From d6eefa252dd949d12a1a366108f4746ed18eea1e Mon Sep 17 00:00:00 2001 From: Beto Rodriguez Date: Wed, 9 Oct 2024 14:24:11 -0600 Subject: [PATCH 1/8] Apply mirroring config to the Agent Service Config In disconnected environment the Agents service config must have information about mirroring settings in order to pull images using during Agents discovery. --- .../acm_setup/tasks/get-mirroring-config.yml | 50 +++++++++++++++++++ roles/acm_setup/tasks/main.yml | 9 ++++ 2 files changed, 59 insertions(+) create mode 100644 roles/acm_setup/tasks/get-mirroring-config.yml diff --git a/roles/acm_setup/tasks/get-mirroring-config.yml b/roles/acm_setup/tasks/get-mirroring-config.yml new file mode 100644 index 000000000..da8255dd4 --- /dev/null +++ b/roles/acm_setup/tasks/get-mirroring-config.yml @@ -0,0 +1,50 @@ +--- +- name: "Get current worker's MCP" + community.kubernetes.k8s_info: + api_version: machineconfiguration.openshift.io/v1 + kind: MachineConfigPool + name: worker + register: _acm_setup_worker_mcp + no_log: true + +- name: "Get current worker's Machine Configs" + vars: + acm_mc: "{{ _acm_setup_worker_mcp.resources[0].spec.configuration.name }}" + community.kubernetes.k8s_info: + api_version: machineconfiguration.openshift.io/v1 + kind: MachineConfig + name: "{{ acm_mc }}" + register: _acm_setup_worker_mc + no_log: true + +- name: "Get cluster user-ca certificate" + community.kubernetes.k8s_info: + api: v1 + kind: ConfigMap + name: "user-ca-bundle" + namespace: openshift-config + register: _acm_setup_user_ca_bundle + no_log: true + +- name: "Create a Config map with registry entries and CA bundle" + vars: + acm_user_ca_bundle: '{{ _acm_setup_user_ca_bundle.resources[0].data["ca-bundle.crt"] }}' + registry_config: "{{ _acm_setup_worker_mc | json_query('resources[0].spec.config.storage.files[?path==`/etc/containers/registries.conf`].contents.source') | + first | regex_replace('^data:.*;base64,', '') | b64decode }}" + cm_def: | + apiVersion: v1 + kind: ConfigMap + metadata: + name: mirror-registry-config-map + namespace: multicluster-engine + labels: + app: assisted-service + data: + registries.conf: | + {{ registry_config | indent(4) }} + ca-bundle.crt: | + {{ acm_user_ca_bundle | indent(4) }} + community.kubernetes.k8s: + state: present + definition: "{{ cm_def }}" +... diff --git a/roles/acm_setup/tasks/main.yml b/roles/acm_setup/tasks/main.yml index ac6977f83..cef944e60 100644 --- a/roles/acm_setup/tasks/main.yml +++ b/roles/acm_setup/tasks/main.yml @@ -255,6 +255,11 @@ namespace: multicluster-engine register: _asg +- name: "Get Hub Cluster mirroring configuration" + ansible.builtin.include_tasks: get-mirroring-config.yml + when: + - hub_disconnected + - name: "Create the Agent Service config" when: _asg.resources | length == 0 vars: @@ -295,6 +300,10 @@ {% if hub_os_images is defined %} osImages: {{ hub_os_images }} {% endif %} + {% if hub_disconnected %} + mirrorRegistryRef: + name: mirror-registry-config-map + {% endif %} community.kubernetes.k8s: state: present definition: "{{ agent_def }}" From e5289b3436471fcc512db16a87c86899aceb8a87 Mon Sep 17 00:00:00 2001 From: Jose Alberto Rodriguez Date: Fri, 11 Oct 2024 16:56:03 -0600 Subject: [PATCH 2/8] Update roles/acm_setup/tasks/main.yml Co-authored-by: Tony Garcia --- roles/acm_setup/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/acm_setup/tasks/main.yml b/roles/acm_setup/tasks/main.yml index cef944e60..bf4566f2f 100644 --- a/roles/acm_setup/tasks/main.yml +++ b/roles/acm_setup/tasks/main.yml @@ -258,7 +258,7 @@ - name: "Get Hub Cluster mirroring configuration" ansible.builtin.include_tasks: get-mirroring-config.yml when: - - hub_disconnected + - hub_disconnected | bool - name: "Create the Agent Service config" when: _asg.resources | length == 0 From 466f3c7953f09b0b928730f786a6363ba19a2fa4 Mon Sep 17 00:00:00 2001 From: Jose Alberto Rodriguez Date: Fri, 11 Oct 2024 16:56:12 -0600 Subject: [PATCH 3/8] Update roles/acm_setup/tasks/main.yml Co-authored-by: Tony Garcia --- roles/acm_setup/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/acm_setup/tasks/main.yml b/roles/acm_setup/tasks/main.yml index bf4566f2f..1ca3d2062 100644 --- a/roles/acm_setup/tasks/main.yml +++ b/roles/acm_setup/tasks/main.yml @@ -300,7 +300,7 @@ {% if hub_os_images is defined %} osImages: {{ hub_os_images }} {% endif %} - {% if hub_disconnected %} + {% if hub_disconnected | bool %} mirrorRegistryRef: name: mirror-registry-config-map {% endif %} From 08cdd2dca72c51969950de06dea001b9f45738a0 Mon Sep 17 00:00:00 2001 From: Beto Rodriguez Date: Fri, 11 Oct 2024 20:38:03 -0600 Subject: [PATCH 4/8] use Master's MC --- roles/acm_setup/tasks/get-mirroring-config.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/roles/acm_setup/tasks/get-mirroring-config.yml b/roles/acm_setup/tasks/get-mirroring-config.yml index da8255dd4..db46c5e2f 100644 --- a/roles/acm_setup/tasks/get-mirroring-config.yml +++ b/roles/acm_setup/tasks/get-mirroring-config.yml @@ -1,20 +1,20 @@ --- -- name: "Get current worker's MCP" +- name: "Get current master's MCP" community.kubernetes.k8s_info: api_version: machineconfiguration.openshift.io/v1 kind: MachineConfigPool - name: worker - register: _acm_setup_worker_mcp + name: master + register: _acm_setup_master_mcp no_log: true -- name: "Get current worker's Machine Configs" +- name: "Get current master's Machine Configs" vars: - acm_mc: "{{ _acm_setup_worker_mcp.resources[0].spec.configuration.name }}" + acm_mc: "{{ _acm_setup_master_mcp.resources[0].spec.configuration.name }}" community.kubernetes.k8s_info: api_version: machineconfiguration.openshift.io/v1 kind: MachineConfig name: "{{ acm_mc }}" - register: _acm_setup_worker_mc + register: _acm_setup_master_mc no_log: true - name: "Get cluster user-ca certificate" @@ -29,8 +29,8 @@ - name: "Create a Config map with registry entries and CA bundle" vars: acm_user_ca_bundle: '{{ _acm_setup_user_ca_bundle.resources[0].data["ca-bundle.crt"] }}' - registry_config: "{{ _acm_setup_worker_mc | json_query('resources[0].spec.config.storage.files[?path==`/etc/containers/registries.conf`].contents.source') | - first | regex_replace('^data:.*;base64,', '') | b64decode }}" + registry_config: "{{ (_acm_setup_master_mc | json_query('resources[0].spec.config.storage.files[?path==`/etc/containers/registries.conf`].contents.source'))[0] | + regex_replace('^data:.*;base64,', '') | b64decode }}" cm_def: | apiVersion: v1 kind: ConfigMap From 5754dff4f1aeb7f5f9e415c74bebc4abc771d413 Mon Sep 17 00:00:00 2001 From: Beto Rodriguez Date: Mon, 14 Oct 2024 13:44:47 -0600 Subject: [PATCH 5/8] Enable debug --- roles/acm_setup/tasks/get-mirroring-config.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/acm_setup/tasks/get-mirroring-config.yml b/roles/acm_setup/tasks/get-mirroring-config.yml index db46c5e2f..6c9b6ad12 100644 --- a/roles/acm_setup/tasks/get-mirroring-config.yml +++ b/roles/acm_setup/tasks/get-mirroring-config.yml @@ -5,7 +5,7 @@ kind: MachineConfigPool name: master register: _acm_setup_master_mcp - no_log: true + no_log: false - name: "Get current master's Machine Configs" vars: @@ -15,7 +15,7 @@ kind: MachineConfig name: "{{ acm_mc }}" register: _acm_setup_master_mc - no_log: true + no_log: false - name: "Get cluster user-ca certificate" community.kubernetes.k8s_info: @@ -24,7 +24,7 @@ name: "user-ca-bundle" namespace: openshift-config register: _acm_setup_user_ca_bundle - no_log: true + no_log: false - name: "Create a Config map with registry entries and CA bundle" vars: From b5cfc0dac3a78263f795de51ebdab27c4b70c44f Mon Sep 17 00:00:00 2001 From: Beto Rodriguez Date: Mon, 14 Oct 2024 18:00:25 -0600 Subject: [PATCH 6/8] Retry --- roles/acm_setup/tasks/get-mirroring-config.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/roles/acm_setup/tasks/get-mirroring-config.yml b/roles/acm_setup/tasks/get-mirroring-config.yml index 6c9b6ad12..cec405880 100644 --- a/roles/acm_setup/tasks/get-mirroring-config.yml +++ b/roles/acm_setup/tasks/get-mirroring-config.yml @@ -7,7 +7,7 @@ register: _acm_setup_master_mcp no_log: false -- name: "Get current master's Machine Configs" +- name: "Get current master's Machine Config" vars: acm_mc: "{{ _acm_setup_master_mcp.resources[0].spec.configuration.name }}" community.kubernetes.k8s_info: @@ -16,6 +16,12 @@ name: "{{ acm_mc }}" register: _acm_setup_master_mc no_log: false + until: > + _acm_setup_master_mc is defined + and _acm_setup_master_mc.resources is defined + and _acm_setup_master_mc.resources | length == 1 + retries: 10 + delay: 15 - name: "Get cluster user-ca certificate" community.kubernetes.k8s_info: From 70e7869028c4c641b68e0940200c2ac6b8c66914 Mon Sep 17 00:00:00 2001 From: Beto Rodriguez Date: Mon, 14 Oct 2024 21:09:58 -0600 Subject: [PATCH 7/8] Rename vars --- roles/acm_setup/tasks/get-mirroring-config.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/roles/acm_setup/tasks/get-mirroring-config.yml b/roles/acm_setup/tasks/get-mirroring-config.yml index cec405880..9e981963a 100644 --- a/roles/acm_setup/tasks/get-mirroring-config.yml +++ b/roles/acm_setup/tasks/get-mirroring-config.yml @@ -5,17 +5,17 @@ kind: MachineConfigPool name: master register: _acm_setup_master_mcp - no_log: false + no_log: true - name: "Get current master's Machine Config" vars: - acm_mc: "{{ _acm_setup_master_mcp.resources[0].spec.configuration.name }}" + acm_machine_config: "{{ _acm_setup_master_mcp.resources[0].spec.configuration.name }}" community.kubernetes.k8s_info: api_version: machineconfiguration.openshift.io/v1 kind: MachineConfig - name: "{{ acm_mc }}" + name: "{{ acm_machine_config }}" register: _acm_setup_master_mc - no_log: false + no_log: true until: > _acm_setup_master_mc is defined and _acm_setup_master_mc.resources is defined @@ -30,14 +30,14 @@ name: "user-ca-bundle" namespace: openshift-config register: _acm_setup_user_ca_bundle - no_log: false + no_log: true - name: "Create a Config map with registry entries and CA bundle" vars: acm_user_ca_bundle: '{{ _acm_setup_user_ca_bundle.resources[0].data["ca-bundle.crt"] }}' registry_config: "{{ (_acm_setup_master_mc | json_query('resources[0].spec.config.storage.files[?path==`/etc/containers/registries.conf`].contents.source'))[0] | regex_replace('^data:.*;base64,', '') | b64decode }}" - cm_def: | + mirror_cm_def: | apiVersion: v1 kind: ConfigMap metadata: @@ -52,5 +52,5 @@ {{ acm_user_ca_bundle | indent(4) }} community.kubernetes.k8s: state: present - definition: "{{ cm_def }}" + definition: "{{ mirror_cm_def }}" ... From 01d3063e57ae1700cd46b053d301ceaf0cbaa4e8 Mon Sep 17 00:00:00 2001 From: Beto Rodriguez Date: Tue, 15 Oct 2024 16:12:34 -0600 Subject: [PATCH 8/8] Remove condition --- roles/acm_setup/tasks/get-mirroring-config.yml | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/roles/acm_setup/tasks/get-mirroring-config.yml b/roles/acm_setup/tasks/get-mirroring-config.yml index 9e981963a..66a19b54b 100644 --- a/roles/acm_setup/tasks/get-mirroring-config.yml +++ b/roles/acm_setup/tasks/get-mirroring-config.yml @@ -16,12 +16,6 @@ name: "{{ acm_machine_config }}" register: _acm_setup_master_mc no_log: true - until: > - _acm_setup_master_mc is defined - and _acm_setup_master_mc.resources is defined - and _acm_setup_master_mc.resources | length == 1 - retries: 10 - delay: 15 - name: "Get cluster user-ca certificate" community.kubernetes.k8s_info: @@ -34,7 +28,7 @@ - name: "Create a Config map with registry entries and CA bundle" vars: - acm_user_ca_bundle: '{{ _acm_setup_user_ca_bundle.resources[0].data["ca-bundle.crt"] }}' + acm_user_ca_bundle: "{{ _acm_setup_user_ca_bundle.resources[0].data['ca-bundle.crt'] }}" registry_config: "{{ (_acm_setup_master_mc | json_query('resources[0].spec.config.storage.files[?path==`/etc/containers/registries.conf`].contents.source'))[0] | regex_replace('^data:.*;base64,', '') | b64decode }}" mirror_cm_def: |