diff --git a/README.md b/README.md index 3738f9650..7e99f014b 100644 --- a/README.md +++ b/README.md @@ -53,7 +53,11 @@ This repository consists of additional ansible playbooks for the following: 1. Verify IPI day2 operations 1. Deploy Openshift Data Foundation operator 1. Enabling Kdump +<<<<<<< HEAD 1. Enable Topology Manager on Power +======= +1. Deploy Quay Operator +>>>>>>> 6699156 (ocp_quay) ## Assumptions: diff --git a/examples/all.yaml b/examples/all.yaml index 20a78b8d0..fff81d86f 100644 --- a/examples/all.yaml +++ b/examples/all.yaml @@ -556,6 +556,7 @@ update_channel: "" odf_catalogsource_image: "" #Example - quay.io/rhceph-dev/ocs-registry:4.16.3 test_pod_image: "quay.io/powercloud/nginx-unprivileged:latest" +<<<<<<< HEAD ## ocp-service-controller-function vars ocp-service: false @@ -570,3 +571,17 @@ restricted_cpuv2: "" none_cpuv1: "" none_cpuv2: "" +======= +# ocp-quay required vars +quay_enabled: false #set to true for quay operator installation +lso_index: "" # provide LSO index image +cluster_upi: true #set to true if using UPI cluster +quay_registry_namespace: "" #Nmaespace for quay-registry +quay_catalogsource_name: "" # CatalogSource Name +quay_catalogsource_image: "" # CatalogSource Image +quay_operator_channel : # Version of Quay to be installed +quay_registry_hostname: "" # Hostname for Quayconfig +volume_path: "/dev/disk/by-id/......" #Get the volume path using "ls /dev/disk/by-id/......" +odf_index: "" #Example - quay.io/rhceph-dev/ocs-registry:4.16.3 +odf_channel: #Define this to set subscription channel for ODF Operator +>>>>>>> 6699156 (ocp_quay) diff --git a/examples/ocp_quay_vars.yaml b/examples/ocp_quay_vars.yaml new file mode 100644 index 000000000..73f4b4508 --- /dev/null +++ b/examples/ocp_quay_vars.yaml @@ -0,0 +1,13 @@ +#ocp-quay vars + +quay_enabled: false #set to true for quay operator installation +lso_index: "" # provide LSO index image +cluster_upi: true #set to true if using UPI cluster +quay_registry_namespace: "" #Nmaespace for quay-registry +quay_catalogsource_name: "" # CatalogSource Name +quay_catalogsource_image: "" # CatalogSource Image +quay_operator_channel : # Version of Quay to be installed +quay_registry_hostname: "" # Hostname for Quayconfig +volume_path: "/dev/disk/by-id/......" #Get the volume path using "ls /dev/disk/by-id/......" +odf_index: "" #Example - quay.io/rhceph-dev/ocs-registry:4.16.3 +odf_channel: #Define this to set subscription channel for ODF Operator diff --git a/playbooks/main.yml b/playbooks/main.yml index cc57f8612..f614b6dda 100644 --- a/playbooks/main.yml +++ b/playbooks/main.yml @@ -166,3 +166,6 @@ - import_playbook: ocp-odf-operator.yml when: odf_enabled is defined and odf_enabled +- import_playbook: ocp-quay.yml + when: quay_enabled is defined and quay_enabled + diff --git a/playbooks/ocp-quay.yml b/playbooks/ocp-quay.yml new file mode 100644 index 000000000..7d34b4eea --- /dev/null +++ b/playbooks/ocp-quay.yml @@ -0,0 +1,5 @@ +--- +- name: Automate Quay operator in OpenShift + hosts: bastion + roles: + - ocp-quay \ No newline at end of file diff --git a/playbooks/roles/ocp-quay/README.md b/playbooks/roles/ocp-quay/README.md new file mode 100644 index 000000000..31a4647a2 --- /dev/null +++ b/playbooks/roles/ocp-quay/README.md @@ -0,0 +1,56 @@ + +Quay Automation +========= + +This playbook will: +- Install Quay operator +- Install LSO operator +- Install ODF operator + +Requirements +------------ + +- Access to the cluster as a user with the cluster-admin role +- The cluster is in a known good state, without any errors +- OCP secret with name ***podman-secret*** in the default namespace which is used for global secret update and has following keys: + ***username***, ***password*** and ***registry*** + + +Role Variables +-------------- +| Variable | Required | Default | Comments | +|--------------------------------|----------|-------------|------------------------------------------------| +| quay_enabled | no | false | Set it to true to run this playbook | +| quay_registry_namespace | no | "quay-registry" | Quay registry namespace | +| quay_catalogsource_name | no | | Quay Catalogsource Name | +| quay_catalogsource_image | no | | Quay Catalogsource Image | +| lso_index | no | " " | Index image for LSO operator | +| odf_index | no | " " | Index image for ODF operator | +| odf_channel | no | It uses default channel | It is used to set subscription channel for ODF Operator | +| cluster_upi | no | false | #set to true if using UPI cluster | +| volume_path | no | false | #Get the volume path using "ls /dev/disk/by-id/" | + +Dependencies +------------ + +- Import LSO role +- Import ODF role + +Example Playbook +---------------- + +``` + - name: Deploy Quay operator in OpenShift + include_role: + name: ocp-quay +``` + +License +------- + +See LICENCE.txt + +Author Information +------------------ + +yashansh.sharma@ibm.com diff --git a/playbooks/roles/ocp-quay/defaults/main.yaml b/playbooks/roles/ocp-quay/defaults/main.yaml new file mode 100644 index 000000000..cf9bc7a68 --- /dev/null +++ b/playbooks/roles/ocp-quay/defaults/main.yaml @@ -0,0 +1,13 @@ +#ocp-quay vars + +quay_enabled: false #set to true for quay operator installation +lso_index: "" # provide LSO index image +cluster_upi: true #set to true if using UPI cluster +quay_registry_namespace: "quay-registry" #Nmaespace for quay-registry +quay_catalogsource_name: "quay-catsrc-zyz" # CatalogSource Name +quay_catalogsource_image: "brew.registry.redhat.io/rh-osbs/iib:1009805" # CatalogSource Image +quay_operator_channel : # Version of Quay to be installed +quay_registry_hostname: "quay-registry.apps.xyz.ibm.com" # Hostname for Quayconfig +volume_path: "/dev/disk/by-id/......" #Get the volume path using "ls /dev/disk/by-id/......" +odf_index: "" #Example - quay.io/rhceph-dev/ocs-registry:4.16.3 +odf_channel: #Define this to set subscription channel for ODF Operator diff --git a/playbooks/roles/ocp-quay/files/quay-registry.yaml b/playbooks/roles/ocp-quay/files/quay-registry.yaml new file mode 100644 index 000000000..09ee6ad23 --- /dev/null +++ b/playbooks/roles/ocp-quay/files/quay-registry.yaml @@ -0,0 +1,35 @@ +apiVersion: quay.redhat.com/v1 +kind: QuayRegistry +metadata: + name: quayreg1 + namespace: quay-registry +spec: + configBundleSecret: config-bundle-secret + components: + - kind: clair + managed: true + - kind: quay + managed: true + - kind: postgres + managed: true + overrides: + env: + - name: DEBUGLOG + value: "true" + - kind: redis + managed: true + - kind: horizontalpodautoscaler + managed: true + - kind: objectstorage + managed: true + - kind: route + managed: true + - kind: mirror + managed: false + - kind: monitoring + managed: true + - kind: tls + managed: true + - kind: clairpostgres + managed: true + \ No newline at end of file diff --git a/playbooks/roles/ocp-quay/files/quayreg1.yaml b/playbooks/roles/ocp-quay/files/quayreg1.yaml new file mode 100644 index 000000000..c60d10230 --- /dev/null +++ b/playbooks/roles/ocp-quay/files/quayreg1.yaml @@ -0,0 +1,7 @@ +apiVersion: quay.redhat.com/v1 +kind: QuayRegistry +metadata: + name: quayreg1 + namespace: quay-registry +spec: + configBundleSecret: config-bundle-secret diff --git a/playbooks/roles/ocp-quay/tasks/main.yaml b/playbooks/roles/ocp-quay/tasks/main.yaml new file mode 100644 index 000000000..b41da77c2 --- /dev/null +++ b/playbooks/roles/ocp-quay/tasks/main.yaml @@ -0,0 +1,214 @@ + # check if Cluster Health is good +- name: Check if cluster operators and nodes are healthy + include_role: + name: check-cluster-health + +- name: Get worker names + command: oc get nodes -l node-role.kubernetes.io/worker --no-headers -o custom-columns=NAME:.metadata.name + register: worker_list + +- name: Save to worker list + set_fact: + worker: "{{ worker_list.stdout_lines }}" + +- name: Check if LSO (Local Storage Operator) is already installed + shell: | + oc get csv -n openshift-local-storage -o json | jq -r '.items[] | select(.metadata.name | test("local-storage-operator")) | .status.phase' + register: lso_csv_status + changed_when: false + failed_when: false + +- name: Set flag if LSO is installed + set_fact: + lso_install_req: "{{ lso_csv_status.stdout != 'Succeeded' }}" + +# Install LSO +- name: Install LSO - Local Storage operator + include_role: + name: ocp-lso + when: lso_install_req + vars: + lso_catalogsource_image: "{{ lso_index }}" + upi_cluster: "{{ cluster_upi }}" + device_path: "{{ volume_path }}" + lso_namespace: "openshift-local-storage" + lso_channel: "stable" + lso_catalogsource_name: "redhat-operators" + busybox_image: "quay.io/powercloud/busybox:ubi" + +- name: Check if ODF (OpenShift Data Foundation) is already installed + shell: | + oc get csv -n openshift-storage -o json | jq -r '.items[] | select(.metadata.name | test("odf-operator")) | .status.phase' + register: odf_csv_status + changed_when: false + failed_when: false + +- name: Set flag if ODF is installed + set_fact: + odf_install_req: "{{ odf_csv_status.stdout != 'Succeeded' }}" + +# ODF installation +- name: Install ODF - Openshift Data Foundation + include_role: + name: ocp-odf-operator + when: odf_install_req + vars: + odf_catalogsource_image: "{{ odf_index }}" + update_channel: "{{ odf_channel }}" + test_pod_image: "quay.io/powercloud/nginx-unprivileged:latest" + +# Creating Project for Quay +- name: Create quay-registry project + k8s: + state: present + definition: + apiVersion: v1 + kind: Namespace + metadata: + name: "{{ quay_registry_namespace }}" + annotations: + openshift.io/node-selector: 'node-role.kubernetes.io/infra=' + openshift.io/description: "Red Hat Quay Enterprise Container Image Repository" + openshift.io/display-name: "Quay" + scheduler.alpha.kubernetes.io/defaultTolerations: >- + [{"operator": "Exists", "effect": "NoSchedule", "key": "node-role.kubernetes.io/infra"}] + +- name: Switch to quay-registry project + command: oc project {{ quay_registry_namespace }} + +# Custom ImageContentSourcePolicy and CatalogSource +- name: Create ImageContentSourcePolicy and CatalogSource + block: + - name: Include the global-secret-update role + include_role: + name: global-secret-update + + - name: Include role to create ImageContentSourcePolicy and CatalogSource + include_role: + name: set-custom-catalogsource + vars: + custom_catalogsource_name: "{{ quay_catalogsource_name }}" + custom_catalogsource_display_name: "Custom Quay CatalogSource" + custom_catalogsource_image: "{{ quay_catalogsource_image }}" + when: quay_catalogsource_image is defined or quay_catalogsource_image != '' and quay_catalogsource_image != None + +- name: Use default CatalogSource if no custom image is provided + set_fact: + quay_catalogsource_name: "redhat-operators" + when: quay_catalogsource_image is undefined or quay_catalogsource_image == '' or quay_catalogsource_image == None + +- name: Check if Quay CatalogSource exists and is READY + shell: > + oc get catalogsource {{ quay_catalogsource_name }} -n openshift-marketplace -o jsonpath='{.status.connectionState.lastObservedState}' + register: quay_catsrc_check + retries: 10 + delay: 15 + until: quay_catsrc_check.rc == 0 + changed_when: false + failed_when: quay_catsrc_check.rc != 0 + +- name: Debug output for Quay CatalogSource check + debug: + msg: "Quay