diff --git a/.github/workflows/build-cli.yml b/.github/workflows/build-cli.yml index 3c9061538d0..85027a59ceb 100644 --- a/.github/workflows/build-cli.yml +++ b/.github/workflows/build-cli.yml @@ -143,7 +143,7 @@ jobs: id: test run: | cd $GITHUB_WORKSPACE/python - pytest + pytest --trace - name: Build id: build diff --git a/.secrets.baseline b/.secrets.baseline index d609ed18005..f202a8c998a 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/", "lines": null }, - "generated_at": "2026-05-20T23:47:35Z", + "generated_at": "2026-05-29T20:58:44Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -210,7 +210,7 @@ "hashed_secret": "6ffb91fd9c01e69b8e9093d84439c8b88dd8fe35", "is_secret": false, "is_verified": false, - "line_number": 76, + "line_number": 77, "type": "Secret Keyword", "verified_result": null }, @@ -218,7 +218,7 @@ "hashed_secret": "db40a6131d9b574bb057875df98fb03f9874d5b4", "is_secret": false, "is_verified": false, - "line_number": 92, + "line_number": 93, "type": "Secret Keyword", "verified_result": null }, @@ -226,7 +226,7 @@ "hashed_secret": "6fbaa59234a602571baf17a51592b436b33f8491", "is_secret": false, "is_verified": false, - "line_number": 93, + "line_number": 94, "type": "Secret Keyword", "verified_result": null }, @@ -234,7 +234,15 @@ "hashed_secret": "bd1b0b7f343605538b1da78056db3a7bddf3f807", "is_secret": false, "is_verified": false, - "line_number": 96, + "line_number": 97, + "type": "Secret Keyword", + "verified_result": null + }, + { + "hashed_secret": "d8a1d01c81ccc3a024b078bd0af28e40cb38cdc4", + "is_secret": true, + "is_verified": false, + "line_number": 285, "type": "Secret Keyword", "verified_result": null }, @@ -242,7 +250,7 @@ "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa", "is_secret": false, "is_verified": false, - "line_number": 312, + "line_number": 354, "type": "Secret Keyword", "verified_result": null } @@ -252,7 +260,7 @@ "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa", "is_secret": false, "is_verified": false, - "line_number": 374, + "line_number": 382, "type": "Secret Keyword", "verified_result": null } @@ -347,6 +355,16 @@ "verified_result": null } ], + "image/cli/mascli/functions/gitops_deprovision_kmodel": [ + { + "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa", + "is_secret": false, + "is_verified": false, + "line_number": 173, + "type": "Secret Keyword", + "verified_result": null + } + ], "image/cli/mascli/functions/gitops_deprovision_mongo": [ { "hashed_secret": "2582aea6f911bd00fc04cb25e0ec16d5ead62068", @@ -362,7 +380,7 @@ "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa", "is_secret": false, "is_verified": false, - "line_number": 188, + "line_number": 170, "type": "Secret Keyword", "verified_result": null } @@ -405,6 +423,16 @@ "verified_result": null } ], + "image/cli/mascli/functions/gitops_kmodel": [ + { + "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa", + "is_secret": false, + "is_verified": false, + "line_number": 335, + "type": "Secret Keyword", + "verified_result": null + } + ], "image/cli/mascli/functions/gitops_license": [ { "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa", diff --git a/README.md b/README.md index 7024fca694d..274e0ed19b3 100644 --- a/README.md +++ b/README.md @@ -18,4 +18,5 @@ Documentation Want to contribute to MAS Command Line Interface? ------------------------------------------------------------------------------- We welcome every Maximo Application Suite users, developers and enthusiasts to contribute to the MAS Command Line Interface while fixing code issues and implementing new automated functionalities. + You can contribute to this collection by raising [a new issue](https://github.com/ibm-mas/cli/issues) with suggestions on how to make our MAS automation engine even better, or if you want to become a new code contributor, please refer to the [Contributing Guidelines](CONTRIBUTING.md) and learn more about how to get started. diff --git a/image/cli/mascli/functions/gitops_aiservice b/image/cli/mascli/functions/gitops_aiservice index 08d33bcc589..609cc651bb4 100644 --- a/image/cli/mascli/functions/gitops_aiservice +++ b/image/cli/mascli/functions/gitops_aiservice @@ -72,6 +72,7 @@ function gitops_aiservice_noninteractive() { #adding default values export AISERVICE_NAMESPACE=${AISERVICE_NAMESPACE:-"aiservice-${AISERVICE_INSTANCE_ID}"} export IN_SAAS_ENV=${IN_SAAS_ENV:-"true"} + export IS_GITOPS_FVT_ENV=${IS_GITOPS_FVT_ENV:-"false"} export IS_EXTERNAL_ROUTE=${IS_EXTERNAL_ROUTE:-"false"} # Default to "false", can be set to "true" if needed export JDBC_SECRET=${JDBC_SECRET:-"aiservice-jdbc-secret"} export USE_AWS_DB2=${USE_AWS_DB2:-"false"} # Default to "false", can be set to "true" if needed @@ -136,6 +137,9 @@ function gitops_aiservice_noninteractive() { --in-saas-env) export IN_SAAS_ENV=$1 && shift ;; + --is-gitops-fvt-env) + export IS_GITOPS_FVT_ENV=$1 && shift + ;; --is-external-route) export IS_EXTERNAL_ROUTE=$1 && shift ;; @@ -274,6 +278,44 @@ function gitops_aiservice_noninteractive() { } +function gitops_aiservice_fvt_prepare() { + + SECRETS_PREFIX="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}" + + WATSONXAI_APIKEY=${WATSONXAI_APIKEY:-"watsonxai-apikey"} + WATSONXAI_PROJECT_ID=${WATSONXAI_PROJECT_ID:-"watsonxai-project-id"} + + SECRET_NAME_WATSONXAI=${SECRETS_PREFIX}watsonx + + TAGS="[{\"Key\": \"watsonxai_apikey\", \"Value\": \"watsonxai_apikey\"}, {\"Key\": \"watsonxai_project_id\", \"Value\": \"watsonxai_project_id\"}]" + + sm_update_secret \ + "$SECRET_NAME_WATSONXAI" \ + "{\"watsonxai_apikey\":\"$WATSONXAI_APIKEY\",\"watsonxai_project_id\":\"$WATSONXAI_PROJECT_ID\"}" \ + "$TAGS" || { + echo "Failed to update WatsonX secret" + return 1 + } + + SM_S3_ACCESSKEY=${SM_S3_ACCESSKEY:-"sm_s3_accesskey"} + SM_S3_SECRETKEY=${SM_S3_SECRETKEY:-"sm_s3_secretkey"} + SM_S3_HOST=${SM_S3_HOST:-"sm_s3_host"} + SM_S3_REGION=${SM_S3_REGION:-"sm_s3_region"} + + SECRET_NAME_S3=${SECRETS_PREFIX}s3 + TAGS="[{\"Key\": \"sm_s3_accesskey\", \"Value\": \"sm_s3_accesskey\"}, {\"Key\": \"sm_s3_secretkey\", \"Value\": \"sm_s3_secretkey\"}, {\"Key\": \"sm_s3_host\", \"Value\": \"sm_s3_host\"}, {\"Key\": \"sm_s3_region\", \"Value\": \"sm_s3_region\"}]" + + sm_update_secret \ + "$SECRET_NAME_S3" \ + "{\"sm_s3_accesskey\":\"$SM_S3_ACCESSKEY\",\"sm_s3_secretkey\":\"$SM_S3_SECRETKEY\",\"sm_s3_host\":\"$SM_S3_HOST\",\"sm_s3_region\":\"$SM_S3_REGION\"}" \ + "$TAGS" || { + echo "Failed to update S3 secret" + return 1 + } + + echo "AI Service FVT secret creating function end" +} + function gitops_aiservice() { # Take the first parameter off (it will be create-gitops) shift @@ -353,6 +395,7 @@ function gitops_aiservice() { echo_reset_dim "Is External Route ...................... ${COLOR_MAGENTA}${IS_EXTERNAL_ROUTE}" echo_reset_dim "JDBC Secret ............................ ${COLOR_MAGENTA}${JDBC_SECRET}" echo_reset_dim "Use AWS DB2 ............................ ${COLOR_MAGENTA}${USE_AWS_DB2}" + echo_reset_dim "Is GitOps FVT ENV ............................ ${COLOR_MAGENTA}${IS_GITOPS_FVT_ENV}" AVP_TYPE=aws # Support for IBM will be added later sm_login @@ -381,10 +424,18 @@ function gitops_aiservice() { export MAS_ENTITLEMENT_KEY=${SECRETS_PREFIX}ibm_entitlement#entitlement_key export ARTIFACTORY_TOKEN=${SECRETS_PREFIX}ibm_entitlement#image_pull_secret_b64 - sm_verify_secret_exists ${SECRETS_PREFIX}ibm_entitlement "image_pull_secret_b64,entitlement_key" - sm_verify_secret_exists ${SECRETS_PREFIX}dro "dro_api_token,dro_url,dro_ca_b64enc" - sm_verify_secret_exists ${SECRETS_PREFIX}s3 "sm_s3_accesskey,sm_s3_secretkey,sm_s3_host,sm_s3_region" - sm_verify_secret_exists ${SECRETS_PREFIX}jdbc "jdbccfg_username,jdbccfg_password,jdbccfg_url,jdbccfg_sslenabled,jdbccfg_ca_b64enc" + # Skip DRO, S3, and JDBC secret validation in FVT environments + # These secrets will be created by postSync jobs after deployment + if [[ "${IS_GITOPS_FVT_ENV}" != "true" ]]; then + sm_verify_secret_exists ${SECRETS_PREFIX}ibm_entitlement "image_pull_secret_b64,entitlement_key" + sm_verify_secret_exists ${SECRETS_PREFIX}dro "dro_api_token,dro_url,dro_ca_b64enc" + sm_verify_secret_exists ${SECRETS_PREFIX}s3 "sm_s3_accesskey,sm_s3_secretkey,sm_s3_host,sm_s3_region" + sm_verify_secret_exists ${SECRETS_PREFIX}jdbc "jdbccfg_username,jdbccfg_password,jdbccfg_url,jdbccfg_sslenabled,jdbccfg_ca_b64enc" + else + echo "IS_GITOPS_FVT_ENV is true - Skipping DRO, S3, and JDBC secret validation" + + gitops_aiservice_fvt_prepare + fi if [ -z $GIT_SSH ]; then export GIT_SSH=false diff --git a/image/cli/mascli/functions/gitops_aiservice_tenant b/image/cli/mascli/functions/gitops_aiservice_tenant index 093b889d9f8..d00171d3c16 100644 --- a/image/cli/mascli/functions/gitops_aiservice_tenant +++ b/image/cli/mascli/functions/gitops_aiservice_tenant @@ -38,6 +38,7 @@ AiService : --aiservice-tenant-install-plan-approval ${TEXT_RESET}AISERVICE_TENANT_INSTALL_PLAN_APPROVAL${TEXT_RESET} --cluster-domain ${COLOR_YELLOW}CLUSTER_DOMAIN${TEXT_RESET} The domain name of the Kubernetes cluster (e.g., cluster.local) --in-saas-env ${COLOR_YELLOW}IN_SAAS_ENV${TEXT_RESET} Whether the environment is SaaS (true/false) +--is-gitops-fvt-env ${COLOR_YELLOW}IS_GITOPS_FVT_ENV${TEXT_RESET} Whether this is a GitOps FVT environment (true/false) --aiservice_operator_log_level ${COLOR_YELLOW}AISERVICE_OPERATOR_LOG_LEVEL${TEXT_RESET} Log level for the AI Service operator (e.g., info, debug) --mas-icr-cp ${COLOR_YELLOW}MAS_ICR_CP${TEXT_RESET} IBM Cloud Pak container registry URL --mas-icr-cpopen ${COLOR_YELLOW}MAS_ICR_CPOPEN${TEXT_RESET} IBM Cloud Pak Open container registry URL @@ -108,6 +109,7 @@ function gitops_aiservice_tenant_noninteractive() { export AISERVICE_TENANT_INSTALL_PLAN_APPROVAL=${AISERVICE_TENANT_INSTALL_PLAN_APPROVAL:-"Automatic"} export CATALOG_SOURCE=${CATALOG_SOURCE:-"ibm-operator-catalog"} export IN_SAAS_ENV=${IN_SAAS_ENV:-"true"} + export IS_GITOPS_FVT_ENV=${IS_GITOPS_FVT_ENV:-"false"} export MAS_ICR_CP=${MAS_ICR_CP:-"docker-na-public.artifactory.swg-devops.com/wiotp-docker-local"} export MAS_ICR_CPOPEN=${MAS_ICR_CPOPEN:-"docker-na-public.artifactory.swg-devops.com/wiotp-docker-local/cpopen"} export AISERVICE_S3_BUCKET_PREFIX=${AISERVICE_S3_BUCKET_PREFIX:-"m"} @@ -184,6 +186,9 @@ function gitops_aiservice_tenant_noninteractive() { --in-saas-env) export IN_SAAS_ENV=$1 && shift ;; + --is-gitops-fvt-env) + export IS_GITOPS_FVT_ENV=$1 && shift + ;; --mas-icr-cp) export MAS_ICR_CP=$1 && shift ;; @@ -326,14 +331,17 @@ function gitops_aiservice_tenant_noninteractive() { [[ -z "$SLSCFG_URL" ]] && gitops_aiservice_tenant_help "SLSCFG_URL is not set. Please specify the SLS configuration URL using --slscfg-url." fi - # -- Watsonx - [[ -z "$AISERVICE_WATSONXAI_URL" ]] && gitops_aiservice_tenant_help "AISERVICE_WATSONXAI_URL is not set. Please specify the Watsonx.ai URL using --aiservice-watsonxai-url." - [[ -z "$AISERVICE_WATSONX_FULL" ]] && gitops_aiservice_tenant_help "AISERVICE_WATSONX_FULL is not set. Please specify the full Watsonx.ai URL using --aiservice-watsonx-full." - [[ -z "$AISERVICE_S3_ENDPOINT_URL" ]] && gitops_aiservice_tenant_help "AISERVICE_S3_ENDPOINT_URL is not set. Please specify the S3 endpoint URL using --aiservice-s3-endpoint-url." - - [[ -z "$AISERVICE_STORAGE_SSL" ]] && gitops_aiservice_tenant_help "AISERVICE_STORAGE_SSL is not set. Please specify whether SSL is enabled for STORAGE using --aiservice-storage-ssl." - [[ -z "$AISERVICE_STORAGE_PROVIDER" ]] && gitops_aiservice_tenant_help "AISERVICE_STORAGE_PROVIDER is not set. Please specify the STORAGE provider using --aiservice-storage-provider." - + if [[ "${IS_GITOPS_FVT_ENV}" != "true" ]]; then + # -- Watsonx + [[ -z "$AISERVICE_WATSONXAI_URL" ]] && gitops_aiservice_tenant_help "AISERVICE_WATSONXAI_URL is not set. Please specify the Watsonx.ai URL using --aiservice-watsonxai-url." + [[ -z "$AISERVICE_WATSONX_FULL" ]] && gitops_aiservice_tenant_help "AISERVICE_WATSONX_FULL is not set. Please specify the full Watsonx.ai URL using --aiservice-watsonx-full." + [[ -z "$AISERVICE_S3_ENDPOINT_URL" ]] && gitops_aiservice_tenant_help "AISERVICE_S3_ENDPOINT_URL is not set. Please specify the S3 endpoint URL using --aiservice-s3-endpoint-url." + + [[ -z "$AISERVICE_STORAGE_SSL" ]] && gitops_aiservice_tenant_help "AISERVICE_STORAGE_SSL is not set. Please specify whether SSL is enabled for STORAGE using --aiservice-storage-ssl." + [[ -z "$AISERVICE_STORAGE_PROVIDER" ]] && gitops_aiservice_tenant_help "AISERVICE_STORAGE_PROVIDER is not set. Please specify the STORAGE provider using --aiservice-storage-provider." + else + echo "GitOps FVT Environment: Skipping watsonx verification (will be created by postSync job)" + fi } function gitops_aiservice_tenant() { @@ -483,14 +491,20 @@ fi # check for those variables present into the aws sm - sm_verify_secret_exists ${SECRETS_PREFIX}ibm_entitlement "image_pull_secret_b64,entitlement_key" - sm_verify_secret_exists ${SECRETS_PREFIX}dro "dro_api_token,dro_ca_b64enc" - if [ -z "$STANDALONE_SLS_SERVICE" ]; then - sm_verify_secret_exists ${SLS_SECRETS_PREFIX}sls "slscfg_registration_key,slscfg_ca_b64enc" + if [[ "${IS_GITOPS_FVT_ENV}" != "true" ]]; then + sm_verify_secret_exists ${SECRETS_PREFIX}ibm_entitlement "image_pull_secret_b64,entitlement_key" + sm_verify_secret_exists ${SECRETS_PREFIX}dro "dro_api_token,dro_ca_b64enc" + if [ -z "$STANDALONE_SLS_SERVICE" ]; then + # In GitOps FVT environment, skip SLS secret verification as they will be created by postSync job + sm_verify_secret_exists ${SLS_SECRETS_PREFIX}sls "slscfg_registration_key,slscfg_ca_b64enc" + else + sm_verify_secret_exists ${SLS_SECRETS_PREFIX}sls "registration_key,ca_b64,sls_url" + fi + sm_verify_secret_exists ${SECRETS_PREFIX}rsl "rsl_org_id,rsl_token" + sm_verify_secret_exists ${SECRETS_PREFIX}watsonx "watsonxai_apikey,watsonxai_project_id" else - sm_verify_secret_exists ${SLS_SECRETS_PREFIX}sls "registration_key,ca_b64,sls_url" + echo "GitOps FVT Environment: Skipping SLS secret verification (will be created by postSync job)" fi - sm_verify_secret_exists ${SECRETS_PREFIX}watsonx "watsonxai_apikey,watsonxai_project_id" # Load scheduling config file # --------------------------------------------------------------------------- diff --git a/image/cli/mascli/functions/gitops_deprovision_kmodel b/image/cli/mascli/functions/gitops_deprovision_kmodel new file mode 100644 index 00000000000..49be58dadc7 --- /dev/null +++ b/image/cli/mascli/functions/gitops_deprovision_kmodel @@ -0,0 +1,253 @@ +#!/usr/bin/env bash + +function gitops_deprovision_kmodel_help() { + [[ -n "$1" ]] && echo_warning "$1" + reset_colors + cat << EOM + + +Usage: + mas gitops-kmodel-deprovision [options] +Where ${COLOR_YELLOW}specified${TEXT_RESET} each option may also be defined by setting the appropriate environment variable. +When no options are specified on the command line, interactive-mode will be enabled by default. + +GitOps Configuration: + -d, --dir ${COLOR_YELLOW}GITOPS_WORKING_DIR${TEXT_RESET} Directory for GitOps repository + -a, --account-id ${COLOR_YELLOW}ACCOUNT_ID${TEXT_RESET} Account name that the cluster belongs to + -c, --cluster-id ${COLOR_YELLOW}CLUSTER_ID${TEXT_RESET} Cluster ID + +Secrets Manager: + --secrets-path ${COLOR_YELLOW}SECRETS_PATH${TEXT_RESET} Secrets Manager path + --secrets-key-seperator ${COLOR_YELLOW}SECRETS_KEY_SEPERATOR${TEXT_RESET} Secrets Manager key seperator string + +ibm_kmodel(required): + -i, --aiservice-instance-id ${COLOR_YELLOW}AISERVICE_INSTANCE_ID${TEXT_RESET} AI Broker instance ID + +Automatic GitHub Push (Optional): + -P, --github-push ${COLOR_YELLOW}GITHUB_PUSH${TEXT_RESET} Enable automatic push to GitHub + -H, --github-host ${COLOR_YELLOW}GITHUB_HOST${TEXT_RESET} GitHub Hostname for your GitOps repository + -O, --github-org ${COLOR_YELLOW}GITHUB_ORG${TEXT_RESET} Github org for your GitOps repository + -R, --github-repo ${COLOR_YELLOW}GITHUB_REPO${TEXT_RESET} Github repo for your GitOps repository + -B, --git-branch ${COLOR_YELLOW}GIT_BRANCH${TEXT_RESET} Git branch to commit to of your GitOps repository + -M, --git-commit-msg ${COLOR_YELLOW}GIT_COMMIT_MSG${TEXT_RESET} Git commit message to use when committing to of your GitOps repository + -S , --github-ssh ${COLOR_YELLOW}GIT_SSH${TEXT_RESET} Git ssh key path + +Other Commands: + -h, --help Show this help message +EOM + [[ -n "$1" ]] && exit 1 || exit 0 +} + + +function gitops_deprovision_kmodel_noninteractive() { + GITOPS_WORKING_DIR=$PWD/working-dir + SECRETS_KEY_SEPERATOR="/" + GIT_COMMIT_MSG="gitops-kmodel-deprovision commit" + export REGION_ID=${REGION_ID:-${SM_AWS_REGION}} + + while [[ $# -gt 0 ]] + do + key="$1" + shift + case $key in + # GitOps Configuration + -d|--dir) + export GITOPS_WORKING_DIR=$1 && shift + ;; + -a|--account-id) + export ACCOUNT_ID=$1 && shift + ;; + -c|--cluster-id) + export CLUSTER_ID=$1 && shift + ;; + + # AWS Secrets Manager Configuration + --sm-aws-secret-region) + export SM_AWS_REGION=$1 + export REGION_ID=$1 + shift + ;; + --sm-aws-access-key) + export SM_AWS_ACCESS_KEY_ID=$1 && shift + ;; + --sm-aws-secret-key) + export SM_AWS_SECRET_ACCESS_KEY=$1 && shift + ;; + --secrets-path) + export SECRETS_PATH=$1 && shift + ;; + + # kmodel - all input params default + sm + --aibroker-instance-id) + export AISERVICE_INSTANCE_ID=$1 && shift + ;; + + # Automatic GitHub Push + -P|--github-push) + export GITHUB_PUSH=true + ;; + -H|--github-host) + export GITHUB_HOST=$1 && shift + ;; + -O|--github-org) + export GITHUB_ORG=$1 && shift + ;; + -R|--github-repo) + export GITHUB_REPO=$1 && shift + ;; + -S|--github-ssh) + export GIT_SSH=$1 && shift + ;; + -B|--git-branch) + export GIT_BRANCH=$1 && shift + ;; + -M|--git-commit-msg) + export GIT_COMMIT_MSG=$1 && shift + ;; + + # Other Commands + -h|--help) + gitops_deprovision_kmodel_help + ;; + *) + # unknown option + echo -e "${COLOR_RED}Usage Error: Unsupported option \"${key}\"${COLOR_RESET}\n" + gitops_deprovision_kmodel_help "Usage Error: Unsupported option \"${key}\" " + exit 1 + ;; + esac + done + + + [[ -z "$GITOPS_WORKING_DIR" ]] && gitops_deprovision_kmodel_help "GITOPS_WORKING_DIR is not set" + [[ -z "$ACCOUNT_ID" ]] && gitops_deprovision_kmodel_help "ACCOUNT_ID is not set" + [[ -z "$CLUSTER_ID" ]] && gitops_deprovision_kmodel_help "CLUSTER_ID is not set" + [[ -z "$REGION_ID" && -z "$SM_AWS_REGION" ]] && gitops_deprovision_kmodel_help "REGION_ID or SM_AWS_REGION is not set" + + if [[ "$GITHUB_PUSH" == "true" ]]; then + [[ -z "$GITHUB_HOST" ]] && gitops_deprovision_kmodel_help "GITHUB_HOST is not set" + [[ -z "$GITHUB_ORG" ]] && gitops_deprovision_kmodel_help "GITHUB_ORG is not set" + [[ -z "$GITHUB_REPO" ]] && gitops_deprovision_kmodel_help "GITHUB_REPO is not set" + [[ -z "$GIT_BRANCH" ]] && gitops_deprovision_kmodel_help "GIT_BRANCH is not set" + fi + + # add