From c038048fe5ce78d489260eb132e17fd5fd573a86 Mon Sep 17 00:00:00 2001 From: Ritesh Date: Fri, 3 Jan 2025 18:50:41 +0530 Subject: [PATCH 01/17] Updated OLS role with Azure token base authenticaiton --- .../ocp4_workload_ols/defaults/main.yml | 14 +- .../ocp4_workload_ols/tasks/workload.yml | 192 ++++++++++++++++-- .../templates/create_azure_api_token.yml.j2 | 12 ++ .../templates/create_secret_token.yml.j2 | 8 + .../install_azure_app_sp_olsconfig.j2 | 27 +++ .../templates/install_azure_olsconfig.j2 | 3 +- 6 files changed, 231 insertions(+), 25 deletions(-) create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_ols/templates/create_azure_api_token.yml.j2 create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_ols/templates/create_secret_token.yml.j2 create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_ols/templates/install_azure_app_sp_olsconfig.j2 diff --git a/ansible/roles_ocp_workloads/ocp4_workload_ols/defaults/main.yml b/ansible/roles_ocp_workloads/ocp4_workload_ols/defaults/main.yml index 1ffd8ed851e..942e2c87fc4 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_ols/defaults/main.yml +++ b/ansible/roles_ocp_workloads/ocp4_workload_ols/defaults/main.yml @@ -82,13 +82,25 @@ ocp4_workload_ai_platform: azure #openai, azure, watson, openshiftai # Token to Access GPT Model for OpenShift LightSpeed ocp4_workload_ols_api_token_secret: "{{ ocp4_workload_ols_api_token }}" #Coming from Vault +# Select if using bearer token or api key for Azure AI Services +ocp4_workload_ols_token: true #false if using api key based access + +#Mandatory values to pass during Azure AI Services Access using Bearer Token instead of api key +ocp4_workload_ols_main_client_id: "changeme" +ocp4_workload_ols_main_client_secret: "changeme" +ocp4_workload_ols_azure_tenant_id: "changeme" +ocp4_workload_ols_azure_group_id: "changeme" +ocp4_workload_ols_azure_region: "eastus" # e.g., westus, eastus +ocp4_workload_ols_child_app_display_name: "RHDP-lightspeed-guid" + # LLM provider variables (for Azure) ocp4_workload_ols_llm_providers_models_name: gpt-4o ocp4_workload_ols_llm_providers_provide_name: Azure ocp4_workload_ols_llm_providers_provide_type: azure_openai ocp4_workload_ols_llm_providers_url: 'https://ols-test.openai.azure.com/' - ocp4_workload_ols_llm_deploymentname: 4o-jun24 #this variable is required only for Azure + +# Only for Watson Ai Service ocp4_workload_ols_watson_projectid: projectid #Change this with Watson Project ID, only when using Watson Model. # OLS Default Mode vars diff --git a/ansible/roles_ocp_workloads/ocp4_workload_ols/tasks/workload.yml b/ansible/roles_ocp_workloads/ocp4_workload_ols/tasks/workload.yml index b70e475fd8e..7de6bd2068d 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_ols/tasks/workload.yml +++ b/ansible/roles_ocp_workloads/ocp4_workload_ols/tasks/workload.yml @@ -1,4 +1,3 @@ ---- # Implement your Workload deployment tasks here - name: Setting up workload for user debug: @@ -6,29 +5,178 @@ - name: OLS Operator Installation block: - - name: Install OLS Operator - when: ocp4_workload_ols_install_operator | bool - include_tasks: install_ols_operator.yml - - - name: Create secret - kubernetes.core.k8s: - definition: "{{ lookup('ansible.builtin.template', 'templates/create_secret.yml.j2') }}" - wait: true - wait_timeout: 300 - - - name: OLSConfig setup - kubernetes.core.k8s: - definition: "{{ lookup('ansible.builtin.template', 'templates/install_{{ ocp4_workload_ai_platform }}_olsconfig.j2') }}" - wait: true - wait_timeout: 300 - when: ocp4_workload_ai_platform is defined - -- name: Create broken pod - kubernetes.core.k8s: - definition: "{{ lookup('ansible.builtin.template', 'templates/deploy_faulty_pod.yml.j2') }}" + - name: Install OLS Operator + when: ocp4_workload_ols_install_operator | bool + include_tasks: install_ols_operator.yml + + - name: Azure AI Cognitive Services + when: ocp4_workload_ols_token | bool + block: + - name: Get Token for Master App + uri: + url: "https://login.microsoftonline.com/{{ ocp4_workload_ols_azure_tenant_id }}/oauth2/v2.0/token" + method: POST + headers: + Content-Type: "application/x-www-form-urlencoded" + body: "grant_type=client_credentials&client_id={{ ocp4_workload_ols_main_client_id }}&client_secret={{ ocp4_workload_ols_main_client_secret }}&scope=https://graph.microsoft.com/.default" + return_content: yes + status_code: 200 + register: master_token_response + + - name: Debug Master Token Response + debug: + var: master_token_response + + - name: Set Master Access Token + set_fact: + master_access_token: "{{ master_token_response.json.access_token }}" + + - name: Create Child App Registration + uri: + url: "https://graph.microsoft.com/v1.0/applications" + method: POST + headers: + Authorization: "Bearer {{ master_access_token }}" + Content-Type: "application/json" + body: + displayName: "RHDP-lightspeed-{{ GUID }}-5" + passwordCredentials: + - displayName: "ChildAppRegistrationSecret" + body_format: json + return_content: yes + status_code: 201 # Expect 201 Created + register: child_app_response + + - name: Set Child App ID and Secret + set_fact: + _child_app_id: "{{ child_app_response.json.appId }}" + _child_client_secret: "{{ child_app_response.json.passwordCredentials[0].secretText }}" + + # Introduce a 30-second delay before the next tasks + - name: Pause for 30 seconds + pause: + seconds: 30 + + - name: Create Service Principal for Child App + uri: + url: "https://graph.microsoft.com/v1.0/servicePrincipals" + method: POST + headers: + Authorization: "Bearer {{ master_access_token }}" + Content-Type: "application/json" + body: + appId: "{{ _child_app_id | string }}" + body_format: json + return_content: yes + status_code: 201 # Expect 201 Created + register: service_principal_response + + # Introduce a 30-second delay before the next tasks + - name: Pause for 30 seconds + pause: + seconds: 30 + + - name: Set Child Service Principal Object ID + set_fact: + _child_service_principal_object_id: "{{ service_principal_response.json.id }}" + + - name: Add Child App to Azure AD Group + uri: + url: "https://graph.microsoft.com/v1.0/groups/{{ ocp4_workload_ols_azure_group_id }}/members/$ref" + method: POST + headers: + Authorization: "Bearer {{ master_access_token }}" + Content-Type: "application/json" + body: + "@odata.id": "https://graph.microsoft.com/v1.0/directoryObjects/{{ _child_service_principal_object_id }}" + body_format: json + return_content: yes + status_code: [201, 204] # Expect 201 Created or 204 No Content + + # Introduce a 30-second delay before the next tasks + - name: Pause for 30 seconds + pause: + seconds: 30 + + - name: Get Token for Child App using REST API call + uri: + url: "https://login.microsoftonline.com/{{ ocp4_workload_ols_azure_tenant_id }}/oauth2/v2.0/token" + method: POST + headers: + Content-Type: "application/x-www-form-urlencoded" + body_format: form-urlencoded + body: + grant_type: client_credentials + client_id: "{{ _child_app_id }}" + client_secret: "{{ _child_client_secret }}" + scope: https://cognitiveservices.azure.com/.default + register: child_token_response + + - name: Set Child Access Token + set_fact: + _child_access_token: "{{ child_token_response.json.access_token }}" + + # Introduce a 30-second delay before the next tasks + - name: Pause for 30 seconds + pause: + seconds: 30 + + - name: Ask AI Service Using Child App + uri: + url: "https://llm-gpt4-lightspeed.openai.azure.com/openai/deployments/gpt-4/chat/completions?api-version=2023-06-01-preview" + method: POST + headers: + Content-Type: "application/json" + Authorization: "Bearer {{ _child_access_token }}" + body: + messages: + - role: system + content: "You are a helpful assistant." + - role: user + content: "What is the largest city in Spain?" + max_tokens: 100 + body_format: json + register: ai_service_response + + - name: Display AI Service Response + debug: + var: ai_service_response.stdout + + # Create secret and OLSConfig setup based on token condition. + - name : Create secret (Bearer Token) + when : ocp4_workload_ols_token | bool + kubernetes.core.k8s : + definition : "{{ lookup('ansible.builtin.template', 'templates/create_secret_token.yml.j2') }}" + wait : true + wait_timeout : 300 + + - name : OLSConfig setup (Bearer Token) + when : + ocp4_workload_ols_token | bool + and ocp4_workload_ai_platform is defined + kubernetes.core.k8s : + definition : "{{ lookup('ansible.builtin.template', 'templates/install_azure_app_sp_ols_config.yml.j2') }}" + wait : true + wait_timeout : 300 + + - name : Create secret (API Key) + when : not ocp4_workload_ols_token | bool + kubernetes.core.k8s : + definition : "{{ lookup('ansible.builtin.template', 'templates/create_secret.yml.j2') }}" + wait : true + wait_timeout : 300 + + - name : OLSConfig setup (API Key) + when : + not ocp4_workload_ols_token | bool + and ocp4_workload_ai_platform is defined + kubernetes.core.k8s : + definition : "{{ lookup('ansible.builtin.template', 'templates/install_{{ ocp4_workload_ai_platform }}_olsconfig.j2') }}" + wait : true + wait_timeout : 300 # Leave this as the last task in the playbook. - name: workload tasks complete debug: msg: "Workload Tasks completed successfully." - when: not silent|bool + when: not silent | bool diff --git a/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/create_azure_api_token.yml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/create_azure_api_token.yml.j2 new file mode 100644 index 00000000000..c8a230dafc5 --- /dev/null +++ b/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/create_azure_api_token.yml.j2 @@ -0,0 +1,12 @@ +kind: Secret +apiVersion: v1 +metadata: + name: azure-api-token + namespace: openshift-lightspeed + annotations: + ols.openshift.io/watcher: cluster +stringData: + main_client_id: "{{ _child_app_id }}" + main_client_secret: "{{ _child_client_secret }}" + tenant_id: "{{ ocp4_workload_ols_tenant_id }}" +type: Opaque diff --git a/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/create_secret_token.yml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/create_secret_token.yml.j2 new file mode 100644 index 00000000000..d442faf0b26 --- /dev/null +++ b/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/create_secret_token.yml.j2 @@ -0,0 +1,8 @@ +apiVersion: v1 +stringData: + apitoken: "{{ _child_access_token }}" +kind: Secret +metadata: + name: credentials + namespace: openshift-lightspeed +type: Opaque diff --git a/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/install_azure_app_sp_olsconfig.j2 b/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/install_azure_app_sp_olsconfig.j2 new file mode 100644 index 00000000000..9356caabd24 --- /dev/null +++ b/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/install_azure_app_sp_olsconfig.j2 @@ -0,0 +1,27 @@ +--- +apiVersion: ols.openshift.io/v1alpha1 +kind: OLSConfig +metadata: + name: cluster +spec: + llm: + providers: + - credentialsSecretRef: + name: credentials + #Use the name of the deployment with the provider + deploymentName: "{{ ocp4_workload_ols_llm_deploymentname }}" + models: + - name: "{{ ocp4_workload_ols_llm_providers_models_name }}" + name: "{{ ocp4_workload_ols_llm_providers_provide_name }}" + type: "{{ ocp4_workload_ols_llm_providers_provide_type }}" + # Use the URL you recorded after you created the deployment + url: "{{ ocp4_workload_ols_llm_providers_url }}" + + ols: + queryFilters: + - name: ip-address + pattern: '((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.?\b){4}' + replaceWith: + defaultModel: "{{ ocp4_workload_ols_defaultmodel }}" + defaultProvider: "{{ ocp4_workload_ols_defaultprovider }}" + logLevel: "{{ ocp4_workload_ols_loglevel }}" diff --git a/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/install_azure_olsconfig.j2 b/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/install_azure_olsconfig.j2 index 332957b00dd..12263d171a2 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/install_azure_olsconfig.j2 +++ b/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/install_azure_olsconfig.j2 @@ -7,7 +7,7 @@ spec: llm: providers: - credentialsSecretRef: - name: credentials + name: azure-api-token #Use the name of the deployment with the provider deploymentName: "{{ ocp4_workload_ols_llm_deploymentname }}" models: @@ -24,4 +24,3 @@ spec: defaultModel: "{{ ocp4_workload_ols_defaultmodel }}" defaultProvider: "{{ ocp4_workload_ols_defaultprovider }}" logLevel: "{{ ocp4_workload_ols_loglevel }}" - From 1757186cccf01ef0971f1bd008da104e0d7bb34d Mon Sep 17 00:00:00 2001 From: Ritesh Date: Fri, 3 Jan 2025 20:13:37 +0530 Subject: [PATCH 02/17] display name variable update in workload --- .../roles_ocp_workloads/ocp4_workload_ols/tasks/workload.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles_ocp_workloads/ocp4_workload_ols/tasks/workload.yml b/ansible/roles_ocp_workloads/ocp4_workload_ols/tasks/workload.yml index 7de6bd2068d..4187ff0d4ed 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_ols/tasks/workload.yml +++ b/ansible/roles_ocp_workloads/ocp4_workload_ols/tasks/workload.yml @@ -39,7 +39,7 @@ Authorization: "Bearer {{ master_access_token }}" Content-Type: "application/json" body: - displayName: "RHDP-lightspeed-{{ GUID }}-5" + displayName: "{{ ocp4_workload_ols_child_app_display_name }}" passwordCredentials: - displayName: "ChildAppRegistrationSecret" body_format: json From 2f408d51fe8280759d1cc9d4b77019ac6fa46f97 Mon Sep 17 00:00:00 2001 From: Ritesh Date: Fri, 3 Jan 2025 20:19:52 +0530 Subject: [PATCH 03/17] fixed template called in workload for Azure bearer token --- .../roles_ocp_workloads/ocp4_workload_ols/tasks/workload.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles_ocp_workloads/ocp4_workload_ols/tasks/workload.yml b/ansible/roles_ocp_workloads/ocp4_workload_ols/tasks/workload.yml index 4187ff0d4ed..f364e668e07 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_ols/tasks/workload.yml +++ b/ansible/roles_ocp_workloads/ocp4_workload_ols/tasks/workload.yml @@ -155,7 +155,7 @@ ocp4_workload_ols_token | bool and ocp4_workload_ai_platform is defined kubernetes.core.k8s : - definition : "{{ lookup('ansible.builtin.template', 'templates/install_azure_app_sp_ols_config.yml.j2') }}" + definition : "{{ lookup('ansible.builtin.template', 'templates/install_azure_app_sp_olsconfig.yml.j2') }}" wait : true wait_timeout : 300 From de15d53769ce45f79a1414e1f06b02b23507efdb Mon Sep 17 00:00:00 2001 From: Ritesh Date: Fri, 3 Jan 2025 20:27:35 +0530 Subject: [PATCH 04/17] fixed template filename for app_sp --- .../ocp4_workload_ols/tasks/workload.yml | 8 ++++++-- ...olsconfig.j2 => install_azure_app_sp_olsconfig.yml.j2} | 0 ..._azure_olsconfig.j2 => install_azure_olsconfig.yml.j2} | 0 ...penai_olsconfig.j2 => install_openai_olsconfig.yml.j2} | 0 ...m.olsconfig.j2 => install_rhoai_vllm.olsconfig.yml.j2} | 0 ...atson_olsconfig.j2 => install_watson_olsconfig.yml.j2} | 0 6 files changed, 6 insertions(+), 2 deletions(-) rename ansible/roles_ocp_workloads/ocp4_workload_ols/templates/{install_azure_app_sp_olsconfig.j2 => install_azure_app_sp_olsconfig.yml.j2} (100%) rename ansible/roles_ocp_workloads/ocp4_workload_ols/templates/{install_azure_olsconfig.j2 => install_azure_olsconfig.yml.j2} (100%) rename ansible/roles_ocp_workloads/ocp4_workload_ols/templates/{install_openai_olsconfig.j2 => install_openai_olsconfig.yml.j2} (100%) rename