From 3cf2d98a8eecffad7630612b7343acd4141a326d Mon Sep 17 00:00:00 2001
From: Ryan Hallisey <rhallise@redhat.com>
Date: Tue, 27 Aug 2019 17:13:22 -0400
Subject: [PATCH 1/2] Add CNV 2.1 to install scripts

We'll start with installing CNV 2.1 from brew for
Dev and QE.  When CNV 2.1 gets pushed out to prod, we'll change
the script to consume the content from prod.
---
 CNV/README.md      |  54 ++++++++++++++--
 CNV/cnv-2.1.0.sh   | 156 +++++++++++++++++++++++++++++++++++++++++++++
 CNV/cnv-upgrade.sh |  19 ++++++
 CNV/deploy-cnv.sh  |  99 ----------------------------
 4 files changed, 223 insertions(+), 105 deletions(-)
 create mode 100755 CNV/cnv-2.1.0.sh
 create mode 100755 CNV/cnv-upgrade.sh
 delete mode 100755 CNV/deploy-cnv.sh

diff --git a/CNV/README.md b/CNV/README.md
index d673e37..f0376d9 100644
--- a/CNV/README.md
+++ b/CNV/README.md
@@ -1,10 +1,52 @@
 # Container Native Virtualization Deployment
 
-## What does it do
+## CNV 2.1 for HTB
+`cnv-2.1.0.sh` is a clone of `https://pkgs.devel.redhat.com/cgit/containers/hco-bundle-registry/tree/marketplace-qe-testing.sh?h=cnv-2.1-rhel-8`.
 
-The script [deploy-cnv.sh](deploy-cnv.sh) deploys *CNV 2.0* through [OLM](https://github.com/operator-framework/operator-lifecycle-manager), meaning:
+Variables:
+```bash
+# The Namespace and Version of CNV
+TARGET_NAMESPACE="${TARGET_NAMESPACE:-openshift-cnv}"
+CNV_VERSION="${CNV_VERSION:-2.1.0}"
 
-* Creates a resource *Subscription* which triggers the deployment of all the operators that are required for CNV to work
-* Waits for the operator pods to be ready
-* Creates the custom resource *HyperConverged*, which makes the operators to deploy all their components and register the provided resources for them to be available (apiservices, CRDs, ...)
-* Finally, waits for the new pods to be ready and CNV is ready to be used
+RETRIES="${RETRIES:-10}"
+
+# Registry Auth
+QUAY_USERNAME
+QUAY_PASSWORD
+```
+
+## Upgrade
+`cnv-upgrade.sh` is a clone of `curl -k https://pkgs.devel.redhat.com/cgit/containers/hco-bundle-registry/plain/qe-upgrade.sh?h=cnv-2.1-rhel-8`.
+
+Variables:
+```bash
+OLD_CNV_VERSION="${CNV_VERSION:-2.1.0}"
+CNV_VERSION="${CNV_VERSION:-2.1.0}"
+
+# The Namespace and Version of CNV
+TARGET_NAMESPACE="${TARGET_NAMESPACE:-openshift-cnv}"
+```
+The expectation is that the $CNV_VERSION CSV file `replaces` the $OLD_CNV_VERSION's
+CSV file.
+
+## Debugging
+```bash
+# CNV pod status
+oc get pods -n openshift-cnv
+oc get hco -n openshift-cnv hyperconverged-cluster -o=jsonpath='{range .status.conditions[*]}{.type}{"\t"}{.status}{"\t"}{.message}{"\n"}{end}'
+
+# Marketplace Resources
+oc get operatorsource -n openshift-marketplace
+oc get catalogsourceconfig -n openshift-marketplace
+oc get packagemanifest -n openshift-cnv
+oc get pods -n openshift-marketplace
+
+# OLM Resources
+oc get sub -n openshift-cnv -o yaml
+oc get catalogsource --all-namespaces
+oc get installplan -n openshift-cnv
+
+# Cluster
+oc get clusterversion
+```
diff --git a/CNV/cnv-2.1.0.sh b/CNV/cnv-2.1.0.sh
new file mode 100755
index 0000000..bf42c23
--- /dev/null
+++ b/CNV/cnv-2.1.0.sh
@@ -0,0 +1,156 @@
+#!/bin/bash
+
+set -ex
+
+globalNamespace=`oc -n openshift-operator-lifecycle-manager get deployments catalog-operator -o jsonpath='{.spec.template.spec.containers[].args[1]}'`
+echo "Global Namespace: ${globalNamespace}"
+
+APP_REGISTRY="${APP_REGISTRY:-rh-osbs-operators}"
+PACKAGE="${PACKAGE:-kubevirt-hyperconverged}"
+CSC_SOURCE="${CSC_SOURCE:-hco-catalogsource-config}"
+TARGET_NAMESPACE="${TARGET_NAMESPACE:-openshift-cnv}"
+CLUSTER="${CLUSTER:-OPENSHIFT}"
+MARKETPLACE_NAMESPACE="${MARKETPLACE_NAMESPACE:-openshift-marketplace}"
+GLOBAL_NAMESPACE="${GLOBAL_NAMESPACE:-$globalNamespace}"
+CNV_VERSION="${CNV_VERSION:-2.1.0}"
+
+RETRIES="${RETRIES:-10}"
+
+oc create ns $TARGET_NAMESPACE || true
+
+QUAY_USERNAME="${QUAY_USERNAME:-}"
+QUAY_PASSWORD="${QUAY_PASSWORD:-}"
+
+if [ "${CLUSTER}" == "KUBERNETES" ]; then
+    MARKETPLACE_NAMESPACE="marketplace"
+fi
+
+if [ -z "${QUAY_USERNAME}" ]; then
+    echo "QUAY_USERNAME"
+    read QUAY_USERNAME
+fi
+
+if [ -z "${QUAY_PASSWORD}" ]; then
+    echo "QUAY_PASSWORD"
+    read -s QUAY_PASSWORD
+fi
+
+TOKEN=$(curl -sH "Content-Type: application/json" -XPOST https://quay.io/cnr/api/v1/users/login -d '
+{
+    "user": {
+        "username": "'"${QUAY_USERNAME}"'",
+        "password": "'"${QUAY_PASSWORD}"'"
+    }
+}' | jq -r '.token')
+
+echo $TOKEN
+if [ "${TOKEN}" == "null" ]; then
+   echo "TOKEN was 'null'.  Did you enter the correct quay Username & Password?"
+   exit 1
+fi
+
+echo "Creating registry secret"
+cat <<EOF | oc create -f -
+apiVersion: v1
+kind: Secret
+metadata:
+  name: "quay-registry-${APP_REGISTRY}"
+  namespace: "${MARKETPLACE_NAMESPACE}"
+type: Opaque
+stringData:
+      token: "$TOKEN"
+EOF
+
+echo "Creating OperatorGroup"
+cat <<EOF | oc create -f -
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: "${TARGET_NAMESPACE}-group"
+  namespace: "${TARGET_NAMESPACE}"
+spec: {}
+EOF
+
+echo "Creating OperatorSource"
+cat <<EOF | oc create -f -
+apiVersion: operators.coreos.com/v1
+kind: OperatorSource
+metadata:
+  name: "${APP_REGISTRY}"
+  namespace: "${MARKETPLACE_NAMESPACE}"
+spec:
+  type: appregistry
+  endpoint: https://quay.io/cnr
+  registryNamespace: "${APP_REGISTRY}"
+  displayName: "${APP_REGISTRY}"
+  publisher: "Red Hat"
+  authorizationToken:
+    secretName: "quay-registry-${APP_REGISTRY}"
+EOF
+
+echo "Give the cluster 30 seconds to create the catalogSourceConfig..."
+sleep 30
+
+cat <<EOF | oc apply -f -
+apiVersion: operators.coreos.com/v1
+kind: CatalogSourceConfig
+metadata:
+  name: "${CSC_SOURCE}"
+  namespace: "${MARKETPLACE_NAMESPACE}"
+spec:
+  source: "${APP_REGISTRY}"
+  targetNamespace: "${GLOBAL_NAMESPACE}"
+  packages: "${PACKAGE}"
+  csDisplayName: "CNV Operators"
+  csPublisher: "Red Hat"
+EOF
+
+echo "Give the cluster 30 seconds to process catalogSourceConfig..."
+sleep 30
+oc wait deploy $CSC_SOURCE --for condition=available -n $MARKETPLACE_NAMESPACE --timeout="360s"
+
+for i in $(seq 1 $RETRIES); do
+    echo "Waiting for packagemanifest '${PACKAGE}' to be created in namespace '${TARGET_NAMESPACE}'..."
+    oc get packagemanifest -n "${TARGET_NAMESPACE}" "${PACKAGE}" && break
+    sleep $i
+    if [ "$i" -eq "${RETRIES}" ]; then
+	    echo "packagemanifest '${PACKAGE}' was never created in namespace '${TARGET_NAMESPACE}'"
+	    exit 1
+    fi
+done
+
+echo "Creating Subscription"
+cat <<EOF | oc create -f -
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: hco-operatorhub
+  namespace: "${TARGET_NAMESPACE}"
+spec:
+  source: "${CSC_SOURCE}"
+  sourceNamespace: "${GLOBAL_NAMESPACE}"
+  name: kubevirt-hyperconverged
+  startingCSV: "kubevirt-hyperconverged-operator.v${CNV_VERSION}"
+  channel: "${CNV_VERSION}"
+  installPlanApproval: Manual
+EOF
+
+echo "Give OLM 60 seconds to process the subscription..."
+sleep 60
+
+oc get installplan -o yaml -n "${TARGET_NAMESPACE}" $(oc get installplan -n "${TARGET_NAMESPACE}" --no-headers | grep kubevirt-hyperconverged-operator.v"{CNV_VERSION}" | awk '{print $1}') | sed 's/approved: false/approved: true/' | oc apply -n "${TARGET_NAMESPACE}" -f -
+
+echo "Give OLM 60 seconds to process the installplan..."
+sleep 60
+
+oc wait pod $(oc get pods -n ${TARGET_NAMESPACE} | grep hco-operator | head -1 | awk '{ print $1 }') --for condition=Ready -n ${TARGET_NAMESPACE} --timeout="360s"
+
+echo "Creating the HCO's Custom Resource"
+cat <<EOF | oc create -f -
+apiVersion: hco.kubevirt.io/v1alpha1
+kind: HyperConverged
+metadata:
+  name: hyperconverged-cluster
+  namespace: "${TARGET_NAMESPACE}"
+spec: {}
+EOF
diff --git a/CNV/cnv-upgrade.sh b/CNV/cnv-upgrade.sh
new file mode 100755
index 0000000..cf6d600
--- /dev/null
+++ b/CNV/cnv-upgrade.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+set -ex
+
+OLD_CNV_VERSION="${CNV_VERSION:-2.0.0}"
+CNV_VERSION="${CNV_VERSION:-2.1.0}"
+TARGET_NAMESPACE="${TARGET_NAMESPACE:-openshift-cnv}"
+
+oc get sub hco-subscription -o yaml -n "${TARGET_NAMESPACE}" | sed "s/channel: ${OLD_CNV_VERSION}/channel: ${CNV_VERSION}/" | oc apply -n "${TARGET_NAMESPACE}" -f -
+
+oc get installplan -o yaml -n "${TARGET_NAMESPACE}" $(oc get installplan -n "${TARGET_NAMESPACE}" --no-headers | grep kubevirt-hyperconverged-operator.v"${CNV_VERSION}" | awk '{print $1}') | sed 's/approved: false/approved: true/' | oc apply -n "${TARGET_NAMESPACE}" -f -
+
+echo "Waiting until OLM replaces the ${OLD_CNV_VERSION} CSV"
+echo "This could take up to 10 minutes..."
