diff --git a/kvirt/cluster/openshift/__init__.py b/kvirt/cluster/openshift/__init__.py index 1e187dc3c..60a6d758b 100644 --- a/kvirt/cluster/openshift/__init__.py +++ b/kvirt/cluster/openshift/__init__.py @@ -21,13 +21,25 @@ from tempfile import TemporaryDirectory from time import sleep from urllib.request import urlopen, Request -from yaml import safe_dump, safe_load +from yaml import safe_dump, safe_load, safe_load_all, safe_dump_all virt_providers = ['kvm', 'kubevirt', 'openstack', 'ovirt', 'proxmox', 'vsphere'] cloud_providers = ['aws', 'azure', 'gcp', 'ibm', 'hcloud'] +def patch_oc_mirror(clusterdir): + for _fic in [f'{clusterdir}/idms-oc-mirror.yaml', f'{clusterdir}/itms-oc-mirror.yaml']: + if not os.path.exists(_fic): + continue + entries = [] + for document in safe_load_all(open(_fic)): + if 'release' not in document['metadata']['name']: + entries.append(document) + with open(_fic, 'w') as f: + safe_dump_all(entries, f, default_flow_style=False, encoding='utf-8', allow_unicode=True) + + def aws_credentials(config): if os.path.exists(os.path.expanduser('~/.aws/credentials')): return @@ -140,8 +152,8 @@ def update_disconnected_registry(config, plandir, cluster, data): shell=True) pprint("Updating disconnected registry") synccmd = f"oc adm release mirror -a {pull_secret_path} --from={get_release_image()} " - synccmd += f"--to-release-image={disconnected_url}/openshift/release-images:{tag}-{arch} " - synccmd += f"--to={disconnected_url}/openshift/release" + synccmd += f"--to-release-image={disconnected_url}/openshift/release-dev/ocp-release:{tag}-{arch} " + synccmd += f"--to={disconnected_url}/openshift-release-dev/ocp-release" pprint(f"Running {synccmd}") call(synccmd, shell=True) extra_releases = data.get('disconnected_extra_releases', []) @@ -150,8 +162,8 @@ def update_disconnected_registry(config, plandir, cluster, data): for extra_release in extra_releases: tag_and_arch = re.search(r":(.+)$", extra_release).group(1) synccmd = f"oc adm release mirror -a {pull_secret_path} --from={extra_release} " - synccmd += f"--to-release-image={disconnected_url}/openshift/release-images:{tag_and_arch} " - synccmd += f"--to={disconnected_url}/openshift/release" + synccmd += f"--to-release-image={disconnected_url}/openshift-release-dev/ocp-release:{tag_and_arch} " + synccmd += f"--to={disconnected_url}/openshift-release-dev/ocp-release" pprint(f"Running {synccmd}") call(synccmd, shell=True) if which('oc-mirror') is None: @@ -793,13 +805,13 @@ def create(config, plandir, cluster, overrides, dnsconfig=None): disconnected_update = data['disconnected_update'] disconnected_reuse = data['disconnected_reuse'] disconnected_operators = data['disconnected_operators'] - disconnected_certified_operators = data['disconnected_certified_operators'] - disconnected_community_operators = data['disconnected_community_operators'] - disconnected_marketplace_operators = data['disconnected_marketplace_operators'] + certified_operators = data['disconnected_certified_operators'] + community_operators = data['disconnected_community_operators'] + marketplace_operators = data['disconnected_marketplace_operators'] disconnected_url = data['disconnected_url'] disconnected_user = data['disconnected_user'] disconnected_password = data['disconnected_password'] - operators = len(disconnected_operators + disconnected_certified_operators + disconnected_marketplace_operators) > 0 + operators = disconnected_operators + community_operators + certified_operators + marketplace_operators disconnected = data['disconnected'] disconnected_vm = data['disconnected_vm'] or (disconnected_url is None and (disconnected or operators)) ipsec = data['ipsec'] @@ -829,6 +841,12 @@ def create(config, plandir, cluster, overrides, dnsconfig=None): if str(tag) == '4.1': tag = '4.10' data['tag'] = tag + if '0-ec.' in str(tag): + version = 'dev-preview' + data['version'] = version + elif float(tag) > float(OPENSHIFT_TAG): + version = 'ci' + data['version'] = version if os.path.exists('coreos-installer'): pprint("Removing old coreos-installer") os.remove('coreos-installer') @@ -1010,10 +1028,8 @@ def create(config, plandir, cluster, overrides, dnsconfig=None): update_pull_secret(pull_secret, disconnected_url, disconnected_user, disconnected_password) data['ori_tag'] = tag if '/' not in str(tag): - tag = f'{disconnected_url}/openshift/release-images:{tag}-{arch}' + tag = f'{disconnected_url}/openshift-release-dev/ocp-release:{tag}-{arch}' os.environ['OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE'] = tag - pprint(f"Setting OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE to {tag}") - data['openshift_release_image'] = tag if 'ca' not in data and 'quay.io' not in disconnected_url: pprint(f"Trying to gather registry ca cert from {disconnected_url}") cacmd = f"openssl s_client -showcerts -connect {disconnected_url} /dev/null|" @@ -1103,9 +1119,7 @@ def create(config, plandir, cluster, overrides, dnsconfig=None): disconnected_overrides = data.copy() disconnected_overrides['kube'] = f"{cluster}-reuse" if disconnected_reuse else cluster disconnected_overrides['openshift_version'] = INSTALLER_VERSION - disconnected_overrides['disconnected_operators_version'] = 'v' + '.'.join(INSTALLER_VERSION.split('.')[:-1]) - disconnected_overrides['openshift_release_image'] = get_release_image() - data['openshift_release_image'] = disconnected_overrides['openshift_release_image'] + disconnected_overrides['disconnected_operators_version'] = f"4.{INSTALLER_VERSION.split('.')[1]}" x_apps = ['users', 'autolabeller', 'metal3', 'nfs'] disconnected_operators_2 = [o['name'] for o in disconnected_operators if isinstance(o, dict) and 'name' in o] for app in apps: @@ -1143,47 +1157,12 @@ def create(config, plandir, cluster, overrides, dnsconfig=None): tunnelhost=config.tunnelhost, tunnelport=config.tunnelport, tunneluser=config.tunneluser, insecure=True, cmd=versioncmd, vmport=disconnected_vmport) disconnected_version = os.popen(versioncmd).read().strip() - if disconnected_operators or disconnected_certified_operators or disconnected_community_operators or\ - disconnected_marketplace_operators: - source = "/root/imageContentSourcePolicy.yaml" - destination = f"{clusterdir}/imageContentSourcePolicy.yaml" - scpcmd = scp(disconnected_vm, ip=disconnected_ip, user='root', source=source, - destination=destination, tunnel=config.tunnel, tunnelhost=config.tunnelhost, - tunnelport=config.tunnelport, tunneluser=config.tunneluser, download=True, insecure=True, - vmport=disconnected_vmport) - os.system(scpcmd) - if disconnected_operators: - source = "/root/catalogSource-cs-redhat-operator-index.yaml" - destination = f"{clusterdir}/catalogSource-redhat.yaml" - scpcmd = scp(disconnected_vm, ip=disconnected_ip, user='root', source=source, - destination=destination, tunnel=config.tunnel, tunnelhost=config.tunnelhost, - tunnelport=config.tunnelport, tunneluser=config.tunneluser, download=True, insecure=True, - vmport=disconnected_vmport) - os.system(scpcmd) - if disconnected_certified_operators: - source = "/root/catalogSource-certified-operator-index.yaml" - destination = f"{clusterdir}/catalogSource-certified.yaml" - scpcmd = scp(disconnected_vm, ip=disconnected_ip, user='root', source=source, - destination=destination, tunnel=config.tunnel, tunnelhost=config.tunnelhost, - tunnelport=config.tunnelport, tunneluser=config.tunneluser, download=True, insecure=True, - vmport=disconnected_vmport) - os.system(scpcmd) - if disconnected_community_operators: - source = "/root/catalogSource-community-operator-index.yaml" - destination = f"{clusterdir}/catalogSource-community.yaml" - scpcmd = scp(disconnected_vm, ip=disconnected_ip, user='root', source=source, - destination=destination, tunnel=config.tunnel, tunnelhost=config.tunnelhost, - tunnelport=config.tunnelport, tunneluser=config.tunneluser, download=True, insecure=True, - vmport=disconnected_vmport) - os.system(scpcmd) - if disconnected_marketplace_operators: - source = "/root/catalogSource-redhat-marketplace-index.yaml" - destination = f"{clusterdir}/catalogSource-marketplace.yaml" - scpcmd = scp(disconnected_vm, ip=disconnected_ip, user='root', source=source, - destination=destination, tunnel=config.tunnel, tunnelhost=config.tunnelhost, - tunnelport=config.tunnelport, tunneluser=config.tunneluser, download=True, insecure=True, - vmport=disconnected_vmport) + for source in ["'cs-*.yaml'", "'i*oc-mirror.yaml'"]: + scpcmd = scp(disconnected_vm, ip=disconnected_ip, user='root', source=source, destination=clusterdir, + tunnel=config.tunnel, tunnelhost=config.tunnelhost, tunnelport=config.tunnelport, + tunneluser=config.tunneluser, download=True, insecure=True, vmport=disconnected_vmport) os.system(scpcmd) + patch_oc_mirror(clusterdir) os.environ['OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE'] = disconnected_version pprint(f"Setting OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE to {disconnected_version}") data['pull_secret_path'] = pull_secret @@ -1266,7 +1245,7 @@ def create(config, plandir, cluster, overrides, dnsconfig=None): for yamlfile in glob(f"{clusterdir}/*.yaml"): if os.stat(yamlfile).st_size == 0: warning(f"Skipping empty file {yamlfile}") - elif 'catalogSource' in yamlfile or 'imageContentSourcePolicy' in yamlfile: + elif yamlfile.startswith(f'{clusterdir}/cs-') or 'oc-mirror' in yamlfile: copy2(yamlfile, f"{clusterdir}/openshift") network_type = data['network_type'] if network_type == 'Calico': diff --git a/kvirt/cluster/openshift/disconnected.yml b/kvirt/cluster/openshift/disconnected.yml index 30f1932fb..cb29aeafb 100644 --- a/kvirt/cluster/openshift/disconnected.yml +++ b/kvirt/cluster/openshift/disconnected.yml @@ -32,5 +32,7 @@ {% endif %} - path: /root/haproxy.cfg origin: disconnected/haproxy.cfg + - path: /root/mirror-config.yaml + origin: disconnected/mirror-config.yaml cmds: - bash /root/scripts/deploy.sh diff --git a/kvirt/cluster/openshift/disconnected/scripts/mirror-config.yaml.sample b/kvirt/cluster/openshift/disconnected/mirror-config.yaml similarity index 71% rename from kvirt/cluster/openshift/disconnected/scripts/mirror-config.yaml.sample rename to kvirt/cluster/openshift/disconnected/mirror-config.yaml index 9a2d66ed0..c3db7f276 100644 --- a/kvirt/cluster/openshift/disconnected/scripts/mirror-config.yaml.sample +++ b/kvirt/cluster/openshift/disconnected/mirror-config.yaml @@ -1,23 +1,37 @@ -apiVersion: mirror.openshift.io/v1alpha2 +{% set release = '4.' + (tag|string).split('.')[1] if tag|count('.') > 1 else tag %} +{% set kcli_images = ["quay.io/karmab/curl:multi", "quay.io/karmab/origin-coredns:multi", "quay.io/karmab/haproxy:multi", "quay.io/karmab/origin-keepalived-ipfailover:multi", "quay.io/karmab/mdns-publisher:multi", "quay.io/karmab/kubectl:multi"] %} +{% if async|default(False) %} +{% do kcli_images.append("quay.io/karmab/kcli:latest") %} +{% endif %} + +apiVersion: mirror.openshift.io/v2alpha1 kind: ImageSetConfiguration -storageConfig: - registry: - imageURL: {{ disconnected_url or '$LOCAL_REGISTRY' }}/openshift/release/metadata:latest