redhat-cop · agonzalezrh · Jul 31, 2025
diff --git a/ansible/configs/zero-touch-base-rhel/post_software.yml b/ansible/configs/zero-touch-base-rhel/post_software.yml
@@ -66,7 +66,7 @@
         wait_condition:
           type: Ready
           status: "True"
-        wait_timeout: 300
+        wait_timeout: "{{ ocp4_workload_showroom_namespace_wait_ready | default(600) }}"
 
 - name: Deploy user setup
   hosts: localhost

diff --git a/ansible/configs/zero-touch-base-rhel/pre_software.yml b/ansible/configs/zero-touch-base-rhel/pre_software.yml
@@ -38,7 +38,10 @@
   tasks:
 
     - name: Setup Repositories
-      when: repo_method is defined
+      when:
+        - repo_method is defined
+        - instances | selectattr('name', 'equalto', ansible_host ) | selectattr('register_satellite', 'defined') | map(attribute='register_satellite') | first | default(true) | bool
+
       ansible.builtin.import_role:
         name: set-repositories
 
@@ -52,8 +55,8 @@
       ansible.builtin.import_role:
         name: set_env_authorized_key
 
-- name: Configuring Bastion Hosts
-  hosts: bastions
+- name: Configuring Hosts
+  hosts: bastions:nodes
   become: true
   tags:
     - step004
@@ -165,15 +168,17 @@
 
     - name: copy the environment .pem key
       ansible.builtin.copy:
-        src: "{{ hostvars.localhost.env_authorized_key_path }}"
+        src: "{{ hostvars.localhost.ssh_provision_key_path
+          | default(hostvars.localhost.env_authorized_key_path) }}"
         dest: "/root/.ssh/{{ env_authorized_key }}.pem"
         owner: "root"
         group: "root"
         mode: 0400
 
     - name: copy the environment .pub key
       ansible.builtin.copy:
-        content: "{{ hostvars.localhost.env_authorized_key_content_pub }}"
+        content: "{{ hostvars.localhost.ssh_provision_pubkey_content
+          | default(hostvars.localhost.env_authorized_key_content_pub) }}"
         dest: "/root/.ssh/{{ env_authorized_key }}.pub"
         owner: "root"
         group: "root"

diff --git a/ansible/configs/zero-touch-base-rhel/software.yml b/ansible/configs/zero-touch-base-rhel/software.yml
@@ -15,6 +15,22 @@
       ansible.builtin.debug:
         msg: "Software tasks Started"
 
+- name: Install packages defined in the instances
+  hosts: all:!isolated
+  gather_facts: false
+  become: true
+  tasks:
+    - name: Setup Red Hat packages for each host
+      when: instances | selectattr('name', 'equalto', ansible_host ) | selectattr('packages', 'defined') | map(attribute='packages') | default([]) | list | length > 0
+      ansible.builtin.dnf:
+        state: present
+        name: "{{ instances | selectattr('name', 'equalto', ansible_host ) | map(attribute='packages') | from_yaml | flatten }}"
+      register: r_dnf_packages
+      until: r_dnf_packages is succeeded
+      retries: 5
+      delay: 10
+
+
 # ----------------------------------------------------------------------
 # Software Workloads as role
 # ----------------------------------------------------------------------

diff --git a/ansible/roles/showroom/tasks/40-showroom-render.yml b/ansible/roles/showroom/tasks/40-showroom-render.yml
@@ -5,41 +5,6 @@
     path: "{{ showroom_user_content_dir }}/default-site.yml"
   register: default_site_stat
 
-- name: Ensure output.dir is set to ./www/www for zero-touch
-  when:
-    - default_site_stat.stat.exists
-    - showroom_ui == "zero-touch"
-  block:
-
-    - name: Read default-site.yml
-      ansible.builtin.slurp:
-        path: "{{ showroom_user_content_dir }}/default-site.yml"
-      register: default_site_raw
-
-    - name: Decode YAML content
-      ansible.builtin.set_fact:
-        default_site_data: "{{ default_site_raw.content | b64decode | from_yaml }}"
-
-    - name: Update output.dir to ./www/www
-      ansible.builtin.set_fact:
-        default_site_data: >-
-          {{
-            default_site_data | combine({
-              'output': (default_site_data.output | default({})) | combine({
-                'dir': './www/www'
-              })
-            }, recursive=True)
-          }}
-
-    - name: Write updated default-site.yml
-      ansible.builtin.copy:
-        content: "{{ default_site_data | to_nice_yaml(indent=2) }}"
-        dest: "{{ showroom_user_content_dir }}/default-site.yml"
-        backup: yes
-        owner: "{{ showroom_user }}"
-        group: "{{ showroom_user_group }}"
-        mode: "u=rw,g=r,o=r"
-
 - name: Render asciidoc via antora container using the default-site.yml
   containers.podman.podman_container:
     name: container
@@ -128,7 +93,7 @@
       register: zero_touch_config_stat
 
     - name: Create a symbolic link for zero-touch-config.yml if it exists
-      ansible.builtin.copy:
+      ansible.builtin.file:
         src: "{{ showroom_user_content_dir }}/zero-touch-config.yml"
         dest: "{{ showroom_user_content_dir }}/www/zero-touch-config.yml"
         mode: "u=rw,g=r,o=r"
@@ -139,7 +104,7 @@
       when: zero_touch_config_stat.stat.exists
 
     - name: Create a symbolic link to ui-config.yml as fallback
-      ansible.builtin.copy:
+      ansible.builtin.file:
         src: "{{ showroom_user_content_dir }}/ui-config.yml"
         dest: "{{ showroom_user_content_dir }}/www/ui-config.yml"
         mode: "u=rw,g=r,o=r"
@@ -168,3 +133,5 @@
         line: |
           [network]
           default_rootless_network_cmd = "slirp4netns"
+          [engine]
+          network_cmd_options = ["cidr=10.0.3.0/24"]
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_showroom/README.adoc b/ansible/roles_ocp_workloads/ocp4_workload_showroom/README.adoc
@@ -7,7 +7,7 @@
 ** Deploying to our OCP 410 shared OCP Cluster: <<shared_cluster>>
 * One or multiple OpenShift users, autodetected.
 * Deploy the showroom helm chart https://github.com/rhpds/showroom-deployer/charts/showroom-single-pod
-* Supports deployment via helm cli (will be installed if not there).
+* Supports deployment via OpenShift GitOps (ArgoCD) or a locally installed helm cli (will be installed if not there).
 * Supports multiple deployment options
 ** Just lab content
 ** Lab content and a Wetty terminal that can be configured to automatically ssh to a bastion
@@ -79,12 +79,21 @@ ocp4_workload_showroom_deployer_chart_version: "1.0.0"
 == Picking Deployment Type
 
 If you don't pick a deployment type the default is `helm` cli locally (on the bastion) If `helm` is not available it will be installed first.
+
+To use `ArgoCD` you need to give the right permissions to the system ArgoCd by using the workload and workload options as specified.
 +
 .Example
 [source,yaml]
 ----
-# How to deploy Showroom. Options are `helm`
-ocp4_workload_showroom_deployment_type: helm
+# How to deploy Showroom. Options are `helm` and `argocd`
+# For `argocd' ocop4_workload_openshift_gitops must have been deployed first with the following options:
+# (OpenShift GitOps 1.10 or newer is preferred but it should work just as well with older versions)
+#   ocp4_workload_openshift_gitops_channel: gitops-1.10
+#   ocp4_workload_openshift_gitops_setup_cluster_admin: true
+#   ocp4_workload_openshift_gitops_update_route_tls: true
+#   ocp4_workload_openshift_gitops_rbac_update: true
+# Deploying using `argocd` without these options will fail
+ocp4_workload_showroom_deployment_type: argocd
 ----
 
