ocp_contentsourcepolicies

Installs an ImageContentSourcePolicy for IBM Maximo Application Suite's Maximo Operator Catalog. Optionally can also install a second ContentSourcePolicy suitable for the Red Hat Operator Catalogs created by mirror_ocp.

Warning

This doesn't work on IBMCloud ROKS. IBM Cloud RedHat OpenShift Service does not implement support for ImageContentSourcePolicies. If you want to use image mirroring you must manually configure each worker node individually using the IBM Cloud command line tool.

Role Variables

setup_redhat_release

Instruct the role to setup ContentSourcePolicy for the mirrored release content generated by mirror_ocp. This will create an additional policy named ibm-mas-redhat-release.

  • Required
  • Environment Variable: SETUP_REDHAT_RELEASE
  • Default: False

setup_redhat_catalogs

Instruct the role to setup CatalogSources and ContentSourcePolicy for the mirror catalogs generated by mirror_ocp. This will create an additional policy named ibm-mas-redhat-catalogs.

  • Required
  • Environment Variable: SETUP_REDHAT_CATALOGS
  • Default: False

ocp_release

The Red Hat release you are configuring an image content source policy for, e.g. 4.12.

  • Required if setup_redhat_catalogs is enabled (not required if only setup_redhat_release is used)
  • Environment Variable: OCP_RELEASE
  • Default: None

Role Variables - Target Registry

registry_private_host

The private hostname for the target registry

  • Required
  • Environment Variable: REGISTRY_PRIVATE_HOST
  • Default: None

registry_private_port

The private port number for the target registry

  • Required
  • Environment Variable: REGISTRY_PRIVATE_PORT
  • Default: None

registry_private_ca_file

The CA certificate presented by the registry on it's private endpoint.

  • Required
  • Environment Variable: REGISTRY_PRIVATE_CA_FILE
  • Default: None

registry_username

The username for the target registry.

  • Required
  • Environment Variable: REGISTRY_USERNAME
  • Default: None

registry_password

The password for the target registry.

  • Required
  • Environment Variable: REGISTRY_PASSWORD
  • Default: None

Example Playbook

- hosts: localhost
  vars:
    registry_private_host: myocp-5f1320191125833da1cac8216c06779e-0000.us-south.containers.appdomain.cloud
    registry_private_port: 32500
    registry_private_ca_file: ~/registry-ca.crt

    registry_username: admin
    registry_password: 8934jk77s862!  # Not a real password, don't worry security folks

    setup_redhat_catalogs: true

  roles:
    - ibm.mas_devops.ocp_contentsourcepolicy

License

EPL-2.0

Get Registry facts from environment variables if they have not been passed to the role

registry_private_host: "{{ lookup('env', 'REGISTRY_PRIVATE_HOST') }}" registry_private_port: "{{ lookup('env', 'REGISTRY_PRIVATE_PORT') }}" registry_private_url: "{{ registry_private_host }}:{{ registry_private_port }}"

registry_private_ca_file: "{{ lookup('env', 'REGISTRY_PRIVATE_CA_FILE') }}"

registry_username: "{{ lookup('env', 'REGISTRY_USERNAME') }}" registry_password: "{{ lookup('env', 'REGISTRY_PASSWORD') }}" registry_auth: "{{ registry_username }}:{{ registry_password }}"

setup_redhat_catalogs: "{{ lookup('env', 'SETUP_REDHAT_CATALOGS') | default('False', true) | bool }}"