Update storage and Keycloak config

roles/aap_operator/defaults/main.yml

@@ -4,20 +4,26 @@ aap_operator_namespace: aap
 aap_operator_channel: "stable-2.6"
 aap_operator_source: redhat-operators
 aap_operator_name: ansible-automation-platform-operator
-aap_operator_wait_timeout: 600
+aap_operator_wait_timeout: 1800
 
-# --- Automation Controller ---
-aap_operator_controller_enabled: true
-aap_operator_controller_name: controller
-aap_operator_controller_replicas: 1
+# --- AnsibleAutomationPlatform CR ---
+aap_operator_platform_name: aap
 
-# --- Automation Hub ---
-aap_operator_hub_enabled: true
-aap_operator_hub_name: hub
+# --- Components (set disabled: true to skip) ---
+aap_operator_controller_disabled: false
+aap_operator_hub_disabled: false
+aap_operator_eda_disabled: false
 
-# --- Event-Driven Ansible (EDA) ---
-aap_operator_eda_enabled: true
-aap_operator_eda_name: eda
+# --- Storage ---
+# RWO StorageClass for PostgreSQL (all components)
+aap_operator_storage_class: lvms-vg-data
+# RWX StorageClass for Hub file/artifact storage
+aap_operator_hub_file_storage_class: nfs-client
+aap_operator_hub_file_storage_size: 10Gi
 
 # --- Admin ---
 aap_operator_admin_user: admin
+
+# --- Routing (optional) ---
+# Set to a custom hostname to override the auto-generated Controller route
+# aap_operator_controller_route_host: aap.example.com

roles/aap_operator/meta/argument_specs.yml

@@ -1,13 +1,13 @@
 ---
 argument_specs:
   main:
-    short_description: Install AAP via OpenShift OLM operator
+    short_description: Install AAP via OpenShift OLM operator (AnsibleAutomationPlatform CR)
     description:
-      - Installs the Ansible Automation Platform operator via OLM and
-        creates AutomationController, AutomationHub, and EDA instances.
+      - Installs the Ansible Automation Platform operator via OLM and creates a
+        single AnsibleAutomationPlatform CR that manages Controller, Hub, and EDA.
     options:
       aap_operator_namespace:
-        description: Namespace for the AAP operator and instances.
+        description: Namespace for the AAP operator and platform instance.
         type: str
         default: aap
       aap_operator_channel:
@@ -23,38 +23,45 @@ argument_specs:
         type: str
         default: ansible-automation-platform-operator
       aap_operator_wait_timeout:
-        description: Seconds to wait for operator and instances to become ready.
+        description: Seconds to wait for operator and platform to become ready.
         type: int
-        default: 600
-      aap_operator_controller_enabled:
-        description: Whether to create an AutomationController instance.
-        type: bool
-        default: true
-      aap_operator_controller_name:
-        description: Name of the AutomationController CR.
+        default: 1800
+      aap_operator_platform_name:
+        description: Name of the AnsibleAutomationPlatform CR.
         type: str
-        default: controller
-      aap_operator_controller_replicas:
-        description: Number of Controller replicas.
-        type: int
-        default: 1
-      aap_operator_hub_enabled:
-        description: Whether to create an AutomationHub instance.
+        default: aap
+      aap_operator_controller_disabled:
+        description: Set true to skip deploying Automation Controller.
         type: bool
-        default: true
-      aap_operator_hub_name:
-        description: Name of the AutomationHub CR.
-        type: str
-        default: hub
-      aap_operator_eda_enabled:
-        description: Whether to create an EDA Controller instance.
+        default: false
+      aap_operator_hub_disabled:
+        description: Set true to skip deploying Automation Hub.
         type: bool
-        default: true
-      aap_operator_eda_name:
-        description: Name of the EDA CR.
+        default: false
+      aap_operator_eda_disabled:
+        description: Set true to skip deploying Event-Driven Ansible.
+        type: bool
+        default: false
+      aap_operator_storage_class:
+        description: StorageClass for PostgreSQL persistent volumes (RWO).
         type: str
-        default: eda
+        default: lvms-vg-data
+      aap_operator_hub_file_storage_class:
+        description: StorageClass for Hub file/artifact storage (RWX).
+        type: str
+        default: nfs-client
+      aap_operator_hub_file_storage_size:
+        description: Size of the Hub file storage PVC.
+        type: str
+        default: 10Gi
       aap_operator_admin_user:
-        description: Admin username for Controller and Hub.
+        description: Admin username for the platform.
         type: str
         default: admin
+      aap_operator_controller_route_host:
+        description: >
+          Custom hostname for the Automation Controller Route.
+          When set, overrides the auto-generated route hostname (e.g. aap.example.com).
+          Leave unset to use the default apps subdomain route.
+        type: str
+        required: false

roles/aap_operator/tasks/configure_oidc.yml

@@ -0,0 +1,4 @@
+---
+# OIDC is configured via the AAP Gateway API, not via this role.
+# See: playbooks/deploy_aap.yml --tags aap_configure_keycloak,aap_configure_oidc
+# Uses: infra.aap_configuration.gateway_authenticators

roles/aap_operator/tasks/main.yml

@@ -1,8 +1,8 @@
 ---
 # Install Ansible Automation Platform via OpenShift OLM operator.
 #
-# Deploys the AAP operator, then creates AutomationController,
-# AutomationHub, and EDA instances based on enabled flags.
+# Deploys the AAP operator, then creates a single AnsibleAutomationPlatform
+# CR that manages Controller, Hub, and EDA as a unified platform.
 # All tasks are idempotent (kubernetes.core.k8s state: present).
 
 # ------------------------------------------------------------------
@@ -17,6 +17,28 @@
       metadata:
         name: "{{ aap_operator_namespace }}"
 
+- name: Read global pull secret
+  kubernetes.core.k8s_info:
+    api_version: v1
+    kind: Secret
+    namespace: openshift-config
+    name: pull-secret
+  register: __aap_operator_global_pull_secret
+
+- name: Copy pull secret to AAP namespace
+  kubernetes.core.k8s:
+    state: present
+    definition:
+      apiVersion: v1
+      kind: Secret
+      metadata:
+        name: redhat-operators-pull-secret
+        namespace: "{{ aap_operator_namespace }}"
+      type: kubernetes.io/dockerconfigjson
+      data:
+        .dockerconfigjson: "{{ __aap_operator_global_pull_secret.resources[0].data['.dockerconfigjson'] }}"
+  no_log: false
+
 - name: Create OperatorGroup for AAP
   kubernetes.core.k8s:
     state: present
@@ -27,6 +49,8 @@
         name: "{{ aap_operator_name }}"
         namespace: "{{ aap_operator_namespace }}"
       spec:
+        targetNamespaces:
+          - "{{ aap_operator_namespace }}"
         upgradeStrategy: Default
 
 - name: Subscribe to AAP operator
@@ -48,142 +72,95 @@
 # ------------------------------------------------------------------
 # Step 2: Wait for operator to be ready
 # ------------------------------------------------------------------
-- name: Wait for AutomationController CRD to be available
+- name: Wait for AnsibleAutomationPlatform CRD to be available
   kubernetes.core.k8s_info:
     api_version: apiextensions.k8s.io/v1
     kind: CustomResourceDefinition
-    name: automationcontrollers.automationcontroller.ansible.com
+    name: ansibleautomationplatforms.aap.ansible.com
   register: __aap_operator_crd
   until: __aap_operator_crd.resources | length > 0
   retries: "{{ __aap_operator_wait_retries }}"
   delay: 10
 
