From 27d2bd8f8f12f5952235775116f1b650bdf33538 Mon Sep 17 00:00:00 2001
From: Ian Boden <ianboden@uk.ibm.com>
Date: Wed, 24 Apr 2024 08:38:54 +0100
Subject: [PATCH 1/5] fyre quickburn didn't include the site

---
 .../roles/ocp_provision/templates/fyre/quick_burn.json.j2        | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ibm/mas_devops/roles/ocp_provision/templates/fyre/quick_burn.json.j2 b/ibm/mas_devops/roles/ocp_provision/templates/fyre/quick_burn.json.j2
index 0e81765568..3f74f13c4e 100644
--- a/ibm/mas_devops/roles/ocp_provision/templates/fyre/quick_burn.json.j2
+++ b/ibm/mas_devops/roles/ocp_provision/templates/fyre/quick_burn.json.j2
@@ -5,6 +5,7 @@
     "quota_type": "quick_burn",
     "time_to_live": "36",
     "size":"{{ fyre_cluster_size }}",
+    "site": "{{ fyre_site }}",
     "product_group_id": "{{ fyre_product_id }}",
     "ocp_version": "{{ ocp_version }}",
     "haproxy": {

From 5bdc79252445b6ad54c55aaa7566ceadc5c531a4 Mon Sep 17 00:00:00 2001
From: Ian Boden <ianboden@uk.ibm.com>
Date: Wed, 24 Apr 2024 14:00:36 +0100
Subject: [PATCH 2/5] Add fyre proxies icr

---
 ibm/mas_devops/roles/dro/tasks/install-dro/main.yml    | 10 ++++++++++
 .../templates/ibm-entitlement-with-artifactory.json.j2 |  2 ++
 .../ibm_catalogs/tasks/install/development-catalog.yml |  2 ++
 .../templates/ibm-entitlement-with-artifactory.json.j2 |  8 ++++++++
 .../roles/mirror_images/templates/auth-secret.json.j2  |  8 ++++++++
 .../roles/ocp_simulate_disconnected_network/README.md  |  2 ++
 .../defaults/main.yml                                  |  2 +-
 ibm/mas_devops/roles/suite_install/README.md           |  5 +++--
 8 files changed, 36 insertions(+), 3 deletions(-)

diff --git a/ibm/mas_devops/roles/dro/tasks/install-dro/main.yml b/ibm/mas_devops/roles/dro/tasks/install-dro/main.yml
index d6e6a6cbbc..e832b4798c 100644
--- a/ibm/mas_devops/roles/dro/tasks/install-dro/main.yml
+++ b/ibm/mas_devops/roles/dro/tasks/install-dro/main.yml
@@ -86,6 +86,16 @@
         ibm_entitlement_key: "{{ibment.auths['docker-na-public.artifactory.swg-devops.com/wiotp-docker-local'].password}}"
       when: ibment is defined and ibment.auths['docker-na-public.artifactory.swg-devops.com/wiotp-docker-local'] is defined
 
