Merge branch 'main' into jce/ansible-cfg

Update collection and role paths in ansible.cfg
2025-05-05 11:11:39 -06:00 · 2025-05-01 17:57:31 -04:00 · 2025-03-19 16:52:58 -04:00
24 changed files with 243 additions and 282 deletions
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -1,16 +1,10 @@
 ---
 profile: production
-offline: true
+offline: false
 skip_list:
  - "galaxy[no-changelog]"
 warn_list:
  # seems to be a bug, see https://github.com/ansible/ansible-lint/issues/4172
  - "fqcn[canonical]"
  # @matferna: really not sure why lint thinks it can't find jmespath, it is installed and functional
  - "jinja[invalid]"
 exclude_paths:
  # would be better to move the roles here to the top-level roles directory
  - collections/ansible_collections/demo/compliance/roles/
--- a/.github/workflows/README.md
+++ b/.github/workflows/README.md
@@ -1,25 +0,0 @@
 # GitHub Actions
 ## Background
 We want to make attempts to run our integration tests in the same manner wether using GitHub actions or on a developers's machine locally. For this reason, the tests are curated to run using container images. As of this writing, two images exist which we would like to test against:
  - quay.io/ansible-product-demos/apd-ee-24:latest
  - quay.io/ansible-product-demos/apd-ee-25:latest
 These images are built given the structure defined in their respective EE [definitions][../execution_environments]. Because they differ (mainly due to their python versions), each gets some special handling.
 ## Troubleshooting GitHub Actions
 ### Interactive
 It is likely the most straight-forward approach to interactively debug issues. The following podman command can be run from the project root directory to replicate the GitHub action:
 ```
 podman run \
           --user root  \
           -v $(pwd):/runner:Z \
           -it \
           <image> \
           /bin/bash
 ```
 `<image>` is one of `quay.io/ansible-product-demos/apd-ee-25:latest`, `quay.io/ansible-product-demos/apd-ee-24:latest`
 It is not exact because GitHub seems to run closer to a sidecar container paradigm, and uses docker instead of podman, but hopefully it's close enough.
 For the 24 EE, the python interpreriter verions is set for our pre-commit script like so: `USE_PYTHON=python3.9 ./.github/workflows/run-pc.sh`
 The 25 EE is similary run but without the need for this variable: `./.github/workflows/run-pc.sh`
--- a/.github/workflows/pre-commit.yml
+++ b/.github/workflows/pre-commit.yml
@@ -4,23 +4,17 @@ on:
 - push
 - pull_request_target
-jobs:
+env:
-  pre-commit-25:
+  ANSIBLE_GALAXY_SERVER_CERTIFIED_TOKEN: ${{ secrets.ANSIBLE_GALAXY_SERVER_CERTIFIED_TOKEN }}
-    container:
+  ANSIBLE_GALAXY_SERVER_VALIDATED_TOKEN: ${{ secrets.ANSIBLE_GALAXY_SERVER_VALIDATED_TOKEN }}
      image: quay.io/ansible-product-demos/apd-ee-25
      options: --user root
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    - run: ./.github/workflows/run-pc.sh
      shell: bash
  pre-commit-24:
    container:
      image: quay.io/ansible-product-demos/apd-ee-24
      options: --user root
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    - run: USE_PYTHON=python3.9 ./.github/workflows/run-pc.sh
      shell: bash
 jobs:
  pre-commit:
    name: pre-commit
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    - uses: actions/setup-python@v5
    - uses: pre-commit/action@v3.0.1
 ...
--- a/.github/workflows/run-pc.sh
+++ b/.github/workflows/run-pc.sh
@@ -1,24 +0,0 @@
 #!/bin/bash -x
 dnf install git-lfs -y
 PYTHON_VARIANT="${USE_PYTHON:-python3.11}"
 PATH="$PATH:$HOME/.local/bin"
 # intsall pip
 eval "${PYTHON_VARIANT} -m pip install --user --upgrade pip"
 # try to fix 2.4 incompatibility 
 eval "${PYTHON_VARIANT} -m pip install --user --upgrade setuptools wheel twine check-wheel-contents"
 # intsall pre-commit
 eval "${PYTHON_VARIANT} -m pip install --user pre-commit"
 # view pip packages
 eval "${PYTHON_VARIANT} -m pip freeze --local"
 # fix permissions on directory
 git config --global --add safe.directory $(pwd)
 # run pre-commit
 pre-commit run --config $(pwd)/.pre-commit-gh.yml --show-diff-on-failure --color=always 
--- a/.gitignore
+++ b/.gitignore
@@ -13,4 +13,3 @@ roles/*
 .cache/
 .ansible/
 **/tmp/
 execution_environments/context/
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -14,12 +14,13 @@ repos:
      - id: check-json
      - id: check-symlinks
-  - repo: local
+  - repo: https://github.com/ansible/ansible-lint.git
    # get latest release tag from https://github.com/ansible/ansible-lint/releases/
    rev: v6.20.3
    hooks:
      - id: ansible-lint
-        name: ansible-navigator lint --eei quay.io/ansible-product-demos/apd-ee-25:latest --mode stdout
+        additional_dependencies:
-        language: python
+          - jmespath
        entry: bash -c "ansible-navigator lint --eei quay.io/ansible-product-demos/apd-ee-25 -v --force-color --mode stdout"
  - repo: https://github.com/psf/black-pre-commit-mirror
    rev: 23.11.0
--- a/.pre-commit-gh.yml
+++ b/.pre-commit-gh.yml
@@ -1,30 +0,0 @@
 ---
 repos:
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v4.4.0
    hooks:
      - id: trailing-whitespace
        exclude: rhel[89]STIG/.*$
      - id: check-yaml
        exclude: \.j2.(yaml|yml)$|\.(yaml|yml).j2$
        args: [--unsafe]   # see https://github.com/pre-commit/pre-commit-hooks/issues/273
      - id: check-toml
      - id: check-json
      - id: check-symlinks
  - repo: https://github.com/ansible/ansible-lint.git
    # get latest release tag from https://github.com/ansible/ansible-lint/releases/
    rev: v6.20.3
    hooks:
      - id: ansible-lint
        additional_dependencies:
          - jmespath
  - repo: https://github.com/psf/black-pre-commit-mirror
    rev: 23.11.0
    hooks:
      - id: black
        exclude: rhel[89]STIG/.*$
 ...
--- a/README.md
+++ b/README.md
@@ -1,9 +1,10 @@
-[![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white)](https://github.com/pre-commit/pre-commit)
+[![Lab](https://img.shields.io/badge/Try%20Me-EE0000?style=for-the-badge&logo=redhat&logoColor=white)](https://red.ht/aap-product-demos)
 [![Dev Spaces](https://img.shields.io/badge/Customize%20Here-0078d7.svg?style=for-the-badge&logo=visual-studio-code&logoColor=white)](https://workspaces.openshift.com/f?url=https://github.com/ansible/product-demos)
 [![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white)](https://github.com/pre-commit/pre-commit)
-# APD - Ansible Product Demos
+# Official Ansible Product Demos
-The Ansible Product Demos (APD) project is a set of Ansible demos that are deployed using [Red Hat Ansible Automation Platform](https://www.redhat.com/en/technologies/management/ansible).  It uses configuraton-as-code to create AAP resources such as projects, templates, and credentials that form the basis for demonstrating automation use cases in several technology domains:
+This is a centralized location for Ansible Product Demos. This project is a collection of use cases implemented with Ansible for use with the [Ansible Automation Platform](https://www.redhat.com/en/technologies/management/ansible).
 | Demo Name | Description |
 |-----------|-------------|
@@ -14,21 +15,54 @@ The Ansible Product Demos (APD) project is a set of Ansible demos that are deplo
 | [OpenShift](openshift/README.md) | OpenShift automation demos |
 | [Satellite](satellite/README.md) | Demos of automation with Red Hat Satellite Server |
 ## Contributions
 If you would like to contribute to this project please refer to [contribution guide](CONTRIBUTING.md) for best practices.
 ## Using this project
-Use the [APD bootstrap](https://github.com/ansible/product-demos-bootstrap) repo to add APD to an existing Ansible Automation Platform deployment.  The bootstrap repo provides the initial manual prerequisite steps as well as a playbook for adding APD to the existing deployment.
+This project is tested for compatibility with the [demo.redhat.com Ansible Product Demos](https://demo.redhat.com/catalog?search=product+demos&item=babylon-catalog-prod%2Fopenshift-cnv.aap-product-demos-cnv.prod) lab environment. To use with other Ansible Automation Platform installations, review the [prerequisite documentation](https://github.com/ansible/product-demos-bootstrap).
-For Red Hat associates and partners, there is an Ansible Product Demos catalog item [available on demo.redhat.com](https://red.ht/apd-sandbox) (account required).
+> NOTE: demo.redhat.com is available to Red Hat Associates and Partners with a valid account.
 1. First you must create a credential for [Automation Hub](https://console.redhat.com/ansible/automation-hub/) to successfully sync collections used by this project.