-- name: Wait for AAP operator deployment to be ready
+- name: Wait for AAP operator deployments to be ready
   kubernetes.core.k8s_info:
     api_version: apps/v1
     kind: Deployment
     namespace: "{{ aap_operator_namespace }}"
     label_selectors:
-      - "app.kubernetes.io/name={{ aap_operator_name }}"
+      - "operators.coreos.com/{{ aap_operator_name }}.{{ aap_operator_namespace }}"
   register: __aap_operator_deploy
   until: >-
     __aap_operator_deploy.resources | length > 0 and
-    (__aap_operator_deploy.resources[0].status.readyReplicas | default(0)) >= 1
+    (__aap_operator_deploy.resources
+     | rejectattr('status.readyReplicas', 'undefined')
+     | selectattr('status.readyReplicas', '>=', 1)
+     | list | length) == (__aap_operator_deploy.resources | length)
   retries: "{{ __aap_operator_wait_retries }}"
   delay: 10
 
 # ------------------------------------------------------------------
-# Step 3: Create AutomationController instance
+# Step 3: Deploy the unified AnsibleAutomationPlatform
 # ------------------------------------------------------------------
-- name: Create AutomationController instance
+- name: Create AnsibleAutomationPlatform
   kubernetes.core.k8s:
     state: present
     definition:
-      apiVersion: automationcontroller.ansible.com/v1beta1
-      kind: AutomationController
+      apiVersion: aap.ansible.com/v1alpha1
+      kind: AnsibleAutomationPlatform
       metadata:
-        name: "{{ aap_operator_controller_name }}"
+        name: "{{ aap_operator_platform_name }}"
         namespace: "{{ aap_operator_namespace }}"
       spec:
-        replicas: "{{ aap_operator_controller_replicas }}"
         admin_user: "{{ aap_operator_admin_user }}"
-  when: aap_operator_controller_enabled | bool
+        # PostgreSQL storage for all components (RWO)
+        database:
+          postgres_storage_class: "{{ aap_operator_storage_class }}"
+        # Component toggles and per-component config
+        controller:
+          disabled: "{{ aap_operator_controller_disabled | bool }}"
+          route_host: "{{ aap_operator_controller_route_host | default(omit) }}"
+        hub:
+          disabled: "{{ aap_operator_hub_disabled | bool }}"
+          # Hub file/artifact storage (RWX) — must be under hub:
+          storage_type: file
+          file_storage_storage_class: "{{ aap_operator_hub_file_storage_class }}"
+          file_storage_size: "{{ aap_operator_hub_file_storage_size }}"
+        eda:
+          disabled: "{{ aap_operator_eda_disabled | bool }}"
 
 # ------------------------------------------------------------------
-# Step 4: Create AutomationHub instance
+# Step 4: Wait for platform to be ready
 # ------------------------------------------------------------------
-- name: Create AutomationHub instance
-  kubernetes.core.k8s:
-    state: present
-    definition:
-      apiVersion: automationhub.ansible.com/v1beta1
-      kind: AutomationHub
-      metadata:
-        name: "{{ aap_operator_hub_name }}"
-        namespace: "{{ aap_operator_namespace }}"
-      spec:
-        admin_password_secret: ""
-        route_host: ""
-  when: aap_operator_hub_enabled | bool
-
-# ------------------------------------------------------------------
-# Step 5: Create EDA Controller instance
-# ------------------------------------------------------------------
-- name: Create EDA Controller instance
-  kubernetes.core.k8s:
-    state: present
-    definition:
-      apiVersion: eda.ansible.com/v1alpha1
-      kind: EDA
-      metadata:
-        name: "{{ aap_operator_eda_name }}"
-        namespace: "{{ aap_operator_namespace }}"
-      spec:
-        automation_server_url: "https://{{ aap_operator_controller_name }}-{{ aap_operator_namespace }}.apps.{{ ocp_cluster_name }}.{{ ocp_base_domain }}"
-  when: aap_operator_eda_enabled | bool
-
-# ------------------------------------------------------------------
-# Step 6: Wait for instances to be ready
-# ------------------------------------------------------------------
-- name: Wait for AutomationController to be ready
+- name: Wait for AnsibleAutomationPlatform to be ready
   kubernetes.core.k8s_info:
-    api_version: automationcontroller.ansible.com/v1beta1
-    kind: AutomationController
+    api_version: aap.ansible.com/v1alpha1
+    kind: AnsibleAutomationPlatform
     namespace: "{{ aap_operator_namespace }}"
-    name: "{{ aap_operator_controller_name }}"
-  register: __aap_operator_controller_status
+    name: "{{ aap_operator_platform_name }}"
+  register: __aap_operator_platform_status
+  ignore_errors: true
   until: >-
-    __aap_operator_controller_status.resources | length > 0 and
-    (__aap_operator_controller_status.resources[0].status.conditions | default([])
+    __aap_operator_platform_status.resources is defined and
+    __aap_operator_platform_status.resources | length > 0 and
+    (__aap_operator_platform_status.resources[0].status.conditions | default([])
      | selectattr('type', '==', 'Running')
      | selectattr('status', '==', 'True') | list | length > 0)
   retries: "{{ __aap_operator_wait_retries }}"
   delay: 10
-  when: aap_operator_controller_enabled | bool
-
-- name: Wait for AutomationHub to be ready
-  kubernetes.core.k8s_info:
-    api_version: automationhub.ansible.com/v1beta1
-    kind: AutomationHub
-    namespace: "{{ aap_operator_namespace }}"
-    name: "{{ aap_operator_hub_name }}"
-  register: __aap_operator_hub_status
-  until: >-
-    __aap_operator_hub_status.resources | length > 0 and
-    (__aap_operator_hub_status.resources[0].status.conditions | default([])
-     | selectattr('type', '==', 'Running')
-     | selectattr('status', '==', 'True') | list | length > 0)
-  retries: "{{ __aap_operator_wait_retries }}"
-  delay: 10
-  when: aap_operator_hub_enabled | bool
-
-- name: Wait for EDA Controller to be ready
-  kubernetes.core.k8s_info:
-    api_version: eda.ansible.com/v1alpha1
-    kind: EDA
-    namespace: "{{ aap_operator_namespace }}"
-    name: "{{ aap_operator_eda_name }}"
-  register: __aap_operator_eda_status
-  until: >-
-    __aap_operator_eda_status.resources | length > 0 and
-    (__aap_operator_eda_status.resources[0].status.conditions | default([])
-     | selectattr('type', '==', 'Running')
-     | selectattr('status', '==', 'True') | list | length > 0)
-  retries: "{{ __aap_operator_wait_retries }}"
-  delay: 10
-  when: aap_operator_eda_enabled | bool
 
 # ------------------------------------------------------------------
-# Step 7: Display summary
+# Step 5: Display summary
 # ------------------------------------------------------------------
 - name: Display AAP deployment summary
   ansible.builtin.debug:
     msg:
       - "Ansible Automation Platform deployment complete!"
       - "  Namespace  : {{ aap_operator_namespace }}"
-      - "  Controller : {{ aap_operator_controller_name + ' (enabled)' if aap_operator_controller_enabled else 'disabled' }}"
-      - "  Hub        : {{ aap_operator_hub_name + ' (enabled)' if aap_operator_hub_enabled else 'disabled' }}"
-      - "  EDA        : {{ aap_operator_eda_name + ' (enabled)' if aap_operator_eda_enabled else 'disabled' }}"
+      - "  Platform CR: {{ aap_operator_platform_name }}"
+      - "  Controller : {{ 'disabled' if aap_operator_controller_disabled else 'enabled' }}"
+      - "  Hub        : {{ 'disabled' if aap_operator_hub_disabled else 'enabled' }}"
+      - "  EDA        : {{ 'disabled' if aap_operator_eda_disabled else 'enabled' }}"
       - ""
-      - "Admin password secret: {{ aap_operator_controller_name }}-admin-password"
-      - "Retrieve with: oc get secret {{ aap_operator_controller_name }}-admin-password -n {{ aap_operator_namespace }} -o jsonpath='{.data.password}' | base64 -d"
+      - "Admin password secret: {{ aap_operator_platform_name }}-admin-password"
+      - "Retrieve with: oc get secret {{ aap_operator_platform_name }}-admin-password -n {{ aap_operator_namespace }} -o jsonpath='{.data.password}' | base64 -d"