ansible/roles_ocp_workloads/ocp4_workload_ols/templates/{install_rhoai_vllm.olsconfig.j2 => install_rhoai_vllm.olsconfig.yml.j2} (100%) rename ansible/roles_ocp_workloads/ocp4_workload_ols/templates/{install_watson_olsconfig.j2 => install_watson_olsconfig.yml.j2} (100%) diff --git a/ansible/roles_ocp_workloads/ocp4_workload_ols/tasks/workload.yml b/ansible/roles_ocp_workloads/ocp4_workload_ols/tasks/workload.yml index f364e668e07..50435ccc05f 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_ols/tasks/workload.yml +++ b/ansible/roles_ocp_workloads/ocp4_workload_ols/tasks/workload.yml @@ -27,7 +27,7 @@ debug: var: master_token_response - - name: Set Master Access Token + - name: Set Main Access Token set_fact: master_access_token: "{{ master_token_response.json.access_token }}" @@ -171,10 +171,14 @@ not ocp4_workload_ols_token | bool and ocp4_workload_ai_platform is defined kubernetes.core.k8s : - definition : "{{ lookup('ansible.builtin.template', 'templates/install_{{ ocp4_workload_ai_platform }}_olsconfig.j2') }}" + definition : "{{ lookup('ansible.builtin.template', 'templates/install_{{ ocp4_workload_ai_platform }}_olsconfig.yml.j2') }}" wait : true wait_timeout : 300 +- name: Create broken pod + kubernetes.core.k8s: + definition: "{{ lookup('ansible.builtin.template', 'templates/deploy_faulty_pod.yml.j2') }}" + # Leave this as the last task in the playbook. - name: workload tasks complete debug: diff --git a/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/install_azure_app_sp_olsconfig.j2 b/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/install_azure_app_sp_olsconfig.yml.j2 similarity index 100% rename from ansible/roles_ocp_workloads/ocp4_workload_ols/templates/install_azure_app_sp_olsconfig.j2 rename to ansible/roles_ocp_workloads/ocp4_workload_ols/templates/install_azure_app_sp_olsconfig.yml.j2 diff --git a/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/install_azure_olsconfig.j2 b/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/install_azure_olsconfig.yml.j2 similarity index 100% rename from ansible/roles_ocp_workloads/ocp4_workload_ols/templates/install_azure_olsconfig.j2 rename to ansible/roles_ocp_workloads/ocp4_workload_ols/templates/install_azure_olsconfig.yml.j2 diff --git a/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/install_openai_olsconfig.j2 b/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/install_openai_olsconfig.yml.j2 similarity index 100% rename from ansible/roles_ocp_workloads/ocp4_workload_ols/templates/install_openai_olsconfig.j2 rename to ansible/roles_ocp_workloads/ocp4_workload_ols/templates/install_openai_olsconfig.yml.j2 diff --git a/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/install_rhoai_vllm.olsconfig.j2 b/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/install_rhoai_vllm.olsconfig.yml.j2 similarity index 100% rename from ansible/roles_ocp_workloads/ocp4_workload_ols/templates/install_rhoai_vllm.olsconfig.j2 rename to ansible/roles_ocp_workloads/ocp4_workload_ols/templates/install_rhoai_vllm.olsconfig.yml.j2 diff --git a/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/install_watson_olsconfig.j2 b/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/install_watson_olsconfig.yml.j2 similarity index 100% rename from ansible/roles_ocp_workloads/ocp4_workload_ols/templates/install_watson_olsconfig.j2 rename to ansible/roles_ocp_workloads/ocp4_workload_ols/templates/install_watson_olsconfig.yml.j2 From 39a9d3ffac9aeb03451b15225b7ef5ff864f0c4c Mon Sep 17 00:00:00 2001 From: Ritesh Date: Fri, 3 Jan 2025 20:29:28 +0530 Subject: [PATCH 05/17] changed question --- .../roles_ocp_workloads/ocp4_workload_ols/tasks/workload.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles_ocp_workloads/ocp4_workload_ols/tasks/workload.yml b/ansible/roles_ocp_workloads/ocp4_workload_ols/tasks/workload.yml index 50435ccc05f..1623d0b56fe 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_ols/tasks/workload.yml +++ b/ansible/roles_ocp_workloads/ocp4_workload_ols/tasks/workload.yml @@ -133,7 +133,7 @@ - role: system content: "You are a helpful assistant." - role: user - content: "What is the largest city in Spain?" + content: "What is the largest city in India?" max_tokens: 100 body_format: json register: ai_service_response From 49b48e86e20c02243f00ea730a968c232fb60c5b Mon Sep 17 00:00:00 2001 From: Ritesh Date: Fri, 3 Jan 2025 20:35:24 +0530 Subject: [PATCH 06/17] updated credentials reference --- .../ocp4_workload_ols/tasks/workload.yml | 10 +++++++++- .../templates/install_azure_app_sp_olsconfig.yml.j2 | 2 +- .../templates/install_azure_olsconfig.yml.j2 | 2 +- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/ansible/roles_ocp_workloads/ocp4_workload_ols/tasks/workload.yml b/ansible/roles_ocp_workloads/ocp4_workload_ols/tasks/workload.yml index 1623d0b56fe..019aa36b2ce 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_ols/tasks/workload.yml +++ b/ansible/roles_ocp_workloads/ocp4_workload_ols/tasks/workload.yml @@ -142,7 +142,8 @@ debug: var: ai_service_response.stdout - # Create secret and OLSConfig setup based on token