ptoal/toallab-automation
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update storage and Keycloak config

Browse Source
This commit is contained in:
Patrick Toal
2026-03-04 12:17:47 -05:00
parent d981b69669
commit d31b14cd72
28 changed files with 1433 additions and 205 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
roles/aap_operator/tasks/configure_oidc.yml Normal file
View File

@@ -0,0 +1,4 @@
---
# OIDC is configured via the AAP Gateway API, not via this role.
# See: playbooks/deploy_aap.yml --tags aap_configure_keycloak,aap_configure_oidc
# Uses: infra.aap_configuration.gateway_authenticators

165
roles/aap_operator/tasks/main.yml
View File

@@ -1,8 +1,8 @@
---
# Install Ansible Automation Platform via OpenShift OLM operator.
#
# Deploys the AAP operator, then creates AutomationController,
# AutomationHub, and EDA instances based on enabled flags.
# Deploys the AAP operator, then creates a single AnsibleAutomationPlatform
# CR that manages Controller, Hub, and EDA as a unified platform.
# All tasks are idempotent (kubernetes.core.k8s state: present).
# ------------------------------------------------------------------
@@ -17,6 +17,28 @@
metadata:
name: "{{ aap_operator_namespace }}"
- name: Read global pull secret
kubernetes.core.k8s_info:
api_version: v1
kind: Secret
namespace: openshift-config
name: pull-secret
register: __aap_operator_global_pull_secret
- name: Copy pull secret to AAP namespace
kubernetes.core.k8s:
state: present
definition:
apiVersion: v1
kind: Secret
metadata:
name: redhat-operators-pull-secret
namespace: "{{ aap_operator_namespace }}"
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: "{{ __aap_operator_global_pull_secret.resources[0].data['.dockerconfigjson'] }}"
no_log: false
- name: Create OperatorGroup for AAP
kubernetes.core.k8s:
state: present
@@ -27,6 +49,8 @@
name: "{{ aap_operator_name }}"
namespace: "{{ aap_operator_namespace }}"
spec:
targetNamespaces:
- "{{ aap_operator_namespace }}"
upgradeStrategy: Default
- name: Subscribe to AAP operator
@@ -48,142 +72,95 @@
# ------------------------------------------------------------------
# Step 2: Wait for operator to be ready
# ------------------------------------------------------------------
- name: Wait for AutomationController CRD to be available
- name: Wait for AnsibleAutomationPlatform CRD to be available
kubernetes.core.k8s_info:
api_version: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
name: automationcontrollers.automationcontroller.ansible.com
name: ansibleautomationplatforms.aap.ansible.com
register: __aap_operator_crd
until: __aap_operator_crd.resources | length > 0
retries: "{{ __aap_operator_wait_retries }}"
delay: 10
- name: Wait for AAP operator deployment to be ready
- name: Wait for AAP operator deployments to be ready
kubernetes.core.k8s_info:
api_version: apps/v1
kind: Deployment
namespace: "{{ aap_operator_namespace }}"
label_selectors:
- "app.kubernetes.io/name={{ aap_operator_name }}"
- "operators.coreos.com/{{ aap_operator_name }}.{{ aap_operator_namespace }}"
register: __aap_operator_deploy
until: >-
__aap_operator_deploy.resources | length > 0 and
(__aap_operator_deploy.resources[0].status.readyReplicas | default(0)) >= 1
(__aap_operator_deploy.resources
| rejectattr('status.readyReplicas', 'undefined')
| selectattr('status.readyReplicas', '>=', 1)
| list | length) == (__aap_operator_deploy.resources | length)
retries: "{{ __aap_operator_wait_retries }}"
delay: 10
# ------------------------------------------------------------------
# Step 3: Create AutomationController instance
# Step 3: Deploy the unified AnsibleAutomationPlatform
# ------------------------------------------------------------------
- name: Create AutomationController instance
- name: Create AnsibleAutomationPlatform
kubernetes.core.k8s:
state: present
definition:
apiVersion: automationcontroller.ansible.com/v1beta1
kind: AutomationController
apiVersion: aap.ansible.com/v1alpha1
kind: AnsibleAutomationPlatform
metadata:
name: "{{ aap_operator_controller_name }}"
name: "{{ aap_operator_platform_name }}"
namespace: "{{ aap_operator_namespace }}"
spec:
replicas: "{{ aap_operator_controller_replicas }}"
admin_user: "{{ aap_operator_admin_user }}"
when: aap_operator_controller_enabled | bool
# PostgreSQL storage for all components (RWO)
database:
postgres_storage_class: "{{ aap_operator_storage_class }}"
# Component toggles and per-component config
controller:
disabled: "{{ aap_operator_controller_disabled | bool }}"
route_host: "{{ aap_operator_controller_route_host | default(omit) }}"
hub:
disabled: "{{ aap_operator_hub_disabled | bool }}"
# Hub file/artifact storage (RWX) — must be under hub:
storage_type: file
file_storage_storage_class: "{{ aap_operator_hub_file_storage_class }}"
file_storage_size: "{{ aap_operator_hub_file_storage_size }}"
eda:
disabled: "{{ aap_operator_eda_disabled | bool }}"
