feat: bump operator version to 2.13.1

Author: kurokobo

README.md

@@ -31,15 +31,15 @@ An example implementation of AWX on single node K3s using AWX Operator, with eas
   - CentOS Stream 8 (Minimal)
   - K3s v1.28.7+k3s1
 - Products that will be deployed:
-  - AWX Operator 2.13.0
+  - AWX Operator 2.13.1
   - AWX 24.0.0
   - PostgreSQL 15
 
 ## References
 
 - [K3s - Lightweight Kubernetes](https://docs.k3s.io/)
 - [INSTALL.md on ansible/awx](https://github.com/ansible/awx/blob/24.0.0/INSTALL.md) @24.0.0
-- [README.md on ansible/awx-operator](https://github.com/ansible/awx-operator/blob/2.13.0/README.md) @2.13.0
+- [README.md on ansible/awx-operator](https://github.com/ansible/awx-operator/blob/2.13.1/README.md) @2.13.1
 
 ## Requirements
 
@@ -85,9 +85,6 @@ curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION=v1.28.7+k3s1 sh -s - --write-
 
 ### Install AWX Operator
 
-> [!CAUTION]
-> AWX Operator 2.13.0 has [a bug that potentially causes data loss](https://forum.ansible.com/t/attention-do-not-upgrade-to-awx-operator-to-2-13-0/4363/3), and its image is already removed from `quay.io`. Use AWX Operator 2.13.1 or later instead.
-
 > [!NOTE]
 > From AWX Operator 2.13.0, Default PostgreSQL version is bumped from 13 to 15. If you have a plan to upgrade existing AWX Operator and AWX, refer to [📝Tips: Upgrade AWX Operator and AWX](tips/upgrade-operator.md) to perform additional tasks to database migration.
 
@@ -99,7 +96,7 @@ If you want to use files suitable for a specific version of AWX Operator, [refer
 cd ~
 git clone https://github.com/kurokobo/awx-on-k3s.git
 cd awx-on-k3s
-git checkout 2.13.0
+git checkout 2.13.1
 ```
 
 Then invoke `kubectl apply -k operator` to deploy AWX Operator.
@@ -171,9 +168,10 @@ Modify the two `password` entries in `base/kustomization.yaml`. Note that the `p
 Prepare directories for Persistent Volumes defined in `base/pv.yaml`. These directories will be used to store your databases and project files. Note that the size of the PVs and PVCs are specified in some of the files in this repository, but since their backends are `hostPath`, its value is just like a label and there is no actual capacity limitation.
 
 ```bash
-sudo mkdir -p /data/postgres-15
+sudo mkdir -p /data/postgres-15/data
 sudo mkdir -p /data/projects
-sudo chmod 755 /data/postgres-15
+sudo chmod 700 /data/postgres-15/data
+sudo chown 26:0 /data/postgres-15/data
 sudo chown 1000:0 /data/projects
 ```
 
@@ -198,53 +196,57 @@ $ kubectl -n awx logs -f deployments/awx-operator-controller-manager
 ...
 ----- Ansible Task Status Event StdOut (awx.ansible.com/v1beta1, Kind=AWX, awx/awx) -----
 PLAY RECAP *********************************************************************
-localhost                  : ok=85   changed=1    unreachable=0    failed=0    skipped=78   rescued=0    ignored=1
+localhost                  : ok=90   changed=0    unreachable=0    failed=0    skipped=81   rescued=0    ignored=1
 ```
 
 The required objects should now have been deployed next to AWX Operator in the `awx` namespace.
 
 ```bash
 $ kubectl -n awx get awx,all,ingress,secrets
 NAME                      AGE
-awx.awx.ansible.com/awx   6m15s
+awx.awx.ansible.com/awx   6m48s
 
-NAME                                                   READY   STATUS    RESTARTS   AGE
-pod/awx-operator-controller-manager-57867569c4-ggl29   2/2     Running   0          6m50s
-pod/awx-postgres-15-0                                  1/1     Running   0          5m56s
-pod/awx-task-5d8cd9b6b9-8ptjt                          4/4     Running   0          5m25s
-pod/awx-web-66f89bc9cf-6zck5                           3/3     Running   0          4m39s
+NAME                                                  READY   STATUS      RESTARTS   AGE
+pod/awx-operator-controller-manager-59b86c6fb-4zz9r   2/2     Running     0          7m22s
+pod/awx-postgres-15-0                                 1/1     Running     0          6m33s
+pod/awx-web-549f7fdbc5-htpl9                          3/3     Running     0          6m5s
+pod/awx-migration-24.0.0-kglht                        0/1     Completed   0          4m36s
+pod/awx-task-7d4fcdd449-mqkp2                         4/4     Running     0          6m4s
 
 NAME                                                      TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
-service/awx-operator-controller-manager-metrics-service   ClusterIP   10.43.18.30     <none>        8443/TCP   7m
-service/awx-postgres-15                                   ClusterIP   None            <none>        5432/TCP   5m55s
-service/awx-service                                       ClusterIP   10.43.237.218   <none>        80/TCP     5m28s
+service/awx-operator-controller-manager-metrics-service   ClusterIP   10.43.58.194    <none>        8443/TCP   7m33s
+service/awx-postgres-15                                   ClusterIP   None            <none>        5432/TCP   6m33s
+service/awx-service                                       ClusterIP   10.43.180.226   <none>        80/TCP     6m7s
 
 NAME                                              READY   UP-TO-DATE   AVAILABLE   AGE
-deployment.apps/awx-operator-controller-manager   1/1     1            1           7m
-deployment.apps/awx-task                          1/1     1            1           5m25s
-deployment.apps/awx-web                           1/1     1            1           4m39s
+deployment.apps/awx-operator-controller-manager   1/1     1            1           7m33s
+deployment.apps/awx-web                           1/1     1            1           6m5s
+deployment.apps/awx-task                          1/1     1            1           6m4s
 
-NAME                                                         DESIRED   CURRENT   READY   AGE
-replicaset.apps/awx-operator-controller-manager-57867569c4   1         1         1       6m50s
-replicaset.apps/awx-task-5d8cd9b6b9                          1         1         1       5m25s
-replicaset.apps/awx-web-66f89bc9cf                           1         1         1       4m39s
+NAME                                                        DESIRED   CURRENT   READY   AGE
+replicaset.apps/awx-operator-controller-manager-59b86c6fb   1         1         1       7m22s
+replicaset.apps/awx-web-549f7fdbc5                          1         1         1       6m5s
+replicaset.apps/awx-task-7d4fcdd449                         1         1         1       6m4s
 
 NAME                               READY   AGE
-statefulset.apps/awx-postgres-15   1/1     5m56s
+statefulset.apps/awx-postgres-15   1/1     6m33s
+
+NAME                             COMPLETIONS   DURATION   AGE
+job.batch/awx-migration-24.0.0   1/1           2m4s       4m36s
 
 NAME                                    CLASS     HOSTS             ADDRESS         PORTS     AGE
-ingress.networking.k8s.io/awx-ingress   traefik   awx.example.com   192.168.0.219   80, 443   5m27s
+ingress.networking.k8s.io/awx-ingress   traefik   awx.example.com   192.168.0.219   80, 443   6m6s
 
 NAME                                  TYPE                DATA   AGE
-secret/redhat-operators-pull-secret   Opaque              1      7m11s
-secret/awx-admin-password             Opaque              1      6m15s
-secret/awx-postgres-configuration     Opaque              6      6m15s
-secret/awx-secret-tls                 kubernetes.io/tls   2      6m15s
-secret/awx-app-credentials            Opaque              3      5m30s
-secret/awx-secret-key                 Opaque              1      6m6s
-secret/awx-broadcast-websocket        Opaque              1      6m2s
-secret/awx-receptor-ca                kubernetes.io/tls   2      5m37s
-secret/awx-receptor-work-signing      Opaque              2      5m33s
+secret/redhat-operators-pull-secret   Opaque              1      7m33s
+secret/awx-admin-password             Opaque              1      6m48s
+secret/awx-postgres-configuration     Opaque              6      6m48s
+secret/awx-secret-tls                 kubernetes.io/tls   2      6m48s
+secret/awx-app-credentials            Opaque              3      6m9s
+secret/awx-secret-key                 Opaque              1      6m41s
+secret/awx-broadcast-websocket        Opaque              1      6m38s
+secret/awx-receptor-ca                kubernetes.io/tls   2      6m14s
+secret/awx-receptor-work-signing      Opaque              2      6m12s
 ```
 
