openshift: switch to oc-mirror v2

karmab · Dec 21, 2024 · d530e8c · d530e8c
1 parent 851cbc1
commit d530e8c
Show file tree

Hide file tree

Showing 11 changed files with 158 additions and 219 deletions.
diff --git a/kvirt/cluster/openshift/__init__.py b/kvirt/cluster/openshift/__init__.py
@@ -21,13 +21,25 @@
 from tempfile import TemporaryDirectory
 from time import sleep
 from urllib.request import urlopen, Request
-from yaml import safe_dump, safe_load
+from yaml import safe_dump, safe_load, safe_load_all, safe_dump_all
 
 
 virt_providers = ['kvm', 'kubevirt', 'openstack', 'ovirt', 'proxmox', 'vsphere']
 cloud_providers = ['aws', 'azure', 'gcp', 'ibm', 'hcloud']
 
 
+def patch_oc_mirror(clusterdir):
+    for _fic in [f'{clusterdir}/idms-oc-mirror.yaml', f'{clusterdir}/itms-oc-mirror.yaml']:
+        if not os.path.exists(_fic):
+            continue
+        entries = []
+        for document in safe_load_all(open(_fic)):
+            if 'release' not in document['metadata']['name']:
+                entries.append(document)
+        with open(_fic, 'w') as f:
+            safe_dump_all(entries, f, default_flow_style=False, encoding='utf-8', allow_unicode=True)
+
+
 def aws_credentials(config):
     if os.path.exists(os.path.expanduser('~/.aws/credentials')):
         return
@@ -140,8 +152,8 @@ def update_disconnected_registry(config, plandir, cluster, data):
          shell=True)
     pprint("Updating disconnected registry")
     synccmd = f"oc adm release mirror -a {pull_secret_path} --from={get_release_image()} "
-    synccmd += f"--to-release-image={disconnected_url}/openshift/release-images:{tag}-{arch} "
-    synccmd += f"--to={disconnected_url}/openshift/release"
+    synccmd += f"--to-release-image={disconnected_url}/openshift/release-dev/ocp-release:{tag}-{arch} "
+    synccmd += f"--to={disconnected_url}/openshift-release-dev/ocp-release"
     pprint(f"Running {synccmd}")
     call(synccmd, shell=True)
     extra_releases = data.get('disconnected_extra_releases', [])
@@ -150,8 +162,8 @@ def update_disconnected_registry(config, plandir, cluster, data):
         for extra_release in extra_releases:
             tag_and_arch = re.search(r":(.+)$", extra_release).group(1)
             synccmd = f"oc adm release mirror -a {pull_secret_path} --from={extra_release} "
-            synccmd += f"--to-release-image={disconnected_url}/openshift/release-images:{tag_and_arch} "
-            synccmd += f"--to={disconnected_url}/openshift/release"
+            synccmd += f"--to-release-image={disconnected_url}/openshift-release-dev/ocp-release:{tag_and_arch} "
+            synccmd += f"--to={disconnected_url}/openshift-release-dev/ocp-release"
             pprint(f"Running {synccmd}")
             call(synccmd, shell=True)
     if which('oc-mirror') is None:
@@ -793,13 +805,13 @@ def create(config, plandir, cluster, overrides, dnsconfig=None):
     disconnected_update = data['disconnected_update']
     disconnected_reuse = data['disconnected_reuse']
     disconnected_operators = data['disconnected_operators']
-    disconnected_certified_operators = data['disconnected_certified_operators']
-    disconnected_community_operators = data['disconnected_community_operators']
-    disconnected_marketplace_operators = data['disconnected_marketplace_operators']
+    certified_operators = data['disconnected_certified_operators']
+    community_operators = data['disconnected_community_operators']
+    marketplace_operators = data['disconnected_marketplace_operators']
     disconnected_url = data['disconnected_url']
     disconnected_user = data['disconnected_user']
     disconnected_password = data['disconnected_password']
