Add OCP-CNV patching demo (#140)

Author: l3acon

ansible-navigator.yml

@@ -0,0 +1,131 @@
+Role Name
+=========
+
+This Ansible role helps configure Operators on the Openshift Cluster to support VM migrations. Tasks include
+- Configure Catalog Sources to use mirroring repository for Operators
+- Create and configure Operators
+
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+The task `operators/catalog_sources.yml` needs following variables:
+
+- **Variable Name**: `cluster_config_catalog_sources`
+  - **Type**: List
+  - **Description**: A list of custom CatalogSources configurations used as loop variables to generate Kubernetes manifest files from the  template `catalog_source.j2` for CatalogSource. If the variable is not available, no manifest is created.
+  - **Example**:
+    ```yaml
+    cluster_config_catalog_sources:
+      - name: redhat-marketplace2
+        source_type: grpc
+        display_name: Mirror to Red Hat Marketplace
+        image_path: internal-registry.example.com/operator:v1
+        priority: '-300'
+        icon:
+          base64data: ''
+          mediatype: ''
+        publisher: redhat
+        address: ''
+        grpc_pod_config: |
+          nodeSelector:
+            kubernetes.io/os: linux
+            node-role.kubernetes.io/master: ''
+          priorityClassName: system-cluster-critical
+          securityContextConfig: restricted
+          tolerations:
+            - effect: NoSchedule
+              key: node-role.kubernetes.io/master
+              operator: Exists
+            - effect: NoExecute
+              key: node.kubernetes.io/unreachable
+              operator: Exists
+              tolerationSeconds: 120
+            - effect: NoExecute
+              key: node.kubernetes.io/not-ready
+              operator: Exists
+              tolerationSeconds: 120
+        registry_poll_interval: 10m
+    ```
+
+The task `operators/operator_config.yaml` needs following variables:
+
+- **Variable Name**: `cluster_config_operators`
+  - **Type**: List
+  - **Description**: A list of operators to be installed on OCP cluster
+- **Variable Name**: `cluster_config_[OPERATOR_NAME]`
+  - **Type**: Dict
+  - **Description**: Configuration specific to each operator listed in `cluster_config_operators`. Includes settings for namespace, operator group, subscription, and any extra resources
+  - **Example**: Assume the `cluster_config_operators` specifies these operators:
+  ```yaml
+  cluster_config_operators:
+    - cnv
+    - oadp
+  ```
+  then the corresponding `cluster_config_mtv` and `cluster_config_cnv` can be configured as following:
+  ```yaml
+  cluster_config_cnv_namespace: openshift-cnv
+  cluster_config_cnv:
+  namespace:
+    name: "{{ cluster_config_cnv_namespace }}"
+  operator_group:
+    name: kubevirt-hyperconverged-group
+    target_namespaces:
+      - "{{ cluster_config_cnv_namespace }}"
+  subscription:
+    name: kubevirt-hyperconverged
+    starting_csv: kubevirt-hyperconverged-operator.v4.13.8
+  extra_resources:
+    - apiVersion: hco.kubevirt.io/v1beta1
+      kind: HyperConverged
+      metadata:
+        name: kubevirt-hyperconverged
+        namespace: "{{ cluster_config_cnv_namespace }}"
+      spec:
+        BareMetalPlatform: true
+
+  cluster_config_oadp_namespace: openshift-adp
+  cluster_config_oadp:
+  namespace:
+    name: "{{ cluster_config_oadp_namespace }}"
+  operator_group:
+    name: redhat-oadp-operator-group
+    target_namespaces:
+      - "{{ cluster_config_oadp_namespace }}"
+  subscription:
+    name: redhat-oadp-operator-subscription
+    spec_name: redhat-oadp-operator
+  ```
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+An example of configuring a CatalogSource resource:
+```
+- name: Configure Catalog Sources for Operators
+  hosts: localhost
+  gather_facts: false
+  tasks:
+    - ansible.builtin.include_role:
+        name: cluster_config
+        tasks_from: operators/catalog_sources
+```
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

collections/ansible_collections/demo/openshift/roles/cluster_config/README.md

@@ -0,0 +1,23 @@
+---
+# defaults file for cluster_config
+cluster_config_operators:
+  - cnv
+
+cluster_config_cnv:
+  checkplan: true
+  namespace:
+    name: &cluster_config_cnv_namespace openshift-cnv
+  operator_group:
+    name: kubevirt-hyperconverged-group
+    target_namespaces:
+      - *cluster_config_cnv_namespace
+  subscription:
+    name: kubevirt-hyperconverged
+  extra_resources:
+    - apiVersion: hco.kubevirt.io/v1beta1
+      kind: HyperConverged
+      metadata:
+        name: kubevirt-hyperconverged
+        namespace: *cluster_config_cnv_namespace
+      spec:
+        BareMetalPlatform: true

collections/ansible_collections/demo/openshift/roles/cluster_config/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+# handlers file for cluster_config

collections/ansible_collections/demo/openshift/roles/cluster_config/handlers/main.yml

@@ -0,0 +1,3 @@
+---
+- name: Configure Operators
+  ansible.builtin.import_tasks: operators/operator_config.yml

collections/ansible_collections/demo/openshift/roles/cluster_config/tasks/main.yml

@@ -0,0 +1,37 @@
+---
+- name: Retrieve Operator name
+  ansible.builtin.set_fact:
+    _operator: "{{ vars['cluster_config_' + _operator_name] }}"
+- name: Configure Operator {{ _operator_name }}
+  redhat.openshift.k8s:
+    state: present
+    template:
+      - operators/namespace.yml.j2
+      - operators/operator_group.yml.j2
+      - operators/subscription.yml.j2
+- name: Query for install plan
+  kubernetes.core.k8s_info:
+    api_version: operators.coreos.com/v1alpha1
+    kind: InstallPlan
+    namespace: "{{ _operator.namespace.name }}"
+  register: r_install_plans
+  retries: 30
+  delay: 5
+  until:
+    - r_install_plans.resources | default([]) | length > 0
+    - r_install_plans.resources[0].status is defined
+    - r_install_plans.resources[0].status.phase == "Complete"
+  when:
+    - _operator.checkplan is defined
+    - _operator.checkplan | bool
+
+- name: Configure extra resources for Operator {{ _operator_name }}
+  redhat.openshift.k8s:
+    state: present
+    definition: "{{ item }}"
+  register: creation_result
+  loop: "{{ _operator.extra_resources }}"
+  retries: 30
+  delay: 5
+  until: creation_result is success
+  when: _operator.extra_resources is defined

collections/ansible_collections/demo/openshift/roles/cluster_config/tasks/operators/_operator_config_item.yml

@@ -0,0 +1,7 @@
+---
+- name: Configure custom CatalogSource for Operators
+  redhat.openshift.k8s:
+    state: present
+    template: operators/catalog_source.j2
+  loop: "{{ cluster_config_catalog_sources }}"
+  when: cluster_config_catalog_sources is defined

collections/ansible_collections/demo/openshift/roles/cluster_config/tasks/operators/catalog_sources.yml

@@ -0,0 +1,59 @@
+---
+- name: Create node-health-check operator namespace
+  redhat.openshift.k8s:
+    name:  openshift-workload-availability
+    api_version: v1
+    kind: Namespace
+    state: present
+
+- name: Create node-health-check operator group
+  redhat.openshift.k8s:
+    state: present
+    definition:
+      apiVersion: operators.coreos.com/v1
+      kind: OperatorGroup
+      metadata:
+        generateName: openshift-workload-availability-
+        annotations:
+          olm.providedAPIs: >-
+            NodeHealthCheck.v1alpha1.remediation.medik8s.io,SelfNodeRemediation.v1alpha1.self-node-remediation.medik8s.io,SelfNodeRemediationConfig.v1alpha1.self-node-remediation.medik8s.io,SelfNodeRemediationTemplate.v1alpha1.self-node-remediation.medik8s.io
+        namespace: openshift-workload-availability
+      spec:
+        upgradeStrategy: Default
+
+- name: Create node-health-check operator subscription
+  redhat.openshift.k8s:
+    state: present
+    definition:
+      apiVersion: operators.coreos.com/v1alpha1
+      kind: Subscription
+      metadata:
+        labels:
+          operators.coreos.com/node-healthcheck-operator.openshift-workload-availability: ''
+        name: node-health-check-operator
+        namespace: openshift-workload-availability
+      spec:
+        channel: stable
+        installPlanApproval: Automatic
+        name: node-healthcheck-operator
+        source: redhat-operators
+        sourceNamespace: openshift-marketplace
+
+- name: Create Self Node Remediation subscription
+  redhat.openshift.k8s:
+    state: present
+    definition:
+      apiVersion: operators.coreos.com/v1alpha1
+      kind: Subscription
+      metadata:
+        name: self-node-remediation-stable-redhat-operators-openshift-marketplace
+        namespace: openshift-workload-availability
+        labels:
+          operators.coreos.com/self-node-remediation.openshift-workload-availability: ''
+      spec:
+        channel: stable
+        installPlanApproval: Automatic
+        name: self-node-remediation
+        source: redhat-operators
+        sourceNamespace: openshift-marketplace
+        startingCSV: self-node-remediation.v0.8.0

collections/ansible_collections/demo/openshift/roles/cluster_config/tasks/operators/node-health-check.yml

