Обновить ansible/deploy_awx_k8s.yml
This commit is contained in:
@@ -1,92 +1,127 @@
|
|||||||
---
|
---
|
||||||
- name: Deploy latest AWX on Kubernetes using AWX Operator
|
- name: Deploy latest stable AWX using AWX Operator on Kubernetes
|
||||||
hosts: localhost
|
hosts: localhost
|
||||||
connection: local
|
connection: local
|
||||||
become: false
|
become: false
|
||||||
gather_facts: false
|
gather_facts: false
|
||||||
|
|
||||||
vars:
|
vars:
|
||||||
awx_namespace: awx
|
# Основные параметры — лучше переопределять в Semaphore Variable Group
|
||||||
awx_operator_version: 2.19.1 # Latest as of available releases; corresponds to AWX 24.6.1
|
awx_namespace: "{{ awx_namespace | default('awx') }}"
|
||||||
awx_instance_name: awx-demo
|
awx_instance_name: "{{ awx_instance_name | default('awx') }}"
|
||||||
awx_service_type: nodeport # Change to 'clusterip' if using ingress or on OpenShift
|
awx_service_type: "{{ awx_service_type | default('NodePort') }}" # NodePort / ClusterIP / LoadBalancer
|
||||||
|
awx_operator_version: "{{ awx_operator_version | default('2.19.1') }}" # 2.19.1 → AWX 24.6.x (последняя стабильная на конец 2025)
|
||||||
|
|
||||||
collections:
|
# Путь к kubeconfig внутри контейнера Semaphore
|
||||||
- kubernetes.core
|
kubeconfig_path: "/home/semaphore/.kube/config"
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- name: Ensure kubernetes.core collection is installed
|
- name: Fail if kubeconfig not found
|
||||||
command: ansible-galaxy collection install kubernetes.core
|
ansible.builtin.stat:
|
||||||
changed_when: false
|
path: "{{ kubeconfig_path }}"
|
||||||
ignore_errors: true # In case already installed
|
register: kubeconfig_stat
|
||||||
|
failed_when: not kubeconfig_stat.stat.exists
|
||||||
|
delegate_to: localhost
|
||||||
|
|
||||||
- name: Create AWX namespace
|
- name: Install kubernetes python library (fallback)
|
||||||
k8s:
|
ansible.builtin.pip:
|
||||||
|
name: kubernetes>=25.3.0
|
||||||
state: present
|
state: present
|
||||||
|
delegate_to: localhost
|
||||||
|
ignore_errors: true # если уже стоит через /etc/semaphore/requirements.txt
|
||||||
|
|
||||||
|
- name: Create namespace for AWX
|
||||||
|
kubernetes.core.k8s:
|
||||||
|
state: present
|
||||||
|
kubeconfig: "{{ kubeconfig_path }}"
|
||||||
definition:
|
definition:
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Namespace
|
kind: Namespace
|
||||||
metadata:
|
metadata:
|
||||||
name: "{{ awx_namespace }}"
|
name: "{{ awx_namespace }}"
|
||||||
kubeconfig: /home/semaphore/.kube/config
|
|
||||||
|
|
||||||
- name: Set current namespace context (optional, for convenience)
|
- name: Apply AWX Operator (via kustomize from github)
|
||||||
command: kubectl config set-context --current --namespace={{ awx_namespace }}
|
ansible.builtin.command:
|
||||||
changed_when: false
|
cmd: >-
|
||||||
|
|
||||||
- name: Install AWX Operator using kustomize
|
|
||||||
command: >-
|
|
||||||
kubectl apply -k "github.com/ansible/awx-operator/config/default?ref={{ awx_operator_version }}"
|
kubectl apply -k "github.com/ansible/awx-operator/config/default?ref={{ awx_operator_version }}"
|
||||||
|
creates: "{{ kubeconfig_path }}" # dummy — чтобы не повторять каждый раз
|
||||||
environment:
|
environment:
|
||||||
KUBECONFIG: /home/semaphore/.kube/config
|
KUBECONFIG: "{{ kubeconfig_path }}"
|
||||||
changed_when: false
|
changed_when: true
|
||||||
|
register: operator_apply
|
||||||
|
failed_when: operator_apply.rc != 0 and 'already exists' not in operator_apply.stderr
|
||||||
|
|
||||||
- name: Wait for AWX Operator to be ready
|
- name: Wait for AWX Operator deployment to be ready
|
||||||
k8s_info:
|
kubernetes.core.k8s_info:
|
||||||
|
kubeconfig: "{{ kubeconfig_path }}"
|
||||||
api_version: apps/v1
|
api_version: apps/v1
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
namespace: "{{ awx_namespace }}"
|
|
||||||
name: awx-operator-controller-manager
|
name: awx-operator-controller-manager
|
||||||
register: operator_deployment
|
|
||||||
