[IDG-15757] - [API] Improve our development env for OpenShift

Signed-off-by: Mauricio Magnani <[email protected]>

Author: msmagnanijr

automation/README.md

@@ -0,0 +1,45 @@
+Overview
+--------
+
+This is a ansible based project to deploy all eda-server related components.
+
+Pre-requisites
+--------------
+
+Minikube - https://minikube.sigs.k8s.io/docs ( `minikube addons enable ingress`, `minikube addons enable storage-provisioner` and `minikube addons enable default-storageclass` )
+
+Red Hat OpenShift Local - https://developers.redhat.com/products/openshift-local/overview
+
+Ansible - https://github.com/ansible/ansible
+
+Kubernetes Collection for Ansible - `ansible-galaxy collection install kubernetes.core`
+
+
+Usage
+--------------
+
+Make sure that your Minikube or Openshift Local is running.
+
+After that, review the variables and make any necessary customizations. This can be done in the file:
+
+```bash
+group_vars/all/vars.yml
+ ```
+
+The following variables can be customized to determine whether a specific action is executed or not.
+
+**env_type**: This variable supports `"minikube"` or `"openshift"` as the execution target.
+
+**eda_deploy_operator**: This variable must be set to `"true"` for the eda-server-operator to be installed.
+
+**eda_deploy_server**: This variable must be set to `"true"` for eda-server to be installed. At this moment, this installation still relies on the eda-server-operator, as everything is based on the "eda" crd.
+
+**awx_deploy_operator**: This variable must be set to `"true"` for the awx-server-operator to be installed.
+
+**awx_deploy_server**: This variable must be set to `"true"` for awx-server to be installed. At this moment, this installation still relies on the awx-server-operator, as everything is based on the "awx" crd.
+
+To run, simply be in the same directory as the `playbook.yaml` file and execute the command: `ansible-playbook playbook.yaml`
+
+At the end of the execution, you should have all components installed in the namespace defined in the variable `eda_namespace`
+
+In openshift-local (crc) you can access the UI at `eda-aap-eda.apps-crc.testing` and in minikube at `eda.local`

automation/ansible.cfg

@@ -0,0 +1,4 @@
+[defaults]
+host_key_checking = False
+retry_files_enabled = False
+callback_whitelist = profile_tasks

automation/group_vars/all/vars.yaml

@@ -0,0 +1,94 @@
+---
+ansible_python_interpreter: /usr/bin/env python
+
+env_type: openshift #openshift
+eda_deploy_operator: "true"
+eda_deploy_server: "true"
+
+eda_namespace: aap-eda
+
+eda_operator:
+  api_version: kustomize.config.k8s.io/v1beta1
+  namespace: aap-eda
+  disable_name_suffix_hash: true
+  secret_generator_name: redhat-operators-pull-secret
+  operator_literal: eda
+  resource_url: github.com/ansible/eda-server-operator/config/default?ref=0.0.11
+  image_name: quay.io/ansible/eda-server-operator
+  image_new_tag: 0.0.11
+
+eda_operator_files_path: roles/eda-deploy-operator/files
+eda_server_files_path:  roles/eda-deploy-server/files
+
+eda_server:
+  pvc_name: eda-postgres-13-volume
+  access_modes: ReadWriteOnce
+  storage_request: 500Mi
+  namespace: aap-eda
+  admin_user: admin
+  admin_password_secret: eda-admin-password
+  automation_server_url: https://awx.local
+  automation_server_ssl_verify: "no"
+  image: quay.io/ansible/eda-server
+  image_version: sha-98eaec9
+  image_web: quay.io/ansible/eda-ui
+  image_web_version: 2.4.860
+  redis_image:
+  redis_image_version:
+  api:
+    replicas: 1
+  ui:
+    replicas: 1
+  worker:
+    replicas: 2
+  redis:
+    replicas: 1
+  database:
+    database_secret: eda-database-configuration
+    storage_requirements:
+      requests:
+        storage: 3Gi
+    resource_requirements:
+      requests: {}
+
+eda_server_kustomization:
+  eda_database_configuration_host: eda-postgres-13
