[patch] Require RSL secret name as API parameter

.github/workflows/ansible-publish.yml

@@ -6,6 +6,11 @@ jobs:
   ansible-publish:
     runs-on: ubuntu-latest
     steps:
+      - name: Install Python v3.11
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+
       - name: Checkout
         uses: actions/[email protected]
 
@@ -64,7 +69,7 @@ jobs:
           podman images
           podman login --username "${{ secrets.QUAYIO_USERNAME }}" --password "${{ secrets.QUAYIO_PASSWORD }}" quay.io
           podman push quay.io/ibmmas/ansible-devops-ee:latest
-          podman push quay.io/ibmmas/ansible-devops-ee:${{ env.DOCKER_TAG }} 
+          podman push quay.io/ibmmas/ansible-devops-ee:${{ env.DOCKER_TAG }}
 
       - name: Trigger ibm-mas/cli rebuild on Ansible Collection release
         run: |

.github/workflows/ansible.yml

@@ -7,8 +7,15 @@ on:
       - '**'
 jobs:
   ansible-build:
+    name: Build Ansible Collection
     runs-on: ubuntu-latest
+    if: ${{ !contains(github.event.head_commit.message, '[doc]') }}
     steps:
+      - name: Install Python v3.11
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+
       - name: Checkout
         uses: actions/[email protected]
         # Without this option, we don't get the tag information

.github/workflows/docs.yml

@@ -15,7 +15,7 @@ jobs:
       - name: Install and Build
         run: |
           bash build/bin/copy-role-docs.sh
-          python -m pip install -q mkdocs
+          python -m pip install -q mkdocs mkdocs-carbon mkdocs-glightbox
           mkdocs build --verbose --clean --strict
 
       - name: Deploy

.gitignore

@@ -18,3 +18,7 @@ build/bin/downloads/*.tgz
 .pyenv
 cpd-cli-workspace/*
 /tmp
+/node_modules
+package-lock.json
+package.json
+ibm/mas_devops/playbooks/certs/

.prettierignore

@@ -0,0 +1,52 @@
+# Don't change markdown files
+**/*.md
+
+# Exclude entirely the roles
+# TODO: Gradually remove these rules and verify the formatting
+/ibm/mas_devops/roles/ocp_cluster_monitoring/**/*.*
+/ibm/mas_devops/roles/ocp_config/**/*.*
+/ibm/mas_devops/roles/ocp_deprovision/**/*.*
+/ibm/mas_devops/roles/ocp_efs/**/*.*
+/ibm/mas_devops/roles/ocp_github_oauth/**/*.*
+/ibm/mas_devops/roles/ocp_idms/**/*.*
+/ibm/mas_devops/roles/ocp_login/**/*.*
+/ibm/mas_devops/roles/ocp_node_config/**/*.*
+/ibm/mas_devops/roles/ocp_provision/**/*.*
+/ibm/mas_devops/roles/ocp_roks_upgrade_registry_storage/**/*.*
+/ibm/mas_devops/roles/ocp_simulate_disconnected_network/**/*.*
+/ibm/mas_devops/roles/ocp_upgrade/**/*.*
+/ibm/mas_devops/roles/ocp_verify/**/*.*
+/ibm/mas_devops/roles/ocs/**/*.*
+/ibm/mas_devops/roles/odh/**/*.*
+/ibm/mas_devops/roles/opentelemetry/**/*.*
+/ibm/mas_devops/roles/registry/**/*.*
+/ibm/mas_devops/roles/sls/**/*.*
+/ibm/mas_devops/roles/smtp/**/*.*
+/ibm/mas_devops/roles/suite_app_backup_restore/**/*.*
+/ibm/mas_devops/roles/suite_app_config/**/*.*
+/ibm/mas_devops/roles/suite_app_install/**/*.*
+/ibm/mas_devops/roles/suite_app_rollback/**/*.*
+/ibm/mas_devops/roles/suite_app_uninstall/**/*.*
+/ibm/mas_devops/roles/suite_app_upgrade/**/*.*
+/ibm/mas_devops/roles/suite_app_verify/**/*.*
+/ibm/mas_devops/roles/suite_backup_restore/**/*.*
+/ibm/mas_devops/roles/suite_certs/**/*.*
+/ibm/mas_devops/roles/suite_config/**/*.*
+/ibm/mas_devops/roles/suite_db2_setup_for_manage/**/*.*
+/ibm/mas_devops/roles/suite_dns/**/*.*
+/ibm/mas_devops/roles/suite_install/**/*.*
+/ibm/mas_devops/roles/suite_manage_attachments_config/**/*.*
+/ibm/mas_devops/roles/suite_manage_bim_config/**/*.*
+/ibm/mas_devops/roles/suite_manage_birt_report_config/**/*.*
+/ibm/mas_devops/roles/suite_manage_customer_files_config/**/*.*
+/ibm/mas_devops/roles/suite_manage_imagestitching_config/**/*.*
+/ibm/mas_devops/roles/suite_manage_import_certs_config/**/*.*
+/ibm/mas_devops/roles/suite_manage_load_dbc_scripts/**/*.*
+/ibm/mas_devops/roles/suite_manage_logging_config/**/*.*
+/ibm/mas_devops/roles/suite_manage_pvc_config/**/*.*
+/ibm/mas_devops/roles/suite_rollback/**/*.*
+/ibm/mas_devops/roles/suite_uninstall/**/*.*
+/ibm/mas_devops/roles/suite_upgrade/**/*.*
+/ibm/mas_devops/roles/suite_verify/**/*.*
+/ibm/mas_devops/roles/turbonomic/**/*.*
+/ibm/mas_devops/roles/uds/**/*.*

