From 998e0c84399eb45b6a99b445929b06e84363512f Mon Sep 17 00:00:00 2001
From: Wolfgang Kulhanek <wkulhanek@users.noreply.github.com>
Date: Fri, 13 Mar 2020 18:38:16 +0100
Subject: [PATCH] Update Quay Operator to new variable structure. Removed non-marketplace deployment logic. (#1326)

---
 ansible/roles/ocp4-workload-quay-operator/tasks/workload.yml |  178 ++++++++++++++++++++++++++++++++---------------------------
 1 files changed, 97 insertions(+), 81 deletions(-)

diff --git a/ansible/roles/ocp4-workload-quay-operator/tasks/workload.yml b/ansible/roles/ocp4-workload-quay-operator/tasks/workload.yml
index 661b6a1..7c771fa 100644
--- a/ansible/roles/ocp4-workload-quay-operator/tasks/workload.yml
+++ b/ansible/roles/ocp4-workload-quay-operator/tasks/workload.yml
@@ -1,20 +1,42 @@
 ---
-# Implement your Workload deployment tasks here
+- name: Set up combined ocp4_workload_quay_operator dictionary
+  set_fact:
+    ocp4_workload_quay_operator: >-
+      {{ ocp4_workload_quay_operator_defaults
+       | combine(ocp4_workload_quay_operator_input  | default( {} ),
+                 ocp4_workload_quay_operator_secret | default( {} ), recursive=true)
+      }}
+- name: Print combined role variables
+  debug:
+    var: ocp4_workload_quay_operator
+    verbosity: 2
 
 - name: Setting up workload for user
   debug:
     msg: "Setting up workload for user ocp_username = {{ ocp_username }}"
 
 - name: Generate Quay Superuser Password
-  set_fact:
-    _quay_superuser_password: "{{ lookup('password', '/dev/null length=12 chars=ascii_letters') }}"
   when:
-  - _quay_superuser_password is not defined or _quay_superuser_password|length == 0
+  - ocp4_workload_quay_operator.superuser_password is not defined or ocp4_workload_quay_operator.superuser_password|length == 0
+  set_fact:
+    ocp4_workload_quay_operator_superuser_password: "{{ lookup('password', '/dev/null length=12 chars=ascii_letters') }}"
 
-- name: Check if key file exist on bastion VM
+- name: Use provided Quay Superuser Password
+  when:
+  - ocp4_workload_quay_operator.superuser_password is defined
+  - ocp4_workload_quay_operator.superuser_password|length > 0
+  set_fact:
+    ocp4_workload_quay_operator_superuser_password: "{{ ocp4_workload_quay_operator.superuser_password }}"
+
+- name: Use provided key file
+  when: ocp4_workload_quay_operator.ssl_key | length > 0
+  set_fact:
+    ocp4_workload_quay_operator_ssl_key: ocp4_workload_quay_operator.ssl_key
+
+- name: Otherwise check if key file exist on bastion VM
   become: yes
   become_user: root
-  when: _quay_ssl_key | length == 0
+  when: ocp4_workload_quay_operator.ssl_key | length == 0
   block:
   - name: Check for Key file on Bastion
     stat:
@@ -25,15 +47,20 @@
     slurp:
       src: "/home/{{ ansible_user }}/certificates/privkey.pem"
     register: _quay_ssl_key_file
-  - name: Set _quay_ssl_key
+  - name: Set ocp4_workload_quay_operator_ssl_key
     when: r_ssl_key.stat.exists
     set_fact:
-      _quay_ssl_key: "{{ _quay_ssl_key_file['content'] }}"
+      ocp4_workload_quay_operator_ssl_key: "{{ _quay_ssl_key_file['content'] }}"
 
-- name: Check if certificate file exist on bastion VM
+- name: Use provided certificate file
+  when: ocp4_workload_quay_operator.ssl_certificate | length > 0
+  set_fact:
+    ocp4_workload_quay_operator_ssl_certificate: ocp4_workload_quay_operator.ssl_certificate
+
+- name: Otherwise check if certificate file exist on bastion VM
   become: yes
   become_user: root
-  when: _quay_ssl_certificate | length == 0
+  when: ocp4_workload_quay_operator.ssl_certificate | length == 0
   block:
   - name: Check for Certificate file on Bastion
     stat:
@@ -44,10 +71,10 @@
     slurp:
       src: "/home/{{ ansible_user }}/certificates/fullchain.pem"
     register: _quay_ssl_cert_file
-  - name: Set _quay_ssl_certificate
+  - name: Set ocp4_workload_quay_operator_ssl_certificate
     when: r_ssl_cert.stat.exists
     set_fact:
-      _quay_ssl_certificate: "{{ _quay_ssl_cert_file['content'] }}"
+      ocp4_workload_quay_operator_ssl_certificate: "{{ _quay_ssl_cert_file['content'] }}"
 
