Merge pull request #47 from bgraef/main

add olam pah code

Author: bgraef

olam/create_instance.yml

@@ -310,7 +310,7 @@
           + groups['server']|default([])
 
     - name: Configure passwordless SSH
-      ansible.builtin.include_tasks: "olam_passwordless_setup.yml"
+      ansible.builtin.include_tasks: "passwordless_setup.yml"
       when: passwordless_ssh
 
     - name: Install Oracle Linux Automation Engine
@@ -346,6 +346,14 @@
   ansible.builtin.import_playbook: provision_kvm.yml
   when: use_kvm
 
+- name: Provision Oracle Linux Automation Builder Utility
+  ansible.builtin.import_playbook: provision_builder.yml
+  when: use_olam_builder
+
+- name: Provision Oracle Linux Private Automation Hub
+  ansible.builtin.import_playbook: provision_pah.yml
+  when: use_olam_pah
+
 - name: Print instances
   hosts: all
   become: true

olam/default_vars.yml

@@ -22,6 +22,8 @@ update_all: false
 passwordless_ssh: true
 olam_single_host: false
 use_olae_only: false
+use_olam_builder: false
+use_olam_pah: false
 use_freeipa: false
 use_git: false
 

olam/olam_passwordless_setup.yml renamed to olam/passwordless_setup.yml

@@ -1,56 +1,53 @@
 ---
-# Copyright (c) 2024, 2025 Oracle and/or its affiliates.
+# Copyright (c) 2024 Oracle and/or its affiliates.
 # This software is made available to you under the terms of the Universal Permissive License (UPL), Version 1.0.
 # The Universal Permissive License (UPL), Version 1.0 (see COPYING or https://oss.oracle.com/licenses/upl)
 # See LICENSE.TXT for details.
 
-- name: Generate ssh keypair for ol-control-node
+- name: Generate ssh keypair for user
   community.crypto.openssh_keypair:
     path: ~/.ssh/id_rsa
     size: 2048
-    comment: olam ssh keypair
+    comment: ol ssh keypair
   become: true
   become_user: "{{ username }}"
-  when: inventory_hostname in groups['control']|default([])
 
-- name: Fetch public key file from ol-control-node
+- name: Fetch public key file from server
   ansible.builtin.fetch:
     src: "~/.ssh/id_rsa.pub"
     dest: "buffer/{{ inventory_hostname }}-id_rsa.pub"
     flat: true
   become: true
   become_user: "{{ username }}"
-  when: inventory_hostname in groups['control']|default([])
 
-- name: Copy public key to ol-host
+- name: Copy public key to each destination
   ansible.posix.authorized_key:
-    user: opc
+    user: "{{ username }}"
     state: present
     key: "{{ lookup('file', 'buffer/{{ item }}-id_rsa.pub') }}"
-  loop: "{{ groups['control'] | flatten(levels=1) }}"
+  loop: "{{ groups['all'] | flatten(levels=1) }}"
   become: true
-  when:
-    - "'remote' in groups"
-    - inventory_hostname in groups['remote']|default([])
 
 - name: Print hostvars for groups
   ansible.builtin.debug:
     msg: "{{ hostvars[item] }}"
   loop: "{{ groups['all'] | flatten(levels=1) }}"
   when: debug_enabled
 
+- name: Print vnc subnet_domain_name
+  ansible.builtin.debug:
+    var: my_subnet_domain_name
+  when: debug_enabled
+
 - name: Accept new ssh fingerprints
   ansible.builtin.shell: |
     ssh-keyscan -t ecdsa-sha2-nistp256 \
     {{ hostvars[item].ansible_hostname }},\
     {{ hostvars[item].ansible_default_ipv4.address }},\
     {{ hostvars[item].ansible_hostname + '.' + my_subnet_domain_name }} >> ~/.ssh/known_hosts
   with_items:
-    - "{{ groups['remote'] }}"
+    - "{{ groups['all'] }}"
   become: true
   become_user: "{{ username }}"
   register: result
   changed_when: result.rc == 0
-  when:
-    - "'remote' in groups"
-    - inventory_hostname in groups['control']|default([])

olam/provision_builder.yml

@@ -8,8 +8,8 @@
   hosts: devops-node
   become: true
 
-  vars:
-    debug_enabled: false
+  vars_files:
+    - default_vars.yml
 
   tasks:
 
@@ -48,14 +48,16 @@
 
     - name: Install Oracle Linux Automation Manager Builder Utility
       ansible.builtin.dnf:
-        name: python39-ansible-builder
+        name:
+          - python3.11-ansible-builder
+          - python3.11-pip
         state: present
       when: ansible_distribution == 'OracleLinux' and ansible_distribution_major_version == '8'
 
     - name: Install Ansible Runner using pip
       ansible.builtin.pip:
         name: ansible-runner
-        executable: pip3.9
+        executable: pip3.11
 
     - name: Create project directory
       ansible.builtin.file:
@@ -67,16 +69,16 @@
 
     - name: Create execution-environment.yml
       ansible.builtin.template:
-        src: templates/execution-environment.yml.j2
+        src: templates/execution_environment.yml.j2
         dest: ~/my_custom_ee_project/execution-environment.yml
         mode: '0644'
       become: true
       become_user: "{{ username }}"
 
     - name: Create ansible.cfg
-      ansible.builtin.template:
-        src: templates/ansible.cfg.j2
-        dest: ~/my_custom_ee_project/ansible.cfg
+      ansible.builtin.file:
+        path: ~/my_custom_ee_project/ansible.cfg
+        state: touch
         mode: '0644'
       become: true
       become_user: "{{ username }}"
@@ -97,10 +99,10 @@
       become: true
       become_user: "{{ username }}"
 
