Merge pull request #316 from kurokobo/awx-2.13.0

feat: bump operator version to 2.13.1

README.md

@@ -29,17 +29,17 @@ An example implementation of AWX on single node K3s using AWX Operator, with eas
 
 - Tested on:
   - CentOS Stream 8 (Minimal)
-  - K3s v1.28.6+k3s2
+  - K3s v1.28.7+k3s1
 - Products that will be deployed:
-  - AWX Operator 2.12.2
-  - AWX 23.9.0
-  - PostgreSQL 13
+  - AWX Operator 2.13.1
+  - AWX 24.0.0
+  - PostgreSQL 15
 
 ## References
 
 - [K3s - Lightweight Kubernetes](https://docs.k3s.io/)
-- [INSTALL.md on ansible/awx](https://github.com/ansible/awx/blob/23.9.0/INSTALL.md) @23.9.0
-- [README.md on ansible/awx-operator](https://github.com/ansible/awx-operator/blob/2.12.2/README.md) @2.12.2
+- [INSTALL.md on ansible/awx](https://github.com/ansible/awx/blob/24.0.0/INSTALL.md) @24.0.0
+- [README.md on ansible/awx-operator](https://github.com/ansible/awx-operator/blob/2.13.1/README.md) @2.13.1
 
 ## Requirements
 
@@ -80,13 +80,15 @@ sudo dnf install -y git curl
 Install a specific version of K3s with `--write-kubeconfig-mode 644` to make the config file (`/etc/rancher/k3s/k3s.yaml`) readable by non-root users.
 
 ```bash
-curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION=v1.28.6+k3s2 sh -s - --write-kubeconfig-mode 644
+curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION=v1.28.7+k3s1 sh -s - --write-kubeconfig-mode 644
 ```
 
 ### Install AWX Operator
 
 > [!WARNING]
-> If you are planning that creating backup of your AWX instance using AWX Operator by referring to [the backup guide](backup), AWX Operator 2.12.2 is not recommended due to [a known issue for backup](https://github.com/ansible/awx-operator/issues/1734). Use an older version of AWX Operator like [2.12.1](https://github.com/kurokobo/awx-on-k3s/tree/2.12.1) instead.
+> AWX Operator 2.13.x introduces some major changes and some issues related to these changes are reported. If you don't have any strong reason to use 2.13.x, personally I recommend to use [2.12.1](https://github.com/kurokobo/awx-on-k3s/tree/2.12.1) instead until major issues are resolved.
+>
+> If you have a plan to upgrade existing AWX Operator and AWX from 2.12.x or earlier to 2.13.x anyway, some additional tasks are required. Refer to [📝Tips: Upgrade AWX Operator and AWX](tips/upgrade-operator.md) to further information. Also do not forget creating backup before upgrading.
 
 Clone this repository and change directory.
 
@@ -96,7 +98,7 @@ If you want to use files suitable for a specific version of AWX Operator, [refer
 cd ~
 git clone https://github.com/kurokobo/awx-on-k3s.git
 cd awx-on-k3s
-git checkout 2.12.2
+git checkout 2.13.1
 ```
 
 Then invoke `kubectl apply -k operator` to deploy AWX Operator.
@@ -151,7 +153,7 @@ Modify the two `password` entries in `base/kustomization.yaml`. Note that the `p
   - name: awx-postgres-configuration
     type: Opaque
     literals:
-      - host=awx-postgres-13
+      - host=awx-postgres-15
       - port=5432
       - database=awx
       - username=awx
@@ -168,10 +170,11 @@ Modify the two `password` entries in `base/kustomization.yaml`. Note that the `p
 Prepare directories for Persistent Volumes defined in `base/pv.yaml`. These directories will be used to store your databases and project files. Note that the size of the PVs and PVCs are specified in some of the files in this repository, but since their backends are `hostPath`, its value is just like a label and there is no actual capacity limitation.
 