condition. + # Create bearer token secret, Azure App SP Secret and + # OLSConfig setup based on token condition. - name : Create secret (Bearer Token) when : ocp4_workload_ols_token | bool kubernetes.core.k8s : @@ -150,6 +151,13 @@ wait : true wait_timeout : 300 + - name : Create App Service Principal + when : ocp4_workload_ols_token | bool + kubernetes.core.k8s : + definition : "{{ lookup('ansible.builtin.template', 'templates/create_azure_api_token.yml.j2') }}" + wait : true + wait_timeout : 300 + - name : OLSConfig setup (Bearer Token) when : ocp4_workload_ols_token | bool diff --git a/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/install_azure_app_sp_olsconfig.yml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/install_azure_app_sp_olsconfig.yml.j2 index 9356caabd24..beffa49bd28 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/install_azure_app_sp_olsconfig.yml.j2 +++ b/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/install_azure_app_sp_olsconfig.yml.j2 @@ -7,7 +7,7 @@ spec: llm: providers: - credentialsSecretRef: - name: credentials + name: azure-api-token #Use the name of the deployment with the provider deploymentName: "{{ ocp4_workload_ols_llm_deploymentname }}" models: diff --git a/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/install_azure_olsconfig.yml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/install_azure_olsconfig.yml.j2 index 12263d171a2..6a1c5f686a2 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/install_azure_olsconfig.yml.j2 +++ b/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/install_azure_olsconfig.yml.j2 @@ -7,7 +7,7 @@ spec: llm: providers: - credentialsSecretRef: - name: azure-api-token + name: credentials #Use the name of the deployment with the provider deploymentName: "{{ ocp4_workload_ols_llm_deploymentname }}" models: From 0a50385c0b5ae8fffb4f7370a2d99532122fee6b Mon Sep 17 00:00:00 2001 From: Ritesh Date: Fri, 3 Jan 2025 20:40:54 +0530 Subject: [PATCH 07/17] fixed tenant id variable in templates for app_sp --- .../ocp4_workload_ols/templates/create_azure_api_token.yml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/create_azure_api_token.yml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/create_azure_api_token.yml.j2 index c8a230dafc5..d41f9f9aba2 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/create_azure_api_token.yml.j2 +++ b/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/create_azure_api_token.yml.j2 @@ -8,5 +8,5 @@ metadata: stringData: main_client_id: "{{ _child_app_id }}" main_client_secret: "{{ _child_client_secret }}" - tenant_id: "{{ ocp4_workload_ols_tenant_id }}" + tenant_id: "{{ ocp4_workload_ols_azure_tenant_id }}" type: Opaque From 699b7638cdf09e2b20dda7b47f836888f66e81e7 Mon Sep 17 00:00:00 2001 From: Ritesh Date: Fri, 3 Jan 2025 20:49:20 +0530 Subject: [PATCH 08/17] fixex client id and client secret name in template --- .../ocp4_workload_ols/templates/create_azure_api_token.yml.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/create_azure_api_token.yml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/create_azure_api_token.yml.j2 index d41f9f9aba2..b9fa655652d 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/create_azure_api_token.yml.j2 +++ b/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/create_azure_api_token.yml.j2 @@ -6,7 +6,7 @@ metadata: annotations: ols.openshift.io/watcher: cluster stringData: - main_client_id: "{{ _child_app_id }}" - main_client_secret: "{{ _child_client_secret }}" + client_id: "{{ _child_app_id }}" + client_secret: "{{ _child_client_secret }}" tenant_id: "{{ ocp4_workload_ols_azure_tenant_id }}" type: Opaque From 18780ab3ab16e319f2fdee4a877cb9fca03cb1a5 Mon Sep 17 00:00:00 2001 From: Ritesh Date: Fri, 3 Jan 2025 20:53:03 +0530 Subject: [PATCH 09/17] fixed to Bearer in template --- .../ocp4_workload_ols/templates/create_secret_token.yml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/create_secret_token.yml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/create_secret_token.yml.j2 index d442faf0b26..1ed428ac0fb 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/create_secret_token.yml.j2 +++ b/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/create_secret_token.yml.j2 @@ -1,6 +1,6 @@ apiVersion: v1 stringData: - apitoken: "{{ _child_access_token }}" + Bearer: "{{ _child_access_token }}" kind: Secret metadata: name: credentials From 0e443d5c01bad6155265a25ad4b47ff7bdd7ad61 Mon Sep 17 00:00:00 2001 From: Ritesh Date: Fri, 3 Jan 2025 21:11:23 +0530 Subject: [PATCH 10/17] url update --- .../ocp4_workload_ols/defaults/main.yml | 8 ++++---- .../templates/create_azure_api_token.yml.j2 | 2 +- .../templates/install_azure_app_sp_olsconfig.yml.j2 | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/ansible/roles_ocp_workloads/ocp4_workload_ols/defaults/main.yml b/ansible/roles_ocp_workloads/ocp4_workload_ols/defaults/main.yml index 942e2c87fc4..7ceb66ae4fa 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_ols/defaults/main.yml +++ b/ansible/roles_ocp_workloads/ocp4_workload_ols/defaults/main.yml @@ -94,16 +94,16 @@ ocp4_workload_ols_azure_region: "eastus" # e.g., westus, eastus ocp4_workload_ols_child_app_display_name: "RHDP-lightspeed-guid" # LLM provider variables (for Azure) -ocp4_workload_ols_llm_providers_models_name: gpt-4o +ocp4_workload_ols_llm_providers_models_name: gpt-4 ocp4_workload_ols_llm_providers_provide_name: Azure ocp4_workload_ols_llm_providers_provide_type: azure_openai -ocp4_workload_ols_llm_providers_url: 'https://ols-test.openai.azure.com/' -ocp4_workload_ols_llm_deploymentname: 4o-jun24 #this variable is required only for Azure +ocp4_workload_ols_llm_providers_url: 'https://llm-gpt4-lightspeed.openai.azure.com/openai/deployments/gpt-4/chat/completions?api-version=2024-02-15-preview' +ocp4_workload_ols_llm_deploymentname: gpt-4 #this variable is required only for Azure # Only for Watson Ai Service ocp4_workload_ols_watson_projectid: projectid #Change this with Watson Project ID, only when using Watson Model. # OLS Default Mode vars -ocp4_workload_ols_defaultmodel: gpt-4o +ocp4_workload_ols_defaultmodel: gpt-4 ocp4_workload_ols_defaultprovider: Azure ocp4_workload_ols_loglevel: DEBUG diff --git a/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/create_azure_api_token.yml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/create_azure_api_token.yml.j2 index b9fa655652d..65243eb1aec 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/create_azure_api_token.yml.j2 +++ b/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/create_azure_api_token.yml.j2 @@ -1,7 +1,7 @@ kind: Secret apiVersion: v1 metadata: - name: azure-api-token + name: azure-api-keys namespace: openshift-lightspeed annotations: ols.openshift.io/watcher: cluster diff --git a/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/install_azure_app_sp_olsconfig.yml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/install_azure_app_sp_olsconfig.yml.j2 index beffa49bd28..845c9faaf19 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/install_azure_app_sp_olsconfig.yml.j2 +++ b/ansible/roles_ocp_workloads/ocp4_workload_ols/templates/install_azure_app_sp_olsconfig.yml.j2 @@ -7,7 +7,7 @@ spec: llm: providers: - credentialsSecretRef: - name: azure-api-token + name: azure-api-keys #Use the name of the deployment with the provider deploymentName: "{{ ocp4_workload_ols_llm_deploymentname }}" models: @@ -16,7 +16,7 @@ spec: type: "{{ ocp4_workload_ols_llm_providers_provide_type }}" # Use the URL you recorded after you created the deployment url: "{{ ocp4_workload_ols_llm_providers_url }}" - + ols: queryFilters: - name: ip-address From 89fc9aede1e85f19716483f0f21e67570bdbb725 Mon Sep 17 00:00:00 2001 From: Ritesh Date: Fri, 3 Jan 2025 21:43:06 +0530 Subject: [PATCH 11/17] updated channel to alpha due to bug in preview for azure token based authentication --- ansible/roles_ocp_workloads/ocp4_workload_ols/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles_ocp_workloads/ocp4_workload_ols/defaults/main.yml b/ansible/roles_ocp_workloads/ocp4_workload_ols/defaults/main.yml index 7ceb66ae4fa..fa2782725f0 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_ols/defaults/main.yml +++ b/ansible/roles_ocp_workloads/ocp4_workload_ols/defaults/main.yml @@ -37,7 +37,7 @@ ocp4_workload_ols_print_access_information: false # When not set (or set to "") use the default channel for the # OpenShift version this operator is installed on. If there is # no matching version use the `defaultChannel` -ocp4_workload_ols_channel: preview +ocp4_workload_ols_channel: alpha # Set automatic InstallPlan approval. If set to false it is # also suggested to set the starting_csv to pin a specific From 7445a9a90607f6a662ff092cb2cb179215beaf0d Mon Sep 17 00:00:00 2001 From: Ritesh Date: Mon, 6 Jan 2025 17:56:51 +0530 Subject: [PATCH 12/17] updated display name --- ansible/roles_ocp_workloads/ocp4_workload_ols/defaults/main.yml | 2 +- .../roles_ocp_workloads/ocp4_workload_ols/tasks/workload.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/roles_ocp_workloads/ocp4_workload_ols/defaults/main.yml b/ansible/roles_ocp_workloads/ocp4_workload_ols/defaults/main.yml index fa2782725f0..ee7ceb81b6b 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_ols/defaults/main.yml +++ b/ansible/roles_ocp_workloads/ocp4_workload_ols/defaults/main.yml @@ -91,7 +91,7 @@ ocp4_workload_ols_main_client_secret: "changeme" ocp4_workload_ols_azure_tenant_id: "changeme" ocp4_workload_ols_azure_group_id: "changeme" ocp4_workload_ols_azure_region: "eastus" # e.g., westus, eastus -ocp4_workload_ols_child_app_display_name: "RHDP-lightspeed-guid" +ocp4_workload_ols_child_app_display_name: "RHDP-lightspeed-" # LLM provider variables (for Azure) ocp4_workload_ols_llm_providers_models_name: gpt-4 diff --git a/ansible/roles_ocp_workloads/ocp4_workload_ols/tasks/workload.yml b/ansible/roles_ocp_workloads/ocp4_workload_ols/tasks/workload.yml index 019aa36b2ce..dd0bc051a29 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_ols/tasks/workload.yml +++ b/ansible/roles_ocp_workloads/ocp4_workload_ols/tasks/workload.yml @@ -39,7 +39,7 @@ Authorization: "Bearer {{ master_access_token }}" Content-Type: "application/json" body: - displayName: "{{ ocp4_workload_ols_child_app_display_name }}" + displayName: "{{ ocp4_workload_ols_child_app_display_name }}-{{ guid }}" passwordCredentials: - displayName: "ChildAppRegistrationSecret" body_format: json From b7cdc37fc28bdc71280a647770f3ea767a33ba33 Mon Sep 17 00:00:00 2001 From: Ritesh Date: Mon, 6 Jan 2025 18:04:29 +0530 Subject: [PATCH 13/17] updated display name --- ansible/roles_ocp_workloads/ocp4_workload_ols/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles_ocp_workloads/ocp4_workload_ols/defaults/main.yml b/ansible/roles_ocp_workloads/ocp4_workload_ols/defaults/main.yml index ee7ceb81b6b..d34f18654ad 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_ols/defaults/main.yml +++ b/ansible/roles_ocp_workloads/ocp4_workload_ols/defaults/main.yml @@ -91,7 +91,7 @@ ocp4_workload_ols_main_client_secret: "changeme" ocp4_workload_ols_azure_tenant_id: "changeme" ocp4_workload_ols_azure_group_id: "changeme" ocp4_workload_ols_azure_region: "eastus" # e.g., westus, eastus -ocp4_workload_ols_child_app_display_name: "RHDP-lightspeed-" +ocp4_workload_ols_child_app_display_name: "RHDP-lightspeed" # LLM provider variables (for Azure) ocp4_workload_ols_llm_providers_models_name: gpt-4 From 0768b831b7d72138d8ddde61715086c94ed3e46f Mon Sep 17 00:00:00 2001 From: Ritesh Date: Mon, 6 Jan 2025 20:37:25 +0530 Subject: [PATCH 14/17] fixed lenght issue for url --- ansible/roles_ocp_workloads/ocp4_workload_ols/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles_ocp_workloads/ocp4_workload_ols/defaults/main.yml b/ansible/roles_ocp_workloads/ocp4_workload_ols/defaults/main.yml index d34f18654ad..59835a7be7b 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_ols/defaults/main.yml +++ b/ansible/roles_ocp_workloads/ocp4_workload_ols/defaults/main.yml @@ -97,7 +97,7 @@ ocp4_workload_ols_child_app_display_name: "RHDP-lightspeed" ocp4_workload_ols_llm_providers_models_name: gpt-4 ocp4_workload_ols_llm_providers_provide_name: Azure ocp4_workload_ols_llm_providers_provide_type: azure_openai -ocp4_workload_ols_llm_providers_url: 'https://llm-gpt4-lightspeed.openai.azure.com/openai/deployments/gpt-4/chat/completions?api-version=2024-02-15-preview' +ocp4_workload_ols_llm_providers_url: 'https://llm-gpt4-lightspeed.openai.azure.com/' ocp4_workload_ols_llm_deploymentname: gpt-4 #this variable is required only for Azure # Only for Watson Ai Service From 81d147893f834ae569d4b20b50e1f6ed18907df6 Mon Sep 17 00:00:00 2001 From: Ritesh Date: Mon, 6 Jan 2025 20:54:16 +0530 Subject: [PATCH 15/17] fixed spaces and indentation --- .../ocp4_workload_ols/tasks/workload.yml | 84 +++++++++---------- 1 file changed, 42 insertions(+), 42 deletions(-) diff --git a/ansible/roles_ocp_workloads/ocp4_workload_ols/tasks/workload.yml b/ansible/roles_ocp_workloads/ocp4_workload_ols/tasks/workload.yml index dd0bc051a29..1d5ab520015 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_ols/tasks/workload.yml +++ b/ansible/roles_ocp_workloads/ocp4_workload_ols/tasks/workload.yml @@ -66,7 +66,7 @@ Content-Type: "application/json" body: appId: "{{ _child_app_id | string }}" - body_format: json + body_format: json return_content: yes status_code: 201 # Expect 201 Created register: service_principal_response @@ -121,7 +121,7 @@ pause: seconds: 30 - - name: Ask AI Service Using Child App + - name: Ask AI Service Using Child App uri: url: "https://llm-gpt4-lightspeed.openai.azure.com/openai/deployments/gpt-4/chat/completions?api-version=2023-06-01-preview" method: POST @@ -135,53 +135,53 @@ - role: user content: "What is the largest city in India?" max_tokens: 100 - body_format: json + body_format: json register: ai_service_response - name: Display AI Service Response debug: var: ai_service_response.stdout - # Create bearer token secret, Azure App SP Secret and + # Create bearer token secret, Azure App SP Secret and # OLSConfig setup based on token condition. - - name : Create secret (Bearer Token) - when : ocp4_workload_ols_token | bool - kubernetes.core.k8s : - definition : "{{ lookup('ansible.builtin.template', 'templates/create_secret_token.yml.j2') }}" - wait : true - wait_timeout : 300 - - - name : Create App Service Principal - when : ocp4_workload_ols_token | bool - kubernetes.core.k8s : - definition : "{{ lookup('ansible.builtin.template', 'templates/create_azure_api_token.yml.j2') }}" - wait : true - wait_timeout : 300 - - - name : OLSConfig setup (Bearer Token) - when : - ocp4_workload_ols_token | bool - and ocp4_workload_ai_platform is defined - kubernetes.core.k8s : - definition : "{{ lookup('ansible.builtin.template', 'templates/install_azure_app_sp_olsconfig.yml.j2') }}" - wait : true - wait_timeout : 300 - - - name : Create secret (API Key) - when : not ocp4_workload_ols_token | bool - kubernetes.core.k8s : - definition : "{{ lookup('ansible.builtin.template', 'templates/create_secret.yml.j2') }}" - wait : true - wait_timeout : 300 - - - name : OLSConfig setup (API Key) - when : - not ocp4_workload_ols_token | bool - and ocp4_workload_ai_platform is defined - kubernetes.core.k8s : - definition : "{{ lookup('ansible.builtin.template', 'templates/install_{{ ocp4_workload_ai_platform }}_olsconfig.yml.j2') }}" - wait : true - wait_timeout : 300 + - name: Create secret (Bearer Token) + when: ocp4_workload_ols_token | bool + kubernetes.core.k8s: + definition: "{{ lookup('ansible.builtin.template', 'templates/create_secret_token.yml.j2') }}" + wait: true + wait_timeout: 300 + + - name: Create App Service Principal + when: ocp4_workload_ols_token | bool + kubernetes.core.k8s: + definition : "{{ lookup('ansible.builtin.template', 'templates/create_azure_api_token.yml.j2') }}" + wait: true + wait_timeout: 300 + + - name: OLSConfig setup (Bearer Token) + when: + ocp4_workload_ols_token | bool + and ocp4_workload_ai_platform is defined + kubernetes.core.k8s: + definition: "{{ lookup('ansible.builtin.template', 'templates/install_azure_app_sp_olsconfig.yml.j2') }}" + wait: true + wait_timeout: 300 + + - name: Create secret (API Key) + when: not ocp4_workload_ols_token | bool + kubernetes.core.k8s: + definition: "{{ lookup('ansible.builtin.template', 'templates/create_secret.yml.j2') }}" + wait: true + wait_timeout: 300 + + - name: OLSConfig setup (API Key) + when: + not ocp4_workload_ols_token | bool + and ocp4_workload_ai_platform is defined + kubernetes.core.k8s: + definition: "{{ lookup('ansible.builtin.template', 'templates/install_{{ ocp4_workload_ai_platform }}_olsconfig.yml.j2') }}" + wait: true + wait_timeout: 300 - name: Create broken pod kubernetes.core.k8s: From 5445ca1e0df4e7d4b4d06df4ff54dd172cbb9e46 Mon Sep 17 00:00:00 2001 From: Ritesh Date: Mon, 6 Jan 2025 20:56:44 +0530 Subject: [PATCH 16/17] yaml lenght --- .../roles_ocp_workloads/ocp4_workload_ols/tasks/workload.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ansible/roles_ocp_workloads/ocp4_workload_ols/tasks/workload.yml b/ansible/roles_ocp_workloads/ocp4_workload_ols/tasks/workload.yml index 1d5ab520015..fba90188aa2 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_ols/tasks/workload.yml +++ b/ansible/roles_ocp_workloads/ocp4_workload_ols/tasks/workload.yml @@ -18,7 +18,9 @@ method: POST headers: Content-Type: "application/x-www-form-urlencoded" + # yamllint disable rule:line-length body: "grant_type=client_credentials&client_id={{ ocp4_workload_ols_main_client_id }}&client_secret={{ ocp4_workload_ols_main_client_secret }}&scope=https://graph.microsoft.com/.default" + # yamllint enable rule:line-length return_content: yes status_code: 200 register: master_token_response From 6711123effaef9e93c77e1e8ab29dc8fc20697b0 Mon Sep 17 00:00:00 2001 From: Ritesh Date: Mon, 6 Jan 2025 21:00:16 +0530 Subject: [PATCH 17/17] fixed spaces and indentation --- .../ocp4_workload_ols/tasks/workload.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/ansible/roles_ocp_workloads/ocp4_workload_ols/tasks/workload.yml b/ansible/roles_ocp_workloads/ocp4_workload_ols/tasks/workload.yml index fba90188aa2..cdf6dc46be3 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_ols/tasks/workload.yml +++ b/ansible/roles_ocp_workloads/ocp4_workload_ols/tasks/workload.yml @@ -18,10 +18,10 @@ method: POST headers: Content-Type: "application/x-www-form-urlencoded" - # yamllint disable rule:line-length + # yamllint disable rule:line-length body: "grant_type=client_credentials&client_id={{ ocp4_workload_ols_main_client_id }}&client_secret={{ ocp4_workload_ols_main_client_secret }}&scope=https://graph.microsoft.com/.default" # yamllint enable rule:line-length - return_content: yes + return_content: true status_code: 200 register: master_token_response @@ -45,7 +45,7 @@ passwordCredentials: - displayName: "ChildAppRegistrationSecret" body_format: json - return_content: yes + return_content: true status_code: 201 # Expect 201 Created register: child_app_response @@ -69,7 +69,7 @@ body: appId: "{{ _child_app_id | string }}" body_format: json - return_content: yes + return_content: true status_code: 201 # Expect 201 Created register: service_principal_response @@ -92,7 +92,7 @@ body: "@odata.id": "https://graph.microsoft.com/v1.0/directoryObjects/{{ _child_service_principal_object_id }}" body_format: json - return_content: yes + return_content: true status_code: [201, 204] # Expect 201 Created or 204 No Content # Introduce a 30-second delay before the next tasks @@ -150,20 +150,20 @@ when: ocp4_workload_ols_token | bool kubernetes.core.k8s: definition: "{{ lookup('ansible.builtin.template', 'templates/create_secret_token.yml.j2') }}" - wait: true - wait_timeout: 300 + wait: true + wait_timeout: 300 - name: Create App Service Principal when: ocp4_workload_ols_token | bool kubernetes.core.k8s: - definition : "{{ lookup('ansible.builtin.template', 'templates/create_azure_api_token.yml.j2') }}" + definition: "{{ lookup('ansible.builtin.template', 'templates/create_azure_api_token.yml.j2') }}" wait: true wait_timeout: 300 - name: OLSConfig setup (Bearer Token) when: ocp4_workload_ols_token | bool - and ocp4_workload_ai_platform is defined + and ocp4_workload_ai_platform is defined kubernetes.core.k8s: definition: "{{ lookup('ansible.builtin.template', 'templates/install_azure_app_sp_olsconfig.yml.j2') }}" wait: true