+while [ -z "$(oc get csv -o'custom-columns=status:status.conditions[-1].phase,metadata:metadata.name' --no-headers | grep kubevirt-hyperconverged-operator.v${CSV_VERSION} | grep Succeeded)" ]; do
+    echo "Waiting for ${CNV_VERSION} CSV to be in 'Succeeded'..."
+    oc get csv -o'custom-columns=status:status.conditions[-1].phase,metadata:metadata.name' --no-headers | grep kubevirt-hyperconverged-operator
+    sleep 30
+done
diff --git a/CNV/deploy-cnv.sh b/CNV/deploy-cnv.sh
deleted file mode 100755
index 6fb2a41..0000000
--- a/CNV/deploy-cnv.sh
+++ /dev/null
@@ -1,99 +0,0 @@
-#!/bin/bash
-
-OPERATORS_NAMESPACE="openshift-operators"
-LINUX_BRIDGE_NAMESPACE="linux-bridge"
-KWEB_UI_NAMESPACE="kubevirt-web-ui"
-
-set -e
-
-# Create a subscription
-cat <<EOF | oc create -f -
-apiVersion: operators.coreos.com/v1alpha1
-kind: Subscription
-metadata:
-  name: kubevirt-hyperconverged
-  namespace: ${OPERATORS_NAMESPACE}
-spec:
-  channel: alpha
-  installPlanApproval: Automatic
-  name: kubevirt-hyperconverged
-  source: redhat-operators
-  sourceNamespace: openshift-marketplace
-EOF
-
-echo "Give the HCO operators some time to start..."
-
-while [ "x" == "x$(oc get pods -l name=hyperconverged-cluster-operator -n ${OPERATORS_NAMESPACE} 2> /dev/null)" ]; do
-    sleep 10
-done
-
-oc wait --for condition=ready pod -l name=hyperconverged-cluster-operator -n ${OPERATORS_NAMESPACE} --timeout=2400s
-oc wait --for condition=ready pod -l kubevirt.io=virt-operator -n ${OPERATORS_NAMESPACE} --timeout=2400s
-oc wait --for condition=ready pod -l name=cdi-operator -n ${OPERATORS_NAMESPACE} --timeout=2400s
-oc wait --for condition=ready pod -l name=kubevirt-web-ui-operator -n ${OPERATORS_NAMESPACE} --timeout=2400s
-oc wait --for condition=ready pod -l name=cluster-network-addons-operator -n ${OPERATORS_NAMESPACE} --timeout=2400s
-oc wait --for condition=ready pod -l name=kubevirt-ssp-operator -n ${OPERATORS_NAMESPACE} --timeout=2400s
-oc wait --for condition=ready pod -l name=node-maintenance-operator -n ${OPERATORS_NAMESPACE} --timeout=2400s
-
-
-echo "Launching CNV..."
-cat <<EOF | oc create -f -
-apiVersion: hco.kubevirt.io/v1alpha1
-kind: HyperConverged
-metadata:
-  name: hyperconverged-cluster
-  namespace: ${OPERATORS_NAMESPACE}
-EOF
-
-echo "Give the CNV operators some time to start..."
