[DNM] Testing manual install plan.

openstack-k8s-operators · Jan 21, 2025 · 3e79a4c · 3e79a4c
1 parent 53adb63
commit 3e79a4c
Show file tree

Hide file tree

Showing 3 changed files with 110 additions and 0 deletions.
diff --git a/roles/ci_gen_kustomize_values/templates/common/edpm-nodeset-values/values.yaml.j2 b/roles/ci_gen_kustomize_values/templates/common/edpm-nodeset-values/values.yaml.j2
@@ -19,6 +19,9 @@ data:
   nodeset:
     ansible:
       ansibleUser: "zuul"
+      ansibleVarsFrom:
+        - secretRef:
+            name: redhat-registry
       ansibleVars:
         edpm_fips_mode: "{{ 'enabled' if cifmw_fips_enabled|default(false)|bool else 'check' }}"
         timesync_ntp_servers:

diff --git a/roles/kustomize_deploy/tasks/authenticate_registry.yml b/roles/kustomize_deploy/tasks/authenticate_registry.yml
@@ -0,0 +1,69 @@
+---
+- name: Retrieve .dockerconfigjson from OpenShift secret
+  environment:
+    KUBECONFIG: "{{ cifmw_openshift_kubeconfig }}"
+    PATH: "{{ cifmw_path }}"
+  ansible.builtin.shell: >-
+    oc get secret/pull-secret -n {{ oc_namespace }} -o json |
+    jq -r '.data[".dockerconfigjson"]' | base64 -d > /home/zuul/authfile.txt
+
+- name: Read username and password from PODMAN_LOGIN_FILE
+  ansible.builtin.shell: >-
+    read -r username password < /tmp/podman.txt
+    && echo {{ username }} {{ password }}
+  register: podman_login_creds
+
+- name: Log in to Podman with registry credentials
+  ansible.builtin.command: >-
+    podman login --authfile /home/zuul/authfile.txt
+    --username "{{ podman_login_creds.stdout.split()[0] }}"
+    --password "{{ podman_login_creds.stdout.split()[1] }}"
+    {{ registry_url }}
+
+- name: Update OpenShift secret with the new .dockerconfigjson
+  environment:
+    KUBECONFIG: "{{ cifmw_openshift_kubeconfig }}"
+    PATH: "{{ cifmw_path }}"
+  ansible.builtin.command: >-
+    oc set data secret/pull-secret -n openshift-config
+    --from-file=.dockerconfigjson=/home/zuul/authfile.txt
+
+- name: Read username and password and create Kubernetes secret
+  environment:
+    KUBECONFIG: "{{ cifmw_openshift_kubeconfig }}"
+    PATH: "{{ cifmw_path }}"
+  ansible.builtin.shell: |
+    read -r username password < /tmp/podman.txt
+    oc create secret generic redhat-registry \
+      --from-literal edpm_container_registry_logins="{\"registry.redhat.io\": {\"${username}\": \"${password}\"}}"
+  args:
+    executable: /bin/bash
+
+- name: Create ImageContentSourcePolicy YAML
+  ansible.builtin.copy:
+    dest: "/home/zuul/brew-registry-imageContentSourcePolicy.yaml"
+    content: |
+      apiVersion: operator.openshift.io/v1alpha1
+      kind: ImageContentSourcePolicy
+      metadata:
+        name: brew-registry
+      spec:
+        repositoryDigestMirrors:
+        - mirrors:
+          - brew.registry.redhat.io
+          source: registry.redhat.io
+        - mirrors:
+          - brew.registry.redhat.io
+          source: registry.stage.redhat.io
+        - mirrors:
+          - brew.registry.redhat.io
+          source: registry-proxy.engineering.redhat.com
+
+- name: Apply ImageContentSourcePolicy using oc
+  environment:
+    KUBECONFIG: "{{ cifmw_openshift_kubeconfig }}"
+    PATH: "{{ cifmw_path }}"
+  ansible.builtin.command: oc apply -f /home/zuul/brew-registry-imageContentSourcePolicy.yaml
+  args:
+    executable: /bin/bash
+
diff --git a/roles/kustomize_deploy/tasks/install_operators.yml b/roles/kustomize_deploy/tasks/install_operators.yml
@@ -64,6 +64,9 @@
     dest: "{{ cifmw_kustomize_deploy_olm_dest_file }}"
     mode: "0644"
 
+- name: Authenticate to private registry
+  ansible.builtin.include_tasks: authenticate_registry.yml
+
 - name: OLM resources
   when: not cifmw_kustomize_deploy_generate_crs_only
   block:
@@ -107,6 +110,41 @@
         - _cifmw_kustomize_deploy_olm_osp_operator_sub_out.resources | length == 1
         - (_cifmw_kustomize_deploy_olm_osp_operator_sub_out.resources | first)['status']['installPlanRef'] is defined
 
+    - name: Retrieve the latest InstallPlan name sorted by creation date
+      set_fact:
+        installplan_name: >-
+          {{
+            _cifmw_kustomize_deploy_olm_osp_operator_sub_out.resources
+            | selectattr('kind', 'equalto', 'Subscription')
+            | sort(attribute='metadata.creationTimestamp')
+            | map(attribute='status.installPlanRef.name')
+            | last
+          }}
+
+    - name: Display debug
+      ansible.builtin.debug:
+        msg: "{{ installplan_name }}"
+
+    - name: Accept the InstallPlan
+      kubernetes.core.k8s:
+        kubeconfig: "{{ cifmw_openshift_kubeconfig }}"
+        api_key: "{{ cifmw_openshift_token | default(omit)}}"
+        context: "{{ cifmw_openshift_context | default(omit) }}"
+        api_version: operators.coreos.com/v1alpha1
+        kind: InstallPlan
+        name: "{{ installplan_name }}"
+        namespace: "openstack-operators"
+        state: present
+        merge_type:
+          - merge
+        definition:
+          spec:
+            approved: true
+
+    - name: Display debug
+      ansible.builtin.debug:
+        msg: "========> INSTALLPLAN '{{ installplan_name }}' HAS BEEN APPROVED."
+
     - name: Wait for the openstack operators InstallPlan to be finished
       vars:
         _install_plan: >-