ansible · TheRealHaoLiu · Jul 11, 2024 · rooftopcellist · Jul 22, 2024
diff --git a/config/crd/bases/awx.ansible.com_awxs.yaml b/config/crd/bases/awx.ansible.com_awxs.yaml
@@ -57,6 +57,10 @@ spec:
               hostname:  # deprecated
                 description: (Deprecated) The hostname of the instance
                 type: string
+              create_superuser:
+                description: If a superuser should be created
+                type: boolean
+                default: true
               admin_email:
                 description: The admin user email
                 type: string

diff --git a/config/manifests/bases/awx-operator.clusterserviceversion.yaml b/config/manifests/bases/awx-operator.clusterserviceversion.yaml
@@ -294,6 +294,10 @@ spec:
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:advanced
         - urn:alm:descriptor:com.tectonic.ui:text
+      - displayName: Create Admin User?
+        path: create_superuser
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
       - displayName: Admin Account Username
         path: admin_user
         x-descriptors:

diff --git a/roles/installer/defaults/main.yml b/roles/installer/defaults/main.yml
@@ -496,3 +496,5 @@ nginx_worker_cpu_affinity: 'auto'
 nginx_listen_queue_size: "{{ uwsgi_listen_queue_size }}"
 
 extra_settings_files: {}
+
+create_superuser: true
diff --git a/roles/installer/tasks/initialize_django.yml b/roles/installer/tasks/initialize_django.yml
@@ -1,40 +1,44 @@
 ---
-- name: Check if there are any super users defined.
-  k8s_exec:
-    namespace: "{{ ansible_operator_meta.namespace }}"
-    pod: "{{ awx_web_pod_name }}"
-    container: "{{ ansible_operator_meta.name }}-web"
-    command: >-
-      bash -c "echo 'from django.contrib.auth.models import User;
-      nsu = User.objects.filter(is_superuser=True, username=\"{{ admin_user }}\").count();
-      exit(0 if nsu > 0 else 1)'
-      | awx-manage shell"
-  ignore_errors: true
-  register: users_result
-  changed_when: users_result.return_code > 0
+- name: Create/update super user
+  block:
+    - name: Check if there are any super users defined.
+      k8s_exec:
+        namespace: "{{ ansible_operator_meta.namespace }}"
+        pod: "{{ awx_web_pod_name }}"
+        container: "{{ ansible_operator_meta.name }}-web"
+        command: >-
+          bash -c "echo 'from django.contrib.auth.models import User;
+          nsu = User.objects.filter(is_superuser=True, username=\"{{ admin_user }}\").count();
+          exit(0 if nsu > 0 else 1)'
+          | awx-manage shell"
+      ignore_errors: true
+      register: users_result
+      changed_when: users_result.return_code > 0
+    - name: Create super user via Django if it doesn't exist.
+      k8s_exec:
+        namespace: "{{ ansible_operator_meta.namespace }}"
+        pod: "{{ awx_web_pod_name }}"
+        container: "{{ ansible_operator_meta.name }}-web"
+        command: awx-manage createsuperuser --username={{ admin_user | quote }} --email={{ admin_email | quote }} --noinput
+      register: result
+      changed_when: "'That username is already taken' not in result.stderr"
+      failed_when: "'That username is already taken' not in result.stderr and 'Superuser created successfully' not in result.stdout"
+      no_log: "{{ no_log }}"
+      when: users_result.return_code > 0
 
-- name: Create super user via Django if it doesn't exist.
-  k8s_exec:
-    namespace: "{{ ansible_operator_meta.namespace }}"
-    pod: "{{ awx_web_pod_name }}"
-    container: "{{ ansible_operator_meta.name }}-web"
-    command: awx-manage createsuperuser --username={{ admin_user | quote }} --email={{ admin_email | quote }} --noinput
-  register: result
-  changed_when: "'That username is already taken' not in result.stderr"
-  failed_when: "'That username is already taken' not in result.stderr and 'Superuser created successfully' not in result.stdout"
-  no_log: "{{ no_log }}"
-  when: users_result.return_code > 0
+    - name: Update Django super user password
+      k8s_exec:
+        namespace: "{{ ansible_operator_meta.namespace }}"
+        pod: "{{ awx_web_pod_name }}"
+        container: "{{ ansible_operator_meta.name }}-web"
+        command: awx-manage update_password --username='{{ admin_user }}' --password='{{ admin_password }}'
+      register: result
+      changed_when: "'Password updated' in result.stdout"
+      no_log: "{{ no_log }}"
+      when: users_result.return_code > 0
+
+  when: create_superuser | bool
 
-- name: Update Django super user password
-  k8s_exec:
-    namespace: "{{ ansible_operator_meta.namespace }}"
-    pod: "{{ awx_web_pod_name }}"
-    container: "{{ ansible_operator_meta.name }}-web"
-    command: awx-manage update_password --username='{{ admin_user }}' --password='{{ admin_password }}'
-  register: result
-  changed_when: "'Password updated' in result.stdout"
-  no_log: "{{ no_log }}"
-  when: users_result.return_code > 0
 
 - name: Check if legacy queue is present
   k8s_exec:

diff --git a/roles/installer/tasks/install.yml b/roles/installer/tasks/install.yml
@@ -61,6 +61,7 @@
 
 - name: Include admin password configuration tasks
   include_tasks: admin_password_configuration.yml
+  when: create_superuser | bool
 
 - name: Include broadcast websocket configuration tasks
   include_tasks: broadcast_websocket_configuration.yml
Original file line number	Diff line number	Diff line change
Expand Up		@@ -496,3 +496,5 @@ nginx_worker_cpu_affinity: 'auto'
		nginx_listen_queue_size: "{{ uwsgi_listen_queue_size }}"

		extra_settings_files: {}

		create_superuser: true