until: operator_deployment.resources[0].status.readyReplicas == operator_deployment.resources[0].status.replicas
|
|
||||||
retries: 30
|
|
||||||
delay: 10
|
|
||||||
|
|
||||||
- name: Create AWX instance
|
|
||||||
k8s:
|
|
||||||
state: present
|
|
||||||
namespace: "{{ awx_namespace }}"
|
namespace: "{{ awx_namespace }}"
|
||||||
|
register: operator_status
|
||||||
|
until: >-
|
||||||
|
operator_status.resources[0].status.readyReplicas is defined and
|
||||||
|
operator_status.resources[0].status.readyReplicas == operator_status.resources[0].status.replicas
|
||||||
|
retries: 40
|
||||||
|
delay: 15
|
||||||
|
|
||||||
|
- name: Deploy AWX instance
|
||||||
|
kubernetes.core.k8s:
|
||||||
|
state: present
|
||||||
|
kubeconfig: "{{ kubeconfig_path }}"
|
||||||
definition:
|
definition:
|
||||||
apiVersion: awx.ansible.com/v1beta1
|
apiVersion: awx.ansible.com/v1beta1
|
||||||
kind: AWX
|
kind: AWX
|
||||||
metadata:
|
metadata:
|
||||||
name: "{{ awx_instance_name }}"
|
name: "{{ awx_instance_name }}"
|
||||||
|
namespace: "{{ awx_namespace }}"
|
||||||
spec:
|
spec:
|
||||||
service_type: "{{ awx_service_type }}"
|
service_type: "{{ awx_service_type }}"
|
||||||
|
# Можно добавить/раскомментировать по необходимости:
|
||||||
|
# ingress_type: Ingress
|
||||||
|
# ingress_hostname: awx.your-domain.com
|
||||||
|
# ingress_class_name: nginx
|
||||||
|
# replicas: 1
|
||||||
|
# projects_persistence: true
|
||||||
|
# projects_storage_class: standard
|
||||||
|
# projects_storage_size: 10Gi
|
||||||
|
|
||||||
- name: Wait for AWX pods to be ready
|
- name: Wait for AWX pods to become ready (up to ~10–15 minutes)
|
||||||
k8s_info:
|
kubernetes.core.k8s_info:
|
||||||
|
kubeconfig: "{{ kubeconfig_path }}"
|
||||||
kind: Pod
|
kind: Pod
|
||||||
namespace: "{{ awx_namespace }}"
|
namespace: "{{ awx_namespace }}"
|
||||||
label_selectors:
|
label_selectors:
|
||||||
- "app.kubernetes.io/managed-by=awx-operator"
|
- "app.kubernetes.io/managed-by=awx-operator"
|
||||||
|
- "app.kubernetes.io/name={{ awx_instance_name }}"
|
||||||
register: awx_pods
|
register: awx_pods
|
||||||
until: >-
|
until: >-
|
||||||
awx_pods.resources | selectattr('status.phase', 'equalto', 'Running') | length == awx_pods.resources | length
|
awx_pods.resources | selectattr('status.phase', 'equalto', 'Running') | list | length >= 2 and
|
||||||
|
(awx_pods.resources | selectattr('status.conditions', 'search', 'type: Ready, status: True') | list | length >= 2)
|
||||||
retries: 60
|
retries: 60
|
||||||
delay: 10
|
delay: 20
|
||||||
|
|
||||||
- name: Get AWX admin password
|
- name: Get AWX admin password from secret
|
||||||
k8s_info:
|
kubernetes.core.k8s_info:
|
||||||
|
kubeconfig: "{{ kubeconfig_path }}"
|
||||||
api_version: v1
|
api_version: v1
|
||||||
kind: Secret
|
kind: Secret
|
||||||
namespace: "{{ awx_namespace }}"
|
|
||||||
name: "{{ awx_instance_name }}-admin-password"
|
name: "{{ awx_instance_name }}-admin-password"
|
||||||
register: awx_secret
|
namespace: "{{ awx_namespace }}"
|
||||||
|
register: awx_admin_secret
|
||||||
|
|
||||||
- name: Display AWX access information
|
- name: Show AWX access information
|
||||||
debug:
|
ansible.builtin.debug:
|
||||||
msg: >-
|
msg: |
|
||||||
AWX is deployed. Access it at the NodePort service (use 'kubectl get svc {{ awx_instance_name }}-service -n {{ awx_namespace }}' to find the port).
|
AWX успешно развёрнут!
|
||||||
Default username: admin
|
Namespace: {{ awx_namespace }}
|
||||||
Password: {{ awx_secret.resources[0].data.password | b64decode }}
|
Instance name: {{ awx_instance_name }}
|
||||||
|
Service type: {{ awx_service_type }}
|
||||||
|
|
||||||
|
Получите NodePort для доступа:
|
||||||
|
kubectl get svc {{ awx_instance_name }}-service -n {{ awx_namespace }}
|
||||||
|
|
||||||
|
Логин: admin
|
||||||
|
Пароль: {{ awx_admin_secret.resources[0].data.password | b64decode }}
|
||||||
|
|
||||||
|
Если используете Ingress — настройте его отдельно в spec AWX ресурса.
|
||||||
Reference in New Issue
Block a user