Last active
December 13, 2021 13:01
-
-
Save praveen4g0/e78fe82678b4a8cc2febbc0129c9091a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
set -euo pipefail | |
ENVSTAGE="stage" | |
INDEX=${INDEX:-} | |
ENVIRONMENT=${ENVIRONMENT:-"pre-stage"} | |
IS_DISCONNECTED=${IS_DISCONNECTED:-"false"} | |
MIRROR_REG=${MIRROR_REG:-"quay.io"} | |
MIRROR_REG_REPO=${MIRROR_REG_REPO:-"praveen4g0"} | |
if [[ $ENVIRONMENT == "prod" && $IS_DISCONNECTED == "false" ]]; then | |
echo -e "It's not necessary to generate build artifacts in prod for non-disconnected scenario." | |
exit 0 | |
fi | |
test -z "$INDEX" && { | |
echo "INDEX env variable is required" | |
exit 1 | |
} | |
test -z "$USERNAME" && { | |
echo "USERNAME env variable is required" | |
exit 1 | |
} | |
test -z "$PASSWORD" && { | |
echo "PASSWORD env variable is required" | |
exit 1 | |
} | |
if [ ! -f "./config/pull-secret" ]; then | |
echo "Authfile not provided as workspace. in config/pull-secret" | |
exit 1 | |
fi | |
function fail { | |
echo $1 >&2 | |
exit 1 | |
} | |
function retry { | |
local n=1 | |
local max=5 | |
local delay=15 | |
while true; do | |
"$@" && break || { | |
if [[ $n -lt $max ]]; then | |
((n++)) | |
echo "Command failed. Attempt $n/$max:" | |
sleep $delay; | |
else | |
fail "The command has failed after $n attempts." | |
fi | |
} | |
done | |
} | |
REG_CREDS=./config/pull-secret | |
MIRROR_REG=${MIRROR_REG:-"quay.io"} | |
INDEX=$INDEX | |
if [[ ${ENVIRONMENT} == ${ENVSTAGE} ]]; then | |
BREW_IIB_PREFIX="brew.registry.redhat.io/rh-osbs/iib-pub-pending" | |
else | |
BREW_IIB_PREFIX="brew.registry.redhat.io/rh-osbs/iib" | |
fi | |
REGISTRY_IMAGE=$BREW_IIB_PREFIX:$INDEX | |
echo -e $REGISTRY_IMAGE | |
echo -e "Logging into $MIRROR_REG registry" | |
oc registry login --insecure=true --registry=$MIRROR_REG --auth-basic="${USERNAME}:${PASSWORD}" --to=$REG_CREDS | |
if [[ ${ENVIRONMENT} == ${ENVSTAGE} ]]; then | |
curr_ts=`date +"%y%m%d-%H%M%S"` | |
OUTPUT_IMAGE=$MIRROR_REG/$MIRROR_REG_REPO/redhat-operator-index:$INDEX-${curr_ts} | |
else | |
OUTPUT_IMAGE=$MIRROR_REG/$MIRROR_REG_REPO/redhat-operator-index:$INDEX | |
fi | |
MANIFESTS_DIR=manifests-iib | |
MAPPING_FILE=${MANIFESTS_DIR}/mapping.txt | |
echo -e "Calculate the manifests required for mirroring, but do not actually mirror image content." | |
# for non-disconnected clusters, we would like to be able to install other operators from custom catalog source | |
# we need to generate image content source policy first and then generate mapping file | |
# testing cluster needs Brew creds to be able to install operator from custom catalog source | |
echo "Generating custom image content source policy, ignoring generated mapping.txt" | |
oc adm catalog mirror $REGISTRY_IMAGE $MIRROR_REG/$MIRROR_REG_REPO --insecure --index-filter-by-os="linux/amd64" -a $REG_CREDS --manifests-only --to-manifests=${MANIFESTS_DIR} || exit 1 | |
if [[ ${IS_DISCONNECTED} == "true" ]]; then | |
sha = $(oc image info $REGISTRY_IMAGE --filter-by-os=linux/amd64 --insecure=true -a $REG_CREDS -o json| jq ".listDigest"|tr -d '"') | |
OUTPUT_IMAGE=$MIRROR_REG/$MIRROR_REG_REPO/redhat-operator-index@$sha | |
fi | |
echo -e "Copying artifacts [catalog source, image content source policy, mapping.txt]..." | |
cat <<EOF > ./config/catalog-source.yaml | |
apiVersion: operators.coreos.com/v1alpha1 | |
kind: CatalogSource | |
metadata: | |
name: custom-source | |
namespace: openshift-marketplace | |
spec: | |
sourceType: grpc | |
image: $OUTPUT_IMAGE | |
displayName: custom-source | |
updateStrategy: | |
registryPoll: | |
interval: 30m | |
EOF | |
find_list="\ | |
registry.access.redhat.com/ubi8/ubi-minimal \ | |
registry.redhat.io/rhel8/redis-5 \ | |
registry.redhat.io/rh-sso-7/sso74-openshift-rhel8 \ | |
registry.redhat.io/openshift4/ose-haproxy-router \ | |
openshift4/ose-cli \ | |
gitops-1 \ | |
" | |