 - name: Determine Cluster Base Domain for Quay Route
   k8s_facts:
@@ -56,11 +83,19 @@
     name: cluster
   register: r_ingress_config
 
-- name: Set the Base Domain for Quay
+- name: Use Provided Quay route
+  when:
+  - ocp4_workload_quay_operator.route is defined
+  - ocp4_workload_quay_operator.route | length > 0
   set_fact:
-    _quay_route: "quay-{{ guid }}.{{ r_ingress_config.resources[0].spec.domain }}"
+    ocp4_workload_quay_operator_quay_route: "{{ ocp4_workload_quay_operator.route }}"
 
-- name: Create Quay Operator Common Resources
+- name: Otherwise use quay-{{guid}}.basedomain for the Quay route
+  when: ocp4_workload_quay_operator.route is not defined or ocp4_workload_quay_operator.route | length == 0
+  set_fact:
+    ocp4_workload_quay_operator_quay_route: "quay-{{ guid }}.{{ r_ingress_config.resources[0].spec.domain }}"
+
+- name: Create Quay Operator Resources
   k8s:
     state: present
     definition:  "{{ lookup('template', item ) | from_yaml }}"
@@ -69,65 +104,38 @@
   - ./templates/pull_secret.j2
   - ./templates/quay_superuser_secret.j2
   - ./templates/quay_config_secret.j2
+  - ./templates/catalogsourceconfig.j2
+  - ./templates/operatorgroup.j2
+  - ./templates/subscription.j2
 
-- name: Create Quay Operator from Operator Hub
-  when: _quay_operator_hub | bool
-  block:
-  - name: Create Operator Resources
-    k8s:
-      state: present
-      definition:  "{{ lookup('template', item ) | from_yaml }}"
-    loop:
-    - ./templates/catalogsourceconfig.j2
-    - ./templates/operatorgroup.j2
-    - ./templates/subscription.j2
+- name: Wait for ClusterServiceVersion to appear
+  k8s_facts:
+    api_version: operators.coreos.com/v1alpha1
+    kind: ClusterServiceVersion
+    namespace: "{{ ocp4_workload_quay_operator.project }}"
+    name: "{{ ocp4_workload_quay_operator.starting_csv }}"
+  register: r_csv
+  until: r_csv.resources | length > 0
+  retries: 30
+  delay: 10
 
-  - name: Wait for ClusterServiceVersion to appear
-    k8s_facts:
-      api_version: operators.coreos.com/v1alpha1
-      kind: ClusterServiceVersion
-      namespace: "{{ _quay_project }}"
-      name: "{{ _quay_operator_csv }}"
-      # field_selectors:
-      # - status.phase=Succeeded
-    register: r_csv
-    until: r_csv.resources | length > 0
-    # until: r_csv.resources[0] and r_csv.resources[0].get('status') and r_csv.resources[0].status.phase == 'Succeeded'
-    # ignore_errors: true
-    retries: 30
-    delay: 10
-
-  - name: Wait for operator to be installed
-    k8s_facts:
-      api_version: operators.coreos.com/v1alpha1
-      kind: ClusterServiceVersion
-      namespace: "{{ _quay_project }}"
-      name: "{{ _quay_operator_csv }}"
-      field_selectors:
-      - status.phase=Succeeded
-    register: r_csv
-    until: r_csv.resources[0] and r_csv.resources[0].get('status') and r_csv.resources[0].status.phase == 'Succeeded'
-    retries: 30
-    delay: 10
+- name: Wait for operator to be installed
+  k8s_facts:
+    api_version: operators.coreos.com/v1alpha1
+    kind: ClusterServiceVersion
+    namespace: "{{ ocp4_workload_quay_operator.project }}"
+    name: "{{ ocp4_workload_quay_operator.starting_csv }}"
+    field_selectors:
+    - status.phase=Succeeded
+  register: r_csv
+  until: r_csv.resources[0] and r_csv.resources[0].get('status') and r_csv.resources[0].status.phase == 'Succeeded'
+  retries: 30
+  delay: 10
  
