copy and adapt playbook and roles to current env

playbooks/ansible.cfg

@@ -0,0 +1,12 @@
+[defaults]
+# required to evade implicit conversion to string in k8s resource_definition
+jinja2_native = True
+inventory = ./inventory.yml
+remote_user = student
+ask_pass = no
+
+[privilege_escalation]
+become = no
+become_method = sudo
+become_askpass = no
+

playbooks/inventory.yml

@@ -0,0 +1,52 @@
+---
+# A simplistic inventory for the classroom VMs.
+all:
+  hosts:
+    workstation.lab.example.com:
+      ansible_connection: local
+    utility.lab.example.com:
+      ansible_user: lab
+    bastion.lab.example.com:
+      ansible_host: 172.25.250.254
+      ansible_user: root
+  vars:
+    # OpenShift versions.
+    ocp_maj: "4.16"
+    ocp_z: "4.16.2"
+
+    # Operators that need to be (re)installed.
+    #
+    # The first item in the list is also used for checking whether catalog(s)
+    # were recreated successfully.
+    added_operators:
+      - catalog: redhat-operators
+        package: metallb-operator
+        channel: stable
+        namespace: metallb-system
+        desired_csv: metallb-operator.v4.16.0-202410292005
+        og_namespaces: []
+
+    # Some cleanup here.
+    removed_operators:
+      - sub_nspc: openshift-cnv
+        sub_name: kubevirt-hyperconverged
+        csv_kill: yes
+        csv_name: kubevirt-hyperconverged-operator.v4.16.1
+        nsp_kill: yes
+        pre_cleanup:
+          - kind: hyperconverged
+            apiv: hco.kubevirt.io/v1beta1
+        add_cleanup:
+          - aaqs.aaq.kubevirt.io
+          - cdis.cdi.kubevirt.io
+          - hostpathprovisioners.hostpathprovisioner.kubevirt.io
+          - hyperconvergeds.hco.kubevirt.io
+          - kubevirts.kubevirt.io
+          - mtqs.mtq.kubevirt.io
+          - networkaddonsconfigs.networkaddonsoperator.network.kubevirt.io
+          - ssps.ssp.kubevirt.io
+
+    # The list of OpenShift clusters check-env will try to connect to.
+    clusters:
+      - ocp4
+...

playbooks/pre-flight.yml

@@ -0,0 +1,28 @@
+---
+- name: Pre-flight checks only.
+  hosts: workstation.lab.example.com
+  gather_subset: min
+  become: no
+  tasks:
+    - include_role:
+        name: check-env
+      tags: check
+    - include_role:
+        name: fix-operators
+      tags: fix
+    - include_role:
+        name: remove-operators
+      loop: "{{ removed_operators }}"
+      loop_control:
+        loop_var: role
+      tags: prep
+#    - include_role:
+#        name: deploy-operator
+#      tags: prep
+#    - include_role:
+#        name: install-labs
+#      tags: workstation
+#    - include_role:
+#        name: prep-workspace
+#      tags: workstation
+...

playbooks/roles/check-env/tasks/main.yml

@@ -0,0 +1,43 @@
+---
+# Variables affecting this role:
+#
+#  clusters:
+#   just a simple list of clusters to check
+#
+- name: Make sure kubeconfig is there on utility
+  delegate_to: utility.lab.example.com
+  file:
+    path: /home/lab/{{ item }}/auth/kubeconfig
+    state: file
+  loop: "{{ clusters }}"
+
+- name: Create a temp dir
+  file:
+    path: tmp
+    state: directory
+
+- name: Copy over the kubeconfig
+  delegate_to: utility.lab.example.com
+  fetch:
+    src: /home/lab/{{ item }}/auth/kubeconfig
+    dest: tmp/kubeconfig-{{ item }}
+    flat: yes
+  loop: "{{ clusters }}"
+
+- name: We need some packages to be there
+  become: yes
+  yum:
+    name:
+      - python3-jmespath
+      - python3.11-jmespath
+      - python3-kubernetes
+      - ansible-collection-ansible-posix
+      - ansible-collection-community-general
+    state: latest
+
+- name: Verify cluster connectivity
+  kubernetes.core.k8s_cluster_info:
+    kubeconfig: tmp/kubeconfig-{{ item }}
+    validate_certs: no
+  loop: "{{ clusters }}"
+...

