Adds ansible roles for pgo-installer

These ansible roles will setup, run, and cleanup the necessary resources for the
install job depending on the tags that are used and the settings in the
inventory file. The roles will run the preflight checks on the inventory file
before the job is submitted. This will help provide the use more immediate
feedback if there is an error in the inventory file. Preflight checks are also
added for specific container install checks that need to be done.

This commit also adds documentation for both the pgo-installer image and the
Ansible roles for the pgo-installer.

Updates ansible roles for postgres-operator to fix bug. Task was referencing
backrest_aws_s3_key_secret instead of backrest_aws_s3_secret.

Author: jmckulk

docs/content/Installation/postgres-operator-installer/_index.md

@@ -0,0 +1,53 @@
+---
+title: "Deploy with PostgreSQL Operator Installer (pgo-installer)"
+date:
+draft: false
+weight: 100
+---
+
+## Install the Postgres Operator with Installer Image
+
+The following jobs can be run to install, update, and uninstall the Crunchy
+PostgreSQL Operator in your Kubernetes or OpenShift cluster using the
+pgo-installer image. Examples of these job can be found in
+`$PGOROOT/installers/pgo-installer/ansible/roles/pgo-installer/templates`. The
+job templates will need to updated with the following variables to run correctly.
+
+### Installer Namespace
+The job template allows you to specify the namespace in
+which to run the install job. This does not specify which namespace the
+postgres-operator will be installed but they can both be in the same namespace.
+The namespace should be defined in place of the `{{ pgo_installer_namespace }}`
+variable.
+
+### Cluster Resources
+#### Service Account
+The postgres-operator-installer
+requires a service account with cluster-admin privileges. You can create a
+service account manually and assign it to the job by updating the `{{
+pgo_installer_sa }}` variable.
+
+#### Config Map
+The ansible installer used by the `pgo-installer` image requires
+an inventory file to be created as a configmap in your environment. This
+configmap will be used to install the  PostgreSQL Operator and should meet all
+of the requirements outlined in the ansible install instructions.
+
+### Job Varibles
+#### Command
+The command defined in the installer job uses
+the `pgo-install.sh` script to pass in the ansible tag to be run. The command
+can use any of the tags supported by the ansible installer.
+
+#### Image Prefix and Tag
+The install job uses the `pgo-installer` image that is
+built using each version of the ansible installer. You will need to update the
+`{{ pgo_image_prefix }}` and `{{ pgo_image_tag }}` for the version of the
+installer that you are using. The `pgo-installer` tag must match the version of
+the Crunchy PostgreSQL Operator that you are installing.
+
+#### Image Pull Policy
+The image pull policy needs to be defined for your job.
+In most cases this should be updated to `IfNotPresent`.
+
+