+    - name: set ibm-entitlement-key for artifactory svl proxy
+      set_fact:
+        ibm_entitlement_key: "{{ibment.auths['docker-na-proxy-svl.artifactory.swg-devops.com/wiotp-docker-local'].password}}"
+      when: ibment is defined and ibment.auths['docker-na-proxy-svl.artifactory.swg-devops.com/wiotp-docker-local'] is defined
+
+    - name: set ibm-entitlement-key for artifactory rtp proxy
+      set_fact:
+        ibm_entitlement_key: "{{ibment.auths['docker-na-proxy-rtp.artifactory.swg-devops.com/wiotp-docker-local'].password}}"
+      when: ibment is defined and ibment.auths['docker-na-proxy-rtp.artifactory.swg-devops.com/wiotp-docker-local'] is defined
+
 - name: Check IBM Entitlement Key
   ansible.builtin.assert:
     that:
diff --git a/ibm/mas_devops/roles/entitlement_key_rotation/templates/ibm-entitlement-with-artifactory.json.j2 b/ibm/mas_devops/roles/entitlement_key_rotation/templates/ibm-entitlement-with-artifactory.json.j2
index eddcf9e052..fdd3069d70 100644
--- a/ibm/mas_devops/roles/entitlement_key_rotation/templates/ibm-entitlement-with-artifactory.json.j2
+++ b/ibm/mas_devops/roles/entitlement_key_rotation/templates/ibm-entitlement-with-artifactory.json.j2
@@ -1,5 +1,7 @@
 {"auths":{
 {% if artifactory_username is defined and artifactory_username != "" %}
 "docker-na-public.artifactory.swg-devops.com/wiotp-docker-local":{"username":"{{ artifactory_username }}","password":"{{ artifactory_token }}","auth":"{{ (artifactory_username ~ ':' ~ artifactory_token) | b64encode }}"},
+"docker-na-proxy-svl.artifactory.swg-devops.com/wiotp-docker-local":{"username":"{{ artifactory_username }}","password":"{{ artifactory_token }}","auth":"{{ (artifactory_username ~ ':' ~ artifactory_token) | b64encode }}"},
+"docker-na-proxy-rtp.artifactory.swg-devops.com/wiotp-docker-local":{"username":"{{ artifactory_username }}","password":"{{ artifactory_token }}","auth":"{{ (artifactory_username ~ ':' ~ artifactory_token) | b64encode }}"},
 {% endif %}
 "cp.icr.io/cp":{"username":"{{ mas_entitlement_username }}","password":"{{ mas_entitlement_key }}","auth":"{{ (mas_entitlement_username ~ ':' ~ mas_entitlement_key) | b64encode }}"}}}
diff --git a/ibm/mas_devops/roles/ibm_catalogs/tasks/install/development-catalog.yml b/ibm/mas_devops/roles/ibm_catalogs/tasks/install/development-catalog.yml
index 678a92657a..b5f10cf541 100644
--- a/ibm/mas_devops/roles/ibm_catalogs/tasks/install/development-catalog.yml
+++ b/ibm/mas_devops/roles/ibm_catalogs/tasks/install/development-catalog.yml
@@ -9,6 +9,8 @@
     artifactoryAuth: "{{ artifactoryAuthStr | b64encode }}"
     content:
       - '{"auths":{"docker-na-public.artifactory.swg-devops.com/wiotp-docker-local": {"username":"{{artifactory_username}}","password":"{{artifactory_token}}","auth":"{{artifactoryAuth}}"}'
+      - ',"docker-na-proxy-svl.artifactory.swg-devops.com/wiotp-docker-local": {"username":"{{artifactory_username}}","password":"{{artifactory_token}}","auth":"{{artifactoryAuth}}"}'
+      - ',"docker-na-proxy-rtp.artifactory.swg-devops.com/wiotp-docker-local": {"username":"{{artifactory_username}}","password":"{{artifactory_token}}","auth":"{{artifactoryAuth}}"}'
       - '}'
       - '}'
   kubernetes.core.k8s:
diff --git a/ibm/mas_devops/roles/install_operator/templates/ibm-entitlement-with-artifactory.json.j2 b/ibm/mas_devops/roles/install_operator/templates/ibm-entitlement-with-artifactory.json.j2
index 1f9263fcb9..b8d17a9b63 100644
--- a/ibm/mas_devops/roles/install_operator/templates/ibm-entitlement-with-artifactory.json.j2
+++ b/ibm/mas_devops/roles/install_operator/templates/ibm-entitlement-with-artifactory.json.j2
@@ -2,6 +2,14 @@
   "auths": {
 {% if artifactory_username is defined and artifactory_username != "" %}
     "docker-na-public.artifactory.swg-devops.com/wiotp-docker-local": {
+      "username": "{{ artifactory_username }}",
+      "password": "{{ artifactory_token }}",
+      "auth": "{{ (artifactory_username ~ ':' ~ artifactory_token) | b64encode }},"
+    "docker-na-proxy-svl.artifactory.swg-devops.com/wiotp-docker-local": {
+      "username": "{{ artifactory_username }}",
+      "password": "{{ artifactory_token }}",
+      "auth": "{{ (artifactory_username ~ ':' ~ artifactory_token) | b64encode }},"
+    "docker-na-proxy-rtp.artifactory.swg-devops.com/wiotp-docker-local": {
       "username": "{{ artifactory_username }}",
       "password": "{{ artifactory_token }}",
       "auth": "{{ (artifactory_username ~ ':' ~ artifactory_token) | b64encode }}"
diff --git a/ibm/mas_devops/roles/mirror_images/templates/auth-secret.json.j2 b/ibm/mas_devops/roles/mirror_images/templates/auth-secret.json.j2
index fb2a200cfc..edf7fec1b1 100644
--- a/ibm/mas_devops/roles/mirror_images/templates/auth-secret.json.j2
+++ b/ibm/mas_devops/roles/mirror_images/templates/auth-secret.json.j2
@@ -5,6 +5,14 @@
       "email":"{{ artifactory_username }}",
       "auth":"{{ artifactory_auth | b64encode }}"
     },
+    "docker-na-proxy-svl.artifactory.swg-devops.com": {
+      "email":"{{ artifactory_username }}",
+      "auth":"{{ artifactory_auth | b64encode }}"
+    },
+    "docker-na-proxy-rtp.artifactory.swg-devops.com": {
+      "email":"{{ artifactory_username }}",
+      "auth":"{{ artifactory_auth | b64encode }}"
+    },
 {% endif %}
 {% if registry_auth is defined and registry_auth != ":" %}
     "{{ registry_public_url }}": {
diff --git a/ibm/mas_devops/roles/ocp_simulate_disconnected_network/README.md b/ibm/mas_devops/roles/ocp_simulate_disconnected_network/README.md
index 854b109d6d..80bca5e14a 100644
--- a/ibm/mas_devops/roles/ocp_simulate_disconnected_network/README.md
+++ b/ibm/mas_devops/roles/ocp_simulate_disconnected_network/README.md
@@ -25,5 +25,7 @@ The default exclusions are:
 - icr.io
 - cp.icr.io
 - docker-na-public.artifactory.swg-devops.com
+- docker-na-proxy-svl.artifactory.swg-devops.com
+- docker-na-proxy-rtp.artifactory.swg-devops.com
 
