diff --git a/.copilot/skills/aap-openshift-2-6/SKILL.md b/.copilot/skills/aap-openshift-2-6/SKILL.md new file mode 100644 index 0000000..fbb0370 --- /dev/null +++ b/.copilot/skills/aap-openshift-2-6/SKILL.md @@ -0,0 +1,80 @@ +--- +name: aap-openshift-2-6 +description: >- + Summarizes Red Hat Ansible Automation Platform 2.6 operator deployment on OpenShift (AnsibleAutomationPlatform CR, platform gateway, external PostgreSQL for gateway/controller/hub/EDA, channels, CSRF, idle_aap). Use when installing or configuring AAP on OpenShift, AAP operator custom resources, external Postgres, Event-Driven Ansible, or automation hub with the 2.6 operator. +--- + +# Ansible Automation Platform 2.6 on OpenShift (operator) + +Authoritative source: [Installing on OpenShift Container Platform — Red Hat Ansible Automation Platform 2.6](https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html-single/installing_on_openshift_container_platform/index). Prefer that guide over this skill for procedure text, screenshots, and version-specific errata. + +## Scope + +- Ground answers in **AAP 2.6** operator on **OpenShift** unless the user specifies another version or target (KVM, VMware, etc.). +- In **2.6**, the **platform gateway** is the unified UI; components are managed through a parent **`AnsibleAutomationPlatform`** custom resource (CR). + +## Planning checklist + +1. **Parent CR required**: After installing the operator, create an **`AnsibleAutomationPlatform`** CR—even if `AutomationController`, `AutomationHub`, or EDA objects already exist. Existing components must be registered via matching **`spec.controller.name`**, **`spec.hub.name`**, **`spec.eda.name`** in the **same namespace** as those CRs. +2. **Namespace**: Do not deploy AAP in **`default`**. Docs recommend **`ansible-automation-platform`** or **`aap`**; use a namespace that runs **only** AAP workloads. +3. **Operator channel** (Subscription): + - **`stable-2.6`**: namespace-scoped operator (typical). + - **`stable-2.6-cluster-scoped`**: manages AAP CRs across namespaces; needs broader permissions. + - **Do not** switch between normal and cluster-scoped channels on the same install. +4. **OpenShift**: AAP 2.6 operator is documented for **OpenShift 4.12 through 4.17** and later—confirm current matrix in the same guide if the cluster version is edge. +5. **Storage**: Automation Hub needs **ReadWriteMany** file storage (or S3/Azure per docs), independent of Postgres placement. + +## External PostgreSQL (single server, multiple databases) + +One external PostgreSQL **instance** may back gateway, controller, hub, and EDA **if each component uses a different database name** on that instance. + +| Component | Where to reference the secret on `AnsibleAutomationPlatform` | +|-----------|----------------------------------------------------------------| +| Platform gateway (shared platform DB) | `spec.database.database_secret` | +| Automation controller | `spec.controller.postgres_configuration_secret` | +| Automation hub | `spec.hub.postgres_configuration_secret` | +| Event-Driven Ansible | `spec.eda.database.database_secret` | + +**PostgreSQL versions**: Managed DB shipped with the operator uses **PostgreSQL 15**. **External** databases support **15, 16, and 17**; for 16/17 you rely on **external** backup/restore processes (not the operator-managed Postgres backup story). + +**Secret (`type: unmanaged`)**: Use **`stringData`** with at least **`host`**, **`port`**, **`database`**, **`username`**, **`password`**, **`type: "unmanaged"`**. For controller/hub, **`sslmode`** is valid for external DBs (`prefer`, `disable`, `allow`, `require`, `verify-ca`, `verify-full`). **Password must not** contain single quote, double quote, or backslash (docs warn this breaks deploy/backup/restore). + +**Automation Hub on external Postgres**: Enable the **`hstore`** extension on the Hub database **before** install (migrations assume it; managed Postgres does this automatically). + +**Optional_TLS**: If automation controller must trust a private CA, use **`bundle_cacert_secret`** on the `AnsibleAutomationPlatform` CR (secret containing **`bundle-ca.crt`**). + +For copy-paste YAML skeletons, see [reference.md](reference.md). + +## Configuration discovery + +- Parent CR: `oc explain ansibleautomationplatform.spec` +- Nested examples: `oc explain ansibleautomationplatform.spec.controller.postgres_configuration_secret` +- Full tree: `oc explain ansibleautomationplatform.spec.controller --recursive` (repeat for `hub`, `eda`) + +Prefer editing the **AnsibleAutomationPlatform** CR so the operator propagates settings. When **removing** parameters, clear them from **both** the parent CR and any nested component CR if the operator created overrides. + +## Platform gateway / CSRF / ingress + +- Operator creates **Routes** and CSRF defaults for OpenShift Routes. +- **External ingress** (non-Route): configure **`CSRF_TRUSTED_ORIGINS`** (and related gateway settings) per **Configuring your CSRF settings for your platform gateway operator ingress** in the same guide. +- **Controller UI "CSRF" settings** in 2.6 **do not** drive platform gateway CSRF behavior (gateway is separate). + +## Scaling and DR-friendly idle + +- To scale **down** controller, hub, gateway, EDA