 == Show just lab instructions (whole window)

diff --git a/ansible/roles_ocp_workloads/ocp4_workload_showroom/defaults/main.yaml b/ansible/roles_ocp_workloads/ocp4_workload_showroom/defaults/main.yaml
@@ -48,7 +48,7 @@ ocp4_workload_showroom_terminal_requests_memory: 256Mi
 ocp4_workload_showroom_terminal_limits_cpu: 500m
 ocp4_workload_showroom_terminal_limits_memory: 1Gi
 
-ocp4_workload_showroom_content_image: ghcr.io/rhpds/showroom-content:prod
+ocp4_workload_showroom_content_image: ghcr.io/agonzalezrh/showroom-content:latest
 
 # Showroom Terminal Image. Options include:
 # - quay.io/rhpds/openshift-showroom-terminal-ocp:latest
@@ -77,7 +77,14 @@ ocp4_workload_showroom_novnc_limits_memory: 256Mi
 # Usually `showroom-proxy` for multi-pod deployment and `showroom` for single pod deployment
 ocp4_workload_showroom_service_name: "{{ ocp4_workload_showroom_name }}"
 
-# How to deploy Showroom. Options are `helm`
+# How to deploy Showroom. Options are `helm` and `argocd`
+# For `argocd' ocop4_workload_openshift_gitops must have been deployed first with the following options:
+# (OpenShift GitOps 1.10 or newer is preferred but it should work just as well with older versions)
+#   ocp4_workload_openshift_gitops_channel: gitops-1.10
+#   ocp4_workload_openshift_gitops_setup_cluster_admin: true
+#   ocp4_workload_openshift_gitops_update_route_tls: true
+#   ocp4_workload_openshift_gitops_rbac_update: true
+# Deploying using `argocd` without these options will fail
 ocp4_workload_showroom_deployment_type: helm
 
 # Helm Chart to use for Showroom. This needs to be a packaged chart in a registry.
@@ -96,8 +103,12 @@ ocp4_workload_showroom_test_self_provisioner: false
 ocp4_workload_showroom_zero_touch_bundle: ""
 ocp4_workload_showroom_zero_touch_ui_enabled: false
 
-ocp4_workload_showroom_use_sandbox_domain: false
+ocp4_workload_showroom_cloud_image: quay.io/agonzalezrh/showroom-cloud:v0.0.6
 
+ocp4_workload_showroom_ironrdp_enable: false
+ocp4_workload_showroom_ironrdp_image: quay.io/agonzalezrh/ironrdp:v0.0.2
+
+ocp4_workload_showroom_automation_disable: false
 
 # defaults for _showroom_user_data so env destroys don't fail
 _showroom_user_data:

diff --git a/ansible/roles_ocp_workloads/ocp4_workload_showroom/tasks/deploy-showroom-helm.yaml b/ansible/roles_ocp_workloads/ocp4_workload_showroom/tasks/deploy-showroom-helm.yaml
@@ -28,8 +28,13 @@
         zero_touch_ui_enabled: "{{ ocp4_workload_showroom_zero_touch_ui_enabled | string | lower }}"
 
       guid: "{{ guid }}"
+      satellite:
+        url: "{{ satellite_url | default('') }}"
+        org: "{{ satellite_org | default('') }}"
+        activationkey: "{{ satellite_activationkey | default('') }}"
       deployer:
-        domain: "{{ _deployer_domain }}"
+        domain: "{{ sandbox_openshift_apps_domain | default(_deployer_domain) }}"
+        registry_pull_token: "{{ registry_pull_token | default('') }}"
       stacked_terminals:
         setup: "{{ ocp4_workload_showroom_stacked_terminals_enable | bool | string | lower }}"
         display_name: "{{ ocp4_workload_showroom_stacked_terminals_display_name }}"
@@ -41,7 +46,7 @@
                          else false) | bool | string | lower }}"
         display_name: "{{ ocp4_workload_showroom_second_terminal_tab_display_name }}"
       terminal:
-        setup: "{{ (true if ocp4_workload_showroom_terminal_type == 'showroom' else false) | bool | string | lower }}"
+        setup: "true"
         image: "{{ ocp4_workload_showroom_terminal_image }}"
         resources:
           requests:
@@ -67,6 +72,8 @@
           sshUser: "{{ _showroom_user_data['users'][_showroom_user].bastion_ssh_user_name | default(_showroom_user_data.bastion_ssh_user_name) }}"
           sshPass: "{{ _showroom_user_data['users'][_showroom_user].bastion_ssh_password | default(_showroom_user_data.bastion_ssh_password) }}"
           sshPort: "{{ _showroom_user_data.bastion_ssh_port | default(22) }}"
+          sshOtherHosts: "{{ instances | selectattr('name') | map(attribute='name') | list | default([]) }}"
+          terminals: "{{ instances | selectattr('terminals', 'defined') | community.general.json_query('[].{name: name, terminals: terminals}') }}"
       novnc:
         setup: "{{ (true if ocp4_workload_showroom_novnc_enable | bool else false) | bool | string | lower }}"
         image: "{{ ocp4_workload_showroom_novnc_image }}"
@@ -79,6 +86,36 @@
           limits:
             cpu: "{{ ocp4_workload_showroom_novnc_limits_cpu }}"
             memory: "{{ ocp4_workload_showroom_novnc_limits_memory }}"
+      cloud:
+        setup: "{{ ('false' if auth_cloud_provider | default('none') == 'none' else 'true') | string | lower }}"
+        image: "{{ ocp4_workload_showroom_cloud_image }}"
+        auth_cloud_provider: "{{ auth_cloud_provider | default('none') }}"
+        aws_access_key_id: "{{ aws_sandbox_provision_data.aws_access_key_id | default('') }}"
+        aws_secret_access_key: "{{ aws_sandbox_provision_data.aws_secret_access_key | default('') }}"
+        aws_web_console_url: "{{ aws_sandbox_provision_data.aws_web_console_url | default('') }}"
+        aws_web_console_user_name: "{{ aws_sandbox_provision_data.aws_web_console_user_name | default('') }}"
+        aws_web_console_password: "{{ aws_sandbox_provision_data.aws_web_console_password | default('') }}"
+        aws_sandbox_account_id: "{{ aws_sandbox_provision_data.aws_sandbox_account_id | default('') }}"
+        aws_route53_domain: "{{ aws_sandbox_provision_data.aws_route53_domain | default('') }}"
+        aws_default_region: "{{ aws_sandbox_provision_data.aws_default_region | default('') }}"
+        azure_subscription: "{{ azure_sandbox_provision_data.azure_subscription | default('') }}"
+        azure_tenant: "{{ azure_sandbox_provision_data.azure_tenant_id | default('') }}"
+        azure_client_id: "{{ azure_sandbox_provision_data.azure_service_principal_id | default('') }}"
+        azure_password: "{{ azure_sandbox_provision_data.azure_service_principal_password | default('') }}"
+        azure_resourcegroup: "{{ azure_sandbox_provision_data.azure_resource_group | default('') }}"
+
+      ironrdp:
+        setup: "{{ ('true' if ocp4_workload_showroom_ironrdp_enable | bool  else 'false') | string | lower }}"
+        image: "{{ ocp4_workload_showroom_ironrdp_image }}"
+        server: "windows"
+        user: "Administrator"
+        password: "{{ _showroom_user_data.windows_password | default('') }}"
+        jetserver: "localhost:7171"
+        tokengenserver: "localhost:8081"
+      automation:
+        setup: "{{ ('false' if ocp4_workload_showroom_automation_disable | bool  else 'true') | string | lower }}"
+        vault_password: "{{ _showroom_user_data.vault_password | default('') }}"
+
 
   register: r_helm_templates
 

diff --git a/ansible/roles_ocp_workloads/ocp4_workload_showroom/tasks/prepare-variables.yaml b/ansible/roles_ocp_workloads/ocp4_workload_showroom/tasks/prepare-variables.yaml
@@ -55,36 +55,31 @@
     loop_var: _services_item
     label: "{{ _services_item.name }}"
 
-- name: Retrieve OpenShift Ingress
-  when: not ocp4_workload_showroom_use_sandbox_domain | default(false)
+- name: Retrieve Ingress config
+  when: sandbox_openshift_apps_domain | default("") | length == 0
   kubernetes.core.k8s_info:
     kubeconfig: "{{ _showroom_kubeconfig | default(omit) }}"
-    api_version: config.openshift.io/v1
+    api_version: 'config.openshift.io/v1'
     kind: Ingress
     name: cluster
   register: r_ingress_config
-  until:
-  - r_ingress_config.resources.0 is defined
-  - r_ingress_config.resources | length  > 0
-  delay: 15
-  retries: 60
 
 - name: Get OpenShift Apps Domain (Non Equinix)
   when:
   - r_ingress_config.resources[0].spec.appsDomain is not defined
-  - not ocp4_workload_showroom_use_sandbox_domain | default(false)
+  - sandbox_openshift_apps_domain | default("") | length == 0
   ansible.builtin.set_fact:
     _deployer_domain: "{{ r_ingress_config.resources[0].spec.domain }}"
 
 - name: Get OpenShift Apps Domain (Equinix)
   when:
   - r_ingress_config.resources[0].spec.appsDomain is defined
-  - not ocp4_workload_showroom_use_sandbox_domain | default(false)
+  - sandbox_openshift_apps_domain | default("") | length == 0
   ansible.builtin.set_fact:
     _deployer_domain: "{{ r_ingress_config.resources[0].spec.appsDomain }}"
 
 - name: Set _deployer_domain when environment is CNV
   when:
-  - ocp4_workload_showroom_use_sandbox_domain | default(false)
+  - sandbox_openshift_apps_domain | default("") | length > 0
   ansible.builtin.set_fact:
     _deployer_domain: "{{ sandbox_openshift_apps_domain }}"
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_showroom/tasks/remove_workload.yml b/ansible/roles_ocp_workloads/ocp4_workload_showroom/tasks/remove_workload.yml
@@ -11,6 +11,32 @@
 - name: Prepare Variables
   ansible.builtin.include_tasks: prepare-variables.yaml
 
+- name: Remove via Argo when present
+  when: ocp4_workload_showroom_deployment_type == "argocd"
+  block:
+
+  - name: Remove showroom Application (single user)
+    when:
+    - _showroom_user_data.users is undefined
+    - _showroom_user_data.bastion_public_hostname is defined
+    - _showroom_user_data.bastion_ssh_password is defined
+    - _showroom_user_data.bastion_ssh_user_name is defined
+    kubernetes.core.k8s:
+      kubeconfig: "{{ _showroom_kubeconfig | default(omit) }}"
+      state: absent
+      definition: "{{ lookup('template', 'application.yaml.j2') }}"
+
+  - name: Remove showroom ApplicationSet (multi user)
+    when:
+    - _showroom_user_data.users is defined
+    - _showroom_user_data.bastion_public_hostname is defined
+    - _showroom_user_data.bastion_ssh_password is defined
+    - _showroom_user_data.bastion_ssh_user_name is defined
+    kubernetes.core.k8s:
+      kubeconfig: "{{ _showroom_kubeconfig | default(omit) }}"
+      state: absent
+      definition: "{{ lookup('template', 'applicationset.yaml.j2') }}"
+
 - name: Remove Projects (single user)
   when: not _showroom_user_data.users is defined
   kubernetes.core.k8s: