Adding AAP Automation to the Deployment
Now that we have deployed our cluster, let’s add our automation. Recall that this process includes creating supporting resources, checking our AnsibleJob CRD into a hosted Git repository, and deploying our automation Application.
First, we will add some supporting OpenShift resources for automation. We will add a namespace ran-lab-automation which our automation resources will belong to, along with a Secret configuring ACM’s authorization to access the AAP Controller through the controller’s auth token.
Before configuring the automation jobs, we need to grant access to our Ansible Automation Platform to RHACM. In order to do that, we first need to login into the AAP Controller UI, and login with the student user and the password that you received in the email.
Once you’re logged follow the following steps:
-
Click on the
student→User Detailsin the top right corner. -
Click on
Tokens. -
Click on
Add -
Leave application and description fields empty and select
writefor the Scope. -
Click
Saveand once the token is presented, save it into a safe location, we will use it in the next steps.
| Replace <automation-controller-token> with the token you just got created. |
export CONTROLLER_TOKEN=<automation-controller-token>cat << EOF | oc --kubeconfig ~/5g-deployment-lab/hub-kubeconfig apply -f -
apiVersion: v1
kind: Namespace
metadata:
name: ran-lab-automation
EOF
cat << EOF | oc --kubeconfig ~/5g-deployment-lab/hub-kubeconfig apply -f -
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: aap-controller-token
namespace: ran-lab-automation
labels:
cluster.open-cluster-management.io/type: ans
cluster.open-cluster-management.io/credentials: ""
stringData:
host: https://automation-aap.apps.hub.5g-deployment.lab
token: ${CONTROLLER_TOKEN}
EOFOur AnsibleJob automation is housed in a git repository at http://infra.5g-deployment.lab:3000/student/aap-integration-tools/src/branch/main/site-applications/prehook/main.yml. It invokes our ZTP Done Automation Ansible Controller job template, which first creates the ztp-day2-automation namespace in the cluster, then adds the aap-done label to the managed cluster.
Creating the ztp-day2-automation namespace is an example configuration. In your own deployments, this step can be substituted with any series of imperative configuration steps that a deployed cluster or the infrastructure may need.
|
We will now create an Openshift Application-based hook into AAP. At a high level the role of the Application is to trigger the AnsibleJob and pass the clusters being targeted by the automation as extra_vars. Here is an example CRD for reference, with the extra variable RHACM passes in comments:
apiVersion: tower.ansible.com/v1alpha1
kind: AnsibleJob
metadata:
name: ztp-day2-automation
spec:
tower_auth_secret: aap-controller-token
job_template_name: "ZTP Done Automation"
# extra_vars:
# target_clusters: {{ list.of.clusters }} <-- array provided by ACM with an entry for each managed cluster that is affectedNow, let’s create our Application.
We can create our Channel, Application, its Subscription, and the PlacementRule to bind this application to the intended clusters.
cat << EOF | oc --kubeconfig ~/5g-deployment-lab/hub-kubeconfig apply -f -
---
apiVersion: apps.open-cluster-management.io/v1
kind: Channel
metadata:
name: gogs-repo
namespace: ran-lab-automation
spec:
pathname: http://infra.5g-deployment.lab:3000/student/aap-integration-tools.git
type: Git
---
apiVersion: app.k8s.io/v1beta1
kind: Application
metadata:
name: monitor-ztp-done
namespace: ran-lab-automation
spec:
componentKinds:
- group: apps.open-cluster-management.io
kind: Subscription
descriptor: {}
selector:
matchExpressions:
- key: app
operator: In
values:
- monitor-ztp-done
---
apiVersion: apps.open-cluster-management.io/v1
kind: Subscription
metadata:
annotations:
apps.open-cluster-management.io/git-branch: main
apps.open-cluster-management.io/git-path: site-applications
apps.open-cluster-management.io/reconcile-option: merge
labels:
app: monitor-ztp-done
name: monitor-ztp-done-subscription
namespace: ran-lab-automation
spec:
hooksecretref:
name: aap-controller-token
channel: ran-lab-automation/gogs-repo
placement:
placementRef:
apiGroup: apps.open-cluster-management.io
kind: PlacementRule
name: monitor-ztp-done-placement
---
apiVersion: apps.open-cluster-management.io/v1
kind: PlacementRule
metadata:
name: monitor-ztp-done-placement
namespace: ran-lab-automation
spec:
clusterConditions:
- status: "True"
type: ManagedClusterConditionAvailable
clusterSelector:
matchExpressions:
- {key: ztp-done, operator: Exists}
- {key: name, operator: NotIn, values: [local-cluster]}
EOFWe have now successfully configured our automation, which will run as soon as our clusters reach ztp-done. We can move to the next section to see how we can monitor the deployment process.