cp ./${MANIFESTS_DIR}/mapping.txt ./${MANIFESTS_DIR}/mapping.txt.bk | |
for item in $find_list; do | |
grep -E "$item" ./${MANIFESTS_DIR}/mapping.txt >> ./${MANIFESTS_DIR}/final-mapping.txt | |
done | |
if [[ ${ENVIRONMENT} == ${ENVSTAGE} ]]; then | |
sed -i -e "s|registry.redhat.io/openshift-gitops-1-tech-preview/|brew.registry.redhat.io/rh-osbs/openshift-gitops-1-tech-preview-|g" \ | |
-e "s|registry.redhat.io/openshift-gitops-1/|brew.registry.redhat.io/rh-osbs/openshift-gitops-1-|g" \ | |
-e "s|registry.stage.redhat.io/openshift-gitops-1-tech-preview/|brew.registry.redhat.io/rh-osbs/openshift-gitops-1-tech-preview-|g" \ | |
-e "s|registry-proxy.engineering.redhat.com/openshift-gitops-1-tech-preview/|brew.registry.redhat.io/rh-osbs/openshift-gitops-1-tech-preview-|g" \ | |
-e "s|registry-proxy.engineering.redhat.com/rh-osbs|brew.registry.redhat.io/rh-osbs|g" \ | |
-e "s|registry.stage.redhat.io/rh-osbs|brew.registry.redhat.io/rh-osbs|g" \ | |
-e "s|registry.stage.redhat.io|brew.registry.redhat.io|g" \ | |
-e "s|registry-proxy.engineering.redhat.com|brew.registry.redhat.io|g" \ | |
./${MANIFESTS_DIR}/final-mapping.txt | |
elif [[ $(ENVIRONMENT) != "prod" ]]; then | |
sed -i -e "s|registry.redhat.io/openshift-gitops-1-tech-preview/|brew.registry.redhat.io/rh-osbs/openshift-gitops-1-tech-preview-|g" \ | |
-e "s|registry.redhat.io/openshift-gitops-1/|brew.registry.redhat.io/rh-osbs/openshift-gitops-1-|g" \ | |
-e "s|registry-proxy.engineering.redhat.com/openshift-gitops-1-tech-preview/|brew.registry.redhat.io/rh-osbs/openshift-gitops-1-tech-preview-|g" \ | |
-e "s|registry-proxy.engineering.redhat.com/rh-osbs|brew.registry.redhat.io/rh-osbs|g" \ | |
-e "s|registry.stage.redhat.io/openshift-gitops-1-tech-preview/|brew.registry.redhat.io/rh-osbs/openshift-gitops-1-tech-preview-|g" \ | |
-e "s|registry.stage.redhat.io|brew.registry.redhat.io|g" \ | |
-e "s|registry-proxy.engineering.redhat.com|brew.registry.redhat.io|g" \ | |
./${MANIFESTS_DIR}/final-mapping.txt | |
fi | |
echo -e "Mirroring index image $REGISTRY_IMAGE to $OUTPUT_IMAGE" | |
oc image mirror $REGISTRY_IMAGE=$OUTPUT_IMAGE --keep-manifest-list=true --filter-by-os=".*" -a $REG_CREDS --insecure | |
echo -e "Mirroring other operator images" | |
split ./${MANIFESTS_DIR}/final-mapping.txt -l 10 mirror.split. | |
for i in mirror.split.*; do retry oc image mirror -f $i --keep-manifest-list=true --filter-by-os=".*" -a $REG_CREDS --insecure; done | |
oc apply -f ./${MANIFESTS_DIR}/imageContentSourcePolicy.yaml | |
echo -e "waiting for nodes to get restarted.." | |
machines=$(oc get machineconfigpool -o=jsonpath='{.items[*].metadata.name}{" "}') | |
sleep 60 | |
for machine in ${machines}; do | |
echo -e "waiting for machineconfigpool on node $machine to be in state Updated=true && Updating=false" | |
while true; do | |
sleep 3 | |
oc wait --for=condition=Updated=True -n openshift-operators machineconfigpool $machine --timeout=5m && \ | |
oc wait --for=condition=Updating=False -n openshift-operators machineconfigpool $machine --timeout=5m > /dev/null 2>&1 && \ | |
break | |
done | |
done | |
sleep 3 | |
echo -e "delete default operator sources" | |
oc patch operatorhub.config.openshift.io/cluster -p='{"spec":{"disableAllDefaultSources":true}}' --type=merge | |
oc apply -f /config/catalog-source.yaml | |
sleep 15 | |
echo "waiting for pods in namespace openshift-marketplace to be ready...." | |
pods=$(oc -n openshift-marketplace get pods | awk '{print $1}' | grep "custom-source") | |
for pod in ${pods}; do | |
echo "waiting for pod $pod in openshift-marketplace to be in ready state" | |
oc wait --for=condition=Ready -n openshift-marketplace pod $pod --timeout=5m | |
done | |
# cleanup | |
rm -f ./config/catalog-source.yaml | |
find ./ -name "mirror.split.*" | xargs rm -r |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment