I have written a custom credential plugin for AWX, that I have tested successfully running in my local basic docker AWX development environment. What I am now struggling with is how to actually install it in my live environment on K3S.
The instructions that are available anywhere all refer to either legacy, or the development environment approach, none of it is relevant to AWX Operator.
Basically, which containers / pods am I installing it into? Are the credential plugins part of the web container, or the control plane EE? Whichever one they are part of, how do I actually install it? I have compiled my plugin into a wheel package and it is available in my private repo.
I have been unable to find a clear set of instructions on how to do it either via AWX Operator (preferred obviously) or manually post deployment into running containers (that would do me as a test, as then I would at least know where to put it in the Operator spec).
There has been some slight changes in AWX repentantly with the splitting of the web and task containers. But we are thinking that you should be baking this plugin into a custom AWX container and then having operator deploy your version of AWX. In the AWX repo there should be a make target make awx-kube-build to create an image and then modify your spec file to deploy this new image. See this for deploying the custom image: https://github.com/ansible/awx-operator#deploying-a-specific-version-of-awx
Please let us know how this goes for you and if you need additional help.
Thanks for the feedback and suggestion. I have got as far as getting it baked into my Docker Image as part of make ‘awx-kube-build’ and deploying using my built image but it’s not showing up in the list of Credential Types and if I search the filesystem on my container I can’t find it (however, I know that shell access on the container is limited without breaking in as the root user, so not considering that a true representation). From my previous experience running locally in my dev, I just had to install the package and then run ‘awx-manage setup_managed_credential_types’. Surely given I have got the plugin installed directly into the Docker container at build time, there should be no hard requirement for me to run that command within the build, as I assume that it must be called in during the build process somewhere? (not in the Makefile that I can see). If I was to run that command, I would then typically need to restart the Controller node (so given that has all changed about recently, I’m not sure what Pods/Containers that would entail) to get it to render in the UI. Again, by doing it in the image build I was thinking all of that could be avoided, particularly as ‘restarting’ in Kubernetes is not as straightforward (basically redeploy, which loses my dynamic changes, of which this would be one).
I will keep working on it, but any other recommendations would be much appreciated.
So I have successfully installed the package in several different ways into the image, and none of them have been successful to getting it actually installed and usable in AWX. I have gone as far as running ‘awx-manage setup_managed_credential_types’ on the awx-web container and then used a ‘rollout restart’ to restart the web and task pods to no avail.
Ways I have tried:
Installing the package via the main/requirements/requirements.txt file
Adding a manual call to pip into the Dockerfile.j2 template in half a dozen different places, including directly into the venvs in both the build and final containers
Dropping the file directly into the AWX source alongside all the other external plugin files (awx/awx/main/credential_plugins/)
I can try installing it into the control plane EE but I do not believe this is relevant and is not what I have done in my existing docker deployment (haven’t touched the EE). Any help from the AWX team would be much appreciated as I am running out of ideas and have rebuilt the image 20+ times.
Copy in the source file/s of your plugin. I dropped mine in with the other credential plugins at awx/main/credential_plugins (yes, I know not the best practice)
In the root of the awx project, there is a file called ‘setup.cfg’. This file contains the entry point map for the credential plugins. Copy an existing one, and update with the correct path and entry point name for your plugin and save