diff --git a/collections/ansible_collections/demo/openshift/roles/eda_controller/.yamllint b/collections/ansible_collections/demo/openshift/roles/eda_controller/.yamllint new file mode 100644 index 0000000..b2a7e17 --- /dev/null +++ b/collections/ansible_collections/demo/openshift/roles/eda_controller/.yamllint @@ -0,0 +1,13 @@ +--- +extends: default + +rules: + comments: + require-starting-space: false + min-spaces-from-content: 1 + comments-indentation: disable + indentation: + indent-sequences: consistent + line-length: + max: 120 + allow-non-breakable-inline-mappings: true diff --git a/collections/ansible_collections/demo/openshift/roles/eda_controller/defaults/main.yml b/collections/ansible_collections/demo/openshift/roles/eda_controller/defaults/main.yml new file mode 100644 index 0000000..b7b987d --- /dev/null +++ b/collections/ansible_collections/demo/openshift/roles/eda_controller/defaults/main.yml @@ -0,0 +1,16 @@ +--- +# -------------------------------------------------------- +# Ansible Automation Platform Controller URL +# -------------------------------------------------------- +# eda_controller_aap_controller_url: [Required] + +# -------------------------------------------------------- +# Workload: eda_controller +# -------------------------------------------------------- +eda_controller_project: "aap" +eda_controller_project_app_name: "eda-controller" + +# eda_controller_admin_password: "{{ common_password }}" + +eda_controller_cluster_rolebinding_name: eda_default +eda_controller_cluster_rolebinding_role: cluster-admin diff --git a/collections/ansible_collections/demo/openshift/roles/eda_controller/meta/main.yml b/collections/ansible_collections/demo/openshift/roles/eda_controller/meta/main.yml new file mode 100644 index 0000000..7df3eae --- /dev/null +++ b/collections/ansible_collections/demo/openshift/roles/eda_controller/meta/main.yml @@ -0,0 +1,14 @@ +--- +galaxy_info: + role_name: eda_controller + author: Mitesh Sharma (mitsharm@redhat.com) + description: | + Installs EDA on OpenShift + license: GPLv3 + min_ansible_version: "2.9" + platforms: [] + galaxy_tags: + - eda + - openshift + - aap +dependencies: [] diff --git a/collections/ansible_collections/demo/openshift/roles/eda_controller/readme.adoc b/collections/ansible_collections/demo/openshift/roles/eda_controller/readme.adoc new file mode 100644 index 0000000..00edd8a --- /dev/null +++ b/collections/ansible_collections/demo/openshift/roles/eda_controller/readme.adoc @@ -0,0 +1,6 @@ +== eda_controller + +This role installs EDA on OpenShift, mostly copied from https://github.com/redhat-cop/agnosticd/. + +== Dependencies +Role: automation_controller_platform diff --git a/collections/ansible_collections/demo/openshift/roles/eda_controller/tasks/main.yml b/collections/ansible_collections/demo/openshift/roles/eda_controller/tasks/main.yml new file mode 100644 index 0000000..9c95b05 --- /dev/null +++ b/collections/ansible_collections/demo/openshift/roles/eda_controller/tasks/main.yml @@ -0,0 +1,54 @@ +--- +- name: Setup environment vars + block: + - name: Create secret and Install EDA + kubernetes.core.k8s: + state: present + definition: "{{ lookup('template', __definition) }}" + loop: + - eda_admin_secret.j2 + - eda_controller.j2 + loop_control: + loop_var: __definition + + - name: Retrieve created route + kubernetes.core.k8s_info: + api_version: "route.openshift.io/v1" + kind: Route + name: "{{ eda_controller_project_app_name }}" + namespace: "{{ eda_controller_project }}" + register: r_eda_route + until: r_eda_route.resources[0].spec.host is defined + retries: 30 + delay: 45 + + - name: Get eda-controller route hostname + ansible.builtin.set_fact: + eda_controller_hostname: "{{ r_eda_route.resources[0].spec.host }}" + + - name: Wait for eda_controller to be running + ansible.builtin.uri: + url: https://{{ eda_controller_hostname }}/api/eda/v1/users/me/awx-tokens/ + user: "admin" + password: "{{ lookup('ansible.builtin.env', 'CONTROLLER_PASSWORD') }}" + method: GET + force_basic_auth: true + validate_certs: false + body_format: json + status_code: 200 + register: r_result + until: not r_result.failed + retries: 60 + delay: 45 + + - name: Create Rolebinding for Rulebook Activations + kubernetes.core.k8s: + state: present + definition: "{{ lookup('template', 'cluster_rolebinding.j2') }}" + + - name: Display EDA Controller URL + ansible.builtin.debug: + msg: + - "EDA Controller URL: https://{{ eda_controller_hostname }}" + - "EDA Controller Admin Login: admin" + - "EDA Controller Admin Password: " diff --git a/collections/ansible_collections/demo/openshift/roles/eda_controller/templates/cluster_rolebinding.j2 b/collections/ansible_collections/demo/openshift/roles/eda_controller/templates/cluster_rolebinding.j2 new file mode 100644 index 0000000..8c74a64 --- /dev/null +++ b/collections/ansible_collections/demo/openshift/roles/eda_controller/templates/cluster_rolebinding.j2 @@ -0,0 +1,13 @@ +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ eda_controller_cluster_rolebinding_name }} +subjects: + - kind: ServiceAccount + name: default + namespace: {{ eda_controller_project }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ eda_controller_cluster_rolebinding_role }} diff --git a/collections/ansible_collections/demo/openshift/roles/eda_controller/templates/eda_admin_secret.j2 b/collections/ansible_collections/demo/openshift/roles/eda_controller/templates/eda_admin_secret.j2 new file mode 100644 index 0000000..024116f --- /dev/null +++ b/collections/ansible_collections/demo/openshift/roles/eda_controller/templates/eda_admin_secret.j2 @@ -0,0 +1,15 @@ +--- +kind: Secret +apiVersion: v1 +metadata: + name: {{ eda_controller_project_app_name }}-admin-password + namespace: {{ eda_controller_project }} + labels: + app.kubernetes.io/component: eda + app.kubernetes.io/managed-by: eda-operator + app.kubernetes.io/name: {{ eda_controller_project_app_name }} + app.kubernetes.io/operator-version: '2.4' + app.kubernetes.io/part-of: {{ eda_controller_project_app_name }} +data: + password: "{{ lookup('ansible.builtin.env', 'CONTROLLER_PASSWORD') | b64encode }}" +type: Opaque diff --git a/collections/ansible_collections/demo/openshift/roles/eda_controller/templates/eda_controller.j2 b/collections/ansible_collections/demo/openshift/roles/eda_controller/templates/eda_controller.j2 new file mode 100644 index 0000000..bf3e9a1 --- /dev/null +++ b/collections/ansible_collections/demo/openshift/roles/eda_controller/templates/eda_controller.j2 @@ -0,0 +1,26 @@ +--- +apiVersion: eda.ansible.com/v1alpha1 +kind: EDA +metadata: + name: {{ eda_controller_project_app_name }} + namespace: {{ eda_controller_project }} +spec: + route_tls_termination_mechanism: Edge + ingress_type: Route + loadbalancer_port: 80 + no_log: true + image_pull_policy: IfNotPresent + ui: + replicas: 1 + set_self_labels: true + api: + gunicorn_workers: 2 + replicas: 1 + redis: + replicas: 1 + admin_user: admin + loadbalancer_protocol: http + worker: + replicas: 3 + automation_server_url: '{{ lookup('ansible.builtin.env', 'CONTROLLER_HOST') }}' + admin_password_secret: {{ eda_controller_project_app_name }}-admin-password diff --git a/openshift/eda/install.yml b/openshift/eda/install.yml new file mode 100644 index 0000000..ef7e4c6 --- /dev/null +++ b/openshift/eda/install.yml @@ -0,0 +1,8 @@ +--- +- name: Deploy EDA Controller attached to the same AAP + hosts: localhost + gather_facts: false + tasks: + - name: Include role + ansible.builtin.include_role: + name: demo.openshift.eda_controller diff --git a/openshift/setup.yml b/openshift/setup.yml index 141025c..e8ec117 100644 --- a/openshift/setup.yml +++ b/openshift/setup.yml @@ -56,9 +56,23 @@ controller_inventory_sources: source_project: Ansible official demo project source_path: openshift/inventory.kubevirt.yml credential: OCP-V Inventory Credential + update_on_launch: false controller_templates: - - name: OpenShift / CNV / Install + - name: OpenShift / EDA / Install Controller + job_type: run + inventory: "Demo Inventory" + project: "Ansible official demo project" + playbook: "openshift/eda/install.yml" + notification_templates_started: Telemetry + notification_templates_success: Telemetry + notification_templates_error: Telemetry + survey_enabled: true + credentials: + - "OpenShift Credential" + - "Controller Credential" + + - name: OpenShift / CNV / Install Operator job_type: run inventory: "Demo Inventory" project: "Ansible official demo project"