Issue #738: AWX Version Upgrade

Signed-off-by: Lakshmi-Patneedi <Lakshmi_Patneedi@Dellteam.com>

control_plane/control_plane.yml

@@ -13,7 +13,7 @@
 #  limitations under the License.
 ---
 
-- name: Executing omnia roles
+- name: Executing control_plane roles
   hosts: localhost
   connection: local
   roles:
@@ -28,4 +28,5 @@
     - control_plane_customiso
     - control_plane_repo
     - control_plane_security
+    - control_plane_monitoring
     - deploy_job_templates

control_plane/roles/control_plane_customiso/tasks/check_prerequisites.yml

@@ -13,9 +13,17 @@
 # limitations under the License.
 ---
 
+- name: Include control_plane_common vars
+  include_vars: ../../control_plane_common/vars/main.yml
+  tags: install
+
+- name: Include provision_cobbler vars
+  include_vars: ../../provision_cobbler/vars/main.yml
+  tags: install
+
 - name: Install xorriso package - rocky
   package:
-    name: xorriso
+    name: "{{ iso_package }}"
     state: present
   tags: install
   when:
@@ -24,7 +32,7 @@
 
 - name: Install xorriso package - leap
   zypper:
-    name: xorriso
+    name: "{{ iso_package }}"
     state: present
   tags: install
   when: os_supported_leap in ansible_distribution | lower
@@ -33,9 +41,7 @@
   command: ansible-galaxy collection install {{ item }}
   changed_when: true
   tags: install
-  with_items:
-   - community.general
-   - dellemc.openmanage
+  with_items: "{{ idrac_collections }}"
 
 - name: Install omsdk using pip
   pip:
@@ -49,10 +55,23 @@
   register: check_mount_iso
   tags: install
 
+- name: Include provision_cobbler vars
+  include_tasks: ../../provision_cobbler/tasks/mount_iso.yml
+  when: not check_mount_iso.stat.exists
+
+- name: Recheck iso mount folder
+  stat:
+    path: "{{ iso_mount_path }}{{ grub_cfg_path }}"
+  register: recheck_mount_iso
+  when: not check_mount_iso.stat.exists
+  tags: install
+
 - name: Incorrect iso mount
   fail:
     msg: "{{ iso_mount_check_fail_msg }}"
-  when: not check_mount_iso.stat.exists
+  when:
+    - not check_mount_iso.stat.exists
+    - not recheck_mount_iso.stat.exists
   register: iso_mount_fail
   tags: install
 

control_plane/roles/control_plane_customiso/tasks/create_unattended_iso.yml

@@ -1,86 +0,0 @@
-#  Copyright 2022 Dell Inc. or its subsidiaries. All Rights Reserved.
-#
-#  Licensed under the Apache License, Version 2.0 (the "License");
-#  you may not use this file except in compliance with the License.
-#  You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS,
-#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#  See the License for the specific language governing permissions and
-#  limitations under the License.
----
-
-- name: ISO creation - centos
-  block:
-    - name: Create custom ISO
-      command: >-
-        xorriso -as mkisofs -o {{ nfs_share_offline_repo }}/{{ centos_iso_filename }} -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-load-size 4
-        -boot-info-table -eltorito-alt-boot -e images/efiboot.img -no-emul-boot -J -R -V "CentOS 7 x86_64"  {{ tmp_iso_dir }}
-      changed_when: true
-      register: centos_iso_status
-      tags: install
-      args:
-        chdir: "{{ tmp_iso_dir }}"
-
-    - name: Custom ISO creation status check
-      assert:
-        that:
-          - custom_iso_success_keyword1 in centos_iso_status.stderr
-          - custom_iso_success_keyword2 in centos_iso_status.stderr
-        success_msg: "{{ custom_iso_success_msg }}"
-        fail_msg: "{{ custom_iso_fail_msg }}"
-      tags: install
-  when: provision_os == os_supported_centos
-
-- name: ISO creation - rocky
-  block:
-    - name: Create custom ISO
-      command: >-
-        xorriso -as mkisofs -o {{ nfs_share_offline_repo }}/{{ rocky_iso_filename }} -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-load-size 4
-        -boot-info-table -eltorito-alt-boot -e images/efiboot.img -no-emul-boot -J -R -V "Rocky-8-4-x86_64-dvd"  {{ tmp_iso_dir }}
-      changed_when: true
-      register: rocky_iso_status
-      tags: install
-      args:
-        chdir: "{{ tmp_iso_dir }}"
-
-    - name: Custom ISO creation status check
-      assert:
-        that:
-          - custom_iso_success_keyword1 in rocky_iso_status.stderr
-          - custom_iso_success_keyword2 in rocky_iso_status.stderr
-        success_msg: "{{ custom_iso_success_msg }}"
-        fail_msg: "{{ custom_iso_fail_msg }}"
-      tags: install
-  when: provision_os == os_supported_rocky
-
-- name: ISO creation - leap
-  block:
-    - name: Create custom ISO
-      command: >-
-        xorriso -as mkisofs -no-emul-boot -boot-load-size 4 -boot-info-table -iso-level 4 -b boot/x86_64/loader/isolinux.bin 
-        -c boot/x86_64/loader/boot.cat -eltorito-alt-boot -e boot/x86_64/efi -no-emul-boot -o {{ nfs_share_offline_repo }}/{{ leap_iso_filename }} {{ tmp_iso_dir }}
-      changed_when: true
-      register: leap_iso_status
-      tags: install
-      args:
-        chdir: "{{ tmp_iso_dir }}"
-
-    - name: Custom ISO creation status check
-      assert:
-        that:
-          - custom_iso_success_keyword1 in leap_iso_status.stderr
-          - custom_iso_success_keyword2 in leap_iso_status.stderr
-        success_msg: "{{ custom_iso_success_msg }}"
-        fail_msg: "{{ custom_iso_fail_msg }}"
-      tags: install
-  when: provision_os == os_supported_leap
-
-- name: Remove the kickstart file
-  file:
-    path: "{{ role_path }}/files/{{ idrac_kickstart_file }}"
-    state: absent
-  tags: install

control_plane/roles/control_plane_customiso/tasks/create_unattended_iso_centos.yml

@@ -0,0 +1,39 @@
+#  Copyright 2022 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Create custom ISO centos
+  command: >-
+    xorriso -as mkisofs -o {{ nfs_share_offline_repo }}/{{ centos_iso_filename }} -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-load-size 4
+    -boot-info-table -eltorito-alt-boot -e images/efiboot.img -no-emul-boot -J -R -V "CentOS 7 x86_64"  {{ tmp_iso_dir }}
+  changed_when: true
+  register: centos_iso_status
+  tags: install
+  args:
+    chdir: "{{ tmp_iso_dir }}"
+
+- name: Custom ISO creation status check centos
+  assert:
+    that:
+      - custom_iso_success_keyword1 in centos_iso_status.stderr
+      - custom_iso_success_keyword2 in centos_iso_status.stderr
+    success_msg: "{{ custom_iso_success_msg }}"
+    fail_msg: "{{ custom_iso_fail_msg }}"
+  tags: install
+
+- name: Remove the kickstart file
+  file:
+    path: "{{ role_path }}/files/{{ idrac_kickstart_file }}"
+    state: absent
+  tags: install

control_plane/roles/control_plane_customiso/tasks/create_unattended_iso_leap.yml

@@ -0,0 +1,39 @@
+#  Copyright 2022 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Create custom ISO leap
+  command: >-
+    xorriso -as mkisofs -no-emul-boot -boot-load-size 4 -boot-info-table -iso-level 4 -b boot/x86_64/loader/isolinux.bin 
+    -c boot/x86_64/loader/boot.cat -eltorito-alt-boot -e boot/x86_64/efi -no-emul-boot -o {{ nfs_share_offline_repo }}/{{ leap_iso_filename }} {{ tmp_iso_dir }}
+  changed_when: true
+  register: leap_iso_status
+  tags: install
+  args:
+    chdir: "{{ tmp_iso_dir }}"
+
+- name: Custom ISO creation status check leap
+  assert:
+    that:
+      - custom_iso_success_keyword1 in leap_iso_status.stderr
+      - custom_iso_success_keyword2 in leap_iso_status.stderr
+    success_msg: "{{ custom_iso_success_msg }}"
+    fail_msg: "{{ custom_iso_fail_msg }}"
+  tags: install
+  
+- name: Remove the kickstart file
+  file:
+    path: "{{ role_path }}/files/{{ idrac_kickstart_file }}"
+    state: absent
+  tags: install

control_plane/roles/control_plane_customiso/tasks/create_unattended_iso_rocky.yml

@@ -0,0 +1,44 @@
+#  Copyright 2022 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Fetch rocky profile name
+  shell: set -o pipefail && grep 'Rocky-8' {{ tmp_iso_dir }}{{ grub_cfg_path }} | head -1
+  register: rocky_profile_name
+  changed_when: false
+
+- name: Create custom ISO rocky
+  command: >-
+    xorriso -as mkisofs -o {{ nfs_share_offline_repo }}/{{ rocky_iso_filename }} -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-load-size 4
+    -boot-info-table -eltorito-alt-boot -e images/efiboot.img -no-emul-boot -J -R -V {{ rocky_profile_name.stdout.split(' ')[4] | replace("'","") }}  {{ tmp_iso_dir }}
+  changed_when: true
+  register: rocky_iso_status
+  tags: install
+  args:
+    chdir: "{{ tmp_iso_dir }}"
+
+- name: Custom ISO creation status check rocky
+  assert:
+    that:
+      - custom_iso_success_keyword1 in rocky_iso_status.stderr
+      - custom_iso_success_keyword2 in rocky_iso_status.stderr
+    success_msg: "{{ custom_iso_success_msg }}"
+    fail_msg: "{{ custom_iso_fail_msg }}"
+  tags: install
+
+- name: Remove the kickstart file
+  file:
+    path: "{{ role_path }}/files/{{ idrac_kickstart_file }}"
+    state: absent
+  tags: install

control_plane/roles/control_plane_customiso/tasks/edit_iso_config.yml

@@ -13,14 +13,6 @@
 #  limitations under the License.
 ---
 
-- name: Include control_plane_common vars
-  include_vars: ../../control_plane_common/vars/main.yml
-  tags: install
-
-- name: Include provision_cobbler vars
-  include_vars: ../../provision_cobbler/vars/main.yml
-  tags: install
-
 - name: Random phrase generation
   command: openssl rand -base64 12
   changed_when: false
@@ -49,8 +41,10 @@
     warn: false
   tags: install
 
-- block:
-    - block:
+- name: Kickstart file changes rocky and centos
+  block:
+    - name: Kickstart file changes centos
+      block:
         - name: Set centos kickstart file name
           set_fact:
             idrac_kickstart_file: "{{ idrac_centos_ks }}"
@@ -78,7 +72,8 @@
           with_items: "{{ centos_host_nic }}"
       when: provision_os == os_supported_centos
 
-    - block:
+    - name: Kickstart file changes rocky
+      block:
         - name: Set rocky kickstart file name
           set_fact:
             idrac_kickstart_file: "{{ idrac_rocky_ks }}"
@@ -165,7 +160,8 @@
     - provision_os == os_supported_rocky or
       provision_os == os_supported_centos
 
-- block:
+- name: Kickstart file changes leap
+  block:
     - name: Set leap kickstart file name
       set_fact:
         idrac_kickstart_file: "{{ idrac_leap_ks }}"

control_plane/roles/control_plane_customiso/tasks/main.yml

@@ -21,5 +21,14 @@
 - name: Edit iso config files
   include_tasks: edit_iso_config.yml
 
-- name: Create unattended iso file
-  include_tasks: create_unattended_iso.yml
+- name: Create unattended iso file rocky
+  include_tasks: create_unattended_iso_rocky.yml
+  when: provision_os == os_supported_rocky
+
+- name: Create unattended iso file leap
+  include_tasks: create_unattended_iso_leap.yml
+  when: provision_os == os_supported_leap
+
+- name: Create unattended iso file centos
+  include_tasks: create_unattended_iso_centos.yml
+  when: provision_os == os_supported_centos

control_plane/roles/control_plane_customiso/vars/main.yml

@@ -15,12 +15,16 @@
 
 # vars file for control_plane_customiso
 
-#Usage: check_prerequisites.yml
-iso_mount_path: /mnt/iso/
-iso_mount_check_fail_msg: "ISO file not mounted. Ensure /mnt/iso path is mounted with {{ provision_os }} ISO file."
+# Usage: check_prerequisites.yml
+iso_mount_path: /mnt/{{ provision_os }}/
+iso_mount_check_fail_msg: "ISO file not mounted successfully. Ensure /mnt/{{ provision_os }} path is mounted with {{ provision_os }} ISO file."
 management_station_ip_file: "management_station_ip.txt"
+idrac_collections:
+  - community.general
+  - dellemc.openmanage
+iso_package: xorriso
 