@@ -0,0 +1,6 @@
+---
+- name: Configure Operators
+  ansible.builtin.include_tasks: _operator_config_item.yml
+  loop: "{{ cluster_config_operators }}"
+  loop_control:
+    loop_var: _operator_name

collections/ansible_collections/demo/openshift/roles/cluster_config/tasks/operators/operator_config.yml

@@ -0,0 +1,34 @@
+apiVersion: operators.coreos.com/v1alpha1
+kind: CatalogSource
+metadata:
+  name: {{ item.name }}
+  namespace: openshift-marketplace
+spec:
+  sourceType: {{ item.source_type | d('grpc',true) }}
+  image: {{ item.image_path }}
+  {% if item.display_name is defined -%}
+  displayName: {{ item.display_name }}
+  {% endif -%}
+  {% if item.priority is defined -%}
+  priority: {{ item.priority }}
+  {% endif -%}
+  {% if item.grpc_pod_config is defined -%}
+  grpcPodConfig:
+    {{ item.grpc_pod_config | indent(4) }}
+  {% endif -%}
+  {% if item.icon is defined -%}
+  icon:
+    base64data: '{{ item.icon.base64data or ''  }}'
+    mediatype: '{{ item.icon.mediatype or '' }}'
+  {% endif -%}
+  {% if item.publisher is defined -%}
+  publisher: {{ item.publisher }}
+  {% endif -%}
+  {% if item.address is defined -%}
+  address: {{ item.address }}
+  {% endif -%}
+  {% if item.registry_poll_interval is defined -%}
+  updateStrategy:
+    registryPoll:
+      interval: {{ item.registry_poll_interval }}
+  {% endif -%}

collections/ansible_collections/demo/openshift/roles/cluster_config/templates/operators/catalog_source.j2

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+    name: {{ _operator.namespace.name }}
+{% if _operator.namespace.labels is defined %}
+    labels:
+      {% for key, value in _operator.namespace.labels.items() -%}
+      {{ key }}: "{{ value }}"
+      {% endfor -%}
+{% endif -%}

collections/ansible_collections/demo/openshift/roles/cluster_config/templates/operators/namespace.yml.j2

@@ -0,0 +1,12 @@
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: {{ _operator.operator_group.name }}
+  namespace: {{ _operator.operator_group.namespace | d(_operator.namespace.name, true) }}
+spec:
+  {% if _operator.operator_group.target_namespaces is defined -%}
+  targetNamespaces:
+  {% for item in _operator.operator_group.target_namespaces %}
+    - {{ item }}
+  {% endfor %}
+  {% endif -%}

collections/ansible_collections/demo/openshift/roles/cluster_config/templates/operators/operator_group.yml.j2

@@ -0,0 +1,14 @@
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: {{ _operator.subscription.name }}
+  namespace: "{{ _operator.subscription.namespace | d(_operator.namespace.name, true) }}"
+spec:
+  channel: {{ _operator.subscription.channel | d('stable', true) }}
+  installPlanApproval: {{ _operator.subscription.install_plan_approval | d('Automatic', true) }}
+  name: {{ _operator.subscription.spec_name | d(_operator.subscription.name, true) }}
+  source: {{ _operator.subscription.source | d('redhat-operators', true) }}
+  sourceNamespace: {{ _operator.subscription.source_namespace | d('openshift-marketplace', true) }}
+{% if _operator.subscription.starting_csv is defined %}
+  startingCSV: {{ _operator.subscription.starting_csv }}
+{% endif -%}

collections/ansible_collections/demo/openshift/roles/cluster_config/templates/operators/subscription.yml.j2

@@ -0,0 +1 @@
+localhost

collections/ansible_collections/demo/openshift/roles/cluster_config/tests/inventory

@@ -0,0 +1,6 @@
+---
+- name: Include cluster_config role
+  hosts: localhost
+  remote_user: root
+  roles:
+    - cluster_config

collections/ansible_collections/demo/openshift/roles/cluster_config/tests/test.yml

@@ -0,0 +1,2 @@
+---
+# vars file for cluster_config

collections/ansible_collections/demo/openshift/roles/cluster_config/vars/main.yml

@@ -0,0 +1,36 @@
+build_report_linux_patch
+========
+
+Installs Apache and creates a report based on facts from Linux patching
+
+Requirements
+------------
+
+Must run on Apache server
+
+Role Variables / Configuration
+--------------
+
+N/A
+
+Dependencies
+------------
+
+N/A
+
+Example Playbook
+----------------
+
+The role can be used to create an html report on any number of Linux hosts using any number of Linux servers about their patching results(yum and dnf)
+
+
+```
+---
+- hosts: all
+
+  tasks:
+  - name: Run Windows Report
+    import_role:
+      name: shadowman.reports.build_report_linux_patch
+
+```