Configure OIDC, make idempotent, fix bugs. Claude.ai

2026-02-25 13:20:12 -05:00
parent 995b7c4070
commit d981b69669
23 changed files with 2269 additions and 760 deletions
--- a/roles/aap_operator/tasks/main.yml
+++ b/roles/aap_operator/tasks/main.yml
@@ -0,0 +1,189 @@
+---
+# Install Ansible Automation Platform via OpenShift OLM operator.
+#
+# Deploys the AAP operator, then creates AutomationController,
+# AutomationHub, and EDA instances based on enabled flags.
+# All tasks are idempotent (kubernetes.core.k8s state: present).
+
+# ------------------------------------------------------------------
+# Step 1: Install AAP operator via OLM
+# ------------------------------------------------------------------
+- name: Create AAP namespace
+  kubernetes.core.k8s:
+    state: present
+    definition:
+      apiVersion: v1
+      kind: Namespace
+      metadata:
+        name: "{{ aap_operator_namespace }}"
+
+- name: Create OperatorGroup for AAP
+  kubernetes.core.k8s:
+    state: present
+    definition:
+      apiVersion: operators.coreos.com/v1
+      kind: OperatorGroup
+      metadata:
+        name: "{{ aap_operator_name }}"
+        namespace: "{{ aap_operator_namespace }}"
+      spec:
+        upgradeStrategy: Default
+
+- name: Subscribe to AAP operator
+  kubernetes.core.k8s:
+    state: present
+    definition:
+      apiVersion: operators.coreos.com/v1alpha1
+      kind: Subscription
+      metadata:
+        name: "{{ aap_operator_name }}"
+        namespace: "{{ aap_operator_namespace }}"
+      spec:
+        channel: "{{ aap_operator_channel }}"
+        installPlanApproval: Automatic
+        name: "{{ aap_operator_name }}"
+        source: "{{ aap_operator_source }}"
+        sourceNamespace: openshift-marketplace
+
+# ------------------------------------------------------------------
+# Step 2: Wait for operator to be ready
+# ------------------------------------------------------------------
+- name: Wait for AutomationController CRD to be available
+  kubernetes.core.k8s_info:
+    api_version: apiextensions.k8s.io/v1
+    kind: CustomResourceDefinition
+    name: automationcontrollers.automationcontroller.ansible.com
+  register: __aap_operator_crd
+  until: __aap_operator_crd.resources | length > 0
+  retries: "{{ __aap_operator_wait_retries }}"
+  delay: 10
+
+- name: Wait for AAP operator deployment to be ready
+  kubernetes.core.k8s_info:
+    api_version: apps/v1
+    kind: Deployment
+    namespace: "{{ aap_operator_namespace }}"
+    label_selectors:
+      - "app.kubernetes.io/name={{ aap_operator_name }}"
+  register: __aap_operator_deploy
+  until: >-
+    __aap_operator_deploy.resources | length > 0 and
+    (__aap_operator_deploy.resources[0].status.readyReplicas | default(0)) >= 1
+  retries: "{{ __aap_operator_wait_retries }}"
+  delay: 10
+
+# ------------------------------------------------------------------
+# Step 3: Create AutomationController instance
+# ------------------------------------------------------------------
+- name: Create AutomationController instance
+  kubernetes.core.k8s:
+    state: present
+    definition:
+      apiVersion: automationcontroller.ansible.com/v1beta1
+      kind: AutomationController
+      metadata:
+        name: "{{ aap_operator_controller_name }}"
+        namespace: "{{ aap_operator_namespace }}"
+      spec:
+        replicas: "{{ aap_operator_controller_replicas }}"
+        admin_user: "{{ aap_operator_admin_user }}"
+  when: aap_operator_controller_enabled | bool
+
+# ------------------------------------------------------------------
+# Step 4: Create AutomationHub instance
+# ------------------------------------------------------------------
+- name: Create AutomationHub instance
+  kubernetes.core.k8s:
+    state: present
+    definition:
+      apiVersion: automationhub.ansible.com/v1beta1
+      kind: AutomationHub
+      metadata:
+        name: "{{ aap_operator_hub_name }}"
+        namespace: "{{ aap_operator_namespace }}"
+      spec:
+        admin_password_secret: ""
+        route_host: ""
+  when: aap_operator_hub_enabled | bool
+
+# ------------------------------------------------------------------
+# Step 5: Create EDA Controller instance
+# ------------------------------------------------------------------
+- name: Create EDA Controller instance
+  kubernetes.core.k8s:
+    state: present
+    definition:
+      apiVersion: eda.ansible.com/v1alpha1
+      kind: EDA
+      metadata:
+        name: "{{ aap_operator_eda_name }}"
+        namespace: "{{ aap_operator_namespace }}"
+      spec:
+        automation_server_url: "https://{{ aap_operator_controller_name }}-{{ aap_operator_namespace }}.apps.{{ ocp_cluster_name }}.{{ ocp_base_domain }}"
+  when: aap_operator_eda_enabled | bool
+
+# ------------------------------------------------------------------
+# Step 6: Wait for instances to be ready
+# ------------------------------------------------------------------
+- name: Wait for AutomationController to be ready
+  kubernetes.core.k8s_info:
+    api_version: automationcontroller.ansible.com/v1beta1
+    kind: AutomationController
+    namespace: "{{ aap_operator_namespace }}"
+    name: "{{ aap_operator_controller_name }}"
+  register: __aap_operator_controller_status
+  until: >-
+    __aap_operator_controller_status.resources | length > 0 and
+    (__aap_operator_controller_status.resources[0].status.conditions | default([])
+     | selectattr('type', '==', 'Running')
+     | selectattr('status', '==', 'True') | list | length > 0)
+  retries: "{{ __aap_operator_wait_retries }}"
+  delay: 10
+  when: aap_operator_controller_enabled | bool
+
+- name: Wait for AutomationHub to be ready
+  kubernetes.core.k8s_info:
+    api_version: automationhub.ansible.com/v1beta1
+    kind: AutomationHub
+    namespace: "{{ aap_operator_namespace }}"
+    name: "{{ aap_operator_hub_name }}"
+  register: __aap_operator_hub_status
+  until: >-
+    __aap_operator_hub_status.resources | length > 0 and
+    (__aap_operator_hub_status.resources[0].status.conditions | default([])
+     | selectattr('type', '==', 'Running')
+     | selectattr('status', '==', 'True') | list | length > 0)
+  retries: "{{ __aap_operator_wait_retries }}"
+  delay: 10
+  when: aap_operator_hub_enabled | bool
+
+- name: Wait for EDA Controller to be ready
+  kubernetes.core.k8s_info:
+    api_version: eda.ansible.com/v1alpha1
+    kind: EDA
+    namespace: "{{ aap_operator_namespace }}"
+    name: "{{ aap_operator_eda_name }}"
+  register: __aap_operator_eda_status
+  until: >-
+    __aap_operator_eda_status.resources | length > 0 and
+    (__aap_operator_eda_status.resources[0].status.conditions | default([])
+     | selectattr('type', '==', 'Running')
+     | selectattr('status', '==', 'True') | list | length > 0)
+  retries: "{{ __aap_operator_wait_retries }}"
+  delay: 10
+  when: aap_operator_eda_enabled | bool
+
+# ------------------------------------------------------------------
+# Step 7: Display summary
+# ------------------------------------------------------------------
+- name: Display AAP deployment summary
+  ansible.builtin.debug:
+    msg:
+      - "Ansible Automation Platform deployment complete!"
+      - "  Namespace  : {{ aap_operator_namespace }}"
+      - "  Controller : {{ aap_operator_controller_name + ' (enabled)' if aap_operator_controller_enabled else 'disabled' }}"
+      - "  Hub        : {{ aap_operator_hub_name + ' (enabled)' if aap_operator_hub_enabled else 'disabled' }}"
+      - "  EDA        : {{ aap_operator_eda_name + ' (enabled)' if aap_operator_eda_enabled else 'disabled' }}"
+      - ""
+      - "Admin password secret: {{ aap_operator_controller_name }}-admin-password"
+      - "Retrieve with: oc get secret {{ aap_operator_controller_name }}-admin-password -n {{ aap_operator_namespace }} -o jsonpath='{.data.password}' | base64 -d"