From 7c645d03142fe49df652eaab5e9656676cd56724 Mon Sep 17 00:00:00 2001 From: Frank Ketelaars Date: Sat, 7 Oct 2023 21:40:35 +0000 Subject: [PATCH 01/18] #548 Handle alternative repo/registry --- .../tasks/generate-case-resolvers.yml | 55 +++++++++++++++++++ .../cp-alternative-repo/tasks/main.yml | 3 + .../cp-alternative-repo/templates/play_env.j2 | 13 +++++ .../templates/resolvers.j2 | 18 ++++++ .../templates/resolvers_auth.j2 | 23 ++++++++ 5 files changed, 112 insertions(+) create mode 100644 automation-roles/50-install-cloud-pak/cp-alternative-repo/tasks/generate-case-resolvers.yml create mode 100644 automation-roles/50-install-cloud-pak/cp-alternative-repo/tasks/main.yml create mode 100644 automation-roles/50-install-cloud-pak/cp-alternative-repo/templates/play_env.j2 create mode 100644 automation-roles/50-install-cloud-pak/cp-alternative-repo/templates/resolvers.j2 create mode 100644 automation-roles/50-install-cloud-pak/cp-alternative-repo/templates/resolvers_auth.j2 diff --git a/automation-roles/50-install-cloud-pak/cp-alternative-repo/tasks/generate-case-resolvers.yml b/automation-roles/50-install-cloud-pak/cp-alternative-repo/tasks/generate-case-resolvers.yml new file mode 100644 index 000000000..1f7f5267e --- /dev/null +++ b/automation-roles/50-install-cloud-pak/cp-alternative-repo/tasks/generate-case-resolvers.yml @@ -0,0 +1,55 @@ +--- +- set_fact: + _cp_alt_repo: "{{ all_config.cp_alt_repo }}" + +- name: Get CASE repository token from vault secret {{ _cp_alt_repo.case_repo_token_secret }} + include_role: + name: vault-get-secret + vars: + secret_name: "{{ _cp_alt_repo.case_repo_token_secret }}" + secret_group: "{{ environment_name }}" + _p_secret_variable: _case_repo_token + +- name: Get alternative registry credentials vault secret {{ _cp_alt_repo.registry_secret }} + include_role: + name: vault-get-secret + vars: + secret_name: "{{ _cp_alt_repo.registry_secret }}" + secret_group: "{{ environment_name }}" + _p_secret_variable: _alt_registry_secret + +- name: Strip off https from the repository URLs + set_fact: + _case_repo_path_cp: "{{ (_cp_alt_repo.case_repo_path_cp | urlsplit('hostname')) + (_cp_alt_repo.case_repo_path_cp | urlsplit('path')) }}" + _case_repo_path_fs: "{{ (_cp_alt_repo.case_repo_path_fs | urlsplit('hostname')) + (_cp_alt_repo.case_repo_path_fs | urlsplit('path')) }}" + _case_repo_path_opencontent: "{{ (_cp_alt_repo.case_repo_path_opencontent | urlsplit('hostname')) + (_cp_alt_repo.case_repo_path_opencontent | urlsplit('path')) }}" + +- name: Extract registry user and password + set_fact: + _alt_registry_user: "{{ _alt_registry_secret | regex_search('^(.+):(.+)', '\\1') | first }}" + _alt_registry_password: "{{ _alt_registry_secret | regex_search('^(.+):(.+)', '\\2') | first }}" + +- name: Generate play_env.sh + template: + src: play_env.j2 + dest: "{{ status_dir }}/cloud-pak/play_env.sh" + +- name: Generate resolvers.yaml + template: + src: resolvers.j2 + dest: "{{ status_dir }}/cloud-pak/resolvers.yaml" + +- name: Generate resolvers_auth.yaml + template: + src: resolvers_auth.j2 + dest: "{{ status_dir }}/cloud-pak/resolvers_auth.yaml" + +- name: Copy casectl files to /tmp/work + copy: + src: "{{ item }}" + dest: /tmp/work/ + remote_src: true + loop: + - "{{ status_dir }}/cloud-pak/play_env.sh" + - "{{ status_dir }}/cloud-pak/resolvers.yaml" + - "{{ status_dir }}/cloud-pak/resolvers_auth.yaml" diff --git a/automation-roles/50-install-cloud-pak/cp-alternative-repo/tasks/main.yml b/automation-roles/50-install-cloud-pak/cp-alternative-repo/tasks/main.yml new file mode 100644 index 000000000..6cf48c981 --- /dev/null +++ b/automation-roles/50-install-cloud-pak/cp-alternative-repo/tasks/main.yml @@ -0,0 +1,3 @@ +--- +- include_tasks: generate-casectl-resolvers.yml + when: (all_config.cp_alt_repo | default({})) != {} \ No newline at end of file diff --git a/automation-roles/50-install-cloud-pak/cp-alternative-repo/templates/play_env.j2 b/automation-roles/50-install-cloud-pak/cp-alternative-repo/templates/play_env.j2 new file mode 100644 index 000000000..23d04c33f --- /dev/null +++ b/automation-roles/50-install-cloud-pak/cp-alternative-repo/templates/play_env.j2 @@ -0,0 +1,13 @@ +export CASECTL_RESOLVERS_LOCATION=/tmp/work/resolvers.yaml +export CASECTL_RESOLVERS_AUTH_LOCATION=/tmp/work/resolvers_auth.yaml +export CASE_TOLERATION='--skip-verify' +export GITHUB_TOKEN={{ _case_repo_token }} + +# Repository path for Cloud Pak +export CASE_REPO_PATH=https://{{ _case_repo_token }}@{{ _case_repo_path_cp }} + +# Repository path for Foundational Services +export CPFS_CASE_REPO_PATH=https://{{ _case_repo_token }}@{{ _case_repo_path_fs }} + +# Repository path for open content +export OPENCONTENT_CASE_REPO_PATH=https://{{ _case_repo_token }}@{{ _case_repo_path_opencontent }} \ No newline at end of file diff --git a/automation-roles/50-install-cloud-pak/cp-alternative-repo/templates/resolvers.j2 b/automation-roles/50-install-cloud-pak/cp-alternative-repo/templates/resolvers.j2 new file mode 100644 index 000000000..d748e1a93 --- /dev/null +++ b/automation-roles/50-install-cloud-pak/cp-alternative-repo/templates/resolvers.j2 @@ -0,0 +1,18 @@ +resolvers: + metadata: + description: resolver file to map cases and registries. Used to get dependency cases + resources: + cases: + repositories: + DevGitHub: + repositoryInfo: + url: "https://{{ _case_repo_path_cp }}" + cloudPakCertRepo: + repositoryInfo: + url: "https://{{ _case_repo_path_fs }}" + caseRepositoryMap: + - cases: + - case: "*" + version: "*" + repositories: + - cloudPakCertRepo \ No newline at end of file diff --git a/automation-roles/50-install-cloud-pak/cp-alternative-repo/templates/resolvers_auth.j2 b/automation-roles/50-install-cloud-pak/cp-alternative-repo/templates/resolvers_auth.j2 new file mode 100644 index 000000000..f7db5cfc3 --- /dev/null +++ b/automation-roles/50-install-cloud-pak/cp-alternative-repo/templates/resolvers_auth.j2 @@ -0,0 +1,23 @@ +resolversAuth: + metadata: + description: This is the INTERNAL authorization file for downloading CASE packages from an internal repo + resources: + cases: + repositories: + DevGitHub: + credentials: + basic: + username: not-specified@not-specified.com + password: {{ _case_repo_token }} + cloudPakCertRepo: + credentials: + basic: + username: not-specified@not-specified.com + password: {{ _case_repo_token }} + containerImages: + registries: + entitledStage: + credentials: + basic: + username: {{ _alt_registry_user }} + password: (( _alt_registry_password )) From ed0399575bbb4d9405e1c907d9a241c4677919ba Mon Sep 17 00:00:00 2001 From: Frank Ketelaars Date: Mon, 9 Oct 2023 19:41:08 +0000 Subject: [PATCH 02/18] #548 Allow using private repos for case files --- Dockerfile | 10 ++-- .../generic/cp_alt_repo/main.yaml | 1 + .../generic/cp_alt_repo/preprocessor.py | 31 +++++++++++ .../tasks/generate-case-resolvers.yml | 55 ++++++++++++------- .../cp-alternative-repo/tasks/main.yml | 2 +- .../templates/resolvers_auth.j2 | 4 +- .../cp-ocp-icsp/tasks/create-icsp-alt.yml | 8 +++ .../cp-ocp-icsp/tasks/create-icsp.yml | 2 +- .../cp-ocp-icsp/tasks/main.yml | 16 ++++-- .../templates/cloud-pak-icsp-alt.j2 | 13 +++++ .../tasks/cp4d-prepare-alt-registries.yml | 12 ++++ .../tasks/cp4d-prepare-alt-registry.yml | 26 +++++++++ .../tasks/cp4d-prepare-openshift.yml | 15 +++-- .../cp4d/cp4d-variables/tasks/main.yml | 6 +- cp-deploy.sh | 18 +++++- 15 files changed, 177 insertions(+), 42 deletions(-) create mode 100644 automation-generators/generic/cp_alt_repo/main.yaml create mode 100644 automation-generators/generic/cp_alt_repo/preprocessor.py create mode 100644 automation-roles/50-install-cloud-pak/cp-ocp-icsp/tasks/create-icsp-alt.yml create mode 100644 automation-roles/50-install-cloud-pak/cp-ocp-icsp/templates/cloud-pak-icsp-alt.j2 create mode 100644 automation-roles/50-install-cloud-pak/cp4d/cp4d-prepare-openshift/tasks/cp4d-prepare-alt-registries.yml create mode 100644 automation-roles/50-install-cloud-pak/cp4d/cp4d-prepare-openshift/tasks/cp4d-prepare-alt-registry.yml diff --git a/Dockerfile b/Dockerfile index 83680012a..1364e80aa 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,13 +1,15 @@ # Container image including olm-utils -# ARG CPD_OLM_UTILS_IMAGE +ARG CPD_OLM_UTILS_V1_IMAGE +ARG CPD_OLM_UTILS_V2_IMAGE + FROM registry.access.redhat.com/ubi8/ubi -# FROM ${CPD_OLM_UTILS_IMAGE} -FROM icr.io/cpopen/cpd/olm-utils:latest as olm-utils-v1 +FROM ${CPD_OLM_UTILS_V1_IMAGE} as olm-utils-v1 + RUN cd /opt/ansible && \ tar czf /tmp/opt-ansible-v1.tar.gz * -FROM icr.io/cpopen/cpd/olm-utils-v2:latest +FROM ${CPD_OLM_UTILS_V2_IMAGE} LABEL authors="Arthur Laimbock, \ Markus Wiegleb, \ diff --git a/automation-generators/generic/cp_alt_repo/main.yaml b/automation-generators/generic/cp_alt_repo/main.yaml new file mode 100644 index 000000000..73b314ff7 --- /dev/null +++ b/automation-generators/generic/cp_alt_repo/main.yaml @@ -0,0 +1 @@ +--- \ No newline at end of file diff --git a/automation-generators/generic/cp_alt_repo/preprocessor.py b/automation-generators/generic/cp_alt_repo/preprocessor.py new file mode 100644 index 000000000..b04dfdcdf --- /dev/null +++ b/automation-generators/generic/cp_alt_repo/preprocessor.py @@ -0,0 +1,31 @@ +from generatorPreProcessor import GeneratorPreProcessor +import sys, os +import re + + +def str_to_bool(s): + if s == None: + return False + else: + return s.lower() in ['true','yes','1'] + +def preprocessor(attributes=None, fullConfig=None, moduleVariables=None): + global g + g = GeneratorPreProcessor(attributes,fullConfig,moduleVariables) + + g('repo').isRequired() + g('registry_pull_secrets').isRequired() + g('registry_mirrors').isRequired() + + # Now that we have reached this point, we can check the attribute details if the previous checks passed + if len(g.getErrors()) == 0: + g('repo.token_secret').isRequired() + g('repo.cp_path').isRequired() + g('repo.fs_path').isRequired() + g('repo.opencontent_path').isRequired() + + result = { + 'attributes_updated': g.getExpandedAttributes(), + 'errors': g.getErrors() + } + return result \ No newline at end of file diff --git a/automation-roles/50-install-cloud-pak/cp-alternative-repo/tasks/generate-case-resolvers.yml b/automation-roles/50-install-cloud-pak/cp-alternative-repo/tasks/generate-case-resolvers.yml index 1f7f5267e..38b9e2165 100644 --- a/automation-roles/50-install-cloud-pak/cp-alternative-repo/tasks/generate-case-resolvers.yml +++ b/automation-roles/50-install-cloud-pak/cp-alternative-repo/tasks/generate-case-resolvers.yml @@ -6,43 +6,56 @@ include_role: name: vault-get-secret vars: - secret_name: "{{ _cp_alt_repo.case_repo_token_secret }}" + secret_name: "{{ _cp_alt_repo.repo.token_secret }}" secret_group: "{{ environment_name }}" _p_secret_variable: _case_repo_token -- name: Get alternative registry credentials vault secret {{ _cp_alt_repo.registry_secret }} - include_role: - name: vault-get-secret - vars: - secret_name: "{{ _cp_alt_repo.registry_secret }}" - secret_group: "{{ environment_name }}" - _p_secret_variable: _alt_registry_secret +- fail: + msg: "Secret {{ _cp_alt_repo.repo.token_secret }} not found in vault; it must contain the alternative Git repository's login token" + when: _case_repo_token=="" + +# - name: Get alternative registry credentials vault secret {{ _cp_alt_repo.registry_secret }} +# include_role: +# name: vault-get-secret +# vars: +# secret_name: "{{ _cp_alt_repo.registry_secret }}" +# secret_group: "{{ environment_name }}" +# _p_secret_variable: _alt_registry_secret + +# - fail: +# msg: "Secret {{ _cp_alt_repo.registry_secret }} not found in vault; it must contain the alternative registry's login credentials" +# when: _alt_registry_secret=="" - name: Strip off https from the repository URLs set_fact: - _case_repo_path_cp: "{{ (_cp_alt_repo.case_repo_path_cp | urlsplit('hostname')) + (_cp_alt_repo.case_repo_path_cp | urlsplit('path')) }}" - _case_repo_path_fs: "{{ (_cp_alt_repo.case_repo_path_fs | urlsplit('hostname')) + (_cp_alt_repo.case_repo_path_fs | urlsplit('path')) }}" - _case_repo_path_opencontent: "{{ (_cp_alt_repo.case_repo_path_opencontent | urlsplit('hostname')) + (_cp_alt_repo.case_repo_path_opencontent | urlsplit('path')) }}" + _case_repo_path_cp: "{{ (_cp_alt_repo.repo.cp_path | urlsplit('hostname')) + (_cp_alt_repo.repo.cp_path | urlsplit('path')) }}" + _case_repo_path_fs: "{{ (_cp_alt_repo.repo.fs_path | urlsplit('hostname')) + (_cp_alt_repo.repo.fs_path | urlsplit('path')) }}" + _case_repo_path_opencontent: "{{ (_cp_alt_repo.repo.opencontent_path | urlsplit('hostname')) + (_cp_alt_repo.repo.opencontent_path | urlsplit('path')) }}" -- name: Extract registry user and password - set_fact: - _alt_registry_user: "{{ _alt_registry_secret | regex_search('^(.+):(.+)', '\\1') | first }}" - _alt_registry_password: "{{ _alt_registry_secret | regex_search('^(.+):(.+)', '\\2') | first }}" +# - name: Extract alternative registry and user and password +# set_fact: +# _alt_registry_user: "{{ _alt_registry_secret | regex_search('^(.+):(.+)', '\\1') | first }}" +# _alt_registry_password: "{{ _alt_registry_secret | regex_search('^(.+):(.+)', '\\2') | first }}" + +- name: Ensure {{ status_dir }}/cloud-paks exists + file: + path: "{{ status_dir }}/cloud-paks" + state: directory - name: Generate play_env.sh template: src: play_env.j2 - dest: "{{ status_dir }}/cloud-pak/play_env.sh" + dest: "{{ status_dir }}/cloud-paks/play_env.sh" - name: Generate resolvers.yaml template: src: resolvers.j2 - dest: "{{ status_dir }}/cloud-pak/resolvers.yaml" + dest: "{{ status_dir }}/cloud-paks/resolvers.yaml" - name: Generate resolvers_auth.yaml template: src: resolvers_auth.j2 - dest: "{{ status_dir }}/cloud-pak/resolvers_auth.yaml" + dest: "{{ status_dir }}/cloud-paks/resolvers_auth.yaml" - name: Copy casectl files to /tmp/work copy: @@ -50,6 +63,6 @@ dest: /tmp/work/ remote_src: true loop: - - "{{ status_dir }}/cloud-pak/play_env.sh" - - "{{ status_dir }}/cloud-pak/resolvers.yaml" - - "{{ status_dir }}/cloud-pak/resolvers_auth.yaml" + - "{{ status_dir }}/cloud-paks/play_env.sh" + - "{{ status_dir }}/cloud-paks/resolvers.yaml" + - "{{ status_dir }}/cloud-paks/resolvers_auth.yaml" diff --git a/automation-roles/50-install-cloud-pak/cp-alternative-repo/tasks/main.yml b/automation-roles/50-install-cloud-pak/cp-alternative-repo/tasks/main.yml index 6cf48c981..3c933d912 100644 --- a/automation-roles/50-install-cloud-pak/cp-alternative-repo/tasks/main.yml +++ b/automation-roles/50-install-cloud-pak/cp-alternative-repo/tasks/main.yml @@ -1,3 +1,3 @@ --- -- include_tasks: generate-casectl-resolvers.yml +- include_tasks: generate-case-resolvers.yml when: (all_config.cp_alt_repo | default({})) != {} \ No newline at end of file diff --git a/automation-roles/50-install-cloud-pak/cp-alternative-repo/templates/resolvers_auth.j2 b/automation-roles/50-install-cloud-pak/cp-alternative-repo/templates/resolvers_auth.j2 index f7db5cfc3..771769e15 100644 --- a/automation-roles/50-install-cloud-pak/cp-alternative-repo/templates/resolvers_auth.j2 +++ b/automation-roles/50-install-cloud-pak/cp-alternative-repo/templates/resolvers_auth.j2 @@ -19,5 +19,5 @@ resolversAuth: entitledStage: credentials: basic: - username: {{ _alt_registry_user }} - password: (( _alt_registry_password )) + username: not-used + password: not-used diff --git a/automation-roles/50-install-cloud-pak/cp-ocp-icsp/tasks/create-icsp-alt.yml b/automation-roles/50-install-cloud-pak/cp-ocp-icsp/tasks/create-icsp-alt.yml new file mode 100644 index 000000000..daae806be --- /dev/null +++ b/automation-roles/50-install-cloud-pak/cp-ocp-icsp/tasks/create-icsp-alt.yml @@ -0,0 +1,8 @@ +--- +- name: Create ImageContentSourcePolicy for alternative registries into {{ status_dir }}/openshift/cloud-pak-icsp.yaml + template: + src: cloud-pak-icsp-alt.j2 + dest: "{{ status_dir }}/openshift/cloud-pak-icsp.yaml" + +- name: Create ImageContentSourcePolicy {{ icsp_name }} + shell: "oc apply -f {{ status_dir }}/openshift/cloud-pak-icsp.yaml" \ No newline at end of file diff --git a/automation-roles/50-install-cloud-pak/cp-ocp-icsp/tasks/create-icsp.yml b/automation-roles/50-install-cloud-pak/cp-ocp-icsp/tasks/create-icsp.yml index 3c4ec9f6e..790235fc9 100644 --- a/automation-roles/50-install-cloud-pak/cp-ocp-icsp/tasks/create-icsp.yml +++ b/automation-roles/50-install-cloud-pak/cp-ocp-icsp/tasks/create-icsp.yml @@ -1,5 +1,5 @@ --- -- name: Create ImageContentSourcePolicy yaml +- name: Create ImageContentSourcePolicy for private registry template: src: cloud-pak-icsp.j2 dest: "{{ status_dir }}/openshift/cloud-pak-icsp.yaml" diff --git a/automation-roles/50-install-cloud-pak/cp-ocp-icsp/tasks/main.yml b/automation-roles/50-install-cloud-pak/cp-ocp-icsp/tasks/main.yml index 38ce76a13..11bf6f791 100644 --- a/automation-roles/50-install-cloud-pak/cp-ocp-icsp/tasks/main.yml +++ b/automation-roles/50-install-cloud-pak/cp-ocp-icsp/tasks/main.yml @@ -1,8 +1,16 @@ --- -- name: Create ImageContentSourcePolicy - include_tasks: create-icsp.yml - when: _mco_exists +- include_tasks: create-icsp.yml + when: + - _mco_exists + - (all_config.cp_alt_repo | default({})) == {} + +- include_tasks: create-icsp-alt.yml + when: + - _mco_exists + - (all_config.cp_alt_repo | default({})) != {} - name: Apply ImageContentSourcePolicy settings if the Machine Config Operator does not exist include_tasks: non-mco-apply-icsp.yml - when: not _mco_exists \ No newline at end of file + when: + - not _mco_exists + - (all_config.cp_alt_repo | default({})) == {} \ No newline at end of file diff --git a/automation-roles/50-install-cloud-pak/cp-ocp-icsp/templates/cloud-pak-icsp-alt.j2 b/automation-roles/50-install-cloud-pak/cp-ocp-icsp/templates/cloud-pak-icsp-alt.j2 new file mode 100644 index 000000000..ff06fecd2 --- /dev/null +++ b/automation-roles/50-install-cloud-pak/cp-ocp-icsp/templates/cloud-pak-icsp-alt.j2 @@ -0,0 +1,13 @@ +apiVersion: operator.openshift.io/v1alpha1 +kind: ImageContentSourcePolicy +metadata: + name: {{ icsp_name }} +spec: + repositoryDigestMirrors: +{% for registry_mirror in all_config.cp_alt_repo.registry_mirrors %} + - source: {{ registry_mirror.source}} + mirrors: +{% for mirror in registry_mirror.mirrors %} + - {{ mirror }} +{% endfor %} +{% endfor %} \ No newline at end of file diff --git a/automation-roles/50-install-cloud-pak/cp4d/cp4d-prepare-openshift/tasks/cp4d-prepare-alt-registries.yml b/automation-roles/50-install-cloud-pak/cp4d/cp4d-prepare-openshift/tasks/cp4d-prepare-alt-registries.yml new file mode 100644 index 000000000..0c5ab4d5b --- /dev/null +++ b/automation-roles/50-install-cloud-pak/cp4d/cp4d-prepare-openshift/tasks/cp4d-prepare-alt-registries.yml @@ -0,0 +1,12 @@ +--- +- set_fact: + _alt_registry_pull_secrets: "{{ all_config.cp_alt_repo.registry_pull_secrets }}" + +- include_tasks: cp4d-prepare-alt-registry.yml + loop: "{{ _alt_registry_pull_secrets | default([]) }}" + loop_control: + loop_var: _alt_registry + +- name: Create ImageContentSourcePolicy for the alternative registries + include_role: + name: cp-ocp-icsp \ No newline at end of file diff --git a/automation-roles/50-install-cloud-pak/cp4d/cp4d-prepare-openshift/tasks/cp4d-prepare-alt-registry.yml b/automation-roles/50-install-cloud-pak/cp4d/cp4d-prepare-openshift/tasks/cp4d-prepare-alt-registry.yml new file mode 100644 index 000000000..cbffe21fe --- /dev/null +++ b/automation-roles/50-install-cloud-pak/cp4d/cp4d-prepare-openshift/tasks/cp4d-prepare-alt-registry.yml @@ -0,0 +1,26 @@ +--- +- name: Preparing pull secret alternative registry {{ _alt_registry.registry }} + debug: + var: _alt_registry + +- set_fact: + _registry_url_without_path: "{{ _alt_registry.registry.split('/') | first }}" + +- name: Get alternative registry credentials vault secret {{ _alt_registry.pull_secret }} + include_role: + name: vault-get-secret + vars: + secret_name: "{{ _alt_registry.pull_secret }}" + secret_group: "{{ environment_name }}" + _p_secret_variable: _alt_registry_pull_secret + +- fail: + msg: "Secret {{ _alt_registry.pull_secret }} not found in vault; it must contain the alternative registry's login credentials" + when: _alt_registry_pull_secret=="" + +- name: Set the global pull secret for alternative registry {{ _registry_url_without_path }} + include_role: + name: cp-ocp-global-pull-secret + vars: + _p_registry_url: "{{ _registry_url_without_path }}" + _p_registry_pull_secret: "{{ _alt_registry_pull_secret }}" \ No newline at end of file diff --git a/automation-roles/50-install-cloud-pak/cp4d/cp4d-prepare-openshift/tasks/cp4d-prepare-openshift.yml b/automation-roles/50-install-cloud-pak/cp4d/cp4d-prepare-openshift/tasks/cp4d-prepare-openshift.yml index e3a5efe45..0f74e6d67 100644 --- a/automation-roles/50-install-cloud-pak/cp4d/cp4d-prepare-openshift/tasks/cp4d-prepare-openshift.yml +++ b/automation-roles/50-install-cloud-pak/cp4d/cp4d-prepare-openshift/tasks/cp4d-prepare-openshift.yml @@ -4,15 +4,18 @@ name: cp-ocp-mco-pause - include_tasks: cp4d-prepare-entitled-registry.yml - when: (current_cp4d_cluster.image_registry_name | default("")) == "" + when: + - (current_cp4d_cluster.image_registry_name | default("")) == "" + - (all_config.cp_alt_repo | default({})) == {} - include_tasks: cp4d-prepare-private-registry.yml - when: (current_cp4d_cluster.image_registry_name | default("")) != "" + when: + - (current_cp4d_cluster.image_registry_name | default("")) != "" + - (all_config.cp_alt_repo | default({})) == {} -# TODO: Remove temporary fix -# - name: Create ImageContentSourcePolicy for Manta -# include_role: -# name: cp4d-ocp-icsp-manta +- include_tasks: cp4d-prepare-alt-registry.yml + when: + - (all_config.cp_alt_repo | default({})) != {} - name: Set the kernel parameters via the Tuned object if not on IBM Cloud include_role: diff --git a/automation-roles/50-install-cloud-pak/cp4d/cp4d-variables/tasks/main.yml b/automation-roles/50-install-cloud-pak/cp4d/cp4d-variables/tasks/main.yml index ebbeedd59..3366f5f02 100644 --- a/automation-roles/50-install-cloud-pak/cp4d/cp4d-variables/tasks/main.yml +++ b/automation-roles/50-install-cloud-pak/cp4d/cp4d-variables/tasks/main.yml @@ -211,4 +211,8 @@ - name: Write cartridge information to file {{ status_dir }}/log/{{ _p_current_cp4d_cluster.project }}-cartridges.json copy: content: "{{ _cartridges_to_install | default([]) | to_json }}" - dest: "{{ status_dir }}/log/{{ _p_current_cp4d_cluster.project }}-cartridges.json" \ No newline at end of file + dest: "{{ status_dir }}/log/{{ _p_current_cp4d_cluster.project }}-cartridges.json" + +- name: Set up alternative repository and registry if specified + include_role: + name: cp-alternative-repo \ No newline at end of file diff --git a/cp-deploy.sh b/cp-deploy.sh index 4d4d4338e..8972e484d 100755 --- a/cp-deploy.sh +++ b/cp-deploy.sh @@ -616,7 +616,7 @@ if ! $INSIDE_CONTAINER;then # If running "build" subcommand, build the image if [ "$SUBCOMMAND" == "build" ];then - echo "Building container image for Cloud Pak Deployer" + echo "Building Cloud Pak Deployer container image cloud-pak-deployer:${CPD_IMAGE_TAG}" # Store version info into image mkdir -p ${SCRIPT_DIR}/.version-info DEPLOYER_VERSION_INFO=$(git log -n1 --pretty='format:%h %cd |%s' --date=format:'%Y-%m-%dT%H:%M:%S' 2> /dev/null) @@ -624,8 +624,22 @@ if ! $INSIDE_CONTAINER;then echo "COMMIT_TIMESTAMP=$(echo $DEPLOYER_VERSION_INFO | awk '{print $2}')" >> ${SCRIPT_DIR}/.version-info/version-info.sh echo "COMMIT_MESSAGE=\"$(echo $DEPLOYER_VERSION_INFO | cut -d'|' -f2)\"" >> ${SCRIPT_DIR}/.version-info/version-info.sh chmod +x ${SCRIPT_DIR}/.version-info/version-info.sh + # Show version info + cat ${SCRIPT_DIR}/.version-info/version-info.sh + # If images have not been overridden, set the variables here + if [ -z $CPD_OLM_UTILS_V1_IMAGE ];then + export CPD_OLM_UTILS_V1_IMAGE=icr.io/cpopen/cpd/olm-utils:latest + fi + if [ -z $CPD_OLM_UTILS_V2_IMAGE ];then + export CPD_OLM_UTILS_V2_IMAGE=icr.io/cpopen/cpd/olm-utils-v2:latest + fi # Build the image - ${CPD_CONTAINER_ENGINE} build -t cloud-pak-deployer:${CPD_IMAGE_TAG} --pull -f ${SCRIPT_DIR}/Dockerfile ${SCRIPT_DIR} + ${CPD_CONTAINER_ENGINE} build -t cloud-pak-deployer:${CPD_IMAGE_TAG} \ + --pull \ + -f ${SCRIPT_DIR}/Dockerfile \ + --build-arg CPD_OLM_UTILS_V1_IMAGE=${CPD_OLM_UTILS_V1_IMAGE} \ + --build-arg CPD_OLM_UTILS_V2_IMAGE=${CPD_OLM_UTILS_V2_IMAGE} \ + ${SCRIPT_DIR} exit $? fi fi From 5b744e899e3b034ee186f1826f4c9a8a76953e40 Mon Sep 17 00:00:00 2001 From: Frank Ketelaars Date: Tue, 10 Oct 2023 05:49:35 +0000 Subject: [PATCH 03/18] #548 Handle multiple registries --- .../tasks/cp4d-prepare-alt-registries.yml | 3 +++ .../cp4d-prepare-openshift/tasks/cp4d-prepare-openshift.yml | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/automation-roles/50-install-cloud-pak/cp4d/cp4d-prepare-openshift/tasks/cp4d-prepare-alt-registries.yml b/automation-roles/50-install-cloud-pak/cp4d/cp4d-prepare-openshift/tasks/cp4d-prepare-alt-registries.yml index 0c5ab4d5b..9c4d5e370 100644 --- a/automation-roles/50-install-cloud-pak/cp4d/cp4d-prepare-openshift/tasks/cp4d-prepare-alt-registries.yml +++ b/automation-roles/50-install-cloud-pak/cp4d/cp4d-prepare-openshift/tasks/cp4d-prepare-alt-registries.yml @@ -2,6 +2,9 @@ - set_fact: _alt_registry_pull_secrets: "{{ all_config.cp_alt_repo.registry_pull_secrets }}" +- debug: + var: _alt_registry_pull_secrets + - include_tasks: cp4d-prepare-alt-registry.yml loop: "{{ _alt_registry_pull_secrets | default([]) }}" loop_control: diff --git a/automation-roles/50-install-cloud-pak/cp4d/cp4d-prepare-openshift/tasks/cp4d-prepare-openshift.yml b/automation-roles/50-install-cloud-pak/cp4d/cp4d-prepare-openshift/tasks/cp4d-prepare-openshift.yml index 0f74e6d67..0f5b160fd 100644 --- a/automation-roles/50-install-cloud-pak/cp4d/cp4d-prepare-openshift/tasks/cp4d-prepare-openshift.yml +++ b/automation-roles/50-install-cloud-pak/cp4d/cp4d-prepare-openshift/tasks/cp4d-prepare-openshift.yml @@ -13,7 +13,7 @@ - (current_cp4d_cluster.image_registry_name | default("")) != "" - (all_config.cp_alt_repo | default({})) == {} -- include_tasks: cp4d-prepare-alt-registry.yml +- include_tasks: cp4d-prepare-alt-registries.yml when: - (all_config.cp_alt_repo | default({})) != {} From cc06167b898af86a2e55cd8527de8fd6b4b4fd30 Mon Sep 17 00:00:00 2001 From: Frank Ketelaars Date: Wed, 11 Oct 2023 20:33:14 +0000 Subject: [PATCH 04/18] #548 Default to non-IAM authentication --- .../tasks/install-control-plane-olm-utils.yml | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/tasks/install-control-plane-olm-utils.yml b/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/tasks/install-control-plane-olm-utils.yml index 8e4f3236a..d438ea31c 100644 --- a/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/tasks/install-control-plane-olm-utils.yml +++ b/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/tasks/install-control-plane-olm-utils.yml @@ -4,11 +4,16 @@ path: /tmp/work state: directory +- name: Generate platform install options file {{ status_dir }}/cp4d/{{ current_cp4d_cluster.project }}-cpd-platform-install-options.yml + template: + src: apply-cr-cpd-platform-install-options.j2 + dest: "{{ status_dir }}/cp4d/{{ current_cp4d_cluster.project }}-cpd-platform-install-options.yml" + - name: Generate apply-cr command to install Cloud Pak for Data platform set_fact: _apply_cr_command: "{{ lookup('template', 'apply-cr-cpd-platform.j2') }}" vars: - _p_preview_script: True + _p_preview_script: True - name: Show apply-cr command to install Cloud Pak for Data platform debug: @@ -42,13 +47,6 @@ {{ status_dir }}/cp4d/{{ current_cp4d_cluster.project }}-apply-cr-platform.sh >> {{ status_dir }}/log/{{ current_cp4d_cluster.project }}-apply-cr-cpd-platform.log 2>&1 when: not _sequential_install -- name: Setup Coud Pak for Data to use Foundational Services IAM - shell: | - oc patch -n {{ current_cp4d_cluster.project }} Ibmcpd ibmcpd-cr \ - --type=merge \ - --patch='{"spec":{"cloudpakfordata": true, "iamIntegration": true}}' - when: (current_cp4d_cluster.use_fs_iam | default(False) | bool) - # Wait for ZenService to be created (can take 10-15 minutes) - name: Wait for ZenService to be completed shell: | From 4ab1f0abcc27e69ff02b991f8a73e2624ff5baab Mon Sep 17 00:00:00 2001 From: Frank Ketelaars Date: Wed, 11 Oct 2023 20:33:39 +0000 Subject: [PATCH 05/18] #548 Do not delete resolvers --- .../cp4d-cluster/tasks/openshift-prepare-project.yml | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/tasks/openshift-prepare-project.yml b/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/tasks/openshift-prepare-project.yml index f12a539af..a573e0921 100644 --- a/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/tasks/openshift-prepare-project.yml +++ b/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/tasks/openshift-prepare-project.yml @@ -43,16 +43,6 @@ shell: | {{ status_dir }}/cp4d/{{ current_cp4d_cluster.project }}-authorize-instance.sh - # TODO: Remove this step, should not be needed - - name: Delete resolver files - file: - path: "{{ item }}" - state: absent - loop: - - /tmp/auth/play_env.sh - - /tmp/auth/resolvers_auth.yaml - - /tmp/work/resolvers.yaml - - name: Generate setup instance topology script {{ status_dir }}/cp4d/{{ current_cp4d_cluster.project }}-setup-instance-topology.sh template: src: setup-instance-topology.j2 From 276ffb9b1657eaea88db5c8cdb09e12b7540552b Mon Sep 17 00:00:00 2001 From: Frank Ketelaars Date: Wed, 11 Oct 2023 20:34:00 +0000 Subject: [PATCH 06/18] #548 Prepare for 4.8 install --- .../apply-cr-cpd-platform-install-options.j2 | 4 ++++ .../templates/apply-cr-cpd-platform.j2 | 3 ++- .../tasks/cp4d-show-details.yml | 18 +++++++++++++++++- 3 files changed, 23 insertions(+), 2 deletions(-) create mode 100644 automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/templates/apply-cr-cpd-platform-install-options.j2 diff --git a/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/templates/apply-cr-cpd-platform-install-options.j2 b/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/templates/apply-cr-cpd-platform-install-options.j2 new file mode 100644 index 000000000..90b98ff12 --- /dev/null +++ b/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/templates/apply-cr-cpd-platform-install-options.j2 @@ -0,0 +1,4 @@ +custom_spec: + cpd_platform: + cloudpakfordata: true + iamIntegration: {{ current_cp4d_cluster.use_fs_iam | default(False) | bool }} \ No newline at end of file diff --git a/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/templates/apply-cr-cpd-platform.j2 b/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/templates/apply-cr-cpd-platform.j2 index edb34992a..2a4140ed5 100644 --- a/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/templates/apply-cr-cpd-platform.j2 +++ b/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/templates/apply-cr-cpd-platform.j2 @@ -5,4 +5,5 @@ apply-cr \ -v \ --cpd_instance_ns={{ current_cp4d_cluster.project }} \ --components=cpfs,cpd_platform \ - --file_storage_class={{ ocp_storage_class_file }} --block_storage_class={{ ocp_storage_class_block }} \ No newline at end of file + --file_storage_class={{ ocp_storage_class_file }} --block_storage_class={{ ocp_storage_class_block }} \ + --param-file={{ status_dir }}/cp4d/{{ current_cp4d_cluster.project }}-cpd-platform-install-options.yml \ No newline at end of file diff --git a/automation-roles/80-smoke-tests/cp4d-cluster-show/tasks/cp4d-show-details.yml b/automation-roles/80-smoke-tests/cp4d-cluster-show/tasks/cp4d-show-details.yml index ab9667c99..a32beff88 100644 --- a/automation-roles/80-smoke-tests/cp4d-cluster-show/tasks/cp4d-show-details.yml +++ b/automation-roles/80-smoke-tests/cp4d-cluster-show/tasks/cp4d-show-details.yml @@ -16,6 +16,21 @@ -o jsonpath="{.items[0].spec.host}" register: cp4d_url +- name: Get ZenService CR to check authentication method + shell: | + oc get --namespace {{ current_cp4d_cluster.project }} ZenService lite-cr -o json + register: _zenservice_cr + +- set_fact: + _iam_integration: "{{ (_zenservice_cr.stdout | from_json).spec.iamIntegration | bool }}" + +- set_fact: + _cp4d_admin_user: "admin" + +- set_fact: + _cp4d_admin_user: "cpadmin" + when: _iam_integration + - name: Make sure that directory {{ status_dir }}/cloud-paks exists file: path: "{{ status_dir }}/cloud-paks" @@ -30,6 +45,7 @@ debug: msg: - "CP4D URL: https://{{ cp4d_url.stdout }}" - - "CP4D admin password: {{ _cp4d_admin_password }}" + - "CP4D User: {{ _cp4d_admin_user }}" + - "CP4D {{ _cp4d_admin_user }} password: {{ _cp4d_admin_password }}" vars: ansible_callback_diy_runner_on_ok_msg: "{{ ansible_callback_diy.result.output.msg }}\n" From bf0d2f1a36b13e62a3ca9df56520bf723f97b1fc Mon Sep 17 00:00:00 2001 From: Frank Ketelaars Date: Thu, 12 Oct 2023 19:51:44 +0000 Subject: [PATCH 07/18] #548 Change password for IAM --- .../tasks/change-cpd-admin-password-iam.yml | 12 ++++ .../change-cpd-admin-password-non-iam.yml | 21 +++++++ .../tasks/configure-cpd-admin-password.yml | 55 +++++++++++-------- 3 files changed, 64 insertions(+), 24 deletions(-) create mode 100644 automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/tasks/change-cpd-admin-password-iam.yml create mode 100644 automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/tasks/change-cpd-admin-password-non-iam.yml diff --git a/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/tasks/change-cpd-admin-password-iam.yml b/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/tasks/change-cpd-admin-password-iam.yml new file mode 100644 index 000000000..74ce10e3b --- /dev/null +++ b/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/tasks/change-cpd-admin-password-iam.yml @@ -0,0 +1,12 @@ +--- +# Store password from vault into OpenShift secret (also in case of reinstallation with existing vault secret) +- name: Update {{ cp4d_login_username }} password in OpenShift secret when using Foundational Services IAM + shell: | + oc set data --namespace {{ current_cp4d_cluster.project }} ssecret/platform-auth-idp-credentials \ + --from-literal=admin_password="{{ _cp4d_admin_password_vault }}" + +- name: Restart the platform identity pods + shell: | + oc delete po --namespace {{ current_cp4d_cluster.project }} -l app=platform-auth-service --ignore-not-found + oc delete po --namespace {{ current_cp4d_cluster.project }} -l app=platform-identity-management --ignore-not-found + oc delete po --namespace {{ current_cp4d_cluster.project }} -l app=platform-identity-provider --ignore-not-found \ No newline at end of file diff --git a/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/tasks/change-cpd-admin-password-non-iam.yml b/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/tasks/change-cpd-admin-password-non-iam.yml new file mode 100644 index 000000000..622fc791f --- /dev/null +++ b/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/tasks/change-cpd-admin-password-non-iam.yml @@ -0,0 +1,21 @@ +--- +- name: Set new password for user {{ cp4d_login_username }} + shell: | + curl -s -k -X POST https://{{ cp4d_url.stdout }}/icp4d-api/v1/changepassword \ + -H 'Authorization: Bearer {{ _cp4d_login_result.json.token }}' \ + -H 'Content-Type: multipart/form-data' \ + -H 'cache-control: no-cache' \ + -F current_password={{ _current_cp4d_admin_password }} \ + -F new_password={{ _cp4d_admin_password_vault }} + register: _cp4d_change_password_result + retries: 3 + delay: 5 + until: _cp4d_change_password_result.rc==0 + args: + warn: false + +# Store password from vault into OpenShift secret (also in case of reinstallation with existing vault secret) +- name: Update {{ cp4d_login_username }} password in OpenShift secret when not using Foundational Services IAM + shell: | + oc set data --namespace {{ current_cp4d_cluster.project }} secret/admin-user-details \ + --from-literal=initial_admin_password="{{ _cp4d_admin_password_vault }}" \ No newline at end of file diff --git a/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/tasks/configure-cpd-admin-password.yml b/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/tasks/configure-cpd-admin-password.yml index 5dfa7a724..ccc864fef 100644 --- a/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/tasks/configure-cpd-admin-password.yml +++ b/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/tasks/configure-cpd-admin-password.yml @@ -10,6 +10,14 @@ secret_group: "{{ environment_name }}" _p_secret_variable: _cp4d_admin_password_vault +- name: Get ZenService CR to check authentication method + shell: | + oc get --namespace {{ current_cp4d_cluster.project }} ZenService lite-cr -o json + register: _zenservice_cr + +- set_fact: + _iam_integration: "{{ (_zenservice_cr.stdout | from_json).spec.iamIntegration | bool }}" + - name: Set new password for admin user if none is available yet block: - name: Generate new password for {{ cp4d_login_username }} user @@ -40,10 +48,22 @@ when: _cp4d_admin_password_vault=="" -- name: Extract admin password from OpenShift secret +- name: Extract admin password from OpenShift secret admin-user-details + shell: | + oc extract \ + --namespace {{ current_cp4d_cluster.project }} \ + secret/admin-user-details --to=- + register: _cp4d_admin_password_secret + when: not _iam_integration + +- name: Extract admin password from OpenShift secret admin-user-details shell: | - oc extract --namespace {{ current_cp4d_cluster.project }} secret/admin-user-details --to=- + oc extract \ + --namespace {{ current_cp4d_cluster.project }} \ + secret/platform-auth-idp-credentials \ + --keys=admin_password --to=- register: _cp4d_admin_password_secret + when: not _iam_integration - name: Show existing admin password from secret debug: @@ -84,25 +104,12 @@ msg: "Could not login to Cloud Pak for Data instance {{ current_cp4d_cluster.project }} using either OpenShift secret or vault password. Potentially the admin password was changed from the UI. To remediate, update vault secret {{ _cp4d_admin_password_vault_key_name }} to reflect the new password." when: not _cp4d_login_secret_successful and not _cp4d_login_successful -- name: Set new password for user {{ cp4d_login_username }} - shell: | - curl -s -k -X POST https://{{ cp4d_url.stdout }}/icp4d-api/v1/changepassword \ - -H 'Authorization: Bearer {{ _cp4d_login_result.json.token }}' \ - -H 'Content-Type: multipart/form-data' \ - -H 'cache-control: no-cache' \ - -F current_password={{ _current_cp4d_admin_password }} \ - -F new_password={{ _cp4d_admin_password_vault }} - register: _cp4d_change_password_result - retries: 3 - delay: 5 - until: _cp4d_change_password_result.rc==0 - args: - warn: false - when: _current_cp4d_admin_password != _cp4d_admin_password_vault - -# Store password from vault into OpenShift secret (also in case of reinstallation with existing vault secret) -- name: Update {{ cp4d_login_username }} password in OpenShift secret - shell: | - oc set data --namespace {{ current_cp4d_cluster.project }} secret/admin-user-details \ - --from-literal=initial_admin_password="{{ _cp4d_admin_password_vault }}" - when: _cp4d_admin_password_secret != _cp4d_admin_password_vault \ No newline at end of file +- include_task: change-cpd-admin-password-non-iam.yml + when: + - not _iam_integration + - _current_cp4d_admin_password != _cp4d_admin_password_vault + +- include_task: change-cpd-admin-password-iam.yml + when: + - _iam_integration + - _current_cp4d_admin_password != _cp4d_admin_password_vault \ No newline at end of file From 33df3fb65c7ee07bce30f696faa5af0307a8b80c Mon Sep 17 00:00:00 2001 From: Frank Ketelaars Date: Mon, 16 Oct 2023 22:26:17 +0300 Subject: [PATCH 08/18] #548 Documentation for cp_alt_repo --- docs/mkdocs.yml | 1 + docs/src/50-advanced/alternative-repo-reg.md | 74 ++++++++++++++++++++ 2 files changed, 75 insertions(+) create mode 100644 docs/src/50-advanced/alternative-repo-reg.md diff --git a/docs/mkdocs.yml b/docs/mkdocs.yml index f9c1e43a2..1a39b9d03 100644 --- a/docs/mkdocs.yml +++ b/docs/mkdocs.yml @@ -82,6 +82,7 @@ nav: - 'Build image and run deployer on OpenShift': ./50-advanced/run-on-openshift/build-image-and-run-deployer-on-openshift.md - 'Run deployer wizard on OpenShift': ./50-advanced/run-on-openshift/run-deployer-wizard-on-openshift.md - 'Private registry and air-gapped': ./50-advanced/private-registry-and-air-gapped.md + - 'Using alternative CASE repositories and registries': ./50-advanced/alternative-repo-reg.md - 'Advanced configuration': ./50-advanced/advanced-configuration.md - 'Locations to whitelist': ./50-advanced/locations-to-whitelist.md - 'Apply node settings to non-MCO clusters': ./50-advanced/apply-node-settings-non-mco.md diff --git a/docs/src/50-advanced/alternative-repo-reg.md b/docs/src/50-advanced/alternative-repo-reg.md new file mode 100644 index 000000000..b65362ef7 --- /dev/null +++ b/docs/src/50-advanced/alternative-repo-reg.md @@ -0,0 +1,74 @@ +# Using alternative repositories and registries + +!!! warning + In most scenarios you will not need this capability. + +Alternative repositories and registries are mainly geared towards pre-GA use of the Cloud Paks where CASE files are downloaded from internal repositories and staging container image registries need to be used as images have not been released yet. + +When specifying a `cp_alt_repo` object in a YAML file, this is used for all Cloud Paks. The object triggers the following steps: +* The following files are created in the `/tmp/work` directory in the container: `play_env.sh`, `resolvers.yaml` and `resolvers_auth`. +* When downloading CASE files using the `ibm-pak` plug-in, the `play_env` sets the locations of the resolvers and authorization files. +* Also, the locations of the case files for the Cloud Pak, Foundational Servides and Open Content are set in an enviroment variable. +* Registry mirrors are configured using an `ImageContentSourcePolicy` resource in the OpenShift cluster. +* Registry credentials are added to the OpenShift cluster's global pull secret. + +The `cp_alt_repo` is configured like this: +``` +cp_alt_repo: + repo: + token_secret: github-internal-repo + cp_path: https://raw.internal-repo.acme.com/cpd-case-repo/4.8.0/promoted/case-repo-promoted + fs_path: https://raw.internal-repo.acme.com/cloud-pak-case-repo/main/repo/case + opencontent_path: https://raw.internal-repo.acme.com/cloud-pak-case-repo/main/repo/case + registry_pull_secrets: + - registry: cp.staging.acme.com + pull_secret: cp-staging + - registry: fs.staging.acme.com + pull_secret: cp-fs-staging + registry_mirrors: + - source: cp.icr.com/cp + mirrors: + - cp.staging.acme.com/cp + - source: cp.icr.io/cp/cpd + mirrors: + - cp.staging.acme.com/cp/cpd + - source: icr.io/cpopen + mirrors: + - fs.staging.acme.com/cp + - source: icr.io/cpopen/cpfs + mirrors: + - fs.staging.acme.com/cp +``` + +## Property explanation +| Property | Description | Mandatory | Allowed values | +| -------------- | -------------------------------------------------------------------------------------- | --------- | -------------- | +| repo | Repositories to be accessed and the Git token | Yes | | +} repo.token_secret | Secret in the vault that holds the Git login token | Yes | | +| repo.cp_path | Repository path where to find Cloud Pak CASE files | Yes | | +| repo.fs)path | Repository path where to find the Foundational Services CASE files | Yes | | +| repo.opencontent_path | Repository path where to find the Open Content CASE files | Yes | | +| registry_pull_secrets | List of registries and their pull secrets, will be used to configure global pull secret | Yes | | +| .registry | Registry host name | Yes | | +| .pull_secret | Vault secret that holds the pull secret (user:password) for the registry | Yes | | +| registry_mirrors | List of registries and their mirrors, will be used to configure the ImageContentSourcePolicy | Yes | | +| .source | Registry and path referenced by the Cloud Pak/FS pod | Yes | | +| .mirrors: | List of alternate registry locations for this source | Yes | | + +## Configuring the secrets +Before running the deployer with a `cp_alt_repo` object, you need to ensure the referenced secrets are present in the vault. + +For the GitHub token, you need to set the token (typically a deploy key) to login to GitHub or GitHub Enterprise. +``` +./cp-deploy.sh vault set -vs github-internal-repo=abc123def456 +``` + +For the registry credentials, specify the user and password separated by a colon (`:`): +``` +./cp-deploy.sh vault set -vs cp-staging="cp-staging-user:cp-staging-password" +``` + +You can also set these tokens on the `cp-deploy.sh env apply` command line. +``` +./cp-deploy.sh env apply -f -vs github-internal-repo=abc123def456 -vs cp-staging="cp-staging-user:cp-staging-password +``` \ No newline at end of file From 0da6ae57389581b9c287536c0753623ce9cc95ad Mon Sep 17 00:00:00 2001 From: Frank Ketelaars Date: Mon, 16 Oct 2023 22:58:29 +0300 Subject: [PATCH 09/18] #548 Document olm-utils image override --- docs/src/50-advanced/alternative-repo-reg.md | 23 ++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/docs/src/50-advanced/alternative-repo-reg.md b/docs/src/50-advanced/alternative-repo-reg.md index b65362ef7..8064dbe1d 100644 --- a/docs/src/50-advanced/alternative-repo-reg.md +++ b/docs/src/50-advanced/alternative-repo-reg.md @@ -1,10 +1,23 @@ # Using alternative repositories and registries !!! warning - In most scenarios you will not need this capability. + In most scenarios you will not need this type of configuration. Alternative repositories and registries are mainly geared towards pre-GA use of the Cloud Paks where CASE files are downloaded from internal repositories and staging container image registries need to be used as images have not been released yet. +## Building the Cloud Pak Deployer image +By default the Cloud Pak Deployer image is built on top of the `olm-utils` images in `icr.io`. If you're working with a pre-release of the Cloud Pak OLM utils image, you can override the setting as follows: + +``` +export CPD_OLM_UTILS_V2_IMAGE=cp.staging.acme.com:4.8.0 +``` + +Subsequently, run the install commmand: +``` +./cp-deploy.sh build +``` + +## Configuring the alternative repositories and registries When specifying a `cp_alt_repo` object in a YAML file, this is used for all Cloud Paks. The object triggers the following steps: * The following files are created in the `/tmp/work` directory in the container: `play_env.sh`, `resolvers.yaml` and `resolvers_auth`. * When downloading CASE files using the `ibm-pak` plug-in, the `play_env` sets the locations of the resolvers and authorization files. @@ -44,7 +57,7 @@ cp_alt_repo: | Property | Description | Mandatory | Allowed values | | -------------- | -------------------------------------------------------------------------------------- | --------- | -------------- | | repo | Repositories to be accessed and the Git token | Yes | | -} repo.token_secret | Secret in the vault that holds the Git login token | Yes | | +| repo.token_secret | Secret in the vault that holds the Git login token | Yes | | | repo.cp_path | Repository path where to find Cloud Pak CASE files | Yes | | | repo.fs)path | Repository path where to find the Foundational Services CASE files | Yes | | | repo.opencontent_path | Repository path where to find the Open Content CASE files | Yes | | @@ -71,4 +84,10 @@ For the registry credentials, specify the user and password separated by a colon You can also set these tokens on the `cp-deploy.sh env apply` command line. ``` ./cp-deploy.sh env apply -f -vs github-internal-repo=abc123def456 -vs cp-staging="cp-staging-user:cp-staging-password +``` + +## Running the deploy +To run the deployer you can now use the standard process: +``` +./cp-deploy.sh env apply -v ``` \ No newline at end of file From 147de5c7bdaefb842bb44e2ba61234177f9584d5 Mon Sep 17 00:00:00 2001 From: Frank Ketelaars Date: Tue, 17 Oct 2023 19:26:46 +0000 Subject: [PATCH 10/18] #548 Remove cp4d status directory --- .../50-install-cloud-pak/cp4d/cp4d-variables/tasks/main.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/automation-roles/50-install-cloud-pak/cp4d/cp4d-variables/tasks/main.yml b/automation-roles/50-install-cloud-pak/cp4d/cp4d-variables/tasks/main.yml index 3366f5f02..212f5e31c 100644 --- a/automation-roles/50-install-cloud-pak/cp4d/cp4d-variables/tasks/main.yml +++ b/automation-roles/50-install-cloud-pak/cp4d/cp4d-variables/tasks/main.yml @@ -1,4 +1,9 @@ --- +- name: Delete directory for generated files + file: + path: "{{ status_dir }}/cp4d" + state: absent + - name: Create Cloud Pak for Data directory for generated files file: path: "{{ status_dir }}/cp4d" From 56e508f4c8976a88ebc246cb0cbc6fa9fd18ea21 Mon Sep 17 00:00:00 2001 From: Frank Ketelaars Date: Tue, 17 Oct 2023 19:27:16 +0000 Subject: [PATCH 11/18] #548 Delete additional authentication CR --- scripts/cp4d/cp4d-delete-instance.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/cp4d/cp4d-delete-instance.sh b/scripts/cp4d/cp4d-delete-instance.sh index f51d0ad09..9d6cbbfbe 100755 --- a/scripts/cp4d/cp4d-delete-instance.sh +++ b/scripts/cp4d/cp4d-delete-instance.sh @@ -94,6 +94,8 @@ if [ $? -eq 0 ];then log "Delete role binding if Cloud Pak for Data was connected to IAM" oc delete rolebinding -n ${CP4D_PROJECT} admin --ignore-not-found --wait=false oc patch -n ${CP4D_PROJECT} rolebinding/admin --type=merge -p '{"metadata": {"finalizers":null}}' 2> /dev/null + oc delete authentication.operator.ibm.com -n ${CP4D_PROJECT} example-authentication --ignore-not-found --wait=false + oc patch -n ${CP4D_PROJECT} authentication.operator.ibm.com/example-authentication --type=merge -p '{"metadata": {"finalizers":null}}' 2> /dev/null # # Now the CP4D project should be empty and can be deleted, this may take a while (5-15 minutes) From 0077d7f547cb3e7e31d620402f0d91f3e620d768 Mon Sep 17 00:00:00 2001 From: Frank Ketelaars Date: Tue, 17 Oct 2023 19:27:34 +0000 Subject: [PATCH 12/18] #548 admin user --- .../tasks/configure-cpd-admin-password.yml | 52 ++++++++++--------- 1 file changed, 27 insertions(+), 25 deletions(-) diff --git a/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/tasks/configure-cpd-admin-password.yml b/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/tasks/configure-cpd-admin-password.yml index ccc864fef..c58d92777 100644 --- a/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/tasks/configure-cpd-admin-password.yml +++ b/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/tasks/configure-cpd-admin-password.yml @@ -48,37 +48,39 @@ when: _cp4d_admin_password_vault=="" -- name: Extract admin password from OpenShift secret admin-user-details - shell: | - oc extract \ - --namespace {{ current_cp4d_cluster.project }} \ - secret/admin-user-details --to=- - register: _cp4d_admin_password_secret - when: not _iam_integration - -- name: Extract admin password from OpenShift secret admin-user-details - shell: | - oc extract \ - --namespace {{ current_cp4d_cluster.project }} \ - secret/platform-auth-idp-credentials \ - --keys=admin_password --to=- - register: _cp4d_admin_password_secret +- block: + - name: Extract admin password from OpenShift secret admin-user-details + shell: | + oc extract \ + --namespace {{ current_cp4d_cluster.project }} \ + secret/admin-user-details --to=- + register: _cp4d_admin_password_secret + - set_fact: + _cp4d_admin_user: "admin" + _current_cp4d_admin_password: "{{ _cp4d_admin_password_secret.stdout }}" when: not _iam_integration -- name: Show existing admin password from secret - debug: - var: _cp4d_admin_password_secret -- set_fact: - _current_cp4d_admin_password: "{{ _cp4d_admin_password_secret.stdout }}" +- block: + - name: Extract admin password from OpenShift secret platform-auth-idp-credentials + shell: | + oc extract \ + --namespace {{ current_cp4d_cluster.project }} \ + secret/platform-auth-idp-credentials \ + --keys=admin_password --to=- + register: _cp4d_iam_cpadmin_password_secret + - set_fact: + _cp4d_admin_user: "cpadmin" + _current_cp4d_admin_password: "{{ _cp4d_iam_cpadmin_password_secret.stdout }}" + when: _iam_integration - name: Login to Cloud Pak for Data instance {{ current_cp4d_cluster.project }} using password in OpenShift secret include_role: name: cp4d-login vars: _p_cp4d_project: "{{ current_cp4d_cluster.project }}" - _p_cp4d_user: admin - _p_cp4d_password: "{{ _cp4d_admin_password_secret.stdout }}" + _p_cp4d_user: "{{ _cp4d_admin_user }}" + _p_cp4d_password: "{{ _current_cp4d_admin_password }}" _p_fail_on_error: False - set_fact: @@ -90,7 +92,7 @@ name: cp4d-login vars: _p_cp4d_project: "{{ current_cp4d_cluster.project }}" - _p_cp4d_user: admin + _p_cp4d_user: "{{ _cp4d_admin_user }}" _p_cp4d_password: "{{ _cp4d_admin_password_vault }}" _p_fail_on_error: False @@ -104,12 +106,12 @@ msg: "Could not login to Cloud Pak for Data instance {{ current_cp4d_cluster.project }} using either OpenShift secret or vault password. Potentially the admin password was changed from the UI. To remediate, update vault secret {{ _cp4d_admin_password_vault_key_name }} to reflect the new password." when: not _cp4d_login_secret_successful and not _cp4d_login_successful -- include_task: change-cpd-admin-password-non-iam.yml +- include_tasks: change-cpd-admin-password-non-iam.yml when: - not _iam_integration - _current_cp4d_admin_password != _cp4d_admin_password_vault -- include_task: change-cpd-admin-password-iam.yml +- include_tasks: change-cpd-admin-password-iam.yml when: - _iam_integration - _current_cp4d_admin_password != _cp4d_admin_password_vault \ No newline at end of file From 1c96e79635131a76116d1ffb930d77a83956dd11 Mon Sep 17 00:00:00 2001 From: Frank Ketelaars Date: Thu, 19 Oct 2023 06:01:50 +0000 Subject: [PATCH 13/18] #548 Allow CP4D authentication via FS IAM --- .../tasks/change-cpd-admin-password-iam.yml | 2 +- .../tasks/configure-cpd-admin-password.yml | 4 - .../cp4d/cp4d-cluster/tasks/install-cp4d.yml | 1 - .../cp4d/cp4d-login/tasks/cp4d-login-iam.yml | 73 +++++++++++++++++++ .../cp4d-login/tasks/cp4d-login-non-iam.yml | 43 +++++++++++ .../cp4d/cp4d-login/tasks/main.yml | 50 +++++-------- 6 files changed, 136 insertions(+), 37 deletions(-) create mode 100644 automation-roles/50-install-cloud-pak/cp4d/cp4d-login/tasks/cp4d-login-iam.yml create mode 100644 automation-roles/50-install-cloud-pak/cp4d/cp4d-login/tasks/cp4d-login-non-iam.yml diff --git a/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/tasks/change-cpd-admin-password-iam.yml b/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/tasks/change-cpd-admin-password-iam.yml index 74ce10e3b..c8f09a678 100644 --- a/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/tasks/change-cpd-admin-password-iam.yml +++ b/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/tasks/change-cpd-admin-password-iam.yml @@ -2,7 +2,7 @@ # Store password from vault into OpenShift secret (also in case of reinstallation with existing vault secret) - name: Update {{ cp4d_login_username }} password in OpenShift secret when using Foundational Services IAM shell: | - oc set data --namespace {{ current_cp4d_cluster.project }} ssecret/platform-auth-idp-credentials \ + oc set data --namespace {{ current_cp4d_cluster.project }} secret/platform-auth-idp-credentials \ --from-literal=admin_password="{{ _cp4d_admin_password_vault }}" - name: Restart the platform identity pods diff --git a/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/tasks/configure-cpd-admin-password.yml b/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/tasks/configure-cpd-admin-password.yml index c58d92777..efafa1310 100644 --- a/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/tasks/configure-cpd-admin-password.yml +++ b/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/tasks/configure-cpd-admin-password.yml @@ -56,7 +56,6 @@ secret/admin-user-details --to=- register: _cp4d_admin_password_secret - set_fact: - _cp4d_admin_user: "admin" _current_cp4d_admin_password: "{{ _cp4d_admin_password_secret.stdout }}" when: not _iam_integration @@ -70,7 +69,6 @@ --keys=admin_password --to=- register: _cp4d_iam_cpadmin_password_secret - set_fact: - _cp4d_admin_user: "cpadmin" _current_cp4d_admin_password: "{{ _cp4d_iam_cpadmin_password_secret.stdout }}" when: _iam_integration @@ -79,7 +77,6 @@ name: cp4d-login vars: _p_cp4d_project: "{{ current_cp4d_cluster.project }}" - _p_cp4d_user: "{{ _cp4d_admin_user }}" _p_cp4d_password: "{{ _current_cp4d_admin_password }}" _p_fail_on_error: False @@ -92,7 +89,6 @@ name: cp4d-login vars: _p_cp4d_project: "{{ current_cp4d_cluster.project }}" - _p_cp4d_user: "{{ _cp4d_admin_user }}" _p_cp4d_password: "{{ _cp4d_admin_password_vault }}" _p_fail_on_error: False diff --git a/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/tasks/install-cp4d.yml b/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/tasks/install-cp4d.yml index a795c9a63..4d634976e 100644 --- a/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/tasks/install-cp4d.yml +++ b/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/tasks/install-cp4d.yml @@ -136,7 +136,6 @@ name: cp4d-login vars: _p_cp4d_project: "{{ current_cp4d_cluster.project }}" - _p_cp4d_user: "{{ _v_cp4d_login_username }}" _p_cp4d_password: "{{ _cp4d_admin_password }}" # Configure SSL certificate from the OpenShift Cluster to Cloud Pak for Data diff --git a/automation-roles/50-install-cloud-pak/cp4d/cp4d-login/tasks/cp4d-login-iam.yml b/automation-roles/50-install-cloud-pak/cp4d/cp4d-login/tasks/cp4d-login-iam.yml new file mode 100644 index 000000000..119fefc38 --- /dev/null +++ b/automation-roles/50-install-cloud-pak/cp4d/cp4d-login/tasks/cp4d-login-iam.yml @@ -0,0 +1,73 @@ +--- +- name: Get route to identity provider when using Foundational Services IAM + shell: | + oc --namespace {{ _p_cp4d_project }} get route platform-id-provider \ + -o jsonpath="{.spec.host}{.spec.path}" + register: _current_idp_url + +- set_fact: + _cp4d_user: "{{ _p_cp4d_user | default('cpadmin') }}" + +- name: Get IAM Access token when authenticating through Foundational Services IAM + uri: + url: 'https://{{ _current_idp_url.stdout }}v1/auth/identityToken' + method: POST + body_format: form-urlencoded + body: + grant_type: password + username: "{{ _cp4d_user }}" + password: "{{ _p_cp4d_password }}" + scope: openid + force: yes + return_content: yes + validate_certs: no + status_code: 200 + register: _cp4d_login_iam_access_result + retries: 3 + delay: 5 + until: _cp4d_login_iam_access_result.status == 200 + +- set_fact: + _iam_token: "{{ _cp4d_login_iam_access_result.json.access_token }}" + +- name: Login to Cloud Pak for Data using IAM access token + uri: + url: 'https://{{ _current_cp4d_url.stdout }}/v1/preauth/validateAuth' + method: GET + # body_format: json + headers: + username: "{{ _cp4d_user }}" + iam-token: "{{ _iam_token }}" + force: yes + return_content: yes + validate_certs: no + status_code: 200 + register: _cp4d_login_iam_result + retries: 3 + delay: 5 + failed_when: False + until: _cp4d_login_iam_result.status == 200 + +- set_fact: + _cp4d_login_successful: True + when: + - _cp4d_login_iam_result.status == 200 + +- set_fact: + _cp4d_login_successful: False + when: + - _cp4d_login_iam_result.status != 200 + +- fail: + msg: | + "Failed to login to Cloud Pak for Data instance {{ _p_cp4d_project }}." + "{{ _cp4d_login_iam_result }}" + when: + - not _cp4d_login_successful + - (_p_fail_on_error | default(True)) + +- set_fact: + _cp4d_login: "{{ _cp4d_login_iam_result.json | default({}) }}" + +- set_fact: + _cp4d_bearer_token: "{{ _cp4d_login.accessToken }}" \ No newline at end of file diff --git a/automation-roles/50-install-cloud-pak/cp4d/cp4d-login/tasks/cp4d-login-non-iam.yml b/automation-roles/50-install-cloud-pak/cp4d/cp4d-login/tasks/cp4d-login-non-iam.yml new file mode 100644 index 000000000..e50137252 --- /dev/null +++ b/automation-roles/50-install-cloud-pak/cp4d/cp4d-login/tasks/cp4d-login-non-iam.yml @@ -0,0 +1,43 @@ +--- +- set_fact: + _cp4d_user: "{{ _p_cp4d_user | default('admin') }}" + +- name: Authenticate to Cloud Pak for Data API endpoint https://{{ _current_cp4d_url.stdout }}/icp4d-api/v1/authorize + uri: + url: 'https://{{ _current_cp4d_url.stdout }}/icp4d-api/v1/authorize' + method: POST + body_format: json + body: '{"username":"{{ _cp4d_user }}","password":"{{ _p_cp4d_password }}"}' + force: yes + return_content: yes + validate_certs: no + status_code: 200 + register: _cp4d_login_non_iam_result + retries: 3 + delay: 5 + failed_when: False + until: _cp4d_login_non_iam_result.status == 200 + +- set_fact: + _cp4d_login_successful: True + when: + - _cp4d_login_non_iam_result.status == 200 + +- set_fact: + _cp4d_login_successful: False + when: + - _cp4d_login_non_iam_result.status != 200 + +- fail: + msg: | + "Failed to login to Cloud Pak for Data instance {{ _p_cp4d_project }}." + "{{ _cp4d_login_non_iam_result }}" + when: + - not _cp4d_login_successful + - (_p_fail_on_error | default(True)) + +- set_fact: + _cp4d_login: "{{ _cp4d_login_non_iam_result.json | default({}) }}" + +- set_fact: + _cp4d_bearer_token: "{{ _cp4d_login.token }}" \ No newline at end of file diff --git a/automation-roles/50-install-cloud-pak/cp4d/cp4d-login/tasks/main.yml b/automation-roles/50-install-cloud-pak/cp4d/cp4d-login/tasks/main.yml index b946a8a1f..589bd74c3 100644 --- a/automation-roles/50-install-cloud-pak/cp4d/cp4d-login/tasks/main.yml +++ b/automation-roles/50-install-cloud-pak/cp4d/cp4d-login/tasks/main.yml @@ -1,41 +1,29 @@ --- +- name: Get ZenService CR to check authentication method + shell: | + oc get --namespace {{ _p_cp4d_project }} ZenService lite-cr -o json + register: _zenservice_cr + +- set_fact: + _iam_integration: "{{ (_zenservice_cr.stdout | from_json).spec.iamIntegration | bool }}" + - name: Get route to Cloud Pak for Data from OpenShift project shell: | oc --namespace {{ _p_cp4d_project }} get route -l component=ibm-nginx \ -o jsonpath="{.items[0].spec.host}" - register: cp4d_url - -- name: Login to Cloud Pak for Data - uri: - url: 'https://{{ cp4d_url.stdout }}/icp4d-api/v1/authorize' - method: POST - body_format: json - body: '{"username":"{{ _p_cp4d_user }}","password":"{{ _p_cp4d_password }}"}' - force: yes - return_content: yes - validate_certs: no - status_code: 200 - register: _cp4d_login_result - retries: 3 - delay: 5 - failed_when: False - until: _cp4d_login_result.status == 200 + register: _current_cp4d_url - set_fact: - _cp4d_login_successful: True - when: _cp4d_login_result.status == 200 + cp4d_url: "{{ _current_cp4d_url }}" -- set_fact: - _cp4d_login_successful: False - when: _cp4d_login_result.status != 200 +- name: Get route to identity provider when using Foundational Services IAM + shell: | + oc --namespace {{ _p_cp4d_project }} get route platform-id-provider \ + -o jsonpath="{.spec.host}{.spec.path}" + register: _current_idp_url -- fail: - msg: | - "Failed to login to Cloud Pak for Data instance {{ _p_cp4d_project }}." - "{{ _cp4d_login_result }}" - when: - - _cp4d_login_result.status != 200 - - (_p_fail_on_error | default(True)) +- include_tasks: cp4d-login-non-iam.yml + when: not _iam_integration -- set_fact: - cp4d_login: "{{ _cp4d_login_result.json | default({}) }}" \ No newline at end of file +- include_tasks: cp4d-login-iam.yml + when: _iam_integration \ No newline at end of file From d9e0566194fba098dd41d393d30e97fbb67e6598 Mon Sep 17 00:00:00 2001 From: Frank Ketelaars Date: Thu, 19 Oct 2023 06:02:33 +0000 Subject: [PATCH 14/18] #548 Use appropriate bearer token dependent on IAM --- .../tasks/cp4d_backup_connections.yml | 2 +- .../tasks/cp4d_restore_connection.yml | 6 ++--- .../tasks/main.yml | 2 +- .../tasks/cluster-configure-prepare.yml | 1 - .../cp4d/cp4d-cluster-configure/vars/main.yml | 2 -- .../tasks/configure-cpd-ldap-integration.yml | 2 +- .../tasks/disable-cpd-ldap-integration.yml | 2 +- .../tasks/cp4d_db_connection.yml | 8 +++---- .../cp4d/cp4d-connections/tasks/main.yml | 4 ++-- .../tasks/delete_analyticsengine_instance.yml | 8 +++---- .../delete_analyticsengine_instances.yml | 4 ++-- .../provision_analyticsengine_instance.yml | 6 ++--- .../tasks/wait_analyticsengine_instance.yml | 4 ++-- .../tasks/delete_cognos_instance.yml | 4 ++-- .../tasks/delete_cognos_instances.yml | 2 +- ...are_provision_cognos_instance_internal.yml | 2 +- .../tasks/provision_cognos_instance.yml | 22 +++++++++---------- .../tasks/wait_cognos_instance.yml | 2 +- .../tasks/delete-cpd-edb-instance.yml | 4 ++-- .../tasks/delete-cpd-edb-instances.yml | 2 +- .../tasks/wait-cpd-edb-instance.yml | 4 ++-- .../tasks/provision_datastage_instance.yml | 2 +- .../tasks/delete_db2_instance.yml | 4 ++-- .../tasks/delete_db2_instances.yml | 2 +- .../tasks/provision_db2_instance.yml | 8 +++---- .../tasks/wait_db2_instance.yml | 4 ++-- .../tasks/delete_dv_instance.yml | 4 ++-- .../tasks/delete_dv_instances.yml | 2 +- .../tasks/provision_dv_instance.yml | 4 ++-- .../tasks/wait_dv_instance.yml | 4 ++-- .../tasks/delete_openpages_instance.yml | 4 ++-- .../tasks/delete_openpages_instances.yml | 2 +- .../tasks/wait_openpages_instance.yml | 4 ++-- 33 files changed, 67 insertions(+), 70 deletions(-) delete mode 100644 automation-roles/60-configure-cloud-pak/cp4d/cp4d-cluster-configure/vars/main.yml diff --git a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-backup-restore-connections/tasks/cp4d_backup_connections.yml b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-backup-restore-connections/tasks/cp4d_backup_connections.yml index d672ddc7c..5a7273f04 100644 --- a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-backup-restore-connections/tasks/cp4d_backup_connections.yml +++ b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-backup-restore-connections/tasks/cp4d_backup_connections.yml @@ -10,7 +10,7 @@ - when: _cp4d_backup_connections.connections_backup_file is defined block: - name: Get all connections - shell: "curl -s -k -H 'Authorization: Bearer {{ cp4d_login.token }}' -H 'Content-Type: application/json' -X GET 'https://{{ cp4d_url.stdout }}/v2/connections?catalog_id={{ _cp4d_catalog.catalogs[0].metadata.guid }}'" + shell: "curl -s -k -H 'Authorization: Bearer {{ _cp4d_bearer_token }}' -H 'Content-Type: application/json' -X GET 'https://{{ cp4d_url.stdout }}/v2/connections?catalog_id={{ _cp4d_catalog.catalogs[0].metadata.guid }}'" register: _cp4d_backup_connections_result - set_fact: diff --git a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-backup-restore-connections/tasks/cp4d_restore_connection.yml b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-backup-restore-connections/tasks/cp4d_restore_connection.yml index e2b71872f..286b22071 100644 --- a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-backup-restore-connections/tasks/cp4d_restore_connection.yml +++ b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-backup-restore-connections/tasks/cp4d_restore_connection.yml @@ -15,7 +15,7 @@ _cp4d_connection_ssl_certificate: "{{ _cp4d_restore_connection.entity.properties.ssl_certificate | default('') }}" - name: Validate if the connection to the'{{ _cp4d_connection_name }}' is available - shell: "curl -s -k -H 'Authorization: Bearer {{ cp4d_login.token }}' -H 'Content-Type: application/json' -X GET 'https://{{ cp4d_url.stdout }}/v2/connections?catalog_id={{ _cp4d_catalog.catalogs[0].metadata.guid }}&entity.flags=personal_credentials'" + shell: "curl -s -k -H 'Authorization: Bearer {{ _cp4d_bearer_token }}' -H 'Content-Type: application/json' -X GET 'https://{{ cp4d_url.stdout }}/v2/connections?catalog_id={{ _cp4d_catalog.catalogs[0].metadata.guid }}&entity.flags=personal_credentials'" register: _cp4d_connection_existing_result - set_fact: @@ -40,7 +40,7 @@ _connection_asset_id: "{{ _cp4d_connection_existing_connection[0].metadata.asset_id }}" - name: Delete existing {{ _cp4d_connection_name }} - shell: "curl -v -k -H 'Authorization: Bearer {{ cp4d_login.token }}' -H 'Content-Type: application/json' -X DELETE https://{{ cp4d_url.stdout }}/v2/connections/{{ _connection_asset_id }}?catalog_id={{ _cp4d_catalog.catalogs[0].metadata.guid }}" + shell: "curl -v -k -H 'Authorization: Bearer {{ _cp4d_bearer_token }}' -H 'Content-Type: application/json' -X DELETE https://{{ cp4d_url.stdout }}/v2/connections/{{ _connection_asset_id }}?catalog_id={{ _cp4d_catalog.catalogs[0].metadata.guid }}" register: _delete_db_connection_result - when: _create_connection == True @@ -51,7 +51,7 @@ dest: "{{ _cp4d_restore_connection_temp_dir.path }}/db_connection.json" - name: Create Datasource connection {{ _cp4d_connection_name }} - shell: "curl -v -k -H 'Authorization: Bearer {{ cp4d_login.token }}' -H 'Content-Type: application/json' -X POST https://{{ cp4d_url.stdout }}/v2/connections?catalog_id={{ _cp4d_catalog.catalogs[0].metadata.guid }} -T {{ _cp4d_restore_connection_temp_dir.path }}/db_connection.json" + shell: "curl -v -k -H 'Authorization: Bearer {{ _cp4d_bearer_token }}' -H 'Content-Type: application/json' -X POST https://{{ cp4d_url.stdout }}/v2/connections?catalog_id={{ _cp4d_catalog.catalogs[0].metadata.guid }} -T {{ _cp4d_restore_connection_temp_dir.path }}/db_connection.json" register: _create_db_connection_result - set_fact: diff --git a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-backup-restore-connections/tasks/main.yml b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-backup-restore-connections/tasks/main.yml index 7e0cb2c07..72ec5011a 100644 --- a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-backup-restore-connections/tasks/main.yml +++ b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-backup-restore-connections/tasks/main.yml @@ -9,7 +9,7 @@ path: "{{ status_dir }}/cp4d/exports/connections" - name: Get the Catalog 'Platform assets catalog' - shell: "curl -s -k -H 'Authorization: Bearer {{ cp4d_login.token }}' -H 'Content-Type: application/json' -X GET 'https://{{ cp4d_url.stdout }}/v2/catalogs?entity.name={{ cp4d_all_assets_catalog_name }}'" + shell: "curl -s -k -H 'Authorization: Bearer {{ _cp4d_bearer_token }}' -H 'Content-Type: application/json' -X GET 'https://{{ cp4d_url.stdout }}/v2/catalogs?entity.name={{ cp4d_all_assets_catalog_name }}'" register: _cp4d_get_catalog_result - set_fact: diff --git a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-cluster-configure/tasks/cluster-configure-prepare.yml b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-cluster-configure/tasks/cluster-configure-prepare.yml index ca8922874..31898765b 100644 --- a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-cluster-configure/tasks/cluster-configure-prepare.yml +++ b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-cluster-configure/tasks/cluster-configure-prepare.yml @@ -19,7 +19,6 @@ name: cp4d-login vars: _p_cp4d_project: "{{ current_cp4d_cluster.project }}" - _p_cp4d_user: "{{ _v_cp4d_login_username }}" _p_cp4d_password: "{{ _cp4d_login_password }}" - debug: diff --git a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-cluster-configure/vars/main.yml b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-cluster-configure/vars/main.yml deleted file mode 100644 index 6ad223d83..000000000 --- a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-cluster-configure/vars/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -_v_cp4d_login_username: admin \ No newline at end of file diff --git a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-configure-ldap/tasks/configure-cpd-ldap-integration.yml b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-configure-ldap/tasks/configure-cpd-ldap-integration.yml index 2edd4697a..ad8f608b8 100644 --- a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-configure-ldap/tasks/configure-cpd-ldap-integration.yml +++ b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-configure-ldap/tasks/configure-cpd-ldap-integration.yml @@ -43,7 +43,7 @@ - name: Configure the LDAP connection shell: | curl --location --insecure --request PUT 'https://{{ cp4d_url.stdout }}/usermgmt/v1/usermgmt/config' \ - --header 'Authorization: Bearer {{ cp4d_login.token }}' \ + --header 'Authorization: Bearer {{ _cp4d_bearer_token }}' \ --header 'Content-Type: application/json' \ --data-raw '{ "externalLDAPHost": "{{ _cp4d_ldap_config.ldap_host }}", diff --git a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-configure-ldap/tasks/disable-cpd-ldap-integration.yml b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-configure-ldap/tasks/disable-cpd-ldap-integration.yml index 4f6bec24b..4f0b67f14 100644 --- a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-configure-ldap/tasks/disable-cpd-ldap-integration.yml +++ b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-configure-ldap/tasks/disable-cpd-ldap-integration.yml @@ -3,7 +3,7 @@ - name: Disable the LDAP configuration shell: | curl --location --insecure --request PUT 'https://{{ cp4d_url.stdout }}/usermgmt/v1/usermgmt/config' \ - --header 'Authorization: Bearer {{ cp4d_login.token }}' \ + --header 'Authorization: Bearer {{ _cp4d_bearer_token }}' \ --header 'Content-Type: application/json' \ --data-raw '{ "externalLDAPHost":"", diff --git a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-connections/tasks/cp4d_db_connection.yml b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-connections/tasks/cp4d_db_connection.yml index e1dd77d52..fc7c46bf9 100644 --- a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-connections/tasks/cp4d_db_connection.yml +++ b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-connections/tasks/cp4d_db_connection.yml @@ -4,7 +4,7 @@ msg: "{{ _cp4d_connection }}" - name: Validate if the connection to the'{{ _cp4d_connection.name }}' is available - shell: "curl -s -k -H 'Authorization: Bearer {{ cp4d_login.token }}' -H 'Content-Type: application/json' -X GET 'https://{{ cp4d_url.stdout }}/v2/connections?catalog_id={{ _cp4d_catalog[0].metadata.guid }}&entity.flags=personal_credentials&entity.name={{ _cp4d_connection.name }}'" + shell: "curl -s -k -H 'Authorization: Bearer {{ _cp4d_bearer_token }}' -H 'Content-Type: application/json' -X GET 'https://{{ cp4d_url.stdout }}/v2/connections?catalog_id={{ _cp4d_catalog[0].metadata.guid }}&entity.flags=personal_credentials&entity.name={{ _cp4d_connection.name }}'" register: _cp4d_connection_existing_result - set_fact: @@ -76,7 +76,7 @@ dest: "{{ _cp4d_connection_temp_dir.path }}/db_connection.json" - name: Create Datasource connection {{ _cp4d_database_name }} - shell: "curl -v -k -H 'Authorization: Bearer {{ cp4d_login.token }}' -H 'Content-Type: application/json' -X POST https://{{ cp4d_url.stdout }}/v2/connections?catalog_id={{ _cp4d_catalog[0].metadata.guid }} -T {{ _cp4d_connection_temp_dir.path }}/db_connection.json" + shell: "curl -v -k -H 'Authorization: Bearer {{ _cp4d_bearer_token }}' -H 'Content-Type: application/json' -X POST https://{{ cp4d_url.stdout }}/v2/connections?catalog_id={{ _cp4d_catalog[0].metadata.guid }} -T {{ _cp4d_connection_temp_dir.path }}/db_connection.json" register: _create_db_connection_result - set_fact: @@ -124,7 +124,7 @@ msg: "Update {{ _cp4d_connection.name }} resource" - name: Delete existing {{ _cp4d_database_name }} - shell: "curl -v -k -H 'Authorization: Bearer {{ cp4d_login.token }}' -H 'Content-Type: application/json' -X DELETE https://{{ cp4d_url.stdout }}/v2/connections/{{ _connection_asset_id }}?catalog_id={{ _cp4d_catalog[0].metadata.guid }}" + shell: "curl -v -k -H 'Authorization: Bearer {{ _cp4d_bearer_token }}' -H 'Content-Type: application/json' -X DELETE https://{{ cp4d_url.stdout }}/v2/connections/{{ _connection_asset_id }}?catalog_id={{ _cp4d_catalog[0].metadata.guid }}" register: delete_db_connection_result - name: Create Datasource connection json file @@ -133,7 +133,7 @@ dest: "{{ _cp4d_connection_temp_dir.path }}/db_connection.json" - name: Create Datasource connection {{ _cp4d_database_name }} - shell: "curl -v -k -H 'Authorization: Bearer {{ cp4d_login.token }}' -H 'Content-Type: application/json' -X POST https://{{ cp4d_url.stdout }}/v2/connections?catalog_id={{ _cp4d_catalog[0].metadata.guid }} -T {{ _cp4d_connection_temp_dir.path }}/db_connection.json" + shell: "curl -v -k -H 'Authorization: Bearer {{ _cp4d_bearer_token }}' -H 'Content-Type: application/json' -X POST https://{{ cp4d_url.stdout }}/v2/connections?catalog_id={{ _cp4d_catalog[0].metadata.guid }} -T {{ _cp4d_connection_temp_dir.path }}/db_connection.json" register: _create_db_connection_result - set_fact: diff --git a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-connections/tasks/main.yml b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-connections/tasks/main.yml index e8c70096c..9c16c164a 100644 --- a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-connections/tasks/main.yml +++ b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-connections/tasks/main.yml @@ -9,7 +9,7 @@ register: _cp4d_connection_temp_dir - name: Get the Catalog 'Platform assets catalog' - shell: "curl -s -k -H 'Authorization: Bearer {{ cp4d_login.token }}' -H 'Content-Type: application/json' -X GET 'https://{{ cp4d_url.stdout }}/v2/catalogs?entity.name={{ _cp4d_all_assets_catalog_name }}'" + shell: "curl -s -k -H 'Authorization: Bearer {{ _cp4d_bearer_token }}' -H 'Content-Type: application/json' -X GET 'https://{{ cp4d_url.stdout }}/v2/catalogs?entity.name={{ _cp4d_all_assets_catalog_name }}'" register: _cp4d_get_catalog_result - set_fact: @@ -25,7 +25,7 @@ when: "not _cp4d_catalog|length == 1" - name: Get the available connection types - shell: "curl -s -k -H 'Authorization: Bearer {{ cp4d_login.token }}' -H 'Content-Type: application/json' -X GET 'https://{{ cp4d_url.stdout }}/v2/datasource_types'" + shell: "curl -s -k -H 'Authorization: Bearer {{ _cp4d_bearer_token }}' -H 'Content-Type: application/json' -X GET 'https://{{ cp4d_url.stdout }}/v2/datasource_types'" register: _cp4d_datasource_types_result - set_fact: diff --git a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-analyticsengine/tasks/delete_analyticsengine_instance.yml b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-analyticsengine/tasks/delete_analyticsengine_instance.yml index 10c4da4b3..565f9c661 100644 --- a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-analyticsengine/tasks/delete_analyticsengine_instance.yml +++ b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-analyticsengine/tasks/delete_analyticsengine_instance.yml @@ -44,7 +44,7 @@ method: DELETE headers: Content-Type: application/json - Authorization: "Bearer {{ cp4d_login.token }}" + Authorization: "Bearer {{ _cp4d_bearer_token }}" return_content: yes validate_certs: no register: _ae_instance_delete_result @@ -56,7 +56,7 @@ method: DELETE headers: Content-Type: application/json - Authorization: "Bearer {{ cp4d_login.token }}" + Authorization: "Bearer {{ _cp4d_bearer_token }}" return_content: yes validate_certs: no register: _ae_instance_storage_delete_result @@ -70,7 +70,7 @@ method: GET headers: Content-Type: application/json - Authorization: "Bearer {{ cp4d_login.token }}" + Authorization: "Bearer {{ _cp4d_bearer_token }}" return_content: yes validate_certs: no status_code: 404 @@ -91,7 +91,7 @@ method: GET headers: Content-Type: application/json - Authorization: "Bearer {{ cp4d_login.token }}" + Authorization: "Bearer {{ _cp4d_bearer_token }}" return_content: yes validate_certs: no status_code: 404 diff --git a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-analyticsengine/tasks/delete_analyticsengine_instances.yml b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-analyticsengine/tasks/delete_analyticsengine_instances.yml index d285e46da..083077920 100644 --- a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-analyticsengine/tasks/delete_analyticsengine_instances.yml +++ b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-analyticsengine/tasks/delete_analyticsengine_instances.yml @@ -5,7 +5,7 @@ method: GET headers: Content-Type: application/json - Authorization: "Bearer {{ cp4d_login.token }}" + Authorization: "Bearer {{ _cp4d_bearer_token }}" return_content: yes validate_certs: no status_code: 200 @@ -17,7 +17,7 @@ method: GET headers: Content-Type: application/json - Authorization: "Bearer {{ cp4d_login.token }}" + Authorization: "Bearer {{ _cp4d_bearer_token }}" return_content: yes validate_certs: no status_code: 200 diff --git a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-analyticsengine/tasks/provision_analyticsengine_instance.yml b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-analyticsengine/tasks/provision_analyticsengine_instance.yml index 56e5ad62f..62c6d9056 100644 --- a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-analyticsengine/tasks/provision_analyticsengine_instance.yml +++ b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-analyticsengine/tasks/provision_analyticsengine_instance.yml @@ -9,7 +9,7 @@ method: GET headers: Content-Type: application/json - Authorization: "Bearer {{ cp4d_login.token }}" + Authorization: "Bearer {{ _cp4d_bearer_token }}" return_content: yes validate_certs: no status_code: 200 @@ -40,7 +40,7 @@ - name: Create Analytics Engine storage instance {{ _ae_instance.name }} shell: | curl -v -k \ - -H 'Authorization: Bearer {{ cp4d_login.token }}' \ + -H 'Authorization: Bearer {{ _cp4d_bearer_token }}' \ -H 'Content-Type: application/json' \ -X POST \ 'https://{{ cp4d_url.stdout }}/zen-data/v3/service_instances' \ @@ -53,7 +53,7 @@ - name: Create Analytics Engine instance {{ _ae_instance.name }} shell: | curl -v -k \ - -H 'Authorization: Bearer {{ cp4d_login.token }}' \ + -H 'Authorization: Bearer {{ _cp4d_bearer_token }}' \ -H 'Content-Type: application/json' \ -X POST \ 'https://{{ cp4d_url.stdout }}/zen-data/v3/service_instances' \ diff --git a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-analyticsengine/tasks/wait_analyticsengine_instance.yml b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-analyticsengine/tasks/wait_analyticsengine_instance.yml index 2ed466fcb..baef8f307 100644 --- a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-analyticsengine/tasks/wait_analyticsengine_instance.yml +++ b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-analyticsengine/tasks/wait_analyticsengine_instance.yml @@ -9,7 +9,7 @@ method: GET headers: Content-Type: application/json - Authorization: "Bearer {{ cp4d_login.token }}" + Authorization: "Bearer {{ _cp4d_bearer_token }}" return_content: yes validate_certs: no status_code: 200 @@ -24,7 +24,7 @@ method: GET headers: Content-Type: application/json - Authorization: "Bearer {{ cp4d_login.token }}" + Authorization: "Bearer {{ _cp4d_bearer_token }}" return_content: yes validate_certs: no status_code: 200 diff --git a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-cognos/tasks/delete_cognos_instance.yml b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-cognos/tasks/delete_cognos_instance.yml index 6d9eacd57..86c6a347e 100644 --- a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-cognos/tasks/delete_cognos_instance.yml +++ b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-cognos/tasks/delete_cognos_instance.yml @@ -34,7 +34,7 @@ method: DELETE headers: Content-Type: application/json - Authorization: "Bearer {{ cp4d_login.token }}" + Authorization: "Bearer {{ _cp4d_bearer_token }}" return_content: yes validate_certs: no status_code: 202 @@ -47,7 +47,7 @@ method: GET headers: Content-Type: application/json - Authorization: "Bearer {{ cp4d_login.token }}" + Authorization: "Bearer {{ _cp4d_bearer_token }}" return_content: yes validate_certs: no status_code: 404 diff --git a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-cognos/tasks/delete_cognos_instances.yml b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-cognos/tasks/delete_cognos_instances.yml index 8a3cd2f8b..72511e524 100644 --- a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-cognos/tasks/delete_cognos_instances.yml +++ b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-cognos/tasks/delete_cognos_instances.yml @@ -5,7 +5,7 @@ method: GET headers: Content-Type: application/json - Authorization: "Bearer {{ cp4d_login.token }}" + Authorization: "Bearer {{ _cp4d_bearer_token }}" return_content: yes validate_certs: no status_code: 200 diff --git a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-cognos/tasks/prepare_provision_cognos_instance_internal.yml b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-cognos/tasks/prepare_provision_cognos_instance_internal.yml index ebc5cdae2..35e790bf1 100644 --- a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-cognos/tasks/prepare_provision_cognos_instance_internal.yml +++ b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-cognos/tasks/prepare_provision_cognos_instance_internal.yml @@ -10,7 +10,7 @@ - name: Get details of internal Db2 OLTP instance {{ _cognos_instance.metastore_ref }} shell: | curl -s -k \ - -H 'Authorization: Bearer {{ cp4d_login.token }}' \ + -H 'Authorization: Bearer {{ _cp4d_bearer_token }}' \ -H 'Content-Type: application/json' \ -X POST \ 'https://{{ cp4d_url.stdout }}/icp4data/api/v1/databases/connection' \ diff --git a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-cognos/tasks/provision_cognos_instance.yml b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-cognos/tasks/provision_cognos_instance.yml index 5bfb2105b..3b1d6b2bf 100644 --- a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-cognos/tasks/provision_cognos_instance.yml +++ b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-cognos/tasks/provision_cognos_instance.yml @@ -16,7 +16,7 @@ method: GET headers: Content-Type: application/json - Authorization: "Bearer {{ cp4d_login.token }}" + Authorization: "Bearer {{ _cp4d_bearer_token }}" return_content: yes validate_certs: no status_code: 200 @@ -43,7 +43,7 @@ method: GET headers: Content-Type: application/json - Authorization: "Bearer {{ cp4d_login.token }}" + Authorization: "Bearer {{ _cp4d_bearer_token }}" return_content: yes validate_certs: no status_code: 200 @@ -67,7 +67,7 @@ method: GET headers: Content-Type: application/json - Authorization: "Bearer {{ cp4d_login.token }}" + Authorization: "Bearer {{ _cp4d_bearer_token }}" return_content: yes validate_certs: no status_code: 200 @@ -93,7 +93,7 @@ method: GET headers: Content-Type: application/json - Authorization: "Bearer {{ cp4d_login.token }}" + Authorization: "Bearer {{ _cp4d_bearer_token }}" return_content: yes validate_certs: no status_code: 200 @@ -117,7 +117,7 @@ method: GET headers: Content-Type: application/json - Authorization: "Bearer {{ cp4d_login.token }}" + Authorization: "Bearer {{ _cp4d_bearer_token }}" return_content: yes validate_certs: no status_code: 200 @@ -140,7 +140,7 @@ - name: Create Datasource connection {{ _cp4d_platform_connection_name }} shell: | curl -v -k \ - -H 'Authorization: Bearer {{ cp4d_login.token }}' -H 'Content-Type: application/json' \ + -H 'Authorization: Bearer {{ _cp4d_bearer_token }}' -H 'Content-Type: application/json' \ -X POST \ https://{{ cp4d_url.stdout }}/v2/connections?catalog_id={{ _cp4d_platform_access_catalog.metadata.guid }} \ -T {{ status_dir }}/cp4d/{{ current_cp4d_cluster.project }}-{{ _cp4d_platform_connection_name }}-connection.json @@ -153,7 +153,7 @@ method: GET headers: Content-Type: application/json - Authorization: "Bearer {{ cp4d_login.token }}" + Authorization: "Bearer {{ _cp4d_bearer_token }}" return_content: yes validate_certs: no status_code: 200 @@ -180,7 +180,7 @@ method: PUT url: "https://{{ cp4d_url.stdout }}/v2/connections/{{ _cp4d_cognos_db2_platform_connection_id }}/actions/test?catalog_id={{ _cp4d_platform_access_catalog.metadata.guid }}" headers: - Authorization: "Bearer {{ cp4d_login.token }}" + Authorization: "Bearer {{ _cp4d_bearer_token }}" Content-Type: "application/json" Accept: "application/json" validate_certs: no @@ -220,7 +220,7 @@ method: GET headers: Content-Type: application/json - Authorization: "Bearer {{ cp4d_login.token }}" + Authorization: "Bearer {{ _cp4d_bearer_token }}" return_content: yes validate_certs: no status_code: 200 @@ -246,7 +246,7 @@ - name: Create Cognos smtp secret shell: | curl -v -k \ - -H 'Authorization: Bearer {{ cp4d_login.token }}' \ + -H 'Authorization: Bearer {{ _cp4d_bearer_token }}' \ -H 'Content-Type: application/json' \ -X POST 'https://{{ cp4d_url.stdout }}/zen-data/v2/secrets' \ -T {{ status_dir }}/cp4d/{{ current_cp4d_cluster.project }}-{{ _cognos_instance.name }}-cognos_smtp_secret.json @@ -272,7 +272,7 @@ - name: Create Cognos instance shell: | curl -v -k \ - -H 'Authorization: Bearer {{ cp4d_login.token }}' \ + -H 'Authorization: Bearer {{ _cp4d_bearer_token }}' \ -H 'Content-Type: application/json' \ -X POST \ 'https://{{ cp4d_url.stdout }}/zen-data/v3/service_instances' \ diff --git a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-cognos/tasks/wait_cognos_instance.yml b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-cognos/tasks/wait_cognos_instance.yml index 3de09a3b4..e5d8091d9 100644 --- a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-cognos/tasks/wait_cognos_instance.yml +++ b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-cognos/tasks/wait_cognos_instance.yml @@ -9,7 +9,7 @@ method: GET headers: Content-Type: application/json - Authorization: "Bearer {{ cp4d_login.token }}" + Authorization: "Bearer {{ _cp4d_bearer_token }}" return_content: yes validate_certs: no status_code: 200 diff --git a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-cpd-edb/tasks/delete-cpd-edb-instance.yml b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-cpd-edb/tasks/delete-cpd-edb-instance.yml index e2c73be2c..fdb201a50 100644 --- a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-cpd-edb/tasks/delete-cpd-edb-instance.yml +++ b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-cpd-edb/tasks/delete-cpd-edb-instance.yml @@ -34,7 +34,7 @@ method: DELETE headers: Content-Type: application/json - Authorization: "Bearer {{ cp4d_login.token }}" + Authorization: "Bearer {{ _cp4d_bearer_token }}" return_content: yes validate_certs: no status_code: 202 @@ -47,7 +47,7 @@ method: GET headers: Content-Type: application/json - Authorization: "Bearer {{ cp4d_login.token }}" + Authorization: "Bearer {{ _cp4d_bearer_token }}" return_content: yes validate_certs: no status_code: 404 diff --git a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-cpd-edb/tasks/delete-cpd-edb-instances.yml b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-cpd-edb/tasks/delete-cpd-edb-instances.yml index aa80bb622..2d6b0334f 100644 --- a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-cpd-edb/tasks/delete-cpd-edb-instances.yml +++ b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-cpd-edb/tasks/delete-cpd-edb-instances.yml @@ -5,7 +5,7 @@ method: GET headers: Content-Type: application/json - Authorization: "Bearer {{ cp4d_login.token }}" + Authorization: "Bearer {{ _cp4d_bearer_token }}" return_content: yes validate_certs: no status_code: 200 diff --git a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-cpd-edb/tasks/wait-cpd-edb-instance.yml b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-cpd-edb/tasks/wait-cpd-edb-instance.yml index 2fe029cd3..759db37a8 100644 --- a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-cpd-edb/tasks/wait-cpd-edb-instance.yml +++ b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-cpd-edb/tasks/wait-cpd-edb-instance.yml @@ -9,7 +9,7 @@ method: GET headers: Content-Type: application/json - Authorization: "Bearer {{ cp4d_login.token }}" + Authorization: "Bearer {{ _cp4d_bearer_token }}" return_content: yes validate_certs: no status_code: 200 @@ -24,7 +24,7 @@ method: GET headers: Content-Type: application/json - Authorization: "Bearer {{ cp4d_login.token }}" + Authorization: "Bearer {{ _cp4d_bearer_token }}" return_content: yes validate_certs: no status_code: 200 diff --git a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-datastage/tasks/provision_datastage_instance.yml b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-datastage/tasks/provision_datastage_instance.yml index 9439453cd..770907cc6 100644 --- a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-datastage/tasks/provision_datastage_instance.yml +++ b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-datastage/tasks/provision_datastage_instance.yml @@ -99,7 +99,7 @@ method: GET headers: Content-Type: application/json - Authorization: "Bearer {{ cp4d_login.token }}" + Authorization: "Bearer {{ _cp4d_bearer_token }}" return_content: yes validate_certs: no status_code: 200 diff --git a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-db2oltp/tasks/delete_db2_instance.yml b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-db2oltp/tasks/delete_db2_instance.yml index 7094967fa..62774654b 100644 --- a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-db2oltp/tasks/delete_db2_instance.yml +++ b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-db2oltp/tasks/delete_db2_instance.yml @@ -34,7 +34,7 @@ method: DELETE headers: Content-Type: application/json - Authorization: "Bearer {{ cp4d_login.token }}" + Authorization: "Bearer {{ _cp4d_bearer_token }}" return_content: yes validate_certs: no status_code: 202 @@ -47,7 +47,7 @@ method: GET headers: Content-Type: application/json - Authorization: "Bearer {{ cp4d_login.token }}" + Authorization: "Bearer {{ _cp4d_bearer_token }}" return_content: yes validate_certs: no status_code: 404 diff --git a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-db2oltp/tasks/delete_db2_instances.yml b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-db2oltp/tasks/delete_db2_instances.yml index 50ba800ff..6f54b7b25 100644 --- a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-db2oltp/tasks/delete_db2_instances.yml +++ b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-db2oltp/tasks/delete_db2_instances.yml @@ -5,7 +5,7 @@ method: GET headers: Content-Type: application/json - Authorization: "Bearer {{ cp4d_login.token }}" + Authorization: "Bearer {{ _cp4d_bearer_token }}" return_content: yes validate_certs: no status_code: 200 diff --git a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-db2oltp/tasks/provision_db2_instance.yml b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-db2oltp/tasks/provision_db2_instance.yml index 14f4f0dc6..847644a3a 100644 --- a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-db2oltp/tasks/provision_db2_instance.yml +++ b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-db2oltp/tasks/provision_db2_instance.yml @@ -9,7 +9,7 @@ method: GET headers: Content-Type: application/json - Authorization: "Bearer {{ cp4d_login.token }}" + Authorization: "Bearer {{ _cp4d_bearer_token }}" return_content: yes validate_certs: no status_code: 200 @@ -36,7 +36,7 @@ method: GET headers: Content-Type: application/json - Authorization: "Bearer {{ cp4d_login.token }}" + Authorization: "Bearer {{ _cp4d_bearer_token }}" return_content: yes validate_certs: no status_code: 200 @@ -49,7 +49,7 @@ method: GET headers: Content-Type: application/json - Authorization: "Bearer {{ cp4d_login.token }}" + Authorization: "Bearer {{ _cp4d_bearer_token }}" return_content: yes validate_certs: no status_code: 200 @@ -82,7 +82,7 @@ - name: Create Db2 OLTP instance {{ _db2_instance.name }} shell: | curl -v -k \ - -H 'Authorization: Bearer {{ cp4d_login.token }}' \ + -H 'Authorization: Bearer {{ _cp4d_bearer_token }}' \ -H 'Content-Type: application/json' \ -X POST \ 'https://{{ cp4d_url.stdout }}/zen-data/v3/service_instances' \ diff --git a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-db2oltp/tasks/wait_db2_instance.yml b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-db2oltp/tasks/wait_db2_instance.yml index 0a9b4edfa..7cca25720 100644 --- a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-db2oltp/tasks/wait_db2_instance.yml +++ b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-db2oltp/tasks/wait_db2_instance.yml @@ -9,7 +9,7 @@ method: GET headers: Content-Type: application/json - Authorization: "Bearer {{ cp4d_login.token }}" + Authorization: "Bearer {{ _cp4d_bearer_token }}" return_content: yes validate_certs: no status_code: 200 @@ -24,7 +24,7 @@ method: GET headers: Content-Type: application/json - Authorization: "Bearer {{ cp4d_login.token }}" + Authorization: "Bearer {{ _cp4d_bearer_token }}" return_content: yes validate_certs: no status_code: 200 diff --git a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-dv/tasks/delete_dv_instance.yml b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-dv/tasks/delete_dv_instance.yml index f841d3de1..b130d0880 100644 --- a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-dv/tasks/delete_dv_instance.yml +++ b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-dv/tasks/delete_dv_instance.yml @@ -34,7 +34,7 @@ method: DELETE headers: Content-Type: application/json - Authorization: "Bearer {{ cp4d_login.token }}" + Authorization: "Bearer {{ _cp4d_bearer_token }}" return_content: yes validate_certs: no status_code: 202 @@ -47,7 +47,7 @@ method: GET headers: Content-Type: application/json - Authorization: "Bearer {{ cp4d_login.token }}" + Authorization: "Bearer {{ _cp4d_bearer_token }}" return_content: yes validate_certs: no status_code: 404 diff --git a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-dv/tasks/delete_dv_instances.yml b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-dv/tasks/delete_dv_instances.yml index 567590012..fe08d23fc 100644 --- a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-dv/tasks/delete_dv_instances.yml +++ b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-dv/tasks/delete_dv_instances.yml @@ -5,7 +5,7 @@ method: GET headers: Content-Type: application/json - Authorization: "Bearer {{ cp4d_login.token }}" + Authorization: "Bearer {{ _cp4d_bearer_token }}" return_content: yes validate_certs: no status_code: 200 diff --git a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-dv/tasks/provision_dv_instance.yml b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-dv/tasks/provision_dv_instance.yml index 1858157a3..a37d1a6e9 100644 --- a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-dv/tasks/provision_dv_instance.yml +++ b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-dv/tasks/provision_dv_instance.yml @@ -9,7 +9,7 @@ method: GET headers: Content-Type: application/json - Authorization: "Bearer {{ cp4d_login.token }}" + Authorization: "Bearer {{ _cp4d_bearer_token }}" return_content: yes validate_certs: no status_code: 200 @@ -35,7 +35,7 @@ - name: Create Data Virtualization instance shell: | curl -v -k \ - -H 'Authorization: Bearer {{ cp4d_login.token }}' \ + -H 'Authorization: Bearer {{ _cp4d_bearer_token }}' \ -H 'Content-Type: application/json' \ -X POST 'https://{{ cp4d_url.stdout }}/zen-data/v3/service_instances' \ -T {{ status_dir }}/cp4d/{{ current_cp4d_cluster.project }}-{{ _dv_instance.name }}-dv_instance.json diff --git a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-dv/tasks/wait_dv_instance.yml b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-dv/tasks/wait_dv_instance.yml index a7c3ca1ac..93eff8853 100644 --- a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-dv/tasks/wait_dv_instance.yml +++ b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-dv/tasks/wait_dv_instance.yml @@ -9,7 +9,7 @@ method: GET headers: Content-Type: application/json - Authorization: "Bearer {{ cp4d_login.token }}" + Authorization: "Bearer {{ _cp4d_bearer_token }}" return_content: yes validate_certs: no status_code: 200 @@ -32,7 +32,7 @@ method: GET headers: Content-Type: application/json - Authorization: "Bearer {{ cp4d_login.token }}" + Authorization: "Bearer {{ _cp4d_bearer_token }}" return_content: yes validate_certs: no status_code: 200 diff --git a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-openpages/tasks/delete_openpages_instance.yml b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-openpages/tasks/delete_openpages_instance.yml index 8a28c7f3a..5d4fe08b4 100644 --- a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-openpages/tasks/delete_openpages_instance.yml +++ b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-openpages/tasks/delete_openpages_instance.yml @@ -34,7 +34,7 @@ method: DELETE headers: Content-Type: application/json - Authorization: "Bearer {{ cp4d_login.token }}" + Authorization: "Bearer {{ _cp4d_bearer_token }}" return_content: yes validate_certs: no status_code: 202 @@ -47,7 +47,7 @@ method: GET headers: Content-Type: application/json - Authorization: "Bearer {{ cp4d_login.token }}" + Authorization: "Bearer {{ _cp4d_bearer_token }}" return_content: yes validate_certs: no status_code: 404 diff --git a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-openpages/tasks/delete_openpages_instances.yml b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-openpages/tasks/delete_openpages_instances.yml index 7a245efa7..e9580ad47 100644 --- a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-openpages/tasks/delete_openpages_instances.yml +++ b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-openpages/tasks/delete_openpages_instances.yml @@ -22,7 +22,7 @@ method: GET headers: Content-Type: application/json - Authorization: "Bearer {{ cp4d_login.token }}" + Authorization: "Bearer {{ _cp4d_bearer_token }}" return_content: yes validate_certs: no status_code: 200 diff --git a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-openpages/tasks/wait_openpages_instance.yml b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-openpages/tasks/wait_openpages_instance.yml index c14b2b9a6..9dfc84ba5 100644 --- a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-openpages/tasks/wait_openpages_instance.yml +++ b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-instance-openpages/tasks/wait_openpages_instance.yml @@ -9,7 +9,7 @@ method: GET headers: Content-Type: application/json - Authorization: "Bearer {{ cp4d_login.token }}" + Authorization: "Bearer {{ _cp4d_bearer_token }}" return_content: yes validate_certs: no status_code: 200 @@ -32,7 +32,7 @@ method: GET headers: Content-Type: application/json - Authorization: "Bearer {{ cp4d_login.token }}" + Authorization: "Bearer {{ _cp4d_bearer_token }}" return_content: yes validate_certs: no status_code: 200 From 52120b75ede4430f3dfc13541ca55579ba2c41b2 Mon Sep 17 00:00:00 2001 From: Frank Ketelaars Date: Fri, 20 Oct 2023 19:25:18 +0000 Subject: [PATCH 15/18] #548 Retain cpd_platform install options --- .../cp4d-cartridge-install/tasks/main.yml | 9 +++++++++ .../tasks/install-control-plane-olm-utils.yml | 20 +++++++++++++++---- .../apply-cr-cpd-platform-install-options.j2 | 4 ---- .../templates/apply-cr-cpd-platform.j2 | 2 +- .../cp4d/cp4d-login/tasks/main.yml | 6 ------ 5 files changed, 26 insertions(+), 15 deletions(-) delete mode 100644 automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/templates/apply-cr-cpd-platform-install-options.j2 diff --git a/automation-roles/50-install-cloud-pak/cp4d/cp4d-cartridge-install/tasks/main.yml b/automation-roles/50-install-cloud-pak/cp4d/cp4d-cartridge-install/tasks/main.yml index 190a1b986..6de927920 100644 --- a/automation-roles/50-install-cloud-pak/cp4d/cp4d-cartridge-install/tasks/main.yml +++ b/automation-roles/50-install-cloud-pak/cp4d/cp4d-cartridge-install/tasks/main.yml @@ -10,6 +10,15 @@ state: present create: True +- name: Insert cpd_platform options into {{ status_dir }}/cp4d/{{ _p_current_cp4d_cluster.project }}-install-options.yml + blockinfile: + path: "{{ status_dir }}/cp4d/{{ _p_current_cp4d_cluster.project }}-install-options.yml" + marker: "# {mark} CPD Platform options #" + block: |2 + cpd_platform: + cloudpakfordata: true + iamIntegration: {{ _p_current_cp4d_cluster.use_fs_iam | default(False) | bool }} + - name: Run pre-processing scripts include_tasks: cp4d-install-cr-pre-processing.yml loop: "{{ _cartridges_to_install | default([]) }}" diff --git a/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/tasks/install-control-plane-olm-utils.yml b/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/tasks/install-control-plane-olm-utils.yml index d438ea31c..2dd630c7c 100644 --- a/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/tasks/install-control-plane-olm-utils.yml +++ b/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/tasks/install-control-plane-olm-utils.yml @@ -4,10 +4,22 @@ path: /tmp/work state: directory -- name: Generate platform install options file {{ status_dir }}/cp4d/{{ current_cp4d_cluster.project }}-cpd-platform-install-options.yml - template: - src: apply-cr-cpd-platform-install-options.j2 - dest: "{{ status_dir }}/cp4d/{{ current_cp4d_cluster.project }}-cpd-platform-install-options.yml" +- name: Populate {{ status_dir }}/cp4d/{{ current_cp4d_cluster.project }}-install-options.yml + lineinfile: + path: "{{ status_dir }}/cp4d/{{ current_cp4d_cluster.project }}-install-options.yml" + line: "custom_spec:" + insertbefore: "BOF" + state: present + create: True + +- name: Insert cpd_platform options into {{ status_dir }}/cp4d/{{ current_cp4d_cluster.project }}-install-options.yml + blockinfile: + path: "{{ status_dir }}/cp4d/{{ current_cp4d_cluster.project }}-install-options.yml" + marker: "# {mark} CPD Platform options #" + block: |2 + cpd_platform: + cloudpakfordata: true + iamIntegration: {{ current_cp4d_cluster.use_fs_iam | default(False) | bool }} - name: Generate apply-cr command to install Cloud Pak for Data platform set_fact: diff --git a/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/templates/apply-cr-cpd-platform-install-options.j2 b/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/templates/apply-cr-cpd-platform-install-options.j2 deleted file mode 100644 index 90b98ff12..000000000 --- a/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/templates/apply-cr-cpd-platform-install-options.j2 +++ /dev/null @@ -1,4 +0,0 @@ -custom_spec: - cpd_platform: - cloudpakfordata: true - iamIntegration: {{ current_cp4d_cluster.use_fs_iam | default(False) | bool }} \ No newline at end of file diff --git a/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/templates/apply-cr-cpd-platform.j2 b/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/templates/apply-cr-cpd-platform.j2 index 2a4140ed5..c569026f7 100644 --- a/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/templates/apply-cr-cpd-platform.j2 +++ b/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/templates/apply-cr-cpd-platform.j2 @@ -6,4 +6,4 @@ apply-cr \ --cpd_instance_ns={{ current_cp4d_cluster.project }} \ --components=cpfs,cpd_platform \ --file_storage_class={{ ocp_storage_class_file }} --block_storage_class={{ ocp_storage_class_block }} \ - --param-file={{ status_dir }}/cp4d/{{ current_cp4d_cluster.project }}-cpd-platform-install-options.yml \ No newline at end of file + --param-file={{ status_dir }}/cp4d/{{ current_cp4d_cluster.project }}-install-options.yml \ No newline at end of file diff --git a/automation-roles/50-install-cloud-pak/cp4d/cp4d-login/tasks/main.yml b/automation-roles/50-install-cloud-pak/cp4d/cp4d-login/tasks/main.yml index 589bd74c3..077d4f3d3 100644 --- a/automation-roles/50-install-cloud-pak/cp4d/cp4d-login/tasks/main.yml +++ b/automation-roles/50-install-cloud-pak/cp4d/cp4d-login/tasks/main.yml @@ -16,12 +16,6 @@ - set_fact: cp4d_url: "{{ _current_cp4d_url }}" -- name: Get route to identity provider when using Foundational Services IAM - shell: | - oc --namespace {{ _p_cp4d_project }} get route platform-id-provider \ - -o jsonpath="{.spec.host}{.spec.path}" - register: _current_idp_url - - include_tasks: cp4d-login-non-iam.yml when: not _iam_integration From 191ff0db40c7c3eae275b6a5f0788b57ebf2609c Mon Sep 17 00:00:00 2001 From: Frank Ketelaars Date: Sat, 21 Oct 2023 07:20:33 +0000 Subject: [PATCH 16/18] #548 Do not delete entire cp4d directory --- .../tasks/delete-case-resolvers.yml | 12 ++++++++++++ .../tasks/generate-case-resolvers.yml | 17 ----------------- .../cp-alternative-repo/tasks/main.yml | 2 ++ .../cp4d/cp4d-variables/tasks/main.yml | 5 ----- 4 files changed, 14 insertions(+), 22 deletions(-) create mode 100644 automation-roles/50-install-cloud-pak/cp-alternative-repo/tasks/delete-case-resolvers.yml diff --git a/automation-roles/50-install-cloud-pak/cp-alternative-repo/tasks/delete-case-resolvers.yml b/automation-roles/50-install-cloud-pak/cp-alternative-repo/tasks/delete-case-resolvers.yml new file mode 100644 index 000000000..f01895b87 --- /dev/null +++ b/automation-roles/50-install-cloud-pak/cp-alternative-repo/tasks/delete-case-resolvers.yml @@ -0,0 +1,12 @@ +--- +- name: Delete case resolvers + file: + path: "{{ item }}" + state: absent + loop: + - "{{ status_dir }}/cloud-paks/play_env.sh" + - "{{ status_dir }}/cloud-paks/resolvers.yaml" + - "{{ status_dir }}/cloud-paks/resolvers_auth.yaml" + - /tmp/work//play_env.sh + - /tmp/work//resolvers.yaml + - /tmp/work//resolvers_auth.yaml \ No newline at end of file diff --git a/automation-roles/50-install-cloud-pak/cp-alternative-repo/tasks/generate-case-resolvers.yml b/automation-roles/50-install-cloud-pak/cp-alternative-repo/tasks/generate-case-resolvers.yml index 38b9e2165..2ea96d203 100644 --- a/automation-roles/50-install-cloud-pak/cp-alternative-repo/tasks/generate-case-resolvers.yml +++ b/automation-roles/50-install-cloud-pak/cp-alternative-repo/tasks/generate-case-resolvers.yml @@ -14,29 +14,12 @@ msg: "Secret {{ _cp_alt_repo.repo.token_secret }} not found in vault; it must contain the alternative Git repository's login token" when: _case_repo_token=="" -# - name: Get alternative registry credentials vault secret {{ _cp_alt_repo.registry_secret }} -# include_role: -# name: vault-get-secret -# vars: -# secret_name: "{{ _cp_alt_repo.registry_secret }}" -# secret_group: "{{ environment_name }}" -# _p_secret_variable: _alt_registry_secret - -# - fail: -# msg: "Secret {{ _cp_alt_repo.registry_secret }} not found in vault; it must contain the alternative registry's login credentials" -# when: _alt_registry_secret=="" - - name: Strip off https from the repository URLs set_fact: _case_repo_path_cp: "{{ (_cp_alt_repo.repo.cp_path | urlsplit('hostname')) + (_cp_alt_repo.repo.cp_path | urlsplit('path')) }}" _case_repo_path_fs: "{{ (_cp_alt_repo.repo.fs_path | urlsplit('hostname')) + (_cp_alt_repo.repo.fs_path | urlsplit('path')) }}" _case_repo_path_opencontent: "{{ (_cp_alt_repo.repo.opencontent_path | urlsplit('hostname')) + (_cp_alt_repo.repo.opencontent_path | urlsplit('path')) }}" -# - name: Extract alternative registry and user and password -# set_fact: -# _alt_registry_user: "{{ _alt_registry_secret | regex_search('^(.+):(.+)', '\\1') | first }}" -# _alt_registry_password: "{{ _alt_registry_secret | regex_search('^(.+):(.+)', '\\2') | first }}" - - name: Ensure {{ status_dir }}/cloud-paks exists file: path: "{{ status_dir }}/cloud-paks" diff --git a/automation-roles/50-install-cloud-pak/cp-alternative-repo/tasks/main.yml b/automation-roles/50-install-cloud-pak/cp-alternative-repo/tasks/main.yml index 3c933d912..f33f12b33 100644 --- a/automation-roles/50-install-cloud-pak/cp-alternative-repo/tasks/main.yml +++ b/automation-roles/50-install-cloud-pak/cp-alternative-repo/tasks/main.yml @@ -1,3 +1,5 @@ --- +- include_tasks: delete-case-resolvers.yml + - include_tasks: generate-case-resolvers.yml when: (all_config.cp_alt_repo | default({})) != {} \ No newline at end of file diff --git a/automation-roles/50-install-cloud-pak/cp4d/cp4d-variables/tasks/main.yml b/automation-roles/50-install-cloud-pak/cp4d/cp4d-variables/tasks/main.yml index 212f5e31c..3366f5f02 100644 --- a/automation-roles/50-install-cloud-pak/cp4d/cp4d-variables/tasks/main.yml +++ b/automation-roles/50-install-cloud-pak/cp4d/cp4d-variables/tasks/main.yml @@ -1,9 +1,4 @@ --- -- name: Delete directory for generated files - file: - path: "{{ status_dir }}/cp4d" - state: absent - - name: Create Cloud Pak for Data directory for generated files file: path: "{{ status_dir }}/cp4d" From 7b2551e1aeb3c3f66626c8b540c40b8e4e676c75 Mon Sep 17 00:00:00 2001 From: Frank Ketelaars Date: Sat, 21 Oct 2023 11:38:01 +0000 Subject: [PATCH 17/18] #548 Delete of operator namespace sometimes fails --- scripts/cp4d/cp4d-delete-instance.sh | 157 ++++++++++----------------- 1 file changed, 55 insertions(+), 102 deletions(-) diff --git a/scripts/cp4d/cp4d-delete-instance.sh b/scripts/cp4d/cp4d-delete-instance.sh index 9d6cbbfbe..c8f91dcac 100755 --- a/scripts/cp4d/cp4d-delete-instance.sh +++ b/scripts/cp4d/cp4d-delete-instance.sh @@ -10,6 +10,47 @@ log() { printf "[${LOG_TIME}] ${1}\n" } +wait_ns_deleted() { + NS=$1 + log "Waiting for deletion of namespace ${NS} ..." + while $(oc get ns ${NS} > /dev/null 2>&1);do + sleep 1 + done +} + +delete_operator_ns() { + CP4D_OPERATORS=$1 + oc get project ${CP4D_OPERATORS} > /dev/null 2>&1 + if [ $? -eq 0 ];then + log "Deleting everything in the ${CP4D_OPERATORS} project" + oc delete CommonService -n ${CP4D_OPERATORS} common-service --ignore-not-found + oc delete sub -n ${CP4D_OPERATORS} -l operators.coreos.com/ibm-common-service-operator.ibm-common-services --ignore-not-found + oc delete csv -n ${CP4D_OPERATORS} -l operators.coreos.com/ibm-common-service-operator.ibm-common-services --ignore-not-found + + oc delete operandconfig -n ${CP4D_OPERATORS} --all --ignore-not-found + oc delete operandregistry -n ${CP4D_OPERATORS} --all --ignore-not-found + oc delete nss -n ${CP4D_OPERATORS} --all --ignore-not-found + + oc delete sub -n ${CP4D_OPERATORS} --all --ignore-not-found + oc delete csv -n ${CP4D_OPERATORS} --all --ignore-not-found + + log "Deleting ${CP4D_OPERATORS} project" + oc delete ns ${CP4D_OPERATORS} --ignore-not-found --wait=false + opreq_deleted=true + while [ opreq_deleted ];do + opreq_deleted=false + for opreq in $(oc get operandrequest -n ${CP4D_OPERATORS} --no-headers | awk '{print $1}');do + oc delete operandrequest -n ${CP4D_OPERATORS} ${opreq} --ignore-not-found --wait=false + oc patch -n ${CP4D_OPERATORS} operandrequest/${opreq} --type=merge -p '{"metadata": {"finalizers":null}}' 2> /dev/null + opreq_deleted=true + done + done + wait_ns_deleted ${CP4D_OPERATORS} + else + echo "Project ${CP4D_OPERATORS} does not exist, skipping" + fi +} + CP4D_PROJECT=$1 if [ -z "${CP4D_PROJECT}" ];then echo "Usage: $0 " @@ -58,15 +99,6 @@ if [ $? -eq 0 ];then esac done < ${temp_dir}/cp4d-resources.out - # - # Wait a bit to give OpenShift a chance to terminate the resources. You can check the pods in the CP4D project to see if - # they are terminating. - # - if ${resource_deleted};then - log "Waiting a jiffy for pods to start terminating" - sleep 10 - fi - # # Delete the remaining CP4D custom resources - Ibmcpd, CommonService and OperandRequest # @@ -86,11 +118,6 @@ if [ $? -eq 0 ];then esac done < ${temp_dir}/cp4d-resources.out - if ${resource_deleted};then - log "Waiting a jiffy for remaining pods to start terminating" - sleep 10 - fi - log "Delete role binding if Cloud Pak for Data was connected to IAM" oc delete rolebinding -n ${CP4D_PROJECT} admin --ignore-not-found --wait=false oc patch -n ${CP4D_PROJECT} rolebinding/admin --type=merge -p '{"metadata": {"finalizers":null}}' 2> /dev/null @@ -101,60 +128,17 @@ if [ $? -eq 0 ];then # Now the CP4D project should be empty and can be deleted, this may take a while (5-15 minutes) # log "Deleting ${CP4D_PROJECT} namespace" - oc delete ns ${CP4D_PROJECT} + oc delete ns ${CP4D_PROJECT} --ignore-not-found --wait=false + wait_ns_deleted ${CP4D_PROJECT} else echo "Project ${CP4D_PROJECT} does not exist, skipping" fi -CP4D_OPERATORS=${CP4D_PROJECT}-operators -oc get project ${CP4D_OPERATORS} > /dev/null 2>&1 -if [ $? -eq 0 ];then - log "Deleting everything in the ${CP4D_OPERATORS} project" - oc delete CommonService -n ${CP4D_OPERATORS} common-service --ignore-not-found - oc delete sub -n ${CP4D_OPERATORS} -l operators.coreos.com/ibm-common-service-operator.ibm-common-services --ignore-not-found - oc delete csv -n ${CP4D_OPERATORS} -l operators.coreos.com/ibm-common-service-operator.ibm-common-services --ignore-not-found - - for opreq in $(oc get operandrequest -n ${CP4D_OPERATORS} --no-headers | awk '{print $1}');do - oc delete operandrequest -n ${CP4D_OPERATORS} --all --ignore-not-found --wait=false - oc patch -n ${CP4D_OPERATORS} operandrequest/${opreq} --type=merge -p '{"metadata": {"finalizers":null}}' 2> /dev/null - done - oc delete operandconfig -n ${CP4D_OPERATORS} --all --ignore-not-found - oc delete operandregistry -n ${CP4D_OPERATORS} --all --ignore-not-found - oc delete nss -n ${CP4D_OPERATORS} --all --ignore-not-found - - oc delete sub -n ${CP4D_OPERATORS} --all --ignore-not-found - oc delete csv -n ${CP4D_OPERATORS} --all --ignore-not-found - - log "Deleting ${CP4D_OPERATORS} project" - oc delete ns ${CP4D_OPERATORS} -else - echo "Project ${CP4D_OPERATORS} does not exist, skipping" -fi - -CP4D_OPERATORS=${CP4D_PROJECT}-operators -oc get project ${CP4D_OPERATORS} > /dev/null 2>&1 -if [ $? -eq 0 ];then - log "Deleting everything in the ${CP4D_OPERATORS} project" - oc delete CommonService -n ${CP4D_OPERATORS} common-service --ignore-not-found - oc delete sub -n ${CP4D_OPERATORS} -l operators.coreos.com/ibm-common-service-operator.ibm-common-services --ignore-not-found - oc delete csv -n ${CP4D_OPERATORS} -l operators.coreos.com/ibm-common-service-operator.ibm-common-services --ignore-not-found - - for opreq in $(oc get operandrequest -n ${CP4D_OPERATORS} --no-headers | awk '{print $1}');do - oc delete operandrequest -n ${CP4D_OPERATORS} --all --ignore-not-found --wait=false - oc patch -n ${CP4D_OPERATORS} operandrequest/${opreq} --type=merge -p '{"metadata": {"finalizers":null}}' 2> /dev/null - done - oc delete operandconfig -n ${CP4D_OPERATORS} --all --ignore-not-found - oc delete operandregistry -n ${CP4D_OPERATORS} --all --ignore-not-found - oc delete nss -n ${CP4D_OPERATORS} --all --ignore-not-found - - oc delete sub -n ${CP4D_OPERATORS} --all --ignore-not-found - oc delete csv -n ${CP4D_OPERATORS} --all --ignore-not-found +# Delete operators in ibm-common-services +delete_operator_ns ibm-common-services - log "Deleting ${CP4D_OPERATORS} project" - oc delete ns ${CP4D_OPERATORS} -else - echo "Project ${CP4D_OPERATORS} does not exist, skipping" -fi +# Delete operators in new operators namespace +delete_operator_ns ${CP4D_PROJECT}-operators IBM_SCHEDULING=ibm-scheduling oc get project ${IBM_SCHEDULING} > /dev/null 2>&1 @@ -165,7 +149,8 @@ if [ $? -eq 0 ];then oc delete csv -n ${IBM_SCHEDULING} --all --ignore-not-found log "Deleting ${IBM_SCHEDULING} project" - oc delete ns ${IBM_SCHEDULING} + oc delete ns ${IBM_SCHEDULING} --ignore-not-found --wait=false + wait_ns_deleted ${IBM_SCHEDULING} else echo "Project ${IBM_SCHEDULING} does not exist, skipping" fi @@ -179,7 +164,8 @@ if [ $? -eq 0 ];then oc delete csv -n ${IBM_LICENSING} --all --ignore-not-found log "Deleting ${IBM_LICENSING} project" - oc delete ns ${IBM_LICENSING} + oc delete ns ${IBM_LICENSING} --ignore-not-found --wait=false + wait_ns_deleted ${IBM_LICENSING} else echo "Project ${IBM_LICENSING} does not exist, skipping" fi @@ -196,7 +182,8 @@ if [ $? -eq 0 ];then oc delete csv -n ${IBM_CERT_MANAGER} --all --ignore-not-found log "Deleting ${IBM_CERT_MANAGER} project" - oc delete ns ${IBM_CERT_MANAGER} + oc delete ns ${IBM_CERT_MANAGER} --ignore-not-found --wait=false + wait_ns_deleted ${IBM_CERT_MANAGER} else echo "Project ${IBM_CERT_MANAGER} does not exist, skipping" fi @@ -218,7 +205,8 @@ if [ $? -eq 0 ];then oc delete nss -n ${IBM_CS_CONTROL} --all --ignore-not-found log "Deleting ${IBM_CS_CONTROL} project" - oc delete ns ${IBM_CS_CONTROL} + oc delete ns ${IBM_CS_CONTROL} --ignore-not-found --wait=false + wait_ns_deleted ${IBM_CS_CONTROL} else echo "Project ${IBM_CS_CONTROL} does not exist, skipping" fi @@ -226,41 +214,6 @@ fi echo "Deleting common-service maps" oc delete cm -n kube-public common-service-maps --ignore-not-found -# -# Delete all CRs in the ibm-common-services project -# Here we do wait for deletion to complete as it typically does finish ok in a few minutes -# -oc get project ibm-common-services > /dev/null 2>&1 -if [ $? -eq 0 ];then - log "Deleting everything in the ibm-common-services project" - oc project ibm-common-services - oc delete CommonService -n ibm-common-services common-service --ignore-not-found - oc delete Scheduling -n ibm-common-services --all --ignore-not-found - oc delete sub -n ibm-common-services -l operators.coreos.com/ibm-common-service-operator.ibm-common-services --ignore-not-found - oc delete csv -n ibm-common-services -l operators.coreos.com/ibm-common-service-operator.ibm-common-services --ignore-not-found - - oc delete operandrequest -n ibm-common-services --all --ignore-not-found - - oc delete operandconfig -n ibm-common-services --all --ignore-not-found - - oc delete operandregistry -n ibm-common-services --all --ignore-not-found - - oc delete nss -n ibm-common-services --all --ignore-not-found - - oc delete sub -n ibm-common-services --all --ignore-not-found - oc delete csv -n ibm-common-services --all --ignore-not-found - - log "Delete role binding in Foundation Services if Cloud Pak for Data was connected to IAM" - oc delete rolebinding -n ibm-common-services admin --ignore-not-found --wait=false - oc patch -n ibm-common-services rolebinding/admin --type=merge -p '{"metadata": {"finalizers":null}}' 2> /dev/null - - # - # Now the ibm-common-services project should be empty and can be deleted - # - log "Deleting ibm-common-services project" - oc delete ns ibm-common-services -fi - # # Delete all catalog sources belonging to CP4D # From eb455aa4a7899a032a0b7126f7e466c3ea7e9798 Mon Sep 17 00:00:00 2001 From: Frank Ketelaars Date: Sat, 21 Oct 2023 11:38:17 +0000 Subject: [PATCH 18/18] #548 incorrect variable for CP4D token --- .../cp4d-cluster/tasks/change-cpd-admin-password-non-iam.yml | 2 +- .../cp4d/cp4d-roles/tasks/handle-custom-role.yml | 4 ++-- .../tasks/datastage_instance_authorization.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/tasks/change-cpd-admin-password-non-iam.yml b/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/tasks/change-cpd-admin-password-non-iam.yml index 622fc791f..f4b600609 100644 --- a/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/tasks/change-cpd-admin-password-non-iam.yml +++ b/automation-roles/50-install-cloud-pak/cp4d/cp4d-cluster/tasks/change-cpd-admin-password-non-iam.yml @@ -2,7 +2,7 @@ - name: Set new password for user {{ cp4d_login_username }} shell: | curl -s -k -X POST https://{{ cp4d_url.stdout }}/icp4d-api/v1/changepassword \ - -H 'Authorization: Bearer {{ _cp4d_login_result.json.token }}' \ + -H 'Authorization: Bearer {{ _cp4d_bearer_token }}' \ -H 'Content-Type: multipart/form-data' \ -H 'cache-control: no-cache' \ -F current_password={{ _current_cp4d_admin_password }} \ diff --git a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-roles/tasks/handle-custom-role.yml b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-roles/tasks/handle-custom-role.yml index b8d44e920..bbbcfc54a 100644 --- a/automation-roles/60-configure-cloud-pak/cp4d/cp4d-roles/tasks/handle-custom-role.yml +++ b/automation-roles/60-configure-cloud-pak/cp4d/cp4d-roles/tasks/handle-custom-role.yml @@ -17,7 +17,7 @@ runcpdrolecreate () { \ {{ role_path }}/files/create_cp4d_role.sh \ https://{{ cp4d_url.stdout }} \ - "{{ _cp4d_login_result.json.token }}" \ + "{{ _cp4d_bearer_token }}" \ "{{ _cp4d_role_name }}" \ "{{ _cp4d_role_description }}" \ "{{ _cp4d_role_permissions }}" |& \ @@ -31,7 +31,7 @@ runcpdroledelete () { \ {{ role_path }}/files/delete_cp4d_role.sh \ https://{{ cp4d_url.stdout }} \ - "{{ _cp4d_login_result.json.token }}" \ + "{{ _cp4d_bearer_token }}" \ "{{ _cp4d_role_name }}" |& \ tee -a {{status_dir}}/log/cp4d_{{ current_cp4d_cluster.openshift_cluster_name }}_{{ current_cp4d_cluster.project }}_role.log; \ return "${PIPESTATUS[0]}"; }; \ diff --git a/automation-roles/60-configure-cloud-pak/cp4d/instance_configuration/tasks/datastage_instance_authorization.yml b/automation-roles/60-configure-cloud-pak/cp4d/instance_configuration/tasks/datastage_instance_authorization.yml index 38f2571e5..7f41f709f 100644 --- a/automation-roles/60-configure-cloud-pak/cp4d/instance_configuration/tasks/datastage_instance_authorization.yml +++ b/automation-roles/60-configure-cloud-pak/cp4d/instance_configuration/tasks/datastage_instance_authorization.yml @@ -15,7 +15,7 @@ runcpddatastageauthorization () { \ {{ role_path }}/files/assign_datastage_authorization.sh \ https://{{ cp4d_url.stdout }} \ - "{{ _cp4d_login_result.json.token }}" \ + "{{ _cp4d_bearer_token }}" \ "{{ _datastage_instance }}" \ "{{ _cp4d_user_group_name }}" \ "{{ _datastage_instance_role }}" |& \