 ```bash
-sudo mkdir -p /data/postgres-13
+sudo mkdir -p /data/postgres-15/data
 sudo mkdir -p /data/projects
-sudo chmod 755 /data/postgres-13
+sudo chown 26:0 /data/postgres-15/data
 sudo chown 1000:0 /data/projects
+sudo chmod 700 /data/postgres-15/data
 ```
 
 ### Deploy AWX
@@ -195,53 +198,57 @@ $ kubectl -n awx logs -f deployments/awx-operator-controller-manager
 ...
 ----- Ansible Task Status Event StdOut (awx.ansible.com/v1beta1, Kind=AWX, awx/awx) -----
 PLAY RECAP *********************************************************************
-localhost                  : ok=85   changed=1    unreachable=0    failed=0    skipped=78   rescued=0    ignored=1
+localhost                  : ok=90   changed=0    unreachable=0    failed=0    skipped=81   rescued=0    ignored=1
 ```
 
 The required objects should now have been deployed next to AWX Operator in the `awx` namespace.
 
 ```bash
 $ kubectl -n awx get awx,all,ingress,secrets
 NAME                      AGE
-awx.awx.ansible.com/awx   6m15s
+awx.awx.ansible.com/awx   6m48s
 
-NAME                                                   READY   STATUS    RESTARTS   AGE
-pod/awx-operator-controller-manager-57867569c4-ggl29   2/2     Running   0          6m50s
-pod/awx-postgres-13-0                                  1/1     Running   0          5m56s
-pod/awx-task-5d8cd9b6b9-8ptjt                          4/4     Running   0          5m25s
-pod/awx-web-66f89bc9cf-6zck5                           3/3     Running   0          4m39s
+NAME                                                  READY   STATUS      RESTARTS   AGE
+pod/awx-operator-controller-manager-59b86c6fb-4zz9r   2/2     Running     0          7m22s
+pod/awx-postgres-15-0                                 1/1     Running     0          6m33s
+pod/awx-web-549f7fdbc5-htpl9                          3/3     Running     0          6m5s
+pod/awx-migration-24.0.0-kglht                        0/1     Completed   0          4m36s
+pod/awx-task-7d4fcdd449-mqkp2                         4/4     Running     0          6m4s
 
 NAME                                                      TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
-service/awx-operator-controller-manager-metrics-service   ClusterIP   10.43.18.30     <none>        8443/TCP   7m
-service/awx-postgres-13                                   ClusterIP   None            <none>        5432/TCP   5m55s
-service/awx-service                                       ClusterIP   10.43.237.218   <none>        80/TCP     5m28s
+service/awx-operator-controller-manager-metrics-service   ClusterIP   10.43.58.194    <none>        8443/TCP   7m33s
+service/awx-postgres-15                                   ClusterIP   None            <none>        5432/TCP   6m33s
+service/awx-service                                       ClusterIP   10.43.180.226   <none>        80/TCP     6m7s
 
 NAME                                              READY   UP-TO-DATE   AVAILABLE   AGE
-deployment.apps/awx-operator-controller-manager   1/1     1            1           7m
-deployment.apps/awx-task                          1/1     1            1           5m25s
-deployment.apps/awx-web                           1/1     1            1           4m39s
+deployment.apps/awx-operator-controller-manager   1/1     1            1           7m33s
+deployment.apps/awx-web                           1/1     1            1           6m5s
+deployment.apps/awx-task                          1/1     1            1           6m4s
 
-NAME                                                         DESIRED   CURRENT   READY   AGE
-replicaset.apps/awx-operator-controller-manager-57867569c4   1         1         1       6m50s
-replicaset.apps/awx-task-5d8cd9b6b9                          1         1         1       5m25s
-replicaset.apps/awx-web-66f89bc9cf                           1         1         1       4m39s
+NAME                                                        DESIRED   CURRENT   READY   AGE
+replicaset.apps/awx-operator-controller-manager-59b86c6fb   1         1         1       7m22s
+replicaset.apps/awx-web-549f7fdbc5                          1         1         1       6m5s
+replicaset.apps/awx-task-7d4fcdd449                         1         1         1       6m4s
 
 NAME                               READY   AGE
-statefulset.apps/awx-postgres-13   1/1     5m56s
+statefulset.apps/awx-postgres-15   1/1     6m33s
+
+NAME                             COMPLETIONS   DURATION   AGE
+job.batch/awx-migration-24.0.0   1/1           2m4s       4m36s
 
 NAME                                    CLASS     HOSTS             ADDRESS         PORTS     AGE
-ingress.networking.k8s.io/awx-ingress   traefik   awx.example.com   192.168.0.219   80, 443   5m27s
+ingress.networking.k8s.io/awx-ingress   traefik   awx.example.com   192.168.0.219   80, 443   6m6s
 
 NAME                                  TYPE                DATA   AGE
-secret/redhat-operators-pull-secret   Opaque              1      7m11s
-secret/awx-admin-password             Opaque              1      6m15s
-secret/awx-postgres-configuration     Opaque              6      6m15s
-secret/awx-secret-tls                 kubernetes.io/tls   2      6m15s
-secret/awx-app-credentials            Opaque              3      5m30s
-secret/awx-secret-key                 Opaque              1      6m6s
-secret/awx-broadcast-websocket        Opaque              1      6m2s
-secret/awx-receptor-ca                kubernetes.io/tls   2      5m37s
-secret/awx-receptor-work-signing      Opaque              2      5m33s
+secret/redhat-operators-pull-secret   Opaque              1      7m33s
+secret/awx-admin-password             Opaque              1      6m48s
+secret/awx-postgres-configuration     Opaque              6      6m48s
+secret/awx-secret-tls                 kubernetes.io/tls   2      6m48s
+secret/awx-app-credentials            Opaque              3      6m9s
+secret/awx-secret-key                 Opaque              1      6m41s
+secret/awx-broadcast-websocket        Opaque              1      6m38s
+secret/awx-receptor-ca                kubernetes.io/tls   2      6m14s
+secret/awx-receptor-work-signing      Opaque              2      6m12s
 ```
 
 Now your AWX is available at `https://awx.example.com/` or the hostname you specified.

acme/README.md

@@ -42,7 +42,7 @@ This guide does not provide any information how to configure Azure, other DNS se
 Deploy cert-manager first.
 
 ```bash
-kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.14.3/cert-manager.yaml
+kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.14.4/cert-manager.yaml
 ```
 
 Ensure the pods in `cert-manager` namespace are running.

backup/README.md

@@ -7,9 +7,6 @@ This guide is specifically designed to use with the AWX which deployed using [th
 
 You can also refer [the official instructions](https://github.com/ansible/awx-operator/tree/devel/roles/backup) for more information.
 
-> [!WARNING]
-> AWX Operator 2.12.2 can not create any backup due to [a known issue](https://github.com/ansible/awx-operator/issues/1734).
-
 <!-- omit in toc -->
 ## Table of Contents
 
@@ -26,6 +23,8 @@ Prepare directories for Persistent Volumes to store backup files that defined in
 
 ```bash
 sudo mkdir -p /data/backup
+sudo chown 26:0 /data/backup
+sudo chmod 700 /data/backup
 ```
 
 Then deploy Persistent Volume and Persistent Volume Claim.
@@ -78,15 +77,15 @@ awxbackup-2021-06-06   6m47s
 ```
 
 ```bash
-$ ls -l /data/backup/
+$ sudo ls -l /data/backup/
 total 0
-drwxr-xr-x. 2 root root 59 Jun  5 06:51 tower-openshift-backup-2021-06-06-105149
+drwxr-xr-x. 2 26 26 59 Jun  5 06:51 tower-openshift-backup-2021-06-06-105149
 