-#Usage: edit_iso_config.yml
+# Usage: edit_iso_config.yml
 tmp_iso_dir: /tmp/{{ provision_os }}/
 idrac_centos_ks: centos7.cfg
 idrac_rocky_ks: rocky8.cfg
@@ -29,11 +33,15 @@ file_permission: 0744
 isolinux_cfg_path: isolinux/isolinux.cfg
 grub_cfg_path: EFI/BOOT/grub.cfg
 
-#Usage: create_unattended_iso.yml
-centos_iso_filename: unattended_centos7.iso
+# Usage: create_unattended_iso_rocky.yml
 rocky_iso_filename: unattended_rocky8.iso
-leap_iso_filename: unattended_leap15.iso
 custom_iso_success_msg: "Unattended ISO file created successfully"
-custom_iso_fail_msg: "Unattended ISO file creation failed. Ensure /mnt/iso path is mounted with valid centos minimal ISO file."
+custom_iso_fail_msg: "Unattended ISO file creation failed. Ensure /mnt/{{ provision_os }} path is mounted with valid {{ provision_os }} ISO file."
 custom_iso_success_keyword1: "ISO image produced:"
 custom_iso_success_keyword2: "completed successfully"
+
+# Usage: create_unattended_iso_leap.yml
+leap_iso_filename: unattended_leap15.iso
+
+# Usage: create_unattended_iso_centos.yml
+centos_iso_filename: unattended_centos7.iso

control_plane/roles/webui_awx/files/awx.yml

@@ -5,33 +5,32 @@ metadata:
   name: awx
   namespace: awx
 spec:
+  service_type: nodeport
   deployment_type: awx
 
   #tower_hostname:
   #tower_secret_key_secret:
-
   #tower_extra_volumes:
-
   #tower_admin_user: admin
   #tower_admin_email:
   #tower_admin_password_secret:
 
-  tower_ingress_type: Ingress
+  ingress_type: Ingress
   #tower_ingress_type:
   #tower_loadbalancer_protocol:
   #tower_loadbalancer_port:
-
   #tower_image_pull_secret:
 
-  tower_postgres_storage_class: nfs-client
+  postgres_storage_class: nfs-client
+
+  projects_persistence: true
+  projects_use_existing_claim: "_Yes_"
 
-  tower_projects_persistence: true
-  tower_projects_use_existing_claim: "_Yes_"
-  tower_projects_existing_claim: awx-pv-claim
-  tower_projects_storage_class: manual
-  tower_projects_storage_size: 10Gi
-  tower_projects_storage_access_mode: RWO
+  projects_storage_class: manual
+  projects_storage_size: 10Gi
+  projects_storage_access_mode: RWO
+  projects_existing_claim: awx-pv-claim
 
-  tower_ee_images:
+  ee_images:
     - name: custom-awx-ee
       image: localhost/custom-awx-ee

control_plane/roles/webui_awx/files/awx_ee.yml

@@ -1,4 +1,4 @@
-FROM quay.io/ansible/awx-ee:0.2.0
+FROM quay.io/ansible/awx-ee:0.6.0
 
 USER root
 
@@ -15,6 +15,6 @@ RUN ansible-galaxy collection install -r /tmp/requirements.yml --collections-pat
 
 # add certificates
 RUN update-ca-trust force-enable
-RUN chmod -R 0777 /usr/share/ansible/collections 
+RUN chmod -R 0777 /usr/share/ansible/collections
 
 USER 1000

control_plane/roles/webui_awx/files/awx_operator.yml

@@ -1,531 +0,0 @@
-# This file is generated by Ansible. Changes will be lost.
-# Update templates under ansible/templates/
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: awxs.awx.ansible.com
-  namespace: awx
-spec:
-  group: awx.ansible.com
-  names:
-    kind: AWX
-    listKind: AWXList
-    plural: awxs
-    singular: awx
-  scope: Namespaced
-  versions:
-    - name: v1beta1
-      served: true
-      storage: true
-      subresources:
-        status: {}
-      schema:
-        openAPIV3Schema:
-          description: Schema validation for the AWX CRD
-          properties:
-            spec:
-              properties:
-                deployment_type:
-                  description: Name of the deployment type
-                  type: string
-                  default: awx
-                kind:
-                  description: Kind of the deployment type
-                  type: string
-                  default: AWX
-                api_version:
-                  description: apiVersion of the deployment type
-                  type: string
-                  default: awx.ansible.com/v1beta1
-                tower_task_privileged:
-                  description: If a privileged security context should be enabled
-                  type: boolean
-                  default: false
-                tower_admin_user:
-                  description: Username to use for the admin account
-                  type: string
-                  default: admin
-                tower_hostname:
-                  description: The hostname of the instance
-                  type: string
-                tower_admin_email:
-                  description: The admin user email
-                  type: string
-                tower_admin_password_secret:
-                  description: Secret where the admin password can be found
-                  type: string
-                tower_postgres_configuration_secret:
-                  description: Secret where the database configuration can be found
-                  type: string
-                tower_old_postgres_configuration_secret:
-                  description: Secret where the old database configuration can be found for data migration
-                  type: string
-                tower_secret_key_secret:
-                  description: Secret where the secret key can be found
-                  type: string
-                tower_broadcast_websocket_secret:
-                  description: Secret where the broadcast websocket secret can be found
-                  type: string
-                tower_extra_volumes:
-                  description: Specify extra volumes to add to the application pod
-                  type: string
-                tower_ingress_type:
-                  description: The ingress type to use to reach the deployed instance
-                  type: string
-                  enum:
-                    - none
-                    - Ingress
-                    - ingress
-                    - Route
-                    - route
-                    - LoadBalancer
-                    - loadbalancer
-                    - NodePort
-                    - nodeport
-                tower_ingress_annotations:
-                  description: Annotations to add to the ingress
-                  type: string
-                tower_ingress_tls_secret:
-                  description: Secret where the ingress TLS secret can be found
-                  type: string
-                tower_loadbalancer_annotations:
-                  description: Annotations to add to the loadbalancer
-                  type: string
-                tower_loadbalancer_protocol:
-                  description: Protocol to use for the loadbalancer
-                  type: string
-                  default: http
-                  enum:
-                    - http
-                    - https
-                tower_loadbalancer_port:
-                  description: Port to use for the loadbalancer
-                  type: integer
-                  default: 80
-                tower_route_host:
-                  description: The DNS to use to points to the instance
-                  type: string
-                tower_route_tls_termination_mechanism:
-                  description: The secure TLS termination mechanism to use
-                  type: string
-                  default: Edge
-                  enum:
-                    - Edge
-                    - edge
-                    - Passthrough
-                    - passthrough
-                tower_route_tls_secret:
-                  description: Secret where the TLS related credentials are stored
-                  type: string
-                tower_node_selector:
-                  description: nodeSelector for the AWX pods
-                  type: string
-                tower_tolerations:
-                  description: node tolerations for the AWX pods
-                  type: string
-                tower_image:
-                  description: Registry path to the application container to use
-                  type: string
-                tower_image_version:
-                  description: Application container image version to use
-                  type: string
-                tower_ee_images:
-                  description: Registry path to the Execution Environment container to use
-                  type: array
-                  items:
-                    type: object
-                    properties:
-                      name:
-                        type: string
-                      image:
-                        type: string
-                tower_image_pull_policy:
-                  description: The image pull policy
-                  type: string
-                  default: IfNotPresent
-                  enum:
-                    - Always
-                    - always
-                    - Never
-                    - never
-                    - IfNotPresent
-                    - ifnotpresent
-                tower_image_pull_secret:
-                  description: The image pull secret
-                  type: string
-                tower_task_resource_requirements:
-                  description: Resource requirements for the task container
-                  properties:
-                    requests:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                        storage:
-                          type: string
-                      type: object
-                    limits:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                        storage:
-                          type: string
-                      type: object
-                  type: object
-                tower_web_resource_requirements:
-                  description: Resource requirements for the web container
-                  properties:
-                    requests:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                        storage:
-                          type: string
-                      type: object
-                    limits:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                        storage:
-                          type: string
-                      type: object
-                  type: object
-                tower_replicas:
-                  description: Number of instance replicas
-                  type: integer
-                  default: 1
-                  format: int32
-                tower_garbage_collect_secrets:
-                  description: Whether or not to remove secrets upon instance removal
-                  default: false
-                  type: boolean
-                tower_create_preload_data:
-                  description: Whether or not to preload data upon Tower instance creation
-                  default: true
-                  type: boolean
-                tower_task_args:
-                  type: array
-                  items:
-                    type: string
-                tower_task_command:
-                  type: array
-                  items:
-                    type: string
-                tower_web_args:
-                  type: array
-                  items:
-                    type: string
-                tower_web_command:
-                  type: array
-                  items:
-                    type: string
-                tower_task_extra_env:
-                  type: string
-                tower_web_extra_env:
-                  type: string
-                tower_ee_extra_volume_mounts:
-                  description: Specify volume mounts to be added to Execution container
-                  type: string
-                tower_task_extra_volume_mounts:
-                  description: Specify volume mounts to be added to Task container
-                  type: string
-                tower_web_extra_volume_mounts:
-                  description: Specify volume mounts to be added to the Web container
-                  type: string
-                tower_redis_image:
-                  description: Registry path to the redis container to use
-                  type: string
-                tower_redis_image_version:
-                  description: Redis container image version to use
-                  type: string
-                tower_postgres_image:
-                  description: Registry path to the PostgreSQL container to use
-                  type: string
-                tower_postgres_image_version:
-                  description: PostgreSQL container image version to use
-                  type: string
-                tower_postgres_selector:
-                  description: nodeSelector for the Postgres pods
-                  type: string
-                tower_postgres_tolerations:
-                  description: node tolerations for the Postgres pods
-                  type: string
-                tower_postgres_storage_requirements:
-                  description: Storage requirements for the PostgreSQL container
-                  properties:
-                    requests:
-                      properties:
-                        storage:
-                          type: string
-                      type: object
-                    limits:
-                      properties:
-                        storage:
-                          type: string
-                      type: object
-                  type: object
-                tower_postgres_resource_requirements:
-                  description: Resource requirements for the PostgreSQL container
-                  properties:
-                    requests:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                      type: object
-                    limits:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                      type: object
-                  type: object
-                tower_postgres_storage_class:
-                  description: Storage class to use for the PostgreSQL PVC
-                  type: string
-                tower_postgres_data_path:
-                  description: Path where the PostgreSQL data are located
-                  type: string
-                ca_trust_bundle:
-                  description: Path where the trusted CA bundle is available
-                  type: string
-                development_mode:
-                  description: If the deployment should be done in development mode
-                  type: boolean
-                ldap_cacert_secret:
-                  description: Secret where can be found the LDAP trusted Certificate Authority Bundle
-                  type: string
-                tower_projects_persistence:
-                  description: Whether or not the /var/lib/projects directory will be persistent
-                  default: false
-                  type: boolean
-                tower_projects_use_existing_claim:
-                  description: Using existing PersistentVolumeClaim
-                  type: string
-                  enum:
-                    - _Yes_
-                    - _No_
-                tower_projects_existing_claim:
-                  description: PersistentVolumeClaim to mount /var/lib/projects directory
-                  type: string
-                tower_projects_storage_class:
-                  description: Storage class for the /var/lib/projects PersistentVolumeClaim
-                  type: string
-                tower_projects_storage_size:
-                  description: Size for the /var/lib/projects PersistentVolumeClaim
-                  default: 8Gi
-                  type: string
-                tower_projects_storage_access_mode:
-                  description: AccessMode for the /var/lib/projects PersistentVolumeClaim
-                  default: ReadWriteMany
-                  type: string
-                extra_settings:
-                  description: Extra settings to specify for the API
-                  items:
-                    properties:
-                      setting:
-                        type: string
-                      value:
-                        type: string
-                    type: object
-                  type: array
-              type: object
-            status:
-              properties:
-                towerURL:
-                  description: URL to access the deployed instance
-                  type: string
-                towerAdminUser:
-                  description: Admin user of the deployed instance
-                  type: string
-                towerAdminPasswordSecret:
-                  description: Admin password of the deployed instance
-                  type: string
-                towerMigratedFromSecret:
-                  description: The secret used for migrating an old Tower.
-                  type: string
-                towerVersion:
-                  description: Version of the deployed instance
-                  type: string
-                towerImage:
-                  description: URL of the image used for the deployed instance
-                  type: string
-                conditions:
-                  description: The resulting conditions when a Service Telemetry is instantiated
-                  items:
-                    properties:
-                      status:
-                        type: string
-                      type:
-                        type: string
-                      reason:
-                        type: string
-                      lastTransitionTime:
-                        type: string
-                    type: object
-                  type: array
-              type: object
-          type: object
-
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  creationTimestamp: null
-  name: awx-operator
-  namespace: awx
-rules:
-  - apiGroups:
-      - route.openshift.io
-    resources:
-      - routes
-      - routes/custom-host
-    verbs:
-      - '*'
-  - apiGroups:
-      - ""
-      - "rbac.authorization.k8s.io"
-    resources:
-      - pods
-      - services
-      - services/finalizers
-      - serviceaccounts
-      - endpoints
-      - persistentvolumeclaims
-      - events
-      - configmaps
-      - secrets
-      - roles
-      - rolebindings
-    verbs:
-      - '*'
-  - apiGroups:
-      - apps
-      - extensions
-    resources:
-      - deployments
-      - daemonsets
-      - replicasets
-      - statefulsets
-      - ingresses
-    verbs:
-      - '*'
-  - apiGroups:
-      - monitoring.coreos.com
-    resources:
-      - servicemonitors
-    verbs:
-      - get
-      - create
-  - apiGroups:
-      - apps
-    resourceNames:
-      - awx-operator
-    resources:
-      - deployments/finalizers
-    verbs:
-      - update
-  - apiGroups:
-      - apps
-    resources:
-      - deployments/scale
-      - statefulsets/scale
-    verbs:
-      - patch
-  - apiGroups:
-      - ""
-    resources:
-      - pods/exec
-    verbs:
-      - create
-      - get
-  - apiGroups:
-      - apps
-    resources:
-      - replicasets
-    verbs:
-      - get
-  - apiGroups:
-      - awx.ansible.com
-    resources:
-      - '*'
-    verbs:
-      - '*'
-
----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: awx-operator
-  namespace: awx
-subjects:
-  - kind: ServiceAccount
-    name: awx-operator
-    namespace: awx
-roleRef:
-  kind: ClusterRole
-  name: awx-operator
-  apiGroup: rbac.authorization.k8s.io
-
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: awx-operator
-  namespace: awx
-
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: awx-operator
-  namespace: awx
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      name: awx-operator
-  template:
-    metadata:
-      labels:
-        name: awx-operator
-    spec:
-      serviceAccountName: awx-operator
-      containers:
-        - name: awx-operator
-          image: "quay.io/ansible/awx-operator:0.9.0"
-          imagePullPolicy: "Always"
-          volumeMounts:
-            - mountPath: /tmp/ansible-operator/runner
-              name: runner
-          env:
-            # Watch all namespaces (cluster-scoped).
-            - name: WATCH_NAMESPACE
-              value: ""
-            - name: POD_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.name
-            - name: OPERATOR_NAME
-              value: awx-operator
-            - name: ANSIBLE_GATHERING
-              value: explicit
-          livenessProbe:
-            httpGet:
-              path: /healthz
-              port: 6789
-            initialDelaySeconds: 15
-            periodSeconds: 20
-      volumes:
-        - name: runner
-          emptyDir: {}

control_plane/roles/webui_awx/files/requirements.yml

@@ -2,4 +2,6 @@
 collections:
   - community.general
   - dellemc.openmanage
-  - dellemc.os10
+  - dellemc.os10
+  - kubernetes.core
+  - community.grafana

control_plane/roles/webui_awx/tasks/awx_configuration.yml

@@ -64,6 +64,10 @@
     description: "Name of organization using this product"
     state: present
     tower_config_file: "{{ tower_config_file }}"
+  register: add_organization
+  until: not add_organization.failed
+  retries: "{{ max_retries }}"
+  delay: "{{ max_delay }}"
 
 - name: Create awx inventories
   awx.awx.tower_inventory:
@@ -94,6 +98,11 @@
     default_environment: custom-awx-ee
     state: present
     tower_config_file: "{{ tower_config_file }}"
+    wait: yes
+  register: add_project
+  until: not add_project.failed
+  retries: "{{ max_retries }}"
+  delay: "{{ max_delay }}"
 
 - name: Add awx credentials
   awx.awx.tower_credential:

control_plane/roles/webui_awx/tasks/configure_settings.yml

@@ -18,7 +18,7 @@
   command: "kubectl get svc -n {{ awx_namespace }}"
   changed_when: false
   register: awx_services
-  
+
 - name: Expose the service for awx deployment on 8052 port
   command: "kubectl expose deployment awx --type=NodePort --name={{ awx_service_name }} --port={{ awx_port }} -n {{ awx_namespace }}"
   changed_when: false
@@ -33,6 +33,7 @@
   shell: >
     set -o pipefail && \
     kubectl get secret awx-admin-password -n {{ awx_namespace }} -o jsonpath='{.data.password}' | base64 --decode
+  no_log: true
   register: awx_admin_password
   changed_when: false
 
@@ -114,6 +115,10 @@
     name: firewalld
     state: reloaded
 
+- name: Waiting for AWX UI
+  wait_for:
+    timeout: "{{ awx_ui_wait_time }}"
+
 - name: Waiting for the AWX UI to be up
   uri:
     url: "http://{{ awx_cluster_ip.stdout }}:{{ awx_port }}"

control_plane/roles/webui_awx/tasks/install_awx.yml

@@ -20,21 +20,38 @@
   changed_when: false
   register: namespaces
 
+- name: Creating directory for deploying awx-operator
+  file:
+    path: "{{ awx_operator_folder }}"
+    state: directory
+    mode: "{{ file_perm }}"
+
+- name: Cloning awx-operator from github
+  git:
+    repo: "{{ awx_operator_link }}"
+    dest: "{{ awx_operator_folder }}"
+    version: "{{ awx_tag }}"
+
 - name: Create namespace
   command: "kubectl create namespace {{ awx_namespace }}"
   changed_when: true
   when: "'awx' not in namespaces.stdout"
 
+- name: Setting the current namespace for kubectl
+  command: "kubectl config set-context --current --namespace={{ awx_namespace }}"
+  changed_when: false
+
+- name: Deploying awx-operator
+  command: make deploy
+  changed_when: false
+  args:
+    chdir: "{{ awx_operator_folder }}"
+
 - name: Get K8s pods
   command: "kubectl get pods -n {{ awx_namespace }}"
   changed_when: false
   register: k8s_pods
 
-- name: Deploy awx-operator
-  command: "kubectl apply -f {{ awx_operator_yml_file_path }}"
-  changed_when: true
-  when: '"awx-operator" not in k8s_pods.stdout'
-
 - name: Get K8s persistent volumes
   command: "kubectl get pv -n {{ awx_namespace }}"
   changed_when: false
@@ -66,9 +83,10 @@
   command: "buildah bud -t custom-awx-ee {{ awx_ee_docker_file }}"
   changed_when: false
   when: "'custom-awx-ee' not in docker_images.stdout"
+  retries: "{{ min_retries }}"
 
 - name: Waiting for awx-operator deployment to be up and running
-  command: kubectl wait --for=condition=available deployment awx-operator -n {{ awx_namespace }} --timeout=600s
+  command: kubectl wait --for=condition=available deployment awx-operator-controller-manager -n {{ awx_namespace }} --timeout=600s
   changed_when: false
 
 - name: Deploy awx

control_plane/roles/webui_awx/vars/main.yml

@@ -16,17 +16,19 @@
 
 # Usage: install_awx.yml
 awx_namespace: awx
+awx_operator_folder: "/root/awx-operator"
 awx_pv_yml_file_path: "{{ role_path }}/files/awx_projects_pv.yml"
 awx_postgres_pv_file_path: "{{ role_path }}/files/awx_postgres_pv.yml"
-awx_operator_yml_file_path: "{{ role_path }}/files/awx_operator.yml"
 awx_ee_docker_file: "{{ role_path }}/files/awx_ee.yml"
 awx_yml_file_path: "{{ role_path }}/files/awx.yml"
 postgres_storage_class: nfs-client
 projects_existing_claim: awx-pv-claim
-awx_version: 19.1.0
+awx_version: 19.4.0
+awx_tag: 0.14.0
 file_perm: '0644'
 awx_wait_time: 90
 deployment_failure_msg: "Deployment failed due to docker pull rate limit"
+awx_operator_link: "https://github.com/ansible/awx-operator.git"
 
 # Usage: configure_settings.yml
 awx_port: 8052
@@ -45,8 +47,9 @@ awx_ui_msg: "AWX Upgrading"
 return_status: 200
 max_retries: 20
 max_delay: 15
+awx_ui_wait_time: 30
 
-# Usage: check_prerequisites_awx.yml
+# Usage: check_prerequisites.yml
 min_retries: 2
 
 # Usage: awx_configuration.yml