build/bin/build-collection.sh

@@ -13,8 +13,8 @@ cat $GITHUB_WORKSPACE/ibm/mas_devops/galaxy.yml
 
 
 # Update this when we have new catalog
-MAS_PREVIOUS_CATALOG='v9-240827-amd64'
-MAS_LATEST_CATALOG='v9-241003-amd64'
+MAS_PREVIOUS_CATALOG='v9-241205-amd64'
+MAS_LATEST_CATALOG='v9-250109-amd64'
 
 
 # Update all the placeholders in the playbooks

build/bin/copy-role-docs.sh

@@ -40,7 +40,6 @@ copyDoc gencfg_workspace
 copyDoc grafana
 copyDoc ibm_catalogs
 copyDoc ibmcloud_resource_key
-copyDoc install_operator
 copyDoc kafka
 copyDoc key_rotation
 copyDoc kmodels
@@ -52,7 +51,7 @@ copyDoc mongodb
 copyDoc nvidia_gpu
 copyDoc ocp_cluster_monitoring
 copyDoc ocp_config
-copyDoc ocp_contentsourcepolicy
+copyDoc ocp_idms
 copyDoc ocp_deprovision
 copyDoc ocp_efs
 copyDoc ocp_github_oauth
@@ -86,6 +85,7 @@ copyDoc suite_manage_bim_config
 copyDoc suite_manage_birt_report_config
 copyDoc suite_manage_customer_files_config
 copyDoc suite_manage_attachments_config
+copyDoc suite_manage_imagestitching_config
 copyDoc suite_manage_import_certs_config
 copyDoc suite_manage_load_dbc_scripts
 copyDoc suite_manage_logging_config

docs/execution-environment.md

@@ -1,6 +1,6 @@
 Execution Environment
 ===============================================================================
-Details on the Red Hat Ansible Automation Platform Execution Environment for ansible-devops.
+Details on the [Red Hat Ansible Automation Platform](https://www.redhat.com/en/technologies/management/ansible) Execution Environment for the **ibm.mas_devops** Ansible Collection.
 
