Update hive-generate-config.sh

* Add additional bash script logging utilities
* Update default hive hash to latest
* Update hive-dev-install.sh
    * Simplify
    * Create hive secret completely in memory to remove writing of
      temporary pull secret to filesystem

* Check if util.sh has been already been sourced before attempting to source it.
    * Prevents failures caused by re-assigning readonly variables.

Correct Hive repository url
Update default hive image tag to use full commits (as used in the new
repo)

Author: s-fairchild

hack/hive/hive-dev-install.sh

@@ -3,109 +3,94 @@
 set -o errexit \
     -o nounset
 
-declare -r utils=hack/util.sh
-if [[ -f "$utils" ]]; then
-    # shellcheck source=../util.sh
-    source "$utils"
-fi
-
-HIVE_OPERATOR_NS="hive"
-KUBECTL="$(which kubectl 2> /dev/null || which oc 2> /dev/null)"
-
-if [[ ! -f go.mod ]] || [[ ! -d ".git" ]]; then
-	abort "this script must be run from the repo's root directory"
-fi
-
 main() {
-	log "enter hive installation"
-	local skip_deployments=${1:-"none"}
-
-	if [[ ! -f "./hack/hive/hive-config/hive-deployment.yaml" ]] || [[ ! -d "./hack/hive/hive-config/crds" ]]; then
-		log "hive config is missing, generating config, please rerun this script afterwards"
-		./hack/hive/hive-generate-config.sh
-		if [[ $? -ne 0 ]]; then
-			abort "error generating the hive configs"
-		fi
-	fi
+	info "starting"
 
-	if [[ -z "$PULL_SECRET" ]]; then
-		log "global pull secret variable required, please source ./env"
-		exit 1
+	if [ ! -f "$HIVE_CONFIG/hive-deployment.yaml" ] || [ ! -d "$HIVE_CONFIG/crds" ]; then
+        fatal "hive-config is incomplete. Regenerate by running hack/hive/hive-generate-config.sh"
 	fi
-	verify_tools
 
-	if [[ "$( $KUBECTL get namespace $HIVE_OPERATOR_NS -o yaml 2>/dev/null | wc -l )" -ne 0 ]]; then
-		log "hive is already installed in namespace $HIVE_OPERATOR_NS"
-		log "Reapplying the configs automatically"
-	else
-		$KUBECTL create namespace $HIVE_OPERATOR_NS
-	fi
+    kubectl="$(which kubectl 2> /dev/null)" \
+    || kubectl_install kubectl
+
+    info "Creating $HIVE_OPERATOR_NS"
+	$kubectl get namespace "$HIVE_OPERATOR_NS" > /dev/null 2>&1 || $kubectl create namespace "$HIVE_OPERATOR_NS"
+
+    info "Applying $HIVE_CONFIG/crds"
+	$kubectl apply -f "$HIVE_CONFIG/crds"
+
+	[ -z "$PULL_SECRET" ] && fatal "global pull secret variable required, please source ./env"
+    info "Generating and applying secret $HIVE_GLOBAL_PULL_SECRET_NAME"
+    kubectl create \
+            secret \
+            generic \
+            "$HIVE_GLOBAL_PULL_SECRET_NAME" \
+            --from-literal .dockerconfigjson="$PULL_SECRET" \
+            --type=kubernetes.io/dockerconfigjson \
+            --namespace="$HIVE_OPERATOR_NS" \
+            -o yaml \
+            --dry-run=client \
+    | $kubectl apply -f -
+
+	sed "s/HIVE_OPERATOR_NS/$HIVE_OPERATOR_NS/g" "$HIVE_CONFIG/hive-config.yaml" | $kubectl apply -f -
+	$kubectl apply -f "$HIVE_CONFIG/hive-additional-install-log-regexes.yaml"
+	$kubectl apply -f "$HIVE_CONFIG/hive-deployment.yaml"
+
+    # shellcheck disable=SC2329
+	kubectl_get() { $kubectl -n "$HIVE_OPERATOR_NS" get "$1"; }
+
+    info "Getting $HIVE_DEPLOYMENT_OPERATOR"
+    # Ensure the deployment exists before we wait on it
+    retry "kubectl_get $HIVE_DEPLOYMENT_OPERATOR" || fatal "$HIVE_DEPLOYMENT_CONTROLLERS failed to create."
+    info "Waiting for $HIVE_DEPLOYMENT_OPERATOR to become available."
+	$kubectl wait \
+        --timeout=5m \
+        --for=condition=Available \
+        --namespace \
+        "$HIVE_OPERATOR_NS" \
+        "$HIVE_DEPLOYMENT_OPERATOR"
+
+    info "Getting $HIVE_DEPLOYMENT_CONTROLLERS"
+    # Ensure the deployment exists before we wait on it
+    retry "kubectl_get $HIVE_DEPLOYMENT_CONTROLLERS" || fatal "$HIVE_DEPLOYMENT_CONTROLLERS failed to create."
+	info "Waiting for $HIVE_DEPLOYMENT_CONTROLLERS to be available..."
+	$kubectl wait \
+        --timeout=5m \
+        --for=condition=Available \
+        --namespace "$HIVE_OPERATOR_NS" \
+        "$HIVE_DEPLOYMENT_CONTROLLERS"
+}
 
