-logr/[email protected]/zapr.go:128\ngithub.com/operator-framework/operator-sdk/pkg/ansible.Run\n\tsrc/github.com/operator-framework/operator-sdk/pkg/ansible/run.go:196\ngithub.com/operator-framework/operator-sdk/cmd/operator-sdk/execentrypoint.newRunAnsibleCmd.func1\n\tsrc/github.com/operator-framework/operator-sdk/cmd/operator-sdk/execentrypoint/ansible.go:44\ngithub.com/spf13/cobra.(*Command).execute\n\tpkg/mod/github.com/spf13/[email protected]/command.go:826\ngithub.com/spf13/cobra.(*Command).ExecuteC\n\tpkg/mod/github.com/spf13/[email protected]/command.go:914\ngithub.com/spf13/cobra.(*Command).Execute\n\tpkg/mod/github.com/spf13/[email protected]/command.go:864\nmain.main\n\tsrc/github.com/operator-framework/operator-sdk/cmd/operator-sdk/main.go:39\nruntime.main\n\t/home/travis/.gimme/versions/go1.13.10.linux.amd64/src/runtime/proc.go:203" }
ISSUE TYPE
Bug Report
SUMMARY
Provisioning callback url is not working as it is pointed to ingress and converting the ip address of the EC2 instances (from where the request is fired) to the ip of worker node of EKS cluster.
ENVIRONMENT
AWX version: 9.0.1
AWX install method: kubernetes
Ansible version: 2.8.5
Operating System: Coreos
STEPS TO REPRODUCE
curl --data "host_config_key=5a8ec154832b780b9bdef1061764ae5a" https://ansible-awx.dev.xxx-cloud.com:443/api/v2/job_templates/22/callback/
EXPECTED RESULTS
Callback to initiate ansible playbook run defined on job template
ACTUAL RESULTS
curl: (22) The requested URL returned error: 400 Bad Request
2021-02-04 05:37:54,381 WARNING django.request Bad Request: /api/v2/job_templates/22/callback/
2021-02-04 05:37:54,381 WARNING django.request Bad Request: /api/v2/job_templates/22/callback/
[pid: 85|app: 0|req: 327/877] 10.3.68.206 () {50 vars in 790 bytes} [Thu Feb 4 05:37:54 2021] POST /api/v2/job_templates/22/callback/ => generated 42 bytes in 219 msecs (HTTP/1.1 400) 10 headers in 317 bytes (1 switches on core 0)
10.6.68.206 - - [04/Feb/2021:05:37:54 +0000] "POST /api/v2/job_templates/22/callback/ HTTP/1.1" 400 42 "-" "curl/7.61.1" "10.6.67.20"
RESULT 2
OKREADY
ADDITIONAL INFORMATION
REMOTE_HOST_HEADERS has been set as ['HTTP_X_FORWARDED_FOR, REMOTE_HOST']
IP received on above result is a worker node ip instead of an EC2 instance ip.
It would be helpful to have a guide for upgrading the installations after the initial deployment.
It would be nice to be able to configure your authentication system of choice via the tower/awx custom resource. This could look something like:
tower_authentcation:
ldap:
.... some set of ldap settings/filters ....
.... potentially some custom CA if necessaryy ....
The operator would truly be beneficial for users if they could configure projects, job templates, workflows, etc... via K8s CRDs.
With the move of this operator, is this only looking to target AWX? Or will this continue to support Ansible Tower as well?
Kubernetes version : Server Version: version.Info{Major:"1", Minor:"20+", GitVersion:"v1.20.1-34+e7db93d188d0d1", GitCommit:"e7db93d188d0d12f2fe5336d1b85cdb94cb909d3", GitTreeState:"clean", BuildDate:"2021-01-11T23:50:46Z", GoVersion:"go1.15.6", Compiler:"gc", Platform:"linux/amd64"}
The ingress is not working properly. Everything else is ok.
In some use cases, Id like to only run Tower/AWX inside the cluster, but rely on an external set of postgres databases that I'm already operating. As part of the operator, I'd like to be able to point to this database instead of spinning one up in the cluster.
Right now, the operator spins up Tower but still has a manual process to supply an appropriate license. It would be great to be able to be able to declaratively supply the license via the existing CR or additional CR's with this operator.
This could then be a good model for other awx/tower components to be supplied declaratively as part of your deployment (inventories, credentials, etc.)
In https://raw.githubusercontent.com/ansible/awx-operator/devel/deploy/awx-operator.yaml
Line: 175
Type should be "boolean" and not "bool"
Else you get the error
kubectl apply -f awx.yaml
The AWX "awx" is invalid: spec.external_database: Invalid value: "boolean": spec.external_database in body must be of type bool: "boolean"
As a new user lands on the README today, she it pointed to go and run the following command:
#> kubectl apply -f https://raw.githubusercontent.com/ansible/awx-operator/devel/deploy/awx-operator.yaml
This file currently, makes the operator image points to
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: awx-operator
spec:
replicas: 1
selector:
matchLabels:
name: awx-operator
template:
metadata:
labels:
name: awx-operator
spec:
serviceAccountName: awx-operator
containers:
- name: awx-operator
image: "quay.io/ansible/awx-operator:0.6.0"
imagePullPolicy: "Always"
They have been drastic changes between 0.6.0
and current operator in devel
leading to some uncompatible deployment scenarios.
Having a post-merge build developer/contributor could point to in order to be able to deploy latest everything would offer a better experience.
awx operator from git (f4b619a)
awx 15.0.1
kubernetes 1.18.8 (AKS)
If I create an awxs resource, the operator does create the postgres database and awx pod, but the task container doesn't seem to seed the database (even after allowing several hours, I still get errors like:
2020-11-11 09:38:10,649 WARNING awx.main.dispatch.periodic periodic beat started
Traceback (most recent call last):
File "/var/lib/awx/venv/awx/lib/python3.6/site-packages/django/db/backends/utils.py", line 84, in _execute
return self.cursor.execute(sql, params)
psycopg2.errors.UndefinedColumn: column main_instance.ip_address does not exist
LINE 1: SELECT (1) AS "a" FROM "main_instance" WHERE ("main_instance...
if I shell into the task container, and manually run migrate, it says there are no migrations pending, and that it can connect to the database.
bash-4.4$ awx-manage migrate
Operations to perform:
Apply all migrations: auth, conf, contenttypes, main, oauth2_provider, sessions, sites, social_django, sso, taggit
Running migrations:
No migrations to apply.
bash-4.4$ awx-manage check_db
Database Version: PostgreSQL 10.14 (Debian 10.14-1.pgdg90+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 6.3.0-18+deb9u1) 6.3.0 20170516, 64-bit
I don't see any errors (and very little at all) in the task containers logs regarding migration.
Funny thing is, this same configuration worked for me before, but I can't see where to troubleshoot it.
Hello Ansible Team!
I use Ansible AWX operator ~1 month and recently I started to get errors with Microsoft oauth (it worked fine before).
When backend receives MS oauth ticket it goes down and I don't know why and how to fix it.
Log example:
Fri Nov 20 14:40:42 2020 - *** HARAKIRI ON WORKER 2 (pid: 83, try: 1) ***
Fri Nov 20 14:40:42 2020 - HARAKIRI !!! worker 2 status !!!
Fri Nov 20 14:40:42 2020 - HARAKIRI [core 0] 172.17.176.122 - GET /sso/complete/azuread-oauth2/?code=0.AS8APW17qF7Ym02HBGrtdqSURCAv2PPkSBlDv0l-6sfh_cgvAME.AQABAAIAAAB2UyzwtQEKR7-rYcChUZzztB7g37Xbuo0KyqwGe5wlliAA&state=gyEMxxLQhlhWe7FLZk9TVbVx3xqaBsXR&session_state=ad627b1a-92f3-494a-8609-f1606594f71a since 1605883121
Fri Nov 20 14:40:42 2020 - HARAKIRI !!! end of worker 2 status !!!
DAMN ! worker 2 (pid: 83) died, killed by signal 9 :( trying respawn ...
Respawned uWSGI worker 2 (new pid: 267)
WSGI app 0 (mountpoint='') ready in 3 seconds on interpreter 0x229d510 pid: 267 (default app)
Could you give me any help/advice how to resolve this?
Thanks in advance!
With best regards,
Andrey
Original issue: https://github.com/ansible/tower-packaging/issues/1052
ISSUE TYPE
Enhancement - provide the option to add a custom LDAP AUTH configuration using a custom PEM file during installation, if desired or required by security policies.
SUMMARY
This solution requires two new custom files, and modifications to two existing files:
New files
roles/kubernetes/templates/EXAMPLE.pem.j2
roles/kubernetes/templates/ldap.py.j2
Existing files
roles/kubernetes/templates/deployment.yml.j2
roles/kubernetes/templates/secret.yml.j2
DETAILS
The EXAMPLE.pem file would contain all the custom certificates that are required by the user.
The ldap.py.j2 file would contain the AUTH_LDAP_GOLBAL_OPTIONS directive and pull the cert information from the custom PEM file:
AUTH_LDAP_GLOBAL_OPTIONS = { ldap.OPT_X_TLS_REQUIRE_CERT: True, ldap.OPT_X_TLS_CACERTFILE: "/etc/openldap/certs/EXAMPLE.pem" }
This code would be added to the deployment.yml.j2 file:
(in the "volumeMounts:" section of the "{{ kubernetes_deployment_name }}-web" container)
{% if custom_ldap_auth is true %}
- name: "{{ kubernetes_deployment_name }}-application-credentials"
mountPath: "/etc/openldap/certs/EXAMPLE.pem
subPath: EXAMPLE.pem
readOnly: true
- name: "{{ kubernetes_deployment_name }}-application-credentials"
mountPath: "/etc/tower/conf.d/ldap.py"
subPath: ldap.py
readOnly: true
{% endif %}
(listed with the secrets in the "{{ kubernetes_deployment_name }}-application-credentials" volume)
{% if custom_ldap_auth is true %}
- key: EXAMPLE_pem
path: 'EXAMPLE.pem'
- key: ldap_py
path: 'ldap.py'
{% endif %}
The ldap.py variable can be defaulted to false in roles/kubernetes/defaults/main.yml, then changed to "true" to use a custom LDAP auth.