 These can be changed by setting `airgap_network_exclusions` explicitly.
diff --git a/ibm/mas_devops/roles/ocp_simulate_disconnected_network/defaults/main.yml b/ibm/mas_devops/roles/ocp_simulate_disconnected_network/defaults/main.yml
index 5e205305ab..34ade44a1e 100644
--- a/ibm/mas_devops/roles/ocp_simulate_disconnected_network/defaults/main.yml
+++ b/ibm/mas_devops/roles/ocp_simulate_disconnected_network/defaults/main.yml
@@ -1,5 +1,5 @@
 ---
-airgap_network_exclusions: "quay.io registry.redhat.io registry.connect.redhat.com gcr.io nvcr.io icr.io cp.icr.io docker-na-public.artifactory.swg-devops.com"
+airgap_network_exclusions: "quay.io registry.redhat.io registry.connect.redhat.com gcr.io nvcr.io icr.io cp.icr.io docker-na-public.artifactory.swg-devops.com docker-na-proxy-svl.artifactory.swg-devops.com docker-na-proxy-rtp.artifactory.swg-devops.com"
 
 registry_private_ca_file: "{{ lookup('env', 'REGISTRY_PRIVATE_CA_FILE') }}"
 registry_private_ca_crt: "{{ lookup('file', registry_private_ca_file) }}"
diff --git a/ibm/mas_devops/roles/suite_install/README.md b/ibm/mas_devops/roles/suite_install/README.md
index eb56350597..c0fbe6de11 100644
--- a/ibm/mas_devops/roles/suite_install/README.md
+++ b/ibm/mas_devops/roles/suite_install/README.md
@@ -24,10 +24,11 @@ Optional fact, if not provided the role will use the default cluster subdomain
 Defines the instance id to be used for MAS installation
 
 ### mas_icr_cp
-Defines the entitled registry from the images should be pulled from. Set this to `cp.icr.io/cp` when installing release version of MAS or `docker-na-public.artifactory.swg-devops.com/wiotp-docker-local` for dev
+Defines the entitled registry from the images should be pulled from. Set this to `cp.icr.io/cp` when installing release version of MAS, `docker-na-public.artifactory.swg-devops.com/wiotp-docker-local` for dev
+unless when on fyre in which case use 'docker-na-proxy-svl.artifactory.swg-devops.com/wiotp-docker-local' or 'docker-na-proxy-rtp.artifactory.swg-devops.com/wiotp-docker-local' as appropriate
 
 ### mas_icr_cpopen
-Defines the registry for non entitled images, such as operators. Set this to `icr.io/cpopen` when installing release version of MAS or `docker-na-public.artifactory.swg-devops.com/wiotp-docker-local/cpopen` for dev
+Defines the registry for non entitled images, such as operators. Set this to `icr.io/cpopen` when installing release version of MAS or `docker-na-public.artifactory.swg-devops.com/wiotp-docker-local/cpopen` for dev (or corresponding fyre proxies as appropriate)
 
 ### mas_entitlement_username
 Username for entitled registry. This username will be used to create the image pull secret. Set to `cp` when installing release or use your `w3Id` for dev.

From fdddcd000b0e6b5858b4f0191708aff9046df3da Mon Sep 17 00:00:00 2001
From: Ian Boden <ianboden@uk.ibm.com>
Date: Fri, 10 May 2024 13:31:05 +0100
Subject: [PATCH 3/5] bad json

---
 .../templates/ibm-entitlement-with-artifactory.json.j2          | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ibm/mas_devops/roles/install_operator/templates/ibm-entitlement-with-artifactory.json.j2 b/ibm/mas_devops/roles/install_operator/templates/ibm-entitlement-with-artifactory.json.j2
index b8d17a9b63..b918548ea6 100644
--- a/ibm/mas_devops/roles/install_operator/templates/ibm-entitlement-with-artifactory.json.j2
+++ b/ibm/mas_devops/roles/install_operator/templates/ibm-entitlement-with-artifactory.json.j2
@@ -5,10 +5,12 @@
       "username": "{{ artifactory_username }}",
       "password": "{{ artifactory_token }}",
       "auth": "{{ (artifactory_username ~ ':' ~ artifactory_token) | b64encode }},"
+    },
     "docker-na-proxy-svl.artifactory.swg-devops.com/wiotp-docker-local": {
       "username": "{{ artifactory_username }}",
       "password": "{{ artifactory_token }}",
       "auth": "{{ (artifactory_username ~ ':' ~ artifactory_token) | b64encode }},"
+    },
     "docker-na-proxy-rtp.artifactory.swg-devops.com/wiotp-docker-local": {
       "username": "{{ artifactory_username }}",
       "password": "{{ artifactory_token }}",

From 2f5d370929d55b5d1813c32d85ca06454a69ed7c Mon Sep 17 00:00:00 2001
From: Ian Boden <ianboden@uk.ibm.com>
Date: Mon, 13 May 2024 14:28:15 +0100
Subject: [PATCH 4/5] commas in the wrong place

---
 .../templates/ibm-entitlement-with-artifactory.json.j2        | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ibm/mas_devops/roles/install_operator/templates/ibm-entitlement-with-artifactory.json.j2 b/ibm/mas_devops/roles/install_operator/templates/ibm-entitlement-with-artifactory.json.j2
index b918548ea6..0c95133738 100644
--- a/ibm/mas_devops/roles/install_operator/templates/ibm-entitlement-with-artifactory.json.j2
+++ b/ibm/mas_devops/roles/install_operator/templates/ibm-entitlement-with-artifactory.json.j2
@@ -4,12 +4,12 @@
     "docker-na-public.artifactory.swg-devops.com/wiotp-docker-local": {
       "username": "{{ artifactory_username }}",
       "password": "{{ artifactory_token }}",
-      "auth": "{{ (artifactory_username ~ ':' ~ artifactory_token) | b64encode }},"
+      "auth": "{{ (artifactory_username ~ ':' ~ artifactory_token) | b64encode }}"
     },
     "docker-na-proxy-svl.artifactory.swg-devops.com/wiotp-docker-local": {
       "username": "{{ artifactory_username }}",
       "password": "{{ artifactory_token }}",
-      "auth": "{{ (artifactory_username ~ ':' ~ artifactory_token) | b64encode }},"
+      "auth": "{{ (artifactory_username ~ ':' ~ artifactory_token) | b64encode }}"
     },
     "docker-na-proxy-rtp.artifactory.swg-devops.com/wiotp-docker-local": {
       "username": "{{ artifactory_username }}",

From 2ad69518ba65ef45567e3c72344e5168d9ce57b5 Mon Sep 17 00:00:00 2001
From: Ian Boden <ianboden@uk.ibm.com>
Date: Thu, 16 May 2024 10:22:04 +0100
Subject: [PATCH 5/5] [PATCH] only get the ibm entitlement artifactory password
 once in dro migration

---
 ibm/mas_devops/roles/dro/tasks/install-dro/main.yml | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/ibm/mas_devops/roles/dro/tasks/install-dro/main.yml b/ibm/mas_devops/roles/dro/tasks/install-dro/main.yml
index e832b4798c..d6e6a6cbbc 100644
--- a/ibm/mas_devops/roles/dro/tasks/install-dro/main.yml
+++ b/ibm/mas_devops/roles/dro/tasks/install-dro/main.yml
@@ -86,16 +86,6 @@
         ibm_entitlement_key: "{{ibment.auths['docker-na-public.artifactory.swg-devops.com/wiotp-docker-local'].password}}"
       when: ibment is defined and ibment.auths['docker-na-public.artifactory.swg-devops.com/wiotp-docker-local'] is defined
 
-    - name: set ibm-entitlement-key for artifactory svl proxy
-      set_fact:
-        ibm_entitlement_key: "{{ibment.auths['docker-na-proxy-svl.artifactory.swg-devops.com/wiotp-docker-local'].password}}"
-      when: ibment is defined and ibment.auths['docker-na-proxy-svl.artifactory.swg-devops.com/wiotp-docker-local'] is defined
-
-    - name: set ibm-entitlement-key for artifactory rtp proxy
-      set_fact:
-        ibm_entitlement_key: "{{ibment.auths['docker-na-proxy-rtp.artifactory.swg-devops.com/wiotp-docker-local'].password}}"
-      when: ibment is defined and ibment.auths['docker-na-proxy-rtp.artifactory.swg-devops.com/wiotp-docker-local'] is defined
-
 - name: Check IBM Entitlement Key
   ansible.builtin.assert:
     that: