setup_iib_operator_gitops.sh

#!/usr/bin/env bash
set -euo pipefail
ENVSTAGE="stage"
INDEX=${INDEX:-}
ENVIRONMENT=${ENVIRONMENT:-"pre-stage"}
IS_DISCONNECTED=${IS_DISCONNECTED:-"false"}
MIRROR_REG=${MIRROR_REG:-"quay.io"}
MIRROR_REG_REPO=${MIRROR_REG_REPO:-"praveen4g0"}

if [[ $ENVIRONMENT == "prod" && $IS_DISCONNECTED == "false" ]]; then
echo -e "It's not necessary to generate build artifacts in prod for non-disconnected scenario."
exit 0
fi

test -z "$INDEX" && {
    echo "INDEX env variable is required"
    exit 1
}

test -z "$USERNAME" && {
    echo "USERNAME env variable is required"
    exit 1
}

test -z "$PASSWORD" && {
    echo "PASSWORD env variable is required"
    exit 1
}

if [ ! -f "./config/pull-secret" ]; then
echo "Authfile not provided as workspace. in config/pull-secret"
exit 1
fi

function fail {
  echo $1 >&2
  exit 1
}

function retry {
  local n=1
  local max=5
  local delay=15
  while true; do
    "$@" && break || {
      if [[ $n -lt $max ]]; then
        ((n++))
        echo "Command failed. Attempt $n/$max:"
        sleep $delay;
      else
        fail "The command has failed after $n attempts."
      fi
    }
  done
}



REG_CREDS=./config/pull-secret

MIRROR_REG=${MIRROR_REG:-"quay.io"}
INDEX=$INDEX
if [[ ${ENVIRONMENT} == ${ENVSTAGE} ]]; then
BREW_IIB_PREFIX="brew.registry.redhat.io/rh-osbs/iib-pub-pending"
else
BREW_IIB_PREFIX="brew.registry.redhat.io/rh-osbs/iib"
fi
REGISTRY_IMAGE=$BREW_IIB_PREFIX:$INDEX
echo -e $REGISTRY_IMAGE

echo -e "Logging into $MIRROR_REG registry"
oc registry login --insecure=true --registry=$MIRROR_REG --auth-basic="${USERNAME}:${PASSWORD}" --to=$REG_CREDS

if [[ ${ENVIRONMENT} == ${ENVSTAGE} ]]; then
curr_ts=`date +"%y%m%d-%H%M%S"`
OUTPUT_IMAGE=$MIRROR_REG/$MIRROR_REG_REPO/redhat-operator-index:$INDEX-${curr_ts}
else
OUTPUT_IMAGE=$MIRROR_REG/$MIRROR_REG_REPO/redhat-operator-index:$INDEX
fi

MANIFESTS_DIR=manifests-iib
MAPPING_FILE=${MANIFESTS_DIR}/mapping.txt

echo -e "Calculate the manifests required for mirroring, but do not actually mirror image content."
# for non-disconnected clusters, we would like to be able to install other operators from custom catalog source
# we need to generate image content source policy first and then generate mapping file
# testing cluster needs Brew creds to be able to install operator from custom catalog source
echo "Generating custom image content source policy, ignoring generated mapping.txt"
oc adm catalog mirror $REGISTRY_IMAGE $MIRROR_REG/$MIRROR_REG_REPO --insecure --index-filter-by-os="linux/amd64" -a $REG_CREDS --manifests-only --to-manifests=${MANIFESTS_DIR} || exit 1

if [[ ${IS_DISCONNECTED} == "true" ]]; then
   sha = $(oc image info $REGISTRY_IMAGE --filter-by-os=linux/amd64 --insecure=true -a $REG_CREDS -o json| jq ".listDigest"|tr -d '"')
   OUTPUT_IMAGE=$MIRROR_REG/$MIRROR_REG_REPO/redhat-operator-index@$sha
fi
echo -e "Copying artifacts [catalog source, image content source policy, mapping.txt]..."
cat <<EOF > ./config/catalog-source.yaml
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: custom-source
  namespace: openshift-marketplace
spec:
  sourceType: grpc
  image: $OUTPUT_IMAGE
  displayName: custom-source
  updateStrategy:
    registryPoll:
      interval: 30m
EOF

find_list="\
          registry.access.redhat.com/ubi8/ubi-minimal \
          registry.redhat.io/rhel8/redis-5 \
          registry.redhat.io/rh-sso-7/sso74-openshift-rhel8 \
          registry.redhat.io/openshift4/ose-haproxy-router \
          openshift4/ose-cli \
          gitops-1 \
          "