This code would be added to the "data" section of the secret.yml.j2 file:
ldap_py: "{{ lookup('template', 'ldap.py.j2') | b64encode }}"
EXAMPLE_pem: "{{ lookup('template', 'EXAMPLE.pem.j2') | b64encode }}"
NOTE: The YAML code has been tested during installations, but the Jinja2 conditional tests have not.
Currently the ingress template only supports CluterIP and NodePort. Could you please add support for LoadBalancer
I don't see the ansible/tower-operator image published on Docker Hub.
It would be nice to be able to use images from private registries, perhaps something like:
image_pull_secret: NAME_OF_IMAGE_PULL_SECRET
tower_task_image: private.example.com/ansible/awx:14.1.0
I already started a branch that I think might work if this is something worth considering.
If you are trying to use a persistent volume on kubernetes, and then mount it to /var/lib/awx/projects, it is a requirement to mount it to both the awx web and task containers. can we update the docs to reflect this?
Please forgive me if that's a dumb question (new to Kubernetes), but...
I want to add an additional volume to my awx-task container. This simply can be done by configuring the operator and the volume gets mounted. But... with the default permissions (root:root).
So I think it would be fine to have an initContainer that sets proper permissions on the additional volumes. Or am I completely wrong?
I've configured an external database. I've confirmed that the DB is populated with my AWX data, but the operator still deploys postgres on my cluster.
I don't see a parameter I can set to prevent that statefulset from being deployed. Am I missing something?
What is the intended flow for an Ingress with an awx instance created by awx-operator?
For the Ingress to be useful, my ingress controller (Azure App Gateway, but I think others are similar) requires specific annotations for it to pick up the newly created service, and then cert-manager also looks for tls config inside the Ingress.
I can add those after the install, but will they "stick"? Is that how it's intended to work? It feels a little dirty.
(or should I just be creating the AWX resource and Ingress using say, helm, or a higher-level manifest?)
Hello,
Using this operator I'm getting an issue which I can't really figure out what is going on...
Initially I created this: ansible/awx#9364 but now I'm no longer sure that the issue is on awx side or on this operator side :/
Did anyone see this or can think of anything that could cause this issue?
THanks
Because of the switch from apple to ARM and also the new Raspberry Pi 4 with 8GB of ram, it would be nice to also have a multi arch image for the operator, that it could be deployed for example on a K3S Raspberry-PI Cluster.
In the latest release of the operator, it looks like the deployment has gone from each components having its own deployment (task, web, etc.) to all containers being inside a single pod. Was there a technical reason behind this? Seems like this would cause issues if you wanted things to scale independently of each other moving forward (i.e. only scale web due to increased traffic, etc.)
Version: Latest(0.5.0)
Issue:
The latest commit here, bd443e3 breaks the operator with the following message:
Tylers-MBP:Ansible-K8 Tyler$ kubectl logs pod/awx-operator-86f564764-n9ft7
Error from server (NotFound): pods "awx-operator-86f564764-n9ft7" not found
Tylers-MBP:Ansible-K8 Tyler$ kubectl logs pod/awx-operator-86f564764-n9ft7 -n kube-system
error: a container name must be specified for pod awx-operator-86f564764-n9ft7, choose one of: [ansible operator]
Tylers-MBP:Ansible-K8 Tyler$ kubectl logs pod/awx-operator-86f564764-n9ft7 -n kube-system -c operator
{"level":"info","ts":1601993091.464553,"logger":"cmd","msg":"Go Version: go1.13.10"}
{"level":"info","ts":1601993091.4646068,"logger":"cmd","msg":"Go OS/Arch: linux/amd64"}
{"level":"info","ts":1601993091.4646182,"logger":"cmd","msg":"Version of operator-sdk: v0.17.0"}
{"level":"info","ts":1601993091.4649062,"logger":"cmd","msg":"Watching all namespaces.","Namespace":""}
{"level":"info","ts":1601993091.8745167,"logger":"controller-runtime.metrics","msg":"metrics server is starting to listen","addr":"0.0.0.0:8383"}
{"level":"info","ts":1601993091.8752282,"logger":"watches","msg":"Environment variable not set; using default value","envVar":"WORKER_AWX_AWX_ANSIBLE_COM","default":1}
{"level":"info","ts":1601993091.8752596,"logger":"watches","msg":"Environment variable not set; using default value","envVar":"ANSIBLE_VERBOSITY_AWX_AWX_ANSIBLE_COM","default":2}
{"level":"info","ts":1601993091.8753889,"logger":"cmd","msg":"Environment variable not set; using default value","Namespace":"","envVar":"ANSIBLE_DEBUG_LOGS","ANSIBLE_DEBUG_LOGS":false}
{"level":"info","ts":1601993091.875568,"logger":"ansible-controller","msg":"Watching resource","Options.Group":"awx.ansible.com","Options.Version":"v1beta1","Options.Kind":"AWX"}
{"level":"info","ts":1601993091.8757086,"logger":"leader","msg":"Trying to become the leader."}
{"level":"error","ts":1601993092.2871907,"logger":"k8sutil","msg":"Failed to get Pod","Pod.Namespace":"kube-system","Pod.Name":"awx-operator-86f564764-n9ft7","error":"pods \"awx-operator-86f564764-n9ft7\" is forbidden: User \"system:serviceaccount:kube-system:awx-operator\" cannot get resource \"pods\" in API group \"\" in the namespace \"kube-system\"","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error\n\tpkg/mod/github.com/go-logr/[email protected]/zapr.go:128\ngithub.com/operator-framework/operator-sdk/pkg/k8sutil.GetPod\n\tsrc/github.com/operator-framework/operator-sdk/pkg/k8sutil/k8sutil.go:129\ngithub.com/operator-framework/operator-sdk/pkg/leader.myOwnerRef\n\tsrc/github.com/operator-framework/operator-sdk/pkg/leader/leader.go:160\ngithub.com/operator-framework/operator-sdk/pkg/leader.Become\n\tsrc/github.com/operator-framework/operator-sdk/pkg/leader/leader.go:67\ngithub.com/operator-framework/operator-sdk/pkg/ansible.Run\n\tsrc/github.com/operator-framework/operator-sdk/pkg/ansible/run.go:162\ngithub.com/operator-framework/operator-sdk/cmd/operator-sdk/execentrypoint.newRunAnsibleCmd.func1\n\tsrc/github.com/operator-framework/operator-sdk/cmd/operator-sdk/execentrypoint/ansible.go:44\ngithub.com/spf13/cobra.(*Command).execute\n\tpkg/mod/github.com/spf13/[email protected]/command.go:826\ngithub.com/spf13/cobra.(*Command).ExecuteC\n\tpkg/mod/github.com/spf13/[email protected]/command.go:914\ngithub.com/spf13/cobra.(*Command).Execute\n\tpkg/mod/github.com/spf13/[email protected]/command.go:864\nmain.main\n\tsrc/github.com/operator-framework/operator-sdk/cmd/operator-sdk/main.go:39\nruntime.main\n\t/home/travis/.gimme/versions/go1.13.10.linux.amd64/src/runtime/proc.go:203"}
{"level":"error","ts":1601993092.2873535,"logger":"cmd","msg":"Failed to become leader.","Namespace":"","error":"pods \"awx-operator-86f564764-n9ft7\" is forbidden: User \"system:serviceaccount:kube-system:awx-operator\" cannot get resource \"pods\" in API group \"\" in the namespace \"kube-system\"","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error\n\tpkg/mod/github.com/go-logr/[email protected]/zapr.go:128\ngithub.com/operator-framework/operator-sdk/pkg/ansible.Run\n\tsrc/github.com/operator-framework/operator-sdk/pkg/ansible/run.go:164\ngithub.com/operator-framework/operator-sdk/cmd/operator-sdk/execentrypoint.newRunAnsibleCmd.func1\n\tsrc/github.com/operator-framework/operator-sdk/cmd/operator-sdk/execentrypoint/ansible.go:44\ngithub.com/spf13/cobra.(*Command).execute\n\tpkg/mod/github.com/spf13/[email protected]/command.go:826\ngithub.com/spf13/cobra.(*Command).ExecuteC\n\tpkg/mod/github.com/spf13/[email protected]/command.go:914\ngithub.com/spf13/cobra.(*Command).Execute\n\tpkg/mod/github.com/spf13/[email protected]/command.go:864\nmain.main\n\tsrc/github.com/operator-framework/operator-sdk/cmd/operator-sdk/main.go:39\nruntime.main\n\t/home/travis/.gimme/versions/go1.13.10.linux.amd64/src/runtime/proc.go:203"}
time="2020-10-06T14:04:52Z" level=fatal msg="pods \"awx-operator-86f564764-n9ft7\" is forbidden: User \"system:serviceaccount:kube-system:awx-operator\" cannot get resource \"pods\" in API group \"\" in the namespace \"kube-system\""
Expected Behavior: Operator starts and is working
FIX:
Revert to re-add default
as the namespace for the ServiceAccount
and Deployment
, this could be changed to a different namespace than default
however without the namespace being add it seems to default to putting things in the kube-system
namespace.
