mgmt-23250: Expose AAP configuration from the LZ

Signed-off-by: Manuel Lorenzo <mlorenzofr@redhat.com>

Author: mlorenzofr

defaults/vmaas_operators.yaml

@@ -13,3 +13,11 @@ aap_bootstrap_job:
   tag: latest
 
 aap_license_file: "{{ workingDir }}/config/aap-license.zip"
+aap_archive_tmp_dir: "/tmp/aap-config-source"
+aap_config_repo: "https://github.com/osac-project/osac-aap-config.git"
+aap_config_version: "main"
+aap_archive_image: "registry.redhat.io/ubi9/nginx-126@sha256:d68c1643e3a1184c38f87391fd1054724d8ed2e14324c090091d6c724dc1c335"
+aap_archive_port: 4480
+aap_archive_authfile: "{{ workingDir }}/config/pull-secret.json"
+aap_archive_dest: "{{ workingDir }}/files/aap-config-archive.tar.gz"
+aap_archive_refresh: false  # Set to true to force a refresh of the AAP configuration archive

playbooks/06-day2.yaml

@@ -86,7 +86,11 @@
       ansible.builtin.include_tasks:
         file: tasks/vmaas_validation.yaml
         apply:
-          tags: vmaas
+          tags:
+            - vmaas
+            - aap_archive_service
           environment:
             KUBECONFIG: "{{ workingDir }}/ocp-cluster/auth/kubeconfig"
-      tags: vmaas
+      tags:
+        - vmaas
+        - aap_archive_service

playbooks/tasks/aap_archive_service.yaml

@@ -0,0 +1,62 @@
+---
+- name: "Check if the repository tarball exists"
+  ansible.builtin.stat:
+    path: "{{ aap_archive_dest }}"
+  register: __aap_archive_tarball_exists
+  failed_when: false
+  changed_when: false
+
+# If the repository tarball exists, you can force a refresh by setting aap_archive_refresh to true
+- name: "Package AAP configuration repository and serve via HTTP"
+  block:
+    - name: "Create temporary directory"
+      ansible.builtin.file:
+        path: "{{ aap_archive_tmp_dir }}"
+        state: directory
+        mode: "0750"
+
+    - name: "Clone the configuration repository"
+      ansible.builtin.git:
+        repo: "{{ aap_config_repo }}"
+        dest: "{{ aap_archive_tmp_dir }}"
+        version: "{{ aap_config_version }}"
+
+    - name: "Create tarball of the repository"
+      ansible.builtin.archive:
+        path: "{{ aap_archive_tmp_dir }}"
+        dest: "{{ aap_archive_dest }}"
+        format: gz
+      ignore_errors: "{{ ansible_check_mode }}"
+
+    - name: "Set container recreate flag"
+      ansible.builtin.set_fact:
+        __aap_archive_container_recreate: true
+  always:
+    - name: "Remove temporary directory"
+      ansible.builtin.file:
+        path: "{{ aap_archive_tmp_dir }}"
+        state: absent
+      no_log: true
+  when: >
+    __aap_archive_tarball_exists.stat.exists is false or
+    __aap_archive_tarball_exists.stat.exists is not defined or
+    aap_archive_refresh | default(false) | bool
+
+- name: "Run container to publish the AAP configuration"
+  containers.podman.podman_container:
+    name: "aap-archive-srv"
+    image: "{{ aap_archive_image }}"
+    authfile: "{{ aap_archive_authfile }}"
+    state: started
+    restart_policy: always
+    recreate: "{{ __aap_archive_container_recreate | default(false) | bool }}"
+    user: "1001"
+    command: "/usr/libexec/s2i/run"
+    security_opt:
+      - no-new-privileges
+    cap_drop:
+      - ALL
+    volumes:
+      - "{{ aap_archive_dest }}:/opt/app-root/src/aap-config-archive.tar.gz:Z"
+    publish:
+      - "{{ aap_archive_port }}:8080"

playbooks/tasks/vmaas_validation.yaml

@@ -33,10 +33,17 @@
     not __aap_license_stat.stat.exists | bool
 
 - name: "Deploy VMaaS"
-  ansible.builtin.include_tasks:
-    file: vmaas.yaml
-    apply:
-      tags: vmaas
+  block:
+    - name: "Deploy AAP configuration archive service in the LZ"
+      ansible.builtin.include_tasks:
+        file: aap_archive_service.yaml
+        apply:
+          tags: aap_archive_service
+    - name: "Deploy VMaaS"
+      ansible.builtin.include_tasks:
+        file: vmaas.yaml
+        apply:
+          tags: vmaas
   when:
     - vmaas_clusters | length > 0
     - __aap_license_stat.stat.exists is defined

playbooks/templates/aap-config.yaml.j2

@@ -5,4 +5,5 @@ metadata:
   namespace: {{ aap_ns | default('ansible-aap') }}
 type: Opaque
 stringData:
+  AAP_PROJECT_ARCHIVE_URI: "http://{{ lzBmcIP }}:{{ aap_archive_port }}/aap-config-archive.tar.gz"
   REMOTE_CLUSTER_KUBECONFIG_SECRET_NAME: "{{ aap_kubeconfig_secret_name | default('vmaas-cluster-kubeconfig') }}"