fix: resolved bug for ocmirrorv2 from 4.19 (#412)

This PR will fix the oc mirror v2 from 4.19 for disconnected setups. 

## Validations

- [x] Successfully Installed 4.20 cluster using these changes

```
[root@ocpz-disconnected-bastion ~]# oc get clusterversion
NAME      VERSION   AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.20.4    True        False         23m     Error while reconciling 4.20.4: the cluster operator olm is not available
```

Note: This is verified for UPI installations. But not for ABI as of now.
It will be verified based on the requirement in the future.

---------

Signed-off-by: Kotakonda Sai Deekshith <[email protected]>
Co-authored-by: Veerabhadrarao Damisetti <[email protected]>

Author: ksdeekshith

docs/run-the-playbooks-for-disconnected.md

@@ -68,15 +68,15 @@ configurations are mentioned over here.
 ### Overview
 
 Mirror the ocp platform and other necessary images to the mirror registry. Please run this playbook before you run **6 Create Nodes Playbook** and after
-**0 Setup Playbook**.
+**5 Setup Bastion**.
 
 ### Outcomes
 
 * Download `oc` and `oc-mirror` to the mirror host.
 * Template the mirror pull secret to the mirror host.
 * Add the ca cert to the mirror host anchors if ca is not trusted.
 * Mirror the platform images using `oc adm release mirror` if legacy mirroring is enabled.
-* Template the image set to mirror host and then mirror it using `oc-mirror` plogin.
+* Template the image set to mirror host and then mirror it using `oc-mirror` plugin.
 * Copy the results on the `oc-mirror` to ansible controller to apply to cluster in future steps.
 