workloads together: set **`idle_aap: true`** under **`spec`** on the **`AnsibleAutomationPlatform`** CR; set **`false`** to bring services back. +- For upgrades/migrations, follow the guide's backup CRs (**AutomationControllerBackup**, **AutomationHubBackup**, **EDABackup**) and release notes. + +## Common pitfalls (from product docs) + +- **DateStyle / timestamptz**: External DBs with non-ISO `DateStyle` (e.g. Redwood) can break parsing; docs describe setting `datestyle = 'iso, mdy'` and reloading Postgres. +- **PVCs**: Deleting an `AutomationController` or `AutomationHub` CR **does not** delete PVCs—clean up stale claims before redeploying the same instance name. +- **Existing 2.4 external DB on upgrade**: May only need **`spec.database.database_secret`** while other components keep prior DBs until migrated—see **aap-configuring-existing-external-db-all-default-components** in the guide appendix. + +## When unsure + +1. Cite or follow the linked **Installing on OpenShift Container Platform 2.6** chapter that matches the task (external DB, Hub storage, EDA, Lightspeed, MCP, upgrade). +2. Use **`oc explain`** on the live cluster for field names—CRDs can add fields in newer z-streams. + +## Further detail + +- [reference.md](reference.md) — Minimal `AnsibleAutomationPlatform` external-DB layout and secret keys. diff --git a/.copilot/skills/aap-openshift-2-6/reference.md b/.copilot/skills/aap-openshift-2-6/reference.md new file mode 100644 index 0000000..84eb6d8 --- /dev/null +++ b/.copilot/skills/aap-openshift-2-6/reference.md @@ -0,0 +1,71 @@ +# AAP 2.6 on OpenShift — reference snippets + +Source: [Installing on OpenShift Container Platform — AAP 2.6](https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html-single/installing_on_openshift_container_platform/index) (Appendix: custom resources, Chapter 5 external database sections). + +These are structural examples only—adjust names, namespaces, and storage classes to the environment. + +## External Postgres secrets (four logical databases, one server) + +Use **different** `database:` values in each secret when sharing one PostgreSQL instance. + +**Gateway (platform) secret** — referenced by `spec.database.database_secret`: + +- Keys follow the gateway external-DB procedure in the guide (same unmanaged connection pattern). + +**Controller / Hub secrets** — `postgres_configuration_secret`; include `sslmode` when using TLS. + +**EDA secret** — nested as `spec.eda.database.database_secret` in the full-platform example below. + +## AnsibleAutomationPlatform: all default components on external Postgres + +Matches appendix pattern **`aap-configuring-external-db-all-default-components.yml`** (names are illustrative): + +```yaml +apiVersion: aap.ansible.com/v1alpha1 +kind: AnsibleAutomationPlatform +metadata: + name: myaap + namespace: ansible-automation-platform +spec: + database: + database_secret: external-postgres-configuration-gateway + controller: + postgres_configuration_secret: external-postgres-configuration-controller + hub: + postgres_configuration_secret: external-postgres-configuration-hub + storage_type: file + file_storage_storage_class: + file_storage_size: 10Gi + eda: + database: + database_secret: external-postgres-configuration-eda +``` + +Hub still requires **content** storage (RWX file, S3, or Azure) even when Postgres is external. + +## Controller external Postgres secret (minimal shape) + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: external-postgres-configuration-controller + namespace: ansible-automation-platform +type: Opaque +stringData: + host: "" + port: "5432" + database: "" + username: "" + password: "" + sslmode: "prefer" + type: "unmanaged" +``` + +## Lightspeed with external DB (optional) + +If **Ansible Lightspeed** is enabled and uses an external DB, the guide shows an additional `lightspeed.database.database_secret` alongside auth/model secrets. See **`aap-configuring-external-db-with-lightspeed-enabled.yml`** in the appendix and the Lightspeed chapters. + +## Subscription channel example (CLI) + +The guide uses **`channel: 'stable-2.6'`** with `name: ansible-automation-platform-operator` and `source: redhat-operators` / `openshift-marketplace`. Verify the exact channel string in OperatorHub for your cluster date. diff --git a/.copilot/skills/ansible-redhat-cop-practices/SKILL.md b/.copilot/skills/ansible-redhat-cop-practices/SKILL.md new file mode 100644 index 0000000..8be599a --- /dev/null +++ b/.copilot/skills/ansible-redhat-cop-practices/SKILL.md @@ -0,0 +1,124 @@ +--- +name: ansible-redhat-cop-practices +description: Applies Red Hat Community of Practice (redhat-cop) Ansible good practices when writing or reviewing roles, playbooks, collections, inventories, and plugins in this project. Use when working with Ansible in EDB_Testing, Trusted Postgres Architect (TPA), redhat-cop, GPA, or Ansible best practices. +--- + +# Red Hat COP Ansible Good Practices + +Follow the [Good Practices for Ansible (GPA)](https://redhat-cop.github.io/automation-good-practices/) from the Red Hat Community of Practice. Source: [github.com/redhat-cop/automation-good-practices](https://github.com/redhat-cop/automation-good-practices). + +## Guiding principles (Zen of Ansible) + +- Clear is better than