From c37a78f35516ddd06f3430fcb2ea545175a83269 Mon Sep 17 00:00:00 2001
From: Wolfgang Kulhanek <wkulhanek@users.noreply.github.com>
Date: Sat, 14 Mar 2020 18:48:24 +0100
Subject: [PATCH] More checks. Check for ClusterVersion to make the role work on both 4.1 and 4.3 (#1336)

---
 ansible/roles/ocp4-workload-quay-operator/templates/project.j2             |    2 
 ansible/roles/ocp4-workload-quay-operator/defaults/main.yml                |    5 +
 ansible/roles/ocp4-workload-quay-operator/templates/subscription.j2        |    2 
 ansible/roles/ocp4-workload-quay-operator/templates/catalogsourceconfig.j2 |    6 ++
 ansible/roles/ocp4-workload-quay-operator/tasks/workload.yml               |   71 +++++++++++++----------
 ansible/roles/ocp4-workload-quay-operator/tasks/remove_workload.yml        |   44 +++++++++++---
 6 files changed, 85 insertions(+), 45 deletions(-)

diff --git a/ansible/roles/ocp4-workload-quay-operator/defaults/main.yml b/ansible/roles/ocp4-workload-quay-operator/defaults/main.yml
index 9b84b4e..1a53477 100644
--- a/ansible/roles/ocp4-workload-quay-operator/defaults/main.yml
+++ b/ansible/roles/ocp4-workload-quay-operator/defaults/main.yml
@@ -11,8 +11,9 @@
   project_display: Red Hat Quay Registry
   name: quay
 
-  # Quay starting CSV when deploying from Operator Hub
-  starting_csv: quay.v1.0.2
+  # Quay starting CSV. Leave empty for current CSV
+  # starting_csv: "quay.v1.0.2"
+  starting_csv: ""
 
   # Verify successful deployment
   verify_deployment: true
diff --git a/ansible/roles/ocp4-workload-quay-operator/tasks/remove_workload.yml b/ansible/roles/ocp4-workload-quay-operator/tasks/remove_workload.yml
index ab5b011..2d58f8e 100644
--- a/ansible/roles/ocp4-workload-quay-operator/tasks/remove_workload.yml
+++ b/ansible/roles/ocp4-workload-quay-operator/tasks/remove_workload.yml
@@ -7,34 +7,58 @@
                  ocp4_workload_quay_operator_secrets | default( {} ), recursive=true)
       }}
 
-- name: Remove Red Hat Quay Operator
+- name: Get ClusterVersion
+  k8s_facts:
+    api_version: config.openshift.io/v1
+    kind: ClusterVersion
+    name: version
+  register: r_cluster_version
+- name: Set ocp4_workload_quay_operator_cluster_version fact
+  set_fact:
+    ocp4_workload_quay_operator_cluster_version: "{{ r_cluster_version.resources[0].status.history[0].version }}"
+- name: Print OpenShift version
+  debug:
+    msg: "Removing Quay Operator for OpenShift Version: {{ ocp4_workload_quay_operator_cluster_version }}"
+
+- name: Remove Quay
   k8s:
     state: absent
     definition: "{{ lookup('template', item ) | from_yaml }}"
   loop:
   - ./templates/quay.j2
-  - ./templates/subscription.j2
-  - ./templates/operatorgroup.j2
-  - ./templates/catalogsourceconfig.j2
 
-- name: Remove serviceaccounts from anyuid scc (if they are still there)
-  shell: "oc adm policy remove-scc-from-user anyuid system:serviceaccount:quay-{{ ocp4_workload_quay_operator.project }}:{{ item }}"
-  loop:
-  - quay
-  - clair
+- name: Wait for all Quay Pods to be terminated
+  k8s_facts:
+    api_version: v1
+    kind: Pod
+    namespace: "{{ ocp4_workload_quay_operator.project }}"
+  register: r_running_pods
+  until: r_running_pods.resources | list | length <= 1
   ignore_errors: true
+  retries: 20
+  delay: 10
 
-- name: Remove Red Hat Quay Operator (Shared resources)
+- name: Remove Red Hat Quay Operator
   k8s:
     state: absent
     definition: "{{ lookup('template', item ) | from_yaml }}"
   loop:
+  - ./templates/subscription.j2
+  - ./templates/operatorgroup.j2
+  - ./templates/catalogsourceconfig.j2
   - ./templates/pull_secret.j2
   - ./templates/quay_superuser_secret.j2
   - ./templates/quay_config_secret.j2
   - ./templates/quay_ssl_certificate_secret.j2
   - ./templates/project.j2
 
