Support PVC storage for containerized Ansible Tower running on OCP

roles/ansible/tower/config-ansible-tower-ocp/README.md

@@ -16,6 +16,9 @@ The variables used to install Ansible Tower on OpenShift are outlined in the tab
 
 **Note:** As Tower Installer is based on Ansible playbooks, you may want to customize specific parts of it. You can copy over specific files by pointing to zip archive which contains new files along with the directory structure.
 
+**Note:** Tower installer supports PostgreSQL deployment done in two way, EmptyDir and PVC based. If you choose EmptyDir (openshift_pg_emptydir=true) be aware that PostgreSQL storage is not going to be persisted in any way. If you choose PVC, and the PVC doesn't exist, this playbook will automatically create a PVC(and underlying PV) based on default configuration of you clusters PV plugin. If PVC does exist, playbook will use it.
+
+
 | Variable | Description | Required | Defaults |
 |:---------|:------------|:---------|:---------|
 |ansible_tower_download_url|URL of Ansible Tower installer artifact repository|no|`https://releases.ansible.com/ansible-tower/setup_openshift/ansible-tower-openshift-setup-{{ ansible_tower_version }}.tar.gz`|
@@ -29,6 +32,9 @@ The variables used to install Ansible Tower on OpenShift are outlined in the tab
 |openshift_skip_tls_verify| Should installer skip TLS verifcation of Openshift API|no|false|
 |openshift_pg_emptydir|Flag for Postgre to use EmptyDir for storage(not recommended for Production)|no|true|
 |openshift_pg_pvc_name|Persistent Volume Claim to be used for PostgreSQL storage|no|postgresql|
+|openshift_pv_size|Size of PV that's going to be created for PostgreSQL storage|no|10Gi|
+|openshift_pv_wait_retries| How many attempts should have been taken on PVC readiness check|no|5|
+|openshift_pv_wait_delay| What's the delay between each attempt on making PVC readiness check (in seconds)|no|30|
 |admin_user|Tower admin username|no|"admin"|
 |admin_password|Tower admin user password|no|"admin"|
 |admin_email|Tower admin user e-mail address|no|root@localhost|

roles/ansible/tower/config-ansible-tower-ocp/defaults/main.yml

@@ -27,6 +27,10 @@ openshift_token: ""
 openshift_skip_tls_verify: "false"
 openshift_project: "tower"
 
-# PostgreSQL should relay on PVC, but for the moment we support EmptyDir only
-openshift_pg_pvc_name: "postgresql"
+# Postgre can be deployed backed up by either EmptyDir or PVC, PVC will be created if openshift_pg_emptydir is set to false
 openshift_pg_emptydir: "true"
+
+# Only applicable if openshift_pg_emptydir is set to "false"
+openshift_pv_size: "10Gi"
+openshift_pg_pvc_name: "postgresql"
+

roles/ansible/tower/config-ansible-tower-ocp/tasks/main.yml

@@ -13,6 +13,7 @@
     - openshift_project
 
 - import_tasks: openshift_retrieve_token.yml
+- import_tasks: setup_pvc.yml
 
 - name: "Download & Unpack Ansible Tower installer"
   unarchive:
@@ -54,4 +55,3 @@
   file:
     state: absent
     path: "{{ ansible_tower_dir }}"
-

roles/ansible/tower/config-ansible-tower-ocp/tasks/setup_pvc.yml

@@ -0,0 +1,52 @@
+---
+- block:
+   - name: Ensure user is authenticated with OCP
+     shell: |
+       oc login {{ openshift_host }} \
+          --token {{ openshift_token }} \
+          --insecure-skip-tls-verify={{ openshift_skip_tls_verify | default(false) | bool }}
+     no_log: true
+
+   - name: Checking if target project exists on OCP..
+     command: oc get project {{ openshift_project }}
+     register: getProject
+     failed_when: false
+
+   - name: Creating target project..
+     shell: oc new-project {{ openshift_project }}
+     register: getProject
+     failed_when: false
+
+   - name: Creating target project..
+     shell: oc new-project {{ openshift_project }}
+     when: getProject is search("not found")
+
+   - name: Creating Temp Dir ..
+     file:
+      state: directory
+      path: "./temp"
+
+   - name: Source the PVC template ...
+     template:
+      src: pvc.j2
+      dest: "./temp/pvc.yml"
+
+   - name: Apply the PVC manifest..
+     shell: oc apply -f ./temp/pvc.yml
+     register: pvcoutput
+     failed_when: pvcoutput.rc !=0
+
+   - name: Clean the temp..
+     file:
+      state: absent
+      path: "./temp"
+
+   - name: Check PVC status
+     command: "oc get pvc {{ openshift_pg_pvc_name }} -n {{ openshift_project }} -o=jsonpath='{.status.phase}'"
+     register: pg_pvc_status
+     until: pg_pvc_status.stdout is search("Bound")
+     retries: "{{ openshift_pv_wait_retries | default(5) }}"
+     delay: "{{ openshift_pv_wait_delay | default(30) }} "
+
+  when:
+   - openshift_pg_emptydir|trim == 'false'

roles/ansible/tower/config-ansible-tower-ocp/templates/pvc.j2

@@ -0,0 +1,12 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: {{ openshift_pg_pvc_name }}
+  namespace: {{ openshift_project }}
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: {{ openshift_pv_size}}
+

roles/ansible/tower/config-ansible-tower-ocp/tests/inventory/group_vars/tower.yml

@@ -29,4 +29,3 @@ openshift_project: "test-tower"
 openshift_user: "kubeadmin"
 openshift_password: "APBEh-jjrVy-hLQZX-VI9Kg"
 openshift_pg_emptydir: "true"
-