validation for those variable which have the value needed for further execution + [[ -z "$AISERVICE_INSTANCE_ID" ]] && gitops_deprovision_kmodel_help "AISERVICE_INSTANCE_ID is not set. Please specify the AI Broker instance ID using --AISERVICE_INSTANCE_ID." +} + +function gitops_deprovision_kmodel() { + # Take the first parameter off (it will be create-gitops) + shift + if [[ $# -gt 0 ]]; then + gitops_deprovision_kmodel_noninteractive "$@" + else + echo "Not supported yet" + exit 1 + gitops_deprovision_kmodel_interactive + fi + + # catch errors + set -o pipefail + trap 'echo "[ERROR] Error occurred at $BASH_SOURCE, line $LINENO, exited with $?"; exit 1' ERR + + # Prepare directories + mkdir -p ${GITOPS_WORKING_DIR} + GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/${AISERVICE_INSTANCE_ID} + + echo + reset_colors + echo_h2 "Review Settings" + + echo "${TEXT_DIM}" + echo_h2 "Target" " " + echo_reset_dim "Account ID ..................... ${COLOR_MAGENTA}${ACCOUNT_ID}" + echo_reset_dim "Region ID ...................... ${COLOR_MAGENTA}${REGION_ID}" + echo_reset_dim "Cluster ID ..................... ${COLOR_MAGENTA}${CLUSTER_ID}" + echo_reset_dim "Cluster Config Directory ....... ${COLOR_MAGENTA}${GITOPS_CLUSTER_DIR}" + reset_colors + + echo "${TEXT_DIM}" + echo_h2 "AWS Secrets Manager" " " + echo_reset_dim "Region ......................... ${COLOR_MAGENTA}${SM_AWS_REGION}" + echo_reset_dim "Secret Key ..................... ${COLOR_MAGENTA}${SM_AWS_ACCESS_KEY_ID:0:4}" + echo_reset_dim "Access Key ..................... ${COLOR_MAGENTA}${SM_AWS_SECRET_ACCESS_KEY:0:4}" + echo_reset_dim "Secrets Path ................... ${COLOR_MAGENTA}${SECRETS_PATH}" + reset_colors + + echo "${TEXT_DIM}" + if [[ "$GITHUB_PUSH" == "true" ]]; then + echo_h2 "GitOps Target" " " + echo_reset_dim "Automatic Push ........................ ${COLOR_GREEN}Enabled" + echo_reset_dim "Working Directory ..................... ${COLOR_MAGENTA}${GITOPS_WORKING_DIR}" + echo_reset_dim "Host .................................. ${COLOR_MAGENTA}${GITHUB_HOST}" + echo_reset_dim "Organization .......................... ${COLOR_MAGENTA}${GITHUB_ORG}" + echo_reset_dim "Repository ............................ ${COLOR_MAGENTA}${GITHUB_REPO}" + echo_reset_dim "Branch ................................ ${COLOR_MAGENTA}${GIT_BRANCH}" + else + echo_h2 "GitOps Target" " " + echo_reset_dim "Automatic Push ........................ ${COLOR_RED}Disabled" + echo_reset_dim "Working Directory ..................... ${COLOR_MAGENTA}${GITOPS_WORKING_DIR}" + fi + reset_colors + + # echo all the variables of gitops envs + + echo_reset_dim "AI Broker Instance ID ................. ${COLOR_MAGENTA}${AISERVICE_INSTANCE_ID}" + + + echo "${TEXT_DIM}" + echo_h2 "Deleting kmodel" + + echo -e "login aws" + + AVP_TYPE=aws # Support for IBM will be added later + sm_login + + + reset_colors + + AVP_TYPE=aws # Support for IBM will be added later + sm_login + + SECRET_NAME_AUTH="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}ibm_entitlement" + SECRET_NAME_STORAGE_AUTH="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}storage" + + #deleting secreats from aws + # echo -e "Deleting ibm entitlement secrets $SECRET_NAME_AUTH" + # sm_delete_secret $SECRET_NAME_AUTH + + # echo -e "Deleting storage secrets $SECRET_NAME_STORAGE_AUTH" + # sm_delete_secret $SECRET_NAME_STORAGE_AUTH + + + if [ -z $GIT_SSH ]; then + export GIT_SSH=false + fi + + # Clone github target repo + # --------------------------------------------------------------------------- + if [ "$GITHUB_PUSH" == "true" ]; then + echo + echo_h2 "Cloning GitHub repo $GITHUB_ORG $GITHUB_REPO" + clone_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH $GITOPS_WORKING_DIR $GIT_SSH + fi + + + # Generate ArgoApps + # --------------------------------------------------------------------------- + echo + echo_h2 "Deleting application configuration files" + echo "- Deleting kmodel operator" + + + echo "- Delete kmodel" + rm -rf ${GITOPS_CLUSTER_DIR}/ibm-kmodel.yaml + if [ "$GITHUB_PUSH" == "true" ]; then + echo + echo_h2 "Commit and push changes to GitHub repo $GITHUB_ORG $GITHUB_REPO" + save_to_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH "${GITOPS_WORKING_DIR}/${GITHUB_REPO}" "${GIT_COMMIT_MSG}" + remove_git_repo_clone $GITOPS_WORKING_DIR/$GITHUB_REPO + fi + + +} diff --git a/image/cli/mascli/functions/gitops_deprovision_odh b/image/cli/mascli/functions/gitops_deprovision_odh index b12d71ae5f8..eba52fe1d93 100644 --- a/image/cli/mascli/functions/gitops_deprovision_odh +++ b/image/cli/mascli/functions/gitops_deprovision_odh @@ -15,21 +15,14 @@ GitOps Configuration: -d, --dir ${COLOR_YELLOW}GITOPS_WORKING_DIR${TEXT_RESET} Directory for GitOps repository -a, --account-id ${COLOR_YELLOW}ACCOUNT_ID${TEXT_RESET} Account name that the cluster belongs to -c, --cluster-id ${COLOR_YELLOW}CLUSTER_ID${TEXT_RESET} Cluster ID - - -i, --aiservice-instance-id ${COLOR_YELLOW}AISERVICE_INSTANCE_ID${TEXT_RESET} AI Service instance ID - --sm-aws-secret-region ${TEXT_RESET}SM_AWS_REGION${TEXT_RESET} AWS Region - --sm-aws-access-key ${TEXT_RESET}SM_AWS_ACCESS_KEY${TEXT_RESET} AWS Access key ID - --sm-aws-secret-key ${TEXT_RESET}SM_AWS_SECRET_ACCESS_KEY${TEXT_RESET} AWS Secreat Access key ID + -i, --aiservice-instance-id ${COLOR_YELLOW}AISERVICE_INSTANCE_ID${TEXT_RESET} AI Service instance ID Secrets Manager: --secrets-path ${COLOR_YELLOW}SECRETS_PATH${TEXT_RESET} Secrets Manager path --secrets-key-seperator ${COLOR_YELLOW}SECRETS_KEY_SEPERATOR${TEXT_RESET} Secrets Manager key seperator string -Target Cluster (Optional): - --cluster-url ${COLOR_YELLOW}CLUSTER_URL${TEXT_RESET} Set to target a remote Kubernetes cluster (defaults to 'https://kubernetes.default.svc') - - + Automatic GitHub Push (Optional): -P, --github-push ${COLOR_YELLOW}GITHUB_PUSH${TEXT_RESET} Enable automatic push to GitHub -H, --github-host ${COLOR_YELLOW}GITHUB_HOST${TEXT_RESET} GitHub Hostname for your GitOps repository @@ -50,8 +43,8 @@ function gitops_deprovision_odh_noninteractive() { SECRETS_KEY_SEPERATOR="/" GIT_COMMIT_MSG="gitops-deprovision-odh commit" export REGION_ID=${REGION_ID:-${SM_AWS_REGION}} - export CLUSTER_URL=${CLUSTER_URL:-"https://kubernetes.default.svc"} + while [[ $# -gt 0 ]] do key="$1" @@ -68,13 +61,6 @@ function gitops_deprovision_odh_noninteractive() { export CLUSTER_ID=$1 && shift ;; - # Target Cluster (Optional) - --cluster-url) - export CLUSTER_URL=$1 && shift - ;; - --secrets-key-seperator) - export SECRETS_KEY_SEPERATOR=$1 && shift - ;; # AWS Secrets Manager Configuration --sm-aws-secret-region) export SM_AWS_REGION=$1 @@ -134,8 +120,6 @@ function gitops_deprovision_odh_noninteractive() { [[ -z "$ACCOUNT_ID" ]] && gitops_deprovision_odh_help "ACCOUNT_ID is not set" [[ -z "$CLUSTER_ID" ]] && gitops_deprovision_odh_help "CLUSTER_ID is not set" [[ -z "$REGION_ID" && -z "$SM_AWS_REGION" ]] && gitops_deprovision_odh_help "REGION_ID or SM_AWS_REGION is not set" - [[ -z "$CLUSTER_URL" ]] && gitops_deprovision_odh_help "CLUSTER_URL is not set" - if [[ "$GITHUB_PUSH" == "true" ]]; then [[ -z "$GITHUB_HOST" ]] && gitops_deprovision_odh_help "GITHUB_HOST is not set" @@ -144,7 +128,7 @@ function gitops_deprovision_odh_noninteractive() { [[ -z "$GIT_BRANCH" ]] && gitops_deprovision_odh_help "GIT_BRANCH is not set" fi - [[ -z "$AISERVICE_INSTANCE_ID" ]] && gitops_deprovision_odh_help "AISERVICE_INSTANCE_ID is not set. Please specify the AI Service instance ID using --aiservice_instance_id." + [[ -z "$AISERVICE_INSTANCE_ID" ]] && gitops_deprovision_odh_help "AISERVICE_INSTANCE_ID is not set. Please specify the AI Broker instance ID using --AISERVICE_INSTANCE_ID." } function gitops_deprovision_odh() { @@ -172,12 +156,10 @@ function gitops_deprovision_odh() { echo_h2 "Review Settings" echo "${TEXT_DIM}" - echo_h2 "Target" + echo_h2 "Target" " " echo_reset_dim "Account ID ..................... ${COLOR_MAGENTA}${ACCOUNT_ID}" echo_reset_dim "Region ID ...................... ${COLOR_MAGENTA}${REGION_ID}" echo_reset_dim "Cluster ID ..................... ${COLOR_MAGENTA}${CLUSTER_ID}" - echo_reset_dim "Cluster URL .................... ${COLOR_MAGENTA}${CLUSTER_URL}" - echo_reset_dim "Cluster Config Directory ....... ${COLOR_MAGENTA}${GITOPS_CLUSTER_DIR}" reset_colors @@ -206,101 +188,79 @@ function gitops_deprovision_odh() { reset_colors # echo all the variables of gitops envs - echo_reset_dim "AI Service Instance ID ................. ${COLOR_MAGENTA}${AISERVICE_INSTANCE_ID}" + echo_reset_dim "AI Broker Instance ID ................. ${COLOR_MAGENTA}${AISERVICE_INSTANCE_ID}" + #secrets path in aws - export SECRET_NAME_STORAGE_AUTH=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}s3 + export SECRET_NAME_STORAGE_AUTH=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}storage + export SECRET_NAME_MARIADB_AUTH1=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}mariadb export SECRET_KEY_IMAGE_PULL_SECRET_B64=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}ibm_entitlement - + echo -e "login aws" AVP_TYPE=aws sm_login + echo "${TEXT_DIM}" + echo_h2 "Deleting odh related secrets" - export OCP_SECRET_NAME=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}ocp_login - export OAUTH_ADMIN_USERNAME=$(sm_get_secret_value "$OCP_SECRET_NAME" "OAUTH_ADMIN_USERNAME") - export OAUTH_ADMIN_PWD=$(sm_get_secret_value "$OCP_SECRET_NAME" "OAUTH_ADMIN_PWD") - export