+- name: Remove serviceaccounts from anyuid scc (if they are still there)
+  shell: "oc adm policy remove-scc-from-user anyuid system:serviceaccount:{{ ocp4_workload_quay_operator.project }}:{{ item }}"
+  loop:
+  - quay
+  - clair
+  ignore_errors: true
+
 # Leave this as the last task in the playbook.
 - name: remove_workload tasks complete
   debug:
diff --git a/ansible/roles/ocp4-workload-quay-operator/tasks/workload.yml b/ansible/roles/ocp4-workload-quay-operator/tasks/workload.yml
index b2ebb06..bdd8793 100644
--- a/ansible/roles/ocp4-workload-quay-operator/tasks/workload.yml
+++ b/ansible/roles/ocp4-workload-quay-operator/tasks/workload.yml
@@ -15,6 +15,19 @@
   debug:
     msg: "Setting up workload for user ocp_username = {{ ocp_username }}"
 
+- name: Get ClusterVersion
+  k8s_facts:
+    api_version: config.openshift.io/v1
+    kind: ClusterVersion
+    name: version
+  register: r_cluster_version
+- name: Set ocp4_workload_quay_operator_cluster_version fact
+  set_fact:
+    ocp4_workload_quay_operator_cluster_version: "{{ r_cluster_version.resources[0].status.history[0].version }}"
+- name: Print OpenShift version
+  debug:
+    msg: "Installing Quay Operator for OpenShift Version: {{ ocp4_workload_quay_operator_cluster_version }}"
+
 - name: Generate Quay Superuser Password
   when:
   - ocp4_workload_quay_operator.superuser_password is not defined or ocp4_workload_quay_operator.superuser_password|length == 0
@@ -101,12 +114,22 @@
     definition:  "{{ lookup('template', item ) | from_yaml }}"
   loop:
   - ./templates/project.j2
-  - ./templates/pull_secret.j2
-  - ./templates/quay_superuser_secret.j2
-  - ./templates/quay_config_secret.j2
   - ./templates/catalogsourceconfig.j2
   - ./templates/operatorgroup.j2
   - ./templates/subscription.j2
+  - ./templates/pull_secret.j2
+  - ./templates/quay_superuser_secret.j2
+  - ./templates/quay_config_secret.j2
+
+- name: Create OpenShift Objects for Red Hat Quay Registry Certificates
+  when:
+  - ocp4_workload_quay_operator_ssl_certificate | length > 0
+  - ocp4_workload_quay_operator_ssl_key | length > 0
+  k8s:
+    state: present
+    definition: "{{ lookup('template', item ) | from_yaml }}"
+  loop:
+  - ./templates/quay_ssl_certificate_secret.j2
 
 - name: Wait for ClusterServiceVersion to appear
   k8s_facts:
@@ -119,37 +142,28 @@
   retries: 30
   delay: 10
 
-- name: Wait for operator to be installed
+- name: Wait for Quay operator to be ready
   k8s_facts:
-    api_version: operators.coreos.com/v1alpha1
-    kind: ClusterServiceVersion
+    api_version: v1
+    kind: Deployment
     namespace: "{{ ocp4_workload_quay_operator.project }}"
-    name: "{{ ocp4_workload_quay_operator.starting_csv }}"
-    field_selectors:
-    - status.phase=Succeeded
-  register: r_csv
-  until: r_csv.resources[0] and r_csv.resources[0].get('status') and r_csv.resources[0].status.phase == 'Succeeded'
+    name: "quay-operator"
+  register: r_qo_deployment
   retries: 30
   delay: 10
+  until:
+  - r_qo_deployment.resources | length | int > 0
+  - r_qo_deployment.resources[0].status.availableReplicas is defined
+  - r_qo_deployment.resources[0].status.availableReplicas | int == r_qo_deployment.resources[0].spec.replicas | int
  
-- name: Create OpenShift Objects for Red Hat Quay Registry Certificates
-  when:
-  - ocp4_workload_quay_operator_ssl_certificate | length > 0
-  - ocp4_workload_quay_operator_ssl_key | length > 0
-  k8s:
-    state: present
-    definition: "{{ lookup('template', item ) | from_yaml }}"
-  loop:
-  - ./templates/quay_ssl_certificate_secret.j2
-
-- name: Create OpenShift Objects for Red Hat Quay Registry
+- name: Create Red Hat Quay Registry
   k8s:
     state: present
     definition: "{{ lookup('template', item ) | from_yaml }}"
   loop:
   - ./templates/quay.j2
 
-- name: Verify successful rollout (and fix crash looping Quay pod if necessary)
+- name: Verify successful rollout
   when: ocp4_workload_quay_operator.verify_deployment | bool
   block:
   - name: Wait for Quay App Pod to appear
@@ -184,13 +198,6 @@
     retries: 15
     delay: 5
 
-  # - name: Delete crashing Pod to pick up SCC
-    # when:
-    # - not r_running_quay_pod.resources[0].status.containerStatuses[0].ready | bool
-    # - r_running_quay_pod.resources[0].status.containerStatuses[0].state.waiting.reason is match("CrashLoopBackOff")
-    #   or r_running_quay_pod.resources[0].status.containerStatuses[0].state.waiting.reason is match("Error")
-    # shell: "oc delete pod {{ r_running_quay_pod.resources[0].metadata.name }} -n {{ ocp4_workload_quay_operator.project }}"
-
   # - name: Restart crashing Pod to pick up SCC
   #   when:
   #   - not r_running_quay_pod.resources[0].status.containerStatuses[0].ready | bool
@@ -215,8 +222,8 @@
   debug:
     msg: "{{ item }}"
   with_items:
-  - "user.info: Quay is available at https://{{r_quay.resources[0].status.hostname }}. It may take 5 to 10 minutes for this route to respond."
-  - "user.info: The Quay Super User is {{ ocp4_workload_quay_operator.superuser_username }} with password {{ ocp4_workload_quay_operator_superuser_password }}"
+  - "user.info: Red Hat Quay is available at https://{{r_quay.resources[0].status.hostname }}."
+  - "user.info: The Red Hat Quay Super User is {{ ocp4_workload_quay_operator.superuser_username }} with password {{ ocp4_workload_quay_operator_superuser_password }}"
 
 # Leave this as the last task in the playbook.
 - name: workload tasks complete
diff --git a/ansible/roles/ocp4-workload-quay-operator/templates/catalogsourceconfig.j2 b/ansible/roles/ocp4-workload-quay-operator/templates/catalogsourceconfig.j2
index 48b6479..e407afd 100644
--- a/ansible/roles/ocp4-workload-quay-operator/templates/catalogsourceconfig.j2
+++ b/ansible/roles/ocp4-workload-quay-operator/templates/catalogsourceconfig.j2
@@ -1,9 +1,15 @@
+{% if ocp4_workload_quay_operator_cluster_version is version_compare('4.3.0', '<')%}
+apiVersion: operators.coreos.com/v1
+{% else %}
 apiVersion: operators.coreos.com/v2
+{% endif %}
 kind: CatalogSourceConfig
 metadata:
   name: "installed-community-{{ ocp4_workload_quay_operator.project }}"
   namespace: openshift-marketplace
 spec:
+{% if ocp4_workload_quay_operator_cluster_version is version_compare('4.3.0', '>=')%}
   source: community-operators
+{% endif %}
   targetNamespace: "{{ ocp4_workload_quay_operator.project }}"
   packages: quay
\ No newline at end of file
diff --git a/ansible/roles/ocp4-workload-quay-operator/templates/project.j2 b/ansible/roles/ocp4-workload-quay-operator/templates/project.j2
index 87aa6ae..a48da36 100644
--- a/ansible/roles/ocp4-workload-quay-operator/templates/project.j2
+++ b/ansible/roles/ocp4-workload-quay-operator/templates/project.j2
@@ -4,7 +4,7 @@
   annotations:
     openshift.io/description: ""
     openshift.io/display-name: "{{ ocp4_workload_quay_operator.project_display }}"
-    openshift.io/requester: "system:admin"
+    openshift.io/requester: "{{ ocp_username }}"
   name: "{{ ocp4_workload_quay_operator.project }}"
 spec:
   finalizers:
diff --git a/ansible/roles/ocp4-workload-quay-operator/templates/subscription.j2 b/ansible/roles/ocp4-workload-quay-operator/templates/subscription.j2
index 82d4722..6fbab44 100644
--- a/ansible/roles/ocp4-workload-quay-operator/templates/subscription.j2
+++ b/ansible/roles/ocp4-workload-quay-operator/templates/subscription.j2
@@ -12,4 +12,6 @@
   name: quay
   source: "installed-community-{{ ocp4_workload_quay_operator.project }}" 
   sourceNamespace: "{{ ocp4_workload_quay_operator.project }}"
+{% if ocp4_workload_quay_operator.starting_csv | length > 0 %}
   startingCSV: "{{ ocp4_workload_quay_operator.starting_csv }}"
+{% endif %}

--
Gitblit v1.9.3