this now

collections/ansible_collections/demo/openshift/roles/cluster_config/README.md

@@ -0,0 +1,131 @@
+Role Name
+=========
+
+This Ansible role helps configure Operators on the Openshift Cluster to support VM migrations. Tasks include
+- Configure Catalog Sources to use mirroring repository for Operators
+- Create and configure Operators
+
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+The task `operators/catalog_sources.yml` needs following variables:
+
+- **Variable Name**: `cluster_config_catalog_sources`
+  - **Type**: List
+  - **Description**: A list of custom CatalogSources configurations used as loop variables to generate Kubernetes manifest files from the  template `catalog_source.j2` for CatalogSource. If the variable is not available, no manifest is created.
+  - **Example**:
+    ```yaml
+    cluster_config_catalog_sources:
+      - name: redhat-marketplace2
+        source_type: grpc
+        display_name: Mirror to Red Hat Marketplace
+        image_path: internal-registry.example.com/operator:v1
+        priority: '-300'
+        icon:
+          base64data: ''
+          mediatype: ''
+        publisher: redhat
+        address: ''
+        grpc_pod_config: |
+          nodeSelector:
+            kubernetes.io/os: linux
+            node-role.kubernetes.io/master: ''
+          priorityClassName: system-cluster-critical
+          securityContextConfig: restricted
+          tolerations:
+            - effect: NoSchedule
+              key: node-role.kubernetes.io/master
+              operator: Exists
+            - effect: NoExecute
+              key: node.kubernetes.io/unreachable
+              operator: Exists
+              tolerationSeconds: 120
+            - effect: NoExecute
+              key: node.kubernetes.io/not-ready
+              operator: Exists
+              tolerationSeconds: 120
+        registry_poll_interval: 10m
+    ```
+
+The task `operators/operator_config.yaml` needs following variables:
+
+- **Variable Name**: `cluster_config_operators`
+  - **Type**: List
+  - **Description**: A list of operators to be installed on OCP cluster
+- **Variable Name**: `cluster_config_[OPERATOR_NAME]`  
+  - **Type**: Dict
+  - **Description**: Configuration specific to each operator listed in `cluster_config_operators`. Includes settings for namespace, operator group, subscription, and any extra resources
+  - **Example**: Assume the `cluster_config_operators` specifies these operators:
+  ```yaml
+  cluster_config_operators:
+    - cnv
+    - oadp
+  ```
+  then the corresponding `cluster_config_mtv` and `cluster_config_cnv` can be configured as following:
+  ```yaml
+  cluster_config_cnv_namespace: openshift-cnv
+  cluster_config_cnv:
+  namespace: 
+    name: "{{ cluster_config_cnv_namespace }}"
+  operator_group:
+    name: kubevirt-hyperconverged-group
+    target_namespaces: 
+      - "{{ cluster_config_cnv_namespace }}"
+  subscription:
+    name: kubevirt-hyperconverged
+    starting_csv: kubevirt-hyperconverged-operator.v4.13.8
+  extra_resources:
+    - apiVersion: hco.kubevirt.io/v1beta1
+      kind: HyperConverged
+      metadata:
+        name: kubevirt-hyperconverged
+        namespace: "{{ cluster_config_cnv_namespace }}"
+      spec:
+        BareMetalPlatform: true
+  
+  cluster_config_oadp_namespace: openshift-adp
+  cluster_config_oadp:
+  namespace: 
+    name: "{{ cluster_config_oadp_namespace }}"
+  operator_group:
+    name: redhat-oadp-operator-group
+    target_namespaces: 
+      - "{{ cluster_config_oadp_namespace }}"
+  subscription:
+    name: redhat-oadp-operator-subscription
+    spec_name: redhat-oadp-operator 
+  ```
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+An example of configuring a CatalogSource resource:
+```
+- name: Configure Catalog Sources for Operators
+  hosts: localhost
+  gather_facts: false
+  tasks:
+    - ansible.builtin.include_role: 
+        name: cluster_config
+        tasks_from: operators/catalog_sources
+```
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

collections/ansible_collections/demo/openshift/roles/cluster_config/defaults/main.yml

@@ -0,0 +1,23 @@
+---
+# defaults file for cluster_config
+cluster_config_operators:
+  - cnv
+
+cluster_config_cnv:
+  checkplan: true
+  namespace:
+    name: &cluster_config_cnv_namespace openshift-cnv
+  operator_group:
+    name: kubevirt-hyperconverged-group
+    target_namespaces:
+      - *cluster_config_cnv_namespace
+  subscription:
+    name: kubevirt-hyperconverged
+  extra_resources:
+    - apiVersion: hco.kubevirt.io/v1beta1
+      kind: HyperConverged
+      metadata:
+        name: kubevirt-hyperconverged
+        namespace: *cluster_config_cnv_namespace
+      spec:
+        BareMetalPlatform: true

collections/ansible_collections/demo/openshift/roles/cluster_config/handlers/main.yml

@@ -0,0 +1,2 @@
+---
+# handlers file for cluster_config

collections/ansible_collections/demo/openshift/roles/cluster_config/meta/main.yml

@@ -0,0 +1,52 @@
+galaxy_info:
+  author: your name
+  description: your role description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

collections/ansible_collections/demo/openshift/roles/cluster_config/tasks/main.yml

@@ -0,0 +1,3 @@
+---
+- name: Configure Operators
+  ansible.builtin.import_tasks: operators/operator_config.yml

collections/ansible_collections/demo/openshift/roles/cluster_config/tasks/ocp_install/main.yml

@@ -0,0 +1,5 @@
+---
+- import_tasks: prep.yml
+
+- import_tasks: ocp_install.yml
+...

collections/ansible_collections/demo/openshift/roles/cluster_config/tasks/ocp_install/ocp_install.yml

@@ -0,0 +1,9 @@
+---
+- name: Run IPI Installer
+  command: openshift-baremetal-install --dir={{ cluster_deploy_dir }}/{{ cluster_name }} create cluster
+  register: cluster_deploy
+  become_user: kni
+
+- debug:
+    var: cluster_deploy
+...

collections/ansible_collections/demo/openshift/roles/cluster_config/tasks/ocp_install/prep.yml

@@ -0,0 +1,109 @@
+---
+- name: Create new sudo user
+  shell: |
+    useradd kni
+    passwd kni
+    echo "kni ALL=(root) NOPASSWD:ALL" | tee -a /etc/sudoers.d/kni
+    chmod 0440 /etc/sudoers.d/kni
+    su - kni -c "ssh-keygen -t ed25519 -f /home/kni/.ssh/id_rsa -N ''"
+  become: true
+
+- name: Register provisioner node with RH subscription manager
+  shell: |
+    sudo subscription-manager register --username={{ rh_subscription_manager_user }} --password={{ rh_subscription_manager_pass }} --auto-attach
+    sudo subscription-manager repos --enable=rhel-9-for-{{ ansible_architecture }}-appstream-rpms --enable=rhel-9-for-{{ ansible_architecture }}-baseos-rpms
+  become_user: kni
+
+- name: Install packages using DNF
+  become_user: kni
+  dnf:
+    name: "{{ item }}"
+    state: present
+  loop:
+    - libvirt
+    - qemu-kvm
+    - mkisofs
+    - python3-devel
+    - jq
+    - ipmitool
+
+- name: Restart the firewalld service
+  become_user: kni
+  service:
+    name: firewalld
+    state: restarted
+
+- name: Add user to libvirt group
+  become_user: kni
+  user:
+    name: "kni"
+    groups: "libvirt"
+    append: yes
+
+- name: Enable firewalld http service
+  become_user: kni
+  shell: |
+    sudo firewall-cmd --zone=public --add-service=http --permanent
+    sudo firewall-cmd
+
+- name: Start and enable libvirtd
+  become_user: kni
+  service:
+    name: libvirtd
+    enabled: yes
+    state: started
+
+- name: Create default storage pool and start
+  become_user: kni
+  shell: |
+    sudo virsh pool-define-as --name default --type dir --target /var/lib/libvirt/images
+    sudo virsh pool-start default
+    sudo virsh pool-autostart default
+
+- name: Configure provisioner node networking
+  shell: |
+    sudo nohup bash -c "
+    nmcli con down \"{{ baremetal_nic_name }}\"
+    nmcli con delete \"{{ baremetal_nic_name }}\"
+    nmcli con down \"System {{ baremetal_nic_name }}\"
+    nmcli con delete \"System {{ baremetal_nic_name }}\"
+    nmcli connection add ifname baremetal type bridge con-name baremetal bridge.stp no
+    nmcli con add type bridge-slave ifname \"{{ baremetal_nic_name }}\" master baremetal
+    pkill dhclient;dhclient baremetal
+  become_user: kni
+
+- name: Create OCP deployment dir
+  file:
+    path: "{{ cluster_deploy_dir }}"
+    state: directory
+    recurse: yes
+    mode: '0755'
+
+- name: Create pull secret text file
+  copy:
+    content: "{{ ocp_pull_secret }}"
+    dest: "{{ cluster_deploy_dir }}/pull-secret.txt"
+
+- name: Retrieve OCP Install binary
+  shell: |
+    export RELEASE_IMAGE=$(curl -s https://mirror.openshift.com/pub/openshift-v4/{{ ansible_architecture }}/clients/ocp/{{ ocp_version }}/release.txt | grep 'Pull From: quay.io' | awk -F ' ' '{print $3}')
+    curl -s https://mirror.openshift.com/pub/openshift-v4/clients/ocp/$VERSION/openshift-client-linux.tar.gz | tar zxvf - oc
+    sudo cp oc /usr/local/bin
+    chmod +x /usr/local/bin/oc
+    oc adm release extract --registry-config "{{ cluster_deploy_dir }}/pull-secret.txt" --command=openshift-baremetal-install --to "{{ cluster_deploy_dir }}" ${RELEASE_IMAGE}
+    sudo cp {{ cluster_deploy_dir }}/openshift-baremetal-install /usr/local/bin
+    chmod +x /usr/local/bin/openshift-baremetal-install
+  become_user: kni
+
+- name: Create OCP cluster deployment dir
+  file:
+    path: "{{ cluster_deploy_dir }}/{{ cluster_name }}"
+    state: directory
+    recurse: yes
+    mode: '0755'
+
+- name: Copy install-config.yaml into cluster_deploy_dir
+  copy:
+    content: "{{ ocp_install_config }}"
+    dest: "{{ cluster_deploy_dir }}/{{ cluster_name }}/install-config.yaml"
+...

collections/ansible_collections/demo/openshift/roles/cluster_config/tasks/operators/_operator_config_item.yml

@@ -0,0 +1,36 @@
+- name: Retrieve Operator name
+  ansible.builtin.set_fact:
+    _operator: "{{ vars['cluster_config_' + _operator_name] }}"
+- name: Configure Operator {{ _operator_name }}
+  redhat.openshift.k8s:
+    state: present
+    template:
+      - operators/namespace.yml.j2
+      - operators/operator_group.yml.j2
+      - operators/subscription.yml.j2
+- name: Query for install plan
+  kubernetes.core.k8s_info:
+    api_version: operators.coreos.com/v1alpha1
+    kind: InstallPlan
+    namespace: "{{ _operator.namespace.name }}"
+  register: r_install_plans
+  retries: 30
+  delay: 5
+  until:
+    - r_install_plans.resources | default([]) | length > 0
+    - r_install_plans.resources[0].status is defined
+    - r_install_plans.resources[0].status.phase == "Complete"
+  when: 
+    - _operator.checkplan is defined 
+    - _operator.checkplan | bool
+
+- name: Configure extra resources for Operator {{ _operator_name }}
+  redhat.openshift.k8s:
+    state: present
+    definition: "{{ item }}"
+  register: creation_result
+  loop: "{{ _operator.extra_resources }}"
+  retries: 30
+  delay: 5
+  until: creation_result is success
+  when: _operator.extra_resources is defined

collections/ansible_collections/demo/openshift/roles/cluster_config/tasks/operators/catalog_sources.yml

@@ -0,0 +1,6 @@
+- name: Configure custom CatalogSource for Operators
+  redhat.openshift.k8s:
+    state: present
+    template: operators/catalog_source.j2
+  loop: "{{ cluster_config_catalog_sources }}"
+  when: cluster_config_catalog_sources is defined