NO-ISSUE: enable lateset lso for 4.15 ztp

deploy/operator/mirror_utils.sh

@@ -1,60 +1,60 @@
 function mirror_package() {
-  # Here we will do the next actions:
-  # 1. Create an index of specific packages from specific remote indexes
-  # 2. Push the index image to the local index
-  # 3. Upload all packages to the local index and create ICSP and
-  #    CatalogSource for the new created index
-
-  # e.g. "local-storage-operator"
-  package="${1}"
-
-  # e.g. "registry.redhat.io/redhat/redhat-operator-index:v4.8"
-  remote_index="${2}"
-
-  # e.g. "virthost.ostest.test.metalkube.org:5000"
-  local_registry="${3}"
-
-  # e.g. "/run/user/0/containers/auth.json", "~/.docker/config.json"
-  # should have authentication information for both official registry
-  # (pull-secret) and for the local registry
-  authfile="${4}"
-
-  catalog_source_name="${5}"
-
-  # If the remote index is referenced using name and tag, use "name:tag" for the local image.
-  # If the remote index is referenced using a digest, use "name:digest" for the local image.
-  local_index_name=${remote_index##*/}
-  local_index_name="${local_index_name/@*:/:}"
-
-  local_registry_index_tag="${local_registry}/olm-index/${local_index_name}"
-  local_registry_image_tag="${local_registry}/olm"
-
-  opm index prune \
-        --from-index "${remote_index}" \
-        --packages "${package}" \
-        --tag "${local_registry_index_tag}"
-
-  GODEBUG=x509ignoreCN=0 podman push \
-        --tls-verify=false \
-        "${local_registry_index_tag}" \
-        --authfile "${authfile}"
-
-  manifests_dir=$(mktemp -d -t manifests-XXXXXXXXXX)
-  GODEBUG=x509ignoreCN=0 oc adm catalog mirror \
-        "${local_registry_index_tag}" \
-        "${local_registry_image_tag}" \
-        --registry-config="${authfile}" \
-        --to-manifests="${manifests_dir}"
-
-  echo "Applyed image-content-source-policy:"
-  cat "${manifests_dir}/imageContentSourcePolicy.yaml"
-
-  oc apply -f "${manifests_dir}/imageContentSourcePolicy.yaml"
-
-  # Modify openshift-marketplace namespace in order to allow workaround the new pod security
-  # admissions. Details are described in https://access.redhat.com/articles/6977554 and they
-  # are used to allow `securityContextConfig: legacy` stanza in the CatalogSource definition.
-  cat > "${manifests_dir}/namespaceHotfix.yaml" << EOF
+	# Here we will do the next actions:
+	# 1. Create an index of specific packages from specific remote indexes
+	# 2. Push the index image to the local index
+	# 3. Upload all packages to the local index and create ICSP and
+	#    CatalogSource for the new created index
+
+	# e.g. "local-storage-operator"
+	package="${1}"
+
+	# e.g. "registry.redhat.io/redhat/redhat-operator-index:v4.8"
+	remote_index="${2}"
+
+	# e.g. "virthost.ostest.test.metalkube.org:5000"
+	local_registry="${3}"
+
+	# e.g. "/run/user/0/containers/auth.json", "~/.docker/config.json"
+	# should have authentication information for both official registry
+	# (pull-secret) and for the local registry
+	authfile="${4}"
+
+	catalog_source_name="${5}"
+
+	# If the remote index is referenced using name and tag, use "name:tag" for the local image.
+	# If the remote index is referenced using a digest, use "name:digest" for the local image.
+	local_index_name=${remote_index##*/}
+	local_index_name="${local_index_name/@*:/:}"
+
+	local_registry_index_tag="${local_registry}/olm-index/${local_index_name}"
+	local_registry_image_tag="${local_registry}/olm"
+
+	opm index prune \
+		--from-index "${remote_index}" \
+		--packages "${package}" \
+		--tag "${local_registry_index_tag}"
+
+	GODEBUG=x509ignoreCN=0 podman push \
+		--tls-verify=false \
+		"${local_registry_index_tag}" \
+		--authfile "${authfile}"
+
+	manifests_dir=$(mktemp -d -t manifests-XXXXXXXXXX)
+	GODEBUG=x509ignoreCN=0 oc adm catalog mirror \
+		"${local_registry_index_tag}" \
+		"${local_registry_image_tag}" \
+		--registry-config="${authfile}" \
+		--to-manifests="${manifests_dir}"
+
+	echo "Applyed image-content-source-policy:"
+	cat "${manifests_dir}/imageContentSourcePolicy.yaml"
+
+	oc apply -f "${manifests_dir}/imageContentSourcePolicy.yaml"
+
+	# Modify openshift-marketplace namespace in order to allow workaround the new pod security
+	# admissions. Details are described in https://access.redhat.com/articles/6977554 and they
+	# are used to allow `securityContextConfig: legacy` stanza in the CatalogSource definition.
+	cat >"${manifests_dir}/namespaceHotfix.yaml" <<EOF
 apiVersion: v1
 kind: Namespace
 metadata:
@@ -65,12 +65,12 @@ metadata:
   name: openshift-marketplace
 EOF
 
