/ftl:rhdp-lab-validator
๐ RHDP ZT Lab Validator
Generate runtime-automation/module-N/{solve,validation,setup}.yml playbooks for RHDP showroom labs using the Zero Touch (nookbag) grading system. Works for OCP tenant, OCP dedicated+bastion, RHEL VM+bastion, and AAP labs.
Different from
/ftl:lab-validatorโ that skill generates external FTL grader containers (grade_lab/solve_lab). This skill generates inline runtime-automation playbooks that run inside the showroom runner sidecar, powering the Solve/Validate buttons in the nookbag UI.
Workflow Overview
โถ /ftl:rhdp-lab-validator
โ
Step 0 โ First question
What type of lab?
1. OCP multi-user โ shared cluster, student gets scoped namespaces
2. OCP dedicated โ student has cluster-admin, lab has a bastion VM
3. RHEL VM โ bastion + node VMs, runner runs ON the bastion
This determines runner location, SSH patterns, kubernetes.core vs shell.
2. OCP dedicated โ student has cluster-admin, lab has a bastion VM
3. RHEL VM โ bastion + node VMs, runner runs ON the bastion
This determines runner location, SSH patterns, kubernetes.core vs shell.
โ
Step 1 โ Immediately
Showroom Repo โ Scaffold
Read titles only (
Generate:
Commit + push. Do NOT order yet.
= Title per .adoc) for module count and labels.Generate:
ui-config.yml ยท verify site.yml nookbag v0.0.3 ยท runtime-automation/module-N/ stubsCommit + push. Do NOT order yet.
โ
Step 2 โ Optional
AgV Catalog โ Check ZT Roles
Reads
Missing โ offer to create branch and add it
Once both scaffold + AgV ready:
"Order the lab from integration.demo.redhat.com"
workloads: only โ is the FTL ZT role present?Missing โ offer to create branch and add it
Once both scaffold + AgV ready:
"Order the lab from integration.demo.redhat.com"
๐ก /rename ZT grading โ <lab-name> to resume after wait
โ
Step 3 โ While env provisions
Existing Scripts?
Share any
Claude reads them and auto-generates matching validation tasks.
Nothing โ generate from scratch in Step 5.
.sh scripts or playbooks โ module by module.Claude reads them and auto-generates matching validation tasks.
Nothing โ generate from scratch in Step 5.
โ
Step 4 โ Required
GUID Ready โ Connect
OCP (types 1 + 2):
Claude verifies: zt-runner SA ยท kubeconfig Secret ยท RoleBindings
RHEL VM (type 3):
Share bastion host / port / password โ Claude SSHes to check runner
Confirm
oc login <api-url> --token <admin-token> --insecure-skip-tls-verifyClaude verifies: zt-runner SA ยท kubeconfig Secret ยท RoleBindings
RHEL VM (type 3):
Share bastion host / port / password โ Claude SSHes to check runner
Confirm
/runner/api/config returns module list.
โ
Step 5 โ ONE MODULE AT A TIME
Read Module N .adoc โ Generate
Full content read of this module only. Extract every student task.
Auto-detect manual steps (browser/GitHub) โ โ ๏ธ warning pattern.
Generate
STOP. Give curl commands immediately.
Auto-detect manual steps (browser/GitHub) โ โ ๏ธ warning pattern.
Generate
solve.yml + validation.yml โ multi-task โ
/โ mandatory.STOP. Give curl commands immediately.
OCP:
curl -sk https://<showroom>/runner/api/module-N/solveRHEL:
curl -s http://localhost:8501/api/module-N/solveโ
Step 6
Paste Results โ Debug โ Repeat
Developer pastes curl output โ Claude diagnoses and fixes โ re-test
โ Module N passes โ proceed to Module N+1 (back to Step 5)
โ Module N passes โ proceed to Module N+1 (back to Step 5)
More
modules?
modules?
YES
Back to Step 5 โ read that module's .adoc only then.
โ Step 5
DONE
All modules generated and passing โ
โ
โ
All Modules Generated & Tested
Lab Types Supported
| Lab Type | Config | Validation Pattern | Key Extravar |
|---|---|---|---|
| OCP Tenant | config: namespace | kubernetes.core.k8s_info in student namespace | student_ns, k8s_kubeconfig |
| OCP Dedicated | config: openshift-workloads | k8s admin + bastion bash script + oc --as developer | bastion_host, k8s_kubeconfig |
| RHEL VM + Bastion | config: cloud-vms-base | SSH via /app/.ssh/config to bastion + nodes | bastion_host, bastion_port |
| AAP | any | ansible.builtin.uri against AAP Controller API | aap_controller_url, aap_token |
What It Creates
runtime-automation/
โโโ module-01/
โ โโโ setup.yml # debug stub
โ โโโ solve.yml # creates resources / runs scripts
โ โโโ validation.yml # โ
/โ per-task output
โโโ module-02/
โ โโโ solve-module2.sh # bash script (if applicable)
โ โโโ validate-module2.sh # bash script (if applicable)
โ โโโ ...
Plus ui-config.yml snippet and AgV workload vars snippet.
Handling Existing Scripts
When developers already have bash scripts (like .sh or .sh.j2 from Ansible roles), the skill wraps them automatically:
Scripts in the showroom repo โ ansible.builtin.script (copies to bastion + runs):
- ansible.builtin.script:
executable: /bin/bash
cmd: "/solve-module1.sh"
Scripts already on the bastion โ ansible.builtin.shell (runs in-place):
- ansible.builtin.shell: /home/lab-user/scripts/solve-module1.sh
The skill reads the solve script content to generate a matching validation.yml automatically.
Tips: Getting the Most from This Skill
/renameyour session โ provisioning takes 15-60 min. Rename with/rename ZT grading โ my-laband resume anytime.oc loginas admin โ Claude can then inspect namespaces, check zt-runner SA, read pod logs directly.- Share bastion SSH upfront (RHEL labs) โ Claude SSHes to check runner logs and curl jobs without copy-paste.
- Paste failing job output โ Claude diagnoses and fixes inline.