   1. In the Credentials section of the Controller UI, add a new Credential called `Automation Hub` with the type `Ansible Galaxy/Automation Hub API Token`
   2. You can obtain a token [here](https://console.redhat.com/ansible/automation-hub/token). This page will also provide the Server URL and Auth Server URL.
   3. Next, click on Organizations and edit the `Default` organization. Add your `Automation Hub` credential to the `Galaxy Credentials` section. Don't forget to click **Save**!!
      > You can also use an execution environment for disconnected environments. To do this, you must disable collection downloads in the Controller. This can be done in `Settings` > `Job Settings`. This setting prevents the controller from downloading collections listed in the [collections/requirements.yml](collections/requirements.yml) file.
 2. If it is not already created for you, add an Execution Environment called `product-demos`
     - Name: product-demos
     - Image: quay.io/acme_corp/product-demos-ee:latest
     - Pull: Only pull the image if not present before running
 3. If it is not already created for you, create a Project called `Ansible Product Demos` with this repo as a source. NOTE: if you are using a fork, be sure that you have the correct URL. Update the project.
 4. Finally, Create a Job Template called `Setup` with the following configuration:
     - Name: Setup
     - Inventory: Demo Inventory
     - Exec Env: product-demos
     - Playbook: setup_demo.yml
     - Credentials:
        - Type: Red Hat Ansible Automation Platform
        - Name: Controller Credential
     - Extra vars:
            demo: <linux or windows or cloud or network>
 ## Bring Your Own Demo
 Can't find what you're looking for? Customize this repo to make it your own.
 1. Create a fork of this repo.
-2. Update the URL of the `Ansible Project Demos` project your Ansible Automation Platform controller.
+2. Update the URL of the `Ansible Project Demos` in the Controller.
-3. Make changes to your fork as needed and run the **Product Demos | Single demo setup** job
+3. Make changes as needed and run the **Product Demos | Single demo setup** job
-See the [contributing guide](CONTRIBUTING.md) for more details on how to customize the project.
+See the [contribution guide](CONTRIBUTING.md) for more details on how to customize the project.
 ---
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -1,6 +1,6 @@
 [defaults]
 collections_path=./collections:/usr/share/ansible/collections
-roles_path=./roles
+roles_path=./roles:/usr/share/ansible/roles
 [galaxy]
 server_list = certified,validated,galaxy
--- a/common/setup.yml
+++ b/common/setup.yml
@@ -44,13 +44,14 @@ controller_inventory_sources:
        - tag:Name
      compose:
        ansible_host: public_ip_address
-        ansible_user: ec2-user
+        ansible_user: 'ec2-user'
      groups:
        cloud_aws: true
-        os_linux: "platform_details == 'Red Hat Enterprise Linux'"
+        os_linux: tags.blueprint.startswith('rhel')
-        os_windows: "platform_details == 'Windows'"
+        os_windows: tags.blueprint.startswith('win')
      keyed_groups:
        - key: platform
          prefix: os
        - key: tags.blueprint
          prefix: blueprint
        - key: tags.owner
@@ -61,7 +62,6 @@ controller_inventory_sources:
          prefix: deployment
        - key: tags.Compliance
          separator: ''
 controller_groups:
  - name: cloud_aws
    inventory: Demo Inventory
--- a/execution_environments/.gitattributes
+++ b/execution_environments/.gitattributes
@@ -0,0 +1 @@
 openshift-clients-4.16.0-202408021139.p0.ge8fb3c0.assembly.stream.el9.x86_64.rpm filter=lfs diff=lfs merge=lfs -text
--- a/execution_environments/README.md
+++ b/execution_environments/README.md
@@ -1,16 +1,17 @@
 # Execution Environment Images for Ansible Product Demos
-When the Ansible Product Demos setup job template is run, it creates a number of execution environment definitions on the automation controller.  The content of this directory is used to create and update the default APD execution environment images defined during the setup process, [quay.io/ansible-product-demos/apd-ee-25](quay.io/ansible-product-demos/apd-ee-25).
+When the Ansible Product Demos setup job template is run, it creates a number of execution environment definitions on the automation controller.  The content of this directory is used to create and update the default execution environment images defined during the setup process.
-Currently the execution environment image is created manually using the `build.sh` script, with a future goal of building in a CI pipeline when the EE definition or requirements are updated.
+Currently these execution environment images are created manually using the `build.sh` script, with a future goal of building in a CI pipeline when any EE definitions or requirements are updated.
 ## Building the execution environment images
 1. `podman login registry.redhat.io` in order to pull the base EE images
 2. `export ANSIBLE_GALAXY_SERVER_CERTIFIED_TOKEN="<token>"` obtained from [Automation Hub](https://console.redhat.com/ansible/automation-hub/token)
-3. `export ANSIBLE_GALAXY_SERVER_VALIDATED_TOKEN="<token>"` (same token as above)
+3. `export ANSIBLE_GALAXY_SERVER_VALIDATED_TOKEN="<token>"` (same as above)
-4. `./build.sh` to build the EE image
+4. `./build.sh` to build the EE images and add them to your local podman image cache
-The `build.sh` script creates a multi-architecture EE image for the amd64 (x86_64) and arm64 (aarch64) platforms.  It does so by creating the build context using `ansible-builder create`, then creating a podman manifest definition and building an EE image for each supported platform.
+The `build.sh` script creates multiple EE images, each based on the ee-minimal image that comes with a different minor version of AAP.  These images are created in the "quay.io/ansible-product-demos" namespace.  Currently the script builds the following images:
-NOTE: Podman will use qemu to emulate the non-native architecture at build time, so the build must be performed on a system which includes the qemu-user-static package.  Builds have only been tested on MacOS using podman-desktop with the native Fedora-based podman machine.
+* quay.io/ansible-product-demos/apd-ee-24
 * quay.io/ansible-product-demos/apd-ee-25
--- a/execution_environments/apd-ee-24.yml
+++ b/execution_environments/apd-ee-24.yml
@@ -0,0 +1,32 @@
 ---
 version: 3
 images:
  base_image:
    name: registry.redhat.io/ansible-automation-platform-24/ee-minimal-rhel9:latest
 dependencies:
  galaxy: requirements.yml
 additional_build_files:
  # https://access.redhat.com/solutions/7024259
  # download from access.redhat.com -> Downloads -> OpenShift Container Platform -> Packages
  - src: openshift-clients-4.16.0-202408021139.p0.ge8fb3c0.assembly.stream.el9.x86_64.rpm
    dest: rpms
  - src: ansible.cfg
    dest: configs
 options:
  package_manager_path: /usr/bin/microdnf
 additional_build_steps:
  prepend_base:
    - RUN $PYCMD -m pip install --upgrade pip setuptools
    - COPY _build/rpms/openshift-clients*.rpm /tmp/openshift-clients.rpm
    - RUN $PKGMGR -y update && $PKGMGR -y install bash-completion && $PKGMGR clean all
    - RUN rpm -ivh /tmp/openshift-clients.rpm && rm /tmp/openshift-clients.rpm
  prepend_galaxy:
    - ADD _build/configs/ansible.cfg /etc/ansible/ansible.cfg
    - ARG ANSIBLE_GALAXY_SERVER_CERTIFIED_TOKEN
    - ARG ANSIBLE_GALAXY_SERVER_VALIDATED_TOKEN
 ...
--- a/execution_environments/apd-ee-25.yml
+++ b/execution_environments/apd-ee-25.yml
@@ -4,7 +4,7 @@ images:
  base_image:
    name: registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel9:latest
 dependencies:
-  galaxy: requirements.yml
+  galaxy: requirements-25.yml
  system:
    - python3.11-devel [platform:rpm]
  python:
@@ -13,6 +13,10 @@ dependencies:
    python_path: /usr/bin/python3.11
 additional_build_files:
  # https://access.redhat.com/solutions/7024259
  # download from access.redhat.com -> Downloads -> OpenShift Container Platform -> Packages
  - src: openshift-clients-4.16.0-202408021139.p0.ge8fb3c0.assembly.stream.el9.x86_64.rpm
    dest: rpms
  - src: ansible.cfg
    dest: configs
@@ -21,17 +25,16 @@ options:
 additional_build_steps:
  prepend_base:
-    - ARG OPENSHIFT_CLIENT_RPM
+    # AgnosticD can use this to deterine it is running from an EE
    # see https://github.com/redhat-cop/agnosticd/blob/development/ansible/install_galaxy_roles.yml
    - ENV LAUNCHED_BY_RUNNER=1
    - RUN $PYCMD -m pip install --upgrade pip setuptools
    - COPY _build/rpms/openshift-clients*.rpm /tmp/openshift-clients.rpm
    - RUN $PKGMGR -y update && $PKGMGR -y install bash-completion && $PKGMGR clean all
-    # microdnf doesn't support URL or local file paths to RPMs, use rpm as a workaround
+    - RUN rpm -ivh /tmp/openshift-clients.rpm && rm /tmp/openshift-clients.rpm
    - RUN curl -o /tmp/openshift-clients.rpm $OPENSHIFT_CLIENT_RPM && rpm -Uvh /tmp/openshift-clients.rpm && rm -f /tmp/openshift-clients.rpm
  prepend_galaxy:
    - ADD _build/configs/ansible.cfg /etc/ansible/ansible.cfg
    - ARG ANSIBLE_GALAXY_SERVER_CERTIFIED_TOKEN
    - ARG ANSIBLE_GALAXY_SERVER_VALIDATED_TOKEN
  append_final:
    - RUN curl -o /etc/yum.repos.d/hasicorp.repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo &&
      microdnf install -y terraform
 ...
--- a/execution_environments/build.sh
+++ b/execution_environments/build.sh
@@ -1,61 +1,29 @@
 #!/bin/bash
-if [[ -z $ANSIBLE_GALAXY_SERVER_CERTIFIED_TOKEN || -z $ANSIBLE_GALAXY_SERVER_VALIDATED_TOKEN ]]
+# array of images to build
-then
+ee_images=(
-    echo "A valid Automation Hub token is required, Set the following environment variables before continuing"
+    "apd-ee-24"
-    echo "export ANSIBLE_GALAXY_SERVER_CERTIFIED_TOKEN=<token>"
+    "apd-ee-25"
-    echo "export ANSIBLE_GALAXY_SERVER_VALIDATED_TOKEN=<token>"
+)
    exit 1
 fi
-# log in to pull the base EE image
+for ee in "${ee_images[@]}"
 if ! podman login --get-login registry.redhat.io > /dev/null
 then
    echo "Run 'podman login registry.redhat.io' before continuing"
    exit 1
 fi
 # create EE definition
 rm -rf ./context/*
 ansible-builder create \
    --file apd-ee-25.yml \
    --context ./context \
    -v 3 | tee ansible-builder.log
 # remove existing manifest if present
 _tag=$(date +%Y%m%d)
 podman manifest rm quay.io/ansible-product-demos/apd-ee-25:${_tag}
 # create manifest for EE image
 podman manifest create quay.io/ansible-product-demos/apd-ee-25:${_tag}
 # for the openshift-clients RPM, microdnf doesn't support URL-based installs
 # and HTTP doesn't support file globs for GETs, use multiple steps to determine
 # the correct RPM URL for each machine architecture
 for arch in amd64 arm64
 do
-    _baseurl=https://mirror.openshift.com/pub/openshift-v4/${arch}/dependencies/rpms/4.18-el9-beta/
+    echo "Building EE image ${ee}"
    _rpm=$(curl -s ${_baseurl} | grep openshift-clients-4 | grep href | cut -d\" -f2)
-    # build EE for multiple architectures from the EE context
+    # build EE image
-    pushd ./context/ > /dev/null
+    ansible-builder build \
-    podman build --platform linux/${arch} \
+        --file ${ee}.yml \
-      --build-arg ANSIBLE_GALAXY_SERVER_CERTIFIED_TOKEN \
+        --context ./ee_contexts/${ee} \
-      --build-arg ANSIBLE_GALAXY_SERVER_VALIDATED_TOKEN \
+        --build-arg ANSIBLE_GALAXY_SERVER_CERTIFIED_TOKEN \
-      --build-arg OPENSHIFT_CLIENT_RPM="${_baseurl}${_rpm}" \
+        --build-arg ANSIBLE_GALAXY_SERVER_VALIDATED_TOKEN \
-      --manifest quay.io/ansible-product-demos/apd-ee-25:${_tag} . \
+        -v 3 \
-      | tee podman-build-${arch}.log
+        -t quay.io/ansible-product-demos/${ee}:$(date +%Y%m%d)
-    popd > /dev/null
+
    if [[ $? == 0 ]]
    then
        # tag EE image as latest
        podman tag \
            quay.io/ansible-product-demos/${ee}:$(date +%Y%m%d) \
            quay.io/ansible-product-demos/${ee}:latest
    fi
 done
 # inspect manifest content
 #podman manifest inspect quay.io/ansible-product-demos/apd-ee-25:${_tag}
 # tag manifest as latest
 #podman tag quay.io/ansible-product-demos/apd-ee-25:${_tag} quay.io/ansible-product-demos/apd-ee-25:latest
 # push all manifest content to repository
 # using --all is important here, it pushes all content and not
 # just the native platform content
 #podman manifest push --all quay.io/ansible-product-demos/apd-ee-25:${_tag}
 #podman manifest push --all quay.io/ansible-product-demos/apd-ee-25:latest
--- a/execution_environments/openshift-clients-4.16.0-202408021139.p0.ge8fb3c0.assembly.stream.el9.x86_64.rpm
+++ b/execution_environments/openshift-clients-4.16.0-202408021139.p0.ge8fb3c0.assembly.stream.el9.x86_64.rpm
@@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:f637eb0440f14f1458800c7a9012adcb9b58eb2131c02f64dfa4ca515e182093
 size 54960859
--- a/execution_environments/requirements-25.yml
+++ b/execution_environments/requirements-25.yml
@@ -0,0 +1,77 @@
 ---
 collections:
  # AAP config as code
  - name: ansible.controller
    version: ">=4.6.0"
  # TODO this fails trying to install a different version of
  # the python-systemd package
  # - name: ansible.eda  # fails trying to install systemd-python package
  #   version: ">=2.1.0"
  - name: ansible.hub
    version: ">=1.0.0"
  - name: ansible.platform
    version: ">=2.5.0"
  - name: infra.ah_configuration
    version: ">=2.0.6"
  - name: infra.controller_configuration
    version: ">=2.11.0"
  # linux demos
  - name: ansible.posix
    version: ">=1.5.4"
  - name: community.general
    version: ">=8.0.0"
  - name: containers.podman
    version: ">=1.12.1"
  - name: redhat.insights
    version: ">=1.2.2"
  - name: redhat.rhel_system_roles
    version: ">=1.23.0"
  # windows demos
  - name: microsoft.ad
    version: "1.9"
  - name: ansible.windows
    version: ">=2.3.0"
  - name: chocolatey.chocolatey
    version: ">=1.5.1"
  - name: community.windows
    version: ">=2.2.0"
  # cloud demos
  - name: amazon.aws
    version: ">=7.5.0"
  # satellite demos
  - name: redhat.satellite
    version: ">=4.0.0"
  # network demos
  - name: ansible.netcommon
    version: ">=6.0.0"
  - name: cisco.ios
    version: ">=7.0.0"
  - name: cisco.iosxr
    version: ">=8.0.0"
  - name: cisco.nxos
    version: ">=7.0.0"
  - name: network.backup
    version: ">=3.0.0"
  # TODO on 2.5 ee-minimal-rhel9 this tries to build and install
  # a different version of python netifaces, which fails
  # - name: infoblox.nios_modules
  #   version: ">=1.6.1"
  # openshift demos
  - name: kubernetes.core
    version: ">=4.0.0"
  - name: redhat.openshift
    version: ">=3.0.1"
  - name: redhat.openshift_virtualization
    version: ">=1.4.0"
  # for RHDP
  - name: ansible.utils
    version: ">=5.1.0"
  - name: kubevirt.core
    version: ">=2.1.0"
  - name: community.okd
    version: ">=4.0.0"
  - name: https://github.com/rhpds/assisted_installer.git
    type: git
    version: "v0.0.1"
 ...
--- a/execution_environments/requirements.yml
+++ b/execution_environments/requirements.yml
@@ -1,21 +1,14 @@
 ---
 collections:
  # AAP config as code
  - name: ansible.controller
-    version: ">=4.6.0"
+    version: "<4.6.0"
  # TODO this fails trying to install a different version of
  # the python-systemd package
  # - name: ansible.eda  # fails trying to install systemd-python package
  #   version: ">=2.1.0"
  - name: ansible.hub
    version: ">=1.0.0"
  - name: ansible.platform
    version: ">=2.5.0"
  - name: infra.ah_configuration
    version: ">=2.0.6"
  - name: infra.controller_configuration
-    version: ">=2.11.0"
+    version: ">=2.9.0"
-  # linux demos
+  - name: redhat_cop.controller_configuration
    version: ">=2.3.1"
  # linux
  - name: ansible.posix
    version: ">=1.5.4"
  - name: community.general
@@ -26,7 +19,7 @@ collections:
    version: ">=1.2.2"
  - name: redhat.rhel_system_roles
    version: ">=1.23.0"
-  # windows demos
+  # windows
  - name: microsoft.ad
    version: "1.9"
  - name: ansible.windows
@@ -35,13 +28,13 @@ collections:
    version: ">=1.5.1"
  - name: community.windows
    version: ">=2.2.0"
-  # cloud demos
+  # cloud
  - name: amazon.aws
    version: ">=7.5.0"
-  # satellite demos
+  # satellite
  - name: redhat.satellite
    version: ">=4.0.0"
-  # network demos
+  # network
  - name: ansible.netcommon
    version: ">=6.0.0"
  - name: cisco.ios
@@ -50,20 +43,12 @@ collections:
    version: ">=8.0.0"
  - name: cisco.nxos
    version: ">=7.0.0"
-  - name: network.backup
+  - name: infoblox.nios_modules
-    version: ">=3.0.0"
+    version: ">=1.6.1"
-  # TODO on 2.5 ee-minimal-rhel9 this tries to build and install
+  # openshift
  # a different version of python netifaces, which fails
  # - name: infoblox.nios_modules
  #   version: ">=1.6.1"
  # openshift demos
  - name: ansible.utils
    version: ">=6.0.0"
  - name: kubernetes.core
    version: ">=4.0.0"
  - name: redhat.openshift
    version: ">=3.0.1"
  - name: redhat.openshift_virtualization
    version: ">=1.4.0"
 ...
--- a/linux/multi_profile_compliance_report.yml
+++ b/linux/multi_profile_compliance_report.yml
@@ -52,9 +52,7 @@
            state: enabled
            immediate: true
            permanent: true
-          when:
+          when: "'firewalld.service' in ansible_facts.services"
            - "'firewalld.service' in ansible_facts.services"
            - ansible_facts.services["firewalld.service"].state == "running"
        - name: Disable httpd welcome page
          ansible.builtin.file:
--- a/openshift/setup.yml
+++ b/openshift/setup.yml
@@ -245,34 +245,6 @@ controller_templates:
      - "OpenShift Credential"
 controller_workflows:
  - name: OpenShift / CNV / Sync Hosts
    description: A workflow to update dynamic CNV inventory and wait for hosts to become avilable
    organization: Default
    notification_templates_started: Telemetry
    notification_templates_success: Telemetry
    notification_templates_error: Telemetry
    survey_enabled: true
    survey:
      name: ''
      description: ''
      spec:
        - question_name: Specify target hosts
          type: text
          variable: _hosts
          required: true
          default: "openshift-cnv-rhel*"
    simplified_workflow_nodes:
      - identifier: Inventory Sync
        unified_job_template: OpenShift CNV Inventory
        success_nodes:
          - Wait Hosts
      - identifier: Wait Hosts
        unified_job_template: OpenShift / CNV / Wait Hosts
        failure_nodes:
          - Second Inventory Sync
      - identifier: Second Inventory Sync
        unified_job_template: OpenShift CNV Inventory
  - name: OpenShift / CNV / Infra Stack
    description: A workflow to deploy Virtualized infra in OCP Virtalization
    organization: Default
@@ -348,15 +320,15 @@ controller_workflows:
        success_nodes:
          - Patch Instance
      # We need to do an invnetory sync *after* creating snapshots, as turning VMs on/off changes their IP
-      - identifier: Sync Hosts
+      - identifier: Inventory Sync
-        unified_job_template: OpenShift / CNV / Sync Hosts
+        unified_job_template: OpenShift CNV Inventory
        success_nodes:
          - Patch Instance
      - identifier: Take Snapshot
        unified_job_template: OpenShift / CNV / Create VM Snapshots
        success_nodes:
          - Project Sync
-          - Sync Hosts
+          - Inventory Sync
      - identifier: Patch Instance
        unified_job_template: OpenShift / CNV / Patch
        job_type: run
--- a/roles/requirements.yml
+++ b/roles/requirements.yml
@@ -2,65 +2,45 @@
 roles:
  # RHEL 7 compliance roles from ComplianceAsCode
  - name: redhatofficial.rhel7-cis
    src: https://github.com/RedHatOfficial/ansible-role-rhel7-cis
    version: 0.1.72
  - name: redhatofficial.rhel7-cjis
    src: https://github.com/RedHatOfficial/ansible-role-rhel7-cjis
    version: 0.1.72
  - name: redhatofficial.rhel7-cui
    src: https://github.com/RedHatOfficial/ansible-role-rhel7-cui
    version: 0.1.72
  - name: redhatofficial.rhel7-hipaa
    src: https://github.com/RedHatOfficial/ansible-role-rhel7-hipaa
    version: 0.1.72
  - name: redhatofficial.rhel7-ospp
    src: https://github.com/RedHatOfficial/ansible-role-rhel7-ospp
    version: 0.1.72
  - name: redhatofficial.rhel7-pci-dss
    src: https://github.com/RedHatOfficial/ansible-role-rhel7-pci-dss
    version: 0.1.72
  - name: redhatofficial.rhel7-stig
    src: https://github.com/RedHatOfficial/ansible-role-rhel7-stig
    version: 0.1.72
  # RHEL 8 compliance roles from ComplianceAsCode
  - name: redhatofficial.rhel8-cis
    src: https://github.com/RedHatOfficial/ansible-role-rhel8-cis
    version: 0.1.72
  - name: redhatofficial.rhel8-cjis
    src: https://github.com/RedHatOfficial/ansible-role-rhel8-cjis
    version: 0.1.72
  - name: redhatofficial.rhel8-cui
    src: https://github.com/RedHatOfficial/ansible-role-rhel8-cui
    version: 0.1.72
  - name: redhatofficial.rhel8-hipaa
    src: https://github.com/RedHatOfficial/ansible-role-rhel8-hipaa
    version: 0.1.72
  - name: redhatofficial.rhel8-ospp
    src: https://github.com/RedHatOfficial/ansible-role-rhel8-ospp
    version: 0.1.72
  - name: redhatofficial.rhel8-pci-dss
    src: https://github.com/RedHatOfficial/ansible-role-rhel8-pci-dss
    version: 0.1.72
  - name: redhatofficial.rhel8-stig
    src: https://github.com/RedHatOfficial/ansible-role-rhel8-stig
    version: 0.1.72
  # RHEL 9 compliance roles from ComplianceAsCode
  - name: redhatofficial.rhel9-cis
    src: https://github.com/RedHatOfficial/ansible-role-rhel9-cis
    version: 0.1.72
  - name: redhatofficial.rhel9-cui
    src: https://github.com/RedHatOfficial/ansible-role-rhel9-cui
    version: 0.1.72
  - name: redhatofficial.rhel9-hipaa
    src: https://github.com/RedHatOfficial/ansible-role-rhel9-hipaa
    version: 0.1.72
  - name: redhatofficial.rhel9-ospp
    src: https://github.com/RedHatOfficial/ansible-role-rhel9-ospp
    version: 0.1.72
  - name: redhatofficial.rhel9-pci-dss
    src: https://github.com/RedHatOfficial/ansible-role-rhel9-pci-dss
    version: 0.1.72
  - name: redhatofficial.rhel9-stig
    src: https://github.com/RedHatOfficial/ansible-role-rhel9-stig
    version: 0.1.72
 ...
--- a/windows/create_ad_domain.yml
+++ b/windows/create_ad_domain.yml
@@ -46,17 +46,15 @@
    - name: Create some users
      microsoft.ad.user:
        name: "{{ item.name }}"
-        groups:
+        groups: "{{ item.groups }}"
          set:
            - "{{ item.group }}"
        password: "{{ lookup('community.general.random_string', min_lower=1, min_upper=1, min_special=1, min_numeric=1) }}"
        update_password: on_create
      loop:
        - name: "UserA"
-          group: "GroupA"
+          groups: "GroupA"
        - name: "UserB"
-          group: "GroupB"
+          groups: "GroupB"
        - name: "UserC"
-          group: "GroupC"
+          groups: "GroupC"
      retries: 5
      delay: 10
--- a/windows/helpdesk_new_user_portal.yml
+++ b/windows/helpdesk_new_user_portal.yml
@@ -10,7 +10,7 @@
        # Example result: ['&Qw2|E[-']
    - name: Create new user
-      microsoft.ad.user:
+      community.windows.win_domain_user:
        name: "{{ firstname }} {{ surname }}"
        firstname: "{{ firstname }}"
        surname: "{{ surname }}"
--- a/windows/join_ad_domain.yml
+++ b/windows/join_ad_domain.yml
@@ -16,7 +16,7 @@
    - name: Ensure Demo OU exists
      run_once: true
      delegate_to: "{{ domain_controller }}"
-      microsoft.ad.ou:
+      community.windows.win_domain_ou:
        name: Demo
        state: present
@@ -26,7 +26,7 @@
    - name: Join ansible.local domain
      register: r_domain_membership
-      microsoft.ad.membership:
+      ansible.windows.win_domain_membership:
        dns_domain_name: ansible.local
        hostname: "{{ inventory_hostname.split('.')[0] }}"
        domain_admin_user: "{{ ansible_user }}@ansible.local"
Author	SHA1	Message	Date
Matthew Fernandez	3c437804de	Merge branch 'main' into jce/ansible-cfg	2025-05-05 11:11:39 -06:00
Chris Edillon	b26c44a4d3	Merge branch 'main' into jce/ansible-cfg	2025-05-01 17:57:31 -04:00
Chris Edillon	d98afd7a7f	Update collection and role paths in ansible.cfg	2025-03-19 16:52:58 -04:00
		`@@ -0,0 +1 @@`
							`openshift-clients-4.16.0-202408021139.p0.ge8fb3c0.assembly.stream.el9.x86_64.rpm filter=lfs diff=lfs merge=lfs -text`