-    operators = len(disconnected_operators + disconnected_certified_operators + disconnected_marketplace_operators) > 0
+    operators = disconnected_operators + community_operators + certified_operators + marketplace_operators
     disconnected = data['disconnected']
     disconnected_vm = data['disconnected_vm'] or (disconnected_url is None and (disconnected or operators))
     ipsec = data['ipsec']
@@ -829,6 +841,12 @@ def create(config, plandir, cluster, overrides, dnsconfig=None):
     if str(tag) == '4.1':
         tag = '4.10'
         data['tag'] = tag
+    if '0-ec.' in str(tag):
+        version = 'dev-preview'
+        data['version'] = version
+    elif float(tag) > float(OPENSHIFT_TAG):
+        version = 'ci'
+        data['version'] = version
     if os.path.exists('coreos-installer'):
         pprint("Removing old coreos-installer")
         os.remove('coreos-installer')
@@ -1010,10 +1028,8 @@ def create(config, plandir, cluster, overrides, dnsconfig=None):
         update_pull_secret(pull_secret, disconnected_url, disconnected_user, disconnected_password)
         data['ori_tag'] = tag
         if '/' not in str(tag):
-            tag = f'{disconnected_url}/openshift/release-images:{tag}-{arch}'
+            tag = f'{disconnected_url}/openshift-release-dev/ocp-release:{tag}-{arch}'
             os.environ['OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE'] = tag
-        pprint(f"Setting OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE to {tag}")
-        data['openshift_release_image'] = tag
         if 'ca' not in data and 'quay.io' not in disconnected_url:
             pprint(f"Trying to gather registry ca cert from {disconnected_url}")
             cacmd = f"openssl s_client -showcerts -connect {disconnected_url} </dev/null 2>/dev/null|"
@@ -1103,9 +1119,7 @@ def create(config, plandir, cluster, overrides, dnsconfig=None):
         disconnected_overrides = data.copy()
         disconnected_overrides['kube'] = f"{cluster}-reuse" if disconnected_reuse else cluster
         disconnected_overrides['openshift_version'] = INSTALLER_VERSION
-        disconnected_overrides['disconnected_operators_version'] = 'v' + '.'.join(INSTALLER_VERSION.split('.')[:-1])
-        disconnected_overrides['openshift_release_image'] = get_release_image()
-        data['openshift_release_image'] = disconnected_overrides['openshift_release_image']
+        disconnected_overrides['disconnected_operators_version'] = f"4.{INSTALLER_VERSION.split('.')[1]}"
         x_apps = ['users', 'autolabeller', 'metal3', 'nfs']
         disconnected_operators_2 = [o['name'] for o in disconnected_operators if isinstance(o, dict) and 'name' in o]
         for app in apps:
@@ -1143,47 +1157,12 @@ def create(config, plandir, cluster, overrides, dnsconfig=None):
                          tunnelhost=config.tunnelhost, tunnelport=config.tunnelport, tunneluser=config.tunneluser,
                          insecure=True, cmd=versioncmd, vmport=disconnected_vmport)
         disconnected_version = os.popen(versioncmd).read().strip()
-        if disconnected_operators or disconnected_certified_operators or disconnected_community_operators or\
-           disconnected_marketplace_operators:
-            source = "/root/imageContentSourcePolicy.yaml"
-            destination = f"{clusterdir}/imageContentSourcePolicy.yaml"
-            scpcmd = scp(disconnected_vm, ip=disconnected_ip, user='root', source=source,
-                         destination=destination, tunnel=config.tunnel, tunnelhost=config.tunnelhost,
-                         tunnelport=config.tunnelport, tunneluser=config.tunneluser, download=True, insecure=True,
-                         vmport=disconnected_vmport)
-            os.system(scpcmd)
-        if disconnected_operators:
-            source = "/root/catalogSource-cs-redhat-operator-index.yaml"
-            destination = f"{clusterdir}/catalogSource-redhat.yaml"
-            scpcmd = scp(disconnected_vm, ip=disconnected_ip, user='root', source=source,
-                         destination=destination, tunnel=config.tunnel, tunnelhost=config.tunnelhost,
-                         tunnelport=config.tunnelport, tunneluser=config.tunneluser, download=True, insecure=True,
-                         vmport=disconnected_vmport)
-            os.system(scpcmd)
-        if disconnected_certified_operators:
-            source = "/root/catalogSource-certified-operator-index.yaml"
-            destination = f"{clusterdir}/catalogSource-certified.yaml"
-            scpcmd = scp(disconnected_vm, ip=disconnected_ip, user='root', source=source,
-                         destination=destination, tunnel=config.tunnel, tunnelhost=config.tunnelhost,
-                         tunnelport=config.tunnelport, tunneluser=config.tunneluser, download=True, insecure=True,
-                         vmport=disconnected_vmport)
-            os.system(scpcmd)
-        if disconnected_community_operators:
-            source = "/root/catalogSource-community-operator-index.yaml"
-            destination = f"{clusterdir}/catalogSource-community.yaml"
-            scpcmd = scp(disconnected_vm, ip=disconnected_ip, user='root', source=source,
-                         destination=destination, tunnel=config.tunnel, tunnelhost=config.tunnelhost,
-                         tunnelport=config.tunnelport, tunneluser=config.tunneluser, download=True, insecure=True,
-                         vmport=disconnected_vmport)
-            os.system(scpcmd)
-        if disconnected_marketplace_operators:
-            source = "/root/catalogSource-redhat-marketplace-index.yaml"
-            destination = f"{clusterdir}/catalogSource-marketplace.yaml"
-            scpcmd = scp(disconnected_vm, ip=disconnected_ip, user='root', source=source,
-                         destination=destination, tunnel=config.tunnel, tunnelhost=config.tunnelhost,
-                         tunnelport=config.tunnelport, tunneluser=config.tunneluser, download=True, insecure=True,
-                         vmport=disconnected_vmport)
+        for source in ["'cs-*.yaml'", "'i*oc-mirror.yaml'"]:
+            scpcmd = scp(disconnected_vm, ip=disconnected_ip, user='root', source=source, destination=clusterdir,
+                         tunnel=config.tunnel, tunnelhost=config.tunnelhost, tunnelport=config.tunnelport,
+                         tunneluser=config.tunneluser, download=True, insecure=True, vmport=disconnected_vmport)
             os.system(scpcmd)
+        patch_oc_mirror(clusterdir)
         os.environ['OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE'] = disconnected_version
         pprint(f"Setting OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE to {disconnected_version}")
     data['pull_secret_path'] = pull_secret
@@ -1266,7 +1245,7 @@ def create(config, plandir, cluster, overrides, dnsconfig=None):
     for yamlfile in glob(f"{clusterdir}/*.yaml"):
         if os.stat(yamlfile).st_size == 0:
             warning(f"Skipping empty file {yamlfile}")
-        elif 'catalogSource' in yamlfile or 'imageContentSourcePolicy' in yamlfile:
+        elif yamlfile.startswith(f'{clusterdir}/cs-') or 'oc-mirror' in yamlfile:
             copy2(yamlfile, f"{clusterdir}/openshift")
     network_type = data['network_type']
     if network_type == 'Calico':

diff --git a/kvirt/cluster/openshift/disconnected.yml b/kvirt/cluster/openshift/disconnected.yml
@@ -32,5 +32,7 @@
 {% endif %}
  - path: /root/haproxy.cfg
    origin: disconnected/haproxy.cfg
+ - path: /root/mirror-config.yaml
+   origin: disconnected/mirror-config.yaml
  cmds:
  - bash /root/scripts/deploy.sh
diff --git a/...nnected/scripts/mirror-config.yaml.sample → ...openshift/disconnected/mirror-config.yaml b/...nnected/scripts/mirror-config.yaml.sample → ...openshift/disconnected/mirror-config.yaml
@@ -1,23 +1,37 @@
-apiVersion: mirror.openshift.io/v1alpha2
+{% set release =  '4.' + (tag|string).split('.')[1] if tag|count('.') > 1 else tag %}
+{% set kcli_images = ["quay.io/karmab/curl:multi", "quay.io/karmab/origin-coredns:multi", "quay.io/karmab/haproxy:multi", "quay.io/karmab/origin-keepalived-ipfailover:multi", "quay.io/karmab/mdns-publisher:multi", "quay.io/karmab/kubectl:multi"] %}
+{% if async|default(False) %}
+{% do kcli_images.append("quay.io/karmab/kcli:latest") %}
+{% endif %}
+
+apiVersion: mirror.openshift.io/v2alpha1
 kind: ImageSetConfiguration
-storageConfig:
-  registry:
-    imageURL: {{ disconnected_url or '$LOCAL_REGISTRY' }}/openshift/release/metadata:latest
 mirror:
-{% if extra_images is defined %}
+  platform:
+    graph: false
+{% if version in ['ci', 'nightly'] %}
+    release: registry.ci.openshift.org/ocp/release:{{ tag }}
+{% else %}
+    channels:
+    - name: {{ 'candidate' if version == 'dev-preview' else 'stable' }}-{{ release }}
+{% if tag|count('.') > 1 %}
+      minVersion: {{ tag }}
+      maxVersion: {{ tag }}
+{% endif %}
+{% endif %}
+    architectures:
+#   - multi
+    - amd64
   additionalImages:
-{% for image in extra_images %}
+{% for image in kcli_images + extra_images|default([]) %}
   - name: {{ image }}
 {% endfor %}
-{% endif %}
-  operators: # Operators we want to mirror
+{% set operators = disconnected_operators|default([]) + disconnected_certified_operators|default([]) + disconnected_community_operators|default([]) + disconnected_marketplace_operators|default([]) %}
+{% if operators %}
+  operators:
 {% if disconnected_operators|default([]) %}
-{% if disconnected_operators_version %}
-{% set catalog = 'quay.io/prega/prega-operator-index' if prega else 'registry.redhat.io/redhat/redhat-operator-index' %}
-  - catalog: {{ catalog }}:{{ disconnected_operators_version }}
-{% else %}
-  - catalog: registry.redhat.io/redhat/redhat-operator-index:v{{ '4.' + (tag|string).split('.')[1] if tag|count('.') > 1 else tag }}
-{% endif %}
+{% set catalog = 'quay.io/prega/prega-operator-index' if prega|default(False) else 'registry.redhat.io/redhat/redhat-operator-index' %}
+  - catalog: {{ catalog }}:v{{ disconnected_operators_version or release_tag }}
     packages:
 {% for package in disconnected_operators %}
 {% if package.name is defined %}
@@ -46,11 +60,7 @@ mirror:
 {% endfor %}
 {% endif %}
 {% if disconnected_certified_operators|default([]) %}
-{% if disconnected_certified_operators_version %}
-  - catalog: registry.redhat.io/redhat/certified-operator-index:{{ disconnected_certified_operators_version }}
-{% else %}
-  - catalog: registry.redhat.io/redhat/certified-operator-index:v{{ tag }}
-{% endif %}
+  - catalog: registry.redhat.io/redhat/certified-operator-index:{{ disconnected_certified_operators_version or release_tag }}
     packages:
 {% for package in disconnected_certified_operators %}
 {% if package.name is defined %}
@@ -79,11 +89,7 @@ mirror:
 {% endfor %}
 {% endif %}
 {% if disconnected_community_operators|default([]) %}
-{% if disconnected_community_operators_version %}
-  - catalog: registry.redhat.io/redhat/community-operator-index:{{ disconnected_community_operators_version }}
-{% else %}
-  - catalog: registry.redhat.io/redhat/community-operator-index:v{{ tag }}
-{% endif %}
+  - catalog: registry.redhat.io/redhat/community-operator-index:v{{ disconnected_community_operators_version or release_tag }}
     packages:
 {% for package in disconnected_community_operators %}
 {% if package.name is defined %}
@@ -112,11 +118,7 @@ mirror:
 {% endfor %}
 {% endif %}
 {% if disconnected_marketplace_operators|default([]) %}
-{% if disconnected_marketplace_operators_version %}
-  - catalog: registry.redhat.io/redhat/redhat-marketplace-index:{{ disconnected_marketplace_operators_version }}
-{% else %}
-  - catalog: registry.redhat.io/redhat/redhat-marketplace-index:v{{ tag }}
-{% endif %}
+  - catalog: registry.redhat.io/redhat/redhat-marketplace-index:v{{ disconnected_marketplace_operators_version or tag }}
     packages:
 {% for package in disconnected_marketplace_operators %}
 {% if package.name is defined %}
@@ -144,6 +146,7 @@ mirror:
 {% endif %}
 {% endfor %}
 {% endif %}
+{% endif %}
 {% if disconnected_extra_catalogs|default([]) %}
 {% for catalog_image in disconnected_extra_catalogs %}
   - catalog: {{ catalog_image }}

diff --git a/kvirt/cluster/openshift/disconnected/scripts/03_mirror.sh b/kvirt/cluster/openshift/disconnected/scripts/03_mirror.sh
diff --git a/kvirt/cluster/openshift/disconnected/scripts/04_extras.sh b/kvirt/cluster/openshift/disconnected/scripts/04_extras.sh