From e57e76587a4bc580ee69ad703291e76140aa26dd Mon Sep 17 00:00:00 2001
From: bbethell-1 <bbethell@redhat.com>
Date: Wed, 6 Mar 2024 08:58:39 +0000
Subject: [PATCH 1/9] new devspace role

---
 .../README.md                                 |  38 +++++
 .../defaults/main.yml                         |  62 +++++++
 .../tasks/create_devspace_user_namespaces.yml |   9 +
 .../tasks/fetch_and_apply_template.yml        |  13 ++
 .../tasks/main.yml                            |  30 ++++
 .../tasks/post_workload.yml                   |  27 +++
 .../tasks/pre_workload.yml                    |  27 +++
 .../tasks/remove_workload.yml                 |  68 ++++++++
 .../tasks/setup_backstage.yml                 | 120 +++++++++++++
 .../tasks/setup_backstage_repo.yml            |  48 ++++++
 .../tasks/setup_rhsso.yml                     |  80 +++++++++
 .../tasks/setup_templates.yml                 |  67 ++++++++
 .../tasks/workload.yml                        | 158 ++++++++++++++++++
 .../application-backstage-gitops.yml.j2       |  40 +++++
 .../templates/application-devspaces.yml.j2    |  42 +++++
 .../application-rhsso-backstage.yml.j2        |  57 +++++++
 .../cluster-role-binding-admin.yml.j2         |  13 ++
 ...uster-role-binding-default-sa-admin.yml.j2 |  12 ++
 .../crb-default-sa-cluster-admin.yml.j2       |  12 ++
 .../templates/gitlab-runner-techdocs.yml.j2   |   8 +
 .../keycloak-admin-user-openshift.yml.j2      |  23 +++
 .../keycloak-client-openshift.yml.j2          |  30 ++++
 .../keycloak-dev-user-openshift.yml.j2        |  23 +++
 .../templates/keycloak-realm-openshift.yml.j2 |  19 +++
 .../templates/oauth-keycloak-openshift.yml.j2 |  24 +++
 .../templates/object-bucket-claim.yml.j2      |   8 +
 .../script-get-registration-token.yml.j2      |  21 +++
 .../secret-openid-client-openshift.yml.j2     |   8 +
 28 files changed, 1087 insertions(+)
 create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/README.md
 create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/defaults/main.yml
 create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/create_devspace_user_namespaces.yml
 create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/fetch_and_apply_template.yml
 create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/main.yml
 create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/post_workload.yml
 create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/pre_workload.yml
 create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/remove_workload.yml
 create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/setup_backstage.yml
 create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/setup_backstage_repo.yml
 create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/setup_rhsso.yml
 create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/setup_templates.yml
 create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/workload.yml
 create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/application-backstage-gitops.yml.j2
 create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/application-devspaces.yml.j2
 create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/application-rhsso-backstage.yml.j2
 create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/cluster-role-binding-admin.yml.j2
 create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/cluster-role-binding-default-sa-admin.yml.j2
 create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/crb-default-sa-cluster-admin.yml.j2
 create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/gitlab-runner-techdocs.yml.j2
 create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/keycloak-admin-user-openshift.yml.j2
 create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/keycloak-client-openshift.yml.j2
 create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/keycloak-dev-user-openshift.yml.j2
 create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/keycloak-realm-openshift.yml.j2
 create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/oauth-keycloak-openshift.yml.j2
 create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/object-bucket-claim.yml.j2
 create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/script-get-registration-token.yml.j2
 create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/secret-openid-client-openshift.yml.j2

diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/README.md b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/README.md
new file mode 100644
index 00000000000..225dd44b9fc
--- /dev/null
+++ b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/README.md
@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/defaults/main.yml b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/defaults/main.yml
new file mode 100644
index 00000000000..83374db6ea4
--- /dev/null
+++ b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/defaults/main.yml
@@ -0,0 +1,62 @@
+---
+ocp4_username: system:admin
+become_override: false
+silent: false
+
+ocp4_workload_redhat_developer_hub_gitlab_namespace: gitlab
+ocp4_workload_redhat_developer_hub_backstage_namespace: backstage
+ocp4_workload_redhat_developer_hub_backstage_helm_repo: https://janus-idp.github.io/helm-backstage
+ocp4_workload_redhat_developer_hub_backstage_helm_chart: backstage
+ocp4_workload_redhat_developer_hub_backstage_helm_chart_version: 2.10.3
+
+ocp4_workload_redhat_developer_hub_backstage_gitlab_group: janus-idp
+
+ocp4_workload_redhat_developer_hub_postgresql_password: postgres
+
+ocp4_workload_redhat_developer_hub_gitlab_root_user: root
+ocp4_workload_redhat_developer_hub_gitlab_root_password: openshift
+
+ocp4_workload_redhat_developer_hub_janus_bootstrap_repo: https://github.com/treddy08/janus-idp-bootstrap.git
+ocp4_workload_redhat_developer_hub_janus_bootstrap_repo_target_revision: main
+
+ocp4_workload_redhat_developer_hub_admin_user: admin
+ocp4_workload_redhat_developer_hub_admin_password: "{{ common_password }}"
+
+ocp4_workload_redhat_developer_hub_users_count: "{{ num_users | default(1) }}"
+ocp4_workload_redhat_developer_hub_users_password: "{{ common_password }}"
+
+ocp4_workload_redhat_developer_hub_vault_namespace: vault
+
+# ocp4_workload_redhat_developer_hub_gitlab_template_locations:
+#   - group: janus-idp
+#     project: software-templates
+#     branch: main
+#     file: showcase-templates.yaml
+#     rules:
+#       allow: Template
+#     templates:
+#       - scaffolder-templates/quarkus-web-template/template.yaml
+#   - group: janus-idp
+#     project: software-templates
+#     branch: main
+#     file: org.yaml
+#     rules:
+#       allow: Group, User
+#   - group: summit-lab
+#     project: backstage-workshop
+#     branch: master
+#     file: showcase-templates.yaml
+#     rules:
+#       allow: Template
+#     templates:
+#       - scaffolder-templates/poi-map/template.yaml
+#       - scaffolder-templates/poi-gateway/template.yaml
+#       - scaffolder-templates/poi-backend/template.yaml
+
+ocp4_workload_redhat_developer_hub_backstage_image_registry: quay.io
+ocp4_workload_redhat_developer_hub_backstage_image_repository: rhdh/rhdh-hub-rhel9
+ocp4_workload_redhat_developer_hub_backstage_image_tag: "1.0"
+
+redhat_gpte_devhub_pull_secret: ""
+
+ocp4_workload_redhat_developer_hub_username_base: user
\ No newline at end of file
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/create_devspace_user_namespaces.yml b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/create_devspace_user_namespaces.yml
new file mode 100644
index 00000000000..9424ed7f258
--- /dev/null
+++ b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/create_devspace_user_namespaces.yml
@@ -0,0 +1,9 @@
+---
+- name: Create devspace resources
+  kubernetes.core.k8s:
+    state: present
+    definition: "{{ lookup('template', item ) | from_yaml }}"
+  loop:
+    - namespace-devspaces-user.yml.j2
+    - secret-devspaces-gitcreds.yml.j2
+    - config-devspaces-gitconfig.yml.j2
\ No newline at end of file
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/fetch_and_apply_template.yml b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/fetch_and_apply_template.yml
new file mode 100644
index 00000000000..382583425d0
--- /dev/null
+++ b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/fetch_and_apply_template.yml
@@ -0,0 +1,13 @@
+---
+- name: Fetch {{ folder }}/{{ template_file }} template from remote host
+  run_once: true
+  fetch:
+    src: "{{ folder }}/{{ template_file }}"
+    dest: /tmp/{{ template_file }}
+    flat: yes
+    fail_on_missing: yes
+
+- name: Apply template {{ folder }}/{{ template_file }}
+  ansible.builtin.template:
+    src: /tmp/{{ template_file }}
+    dest: "{{ folder }}/{{ template_file }}"
\ No newline at end of file
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/main.yml b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/main.yml
new file mode 100644
index 00000000000..03a4801b4c7
--- /dev/null
+++ b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/main.yml
@@ -0,0 +1,30 @@
+---
+# Do not modify this file
+
+- name: Running Pre Workload Tasks
+  include_tasks:
+    file: ./pre_workload.yml
+    apply:
+      become: "{{ become_override | bool }}"
+  when: ACTION == "create" or ACTION == "provision"
+
+- name: Running Workload Tasks
+  include_tasks:
+    file: ./workload.yml
+    apply:
+      become: "{{ become_override | bool }}"
+  when: ACTION == "create" or ACTION == "provision"
+
+- name: Running Post Workload Tasks
+  include_tasks:
+    file: ./post_workload.yml
+    apply:
+      become: "{{ become_override | bool }}"
+  when: ACTION == "create" or ACTION == "provision"
+
+- name: Running Workload removal Tasks
+  include_tasks:
+    file: ./remove_workload.yml
+    apply:
+      become: "{{ become_override | bool }}"
+  when: ACTION == "destroy" or ACTION == "remove"
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/post_workload.yml b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/post_workload.yml
new file mode 100644
index 00000000000..2a37f6418a1
--- /dev/null
+++ b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/post_workload.yml
@@ -0,0 +1,27 @@
+---
+# Implement your Post Workload deployment tasks here
+# --------------------------------------------------
+
+
+# Leave these as the last tasks in the playbook
+# ---------------------------------------------
+
+# For deployment onto a dedicated cluster (as part of the
+# cluster deployment) set workload_shared_deployment to False
+# This is the default so it does not have to be set explicitely
+- name: post_workload tasks complete
+  debug:
+    msg: "Post-Workload tasks completed successfully."
+  when:
+    - not silent|bool
+    - not workload_shared_deployment|default(False)
+
+# For RHPDS deployment (onto a shared cluster) set
+# workload_shared_deployment to True
+# (in the deploy script or AgnosticV configuration)
+- name: post_workload tasks complete
+  debug:
+    msg: "Post-Software checks completed successfully"
+  when:
+    - not silent|bool
+    - workload_shared_deployment|default(False)
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/pre_workload.yml b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/pre_workload.yml
new file mode 100644
index 00000000000..dddec0fa0b4
--- /dev/null
+++ b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/pre_workload.yml
@@ -0,0 +1,27 @@
+---
+# Implement your Pre Workload deployment tasks here
+# -------------------------------------------------
+
+
+# Leave these as the last tasks in the playbook
+# ---------------------------------------------
+
+# For deployment onto a dedicated cluster (as part of the
+# cluster deployment) set workload_shared_deployment to False
+# This is the default so it does not have to be set explicitely
+- name: pre_workload tasks complete
+  debug:
+    msg: "Pre-Workload tasks completed successfully."
+  when:
+    - not silent|bool
+    - not workload_shared_deployment|default(False)
+
+# For RHPDS deployment (onto a shared cluster) set
+# workload_shared_deployment to True
+# (in the deploy script or AgnosticV configuration)
+- name: pre_workload tasks complete
+  debug:
+    msg: "Pre-Software checks completed successfully"
+  when:
+    - not silent|bool
+    - workload_shared_deployment|default(False)
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/remove_workload.yml b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/remove_workload.yml
new file mode 100644
index 00000000000..88225c6b7a5
--- /dev/null
+++ b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/remove_workload.yml
@@ -0,0 +1,68 @@
+---
+# Implement your workload removal tasks here
+# ------------------------------------------
+
+- name: Update default storage class
+  when: ocp4_workload_gitops_amqstreams_update_default_storage_class | bool
+  block:
+  - name: Remove annotation from current default storage class
+    command:
+      cmd: >-
+        oc annotate sc {{ ocp4_workload_gitops_amqstreams_new_default_storage_class_name }}
+        storageclass.kubernetes.io/is-default-class-
+    ignore_errors: true
+
+  - name: Set previous default storage class
+    command:
+      cmd: >-
+        oc annotate sc {{ ocp4_workload_gitops_amqstreams_old_default_storage_class_name }}
+        storageclass.kubernetes.io/is-default-class="true"
+    ignore_errors: true
+
+- name: Remove Ceph toolbox
+  when: ocp4_workload_gitops_amqstreams_install_toolbox | bool
+  kubernetes.core.k8s:
+    state: absent
+    definition: "{{ lookup('template', 'toolbox.yaml.j2') }}"
+
+- name: Remove Storage System
+  kubernetes.core.k8s:
+    state: absent
+    definition: "{{ lookup('template', 'storagesystem.yaml.j2') }}"
+
+- name: Wait until Storage System has been deleted
+  kubernetes.core.k8s_info:
+    api_version: odf.openshift.io/v1alpha1
+    kind: StorageSystem
+    name: ocs-storagecluster-storagesystem
+    namespace: "{{ ocp4_workload_gitops_amqstreams_namespace }}"
+  register: r_storage_system
+  until: r_storage_system.resources | length == 0
+  retries: 100
+  delay: 10
+
+- name: Remove Operator
+  include_role:
+    name: install_operator
+  vars:
+    install_operator_action: remove
+    install_operator_name: "{{ ocp4_workload_gitops_amqstreams_operator_name }}"
+    install_operator_namespace: "{{ ocp4_workload_gitops_amqstreams_namespace }}"
+    install_operator_catalog: redhat-operators
+    install_operator_csv_nameprefix: "{{ ocp4_workload_gitops_amqstreams_operator_csv_prefix }}"
+    install_operator_channel: "{{ ocp4_workload_gitops_amqstreams_channel }}"
+    install_operator_automatic_install_plan_approval: "{{ ocp4_workload_gitops_amqstreams_automatic_install_plan_approval | default(true) }}"
+    install_operator_manage_namespaces:
+    - "{{ ocp4_workload_gitops_amqstreams_namespace }}"
+    install_operator_catalogsource_setup: "{{ ocp4_workload_gitops_amqstreams_catalogsource_setup | default(false)}}"
+    install_operator_catalogsource_name: "{{ ocp4_workload_gitops_amqstreams_catalogsource_name | default('') }}"
+    install_operator_catalogsource_image: "{{ ocp4_workload_gitops_amqstreams_catalogsource_image | default('') }}"
+    install_operator_catalogsource_image_tag: "{{ ocp4_workload_gitops_amqstreams_catalogsource_image_tag | default('') }}"
+
+# Leave this as the last task in the playbook.
+# --------------------------------------------
+
+- name: remove_workload tasks complete
+  debug:
+    msg: "Remove Workload tasks completed successfully."
+  when: not silent|bool
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/setup_backstage.yml b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/setup_backstage.yml
new file mode 100644
index 00000000000..479e233afce
--- /dev/null
+++ b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/setup_backstage.yml
@@ -0,0 +1,120 @@
+---
+- name: Retrieve ArgoCD credentials
+  kubernetes.core.k8s_info:
+    api_version: v1
+    kind: Secret
+    name: argocd-cluster
+    namespace: janus-argocd
+  register: r_argo_creds
+  until:
+  - r_argo_creds is defined
+  - r_argo_creds.resources is defined
+  - r_argo_creds.resources | length > 0
+
+- name: Decode argo credentials
+  set_fact:
+    ocp4_workload_redhat_developer_hub_argocd_password: "{{ r_argo_creds.resources[0].data['admin.password'] | b64decode }}"
+
+- name: Retrieve openshift gitops route
+  kubernetes.core.k8s_info:
+    api_version: route.openshift.io/v1
+    kind: Route
+    name: argocd-server
+    namespace: janus-argocd
+  register: r_argocd_route
+  until:
+  - r_argocd_route is defined
+  - r_argocd_route.resources is defined
+  - r_argocd_route.resources | length > 0
+
+- name: Retrieve openshift gitops hostname
+  set_fact:
+    ocp4_workload_redhat_developer_hub_argocd_host: "{{ r_argocd_route.resources[0].spec.host }}"
+
+- name: Create backstage pre-requisite resources
+  kubernetes.core.k8s:
+    state: present
+    definition: "{{ lookup('template', item ) | from_yaml }}"
+  loop:
+  - cluster-role-binding-default-sa-admin.yml.j2
+  - object-bucket-claim.yml.j2
+
+- name: Get default token
+  shell: oc get secret $(oc get secret -n default | grep default-token | awk '{print $1}') -n default -o json | jq -r '.data.token'
+  register: r_default_token
+
+- name: Get Openshift REST API
+  shell: oc config view -o jsonpath='{.clusters[0].cluster.server}'
+  register: r_ocp_api
+
+- name: Decode default token
+  set_fact:
+    ocp4_workload_redhat_developer_hub_ocp_default_sa_token: "{{ r_default_token.stdout | b64decode }}"
+    ocp4_workload_redhat_developer_hub_ocp_api: "{{ r_ocp_api.stdout }}"
+
+- name: Retrieve quay admin token
+  kubernetes.core.k8s_info:
+    api_version: v1
+    kind: Secret
+    name: quay-admin-token
+    namespace: quay-enterprise
+  register: r_quay_token
+  retries: 120
+  delay: 10
+  until:
+  - r_quay_token is defined
+  - r_quay_token.resources is defined
+  - r_quay_token.resources | length > 0
+  - r_quay_token.resources[0] is defined
+
+- name: Decode quay admin token
+  set_fact:
+    ocp4_workload_redhat_developer_hub_quay_admin_token: "{{ r_quay_token.resources[0].data.token | b64decode }}"
+
+- name: Retrieve s3 bucket details
+  kubernetes.core.k8s_info:
+    api_version: objectbucket.io/v1alpha1
+    kind: ObjectBucketClaim
+    name: backstage-bucket-claim
+    namespace: backstage
+  register: r_bucket_claim
+  until:
+  - r_bucket_claim is defined
+  - r_bucket_claim.resources is defined
+  - r_bucket_claim.resources | length > 0
+
+- name: Retrieve bucket secret
+  kubernetes.core.k8s_info:
+    api_version: v1
+    kind: Secret
+    name: backstage-bucket-claim
+    namespace: "{{ ocp4_workload_redhat_developer_hub_backstage_namespace }}"
+  register: r_bucket_secret
+  retries: 120
+  delay: 10
+  until:
+  - r_bucket_secret is defined
+  - r_bucket_secret.resources is defined
+  - r_bucket_secret.resources | length > 0
+
+- name: Extract S3 Details
+  set_fact:
+    ocp4_workload_redhat_developer_hub_s3_bucket_name: "{{ r_bucket_claim.resources[0].spec.bucketName }}"
+    ocp4_workload_redhat_developer_hub_s3_bucket_region: "{{ aws_region }}"
+    ocp4_workload_redhat_developer_hub_s3_bucket_endpoint: "https://s3-openshift-storage.{{ ocp4_workload_redhat_developer_hub_apps_domain }}"
+    ocp4_workload_redhat_developer_hub_s3_bucket_aws_access_key_id: "{{ r_bucket_secret.resources[0].data.AWS_ACCESS_KEY_ID | b64decode}}"
+    ocp4_workload_redhat_developer_hub_s3_bucket_aws_secret_access_key: "{{ r_bucket_secret.resources[0].data.AWS_SECRET_ACCESS_KEY | b64decode}}"
+
+- name: Setup Backstage Repo
+  include_tasks:
+    file: ./setup_backstage_repo.yml
+
+- name: Create Backstage Gitops application
+  kubernetes.core.k8s:
+    state: present
+    definition: "{{ lookup('template', 'application-backstage-gitops.yml.j2' ) | from_yaml }}"
+
+- name: Create vault secret for common password
+  shell: |
+    oc exec vault-0 -n {{ ocp4_workload_redhat_developer_hub_vault_namespace
+    }} -- vault kv put kv/secrets/janusidp/common_password password={{ common_password }}
\ No newline at end of file
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/setup_backstage_repo.yml b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/setup_backstage_repo.yml
new file mode 100644
index 00000000000..14a583fbfe0
--- /dev/null
+++ b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/setup_backstage_repo.yml
@@ -0,0 +1,48 @@
+---
+- name: Build git repo url
+  set_fact:
+    ocp4_workload_redhat_developer_hub_backstage_helm_repo:
+      https://{{ ocp4_workload_redhat_developer_hub_gitlab_root_user }}:{{
+      ocp4_workload_redhat_developer_hub_gitlab_root_password }}@{{
+      ocp4_workload_redhat_developer_hub_gitlab_host }}/gitops/janus-idp-gitops
+
+- name: Remove older repo folders
+  shell: rm -rf ~/janus-idp-gitops
+
+- name: Clone janus-idp-gitops
+  ansible.builtin.git:
+    accept_hostkey: true
+    force: true
+    repo: "{{ ocp4_workload_redhat_developer_hub_backstage_helm_repo }}"
+    dest: "~/janus-idp-gitops"
+    version: "main"
+  environment:
+    GIT_SSL_NO_VERIFY: "true"
+
+- name: Apply template values to location template
+  include_tasks: fetch_and_apply_template.yml
+  vars:
+    folder: /home/ec2-user/janus-idp-gitops/charts/backstage
+    template_file: backstage-values.yaml
+
+- name: Add new files to the repository
+  command:
+    chdir: >-
+      /home/ec2-user/janus-idp-gitops
+    cmd: "git add ."
+  ignore_errors: true
+
+- name: Commit changes to the repository
+  command:
+    chdir: >-
+      /home/ec2-user/janus-idp-gitops
+    cmd: >-
+      git commit -a -m 'Updates for starting scenario.'
+  ignore_errors: true
+
+- name: Push all changes back to the project repository
+  command:
+    chdir: >-
+      /home/ec2-user/janus-idp-gitops
+    cmd: >-
+      git push {{ ocp4_workload_redhat_developer_hub_backstage_helm_repo }}
\ No newline at end of file
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/setup_rhsso.yml b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/setup_rhsso.yml
new file mode 100644
index 00000000000..3838ffc33b3
--- /dev/null
+++ b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/setup_rhsso.yml
@@ -0,0 +1,80 @@
+---
+- name: Create RHSSO application
+  kubernetes.core.k8s:
+    state: present
+    definition: "{{ lookup('template', 'application-rhsso-backstage.yml.j2' ) | from_yaml }}"
+
+- name: Retrieve backstage realm client credentials
+  kubernetes.core.k8s_info:
+    api_version: v1
+    kind: Secret
+    name: keycloak-client-secret-backstage
+    namespace: "{{ ocp4_workload_redhat_developer_hub_backstage_namespace }}"
+  register: r_realm_credentials
+  retries: 120
+  delay: 10
+  until:
+  - r_realm_credentials is defined
+  - r_realm_credentials.resources is defined
+  - r_realm_credentials.resources | length > 0
+  - r_realm_credentials.resources[0].data is defined
+  - r_realm_credentials.resources[0].data.CLIENT_ID is defined
+  - r_realm_credentials.resources[0].data.CLIENT_ID | length > 0
+  - r_realm_credentials.resources[0].data.CLIENT_SECRET is defined
+  - r_realm_credentials.resources[0].data.CLIENT_SECRET | length > 0
+
+- name: Decode realm credentials
+  set_fact:
+    ocp4_workload_redhat_developer_hub_backstage_client_id: "{{ r_realm_credentials.resources[0].data.CLIENT_ID | b64decode }}"
+    ocp4_workload_redhat_developer_hub_backstage_client_secret: "{{ r_realm_credentials.resources[0].data.CLIENT_SECRET | b64decode }}"
+
+- name: Create Openshift SSO via Keycloak
+  block:
+  - name: Create keycloak auth resources
+    kubernetes.core.k8s:
+      state: present
+      definition: "{{ lookup('template', item ) | from_yaml }}"
+      namespace: "{{ ocp4_workload_redhat_developer_hub_backstage_namespace }}"
+    loop:
+    - keycloak-realm-openshift.yml.j2
+    - keycloak-client-openshift.yml.j2
+    - keycloak-admin-user-openshift.yml.j2
+
+  - name: Create KeyCloak Users
+    kubernetes.core.k8s:
+      state: present
+      definition: "{{ lookup('template', 'keycloak-dev-user-openshift.yml.j2' ) | from_yaml }}"
+      namespace: "{{ ocp4_workload_redhat_developer_hub_backstage_namespace }}"
+    loop: "{{ range(0, ocp4_workload_redhat_developer_hub_users_count | int, 1) | list }}"
+
+  - name: Retrieve openshift realm client credentials
+    kubernetes.core.k8s_info:
+      api_version: v1
+      kind: Secret
+      name: keycloak-client-secret-openshift
+      namespace: "{{ ocp4_workload_redhat_developer_hub_backstage_namespace }}"
+    register: r_realm_credentials
+    retries: 120
+    delay: 10
+    until:
+    - r_realm_credentials is defined
+    - r_realm_credentials.resources is defined
+    - r_realm_credentials.resources | length > 0
+    - r_realm_credentials.resources[0].data is defined
+    - r_realm_credentials.resources[0].data.CLIENT_ID is defined
+    - r_realm_credentials.resources[0].data.CLIENT_ID | length > 0
+    - r_realm_credentials.resources[0].data.CLIENT_SECRET is defined
+    - r_realm_credentials.resources[0].data.CLIENT_SECRET | length > 0
+
+  - name: Decode openshift realm client secret
+    set_fact:
+      ocp4_workload_redhat_developer_hub_openshift_client_secret: "{{ r_realm_credentials.resources[0].data.CLIENT_SECRET | b64decode }}"
+
+  - name: Create openshift auth resources
+    kubernetes.core.k8s:
+      state: present
+      definition: "{{ lookup('template', item ) | from_yaml }}"
+    loop:
+    - secret-openid-client-openshift.yml.j2
+    - oauth-keycloak-openshift.yml.j2
+    - cluster-role-binding-admin.yml.j2
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/setup_templates.yml b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/setup_templates.yml
new file mode 100644
index 00000000000..bbae6da72cd
--- /dev/null
+++ b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/setup_templates.yml
@@ -0,0 +1,67 @@
+---
+- name: Build git repo url
+  set_fact:
+    ocp4_workload_redhat_developer_hub_template_repo_url:
+      https://{{ ocp4_workload_redhat_developer_hub_gitlab_root_user }}:{{
+      ocp4_workload_redhat_developer_hub_gitlab_root_password }}@{{
+      ocp4_workload_redhat_developer_hub_gitlab_host }}/{{
+      location.group }}/{{ location.project }}
+
+- name: Remove older repo folders
+  shell: rm -rf ~/{{ location.project }}
+
+- name: Clone {{ location.project }}
+  ansible.builtin.git:
+    accept_hostkey: true
+    force: true
+    repo: "{{ ocp4_workload_redhat_developer_hub_template_repo_url }}"
+    dest: "~/{{ location.project }}"
+    version: "{{ location.branch }}"
+  environment:
+    GIT_SSL_NO_VERIFY: "true"
+
+- name: Apply template values to location template
+  include_tasks: fetch_and_apply_template.yml
+  loop:
+  - "{{ location.file }}"
+  loop_control:
+    loop_var: template_file
+  vars:
+    folder: /home/ec2-user/{{ location.project }}
+    gitlab_host: "{{ ocp4_workload_redhat_developer_hub_gitlab_host }}"
+    gitlab_group: "{{ location.group }}"
+    gitlab_user_count: "{{ ocp4_workload_redhat_developer_hub_users_count }}"
+
+- name: Apply template values to scaffolding templates
+  include_tasks: fetch_and_apply_template.yml
+  loop: "{{  location.templates }}"
+  loop_control:
+    loop_var: template_file
+  vars:
+    folder: /home/ec2-user/{{ location.project }}
+    gitlab_host: "{{ ocp4_workload_redhat_developer_hub_gitlab_host }}"
+    gitlab_destination_group: development
+    cluster_subdomain: ".{{ ocp4_workload_redhat_developer_hub_apps_domain}}"
+    quay_host: "{{ ocp4_workload_redhat_developer_hub_quay_host }}"
+
+- name: Add new files to the repository
+  command:
+    chdir: >-
+      /home/ec2-user/{{ location.project }}
+    cmd: "git add ."
+  ignore_errors: true
+
+- name: Commit changes to the repository
+  command:
+    chdir: >-
+      /home/ec2-user/{{ location.project }}
+    cmd: >-
+      git commit -a -m 'Updates for starting scenario.'
+  ignore_errors: true
+
+- name: Push all changes back to the project repository
+  command:
+    chdir: >-
+      /home/ec2-user/{{ location.project }}
+    cmd: >-
+      git push {{ ocp4_workload_redhat_developer_hub_template_repo_url }}
\ No newline at end of file
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/workload.yml b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/workload.yml
new file mode 100644
index 00000000000..39bda32d51b
--- /dev/null
+++ b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/workload.yml
@@ -0,0 +1,158 @@
+---
+- name: Setting up workload
+  debug:
+    msg: "Setting up GitLab"
+
+- name: Retrieve Ingress config
+  k8s_info:
+    api_version: config.openshift.io/v1
+    kind: Ingress
+    name: cluster
+  register: r_ingress_config
+
+- name: Get OpenShift Apps Domain
+  set_fact:
+    ocp4_workload_redhat_developer_hub_apps_domain: "{{ r_ingress_config.resources[0].spec.domain }}"
+    ocp4_workload_redhat_developer_hub_gitlab_host: "gitlab-{{
+      ocp4_workload_redhat_developer_hub_gitlab_namespace }}.{{
+      r_ingress_config.resources[0].spec.domain }}"
+    ocp4_workload_redhat_developer_hub_keycloak_host: "keycloak-{{
+      ocp4_workload_redhat_developer_hub_backstage_namespace }}.{{
+      r_ingress_config.resources[0].spec.domain }}"
+    ocp4_workload_redhat_developer_hub_backstage_host: "backstage-{{
+      ocp4_workload_redhat_developer_hub_backstage_namespace }}.{{
+      r_ingress_config.resources[0].spec.domain }}"
+    ocp4_workload_redhat_developer_hub_devspaces_host: "devspaces.{{
+     r_ingress_config.resources[0].spec.domain }}"
+    ocp4_workload_redhat_developer_hub_openshift_redirect_host: "oauth-openshift.{{
+     r_ingress_config.resources[0].spec.domain }}"
+    ocp4_workload_redhat_developer_hub_openshift_console_host: console-openshift-console.{{
+     r_ingress_config.resources[0].spec.domain }}
+    ocp4_workload_redhat_developer_hub_quay_host: quay-{{ guid }}.{{
+     r_ingress_config.resources[0].spec.domain }}
+
+- name: Setup Gitlab dependencies
+  include_tasks:
+    file: ./setup_gitlab.yml
+
+- name: Setup RHSSO dependencies
+  include_tasks:
+    file: ./setup_rhsso.yml
+
+- name: Setup Gitlab repo dependencies
+  include_tasks:
+    file: ./setup_templates.yml
+  loop: "{{ ocp4_workload_redhat_developer_hub_gitlab_template_locations }}"
+  loop_control:
+    loop_var: location
+
+- name: Setup Backstage dependencies
+  include_tasks:
+    file: ./setup_backstage.yml
+
+- name: Setup Gitlab dependencies
+  include_tasks:
+    file: ./setup_gitlab_runner.yml
+
+- name: Setup Devspaces dependencies
+  include_tasks:
+    file: ./setup_devspaces.yml
+
+- name: Build user output
+  block:
+  - set_fact:
+      user_list: "{{ ocp4_workload_redhat_developer_hub_username_base}}1"
+  - when: ocp4_workload_redhat_developer_hub_users_count | int > 1
+    set_fact:
+      user_list: "{{ user_list }}\n{{ ocp4_workload_redhat_developer_hub_username_base }}{{ item + 1 }}"
+    loop: "{{ range(1, ocp4_workload_redhat_developer_hub_users_count | int, 1) | list }}"
+
+- name: Save user information
+  block:
+  - name: Save user information for user access
+    agnosticd_user_info:
+      user: "{{ ocp4_workload_redhat_developer_hub_username_base }}{{ n +1 }}"
+      data:
+        user: "{{ ocp4_workload_redhat_developer_hub_username_base }}{{ n +1 }}"
+        password: "{{ ocp4_workload_redhat_developer_hub_users_password }}"
+    loop: "{{ range(0, ocp4_workload_redhat_developer_hub_users_count | int) | list }}"
+    loop_control:
+      loop_var: n
+
+- name: Save user data
+  agnosticd_user_info:
+    data:
+      openshift_console_url: https://{{ ocp4_workload_redhat_developer_hub_openshift_console_host }}
+      openshift_admin_user: "{{ ocp4_workload_redhat_developer_hub_admin_user }}"
+      openshift_admin_password: "{{ ocp4_workload_redhat_developer_hub_admin_password }}"
+      rhdh_url: https://{{ ocp4_workload_redhat_developer_hub_backstage_host }}
+      rhdh_id_provider: GitLab
+      rhdh_user: "{{ user_list }}"
+      rhdh_user_password: "{{ ocp4_workload_redhat_developer_hub_users_password }}"
+      argocd_url: https://{{ ocp4_workload_redhat_developer_hub_argocd_host }}
+      argocd_user: admin
+      argocd_user_password: "{{ common_password }}"
+      gitlab_url: https://{{ ocp4_workload_redhat_developer_hub_gitlab_host }}
+      gitlab_user: "{{ user_list }}"
+      gitlab_user_password: "{{ ocp4_workload_redhat_developer_hub_users_password }}"
+      devspaces_url: https://{{ ocp4_workload_redhat_developer_hub_devspaces_host }}
+      devspaces_user: "{{ user_list }}"
+      devspaces_user_password: "{{ ocp4_workload_redhat_developer_hub_users_password }}"
+
+- name: Print Admin credentials
+  agnosticd_user_info:
+    msg: "{{ item }}"
+  loop:
+  - ""
+  - "Your Openshift login credentials:"
+  - "Openshift console: https://{{ ocp4_workload_redhat_developer_hub_openshift_console_host }}"
+  - "Openshift admin user: {{ ocp4_workload_redhat_developer_hub_admin_user }}"
+  - "Openshift admin password: {{ ocp4_workload_redhat_developer_hub_admin_password }}"
+
+- name: Print RH Developer Hub credentials
+  agnosticd_user_info:
+    msg: "{{ item }}"
+  loop:
+  - ""
+  - "Your Backstage login credentials:"
+  - "RH Developer Hub: https://{{ ocp4_workload_redhat_developer_hub_backstage_host }}"
+  - "RH Developer Hub identity provider: GitLab"
+  - "RH Developer Hub user: {{ user_list }}"
+  - "RH Developer Hub password: {{ ocp4_workload_redhat_developer_hub_users_password }}"
+
+#- name: Print Janus ArgoCD credentials
+#  agnosticd_user_info:
+#    msg: "{{ item }}"
+#  loop:
+#  - ""
+#  - "Your Janus ArgoCD login credentials:"
+#  - "ArgoCD: https://{{ ocp4_workload_redhat_developer_hub_argocd_host }}"
+#  - "ArgoCD user: admin"
+#  - "ArgoCD password: {{ common_password }}"
+
+#- name: Print GitLab credentials
+#  agnosticd_user_info:
+#    msg: "{{ item }}"
+#  loop:
+#  - ""
+#  - "Your GitLab login credentials:"
+#  - "GitLab: https://{{ ocp4_workload_redhat_developer_hub_gitlab_host }}"
+#  - "GitLab user: {{ user_list }}"
+#  - "GitLab password: {{ ocp4_workload_redhat_developer_hub_users_password }}"
+
+#- name: Print Devspaces credentials
+#  agnosticd_user_info:
+#    msg: "{{ item }}"
+#  loop:
+#  - ""
+#  - "Your Devspaces login credentials:"
+#  - "Devspaces: https://{{ ocp4_workload_redhat_developer_hub_devspaces_host }}"
+#  - "Devspaces user: {{ user_list }}"
+#  - "Devspaces password: {{ ocp4_workload_redhat_developer_hub_users_password }}"
+
+# Leave this as the last task in the playbook.
+# --------------------------------------------
+- name: workload tasks complete
+  debug:
+    msg: "Workload Tasks completed successfully."
+  when: not silent|bool
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/application-backstage-gitops.yml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/application-backstage-gitops.yml.j2
new file mode 100644
index 00000000000..928bc8aca3d
--- /dev/null
+++ b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/application-backstage-gitops.yml.j2
@@ -0,0 +1,40 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: backstage-gitops
+  namespace: openshift-gitops
+spec:
+  project: default
+  source:
+    helm:
+      parameters:
+      - name: backstage.image.pullSecret
+        value: {{ redhat_gpte_devhub_pull_secret | b64encode }}
+      - name: backstage.app.repoURL
+        value: {{ ocp4_workload_redhat_developer_hub_backstage_helm_chart_repo }}
+      - name: backstage.app.chart
+        value: {{ ocp4_workload_redhat_developer_hub_backstage_helm_chart }}
+      - name: backstage.app.valueFile
+        value: {{ ocp4_workload_redhat_developer_hub_backstage_helm_repo }}/-/raw/main/charts/backstage/backstage-values.yaml
+      - name: backstage.app.targetRevision
+        value: {{ ocp4_workload_redhat_developer_hub_backstage_helm_chart_version }}
+    repoURL: {{ ocp4_workload_redhat_developer_hub_backstage_helm_repo }}.git
+    targetRevision: main
+    path: charts/backstage
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: {{ ocp4_workload_redhat_developer_hub_backstage_namespace }}
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+    - CreateNamespace=true
+    - RespectIgnoreDifferences=true
+    - ApplyOutOfSyncOnly=true
+    retry:
+      backoff:
+        duration: 10s # the amount to back off. Default unit is seconds, but could also be a duration (e.g. "2m", "1h")
+        factor: 2 # a factor to multiply the base duration after each failed retry
+        maxDuration: 10m # the maximum amount of time allowed for the backoff strategy
+      limit: 15
\ No newline at end of file
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/application-devspaces.yml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/application-devspaces.yml.j2
new file mode 100644
index 00000000000..c87010794a7
--- /dev/null
+++ b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/application-devspaces.yml.j2
@@ -0,0 +1,42 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: devspaces
+  namespace: openshift-gitops
+spec:
+  project: default
+  source:
+    helm:
+      parameters:
+        - name: oauth.clientId
+          value: {{ ocp4_workload_redhat_developer_hub_devspaces_client_id }}
+        - name: oauth.clientSecret
+          value: {{ ocp4_workload_redhat_developer_hub_devspaces_client_secret }}
+        - name: oauth.provider
+          value: https://{{ ocp4_workload_redhat_developer_hub_gitlab_host }}
+    repoURL: {{ ocp4_workload_redhat_developer_hub_janus_bootstrap_repo }}
+    targetRevision: {{ ocp4_workload_redhat_developer_hub_janus_bootstrap_repo_target_revision }}
+    path: charts/devspaces
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: openshift-devspaces
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+    - CreateNamespace=true
+    - RespectIgnoreDifferences=true
+    - ApplyOutOfSyncOnly=true
+    retry:
+      backoff:
+        duration: 10s # the amount to back off. Default unit is seconds, but could also be a duration (e.g. "2m", "1h")
+        factor: 2 # a factor to multiply the base duration after each failed retry
+        maxDuration: 10m # the maximum amount of time allowed for the backoff strategy
+      limit: 15
+  ignoreDifferences:
+  - group: org.eclipse.che
+    kind: CheCluster
+    name: devspaces
+    jsonPointers:
+    - /spec
\ No newline at end of file
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/application-rhsso-backstage.yml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/application-rhsso-backstage.yml.j2
new file mode 100644
index 00000000000..8189933168a
--- /dev/null
+++ b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/application-rhsso-backstage.yml.j2
@@ -0,0 +1,57 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: rhsso-backstage
+  namespace: openshift-gitops
+spec:
+  destination:
+    namespace: {{ ocp4_workload_redhat_developer_hub_backstage_namespace }}
+    server: https://kubernetes.default.svc
+  project: default
+  source:
+    helm:
+      parameters:
+        - name: client.redirectUri[0]
+          value: https://{{ ocp4_workload_redhat_developer_hub_backstage_host }}/oauth2/callback
+        - name: realm.identityProviders[0].alias
+          value: GitLab
+        - name: realm.identityProviders[0].providerId
+          value: oidc
+        - name: realm.identityProviders[0].clientId
+          value: {{ ocp4_workload_redhat_developer_hub_keycloak_client_id }}
+        - name: realm.identityProviders[0].clientSecret
+          value: {{ ocp4_workload_redhat_developer_hub_keycloak_client_secret }}
+        - name: realm.identityProviders[0].tokenUrl
+          value: https://{{ ocp4_workload_redhat_developer_hub_gitlab_host }}/oauth/token
+        - name: realm.identityProviders[0].authorizationUrl
+          value: https://{{ ocp4_workload_redhat_developer_hub_gitlab_host }}/oauth/authorize
+        - name: realm.identityProviders[0].clientAuthMethod
+          value: client_secret_basic
+        - name: realm.identityProviders[0].syncMode
+          value: IMPORT
+        - name: subscription.channel
+          value: stable
+        - name: subscription.installPlanApproval
+          value: Automatic
+        - name: subscription.name
+          value: rhsso-operator
+        - name: subscription.source
+          value: redhat-operators
+        - name: subscription.sourceNamespace
+          value: openshift-marketplace
+        - name: subscription.startingCSV
+          value: rhsso-operator.7.6.4-opr-002
+    path: charts/rhsso
+    repoURL: https://{{ ocp4_workload_redhat_developer_hub_gitlab_host }}/gitops/janus-idp-gitops.git
+    targetRevision: HEAD
+  syncPolicy:
+    automated: {}
+    retry:
+      limit: -1
+      backoff:
+        duration: 5s
+        factor: 2
+        maxDuration: 1m0s
+    syncOptions:
+      - CreateNamespace=true
+      - RespectIgnoreDifferences=true
\ No newline at end of file
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/cluster-role-binding-admin.yml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/cluster-role-binding-admin.yml.j2
new file mode 100644
index 00000000000..a5f5b1f0b68
--- /dev/null
+++ b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/cluster-role-binding-admin.yml.j2
@@ -0,0 +1,13 @@
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: "cluster-admin-{{ ocp4_workload_redhat_developer_hub_admin_user }}"
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: User
+  name: "{{ ocp4_workload_redhat_developer_hub_admin_user }}"
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/cluster-role-binding-default-sa-admin.yml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/cluster-role-binding-default-sa-admin.yml.j2
new file mode 100644
index 00000000000..cbaae8a007d
--- /dev/null
+++ b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/cluster-role-binding-default-sa-admin.yml.j2
@@ -0,0 +1,12 @@
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: cluster-admin-default-default
+subjects:
+  - kind: ServiceAccount
+    namespace: default
+    name: default
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/crb-default-sa-cluster-admin.yml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/crb-default-sa-cluster-admin.yml.j2
new file mode 100644
index 00000000000..87402c80817
--- /dev/null
+++ b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/crb-default-sa-cluster-admin.yml.j2
@@ -0,0 +1,12 @@
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: cluster-admin-default-default
+subjects:
+  - kind: serviceAccount
+    namespace: default
+    name: default
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/gitlab-runner-techdocs.yml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/gitlab-runner-techdocs.yml.j2
new file mode 100644
index 00000000000..4ba161c0f86
--- /dev/null
+++ b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/gitlab-runner-techdocs.yml.j2
@@ -0,0 +1,8 @@
+apiVersion: apps.gitlab.com/v1beta2
+kind: Runner
+metadata:
+  name: techdocs-runner
+  namespace: {{ ocp4_workload_redhat_developer_hub_gitlab_namespace }}
+spec:
+  gitlabUrl: 'https://{{ ocp4_workload_redhat_developer_hub_gitlab_host }}'
+  token: gitlab-dev-runner-secret
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/keycloak-admin-user-openshift.yml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/keycloak-admin-user-openshift.yml.j2
new file mode 100644
index 00000000000..e9665ce6c2f
--- /dev/null
+++ b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/keycloak-admin-user-openshift.yml.j2
@@ -0,0 +1,23 @@
+apiVersion: keycloak.org/v1alpha1
+kind: KeycloakUser
+metadata:
+  name: {{ ocp4_workload_redhat_developer_hub_admin_user }}
+  labels:
+    app: rhsso-openshift
+    app.kubernetes.io/instance: rhsso-openshift
+    app.kubernetes.io/name: rhsso-openshift
+spec:
+  realmSelector:
+    matchLabels:
+      app: rhsso-openshift
+      app.kubernetes.io/instance: rhsso-openshift
+      app.kubernetes.io/name: rhsso-openshift
+  user:
+    credentials:
+      - temporary: false
+        type: password
+        value: {{ ocp4_workload_redhat_developer_hub_admin_password }}
+    username: {{ ocp4_workload_redhat_developer_hub_admin_user }}
+    email: {{ ocp4_workload_redhat_developer_hub_admin_user }}@opentlc.com
+    enabled: true
+    emailVerified: true
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/keycloak-client-openshift.yml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/keycloak-client-openshift.yml.j2
new file mode 100644
index 00000000000..ee41ce6bc23
--- /dev/null
+++ b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/keycloak-client-openshift.yml.j2
@@ -0,0 +1,30 @@
+apiVersion: keycloak.org/v1alpha1
+kind: KeycloakClient
+metadata:
+  labels:
+    app: rhsso-openshift
+    app.kubernetes.io/instance: rhsso-openshift
+    app.kubernetes.io/name: rhsso-openshift
+  name: openshift
+spec:
+  client:
+    clientAuthenticatorType: client-secret
+    redirectUris:
+      - https://{{ ocp4_workload_redhat_developer_hub_openshift_redirect_host }}/oauth2callback/rhsso
+    serviceAccountsEnabled: true
+    clientId: idp-4-ocp
+    defaultClientScopes:
+      - profile
+      - email
+      - roles
+      - acr
+      - web-origins
+    implicitFlowEnabled: false
+    publicClient: false
+    standardFlowEnabled: true
+    directAccessGrantsEnabled: true
+  realmSelector:
+    matchLabels:
+      app: rhsso-openshift
+      app.kubernetes.io/instance: rhsso-openshift
+      app.kubernetes.io/name: rhsso-openshift
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/keycloak-dev-user-openshift.yml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/keycloak-dev-user-openshift.yml.j2
new file mode 100644
index 00000000000..41d8d9eaf74
--- /dev/null
+++ b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/keycloak-dev-user-openshift.yml.j2
@@ -0,0 +1,23 @@
+apiVersion: keycloak.org/v1alpha1
+kind: KeycloakUser
+metadata:
+  name: user{{ item + 1 }}
+  labels:
+    app: rhsso-openshift
+    app.kubernetes.io/instance: rhsso-openshift
+    app.kubernetes.io/name: rhsso-openshift
+spec:
+  realmSelector:
+    matchLabels:
+      app: rhsso-openshift
+      app.kubernetes.io/instance: rhsso-openshift
+      app.kubernetes.io/name: rhsso-openshift
+  user:
+    credentials:
+      - temporary: false
+        type: password
+        value: {{ ocp4_workload_redhat_developer_hub_admin_password }}
+    username: user{{ item + 1 }}
+    email: user{{ item + 1 }}@opentlc.com
+    enabled: true
+    emailVerified: true
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/keycloak-realm-openshift.yml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/keycloak-realm-openshift.yml.j2
new file mode 100644
index 00000000000..e46e53036dd
--- /dev/null
+++ b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/keycloak-realm-openshift.yml.j2
@@ -0,0 +1,19 @@
+apiVersion: keycloak.org/v1alpha1
+kind: KeycloakRealm
+metadata:
+  name: openshift
+  labels:
+    app: rhsso-openshift
+    app.kubernetes.io/instance: rhsso-openshift
+    app.kubernetes.io/name: rhsso-openshift
+spec:
+  instanceSelector:
+    matchLabels:
+      app: rhsso-backstage
+      app.kubernetes.io/instance: rhsso-backstage
+      app.kubernetes.io/name: rhsso-backstage
+  realm:
+    displayName: Openshift Authentication Realm
+    enabled: true
+    id: openshift
+    realm: openshift
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/oauth-keycloak-openshift.yml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/oauth-keycloak-openshift.yml.j2
new file mode 100644
index 00000000000..ad16c24c19a
--- /dev/null
+++ b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/oauth-keycloak-openshift.yml.j2
@@ -0,0 +1,24 @@
+---
+apiVersion: config.openshift.io/v1
+kind: OAuth
+metadata:
+  name: cluster
+spec:
+  identityProviders:
+    - mappingMethod: claim
+      name: rhsso
+      openID:
+        claims:
+          email:
+            - email
+          name:
+            - name
+          preferredUsername:
+            - preferred_username
+        clientID: idp-4-ocp
+        clientSecret:
+          name: openid-client-secret-bb6zw
+        extraScopes: []
+        issuer: >-
+          https://{{ ocp4_workload_redhat_developer_hub_keycloak_host }}/auth/realms/openshift
+      type: OpenID
\ No newline at end of file
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/object-bucket-claim.yml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/object-bucket-claim.yml.j2
new file mode 100644
index 00000000000..fcdd6ddeb67
--- /dev/null
+++ b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/object-bucket-claim.yml.j2
@@ -0,0 +1,8 @@
+apiVersion: objectbucket.io/v1alpha1
+kind: ObjectBucketClaim
+metadata:
+  name: backstage-bucket-claim
+  namespace: {{ ocp4_workload_redhat_developer_hub_backstage_namespace }}
+spec:
+  generateBucketName: backstage-bucket-
+  storageClassName: openshift-storage.noobaa.io
\ No newline at end of file
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/script-get-registration-token.yml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/script-get-registration-token.yml.j2
new file mode 100644
index 00000000000..7eea587d7cb
--- /dev/null
+++ b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/script-get-registration-token.yml.j2
@@ -0,0 +1,21 @@
+set -x
+
+gitlab_host="https://{{ ocp4_workload_redhat_developer_hub_gitlab_host }}"
+gitlab_user="{{ ocp4_workload_redhat_developer_hub_gitlab_root_user }}"
+gitlab_password="{{ ocp4_workload_redhat_developer_hub_gitlab_root_password }}"
+
+body_header=$(curl -c /tmp/cookies.txt -i "${gitlab_host}/users/sign_in" -s --insecure)
+
+csrf_token=$(echo $body_header | perl -ne 'print "$1\n" if /new_user.*?authenticity_token"[[:blank:]]value="(.+?)"/' | sed -n 1p)
+
+curl -L -b /tmp/cookies.txt -c /tmp/cookies.txt -i "${gitlab_host}/users/sign_in" \
+  --data-raw "user%5Blogin%5D=${gitlab_user}&user%5Bpassword%5D=${gitlab_password}" \
+  --data-urlencode "authenticity_token=${csrf_token}" \
+  --compressed \
+  --insecure 2>&1 > /dev/null
+
+body_header=$(curl -sS -k -H 'user-agent: curl' -b /tmp/cookies.txt "${gitlab_host}/admin/runners" -o /tmp/gitlab-header.txt)
+
+reg_token=$(cat /tmp/gitlab-header.txt | grep data-registration-token | sed -e 's/^.*data-registration-token="//' -e 's/".*//')
+
+oc create secret generic gitlab-dev-runner-secret --from-literal=runner-registration-token=$reg_token -n gitlab
\ No newline at end of file
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/secret-openid-client-openshift.yml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/secret-openid-client-openshift.yml.j2
new file mode 100644
index 00000000000..16484bb3d9d
--- /dev/null
+++ b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/secret-openid-client-openshift.yml.j2
@@ -0,0 +1,8 @@
+kind: Secret
+apiVersion: v1
+metadata:
+  name: openid-client-secret-bb6zw
+  namespace: openshift-config
+stringData:
+  clientSecret: {{ ocp4_workload_redhat_developer_hub_openshift_client_secret }}
+type: Opaque

From 11ee68f5a144c2b6c865d80a0450a00c61647db4 Mon Sep 17 00:00:00 2001
From: bbethell-1 <bbethell@redhat.com>
Date: Wed, 6 Mar 2024 13:14:05 +0000
Subject: [PATCH 2/9] fix role

---
 .../defaults/main.yml                         | 50 +++++++++----------
 1 file changed, 25 insertions(+), 25 deletions(-)

diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/defaults/main.yml b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/defaults/main.yml
index 83374db6ea4..e12e447b655 100644
--- a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/defaults/main.yml
+++ b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/defaults/main.yml
@@ -27,31 +27,31 @@ ocp4_workload_redhat_developer_hub_users_password: "{{ common_password }}"
 
 ocp4_workload_redhat_developer_hub_vault_namespace: vault
 
-# ocp4_workload_redhat_developer_hub_gitlab_template_locations:
-#   - group: janus-idp
-#     project: software-templates
-#     branch: main
-#     file: showcase-templates.yaml
-#     rules:
-#       allow: Template
-#     templates:
-#       - scaffolder-templates/quarkus-web-template/template.yaml
-#   - group: janus-idp
-#     project: software-templates
-#     branch: main
-#     file: org.yaml
-#     rules:
-#       allow: Group, User
-#   - group: summit-lab
-#     project: backstage-workshop
-#     branch: master
-#     file: showcase-templates.yaml
-#     rules:
-#       allow: Template
-#     templates:
-#       - scaffolder-templates/poi-map/template.yaml
-#       - scaffolder-templates/poi-gateway/template.yaml
-#       - scaffolder-templates/poi-backend/template.yaml
+ ocp4_workload_redhat_developer_hub_gitlab_template_locations:
+  - group: janus-idp
+    project: software-templates
+    branch: main
+    file: showcase-templates.yaml
+    rules:
+      allow: Template
+    templates:
+      - scaffolder-templates/quarkus-web-template/template.yaml
+  - group: janus-idp
+    project: software-templates
+    branch: main
+    file: org.yaml
+    rules:
+      allow: Group, User
+  - group: summit-lab
+    project: backstage-workshop
+    branch: master
+    file: showcase-templates.yaml
+    rules:
+      allow: Template
+    templates:
+      - scaffolder-templates/poi-map/template.yaml
+      - scaffolder-templates/poi-gateway/template.yaml
+      - scaffolder-templates/poi-backend/template.yaml
 
 ocp4_workload_redhat_developer_hub_backstage_image_registry: quay.io
 ocp4_workload_redhat_developer_hub_backstage_image_repository: rhdh/rhdh-hub-rhel9

From ee6e58deb7a30c5e48df0fb61e54241a8b0db1fd Mon Sep 17 00:00:00 2001
From: bbethell-1 <bbethell@redhat.com>
Date: Wed, 6 Mar 2024 13:17:58 +0000
Subject: [PATCH 3/9] fix role

---
 .../README.md                                 |  0
 .../defaults/main.yml                         |  2 +-
 .../tasks/create_devspace_user_namespaces.yml |  0
 .../tasks/fetch_and_apply_template.yml        |  0
 .../tasks/main.yml                            |  0
 .../tasks/post_workload.yml                   |  6 --
 .../tasks/pre_workload.yml                    |  6 --
 .../tasks/remove_workload.yml                 | 22 -------
 .../tasks/setup_backstage.yml                 |  0
 .../tasks/setup_backstage_repo.yml            |  0
 .../tasks/setup_rhsso.yml                     |  0
 .../tasks/setup_templates.yml                 |  0
 .../tasks/workload.yml                        | 58 +++++++++----------
 .../application-backstage-gitops.yml.j2       |  0
 .../templates/application-devspaces.yml.j2    |  0
 .../application-rhsso-backstage.yml.j2        |  0
 .../cluster-role-binding-admin.yml.j2         |  0
 ...uster-role-binding-default-sa-admin.yml.j2 |  0
 .../crb-default-sa-cluster-admin.yml.j2       |  0
 .../templates/gitlab-runner-techdocs.yml.j2   |  0
 .../keycloak-admin-user-openshift.yml.j2      |  0
 .../keycloak-client-openshift.yml.j2          |  0
 .../keycloak-dev-user-openshift.yml.j2        |  0
 .../templates/keycloak-realm-openshift.yml.j2 |  0
 .../templates/oauth-keycloak-openshift.yml.j2 |  0
 .../templates/object-bucket-claim.yml.j2      |  0
 .../script-get-registration-token.yml.j2      |  0
 .../secret-openid-client-openshift.yml.j2     |  0
 28 files changed, 30 insertions(+), 64 deletions(-)
 rename ansible/roles_ocp_workloads/{ocp4_workload_redhat_developer_hub_only => ocp4_workload_redhat_developer_hub_operator}/README.md (100%)
 rename ansible/roles_ocp_workloads/{ocp4_workload_redhat_developer_hub_only => ocp4_workload_redhat_developer_hub_operator}/defaults/main.yml (97%)
 rename ansible/roles_ocp_workloads/{ocp4_workload_redhat_developer_hub_only => ocp4_workload_redhat_developer_hub_operator}/tasks/create_devspace_user_namespaces.yml (100%)
 rename ansible/roles_ocp_workloads/{ocp4_workload_redhat_developer_hub_only => ocp4_workload_redhat_developer_hub_operator}/tasks/fetch_and_apply_template.yml (100%)
 rename ansible/roles_ocp_workloads/{ocp4_workload_redhat_developer_hub_only => ocp4_workload_redhat_developer_hub_operator}/tasks/main.yml (100%)
 rename ansible/roles_ocp_workloads/{ocp4_workload_redhat_developer_hub_only => ocp4_workload_redhat_developer_hub_operator}/tasks/post_workload.yml (77%)
 rename ansible/roles_ocp_workloads/{ocp4_workload_redhat_developer_hub_only => ocp4_workload_redhat_developer_hub_operator}/tasks/pre_workload.yml (77%)
 rename ansible/roles_ocp_workloads/{ocp4_workload_redhat_developer_hub_only => ocp4_workload_redhat_developer_hub_operator}/tasks/remove_workload.yml (75%)
 rename ansible/roles_ocp_workloads/{ocp4_workload_redhat_developer_hub_only => ocp4_workload_redhat_developer_hub_operator}/tasks/setup_backstage.yml (100%)
 rename ansible/roles_ocp_workloads/{ocp4_workload_redhat_developer_hub_only => ocp4_workload_redhat_developer_hub_operator}/tasks/setup_backstage_repo.yml (100%)
 rename ansible/roles_ocp_workloads/{ocp4_workload_redhat_developer_hub_only => ocp4_workload_redhat_developer_hub_operator}/tasks/setup_rhsso.yml (100%)
 rename ansible/roles_ocp_workloads/{ocp4_workload_redhat_developer_hub_only => ocp4_workload_redhat_developer_hub_operator}/tasks/setup_templates.yml (100%)
 rename ansible/roles_ocp_workloads/{ocp4_workload_redhat_developer_hub_only => ocp4_workload_redhat_developer_hub_operator}/tasks/workload.yml (84%)
 rename ansible/roles_ocp_workloads/{ocp4_workload_redhat_developer_hub_only => ocp4_workload_redhat_developer_hub_operator}/templates/application-backstage-gitops.yml.j2 (100%)
 rename ansible/roles_ocp_workloads/{ocp4_workload_redhat_developer_hub_only => ocp4_workload_redhat_developer_hub_operator}/templates/application-devspaces.yml.j2 (100%)
 rename ansible/roles_ocp_workloads/{ocp4_workload_redhat_developer_hub_only => ocp4_workload_redhat_developer_hub_operator}/templates/application-rhsso-backstage.yml.j2 (100%)
 rename ansible/roles_ocp_workloads/{ocp4_workload_redhat_developer_hub_only => ocp4_workload_redhat_developer_hub_operator}/templates/cluster-role-binding-admin.yml.j2 (100%)
 rename ansible/roles_ocp_workloads/{ocp4_workload_redhat_developer_hub_only => ocp4_workload_redhat_developer_hub_operator}/templates/cluster-role-binding-default-sa-admin.yml.j2 (100%)
 rename ansible/roles_ocp_workloads/{ocp4_workload_redhat_developer_hub_only => ocp4_workload_redhat_developer_hub_operator}/templates/crb-default-sa-cluster-admin.yml.j2 (100%)
 rename ansible/roles_ocp_workloads/{ocp4_workload_redhat_developer_hub_only => ocp4_workload_redhat_developer_hub_operator}/templates/gitlab-runner-techdocs.yml.j2 (100%)
 rename ansible/roles_ocp_workloads/{ocp4_workload_redhat_developer_hub_only => ocp4_workload_redhat_developer_hub_operator}/templates/keycloak-admin-user-openshift.yml.j2 (100%)
 rename ansible/roles_ocp_workloads/{ocp4_workload_redhat_developer_hub_only => ocp4_workload_redhat_developer_hub_operator}/templates/keycloak-client-openshift.yml.j2 (100%)
 rename ansible/roles_ocp_workloads/{ocp4_workload_redhat_developer_hub_only => ocp4_workload_redhat_developer_hub_operator}/templates/keycloak-dev-user-openshift.yml.j2 (100%)
 rename ansible/roles_ocp_workloads/{ocp4_workload_redhat_developer_hub_only => ocp4_workload_redhat_developer_hub_operator}/templates/keycloak-realm-openshift.yml.j2 (100%)
 rename ansible/roles_ocp_workloads/{ocp4_workload_redhat_developer_hub_only => ocp4_workload_redhat_developer_hub_operator}/templates/oauth-keycloak-openshift.yml.j2 (100%)
 rename ansible/roles_ocp_workloads/{ocp4_workload_redhat_developer_hub_only => ocp4_workload_redhat_developer_hub_operator}/templates/object-bucket-claim.yml.j2 (100%)
 rename ansible/roles_ocp_workloads/{ocp4_workload_redhat_developer_hub_only => ocp4_workload_redhat_developer_hub_operator}/templates/script-get-registration-token.yml.j2 (100%)
 rename ansible/roles_ocp_workloads/{ocp4_workload_redhat_developer_hub_only => ocp4_workload_redhat_developer_hub_operator}/templates/secret-openid-client-openshift.yml.j2 (100%)

diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/README.md b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/README.md
similarity index 100%
rename from ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/README.md
rename to ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/README.md
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/defaults/main.yml b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/defaults/main.yml
similarity index 97%
rename from ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/defaults/main.yml
rename to ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/defaults/main.yml
index e12e447b655..050dcd266ab 100644
--- a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/defaults/main.yml
+++ b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/defaults/main.yml
@@ -27,7 +27,7 @@ ocp4_workload_redhat_developer_hub_users_password: "{{ common_password }}"
 
 ocp4_workload_redhat_developer_hub_vault_namespace: vault
 
- ocp4_workload_redhat_developer_hub_gitlab_template_locations:
+ocp4_workload_redhat_developer_hub_gitlab_template_locations:
   - group: janus-idp
     project: software-templates
     branch: main
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/create_devspace_user_namespaces.yml b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/create_devspace_user_namespaces.yml
similarity index 100%
rename from ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/create_devspace_user_namespaces.yml
rename to ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/create_devspace_user_namespaces.yml
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/fetch_and_apply_template.yml b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/fetch_and_apply_template.yml
similarity index 100%
rename from ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/fetch_and_apply_template.yml
rename to ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/fetch_and_apply_template.yml
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/main.yml b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/main.yml
similarity index 100%
rename from ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/main.yml
rename to ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/main.yml
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/post_workload.yml b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/post_workload.yml
similarity index 77%
rename from ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/post_workload.yml
rename to ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/post_workload.yml
index 2a37f6418a1..b259e8df93c 100644
--- a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/post_workload.yml
+++ b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/post_workload.yml
@@ -1,10 +1,4 @@
 ---
-# Implement your Post Workload deployment tasks here
-# --------------------------------------------------
-
-
-# Leave these as the last tasks in the playbook
-# ---------------------------------------------
 
 # For deployment onto a dedicated cluster (as part of the
 # cluster deployment) set workload_shared_deployment to False
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/pre_workload.yml b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/pre_workload.yml
similarity index 77%
rename from ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/pre_workload.yml
rename to ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/pre_workload.yml
index dddec0fa0b4..3164e542ad1 100644
--- a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/pre_workload.yml
+++ b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/pre_workload.yml
@@ -1,10 +1,4 @@
 ---
-# Implement your Pre Workload deployment tasks here
-# -------------------------------------------------
-
-
-# Leave these as the last tasks in the playbook
-# ---------------------------------------------
 
 # For deployment onto a dedicated cluster (as part of the
 # cluster deployment) set workload_shared_deployment to False
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/remove_workload.yml b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/remove_workload.yml
similarity index 75%
rename from ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/remove_workload.yml
rename to ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/remove_workload.yml
index 88225c6b7a5..de399741e4f 100644
--- a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/remove_workload.yml
+++ b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/remove_workload.yml
@@ -19,28 +19,6 @@
         storageclass.kubernetes.io/is-default-class="true"
     ignore_errors: true
 
-- name: Remove Ceph toolbox
-  when: ocp4_workload_gitops_amqstreams_install_toolbox | bool
-  kubernetes.core.k8s:
-    state: absent
-    definition: "{{ lookup('template', 'toolbox.yaml.j2') }}"
-
-- name: Remove Storage System
-  kubernetes.core.k8s:
-    state: absent
-    definition: "{{ lookup('template', 'storagesystem.yaml.j2') }}"
-
-- name: Wait until Storage System has been deleted
-  kubernetes.core.k8s_info:
-    api_version: odf.openshift.io/v1alpha1
-    kind: StorageSystem
-    name: ocs-storagecluster-storagesystem
-    namespace: "{{ ocp4_workload_gitops_amqstreams_namespace }}"
-  register: r_storage_system
-  until: r_storage_system.resources | length == 0
-  retries: 100
-  delay: 10
-
 - name: Remove Operator
   include_role:
     name: install_operator
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/setup_backstage.yml b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/setup_backstage.yml
similarity index 100%
rename from ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/setup_backstage.yml
rename to ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/setup_backstage.yml
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/setup_backstage_repo.yml b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/setup_backstage_repo.yml
similarity index 100%
rename from ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/setup_backstage_repo.yml
rename to ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/setup_backstage_repo.yml
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/setup_rhsso.yml b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/setup_rhsso.yml
similarity index 100%
rename from ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/setup_rhsso.yml
rename to ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/setup_rhsso.yml
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/setup_templates.yml b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/setup_templates.yml
similarity index 100%
rename from ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/setup_templates.yml
rename to ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/setup_templates.yml
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/workload.yml b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/workload.yml
similarity index 84%
rename from ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/workload.yml
rename to ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/workload.yml
index 39bda32d51b..b260cf95043 100644
--- a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/tasks/workload.yml
+++ b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/workload.yml
@@ -120,35 +120,35 @@
   - "RH Developer Hub user: {{ user_list }}"
   - "RH Developer Hub password: {{ ocp4_workload_redhat_developer_hub_users_password }}"
 
-#- name: Print Janus ArgoCD credentials
-#  agnosticd_user_info:
-#    msg: "{{ item }}"
-#  loop:
-#  - ""
-#  - "Your Janus ArgoCD login credentials:"
-#  - "ArgoCD: https://{{ ocp4_workload_redhat_developer_hub_argocd_host }}"
-#  - "ArgoCD user: admin"
-#  - "ArgoCD password: {{ common_password }}"
-
-#- name: Print GitLab credentials
-#  agnosticd_user_info:
-#    msg: "{{ item }}"
-#  loop:
-#  - ""
-#  - "Your GitLab login credentials:"
-#  - "GitLab: https://{{ ocp4_workload_redhat_developer_hub_gitlab_host }}"
-#  - "GitLab user: {{ user_list }}"
-#  - "GitLab password: {{ ocp4_workload_redhat_developer_hub_users_password }}"
-
-#- name: Print Devspaces credentials
-#  agnosticd_user_info:
-#    msg: "{{ item }}"
-#  loop:
-#  - ""
-#  - "Your Devspaces login credentials:"
-#  - "Devspaces: https://{{ ocp4_workload_redhat_developer_hub_devspaces_host }}"
-#  - "Devspaces user: {{ user_list }}"
-#  - "Devspaces password: {{ ocp4_workload_redhat_developer_hub_users_password }}"
+- name: Print Janus ArgoCD credentials
+  agnosticd_user_info:
+   msg: "{{ item }}"
+  loop:
+  - ""
+  - "Your Janus ArgoCD login credentials:"
+  - "ArgoCD: https://{{ ocp4_workload_redhat_developer_hub_argocd_host }}"
+  - "ArgoCD user: admin"
+  - "ArgoCD password: {{ common_password }}"
+
+- name: Print GitLab credentials
+  agnosticd_user_info:
+    msg: "{{ item }}"
+  loop:
+  - ""
+  - "Your GitLab login credentials:"
+  - "GitLab: https://{{ ocp4_workload_redhat_developer_hub_gitlab_host }}"
+  - "GitLab user: {{ user_list }}"
+  - "GitLab password: {{ ocp4_workload_redhat_developer_hub_users_password }}"
+
+- name: Print Devspaces credentials
+  agnosticd_user_info:
+    msg: "{{ item }}"
+  loop:
+  - ""
+  - "Your Devspaces login credentials:"
+  - "Devspaces: https://{{ ocp4_workload_redhat_developer_hub_devspaces_host }}"
+  - "Devspaces user: {{ user_list }}"
+  - "Devspaces password: {{ ocp4_workload_redhat_developer_hub_users_password }}"
 
 # Leave this as the last task in the playbook.
 # --------------------------------------------
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/application-backstage-gitops.yml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/templates/application-backstage-gitops.yml.j2
similarity index 100%
rename from ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/application-backstage-gitops.yml.j2
rename to ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/templates/application-backstage-gitops.yml.j2
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/application-devspaces.yml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/templates/application-devspaces.yml.j2
similarity index 100%
rename from ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/application-devspaces.yml.j2
rename to ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/templates/application-devspaces.yml.j2
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/application-rhsso-backstage.yml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/templates/application-rhsso-backstage.yml.j2
similarity index 100%
rename from ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/application-rhsso-backstage.yml.j2
rename to ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/templates/application-rhsso-backstage.yml.j2
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/cluster-role-binding-admin.yml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/templates/cluster-role-binding-admin.yml.j2
similarity index 100%
rename from ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/cluster-role-binding-admin.yml.j2
rename to ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/templates/cluster-role-binding-admin.yml.j2
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/cluster-role-binding-default-sa-admin.yml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/templates/cluster-role-binding-default-sa-admin.yml.j2
similarity index 100%
rename from ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/cluster-role-binding-default-sa-admin.yml.j2
rename to ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/templates/cluster-role-binding-default-sa-admin.yml.j2
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/crb-default-sa-cluster-admin.yml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/templates/crb-default-sa-cluster-admin.yml.j2
similarity index 100%
rename from ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/crb-default-sa-cluster-admin.yml.j2
rename to ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/templates/crb-default-sa-cluster-admin.yml.j2
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/gitlab-runner-techdocs.yml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/templates/gitlab-runner-techdocs.yml.j2
similarity index 100%
rename from ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/gitlab-runner-techdocs.yml.j2
rename to ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/templates/gitlab-runner-techdocs.yml.j2
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/keycloak-admin-user-openshift.yml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/templates/keycloak-admin-user-openshift.yml.j2
similarity index 100%
rename from ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/keycloak-admin-user-openshift.yml.j2
rename to ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/templates/keycloak-admin-user-openshift.yml.j2
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/keycloak-client-openshift.yml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/templates/keycloak-client-openshift.yml.j2
similarity index 100%
rename from ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/keycloak-client-openshift.yml.j2
rename to ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/templates/keycloak-client-openshift.yml.j2
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/keycloak-dev-user-openshift.yml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/templates/keycloak-dev-user-openshift.yml.j2
similarity index 100%
rename from ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/keycloak-dev-user-openshift.yml.j2
rename to ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/templates/keycloak-dev-user-openshift.yml.j2
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/keycloak-realm-openshift.yml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/templates/keycloak-realm-openshift.yml.j2
similarity index 100%
rename from ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/keycloak-realm-openshift.yml.j2
rename to ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/templates/keycloak-realm-openshift.yml.j2
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/oauth-keycloak-openshift.yml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/templates/oauth-keycloak-openshift.yml.j2
similarity index 100%
rename from ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/oauth-keycloak-openshift.yml.j2
rename to ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/templates/oauth-keycloak-openshift.yml.j2
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/object-bucket-claim.yml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/templates/object-bucket-claim.yml.j2
similarity index 100%
rename from ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/object-bucket-claim.yml.j2
rename to ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/templates/object-bucket-claim.yml.j2
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/script-get-registration-token.yml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/templates/script-get-registration-token.yml.j2
similarity index 100%
rename from ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/script-get-registration-token.yml.j2
rename to ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/templates/script-get-registration-token.yml.j2
diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/secret-openid-client-openshift.yml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/templates/secret-openid-client-openshift.yml.j2
similarity index 100%
rename from ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_only/templates/secret-openid-client-openshift.yml.j2
rename to ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/templates/secret-openid-client-openshift.yml.j2

From e1e79670a04256f375259320283d1e42d2838b49 Mon Sep 17 00:00:00 2001
From: bbethell-1 <bbethell@redhat.com>
Date: Wed, 6 Mar 2024 13:45:47 +0000
Subject: [PATCH 4/9] setup gitlab

---
 .../tasks/setup_gitlab.yml                    | 124 ++++++++++++++++++
 1 file changed, 124 insertions(+)
 create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/setup_gitlab.yml

diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/setup_gitlab.yml b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/setup_gitlab.yml
new file mode 100644
index 00000000000..5b739e6f8af
--- /dev/null
+++ b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/setup_gitlab.yml
@@ -0,0 +1,124 @@
+---
+- name: Retrieve root private token
+  kubernetes.core.k8s_info:
+    api_version: v1
+    kind: Secret
+    name: root-user-personal-token
+    namespace: "{{ ocp4_workload_redhat_developer_hub_gitlab_namespace }}"
+  register: r_root_token
+  retries: 120
+  delay: 10
+  until:
+  - r_root_token is defined
+  - r_root_token.resources is defined
+  - r_root_token.resources | length > 0
+  - r_root_token.resources[0] is defined
+  - r_root_token.resources[0].data is defined
+  - r_root_token.resources[0].data.token is defined
+  - r_root_token.resources[0].data.token | length > 0
+
+- name: Decode root token
+  set_fact:
+    ocp4_workload_redhat_developer_hub_gitlab_root_token: "{{ r_root_token.resources[0].data.token | b64decode }}"
+
+- name: Create vault secret for gitlab token
+  shell: |
+    oc exec vault-0 -n {{ ocp4_workload_redhat_developer_hub_vault_namespace
+    }} -- vault kv put kv/secrets/janusidp/gitlab token={{ ocp4_workload_redhat_developer_hub_gitlab_root_token }}
+    oc exec vault-0 -n {{ ocp4_workload_redhat_developer_hub_vault_namespace
+    }} -- vault kv put kv/secrets/janusidp/gitlab_webhook secret={{ lookup('password', '/dev/null chars=ascii_lowercase length=12') }}
+
+- name: Create Keycloak GitLab application
+  ansible.builtin.uri:
+    url: https://{{ ocp4_workload_redhat_developer_hub_gitlab_host }}/api/v4/applications
+    method: POST
+    body_format: form-urlencoded
+    body:
+      name: keycloak
+      redirect_uri: https://{{ ocp4_workload_redhat_developer_hub_keycloak_host }}/auth/realms/backstage/broker/GitLab/endpoint
+      scopes: api read_user read_repository write_repository sudo openid profile email
+      confidential: false
+    headers:
+      PRIVATE-TOKEN: "{{ ocp4_workload_redhat_developer_hub_gitlab_root_token }}"
+    validate_certs: false
+    status_code: [201]
+  register: r_keycloak_app
+  retries: 60
+  delay: 10
+  until: r_keycloak_app.status == 201
+
+- name: Get Keycloak client credentials
+  set_fact:
+    ocp4_workload_redhat_developer_hub_keycloak_client_id: "{{ r_keycloak_app.json.application_id }}"
+    ocp4_workload_redhat_developer_hub_keycloak_client_secret: "{{ r_keycloak_app.json.secret }}"
+
+- name: Create Devspaces GitLab application
+  ansible.builtin.uri:
+    url: https://{{ ocp4_workload_redhat_developer_hub_gitlab_host }}/api/v4/applications
+    method: POST
+    body_format: form-urlencoded
+    body:
+      name: devspaces
+      redirect_uri: https://{{ ocp4_workload_redhat_developer_hub_devspaces_host }}/api/oauth/callback
+      scopes: api read_user read_repository write_repository sudo openid profile email
+      confidential: false
+    headers:
+      PRIVATE-TOKEN: "{{ ocp4_workload_redhat_developer_hub_gitlab_root_token }}"
+    validate_certs: false
+    status_code: [201]
+  register: r_devspaces_app
+  retries: 60
+  delay: 10
+  until: r_devspaces_app.status == 201
+
+- name: Get Keycloak client credentials
+  set_fact:
+    ocp4_workload_redhat_developer_hub_devspaces_client_id: "{{ r_devspaces_app.json.application_id }}"
+    ocp4_workload_redhat_developer_hub_devspaces_client_secret: "{{ r_devspaces_app.json.secret }}"
+
+- name: List Gitlab users
+  ansible.builtin.uri:
+    url: https://{{ ocp4_workload_redhat_developer_hub_gitlab_host }}/api/v4/users
+    method: GET
+    headers:
+      PRIVATE-TOKEN: "{{ ocp4_workload_redhat_developer_hub_gitlab_root_token }}"
+    validate_certs: false
+    status_code: 200
+  register: r_users
+
+- name: Create development group
+  ansible.builtin.uri:
+    url: https://{{ ocp4_workload_redhat_developer_hub_gitlab_host }}/api/v4/groups
+    method: POST
+    body_format: form-urlencoded
+    body:
+      name: development
+      path: development
+      visibility: public
+    headers:
+      PRIVATE-TOKEN: "{{ ocp4_workload_redhat_developer_hub_gitlab_root_token }}"
+    validate_certs: false
+    status_code: 201
+  register: r_group
+  retries: 100
+  delay: 5
+  until: r_group.status == 201
+
+- name: Add users to development group
+  when: item.username.startswith('user')
+  ansible.builtin.uri:
+    url: https://{{ ocp4_workload_redhat_developer_hub_gitlab_host }}/api/v4/groups/{{ r_group.json.id }}/members
+    method: POST
+    body_format: form-urlencoded
+    body:
+      user_id: "{{ item.id }}"
+      access_level: 50
+    headers:
+      PRIVATE-TOKEN: "{{ ocp4_workload_redhat_developer_hub_gitlab_root_token }}"
+    validate_certs: false
+    status_code: 201
+  register: r_group_user
+  retries: 100
+  delay: 5
+  until: r_group_user.status == 201
+  loop: "{{ r_users.json }}"

From 9f016145c3fa6dbfc11f1db517ae2ef669cb5c7d Mon Sep 17 00:00:00 2001
From: bbethell-1 <bbethell@redhat.com>
Date: Wed, 6 Mar 2024 13:46:45 +0000
Subject: [PATCH 5/9] runner

---
 .../tasks/setup_gitlab_runner.yml             | 98 +++++++++++++++++++
 1 file changed, 98 insertions(+)
 create mode 100644 ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/setup_gitlab_runner.yml

diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/setup_gitlab_runner.yml b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/setup_gitlab_runner.yml
new file mode 100644
index 00000000000..bf73722c8a2
--- /dev/null
+++ b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/setup_gitlab_runner.yml
@@ -0,0 +1,98 @@
+---
+- name: Install GitLab Runner Operator
+  block:
+  - name: Install GitLab Runner Operator
+    include_role:
+      name: install_operator
+    vars:
+      install_operator_action: install
+      install_operator_name: gitlab-runner-operator
+      install_operator_namespace: openshift-operators
+      install_operator_channel: stable
+      install_operator_catalog: certified-operators
+      install_operator_packagemanifest_name: gitlab-runner-operator
+      install_operator_automatic_install_plan_approval: true
+      install_operator_csv_nameprefix: gitlab-runner-operator
+
+- name: Template out registration token script
+  ansible.builtin.template:
+    src: templates/script-get-registration-token.yml.j2
+    dest: /home/ec2-user/create-registration-token.sh
+
+- name: Create registration token secret
+  shell: |
+    sh /home/ec2-user/create-registration-token.sh
+
+- name: Create GitLab Runner instance
+  kubernetes.core.k8s:
+    state: present
+    definition: "{{ lookup('template', 'gitlab-runner-techdocs.yml.j2' ) | from_yaml }}"
+
+- name: Retrieve bucket secret
+  kubernetes.core.k8s_info:
+    api_version: v1
+    kind: Secret
+    name: backstage-bucket-claim
+    namespace: "{{ ocp4_workload_redhat_developer_hub_backstage_namespace }}"
+  register: r_bucket_secret
+  retries: 120
+  delay: 10
+  until:
+  - r_bucket_secret is defined
+  - r_bucket_secret.resources is defined
+  - r_bucket_secret.resources | length > 0
+
+- name: Retrieve bucket config
+  kubernetes.core.k8s_info:
+    api_version: v1
+    kind: ConfigMap
+    name: backstage-bucket-claim
+    namespace: "{{ ocp4_workload_redhat_developer_hub_backstage_namespace }}"
+  register: r_bucket_config
+  retries: 120
+  delay: 10
+  until:
+  - r_bucket_config is defined
+  - r_bucket_config.resources is defined
+  - r_bucket_config.resources | length > 0
+
+- name: Retrieve s3 bucket route
+  kubernetes.core.k8s_info:
+    api_version: route.openshift.io/v1
+    kind: Route
+    name: s3
+    namespace: openshift-storage
+  register: r_s3_route
+  until:
+  - r_s3_route is defined
+  - r_s3_route.resources is defined
+  - r_s3_route.resources | length > 0
+
+- name: Create CI/CD Variables
+  ansible.builtin.uri:
+    url: https://{{ ocp4_workload_redhat_developer_hub_gitlab_host }}/api/v4/admin/ci/variables
+    method: POST
+    body_format: json
+    body:
+      "key": "{{ item.name }}"
+      "variable_type": "env_var"
+      "value": "{{ item.value }}"
+      "protected": false
+      "masked": false
+      "raw": false
+      "environment_scope": "*"
+    headers:
+      PRIVATE-TOKEN: "{{ ocp4_workload_redhat_developer_hub_gitlab_root_token }}"
+    validate_certs: false
+    status_code: [201]
+  loop:
+  - name: TECHDOCS_S3_BUCKET_NAME
+    value: "{{ r_bucket_config.resources[0].data.BUCKET_NAME }}"
+  - name: AWS_ACCESS_KEY_ID
+    value: "{{ r_bucket_secret.resources[0].data.AWS_ACCESS_KEY_ID | b64decode }}"
+  - name: AWS_SECRET_ACCESS_KEY
+    value: "{{ r_bucket_secret.resources[0].data.AWS_SECRET_ACCESS_KEY | b64decode }}"
+  - name: AWS_REGION
+    value: us-east-2
+  - name: AWS_ENDPOINT
+    value: "https://{{ r_s3_route.resources[0].spec.host }}"
\ No newline at end of file

From 3c54452aa7ae2d19f4dad1fc908dab1f3254ea63 Mon Sep 17 00:00:00 2001
From: bbethell-1 <bbethell@redhat.com>
Date: Wed, 6 Mar 2024 13:48:45 +0000
Subject: [PATCH 6/9] runner

---
 .../tasks/workload.yml                                          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/workload.yml b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/workload.yml
index b260cf95043..2ff42594c71 100644
--- a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/workload.yml
+++ b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/workload.yml
@@ -50,7 +50,7 @@
   include_tasks:
     file: ./setup_backstage.yml
 
-- name: Setup Gitlab dependencies
+- name: Setup Gitlab dependencies Runner
   include_tasks:
     file: ./setup_gitlab_runner.yml
 

From 13dabbbc8b74d6ae956970eaf45b46e1f92830c9 Mon Sep 17 00:00:00 2001
From: bbethell-1 <bbethell@redhat.com>
Date: Wed, 6 Mar 2024 13:49:28 +0000
Subject: [PATCH 7/9] fix

---
 .../tasks/workload.yml                                      | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/workload.yml b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/workload.yml
index 2ff42594c71..503c4db2fa2 100644
--- a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/workload.yml
+++ b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/workload.yml
@@ -31,9 +31,9 @@
     ocp4_workload_redhat_developer_hub_quay_host: quay-{{ guid }}.{{
      r_ingress_config.resources[0].spec.domain }}
 
-- name: Setup Gitlab dependencies
-  include_tasks:
-    file: ./setup_gitlab.yml
+#- name: Setup Gitlab dependencies
+#  include_tasks:
+#    file: ./setup_gitlab.yml
 
 - name: Setup RHSSO dependencies
   include_tasks:

From 5dcc9313a44de334d81fb6816ce471bb03ca9b3e Mon Sep 17 00:00:00 2001
From: bbethell-1 <bbethell@redhat.com>
Date: Wed, 6 Mar 2024 13:50:00 +0000
Subject: [PATCH 8/9] fix workload

---
 .../tasks/workload.yml                         | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/workload.yml b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/workload.yml
index 503c4db2fa2..273cce64d12 100644
--- a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/workload.yml
+++ b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/workload.yml
@@ -39,20 +39,20 @@
   include_tasks:
     file: ./setup_rhsso.yml
 
-- name: Setup Gitlab repo dependencies
-  include_tasks:
-    file: ./setup_templates.yml
-  loop: "{{ ocp4_workload_redhat_developer_hub_gitlab_template_locations }}"
-  loop_control:
-    loop_var: location
+#- name: Setup Gitlab repo dependencies
+#  include_tasks:
+#    file: ./setup_templates.yml
+#  loop: "{{ ocp4_workload_redhat_developer_hub_gitlab_template_locations }}"
+#  loop_control:
+#    loop_var: location
 
 - name: Setup Backstage dependencies
   include_tasks:
     file: ./setup_backstage.yml
 
-- name: Setup Gitlab dependencies Runner
-  include_tasks:
-    file: ./setup_gitlab_runner.yml
+#- name: Setup Gitlab dependencies Runner
+#  include_tasks:
+#    file: ./setup_gitlab_runner.yml
 
 - name: Setup Devspaces dependencies
   include_tasks:

From 937df15b31e42509ee2f687b52716cae4209fb4a Mon Sep 17 00:00:00 2001
From: bbethell-1 <bbethell@redhat.com>
Date: Wed, 6 Mar 2024 13:55:23 +0000
Subject: [PATCH 9/9] git pull

---
 .../tasks/workload.yml                        | 24 +++++++++----------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/workload.yml b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/workload.yml
index 273cce64d12..2ff42594c71 100644
--- a/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/workload.yml
+++ b/ansible/roles_ocp_workloads/ocp4_workload_redhat_developer_hub_operator/tasks/workload.yml
@@ -31,28 +31,28 @@
     ocp4_workload_redhat_developer_hub_quay_host: quay-{{ guid }}.{{
      r_ingress_config.resources[0].spec.domain }}
 
-#- name: Setup Gitlab dependencies
-#  include_tasks:
-#    file: ./setup_gitlab.yml
+- name: Setup Gitlab dependencies
+  include_tasks:
+    file: ./setup_gitlab.yml
 
 - name: Setup RHSSO dependencies
   include_tasks:
     file: ./setup_rhsso.yml
 
-#- name: Setup Gitlab repo dependencies
-#  include_tasks:
-#    file: ./setup_templates.yml
-#  loop: "{{ ocp4_workload_redhat_developer_hub_gitlab_template_locations }}"
-#  loop_control:
-#    loop_var: location
+- name: Setup Gitlab repo dependencies
+  include_tasks:
+    file: ./setup_templates.yml
+  loop: "{{ ocp4_workload_redhat_developer_hub_gitlab_template_locations }}"
+  loop_control:
+    loop_var: location
 
 - name: Setup Backstage dependencies
   include_tasks:
     file: ./setup_backstage.yml
 
-#- name: Setup Gitlab dependencies Runner
-#  include_tasks:
-#    file: ./setup_gitlab_runner.yml
+- name: Setup Gitlab dependencies Runner
+  include_tasks:
+    file: ./setup_gitlab_runner.yml
 
 - name: Setup Devspaces dependencies
   include_tasks: