ptoal/toallab-automation
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Configure OIDC, make idempotent, fix bugs. Claude.ai

Browse Source
This commit is contained in:
Patrick Toal
2026-02-25 13:20:12 -05:00
parent 995b7c4070
commit d981b69669
23 changed files with 2269 additions and 760 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
roles/aap_operator/defaults/main.yml Normal file
View File

@@ -0,0 +1,23 @@
---
# --- OLM subscription ---
aap_operator_namespace: aap
aap_operator_channel: "stable-2.6"
aap_operator_source: redhat-operators
aap_operator_name: ansible-automation-platform-operator
aap_operator_wait_timeout: 600
# --- Automation Controller ---
aap_operator_controller_enabled: true
aap_operator_controller_name: controller
aap_operator_controller_replicas: 1
# --- Automation Hub ---
aap_operator_hub_enabled: true
aap_operator_hub_name: hub
# --- Event-Driven Ansible (EDA) ---
aap_operator_eda_enabled: true
aap_operator_eda_name: eda
# --- Admin ---
aap_operator_admin_user: admin

60
roles/aap_operator/meta/argument_specs.yml Normal file
View File

@@ -0,0 +1,60 @@
---
argument_specs:
main:
short_description: Install AAP via OpenShift OLM operator
description:
- Installs the Ansible Automation Platform operator via OLM and
creates AutomationController, AutomationHub, and EDA instances.
options:
aap_operator_namespace:
description: Namespace for the AAP operator and instances.
type: str
default: aap
aap_operator_channel:
description: OLM subscription channel.
type: str
default: "stable-2.6"
aap_operator_source:
description: OLM catalog source name.
type: str
default: redhat-operators
aap_operator_name:
description: Operator package name in the catalog.
type: str
default: ansible-automation-platform-operator
aap_operator_wait_timeout:
description: Seconds to wait for operator and instances to become ready.
type: int
default: 600
aap_operator_controller_enabled:
description: Whether to create an AutomationController instance.
type: bool
default: true
aap_operator_controller_name:
description: Name of the AutomationController CR.
type: str
default: controller
aap_operator_controller_replicas:
description: Number of Controller replicas.
type: int
default: 1
aap_operator_hub_enabled:
description: Whether to create an AutomationHub instance.
type: bool
default: true
aap_operator_hub_name:
description: Name of the AutomationHub CR.
type: str
default: hub
aap_operator_eda_enabled:
description: Whether to create an EDA Controller instance.
type: bool
default: true
aap_operator_eda_name:
description: Name of the EDA CR.
type: str
default: eda
aap_operator_admin_user:
description: Admin username for Controller and Hub.
type: str
default: admin

18
roles/aap_operator/meta/main.yml Normal file
View File

@@ -0,0 +1,18 @@
---
galaxy_info:
author: ptoal
description: Install Ansible Automation Platform via OpenShift OLM operator
license: MIT
min_ansible_version: "2.16"
platforms:
- name: GenericLinux
versions:
- all
galaxy_tags:
- openshift
- aap
- operator
- olm
- ansible
dependencies: []

189
roles/aap_operator/tasks/main.yml Normal file
View File

@@ -0,0 +1,189 @@
---
# Install Ansible Automation Platform via OpenShift OLM operator.
#
# Deploys the AAP operator, then creates AutomationController,
# AutomationHub, and EDA instances based on enabled flags.
# All tasks are idempotent (kubernetes.core.k8s state: present).
# ------------------------------------------------------------------
# Step 1: Install AAP operator via OLM
# ------------------------------------------------------------------
- name: Create AAP namespace
kubernetes.core.k8s:
state: present
definition:
apiVersion: v1
kind: Namespace
metadata:
name: "{{ aap_operator_namespace }}"
- name: Create OperatorGroup for AAP
kubernetes.core.k8s:
state: present
definition:
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
name: "{{ aap_operator_name }}"
namespace: "{{ aap_operator_namespace }}"
spec:
upgradeStrategy: Default
- name: Subscribe to AAP operator
kubernetes.core.k8s:
state: present
definition:
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
name: "{{ aap_operator_name }}"
namespace: "{{ aap_operator_namespace }}"
spec:
channel: "{{ aap_operator_channel }}"
installPlanApproval: Automatic
name: "{{ aap_operator_name }}"
source: "{{ aap_operator_source }}"
sourceNamespace: openshift-marketplace
# ------------------------------------------------------------------
# Step 2: Wait for operator to be ready
# ------------------------------------------------------------------
- name: Wait for AutomationController CRD to be available
kubernetes.core.k8s_info:
api_version: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
name: automationcontrollers.automationcontroller.ansible.com
register: __aap_operator_crd
until: __aap_operator_crd.resources | length > 0
retries: "{{ __aap_operator_wait_retries }}"
delay: 10
- name: Wait for AAP operator deployment to be ready
kubernetes.core.k8s_info:
api_version: apps/v1
kind: Deployment
namespace: "{{ aap_operator_namespace }}"
label_selectors:
- "app.kubernetes.io/name={{ aap_operator_name }}"
register: __aap_operator_deploy
until: >-
__aap_operator_deploy.resources | length > 0 and
(__aap_operator_deploy.resources[0].status.readyReplicas | default(0)) >= 1
retries: "{{ __aap_operator_wait_retries }}"
delay: 10
# ------------------------------------------------------------------
# Step 3: Create AutomationController instance
# ------------------------------------------------------------------
- name: Create AutomationController instance
kubernetes.core.k8s:
state: present
definition:
apiVersion: automationcontroller.ansible.com/v1beta1
kind: AutomationController
metadata:
name: "{{ aap_operator_controller_name }}"
namespace: "{{ aap_operator_namespace }}"
spec:
replicas: "{{ aap_operator_controller_replicas }}"
admin_user: "{{ aap_operator_admin_user }}"
when: aap_operator_controller_enabled | bool
# ------------------------------------------------------------------
# Step 4: Create AutomationHub instance
# ------------------------------------------------------------------
- name: Create AutomationHub instance
kubernetes.core.k8s:
state: present
definition:
apiVersion: automationhub.ansible.com/v1beta1
kind: AutomationHub
metadata:
name: "{{ aap_operator_hub_name }}"
namespace: "{{ aap_operator_namespace }}"
spec:
admin_password_secret: ""
route_host: ""
when: aap_operator_hub_enabled | bool
# ------------------------------------------------------------------
# Step 5: Create EDA Controller instance
# ------------------------------------------------------------------
- name: Create EDA Controller instance
kubernetes.core.k8s:
state: present
definition:
apiVersion: eda.ansible.com/v1alpha1
kind: EDA
metadata:
name: "{{ aap_operator_eda_name }}"
namespace: "{{ aap_operator_namespace }}"
spec:
automation_server_url: "https://{{ aap_operator_controller_name }}-{{ aap_operator_namespace }}.apps.{{ ocp_cluster_name }}.{{ ocp_base_domain }}"
when: aap_operator_eda_enabled | bool
# ------------------------------------------------------------------
# Step 6: Wait for instances to be ready
# ------------------------------------------------------------------
- name: Wait for AutomationController to be ready
kubernetes.core.k8s_info:
api_version: automationcontroller.ansible.com/v1beta1
kind: AutomationController
namespace: "{{ aap_operator_namespace }}"
name: "{{ aap_operator_controller_name }}"
register: __aap_operator_controller_status
until: >-
__aap_operator_controller_status.resources | length > 0 and
(__aap_operator_controller_status.resources[0].status.conditions | default([])
| selectattr('type', '==', 'Running')
| selectattr('status', '==', 'True') | list | length > 0)
retries: "{{ __aap_operator_wait_retries }}"
delay: 10
when: aap_operator_controller_enabled | bool
- name: Wait for AutomationHub to be ready
kubernetes.core.k8s_info:
api_version: automationhub.ansible.com/v1beta1
kind: AutomationHub
namespace: "{{ aap_operator_namespace }}"
name: "{{ aap_operator_hub_name }}"
register: __aap_operator_hub_status
until: >-
__aap_operator_hub_status.resources | length > 0 and
(__aap_operator_hub_status.resources[0].status.conditions | default([])
| selectattr('type', '==', 'Running')
| selectattr('status', '==', 'True') | list | length > 0)
retries: "{{ __aap_operator_wait_retries }}"
delay: 10
when: aap_operator_hub_enabled | bool
- name: Wait for EDA Controller to be ready
kubernetes.core.k8s_info:
api_version: eda.ansible.com/v1alpha1
kind: EDA
namespace: "{{ aap_operator_namespace }}"
name: "{{ aap_operator_eda_name }}"
register: __aap_operator_eda_status
until: >-
__aap_operator_eda_status.resources | length > 0 and
(__aap_operator_eda_status.resources[0].status.conditions | default([])
| selectattr('type', '==', 'Running')
| selectattr('status', '==', 'True') | list | length > 0)
retries: "{{ __aap_operator_wait_retries }}"
delay: 10
when: aap_operator_eda_enabled | bool
# ------------------------------------------------------------------
# Step 7: Display summary
# ------------------------------------------------------------------
- name: Display AAP deployment summary
ansible.builtin.debug:
msg:
- "Ansible Automation Platform deployment complete!"
- " Namespace : {{ aap_operator_namespace }}"
- " Controller : {{ aap_operator_controller_name + ' (enabled)' if aap_operator_controller_enabled else 'disabled' }}"
- " Hub : {{ aap_operator_hub_name + ' (enabled)' if aap_operator_hub_enabled else 'disabled' }}"
- " EDA : {{ aap_operator_eda_name + ' (enabled)' if aap_operator_eda_enabled else 'disabled' }}"
- ""
- "Admin password secret: {{ aap_operator_controller_name }}-admin-password"
- "Retrieve with: oc get secret {{ aap_operator_controller_name }}-admin-password -n {{ aap_operator_namespace }} -o jsonpath='{.data.password}' | base64 -d"

3
roles/aap_operator/vars/main.yml Normal file
View File

@@ -0,0 +1,3 @@
---
# Computed internal variables - do not override
__aap_operator_wait_retries: "{{ (aap_operator_wait_timeout / 10) | int }}"