CatalogSource '{{ quay_catalogsource_name }}' is present and in Ready state." + +# Label and taint infra nodes +- name: Label and taint infra nodes + shell: | + oc label node {{ worker[0] }} node-role.kubernetes.io/infra= + oc adm taint nodes {{ worker[0] }} node-role.kubernetes.io/infra:NoSchedule --overwrite + oc label node {{ worker[1] }} node-role.kubernetes.io/infra= + oc adm taint nodes {{ worker[1] }} node-role.kubernetes.io/infra:NoSchedule --overwrite + args: + executable: /bin/bash + +- name: Create OperatorGroup for Quay + k8s: + state: present + definition: + apiVersion: operators.coreos.com/v1 + kind: OperatorGroup + metadata: + name: quay-operator-group + namespace: "{{ quay_registry_namespace }}" + spec: {} + +- name: Create Quay Operator Subscription + k8s: + state: present + definition: + apiVersion: operators.coreos.com/v1alpha1 + kind: Subscription + metadata: + name: quay-operator + namespace: "{{ quay_registry_namespace }}" + spec: + channel: "{{ quay_operator_channel }}" + name: quay-operator + source: "{{ quay_catalogsource_name }}" + sourceNamespace: openshift-marketplace + installPlanApproval: Automatic + +- name: Check if Quay Operator CSV is in 'Succeeded' phase + shell: | + oc get csv -n {{ quay_registry_namespace }} --no-headers | grep quay-operator | grep Succeeded + register: csv_status + retries: 10 + delay: 30 + until: csv_status.stdout != "" and csv_status.stderr == "" + failed_when: csv_status.rc != 0 + +- name: Debug Quay operator CSV status + debug: + msg: "Quay operator CSV has successfully reached 'Succeeded' state." + +- name: Generate config.yaml from template + template: + src: config.yaml.j2 + dest: /tmp/config.yaml + +# Create config-bundle-secret from existing config.yaml file +- name: Create config-bundle-secret from rendered config.yaml + shell: | + oc create secret generic config-bundle-secret \ + --from-file=config.yaml=/tmp/config.yaml \ + -n {{ quay_registry_namespace }} \ + --dry-run=client -o yaml | oc apply -f - + args: + executable: /bin/bash + +# Apply QuayRegistry CR from quay-registry.yaml +- name: Apply QuayRegistry CR from quay-registry.yaml + shell: oc apply -f quay-registry.yaml -n {{ quay_registry_namespace }} + args: + chdir: "{{ role_path }}/files" + register: create_quayregistry + +- name: Debug QuayRegistry creation output + debug: + var: create_quayregistry.stdout + +- name: Wait a bit for pods to be created + pause: + seconds: 30 + +- name: Wait until all pods are Running or Completed in {{ quay_registry_namespace }} + shell: | + set -eo pipefail + oc get pods -n {{ quay_registry_namespace }} -o json | \ + jq -r '.items[] | [.metadata.name, .status.phase, (.status.containerStatuses[0].ready // false)] | @tsv' | \ + awk ' + { + if ($2 != "Running" && $2 != "Succeeded") { + print "WAITING: Pod", $1, "is in phase", $2; + exit 1; + } + if ($2 == "Running" && $3 != "true") { + print "WAITING: Pod", $1, "is Running but not Ready"; + exit 1; + } + } + ' + register: quay_pods_check + retries: 40 # 10 minutes max wait + delay: 15 + until: quay_pods_check.rc == 0 diff --git a/playbooks/roles/ocp-quay/templates/config.yaml.j2 b/playbooks/roles/ocp-quay/templates/config.yaml.j2 new file mode 100644 index 000000000..3a81cc735 --- /dev/null +++ b/playbooks/roles/ocp-quay/templates/config.yaml.j2 @@ -0,0 +1,15 @@ +SERVER_HOSTNAME: {{ quay_registry_hostname }} +PREFERRED_URL_SCHEME: https +FEATURE_UI_V2: true +FEATURE_UI_V2_REPO_SETTINGS: true +FEATURE_AUTO_PRUNE: true +ROBOTS_DISALLOW: false +BROWSER_API_CALLS_XHR_ONLY: false +SUPER_USERS: + - quay +FEATURE_USER_INITIALIZE: true +FEATURE_QUOTA_MANAGEMENT: true +FEATURE_PROXY_CACHE: true +PERMANENTLY_DELETE_TAGS: true +RESET_CHILD_MANIFEST_EXPIRATION: true +FEATURE_REPO_MIRROR: true