A collection of Ansible playbooks that showcase the capability of the Red Hat Advance Cluster Management (ACM) Ansible Collection https://galaxy.ansible.com/stolostron/core

• Set up and run the demo from Ansible Automation Controller
• Set up and run the demo without Ansible Automation Controller
• Modification that you can do to the demo (DEFINATELY TRY THIS!)

• Ansible
• AWX CLI
• A working deployment of Ansible Automation Controller
• A working deployment of Red Hat Advance Cluster Management 2.5+
• Kubernetes clusters managed by Red Hat Advance Cluster Management

cd acm-ansible-collection-demo

export CONTROLLER_HOST=<ansible automation controller URL>
export CONTROLLER_USERNAME=<username>
export CONTROLLER_PASSWORD=<password>
export CONTROLLER_TOKEN=`awx login | jq -r .token`
export CONTROLLER_VERIFY_SSL=no

export K8S_AUTH_KUBECONFIG=<path to kubeconfig file for ACM>

ansible-playbook playbooks/aap-demo-setup.yml

The demo setup playbook will:

• Enable "ClusterProxy" and "ManagedServiceAccount" featureson ACM
• Create the nessary credential for connection to ACM in Ansible Automation Controller
• Add this repository as a Project in Ansible Automation Controller
• Create cluster inventory with ACM dynamic inventory plugin in Ansible Automation Controller
• Create Job Template from the cluster-mgmt.yml playbook in Ansible Automation Controller

• Login to the Ansible Automation Controller UI
• Test out the ACM dynamic inventory plugin
  • Click on the "Inventory" tab from left navigation menu
  • Click on the "ACM Cluster Inventory" item in the table
  • Click on the "Source" tab
  • Click sync button next to "ACM Dynamic Cluster Inventory Example" item in the table
  • Click on the "Groups" or the "Hosts" tab to see the clusters in the inventory
• Running the demo playbook
  • Click on the "Templates" tab from left navigation menu
  • Click the launch button next to the "K8S MultiCluster Management Demo" item in the table
  • (optional) Modify the extra_vars in the popup window
  • Click on the "Next" button
  • Click on the "Launch" button
  • Unmodified playbooks/cluster-mgmt.yml will:
    • Set up "ClusterProxy" and "ManagedServiceAccount" addons on the selected clusters
    • Connect to the selected clusters using these ACM features
    • Create a namespace on of all selected clusters (this can be modified to do literally ANYTHING you want to do!)
  • You can launch the job again and modify "state": "absent" to remove the created namespace on the selected clusters

git clone https://github.com/TheRealHaoLiu/acm-ansible-collection-demo.git

cd acm-ansible-collection-demo

export CONTROLLER_HOST=<ansible automation controller URL>
export CONTROLLER_USERNAME=<username>
export CONTROLLER_PASSWORD=<password>
export CONTROLLER_TOKEN=`awx login | jq -r .token`
export CONTROLLER_VERIFY_SSL=no

export K8S_AUTH_KUBECONFIG=<path to kubeconfig file for ACM>

ansible-playbook playbooks/aap-demo-cleanup.yml

The demo setup playbook will:

• Disable "ClusterProxy" and "ManagedServiceAccount" featureson ACM
• Delete all resources created by demo setup from Ansible Automation Controller

• Ansible
• AWX CLI
• An working deployment of Red Hat Advance Cluster Management 2.5+
• Kubernetes cluster managed by Red Hat Advance Cluster Management

cd acm-ansible-collection-demo

ansible-galaxy collection install -r collections/requirements.yml

export K8S_AUTH_KUBECONFIG=<path to kubeconfig file for ACM>

ansible-playbook playbooks/local-demo-setup.yml

The demo setup playbook will:

• Enable "ClusterProxy" and "ManagedServiceAccount" featureson ACM

ansible-inventory -i inventories/cluster-inventory-example.yml --list

ansible-playbook playbooks/create-kubeconfig.yml -i inventories/cluster-inventory-example.yml -e target_hosts=all-managed-clusters

The playbook will:

• Set up "ClusterProxy" and "ManagedServiceAccount" addons on the selected clusters
• Generate a kubeconfig file in the kubeconfig directory for each of the selected clusters
• The generated kubeconfig files will using "ClusterProxy" to connect to the clusters
• The generated kubeconfig files will using "ManagedServiceAccount" to authenticate to the clusters
• SECURITY NOTE: By default the created "ManagedServiceAccount" will have the cluster-admin ClusterRole and does not have expiration time set. The cleanup playbook will remove the created "ManagedServiceAccount" and render the credential in kubeconfig useless.

To create a namespace named cool-app on all clusters managed by ACM

ansible-playbook playbooks/cluster-mgmt.yml -i inventories/cluster-inventory-example.yml -e target_hosts=all-managed-clusters -e state=absent -e namespace=cool-app

To remove the namespace named cool-app on all clusters managed by ACM

ansible-playbook playbooks/cluster-mgmt.yml -i inventories/cluster-inventory-example.yml -e target_hosts=all-managed-clusters -e state=absent -e namespace=cool-app

This playbook will:

• Set up "ClusterProxy" and "ManagedServiceAccount" addons on the selected clusters
• Connect to the selected clusters using these ACM features
• Create or delete a specified namespace on of all selected clusters (this can be modified to do literally ANYTHING you want to do!)

git clone https://github.com/TheRealHaoLiu/acm-ansible-collection-demo.git

cd acm-ansible-collection-demo

export K8S_AUTH_KUBECONFIG=<path to kubeconfig file for ACM>

ansible-playbook playbooks/local-demo-cleanup.yml

The demo cleanup playbook will:

• Disable "ClusterProxy" and "ManagedServiceAccount" featureson ACM
• All ManagedServiceAccount created will be deleted and render the credentials in kubeconfig useless

• Modify the dynamic inventory grouping in inventories/cluster-inventory-example.yml
• Add your own cool scenario in the roles/cool-things-you-do role
• Modify or add your RBAC configuration for your cool role in k8s-rbac directory (or use cluster-admin /shrug)
• Modify playbooks/cluster-mgmt.yml to run roles/cool-things-you-do