cp ./${MANIFESTS_DIR}/mapping.txt ./${MANIFESTS_DIR}/mapping.txt.bk  
for item in $find_list; do
  grep -E "$item" ./${MANIFESTS_DIR}/mapping.txt >> ./${MANIFESTS_DIR}/final-mapping.txt
done

if [[ ${ENVIRONMENT} == ${ENVSTAGE} ]]; then
    sed -i -e "s|registry.redhat.io/openshift-gitops-1-tech-preview/|brew.registry.redhat.io/rh-osbs/openshift-gitops-1-tech-preview-|g" \
        -e "s|registry.redhat.io/openshift-gitops-1/|brew.registry.redhat.io/rh-osbs/openshift-gitops-1-|g" \
        -e "s|registry.stage.redhat.io/openshift-gitops-1-tech-preview/|brew.registry.redhat.io/rh-osbs/openshift-gitops-1-tech-preview-|g" \
        -e "s|registry-proxy.engineering.redhat.com/openshift-gitops-1-tech-preview/|brew.registry.redhat.io/rh-osbs/openshift-gitops-1-tech-preview-|g" \
        -e "s|registry-proxy.engineering.redhat.com/rh-osbs|brew.registry.redhat.io/rh-osbs|g" \
        -e "s|registry.stage.redhat.io/rh-osbs|brew.registry.redhat.io/rh-osbs|g" \
        -e "s|registry.stage.redhat.io|brew.registry.redhat.io|g" \
        -e "s|registry-proxy.engineering.redhat.com|brew.registry.redhat.io|g" \
        ./${MANIFESTS_DIR}/final-mapping.txt
elif [[ $(ENVIRONMENT) != "prod" ]]; then
    sed -i -e "s|registry.redhat.io/openshift-gitops-1-tech-preview/|brew.registry.redhat.io/rh-osbs/openshift-gitops-1-tech-preview-|g" \
        -e "s|registry.redhat.io/openshift-gitops-1/|brew.registry.redhat.io/rh-osbs/openshift-gitops-1-|g" \
        -e "s|registry-proxy.engineering.redhat.com/openshift-gitops-1-tech-preview/|brew.registry.redhat.io/rh-osbs/openshift-gitops-1-tech-preview-|g" \
        -e "s|registry-proxy.engineering.redhat.com/rh-osbs|brew.registry.redhat.io/rh-osbs|g" \
        -e "s|registry.stage.redhat.io/openshift-gitops-1-tech-preview/|brew.registry.redhat.io/rh-osbs/openshift-gitops-1-tech-preview-|g" \
        -e "s|registry.stage.redhat.io|brew.registry.redhat.io|g" \
        -e "s|registry-proxy.engineering.redhat.com|brew.registry.redhat.io|g" \
        ./${MANIFESTS_DIR}/final-mapping.txt
fi

echo -e "Mirroring index image $REGISTRY_IMAGE to $OUTPUT_IMAGE"
oc image mirror $REGISTRY_IMAGE=$OUTPUT_IMAGE --keep-manifest-list=true --filter-by-os=".*" -a $REG_CREDS --insecure

echo -e "Mirroring other operator images"
split ./${MANIFESTS_DIR}/final-mapping.txt -l 10 mirror.split.
for i in mirror.split.*; do retry oc image mirror -f $i --keep-manifest-list=true --filter-by-os=".*" -a $REG_CREDS --insecure; done  


oc apply -f ./${MANIFESTS_DIR}/imageContentSourcePolicy.yaml

echo -e "waiting for nodes to get restarted.."
machines=$(oc get machineconfigpool -o=jsonpath='{.items[*].metadata.name}{" "}')

sleep 60
for machine in ${machines}; do
    echo -e "waiting for machineconfigpool on node $machine to be in state Updated=true && Updating=false"
    while true; do
      sleep 3
      oc wait --for=condition=Updated=True -n openshift-operators machineconfigpool $machine --timeout=5m && \
      oc wait --for=condition=Updating=False -n openshift-operators machineconfigpool $machine --timeout=5m > /dev/null 2>&1 && \
      break
    done
done

sleep 3
echo -e "delete default operator sources"
oc patch operatorhub.config.openshift.io/cluster -p='{"spec":{"disableAllDefaultSources":true}}' --type=merge

oc apply -f /config/catalog-source.yaml

sleep 15
echo "waiting for pods in namespace openshift-marketplace to be ready...."
pods=$(oc -n openshift-marketplace get pods | awk '{print $1}' | grep "custom-source")
for pod in ${pods}; do
    echo "waiting for pod $pod in openshift-marketplace to be in ready state"
    oc wait --for=condition=Ready -n openshift-marketplace pod $pod --timeout=5m
done

# cleanup
rm -f ./config/catalog-source.yaml

find ./ -name "mirror.split.*" | xargs rm -r