See: https://groups.google.com/forum/#!topic/awx-project/rxUjrWsfO9A
This is a major new release of AWX, and the images for the web/task containers are now unified (like in Tower downstream). There might need to be one or two other small changes, not sure, but the main one is the new image source/structure.
When trying to use this YAML, I get mapping values are not allowed here in the operator logs
---
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
name: awx
spec:
deployment_type: awx
ca_trust_bundle: /etc/ca-bundle/ca_bundle.pem
tower_admin_user: admin
tower_admin_email: <redacted>
tower_replicas: 3
tower_hostname: <redacted>
tower_postgres_configuration_secret: awx-db-configuration
tower_ingress_type: Ingress
tower_ingress_tls_secret: awx-tls-secret
tower_web_extra_env: |2
- name: LDAPTLS_REQCERT
value: "never"
tower_task_extra_env: |2
- name: LDAPTLS_REQCERT
value: "never"
tower_ingress_annotations: |
kubernetes.io/ingress.class: private-iks-k8s-nginx
tower_task_extra_volume_mounts: |
- name: ca-bundle
mountPath: /etc/ca-bundle
tower_extra_volumes: |
- name: ca-bundle
secret:
secretName: awx-ca-bundle
tower_web_extra_volume_mounts: |
- name: ca-bundle
mountPath: /etc/ca-bundle
I've tried every version of spacing.. adding spaces, removing spaces, forcing an indent using |2, |4, nothing I do gets the environment variables to work..
self.get_mark())\\nyaml.scanner.ScannerError: mapping values are not allowed here\\n in \\\"<unicode string>\\\", line 74, column 31:\\n - name: LDAPTLS_REQCERT\\n ^\\n\",
Is it possible to use Nodeport as option to connect to AWX web frontend as per ingress options https://github.com/ansible/awx-operator#ingress-types
Hi,
After trying to test the operator OOTB, i landed into two issues :-
USER root
RUN useradd -m -u 1002670000 -s /sbin/nologin awx-operator
COPY requirements.yml ${HOME}/requirements.yml
RUN ansible-galaxy collection install -c -r ${HOME}/requirements.yml
&& chmod -R ug+rwx ${HOME}/.ansible
COPY watches.yaml ${HOME}/watches.yaml
COPY main.yml ${HOME}/main.yml
COPY roles/ ${HOME}/roles/
USER 1002670000
If there are other solutions for the user , would be grt to get a new build..
thanks
Im getting this error when running apply as readme suggests.
โฏ kubectl apply -f https://raw.githubusercontent.com/ansible/awx-operator/devel/deploy/awx-operator.yaml
clusterrole.rbac.authorization.k8s.io/awx-operator created
clusterrolebinding.rbac.authorization.k8s.io/awx-operator created
serviceaccount/awx-operator created
Warning: apiextensions.k8s.io/v1beta1 CustomResourceDefinition is deprecated in v1.16+, unavailable in v1.22+; use apiextensions.k8s.io/v1 CustomResourceDefinition
customresourcedefinition.apiextensions.k8s.io/awxs.awx.ansible.com created
Error from server (NotFound): error when creating "https://raw.githubusercontent.com/ansible/awx-operator/devel/deploy/awx-operator.yaml": namespaces "pgo " not found
i know about the pgo error, so just ignore it for the sense of this ticket.
After changed v1beta1 to v1, i got this error since they are not compatible.
โฏ k apply -f .\aws-operator.yaml
clusterrole.rbac.authorization.k8s.io/awx-operator configured
clusterrolebinding.rbac.authorization.k8s.io/awx-operator unchanged
serviceaccount/awx-operator unchanged
error validating ".\\aws-operator.yaml": error validating data: [ValidationError(CustomResourceDefinition.spec): unknown field "subresources" in io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinitionSpec, ValidationError(CustomResourceDefinition.spec): unknown field "validation" in io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinitionSpec, ValidationError(CustomResourceDefinition.spec): unknown field "version" in io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinitionSpec]; if you choose to ignore these errors, turn validation off with --validate=false
Error from server (NotFound): error when creating ".\\aws-operator.yaml": namespaces "pgo " not found
I guess it will be updated when refactor to the new sdk as i have read in other tickets, so this ticket is just to leave the error here.
There a way to create custom env like describe here --> https://github.com/ansible/awx/blob/devel/docs/custom_virtualenvs.md#kubernetes-custom-virtualenvs
Thx a lot
How is https configured with the awx-operator?
Not sure if support for this already exists.
Add support for custom virtual environments much the same way the installer in the awx repo does. Create an init container that would build the venv's and then mount the volume to the awx_task and awx_web containers.
Issue: I am trying to use the VMware inventory plugin vmware_vm_inventory.py
however when running the sync job for it I am getting the following error:
[WARNING]: * Failed to parse /tmp/awx_44_4bjjtmsl/vmware_vm_inventory.yml with
auto plugin: inventory config '/tmp/awx_44_4bjjtmsl/vmware_vm_inventory.yml'
spcifies unknown plugin 'community.vmware.vmware_vm_inventory'
Image: awx:14.1.0
Source Variables:
---
validate_certs: False
alias_pattern: "{{ config.name }}"
groupby_patterns: "{{ config.guestFullName | lower }},{{ guest['net'][0]['network'] | lower }}"
host_filters: "{{ runtime.powerState == 'poweredOn' }},{{ 'VMware' not in config.annotation }},{{ 'esxi' not in config.name }},{{'msc-lex' in config.name }}"
lower_var_keys: True
max_object_level: 1
host_pattern: "{{ guest.hostname }}"
Full output of debug:
4.306 INFO Updating inventory 2: VMWARE-all
5.349 DEBUG Using base command: python /usr/bin/ansible-inventory -i /tmp/awx_44_4bjjtmsl/vmware_vm_inventory.yml --playbook-dir /tmp/awx_44_4bjjtmsl -vvvvv
5.350 INFO Reading Ansible inventory source: /tmp/awx_44_4bjjtmsl/vmware_vm_inventory.yml
5.358 INFO Using VIRTUAL_ENV: /var/lib/awx/venv/ansible
5.358 INFO Using PATH: /var/lib/awx/venv/ansible/bin:/var/lib/awx/venv/awx/bin:/usr/pgsql-10/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
5.358 INFO Using PYTHONPATH: /var/lib/awx/venv/ansible/lib/python3.6/site-packages:
Traceback (most recent call last):
File "/var/lib/awx/venv/awx/bin/awx-manage", line 8, in <module>
sys.exit(manage())
File "/var/lib/awx/venv/awx/lib/python3.6/site-packages/awx/__init__.py", line 154, in manage
execute_from_command_line(sys.argv)
File "/var/lib/awx/venv/awx/lib/python3.6/site-packages/django/core/management/__init__.py", line 381, in execute_from_command_line
utility.execute()
File "/var/lib/awx/venv/awx/lib/python3.6/site-packages/django/core/management/__init__.py", line 375, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
File "/var/lib/awx/venv/awx/lib/python3.6/site-packages/django/core/management/base.py", line 323, in run_from_argv
self.execute(*args, **cmd_options)
File "/var/lib/awx/venv/awx/lib/python3.6/site-packages/django/core/management/base.py", line 364, in execute
output = self.handle(*args, **options)
File "/var/lib/awx/venv/awx/lib/python3.6/site-packages/awx/main/management/commands/inventory_import.py", line 1149, in handle
raise exc
File "/var/lib/awx/venv/awx/lib/python3.6/site-packages/awx/main/management/commands/inventory_import.py", line 1039, in handle
venv_path=venv_path, verbosity=self.verbosity).load()
File "/var/lib/awx/venv/awx/lib/python3.6/site-packages/awx/main/management/commands/inventory_import.py", line 215, in load
return self.command_to_json(base_args + ['--list'])
File "/var/lib/awx/venv/awx/lib/python3.6/site-packages/awx/main/management/commands/inventory_import.py", line 198, in command_to_json
self.method, proc.returncode, stdout, stderr))
RuntimeError: ansible-inventory failed (rc=1) with stdout:
stderr:
ansible-inventory 2.9.11
config file = /etc/ansible/ansible.cfg
configured module search path = ['/var/lib/awx/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.6/site-packages/ansible
executable location = /usr/bin/ansible-inventory
python version = 3.6.8 (default, Apr 16 2020, 01:36:27) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]
Using /etc/ansible/ansible.cfg as config file
setting up inventory plugins
[WARNING]: * Failed to parse /tmp/awx_44_4bjjtmsl/vmware_vm_inventory.yml with
auto plugin: inventory config '/tmp/awx_44_4bjjtmsl/vmware_vm_inventory.yml'
specifies unknown plugin 'community.vmware.vmware_vm_inventory'
File "/usr/lib/python3.6/site-packages/ansible/inventory/manager.py", line 280, in parse_source
plugin.parse(self._inventory, self._loader, source, cache=cache)
File "/usr/lib/python3.6/site-packages/ansible/plugins/inventory/auto.py", line 53, in parse
raise AnsibleParserError("inventory config '{0}' specifies unknown plugin '{1}'".format(path, plugin_name))
[WARNING]: Unable to parse /tmp/awx_44_4bjjtmsl/vmware_vm_inventory.yml as an
inventory source
ERROR! No inventory was parsed, please check your configuration and options.
I have validated that the script is on the box and located here(with permission denied
messages removed for clarity):
Tylers-MBP:Ansible-K8 Tyler$ kubectl exec -it pod/awx-79c6cc456b-r74zt -n ansible-awx -c awx-task -- find / -name vmware_vm_inventory.py
/var/lib/awx/vendor/awx_ansible_collections/ansible_collections/community/vmware/plugins/inventory/vmware_vm_inventory.py
/usr/lib/python3.6/site-packages/ansible/plugins/inventory/vmware_vm_inventory.py
Hello, First of all thank you very much for your contribution to an operator for AWX :) I love this project. Now I would like to know if it is possible to deploy postgresql in HA on 2 or ++ node K8s. As proposed by this helm chart provided by bitnami.
https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha
I know I could use an external DB and use this chart to do PostgreSQL deployment but I prefer to ask before using another tool. Thank you!!!