-$ ls -l /data/backup/tower-openshift-backup-2021-06-06-105149/
+$ sudo ls -l /data/backup/tower-openshift-backup-2021-06-06-105149/
 total 736
--rw-------. 1 1001 root   1093 Jun  6 06:51 awx_object
--rw-------. 1 1001 root  17085 Jun  6 06:51 secrets.yml
--rw-rw----. 1 root root 833184 Jun  6 06:51 tower.db
+-rw-------. 1 26 26   1093 Jun  6 06:51 awx_object
+-rw-------. 1 26 26  17085 Jun  6 06:51 secrets.yml
+-rw-r--r--. 1 26 26 833184 Jun  6 06:51 tower.db
 ```
 
 ## Appendix: Back up AWX using Ansible

backup/ansible/README.md

@@ -32,7 +32,7 @@ An example simple playbook for Ansible is also provided in this repository. This
 | - | - | - |
 | `awxbackup_namespace` | The name of the NameSpace where the `AWXBackup` resource will be created. | `awx` |
 | `awxbackup_name` | The name of the `AWXBackup` resource. Dynamically generated using execution time by default. | `awxbackup-{{ lookup('pipe', 'date +%Y-%m-%d-%H-%M-%S') }}` |
-| `awxbackup_spec` | The `spec` of the `AWXBackup` resource. Refer [official documentation](https://github.com/ansible/awx-operator/tree/2.12.2/roles/backup) for acceptable fields. | `deployment_name: awx`<br>`backup_pvc: awx-backup-claim`<br>`clean_backup_on_delete: true` |
+| `awxbackup_spec` | The `spec` of the `AWXBackup` resource. Refer [official documentation](https://github.com/ansible/awx-operator/tree/2.13.1/roles/backup) for acceptable fields. | `deployment_name: awx`<br>`backup_pvc: awx-backup-claim`<br>`clean_backup_on_delete: true` |
 | `awxbackup_timeout` | Time to wait for backup to complete, in seconds. If exceeded, the playbook will fail. | `600` |
 | `awxbackup_keep_days` | Number of days to keep `AWXBackup` resources. `AWXBackup` resources older than this value will be deleted by this playbook. Set `0` to keep forever. | `30` |
 

base/kustomization.yaml

@@ -16,7 +16,7 @@ secretGenerator:
   - name: awx-postgres-configuration
     type: Opaque
     literals:
-      - host=awx-postgres-13
+      - host=awx-postgres-15
       - port=5432
       - database=awx
       - username=awx

base/pv.yaml

@@ -2,7 +2,7 @@
 apiVersion: v1
 kind: PersistentVolume
 metadata:
-  name: awx-postgres-13-volume
+  name: awx-postgres-15-volume
 spec:
   accessModes:
     - ReadWriteOnce
@@ -11,7 +11,7 @@ spec:
     storage: 8Gi
   storageClassName: awx-postgres-volume
   hostPath:
-    path: /data/postgres-13
+    path: /data/postgres-15
 
 ---
 apiVersion: v1

containergroup/README.md

@@ -35,8 +35,8 @@ Prepare directories for Persistent Volumes defined in `containergroup/case1/pv.y
 
 ```bash
 sudo mkdir -p /data/work
-sudo chmod 755 /data/work
 sudo chown 1000:0 /data/work
+sudo chmod 700 /data/work
 ```
 
 Create PV and PVC.
@@ -188,8 +188,8 @@ Prepare directories for Persistent Volumes defined in `containergroup/case2/pv.y
 
 ```bash
 sudo mkdir -p /data/demo
-sudo chmod 755 /data/demo
 sudo chown 1000:0 /data/demo
+sudo chmod 700 /data/demo
 ```
 
 Create Namespace, PV, and PVC.

galaxy/README.md

@@ -123,8 +123,8 @@ Prepare directories for Persistent Volumes defined in `galaxy/galaxy/pv.yaml`.
 sudo mkdir -p /data/galaxy/postgres-13
 sudo mkdir -p /data/galaxy/redis
 sudo mkdir -p /data/galaxy/file
-sudo chmod 755 /data/galaxy/postgres-13
 sudo chown 1000:0 /data/galaxy/file
+sudo chmod 700 /data/galaxy/postgres-13
 ```
 
 ### Deploy Galaxy NG

operator/kustomization.yaml

@@ -12,8 +12,8 @@ secretGenerator:
       - operator=awx
 
 resources:
-  - github.com/ansible/awx-operator/config/default?ref=2.12.2
+  - github.com/ansible/awx-operator/config/default?ref=2.13.1
 
 images:
   - name: quay.io/ansible/awx-operator
-    newTag: 2.12.2
+    newTag: 2.13.1

restore/README.md

@@ -29,20 +29,21 @@ If your AWX instance is running, it is recommended that it be deleted along with
 ```bash
 # Delete AWX resource, PVC, and PV
 kubectl -n awx delete awx awx
-kubectl -n awx delete pvc postgres-13-awx-postgres-13-0
-kubectl delete pv awx-postgres-13-volume
+kubectl -n awx delete pvc postgres-15-awx-postgres-15-0
+kubectl delete pv awx-postgres-15-volume
 
 # Delete any data in the PV
-sudo rm -rf /data/postgres-13
+sudo rm -rf /data/postgres-15
 ```
 
 Then prepare directories for your PVs. `/data/projects` is required if you are restoring the entire AWX to a new environment.
 
 ```bash
-sudo mkdir -p /data/postgres-13
+sudo mkdir -p /data/postgres-15/data
 sudo mkdir -p /data/projects
-sudo chmod 755 /data/postgres-13
+sudo chown 26:0 /data/postgres-15/data
 sudo chown 1000:0 /data/projects
+sudo chmod 700 /data/postgres-15/data
 ```
 
 Then deploy PV and PVC. It is recommended that making the size of PVs and PVCs same as the PVs which your AWX used when the backup was taken.
@@ -102,7 +103,7 @@ $ kubectl -n awx logs -f deployments/awx-operator-controller-manager
 ...
 ----- Ansible Task Status Event StdOut (awx.ansible.com/v1beta1, Kind=AWX, awx/awx) -----
 PLAY RECAP *********************************************************************
-localhost                  : ok=87   changed=1    unreachable=0    failed=0    skipped=76   rescued=0    ignored=1
+localhost                  : ok=92   changed=0    unreachable=0    failed=0    skipped=79   rescued=0    ignored=1
 ```
 
 This will create AWXRestore object in the namespace, and now your AWX is restored.

restore/pv.yaml

@@ -2,7 +2,7 @@
 apiVersion: v1
 kind: PersistentVolume
 metadata:
-  name: awx-postgres-13-volume
+  name: awx-postgres-15-volume
 spec:
   accessModes:
     - ReadWriteOnce
@@ -11,7 +11,7 @@ spec:
     storage: 8Gi
   storageClassName: awx-postgres-volume
   hostPath:
-    path: /data/postgres-13
+    path: /data/postgres-15
 
 ---
 apiVersion: v1

rulebooks/README.md

@@ -117,8 +117,8 @@ Prepare directories for Persistent Volumes defined in `base/pv.yaml`. This direc
 
 ```bash
 sudo mkdir -p /data/eda/postgres-13/data
-sudo chmod 755 /data/eda/postgres-13/data
 sudo chown 26:0 /data/eda/postgres-13/data
+sudo chmod 700 /data/eda/postgres-13/data
 ```
 
 ### Deploy EDA Server

runner/README.md

@@ -10,7 +10,7 @@ This repository includes ready-to-use files as an example to run Ansible Runner.
 - CentOS Stream 8 (Minimal)
 - Python 3.9
 - Docker 20.10.17
-- Ansible Runner 2.3.5
+- Ansible Runner 2.3.6
 
 ## Install
 

tips/alternative-methods.md

@@ -245,7 +245,7 @@ $ kubectl delete -k base
 secret "awx-admin-password" deleted
 secret "awx-postgres-configuration" deleted
 secret "awx-secret-tls" deleted
-persistentvolume "awx-postgres-13-volume" deleted
+persistentvolume "awx-postgres-15-volume" deleted
 persistentvolume "awx-projects-volume" deleted
 persistentvolumeclaim "awx-projects-claim" deleted
 

tips/enable-hsts.md

@@ -87,7 +87,7 @@ namespace/awx unchanged
 secret/awx-admin-password unchanged
 secret/awx-postgres-configuration unchanged
 secret/awx-secret-tls configured
-persistentvolume/awx-postgres-13-volume unchanged
+persistentvolume/awx-postgres-15-volume unchanged
 persistentvolume/awx-projects-volume unchanged
 persistentvolumeclaim/awx-projects-claim unchanged
 awx.awx.ansible.com/awx configured     👈👈👈