-while [ "x" == "x$(oc get pods -l cdi.kubevirt.io -n ${OPERATORS_NAMESPACE} 2> /dev/null)" ]; do
-    sleep 10
-done
-
-oc wait --for condition=ready pod -l cdi.kubevirt.io -n ${OPERATORS_NAMESPACE} --timeout=2400s
-
-while [ "x" == "x$(oc get pods -l kubevirt.io=virt-api -n ${OPERATORS_NAMESPACE} 2> /dev/null)" ]; do
-    sleep 10
-done
-
-oc wait --for condition=ready pod -l kubevirt.io=virt-api -n ${OPERATORS_NAMESPACE} --timeout=2400s
-
-while [ "x" == "x$(oc get pods -l kubevirt.io=virt-controller -n ${OPERATORS_NAMESPACE} 2> /dev/null)" ]; do
-    sleep 10
-done
-
-oc wait --for condition=ready pod -l kubevirt.io=virt-controller -n ${OPERATORS_NAMESPACE} --timeout=2400s
-
-while [ "x" == "x$(oc get pods -l kubevirt.io=virt-handler -n ${OPERATORS_NAMESPACE} 2> /dev/null)" ]; do
-    sleep 10
-done
-
-oc wait --for condition=ready pod -l kubevirt.io=virt-handler -n ${OPERATORS_NAMESPACE} --timeout=2400s
-
-while [ "x" == "x$(oc get pods -l kubevirt.io=virt-template-validator -n ${OPERATORS_NAMESPACE} 2> /dev/null)" ]; do
-    sleep 10
-done
-
-oc wait --for condition=ready pod -l kubevirt.io=virt-template-validator -n ${OPERATORS_NAMESPACE} --timeout=2400s 
-
-while [ "x" == "x$(oc get pods -l app=bridge-marker -n ${LINUX_BRIDGE_NAMESPACE} 2> /dev/null)" ]; do
-    sleep 10
-done
-
-oc wait --for condition=ready pod -l app=bridge-marker -n ${LINUX_BRIDGE_NAMESPACE} --timeout=2400s
-oc wait --for condition=ready pod -l app=cni-plugins -n ${LINUX_BRIDGE_NAMESPACE} --timeout=2400s
-
-while [ "x" == "x$(oc get pods -l app=kubevirt-web-ui -n ${KWEB_UI_NAMESPACE} 2> /dev/null)" ]; do
-    sleep 10
-done
-
-oc wait --for condition=ready pod -l app=kubevirt-web-ui -n ${KWEB_UI_NAMESPACE} --timeout=2400s
-
-while [ "x" == "x$(oc get pods -l app=kubevirt-node-labeller -n ${OPERATORS_NAMESPACE} 2> /dev/null)" ]; do
-    sleep 10
-done
-
-oc wait --for condition=ready pod -l app=kubevirt-node-labeller -n ${OPERATORS_NAMESPACE} --timeout=2400s
-
-
-echo "Done installing CNV!"

From a326cc60d41fa79acb04e267db80cb12441f2c4f Mon Sep 17 00:00:00 2001
From: Ryan Hallisey <rhallise@redhat.com>
Date: Thu, 29 Aug 2019 06:59:00 -0400
Subject: [PATCH 2/2] Add section for permissions

---
 CNV/README.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/CNV/README.md b/CNV/README.md
index f0376d9..d30cbcd 100644
--- a/CNV/README.md
+++ b/CNV/README.md
@@ -1,5 +1,10 @@
 # Container Native Virtualization Deployment
 
+## Access to Developer & QE Content
+To get access to downstream bundles, you need to be granted permission in quay.
+If you see "Application not found" from this [quay application registry](https://quay.io/application/rh-osbs-operators/kubevirt-hyperconverged),
+then fill out [this form](https://docs.google.com/spreadsheets/d/1OyUtbu9aiAi3rfkappz5gcq5FjUbMQtJG4jZCNqVT20/edit#gid=0) to get access.
+
 ## CNV 2.1 for HTB
 `cnv-2.1.0.sh` is a clone of `https://pkgs.devel.redhat.com/cgit/containers/hco-bundle-registry/tree/marketplace-qe-testing.sh?h=cnv-2.1-rhel-8`.