+  eda_database_configuration_port: 5432
+  eda_database_configuration_database: eda
+  eda_database_configuration_username: eda
+  eda_database_configuration_password: testpass
+  eda_database_configuration_type: managed
+  eda_admin_password: testpass
+
+# AWX
+
+aws_deploy_operator: "false"
+aws_deploy_server: "false"
+awx_operator_files_path: roles/awx-deploy-operator/files
+awx_server_files_path:  roles/awx-deploy-server/files
+awx_namespace: aap-awx
+
+awx_operator:
+  disableNameSuffixHash: true
+  secretName: "redhat-operators-pull-secret"
+  operatorLiteral: "operator=awx"
+  awxOperatorConfigURL: "github.com/ansible/awx-operator/config/default?ref=2.10.0"
+  operatorImageName: "quay.io/ansible/awx-operator"
+  operatorImageTag: "2.10.0"
+
+awx_server:
+  pvc_name: awx-postgres-13-volume
+  access_modes: ReadWriteOnce
+  storage_request: 1000Mi
+  admin_user: admin
+  admin_password_secret: awx-admin-password
+
+awx_server_kustomization:
+  awx_database_configuration_host: awx-postgres-13
+  awx_database_configuration_port: 5432
+  awx_database_configuration_database: awx
+  awx_database_configuration_username: awx
+  awx_database_configuration_password: testpass
+  awx_database_configuration_type: managed
+  awx_admin_password: testpass
+

automation/hosts

@@ -0,0 +1,2 @@
+[all]
+localhost

automation/playbook.yaml

@@ -0,0 +1,14 @@
+- hosts: localhost
+  roles:
+
+    - name: eda-deploy-operator
+      when: eda_deploy_operator == "true"
+
+    - name: eda-deploy-server
+      when: eda_deploy_server == "true"
+
+    - name: awx-deploy-operator
+      when: aws_deploy_operator == "true"
+
+    - name: awx-deploy-server
+      when: aws_deploy_server == "true"

automation/roles/awx-deploy-operator/files/.gitkeep

@@ -0,0 +1,35 @@
+---
+- name: Check {{ env_type }} connection
+  block:
+    - k8s_info:
+        api_version: v1
+        kind: Pod
+        namespace: default
+        name: ansible-check-pod
+        kubeconfig: "{{ lookup('env', 'KUBECONFIG') }}"
+      register: k8s_info_result
+  rescue:
+    - fail:
+        msg: "Failed to connect to Kubernetes cluster. Please check your configuration and try again."
+  always:
+    - debug:
+        var: k8s_info_result
+
+- name: Create {{ awx_namespace }} namespace
+  k8s:
+    definition:
+      apiVersion: v1
+      kind: Namespace
+      metadata:
+        name: "{{ awx_namespace }}"
+  when: k8s_info_result is succeeded
+
+- name: Generate AWX Operator kustomization file
+  template:
+    src: kustomization-awx-operator.yaml.j2
+    dest: "{{ awx_operator_files_path }}/kustomization.yaml"
+
+- name: Apply AWX Operator kustomization file
+  k8s:
+    definition: "{{ lookup('pipe', 'kustomize build {{ awx_operator_files_path }}') }}"
+    state: present

automation/roles/awx-deploy-operator/tasks/main.yaml

@@ -0,0 +1,18 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: {{ awx_namespace }}
+
+generatorOptions:
+  disableNameSuffixHash: {{ awx_operator.disableNameSuffixHash | default('false') }}
+
+secretGenerator:
+  - name: {{ awx_operator.secretName }}
+    literals:
+      - operator={{ awx_operator.operatorLiteral }}
+
+resources:
+  - {{ awx_operator.awxOperatorConfigURL }}
+
+images:
+  - name: {{ awx_operator.operatorImageName }}
+    newTag: {{ awx_operator.operatorImageTag }}

automation/roles/awx-deploy-operator/templates/kustomization-awx-operator.yaml.j2

@@ -0,0 +1,80 @@
+---
+- name: Check {{ env_type }} connection
+  block:
+    - k8s_info:
+        api_version: v1
+        kind: Pod
+        namespace: default
+        name: ansible-check-pod
+        kubeconfig: "{{ lookup('env', 'KUBECONFIG') }}"
+      register: k8s_info_result
+  rescue:
+    - fail:
+        msg: "Failed to connect to Kubernetes cluster. Please check your configuration and try again."
+  always:
+    - debug:
+        var: k8s_info_result
+
+- name: Check if {{ awx_namespace }} namespace exists
+  k8s_info:
+    kind: Namespace
+    name: "{{ awx_namespace }}"
+    kubeconfig: "{{ lookup('env', 'KUBECONFIG') }}"
+  register: namespace_info
+  failed_when: namespace_info.resources|length == 0
+
+- name: Define the AWX Host
+  set_fact:
+    awx_host: "{{ 'awx.local' if env_type == 'minikube' else 'awx-aap-awx.apps-crc.testing' }}"
+
+- name: Generate private key
+  command: "openssl genpkey -algorithm RSA -out tls.key"
+  args:
+    chdir: "{{ awx_server_files_path }}"
+
+- name: Generate certificate signing request (CSR)
+  command: "openssl req -new -key tls.key -out csr.pem -subj '/CN={{ awx_host }}/O={{ awx_host }}' -addext 'subjectAltName=DNS:{{ awx_host }}'"
+  args:
+    chdir: "{{ awx_server_files_path }}"
+
+- name: Generate signed certificate
+  command: "openssl x509 -req -in csr.pem -signkey tls.key -out tls.crt -days 365"
+  args:
+    chdir: "{{ awx_server_files_path }}"
+
+- name: Remove temporary certificate signing request (CSR)
+  file:
+    path: "{{ awx_server_files_path }}/csr.pem"
+    state: absent
+
+- name: Define Ingress type
+  set_fact:
+    ingress_type: "{{ 'ingress' if env_type == 'minikube' else 'Route' }}"
+
+- name: Define the TLS termination Mechanism
+  set_fact:
+    tls_termination_mechanism: "{{ '' if env_type == 'minikube' else 'Edge' }}"
+
+- name: Define the PostgreSQL storage class
+  set_fact:
+    postgres_storage_class: "{{ 'standard' if env_type == 'minikube' else 'crc-csi-hostpath-provisioner' }}"
+
+- name: Generate AWX Server pvc file
+  template:
+    src: awx-server-pvc.yaml.j2
+    dest: "{{ awx_server_files_path }}/awx-server-pvc.yaml"
+
+- name: Generate AWX Server file
+  template:
+    src: awx-server.yaml.j2
+    dest: "{{ awx_server_files_path }}/awx-server.yaml"
+
+- name: Generate AWX Server kustomization file
+  template:
+    src: awx-server-kustomization.yaml.j2
+    dest: "{{ awx_server_files_path }}/kustomization.yaml"
+
+- name: Apply AWX Server kustomization file
+  k8s:
+    definition: "{{ lookup('pipe', 'kustomize build {{ awx_server_files_path }}') }}"
+    state: present

automation/roles/awx-deploy-server/files/.gitkeep

@@ -0,0 +1,33 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: {{ awx_namespace }}
+ 
+generatorOptions:
+  disableNameSuffixHash: true
+
+secretGenerator:
+ - name: awx-secret-tls
+   files:
+    - tls.crt
+    - tls.key
+
+secretGenerator: 
+  - name: awx-database-configuration
+    type: Opaque
+    literals:
+      - host={{ awx_server_kustomization.awx_database_configuration_host }}
+      - port={{ awx_server_kustomization.awx_database_configuration_port }}
+      - database={{ awx_server_kustomization.awx_database_configuration_database }}
+      - username={{ awx_server_kustomization.awx_database_configuration_username }}
+      - password={{ awx_server_kustomization.awx_database_configuration_password }}
+      - type=managed
+ 
+  - name: awx-admin-password
+    type: Opaque
+    literals:
+      - password={{ awx_server_kustomization.awx_admin_password }}
+
+resources:
+  - awx-server-pvc.yaml
+  - awx-server.yaml

automation/roles/awx-deploy-server/tasks/main.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ awx_server.pvc_name }}
+  namespace: {{ awx_namespace }}
+spec:
+  accessModes:
+    - "{{ awx_server.access_modes }}"
+  resources:
+    requests:
+      storage: {{ awx_server.storage_request }}
+status: {}

automation/roles/awx-deploy-server/templates/awx-server-kustomization.yaml.j2

@@ -0,0 +1,35 @@
+apiVersion: awx.ansible.com/v1beta1
+kind: AWX
+metadata:
+  name: awx
+spec:
+  admin_user: {{ awx_server.admin_user }}
+  admin_password_secret: {{ awx_server.admin_password_secret }}
+ 
+  route_tls_termination_mechanism: {{ tls_termination_mechanism }}
+  ingress_tls_secret: awx-secret-tls
+  ingress_type: {{ ingress_type }}
+  hostname: {{ awx_host }}
+  
+  postgres_configuration_secret: awx-postgres-configuration
+  
+  postgres_storage_requirements:
+    requests:
+      storage: 500Mi
+
+  projects_persistence: true
+  projects_existing_claim: awx-postgres-13-volume
+
+  web_replicas: 1
+  task_replicas: 1
+
+  postgres_init_container_resource_requirements: {}
+  postgres_resource_requirements: {}
+  web_resource_requirements: {}
+  task_resource_requirements: {}
+  ee_resource_requirements: {}
+  init_container_resource_requirements: {}
+
+  # Uncomment to reveal "censored" logs
+  #no_log: false
+