OCP_DISABLE_TLS_VERIFY=$(sm_get_secret_value "$OCP_SECRET_NAME" "OCP_DISABLE_TLS_VERIFY") - echo "TLS verification is : $OCP_DISABLE_TLS_VERIFY" + #deleting secreats from aws + # echo -e "Deleting secreat $SECRET_NAME_STORAGE_AUTH" + # sm_delete_secret $SECRET_NAME_STORAGE_AUTH + # echo -e "Deleting mariadb secreat $SECRET_NAME_MARIADB_AUTH1" + # sm_delete_secret $SECRET_NAME_MARIADB_AUTH1 + # echo -e "Deleting image pull secreat $SECRET_KEY_IMAGE_PULL_SECRET_B64" + # sm_delete_secret $SECRET_KEY_IMAGE_PULL_SECRET_B64 - echo "${TEXT_DIM}" - echo_h2 "Deleting odh related secrets" - - deleting secreats from aws - echo -e "Deleting secreat $SECRET_NAME_STORAGE_AUTH" - sm_delete_secret $SECRET_NAME_STORAGE_AUTH - echo -e "Deleting image pull secreat $SECRET_KEY_IMAGE_PULL_SECRET_B64" - sm_delete_secret $SECRET_KEY_IMAGE_PULL_SECRET_B64 - - if [ -z $GIT_SSH ]; then export GIT_SSH="false" fi - #Clone github target repo - # --------------------------------------------------------------------------- + #Clone github target repo + # --------------------------------------------------------------------------- if [ "$GITHUB_PUSH" == "true" ]; then echo echo_h2 "Cloning GitHub repo $GITHUB_ORG $GITHUB_REPO" clone_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH $GITOPS_WORKING_DIR $GIT_SSH fi + echo "Deleting: ${GITOPS_CLUSTER_DIR}/ibm-mas-odh-install.yaml" + rm -rf ${GITOPS_CLUSTER_DIR}/ibm-mas-odh-install.yaml + + echo "connecting to openshift............. ${COLOR_MAGENTA}" + + #load_config + #connect + + #echo_reset_dim "Deleting authorino operaotr ............. ${COLOR_MAGENTA}" + #oc delete $(oc get csv -n openshift-operators -o name | grep authorino) -n openshift-operators --wait=true --timeout=5m 2>/dev/null + #oc delete $(oc get crd -o name | grep authorino) 2>/dev/null; \ + #oc delete deployment $(oc get deployment -n openshift-operators -o name | grep authorino) -n openshift-operators 2>/dev/null echo "Deleting: ${GITOPS_CLUSTER_DIR}/ibm-mas-odh-install.yaml" rm -rf ${GITOPS_CLUSTER_DIR}/ibm-mas-odh-install.yaml + echo "connecting to openshift............. ${COLOR_MAGENTA}" + + #load_config + #connect + + #echo_reset_dim "Deleting authorino operaotr ............. ${COLOR_MAGENTA}" + #oc delete $(oc get csv -n openshift-operators -o name | grep authorino) -n openshift-operators --wait=true --timeout=5m 2>/dev/null + #oc delete $(oc get crd -o name | grep authorino) 2>/dev/null; \ + #oc delete deployment $(oc get deployment -n openshift-operators -o name | grep authorino) -n openshift-operators 2>/dev/null + + + if [ "$GITHUB_PUSH" == "true" ]; then echo echo_h2 "Commit and push changes to GitHub repo $GITHUB_ORG $GITHUB_REPO" save_to_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH "${GITOPS_WORKING_DIR}/${GITHUB_REPO}" "${GIT_COMMIT_MSG}" - cd /tmp || { echo "Failed to cd to /tmp"; exit 1; } remove_git_repo_clone $GITOPS_WORKING_DIR/$GITHUB_REPO - - echo "Sleeping for 15 minutes to allow ArgoCD to sync and apply changes..." - sleep 900 fi - - echo "PWD before login: $(pwd)" - oc login $CLUSTER_URL -u $OAUTH_ADMIN_USERNAME -p $OAUTH_ADMIN_PWD --insecure-skip-tls-verify=$OCP_DISABLE_TLS_VERIFY - - echo "Successfully logged in to OpenShift." - - namespace="openshift-operators" - subs_to_check=("authorino-operator" "servicemeshoperator") - - echo "Checking for Subscriptions in namespace '$namespace'..." - - subscriptions_exist=false - - # Initial check - for sub in "${subs_to_check[@]}"; do - if oc get subscription "$sub" -n "$namespace" &>/dev/null; then - echo "Subscription '$sub' is still present." - subscriptions_exist=true - else - echo "Subscription '$sub' is not present." - fi - done - - # If any subscription is present, wait 5 minutes - if [ "$subscriptions_exist" = true ]; then - echo "subscription is present. Waiting 5 minutes before proceeding..." - sleep 300 # 5 minutes - fi - - - if [ "$subscriptions_exist" = false ]; then - echo "All subscriptions deleted. Proceeding to delete CSVs..." - oc delete $(oc get csv -n "$namespace" -o name | grep -E 'authorino-operator|servicemeshoperator') -n "$namespace" --wait=true --timeout=5m 2>/dev/null - echo "CSV cleanup completed." - else - echo "Subscriptions still present after waiting. Skipping CSV deletion." - fi - - - } + +} diff --git a/image/cli/mascli/functions/gitops_kmodel b/image/cli/mascli/functions/gitops_kmodel new file mode 100644 index 00000000000..35b57728fb3 --- /dev/null +++ b/image/cli/mascli/functions/gitops_kmodel @@ -0,0 +1,452 @@ +#!/usr/bin/env bash + +function gitops_kmodel_help() { + [[ -n "$1" ]] && echo_warning "$1" + reset_colors + cat << EOM + + +Usage: + mas gitops-kmodel [options] +Where ${COLOR_YELLOW}specified${TEXT_RESET} each option may also be defined by setting the appropriate environment variable. +When no options are specified on the command line, interactive-mode will be enabled by default. + +GitOps Configuration: + -d, --dir ${COLOR_YELLOW}GITOPS_WORKING_DIR${TEXT_RESET} Directory for GitOps repository + -a, --account-id ${COLOR_YELLOW}ACCOUNT_ID${TEXT_RESET} Account name that the cluster belongs to + -c, --cluster-id ${COLOR_YELLOW}CLUSTER_ID${TEXT_RESET} Cluster ID + +Secrets Manager: + --secrets-path ${COLOR_YELLOW}SECRETS_PATH${TEXT_RESET} Secrets Manager path + --secrets-key-seperator ${COLOR_YELLOW}SECRETS_KEY_SEPERATOR${TEXT_RESET} Secrets Manager key seperator string + +ibm_kmodel(required): + --aiservice_instance_id ${COLOR_YELLOW}AISERVICE_INSTANCE_ID${TEXT_RESET} The AI Service instance ID + --primary-storage-class ${COLOR_YELLOW}PRIMARY_STORAGE_CLASS${TEXT_RESET} Kubernetes storage class to be used for provisioning persistent volumes + --aiservice-storage-templates-bucket ${COLOR_YELLOW}AISERVICE_STORAGE_TEMPLATES_BUCKET${TEXT_RESET} Storage templates bucket for Kmodels role + --aiservice-storage-pipelines-bucket ${COLOR_YELLOW}AISERVICE_STORAGE_PIPELINES_BUCKET${TEXT_RESET} Storage piplines bucket for Kmodels role + --aiservice-storage-tenants-bucket ${COLOR_YELLOW}AISERVICE_STORAGE_TENANTS_BUCKET${TEXT_RESET} Storage tenants bucket for Kmodels role + +Kkmodel Configuration: + --aiservice-internal-tls ${COLOR_YELLOW}AISERVICE_INTERNAL_TLS${TEXT_RESET} Identifier for the internal TLS configuration + --aiservice-namespace ${COLOR_YELLOW}AISERVICE_NAMESPACE${TEXT_RESET} The namespace where AI Service is deployed + --aiservice-storage-provider ${COLOR_YELLOW}AISERVICE_STORAGE_PROVIDER${TEXT_RESET} Backend storage service used by AI Service to store models, pipelines, and tenant data + --aiservice-storage-ssl ${COLOR_YELLOW}AISERVICE_STORAGE_SSL${TEXT_RESET} Whether STORAGE uses SSL (true/false) + --aiservice-storage-host ${COLOR_YELLOW}AISERVICE_STORAGE_HOST${TEXT_RESET} Hostname or service name of the STORAGE backend + --aiservice-storage-port ${COLOR_YELLOW}AISERVICE_STORAGE_PORT${TEXT_RESET} Port number STORAGE is exposed on + --aiservice-storage-region ${COLOR_YELLOW}AISERVICE_STORAGE_REGION${TEXT_RESET} Storage region used in STORAGE (if applicable) + --ssh-secret-name ${COLOR_YELLOW}SSH_SECRET_NAME${TEXT_RESET} SSH secret for securely provide SSH credentials + --aiservice_tenant_name ${COLOR_YELLOW}AISERVICE_TENANT_NAME${TEXT_RESET} Aiservice Tenant name + --aiservice-provision-tenant ${COLOR_YELLOW}AISERVICE_PROVISION_TENANT${TEXT_RESET} Whether to provision the AI Service tenant (true/false) + --aiservice-connector-tag ${COLOR_YELLOW}AISERVICE_CONNECTOR_TAG${TEXT_RESET} AI Service connector for integration or communication. + --aiservice-saas ${COLOR_YELLOW}AISERVICE_SAAS${TEXT_RESET} AI Service is deployed as a SaaS + --model-id-unique-length ${COLOR_YELLOW}MODEL_ID_UNIQUE_LENGTH${TEXT_RESET} Length of the unique identifier used for model IDs + --model-id-prefix ${COLOR_YELLOW}MODEL_ID_PREFIX${TEXT_RESET} Model ID prefix + --mas_icr_cp ${COLOR_YELLOW}MAS_ICR_CP${TEXT_RESET} Prefix to be used for generating model IDs + --docker-server ${COLOR_YELLOW}DOCKER_SERVER${TEXT_RESET} Docker registry where kmodel container images is stored and pulled from. + --image-store ${COLOR_YELLOW}IMAGE_STORE${TEXT_RESET} Docker image for storing models and artifacts. + --image-watcher ${COLOR_YELLOW}IMAGE_WATCHER${TEXT_RESET} Docker image for monitoring and detecting changes to models or configurations. + --image-controller ${COLOR_YELLOW}IMAGE_CONTROLLER${TEXT_RESET} Docker image for controlling and managing the deployment and lifecycle of models. + --pullSecretName ${COLOR_YELLOW}PULLSECRETNAME${TEXT_RESET} IBM Pull Secret name + +Automatic GitHub Push (Optional): + -P, --github-push ${COLOR_YELLOW}GITHUB_PUSH${TEXT_RESET} Enable automatic push to GitHub + -H, --github-host ${COLOR_YELLOW}GITHUB_HOST${TEXT_RESET} GitHub Hostname for your GitOps repository + -O, --github-org ${COLOR_YELLOW}GITHUB_ORG${TEXT_RESET} Github org for your GitOps repository + -R, --github-repo ${COLOR_YELLOW}GITHUB_REPO${TEXT_RESET} Github repo for your GitOps repository + -B, --git-branch ${COLOR_YELLOW}GIT_BRANCH${TEXT_RESET} Git branch to commit to of your GitOps repository + -M, --git-commit-msg ${COLOR_YELLOW}GIT_COMMIT_MSG${TEXT_RESET} Git commit message to use when committing to of your GitOps repository + -S , --github-ssh ${COLOR_YELLOW}GIT_SSH${TEXT_RESET} Git ssh key path + +Other Commands: + -h, --help Show this help message +EOM + [[ -n "$1" ]] && exit 1 || exit 0 +} + + +function gitops_kmodel_noninteractive() { + GITOPS_WORKING_DIR=$PWD/working-dir + SECRETS_KEY_SEPERATOR="/" + GIT_COMMIT_MSG="gitops-kmodel commit" + export REGION_ID=${REGION_ID:-${SM_AWS_REGION}} + + #adding default values + export AISERVICE_INTERNAL_TLS=${AISERVICE_INTERNAL_TLS:-"${AISERVICE_INSTANCE_ID}-internal-aiservice-tls"} + export AISERVICE_NAMESPACE=${AISERVICE_NAMESPACE:-"mas-${AISERVICE_INSTANCE_ID}-aiservice"} + export AISERVICE_STORAGE_PROVIDER=${AISERVICE_STORAGE_PROVIDER:-"aws"} + export AISERVICE_STORAGE_SSL=${AISERVICE_STORAGE_SSL:-"true"} + export AISERVICE_STORAGE_REGION=${AISERVICE_STORAGE_REGION:-""} + export SSH_SECRET_NAME=${SSH_SECRET_NAME:-"${AISERVICE_INSTANCE_ID}-kmodel-aiservice-tls"} + export AISERVICE_TENANT_NAME=${AISERVICE_TENANT_NAME:-"user"} + export TENANT_NAMESPACE=${TENANT_NAMESPACE:-"aiservice-${AISERVICE_TENANT_NAME}"} + export AISERVICE_PROVISION_TENANT=${AISERVICE_PROVISION_TENANT:-"provision-tenant"} + export AISERVICE_CONNECTOR_TAG=${AISERVICE_CONNECTOR_TAG:-"1.0.2"} + #export AISERVICE_PIPELINE_STEPS_TAG=${AISERVICE_PIPELINE_STEPS_TAG:-"1.0.3"} + export AISERVICE_SAAS=${AISERVICE_SAAS:-"false"} + export MODEL_ID_UNIQUE_LENGTH=${MODEL_ID_UNIQUE_LENGTH:-"15"} + export MODEL_ID_PREFIX=${MODEL_ID_PREFIX:-"m"} + export MAS_ICR_CP=${MAS_ICR_CP:-"docker-na-public.artifactory.swg-devops.com/wiotp-docker-local"} + export DOCKER_SERVER=${DOCKER_SERVER:-"${MAS_ICR_CP}/aiservice"} + export PULLSECRETNAME=${PULLSECRETNAME:-"ibm-entitlement"} + + export MAS_APP_CHANNEL=${MAS_APP_CHANNEL:-"9.1.x"} + + while [[ $# -gt 0 ]] + do + key="$1" + shift + case $key in + # GitOps Configuration + -d|--dir) + export GITOPS_WORKING_DIR=$1 && shift + ;; + -a|--account-id) + export ACCOUNT_ID=$1 && shift + ;; + -c|--cluster-id) + export CLUSTER_ID=$1 && shift + ;; + + # AWS Secrets Manager Configuration + --sm-aws-secret-region) + export SM_AWS_REGION=$1 + export REGION_ID=$1 + shift + ;; + --sm-aws-access-key) + export SM_AWS_ACCESS_KEY_ID=$1 && shift + ;; + --sm-aws-secret-key) + export SM_AWS_SECRET_ACCESS_KEY=$1 && shift + ;; + --secrets-path) + export SECRETS_PATH=$1 && shift + ;; + + # kmodel - all input params default + sm + --aiservice-instance-id) + export AISERVICE_INSTANCE_ID=$1 && shift + ;; + + --aiservice-internal-tls) + export AISERVICE_INTERNAL_TLS=$1 && shift + ;; + + --aiservice-namespace) + export AISERVICE_NAMESPACE=$1 && shift + ;; + + --pull-secret-name) + export PULL_SECRET_NAME=$1 && shift + ;; + + --aiservice-storage-provider) + export AISERVICE_STORAGE_PROVIDER=$1 && shift + ;; + + --aiservice-storage-ssl) + export AISERVICE_STORAGE_SSL=$1 && shift + ;; + + --aiservice-storage-host) + export AISERVICE_STORAGE_HOST=$1 && shift + ;; + + --aiservice-storage-port) + export AISERVICE_STORAGE_PORT=$1 && shift + ;; + + --aiservice-storage-region) + export AISERVICE_STORAGE_REGION=$1 && shift + ;; + + --aiservice-storage-templates-bucket) + export AISERVICE_STORAGE_TEMPLATES_BUCKET=$1 && shift + ;; + + --aiservice-storage-tenants-bucket) + export AISERVICE_STORAGE_TENANTS_BUCKET=$1 && shift + ;; + + --aiservice-storage-pipelines-bucket) + export AISERVICE_STORAGE_PIPELINES_BUCKET=$1 && shift + ;; + + --ssh-secret-name) + export SSH_SECRET_NAME=$1 && shift + ;; + + --mas_icr_cp) + export MAS_ICR_CP=$1 && shift + ;; + + --mas-app-channel) + export MAS_APP_CHANNEL=$1 && shift + ;; + + --docker-server) + export DOCKER_SERVER=$1 && shift + ;; + + --tenant-namespace) + export TENANT_NAMESPACE=$1 && shift + ;; + + --aiservice-provision-tenant) + export AISERVICE_PROVISION_TENANT=$1 && shift + ;; + + --primary-storage-class) + export PRIMARY_STORAGE_CLASS=$1 && shift + ;; + + --image-store) + export IMAGE_STORE=$1 && shift + ;; + + --image-watcher) + export IMAGE_WATCHER=$1 && shift + ;; + + --image-controller) + export IMAGE_CONTROLLER=$1 && shift + ;; + + # --aiservice-pipeline-steps-tag) + # export AISERVICE_PIPELINE_STEPS_TAG=$1 && shift + # ;; + + --aiservice-connector-tag) + export AISERVICE_CONNECTOR_TAG=$1 && shift + ;; + + --aiservice-saas) + export AISERVICE_SAAS=$1 && shift + ;; + + --model-id-unique-length) + export MODEL_ID_UNIQUE_LENGTH=$1 && shift + ;; + + --model-id-prefix) + export MODEL_ID_PREFIX=$1 && shift + ;; + + --pullSecretName) + export PULLSECRETNAME=$1 && shift + ;; + + # optional parameters if needed + + # Automatic GitHub Push + -P|--github-push) + export GITHUB_PUSH=true + ;; + -H|--github-host) + export GITHUB_HOST=$1 && shift + ;; + -O|--github-org) + export GITHUB_ORG=$1 && shift + ;; + -R|--github-repo) + export GITHUB_REPO=$1 && shift + ;; + -S|--github-ssh) + export GIT_SSH=$1 && shift + ;; + -B|--git-branch) + export GIT_BRANCH=$1 && shift + ;; + -M|--git-commit-msg) + export GIT_COMMIT_MSG=$1 && shift + ;; + + # Other Commands + -h|--help) + gitops_kmodel_help + ;; + *) + # unknown option + echo -e "${COLOR_RED}Usage Error: Unsupported option \"${key}\"${COLOR_RESET}\n" + gitops_kmodel_help "Usage Error: Unsupported option \"${key}\" " + exit 1 + ;; + esac + done + + + [[ -z "$GITOPS_WORKING_DIR" ]] && gitops_kmodel_help "GITOPS_WORKING_DIR is not set" + [[ -z "$ACCOUNT_ID" ]] && gitops_kmodel_help "ACCOUNT_ID is not set" + [[ -z "$CLUSTER_ID" ]] && gitops_kmodel_help "CLUSTER_ID is not set" + [[ -z "$REGION_ID" && -z "$SM_AWS_REGION" ]] && gitops_kmodel_help "REGION_ID or SM_AWS_REGION is not set" + + if [[ "$GITHUB_PUSH" == "true" ]]; then + [[ -z "$GITHUB_HOST" ]] && gitops_kmodel_help "GITHUB_HOST is not set" + [[ -z "$GITHUB_ORG" ]] && gitops_kmodel_help "GITHUB_ORG is not set" + [[ -z "$GITHUB_REPO" ]] && gitops_kmodel_help "GITHUB_REPO is not set" + [[ -z "$GIT_BRANCH" ]] && gitops_kmodel_help "GIT_BRANCH is not set" + fi + + # add validation for those variable which have the value needed for further execution + [[ -z "$AISERVICE_INSTANCE_ID" ]] && gitops_kmodel_help "AISERVICE_INSTANCE_ID is not set. Please provide the AI Service instance ID using --aiservice-instance-id." + [[ -z "$PRIMARY_STORAGE_CLASS" ]] && gitops_kmodel_help "PRIMARY_STORAGE_CLASS is not set. Please provide the primary storage class using --primary-storage-class." + [[ -z "$IMAGE_STORE" ]] && gitops_kmodel_help "IMAGE_STORE is not set. Please provide the image store using --image-store." + [[ -z "$IMAGE_WATCHER" ]] && gitops_kmodel_help "IMAGE_WATCHER is not set. Please provide the image watcher using --image-watcher." + [[ -z "$IMAGE_CONTROLLER" ]] && gitops_kmodel_help "IMAGE_CONTROLLER is not set. Please provide the image controller using --image-controller." + +} + +function gitops_kmodel() { + # Take the first parameter off (it will be create-gitops) + shift + if [[ $# -gt 0 ]]; then + gitops_kmodel_noninteractive "$@" + else + echo "Not supported yet" + exit 1 + gitops_kmodel_interactive + fi + + # catch errors + set -o pipefail + trap 'echo "[ERROR] Error occurred at $BASH_SOURCE, line $LINENO, exited with $?"; exit 1' ERR + + # Prepare directories + mkdir -p ${GITOPS_WORKING_DIR} + GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/${AISERVICE_INSTANCE_ID} + + echo + reset_colors + echo_h2 "Review Settings" + + echo "${TEXT_DIM}" + echo_h2 "Target" " " + echo_reset_dim "Account ID ..................... ${COLOR_MAGENTA}${ACCOUNT_ID}" + echo_reset_dim "Region ID ...................... ${COLOR_MAGENTA}${REGION_ID}" + echo_reset_dim "Cluster ID ..................... ${COLOR_MAGENTA}${CLUSTER_ID}" + echo_reset_dim "Cluster Config Directory ....... ${COLOR_MAGENTA}${GITOPS_CLUSTER_DIR}" + reset_colors + + echo "${TEXT_DIM}" + echo_h2 "AWS Secrets Manager" " " + echo_reset_dim "Region ......................... ${COLOR_MAGENTA}${SM_AWS_REGION}" + echo_reset_dim "Secret Key ..................... ${COLOR_MAGENTA}${SM_AWS_ACCESS_KEY_ID:0:4}" + echo_reset_dim "Access Key ..................... ${COLOR_MAGENTA}${SM_AWS_SECRET_ACCESS_KEY:0:4}" + echo_reset_dim "Secrets Path ................... ${COLOR_MAGENTA}${SECRETS_PATH}" + reset_colors + + echo "${TEXT_DIM}" + if [[ "$GITHUB_PUSH" == "true" ]]; then + echo_h2 "GitOps Target" " " + echo_reset_dim "Automatic Push ........................ ${COLOR_GREEN}Enabled" + echo_reset_dim "Working Directory ..................... ${COLOR_MAGENTA}${GITOPS_WORKING_DIR}" + echo_reset_dim "Host .................................. ${COLOR_MAGENTA}${GITHUB_HOST}" + echo_reset_dim "Organization .......................... ${COLOR_MAGENTA}${GITHUB_ORG}" + echo_reset_dim "Repository ............................ ${COLOR_MAGENTA}${GITHUB_REPO}" + echo_reset_dim "Branch ................................ ${COLOR_MAGENTA}${GIT_BRANCH}" + else + echo_h2 "GitOps Target" " " + echo_reset_dim "Automatic Push ........................ ${COLOR_RED}Disabled" + echo_reset_dim "Working Directory ..................... ${COLOR_MAGENTA}${GITOPS_WORKING_DIR}" + fi + reset_colors + + # echo all the variables of gitops envs + + echo "${TEXT_DIM}" + echo_h2 "kmodel" " " + echo_reset_dim "AI Service Instance Id ............................. ${COLOR_MAGENTA}${AISERVICE_INSTANCE_ID}" + echo_reset_dim "AI Service Internal TLS ............................ ${COLOR_MAGENTA}${AISERVICE_INTERNAL_TLS}" + echo_reset_dim "AI Service Namespace ............................... ${COLOR_MAGENTA}${AISERVICE_NAMESPACE}" + echo_reset_dim "MAS AI Service Storage Provider .................... ${COLOR_MAGENTA}${AISERVICE_STORAGE_PROVIDER}" + echo_reset_dim "MAS AI Service Storage SSL ......................... ${COLOR_MAGENTA}${AISERVICE_STORAGE_SSL}" + echo_reset_dim "MAS AI Service Storage Templates Bucket ............ ${COLOR_MAGENTA}${AISERVICE_STORAGE_TEMPLATES_BUCKET}" + echo_reset_dim "MAS AI Service Storage Tenants Bucket .............. ${COLOR_MAGENTA}${AISERVICE_STORAGE_TENANTS_BUCKET}" + echo_reset_dim "MAS AI Service Storage Pipelines Bucket ............ ${COLOR_MAGENTA}${AISERVICE_STORAGE_PIPELINES_BUCKET}" + echo_reset_dim "SSH Secret Name ................................... ${COLOR_MAGENTA}${SSH_SECRET_NAME}" + echo_reset_dim "MAS ICR CP Registry ............................... ${COLOR_MAGENTA}${MAS_ICR_CP}" + echo_reset_dim "Docker Server ..................................... ${COLOR_MAGENTA}${DOCKER_SERVER}" + echo_reset_dim "Tenant Namespace .................................. ${COLOR_MAGENTA}${TENANT_NAMESPACE}" + echo_reset_dim "MAS AI Service Provision Tenant .................... ${COLOR_MAGENTA}${AISERVICE_PROVISION_TENANT}" + echo_reset_dim "Primary Storage Class ............................. ${COLOR_MAGENTA}${PRIMARY_STORAGE_CLASS}" + echo_reset_dim "Image Store ....................................... ${COLOR_MAGENTA}${IMAGE_STORE}" + echo_reset_dim "Image Watcher ..................................... ${COLOR_MAGENTA}${IMAGE_WATCHER}" + echo_reset_dim "Image Controller .................................. ${COLOR_MAGENTA}${IMAGE_CONTROLLER}" + #echo_reset_dim "MAS AI Service Pipeline Steps Tag .................. ${COLOR_MAGENTA}${AISERVICE_PIPELINE_STEPS_TAG}" + echo_reset_dim "MAS AI Service Connector Tag ....................... ${COLOR_MAGENTA}${AISERVICE_CONNECTOR_TAG}" + echo_reset_dim "MAS AI Service SAAS ................................ ${COLOR_MAGENTA}${AISERVICE_SAAS}" + echo_reset_dim "Model ID Unique Length ............................ ${COLOR_MAGENTA}${MODEL_ID_UNIQUE_LENGTH}" + echo_reset_dim "Model ID Prefix ................................... ${COLOR_MAGENTA}${MODEL_ID_PREFIX}" + + reset_colors + + # Set up secrets + # --------------------------------------------------------------------------- + CURRENT_DIR=$PWD + # TEMP_DIR=$GITOPS_CLUSTER_DIR/tmp-kmodel + # mkdir -p ${TEMP_DIR} + + AVP_TYPE=aws # Support for IBM will be added later + sm_login + + SECRETS_PREFIX="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}" + + # check if those are already present + export IMAGE_PULL_SECRET_B64=${SECRETS_PREFIX}ibm_entitlement#image_pull_secret_b64 + + # STORAGE + export SM_STORAGE_ACCESSKEY=${SECRETS_PREFIX}storage#sm_storage_accesskey + export SM_STORAGE_SECRETKEY=${SECRETS_PREFIX}storage#sm_storage_secretkey + export SM_STORAGE_HOST=${SECRETS_PREFIX}storage#sm_storage_host + export SM_STORAGE_PORT=${SECRETS_PREFIX}storage#sm_storage_port + export SM_STORAGE_BUCKET_TEMPLATES=${SECRETS_PREFIX}storage#sm_storage_bucket_templates + export SM_STORAGE_BUCKET_TENANTS=${SECRETS_PREFIX}storage#sm_storage_bucket_tenants + export SM_STORAGE_BUCKET_PIPELINES=${SECRETS_PREFIX}storage#sm_storage_bucket_pipelines + +# check for those variables present into the aws sm + sm_verify_secret_exists ${SECRETS_PREFIX}ibm_entitlement "image_pull_secret_b64" + + sm_verify_secret_exists ${SECRETS_PREFIX}storage "sm_storage_host,sm_storage_accesskey,sm_storage_secretkey,sm_storage_bucket_templates,sm_storage_bucket_tenants,sm_storage_bucket_pipelines" + + # finally push them into the git repo + # --------------------------------------------------------------------------- + + if [ -z $GIT_SSH ]; then + export GIT_SSH=false + fi + + # Clone github target repo + # --------------------------------------------------------------------------- + if [ "$GITHUB_PUSH" == "true" ]; then + echo + echo_h2 "Cloning GitHub repo $GITHUB_ORG $GITHUB_REPO" + clone_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH $GITOPS_WORKING_DIR $GIT_SSH + fi + + mkdir -p ${GITOPS_CLUSTER_DIR} + + # Generate ArgoApps + # --------------------------------------------------------------------------- + echo + echo_h2 "Generating kmodel operator Applications" + echo "- kmodel operator" + + echo "Generating kmodel file ${GITOPS_CLUSTER_DIR}/ibm-kmodel.yaml" + jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2 ${GITOPS_CLUSTER_DIR}/ibm-kmodel.yaml + + + # Commit and push to github target repo + # --------------------------------------------------------------------------- + if [ "$GITHUB_PUSH" == "true" ]; then + echo + echo_h2 "Commit and push changes to GitHub repo $GITHUB_ORG $GITHUB_REPO" + save_to_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH "${GITOPS_WORKING_DIR}/${GITHUB_REPO}" "${GIT_COMMIT_MSG}" + remove_git_repo_clone $GITOPS_WORKING_DIR/$GITHUB_REPO + fi + + # rm -rf $TEMP_DIR + rm -rf $GITOPS_WORKING_DIR + + exit 0 +} diff --git a/image/cli/mascli/functions/gitops_odh b/image/cli/mascli/functions/gitops_odh index 6b8ff721dae..440e8e82b95 100755 --- a/image/cli/mascli/functions/gitops_odh +++ b/image/cli/mascli/functions/gitops_odh @@ -122,7 +122,13 @@ function gitops_odh_noninteractive() { export ODH_OPERATOR_VERSION="${ODH_OPERATOR_VERSION:-"opendatahub-operator.v2.19.0"}" export ODH_NAMESPACE="${ODH_NAMESPACE:-"opendatahub"}" - export AISERVICE_NAMESPACE="${AISERVICE_NAMESPACE:-"${AISERVICE_INSTANCE_ID}-aiservice"}" + export AISERVICE_NAMESPACE="${AISERVICE_NAMESPACE:-"mas-${AISERVICE_INSTANCE_ID}-aiservice"}" + + export ODH_PIPELINE_NAME="${ODH_PIPELINE_NAME:-"openshift-pipelines-operator"}" + export ODH_PIPELINE_NAMESPACE="${ODH_PIPELINE_NAMESPACE:-"openshift-operators"}" + export ODH_PIPELINE_OPERATOR_NAME="${ODH_PIPELINE_OPERATOR_NAME:-"openshift-pipelines-operator-rh"}" + export ODH_PIPELINE_SOURCE="${ODH_PIPELINE_SOURCE:-"redhat-operators"}" + export ODH_PIPELINE_SOURCE_NAMESPACE="${ODH_PIPELINE_SOURCE_NAMESPACE:-"openshift-marketplace"}" export SERVERLESS_NAMESPACE="${SERVERLESS_NAMESPACE:-"openshift-serverless"}" export SERVERLESS_OPERATOR_NAME="${SERVERLESS_OPERATOR_NAME:-"serverless-operator"}" @@ -138,7 +144,7 @@ function gitops_odh_noninteractive() { export OPENDATAHUB_SOURCE_NAMESPACE="${OPENDATAHUB_SOURCE_NAMESPACE:-"openshift-marketplace"}" export AISERVICE_STORAGE_PROVIDER="${AISERVICE_STORAGE_PROVIDER:-"aws"}" export AISERVICE_STORAGE_SSL="${AISERVICE_STORAGE_SSL:-"true"}" - export AISERVICE_STORAGE_REGION="${AISERVICE_STORAGE_REGION:-""}" + export AISERVICE_STORAGE_REGION="${AISERVICE_STORAGE_REGION:-"us-west-2"}" export PRIMARY_STORAGE_CLASS="${PRIMARY_STORAGE_CLASS:-"nfs-client"}" export AISERVICE_ODH_MODEL_DEPLOYMENT_TYPE="${AISERVICE_ODH_MODEL_DEPLOYMENT_TYPE:-"serverless"}" @@ -231,6 +237,21 @@ function gitops_odh_noninteractive() { --opendatahub-source-namespace) export OPENDATAHUB_SOURCE_NAMESPACE=$1 && shift ;; + --odh-pipeline-name) + export ODH_PIPELINE_NAME=$1 && shift + ;; + --odh-pipeline-namespace) + export ODH_PIPELINE_NAMESPACE=$1 && shift + ;; + --odh-pipeline-operator-name) + export ODH_PIPELINE_OPERATOR_NAME=$1 && shift + ;; + --odh-pipeline-source) + export ODH_PIPELINE_SOURCE=$1 && shift + ;; + --odh-pipeline-source-namespace) + export ODH_PIPELINE_SOURCE_NAMESPACE=$1 && shift + ;; --odh-pipeline-channel) export ODH_PIPELINE_CHANNEL=$1 && shift ;; @@ -274,6 +295,26 @@ function gitops_odh_noninteractive() { export AUTHORINO_CATALOG_SOURCE=$1 && shift ;; + --serverless-namespace) + export SERVERLESS_NAMESPACE=$1 && shift + ;; + --serverless-channel) + export SERVERLESS_CHANNEL=$1 && shift + ;; + --serverless-operator-name) + export SERVERLESS_OPERATOR_NAME=$1 && shift + ;; + --serverless-operator-source) + export SERVERLESS_OPERATOR_SOURCE=$1 && shift + ;; + --serverless-operator-source-namespace) + export SERVERLESS_OPERATOR_SOURCE_NAMESPACE=$1 && shift + ;; + + --authorino-catalog-source) + export AUTHORINO_CATALOG_SOURCE=$1 && shift + ;; + --aiservice-namespace) export AISERVICE_NAMESPACE=$1 && shift ;; @@ -284,12 +325,48 @@ function gitops_odh_noninteractive() { --storage-ssl|--aiservice-storage-ssl) export AISERVICE_STORAGE_SSL=$1 && shift ;; + --storage-accesskey) + export AISERVICE_STORAGE_ACCESSKEY=$1 && shift + ;; + --storage-secretkey) + export AISERVICE_STORAGE_SECRETKEY=$1 && shift + ;; + --storage-host) + export AISERVICE_STORAGE_HOST=$1 && shift + ;; + --storage-port) + export AISERVICE_STORAGE_PORT=$1 && shift + ;; + --storage-ssl) + export AISERVICE_STORAGE_SSL=$1 && shift + ;; --storage-region|--aiservice-storage-region) export AISERVICE_STORAGE_REGION=$1 && shift ;; + --storage-pipelines-bucket) + export AISERVICE_STORAGE_PIPELINES_BUCKET=$1 && shift + ;; --aiservice-odh-model-deployment-type) export AISERVICE_ODH_MODEL_DEPLOYMENT_TYPE=$1 && shift ;; + --db-host) + export AISERVICE_DB_HOST=$1 && shift + ;; + --db-port) + export AISERVICE_DB_PORT=$1 && shift + ;; + --db-user) + export AISERVICE_DB_USER=$1 && shift + ;; + --db-database) + export AISERVICE_DB_DATABASE=$1 && shift + ;; + --db-secret-name) + export AISERVICE_DB_SECRET_NAME=$1 && shift + ;; + --db-secret-value) + export AISERVICE_DB_SECRET_VALUE=$1 && shift + ;; --primary-storage-class) export PRIMARY_STORAGE_CLASS=$1 && shift ;; @@ -368,19 +445,89 @@ function gitops_odh() { # Set up secret key and fetch secret export SECRET_ACCOUNT_PATH="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}" export ODH_SECRET="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}storage" + + export SECRET_KEY_IMAGE_PULL_SECRET_B64="${SECRET_ACCOUNT_PATH}ibm_entitlement#image_pull_secret_b64" + # Storage + export