# ------------------------------------------------------------------
# Step 4: Create AutomationHub instance
# Step 4: Wait for platform to be ready
# ------------------------------------------------------------------
- name: Create AutomationHub instance
kubernetes.core.k8s:
state: present
definition:
apiVersion: automationhub.ansible.com/v1beta1
kind: AutomationHub
metadata:
name: "{{ aap_operator_hub_name }}"
namespace: "{{ aap_operator_namespace }}"
spec:
admin_password_secret: ""
route_host: ""
when: aap_operator_hub_enabled | bool
# ------------------------------------------------------------------
# Step 5: Create EDA Controller instance
# ------------------------------------------------------------------
- name: Create EDA Controller instance
kubernetes.core.k8s:
state: present
definition:
apiVersion: eda.ansible.com/v1alpha1
kind: EDA
metadata:
name: "{{ aap_operator_eda_name }}"
namespace: "{{ aap_operator_namespace }}"
spec:
automation_server_url: "https://{{ aap_operator_controller_name }}-{{ aap_operator_namespace }}.apps.{{ ocp_cluster_name }}.{{ ocp_base_domain }}"
when: aap_operator_eda_enabled | bool
# ------------------------------------------------------------------
# Step 6: Wait for instances to be ready
# ------------------------------------------------------------------
- name: Wait for AutomationController to be ready
- name: Wait for AnsibleAutomationPlatform to be ready
kubernetes.core.k8s_info:
api_version: automationcontroller.ansible.com/v1beta1
kind: AutomationController
api_version: aap.ansible.com/v1alpha1
kind: AnsibleAutomationPlatform
namespace: "{{ aap_operator_namespace }}"
name: "{{ aap_operator_controller_name }}"
register: __aap_operator_controller_status
name: "{{ aap_operator_platform_name }}"
register: __aap_operator_platform_status
ignore_errors: true
until: >-
__aap_operator_controller_status.resources | length > 0 and
(__aap_operator_controller_status.resources[0].status.conditions | default([])
__aap_operator_platform_status.resources is defined and
__aap_operator_platform_status.resources | length > 0 and
(__aap_operator_platform_status.resources[0].status.conditions | default([])
| selectattr('type', '==', 'Running')
| selectattr('status', '==', 'True') | list | length > 0)
retries: "{{ __aap_operator_wait_retries }}"
delay: 10
when: aap_operator_controller_enabled | bool
- name: Wait for AutomationHub to be ready
kubernetes.core.k8s_info:
api_version: automationhub.ansible.com/v1beta1
kind: AutomationHub
namespace: "{{ aap_operator_namespace }}"
name: "{{ aap_operator_hub_name }}"
register: __aap_operator_hub_status
until: >-
__aap_operator_hub_status.resources | length > 0 and
(__aap_operator_hub_status.resources[0].status.conditions | default([])
| selectattr('type', '==', 'Running')
| selectattr('status', '==', 'True') | list | length > 0)
retries: "{{ __aap_operator_wait_retries }}"
delay: 10
when: aap_operator_hub_enabled | bool
- name: Wait for EDA Controller to be ready
kubernetes.core.k8s_info:
api_version: eda.ansible.com/v1alpha1
kind: EDA
namespace: "{{ aap_operator_namespace }}"
name: "{{ aap_operator_eda_name }}"
register: __aap_operator_eda_status
until: >-
__aap_operator_eda_status.resources | length > 0 and
(__aap_operator_eda_status.resources[0].status.conditions | default([])
| selectattr('type', '==', 'Running')
| selectattr('status', '==', 'True') | list | length > 0)
retries: "{{ __aap_operator_wait_retries }}"
delay: 10
when: aap_operator_eda_enabled | bool
# ------------------------------------------------------------------
# Step 7: Display summary
# Step 5: Display summary
# ------------------------------------------------------------------
- name: Display AAP deployment summary
ansible.builtin.debug:
msg:
- "Ansible Automation Platform deployment complete!"
- " Namespace : {{ aap_operator_namespace }}"
- " Controller : {{ aap_operator_controller_name + ' (enabled)' if aap_operator_controller_enabled else 'disabled' }}"
- " Hub : {{ aap_operator_hub_name + ' (enabled)' if aap_operator_hub_enabled else 'disabled' }}"
- " EDA : {{ aap_operator_eda_name + ' (enabled)' if aap_operator_eda_enabled else 'disabled' }}"
- " Platform CR: {{ aap_operator_platform_name }}"
- " Controller : {{ 'disabled' if aap_operator_controller_disabled else 'enabled' }}"
- " Hub : {{ 'disabled' if aap_operator_hub_disabled else 'enabled' }}"
- " EDA : {{ 'disabled' if aap_operator_eda_disabled else 'enabled' }}"
- ""
- "Admin password secret: {{ aap_operator_controller_name }}-admin-password"
- "Retrieve with: oc get secret {{ aap_operator_controller_name }}-admin-password -n {{ aap_operator_namespace }} -o jsonpath='{.data.password}' | base64 -d"
- "Admin password secret: {{ aap_operator_platform_name }}-admin-password"
- "Retrieve with: oc get secret {{ aap_operator_platform_name }}-admin-password -n {{ aap_operator_namespace }} -o jsonpath='{.data.password}' | base64 -d"