 
 Execution Environment Image
@@ -228,7 +228,7 @@ If you need to set an environment variable then you can do this in the playbook
     ocp_version: 4.14.35
     rosa_compute_nodes: 3
 
-  environment: 
+  environment:
     AWS_DEFAULT_REGION: us-east-1
     AWS_ACCESS_KEY_ID: "{{ aws_access_key_id }}"
     AWS_SECRET_ACCESS_KEY: "{{ aws_secret_access_key }}"
@@ -245,148 +245,6 @@ If you need to set an environment variable then you can do this in the playbook
     - ibm.mas_devops.ocp_efs
 ```
 
-### backup/restore
-The backup and restore tasks and playbooks provided in the `ibm.mas_devops` collection has a number of differences with other roles/playbooks that can make creating the playbook difficult. The following playbook is an example of how a backup for core playbook can be written to work with AAP, along with a rclone.conf.j2 file that should be stored in the same location as the playbook in your SCM. The playbook needs to set both the `environment` so that the `ansible_env` var is set, and for task vars to be set to override the common_vars that are looking for environment variables on the local controller (note that `environment` does not update the local controller environment so lookups using the ansible builtin `env` won't pick up those values).
-
-This playbook requires the following survey questions to be setup:
-
-```yaml
-{
-  "aws_access_key_id": "$encrypted$",
-  "aws_secret_access_key": "$encrypted$",
-  "ocp_token": "$encrypted$",
-  "ocp_server": "https://api.your_ocp_cluster:6443"
-}
-```
-
-```yaml
----
-- name: "Backup/Restore MAS Core"
-  hosts: localhost
-  any_errors_fatal: true
-
-  vars:
-    # Define the target for backup/restore
-    mas_instance_id: aap1
-
-    # Define what action to perform
-    masbr_action: backup
-
-    # Define storage type
-    masbr_storage_type: cloud
-    masbr_storage_cloud_rclone_file: rclone.conf
-    masbr_storage_cloud_rclone_name: masbr
-    masbr_storage_cloud_bucket: mas-backup
-
-    # Define what to backup/restore
-    masbr_job_component:
-      name: "core"
-      instance: "{{ mas_instance_id }}"
-      namespace: "mas-{{ mas_instance_id }}-core"
-
-    # Configure path to backup_restore tasks that should be present in the execution environment
-    role_path: "/usr/share/ansible/collections/ansible_collections/ibm/mas_devops/roles/suite_backup_restore"
-
-  # Set here to get into ansible_env
-  environment:
-    MASBR_STORAGE_TYPE: cloud
-    MASBR_STORAGE_CLOUD_RCLONE_FILE: rclone.conf
-    MASBR_STORAGE_CLOUD_RCLONE_NAME: masbr
-    MASBR_STORAGE_CLOUD_BUCKET: mas-backup
-
-  pre_tasks:
-    - name: "Asserts aws_access_key_id secret defined"
-      assert: 
-        that: aws_access_key_id is defined
-        fail_msg: "aws_access_key_id not defined"
-
-    - name: "Asserts aws_secret_access_key secret defined"
-      assert: 
-        that: aws_secret_access_key is defined
-        fail_msg: "aws_secret_access_key not defined"
-
-    # Template out the rclone.conf so no credentials are stored in git
-    - name: "Create rclone.conf"
-      template:
-        src: "{{ masbr_storage_cloud_rclone_file }}.j2"
-        dest: "{{ masbr_storage_cloud_rclone_file }}"
-
-  roles:
-    - ibm.mas_devops.ocp_login
-
-  tasks:
-
-    # Common checks before run tasks
-    # -------------------------------------------------------------------------
-    - name: "Before run tasks"
-      include_tasks:
-        file: "{{ role_path }}/../../common_tasks/backup_restore/before_run_tasks.yml"
-      vars:
-        _job_type: "{{ masbr_action }}"
-        masbr_storage_type: cloud
-        masbr_storage_cloud_rclone_file: rclone.conf
-        masbr_storage_cloud_rclone_name: masbr
-        masbr_storage_cloud_bucket: mas-backup
-
-    # Create k8s Job to run backup/restore tasks
