From c37a78f35516ddd06f3430fcb2ea545175a83269 Mon Sep 17 00:00:00 2001 From: Wolfgang Kulhanek <wkulhanek@users.noreply.github.com> Date: Sat, 14 Mar 2020 18:48:24 +0100 Subject: [PATCH] More checks. Check for ClusterVersion to make the role work on both 4.1 and 4.3 (#1336) --- ansible/roles/ocp4-workload-quay-operator/templates/project.j2 | 2 ansible/roles/ocp4-workload-quay-operator/defaults/main.yml | 5 + ansible/roles/ocp4-workload-quay-operator/templates/subscription.j2 | 2 ansible/roles/ocp4-workload-quay-operator/templates/catalogsourceconfig.j2 | 6 ++ ansible/roles/ocp4-workload-quay-operator/tasks/workload.yml | 71 +++++++++++++---------- ansible/roles/ocp4-workload-quay-operator/tasks/remove_workload.yml | 44 +++++++++++--- 6 files changed, 85 insertions(+), 45 deletions(-) diff --git a/ansible/roles/ocp4-workload-quay-operator/defaults/main.yml b/ansible/roles/ocp4-workload-quay-operator/defaults/main.yml index 9b84b4e..1a53477 100644 --- a/ansible/roles/ocp4-workload-quay-operator/defaults/main.yml +++ b/ansible/roles/ocp4-workload-quay-operator/defaults/main.yml @@ -11,8 +11,9 @@ project_display: Red Hat Quay Registry name: quay - # Quay starting CSV when deploying from Operator Hub - starting_csv: quay.v1.0.2 + # Quay starting CSV. Leave empty for current CSV + # starting_csv: "quay.v1.0.2" + starting_csv: "" # Verify successful deployment verify_deployment: true diff --git a/ansible/roles/ocp4-workload-quay-operator/tasks/remove_workload.yml b/ansible/roles/ocp4-workload-quay-operator/tasks/remove_workload.yml index ab5b011..2d58f8e 100644 --- a/ansible/roles/ocp4-workload-quay-operator/tasks/remove_workload.yml +++ b/ansible/roles/ocp4-workload-quay-operator/tasks/remove_workload.yml @@ -7,34 +7,58 @@ ocp4_workload_quay_operator_secrets | default( {} ), recursive=true) }} -- name: Remove Red Hat Quay Operator +- name: Get ClusterVersion + k8s_facts: + api_version: config.openshift.io/v1 + kind: ClusterVersion + name: version + register: r_cluster_version +- name: Set ocp4_workload_quay_operator_cluster_version fact + set_fact: + ocp4_workload_quay_operator_cluster_version: "{{ r_cluster_version.resources[0].status.history[0].version }}" +- name: Print OpenShift version + debug: + msg: "Removing Quay Operator for OpenShift Version: {{ ocp4_workload_quay_operator_cluster_version }}" + +- name: Remove Quay k8s: state: absent definition: "{{ lookup('template', item ) | from_yaml }}" loop: - ./templates/quay.j2 - - ./templates/subscription.j2 - - ./templates/operatorgroup.j2 - - ./templates/catalogsourceconfig.j2 -- name: Remove serviceaccounts from anyuid scc (if they are still there) - shell: "oc adm policy remove-scc-from-user anyuid system:serviceaccount:quay-{{ ocp4_workload_quay_operator.project }}:{{ item }}" - loop: - - quay - - clair +- name: Wait for all Quay Pods to be terminated + k8s_facts: + api_version: v1 + kind: Pod + namespace: "{{ ocp4_workload_quay_operator.project }}" + register: r_running_pods + until: r_running_pods.resources | list | length <= 1 ignore_errors: true + retries: 20 + delay: 10 -- name: Remove Red Hat Quay Operator (Shared resources) +- name: Remove Red Hat Quay Operator k8s: state: absent definition: "{{ lookup('template', item ) | from_yaml }}" loop: + - ./templates/subscription.j2 + - ./templates/operatorgroup.j2 + - ./templates/catalogsourceconfig.j2 - ./templates/pull_secret.j2 - ./templates/quay_superuser_secret.j2 - ./templates/quay_config_secret.j2 - ./templates/quay_ssl_certificate_secret.j2 - ./templates/project.j2 +- name: Remove serviceaccounts from anyuid scc (if they are still there) + shell: "oc adm policy remove-scc-from-user anyuid system:serviceaccount:{{ ocp4_workload_quay_operator.project }}:{{ item }}" + loop: + - quay + - clair + ignore_errors: true + # Leave this as the last task in the playbook. - name: remove_workload tasks complete debug: diff --git a/ansible/roles/ocp4-workload-quay-operator/tasks/workload.yml b/ansible/roles/ocp4-workload-quay-operator/tasks/workload.yml index b2ebb06..bdd8793 100644 --- a/ansible/roles/ocp4-workload-quay-operator/tasks/workload.yml +++ b/ansible/roles/ocp4-workload-quay-operator/tasks/workload.yml @@ -15,6 +15,19 @@ debug: msg: "Setting up workload for user ocp_username = {{ ocp_username }}" +- name: Get ClusterVersion + k8s_facts: + api_version: config.openshift.io/v1 + kind: ClusterVersion + name: version + register: r_cluster_version +- name: Set ocp4_workload_quay_operator_cluster_version fact + set_fact: + ocp4_workload_quay_operator_cluster_version: "{{ r_cluster_version.resources[0].status.history[0].version }}" +- name: Print OpenShift version + debug: + msg: "Installing Quay Operator for OpenShift Version: {{ ocp4_workload_quay_operator_cluster_version }}" + - name: Generate Quay Superuser Password when: - ocp4_workload_quay_operator.superuser_password is not defined or ocp4_workload_quay_operator.superuser_password|length == 0 @@ -101,12 +114,22 @@ definition: "{{ lookup('template', item ) | from_yaml }}" loop: - ./templates/project.j2 - - ./templates/pull_secret.j2 - - ./templates/quay_superuser_secret.j2 - - ./templates/quay_config_secret.j2 - ./templates/catalogsourceconfig.j2 - ./templates/operatorgroup.j2 - ./templates/subscription.j2 + - ./templates/pull_secret.j2 + - ./templates/quay_superuser_secret.j2 + - ./templates/quay_config_secret.j2 + +- name: Create OpenShift Objects for Red Hat Quay Registry Certificates + when: + - ocp4_workload_quay_operator_ssl_certificate | length > 0 + - ocp4_workload_quay_operator_ssl_key | length > 0 + k8s: + state: present + definition: "{{ lookup('template', item ) | from_yaml }}" + loop: + - ./templates/quay_ssl_certificate_secret.j2 - name: Wait for ClusterServiceVersion to appear k8s_facts: @@ -119,37 +142,28 @@ retries: 30 delay: 10 -- name: Wait for operator to be installed +- name: Wait for Quay operator to be ready k8s_facts: - api_version: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion + api_version: v1 + kind: Deployment namespace: "{{ ocp4_workload_quay_operator.project }}" - name: "{{ ocp4_workload_quay_operator.starting_csv }}" - field_selectors: - - status.phase=Succeeded - register: r_csv - until: r_csv.resources[0] and r_csv.resources[0].get('status') and r_csv.resources[0].status.phase == 'Succeeded' + name: "quay-operator" + register: r_qo_deployment retries: 30 delay: 10 + until: + - r_qo_deployment.resources | length | int > 0 + - r_qo_deployment.resources[0].status.availableReplicas is defined + - r_qo_deployment.resources[0].status.availableReplicas | int == r_qo_deployment.resources[0].spec.replicas | int -- name: Create OpenShift Objects for Red Hat Quay Registry Certificates - when: - - ocp4_workload_quay_operator_ssl_certificate | length > 0 - - ocp4_workload_quay_operator_ssl_key | length > 0 - k8s: - state: present - definition: "{{ lookup('template', item ) | from_yaml }}" - loop: - - ./templates/quay_ssl_certificate_secret.j2 - -- name: Create OpenShift Objects for Red Hat Quay Registry +- name: Create Red Hat Quay Registry k8s: state: present definition: "{{ lookup('template', item ) | from_yaml }}" loop: - ./templates/quay.j2 -- name: Verify successful rollout (and fix crash looping Quay pod if necessary) +- name: Verify successful rollout when: ocp4_workload_quay_operator.verify_deployment | bool block: - name: Wait for Quay App Pod to appear @@ -184,13 +198,6 @@ retries: 15 delay: 5 - # - name: Delete crashing Pod to pick up SCC - # when: - # - not r_running_quay_pod.resources[0].status.containerStatuses[0].ready | bool - # - r_running_quay_pod.resources[0].status.containerStatuses[0].state.waiting.reason is match("CrashLoopBackOff") - # or r_running_quay_pod.resources[0].status.containerStatuses[0].state.waiting.reason is match("Error") - # shell: "oc delete pod {{ r_running_quay_pod.resources[0].metadata.name }} -n {{ ocp4_workload_quay_operator.project }}" - # - name: Restart crashing Pod to pick up SCC # when: # - not r_running_quay_pod.resources[0].status.containerStatuses[0].ready | bool @@ -215,8 +222,8 @@ debug: msg: "{{ item }}" with_items: - - "user.info: Quay is available at https://{{r_quay.resources[0].status.hostname }}. It may take 5 to 10 minutes for this route to respond." - - "user.info: The Quay Super User is {{ ocp4_workload_quay_operator.superuser_username }} with password {{ ocp4_workload_quay_operator_superuser_password }}" + - "user.info: Red Hat Quay is available at https://{{r_quay.resources[0].status.hostname }}." + - "user.info: The Red Hat Quay Super User is {{ ocp4_workload_quay_operator.superuser_username }} with password {{ ocp4_workload_quay_operator_superuser_password }}" # Leave this as the last task in the playbook. - name: workload tasks complete diff --git a/ansible/roles/ocp4-workload-quay-operator/templates/catalogsourceconfig.j2 b/ansible/roles/ocp4-workload-quay-operator/templates/catalogsourceconfig.j2 index 48b6479..e407afd 100644 --- a/ansible/roles/ocp4-workload-quay-operator/templates/catalogsourceconfig.j2 +++ b/ansible/roles/ocp4-workload-quay-operator/templates/catalogsourceconfig.j2 @@ -1,9 +1,15 @@ +{% if ocp4_workload_quay_operator_cluster_version is version_compare('4.3.0', '<')%} +apiVersion: operators.coreos.com/v1 +{% else %} apiVersion: operators.coreos.com/v2 +{% endif %} kind: CatalogSourceConfig metadata: name: "installed-community-{{ ocp4_workload_quay_operator.project }}" namespace: openshift-marketplace spec: +{% if ocp4_workload_quay_operator_cluster_version is version_compare('4.3.0', '>=')%} source: community-operators +{% endif %} targetNamespace: "{{ ocp4_workload_quay_operator.project }}" packages: quay \ No newline at end of file diff --git a/ansible/roles/ocp4-workload-quay-operator/templates/project.j2 b/ansible/roles/ocp4-workload-quay-operator/templates/project.j2 index 87aa6ae..a48da36 100644 --- a/ansible/roles/ocp4-workload-quay-operator/templates/project.j2 +++ b/ansible/roles/ocp4-workload-quay-operator/templates/project.j2 @@ -4,7 +4,7 @@ annotations: openshift.io/description: "" openshift.io/display-name: "{{ ocp4_workload_quay_operator.project_display }}" - openshift.io/requester: "system:admin" + openshift.io/requester: "{{ ocp_username }}" name: "{{ ocp4_workload_quay_operator.project }}" spec: finalizers: diff --git a/ansible/roles/ocp4-workload-quay-operator/templates/subscription.j2 b/ansible/roles/ocp4-workload-quay-operator/templates/subscription.j2 index 82d4722..6fbab44 100644 --- a/ansible/roles/ocp4-workload-quay-operator/templates/subscription.j2 +++ b/ansible/roles/ocp4-workload-quay-operator/templates/subscription.j2 @@ -12,4 +12,6 @@ name: quay source: "installed-community-{{ ocp4_workload_quay_operator.project }}" sourceNamespace: "{{ ocp4_workload_quay_operator.project }}" +{% if ocp4_workload_quay_operator.starting_csv | length > 0 %} startingCSV: "{{ ocp4_workload_quay_operator.starting_csv }}" +{% endif %} -- Gitblit v1.9.3