playbooks/roles/fix-operators/tasks/main.yml

@@ -0,0 +1,119 @@
+---
+# Fixes the openshift-marketplace catalogs by recreating them from original images.
+#
+# These are coming from vars/main.yml:
+#
+#   removed_sources the catalog sources we remove
+#   catalog_sources the catalog sources we recreate
+#
+# The test to see whether catalog sources were recreated successfully uses the
+# first item in the added_operators variable which should come from inventory.
+#
+#   added_operators:
+#     catalog       catalog source
+#     package       operator package name
+#     channel       operator channel
+#     desired_csv   csv we look for
+#
+# This is necessary immediately after lab create.
+- name: Wait for the marketplace-operator to be up
+  k8s_info:
+    kubeconfig: tmp/kubeconfig-ocp4
+    validate_certs: no
+    api_version: v1
+    kind: pod
+    namespace: openshift-marketplace
+    label_selectors:
+      - name=marketplace-operator
+  register: mktplc_pod
+  until:
+    - (mktplc_pod.resources | length) == 1
+    - mktplc_pod.resources[0].status.containerStatuses[0].ready
+  retries: 30
+  delay: 10
+
+- name: Make sure the course catalog is not there
+  k8s:
+    kubeconfig: tmp/kubeconfig-ocp4
+    validate_certs: no
+    api_version: operators.coreos.com/v1alpha1
+    kind: catalogsource
+    namespace: openshift-marketplace
+    name: "{{ item }}"
+    state: absent
+  loop: "{{ removed_sources }}"
+
+- name: Make sure the pull secret will do for online sources
+  k8s:
+    kubeconfig: tmp/kubeconfig-ocp4
+    validate_certs: no
+    api_version: v1
+    kind: secret
+    namespace: openshift-config
+    name: pull-secret
+    state: present
+    definition: "{{ lookup('file', 'files/pull-secret.yml') | from_yaml }}"
+
+- name: Ensure the standard catalog sources are there
+  k8s:
+    kubeconfig: tmp/kubeconfig-ocp4
+    validate_certs: no
+    api_version: operators.coreos.com/v1alpha1
+    kind: catalogsource
+    namespace: openshift-marketplace
+    name: "{{ item.name }}"
+    state: present
+    definition:
+      spec:
+        displayName: "{{ item.displ }}"
+        image: "{{ item.image }}"
+        publisher: "Red Hat"
+        sourceType: "grpc"
+  loop: "{{ catalog_sources }}"
+  loop_control:
+    label: "{{ item.displ }}"
+
+- name: Wait for the catalogsources to be ready.
+  k8s_info:
+    kubeconfig: tmp/kubeconfig-ocp4
+    validate_certs: no
+    api_version: operators.coreos.com/v1alpha1
+    kind: catalogsource
+    namespace: openshift-marketplace
+    name: "{{ item.name }}"
+  register: cat_stat
+  until:
+    - (cat_stat.resources | length) == 1
+    - cat_stat.resources[0].status is defined
+    - cat_stat.resources[0].status.connectionState.lastObservedState == "READY"
+  retries: 30
+  delay: 10
+  loop: "{{ catalog_sources }}"
+  loop_control:
+    label: "{{ item.displ }}"
+
+- name: Wait for the operator packagemanifest to appear.
+  k8s_info:
+    kubeconfig: tmp/kubeconfig-ocp4
+    validate_certs: no
+    api_version: packages.operators.coreos.com/v1
+    kind: packagemanifest
+    namespace: openshift-marketplace
+    name: "{{ added_operators[0].package }}"
+  register: op_mft
+  until:
+    - (op_mft.resources | length) == 1
+    - op_mft.resources[0].status.catalogSource == added_operators[0].catalog
+    - op_mft.resources[0].status.packageName == added_operators[0].package
+  retries: 60
+  delay: 10
+
+- assert:
+    that:
+      - op_mft.resources is defined
+      - (op_mft.resources | length) > 0
+      - op_mft.resources[0].status.catalogSource == added_operators[0].catalog
+      - 'added_operators[0].desired_csv in (op_mft.resources[0] | community.general.json_query("status.channels[*].currentCSV") | list)'
+    fail_msg: "ERROR: {{ added_operators[0].package }} package manifest not deployed correctly."
+    success_msg: "OK: {{ added_operators[0].package }} package manifest configured correctly."
+...