 ### Notes

docs/set-variables-group-vars.md

@@ -253,27 +253,33 @@
 :--- | :--- | :---
 **disconnected.enabled** | True or False, to enable disconnected mode | False
 **disconnected.registry.url** | String containing url of disconnected registry with or without port and without protocol | registry.tt.testing:5000
+**disconnected.registry.ip** | String containing ip of the registry, which will be used for resolving dns | `192.168.151.1`
 **disconnected.registry.pull_secret** | String containing pull secret of the disconnected registry to be applied on the *cluster*.  Make sure to enclose pull_secret in 'single quotes' and it has appropriate pull access. | '{"auths":{"registry.tt..testing:5000":{"auth":"b3Blb...4yQQ==","email":"[email protected]"}}}'
-**disconnected.registry.mirror_pull_ecret** | String containing pull secret to use for mirroring. Contains Red Hat secret and registry pull  secret. Make sure to enclose pull_secret in 'single quotes' and must be able to push to mirror registry. | '{"auths":{"cloud.openshift.com":{"auth":"b3Blb...4yQQ==","email":"[email protected]", "registry.tt..testing:5000":[email protected]"}}}'
+**disconnected.registry.mirror_pull_secret** | String containing pull secret to use for mirroring. Contains Red Hat secret and registry pull  secret. Make sure to enclose pull_secret in 'single quotes' and must be able to push to mirror registry. | '{"auths":{"cloud.openshift.com":{"auth":"b3Blb...4yQQ==","email":"[email protected]", "registry.tt..testing:5000":[email protected]"}}}'
 **disconnected.registry.ca_trusted** | True or False to indicate that mirror registry CA is implicitly trusted or needs to be made trusted on mirror host and cluster. | False
 **disconnected.registry.ca_cert** | Multiline string containing the mirror registry CA bundle | -----BEGIN CERTIFICATE-----MIIDqDCCApCgAwIBAgIULL+d1HTYsiP+8jeWnqBis3N4BskwDQYJKoZIhvcNAQEF...-----END CERTIFICATE-----
 **disconnected.mirroring.host.name** | String containing the hostname of the host, which will be used for mirroring | mirror-host-1
 **disconnected.mirroring.host.ip** | String containing ip of the host, which will be used for mirroring | 192.168.10.99
 **disconnected.mirroring.host.user** | String containing the username of the host, which will be used for mirroring | mirroruser
 **disconnected.mirroring.host.pass** | String containing the password of the host, which will be used for mirroring | mirrorpassword
 **disconnected.mirroring.file_server.clients_dir** | Directory path relative to the HTTP/FTP accessible directory on **env.file_server** where client binary tarballs are kept | clients
-**disconnected.mirroring.file_server.oc_mirror_tgz** | Name of oc-mirror tarball on **env.file_server** in **disconnected.mirroring.file_server.clients_dir** | oc-mirror.tar.gz
-**disconnected.mirroring.legacy.platform** | True or False if the platform should be mirrored using `oc adm release mirror`. | False
+**disconnected.mirroring.file_server.oc_mirror_tgz** | Name of oc-mirror tarball on **env.file_server** in **disconnected.mirroring.file_server.clients_dir**. This must be placed in your ftp server after downloading it yourself from https://console.redhat.com/openshift/downloads. | oc-mirror.tar.gz
+**disconnected.mirroring.client_download.ocp_download_url** | url to download the oc client | https://mirror.openshift.com/pub/openshift-v4/multi/clients/ocp/4.13.1/amd64/
+**disconnected.mirroring.client_download.ocp_client_tgz** | Name of oc-client tarball on **env.file_server**. This should match the binary name available in **disconnected.mirroring.client_download.ocp_download_url** | openshift-client-linux.tar.gz
+**disconnected.mirroring.legacy.platform** | True or False if the platform should be mirrored using `oc adm release mirror`. If **True** then platform is mirrored in the old way and install config will be patched with the imagecontentsourcepolicy | False (default)
 **disconnected.mirroring.legacy.ocp_quay_release_image_tag** | The tag of the release image *quay.io/openshift-release-dev/ocp-release* to mirror and use | 4.13.1-s390x
 **disconnected.mirroring.legacy.ocp_org** | The org part of the repo on the mirror registry where the release image will be pushed | ocp4
 **disconnected.mirroring.legacy.ocp_repo** | The repo part of the repo on the mirror registry where the release image will be pushed | openshift4
 **disconnected.mirroring.legacy.ocp_tag** | The tag part of the repo on the mirror registry where the release image will be pushed. Full image would be as below.: disconnected.registry.url/disconnected.mirroring.legacy.ocp_org/disconnected...ocp_repo:disconnected..ocp_tag | v4.13.1
-**disconnected.mirroring.oc_mirror.release_image_tag** | The ocp release image tag you want to install the cluster with. Used when legacy platform  mirroring is disabled and **disconnected.mirroring.oc_mirror.image_set** contains platform  entries. |  4.13.1-multi
 **disconnected.mirroring.oc_mirror.oc_mirror_args.continue_on_error** | True or False to give `--continue-on-error` flag to `oc-mirror` | False
 **disconnected.mirroring.oc_mirror.oc_mirror_args.source_skip_tls** | True or False to give `--source-skip-tls` flag to `oc-mirror` | False
 **disconnected.mirroring.oc_mirror.post_mirror.mapping.replace.enabled** | True or False to replace values in `mapping.txt` generated by oc-mirror.  This also does a manual repush of the images in `mapping.txt`. | False
 **disconnected.mirroring.oc_mirror.post_mirror.mapping.replace.list** | List of **regexp** and **replace** where every string/regular expression  gets replaced by corresponding *replace* value. | regexp: interal-url.com replace: external-url.com
+**disconnected.mirroring.oc_mirror.release_image_tag** | The ocp release image tag you want to install the cluster with. Used when legacy platform  mirroring is disabled and **disconnected.mirroring.oc_mirror.image_set** contains platform  entries. |  4.13.1-multi
+**disconnected.mirroring.oc_mirror.release_image_registry** | The Release Image registry like Brew Registry which stores the release images as mirror to **registry.redhat.io**. This will be mirror registry for release operator images|  `brew.registry.redhat.io`
 **disconnected.mirroring.oc_mirror.image_set** | YAML fields containing a standard `oc-mirror` [image set](https://docs.openshift.com/container-platform/latest/installing/disconnected_install/installing-mirroring-disconnected.html#oc-mirror-creating-image-set-config_installing-mirroring-disconnected) with some minor changes to schema.  Differences are documented as needed. Used to generate final image set. | see template
+**disconnected.mirroring.oc_mirror.image_set.apiVersion** | The API version of the `ImageSetConfiguration` content. | `mirror.openshift.io/v1alpha2`, `mirror.openshift.io/v2alpha1`
+**disconnected.mirroring.oc_mirror.image_set.storageConfig.enabled** | True or False to set whether oc-mirror is v1 or v2. As for v2 storageConfig flag is removed completely | `True` or `False`
 **disconnected.mirroring.oc_mirror.image_set.storageConfig.registry.enabled** | True or False to use registry storage backend for pushing mirrored content directly to the registry.  Currently only this backend is supported.| True
 **disconnected.mirroring.oc_mirror.image_set.storageConfig.registry.imageURL.org** | The org part of registry imageURL from standard image set. | mirror
 **disconnected.mirroring.oc_mirror.image_set.storageConfig.registry.imageURL.repo** | The repo part of registry imageURL from standard image set.  Final imageURL will be as below:  disconnected.registry.url/disconnected.mirroring.oc_mirror.image_set.storageConfig .registry.imageURL.org/disconnected...imageURL.repo | oc-mirror-metadata

