search

ansible / awx-operator

An Ansible AWX operator for Kubernetes built with Operator SDK and Ansible. 🤖
https://www.github.com/ansible/awx
Apache License 2.0
1.26k stars 633 forks source link

Unable to set custom postgres_image #1793

Open Raptus1 opened 8 months ago

Raptus1 commented 8 months ago

Please confirm the following

Bug Summary

When adding the spec postgres_image and postegres_image_version i expected to be able to keep postgres on version 13 instead of the operator updating to postgres 15, but that seems to not be the case as the tasks are nowhere to be found in the operator logs

As you can read, it goes from the task on line 28, and skipped all the tasks inbetween and then goes to create the new database config as if postgres_image and postgres_image_version is not set or as if the tasks are not even there.

Am I missing to change some other default variable or config setting?

AWX Operator version

2.13.1

AWX version

24.0.0

Kubernetes platform

kubernetes

Kubernetes/Platform version

1.28.5

Modifications

no

Steps to reproduce

---
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
  name: awx-dev
  namespace: awx
spec:
  service_type: clusterip
  admin_password_secret: awx-admin-password
  admin_user: admin
  secret_key_secret: awx-secret-key
  image: {{ awx_image }}
  image_version: {{ awx_image_version }}
  image_pull_secrets: 
    - awx-image-pull-secret
  ee_images:
  - name: AWX-EE (LATEST)
    image: {{ awx_ee_image }}:{{ awx_ee_version }}
  - name: AWX-CUSTOM-EE (LATEST)
    image: {{ custom_ee_image }}:{{ custom_ee_version }}
  ee_pull_credentials_secret: awx-dev-ee-pull-credentials
  control_plane_ee_image: {{ control_plane_ee_image }}:{{ awx_control_plane_ee_version }}
  postgres_image: postgres
  postgres_image_version: "13"
  postgres_configuration_secret: awx-dev-postgres-configuration

Secret:

---
apiVersion: v1
kind: Secret
metadata:
  name: awx-dev-postgres-configuration
  namespace: awx
stringData:
  host: "{{ external_postgres_host }}"
  port: "{{ external_postgres_port }}"
  database: awx
  username: "{{ external_postgres_admin_user }}"
  password: "{{ lookup('env','POSTGRES_ADMIN_PASSWORD') }}"
  sslmode: "{{ external_postgres_sslmode }}"
  type: managed
type: Opaque

Expected results

For the operator to set and respect the fact that I set and want to use postgres 13 instead of the latest 15

Actual results

postgres_image is not pushed into fact and therefore it will use _postgres_image defaults instead using the newly added postgres 15

Additional information

No response

Operator Logs

--------------------------- Ansible Task StdOut -------------------------------

TASK [installer : Check for specified old PostgreSQL configuration secret] *****
task path: /opt/ansible/roles/installer/tasks/database_configuration.yml:19

-------------------------------------------------------------------------------
{"level":"info","ts":"2024-03-25T20:34:47Z","logger":"logging_event_handler","msg":"[playbook task start]","name":"awx-dev","namespace":"awx","gvk":"awx.ansible.com/v1beta1, Kind=AWX","event_type":"playbook_on_task_start","job":"8718054308259173113","EventData.Name":"installer : Check for specified old PostgreSQL configuration secret"}
{"level":"info","ts":"2024-03-25T20:34:47Z","logger":"logging_event_handler","msg":"[playbook task start]","name":"awx-dev","namespace":"awx","gvk":"awx.ansible.com/v1beta1, Kind=AWX","event_type":"playbook_on_task_start","job":"8718054308259173113","EventData.Name":"installer : Check for default old PostgreSQL configuration"}

--------------------------- Ansible Task StdOut -------------------------------

TASK [installer : Check for default old PostgreSQL configuration] **************
task path: /opt/ansible/roles/installer/tasks/database_configuration.yml:28