What is the recommenced approach to adding custom modules (ex, PyWinRM) or making other needed changes in the containers without modifying the image itself?
After deploying AWX (using awx-operator) there is no secret awx-admin-password
, there is a secret awx-secret-key
which is not accepted for the password. I tried to give tower_admin_password_secret
variable, but the secret isn't created either.
So the AWX is deployed, the login page is opened, but there is no way to login.
It would be nice to be able to run a clustered set of AWX / Towers as part of this operator as mentioned here: https://docs.ansible.com/ansible-tower/latest/html/administration/clustering.html.
After creating a Container Instance and giving OCP credentials then using a template that calls this Instance the Pod never starts up and the awx-task log show the following error:
2020-12-10 19:43:21,612 DEBUG awx.main.dispatch task 75f3a246-7e1f-4944-b162-920ea6ffcaeb starting awx.main.tasks.awx_periodic_scheduler([])
2020-12-10 19:43:21,621 DEBUG awx.main.tasks Starting periodic scheduler
2020-12-10 19:43:21,624 DEBUG awx.main.tasks Last scheduler run was: 2020-12-10 19:42:51.606794+00:00
2020-12-10 19:43:31,629 DEBUG awx.main.dispatch task e4fdddad-a886-4e10-96b0-857a6986dd41 starting awx.main.scheduler.tasks.run_task_manager([])
2020-12-10 19:43:31,631 DEBUG awx.main.scheduler Running Tower task manager.
2020-12-10 19:43:31,637 DEBUG awx.main.scheduler Starting Scheduler
2020-12-10 19:43:31,736 ERROR awx.main.dispatch Worker failed to run task awx.main.scheduler.tasks.run_task_manager(*[], **{}
Traceback (most recent call last):
File "/var/lib/awx/venv/awx/lib/python3.6/site-packages/awx/main/dispatch/worker/task.py", line 86, in perform_work
result = self.run_callable(body)
File "/var/lib/awx/venv/awx/lib/python3.6/site-packages/awx/main/dispatch/worker/task.py", line 62, in run_callable
return _call(*args, **kwargs)
File "/var/lib/awx/venv/awx/lib/python3.6/site-packages/awx/main/scheduler/tasks.py", line 16, in run_task_manager
TaskManager().schedule()
File "/var/lib/awx/venv/awx/lib/python3.6/site-packages/awx/main/scheduler/task_manager.py", line 644, in schedule
self._schedule()
File "/var/lib/awx/venv/awx/lib/python3.6/site-packages/awx/main/scheduler/task_manager.py", line 632, in _schedule
self.process_tasks(all_sorted_tasks)
File "/var/lib/awx/venv/awx/lib/python3.6/site-packages/awx/main/scheduler/task_manager.py", line 598, in process_tasks
self.process_pending_tasks(pending_tasks)
File "/var/lib/awx/venv/awx/lib/python3.6/site-packages/awx/main/scheduler/task_manager.py", line 511, in process_pending_tasks
self.start_task(task, rampart_group, task.get_jobs_fail_chain(), None)
File "/var/lib/awx/venv/awx/lib/python3.6/site-packages/awx/main/scheduler/task_manager.py", line 287, in start_task
match = group.fit_task_to_most_remaining_capacity_instance(task)
TypeError: fit_task_to_most_remaining_capacity_instance() missing 1 required positional argument: 'instances'
awx-operator: 15.0.1
Openshift: 4.5.20
Hi,
I'm trying to get awx running with minikube but after kubectl apply I see the error form the subject.
Do I have to authorize something so it gets access to quay.io?
It appears as though trying to apply a basic file, generates errors about unknown fields.
error: error validating "my-awx.yaml": error validating data: [ValidationError(AWX.spec): unknown field "tower_admin_email" in com.ansible.awx.v1beta1.AWX.spec, ValidationError(AWX.spec): unknown field "tower_admin_password" in com.ansible.awx.v1beta1.AWX.spec, ValidationError(AWX.spec): unknown field "tower_admin_user" in com.ansible.awx.v1beta1.AWX.spec, ValidationError(AWX.spec): unknown field "tower_broadcast_websocket_secret" in com.ansible.awx.v1beta1.AWX.spec, ValidationError(AWX.spec): unknown field "tower_extra_volumes" in com.ansible.awx.v1beta1.AWX.spec, ValidationError(AWX.spec): unknown field "tower_hostname" in com.ansible.awx.v1beta1.AWX.spec, ValidationError(AWX.spec): unknown field "tower_ingress_annotations" in com.ansible.awx.v1beta1.AWX.spec, ValidationError(AWX.spec): unknown field "tower_ingress_type" in com.ansible.awx.v1beta1.AWX.spec, ValidationError(AWX.spec): unknown field "tower_replicas" in com.ansible.awx.v1beta1.AWX.spec, ValidationError(AWX.spec): unknown field "tower_task_extra_volume_mounts" in com.ansible.awx.v1beta1.AWX.spec, ValidationError(AWX.spec): unknown field "tower_web_extra_volume_mounts" in com.ansible.awx.v1beta1.AWX.spec]; if you choose to ignore these errors, turn validation off with --validate=false
Hi,
is there already a helm chart available for the AWX operator?