-    # -------------------------------------------------------------------------
-    - name: "Create k8s Job to run {{ masbr_action }} tasks"
-      when: masbr_create_task_job
-      include_tasks: 
-        file: "{{ role_path }}/../../common_tasks/backup_restore/create_run_tasks_job.yml"
-      vars:
-        _rt_playbook_name: "br_core"
-        _rt_env:
-          - name: "MASBR_ACTION"
-            value: "{{ masbr_action }}"
-          - name: "MASBR_JOB_VERSION"
-            value: "{{ masbr_job_version }}"
-          - name: "MAS_INSTANCE_ID"
-            value: "{{ mas_instance_id }}"
-        masbr_storage_type: cloud
-        masbr_storage_cloud_rclone_file: rclone.conf
-        masbr_storage_cloud_rclone_name: masbr
-        masbr_storage_cloud_bucket: mas-backup
-
-    # Run backup/restore tasks locally
-    # -------------------------------------------------------------------------
-    - name: "Run {{ masbr_action }} tasks"
-      when: not masbr_create_task_job
-      block:
-        - name: "MongoDB: {{ masbr_action }}"
-          include_role:
-            name: ibm.mas_devops.mongodb
-          vars:
-            mongodb_action: "{{ masbr_action }}"
-            mas_app_id: "core"
-            masbr_storage_type: cloud
-            masbr_storage_cloud_rclone_file: rclone.conf
-            masbr_storage_cloud_rclone_name: masbr
-            masbr_storage_cloud_bucket: mas-backup
-
-        - name: "MAS Core namespace: {{ masbr_action }}"
-          include_role:
-            name: ibm.mas_devops.suite_backup_restore
-          vars:
-            masbr_storage_type: cloud
-            masbr_storage_cloud_rclone_file: rclone.conf
-            masbr_storage_cloud_rclone_name: masbr
-            masbr_storage_cloud_bucket: mas-backup
-```
-
-The following file is stored in your SCM and is a template to be injected with the credentials needed during the play. This allows the file to be stored in SCM without exposing credentials.
-
-rclone.conf.j2
-```
-[masbr]
-type = s3
-provider = Minio
-endpoint = http://minio-api.apps.mydomain.com
-access_key_id = "{{ aws_access_key_id }}"
-secret_access_key = "{{ aws_secret_access_key }}"
-region = minio
-```
-
 Troubleshooting
 -------------------------------------------------------------------------------
 
@@ -459,37 +317,3 @@ Example setting role vars:
       vars:
         kafka_version: 3.7.0
 ```
-
-One caveat to the above is the `backup/restore` tasks as these use a combination of ansible vars and expecting environment variables to be set in the `ansible_env` variable. In order to work with `the backup/restore` tasks you need to set both `environment` and role/task vars (not play vars). 
-
-Example, showing `environment` and task vars set. See [backup exmaple](#examples-of-playbooks) for more complete play:
-```yaml
-- name: "Backup/Restore MAS Core"
-  hosts: localhost
-  any_errors_fatal: true
-
-  vars:
-    # Configure path to backup_restore tasks
-    role_path: "/usr/share/ansible/collections/ansible_collections/ibm/mas_devops/roles/suite_backup_restore"
-
-  # Set here to get into ansible_env
-  environment:
-    MASBR_STORAGE_TYPE: cloud
-    MASBR_STORAGE_CLOUD_RCLONE_FILE: rclone.conf
-    MASBR_STORAGE_CLOUD_RCLONE_NAME: masbr
-    MASBR_STORAGE_CLOUD_BUCKET: mas-backup
-
-  tasks:
-
-    # Common checks before run tasks
-    # -------------------------------------------------------------------------
-    - name: "Before run tasks"
-      include_tasks:
-        file: "{{ role_path }}/../../common_tasks/backup_restore/before_run_tasks.yml"
-      vars:
-        _job_type: "{{ masbr_action }}"
-        masbr_storage_type: cloud
-        masbr_storage_cloud_rclone_file: rclone.conf
-        masbr_storage_cloud_rclone_name: masbr
-        masbr_storage_cloud_bucket: mas-backup
-```