NP-1102: Support for Ansible playbook for offline migration

This commit runs migration to change CNI from OpenShiftSDN to OVNKubernetes using ipi-aws-ovn workflow.

It also runs rollback to change CNI from OVNKubernetes to OpenShiftSDN using ipi-aws-sdn worflow.

This commit also creates a new workflow called ipi-aws-sdn to test the rollback.

OWNERS and OWNERS_ALIASES file has been added in config and jobs folder present under ci-operator folder for merge process of the PR.

Author: miheer

ci-operator/config/openshift/ansible-ocp-networking-migration-rollback/OWNERS

@@ -0,0 +1,7 @@
+reviewers:
+  - core-reviewers
+approvers:
+  - core-approvers
+
+component: Networking
+subcomponent: cluster-network-operator

ci-operator/config/openshift/ansible-ocp-networking-migration-rollback/OWNERS_ALIASES

@@ -0,0 +1,21 @@
+aliases:
+  core-approvers:
+  - abhat
+  - danwinship
+  - dougbtv
+  - JacobTanenbaum
+  - jcaamano
+  - knobunc
+  - kyrtapz
+  - miheer
+  - trozet
+  core-reviewers:
+  - abhat
+  - danwinship
+  - dougbtv
+  - JacobTanenbaum
+  - jcaamano
+  - kyrtapz
+  - miheer
+  - trozet
+  - tssurya

ci-operator/config/openshift/ansible-ocp-networking-migration-rollback/openshift-ansible-ocp-networking-migration-rollback-main.yaml

@@ -0,0 +1,75 @@
+base_images:
+  ocp_4.19_cli:
+    name: "4.19"
+    namespace: ocp
+    tag: cli
+  ocp_builder_rhel-9-golang-1.23-openshift-4.19:
+    name: builder
+    namespace: ocp
+    tag: rhel-9-golang-1.23-openshift-4.19
+build_root:
+  from_repository: true
+images:
+- dockerfile_path: ci/Dockerfile
+  inputs:
+    ocp_4.19_cli:
+      as:
+      - registry.ci.openshift.org/ocp/4.19:cli
+    ocp_builder_rhel-9-golang-1.23-openshift-4.19:
+      as:
+      - registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.23-openshift-4.19
+  to: ansible-test-runner
+promotion:
+  to:
+  - name: "4.19"
+    namespace: ocp
+releases:
+  initial:
+    integration:
+      name: "4.19"
+      namespace: ocp
+  latest:
+    integration:
+      include_built_images: true
+      name: "4.19"
+      namespace: ocp
+resources:
+  '*':
+    requests:
+      cpu: 100m
+      memory: 200Mi
+tests:
+- as: migration
+  steps:
+    cluster_profile: aws
+    test:
+    - as: test-migration
+      cli: latest
+      commands: sh ci/test-integration.sh
+      dependencies:
+      - env: ANSIBLE_TEST_IMAGE
+        name: ansible-test-runner
+      from: src
+      resources:
+        requests:
+          cpu: 100m
+    workflow: ipi-aws-sdn
+- as: rollback
+  steps:
+    cluster_profile: aws
+    test:
+    - as: test-rollback
+      cli: latest
+      commands: sh ci/test-integration.sh
+      dependencies:
+      - env: ANSIBLE_TEST_IMAGE
+        name: ansible-test-runner
+      from: src
+      resources:
+        requests:
+          cpu: 100m
+    workflow: ipi-aws-ovn
+zz_generated_metadata:
+  branch: main
+  org: openshift
+  repo: ansible-ocp-networking-migration-rollback

ci-operator/jobs/openshift/ansible-ocp-networking-migration-rollback/OWNERS

@@ -0,0 +1,7 @@
+reviewers:
+  - core-reviewers
+approvers:
+  - core-approvers
+
+component: Networking
+subcomponent: cluster-network-operator

ci-operator/jobs/openshift/ansible-ocp-networking-migration-rollback/OWNERS_ALIASES

@@ -0,0 +1,21 @@
+aliases:
+  core-approvers:
+  - abhat
+  - danwinship
+  - dougbtv
+  - JacobTanenbaum
+  - jcaamano
+  - knobunc
+  - kyrtapz
+  - miheer
+  - trozet
+  core-reviewers:
+  - abhat
+  - danwinship
+  - dougbtv
+  - JacobTanenbaum
+  - jcaamano
+  - kyrtapz
+  - miheer
+  - trozet
+  - tssurya

ci-operator/jobs/openshift/ansible-ocp-networking-migration-rollback/openshift-ansible-ocp-networking-migration-rollback-main-postsubmits.yaml

@@ -0,0 +1,60 @@
+postsubmits:
+  openshift/ansible-ocp-networking-migration-rollback:
+  - agent: kubernetes
+    always_run: true
+    branches:
+    - ^main$
+    cluster: build03
+    decorate: true
+    labels:
+      ci-operator.openshift.io/is-promotion: "true"
+      ci.openshift.io/generator: prowgen
+    max_concurrency: 1
+    name: branch-ci-openshift-ansible-ocp-networking-migration-rollback-main-images
+    spec:
+      containers:
+      - args:
+        - --gcs-upload-secret=/secrets/gcs/service-account.json
+        - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson
+        - --image-mirror-push-secret=/etc/push-secret/.dockerconfigjson
+        - --promote
+        - --report-credentials-file=/etc/report/credentials
+        - --target=[images]
+        command:
+        - ci-operator
+        image: ci-operator:latest
+        imagePullPolicy: Always
+        name: ""
+        resources:
+          requests:
+            cpu: 10m
+        volumeMounts:
+        - mountPath: /secrets/gcs
+          name: gcs-credentials
+          readOnly: true
+        - mountPath: /secrets/manifest-tool
+          name: manifest-tool-local-pusher
+          readOnly: true
+        - mountPath: /etc/pull-secret
+          name: pull-secret
+          readOnly: true
+        - mountPath: /etc/push-secret
+          name: push-secret
+          readOnly: true
+        - mountPath: /etc/report
+          name: result-aggregator
+          readOnly: true
+      serviceAccountName: ci-operator
+      volumes:
+      - name: manifest-tool-local-pusher
+        secret:
+          secretName: manifest-tool-local-pusher
+      - name: pull-secret
+        secret:
+          secretName: registry-pull-credentials
+      - name: push-secret
+        secret:
+          secretName: registry-push-credentials-ci-central
+      - name: result-aggregator
+        secret:
+          secretName: result-aggregator

ci-operator/jobs/openshift/ansible-ocp-networking-migration-rollback/openshift-ansible-ocp-networking-migration-rollback-main-presubmits.yaml

@@ -0,0 +1,200 @@
+presubmits:
+  openshift/ansible-ocp-networking-migration-rollback:
+  - agent: kubernetes
+    always_run: true
+    branches:
+    - ^main$
+    - ^main-
+    cluster: build03
+    context: ci/prow/images
+    decorate: true
+    labels:
+      ci.openshift.io/generator: prowgen
+      pj-rehearse.openshift.io/can-be-rehearsed: "true"
+    name: pull-ci-openshift-ansible-ocp-networking-migration-rollback-main-images
+    rerun_command: /test images
+    spec:
+      containers:
+      - args:
+        - --gcs-upload-secret=/secrets/gcs/service-account.json
+        - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson
+        - --report-credentials-file=/etc/report/credentials
+        - --target=[images]
+        - --target=[release:latest]
+        command:
+        - ci-operator
+        image: ci-operator:latest
+        imagePullPolicy: Always
+        name: ""
+        resources:
+          requests:
+            cpu: 10m
+        volumeMounts:
+        - mountPath: /secrets/gcs
+          name: gcs-credentials
+          readOnly: true
+        - mountPath: /secrets/manifest-tool
+          name: manifest-tool-local-pusher
+          readOnly: true
+        - mountPath: /etc/pull-secret
+          name: pull-secret
+          readOnly: true
+        - mountPath: /etc/report
+          name: result-aggregator
+          readOnly: true
+      serviceAccountName: ci-operator
+      volumes:
+      - name: manifest-tool-local-pusher
+        secret:
+          secretName: manifest-tool-local-pusher
+      - name: pull-secret
+        secret:
+          secretName: registry-pull-credentials
+      - name: result-aggregator
+        secret:
+          secretName: result-aggregator
+    trigger: (?m)^/test( | .* )images,?($|\s.*)
+  - agent: kubernetes
+    always_run: true
+    branches:
+    - ^main$
+    - ^main-
+    cluster: build05
+    context: ci/prow/migration
+    decorate: true
+    labels:
+      ci-operator.openshift.io/cloud: aws
+      ci-operator.openshift.io/cloud-cluster-profile: aws
+      ci.openshift.io/generator: prowgen
+      pj-rehearse.openshift.io/can-be-rehearsed: "true"
+    name: pull-ci-openshift-ansible-ocp-networking-migration-rollback-main-migration
+    rerun_command: /test migration
+    spec:
+      containers:
+      - args:
+        - --gcs-upload-secret=/secrets/gcs/service-account.json
+        - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson
+        - --lease-server-credentials-file=/etc/boskos/credentials
+        - --report-credentials-file=/etc/report/credentials
+        - --secret-dir=/secrets/ci-pull-credentials
+        - --target=migration
+        command:
+        - ci-operator
+        image: ci-operator:latest
+        imagePullPolicy: Always
+        name: ""
+        resources:
+          requests:
+            cpu: 10m
+        volumeMounts:
+        - mountPath: /etc/boskos
+          name: boskos
+          readOnly: true
+        - mountPath: /secrets/ci-pull-credentials
+          name: ci-pull-credentials
+          readOnly: true
+        - mountPath: /secrets/gcs
+          name: gcs-credentials
+          readOnly: true
+        - mountPath: /secrets/manifest-tool
+          name: manifest-tool-local-pusher
+          readOnly: true
+        - mountPath: /etc/pull-secret
+          name: pull-secret
+          readOnly: true
+        - mountPath: /etc/report
+          name: result-aggregator
+          readOnly: true
+      serviceAccountName: ci-operator
+      volumes:
+      - name: boskos
+        secret:
+          items:
+          - key: credentials
+            path: credentials
+          secretName: boskos-credentials
+      - name: ci-pull-credentials
+        secret:
+          secretName: ci-pull-credentials
+      - name: manifest-tool-local-pusher
+        secret:
+          secretName: manifest-tool-local-pusher
+      - name: pull-secret
+        secret:
+          secretName: registry-pull-credentials
+      - name: result-aggregator
+        secret:
+          secretName: result-aggregator
+    trigger: (?m)^/test( | .* )migration,?($|\s.*)
+  - agent: kubernetes
+    always_run: true
+    branches:
+    - ^main$
+    - ^main-
+    cluster: build05
+    context: ci/prow/rollback
+    decorate: true
+    labels:
+      ci-operator.openshift.io/cloud: aws
+      ci-operator.openshift.io/cloud-cluster-profile: aws
+      ci.openshift.io/generator: prowgen
+      pj-rehearse.openshift.io/can-be-rehearsed: "true"
+    name: pull-ci-openshift-ansible-ocp-networking-migration-rollback-main-rollback
+    rerun_command: /test rollback
+    spec:
+      containers:
+      - args:
+        - --gcs-upload-secret=/secrets/gcs/service-account.json
+        - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson
+        - --lease-server-credentials-file=/etc/boskos/credentials
+        - --report-credentials-file=/etc/report/credentials
+        - --secret-dir=/secrets/ci-pull-credentials
+        - --target=rollback
+        command:
+        - ci-operator
+        image: ci-operator:latest
+        imagePullPolicy: Always
+        name: ""
+        resources:
+          requests:
+            cpu: 10m
+        volumeMounts:
+        - mountPath: /etc/boskos
+          name: boskos
+          readOnly: true
+        - mountPath: /secrets/ci-pull-credentials
+          name: ci-pull-credentials
+          readOnly: true
+        - mountPath: /secrets/gcs
+          name: gcs-credentials
+          readOnly: true
+        - mountPath: /secrets/manifest-tool
+          name: manifest-tool-local-pusher
+          readOnly: true
+        - mountPath: /etc/pull-secret
+          name: pull-secret
+          readOnly: true
+        - mountPath: /etc/report
+          name: result-aggregator
+          readOnly: true
+      serviceAccountName: ci-operator
+      volumes:
+      - name: boskos
+        secret:
+          items:
+          - key: credentials
+            path: credentials
+          secretName: boskos-credentials
+      - name: ci-pull-credentials
+        secret:
+          secretName: ci-pull-credentials
+      - name: manifest-tool-local-pusher
+        secret:
+          secretName: manifest-tool-local-pusher
+      - name: pull-secret
+        secret:
+          secretName: registry-pull-credentials
+      - name: result-aggregator
+        secret:
+          secretName: result-aggregator
+    trigger: (?m)^/test( | .* )rollback,?($|\s.*)