-------------------------------------------------------------------------------
{"level":"info","ts":"2024-03-25T20:34:47Z","logger":"proxy","msg":"Cache miss: /v1, Kind=Secret, awx/awx-dev-old-postgres-configuration"}
{"level":"info","ts":"2024-03-25T20:34:48Z","logger":"logging_event_handler","msg":"[playbook task start]","name":"awx-dev","namespace":"awx","gvk":"awx.ansible.com/v1beta1, Kind=AWX","event_type":"playbook_on_task_start","job":"8718054308259173113","EventData.Name":"installer : Create Database configuration"}

--------------------------- Ansible Task StdOut -------------------------------

TASK [installer : Create Database configuration] *******************************
task path: /opt/ansible/roles/installer/tasks/database_configuration.yml:71

-------------------------------------------------------------------------------
{"level":"info","ts":"2024-03-25T20:34:48Z","logger":"logging_event_handler","msg":"[playbook task start]","name":"awx-dev","namespace":"awx","gvk":"awx.ansible.com/v1beta1, Kind=AWX","event_type":"playbook_on_task_start","job":"8718054308259173113","EventData.Name":"installer : Read Database Configuration"}
fosterseth commented 8 months ago

we expose the postgres image and version in the operator, but we still expect the image to be postgres 15 under the hood. There might be some tolerance for older postgres, but it is not supported and you'll be on your own to get that working.

You probably will want to use an external database if you are not using the official image, as there seems to be postgres-15 specific logic in the ansible installer playbooks if you are using an operator managed database.

Raptus1 commented 8 months ago

Hi Seth.

Thank you for the reply.

It is running on an external db (awx with operator in an aks cluster connected to an external Postgres as a service using the required db secrets).

The addition of the postgres 13 was more of a hope from my side that it would be a workaround to complete the postgres-pod startup and go to the next stage of the operator tasks, but that did not work.

The latest changes stops the operator from going past that stage and therefore the rest does not get created as it loops and fails om the postgres fields.

Not going through the the postgres-Pod creating tasks at all given the pointer to another host would be the best option, but I'm not sure if that is possible as of now.

Great project btw, you guys do amazing work!!

On Wed, Mar 27, 2024, 16:33 Seth Foster @.***> wrote:

we expose the postgres image and version in the operator, but we still expect the image to be postgres 15 under the hood. There might be some tolerance for older postgres, but it is not supported and you'll be on your own to get that working.

You probably will want to use an external database if you are not using the official image, as there seems to be postgres-15 specific logic in the ansible installer playbooks if you are using an operator managed database.

— Reply to this email directly, view it on GitHub https://github.com/ansible/awx-operator/issues/1793#issuecomment-2023076204, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGKKOYRSYEB23PNAQDBVUATY2LREJAVCNFSM6AAAAABFHXCBK6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMRTGA3TMMRQGQ . You are receiving this because you authored the thread.Message ID: @.***>

rooftopcellist commented 8 months ago

@Raptus1 I am a bit confused. You mentioned that you have an external database configured for you AWX instance, but I do not see a custom postgres_configuration_secret configured on the AWX custom resource spec you shared above.

If you want to use PostgreSQL 13, I would recommend using https://quay.io/repository/sclorg/postgresql-13-c8s (quay.io/sclorg/postgresql-13-c8s) and configuring it as an external database.

For a fresh installation, if you wanted to have your external (not managed by the awx-operator) pg13 instance in your k8s cluster, you could create a postgresql statful set and service using the pg13 image, then create a k8s secret containing your postgresql configuration (username, host, port, password, database, type: unmanaged) and specify the name of that secret on the AWX spec.postgres_configuration_secret.

I would recommend taking an AWXBackup before trying this out.

Raptus1 commented 7 months ago

Apologies for the misunderstanding. I have updated the spec together with the secret in OP now.

It is not the complete spec though, but I did not feel the need for sharing the full spec with limit an all. Still should have included the secret reference.

Thanks.

fosterseth commented 7 months ago

@rooftopcellist is the expectation that if secret has managed=True, that the operator will honor the postgres_image and postgres_image_version variables? Seems that is not happening for @Raptus1

Raptus1 commented 6 months ago

I have been on vacation so have not been able to follow this up, but will a potential fix (if @fosterseth is correct on the expectation) be added to a incoming tag?