 Now your AWX is available at `https://awx.example.com/` or the hostname you specified.

backup/README.md

@@ -7,9 +7,6 @@ This guide is specifically designed to use with the AWX which deployed using [th
 
 You can also refer [the official instructions](https://github.com/ansible/awx-operator/tree/devel/roles/backup) for more information.
 
-> [!WARNING]
-> AWX Operator 2.12.2 can not create any backup due to [a known issue](https://github.com/ansible/awx-operator/issues/1734).
-
 <!-- omit in toc -->
 ## Table of Contents
 
@@ -26,6 +23,8 @@ Prepare directories for Persistent Volumes to store backup files that defined in
 
 ```bash
 sudo mkdir -p /data/backup
+sudo chmod 700 /data/backup
+sudo chown 26:0 /data/backup
 ```
 
 Then deploy Persistent Volume and Persistent Volume Claim.
@@ -78,15 +77,15 @@ awxbackup-2021-06-06   6m47s
 ```
 
 ```bash
-$ ls -l /data/backup/
+$ sudo ls -l /data/backup/
 total 0
-drwxr-xr-x. 2 root root 59 Jun  5 06:51 tower-openshift-backup-2021-06-06-105149
+drwxr-xr-x. 2 26 26 59 Jun  5 06:51 tower-openshift-backup-2021-06-06-105149
 
-$ ls -l /data/backup/tower-openshift-backup-2021-06-06-105149/
+$ sudo ls -l /data/backup/tower-openshift-backup-2021-06-06-105149/
 total 736
--rw-------. 1 1001 root   1093 Jun  6 06:51 awx_object
--rw-------. 1 1001 root  17085 Jun  6 06:51 secrets.yml
--rw-rw----. 1 root root 833184 Jun  6 06:51 tower.db
+-rw-------. 1 26 26   1093 Jun  6 06:51 awx_object
+-rw-------. 1 26 26  17085 Jun  6 06:51 secrets.yml
+-rw-r--r--. 1 26 26 833184 Jun  6 06:51 tower.db
 ```
 
 ## Appendix: Back up AWX using Ansible

backup/ansible/README.md

@@ -32,7 +32,7 @@ An example simple playbook for Ansible is also provided in this repository. This
 | - | - | - |
 | `awxbackup_namespace` | The name of the NameSpace where the `AWXBackup` resource will be created. | `awx` |
 | `awxbackup_name` | The name of the `AWXBackup` resource. Dynamically generated using execution time by default. | `awxbackup-{{ lookup('pipe', 'date +%Y-%m-%d-%H-%M-%S') }}` |
-| `awxbackup_spec` | The `spec` of the `AWXBackup` resource. Refer [official documentation](https://github.com/ansible/awx-operator/tree/2.13.0/roles/backup) for acceptable fields. | `deployment_name: awx`<br>`backup_pvc: awx-backup-claim`<br>`clean_backup_on_delete: true` |
+| `awxbackup_spec` | The `spec` of the `AWXBackup` resource. Refer [official documentation](https://github.com/ansible/awx-operator/tree/2.13.1/roles/backup) for acceptable fields. | `deployment_name: awx`<br>`backup_pvc: awx-backup-claim`<br>`clean_backup_on_delete: true` |
 | `awxbackup_timeout` | Time to wait for backup to complete, in seconds. If exceeded, the playbook will fail. | `600` |
 | `awxbackup_keep_days` | Number of days to keep `AWXBackup` resources. `AWXBackup` resources older than this value will be deleted by this playbook. Set `0` to keep forever. | `30` |
 

containergroup/README.md

@@ -35,7 +35,7 @@ Prepare directories for Persistent Volumes defined in `containergroup/case1/pv.y
 
 ```bash
 sudo mkdir -p /data/work
-sudo chmod 755 /data/work
+sudo chmod 700 /data/work
 sudo chown 1000:0 /data/work
 ```
 
@@ -188,7 +188,7 @@ Prepare directories for Persistent Volumes defined in `containergroup/case2/pv.y
 
 ```bash
 sudo mkdir -p /data/demo
-sudo chmod 755 /data/demo
+sudo chmod 700 /data/demo
 sudo chown 1000:0 /data/demo
 ```
 

galaxy/README.md

@@ -123,7 +123,7 @@ Prepare directories for Persistent Volumes defined in `galaxy/galaxy/pv.yaml`.
 sudo mkdir -p /data/galaxy/postgres-13
 sudo mkdir -p /data/galaxy/redis
 sudo mkdir -p /data/galaxy/file
-sudo chmod 755 /data/galaxy/postgres-13
+sudo chmod 700 /data/galaxy/postgres-13
 sudo chown 1000:0 /data/galaxy/file
 ```
 

operator/kustomization.yaml

@@ -12,8 +12,8 @@ secretGenerator:
       - operator=awx
 
 resources:
-  - github.com/ansible/awx-operator/config/default?ref=2.13.0
+  - github.com/ansible/awx-operator/config/default?ref=2.13.1
 
 images:
   - name: quay.io/ansible/awx-operator
-    newTag: 2.13.0
+    newTag: 2.13.1

restore/README.md

@@ -39,9 +39,10 @@ sudo rm -rf /data/postgres-15
 Then prepare directories for your PVs. `/data/projects` is required if you are restoring the entire AWX to a new environment.
 
 ```bash
-sudo mkdir -p /data/postgres-15
+sudo mkdir -p /data/postgres-15/data
 sudo mkdir -p /data/projects
-sudo chmod 755 /data/postgres-15
+sudo chmod 700 /data/postgres-15/data
+sudo chown 26:0 /data/postgres-15/data
 sudo chown 1000:0 /data/projects
 ```
 
@@ -102,7 +103,7 @@ $ kubectl -n awx logs -f deployments/awx-operator-controller-manager
 ...
 ----- Ansible Task Status Event StdOut (awx.ansible.com/v1beta1, Kind=AWX, awx/awx) -----
 PLAY RECAP *********************************************************************
-localhost                  : ok=87   changed=1    unreachable=0    failed=0    skipped=76   rescued=0    ignored=1
+localhost                  : ok=92   changed=0    unreachable=0    failed=0    skipped=79   rescued=0    ignored=1
 ```
 
 This will create AWXRestore object in the namespace, and now your AWX is restored.

rulebooks/README.md

@@ -117,7 +117,7 @@ Prepare directories for Persistent Volumes defined in `base/pv.yaml`. This direc
 
 ```bash
 sudo mkdir -p /data/eda/postgres-13/data
-sudo chmod 755 /data/eda/postgres-13/data
+sudo chmod 700 /data/eda/postgres-13/data
 sudo chown 26:0 /data/eda/postgres-13/data
 ```
 

tips/troubleshooting.md

@@ -184,6 +184,11 @@ Typical solutions are one of the following:
       web_resource_requirements: {}     👈👈👈
       task_resource_requirements: {}     👈👈👈
       ee_resource_requirements: {}     👈👈👈
+      init_container_resource_requirements: {}     👈👈👈
+      postgres_init_container_resource_requirements: {}     👈👈👈
+      postgres_resource_requirements: {}     👈👈👈
+      redis_resource_requirements: {}     👈👈👈
+      rsyslog_resource_requirements: {}     👈👈👈
     ```
 
   - You can specify more specific value for each containers. Refer [official documentation](https://ansible.readthedocs.io/projects/awx-operator/en/latest/user-guide/advanced-configuration/containers-resource-requirements.html) for details.
@@ -286,53 +291,54 @@ awx-postgres-13-0                                  1/1     CrashLoopBackOff   5
 awx-task-5d8cd9b6b9-8ptjt                          0/4     Running            0          6m55s
 awx-web-66f89bc9cf-6zck5                           0/3     Running            0          6m9s
 
-$ kubectl -n awx logs statefulset/awx-postgres
+# On PostgreSQL 13
+$ kubectl -n awx logs statefulset/awx-postgres-13
 mkdir: cannot create directory '/var/lib/postgresql/data': Permission denied
+
+# On PostgreSQL 15
+$ kubectl -n awx logs statefulset/awx-postgres-13
+mkdir: cannot create directory '/var/lib/pgsql/data/userdata': Permission denied
 ```
 
 You should check the permissions and the owner of directories where used as PV on your K3s host.
 
-For the PostgreSQL that deployed by **AWX Operator 2.12.2 or earlier**, if you followed my guide, it would be `/data/postgres-13`. There is additional `data` directory created by K3s under `/data/postgres-13`.
+For the PostgreSQL 13 that deployed by **AWX Operator 2.12.2 or earlier**, if you followed my guide, it would be `/data/postgres-13`. There is additional `data` directory created by K3s under `/data/postgres-13`.
 
 ```bash
 $ ls -ld /data/postgres-13 /data/postgres-13/data
 drwxr-xr-x. 2 root root 18 Aug 20 10:09 /data/postgres-13
 drwxr-xr-x. 3 root root 20 Aug 20 10:09 /data/postgres-13/data
 ```
 
-In my environment, `755` and `root:root` (`0:0`) works correctly. So you can try:
+In my environment, `755` and `root:root` (`0:0`) works correctly. So you can try following commands.
 
 ```bash
 sudo chmod 755 /data/postgres-13 /data/postgres-13/data
 sudo chown 0:0 /data/postgres-13 /data/postgres-13/data
 ```
 
-Or, you can also try `` as owner/group for the directory.
+Or, you can also try `999:0` as owner/group for the directory. `999` is [the UID of the `postgres` user which used in the container](https://github.com/docker-library/postgres/blob/master/13/bullseye/Dockerfile#L13).
 
 ```bash
 sudo chmod 755 /data/postgres-13 /data/postgres-13/data
 sudo chown 999:0 /data/postgres-13 /data/postgres-13/data
 ```
 
-`999` is [the UID of the `postgres` user which used in the container](https://github.com/docker-library/postgres/blob/master/13/bullseye/Dockerfile#L13).
-
-For the PostgreSQL that deployed by **AWX Operator 2.13.0 or later**, if you followed my guide, it would be `/data/postgres-15`. There is additional `data` directory created by K3s under `/data/postgres-15`.
+For the PostgreSQL 15 that deployed by **AWX Operator 2.13.0 or later**, if you followed my guide, it would be `/data/postgres-15`. There is additional `data` directory created by K3s under `/data/postgres-15`.
 
 ```bash
 $ ls -ld /data/postgres-15 /data/postgres-15/data
 drwxr-xr-x. 2 root root 18 Aug 20 10:09 /data/postgres-15
-drwxr-xr-x. 3 root root 20 Aug 20 10:09 /data/postgres-15/data
+drwxr-xr-x. 3   26 root 20 Aug 20 10:09 /data/postgres-15/data
 ```
 
-In my environment, `755` and `26:0` works correctly. So you can try:
+In my environment, `700` and `26:0` works correctly. So you can try following commands. `26` is [the UID of the user which used in the container](https://github.com/sclorg/postgresql-container/blob/master/15/Dockerfile.c9s#L86).
 
 ```bash
-sudo chmod 755 /data/postgres-15 /data/postgres-15/data
+sudo chmod 700 /data/postgres-15 /data/postgres-15/data
 sudo chown 26:0 /data/postgres-15 /data/postgres-15/data
 ```
 
-`26` is [the UID of the user which used in the container](https://github.com/sclorg/postgresql-container/blob/master/15/Dockerfile.c9s#L86).
-
 ## Troubles during Daily Use
 
 ### Job failed with no output