FTL (Finish The Labs)

Automated grading and solving for Red Hat Demo Platform (RHDP) labs.

Architecture

  Laptop                              Bastion Host
  ──────                              ────────────
  export OCP_API_URL=...              export OPENSHIFT_CLUSTER_INGRESS_DOMAIN=...
  grade_lab lab user1 --podman        grade_lab lab user1 --ansible
       │                                   │
       ▼                                   ▼
  quay.io/rhpds/ftl               ansible-playbook
  (container)                     (direct)
       │                                   │
       └──────────────┬────────────────────┘
                      ▼
              OCP / AAP APIs

  User passwords auto-discovered from Showroom ConfigMap — no need to set manually.

Quick Start

# OCP-based labs (--podman from laptop)
# User passwords are discovered automatically from the cluster — no PASSWORD needed
export OCP_API_URL="https://api.cluster-xxx.dynamic.redhatworkshops.io:6443"
export OCP_ADMIN_PASSWORD="<admin-password>"
export OPENSHIFT_CLUSTER_INGRESS_DOMAIN="apps.cluster-xxx.dynamic.redhatworkshops.io"

grade_lab <lab-name> user1 --podman    # single user
grade_lab <lab-name> all   --podman    # all users in parallel (load test)

# AAP-based labs (RIPU)
export AAP_HOSTNAME="https://controller-xxx.apps.example.com"
export AAP_PASSWORD="<aap-password>"

grade_lab automating-ripu-with-ansible 1 --podman

Solve then verify:

solve_lab <lab-name> user1 --podman
grade_lab <lab-name> user1 --podman    # expect: SUCCESS 0 Errors

Running Modes

--podman (Laptop)

Requires podman. Pulls quay.io/rhpds/ftl:latest and runs FTL inside a container.

# Clone FTL and add to PATH (first time only)
git clone https://github.com/rhpds/ftl.git ~/ftl
echo 'export PATH="$HOME/ftl/bin:$PATH"' >> ~/.zshrc && source ~/.zshrc

# Set credentials — user passwords are auto-discovered, no PASSWORD needed
export OCP_API_URL="https://api.cluster-xxx.dynamic.redhatworkshops.io:6443"
export OCP_ADMIN_PASSWORD="<admin-password>"
export OPENSHIFT_CLUSTER_INGRESS_DOMAIN="apps.cluster-xxx.dynamic.redhatworkshops.io"

grade_lab mcp-with-openshift user1 1 --podman

--ansible (Bastion)

Requires ansible-playbook. Runs FTL directly on the bastion host.

# Install FTL (first time only)
git clone https://github.com/rhpds/ftl.git ~/ftl
bash ~/ftl/bin/setup_ftl
echo 'export PATH="$HOME/ftl/bin:$PATH"' >> ~/.bashrc && source ~/.bashrc

export OPENSHIFT_CLUSTER_INGRESS_DOMAIN="apps.cluster-xxx.example.com"
grade_lab mcp-with-openshift user1 1 --ansible

Load Testing

Use all as the user — automatically discovers users from showroom namespaces and runs in parallel:

# All users, single module
grade_lab mcp-with-openshift all 1 --podman

# All users, all modules
grade_lab mcp-with-openshift all --podman

Users are discovered from showroom-*-userN namespaces in the cluster. Each user’s password is read from their showroom-userdata ConfigMap automatically.

Available Labs

Lab	Description	Modules	Checkpoints
mcp-with-openshift	MCP servers, LibreChat, Gitea, LiteMaaS	4	35
ocp4-getting-started	Parksmap, S2I builds, MongoDB, Tekton pipelines	3	30
automating-ripu-with-ansible	RHEL in-place upgrades via AAP 2.6	3	57

Each lab README has the exact export + grade_lab/solve_lab commands for that specific lab.

Environment Variables

Variable	Description	Required for
OCP_API_URL	OCP API URL — used to discover user credentials from cluster	--podman, OCP labs
OCP_ADMIN_PASSWORD	OCP admin password — only for credential discovery	--podman, OCP labs
OPENSHIFT_CLUSTER_INGRESS_DOMAIN	OCP cluster apps domain	OCP labs
PASSWORD	User password — auto-discovered from Showroom ConfigMap when OCP_API_URL is set. Only set manually for bastion (--ansible) mode.	Bastion only
LAB_USER	Student username (auto-set from arg)	Auto
AAP_HOSTNAME	AAP Controller URL	RIPU
AAP_PASSWORD	AAP password	RIPU
AAP_USERNAME	AAP username (default: lab-user)	RIPU
GITEA_ADMIN_USER	Gitea admin username — auto-discovered from Showroom ConfigMap	Override only
GITEA_ADMIN_PASSWORD	Gitea admin password — auto-discovered from Showroom ConfigMap	Override only
FTL_IMAGE	Override container image (default: quay.io/rhpds/ftl:latest)	Dev only
FTL_REPORT_DIR	Local directory for grading reports (default: ~/ftl-reports)	--podman only

Developer Guide

• Grader Roles Reference — all 22+ roles with parameters and examples

• Lab Template — starting point for new labs

Creating a New Lab

cp -r labs/lab-template labs/my-new-lab
# Edit grade_module_01.yml and solve_module_01.yml
grade_lab my-new-lab student 1 --podman

Key Rules

• Use kubernetes.core.k8s_info — never oc CLI (crashes on arm64 emulation)

• Provide full Deployment spec on creation — partial patches fail if object doesn’t exist

• For S2I: create ImageStream BEFORE BuildConfig

See Grader Roles Reference for full details.

Container Image

podman build --platform linux/amd64 -t quay.io/rhpds/ftl:latest -f Containerfile .
podman push quay.io/rhpds/ftl:latest

UBI9-based (linux/amd64): ansible-core + kubernetes.core + oc 4.18. FTL labs cloned from GitHub at container startup — no rebuild needed for grader changes.

License

Apache-2.0