docs/content/Installation/postgres-operator-installer/ansible-pgo-installer.md

@@ -0,0 +1,67 @@
+---
+title: "Ansible Roles for pgo-installer"
+date:
+draft: false
+weight: 20
+---
+
+The ansible roles for the `pgo-installer` can be used to setup and run the
+install jobs with the `pgo-installer` image. Ansible will perform the steps
+oulined in the [Deploy with PostgreSQL Operator
+Installer](#/installation/postgres-operator-install).
+
+## Prerequisites
+The following is required prior to installing Crunchy PostgreSQL Operator 
+using Ansible:
+
+* [postgres-operator  playbooks](https://github.com/CrunchyData/postgres-operator/) source code for the target version
+* Ansible 2.8.0+
+
+### Updating the Inventory file
+The PostgreSQL Operator Installer requires an inventory file to be installed.
+This inventory file must be created as a configmap that is mounted by the
+`pgo-installer` image. Once mounted, the file can be used to configure how the
+operator will function when deployed into Kubernetes. 
+
+An example inventory file can be found here:
+`$PGOROOT/installers/ansible/inventory`  
+
+Please reference the [Configuring the Inventory File](/installation/install-with-ansible/prerequisites#configuring-the-inventory-file)
+documentation as you update the inventory file. 
+
+#### PGO-Installer Specific Inventory Options
+The PostgreSQL Operator Installer has settings defined in the example inventory
+file that are not referenced in the [Configuring the Inventory File](i/installation/install-with-ansible/prerequisites#configuring-the-inventory-file)
+section of the documentation. 
+
+| Name | Default | Required | Description |
+|------|---------|----------|-------------|
+| `kubernetes_in_cluster` | false | **Required** | Set to true allow the installer to run from within a Kubernetes cluster. This must be true to use the `pgo-installer`. |
+| `use_cluster_admin` | false | **Required** | Set to true allow the installer to use cluster-admin to setup cluster-wide resources. This must be true to use the `pgo-installer`|
+| `pgo_installer_environment` | `kubernetes` | **Required** | Specifies if the Ansible Roles for PGO-Installer should use `kubectl` or `oc`. Options: `kubernetes`, `openshift` |
+
+You have the option to manually create the resources needed to run the
+PostgreSQL Operator Installer. If you manually create the resources you can
+disable their creation and provide the name to your resource using the following
+options.
+
+| Name | Default | Required | Description |
+|------|---------|----------|-------------|
+| `pgo_installer_namespace` | `pgo-install` | | Defines the namespace in which the install job will run. |
+| `pgo_installer_sa` | `pgo-installer-sa` | | Defines the name of the `serviceaccount` used by the `pgo-installer`. |
+| `pgo_installer_crb` | `pgo_installer_crb` | | Defines the name of the `clusterrolebinding` that is given to the `pgo_installer_sa` service account. |
+| `pgo_installer_configmap` | `pgo-installer-inventory` | | Defines the name of the `configmap` that is mounted by the `pgo-installer` and stores the inventory file for the PostgreSQL Operator install. |
+| `create_pgo_installer_namespace` | false | | Enables creation of the `pgo_installer_namespace` |
+| `create_pgo_installer_service_account` | false | | Enables the creation of the `pgo_installer_sa`. This `serviceaccount` is only created if `use_cluster_admin` is true. |
+| `create_pgo_installer_clusterrolebinding` | false | |  Enables thecreation of the `pgo_installer_crb`. This `clusterrolebinding` is only created if `use_cluster_admin` is true. |
+| `create_pgo_installer_configmap` | false | |Enables the creation of the `pgo_installer_configmap` |
+
+### Ansible Role Options
+| Tag Name | Description |
+|----------|--------------|
+| `install-container` | Uses the `pgo-installer` image to install the PostgreSQL Operator. |
+| `update-container` | Uses the `pgo-installer` image to update the PostgreSQL Operator. |
+| `uninstall-container` | Uses the `pgo-installer` image to uninstall the PostgreSQL Operator. |
+| `clean` | This option can be added to the `install-container`, `update-container`, and `uninstall-container` tags to delete the job after it completes. |
+| `clean-all` | The `namespace` and `clusterrolebinding` will be deleted if they exist. |
+

installers/ansible/inventory

@@ -51,11 +51,10 @@ crunchy_debug='false'
 # needed by the pgo-install job. If you create these resources manually, these
 # options can be disabled. If these resource are not enabled here they must be
 # created manually
-
-# Defines the environment where the installer will run. Options are kubernetes
-# and openshift.
-# Default: kubernetes
-# pgo_installer_environment='kubernetes'
+# create_pgo_installer_namespace='false'
+# create_pgo_installer_service_account='false'
+# create_pgo_installer_clusterrolebinding='false'
+# create_pgo_installer_configmap='false'
 
 # Deploy into Openshift
 # ==================

installers/ansible/roles/pgo-operator/tasks/main.yml

@@ -194,7 +194,7 @@
           --from-file=sshd_config='{{ role_path }}/files/pgo-backrest-repo/sshd_config' \
           --from-file=aws-s3-ca.crt='{{ role_path }}/files/pgo-backrest-repo/aws-s3-ca.crt' \
           --from-literal=aws-s3-key='{{ backrest_aws_s3_key }}' \
-          --from-literal=aws-s3-key-secret='{{ backrest_aws_s3_key_secret }}' \
+          --from-literal=aws-s3-key-secret='{{ backrest_aws_s3_secret }}' \
           -n {{ pgo_operator_namespace }}
       tags:
         - install

installers/pgo-installer/ansible/main.yml

@@ -0,0 +1,11 @@
+---
+    - name: Deploy Crunchy PostgreSQL Operator 
+      hosts: all
+      vars:
+        max_storage_configs: 50  # the max num of storage configs that can be defined in the inventory
+        max_resource_configs: 50  # the max num of resource configs that can be defined in the inventory
+      gather_facts: true
+      roles:
+        - pgo-preflight 
+        - pgo-installer
+    

installers/pgo-installer/ansible/roles/pgo-installer/defaults/main.yml

@@ -0,0 +1,9 @@
+---
+pgo_installer_namespace: "pgo-install"
+pgo_installer_sa: "pgo-installer-sa"
+pgo_installer_crb: "pgo-installer-crb"
+pgo_installer_role: "cluster-admin"
+pgo_installer_environment: "kubernetes"
+pgo_installer_configmap: "pgo-installer-inventory"
+job_wait_timeout: 300s
+installer_img_pull_policy: "IfNotPresent"

installers/pgo-installer/ansible/roles/pgo-installer/tasks/main.yml

@@ -0,0 +1,181 @@
+---
+- name: Set output directory fact
+  set_fact:
+    output_dir: "{{ ansible_env.HOME }}/.pgo/{{ pgo_installer_namespace }}/output"
+  tags: 
+    - always
+
+- name: Ensure output directory exists
+  file:
+    path: "{{ output_dir }}"
+    state: directory
+    mode: 0700
+  tags:
+    - always
+
+- include_vars: openshift.yml
+  when: pgo_installer_environment == 'openshift'
+  tags:
+    - always
+
+- name: Use kubectl or oc
+  set_fact:
+    kubectl_or_oc: "{{ openshift_oc_bin if openshift_oc_bin is defined else 'kubectl' }}"
+  tags:
+    - always
+
+- name: Clean all jobs
+  set_fact:
+    job: "all"
+  tags:
+    - always
+
+- name: Check Run Setup
+  set_fact:
+    run_setup: true
+  tags:
+    - install-container
+    - uninstall-container
+    - update-container
+
+- name: Setup Install Container
+  when: run_setup | default(False) | bool
+  tags:
+    - always
+  block:
+  - name: Check Install Namespace
+    when: not (create_pgo_installer_namespace | default(False) | bool)
+    shell: "{{ kubectl_or_oc }} get namespace {{ pgo_installer_namespace }}"
+  
+  - name: Create Install Namespace
+    when: create_pgo_installer_namespace | default(False) | bool
+    shell: "{{ kubectl_or_oc }} create namespace {{ pgo_installer_namespace }}"
+
+  - name: Check PGO-Install Service Account
+    when:
+      - use_cluster_admin | default(False) | bool
+      - not (create_pgo_installer_service_account | default(False) | bool)
+    shell: "{{ kubectl_or_oc }} get serviceaccount {{ pgo_installer_sa }} -n {{ pgo_installer_namespace }}"
+
+  - name: Create PGO-Install Service Account
+    when:
+      - use_cluster_admin | default(False) | bool
+      - create_pgo_installer_service_account | default(False) | bool
+    shell: "{{ kubectl_or_oc }} create serviceaccount {{ pgo_installer_sa }} -n {{ pgo_installer_namespace }}"
+
+  - name: Check PGO-Installer Cluster Role Binding
+    when:
+      - use_cluster_admin | default(False) | bool
+      - not (create_pgo_installer_clusterrolebinding | default(False) | bool)
+    shell: "{{ kubectl_or_oc }} get clusterrolebinding {{ pgo_installer_crb }}"
+
+  - name: Create PGO-Installer Cluster Role Binding
+    when:
+      - use_cluster_admin | default(False) | bool
+      - create_pgo_installer_clusterrolebinding | default(False) | bool
+    shell: "{{ kubectl_or_oc }} create clusterrolebinding {{ pgo_installer_crb }} --clusterrole={{ pgo_installer_role }} --serviceaccount={{ pgo_installer_namespace }}:{{ pgo_installer_sa }}"
+
+  - name: Check Inventory Config Map
+    when:
+      - not (create_pgo_installer_configmap | default(False) | bool)
+    shell: "{{ kubectl_or_oc }} get configmap {{ pgo_installer_configmap }} -n {{ pgo_installer_namespace }}"
+
+  - name: Create Inventory Config Map
+    when:
+      - create_pgo_installer_configmap | default(False) | bool
+    shell: "{{ kubectl_or_oc }} create configmap {{ pgo_installer_configmap }} -n {{ pgo_installer_namespace }} --from-file=inventory={{ inventory_dir }}/inventory"
+
+- name: Run Install Job
+  tags:
+    - install-container
+  block:
+    - name:
+      set_fact:
+        job: "install"
+    - name: Template Install Job Json
+      template:
+        src: pgo-installer-job.json.j2
+        dest: "{{ output_dir }}/pgo-installer-job.json"
+        mode: '0600'
+    - name: Create Install Job
+      shell: "{{ kubectl_or_oc }} create -n {{ pgo_installer_namespace }} -f {{ output_dir }}/pgo-installer-job.json"
+      register: job_started
+    - name: Wait for Install Job
+      when: job_started != 0
+      shell: "{{ kubectl_or_oc }} wait -n {{ pgo_installer_namespace }} --timeout={{ job_wait_timeout }} --for=condition=Complete jobs.batch/pgo-installer"
+  rescue: 
+    - debug:
+        msg: Install failed
+
+- name: Run Uninstall Job
+  tags:
+    - uninstall-container
+  block:
+    - name:
+      set_fact:
+        job: "uninstall"
+    - name: Template Uninstall Job Json
+      template:
+        src: pgo-uninstaller-job.json.j2
+        dest: "{{ output_dir }}/pgo-uninstaller-job.json"
+        mode: '0600'
+    - name: Create Uninstall Job
+      shell: "{{ kubectl_or_oc }} create -n {{ pgo_installer_namespace }} -f {{ output_dir }}/pgo-uninstaller-job.json"
+      register: job_started
+    - name: Wait for Uninstall Job
+      when: job_started != 0
+      shell: "{{ kubectl_or_oc }} wait -n {{ pgo_installer_namespace }} --timeout={{ job_wait_timeout }} --for=condition=Complete jobs.batch/pgo-uninstaller"
+  rescue:
+    - debug:
+        msg: Uninstall failed
+
+- name: Run Update Job
+  tags:
+    - update-container
+  block:
+    - name:
+      set_fact:
+        job: "update"
+    - name: Template Update Job Json
+      template:
+        src: pgo-update-job.json.j2
+        dest: "{{ output_dir }}/pgo-update-job.json"
+        mode: '0600'
+    - name: Create Update Job
+      shell: "{{ kubectl_or_oc }} create -n {{ pgo_installer_namespace }} -f {{ output_dir }}/pgo-update-job.json"
+      register: job_started
+    - name: Wait for Update Job
+      when: job_started != 0
+      shell: "{{ kubectl_or_oc }} wait -n {{ pgo_installer_namespace }} --timeout={{ job_wait_timeout }} --for=condition=Complete jobs.batch/pgo-updater"
+  rescue:
+    - debug:
+        msg: Update failed
+
+
+- name: Cleanup Jobs
+  tags:
+    - clean
+  block:
+    - name: Clean Update Job
+      shell: "{{ kubectl_or_oc }} delete -n {{ pgo_installer_namespace }} jobs.batch/pgo-updater"
+      when: job == 'update' or job == 'all'
+      ignore_errors: yes
+    - name: Clean Installer Job
+      shell: "{{ kubectl_or_oc }} delete -n {{ pgo_installer_namespace }} jobs.batch/pgo-installer"
+      when: job == 'install'  or job == 'all'
+      ignore_errors: yes
+    - name: Clean Uninstaller Job
+      shell: "{{ kubectl_or_oc }} delete -n {{ pgo_installer_namespace }} jobs.batch/pgo-uninstaller"
+      when: job == 'uninstall'  or job == 'all'
+      ignore_errors: yes
+
+- name: Clean All
+  tags:
+    - clean-all
+  block:
+    - name: Clean namespace
+      shell: "{{ kubectl_or_oc }} delete namespace {{ pgo_installer_namespace }}"
+      ignore_errors: yes
+    - name: Clean clusterrolebinding
+      shell: "{{ kubectl_or_oc }} delete clusterrolebinding {{ pgo_installer_crb }}"
+      ignore_errors: yes