Seamless Ansible Automation Platform Deployment on OpenShift via OpenShift GitOps

Introduction

GitOps is a declarative approach for enabling continuous deployment of cloud-native applications, particularly in multi-cluster Kubernetes environments such as the OpenShift Container Platform. This methodology streamlines complex deployment processes, significantly reducing time spent during deployment and release cycles.

GitOps centers around employing Git pull requests to manage infrastructure and application configurations, making the Git repository the sole source of truth for system and application settings. This repository contains a declarative definition of the infrastructure required for the specified environment and incorporates an automated process to synchronize the environment with the described state. Moreover, it maintains a comprehensive history of system state changes, enhancing visibility and auditability, and mitigating infrastructure and application configuration sprawl.

This blog is aimed at demonstrating the setting up of Ansible Automation Platform (AAP) on OpenShift using OpenShift GitOps.

Procedure:

1. Clone this repository and make required changes to the AutomationController resource contained in this repository.

2. Perform the steps outlined in the OpenShift GitOps documentation and install OpenShift GitOps on the OpenShift cluster.

3. Ensure that the ServiceAccount `openshift-gitops-argocd-application-controller` that’s created by OpenShift GitOps, has sufficient rights to modify/administer resources in other projects (i.e. any AAP specific namespaces that would be created later) using the OC CLI command:

oc adm policy add-cluster-role-to-user admin -z openshift-gitops-argocd-application-controller -n openshift-gitops --rolebinding-name gitops-admin

4. Install ArgoCD CLI on the workstation.

5. Access the OpenShift project `openshift-gitops` and get the password for the OpenShift GitOps ‘admin’ user using the command:

argoPass=$(oc get secret/openshift-gitops-cluster -n openshift-gitops -o jsonpath='{.data.admin\.password}' | base64 -d)

6. Get the route for accessing OpenShift GitOps

argoURL=$(oc get route openshift-gitops-server -n openshift-gitops -o jsonpath='{.spec.host}{"\n"}')

7. Login to OpenShift GitOps from the workstation using the following command:

argocd login --insecure --grpc-web $argoURL --username admin --password $argoPass

8. Create a new OpenShift GitOps application and install AAP operator and AutomationController using the following command:

argocd app create aap-install --repo https://github.com/bbalakriz/aap-openshift-gitops\
                              --path ./ --dest-namespace default \
                              --dest-server https://kubernetes.default.svc

9. Sync the app on OpenShift GitOps using the command given below to start the AAP operator provisioning followed by installation of AAP.

argocd app sync aap-install

This should produce an output like the one shown below.

TIMESTAMP GROUP KIND NAMESPACE NAME STATUS HEALTH HOOK MESSAGE
2023–10–17T13:08:35+08:00 Namespace ansible-automation-platform Synced 
2023–10–17T13:08:36+08:00 Namespace default ansible-automation-platform Running Synced namespace/ansible-automation-platform created
2023–10–17T13:08:36+08:00 operators.coreos.com OperatorGroup ansible-automation-platform ansible-automation-platform-operator Synced Missing 
2023–10–17T13:08:38+08:00 Namespace default ansible-automation-platform Succeeded Synced namespace/ansible-automation-platform created
2023–10–17T13:08:38+08:00 operators.coreos.com OperatorGroup ansible-automation-platform ansible-automation-platform-operator Synced Missing operatorgroup.operators.coreos.com/ansible-automation-platform-operator created
2023–10–17T13:08:38+08:00 automationcontroller.ansible.com AutomationController ansible-automation-platform aap-controller OutOfSync Missing automationcontroller.automationcontroller.ansible.com/aap-controller created
2023–10–17T13:08:38+08:00 automationcontroller.ansible.com AutomationController ansible-automation-platform aap-controller Synced Missing automationcontroller.automationcontroller.ansible.com/aap-controller created
Name: openshift-gitops/aap-install
Project: default
Server: https://kubernetes.default.svc
Namespace: default
URL: https://openshift-gitops-server-xxx.xxx.xxx.abc.com/applications/aap-install
Repo: https://github.com/bbalakriz/aap-openshift-gitops
….
Operation: Sync
Sync Revision: fb76f2dded5089da060af08ebc4f61687a3a3b95
Phase: Succeeded
Duration: 5s
Message: successfully synced (all tasks run)
….

Steps 7, 8 and 9 could be performed from OpenShift GitOps web console as well using the “New App” option as shown below in the Appendix section.

10. Log in to the OpenShift GitOps web console (referenced by the environment variable $argoURL mentioned above) with the ‘admin’ user credentials and verify that the aap-install project and all resources are created successfully.

11. AAP should be up and running in the namespace ansible-automation-platform and can be accessed from the route given below.

oc get route aap-controller -n ansible-automation-platform -o jsonpath='{.spec.host}{"\n"}'

Appendix

Creating ArgoCD project from OpenShift GitOps web console.