From af0f8327d66f98a57e6fbf02ce8def3cb312a454 Mon Sep 17 00:00:00 2001 From: Claude Adjai Date: Tue, 23 Mar 2021 03:43:38 +0000 Subject: [PATCH 1/2] add playbook and template to deploy the machine config for unsupported registry --- ...-deploy-fix-unsuppoted-registry-config.yml | 64 +++++++++++++++ templates/registry.conf.j2 | 82 +++++++++++++++++++ templates/unsupported-operators-mc.yml.j2 | 25 ++++++ vars/registry.yml | 15 ++++ vars/vault.yml.example | 7 ++ 5 files changed, 193 insertions(+) create mode 100644 post-deploy-fix-unsuppoted-registry-config.yml create mode 100644 templates/registry.conf.j2 create mode 100644 templates/unsupported-operators-mc.yml.j2 create mode 100644 vars/registry.yml create mode 100644 vars/vault.yml.example diff --git a/post-deploy-fix-unsuppoted-registry-config.yml b/post-deploy-fix-unsuppoted-registry-config.yml new file mode 100644 index 0000000..16e28c4 --- /dev/null +++ b/post-deploy-fix-unsuppoted-registry-config.yml @@ -0,0 +1,64 @@ +- name: ' Konductor | Provision UPI Infra | post-deploy-fix-unsuppoted-registry-config.yml' + hosts: localhost + become: yes + vars_files: + - '../vars/vault.yml' + - '../vars/registry.yml' + vars: + ansible_python_interpreter: /usr/bin/python3 + module: "Fix-Unsupported-operators" + ansible_name_module: " Post Cluster Installation | {{ module }}" + pre_tasks: + - name: Authenticate with the API + command: > + {{ openshift_cli }} login \ + -u {{ ocp_cluster_user_user }} \ + -p {{ ocp_cluster_user_password }} \ + --insecure-skip-tls-verify=true {{ ocp_cluster_console_url }}:{{ ocp_cluster_console_port | d('6443', true) }} + register: login_out + + tasks: + - name: '{{ ansible_name_module }} | fix Unsupported Registry Configuration' + block: + - name: '{{ ansible_name_module }} | assert | Registry hostname is provided' + assert: + that: + - registry_host_fqdn is defined + - registry_host_fqdn != "" + msg: "The registry FQDN or endpoint is required. If the post is not 443 make you set registry_host_port as well" + + - name: '{{ ansible_name_module }} | set_fact |Fix registry port' + set_fact: + registry_host_port_fixed: "{{':' + registry_host_port if registry_host_port is defined and registry_host_port | int > 0 else '' }}" + + - name: '{{ ansible_name_module }} | template | Copy registry config to staging location' + template: + src: "templates/registry.conf.j2" + dest: "{{ staging_dir | d('/tmp', true) }}/registry.conf" + force: yes + register: registry_conf_copied + + - name: '{{ ansible_name_module }} | command:cat | Load registry_conf' + shell: cat {{ staging_dir | d('/tmp', true) }}/registry.conf + when: + - registry_conf_copied is defined + register: registry_conf_loaded + + - name: '{{ ansible_name_module }} | template | Copy unsupported config to staging location' + vars: + registry_conf_data: "{{ registry_conf_loaded.stdout }}" + template: + src: "templates/unsupported-operators-mc.yml.j2" + dest: "{{ staging_dir | d('/tmp', true) }}/unsupported-operators-mc.yml" + force: yes + when: + - registry_conf_loaded is defined + - registry_conf_loaded.rc is defined and registry_conf_loaded.rc == 0 + - registry_conf_loaded.stdout is defined and registry_conf_loaded.stdout != "" + register: uomc_copied + + - name: '{{ ansible_name_module }} | command:{{ openshift_cli }} apply | deploy unsupported config ' + command: > + {{ openshift_cli }} apply -f {{ staging_dir | d('/tmp', true) }}/unsupported-operators-mc.yml + register: uomc_deployed + diff --git a/templates/registry.conf.j2 b/templates/registry.conf.j2 new file mode 100644 index 0000000..277e092 --- /dev/null +++ b/templates/registry.conf.j2 @@ -0,0 +1,82 @@ +unqualified-search-registries = ["registry.access.redhat.com", "docker.io"] + +[[registry]] + prefix = "" + location = "quay.io/openshift-release-dev/ocp-release" + mirror-by-digest-only = false + + [[registry.mirror]] + location = "{{ registry_host_fqdn }}{{ registry_host_port_fixed }}/openshift-release-dev" + +[[registry]] + prefix = "" + location = "quay.io/openshift-release-dev/ocp-v4.0-art-dev" + mirror-by-digest-only = false + + [[registry.mirror]] + location = "{{ registry_host_fqdn }}{{ registry_host_port_fixed }}/openshift-release-dev" + +[[registry]] + prefix = "" + location = "registry.redhat.io" + mirror-by-digest-only = false + insecure = true + + [[registry.mirror]] + location = "{{ registry_host_fqdn }}{{ registry_host_port_fixed }}" + insecure = true + +[[registry]] + prefix = "" + location = "quay.io" + mirror-by-digest-only = false + insecure = true + + [[registry.mirror]] + location = "{{ registry_host_fqdn }}{{ registry_host_port_fixed }}" + insecure = true + +[[registry]] + prefix = "" + location = "docker.io" + mirror-by-digest-only = false + insecure = true + + [[registry.mirror]] + location = "{{ registry_host_fqdn }}{{ registry_host_port_fixed }}" + insecure = true + +[[registry]] + prefix = "" + location = "registry.connect.redhat.com" + mirror-by-digest-only = false + insecure = true + + [[registry.mirror]] + location = "{{ registry_host_fqdn }}{{ registry_host_port_fixed }}" + insecure = true + +[[registry]] + prefix = "" + location = "gcr.io" + mirror-by-digest-only = false + insecure = true + + [[registry.mirror]] + location = "{{ registry_host_fqdn }}{{ registry_host_port_fixed }}" + insecure = true + +[[registry]] + prefix = "" + location = "registry.access.redhat.com" + mirror-by-digest-only = false + insecure = true + + [[registry.mirror]] + location = "{{ registry_host_fqdn }}{{ registry_host_port_fixed }}" + insecure = true + +[[registry]] + prefix = "" + location = "{{ registry_host_fqdn }}{{ registry_host_port_fixed }}" + insecure = true diff --git a/templates/unsupported-operators-mc.yml.j2 b/templates/unsupported-operators-mc.yml.j2 new file mode 100644 index 0000000..06fd113 --- /dev/null +++ b/templates/unsupported-operators-mc.yml.j2 @@ -0,0 +1,25 @@ +apiVersion: machineconfiguration.openshift.io/v1 +kind: MachineConfig +metadata: + annotations: + labels: + machineconfiguration.openshift.io/role: worker + name: 99-zworker-container-registry-conf +spec: + config: + ignition: + version: {{ ignition_config_version | d('3.2.0') }} + storage: + files: + - contents: + source: data:text/plain;charset=utf-8;base64,{{ registry_conf_data | b64encode }} + verification: {} + filesystem: root + mode: 420 + overwrite: true + path: /etc/containers/registries.conf + extensions: null + fips: false + kernelArguments: null + kernelType: "" + osImageURL: "" diff --git a/vars/registry.yml b/vars/registry.yml new file mode 100644 index 0000000..ebf0a58 --- /dev/null +++ b/vars/registry.yml @@ -0,0 +1,15 @@ +--- + +openshift_cli: '/usr/bin/oc' +registry_host_fqdn: '{{ vault_registry_host_fqdn }}' +registry_host_port: '0' +ocp_cluster_user_user: '{{ vault_ocp_cluster_user_user }}' +ocp_cluster_user_password: '{{ vault_ocp_cluster_user_password }}' +ocp_cluster_console_url: '{{ vault_ocp_cluster_console_url }}' +ocp_cluster_console_port: '6443' +staging_dir: '/tmp' +ignition_config_version: '' + +##################################################################################################### +# End of user configurable variables +##################################################################################################### diff --git a/vars/vault.yml.example b/vars/vault.yml.example new file mode 100644 index 0000000..c14346a --- /dev/null +++ b/vars/vault.yml.example @@ -0,0 +1,7 @@ +### use this template as sample to create your vault file by populating the following variables +vault_registry_host_fqdn: '' + +### Variable for OCP cluster +vault_ocp_cluster_user_user: '' +vault_ocp_cluster_user_password: '' +vault_ocp_cluster_console_url: '' From 1ffb64c44cbf0b09766ace23f48925a826566698 Mon Sep 17 00:00:00 2001 From: Claude Adjai Date: Tue, 23 Mar 2021 05:33:38 +0000 Subject: [PATCH 2/2] add var for local repositories for operators and ocp images if applicable --- post-deploy-fix-unsuppoted-registry-config.yml | 4 +++- templates/registry.conf.j2 | 18 +++++++++--------- vars/registry.yml | 2 ++ 3 files changed, 14 insertions(+), 10 deletions(-) diff --git a/post-deploy-fix-unsuppoted-registry-config.yml b/post-deploy-fix-unsuppoted-registry-config.yml index 16e28c4..c177028 100644 --- a/post-deploy-fix-unsuppoted-registry-config.yml +++ b/post-deploy-fix-unsuppoted-registry-config.yml @@ -3,7 +3,7 @@ become: yes vars_files: - '../vars/vault.yml' - - '../vars/registry.yml' + - '../vars/disconnected_olm.yml' vars: ansible_python_interpreter: /usr/bin/python3 module: "Fix-Unsupported-operators" @@ -30,6 +30,8 @@ - name: '{{ ansible_name_module }} | set_fact |Fix registry port' set_fact: registry_host_port_fixed: "{{':' + registry_host_port if registry_host_port is defined and registry_host_port | int > 0 else '' }}" + registry_local_ocp_repository: "{{'/' + ocp_local_repository if ocp_local_repository is defined and ocp_local_repository != '' else '' }}" + registry_local_operator_repository: "{{'/' + local_repository if local_repository is defined and local_repository != '' else '' }}" - name: '{{ ansible_name_module }} | template | Copy registry config to staging location' template: diff --git a/templates/registry.conf.j2 b/templates/registry.conf.j2 index 277e092..ed7bf0c 100644 --- a/templates/registry.conf.j2 +++ b/templates/registry.conf.j2 @@ -6,7 +6,7 @@ unqualified-search-registries = ["registry.access.redhat.com", "docker.io"] mirror-by-digest-only = false [[registry.mirror]] - location = "{{ registry_host_fqdn }}{{ registry_host_port_fixed }}/openshift-release-dev" + location = "{{ registry_host_fqdn }}{{ registry_host_port_fixed }}{{ registry_local_ocp_repository }}/openshift-release-dev" [[registry]] prefix = "" @@ -14,7 +14,7 @@ unqualified-search-registries = ["registry.access.redhat.com", "docker.io"] mirror-by-digest-only = false [[registry.mirror]] - location = "{{ registry_host_fqdn }}{{ registry_host_port_fixed }}/openshift-release-dev" + location = "{{ registry_host_fqdn }}{{ registry_host_port_fixed }}{{ registry_local_ocp_repository }}/openshift-release-dev" [[registry]] prefix = "" @@ -23,7 +23,7 @@ unqualified-search-registries = ["registry.access.redhat.com", "docker.io"] insecure = true [[registry.mirror]] - location = "{{ registry_host_fqdn }}{{ registry_host_port_fixed }}" + location = "{{ registry_host_fqdn }}{{ registry_host_port_fixed }}{{ registry_local_operator_repository }}" insecure = true [[registry]] @@ -33,7 +33,7 @@ unqualified-search-registries = ["registry.access.redhat.com", "docker.io"] insecure = true [[registry.mirror]] - location = "{{ registry_host_fqdn }}{{ registry_host_port_fixed }}" + location = "{{ registry_host_fqdn }}{{ registry_host_port_fixed }}{{ registry_local_operator_repository }}" insecure = true [[registry]] @@ -43,7 +43,7 @@ unqualified-search-registries = ["registry.access.redhat.com", "docker.io"] insecure = true [[registry.mirror]] - location = "{{ registry_host_fqdn }}{{ registry_host_port_fixed }}" + location = "{{ registry_host_fqdn }}{{ registry_host_port_fixed }}{{ registry_local_operator_repository }}" insecure = true [[registry]] @@ -53,7 +53,7 @@ unqualified-search-registries = ["registry.access.redhat.com", "docker.io"] insecure = true [[registry.mirror]] - location = "{{ registry_host_fqdn }}{{ registry_host_port_fixed }}" + location = "{{ registry_host_fqdn }}{{ registry_host_port_fixed }}{{ registry_local_operator_repository }}" insecure = true [[registry]] @@ -63,7 +63,7 @@ unqualified-search-registries = ["registry.access.redhat.com", "docker.io"] insecure = true [[registry.mirror]] - location = "{{ registry_host_fqdn }}{{ registry_host_port_fixed }}" + location = "{{ registry_host_fqdn }}{{ registry_host_port_fixed }}{{ registry_local_operator_repository }}" insecure = true [[registry]] @@ -73,10 +73,10 @@ unqualified-search-registries = ["registry.access.redhat.com", "docker.io"] insecure = true [[registry.mirror]] - location = "{{ registry_host_fqdn }}{{ registry_host_port_fixed }}" + location = "{{ registry_host_fqdn }}{{ registry_host_port_fixed }}{{ registry_local_operator_repository }}" insecure = true [[registry]] prefix = "" - location = "{{ registry_host_fqdn }}{{ registry_host_port_fixed }}" + location = "{{ registry_host_fqdn }}{{ registry_host_port_fixed }}{{ registry_local_operator_repository }}" insecure = true diff --git a/vars/registry.yml b/vars/registry.yml index ebf0a58..abf6cfb 100644 --- a/vars/registry.yml +++ b/vars/registry.yml @@ -3,6 +3,8 @@ openshift_cli: '/usr/bin/oc' registry_host_fqdn: '{{ vault_registry_host_fqdn }}' registry_host_port: '0' +local_repository: '' ### used for local operator repo on registry +ocp_local_repository: '' ### used for local ocp repo on registry ocp_cluster_user_user: '{{ vault_ocp_cluster_user_user }}' ocp_cluster_user_password: '{{ vault_ocp_cluster_user_password }}' ocp_cluster_console_url: '{{ vault_ocp_cluster_console_url }}'