Bring Ansible Edge GitOps level with Federated Edge Observability

Changes.md

@@ -53,16 +53,19 @@
 * Remove ODF overrides from OCP 4.12/3 that force storageClass to gp2; all released versions should use gp3-csi now.
 * Include overrides for OCP 4.12 and OCP 4.13 to use the older `ocs-storagecluster-ceph-rbd` storageClass.
 
-## Changes for v2.0 (TBD)
+## Changes for v2.0 (March 5, 2025)
 
 * Split HMI Demo Project out to separate [repository](https://github.com/validatedpatterns-demos/rhvp.ansible_edge_hmi)
 * Split HMI Config out to separate [repository](https://github.com/validatedpatterns-demos/ansible-edge-gitops-hmi-config-as-code.git)
 * Drop the custom execution environment because AAP can resolve these dependencies itself
 * Switch to modular common
 * Use the Validated Patterns ODF Chart (dropping our custom version)
-* Comment out portworx install and test, as the only OCP version that supports is 4.12, which is now past
+* Drop portworx chart and Makefile targets, as the only OCP version that supports is 4.12, which is now past
   the end of its maintenance support lifecycle.
 * Refactor installation mechannism to use standard configuration-as-code approach, which will make it easier to drop
   in a new config-as-code repository.
 * Move VM definitions outside of edge-gitops-vms chart so that derived patterns do not inherit the HMI kiosks. Kiosk
   VMs now defined by default in overrides.
+* Use Validated Patterns charts for Installing Ansible Automation Platform, OpenShift Virtualization, and
+  edge-gitops-vms.
+* Switch to AAP-2.5 support as provided by Validated Patterns aap-config chart.

Makefile

@@ -14,9 +14,6 @@ help:
 install upgrade deploy: operator-deploy post-install ## Install or upgrade the pattern via the operator
 	echo "Installed/Upgraded"
 
-#portworx-install portworx-upgrade portworx-deploy: ## Install with portworx instead
-#	EXTRA_HELM_OPTS='-f values-portworx.yaml' make install
-
 post-install: ## Post-install tasks - load-secrets
 	make load-secrets
 	echo "Post-deploy complete"
@@ -31,9 +28,6 @@ test: ## Run tests
 	@set -e; for i in $(CHARTS); do echo "$${i}"; helm template "$${i}"; done
 	echo Tests SUCCESSFUL
 
-#portworx-test:
-#	EXTRA_HELM_OPTS='-f values-portworx.yaml' make test
-
 update-tests: ## Update test results
 	./scripts/update-tests.sh $(CHART_OPTS)
 

ansible/ansible_get_credentials.yml

@@ -13,7 +13,7 @@
         api_version: route.openshift.io/v1
         kind: Route
         namespace: ansible-automation-platform
-        name: controller
+        name: aap
       register: aap_host
       until: aap_host.resources | length == 1
       retries: 20
@@ -27,7 +27,7 @@
       kubernetes.core.k8s_info:
         kind: Secret
         namespace: ansible-automation-platform
-        name: controller-admin-password
+        name: aap-admin-password
       register: admin_pw
       until: admin_pw.resources | length == 1
       retries: 20

ansible/odf_fix_dataimportcrons.yml

@@ -0,0 +1,138 @@
+#!/usr/bin/env ansible-playbook
+---
+# This workaround was implemented to fix a problem where openshift-cnv would
+# not recognize a default virt storage class change and change the format of
+# datasources. The issue was fixed in OpenShift Virtualization 4.16.4.
+- name: Determine if we have PVC clean-up to do
+  become: false
+  connection: local
+  hosts: localhost
+  gather_facts: false
+  vars:
+    kubeconfig: "{{ lookup('env', 'KUBECONFIG') }}"
+    dataimportcron_cleanup: false
+    image_cleanup_namespace: "openshift-virtualization-os-images"
+    cluster_version: "{{ global['clusterVersion'] | default('UNSET') }}"
+  tasks:
+    - name: Check cluster version
+      ansible.builtin.debug:
+        var: cluster_version
+
+    - name: Exit if normal version check is not right
+      ansible.builtin.meta: end_play
+      when: cluster_version not in [ '4.17', '4.16', 'UNSET' ]
+
+    - name: Find default storageclass
+      ansible.builtin.shell: |
+        set -o pipefail
+        oc get storageclass -o json | jq -r '.items[] | select(.metadata.annotations."storageclass.kubernetes.io/is-default-class")'
+      register: default_sc_output
+      changed_when: false
+
+    - name: Find virtualization default storageclass
+      ansible.builtin.shell: |
+        set -o pipefail
+        oc get storageclass -o json | jq -r '.items[] | select(.metadata.annotations."storageclass.kubevirt.io/is-default-virt-class")'
+      register: default_virt_sc_output
+      changed_when: false
+
+    - name: Compare default virtualization storageclass and default storageclass to determine whether to clean PVCs
+      block:
+        - name: Parse results
+          ansible.builtin.set_fact:
+            default_sc: '{{ default_sc_output.stdout | from_json }}'
+            default_virt_sc: '{{ default_virt_sc_output.stdout | from_json }}'
+
+        - name: Commit to dataimportcron cleanup
+          ansible.builtin.set_fact:
+            dataimportcron_cleanup: true
+          when:
+            - default_virt_sc.metadata.name == "ocs-storagecluster-ceph-rbd-virtualization"
+            - default_sc.metadata.name != default_virt_sc.metadata.name
+      rescue:
+        - name: Note that we exited
+          ansible.builtin.debug:
+            msg: "Caught an error before we could determine to clean up dataimportcrons, exiting"
+
+        - name: End play (successfully)
+          ansible.builtin.meta: end_play
+
+    - name: Cleanup incorrect datasourceimport images (PVCs)
+      when:
+        - dataimportcron_cleanup
+      block:
+        - name: Find dataimportcrons
+          kubernetes.core.k8s_info:
+            kind: dataimportcron
+            namespace: '{{ image_cleanup_namespace }}'
+            api_version: cdi.kubevirt.io/v1beta1
+          register: dic_list
+
+        - name: Extract dic names
+          ansible.builtin.set_fact:
+            dic_names: "{{ dic_names | default([]) + [ item.metadata.name ] }}"
+          loop: "{{ dic_list.resources }}"
+
+        - name: Show names
+          ansible.builtin.debug:
+            var: dic_names
+
+        - name: Find datasources to cleanup
+          kubernetes.core.k8s_info:
+            kind: datasource
+            namespace: '{{ image_cleanup_namespace }}'
+            api_version: cdi.kubevirt.io/v1beta1
+          register: ds_cleanup_list
+
+        - name: Keep track of objects to remove
+          ansible.builtin.set_fact:
+            cron_cleanups: []
+            ds_cleanups: []
+
+        - name: Record datasources that need cleanup
+          ansible.builtin.set_fact:
+            cron_cleanups: "{{ cron_cleanups + [ item.metadata.labels['cdi.kubevirt.io/dataImportCron'] ] }}"
+            ds_cleanups: "{{ ds_cleanups + [ item.metadata.name ] }}"
+          loop: "{{ ds_cleanup_list.resources }}"
+          when:
+            - item['metadata']['labels']['cdi.kubevirt.io/dataImportCron'] is defined
+            - item['metadata']['labels']['cdi.kubevirt.io/dataImportCron'] in dic_names
+            - item.status.conditions[0].message != "DataSource is ready to be consumed"
+
+        - name: Check on removables
+          ansible.builtin.debug:
+            msg:
+              - "cron_cleanups: {{ cron_cleanups }}"
+              - "ds_cleanups: {{ ds_cleanups }}"
+
+        - name: Delete datasources in cleanup list
+          kubernetes.core.k8s:
+            kind: datasource
+            namespace: '{{ image_cleanup_namespace }}'
+            api_version: cdi.kubevirt.io/v1beta1
+            name: "{{ item }}"
+            state: absent
+          loop: "{{ ds_cleanups }}"
+
+        - name: Delete datavolumes in cleanup list
+          kubernetes.core.k8s:
+            kind: datavolume
+            namespace: '{{ image_cleanup_namespace }}'
+            api_version: cdi.kubevirt.io/v1beta1
+            label_selectors:
+              - 'cdi.kubevirt.io/dataImportCron={{ item }}'
+            state: absent
+          loop: "{{ cron_cleanups }}"
+
+        - name: Delete dataimportcrons in cleanup list
+          kubernetes.core.k8s:
+            kind: dataimportcron
+            namespace: '{{ image_cleanup_namespace }}'
+            api_version: cdi.kubevirt.io/v1beta1
+            name: "{{ item }}"
+            state: absent
+          loop: "{{ cron_cleanups }}"
+      rescue:
+        - name: Note that we exited
+          ansible.builtin.debug:
+            msg: "Caught an error while cleaning up dataimportcrons, exiting"

overrides/values-aap-config-aeg.yaml

@@ -0,0 +1,4 @@
+---
+agof:
+  iac_repo: https://github.com/validatedpatterns-demos/ansible-edge-gitops-hmi-config-as-code.git
+  iac_revision: main

values-hub.yaml

@@ -10,12 +10,13 @@ clusterGroup:
     - openshift-cnv
     - openshift-storage
     - edge-gitops-vms
+    - aap-config
 
   subscriptions:
     aap-operator:
       name: ansible-automation-platform-operator
       namespace: ansible-automation-platform
-      channel: stable-2.4
+      channel: stable-2.5
 
     openshift-virtualization:
       name: kubevirt-hyperconverged
@@ -35,21 +36,17 @@ clusterGroup:
         playbook: ansible/deploy_kubevirt_worker.yml
         verbosity: -vvv
       - name: clean-golden-images
-        playbook: ansible/odf_clean_pvcs.yml
-        image: quay.io/hybridcloudpatterns/utility-container:latest
+        playbook: ansible/odf_fix_dataimportcrons.yml
         verbosity: -vvv
-      - name: configure-aap-controller
-        playbook: ansible/imperative_configure_aap.yml
-        image: quay.io/hybridcloudpatterns/utility-container:latest
-        verbosity: -vvv
-        timeout: "900"
     clusterRoleYaml:
       - apiGroups:
           - "*"
         resources:
           - machinesets
           - persistentvolumeclaims
           - datavolumes
+          - dataimportcrons
+          - datasources
         verbs:
           - "*"
       - apiGroups:
@@ -64,13 +61,19 @@ clusterGroup:
   applications:
     aap:
       name: ansible-automation-platform
+      namespace: ansible-automation-platform
       project: hub
-      path: charts/hub/ansible-automation-platform
+      chart: ansible-automation-platform-instance
+      chartVersion: 0.1.*
 
     aap-config:
       name: aap-config
+      namespace: aap-config
       project: hub
-      path: charts/hub/aap-config
+      chart: aap-config
+      chartVersion: 0.1.*
+      extraValueFiles:
+        - '$patternref/overrides/values-aap-config-aeg.yaml'
 
     vault:
       name: vault
@@ -90,7 +93,8 @@ clusterGroup:
       name: openshift-cnv
       namespace: openshift-cnv
       project: hub
-      path: charts/hub/cnv
+      chart: openshift-virtualization-instance
+      chartVersion: 0.1.*
 
     odf:
       name: odf
@@ -105,10 +109,10 @@ clusterGroup:
       name: edge-gitops-vms
       namespace: edge-gitops-vms
       project: hub
-      path: charts/hub/edge-gitops-vms
+      chart: edge-gitops-vms
+      chartVersion: 0.2.*
       extraValueFiles:
         - '$patternref/overrides/values-egv-vms.yaml'
-        - '$patternref/overrides/values-egv-{{ $.Values.global.clusterVersion }}.yaml'
 
   # Only the hub cluster here - managed entities are edge nodes
   managedClusterGroups: []

values-secret.yaml.template

@@ -2,14 +2,6 @@
 # NEVER COMMIT THESE VALUES TO GIT
 version: "2.0"
 secrets:
-  - name: aws-creds
-    fields:
-    - name: aws_access_key_id
-      value: "An aws access key that can provision VMs and manage IAM (if using portworx)"
-
-    - name: aws_secret_access_key
-      value: "An aws access secret key that can provision VMs and manage IAM (if using portworx)"
-
   - name: vm-ssh
     fields:
     - name: username
@@ -48,3 +40,14 @@ secrets:
     - name: b64content
       path: 'full pathname of file containing Satellite Manifest for entitling Ansible Automation Platform'
       base64: true
+
+  - name: automation-hub-token
+    fields:
+    - name: token
+      value: 'An automation hub token for retrieving Certified and Validated Ansible content'
+
+  - name: agof-vault-file
+    fields:
+    - name: agof-vault-file
+      path: 'full pathname of a valid agof_vault file for secrets to overlay the iac config'
+      base64: true