-    - name: Create bomdep.txt
-      ansible.builtin.template:
-        src: templates/bindep.txt.j2
-        dest: ~/my_custom_ee_project/bindep.txt
+    - name: Create bindep.txt
+      ansible.builtin.file:
+        path: ~/my_custom_ee_project/bindep.txt
+        state: touch
         mode: '0644'
       become: true
       become_user: "{{ username }}"

olam/provision_pah.yml

@@ -0,0 +1,76 @@
+---
+# Copyright (c) 2025 Oracle and/or its affiliates.
+# This software is made available to you under the terms of the Universal Permissive License (UPL), Version 1.0.
+# The Universal Permissive License (UPL), Version 1.0 (see COPYING or https://oss.oracle.com/licenses/upl)
+# See LICENSE.TXT for details.
+
+- name: Configure Private Automation Hub
+  hosts: ol-pah
+  become: true
+
+  vars_files:
+    - default_vars.yml
+
+  tasks:
+
+    - name: Install Oracle Linux Automation Manager repository
+      ansible.builtin.dnf:
+        name: oraclelinux-automation-manager-release-el8
+        state: present
+      when: ansible_distribution == 'OracleLinux' and ansible_distribution_major_version == '8'
+
+    - name: Disable Oracle Linux Automation Manager 1.0 repository
+      community.general.ini_file:
+        path: "/etc/yum.repos.d/oraclelinux-automation-manager-ol8.repo"
+        section: ol8_automation
+        option: enabled
+        value: "0"
+        mode: '0644'
+      when: ansible_distribution == 'OracleLinux' and ansible_distribution_major_version == '8'
+
+    - name: Disable Oracle Linux Automation Manager 2.0 repository
+      community.general.ini_file:
+        path: "/etc/yum.repos.d/oraclelinux-automation-manager-ol8.repo"
+        section: ol8_automation2
+        option: enabled
+        value: "0"
+        mode: '0644'
+      when: ansible_distribution == 'OracleLinux' and ansible_distribution_major_version == '8'
+
+    - name: Enable Oracle Linux Automation Manager 2.2 repository
+      community.general.ini_file:
+        path: "/etc/yum.repos.d/oraclelinux-automation-manager-ol8.repo"
+        section: ol8_automation2.2
+        option: enabled
+        value: "1"
+        mode: '0644'
+      when: ansible_distribution == 'OracleLinux' and ansible_distribution_major_version == '8'
+
+    - name: Install Oracle Linux Private Automation Hub
+      ansible.builtin.dnf:
+        name: ol-private-automation-hub-installer
+        state: present
+      when: ansible_distribution == 'OracleLinux' and ansible_distribution_major_version == '8'
+
+    - name: Copy PAH playbook to home directory
+      ansible.builtin.copy:
+        src: /usr/share/ansible/collections/ansible_collections/oraclelinux/private_automation_hub/playbooks/single-node/
+        dest: ~/single_node
+        remote_src: true
+        mode: '0775'
+      become: true
+      become_user: "{{ username }}"
+
+    - name: Create playbook inventory file
+      ansible.builtin.template:
+        src: templates/hosts.j2
+        dest: ~/single_node/hosts
+        mode: '0644'
+      become: true
+      become_user: "{{ username }}"
+
+    # - name: Run PAH installer playbook
+    #   ansible.builtin.shell: |
+    #     ansible-playbook single-node-install.yml -i hosts -e "olpah_admin_password=password olpah_db_password=password"
+    #   become: true
+    #   become: "{{ username }}"

olam/templates/execution_environment.yml.j2

@@ -0,0 +1,27 @@
+---
+version: 2
+
+build_arg_defaults:
+ ANSIBLE_GALAXY_CLI_COLLECTION_OPTS: "--ignore-certs"
+
+ansible_config: 'ansible.cfg'
+
+dependencies:
+ galaxy: requirements.yml
+ python: requirements.txt
+ system: bindep.txt
+
+images:
+ base_image:
+  name: container-registry.oracle.com/oracle_linux_automation_manager/olam-ee:2.2
+ builder_image:
+  name: container-registry.oracle.com/oracle_linux_automation_manager/olam-builder:2.2
+
+additional_build_steps:
+  prepend: |
+    RUN whoami
+    RUN cat /etc/os-release
+  append:
+    - RUN echo This is a post-install command!
+    - RUN ls -la /etc
+

olam/templates/hosts.j2

@@ -0,0 +1,5 @@
+all:
+  hosts:
+    hub:
+      ansible_host: ol-pah
+      ansible_user: oracle

olam/templates/ingress_security_rules.j2

@@ -37,4 +37,18 @@ instance_ingress_security_rules:
       destination_port_range:
         max: 636
         min: 636
+{% endif %}
+{% if use_olam_pah %}
+  - source: "10.0.0.0/24"
+    protocol: 6
+    tcp_options:
+      destination_port_range:
+        max: 80
+        min: 80
+  - source: "10.0.0.0/24"
+    protocol: 6
+    tcp_options:
+      destination_port_range:
+        max: 443
+        min: 443
 {% endif %}

olam/templates/playbook.yml.j2

@@ -0,0 +1,10 @@
+---
+- name: get namespace name
+  hosts: localhost
+  tasks:
+    - name: get namespace
+      oracle.oci.oci_object_storage_namespace_facts:
+      register: output
+    - name: print namespace
+      debug:
+        msg: {% raw %} "{{ output }}" {% endraw %}

olam/templates/requirements.txt.j2

@@ -0,0 +1,2 @@
+setuptools
+oci>=2.141.1