cluttered. Concise is better than verbose. Simple is better than complex. Readability counts. +- Playbooks are not for programming; put logic in roles or custom modules. +- Declarative is better than imperative (most of the time). Convention over configuration. +- Helping users get things done matters most. User experience beats ideological purity. +- Every task should be idempotent; support check mode where possible. + +## Structures + +- **Landscape** → deploy at once (workflow or "playbook of playbooks"). +- **Type** → one per host; one playbook fully deploys that type. +- **Function** → implemented as a **role**; reusability. +- **Component** → task files inside a role (or separate component-roles if large); maintainability. + +Use roles for actual logic; keep playbooks as a list of roles. Avoid mixing `roles` and `tasks` (with include_role/import_role) in the same play—pick one style. + +## Roles + +### Design and naming + +- Design roles by **functionality**, not software implementation (e.g. "NTP configuration" role, not "chrony role"). +- **Variable naming**: prefix all defaults and role arguments with the role name (e.g. `foo_packages`, not `packages`). Internal (non-user) variables: prefix with two underscores, e.g. `__foo_variable`. +- **Tags**: prefix with role name or a unique descriptive prefix. +- **Role names**: no dashes (causes issues with collections); use underscores if needed. +- **Modules in roles**: prefix with role name, e.g. `foo_module`. +- Do not rely on host group names in roles; use a (list) variable or make the group name a role parameter. Set that variable at group level in inventory if needed. + +### Vars vs defaults + +- **defaults/main.yml**: every argument from outside the role gets a default here; document in README. Use for optional keys; no meaningful default → leave commented and let the role fail if undefined. +- **vars/main.yml**: static/magic values and large lists; do not use for user-overridable defaults (high precedence). +- Required packages → `vars/main.yml` as `foo_packages`; extra packages → `foo_extra_packages` in defaults (default `[]`). + +### Platform and provider + +- Avoid distribution/version checks in tasks. Use **vars per platform**: e.g. `vars/RedHat_8.yml`, `vars/Fedora.yml`, loaded via `include_vars` with `role_path` and a loop from least to most specific (`os_family`, `distribution`, `distribution_major_version`, `distribution_version`). Use `ansible_facts['distribution']` (bracket notation), not `ansible_distribution`. +- Multiple implementations (providers): input variable `$ROLENAME_provider`; if unset, detect current provider or choose by OS. Set `$ROLENAME_provider_os_default` for the default per OS. +- Platform-specific **tasks**: use `lookup('first_found')` with files from most to least specific, with a `default.yml` (or `skip: true`). Use `role_path` for paths. + +### Idempotency and check mode + +- Roles must be idempotent and report changes correctly (no fake changes on second run). For `command:` (or similar), set `changed_when:` explicitly. +- Support check mode when possible; document and justify if not. Use idempotent modules or `check_mode:`/`changed_when:`; avoid relying on registered vars from skipped non-idempotent tasks. + +### Files and templates + +- Use `{{ role_path }}/vars/...` and `{{ role_path }}/tasks/...` for includes with variable filenames so files are resolved within the role only. +- Templates: add `{{ ansible_managed | comment }}` at top; no "Last modified" dates (breaks idempotent change reporting). Prefer `backup: true` unless users need it configurable. +- Document clearly which config files the role **replaces** vs modifies. + +### Other role rules + +- Use Galaxy-compatible skeleton; semantic versioning for tags (0.y.z until stable). Use FQCN in examples (e.g. `kubernetes.core.k8s`, `ansible.posix.synchronize`). +- README: purpose, required/optional arguments, idempotent (Y/N), capabilities, example playbooks, rollback if applicable. +- Sub-task files: prefix task names with a short hint, e.g. `sub | Some task description`. +- From Ansible 2.11+: use `meta/argument_specs.yml` for role argument validation. + +## Coding style + +- **Naming**: `snake_case`; valid Python identifiers (no special chars in variables). Mnemonic names; avoid abbreviations or capitalize them. Name all tasks, plays, and blocks; task names in **imperative** ("Ensure service is running"). No numbering in role/playbook names. +- **YAML**: indent 2 spaces; indent list contents beyond the list marker. Use `.yml` extension. Use `true`/`false` for booleans (not `yes`/`no` or `True`/`False`). Spell out task arguments in YAML form (no `key=value`). Double quotes for YAML strings; single quotes for Jinja2 strings. No quotes for short keywords like `present`, `absent`. +- **Jinja2**: one space inside `{{ }}`, e.g. `{{ myvar }}`. Use bracket notation for keys: `item['key']`, not `item.key`. Use `| bool` for bare variables in `when:`. Long lines: use YAML folding `>-`; break long `when:` (and conditions) into a list. Prefer filter plugins over complex Jinja for data transformation. +- **Tasks**: prefer dedicated modules over `command`/`shell`; if using them, add a comment and ensure idempotency/check mode. Do not use `meta: end_play` (use `meta: end_host` if needed). Dynamic task names: put Jinja at the **end** of the name string (e.g. "Manage device {{ device }}"). Avoid variables in play names and in default loop variable in task names. +- **Debug**: set `verbosity:` on debug tasks so production logs stay clean. + +## Playbooks + +- Keep playbooks **simple**: ideally a list of roles (or a list of import_role/include_role tasks). Put logic in roles. +- Use either **roles** or **tasks** (with import_role/include_role), not both in the same play. +- **Tags**: use only (1) role-named tags to enable/disable roles, or (2) purpose-level tags that are safe to run alone. One tag should be enough for a meaningful outcome. Document tags. Never use tags that are unsafe or meaningless when used alone. + +## Collections + +- Structure at type or landscape level. Package roles in a collection for distribution and execution environments. +- Collection-wide variables: document them; reference in role defaults, e.g. `alpha_controller_username: "{{ mycollection_controller_username }}"`. Keep role variable naming (e.g. `alpha_*`) so roles stay reusable outside the collection. +- Include root README (purpose, license link, supported ansible-core versions, dependencies) and LICENSE or COPYING. + +## Inventories + +- **Single source of truth (SSOT)**: identify SSOTs (cloud/CMDB/inventory) and combine via dynamic inventory; keep only what is not provided elsewhere in static inventory. +- **As-Is vs To-Be**: keep discovered state (facts) separate from desired state (variables). Do not mix them. +- **Structure**: use an **inventory directory** with `group_vars/`, `host_vars/` (directories per group/host with one or more YAML files), and host/group lists. Avoid a single monolithic file when combining multiple sources. +- **Loop over hosts**: run plays against inventory groups and use host/group variables; do not maintain a separate list of hosts and loop over it. Use `--limit` and Ansible's parallelism instead of hand-written loops over host lists. + +## Inventories and variables (precedence) + +- Prefer **inventory variables** for desired state; avoid play/playbook variables and `include_vars` for that. Use extra vars for debugging/temporary overrides, not for defining desired state. +- Restrict variable types: prefer inventory vars and role defaults; use scoped (block/task) vars only when needed (e.g. loops, temporary values). + +## Plugins + +- Document all plugins (parameters, return values, examples). Use reST/Sphinx docstrings and Python type hints. Prefer **pytest** for unit tests. Keep plugin entry files small; move reusable logic to module_utils/ or plugin_utils/. Use ansible.plugin_builder for new plugins. Use clear, specific error messages and appropriate verbosity for info. + +## Quick checklist when writing or reviewing + +- [ ] Role vars/defaults prefixed with role name; internals with `__`. +- [ ] No hardcoded group names; use variables or parameters. +- [ ] Platform-specific data in vars files; paths use `role_path`. +- [ ] Idempotent tasks; `changed_when:` for command/shell where needed. +- [ ] Playbook is simple (roles or import_role list); not mixing roles + tasks section. +- [ ] Tags are role-level or purpose-level and safe alone. +- [ ] Bracket notation for facts/vars; imperative task names; `.yml`; 2-space indent. +- [ ] Inventory as directory with group_vars/host_vars; desired state in inventory, not extra vars. + +## Project context (EDB_Testing) + +- **Postgres automation:** Prefer **[TPA](https://github.com/EnterpriseDB/tpa)** for host-based clusters ([docs/install-tpa.md](../../../docs/install-tpa.md)). **OpenShift:** operator + manual/GitOps ([docs/install-kubernetes-manual.md](../../../docs/install-kubernetes-manual.md)); custom Ansible playbooks live in your own project or AAP SCM, not a vendored collection here. +- When authoring roles or playbooks for this repo's **docs/scripts** only, follow the variable-prefix and structure rules in this skill. + +## Additional resources + +- Full guidelines and rationale: [reference.md](reference.md) (if present) +- Official GPA site: https://redhat-cop.github.io/automation-good-practices/ +- Red Hat COP repo: https://github.com/redhat-cop/automation-good-practices diff --git a/.copilot/skills/ansible-redhat-cop-practices/reference.md b/.copilot/skills/ansible-redhat-cop-practices/reference.md new file mode 100644 index 0000000..71c6c31 --- /dev/null +++ b/.copilot/skills/ansible-redhat-cop-practices/reference.md @@ -0,0 +1,13 @@ +# Red Hat COP Automation Good Practices – Reference + +This file supplements the main skill with links and optional detail. Use when you need the full rationale or official wording. + +## Official sources + +- **Good Practices for Ansible (GPA)**: https://redhat-cop.github.io/automation-good-practices/ +- **GitHub repository**: https://github.com/redhat-cop/automation-good-practices +- **Main reference (in repo)**: [reference.md](https://github.com/redhat-cop/automation-good-practices/blob/main/reference.md) – detailed guidelines and rationale + +## Summary + +The GPA emphasizes: roles for logic, simple playbooks, idempotency, variable naming (role-prefixed), platform-specific vars/tasks via vars files and `first_found`, inventory