Skip to content

[disconnected] Create hook to configure disconnected cluster #3814

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
drosenfe wants to merge 1 commit into
base: main
Choose a base branch
from
+196 −0
Draft

[disconnected] Create hook to configure disconnected cluster #3814

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
196 changes: 196 additions & 0 deletions hooks/playbooks/config_cluster_for_disconnected_deployment.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,196 @@
---
- name: Update cluster for disconnected deployment
hosts: "{{ cifmw_target_host | default('localhost') }}"
vars:
oc_mirror_download_url: "{{ cifmw_disconnected_mirror_url | default('https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/latest/oc-mirror.rhel9.tar.gz') }}"
mirror_registry_url: "{{ cifmw_disconnected_registry_url | default('https://mirror.openshift.com/pub/cgw/mirror-registry/latest/mirror-registry-amd64.tar.gz') }}"
openstack_namespace: "{{ cifmw_openstack_namespace | default('openstack') }}"
disconnect_working_dir: "{{ cifmw_disconnected_working_dir | default('/home/zuul/disconnect_working_dir') }}"
mirror_location: "{{ disconnect_working_dir }}/mirror_location"
local_registry: "{{ disconnect_working_dir }}/local_registry"
mirror_registry_password: "JbmsjFR0yf6SNxKhk185BOVX2Dv39T74"
tasks:
- name: Create disconnected working directories
ansible.builtin.file:
path: "{{ item }}"
state: directory
mode: '0777'
loop:
- "{{ disconnect_working_dir }}"
- "{{ mirror_location }}"
- "{{ local_registry }}"

- name: Download oc mirror image to controller
ansible.builtin.get_url:
url: "{{ oc_mirror_download_url }}"
dest: "{{disconnect_working_dir}}/oc-mirror.rhel9.tar.gz"
mode: '0644'

- name: Install oc mirror
ansible.builtin.shell: |
cmd: >-
tar xvf {{disconnect_working_dir}}/oc-mirror.rhel9.tar.gz -C {{disconnect_working_dir}} &&
chmod +x {{disconnect_working_dir}}/oc-mirror &&
sudo mv {{disconnect_working_dir}}/oc-mirror /usr/local/bin/.

- name: Create update service namespace
cifmw.general.ci_script:
output_dir: "{{ cifmw_basedir }}/artifacts"
script: |
oc apply -f - <<EOF
apiVersion: v1
kind: Namespace
metadata:
name: openshift-update-service
annotations:
openshift.io/node-selector: ""
labels:
openshift.io/cluster-monitoring: "true"
EOF

- name: Create update service operator group
cifmw.general.ci_script:
output_dir: "{{ cifmw_basedir }}/artifacts"
script: |
oc apply -f - <<EOF
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
name: update-service-operator-group
namespace: openshift-update-service
spec:
targetNamespaces:
- openshift-update-service
EOF

- name: Create subscription service
cifmw.general.ci_script:
output_dir: "{{ cifmw_basedir }}/artifacts"
script: |
oc apply -f - <<EOF
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
name: update-service-subscription
namespace: openshift-update-service
spec:
channel: v1
installPlanApproval: "Automatic"
source: "redhat-operators"
sourceNamespace: "openshift-marketplace"
name: "cincinnati-operator"
EOF

- name: Wait for update service operator to be installed
ansible.builtin.shell: |
cmd: >-
oc get crd | grep -i updateservice.operator.openshift.io
register: crd_out
until: "'updateservice.operator.openshift.io' in crd_out.stdout"
retries: 10
delay: 30

- name: Create Image Set yaml
ansible.builtin.shell: |
cmd: >-
cat <<EOF >{{ disconnect_working_dir }}/imageset-config-v2.yaml
kind: ImageSetConfiguration
apiVersion: mirror.openshift.io/v2alpha1
mirror:
operators:
- catalog: registry.redhat.io/redhat/redhat-operator-index:v4.18
packages:
- name: openstack-operator
- name: kubernetes-nmstate-operator
- name: openshift-cert-manager-operator
- name: metallb-operator
- name: local-storage-operator
- name: lvms-operator
- name: cluster-observability-operator
additionalImages:
- name: registry.redhat.io/ubi8/ubi:latest
- name: registry.redhat.io/ubi9/ubi@sha256:20f695d2a91352d4eaa25107535126727b5945bff38ed36a3e59590f495046f0
EOF

#To do need podman login here

- name: Mirror specified image set configuration to disk
ansible.builtin.shell: |
cmd: >-
oc mirror --v2 --config {{ disconnect_working_dir }}/imageset-config-v2.yaml file://{{ mirror_location }} >{{ disconnect_working_dir }}/mirror_images.log

- name: Download mirror registry to controller
ansible.builtin.get_url:
url: "{{ mirror_registry_url }}"
dest: "{{disconnect_working_dir}}/mirror-registry-amd64.tar.gz"
mode: '0644'

- name: Install mirror registry
ansible.builtin.shell: |
cmd: >-
tar xvf {{disconnect_working_dir}}/mirror-registry-amd64.tar.gz -C {{disconnect_working_dir}}
{{disconnect_working_dir}}/mirror-registry install --quayHostname controller-0.ocp.openstack.lab --quayRoot \
{{ local_registry }} --initPassword {{ mirror_registry_password }} >{{disconnect_working_dir}}/registry_install.log

- name: Configure system to trust mirror registry root ca
become: true
ansible.builtin.shell: |
cmd: >-
cp {{ local_registry }}/quay-rootCA/rootCA.pem /etc/pki/ca-trust/source/anchors/
update-ca-trust extract

- name: login to mirror registry
ansible.builtin.shell: |
cmd: >-
podman login -u init -p {{ mirror_registry_password }} controller-0.ocp.openstack.lab:8443

- name: Configure cluster to trust mirror registry root ca
ansible.builtin.shell: |
cmd: >-
oc create configmap registry-cas -n openshift-config --from-file=controller-0.ocp.openstack.lab..8443={{ local_registry }}/quay-rootCA/rootCA.pem
oc patch image.config.openshift.io/cluster --patch '{"spec":{"additionalTrustedCA":{"name":"registry-cas"}}}' --type=merge

- name: Get cluster's current pull secret
ansible.builtin.shell: |
cmd: >-
oc get secret {% raw %}pull-secret -n openshift-config -o template='{{index .data ".dockerconfigjson" | base64decode}}'{% endraw %} > {{ disconnect_working_dir }}/pull-secret.json

- name: Configure cluster to use pull secret from mirror registry
ansible.builtin.shell: |
cmd: >-
oc registry login --registry controller-0.ocp.openstack.lab:8443 --auth-basic=init:{{ mirror_registry_password }} --to={{ disconnect_working_dir }}/pull-secret.json
oc set data secret/pull-secret -n openshift-config --from-file=.dockerconfigjson={{ disconnect_working_dir }}/pull-secret.json

- name: Mirror contents of generated image set to target mirror registry
ansible.builtin.shell: |
cmd: >-
oc mirror --v2 --config {{ disconnect_working_dir }}/imageset-config-v2.yaml --from file://{{ mirror_location }} docker://controller-0.ocp.openstack.lab:8443 >{{ disconnect_working_dir }}/mirror_contents.log

- name: Disable catalog source
ansible.builtin.shell: |
cmd: >-
oc patch OperatorHub cluster --type json -p '[{"op": "add", "path": "/spec/disableAllDefaultSources", "value": true}]'

- name: Prepare catalog source for environment
ansible.builtin.shell: |
cmd: >-
sed -i s/cs-redhat-operator-index-v4-18/redhat-operators/g {{ mirror_location }}/working-dir/cluster-resources/cs-redhat-operator-index-v4-18.yaml

- name: Apply yaml files from results directory to cluster
ansible.builtin.shell: |
cmd: >-
oc apply -f {{ mirror_location }}/working-dir/cluster-resources

- name: Wait for mirrored operators to be available
ansible.builtin.shell: |
cmd: >-
oc get packagemanifests.packages.operators.coreos.com
register: packagemanifest_out
until: "'openstack-operator' and 'kubernetes-nmstate-operator' in packagemanifest_out.stdout"
retries: 10
delay: 30

- name: Wait until the OpenShift cluster is stable
ansible.builtin.command:
cmd: >-
oc adm wait-for-stable-cluster --minimum-stable-period=5s --timeout=30m
Loading