-	log "Hive is ready to be installed"
-	$KUBECTL apply -f ./hack/hive/hive-config/crds
-	echo "$PULL_SECRET" > /tmp/.tmp-secret
-	# Using dry-run allows updates to work seamlessly
-	$KUBECTL create secret generic hive-global-pull-secret \
-        --from-file=.dockerconfigjson=/tmp/.tmp-secret \
-        --type=kubernetes.io/dockerconfigjson \
-        --namespace $HIVE_OPERATOR_NS \
-        -o yaml \
-        --dry-run=client \
-        | $KUBECTL apply -f - 2>/dev/null
-	rm -f /tmp/.tmp-secret
-
-	sed "s/HIVE_OPERATOR_NS/$HIVE_OPERATOR_NS/g" hack/hive/hive-config/hive-config.yaml | $KUBECTL apply -f -
-	$KUBECTL apply -f ./hack/hive/hive-config/hive-additional-install-log-regexes.yaml
-	$KUBECTL apply -f ./hack/hive/hive-config/hive-deployment.yaml
-
-	# Step added to wait for Hive readiness
-	$KUBECTL wait --timeout=5m --for=condition=Available --namespace $HIVE_OPERATOR_NS deployment/hive-operator
-
-	log "Hive is installed but to check Hive readiness use one of the following options to monitor the deployment rollout:
-        'kubectl wait --timeout=5m --for=condition=Available --namespace "$HIVE_OPERATOR_NS" deployment/hive-controllers' 
-        or 'kubectl wait --timeout=5m  --for=condition=Ready --namespace "$HIVE_OPERATOR_NS" pod --selector control-plane=clustersync'"
-
-	# Add retry loop to wait for hive-controllers deployment
-	local ATTEMPTS=0
-	local MAX_ATTEMPTS=6
-	local DELAY=10  # 10 seconds delay between each check
-
-	until $KUBECTL get deployment hive-controllers -n $HIVE_OPERATOR_NS || [ $ATTEMPTS -eq $MAX_ATTEMPTS ]; do
-		log "Waiting for hive-controllers deployment to be created... (Attempt: $ATTEMPTS)"
-		sleep $DELAY
-		ATTEMPTS=$((ATTEMPTS + 1))
-	done
-
-	if [ $ATTEMPTS -eq $MAX_ATTEMPTS ]; then
-		abort "hive-controllers deployment was not found after $MAX_ATTEMPTS attempts."
-	fi
+kubectl_install() {
+    local -n kubectl_bin="$1"
+    info "starting"
 
-	# Wait for hive-controllers readiness
-	log "Waiting for Hive controllers to be available..."
-	$KUBECTL wait --timeout=5m --for=condition=Available --namespace $HIVE_OPERATOR_NS deployment/hive-controllers
+    kubectl_stable_version="$(curl -L -s https://dl.k8s.io/release/stable.txt)"
+    kubectl_stable_url="https://dl.k8s.io/release/$kubectl_stable_version/bin/linux/amd64/kubectl"
 
-	exit 0
-}
+    info "Downloading $kubectl_stable_url"
+	curl -sLO \
+        --create-dirs \
+        --output-dir "$HOME/bin" \
+         \
+    || error "Failed to download $kubectl_stable_url"
 
-function download_tmp_kubectl() {
-	if ! curl -sLO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"; then
-		abort ": error downloading kubectl"
-	fi
-	chmod 755 kubectl
-	KUBECTL="$(pwd)/kubectl"
+    # shellcheck disable=SC2034
+    kubectl_bin="$HOME/bin/kubectl"
+	chmod 755 "$kubectl_bin" || fatal "failed to mark $kubectl_bin as executable."
 }
 
-function verify_tools() {
-	if [[ -n "$KUBECTL" ]]; then
-		return
-	fi
-	log "kubectl or oc not detected, downloading"
-	download_tmp_kubectl
-	log "done: downloading kubectl/oc was completed"
+# declare -r source_file_not_found_err="not found. Are you in the ARO-RP repository root?"
+declare -r source_file_not_found_err="not found. Are you in the ARO-RP repository root?"
 
-	if [[ "$( $KUBECTL get nodes 2>/dev/null | wc -l )" -eq 0 ]]; then
-		abort "unable to connect to the cluster"
-	fi
-}
+declare -r util_lib="hack/util.sh"
+[ -f "$util_lib" ] || "$(echo "$util_lib $source_file_not_found_err"; exit 1)"
+# shellcheck source=../util.sh
+[ "${__hack_util_sourced:-'false'}" == "false" ] || . "$util_lib"
+
+declare -r hive_env="hack/hive/hive.env"
+[ -f "$hive_env" ] || fatal "$hive_env $source_file_not_found_err"
+# shellcheck source=./hive.env
+[ "${__hive_env_sourced:-'false'}" == "false" ] || . "$hive_env"
 
 main "$@"

hack/hive/hive-generate-config.sh

@@ -4,62 +4,61 @@ set -o errexit \
     -o nounset
 
 main() {
+    local -r hive_commit_override="${1:-}"
+
+    # This is the commit sha that the image was built from and ensures we use the correct configs for the release
+    # Ensure it is the latest when testing pre production deployments
+    local -r default_commit="f48f47857f6a1dda25ad46957927ee6fe3afe1eb"
+    if [ -z "$hive_commit_override" ]; then
+        warn "Using default hive commit hash: $default_commit"
+        warn "Hive commit hashes can be found here: https://quay.io/repository/redhat-user-workloads/crt-redhat-acm-tenant/hive-operator/hive?tab=tags"
+    fi
+    local -r hive_image_commit_hash="${hive_commit_override:-$default_commit}"
+
+    info "Using hive commit: $hive_image_commit_hash"
+    # shellcheck disable=SC2034
+
     local -r tmpdir="$(mktemp -d)"
     # shellcheck disable=SC2064
     trap "cleanup $tmpdir" EXIT
 
-    # This is the commit sha that the image was built from and ensures we use the correct configs for the release
-    local -r default_commit="8796c4f534"
-    local -r hive_image_commit_hash="${1:-$default_commit}"
-    log "Using hive commit: $hive_image_commit_hash"
     # shellcheck disable=SC2034
-    local -r hive_operator_namespace="hive"
+    kustomize_bin="$(which kustomize 2> /dev/null)" \
+    || install_kustomize "$tmpdir" kustomize_bin
 
-    # shellcheck disable=SC2034
-    local -r hive_image="arointsvc.azurecr.io/redhat-services-prod/crt-redhat-acm-tenant/hive-operator/hive:${hive_image_commit_hash}"
+    hive_repo_clone "$tmpdir"
 
+    hive_repo_hash_checkout "$tmpdir" "$hive_image_commit_hash"
 
-    # shellcheck disable=SC2034
-    local kustomize_bin
-    install_kustomize tmpdir \
-                      kustomize_bin
-    hive_repo_clone tmpdir
-    hive_repo_hash_checkout tmpdir \
-                            "$hive_image_commit_hash"
+    local -r hive_image="arointsvc.azurecr.io/redhat-services-prod/crt-redhat-acm-tenant/hive-operator/hive:${hive_image_commit_hash}"
     generate_hive_config kustomize_bin \
-                         "$hive_operator_namespace" \
+                         "$HIVE_OPERATOR_NS" \
                          "$hive_image" \
-                         tmpdir
+                         "$tmpdir"
 
-    log "Hive config generated."
+    info "Hive config generated."
 }
 
 install_kustomize() {
-    local -n tmpd="$1"
+    local tmpd="$1"
     local -n kustomize="$2"
-    log "starting"
-
-    if kustomize="$(which kustomize 2> /dev/null)"; then
-        return 0
-    fi
+    info "starting"
 
     pushd "$tmpd" 1> /dev/null
 
     # This version is specified in the hive repo and is the only hard dependency for this script
     # https://github.com/openshift/hive/blob/master/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/kustomize.mk#L7
     local -r kustomize_version="4.1.3"
-    log "kustomize not detected, downloading..."
+    info "kustomize not detected, downloading..."
     if ! curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/kustomize/v${kustomize_version}/hack/install_kustomize.sh" | bash -s "$kustomize_version" "$tmpd" 1> /dev/null; then
-        abort "error downloading kustomize"
+        fatal "error downloading kustomize"
     fi
 
-    if [ ! -d "${HOME}/bin" ]; then
-        mkdir -p "${HOME}/bin"
-    fi
+    [ -d "${HOME}/bin" ] || mkdir -p "${HOME}/bin"
 
     kustomize_new="${tmpd}/kustomize"
     kustomize_dest="${HOME}/bin/kustomize"
-    log "Installing $kustomize_new into $kustomize_dest"
+    info "Installing $kustomize_new into $kustomize_dest"
     mv "$kustomize_new" "$kustomize_dest"
 
     popd 1> /dev/null
@@ -68,27 +67,26 @@ install_kustomize() {
 }
 
 hive_repo_clone() {
-    local -n tmpd="$1"
-    log "starting"
+    local tmpd="$1"
+    info "starting"
 
     local -r repo="https://github.com/openshift/hive.git"
-    log "Cloning $repo into $tmpd for config generation"
+    info "Cloning $repo into $tmpd"
     if ! git clone "$repo" "$tmpd"; then
-        log "error cloning the hive repo"
-        return 1
+        fatal "error cloning the hive repo"
     fi
 }
 
 hive_repo_hash_checkout() {
-    local -n tmpd="$1"
+    local tmpd="$1"
     local commit="$2"
-    log "starting"
-    log "Attempting to use commit: $commit"
+    info "starting"
+    info "Attempting to use commit: $commit"
 
     pushd "$tmpd" 1> /dev/null
-    git reset --hard "$commit"
-    if [ "$?" -ne 0 ] || [ "$( git rev-parse --short="${#commit}" HEAD )" != "$commit" ]; then
-        abort "error resetting the hive repo to the correct git hash '${commit}'"
+
+    if git reset --hard "$commit" && [ "$( git rev-parse --short="${#commit}" HEAD )" != "$commit" ]; then
+        fatal "error resetting the hive repo to the correct git hash '${commit}'"
     fi
 
     popd 1> /dev/null
@@ -99,36 +97,51 @@ generate_hive_config() {
     local -n kustomize="$1"
     local namespace="$2"
     local image="$3"
-    local -n tmpd="$4"
-    log "starting"
+    local tmpd="$4"
+    info "starting"
 
     pushd "$tmpd" 1> /dev/null
-    # Create the hive operator install config using kustomize
     mkdir -p overlays/deploy
+
+    debug "copying template kustomization.yaml"
     cp overlays/template/kustomization.yaml overlays/deploy
-    pushd overlays/deploy >& /dev/null
+    pushd overlays/deploy 1> /dev/null
+    debug "Setting hive image."
     $kustomize edit set image registry.ci.openshift.org/openshift/hive-v4.0:hive="$image"
     $kustomize edit set namespace "$namespace"
-    popd >& /dev/null
+    popd 1> /dev/null
 
+    info "Building hive deployment"
     $kustomize build overlays/deploy > hive-deployment.yaml
 
-    # return to the repo directory to copy the generated config from $TMPDIR
     popd 1> /dev/null
-    mv "$tmpd/hive-deployment.yaml" ./hack/hive/hive-config/
+    mv "$tmpd/hive-deployment.yaml" "$HIVE_CONFIG"
 
-    # ensure the hive deployment uses the pull secret
-    yq -i 'select(.kind == "ServiceAccount").imagePullSecrets = [{"name": "hive-global-pull-secret"}]' ./hack/hive/hive-config/hive-deployment.yaml
+    debug "Verifying hive deployment pull secret exists in deployment."
+    yq -i 'select(.kind == "ServiceAccount").imagePullSecrets = [{"name": "hive-global-pull-secret"}]' "$HIVE_CONFIG/hive-deployment.yaml"
 
-    if [ -d ./hack/hive/hive-config/crds ]; then
-        rm -rf ./hack/hive/hive-config/crds
+    crds_old="$HIVE_CONFIG/crds"
+    if [ -d "$crds_old" ]; then
+        info "Deleting $crds_old"
+        rm -rf "$HIVE_CONFIG/crds"
     fi
-    cp -R "$tmpd/config/crds" ./hack/hive/hive-config/
+
+    crds_new="$tmpd/config/crds"
+    info "Copying $crds_new into $HIVE_CONFIG"
+    cp -R "$crds_new" "$HIVE_CONFIG/"
 }
 
+# declare -r source_file_not_found_err="not found. Are you in the ARO-RP repository root?"
+declare -r source_file_not_found_err="not found. Are you in the ARO-RP repository root?"
+
 declare -r util_lib="hack/util.sh"
-[ -f "$util_lib" ] || "$(echo "$util_lib not found. Are you in the ARO-RP repository root?"; exit 1)"
+[ -f "$util_lib" ] || "$(echo "$util_lib $source_file_not_found_err"; exit 1)"
 # shellcheck source=../util.sh
-. "$util_lib"
+[ "${__hack_util_sourced:-'false'}" == "false" ] || . "$util_lib"
+
+declare -r hive_env="hack/hive/hive.env"
+[ -f "$hive_env" ] || fatal "$hive_env $source_file_not_found_err"
+# shellcheck source=./hive.env
+[ "${__hive_env_sourced:-'false'}" == "false" ] || . "$hive_env"
 
 main "$@"