toallab-automation/roles/aap_operator/tasks/main.yml

---
# Install Ansible Automation Platform via OpenShift OLM operator.
#
# Deploys the AAP operator, then creates a single AnsibleAutomationPlatform
# CR that manages Controller, Hub, and EDA as a unified platform.
# All tasks are idempotent (kubernetes.core.k8s state: present).

# ------------------------------------------------------------------
# Step 1: Install AAP operator via OLM
# ------------------------------------------------------------------
- name: Create AAP namespace
  kubernetes.core.k8s:
    state: present
    definition:
      apiVersion: v1
      kind: Namespace
      metadata:
        name: "{{ aap_operator_namespace }}"

- name: Read global pull secret
  kubernetes.core.k8s_info:
    api_version: v1
    kind: Secret
    namespace: openshift-config
    name: pull-secret
  register: __aap_operator_global_pull_secret

- name: Copy pull secret to AAP namespace
  kubernetes.core.k8s:
    state: present
    definition:
      apiVersion: v1
      kind: Secret
      metadata:
        name: redhat-operators-pull-secret
        namespace: "{{ aap_operator_namespace }}"
      type: kubernetes.io/dockerconfigjson
      data:
        .dockerconfigjson: "{{ __aap_operator_global_pull_secret.resources[0].data['.dockerconfigjson'] }}"
  no_log: false

- name: Create OperatorGroup for AAP
  kubernetes.core.k8s:
    state: present
    definition:
      apiVersion: operators.coreos.com/v1
      kind: OperatorGroup
      metadata:
        name: "{{ aap_operator_name }}"
        namespace: "{{ aap_operator_namespace }}"
      spec:
        targetNamespaces:
          - "{{ aap_operator_namespace }}"
        upgradeStrategy: Default

- name: Subscribe to AAP operator
  kubernetes.core.k8s:
    state: present
    definition:
      apiVersion: operators.coreos.com/v1alpha1
      kind: Subscription
      metadata:
        name: "{{ aap_operator_name }}"
        namespace: "{{ aap_operator_namespace }}"
      spec:
        channel: "{{ aap_operator_channel }}"
        installPlanApproval: Automatic
        name: "{{ aap_operator_name }}"
        source: "{{ aap_operator_source }}"
        sourceNamespace: openshift-marketplace

# ------------------------------------------------------------------
# Step 2: Wait for operator to be ready
# ------------------------------------------------------------------
- name: Wait for AnsibleAutomationPlatform CRD to be available
  kubernetes.core.k8s_info:
    api_version: apiextensions.k8s.io/v1
    kind: CustomResourceDefinition
    name: ansibleautomationplatforms.aap.ansible.com
  register: __aap_operator_crd
  until: __aap_operator_crd.resources | length > 0
  retries: "{{ __aap_operator_wait_retries }}"
  delay: 10

- name: Wait for AAP operator deployments to be ready
  kubernetes.core.k8s_info:
    api_version: apps/v1
    kind: Deployment
    namespace: "{{ aap_operator_namespace }}"
    label_selectors:
      - "operators.coreos.com/{{ aap_operator_name }}.{{ aap_operator_namespace }}"
  register: __aap_operator_deploy
  until: >-
    __aap_operator_deploy.resources | length > 0 and
    (__aap_operator_deploy.resources
     | rejectattr('status.readyReplicas', 'undefined')
     | selectattr('status.readyReplicas', '>=', 1)
     | list | length) == (__aap_operator_deploy.resources | length)
  retries: "{{ __aap_operator_wait_retries }}"
  delay: 10

# ------------------------------------------------------------------
# Step 3: Deploy the unified AnsibleAutomationPlatform
# ------------------------------------------------------------------
- name: Create AnsibleAutomationPlatform
  kubernetes.core.k8s:
    state: present
    definition:
      apiVersion: aap.ansible.com/v1alpha1
      kind: AnsibleAutomationPlatform
      metadata:
        name: "{{ aap_operator_platform_name }}"
        namespace: "{{ aap_operator_namespace }}"
      spec:
        admin_user: "{{ aap_operator_admin_user }}"
        # PostgreSQL storage for all components (RWO)
        database:
          postgres_storage_class: "{{ aap_operator_storage_class }}"
        # Component toggles and per-component config
        controller:
          disabled: "{{ aap_operator_controller_disabled | bool }}"
          route_host: "{{ aap_operator_controller_route_host | default(omit) }}"
        hub:
          disabled: "{{ aap_operator_hub_disabled | bool }}"
          # Hub file/artifact storage (RWX) — must be under hub:
          storage_type: file
          file_storage_storage_class: "{{ aap_operator_hub_file_storage_class }}"
          file_storage_size: "{{ aap_operator_hub_file_storage_size }}"
        eda:
          disabled: "{{ aap_operator_eda_disabled | bool }}"

# ------------------------------------------------------------------
# Step 4: Wait for platform to be ready
# ------------------------------------------------------------------
- name: Wait for AnsibleAutomationPlatform to be ready
  kubernetes.core.k8s_info:
    api_version: aap.ansible.com/v1alpha1
    kind: AnsibleAutomationPlatform
    namespace: "{{ aap_operator_namespace }}"
    name: "{{ aap_operator_platform_name }}"
  register: __aap_operator_platform_status
  ignore_errors: true
  until: >-
    __aap_operator_platform_status.resources is defined and
    __aap_operator_platform_status.resources | length > 0 and
    (__aap_operator_platform_status.resources[0].status.conditions | default([])
     | selectattr('type', '==', 'Running')
     | selectattr('status', '==', 'True') | list | length > 0)
  retries: "{{ __aap_operator_wait_retries }}"
  delay: 10

# ------------------------------------------------------------------
# Step 5: Display summary
# ------------------------------------------------------------------
- name: Display AAP deployment summary
  ansible.builtin.debug:
    msg:
      - "Ansible Automation Platform deployment complete!"
      - "  Namespace  : {{ aap_operator_namespace }}"
      - "  Platform CR: {{ aap_operator_platform_name }}"
      - "  Controller : {{ 'disabled' if aap_operator_controller_disabled else 'enabled' }}"
      - "  Hub        : {{ 'disabled' if aap_operator_hub_disabled else 'enabled' }}"
      - "  EDA        : {{ 'disabled' if aap_operator_eda_disabled else 'enabled' }}"
      - ""
      - "Admin password secret: {{ aap_operator_platform_name }}-admin-password"
      - "Retrieve with: oc get secret {{ aap_operator_platform_name }}-admin-password -n {{ aap_operator_namespace }} -o jsonpath='{.data.password}' | base64 -d"