diff --git a/ibm/mas_devops/common_tasks/detect_airgap.yml b/ibm/mas_devops/common_tasks/detect_airgap.yml index f58e883a1e..92770a5423 100644 --- a/ibm/mas_devops/common_tasks/detect_airgap.yml +++ b/ibm/mas_devops/common_tasks/detect_airgap.yml @@ -18,11 +18,21 @@ - mas.ibm.com/idmsContent=ibm register: idms_lookup +# 3. Look for the new aiservice IDMS +# ----------------------------------------------------------------------------- +- name: "detect-airgap : Look for the MAS ImageDigestMirrorSet" + kubernetes.core.k8s_info: + api_version: config.openshift.io/v1 + kind: ImageDigestMirrorSet + label_selectors: + - aiservice.ibm.com/idmsContent=ibm + register: aiservice_idms_lookup + # 3. Set the airgap boolena and print debug # ----------------------------------------------------------------------------- - name: "detect-airgap : Set airgap_install property" set_fact: - airgap_install: "{{ idms_lookup.resources | length == 1 | bool }}" + airgap_install: "{{ ( idms_lookup.resources | length == 1 or aiservice_idms_lookup.resources | length == 1 ) | bool }}" - name: "detect-airgap : Debug Airgap detection" debug: diff --git a/ibm/mas_devops/roles/mongodb/tasks/determine-ibmcatalog-tag.yml b/ibm/mas_devops/common_tasks/determine-ibmcatalog-tag.yml similarity index 79% rename from ibm/mas_devops/roles/mongodb/tasks/determine-ibmcatalog-tag.yml rename to ibm/mas_devops/common_tasks/determine-ibmcatalog-tag.yml index 11d0b9146c..0cb88a781d 100644 --- a/ibm/mas_devops/roles/mongodb/tasks/determine-ibmcatalog-tag.yml +++ b/ibm/mas_devops/common_tasks/determine-ibmcatalog-tag.yml @@ -1,6 +1,4 @@ --- -# The MongoDB version is based on the chosen ibm-operator-catalog. However the -# ibm-operator-catalog does not explicitly include information about the mongo version. # # To determine which catalog metadata to use, this role # extracts the catalog_tag from the ibm-operator-catalog's displayName. @@ -9,15 +7,10 @@ # displayName: IBM Maximo Operators (v9-240625-amd64) # # catalog_tag is v9-240625-amd64 -# MongoDB version will be determined from the catalog metadata (get_catalog_info.py) # -# And FINALLY... -# If the MongoDB version cannot be determined from the above logic, -# the MongoDB version will be determined by the most recent catalog data -# available (get_newest_catalog_tag.py) -# -# And if still it cannot be determined because perhaps its not specified in the -# configuration file, a default value will be used. +# If the catalog_tag cannot be found from the displayName or the +# catalog_tag in the displayName is not a valid catalog, use +# the most recent catalog - name: "Lookup the latest version of the Maximo Operator Catalog" when: last_catalog_tag is not defined or last_catalog_tag == "" diff --git a/ibm/mas_devops/playbooks/mirror_add_aiservice.yml b/ibm/mas_devops/playbooks/mirror_add_aiservice.yml new file mode 100644 index 0000000000..3faa64f8e1 --- /dev/null +++ b/ibm/mas_devops/playbooks/mirror_add_aiservice.yml @@ -0,0 +1,33 @@ +--- +- hosts: localhost + any_errors_fatal: true + + vars: + catalog_tag: "{{ lookup('env', 'MAS_CATALOG_VERSION') | default ('@@MAS_LATEST_CATALOG@@', True) }}" + mas_channel: "{{ lookup('env', 'MAS_CHANNEL') | default ('9.1.x', True) }}" + mirror_mode: "{{ lookup('env', 'MIRROR_MODE') | default ('direct', True) }}" + + pre_tasks: + - name: "Load Catalog Metadata" + ibm.mas_devops.get_catalog_info: + mas_catalog_version: "{{ catalog_tag }}" + register: mas_catalog_metadata + + - name: "Check that the catalog is a know catalog" + assert: + that: mas_catalog_metadata.failed == false + + roles: + # 1. IBM Maximo Facilities + # ------------------------------------------------------------------------- + - role: ibm.mas_devops.mirror_case_prepare + when: mirror_mode != "from-filesystem" + vars: + case_name: ibm-aiservice + case_version: "{{ lookup('env', 'MAS_AIBROKER_VERSION') | default (mas_catalog_metadata.aiservice_version[mas_channel], True) | replace('_', '.') }}" + exclude_images: [] + + - role: ibm.mas_devops.mirror_images + vars: + manifest_name: ibm-aiservice + manifest_version: "{{ lookup('env', 'MAS_AIBROKER_VERSION') | default (mas_catalog_metadata.aiservice_version[mas_channel], True) | replace('_', '.') }}" diff --git a/ibm/mas_devops/playbooks/mirror_dependencies.yml b/ibm/mas_devops/playbooks/mirror_dependencies.yml index 9f34d0e853..62fa3d5cc0 100644 --- a/ibm/mas_devops/playbooks/mirror_dependencies.yml +++ b/ibm/mas_devops/playbooks/mirror_dependencies.yml @@ -70,6 +70,10 @@ # ------------------------------------------------------------------------- mirror_kmodels: "{{ lookup('env', 'MIRROR_KMODELS') | default ('False', True) | bool }}" + # 15. Minio and MariaDB (for AI Service) + mirror_minio: "{{ lookup('env', 'MIRROR_MINIO') | default ('False', True) | bool }}" + mirror_opendatahub: "{{ lookup('env', 'MIRROR_OPENDATAHUB') | default ('False', True) | bool }}" + pre_tasks: - name: "Load Catalog Metadata" ibm.mas_devops.get_catalog_info: @@ -623,3 +627,33 @@ vars: manifest_name: extras_kmodels manifest_version: "{{ mas_catalog_metadata.kmodels_extras_version_default }}" + + # 15. Minio and opendatahub - needed by AI Service + # ------------------------------------------------------------------------- + - role: ibm.mas_devops.mirror_extras_prepare + when: + - mirror_minio + - mirror_mode != "from-filesystem" + vars: + extras_name: minio + extras_version: "{{mas_catalog_metadata.minio_version }}" + + - role: ibm.mas_devops.mirror_images + when: mirror_minio + vars: + manifest_name: extras_minio + manifest_version: "{{mas_catalog_metadata.minio_version }}" + + - role: ibm.mas_devops.mirror_extras_prepare + when: + - mirror_opendatahub + - mirror_mode != "from-filesystem" + vars: + extras_name: "opendatahub" + extras_version: "2.32" + + - role: ibm.mas_devops.mirror_images + when: mirror_opendatahub + vars: + manifest_name: extras_opendatahub + manifest_version: "2.32" diff --git a/ibm/mas_devops/playbooks/mirror_openshift.yml b/ibm/mas_devops/playbooks/mirror_openshift.yml index 7c66e2161f..c1e26c7c73 100644 --- a/ibm/mas_devops/playbooks/mirror_openshift.yml +++ b/ibm/mas_devops/playbooks/mirror_openshift.yml @@ -2,7 +2,14 @@ - hosts: localhost any_errors_fatal: true + vars: + catalog_tag: "{{ lookup('env', 'MAS_CATALOG_VERSION') | default ('@@MAS_LATEST_CATALOG@@', True) }}" + pre_tasks: + - name: "Load Catalog Metadata" + ibm.mas_devops.get_catalog_info: + mas_catalog_version: "{{ catalog_tag }}" + register: mas_catalog_metadata - name: Check for required environment variables assert: that: diff --git a/ibm/mas_devops/roles/aiservice_odh/tasks/authorino-operator.yml b/ibm/mas_devops/roles/aiservice_odh/tasks/authorino-operator.yml index bb7d11941a..aeb3cac604 100644 --- a/ibm/mas_devops/roles/aiservice_odh/tasks/authorino-operator.yml +++ b/ibm/mas_devops/roles/aiservice_odh/tasks/authorino-operator.yml @@ -1,12 +1,35 @@ --- + +- name: Get authorino operator package manifest + kubernetes.core.k8s_info: + api_version: packages.operators.coreos.com/v1 + kind: PackageManifest + name: authorino-operator + namespace: openshift-marketplace # Note: A namespace must be provided when calling packages.operators.coreos.com/v1 + register: authorino_operator_manifest + +- name: Assert that PackageManifest exists + ansible.builtin.assert: + that: + - authorino_operator_manifest is defined + - authorino_operator_manifest.resources is defined + - authorino_operator_manifest.resources | length == 1 + fail_msg: "PackageManifest not found: authorino-operator" + +- name: Set the subscription information + set_fact: + authorino_operator_source: "{{ authorino_operator_manifest.resources[0].status.catalogSource }}" + authorino_operator_source_namespace: "{{ authorino_operator_manifest.resources[0].status.catalogSourceNamespace }}" + authorino_operator_default_channel: "{{ authorino_operator_manifest.resources[0].status.defaultChannel }}" + # 1. Install Operator & create entitlement openshift-authorino # ----------------------------------------------------------------------------- - name: "Install Openshift authorino Operator" ibm.mas_devops.apply_subscription: namespace: "{{ openshift_namespace }}" package_name: "authorino-operator" - package_channel: "{{ serverless_channel }}" # This looks wrong, but that's what was in the original template - catalog_source: "{{ authorino_catalog_source }}" + package_channel: "{{ authorino_operator_default_channel }}" + catalog_source: "{{ authorino_operator_source }}" install_mode: AllNamespaces register: subscription diff --git a/ibm/mas_devops/roles/aiservice_odh/tasks/serverless-operator.yml b/ibm/mas_devops/roles/aiservice_odh/tasks/serverless-operator.yml index e3530387f5..8c2b56c3da 100644 --- a/ibm/mas_devops/roles/aiservice_odh/tasks/serverless-operator.yml +++ b/ibm/mas_devops/roles/aiservice_odh/tasks/serverless-operator.yml @@ -1,10 +1,33 @@ --- +- name: Get servless operator package manifest + kubernetes.core.k8s_info: + api_version: packages.operators.coreos.com/v1 + kind: PackageManifest + name: serverless-operator + namespace: openshift-marketplace # Note: A namespace must be provided when calling packages.operators.coreos.com/v1 + register: serverless_operator_manifest + +- name: Assert that PackageManifest exists + ansible.builtin.assert: + that: + - serverless_operator_manifest is defined + - serverless_operator_manifest.resources is defined + - serverless_operator_manifest.resources | length == 1 + fail_msg: "PackageManifest not found: serverless-operator" + +- name: Set the subscription information + set_fact: + serverless_operator_source: "{{ serverless_operator_manifest.resources[0].status.catalogSource }}" + serverless_operator_source_namespace: "{{ serverless_operator_manifest.resources[0].status.catalogSourceNamespace }}" + serverless_operator_default_channel: "{{ serverless_operator_manifest.resources[0].status.defaultChannel }}" + +# 1. Install Operator & create entitlement serverless +# ----------------------------------------------------------------------------- - name: "install : Create Serverless Subscription" ibm.mas_devops.apply_subscription: - namespace: openshift-serverless - package_name: serverless-operator - package_channel: stable - catalog_source: redhat-operators - catalog_source_namespace: openshift-marketplace + namespace: "{{ serverless_namespace }}" + package_name: "serverless-operator" + package_channel: "{{ serverless_operator_default_channel }}" + catalog_source: "{{ serverless_operator_source }}" install_mode: AllNamespaces register: serverless_subscription diff --git a/ibm/mas_devops/roles/aiservice_odh/tasks/servicemesh-operator.yml b/ibm/mas_devops/roles/aiservice_odh/tasks/servicemesh-operator.yml index 35be65d515..3dc219fc72 100644 --- a/ibm/mas_devops/roles/aiservice_odh/tasks/servicemesh-operator.yml +++ b/ibm/mas_devops/roles/aiservice_odh/tasks/servicemesh-operator.yml @@ -1,12 +1,35 @@ --- + +- name: Get service mesh operator package manifest + kubernetes.core.k8s_info: + api_version: packages.operators.coreos.com/v1 + kind: PackageManifest + name: servicemeshoperator + namespace: openshift-marketplace # Note: A namespace must be provided when calling packages.operators.coreos.com/v1 + register: service_mesh_operator_manifest + +- name: Assert that PackageManifest exists + ansible.builtin.assert: + that: + - service_mesh_operator_manifest is defined + - service_mesh_operator_manifest.resources is defined + - service_mesh_operator_manifest.resources | length == 1 + fail_msg: "PackageManifest not found: servicemeshoperator" + +- name: Set the subscription information + set_fact: + service_mesh_operator_source: "{{ service_mesh_operator_manifest.resources[0].status.catalogSource }}" + service_mesh_operator_source_namespace: "{{ service_mesh_operator_manifest.resources[0].status.catalogSourceNamespace }}" + service_mesh_operator_default_channel: "{{ service_mesh_operator_manifest.resources[0].status.defaultChannel }}" + # 1. Install Operator & create entitlement openshift-service-mesh # ----------------------------------------------------------------------------- - name: "Install Openshift ServiceMesh Operator" ibm.mas_devops.apply_subscription: namespace: "{{ service_mesh_namespace }}" package_name: "servicemeshoperator" - package_channel: "{{ service_mesh_channel }}" - catalog_source: "{{ service_mesh_catalog_source }}" + package_channel: "{{ service_mesh_operator_default_channel }}" + catalog_source: "{{ service_mesh_operator_source }}" install_mode: AllNamespaces register: subscription diff --git a/ibm/mas_devops/roles/minio/defaults/main.yml b/ibm/mas_devops/roles/minio/defaults/main.yml index 1746b12a47..08ad58834e 100644 --- a/ibm/mas_devops/roles/minio/defaults/main.yml +++ b/ibm/mas_devops/roles/minio/defaults/main.yml @@ -23,4 +23,5 @@ minio_namespace: "{{ lookup('env', 'MINIO_NAMESPACE') | default('minio', True) } minio_instance_name: "{{ lookup('env', 'MINIO_INSTANCE_NAME') | default('minio', True) }}" minio_root_user: "{{ lookup('env', 'MINIO_ROOT_USER') | default('minio', True) }}" minio_root_password: "{{ lookup('env', 'MINIO_ROOT_PASSWORD') | default('', True) }}" -minio_version: "quay.io/minio/minio:latest" +# needs to move to catalog +minio_version: "RELEASE.2025-06-13T11-33-47Z" diff --git a/ibm/mas_devops/roles/minio/tasks/main.yml b/ibm/mas_devops/roles/minio/tasks/main.yml index fa3879b88a..678717fc03 100644 --- a/ibm/mas_devops/roles/minio/tasks/main.yml +++ b/ibm/mas_devops/roles/minio/tasks/main.yml @@ -6,6 +6,25 @@ # ----------------------------------------------------------------------------- - include_tasks: tasks/determine-storage-classes.yml +- name: Load minio defaults using version from the catalog + block: + - include_tasks: "{{ role_path }}/../../common_tasks/determine-ibmcatalog-tag.yml" + + - ibm.mas_devops.get_catalog_info: + mas_catalog_version: "{{ catalog_tag }}" + register: _mas_catalog + + - name: Load minio defaults + include_vars: + file: "{{ role_path }}/../mirror_extras_prepare/vars/minio_{{ _mas_catalog.minio_version }}.yml" + +- name: Retrieve image setting parts + set_fact: + minio_image_name: "{{ extra_images | selectattr('name', 'match', '.*/minio$') | map(attribute='name') | first }}" + minio_image_registry: "{{ extra_images | selectattr('name', 'match', '.*/minio$') | map(attribute='registry') | first }}" + minio_image_digest: "{{ extra_images | selectattr('name', 'match', '.*/minio$') | map(attribute='digest') | first }}" + minio_image_tag: "{{ extra_images | selectattr('name', 'match', '.*/minio$') | map(attribute='tag') | first }}" + # create minio namespace - name: 'Create minio namespace' kubernetes.core.k8s: diff --git a/ibm/mas_devops/roles/minio/templates/minio/minio-deployment.yml.j2 b/ibm/mas_devops/roles/minio/templates/minio/minio-deployment.yml.j2 index 8853bd3368..925fe2abdd 100644 --- a/ibm/mas_devops/roles/minio/templates/minio/minio-deployment.yml.j2 +++ b/ibm/mas_devops/roles/minio/templates/minio/minio-deployment.yml.j2 @@ -19,7 +19,10 @@ spec: claimName: minio-pvc containers: - name: "{{ minio_instance_name }}" - image: "{{ minio_version }}" + image: "{{ minio_image_registry }}/{{ minio_image_name}}@{{ minio_image_digest}}" + metadata: + labels: + tag: "{{ minio_image_tag }}" command: - /bin/bash - -c diff --git a/ibm/mas_devops/roles/mirror_extras_prepare/vars/kmodels_1.0.13.yml b/ibm/mas_devops/roles/mirror_extras_prepare/vars/kmodels_1.0.13.yml index dad33c69e5..5189a994d2 100644 --- a/ibm/mas_devops/roles/mirror_extras_prepare/vars/kmodels_1.0.13.yml +++ b/ibm/mas_devops/roles/mirror_extras_prepare/vars/kmodels_1.0.13.yml @@ -1,14 +1,14 @@ --- extra_images: - name: cp/aibroker/controller - registry: cp.icr.io/cp + registry: cp.icr.io tag: 1.0.13 digest: sha256:d12feff98b033d17b700cb6549729825035981c082bb34898928895bf29e6222 - name: cp/aibroker/store - registry: cp.icr.io/cp + registry: cp.icr.io tag: 1.0.7 digest: sha256:c84006c5031f7b9c7d6e4210dd76fa98bd388791574efb9d0701a57476d7e230 - name: cp/aibroker/watcher - registry: cp.icr.io/cp + registry: cp.icr.io tag: 1.0.5 digest: sha256:f322d8830232f79c6889e3c1ba3b8ea78ea3da7d349606b119c95d72fbd97cac diff --git a/ibm/mas_devops/roles/mirror_extras_prepare/vars/kmodels_1.0.14.yml b/ibm/mas_devops/roles/mirror_extras_prepare/vars/kmodels_1.0.14.yml index 7b348e5708..83cabd7602 100644 --- a/ibm/mas_devops/roles/mirror_extras_prepare/vars/kmodels_1.0.14.yml +++ b/ibm/mas_devops/roles/mirror_extras_prepare/vars/kmodels_1.0.14.yml @@ -1,14 +1,14 @@ --- extra_images: - name: cp/aibroker/controller - registry: cp.icr.io/cp + registry: cp.icr.io tag: 1.0.14 digest: sha256:cbd6f839ca854643be40db49541cdfce8ba2bfb47e777da717fb84305210337d - name: cp/aibroker/store - registry: cp.icr.io/cp + registry: cp.icr.io tag: 1.0.9 digest: sha256:2fb658cb69342078301c2cb849b1b2dd6f572fa9140a4057941611e14e963a9f - name: cp/aibroker/watcher - registry: cp.icr.io/cp + registry: cp.icr.io tag: 1.0.6 digest: sha256:3f53007c095a138f4d4f50a7e3764f5013112ee3e6edee3a07059c1a119f0d45 diff --git a/ibm/mas_devops/roles/mirror_extras_prepare/vars/minio_RELEASE.2025-06-13T11-33-47Z.yml b/ibm/mas_devops/roles/mirror_extras_prepare/vars/minio_RELEASE.2025-06-13T11-33-47Z.yml new file mode 100644 index 0000000000..27773a2c79 --- /dev/null +++ b/ibm/mas_devops/roles/mirror_extras_prepare/vars/minio_RELEASE.2025-06-13T11-33-47Z.yml @@ -0,0 +1,6 @@ +--- +extra_images: + - name: minio/minio + registry: quay.io + digest: sha256:064117214caceaa8d8a90ef7caa58f2b2aeb316b5156afe9ee8da5b4d83e12c8 + tag: RELEASE.2025-06-13T11-33-47Z diff --git a/ibm/mas_devops/roles/mirror_extras_prepare/vars/opendatahub_2.32.yml b/ibm/mas_devops/roles/mirror_extras_prepare/vars/opendatahub_2.32.yml new file mode 100644 index 0000000000..6d3ef9c9c3 --- /dev/null +++ b/ibm/mas_devops/roles/mirror_extras_prepare/vars/opendatahub_2.32.yml @@ -0,0 +1,14 @@ +--- +extra_images: + - name: opendatahub/odh-model-controller + registry: quay.io + digest: sha256:ac9c3c4bf7fe27f9bb42113ef81c74abf2fd35db98ab43932e9ea5f4915ecca6 + tag: odh-v2.32 + - name: opendatahub/data-science-pipelines-operator + digest: sha256:f4b0025eb248c65ea58406aede3d8b57b30320d7e657b9e40ce79765d7b7f5fd + registry: quay.io + tag: latest + - name: opendatahub/kserve-controller + digest: sha256:322abd7198eca2d3c88884c8ee7992853fb7bf30222570e7fc16c744b4e3c7d5 + registry: quay.io + tag: odh-v2.32 diff --git a/ibm/mas_devops/roles/mirror_ocp/templates/imagesetconfiguration.yml.j2 b/ibm/mas_devops/roles/mirror_ocp/templates/imagesetconfiguration.yml.j2 index 3b67018145..d3f0cdd795 100644 --- a/ibm/mas_devops/roles/mirror_ocp/templates/imagesetconfiguration.yml.j2 +++ b/ibm/mas_devops/roles/mirror_ocp/templates/imagesetconfiguration.yml.j2 @@ -57,6 +57,9 @@ mirror: channels: - name: stable - name: strimzi-0.45.x + - name: opendatahub-operator + channels: + - name: fast # redhat-operators - catalog: registry.redhat.io/redhat/redhat-operator-index:v{{ ocp_release }} @@ -85,9 +88,22 @@ mirror: - name: lvms-operator # Not used by any of our roles, but used in SNO installations channels: - name: stable-{{ ocp_release }} + - name: serverless-operator + channels: + - name: stable + - name: servicemeshoperator + channels: + - name: stable + - name: authorino-operator + channels: + - name: stable {% if ocp_release >= "4.18" %} - name: odf-dependencies # Required by ibm.mas_devops.ocs role channels: - name: stable-{{ ocp_release }} {% endif %} + additionalImages: + - name: "registry.redhat.io/openshift-service-mesh/istio-operator-bundle@sha256:deb5e82c55ed09614827736ae7b38fab6b14281cd57929b246479b035cad8ec5" + - name: "quay.io/community-operator-pipeline-prod/opendatahub-operator:2.32.0" + - name: "quay.io/opendatahub/opendatahub-operator:v2.32.0" {% endif %} diff --git a/ibm/mas_devops/roles/mongodb/tasks/providers/community/check-mongo-exists.yml b/ibm/mas_devops/roles/mongodb/tasks/providers/community/check-mongo-exists.yml index 0f037139e2..6b14c39aac 100644 --- a/ibm/mas_devops/roles/mongodb/tasks/providers/community/check-mongo-exists.yml +++ b/ibm/mas_devops/roles/mongodb/tasks/providers/community/check-mongo-exists.yml @@ -47,7 +47,7 @@ set_fact: existing_mongo_minor_version: "{{ existing_mongo_version[:3] }}" - - include_tasks: tasks/determine-ibmcatalog-tag.yml + - include_tasks: "{{ role_path }}/../../common_tasks/determine-ibmcatalog-tag.yml" when: - existing_mongodb.resources[0].spec.version is defined diff --git a/ibm/mas_devops/roles/mongodb/tasks/providers/community/install-mongo.yml b/ibm/mas_devops/roles/mongodb/tasks/providers/community/install-mongo.yml index 43737389c2..b4d0e6ff4e 100644 --- a/ibm/mas_devops/roles/mongodb/tasks/providers/community/install-mongo.yml +++ b/ibm/mas_devops/roles/mongodb/tasks/providers/community/install-mongo.yml @@ -2,7 +2,7 @@ # 1. Load default settings # ----------------------------------------------------------------------------- - name: "Determine Version of Maximo Operator Catalog" - include_tasks: tasks/determine-ibmcatalog-tag.yml + include_tasks: "{{ role_path }}/../../common_tasks/determine-ibmcatalog-tag.yml" - name: Load Catalog Metadata when: diff --git a/ibm/mas_devops/roles/ocp_idms/README.md b/ibm/mas_devops/roles/ocp_idms/README.md index 7cb79914d8..9614fd0c12 100644 --- a/ibm/mas_devops/roles/ocp_idms/README.md +++ b/ibm/mas_devops/roles/ocp_idms/README.md @@ -1,6 +1,10 @@ ocp_idms =============================================================================== -Installs an **ImageDigestMirrorSet** (IDMS)for IBM Maximo Application Suite's Maximo Operator Catalog. Optionally can also install a second IDMS suitable for the Red Hat Operator Catalogs created by [mirror_ocp](mirror_ocp.md). If there are legacy **ImageContentSourcePolicies** installed by previous versions of this role, they will be deleted. +Installs an **ImageDigestMirrorSet** (IDMS)for IBM Maximo Application Suite's Maximo Operator Catalog. +Also install IDMS suitable for the Red Hat Operator Catalogs created by [mirror_ocp](mirror_ocp.md). +If there are legacy **ImageContentSourcePolicies** installed by previous versions of this role, they will be deleted. + +If PRODUCT_FAMILY is aiservice then it will install an **ImageTagMirrorSet** for OpenDataHub !!! warning This role doesn't work on IBMCloud ROKS. IBM Cloud RedHat OpenShift Service does not implement support for `ImageDigestMirrorSet`. If you want to use image mirroring you must manually configure each worker node individually using the IBM Cloud command line tool. @@ -59,6 +63,14 @@ If you are managing the Red Hat Operator Catalogs yourself the content therein m Role Variables ------------------------------------------------------------------------------- +### product_family +Creates the **ImageDigestMirrorSet** for the respective product family + +- **Required** +- Environment Variable: `PRODUCT_FAMILY` +- Default: `mas` +- Values: `mas` | `aiservice` + ### setup_redhat_release Instruct the role to setup **ImageDigestMirrorSet** for the mirrored release content generated by [mirror_ocp](mirror_ocp.md). This will create an additional policy named `ibm-mas-redhat-release`. diff --git a/ibm/mas_devops/roles/ocp_idms/defaults/main.yml b/ibm/mas_devops/roles/ocp_idms/defaults/main.yml index 1e1076d337..3e6149d0d9 100644 --- a/ibm/mas_devops/roles/ocp_idms/defaults/main.yml +++ b/ibm/mas_devops/roles/ocp_idms/defaults/main.yml @@ -26,6 +26,7 @@ artifactory_auth: "{{ artifactory_username }}:{{ artifactory_token }}" registry_prefix: "{{ lookup('env', 'REGISTRY_PREFIX') | default('', true) }}" registry_private_url_with_path: "{{ registry_private_url }}{% if registry_prefix | length > 0 %}/{{ registry_prefix }}{% endif %}" idms_suffix: "{% if registry_prefix | length > 0 %}-{{ registry_prefix }}{% endif %}" +itms_suffix: "{% if registry_prefix | length > 0 %}-{{ registry_prefix }}{% endif %}" # Optional Registry Prefix - Red Hat Content @@ -40,3 +41,5 @@ idms_suffix_redhat: "{% if registry_prefix_redhat | length > 0 %}-{{ registry_pr redhat_catalogs_prefix: "{{ lookup('env', 'REDHAT_CATALOGS_PREFIX') | default('', true) }}" machine_config_multiupdate: "{{ lookup('env','MACHINE_CONFIG_MULTIUPDATE') | default('False',true) | bool}}" + +product_family: "{{ lookup('env','PRODUCT_FAMILY') | default('mas',true) }}" diff --git a/ibm/mas_devops/roles/ocp_idms/meta/main.yml b/ibm/mas_devops/roles/ocp_idms/meta/main.yml index 5f5c9f54c2..8522a46ce8 100644 --- a/ibm/mas_devops/roles/ocp_idms/meta/main.yml +++ b/ibm/mas_devops/roles/ocp_idms/meta/main.yml @@ -20,5 +20,6 @@ galaxy_info: - devops - rhocp - airgap + - aiservice dependencies: [] diff --git a/ibm/mas_devops/roles/ocp_idms/tasks/main.yml b/ibm/mas_devops/roles/ocp_idms/tasks/main.yml index 6993686093..7edbb4f3db 100644 --- a/ibm/mas_devops/roles/ocp_idms/tasks/main.yml +++ b/ibm/mas_devops/roles/ocp_idms/tasks/main.yml @@ -51,9 +51,17 @@ - name: Create ImageDigestMirrorSet kubernetes.core.k8s: apply: yes - template: 'templates/idms/mas-ibm-catalog.yml.j2' + template: 'templates/idms/{{ product_family }}/ibm-catalog.yml.j2' register: idms_result +# 4. IBM Maximo Operator Catalog +# ----------------------------------------------------------------------------- +- name: Create ImageDigestMirrorSet + kubernetes.core.k8s: + apply: yes + template: 'templates/itms/{{ product_family }}/itms.yml.j2' + when: product_family == "aiservice" + register: itms_result # 5. Red Hat Operator Catalogs # ----------------------------------------------------------------------------- @@ -88,7 +96,7 @@ when: setup_redhat_catalogs kubernetes.core.k8s: apply: yes - template: "templates/idms/mas-redhat-catalogs.yml.j2" + template: "templates/idms/{{product_family}}/redhat-catalogs.yml.j2" # 6. Red Hat Release Catalog @@ -97,7 +105,7 @@ when: setup_redhat_release kubernetes.core.k8s: apply: yes - template: "templates/idms/mas-redhat-release.yml.j2" + template: "templates/idms/{{product_family}}/redhat-release.yml.j2" # 7. Delete the old ICSPs @@ -131,5 +139,5 @@ # 7. Wait until the nodes have applied the updates # ----------------------------------------------------------------------------- - name: Wait for Machine Configs to update - when: idms_result.changed + when: idms_result.changed or itms_result.changed include_tasks: "{{ role_path }}/../../common_tasks/wait-machine-config-update.yml" diff --git a/ibm/mas_devops/roles/ocp_idms/templates/idms/aiservice/ibm-catalog.yml.j2 b/ibm/mas_devops/roles/ocp_idms/templates/idms/aiservice/ibm-catalog.yml.j2 new file mode 100644 index 0000000000..713fbbe308 --- /dev/null +++ b/ibm/mas_devops/roles/ocp_idms/templates/idms/aiservice/ibm-catalog.yml.j2 @@ -0,0 +1,75 @@ +apiVersion: config.openshift.io/v1 +kind: ImageDigestMirrorSet +metadata: + name: aiservice-ibm-catalog{{ idms_suffix }} + labels: + aiservice.ibm.com/idmsContent: ibm + annotations: + aiservice.ibm.com/idmsRegistry: "{{ registry_private_url_with_path }}" + aiservice.ibm.com/idmsRegistryHost: "{{ registry_private_host }}" + aiservice.ibm.com/idmsRegistryPort: "{{ registry_private_port }}" + aiservice.ibm.com/idmsRegistryPrefix: "{{ registry_prefix }}" +spec: + imageDigestMirrors: + # 1. IBM Container Registry + # ------------------------------------------------------------------------- + # All IBM operators live in the cpopen namespace + - source: icr.io/cpopen + mirrors: + - {{ registry_private_url_with_path }}/cpopen + mirrorSourcePolicy: NeverContactSource + # IBM truststoremanager worker image lives in ibm-truststore-mgr namespace + - source: icr.io/ibm-truststore-mgr + mirrors: + - {{ registry_private_url_with_path }}/ibm-truststore-mgr + mirrorSourcePolicy: NeverContactSource + # IBM SLS content live in ibm-sls namespace + - source: icr.io/ibm-sls + mirrors: + - {{ registry_private_url_with_path }}/ibm-sls + mirrorSourcePolicy: NeverContactSource + # IBM UDS content live in ibm-uds namespace + - source: icr.io/ibm-uds + mirrors: + - {{ registry_private_url_with_path }}/ibm-uds + mirrorSourcePolicy: NeverContactSource + # IBM Db2 Universal operator content live in db2u namespace + - source: icr.io/db2u + mirrors: + - {{ registry_private_url_with_path }}/db2u + mirrorSourcePolicy: NeverContactSource + + # 2. IBM Entitled Container Registry + # ------------------------------------------------------------------------- + # All IBM entitled container images live under cp namespace + - source: cp.icr.io/cp + mirrors: + - {{ registry_private_url_with_path }}/cp + mirrorSourcePolicy: NeverContactSource + + # 3. Red Hat Quay.io Container Registry + # ------------------------------------------------------------------------- + # IBM common services live here + # MongoDb Community Edition Operator & associated container images + - source: quay.io/mongodb + mirrors: + - {{ registry_private_url_with_path }}/mongodb + mirrorSourcePolicy: NeverContactSource + - source: quay.io/minio + mirrors: + - {{ registry_private_url_with_path }}/minio + mirrorSourcePolicy: NeverContactSource + # Non-product IBM Maximo Application Suite images (e.g CLI & mirror of dockerhub mongodb image) + - source: quay.io/ibmmas + mirrors: + - {{ registry_private_url_with_path }}/ibmmas + mirrorSourcePolicy: NeverContactSource + +{% if artifactory_username != "" %} + # 4. Artifactory + # ------------------------------------------------------------------------- + - source: docker-na-public.artifactory.swg-devops.com/wiotp-docker-local + mirrors: + - docker-us-south-edge-public.artifactory.swg-devops.com/wiotp-docker-local + mirrorSourcePolicy: NeverContactSource +{% endif %} diff --git a/ibm/mas_devops/roles/ocp_idms/templates/idms/aiservice/redhat-catalogs.yml.j2 b/ibm/mas_devops/roles/ocp_idms/templates/idms/aiservice/redhat-catalogs.yml.j2 new file mode 100644 index 0000000000..a5297351a8 --- /dev/null +++ b/ibm/mas_devops/roles/ocp_idms/templates/idms/aiservice/redhat-catalogs.yml.j2 @@ -0,0 +1,104 @@ +--- +apiVersion: operators.coreos.com/v1alpha1 +kind: CatalogSource +metadata: + name: {% if redhat_catalogs_prefix | length > 0 %}{{ redhat_catalogs_prefix }}-{% endif %}certified-operator-index + namespace: openshift-marketplace +spec: + displayName: Certified Operators + publisher: Red Hat + image: {{ registry_private_url_with_path_redhat}}/redhat/certified-operator-index:v{{ ocp_release }} + sourceType: grpc +--- +apiVersion: operators.coreos.com/v1alpha1 +kind: CatalogSource +metadata: + name: {% if redhat_catalogs_prefix | length > 0 %}{{ redhat_catalogs_prefix }}-{% endif %}community-operator-index + namespace: openshift-marketplace +spec: + displayName: Community Operators + publisher: Red Hat + image: {{ registry_private_url_with_path_redhat }}/redhat/community-operator-index:v{{ ocp_release }} + sourceType: grpc +--- +apiVersion: operators.coreos.com/v1alpha1 +kind: CatalogSource +metadata: + name: {% if redhat_catalogs_prefix | length > 0 %}{{ redhat_catalogs_prefix }}-{% endif %}redhat-operator-index + namespace: openshift-marketplace +spec: + displayName: Red Hat Operators + publisher: Red Hat + image: {{ registry_private_url_with_path_redhat }}/redhat/redhat-operator-index:v{{ ocp_release }} + sourceType: grpc +--- +apiVersion: config.openshift.io/v1 +kind: ImageDigestMirrorSet +metadata: + name: aiservice-redhat-catalogs{{ idms_suffix_redhat }} + labels: + aiservice.ibm.com/idmsContent: redhat-catalogs + annotations: + aiservice.ibm.com/idmsRegistry: "{{ registry_private_url_with_path_redhat }}" + aiservice.ibm.com/idmsRegistryHost: "{{ registry_private_host }}" + aiservice.ibm.com/idmsRegistryPort: "{{ registry_private_port }}" + aiservice.ibm.com/idmsRegistryPrefix: "{{ registry_prefix_redhat }}" + operators.openshift.org/catalog: "true" +spec: + imageDigestMirrors: + - mirrors: + - {{ registry_private_url_with_path_redhat }}/cpopen + source: icr.io/cpopen + mirrorSourcePolicy: NeverContactSource + - mirrors: + - {{ registry_private_url_with_path_redhat }}/rhel9 + source: registry.redhat.io/rhel9 + mirrorSourcePolicy: NeverContactSource + - mirrors: + - {{ registry_private_url_with_path_redhat }}/odf4 + source: registry.redhat.io/odf4 + mirrorSourcePolicy: NeverContactSource + - mirrors: + - {{ registry_private_url_with_path_redhat }}/rhceph + source: registry.redhat.io/rhceph + mirrorSourcePolicy: NeverContactSource + - mirrors: + - {{ registry_private_url_with_path_redhat }}/openshift4 + source: registry.redhat.io/openshift4 + mirrorSourcePolicy: NeverContactSource + - mirrors: + - {{ registry_private_url_with_path_redhat }}/openshift-community-operators + source: quay.io/openshift-community-operators + mirrorSourcePolicy: NeverContactSource + - mirrors: + - {{ registry_private_url_with_path_redhat }}/openshift-pipelines + source: registry.redhat.io/openshift-pipelines + mirrorSourcePolicy: NeverContactSource + - mirrors: + - {{ registry_private_url_with_path_redhat }}/openshift-serverless-1 + source: registry.redhat.io/openshift-serverless-1 + mirrorSourcePolicy: NeverContactSource + - mirrors: + - {{ registry_private_url_with_path_redhat }}/openshift-service-mesh + source: registry.redhat.io/openshift-service-mesh + mirrorSourcePolicy: NeverContactSource + - mirrors: + - {{ registry_private_url_with_path_redhat }}/turbonomic + source: registry.connect.redhat.com/turbonomic + mirrorSourcePolicy: NeverContactSource + - mirrors: + - {{ registry_private_url_with_path_redhat }}/rh-marketplace + source: quay.io/rh-marketplace + mirrorSourcePolicy: NeverContactSource + - mirrors: + - {{ registry_private_url_with_path_redhat }}/rh-marketplace + source: registry.connect.redhat.com/rh-marketplace + mirrorSourcePolicy: NeverContactSource + - mirrors: + - {{ registry_private_url_with_path_redhat }}/cert-manager + source: registry.redhat.io/cert-manager + mirrorSourcePolicy: NeverContactSource + - mirrors: + - {{ registry_private_url_with_path_redhat }}/rhcl-1 + source: registry.redhat.io/rhcl-1 + mirrorSourcePolicy: NeverContactSource diff --git a/ibm/mas_devops/roles/ocp_idms/templates/idms/aiservice/redhat-release.yml.j2 b/ibm/mas_devops/roles/ocp_idms/templates/idms/aiservice/redhat-release.yml.j2 new file mode 100644 index 0000000000..10f6fd1cfe --- /dev/null +++ b/ibm/mas_devops/roles/ocp_idms/templates/idms/aiservice/redhat-release.yml.j2 @@ -0,0 +1,21 @@ +apiVersion: config.openshift.io/v1 +kind: ImageDigestMirrorSet +metadata: + name: aiservice-redhat-release{{ idms_suffix_redhat }} + labels: + aiservice.ibm.com/idmsContent: redhat-release + annotations: + aiservice.ibm.com/idmsRegistry: "{{ registry_private_url_with_path_redhat }}" + aiservice.ibm.com/idmsRegistryHost: "{{ registry_private_host }}" + aiservice.ibm.com/idmsRegistryPort: "{{ registry_private_port }}" + aiservice.ibm.com/idmsRegistryPrefix: "{{ registry_prefix_redhat}}" +spec: + imageDigestMirrors: + - mirrors: + - {{ registry_private_url_with_path_redhat }}/openshift/release + source: quay.io/openshift-release-dev/ocp-v4.0-art-dev + mirrorSourcePolicy: NeverContactSource + - mirrors: + - {{ registry_private_url_with_path_redhat }}/openshift/release-images + source: quay.io/openshift-release-dev/ocp-release + mirrorSourcePolicy: NeverContactSource diff --git a/ibm/mas_devops/roles/ocp_idms/templates/idms/mas-ibm-catalog.yml.j2 b/ibm/mas_devops/roles/ocp_idms/templates/idms/mas/ibm-catalog.yml.j2 similarity index 100% rename from ibm/mas_devops/roles/ocp_idms/templates/idms/mas-ibm-catalog.yml.j2 rename to ibm/mas_devops/roles/ocp_idms/templates/idms/mas/ibm-catalog.yml.j2 diff --git a/ibm/mas_devops/roles/ocp_idms/templates/idms/mas-redhat-catalogs.yml.j2 b/ibm/mas_devops/roles/ocp_idms/templates/idms/mas/redhat-catalogs.yml.j2 similarity index 100% rename from ibm/mas_devops/roles/ocp_idms/templates/idms/mas-redhat-catalogs.yml.j2 rename to ibm/mas_devops/roles/ocp_idms/templates/idms/mas/redhat-catalogs.yml.j2 diff --git a/ibm/mas_devops/roles/ocp_idms/templates/idms/mas-redhat-release.yml.j2 b/ibm/mas_devops/roles/ocp_idms/templates/idms/mas/redhat-release.yml.j2 similarity index 100% rename from ibm/mas_devops/roles/ocp_idms/templates/idms/mas-redhat-release.yml.j2 rename to ibm/mas_devops/roles/ocp_idms/templates/idms/mas/redhat-release.yml.j2 diff --git a/ibm/mas_devops/roles/ocp_idms/templates/itms/aiservice/itms.yml.j2 b/ibm/mas_devops/roles/ocp_idms/templates/itms/aiservice/itms.yml.j2 new file mode 100644 index 0000000000..a3c510fec5 --- /dev/null +++ b/ibm/mas_devops/roles/ocp_idms/templates/itms/aiservice/itms.yml.j2 @@ -0,0 +1,21 @@ +apiVersion: config.openshift.io/v1 +kind: ImageTagMirrorSet +metadata: + name: aiservice-ibm-catalog{{ itms_suffix }} + labels: + aiserice.ibm.com/itmsContent: ibm + annotations: + aiservice.ibm.com/itmsRegistry: "{{ registry_private_url_with_path }}" + aiservice.ibm.com/itmsRegistryHost: "{{ registry_private_host }}" + aiservice.ibm.com/itmsRegistryPort: "{{ registry_private_port }}" + aiservice.ibm.com/itmsRegistryPrefix: "{{ registry_prefix }}" +spec: + imageTagMirrors: + - mirrorSourcePolicy: NeverContactSource + mirrors: + - {{ registry_private_url_with_path }}/community-operator-pipeline-prod + source: quay.io/community-operator-pipeline-prod + - mirrorSourcePolicy: NeverContactSource + mirrors: + - {{ registry_private_url_with_path }}/opendatahub + source: quay.io/opendatahub