inventories/default/group_vars/disconnected.yaml

@@ -1,71 +1,86 @@
 # Warning: currently, the oc-mirror plugin is officially downloadable to amd64 only.
+# Please refer to docs set-variables-group-vars.md for instructions on how to create this configuration file for disconnected.
 disconnected:
-  enabled: False
+  enabled: false
   registry:
     url: 'registry url'
-    pull_secret: '' # this is similar to env.redhat.pull_secret but it will only contain secrets to be applied to the cluster in disconnected mode.
-    mirror_pull_secret: '' # this should contain a pull secret that contains the combination of env.redhat.pull_secret and pull secret  with push access to mirror registry for mirroring
-    ca_trusted: False
+    ip: 'registry reachable ip'
+    pull_secret: ''
+    mirror_pull_secret: ''
+    ca_trusted: false
     ca_cert: |
       -----BEGIN CERTIFICATE-----
-      if ca_trusted is False, then this ca will be added to mirror host anchors as well as to the install config of cluster
+      if ca_trusted is False, then this ca will be added to mirror host anchors
+      as well as to the install config of cluster
       -----END CERTIFICATE-----
   mirroring:
-    host: # this is the host that can access the internet as well as the registry
+    # this is the host that can access the internet as well as the registry
+    host:
       name: hosname
       ip: x.x.x.x
       user: mirroruser # with become access
       pass: mirrorpassword
-    file_server: # in disconnected mode, the client binaries and rhcos will be put on env.file_server and then downloaded to the final destination from there. For now, its only oc-mirror. Rest of artifacts will be downloaded from urls
+    # In disconnected mode client binaries and RHCOS will be placed on the
+    # file server (env.file_server) and then downloaded to the final
+    # destination from there. Currently only oc-mirror is handled this way.
+    file_server:
       clients_dir: 'clients'
-      oc_mirror_tgz: 'oc-mirror.tar.gz' # name of oc-mirror plugin binary in clients_dir. should be a tar.gz file. You must place this in your ftp server after downloading it yourself from https://console.redhat.com/openshift/downloads for amd64 (or building it yourself if your mirror host is s390x)
-    client_download: # this will download oc binary to the mirror host for use on the mirror host for mirroring
+      oc_mirror_tgz: 'oc-mirror.tar.gz'
+    # this will download oc binary to the mirror host for use on the mirror host for mirroring
+    client_download:
       ocp_download_url: "https://mirror.openshift.com/pub/openshift-v4/multi/clients/ocp/4.13.1/amd64/"
-      ocp_client_tgz: 'openshift-client-linux.tar.gz' # name of the oc binary. Should be a tar.gz file
+      ocp_client_tgz: 'openshift-client-linux.tar.gz'
     legacy:
-      platform: False # if true then platform is mirrored in the old way and install config will be patched with the imagecontentsourcepolicy
+      platform: false
       ocp_quay_release_image_tag: '4.13.1-s390x'
       ocp_org: 'ocp4'
       ocp_repo: 'openshift4'
-      ocp_tag: 'v4.13.1' #  platform images will be pushed to {tegistry_url}/{ocp_org}/{ocp_repo}:{ocp_tag}
+      ocp_tag: 'v4.13.1' # platform images will be pushed to {registry_url}/{ocp_org}/{ocp_repo}:{ocp_tag}
     oc_mirror:
       oc_mirror_args:
-        continue_on_error: False
-        source_skip_tls: False
+        continue_on_error: false
+        source_skip_tls: false
       post_mirror:
         mapping:
           replace:
-            enabled: False
+            enabled: false
             list:
-            - regexp: what
-              replace: with
+              - regexp: what
+                replace: with
       release_image_tag: '4.13.1-multi'
-      image_set: # this field is a standard image set from oc-mirror documentation. The only exception is the storageConfig which is altered to allow substitution of disconnected.registry.url
+      release_image_registry: 'brew.registry.redhat.io'
+      image_set:
+      # this field is a standard image set from oc-mirror documentation.
+      # The only exception is the storageConfig which is altered to allow substitution of disconnected.registry.url
+        apiVersion: mirror.openshift.io/v2alpha1 # update the version with v2alpha1 for oc-mirror v2 plugin and v1alpha2 for v1 plugin
         storageConfig:
+          enable: false # enable this flag if oc-mirror v1 plugin is used since storageConfig is removed for v2 plugin
           registry:
-            enabled: True # use registry storage backend. Currently only method supproted
+            enabled: true # use registry storage backend. Currently only method supported
             imageURL: # the final value will be {imageURL: disconnected.registry.url/org/repo}
               org: mirror
               repo: oc-mirror-metadata
             skipTLS: false # standard field form oc-mirror schema
-        mirror: # this field is also atandard from the oc-mirror schema. It will be substituted as is into the final image set.
+        mirror: # this field is also standard from the oc-mirror schema. It will be substituted as is into the final image set.
           platform:
             architectures:
-            - multi # note: while image tags such as `multi-s390x` are also available on quay, we cannot mirror these, so list can only contain pure architecture names such as `s390x` or the multiarch `multi`
+              - multi
+              # Note: cannot mirror tags like multi-s390x; list must contain pure
+              # architecture names (e.g. s390x) or the multiarch token 'multi'.
             channels:
-            - name: stable-4.13
-              full: false
-              minVersion: 4.13.1
-              maxVersion: 4.13.1
+              - name: stable-4.13
+                full: false
+                minVersion: 4.13.1
+                maxVersion: 4.13.1
           operators:
             - catalog: registry.redhat.io/redhat/redhat-operator-index:v4.13
               full: false
               packages:
-              - name: serverless-operator
-                channels:
-                - name: stable
-                  #minVersion: '2.4.1-0'
-                  #maxVersion: '2.4.1-0'
+                - name: serverless-operator
+                  channels:
+                    - name: stable
+                      # minVersion: '2.4.1-0'
+                      # maxVersion: '2.4.1-0'
           additionalImages:
-          - name: registry.redhat.io/ubi8/ubi:latest
+            - name: registry.redhat.io/ubi8/ubi:latest
           helm: {}

roles/disconnected_check_vars/tasks/main.yaml

@@ -3,9 +3,10 @@
 - name: 'Check mandatory variables are defined for disconnected'
   block:
     - name: "check mandatory variables for disconnected are set"
-      assert:
+      ansible.builtin.assert:
         that:
           - disconnected.registry.url is defined and disconnected.registry.url != None
+          - disconnected.registry.ip is defined and disconnected.registry.ip != None
           - disconnected.registry.pull_secret is defined and disconnected.registry.pull_secret != None
           - disconnected.registry.mirror_pull_secret is defined and disconnected.registry.mirror_pull_secret != None
           - disconnected.mirroring.host.name is defined and disconnected.mirroring.host.name != None
@@ -16,4 +17,8 @@
           - disconnected.mirroring.file_server.oc_mirror_tgz is defined and disconnected.mirroring.file_server.oc_mirror_tgz != None
           - disconnected.mirroring.client_download.ocp_download_url is defined and disconnected.mirroring.client_download.ocp_download_url != None
           - disconnected.mirroring.client_download.ocp_client_tgz is defined and disconnected.mirroring.client_download.ocp_client_tgz != None
+          - disconnected.mirroring.oc_mirror.release_image_registry is defined and disconnected.mirroring.oc_mirror.release_image_registry != None
           - disconnected.mirroring.oc_mirror.image_set is defined and disconnected.mirroring.oc_mirror.image_set != None
+          - disconnected.mirroring.oc_mirror.image_set.apiVersion is defined and disconnected.mirroring.oc_mirror.image_set.apiVersion != None
+          - disconnected.mirroring.oc_mirror.image_set.storageConfig.registry.enabled is defined
+          - disconnected.mirroring.oc_mirror.image_set.storageConfig.registry.enabled != None