playbooks/roles/fix-operators/vars/main.yml

@@ -0,0 +1,17 @@
+---
+removed_sources:
+  - do280-catalog
+  - do280-catalog-cs
+  - do288-catalog-cs
+  - do380-catalog-cs
+catalog_sources:
+  - name: redhat-operators
+    displ: Red Hat Operators
+    image: registry.redhat.io/redhat/redhat-operator-index:v{{ ocp_maj }}
+  - name: certified-operators
+    displ: Certified Operators
+    image: registry.redhat.io/redhat/certified-operator-index:v{{ ocp_maj }}
+  - name: community-operators
+    displ: Community Operators
+    image: registry.redhat.io/redhat/community-operator-index:v{{ ocp_maj }}
+...

playbooks/roles/remove-operators/tasks/main.yml

@@ -0,0 +1,71 @@
+---
+# Ensures all the operator artifacts are created and waits for CSV to succeed.
+#
+# The following variables must exist:
+#
+#   removed_operators:    a list of below dictionaries
+#     - sub_nspc          subscription namespace
+#       sub_name          subscription name
+#       csv_name          CSV name to check for
+#       pre_cleanup       pre-cleanup tasks, a list of rtypes to remove (ALL)
+#         - apiv
+#           kind
+#       add_cleanup       additional CRDs to remove post-uninstall, a list
+#
+# This role must then be applied as:
+#
+#   - include_role:
+#       name: remove-operators
+#     loop: "{{ removed_operators }}"
+#     loop_control:
+#       loop_var: role
+#
+# What this means is that each item of removed_operators is expected to be
+# placed in the "role" variable prior to iterating over this role.
+#
+- name: Remove any of the resources found
+  k8s:
+    kubeconfig: tmp/kubeconfig-ocp4
+    validate_certs: no
+    api_version: "{{ item.apiv }}"
+    kind: "{{ item.kind }}"
+    delete_all: true
+    state: absent
+  ignore_errors: yes
+  loop: "{{ role.pre_cleanup }}"
+  register: removed
+
+- name: Remove the subscription
+  k8s:
+    kubeconfig: tmp/kubeconfig-ocp4
+    validate_certs: no
+    api_version: operators.coreos.com/v1alpha1
+    kind: subscription
+    name: "{{ role.sub_name }}"
+    namespace: "{{ role.sub_nspc }}"
+    state: absent
+  ignore_errors: yes
+
+- name: Do post-cleanup
+  k8s:
+    kubeconfig: tmp/kubeconfig-ocp4
+    validate_certs: no
+    api_version: apiextensions.k8s.io/v1
+    kind: customresourcedefinition
+    name: "{{ item }}"
+    state: absent
+  ignore_errors: yes
+  loop: "{{ role.add_cleanup }}"
+
+- name: Remove the CSV as well, if so required
+  k8s:
+    kubeconfig: tmp/kubeconfig-ocp4
+    validate_certs: no
+    api_version: operators.coreos.com/v1alpha1
+    kind: clusterserviceversion
+    name: "{{ role.csv_name }}"
+    namespace: "{{ role.sub_nspc }}"
+    state: absent
+  ignore_errors: yes
+  when: role.csv_kill
+...