feat: add ESXi host support for dedicated migration networks

inventory.yml

@@ -167,6 +167,15 @@ migration_spoke:
       #    insecureSkipTlsVerify: true
       #    mapping:
       #      create: true
+      #    esxi_hosts:
+      #      - id: host-1
+      #        password: pass1
+      #        ip: 10.10.10.123
+      #        user: root
+      #      - id: host-2
+      #        password: pass2
+      #        ip: 10.10.10.123
+      #        user: root
 
       ## Example Migration Target (uncomment to use as a baseline)
       #  - name: rhev-target-1 # Required
@@ -177,5 +186,6 @@ migration_spoke:
       #    password: changeme
       #    insecureSkipTlsVerify: true
       #    mapping:
-      #       create: true
+      #      create: true
+
 ...

playbooks/mtv_provider_vmware.yml

@@ -4,6 +4,18 @@
   connection: local
   gather_facts: false
   tasks:
+    - name: Validate ESXi hosts input format (Try Wrapper)
+      block:
+        - name: Attempt to parse ESXi hosts JSON
+          ansible.builtin.set_fact:
+            _parsed_esxi_hosts: "{{ vmware_esxi_hosts | default('[]', true) | from_json }}"
+      rescue:
+        - name: Fail gracefully on invalid JSON
+          ansible.builtin.fail:
+            msg: >-
+              Validation Error: The 'esxi_hosts' input provided is not valid JSON. 
+              Please verify the format in your AAP credential or variable input.
+
     - name: MTV VMware Provider
       ansible.builtin.import_role:
         name: infra.openshift_virtualization_migration.mtv_management
@@ -21,4 +33,5 @@
             secretRef: "{{ vmware_credentials_secret_ref | default(omit, true) }}"
             vddk:
               image: "{{ vmware_vddk_init_image | default(omit, true) }}"
-...
+            esxi_hosts: "{{ _parsed_esxi_hosts }}"
+...

roles/aap_seed/defaults/main.yml

@@ -430,6 +430,10 @@ aap_seed_controller_credential_types:
         - id: provider_name
           type: string
           label: Provider source
+        - id: esxi_host_list
+          type: string
+          label: ESXi configurations for migration network
+          multiline: true
       required:
         - name
         - host
@@ -446,6 +450,7 @@ aap_seed_controller_credential_types:
         vmware_vddk_init_image_password: "{% raw %}{  { vddk_init_image_password }}{% endraw %}"
         vmware_vddk_init_image_credentials_secret: "{% raw %}{  { vddk_init_image_credentials_secret }}{% endraw %}"
         provider: "{% raw %}{  { provider_name }}{% endraw %}"
+        vmware_esxi_hosts: "{% raw %}{  { esxi_host_list }}{% endraw %}"
       env:
         VMWARE_HOST: "{% raw %}{  { host }}{% endraw %}"
         VMWARE_USER: "{% raw %}{  { username }}{% endraw %}"

roles/aap_seed/templates/vmware/target_credential.yml.j2

@@ -24,3 +24,8 @@ inputs:
   vddk_init_image_credentials_secret: {{ migration_target['vddk']['credentialsSecret'] }}
 {% endif %}
 {% endif %}
+
+{% if 'esxi_hosts' in migration_target and migration_target['esxi_hosts'] is not none %}
+  esxi_host_list: |
+    {{ migration_target.esxi_hosts | to_json }}
+{% endif %}

roles/mtv_management/tasks/_mtv_provider_vmware.yml

@@ -85,4 +85,62 @@
   until:
     - mtv_management_r_vmware_provider.result is defined
     - mtv_management_r_vmware_provider.result | length > 0
+
+- name: _mtv_provider_vmware | Validate ESXi host properties
+  ansible.builtin.assert:
+    that:
+      - "'id' in vmware_esxi"
+      - "'ip' in vmware_esxi"
+      - "'user' in vmware_esxi"
+      - "'password' in vmware_esxi"
+    quiet: true
+    fail_msg: "ESXi host entry '{{ vmware_esxi.id | default('UNKNOWN') }}' is missing required fields (id, ip, user, password)"
+  loop: "{{ mtv_management_populated_vmware_target.esxi_hosts | default([]) }}"
+  loop_control:
+    loop_var: vmware_esxi
+  when:
+    - mtv_management_populated_vmware_target.esxi_hosts is defined
+    - mtv_management_populated_vmware_target.esxi_hosts | length > 0
+
+- name: _mtv_provider_vmware | Create VMware Host credentials secret
+  redhat.openshift.k8s:
+    state: present
+    definition:
+      apiVersion: v1
+      kind: Secret
+      type: Opaque
+      metadata:
+        name: "{{ mtv_management_populated_vmware_target['name'] }}-{{ vmware_esxi.id }}-secret"
+        namespace: "{{ mtv_management_provider_namespace }}"
+      data:
+        insecureSkipVerify: "{{ (vmware_esxi.insecureSkipTlsVerify | default(mtv_management_vmware_provider_insecure_skip_tls_verify) | bool) | b64encode if 'certificate' not in vmware_esxi or vmware_esxi['certificate'] | default('') | trim | length == 0 else false | b64encode }}" # noqa: yaml[line-length]
+        password: "{{ vmware_esxi.password | b64encode }}"
+        user: "{{ vmware_esxi.user | b64encode }}"
+        ip: "{{ vmware_esxi.ip | b64encode }}"
+        provider: "{{ mtv_management_populated_vmware_target['name'] | b64encode }}"
+    apply: true
+  loop: "{{ mtv_management_populated_vmware_target.esxi_hosts | default([]) }}"
+  loop_control:
+    loop_var: vmware_esxi
+  when:
+    - mtv_management_populated_vmware_target.esxi_hosts is defined
+    - mtv_management_populated_vmware_target.esxi_hosts | length > 0
+
+- name: _mtv_provider_vmware | Create VMware Host resource
+  redhat.openshift.k8s:
+    state: present
+    definition: "{{ (lookup('ansible.builtin.template', 'vmware_esxi_skeleton.yml.j2') | from_yaml) }}"
+    apply: true
+  register: mtv_management_r_vmware_esxi
+  retries: 100
+  delay: 10
+  until:
+    - mtv_management_r_vmware_esxi.result is defined
+    - mtv_management_r_vmware_esxi.result | length > 0
+  loop: "{{ mtv_management_populated_vmware_target.esxi_hosts | default([]) }}"
+  loop_control:
+    loop_var: vmware_esxi
+  when: 
+    - mtv_management_populated_vmware_target.esxi_hosts is defined
+    - mtv_management_populated_vmware_target.esxi_hosts | length > 0
 ...

roles/mtv_management/templates/vmware_esxi_skeleton.yml.j2

@@ -0,0 +1,14 @@
+apiVersion: forklift.konveyor.io/v1beta1
+kind: Host
+metadata:
+  name: "{{ mtv_management_populated_vmware_target['name'] }}-{{ vmware_esxi.id }}-config"
+  namespace: "{{ mtv_management_provider_namespace }}"
+spec:
+  id: "{{ vmware_esxi.id }}"
+  ipAddress: "{{ vmware_esxi.ip }}"
+  provider:
+    name: "{{ mtv_management_populated_vmware_target['name'] }}"
+    namespace: "{{ mtv_management_provider_namespace }}"
+  secret:
+    name: "{{ mtv_management_populated_vmware_target['name'] }}-{{ vmware_esxi.id }}-secret"
+    namespace: "{{ mtv_management_provider_namespace }}"