New ROLE Ansible Automation Platform 2.5 (#8976)

* New role * update * New role * update * update * update * fixed yamllint error * fixed yamllint error
redhat-cop · Jan 15, 2025 · 0a6798f · 0a6798f
1 parent 335ebe3
commit 0a6798f
Show file tree

Hide file tree

Showing 13 changed files with 547 additions and 0 deletions.
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_ansible_automation_platform_25/.yamllint b/ansible/roles_ocp_workloads/ocp4_workload_ansible_automation_platform_25/.yamllint
@@ -0,0 +1,13 @@
+---
+extends: default
+
+rules:
+  comments:
+    require-starting-space: false
+    min-spaces-from-content: 1
+  comments-indentation: disable
+  indentation:
+    indent-sequences: consistent
+  line-length:
+    max: 120
+    allow-non-breakable-inline-mappings: true
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_ansible_automation_platform_25/defaults/main.yml b/ansible/roles_ocp_workloads/ocp4_workload_ansible_automation_platform_25/defaults/main.yml
@@ -0,0 +1,62 @@
+---
+become_override: false
+ocp_username: opentlc-mgr
+silent: false
+
+# ---------------------------------------------------------------
+# Operator settings
+# ---------------------------------------------------------------
+ocp4_workload_ansible_automation_platform_project: "aap"
+ocp4_workload_ansible_automation_platform_app_name: "aap"
+ocp4_workload_ansible_automation_platform_operator_name: ansible-automation-platform-operator
+ocp4_workload_ansible_automation_platform_operator_channel: "stable-2.5"
+ocp4_workload_ansible_automation_platform_operator_csv_nameprefix: aap-operator
+ocp4_workload_ansible_automation_platform_operator_catalog: redhat-operators
+ocp4_workload_ansible_automation_platform_starting_csv: ""
+# ocp4_workload_ansible_automation_platform_starting_csv: aap-operator.v2.5.0-0.1729741547
+ocp4_workload_ansible_automation_platform_automatic_install_plan_approval: true
+ocp4_workload_ansible_automation_platform_use_catalog_snapshot: true
+ocp4_workload_ansible_automation_platform_catalogsource_name: "olm-snapshot-redhat-catalog"
+ocp4_workload_ansible_automation_platform_catalog_snapshot_image: "quay.io/gpte-devops-automation/olm_snapshot_redhat_catalog"
+ocp4_workload_ansible_automation_platform_catalog_snapshot_image_tag: "v4.16_2024_11_18"
+
+# ---------------------------------------------------------------
+# For Ansible Automation Platform 2.5
+# ---------------------------------------------------------------
+ocp4_workload_ansible_automation_platform_admin_password: >-
+  {{ common_password | default(aap_controller_admin_password) }}
+ocp4_workload_ansible_automation_platform_disable_controller: false
+ocp4_workload_ansible_automation_platform_disable_eda: false
+ocp4_workload_ansible_automation_platform_disable_hub: true
+ocp4_workload_ansible_automation_platform_disable_lightspeed: true
+
+# ---------------------------------------------------------------
+# Pre-workload settings
+# ---------------------------------------------------------------
+ocp4_workload_ansible_automation_platform_tmp_dir: /tmp/{{ guid }}
+ocp4_workload_ansible_automation_platform_tmp_kubeconfig: >-
+  {{ ocp4_workload_ansible_automation_platform_tmp_dir }}/.kube/config
+
+# ---------------------------------------------------------------
+# OCP bearer token lifecycle
+# ---------------------------------------------------------------
+# The default lifecycle for an OpenShift Container Platform (OCP) bearer token,
+# when used as a credential in Ansible Automation Platform (AAP), is set to 2 weeks.
+ocp4_workload_ansible_automation_platform_ocp_token_lifecycle: 1209600
+
+# ---------------------------------------------------------------
+# Inject Ansible Automation Platform 2.5 Manifest
+# ---------------------------------------------------------------
+ocp4_workload_ansible_automation_platform_inject_manifest: false
+ocp4_workload_ansible_automation_platform_manifest:
+  url: https://example.com/manifest
+  username: jonsnow
+  password: got2023
+
+# ---------------------------------------------------------------
+# EDA Cluster-admin rolebinding
+# ---------------------------------------------------------------
+ocp4_workload_ansible_automation_platform_create_eda_rolebinding: false
+ocp4_workload_ansible_automation_platform_eda_rolebinding_name: eda_default
+ocp4_workload_ansible_automation_platform_service_account: default
+ocp4_workload_ansible_automation_platform_ocp_cluster_role: cluster-admin
diff --git a/...le/roles_ocp_workloads/ocp4_workload_ansible_automation_platform_25/readme.adoc b/...le/roles_ocp_workloads/ocp4_workload_ansible_automation_platform_25/readme.adoc
@@ -0,0 +1,84 @@
+= ocp4_workload_ansible_automation_platform - Ansible Automation Platform Workload Role
+
+== Role overview
+
+Deploys Ansible Automation Platform onto an OpenShift cluster, into a new project or an existing project.
+
+* Automation Controller and Private Automation Hub (PAH)
+* Injects Manifest if provided *and* requested (see below)
+
+Created by: Tony Kay, [email protected]
+Date: 2022-04-18
+
+== Role Returns
+
+This role returns, via agnosticd_user_info (info and data) the following:
+
+[source,yaml]
+----
+aap_controller_web_url: "https://{{ automation_controller_hostname }}"
+aap_controller_admin_user: "{{ ocp4_workload_ansible_automation_platform_admin_username | default('admin') }}"
+aap_controller_admin_password: "{{ ocp4_workload_ansible_automation_platform_admin_password }}"
+----
+
+=== Resources and PriorArt
+
+. link:https://access.redhat.com/documentation/en-us/red_hat_ansible_automation_platform/2.3/html/deploying_the_red_hat_ansible_automation_platform_operator_on_openshift_container_platform/index[Deploying the Red Hat Ansible Automation Platform operator on OpenShift Container Platform]
+.. Especially Chapter 5 - link:https://access.redhat.com/documentation/en-us/red_hat_ansible_automation_platform/2.3/html/deploying_the_red_hat_ansible_automation_platform_operator_on_openshift_container_platform/ansible-automation-platform-operator#installing-the-operator[Installing the Operator]
+.. Note the `oc apply` documented in Chapter 5 will fail, as the Subscription needs time to be created. The `oc apply` command should be run again after a few moments.
+. link:https://github.com/redhat-cop/agnosticd/tree/development/ansible/roles_ocp_workloads/ocp4_workload_lpe_automation_controller[Agnosticd LPE role]
+. link:https://gitlab.com/ansible-ssa/role-aap-operator[Ansible SSA AAP Operator role]
+.. Very comprehensive
+
+== Review the defaults variable file
+
+* This file link:./defaults/main.yml[./defaults/main.yml] contains all the variables you need to define to control the deployment of your workload.
+* A variable *silent=True* can be passed to suppress debug messages.