Regards,
Andreas
Filing this issue to keep tabs on this issue. The use of shell
when a module exists makes me sad.
Would be good to have a contributors guide so that folks could understand what kind of guidelines there are for getting involved here.
Version: 0.5.0
Issue:
The AWX_ANSIBLE_COLLECTIONS_PATHS = '/var/lib/awx/vendor/awx_ansible_collections'
is not being set still in the lastest version of the operator. Without this it is not possible to use the VMware inventory plugin.
FIX:
Ensure that the latest version that is built picks up the changes to the https://github.com/ansible/awx-operator/blob/devel/roles/awx/templates/tower_config.yaml.j2 template
Currently the service account for the operator is created in the default
namespace by default. This should be corrected so that it is created/deployed into the same namespace that the operator is deployed to.
Hello, guys!
I tried to run AWX Operator in K8s with external DB but I got an error on a step "Create preload data if necessary"
Logs from operator pod, ansible container:
Logs from ansible pod, aawx-task container:
What this error stands for and how can I fix it?
Thanks in advance!
I believe for a majority of OpenShift 4.X releases, you can use an ingress object to generate a corresponding Route. So in theory, we should be able to simplify the current logic in place and then only have to maintain a single template for creating ingress (vs. the current Route v. Ingress templates and logic that are in place now).
I guess the only question here is there a targeted version of K8S/OCP that this operator looks to target? As that would be the only note that we may want to put in place before making this change
I had deployed AWX 17.0.1 about 4 days ago with this operator, everything worked like a charm :)
However the current state of develop produces the following error:
error: error validating "/tmp/euwrrk5z": error validating data: [ValidationError(AWX.spec): unknown field "deployment_type" in com.ansible.awx.v1beta1.AWX.spec, ValidationError(AWX.spec): unknown field "tower_admin_password" in com.ansible.awx.v1beta1.AWX.spec, ValidationError(AWX.spec): unknown field "tower_admin_user" in com.ansible.awx.v1beta1.AWX.spec, ValidationError(AWX.spec): unknown field "tower_broadcast_websocket_secret" in com.ansible.awx.v1beta1.AWX.spec, ValidationError(AWX.spec): unknown field "tower_image" in com.ansible.awx.v1beta1.AWX.spec, ValidationError(AWX.spec): unknown field "tower_ingress_annotations" in com.ansible.awx.v1beta1.AWX.spec, ValidationError(AWX.spec): unknown field "tower_ingress_tls_secret" in com.ansible.awx.v1beta1.AWX.spec, ValidationError(AWX.spec): unknown field "tower_postgres_storage_class" in com.ansible.awx.v1beta1.AWX.spec]; if you choose to ignore these errors, turn validation off with --validate=false
If i use the tag 0.6.0 of the operator all values in my spec are ignored and awx is always deployed with the default values.
Here's my deployment:
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
name: awx
namespace: ndo
spec:
tower_admin_email: [email protected]
tower_admin_password: changeme
tower_admin_user: changeme
tower_broadcast_websocket_secret: changeme
tower_hostname: awx.dev03.ndo
tower_image: ansible/awx:17.0.1
tower_ingress_annotations: |-
nginx.ingress.kubernetes.io/proxy-body-size: '0'
nginx.ingress.kubernetes.io/proxy-read-timeout: '600'
nginx.ingress.kubernetes.io/proxy-send-timeout: '600'
cert-manager.io/cluster-issuer: "ca-issuer"
tower_ingress_tls_secret: awx-tls-secret
tower_ingress_type: Ingress
tower_postgres_storage_class: longhorn
Am I missing something? Was the spec changed?
Brand new openshift cluster, run the command:
kubectl apply -f https://raw.githubusercontent.com/ansible/awx-operator/devel/deploy/awx-operator.yaml
and get the following output:
clusterrole.rbac.authorization.k8s.io/awx-operator created
clusterrolebinding.rbac.authorization.k8s.io/awx-operator created
serviceaccount/awx-operator created
customresourcedefinition.apiextensions.k8s.io/awxs.awx.ansible.com created
The Deployment "awx-operator" is invalid: spec.template.metadata.labels: Invalid value: map[string]string{"name":"awx-operator"}: `selector` does not match template `labels`
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.