-- name: Create OpenShift Objects for Red Hat Quay Registry prerequisites
-  when: not _quay_operator_hub | bool
-  k8s:
-    state: present
-    definition: "{{ lookup('template', item ) | from_yaml }}"
-  loop:
-  - ./templates/crd.j2
-  - ./templates/service_account.j2
-  - ./templates/cluster_role.j2
-  - ./templates/cluster_role_binding.j2
-  - ./templates/role.j2
-  - ./templates/role_binding.j2
-  - ./templates/operator.j2
-
 - name: Create OpenShift Objects for Red Hat Quay Registry Certificates
   when:
-  - _quay_ssl_certificate | length > 0
-  - _quay_ssl_key | length > 0
+  - ocp4_workload_quay_operator_ssl_certificate | length > 0
+  - ocp4_workload_quay_operator_ssl_key | length > 0
   k8s:
     state: present
     definition: "{{ lookup('template', item ) | from_yaml }}"
@@ -142,13 +150,13 @@
   - ./templates/quay.j2
 
 - name: Verify successful rollout (and fix crash looping Quay pod if necessary)
-  when: _quay_verify_deployment | bool
+  when: ocp4_workload_quay_operator.verify_deployment | bool
   block:
   - name: Wait for Quay App Pod to appear
     k8s_facts:
       api_version: v1
       kind: Pod
-      namespace: "{{ _quay_project }}"
+      namespace: "{{ ocp4_workload_quay_operator.project }}"
       label_selectors:
       - app=quay-operator
       - quay-enterprise-component=app
@@ -161,7 +169,7 @@
     k8s_facts:
       api_version: v1
       kind: Pod
-      namespace: "{{ _quay_project }}"
+      namespace: "{{ ocp4_workload_quay_operator.project }}"
       label_selectors:
       - app=quay-operator
       - quay-enterprise-component=app
@@ -172,12 +180,12 @@
     retries: 15
     delay: 5
 
-  - name: Delete crashing Pod to pick up SCC
-    when:
-    - not r_running_quay_pod.resources[0].status.containerStatuses[0].ready | bool
-    - r_running_quay_pod.resources[0].status.containerStatuses[0].state.waiting.reason is match("CrashLoopBackOff")
-      or r_running_quay_pod.resources[0].status.containerStatuses[0].state.waiting.reason is match("Error")
-    shell: "oc delete pod {{ r_running_quay_pod.resources[0].metadata.name }} -n {{ _quay_project }}"
+  # - name: Delete crashing Pod to pick up SCC
+    # when:
+    # - not r_running_quay_pod.resources[0].status.containerStatuses[0].ready | bool
+    # - r_running_quay_pod.resources[0].status.containerStatuses[0].state.waiting.reason is match("CrashLoopBackOff")
+    #   or r_running_quay_pod.resources[0].status.containerStatuses[0].state.waiting.reason is match("Error")
+    # shell: "oc delete pod {{ r_running_quay_pod.resources[0].metadata.name }} -n {{ ocp4_workload_quay_operator.project }}"
 
   # - name: Restart crashing Pod to pick up SCC
   #   when:
@@ -189,14 +197,22 @@
   #     api_version: v1
   #     kind: Pod
   #     name: "{{ r_running_quay_pod.resources[0].metadata.name }}"
-  #     namespace: "{{ _quay_project }}"
+  #     namespace: "{{ ocp4_workload_quay_operator.project }}"
+
+- name: Get Quay Hostname
+  k8s_facts:
+    api_version: redhatcop.redhat.io/v1alpha1
+    kind: QuayEcosystem
+    name: "{{ ocp4_workload_quay_operator.name }}"
+    namespace: "{{ ocp4_workload_quay_operator.project }}"
+  register: r_quay
 
 - name: Print Student as user.info
   debug:
     msg: "{{ item }}"
   with_items:
-  - "user.info: Quay is available at https://{{ _quay_route }}. It may take 5 to 10 minutes for this route to respond."
-  - "user.info: The Quay Super User is {{ _quay_superuser_username }} with password {{ _quay_superuser_password }}"
+  - "user.info: Quay is available at https://{{r_quay.resources[0].status.hostname }}. It may take 5 to 10 minutes for this route to respond."
+  - "user.info: The Quay Super User is {{ ocp4_workload_quay_operator.superuser_username }} with password {{ ocp4_workload_quay_operator_superuser_password }}"
 
 # Leave this as the last task in the playbook.
 - name: workload tasks complete

--
Gitblit v1.9.3