mirror: -{% if extra_images is defined %} + platform: + graph: false +{% if version in ['ci', 'nightly'] %} + release: registry.ci.openshift.org/ocp/release:{{ tag }} +{% else %} + channels: + - name: {{ 'candidate' if version == 'dev-preview' else 'stable' }}-{{ release }} +{% if tag|count('.') > 1 %} + minVersion: {{ tag }} + maxVersion: {{ tag }} +{% endif %} +{% endif %} + architectures: +# - multi + - amd64 additionalImages: -{% for image in extra_images %} +{% for image in kcli_images + extra_images|default([]) %} - name: {{ image }} {% endfor %} -{% endif %} - operators: # Operators we want to mirror +{% set operators = disconnected_operators|default([]) + disconnected_certified_operators|default([]) + disconnected_community_operators|default([]) + disconnected_marketplace_operators|default([]) %} +{% if operators %} + operators: {% if disconnected_operators|default([]) %} -{% if disconnected_operators_version %} -{% set catalog = 'quay.io/prega/prega-operator-index' if prega else 'registry.redhat.io/redhat/redhat-operator-index' %} - - catalog: {{ catalog }}:{{ disconnected_operators_version }} -{% else %} - - catalog: registry.redhat.io/redhat/redhat-operator-index:v{{ '4.' + (tag|string).split('.')[1] if tag|count('.') > 1 else tag }} -{% endif %} +{% set catalog = 'quay.io/prega/prega-operator-index' if prega|default(False) else 'registry.redhat.io/redhat/redhat-operator-index' %} + - catalog: {{ catalog }}:v{{ disconnected_operators_version or release_tag }} packages: {% for package in disconnected_operators %} {% if package.name is defined %} @@ -46,11 +60,7 @@ mirror: {% endfor %} {% endif %} {% if disconnected_certified_operators|default([]) %} -{% if disconnected_certified_operators_version %} - - catalog: registry.redhat.io/redhat/certified-operator-index:{{ disconnected_certified_operators_version }} -{% else %} - - catalog: registry.redhat.io/redhat/certified-operator-index:v{{ tag }} -{% endif %} + - catalog: registry.redhat.io/redhat/certified-operator-index:{{ disconnected_certified_operators_version or release_tag }} packages: {% for package in disconnected_certified_operators %} {% if package.name is defined %} @@ -79,11 +89,7 @@ mirror: {% endfor %} {% endif %} {% if disconnected_community_operators|default([]) %} -{% if disconnected_community_operators_version %} - - catalog: registry.redhat.io/redhat/community-operator-index:{{ disconnected_community_operators_version }} -{% else %} - - catalog: registry.redhat.io/redhat/community-operator-index:v{{ tag }} -{% endif %} + - catalog: registry.redhat.io/redhat/community-operator-index:v{{ disconnected_community_operators_version or release_tag }} packages: {% for package in disconnected_community_operators %} {% if package.name is defined %} @@ -112,11 +118,7 @@ mirror: {% endfor %} {% endif %} {% if disconnected_marketplace_operators|default([]) %} -{% if disconnected_marketplace_operators_version %} - - catalog: registry.redhat.io/redhat/redhat-marketplace-index:{{ disconnected_marketplace_operators_version }} -{% else %} - - catalog: registry.redhat.io/redhat/redhat-marketplace-index:v{{ tag }} -{% endif %} + - catalog: registry.redhat.io/redhat/redhat-marketplace-index:v{{ disconnected_marketplace_operators_version or tag }} packages: {% for package in disconnected_marketplace_operators %} {% if package.name is defined %} @@ -144,6 +146,7 @@ mirror: {% endif %} {% endfor %} {% endif %} +{% endif %} {% if disconnected_extra_catalogs|default([]) %} {% for catalog_image in disconnected_extra_catalogs %} - catalog: {{ catalog_image }} diff --git a/kvirt/cluster/openshift/disconnected/scripts/03_mirror.sh b/kvirt/cluster/openshift/disconnected/scripts/03_mirror.sh deleted file mode 100755 index 29880692e..000000000 --- a/kvirt/cluster/openshift/disconnected/scripts/03_mirror.sh +++ /dev/null @@ -1,38 +0,0 @@ -export PATH=/root/bin:$PATH -export PULL_SECRET=/root/openshift_pull.json -IP=$(ip -o addr show eth0 | grep -v '169.254\|fe80::' | tail -1 | awk '{print $4}' | cut -d'/' -f1) -REGISTRY_NAME={{ disconnected_vm_name or "$(echo $IP | sed 's/\./-/g' | sed 's/:/-/g').sslip.io" }} -REGISTRY_USER={{ disconnected_user if disconnected_user != None else 'dummy' }} -REGISTRY_PASSWORD={{ disconnected_password if disconnected_password != None else 'dummy' }} -{% if openshift_release_image is defined and openshift_version is defined %} -export OPENSHIFT_RELEASE_IMAGE={{ openshift_release_image }} -export OCP_RELEASE={{ openshift_version }}-x86_64 -{% elif version == 'ci' %} -export OPENSHIFT_RELEASE_IMAGE={{ 'registry.build01.ci.openshift.org' if 'ci' in tag|string else 'registry.ci.openshift.org' }}/ocp/release:{{ tag }} -export OCP_RELEASE={{ tag }}-x86_64 -{% elif version in ['nightly', 'stable'] %} -{% set tag = tag|string %} -{% if tag.split('.')|length > 2 %} -TAG={{ tag }} -{% elif version == 'nightly' %} -TAG={{"latest-" + tag }} -{% else %} -TAG={{"stable-" + tag }} -{% endif %} -OCP_REPO={{ 'ocp-dev-preview' if version == 'nightly' else 'ocp' }} -curl -Ls https://mirror.openshift.com/pub/openshift-v4/clients/$OCP_REPO/$TAG/release.txt > /tmp/release.txt -export OPENSHIFT_RELEASE_IMAGE=$(grep 'Pull From: quay.io' /tmp/release.txt | awk -F ' ' '{print $3}') -export OCP_RELEASE=$(grep 'Name:' /tmp/release.txt | awk -F ' ' '{print $2}')-x86_64 -{% else %} -curl -Ls https://mirror.openshift.com/pub/openshift-v4/clients/ocp/{{ version }}-{{ tag }}/release.txt > /tmp/release.txt -export OPENSHIFT_RELEASE_IMAGE=$(grep 'Pull From: quay.io' /tmp/release.txt | awk -F ' ' '{print $3}') -export OCP_RELEASE=$(grep 'Name:' /tmp/release.txt | awk -F ' ' '{print $2}')-x86_64 -{% endif %} - -export LOCAL_REG="$REGISTRY_NAME:5000" -KEY=$( echo -n $REGISTRY_USER:$REGISTRY_PASSWORD | base64) -jq ".auths += {\"$REGISTRY_NAME:5000\": {\"auth\": \"$KEY\",\"email\": \"jhendrix@karmalabs.corp\"}}" < $PULL_SECRET > /root/temp.json -cat /root/temp.json | tr -d [:space:] > $PULL_SECRET -oc adm release mirror -a $PULL_SECRET --from=$OPENSHIFT_RELEASE_IMAGE --to-release-image=${LOCAL_REG}/openshift/release-images:${OCP_RELEASE} --to=${LOCAL_REG}/openshift/release -echo "{\"auths\": {\"$REGISTRY_NAME:5000\": {\"auth\": \"$KEY\", \"email\": \"jhendrix@karmalabs.corp\"}}}" > /root/temp.json -echo $REGISTRY_NAME:5000/openshift/release-images:$OCP_RELEASE > /root/version.txt diff --git a/kvirt/cluster/openshift/disconnected/scripts/04_extras.sh b/kvirt/cluster/openshift/disconnected/scripts/04_extras.sh deleted file mode 100755 index 552bc7214..000000000 --- a/kvirt/cluster/openshift/disconnected/scripts/04_extras.sh +++ /dev/null @@ -1,5 +0,0 @@ -images="quay.io/karmab/curl:multi quay.io/karmab/origin-coredns:multi quay.io/karmab/haproxy:multi quay.io/karmab/origin-keepalived-ipfailover:multi quay.io/karmab/mdns-publisher:multi quay.io/karmab/kubectl:multi {{ 'quay.io/karmab/kcli:latest' if async else '' }}" - -for image in $images ; do - /root/bin/sync_image.sh $image -done diff --git a/kvirt/cluster/openshift/disconnected/scripts/04_mirror.sh b/kvirt/cluster/openshift/disconnected/scripts/04_mirror.sh new file mode 100755 index 000000000..c1e8c54d1 --- /dev/null +++ b/kvirt/cluster/openshift/disconnected/scripts/04_mirror.sh @@ -0,0 +1,80 @@ +#!/usr/bin/env bash + +export HOME=/root +cd $HOME +export PATH=/root/bin:$PATH +export PULL_SECRET=/root/openshift_pull.json +IP=$(ip -o addr show eth0 | grep -v '169.254\|fe80::' | tail -1 | awk '{print $4}' | cut -d'/' -f1) +REGISTRY={{ disconnected_vm_name or "$(echo $IP | sed 's/\./-/g' | sed 's/:/-/g').sslip.io" }} + +# Add extra registry keys +curl -Lo /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-isv https://www.redhat.com/security/data/55A34A82.txt +jq ".transports.docker += {\"registry.redhat.io/redhat/certified-operator-index\": [{\"type\": \"signedBy\",\"keyType\": \"GPGKeys\",\"keyPath\": \"/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-isv\"}], \"registry.redhat.io/redhat/community-operator-index\": [{\"type\": \"signedBy\",\"keyType\": \"GPGKeys\",\"keyPath\": \"/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-isv\"}], \"registry.redhat.io/redhat/redhat-marketplace-operator-index\": [{\"type\": \"signedBy\",\"keyType\": \"GPGKeys\",\"keyPath\": \"/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-isv\"}]}" < /etc/containers/policy.json > /etc/containers/policy.json.new +mv /etc/containers/policy.json.new /etc/containers/policy.json + +{% if version == 'ci' %} +export OCP_RELEASE={{ tag }} + +{% elif version in ['nightly', 'stable'] %} + +{% set tag = tag|string %} +{% if tag.split('.')|length > 2 %} +TAG={{ tag }} +{% else %} +{% set prefix = 'latest' if version == 'nightly' else 'stable' %} +TAG={{ prefix + '-' + tag }} +{% endif %} +curl -Ls https://mirror.openshift.com/pub/openshift-v4/clients/ocp/$TAG/release.txt > /tmp/release.txt +OCP_RELEASE=$(grep 'Name:' /tmp/release.txt | awk -F ' ' '{print $2}')-x86_64 + +{% elif version == 'dev-preview' %} +curl -Ls https://mirror.openshift.com/pub/openshift-v4/clients/ocp-dev-preview/{{ tag }}/release.txt > /tmp/release.txt +OCP_RELEASE=$(grep 'Name:' /tmp/release.txt | awk -F ' ' '{print $2}')-x86_64 +{% endif %} + +{% if version == 'ci' %} +{% set namespace = 'ocp/release' %} +{% elif version == 'dev-preview' %} +{% set namespace = 'openshift/release-images' %} +{% else %} +{% set namespace = 'openshift-release-dev/ocp-release' %} +{% endif %} +NAMESPACE={{ namespace }} +echo $REGISTRY:5000/$NAMESPACE:$OCP_RELEASE > /root/version.txt + +REGISTRY_USER={{ disconnected_user or "dummy" }} +REGISTRY_PASSWORD={{ disconnected_password or "dummy" }} +podman login -u $REGISTRY_USER -p $REGISTRY_PASSWORD $REGISTRY:5000 +REDHAT_CREDS=$(cat /root/openshift_pull.json | jq .auths.\"registry.redhat.io\".auth -r | base64 -d) +RHN_USER=$(echo $REDHAT_CREDS | cut -d: -f1) +RHN_PASSWORD=$(echo $REDHAT_CREDS | cut -d: -f2) +podman login -u "$RHN_USER" -p "$RHN_PASSWORD" registry.redhat.io + +which oc-mirror >/dev/null 2>&1 +if [ "$?" != "0" ] ; then + OPENSHIFT_TAG=4.17 + curl -Ls https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/stable-$OPENSHIFT_TAG/oc-mirror.tar.gz | tar xvz -C /usr/bin + chmod +x /usr/bin/oc-mirror +fi + +mkdir -p /root/.docker +cp -f /root/openshift_pull.json /root/.docker/config.json + +oc-mirror --v2 --workspace file:// --config=mirror-config.yaml docker://$REGISTRY:5000 + +{% if prega %} +[ ! -d /root/idms ] || rm -rf /root/idms +mkdir /root/idms +sed -i -e '/source:/!b;/bundle/b;/cincinnati/b;s,quay.io/prega/test/,registry.redhat.io/,' /root/oc-mirror-workspace/results-*/*imageContentSourcePolicy.yaml +oc adm migrate icsp /root/oc-mirror-workspace/results-*/*imageContentSourcePolicy.yaml --dest-dir /root/idms +{% endif %} + +if [ -d /root/idms ] ; then + cp /root/idms/*yaml /root/manifests/imageContentSourcePolicy.yaml +fi +cp /root/working-dir/cluster-resources/{cs*,*oc-mirror*} /root + +KEY=$( echo -n $REGISTRY_USER:$REGISTRY_PASSWORD | base64) +jq ".auths += {\"$REGISTRY:5000\": {\"auth\": \"$KEY\",\"email\": \"jhendrix@karmalabs.corp\"}}" < $PULL_SECRET > /root/temp.json +cat /root/temp.json | tr -d [:space:] > $PULL_SECRET +echo "{\"auths\": {\"$REGISTRY:5000\": {\"auth\": \"$KEY\", \"email\": \"jhendrix@karmalabs.corp\"}}}" > /root/temp.json diff --git a/kvirt/cluster/openshift/disconnected/scripts/05_olm.sh b/kvirt/cluster/openshift/disconnected/scripts/05_olm.sh deleted file mode 100755 index 96aacaa0c..000000000 --- a/kvirt/cluster/openshift/disconnected/scripts/05_olm.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/usr/bin/env bash - -cd /root -export PATH=/root/bin:$PATH -export OCP_PULLSECRET_AUTHFILE='/root/openshift_pull.json' -IP=$(ip -o addr show eth0 | grep -v '169.254\|fe80::' | tail -1 | awk '{print $4}' | cut -d'/' -f1) -REGISTRY_NAME={{ disconnected_vm_name or "$(echo $IP | sed 's/\./-/g' | sed 's/:/-/g').sslip.io" }} -export LOCAL_REGISTRY=$REGISTRY_NAME:5000 -export IMAGE_TAG=olm - -# Add extra registry keys -curl -Lo /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-isv https://www.redhat.com/security/data/55A34A82.txt -jq ".transports.docker += {\"registry.redhat.io/redhat/certified-operator-index\": [{\"type\": \"signedBy\",\"keyType\": \"GPGKeys\",\"keyPath\": \"/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-isv\"}], \"registry.redhat.io/redhat/community-operator-index\": [{\"type\": \"signedBy\",\"keyType\": \"GPGKeys\",\"keyPath\": \"/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-isv\"}], \"registry.redhat.io/redhat/redhat-marketplace-operator-index\": [{\"type\": \"signedBy\",\"keyType\": \"GPGKeys\",\"keyPath\": \"/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-isv\"}]}" < /etc/containers/policy.json > /etc/containers/policy.json.new -mv /etc/containers/policy.json.new /etc/containers/policy.json - -# Login registries -REGISTRY_USER={{ disconnected_user if disconnected_user != None else "dummy" }} -REGISTRY_PASSWORD={{ disconnected_password if disconnected_password != None else "dummy" }} -podman login -u $REGISTRY_USER -p $REGISTRY_PASSWORD $LOCAL_REGISTRY -#podman login registry.redhat.io --authfile /root/openshift_pull.json -REDHAT_CREDS=$(cat /root/openshift_pull.json | jq .auths.\"registry.redhat.io\".auth -r | base64 -d) -RHN_USER=$(echo $REDHAT_CREDS | cut -d: -f1) -RHN_PASSWORD=$(echo $REDHAT_CREDS | cut -d: -f2) -podman login -u "$RHN_USER" -p "$RHN_PASSWORD" registry.redhat.io - -which oc-mirror >/dev/null 2>&1 -if [ "$?" != "0" ] ; then - TARGET={{ 'ocp-dev-preview' if version == 'dev-preview' else 'ocp' }} - LONG_RELEASE={{ 'stable-4.17' if version == 'ci' else "$(cat /root/version.txt | awk -F: '{print $NF}' | rev | cut -d'-' -f2- | rev)" }} - curl -Ls https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/$TARGET/$LONG_RELEASE/oc-mirror.tar.gz | tar xvz -C /usr/bin - chmod +x /usr/bin/oc-mirror -fi - -mkdir -p /root/.docker -cp -f /root/openshift_pull.json /root/.docker/config.json - -envsubst < /root/scripts/mirror-config.yaml.sample > /root/mirror-config.yaml - -rm -rf /root/oc-mirror-workspace || true -oc-mirror --config /root/mirror-config.yaml docker://$LOCAL_REGISTRY - -{% if prega %} -[ ! -d /root/idms ] || rm -rf /root/idms -mkdir /root/idms -sed -i -e '/source:/!b;/bundle/b;/cincinnati/b;s,quay.io/prega/test/,registry.redhat.io/,' /root/oc-mirror-workspace/results-*/*imageContentSourcePolicy.yaml -oc adm migrate icsp /root/oc-mirror-workspace/results-*/*imageContentSourcePolicy.yaml --dest-dir /root/idms -{% endif %} - -if [ -d /root/idms ] ; then - cp /root/idms/*yaml /root/manifests/imageContentSourcePolicy.yaml -else - cp /root/oc-mirror-workspace/results-*/imageContentSourcePolicy.yaml /root -fi -cp /root/oc-mirror-workspace/results-*/catalogSource* /root diff --git a/kvirt/cluster/openshift/disconnected/scripts/06_web.sh b/kvirt/cluster/openshift/disconnected/scripts/05_web.sh similarity index 100% rename from kvirt/cluster/openshift/disconnected/scripts/06_web.sh rename to kvirt/cluster/openshift/disconnected/scripts/05_web.sh diff --git a/kvirt/cluster/openshift/disconnected/scripts/deploy.sh b/kvirt/cluster/openshift/disconnected/scripts/deploy.sh index 49df7f1e5..107d02c08 100755 --- a/kvirt/cluster/openshift/disconnected/scripts/deploy.sh +++ b/kvirt/cluster/openshift/disconnected/scripts/deploy.sh @@ -7,14 +7,8 @@ bash /root/scripts/02_packages.sh echo -e "${blue}************ RUNNING 03_registry.sh ************${clear}" bash /root/scripts/03_registry.sh {% if disconnected_sync %} -echo -e "${blue}************ RUNNING 03_mirror.sh ************${clear}" -bash /root/scripts/03_mirror.sh -echo -e "${blue}************ RUNNING 04_extras.sh ************${clear}" -bash /root/scripts/04_extras.sh -{% if disconnected_operators %} -echo -e "${blue}************ RUNNING 05_olm.sh ************${clear}" -bash /root/scripts/05_olm.sh +echo -e "${blue}************ RUNNING 04_mirror.sh ************${clear}" +bash /root/scripts/04_mirror.sh {% endif %} -{% endif %} -echo -e "${blue}************ RUNNING 06_web.sh ************${clear}" -bash /root/scripts/06_web.sh +echo -e "${blue}************ RUNNING 05_web.sh ************${clear}" +bash /root/scripts/05_web.sh diff --git a/kvirt/cluster/openshift/install-config.yaml b/kvirt/cluster/openshift/install-config.yaml index d538f6398..2d94ae610 100644 --- a/kvirt/cluster/openshift/install-config.yaml +++ b/kvirt/cluster/openshift/install-config.yaml @@ -140,35 +140,14 @@ sshKey: | {{ pub_key }} {% if disconnected_url != None %} imageContentSources: -{% if 'registry.build01.ci' in openshift_release_image %} -{% set release = openshift_release_image.split('/')[1] %} -- mirrors: - - {{ disconnected_url }}/openshift/release - - {{ disconnected_url }}/openshift/release-images - source: registry.build01.ci.openshift.org/{{ release }}/release -- mirrors: - - {{ disconnected_url }}/openshift/release - - {{ disconnected_url }}/openshift/release-images - source: registry.build01.ci.openshift.org/{{ release }}/stable -{% else %} - mirrors: + - {{ disconnected_url }}/openshift-release-dev/ocp-v4.0-art-dev - {{ disconnected_url }}/openshift/release source: quay.io/openshift-release-dev/ocp-v4.0-art-dev - mirrors: - - {{ disconnected_url }}/openshift/release-images -{% if ':' in tag|string %} - source: {{ openshift_release_image.split('/')[0] }}/{{ (tag|string).split(':')[0] }} -{% elif 'registry.ci' in openshift_release_image %} - source: registry.ci.openshift.org/ocp/release -{% else %} - source: quay.io/ocp-release -{% endif %} -{% endif %} -{% elif imagecontentsources %} -imageContentSources: -{% for source in imagecontentsources %} + - {{ disconnected_url }}/openshift-release-dev + source: {{ 'registry.ci.openshift.org/ocp/release' if version == 'ci' else 'quay.io/openshift-release-dev' }} - mirrors: - - {{ source }} - source: image-registry.openshift-image-registry.svc:5000/openshift/{{ source | basename | replace("openshift-", "")}} -{% endfor %} + - {{ disconnected_url }}/openshift/release-images + source: quay.io/openshift-release-dev/ocp-release {% endif %} diff --git a/kvirt/cluster/openshift/kcli_default.yml b/kvirt/cluster/openshift/kcli_default.yml index 5ef18575b..e0874310f 100644 --- a/kvirt/cluster/openshift/kcli_default.yml +++ b/kvirt/cluster/openshift/kcli_default.yml @@ -101,7 +101,6 @@ disconnected_mac: disconnected_extra_images: [] disconnected_extra_catalogs: [] disconnected_extra_releases: [] -imagecontentsources: [] ca: ipv6: false dualstack: false