as SSOT for desired state, and consistent YAML/Jinja2 style. When in doubt, prefer the official GPA site or repo for the authoritative text. diff --git a/CHANGELOG.md b/CHANGELOG.md index 19533eb..4d4acfd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,23 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Added + +#### Documentation - April 2026 +- **[2026-04-09]** Documentation cleanup and standardization ([#39](https://github.com/Red-Hat-EnterpriseDB-Testing/EDB_Testing/pull/39)) + - Standardized terminology across 16 documentation files (100+ instances: "Postgres" → "PostgreSQL") + - Added language tags to 40+ code blocks for proper syntax highlighting + - Improved professional presentation and accessibility (removed emoji from tables) + - Enhanced searchability with consistent terminology + - Preserved technical accuracy (Trusted Postgres Architect, postgres user, namespaces) + - Follows CONTRIBUTING.md and CLAUDE.md standards +- **[2026-04-06]** Added CLAUDE.md and AAP OpenShift DR architecture documentation ([#38](https://github.com/Red-Hat-EnterpriseDB-Testing/EDB_Testing/pull/38)) + - Comprehensive CLAUDE.md guide for future Claude Code instances + - Repository structure, development commands, code standards, and common tasks + - Platform-specific context (OpenShift AAP 2.6, CloudNativePG, RHEL/TPA) + - DR testing workflow and Ansible best practices reference + - AAP OpenShift DR architecture documentation with external PostgreSQL patterns + ## [1.0.0] - 2026-04-03 ### Added diff --git a/docs/aap-deployment-validation-crc.md b/docs/aap-deployment-validation-crc.md index 48a1b13..69689c1 100644 --- a/docs/aap-deployment-validation-crc.md +++ b/docs/aap-deployment-validation-crc.md @@ -42,14 +42,14 @@ ### PostgreSQL Cluster Status -``` +```text NAME AGE INSTANCES READY STATUS PRIMARY postgresql 14m 2 2 Cluster in healthy state postgresql-1 ``` ### PostgreSQL Pods -``` +```text NAME READY STATUS RESTARTS AGE postgresql-1 1/1 Running 0 13m postgresql-2 1/1 Running 0 13m @@ -57,7 +57,7 @@ postgresql-2 1/1 Running 0 13m ### Storage (PVCs) -``` +```text NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS postgresql-1 Bound pvc-ed8962e4-37cd-4a35-baa6-6beed219ed96 500Mi RWO topolvm-provisioner postgresql-2 Bound pvc-f717345f-892a-4c56-b61f-4bed5678c756 500Mi RWO topolvm-provisioner @@ -65,7 +65,7 @@ postgresql-2 Bound pvc-f717345f-892a-4c56-b61f-4bed5678c756 500Mi RW ### Database List -``` +```text Name | Owner | Encoding | Collate | Ctype ----------------------+-------+----------+---------+------- automation_controller | aap | UTF8 | C | C @@ -76,13 +76,13 @@ platform_gateway | aap | UTF8 | C | C ### Database Connection Test -``` +```text PostgreSQL 16.6 (Debian 16.6-1.pgdg110+1) on aarch64-unknown-linux-gnu ``` ### Replication Status -``` +```text client_addr | state | sync_state -------------+-----------+------------ 10.42.0.125 | streaming | async diff --git a/docs/cicd-pipeline.md b/docs/cicd-pipeline.md index 04430f2..e738dd1 100644 --- a/docs/cicd-pipeline.md +++ b/docs/cicd-pipeline.md @@ -87,7 +87,7 @@ git push origin feature/my-changes **Example Output:** -``` +```text Running yamllint on YAML files... ✅ All YAML files passed linting @@ -132,7 +132,7 @@ Testing Kustomize build: db-deploy/sample-cluster/base **Example Output:** -``` +```text Checking: scripts/scale-aap-up.sh ✅ No issues found @@ -190,7 +190,7 @@ fi The workflow detects which files changed and only runs relevant checks: -``` +```text Changed files detected: YAML files: true → Run YAML validation Scripts: false → Skip shell validation @@ -217,7 +217,7 @@ Automatically scans for: **PR Size Warnings:** -``` +```text ⚠️ Large PR: 52 files changed (consider splitting) ⚠️ Large PR: 1,234 lines changed (consider splitting) ``` @@ -277,7 +277,7 @@ git commit --no-verify -m "Emergency fix" **Example Pre-commit Output:** -``` +```text Trim trailing whitespace............Passed Fix end of files...................Passed Check YAML syntax..................Passed diff --git a/docs/component-testing-results.md b/docs/component-testing-results.md index 6dbc459..4e9d1cf 100644 --- a/docs/component-testing-results.md +++ b/docs/component-testing-results.md @@ -53,7 +53,7 @@ get_timestamp_ms() { ``` **Results:** -``` +```text Test Timeline: Start: 2026-03-31 12:46:49.937 + preflight-check 2.054s @@ -96,7 +96,7 @@ oc exec -n edb-postgres postgresql-1 -- \ ``` **Result:** -``` +```text f ``` ✅ Returns `f` (false) = **PRIMARY** mode @@ -114,7 +114,7 @@ oc exec -n edb-postgres postgresql-1 -- \ ``` **Result:** -``` +```text 0 ``` ✅ No replicas (expected for single-node cluster) @@ -376,7 +376,7 @@ Once tested in multi-cluster staging environment with AAP deployed, confidence w ## Test Artifacts **Files Generated:** -``` +```text /tmp/dr-metrics/ ├── rto-rpo-demo-complete-test.json ├── rto-rpo-test-demo-001.json @@ -386,13 +386,13 @@ Once tested in multi-cluster staging environment with AAP deployed, confidence w ``` **Scripts Modified:** -``` +```text /Users/cferman/Documents/GitHub/EDB_Testing/scripts/ └── measure-rto-rpo.sh (2 functions updated, 1 bug fixed) ``` **Documentation Created:** -``` +```text /Users/cferman/Documents/GitHub/EDB_Testing/docs/ └── component-testing-results.md (this file) ``` diff --git a/docs/dr-scenarios.md b/docs/dr-scenarios.md index 4f70d1c..1d57501 100644 --- a/docs/dr-scenarios.md +++ b/docs/dr-scenarios.md @@ -2,7 +2,7 @@ ## Scenario 1: Datacenter 1 Complete Failure -1. **Detection**: Global load balancer health checks fail for DC1 AAP (3 consecutive failures = 15 seconds) +1. **Detection**: Global load balancer health checks fail for DC1 Ansible Automation Platform (AAP) (3 consecutive failures = 15 seconds) 2. **Traffic Shift**: GLB automatically routes all traffic to DC2 AAP instance 3. **Database Promotion**: DC2 AAP database promoted from read-only replica to read-write primary 4. **AAP Activation**: DC2 AAP takes over management of both OpenShift clusters @@ -14,7 +14,7 @@ 7. **RTO**: < 1 minute (15s detection + 45s promotion/cutover) 8. **RPO**: Depends on replication lag (typically < 5 seconds) -## Scenario 2: AAP Instance Failure in DC1 (OpenShift restarts pods or rhel starts up services ) +## Scenario 2: AAP Instance Failure in DC1 (OpenShift restarts pods or RHEL starts up services) 1. **Detection**: Load balancer marks DC1 AAP as unhealthy 2. **Automatic Failover**: Traffic shifted to DC2 AAP (passive becomes active) diff --git a/docs/enterprisefailovermanager.md b/docs/enterprisefailovermanager.md index a3c69c5..249f852 100644 --- a/docs/enterprisefailovermanager.md +++ b/docs/enterprisefailovermanager.md @@ -1,6 +1,6 @@ # EDB EFM (Enterprise Failover Manager) Integration -EDB Failover Manager (EFM) can automatically trigger the AAP cluster management scripts during PostgreSQL database failover events. This provides seamless coordination between database failover and AAP cluster activation. +EDB Failover Manager (EFM) can automatically trigger the Ansible Automation Platform (AAP) cluster management scripts during PostgreSQL database failover events. This provides seamless coordination between database failover and AAP cluster activation. [← Back to main README](../README.md#aap-cluster-management) @@ -157,7 +157,7 @@ Edit the EFM configuration file for your cluster: **File**: `/etc/edb/efm-4.x/efm.properties` -```properties +```ini # Post-Promotion Script (runs on newly promoted primary) # This script activates AAP in the datacenter where database was promoted script.post.promotion=/usr/edb/efm-4.x/bin/efm-aap-failover-wrapper.sh %h %s %a %v @@ -337,7 +337,7 @@ fi ## Troubleshooting and Rollback -For EFM integration troubleshooting (script execution, timeouts, OpenShift authentication, network connectivity) and rollback procedures when AAP fails to start during failover, see **[Troubleshooting](troubleshooting.md)**. +For EFM integration troubleshooting (script execution, timeouts, OpenShift authentication, network connectivity) and rollback procedures when AAP fails to start during failover, see [Troubleshooting](troubleshooting.md). ## Best Practices diff --git a/docs/openshift-aap-architecture.md b/docs/openshift-aap-architecture.md index 4d18dd0..748b982 100644 --- a/docs/openshift-aap-architecture.md +++ b/docs/openshift-aap-architecture.md @@ -7,7 +7,7 @@ This page summarizes how **AAP** is positioned on **OpenShift** in this reposito ## Topology (summary) - **One AAP footprint per OpenShift cluster** you treat as a site (typical namespace: `ansible-automation-platform`). -- **Postgres for AAP workloads** can be the **EDB Postgres on OpenShift** `Cluster` (e.g. `postgresql` in namespace `edb-postgres`) or another supported external database per Red Hat guidance. +- **PostgreSQL for AAP workloads** can be the **EDB PostgreSQL on OpenShift** `Cluster` (e.g. `postgresql` in namespace `edb-postgres`) or another supported external database per Red Hat guidance. - **Active / passive between sites**: only one site should run production AAP against the **read-write** database primary; the other site keeps **workloads off** or scaled down until DR. ## Day-0 install (this repo) @@ -15,9 +15,9 @@ This page summarizes how **AAP** is positioned on **OpenShift** in this reposito - **Concrete steps** (subscription, SQL bootstrap, secrets, `AnsibleAutomationPlatform` CR): **[`aap-deploy/openshift/README.md`](../aap-deploy/openshift/README.md)**. - **Wider HA/DR narrative** (two sites, replica secrets, EDA): **[`aap-deploy/README.md`](../aap-deploy/README.md)**. -## Postgres and networking +## PostgreSQL and networking -- In-cluster EDB clusters follow **EDB Postgres on OpenShift** CRDs (`postgresql.k8s.enterprisedb.io/v1`). See **[`docs/install-kubernetes-manual.md`](install-kubernetes-manual.md)** and **[`db-deploy/README.md`](../db-deploy/README.md)**. +- In-cluster EDB clusters follow **EDB PostgreSQL on OpenShift** CRDs (`postgresql.k8s.enterprisedb.io/v1`). See **[`docs/install-kubernetes-manual.md`](install-kubernetes-manual.md)** and **[`db-deploy/README.md`](../db-deploy/README.md)**. - **Replication across clusters** (passive replica pattern): **[`db-deploy/cross-cluster/README.md`](../db-deploy/cross-cluster/README.md)**. ## Operations diff --git a/docs/rhel-aap-architecture.md b/docs/rhel-aap-architecture.md index cf50013..7e9ee53 100644 --- a/docs/rhel-aap-architecture.md +++ b/docs/rhel-aap-architecture.md @@ -15,7 +15,7 @@ This page summarizes **AAP on RHEL** (systemd-based) in this repository’s refe - **Start / stop scripts** (orderly bring-up or shutdown): `**[scripts/start-aap-cluster.sh](../scripts/start-aap-cluster.sh)`**, `**[scripts/stop-aap-cluster.sh](../scripts/stop-aap-cluster.sh)**` — described in `**[scripts/README.md](../scripts/README.md)**`. - Example systemd wrapper: `**[scripts/aap-cluster.service](../scripts/aap-cluster.service)**`. -## Postgres on RHEL +## PostgreSQL on RHEL - **Recommended automation** for PostgreSQL on hosts: **[Trusted Postgres Architect (TPA)](install-tpa.md)** ([upstream](https://github.com/EnterpriseDB/tpa)). - **Manual install** (no TPA): `**[docs/install-rhel-manual.md](install-rhel-manual.md)`**. diff --git a/docs/scripts-hooks-and-cicd.md b/docs/scripts-hooks-and-cicd.md index 6815416..bfab33a 100644 --- a/docs/scripts-hooks-and-cicd.md +++ b/docs/scripts-hooks-and-cicd.md @@ -37,7 +37,7 @@ Location: `tests/hooks/` - `1` - One or more scripts lack execute permission **Example Output:** -``` +```text ⚠️ Script not executable: scripts/my-script.sh Fix with: chmod +x scripts/my-script.sh @@ -93,7 +93,7 @@ repos: - `1` - One or more manifests failed validation **Example Output:** -``` +```text Validating: manifests/deployment.yaml ✅ Valid Validating: manifests/service.yaml @@ -241,7 +241,7 @@ api[_-]?key\s*=\s*['\"][^'\"]+['\"] **Example Output:** -``` +```text ============================================= Running CI Checks Locally ============================================= @@ -280,7 +280,7 @@ You're ready to push your changes. **Failure Output:** -``` +```text ============================================= Summary ============================================= @@ -378,7 +378,7 @@ git commit -m "Update script" **If hooks fail:** -``` +```text Check script permissions.................................................Failed - hook id: check-script-permissions - exit code: 1 @@ -581,7 +581,7 @@ echo $VARIABLE_WITHOUT_QUOTES ``` Or configure globally in `.shellcheckrc`: -``` +```text disable=SC2086 ``` @@ -599,6 +599,6 @@ Use `--ignore-missing-schemas` flag (already enabled in hooks). ## See Also -- [scripts-guide.md](scripts-guide.md) - Complete scripts documentation -- [scripts-library-reference.md](scripts-library-reference.md) - Library functions -- [cicd-pipeline.md](cicd-pipeline.md) - CI/CD pipeline documentation +- [Scripts Guide](scripts-guide.md) - Complete scripts documentation +- [Scripts Library Reference](scripts-library-reference.md) - Library functions +- [CI/CD Pipeline](cicd-pipeline.md) - CI/CD pipeline documentation diff --git a/docs/scripts-library-reference.md b/docs/scripts-library-reference.md index 13a217b..6221769 100644 --- a/docs/scripts-library-reference.md +++ b/docs/scripts-library-reference.md @@ -6,7 +6,7 @@ This document provides detailed reference for shared library functions used acro The `scripts/lib/` directory contains reusable Bash libraries that provide common functionality: -- **aap-scaling.sh** - AAP deployment scaling and validation functions +- **aap-scaling.sh** - Ansible Automation Platform (AAP) deployment scaling and validation functions - **logging.sh** - Standardized logging and output formatting ## aap-scaling.sh @@ -547,6 +547,6 @@ fi ## See Also -- [scripts-guide.md](scripts-guide.md) - Complete scripts documentation -- [dr-testing-guide.md](dr-testing-guide.md) - DR testing procedures -- [split-brain-prevention.md](split-brain-prevention.md) - Split-brain prevention details +- [Scripts Guide](scripts-guide.md) - Complete scripts documentation +- [DR Testing Guide](dr-testing-guide.md) - DR testing procedures +- [Split-Brain Prevention](split-brain-prevention.md) - Split-brain prevention details diff --git a/reports/aap-architecture-validation-report.md b/reports/aap-architecture-validation-report.md index 2745395..9361398 100644 --- a/reports/aap-architecture-validation-report.md +++ b/reports/aap-architecture-validation-report.md @@ -43,7 +43,7 @@ This report validates the [AAP Containerized DR Architecture](aap-containerized- | Aspect | Red Hat Standard | Our Design | Status | |--------|------------------|------------|--------| -| **PostgreSQL Version** | 15, 16, or 17 | EDB Postgres Advanced 16 | ✅ **COMPATIBLE** | +| **PostgreSQL Version** | 15, 16, or 17 | EDB PostgreSQL Advanced 16 | ✅ **COMPATIBLE** | | **ICU Support** | Required for external DB | EDB includes ICU | ✅ **COMPATIBLE** | | **Backup/Restore** | PG 16/17 need external | Barman Cloud + WAL archive | ✅ **COMPATIBLE** | | **Database Names** | User-defined | awx, automationhub, automationedacontroller, automationgateway | ✅ **CORRECT** | diff --git a/reports/documentation-audit-report.md b/reports/documentation-audit-report.md index 4da252e..3d9be78 100644 --- a/reports/documentation-audit-report.md +++ b/reports/documentation-audit-report.md @@ -119,7 +119,7 @@ The EDB_Testing repository contains **comprehensive and high-quality documentati - ⚠️ No clear "getting started" path for new users **Recommended Structure:** -``` +```text docs/ ├── INDEX.md # ← CREATE THIS (central navigation) ├── getting-started/ @@ -236,7 +236,7 @@ docs/ **1. Missing Documentation Index** - **Severity:** Critical - **Impact:** Users cannot easily navigate documentation -- **Recommendation:** Create `/docs/INDEX.md` with categorized links to all documentation +- **Recommendation:** Create `docs/INDEX.md` with categorized links to all documentation - **Effort:** 1 hour - **Priority:** P0 (Week 1) @@ -249,9 +249,9 @@ docs/ - **Completed:** 2026-03-31 **3. No CONTRIBUTING.md** ✅ **RESOLVED** -- **Status:** Created `/CONTRIBUTING.md` (621 lines) +- **Status:** Created `CONTRIBUTING.md` (621 lines) - **Content:** Documentation standards, code standards, testing requirements, PR process -- **Recommendation:** Create `/CONTRIBUTING.md` with: +- **Recommendation:** Create `CONTRIBUTING.md` with: - Documentation standards (headings, code blocks, terminology) - PR checklist and review process - Testing requirements before merging @@ -266,7 +266,7 @@ docs/ - **Impact:** Difficult to track documentation changes, compatibility unclear - **Recommendation:** - Add version numbers to major docs (e.g., `v1.0 - 2026-03-31`) - - Create `/docs/CHANGELOG.md` for documentation updates + - Create `docs/CHANGELOG.md` for documentation updates - Consider using Git tags for releases - **Effort:** 1 hour - **Priority:** P1 (Week 3) @@ -289,7 +289,7 @@ docs/ - "PostgreSQL" vs "Postgres" vs "postgres" - "OpenShift cluster" vs "OCP cluster" - "datacenter" vs "data center" -- **Recommendation:** Create `/docs/GLOSSARY.md` with: +- **Recommendation:** Create `docs/GLOSSARY.md` with: - Preferred terminology - Abbreviations and expansions - Consistent capitalization rules @@ -315,7 +315,7 @@ docs/ **8. No Glossary** - **Severity:** Minor - **Impact:** New users may not understand abbreviations -- **Recommendation:** Create `/docs/GLOSSARY.md` +- **Recommendation:** Create `docs/GLOSSARY.md` - **Effort:** 1 hour - **Priority:** P2 (Month 2) @@ -332,7 +332,7 @@ docs/ **10. No FAQ** - **Severity:** Minor - **Impact:** Common questions require digging through docs -- **Recommendation:** Create `/docs/FAQ.md` based on: +- **Recommendation:** Create `docs/FAQ.md` based on: - Troubleshooting section common issues - Questions from users/PRs - Deployment gotchas @@ -435,7 +435,7 @@ docs/ ### High Priority (Week 1-2) 1. **Create Documentation Index** - - File: `/docs/INDEX.md` + - File: `docs/INDEX.md` - Content: Categorized links to all documentation - Effort: 1 hour - Impact: High (immediately improves navigation) @@ -447,13 +447,13 @@ docs/ - Impact: High (prevents broken links) 3. **Create CONTRIBUTING.md** - - File: `/CONTRIBUTING.md` + - File: `CONTRIBUTING.md` - Content: Documentation standards, PR guidelines, testing requirements - Effort: 2 hours - Impact: High (improves contribution quality) 4. **Security Hardening Guide** - - File: `/docs/security-hardening.md` + - File: `docs/security-hardening.md` - Content: TLS, RBAC, secrets, audit logging - Effort: 12 hours - Impact: High (production requirement) @@ -461,25 +461,25 @@ docs/ ### Medium Priority (Weeks 3-4) 5. **Monitoring and Alerting Guide** - - File: `/docs/monitoring-alerting.md` + - File: `docs/monitoring-alerting.md` - Content: Consolidate scattered monitoring info - Effort: 10 hours - Impact: High 6. **Backup and Restore Guide** - - File: `/docs/backup-restore-procedures.md` + - File: `docs/backup-restore-procedures.md` - Content: Detailed restore examples, PITR procedures - Effort: 6 hours - Impact: High 7. **Documentation Versioning** - Add version numbers to major docs - - Create `/docs/CHANGELOG.md` + - Create `docs/CHANGELOG.md` - Effort: 1 hour - Impact: Medium 8. **Terminology Glossary** - - File: `/docs/GLOSSARY.md` + - File: `docs/GLOSSARY.md` - Content: Preferred terms, abbreviations, standards - Effort: 3 hours (includes updating existing docs) - Impact: Medium @@ -487,19 +487,19 @@ docs/ ### Low Priority (Month 2-3) 9. **Migration Guide** - - File: `/docs/migration-guide.md` + - File: `docs/migration-guide.md` - Content: Upgrade procedures (AAP, PostgreSQL) - Effort: 8 hours - Impact: Medium 10. **Performance Tuning Guide** - - File: `/docs/performance-tuning.md` + - File: `docs/performance-tuning.md` - Content: PostgreSQL, AAP, replication tuning - Effort: 10 hours - Impact: Medium 11. **FAQ** - - File: `/docs/FAQ.md` + - File: `docs/FAQ.md` - Content: Common questions and gotchas - Effort: 2 hours - Impact: Low @@ -531,9 +531,9 @@ docs/ ### Week 1 (5 hours) - [x] Complete documentation audit ✅ -- [ ] Create `/docs/INDEX.md` (1 hour) +- [ ] Create `docs/INDEX.md` (1 hour) - [ ] Fix cross-reference links (2 hours) -- [ ] Create `/CONTRIBUTING.md` (2 hours) +- [ ] Create `CONTRIBUTING.md` (2 hours) ### Week 2 (12 hours) - [ ] Security Hardening Guide (12 hours) diff --git a/reports/dr-architecture-validation-report.md b/reports/dr-architecture-validation-report.md index bf2e46e..ffa47dc 100644 --- a/reports/dr-architecture-validation-report.md +++ b/reports/dr-architecture-validation-report.md @@ -40,7 +40,7 @@ This validation report assesses the disaster recovery (DR) architecture for Ansi - AAP deployments in both datacenters with proper scaling (3 gateway, 3 controller, 2 hub) ✅ **Clear Separation of Concerns** -- Database layer: EDB Postgres on OpenShift (CloudNativePG) +- Database layer: EDB PostgreSQL on OpenShift (CloudNativePG) - Application layer: AAP 2.6 operator with external database - Network layer: OpenShift Routes with TLS passthrough - Orchestration layer: EFM + custom scripts