Last active
November 11, 2020 12:00
-
-
Save pt033302/373dfccf9d16ce49e75a2ef1ad58dba1 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash -xe | |
| MIRROR_REG=${MIRROR_REG:-ec2-3-14-253-231.us-east-2.compute.amazonaws.com:5000} | |
| REGISTRY_IMAGE=${REGISTRY_IMAGE:-registry.redhat.io/redhat/redhat-operator-index:v4.6} | |
| OUTPUT_IMAGE=$MIRROR_REG/redhat/redhat-operator-index:v1 | |
| echo -e $REGISTRY_IMAGE | |
| echo -e $OUTPUT_IMAGE | |
| if [ -z $KBUSER ]; then | |
| echo -e "Specify kerbrose Username \n" | |
| echo "Usage:" | |
| echo " $0 [name]" | |
| exit 1 | |
| fi | |
| if [ -z $KBPASSWORD ]; then | |
| echo -e "Specify kerbrose Password \n" | |
| echo "Usage:" | |
| echo " $0 [name]" | |
| exit 1 | |
| fi | |
| function wait_run_in_parallel() | |
| { | |
| local number_to_run_concurrently=$1 | |
| if [ `jobs -np | wc -l` -gt $number_to_run_concurrently ]; then | |
| wait `jobs -np | head -1` # wait for the oldest one to finish | |
| fi | |
| } | |
| function mirror_images() | |
| { | |
| local sleep_time=$(($RANDOM % 10)) | |
| echo "mirroring $1 --> $2" | |
| sleep $sleep_time && skopeo copy --all docker://$1 docker://$2 --dest-tls-verify=false || exit 1 | |
| } | |
| # Logging into registry.redhat.io && registry.access.redhat.com | |
| oc registry login --registry registry.access.redhat.com --auth-basic="$KBUSER:$KBPASSWORD" --insecure=true || true | |
| oc registry login --registry registry.redhat.io --auth-basic="$KBUSER:$KBPASSWORD" --insecure=true|| true | |
| # Podman loggin into registry.redhat.io && registry.access.redhat.com | |
| podman login -u $KBUSER -p $KBPASSWORD registry.access.redhat.com --tls-verify=false && \ | |
| podman login -u $KBUSER -p $KBPASSWORD registry.redhat.io --tls-verify=false | |
| function reset() { | |
| rm -rf authfile | |
| } | |
| oc get secret/pull-secret -n openshift-config -o json | jq -r '.data.".dockerconfigjson"' | | |
| base64 -d > authfile | |
| trap reset ERR EXIT | |
| # Logging into mirror registry | |
| echo "Loggin to on mirror-registry" | |
| oc registry login --registry $MIRROR_REG --auth-basic="dummy:dummy" --insecure=true | |
| podman login -u dummy -p dummy $MIRROR_REG --tls-verify=false | |
| sleep 3 | |
| echo -e "Add mirror-registry authtication details to default pull-secret" | |
| oc registry login --insecure=true --registry $MIRROR_REG --auth-basic="dummy:dummy" --to=authfile | |
| sleep 3 | |
| echo "set mirror-registry authtication details to default pull-secret" | |
| oc set data secret/pull-secret -n openshift-config --from-file=.dockerconfigjson=authfile | |
| sleep 3 | |
| # Tag, build & push iib image | |
| podman pull $REGISTRY_IMAGE | |
| podman tag $REGISTRY_IMAGE $OUTPUT_IMAGE | |
| podman push $OUTPUT_IMAGE --tls-verify=false | |
| # Generate Manifests required to configure operatorhub | |
| oc adm catalog mirror $OUTPUT_IMAGE $MIRROR_REG --insecure --filter-by-os=".*" --manifests-only | |
| sed -i -e 's/\(.*\)\(:.*$\)/\1:latest/' ./redhat-operator-index-manifests/mapping.txt | |
| sleep 3 | |
| echo -e ">> started mirroring!..." | |
| cat ./redhat-operator-index-manifests/mapping.txt | while read mapping | |
| do | |
| for images in $mapping | |
| do | |
| image=($(echo $images | tr "=" "\n")) | |
| mirror_images ${image[0]} ${image[1]} & | |
| # now wait if there are more than N sub processes executing | |
| wait_run_in_parallel 1 | |
| done | |
| done | |
| wait | |
| # DisableDefaultSources | |
| oc patch OperatorHub cluster --type json -p '[{"op": "add", "path": "/spec/disableAllDefaultSources", "value": true}]' | |
| oc delete opsrc redhat-operators -n openshift-marketplace --ignore-not-found | |
| oc delete opsrc certified-operators -n openshift-marketplace --ignore-not-found | |
| oc delete opsrc community-operators -n openshift-marketplace --ignore-not-found | |
| # Apply imagecontentsourcepolicy | |
| oc apply -f ./redhat-operator-index-manifests/imageContentSourcePolicy.yaml | |
| echo ">> waiting for nodes to get restarted.." | |
| machines=$(oc get machineconfigpool -o=jsonpath='{.items[*].metadata.name}{" "}') | |
| sleep 60 | |
| for machine in ${machines}; do | |
| echo ">> Waiting for machineconfigpool on node $machine to be in state Updated=true && Updating=false" | |
| while true; do | |
| sleep 3 | |
| oc wait --for=condition=Updated=True -n openshift-operators machineconfigpool $machine --timeout=5m && oc wait --for=condition=Updating=False -n openshift-operators machineconfigpool $machine --timeout=5m > /dev/null 2>&1 && break | |
| done | |
| done | |
| # Create/apply catalog source | |
| oc apply -f - << EOD | |
| apiVersion: operators.coreos.com/v1alpha1 | |
| kind: CatalogSource | |
| metadata: | |
| name: redhat-operators | |
| namespace: openshift-marketplace | |
| spec: | |
| sourceType: grpc | |
| image: $OUTPUT_IMAGE | |
| displayName: redhat-operators | |
| updateStrategy: | |
| registryPoll: | |
| interval: 30m | |
| EOD |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment