We are testing the upgrade procedure using the tower-cli. We followed the steps listed below:
Setup a new instance of AWX pointing to a new database
Create an export from our production instance
Import the assets.json into the new instance
After this procedure, we have some doubts.
1 - As tower-cli does not export the credential passwords, we have to update them after the import. We saw that we can perform an upgrade of the field in the database with the value of the previous database and seems to work. Can we go with this approach?
2 - After the import, templates are not imported because projects should be synced before, as they are getting the playbooks from our Bitbucket. The only way to do this, is, perform an import, configure the credentials, sync the projects and then, run a new import. There is any issue if we run more than one import over the same instance?
3 - About the LDAP configuration. Can we setup the ldap configuration before importing the assets.json?
And last question, there is no way to upgrade directly from 1.0.x to 2.0?
1 - As tower-cli does not export the credential passwords, we have to update them after the import. We saw that we can perform an upgrade of the field in the database with the value of the previous database and seems to work. Can we go with this approach?
AFAIK, that will indeed work, if both instances use the same encryption secret (awx_secret).
2 - After the import, templates are not imported because projects should be synced before, as they are getting the playbooks from our Bitbucket. The only way to do this, is, perform an import, configure the credentials, sync the projects and then, run a new import. There is any issue if we run more than one import over the same instance?
I noticed this too, didn’t troubleshoot further into it yet. I /think/ that should work though.
3 - About the LDAP configuration. Can we setup the ldap configuration before importing the assets.json?
I just mailed about the script I published,which migrates the credential secrets and the ldap config, you might be interested in it:
2 - After the import, templates are not imported because projects should be synced before, as they are getting the playbooks from our Bitbucket. The only way to do this, is, perform an import, configure the credentials, sync the projects and then, run a new import. There is any issue if we run more than one import over the same instance?
I noticed this too, didn’t troubleshoot further into it yet. I /think/ that should work though.
If you don’t have a lot of credentials you might want to try the following:
Export users, organizations, teams, credential_types and credentials and import those into the target
Update the password for the credentials
Export the notification_templates, inventory_scripts, projects, inventory, job_templates and workflows and import those into the target
Some credential types have their passwords in extended data making import/export hard for them because the data has to be updated in one sweep so breaking this up will help if you use those types of credentials.
Another thing you could do would be have a vault file with your password in it, export everything, merge it with the vaulted file and push the whole thing to the target.