rht
/
streams-bf-lab-materials


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201
							---
# Fixes the openshift-marketplace catalogs by recreating them from original images.
#
# IMPORTANT: Wherever this role is applied, there must be a files/pull-secret.yml!
#
# REQUIRED:
#
#   ocp_maj             OpenShift version (x.y; re catalogsource image)
#
#   registry_server     the server catalogs come from (vars/main.yml, used in
#                         catalog_sources, but in pull secret check, too)
#   removed_sources     the catalog sources we remove (vars/main.yml)
#   catalog_sources     the catalog sources we recreate (vars/main.yml)
#
# OPTIONAL:
#
#   kubeadmin_config    kubeadmin (or other admin) credentials (tmp/kubeconfig-ocp4)
#
# These would usually come from inventory, and should point to a single
# manifest and its CSV that we can use to verify catalog sources were created
# and populated successfully:
#
#   vrfy_cat     catalog source
#   vrfy_pkg     operator package name
#   vrfy_chn     channel we look in
#   vrfy_csv     csv we look for
#
# NOTE: Fixing existing subscriptions, patching their catalogs, changing CSVs,
#       etc., is performed by deploy-operators role.
#
# This is necessary immediately after lab create.
- name: Wait for the marketplace-operator to be up
  kubernetes.core.k8s_info:
    kubeconfig: "{{ kubeadmin_config }}"
    validate_certs: no
    api_version: v1
    kind: pod
    namespace: openshift-marketplace
    label_selectors:
      - name=marketplace-operator
  register: mktplc_pod
  until:
    - (mktplc_pod.resources | length) == 1
    - mktplc_pod.resources[0].status.containerStatuses[0].ready
  retries: 30
  delay: 10

- name: Make sure the course catalog is not there
  kubernetes.core.k8s:
    kubeconfig: "{{ kubeadmin_config }}"
    validate_certs: no
    api_version: operators.coreos.com/v1alpha1
    kind: catalogsource
    namespace: openshift-marketplace
    name: "{{ item }}"
    state: absent
  loop: "{{ removed_sources }}"

- name: Extract the pull-secret in openshift-config namespace
  kubernetes.core.k8s_info:
    kubeconfig: "{{ kubeadmin_config }}"
    validate_certs: no
    api_version: v1
    kind: secret
    namespace: openshift-config
    name: pull-secret
  register: existing_pull_secret

- name: Try to extract the credential for registry_server
  ansible.builtin.set_fact:
    regsvr_cred: |
      {{ existing_pull_secret.resources[0].data['.dockerconfigjson'] | b64decode | from_json |
          community.general.json_query('auths."' + registry_server + '".auth') }}

- name: Make sure the pull secret will do for online sources if the existing one does not suffice
  kubernetes.core.k8s:
    kubeconfig: "{{ kubeadmin_config }}"
    validate_certs: no
    api_version: v1
    kind: secret
    namespace: openshift-config
    name: pull-secret
    state: present
    definition: "{{ lookup('file', 'files/pull-secret.yml') | from_yaml }}"
  when: regsvr_cred is not defined or regsvr_cred == None or regsvr_cred == ''

- name: Try to obtain cluster version if not set by ocp_maj
  block:
    - name: Read clusterversion/version
      kubernetes.core.k8s_info:
        kubeconfig: "{{ kubeadmin_config }}"
        validate_certs: no
        api_version: config.openshift.io/v1
        kind: clusterversion
        name: version
      register: clusterversion

    - name: Store it as a fact
      ansible.builtin.set_fact:
        ocp_z: "{{ clusterversion.resources[0].status.desired.version }}"

    - name: Store the major version as well
      ansible.builtin.set_fact:
        ocp_maj: "{{ ocp_z | ansible.builtin.regex_replace('\\.\\d+$', '') }}"

  when: ocp_maj is not defined

# TODO: switch to patch operatorhubs/cluster?
- name: Ensure the standard catalog sources are there
  kubernetes.core.k8s:
    kubeconfig: "{{ kubeadmin_config }}"
    validate_certs: no
    api_version: operators.coreos.com/v1alpha1
    kind: catalogsource
    namespace: openshift-marketplace
    name: "{{ item.name }}"
    state: present
    definition:
      spec:
        displayName: "{{ item.displ }}"
        image: "{{ item.image }}"
        publisher: "Red Hat"
        sourceType: "grpc"
        grpcPodConfig:
          extractContent:
            cacheDir: /tmp/cache
            catalogDir: /configs
          memoryTarget: 120Mi
          nodeSelector:
            kubernetes.io/os: linux
            node-role.kubernetes.io/master: ""
          priorityClassName: system-cluster-critical
          securityContextConfig: restricted
          tolerations:
          - effect: NoSchedule
            key: node-role.kubernetes.io/master
            operator: Exists
          - effect: NoExecute
            key: node.kubernetes.io/unreachable
            operator: Exists
            tolerationSeconds: 120
          - effect: NoExecute
            key: node.kubernetes.io/not-ready
            operator: Exists
            tolerationSeconds: 120
  loop: "{{ catalog_sources }}"
  loop_control:
    label: "{{ item.displ }}"

- name: Wait for the catalogsources to be ready.
  kubernetes.core.k8s_info:
    kubeconfig: "{{ kubeadmin_config }}"
    validate_certs: no
    api_version: operators.coreos.com/v1alpha1
    kind: catalogsource
    namespace: openshift-marketplace
    name: "{{ item.name }}"
  register: cat_stat
  until:
    - (cat_stat.resources | length) == 1
    - cat_stat.resources[0].status is defined
    - cat_stat.resources[0].status.connectionState.lastObservedState == "READY"
  retries: 30
  delay: 10
  loop: "{{ catalog_sources }}"
  loop_control:
    label: "{{ item.displ }}"

- name: Verify correct deployment
  block:
    - name: Wait for the operator packagemanifest to appear.
      kubernetes.core.k8s_info:
        kubeconfig: "{{ kubeadmin_config }}"
        validate_certs: no
        api_version: packages.operators.coreos.com/v1
        kind: packagemanifest
        namespace: openshift-marketplace
        name: "{{ vrfy_pkg }}"
      register: vrfy_mft
      until:
        - (vrfy_mft.resources | length) == 1
        - vrfy_mft.resources[0].status.catalogSource == vrfy_cat
        - vrfy_mft.resources[0].status.packageName == vrfy_pkg
      retries: 60
      delay: 10

    - ansible.builtin.assert:
        that:
          - vrfy_mft.resources is defined
          - (vrfy_mft.resources | length) > 0
          - vrfy_mft.resources[0].status.catalogSource == vrfy_cat
          - 'vrfy_csv in (vrfy_mft.resources[0] | community.general.json_query("status.channels[?name==`" + vrfy_chn + "`].entries[*].name") | list)[0]'
        fail_msg: "ERROR: {{ vrfy_pkg }} package manifest not deployed correctly."
        success_msg: "OK: {{ vrfy_pkg }} package manifest configured correctly."

  when:
    - vrfy_cat is defined
    - vrfy_pkg is defined
    - vrfy_chn is defined
    - vrfy_csv is defined
...