-  echo "Applied hotfix for marketplace namespace:"
-  cat "${manifests_dir}/namespaceHotfix.yaml"
+	echo "Applied hotfix for marketplace namespace:"
+	cat "${manifests_dir}/namespaceHotfix.yaml"
 
-  oc apply -f "${manifests_dir}/namespaceHotfix.yaml"
+	oc apply -f "${manifests_dir}/namespaceHotfix.yaml"
 
-  cat > "${manifests_dir}/catalogSource.yaml" << EOF
+	cat >"${manifests_dir}/catalogSource.yaml" <<EOF
 apiVersion: operators.coreos.com/v1alpha1
 kind: CatalogSource
 metadata:
@@ -88,65 +88,64 @@ spec:
       interval: 30m
 EOF
 
-  echo "Applyed catalog source:"
-  cat "${manifests_dir}/catalogSource.yaml"
+	echo "Applyed catalog source:"
+	cat "${manifests_dir}/catalogSource.yaml"
 
-  oc apply -f "${manifests_dir}/catalogSource.yaml"
+	oc apply -f "${manifests_dir}/catalogSource.yaml"
 
+	if [ "${OPENSHIFT_CI:-false}" = "false" ]; then
+		# Until allowing mirroring by tags https://issues.redhat.com/browse/OCPNODE-521
+		# https://github.com/openshift/api/pull/874 will be part of OCP 4.9
+		# The sixth element on net-dhcp-leases is the hostname.
+		# We would like to get all the available hostnames, SSH to them, and fix their registries.conf to allow mirror-by-digest.
+		hostnames=$(virsh net-dhcp-leases ${BAREMETAL_NETWORK_NAME} | awk 'NR > 2 && $6 != "-" {print $6}')
 
-  if [ "${OPENSHIFT_CI:-false}" = "false" ]; then
-    # Until allowing mirroring by tags https://issues.redhat.com/browse/OCPNODE-521
-    # https://github.com/openshift/api/pull/874 will be part of OCP 4.9
-    # The sixth element on net-dhcp-leases is the hostname.
-    # We would like to get all the available hostnames, SSH to them, and fix their registries.conf to allow mirror-by-digest.
-    hostnames=$(virsh net-dhcp-leases ${BAREMETAL_NETWORK_NAME} | awk 'NR > 2 && $6 != "-" {print $6}')
-
-    for hostname in ${hostnames}; do
-        ssh -o StrictHostKeyChecking=no core@${hostname} bash - << EOF
+		for hostname in ${hostnames}; do
+			ssh -o StrictHostKeyChecking=no core@${hostname} bash - <<EOF
   if grep "mirror-by-digest-only = true" /etc/containers/registries.conf -c; then
       sudo sed -i 's/mirror-by-digest-only = true/mirror-by-digest-only = false/' /etc/containers/registries.conf
       sudo systemctl restart crio kubelet
   fi
 EOF
-    done
-  fi
+		done
+	fi
 }
 
 function mirror_file() {
-  remote_url="${1}"
-  httpd_path="${2}"
-  base_mirror_url="${3}"
+	remote_url="${1}"
+	httpd_path="${2}"
+	base_mirror_url="${3}"
 
-  local url_path="$(echo ${remote_url} | cut -d / -f 4-)"
-  mkdir -p "$(dirname ${httpd_path}/${url_path})"
-  curl --retry 5 --connect-timeout 30 "${remote_url}" -o "${httpd_path}/${url_path}"
+	local url_path="$(echo ${remote_url} | cut -d / -f 4-)"
+	mkdir -p "$(dirname ${httpd_path}/${url_path})"
+	curl --retry 5 --connect-timeout 30 "${remote_url}" -o "${httpd_path}/${url_path}"
 
-  echo "${base_mirror_url}/${url_path}"
+	echo "${base_mirror_url}/${url_path}"
 }
 
 function disable_default_indexes() {
-  oc patch OperatorHub cluster --type json \
-        -p '[{"op": "add", "path": "/spec/disableAllDefaultSources", "value": true}]'
+	oc patch OperatorHub cluster --type json \
+		-p '[{"op": "add", "path": "/spec/disableAllDefaultSources", "value": true}]'
 }
 
 function merge_authfiles() {
-  first_authfile="${1}"
-  second_authfile="${2}"
-  merged_authfile="${3}"
+	first_authfile="${1}"
+	second_authfile="${2}"
+	merged_authfile="${3}"
 
-  jq -s '.[0] * .[1]' "${first_authfile}" "${second_authfile}" > "${merged_authfile}"
+	jq -s '.[0] * .[1]' "${first_authfile}" "${second_authfile}" >"${merged_authfile}"
 }
 
 function install_opm() {
-  curl --retry 5 --connect-timeout 30 -s https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/stable-4.7/opm-linux.tar.gz | tar xvz -C /usr/local/bin/
+	curl --retry 5 --connect-timeout 30 -s https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/stable-4.14/opm-linux.tar.gz | tar xvz -C /usr/local/bin/
 }
 
 function ocp_mirror_release() {
-  pull_secret_file="${1}"
-  source_image="${2}"
-  dest_mirror_repo="${3}"
+	pull_secret_file="${1}"
+	source_image="${2}"
+	dest_mirror_repo="${3}"
 
-  oc adm -a "${pull_secret_file}" release mirror \
-         --from="${source_image}" \
-         --to="${dest_mirror_repo}"
+	oc adm -a "${pull_secret_file}" release mirror \
+		--from="${source_image}" \
+		--to="${dest_mirror_repo}"
 }

deploy/operator/setup_lso.sh

@@ -2,66 +2,41 @@ __dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 source ${__dir}/utils.sh
 source ${__dir}/mirror_utils.sh
 
+OC_VERSION=$(oc version -o json | jq --raw-output '.openshiftVersion' | cut -d'.' -f1-2)
 STORAGE_CLASS_NAME="${STORAGE_CLASS_NAME:-assisted-service}"
-INDEX_TAG="${INDEX_TAG:-v4.8}"
+INDEX_TAG="${INDEX_TAG:-v$OC_VERSION}"
 DISCONNECTED="${DISCONNECTED:-false}"
 
 function print_help() {
-  ALL_FUNCS="install_lso|create_local_volume|print_help"
-  if [ "${DISCONNECTED}" == "true" ]; then
-    echo "Usage: DISKS=\$(echo sd{b..f}) DISCONNECTED=true LOCAL_REGISTRY=... AUTHFILE=... bash ${0} (${ALL_FUNCS})"
-  else
-    echo "Usage: DISKS=\$(echo sd{b..f}) bash ${0} (${ALL_FUNCS})"
-  fi
+	ALL_FUNCS="install_lso|create_local_volume|print_help"
+	if [ "${DISCONNECTED}" == "true" ]; then
+		echo "Usage: DISKS=\$(echo sd{b..f}) DISCONNECTED=true LOCAL_REGISTRY=... AUTHFILE=... bash ${0} (${ALL_FUNCS})"
+	else
+		echo "Usage: DISKS=\$(echo sd{b..f}) bash ${0} (${ALL_FUNCS})"
+	fi
 }
 
 function install_lso() {
-  oc adm new-project openshift-local-storage || true
+	oc adm new-project openshift-local-storage || true
 
-  retry -- oc annotate namespace openshift-local-storage openshift.io/node-selector='' --overwrite=true
+	retry -- oc annotate namespace openshift-local-storage openshift.io/node-selector='' --overwrite=true
 
-  catalog_source_name="redhat-operators"
+	catalog_source_name="redhat-operators"
 
-  OC_VERSION_MAJOR_MINOR=$(oc version -o json | jq --raw-output '.openshiftVersion' | cut -d'.' -f1-2)
-  if [[ ${OC_VERSION_MAJOR_MINOR} == "4.15" && "${DISCONNECTED}" != true ]]; then
-      # LSO has not been published to the 4.15 redhat-operators catalog, so
-      # it cannot be installed on OpenShift 4.15. Until this is resolved,
-      # we explicitly install the 4.13 catalog as redhat-operators-v4-14
-      # and then subscribe to the LSO version from the 4.14 rather than the 4.15 catalog.
-      # TODO: Bump the versions once LSO is published to the 4.14 catalog.
-      catalog_source_name="redhat-operators-v4-14"
-      tee << EOCR >(oc apply -f -)
-kind: CatalogSource
-apiVersion: operators.coreos.com/v1alpha1
-metadata:
-  name: redhat-operators-v4-14
-  namespace: openshift-marketplace
-spec:
-  displayName: Red Hat Operators v4.14
-  image: registry.redhat.io/redhat/redhat-operator-index:v4.14
-  priority: -100
-  publisher: Red Hat
-  sourceType: grpc
-  updateStrategy:
-    registryPoll:
-      interval: 10m0s
-EOCR
-  fi
-
-  if [ "${DISCONNECTED}" = true ]; then
-    if ! which opm; then
-        install_opm
-    fi
+	if [ "${DISCONNECTED}" = true ]; then
+		if ! which opm; then
+			install_opm
+		fi
 
-    disable_default_indexes
+		disable_default_indexes
 
-    index_image="registry.redhat.io/redhat/redhat-operator-index:${INDEX_TAG}"
-    catalog_source_name="mirror-catalog-for-local-storage-operator"
-    mirror_package "local-storage-operator" \
-      "${index_image}" "${LOCAL_REGISTRY}" "${AUTHFILE}" "${catalog_source_name}"
-  fi
+		index_image="registry.redhat.io/redhat/redhat-operator-index:${INDEX_TAG}"
+		catalog_source_name="mirror-catalog-for-local-storage-operator"
+		mirror_package "local-storage-operator" \
+			"${index_image}" "${LOCAL_REGISTRY}" "${AUTHFILE}" "${catalog_source_name}"
+	fi
 
-  tee << EOCR >(oc apply -f -)
+	tee >(oc apply -f -) <<EOCR
 apiVersion: operators.coreos.com/v1alpha2
 kind: OperatorGroup
 metadata:
@@ -83,14 +58,14 @@ spec:
   sourceNamespace: openshift-marketplace
 EOCR
 
-  wait_for_operator "local-storage-operator" "openshift-local-storage"
-  echo "Done installing local-storage-operator!"
+	wait_for_operator "local-storage-operator" "openshift-local-storage"
+	echo "Done installing local-storage-operator!"
 }
 
 function create_local_volume() {
-  wait_for_crd "localvolumes.local.storage.openshift.io" "openshift-local-storage"
+	wait_for_crd "localvolumes.local.storage.openshift.io" "openshift-local-storage"
 
-  tee << EOCR >(oc apply -f -)
+	tee >(oc apply -f -) <<EOCR
 apiVersion: local.storage.openshift.io/v1
 kind: LocalVolume
 metadata:
@@ -106,12 +81,12 @@ $(printf '        - /dev/disk/by-id/wwn-%s\n' $(for disk in ${DISKS}; do disk_to
       volumeMode: Filesystem
 EOCR
 
-  echo "Done creating local volume for assisted-service!"
+	echo "Done creating local volume for assisted-service!"
 }
 
 if [ -z "$@" ] || ! declare -F "$@"; then
-  print_help
-  exit 1
+	print_help
+	exit 1
 fi
 
 "$@"