+* You can modify any of these default values by adding `-e "variable_name=variable_value"` to the command line
+
+
+=== Providing and Injecting a Manifest
+
+By default *no* Manifest is injected. To inject a manifest, you need to provide the following variables:
+
+[source,yaml]
+----
+ocp4_workload_ansible_automation_platform_manifest:
+  inject: true
+  url: https://example.com/manifest <1>
+  username: <USER> <2>
+  password: <PASSWORD> <3>
+----
+
+. Valid Automation Controller Manifest file
+. username - username for an external authentication eg external CDN via htpasswd etc
+. password - password for an external authentication eg external CDN via htpasswd etc
+
+
+=== Deploy a Workload with the `ocp-workload` playbook [Mostly for testing]
+
+. Authenticate to the cluster e.g. `oc login ...`
+. Run a playbook calling the `ocp4_workload_ansible_automation_platform` role
+
+.Sample Playbook
+[source,yaml]
+----
+---
+
+- name: Test ocp4_workload_ansible_automation_platform role
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  become: false
+  vars:
+    ACTION: create
+    ocp4_workload_ansible_automation_platform_admin_password: <DESIRED_PASSWORD>
+
+  roles:
+
+    - ocp4_workload_ansible_automation_platform
+----
+
+=== To Delete an environment
+
+Simply call the above playbook with `ACTION: remove`
diff --git a/...oles_ocp_workloads/ocp4_workload_ansible_automation_platform_25/tasks/inject_manifest.yml b/...oles_ocp_workloads/ocp4_workload_ansible_automation_platform_25/tasks/inject_manifest.yml
@@ -0,0 +1,25 @@
+---
+
+- name: Fetch Automation Controller manifest file
+  ansible.builtin.get_url:
+    url: https://d3s3zqyaz8cp2d.cloudfront.net/aap/manifest.zip
+    dest: /tmp/aap-manifest.zip
+    username: "{{ ocp4_workload_ansible_automation_platform_manifest.username | default(omit) }}"
+    password: "{{ ocp4_workload_ansible_automation_platform_manifest.password | default(omit) }}"
+
+- name: Inject AAP2 Controller manifest
+  ansible.controller.license:
+    manifest: /tmp/aap-manifest.zip
+    controller_host: "{{ automation_controller_hostname }}"
+    controller_username: admin
+    controller_password: "{{ ocp4_workload_ansible_automation_platform_admin_password }}"
+    validate_certs: true
+  register: r_aap_license
+  until: not r_aap_license.failed
+  retries: 30
+  delay: 30
+
+- name: Remove AAP manifest
+  ansible.builtin.file:
+    path: /tmp/aap-manifest.zip
+    state: absent
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_ansible_automation_platform_25/tasks/main.yml b/ansible/roles_ocp_workloads/ocp4_workload_ansible_automation_platform_25/tasks/main.yml
@@ -0,0 +1,31 @@
+---
+
+# Do not modify this file
+
+- name: Running Pre Workload Tasks
+  when: ACTION in ('create', 'provision')
+  ansible.builtin.include_tasks:
+    file: ./pre_workload.yml
+    apply:
+      become: "{{ become_override | bool }}"
+
+- name: Running Workload Tasks
+  when: ACTION in ('create', 'provision')
+  ansible.builtin.include_tasks:
+    file: ./workload.yml
+    apply:
+      become: "{{ become_override | bool }}"
+
+- name: Running Post Workload Tasks
+  when: ACTION in ('create', 'provision')
+  ansible.builtin.include_tasks:
+    file: ./post_workload.yml
+    apply:
+      become: "{{ become_override | bool }}"
+
+- name: Running Workload removal Tasks
+  when: ACTION in ('destroy', 'remove')
+  ansible.builtin.include_tasks:
+    file: ./remove_workload.yml
+    apply:
+      become: "{{ become_override | bool }}"
diff --git a/.../roles_ocp_workloads/ocp4_workload_ansible_automation_platform_25/tasks/post_workload.yml b/.../roles_ocp_workloads/ocp4_workload_ansible_automation_platform_25/tasks/post_workload.yml
@@ -0,0 +1,31 @@
+---
+# Implement your Post Workload deployment tasks here
+
+- name: Remove temp kube config
+  ansible.builtin.file:
+    path: "{{ ocp4_workload_ansible_automation_platform_tmp_kubeconfig }}"
+    state: absent
+
+# Leave these as the last tasks in the playbook
+
+# For deployment onto a dedicated cluster (as part of the
+# cluster deployment) set workload_shared_deployment to False
+# This is the default so it does not have to be set explicitely
+
+- name: post_workload tasks complete
+  when:
+    - not silent | bool
+    - not workload_shared_deployment | default(false) | bool
+  ansible.builtin.debug:
+    msg: "Post-Workload tasks completed successfully."
+
+# For RHPDS deployment (onto a shared cluster) set
+# workload_shared_deployment to True
+# (in the deploy script or AgnosticV configuration)
+
+- name: post_workload tasks complete
+  when:
+    - not silent | bool
+    - workload_shared_deployment | default(false) | bool
+  ansible.builtin.debug:
+    msg: "Post-Software checks completed successfully"
diff --git a/...e/roles_ocp_workloads/ocp4_workload_ansible_automation_platform_25/tasks/pre_workload.yml b/...e/roles_ocp_workloads/ocp4_workload_ansible_automation_platform_25/tasks/pre_workload.yml
@@ -0,0 +1,46 @@
+---
+# Implement your Pre Workload deployment tasks here
+
+- name: Ensure directory exists
+  ansible.builtin.file:
+    path: "{{ ocp4_workload_ansible_automation_platform_tmp_dir }}"
+    state: directory
+
+- name: Copy .kube/config and set env var
+  ansible.builtin.copy:
+    src: ~/.kube
+    dest: "{{ ocp4_workload_ansible_automation_platform_tmp_dir }}"
+    remote_src: true
+
+- name: Get .kube/config content
+  ansible.builtin.slurp:
+    path: ~/.kube/config
+  register: r_kube_config
+
+- name: .kube/config base64 content
+  ansible.builtin.set_fact:
+    ocp4_workload_ansible_automation_platform_kubeconfig: "{{ r_kube_config.content }}"
+
+# Leave these as the last tasks in the playbook
+
+# For deployment onto a dedicated cluster (as part of the
+# cluster deployment) set workload_shared_deployment to False
+# This is the default so it does not have to be set explicitely
+
+- name: pre_workload tasks complete
+  when:
+    - not silent | bool
+    - not workload_shared_deployment | default(false) | bool
+  ansible.builtin.debug:
+    msg: "Pre-Workload tasks completed successfully."
+
+# For RHPDS deployment (onto a shared cluster) set
+# workload_shared_deployment to True
+# (in the deploy script or AgnosticV configuration)
+
+- name: pre_workload tasks complete
+  when:
+    - not silent | bool
+    - workload_shared_deployment | default(false) | bool
+  ansible.builtin.debug:
+    msg: "Pre-Software checks completed successfully"
diff --git a/...oles_ocp_workloads/ocp4_workload_ansible_automation_platform_25/tasks/remove_workload.yml b/...oles_ocp_workloads/ocp4_workload_ansible_automation_platform_25/tasks/remove_workload.yml
@@ -0,0 +1,36 @@
+---
+# ocp4_workload_ansible_automation_platform_hostname:  # LEAVE EMPTY AS IT'S CALCULATED IN THE ROLE
+# Implement your Workload removal tasks here
+
+- name: Ensure directory exists
+  ansible.builtin.file:
+    path: "{{ ocp4_workload_ansible_automation_platform_tmp_dir }}"
+    state: directory
+
+- name: Copy .kube/config and set env var
+  ansible.builtin.copy:
+    src: ~/.kube
+    dest: "{{ ocp4_workload_ansible_automation_platform_tmp_dir }}"
+    remote_src: true
+
+- name: Set environment vars
+  environment:
+    KUBECONFIG: "{{ ocp4_workload_ansible_automation_platform_tmp_kubeconfig }}"
+  block:
+
+    - name: Create OpenShift objects for workload
+      kubernetes.core.k8s:
+        state: absent
+        definition: "{{ lookup('template', 'namespace.j2') }}"
+
+- name: Remove temp kube config
+  ansible.builtin.file:
+    path: "{{ ocp4_workload_ansible_automation_platform_tmp_dir }}"
+    state: absent
+
+# Leave this as the last task in the playbook.
+
+- name: remove_workload tasks complete
+  when: not silent | bool
+  ansible.builtin.debug:
+    msg: "Remove Workload tasks completed successfully."