--- # Fixes the openshift-marketplace catalogs by recreating them from original images. # # IMPORTANT: Wherever this role is applied, there must be a files/pull-secret.yml! # # REQUIRED: # # ocp_maj OpenShift version (x.y; re catalogsource image) # # registry_server the server catalogs come from (vars/main.yml, used in # catalog_sources, but in pull secret check, too) # removed_sources the catalog sources we remove (vars/main.yml) # catalog_sources the catalog sources we recreate (vars/main.yml) # # OPTIONAL: # # kubeadmin_config kubeadmin (or other admin) credentials (tmp/kubeconfig-ocp4) # # These would usually come from inventory, and should point to a single # manifest and its CSV that we can use to verify catalog sources were created # and populated successfully: # # vrfy_cat catalog source # vrfy_pkg operator package name # vrfy_chn channel we look in # vrfy_csv csv we look for # # NOTE: Fixing existing subscriptions, patching their catalogs, changing CSVs, # etc., is performed by deploy-operators role. # # This is necessary immediately after lab create. - name: Wait for the marketplace-operator to be up kubernetes.core.k8s_info: kubeconfig: "{{ kubeadmin_config }}" validate_certs: no api_version: v1 kind: pod namespace: openshift-marketplace label_selectors: - name=marketplace-operator register: mktplc_pod until: - (mktplc_pod.resources | length) == 1 - mktplc_pod.resources[0].status.containerStatuses[0].ready retries: 30 delay: 10 - name: Make sure the course catalog is not there kubernetes.core.k8s: kubeconfig: "{{ kubeadmin_config }}" validate_certs: no api_version: operators.coreos.com/v1alpha1 kind: catalogsource namespace: openshift-marketplace name: "{{ item }}" state: absent loop: "{{ removed_sources }}" - name: Extract the pull-secret in openshift-config namespace kubernetes.core.k8s_info: kubeconfig: "{{ kubeadmin_config }}" validate_certs: no api_version: v1 kind: secret namespace: openshift-config name: pull-secret register: existing_pull_secret - name: Try to extract the credential for registry_server ansible.builtin.set_fact: regsvr_cred: | {{ existing_pull_secret.resources[0].data['.dockerconfigjson'] | b64decode | from_json | community.general.json_query('auths."' + registry_server + '".auth') }} - name: Make sure the pull secret will do for online sources if the existing one does not suffice kubernetes.core.k8s: kubeconfig: "{{ kubeadmin_config }}" validate_certs: no api_version: v1 kind: secret namespace: openshift-config name: pull-secret state: present definition: "{{ lookup('file', 'files/pull-secret.yml') | from_yaml }}" when: regsvr_cred is not defined or regsvr_cred == None or regsvr_cred == '' - name: Try to obtain cluster version if not set by ocp_maj block: - name: Read clusterversion/version kubernetes.core.k8s_info: kubeconfig: "{{ kubeadmin_config }}" validate_certs: no api_version: config.openshift.io/v1 kind: clusterversion name: version register: clusterversion - name: Store it as a fact ansible.builtin.set_fact: ocp_z: "{{ clusterversion.resources[0].status.desired.version }}" - name: Store the major version as well ansible.builtin.set_fact: ocp_maj: "{{ ocp_z | ansible.builtin.regex_replace('\\.\\d+$', '') }}" when: ocp_maj is not defined # TODO: switch to patch operatorhubs/cluster? - name: Ensure the standard catalog sources are there kubernetes.core.k8s: kubeconfig: "{{ kubeadmin_config }}" validate_certs: no api_version: operators.coreos.com/v1alpha1 kind: catalogsource namespace: openshift-marketplace name: "{{ item.name }}" state: present definition: spec: displayName: "{{ item.displ }}" image: "{{ item.image }}" publisher: "Red Hat" sourceType: "grpc" grpcPodConfig: extractContent: cacheDir: /tmp/cache catalogDir: /configs memoryTarget: 120Mi nodeSelector: kubernetes.io/os: linux node-role.kubernetes.io/master: "" priorityClassName: system-cluster-critical securityContextConfig: restricted tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 120 - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 120 loop: "{{ catalog_sources }}" loop_control: label: "{{ item.displ }}" - name: Wait for the catalogsources to be ready. kubernetes.core.k8s_info: kubeconfig: "{{ kubeadmin_config }}" validate_certs: no api_version: operators.coreos.com/v1alpha1 kind: catalogsource namespace: openshift-marketplace name: "{{ item.name }}" register: cat_stat until: - (cat_stat.resources | length) == 1 - cat_stat.resources[0].status is defined - cat_stat.resources[0].status.connectionState.lastObservedState == "READY" retries: 30 delay: 10 loop: "{{ catalog_sources }}" loop_control: label: "{{ item.displ }}" - name: Verify correct deployment block: - name: Wait for the operator packagemanifest to appear. kubernetes.core.k8s_info: kubeconfig: "{{ kubeadmin_config }}" validate_certs: no api_version: packages.operators.coreos.com/v1 kind: packagemanifest namespace: openshift-marketplace name: "{{ vrfy_pkg }}" register: vrfy_mft until: - (vrfy_mft.resources | length) == 1 - vrfy_mft.resources[0].status.catalogSource == vrfy_cat - vrfy_mft.resources[0].status.packageName == vrfy_pkg retries: 60 delay: 10 - ansible.builtin.assert: that: - vrfy_mft.resources is defined - (vrfy_mft.resources | length) > 0 - vrfy_mft.resources[0].status.catalogSource == vrfy_cat - 'vrfy_csv in (vrfy_mft.resources[0] | community.general.json_query("status.channels[?name==`" + vrfy_chn + "`].entries[*].name") | list)[0]' fail_msg: "ERROR: {{ vrfy_pkg }} package manifest not deployed correctly." success_msg: "OK: {{ vrfy_pkg }} package manifest configured correctly." when: - vrfy_cat is defined - vrfy_pkg is defined - vrfy_chn is defined - vrfy_csv is defined ...