From 154de6517b78edfd2c0572545ce01f82cb68d5e2 Mon Sep 17 00:00:00 2001 From: Hao Liu <44379968+TheRealHaoLiu@users.noreply.github.com> Date: Thu, 11 Jul 2024 14:07:32 -0400 Subject: [PATCH] Add bool field create_superuser Allow to not create superuser on install --- config/crd/bases/awx.ansible.com_awxs.yaml | 4 ++ .../awx-operator.clusterserviceversion.yaml | 4 ++ roles/installer/defaults/main.yml | 2 + roles/installer/tasks/initialize_django.yml | 72 ++++++++++--------- roles/installer/tasks/install.yml | 1 + 5 files changed, 49 insertions(+), 34 deletions(-) diff --git a/config/crd/bases/awx.ansible.com_awxs.yaml b/config/crd/bases/awx.ansible.com_awxs.yaml index b69d164e2..201699d5d 100644 --- a/config/crd/bases/awx.ansible.com_awxs.yaml +++ b/config/crd/bases/awx.ansible.com_awxs.yaml @@ -57,6 +57,10 @@ spec: hostname: # deprecated description: (Deprecated) The hostname of the instance type: string + create_superuser: + description: If a superuser should be created + type: boolean + default: true admin_email: description: The admin user email type: string diff --git a/config/manifests/bases/awx-operator.clusterserviceversion.yaml b/config/manifests/bases/awx-operator.clusterserviceversion.yaml index add249011..1b1ab92ca 100644 --- a/config/manifests/bases/awx-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/awx-operator.clusterserviceversion.yaml @@ -294,6 +294,10 @@ spec: x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:text + - displayName: Create Admin User? + path: create_superuser + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch - displayName: Admin Account Username path: admin_user x-descriptors: diff --git a/roles/installer/defaults/main.yml b/roles/installer/defaults/main.yml index 277da25c9..25efb9a95 100644 --- a/roles/installer/defaults/main.yml +++ b/roles/installer/defaults/main.yml @@ -496,3 +496,5 @@ nginx_worker_cpu_affinity: 'auto' nginx_listen_queue_size: "{{ uwsgi_listen_queue_size }}" extra_settings_files: {} + +create_superuser: true diff --git a/roles/installer/tasks/initialize_django.yml b/roles/installer/tasks/initialize_django.yml index 3dad2cb4c..ac7f7cd66 100644 --- a/roles/installer/tasks/initialize_django.yml +++ b/roles/installer/tasks/initialize_django.yml @@ -1,40 +1,44 @@ --- -- name: Check if there are any super users defined. - k8s_exec: - namespace: "{{ ansible_operator_meta.namespace }}" - pod: "{{ awx_web_pod_name }}" - container: "{{ ansible_operator_meta.name }}-web" - command: >- - bash -c "echo 'from django.contrib.auth.models import User; - nsu = User.objects.filter(is_superuser=True, username=\"{{ admin_user }}\").count(); - exit(0 if nsu > 0 else 1)' - | awx-manage shell" - ignore_errors: true - register: users_result - changed_when: users_result.return_code > 0 +- name: Create/update super user + block: + - name: Check if there are any super users defined. + k8s_exec: + namespace: "{{ ansible_operator_meta.namespace }}" + pod: "{{ awx_web_pod_name }}" + container: "{{ ansible_operator_meta.name }}-web" + command: >- + bash -c "echo 'from django.contrib.auth.models import User; + nsu = User.objects.filter(is_superuser=True, username=\"{{ admin_user }}\").count(); + exit(0 if nsu > 0 else 1)' + | awx-manage shell" + ignore_errors: true + register: users_result + changed_when: users_result.return_code > 0 + - name: Create super user via Django if it doesn't exist. + k8s_exec: + namespace: "{{ ansible_operator_meta.namespace }}" + pod: "{{ awx_web_pod_name }}" + container: "{{ ansible_operator_meta.name }}-web" + command: awx-manage createsuperuser --username={{ admin_user | quote }} --email={{ admin_email | quote }} --noinput + register: result + changed_when: "'That username is already taken' not in result.stderr" + failed_when: "'That username is already taken' not in result.stderr and 'Superuser created successfully' not in result.stdout" + no_log: "{{ no_log }}" + when: users_result.return_code > 0 -- name: Create super user via Django if it doesn't exist. - k8s_exec: - namespace: "{{ ansible_operator_meta.namespace }}" - pod: "{{ awx_web_pod_name }}" - container: "{{ ansible_operator_meta.name }}-web" - command: awx-manage createsuperuser --username={{ admin_user | quote }} --email={{ admin_email | quote }} --noinput - register: result - changed_when: "'That username is already taken' not in result.stderr" - failed_when: "'That username is already taken' not in result.stderr and 'Superuser created successfully' not in result.stdout" - no_log: "{{ no_log }}" - when: users_result.return_code > 0 + - name: Update Django super user password + k8s_exec: + namespace: "{{ ansible_operator_meta.namespace }}" + pod: "{{ awx_web_pod_name }}" + container: "{{ ansible_operator_meta.name }}-web" + command: awx-manage update_password --username='{{ admin_user }}' --password='{{ admin_password }}' + register: result + changed_when: "'Password updated' in result.stdout" + no_log: "{{ no_log }}" + when: users_result.return_code > 0 + + when: create_superuser | bool -- name: Update Django super user password - k8s_exec: - namespace: "{{ ansible_operator_meta.namespace }}" - pod: "{{ awx_web_pod_name }}" - container: "{{ ansible_operator_meta.name }}-web" - command: awx-manage update_password --username='{{ admin_user }}' --password='{{ admin_password }}' - register: result - changed_when: "'Password updated' in result.stdout" - no_log: "{{ no_log }}" - when: users_result.return_code > 0 - name: Check if legacy queue is present k8s_exec: diff --git a/roles/installer/tasks/install.yml b/roles/installer/tasks/install.yml index 22f2c7700..e25935b4a 100644 --- a/roles/installer/tasks/install.yml +++ b/roles/installer/tasks/install.yml @@ -61,6 +61,7 @@ - name: Include admin password configuration tasks include_tasks: admin_password_configuration.yml + when: create_superuser | bool - name: Include broadcast websocket configuration tasks include_tasks: broadcast_websocket_configuration.yml