SECRET_KEY_SM_STORAGE_ACCESSKEY="${SECRET_ACCOUNT_PATH}storage#sm_storage_accesskey" + export SECRET_KEY_SM_STORAGE_SECRETKEY="${SECRET_ACCOUNT_PATH}storage#sm_storage_secretkey" + export SECRET_KEY_SM_STORAGE_HOST="${SECRET_ACCOUNT_PATH}storage#sm_storage_host" + export SECRET_KEY_SM_STORAGE_PORT="${SECRET_ACCOUNT_PATH}storage#sm_storage_port" + export SECRET_KEY_SM_STORAGE_BUCKET_DEFAULT="${SECRET_ACCOUNT_PATH}storage#sm_storage_bucket_pipelines" + + # MariaDB + export SECRET_KEY_SM_MARIADB_HOST="${SECRET_ACCOUNT_PATH}mariadb#sm_mariadb_host" + export SECRET_KEY_SM_MARIADB_PORT="${SECRET_ACCOUNT_PATH}mariadb#sm_mariadb_port" + export SECRET_KEY_SM_MARIADB_USER="${SECRET_ACCOUNT_PATH}mariadb#sm_mariadb_user" + export SECRET_KEY_SM_MARIADB_DATABASE="${SECRET_ACCOUNT_PATH}mariadb#sm_mariadb_database" + export SECRET_KEY_SM_MARIADB_SECRET_NAME="${SECRET_ACCOUNT_PATH}mariadb#sm_mariadb_secret_name" + export SECRET_KEY_SM_MARIADB_SECRET_VALUE="${SECRET_ACCOUNT_PATH}mariadb#sm_mariadb_secret_value" + + + + export ODH_SECRET_FILE="$GITOPS_WORKING_DIR/odh-secret.json" if [ -z $GIT_SSH ]; then export GIT_SSH=false fi - sm_verify_secret_exists ${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}ibm_entitlement "image_pull_secret_b64" + sm_verify_secret_exists ${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}storage "sm_storage_bucket_templates,sm_storage_bucket_tenants,sm_storage_bucket_pipelines" + sm_verify_secret_exists ${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}mariadb "sm_mariadb_host,sm_mariadb_database" + sm_get_secret_file "$ODH_SECRET" "$ODH_SECRET_FILE" + ################################################################# + export MARIA_SECRET="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}mariadb" + export MARIA_SECRET_FILE="$GITOPS_WORKING_DIR/mariadb-secret.json" + sm_get_secret_file "$MARIA_SECRET" "$MARIA_SECRET_FILE" + ###################################################################### + #######################Checking condition Storage_provider####################################### + #aiservice_storage_provider + ###################################################################### + # Reuse existing secret values if present + TEMP_STORAGE_ACCESS_KEY=$(jq -r .sm_storage_accesskey "$ODH_SECRET_FILE") + if [[ -n ${TEMP_STORAGE_ACCESS_KEY} ]]; then + export STORAGE_ACCESS_KEY="${TEMP_STORAGE_ACCESS_KEY}" + echo "gitops_odh : STORAGE_ACCESS_KEY=${STORAGE_ACCESS_KEY:0:3} is available in the secret, using existing value." + fi + + TEMP_STORAGE_SECRET_KEY=$(jq -r .sm_storage_secretkey "$ODH_SECRET_FILE") + if [[ -n ${TEMP_STORAGE_SECRET_KEY} ]]; then + export STORAGE_SECRET_KEY="${TEMP_STORAGE_SECRET_KEY}" + echo "gitops_odh : STORAGE_SECRET_KEY=${STORAGE_SECRET_KEY:0:3} is available in the secret, using existing value." + fi + + TEMP_MARIADB_USER=$(jq -r .sm_mariadb_user "$ODH_SECRET_FILE") + if [[ -n ${TEMP_MARIADB_USER} ]]; then + export MARIADB_USER="${TEMP_MARIADB_USER}" + echo "gitops_odh : MARIADB_USER=${MARIADB_USER} is available in the secret, using existing value." + fi + + TEMP_MARIADB_SECRET_VALUE=$(jq -r .sm_mariadb_secret_value "$ODH_SECRET_FILE") + if [[ -n ${TEMP_MARIADB_SECRET_VALUE} ]]; then + export MARIADB_SECRET_VALUE="${TEMP_MARIADB_SECRET_VALUE}" + echo "gitops_odh : MARIADB_SECRET_VALUE=${MARIADB_SECRET_VALUE:0:4} is available in the secret, using existing value." + fi + + + # Extract and export secrets + export STORAGE_ACCESS_KEY=$(jq -r .sm_storage_accesskey "$ODH_SECRET_FILE") + export STORAGE_SECRET_KEY=$(jq -r .sm_storage_secretkey "$ODH_SECRET_FILE") + export STORAGE_HOST=$(jq -r .sm_storage_secretkey "$ODH_SECRET_FILE") + export STORAGE_PORT=$(jq -r .sm_storage_port "$ODH_SECRET_FILE") + export STORAGE_BUCKET=$(jq -r .sm_storage_bucket_pipelines "$ODH_SECRET_FILE") + + export MARIADB_HOST=$(jq -r .sm_mariadb_host "$MARIA_SECRET_FILE") + export MARIADB_PORT=$(jq -r .sm_mariadb_port "$MARIA_SECRET_FILE") + export MARIADB_USER=$(jq -r .sm_mariadb_user "$MARIA_SECRET_FILE") + export MARIADB_DATABASE=$(jq -r .sm_mariadb_database "$MARIA_SECRET_FILE") + export MARIADB_SECRET_NAME=$(jq -r .sm_mariadb_secret_name "$$MARIA_SECRET_FILE") + export MARIADB_SECRET_VALUE=$(jq -r .sm_mariadb_secret_value "$MARIA_SECRET_FILE") echo_h2 "ODH Secret Summary" echo_reset_dim "AI Service Namespace ................... ${COLOR_MAGENTA}${AISERVICE_NAMESPACE}" echo_reset_dim "STORAGE_HOST ............................. ${COLOR_MAGENTA}${STORAGE_HOST}" echo_reset_dim "STORAGE_BUCKET ........................... ${COLOR_MAGENTA}${STORAGE_BUCKET}" - + echo_reset_dim "MARIADB_HOST ........................... ${COLOR_MAGENTA}${MARIADB_HOST}" + echo_reset_dim "MARIADB_DATABASE ....................... ${COLOR_MAGENTA}${MARIADB_DATABASE}" echo_reset_dim "AISERVICE_STORAGE_SSL ................. ${COLOR_MAGENTA}${AISERVICE_STORAGE_SSL}" reset_colors @@ -401,6 +548,8 @@ function gitops_odh() { echo "Output: ${GITOPS_CLUSTER_DIR}/ibm-mas-odh-install.yaml" jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2 ${GITOPS_CLUSTER_DIR}/ibm-mas-odh-install.yaml + + TAGS="[{\"Key\": \"source\", \"Value\": \"gitops_odh\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT_ID}\"}, {\"Key\": \"cluster\", \"Value\": \"${CLUSTER_ID}\"}]" # GitHub push @@ -411,5 +560,7 @@ function gitops_odh() { remove_git_repo_clone "${GITOPS_WORKING_DIR}/${GITHUB_REPO}" fi + rm -rf "$ODH_SECRET_FILE" + rm -rf "$MARIA_SECRET_FILE" echo_h2 "ODH GitOps completed." } diff --git a/image/cli/mascli/functions/internal/save_config b/image/cli/mascli/functions/internal/save_config index d7a85931e52..52f24722d52 100644 --- a/image/cli/mascli/functions/internal/save_config +++ b/image/cli/mascli/functions/internal/save_config @@ -87,6 +87,7 @@ export MAS_APP_CHANNEL_OPTIMIZER=$MAS_APP_CHANNEL_OPTIMIZER export MAS_APP_PLAN_OPTIMIZER=$MAS_APP_PLAN_OPTIMIZER export MAS_APP_CHANNEL_ASSIST=$MAS_APP_CHANNEL_ASSIST export MAS_APP_CHANNEL_VISUALINSPECTION=$MAS_APP_CHANNEL_VISUALINSPECTION +export MAS_APP_CHANNEL_AISERVICE=$MAS_APP_CHANNEL_AISERVICE # SLS export SLS_LICENSE_FILE_LOCAL=$SLS_LICENSE_FILE_LOCAL diff --git a/image/cli/mascli/mas b/image/cli/mascli/mas index 4a9065e12c6..18f251cd080 100755 --- a/image/cli/mascli/mas +++ b/image/cli/mascli/mas @@ -680,6 +680,22 @@ case $1 in reset_colors gitops_deprovision_odh "$@" ;; + + gitops-kmodel) + echo "${TEXT_UNDERLINE}IBM Maximo Application Suite kmodel Manager (v${VERSION})${TEXT_RESET}" + echo "Powered by ${COLOR_CYAN}${TEXT_UNDERLINE}https://github.com/ibm-mas/gitops/${TEXT_RESET}" + echo + reset_colors + gitops_kmodel "$@" + ;; + + gitops-deprovision-kmodel) + echo "${TEXT_UNDERLINE}IBM Maximo Application Suite kmodel deprovision Manager (v${VERSION})${TEXT_RESET}" + echo "Powered by ${COLOR_CYAN}${TEXT_UNDERLINE}https://github.com/ibm-mas/gitops/${TEXT_RESET}" + echo + reset_colors + gitops_deprovision_kmodel "$@" + ;; gitops-aiservice) echo "${TEXT_UNDERLINE}IBM Maximo Application Suite AIService Manager (v${VERSION})${TEXT_RESET}" @@ -771,7 +787,7 @@ case $1 in ;; gitops-deprovision-aiservice) - echo "${TEXT_UNDERLINE}IBM Maximo Application Suite AIService deprovision Manager (v${VERSION})${TEXT_RESET}" + echo "${TEXT_UNDERLINE}IBM Maximo Application Suite AIService tenant deprovision Manager (v${VERSION})${TEXT_RESET}" echo "Powered by ${COLOR_CYAN}${TEXT_UNDERLINE}https://github.com/ibm-mas/gitops/${TEXT_RESET}" echo reset_colors @@ -845,6 +861,14 @@ case $1 in gitops ;; + gitops-kmodel) + echo "${TEXT_UNDERLINE}IBM Maximo Application Suite kmodel Manager (v${VERSION})${TEXT_RESET}" + echo "Powered by ${COLOR_CYAN}${TEXT_UNDERLINE}https://github.com/ibm-mas/gitops/${TEXT_RESET}" + echo + reset_colors + gitops_kmodel "$@" + ;; + *) echo "unknown parameter $1" exit 1 diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2 new file mode 100644 index 00000000000..b7bc2363d01 --- /dev/null +++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2 @@ -0,0 +1,49 @@ +merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ AISERVICE_INSTANCE_ID }}" + +ibm_kmodel: + aiservice_instance_id: {{ AISERVICE_INSTANCE_ID }} + aiservice_internal_tls: "{{ AISERVICE_INTERNAL_TLS }}" + + aiservice_namespace: "{{ AISERVICE_NAMESPACE }}" + + pull_secret_name: "" + + aiservice_storage_provider: "{{ AISERVICE_STORAGE_PROVIDER }}" + aiservice_storage_ssl: "{{ AISERVICE_STORAGE_SSL }}" + + aiservice_storage_accesskey: "" + aiservice_storage_secretkey: "" + aiservice_storage_host: "" + aiservice_storage_port: "" + aiservice_storage_region: "{{ AISERVICE_STORAGE_REGION }}" + + aiservice_storage_templates_bucket: "" + aiservice_storage_tenants_bucket: "" + aiservice_storage_pipelines_bucket: "" + + ssh_secret_name: "{{ SSH_SECRET_NAME }}" + + pullSecretName: "ibm-entitlement" + + docker_server: "{{ DOCKER_SERVER }}" + + aiservice_provision_tenant: "{{ AISERVICE_PROVISION_TENANT }}" + + primary_storage_class: "{{ PRIMARY_STORAGE_CLASS }}" + +# Docker image + image_store: "{{ IMAGE_STORE }}" + image_watcher: "{{ IMAGE_WATCHER }}" + image_controller: "{{ IMAGE_CONTROLLER }}" + + aiservice_pipeline_steps_tag: "{{ AISERVICE_PIPELINE_STEPS_TAG }}" + aiservice_connector_tag: "{{ AISERVICE_CONNECTOR_TAG }}" + + aiservice_saas: "{{ AISERVICE_SAAS }}" + + mas_app_channel: "{{ MAS_APP_CHANNEL }}" + + model_id_unique_length: "{{ MODEL_ID_UNIQUE_LENGTH }}" + model_id_prefix: "{{ MODEL_ID_PREFIX }}" + + mas_icr_cp: "{{ MAS_ICR_CP }}" diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2 index ed0f55dff11..2af3b011633 100644 --- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2 +++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2 @@ -21,6 +21,13 @@ ibm_odh: aiservice_namespace: {{ AISERVICE_NAMESPACE }} pull_secret_name: "" + # ODH Pipeline operator + odh_pipeline_name: {{ ODH_PIPELINE_NAME }} + odh_pipeline_namespace: {{ ODH_PIPELINE_NAMESPACE }} + odh_pipeline_operatorName: {{ ODH_PIPELINE_OPERATOR_NAME }} + odh_pipeline_source: {{ ODH_PIPELINE_SOURCE }} + odh_pipeline_sourceNamespace: {{ ODH_PIPELINE_SOURCE_NAMESPACE }} + # Serverless Operator serverless_namespace: {{ SERVERLESS_NAMESPACE }} serverless_operator_name: {{ SERVERLESS_OPERATOR_NAME }} @@ -31,9 +38,27 @@ ibm_odh: opendatahub_OperatorGroup_name: {{ OPENDATAHUB_OPERATORGROUP_NAME }} opendatahub_name: {{ OPENDATAHUB_NAME }} opendatahub_namespace: {{ OPENDATAHUB_NAMESPACE }} - opendatahub_installPlanApproval: {{ ODH_INSTALL_PLAN }} + opendatahub_installPlanApproval: {{ OPENDATAHUB_INSTALLPLAN_APPROVAL }} opendatahub_channel: {{ OPENDATAHUB_CHANNEL }} opendatahub_source: {{ OPENDATAHUB_SOURCE }} - opendatahub_sourceNamespace: {{ OPENDATAHUB_SOURCE_NAMESPACE }} - aiservice_odh_model_deployment_type: "{{ AISERVICE_ODH_MODEL_DEPLOYMENT_TYPE }}" + opendatahub__sourceNamespace: {{ OPENDATAHUB_SOURCE_NAMESPACE }} + + # Storage configuration + aiservice_storage_provider: {{ AISERVICE_STORAGE_PROVIDER }} + aiservice_storage_accesskey: "" + aiservice_storage_secretkey: "" + aiservice_storage_host: "" + aiservice_storage_port: "" + aiservice_storage_ssl: {{ AISERVICE_STORAGE_SSL }} + aiservice_storage_region: "{{ AISERVICE_STORAGE_REGION }}" + aiservice_storage_pipelines_bucket: "" + + # MariaDB configuration + aiservice_db_host: "" + aiservice_db_port: "" + aiservice_db_user: "" + aiservice_db_database: "" + aiservice_db_secret_name: "" + aiservice_db_secret_value: "" + primary_storage_class: {{ PRIMARY_STORAGE_CLASS }} diff --git a/tekton/generate-tekton-pipelines.yml b/tekton/generate-tekton-pipelines.yml index be5aa9d6adb..141b8096274 100644 --- a/tekton/generate-tekton-pipelines.yml +++ b/tekton/generate-tekton-pipelines.yml @@ -98,6 +98,7 @@ with_items: - deprovision-cluster - deprovision-mas-deps + - deprovision-aiservice-deps - deprovision-mas-instance - deprovision-mas-cluster - provision-bootstrap-cluster @@ -106,6 +107,7 @@ - gitops-mas-apps - gitops-mas-cluster - gitops-mas-deps + - gitops-aiservice-deps - gitops-mas-initiator - gitops-suite-license-service - deprovision-suite-license-service @@ -128,7 +130,9 @@ - provision-bootstrap-cluster - deprovision-cluster - deprovision-mas-deps + - deprovision-aiservice-deps when: pipeline_name == '' + # 5. Generate Gitops Pipelines with waits # ------------------------------------------------------------------------- @@ -141,4 +145,8 @@ with_items: - gitops-mas-deps - gitops-mas-initiator + - gitops-aiservice-deps when: pipeline_name == '' + + + diff --git a/tekton/src/params/install-appchannels.yml.j2 b/tekton/src/params/install-appchannels.yml.j2 index 2b4c3111327..f024d7a36b1 100644 --- a/tekton/src/params/install-appchannels.yml.j2 +++ b/tekton/src/params/install-appchannels.yml.j2 @@ -38,3 +38,7 @@ type: string description: Subscription channel for Facilities application operator default: "" +- name: mas_app_channel_aiservice + type: string + description: Subscription channel for AI Service application operator + default: "" \ No newline at end of file diff --git a/tekton/src/pipelines/gitops/deprovision-aiservice-deps.yml.j2 b/tekton/src/pipelines/gitops/deprovision-aiservice-deps.yml.j2 new file mode 100644 index 00000000000..c6b1185457f --- /dev/null +++ b/tekton/src/pipelines/gitops/deprovision-aiservice-deps.yml.j2 @@ -0,0 +1,192 @@ +--- +apiVersion: tekton.dev/v1beta1 +kind: Pipeline +metadata: +{% if wait_for_deprovision == true %} + name: gitops-deprovision-aiservice-deps-after-deprovision +{% else %} + name: gitops-deprovision-aiservice-deps +{% endif %} +spec: + description: Deprovision docDb, kafka and COS + workspaces: + - name: configs + params: +{% if wait_for_deprovision == true %} + # Name of the PipelineRun to wait for + - name: pipelinerun_name + type: string + - name: ignore_failure + type: string + default: "False" + description: Set to 'True' or 'False' (case-sensitive) to configure whether this pipeline continue if the pipeline we are waiting for has failed. +{% endif %} + - name: cluster_name + type: string + - name: ocp_version + type: string + - name: avp_type + type: string + - name: avp_aws_secret_region + type: string + - name: avp_aws_secret_key + type: string + - name: avp_aws_access_key + type: string + + # 1. Gitops git Parameters + # ------------------------------------------------------------------------- + {{ lookup('template', params_src_dir ~ '/gitops-git.yml.j2') | indent(4) }} + + - name: github_url + type: string + - name: rosa_token + type: string + - name: account + type: string + - name: secrets_path + type: string + - name: ibmcloud_resourcegroup + type: string + description: Name of an existing Resource Group in IBM Cloud account + default: "Default" + - name: ibmcloud_apikey + type: string + default: "" + - name: mas_instance_id + type: string + - name: aws_docdb_instance_number + type: string + default: 3 + - name: jdbc_type_aiservice + type: string + - name: jdbc_instance_name_aiservice + type: string + - name: jdbc_connection_url_aiservice + type: string + default: "" + - name: jdbc_certificate_file_aiservice + type: string + default: "" + - name: jdbc_route_aiservice + type: string + default: "" + + # Setting Parameters + # ----------------------------------------------------------------------------- + - name: cloud_provider + type: string + default: aws + - name: efs_action + type: string + description: efs action to be performed (provision or deprovision) + default: "" + - name: cluster_url + type: string + default: "" + - name: mas_app_channel_aiservice + type: string + description: Subscription channel for AI Service application operator + default: "" + - name: mas_edition + type: string + default: "" + - name: mas_workspace_id + type: string + default: "" + - name: mongo_provider + type: string + default: aws + - name: mongodb_action + type: string + description: Optional. Used to uninstall MongoDB + default: "" + - name: region + type: string + - name: vpc_ipv4_cidr + type: string + + tasks: +{% if wait_for_deprovision == true %} + # 0. Wait for the deprovsion mas pipeline to complete + # ------------------------------------------------------------------------- + - name: wait-for-deprovision + timeout: "0" + taskRef: + kind: Task + name: mas-devops-wait-for-tekton + params: + - name: type + value: pipelinerun + - name: name + value: $(params.pipelinerun_name) + - name: delay + value: 120 # seconds between checking the status of the pipelinerun + - name: max_retries + value: 120 # attempts before giving up + - name: ignore_failure + value: $(params.ignore_failure) # fails and exit once the first failure is detected +{% endif %} + + # Deprovision EFS + # ------------------------------------------------------------------------- + - name: gitops-deprovision-efs +{% if wait_for_deprovision == true %} + runAfter: + - wait-for-deprovision +{% endif %} + params: + {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/secrets-params.yml.j2') | indent(8) }} + - name: cluster_name + value: $(params.cluster_name) + - name: mas_instance_id + value: $(params.mas_instance_id) + - name: cloud_provider + value: $(params.cloud_provider) + - name: avp_aws_secret_key + value: $(params.avp_aws_secret_key) + - name: avp_aws_access_key + value: $(params.avp_aws_access_key) + - name: efs_action + value: $(params.efs_action) + workspaces: + - name: configs + workspace: configs + taskRef: + kind: Task + name: gitops-deprovision-efs + + # Deprovision Mongo + # ------------------------------------------------------------------------- + - name: gitops-deprovision-mongo + runAfter: + - gitops-deprovision-efs + params: + - name: cluster_name + value: $(params.cluster_name) + - name: account + value: $(params.account) + - name: secrets_path + value: $(params.secrets_path) + - name: avp_aws_secret_region + value: $(params.avp_aws_secret_region) + - name: avp_aws_secret_key + value: $(params.avp_aws_secret_key) + - name: avp_aws_access_key + value: $(params.avp_aws_access_key) + - name: vpc_ipv4_cidr + value: $(params.vpc_ipv4_cidr) + - name: mongo_provider + value: $(params.mongo_provider) + - name: aws_docdb_instance_number + value: $(params.aws_docdb_instance_number) + taskRef: + kind: Task + name: gitops-deprovision-mongo + workspaces: + - name: configs + workspace: configs + when: + - input: "$(params.mongodb_action)" + operator: notin + values: [""] diff --git a/tekton/src/pipelines/gitops/deprovision-mas-instance.yml.j2 b/tekton/src/pipelines/gitops/deprovision-mas-instance.yml.j2 index 84d9d4a8c01..b566c254163 100644 --- a/tekton/src/pipelines/gitops/deprovision-mas-instance.yml.j2 +++ b/tekton/src/pipelines/gitops/deprovision-mas-instance.yml.j2 @@ -124,45 +124,6 @@ spec: - name: configs workspace: configs - # Deprovision SMTP config - # ------------------------------------------------------------------------- - - name: gitops-deprovision-suite-smtp-config - runAfter: - - gitops-deprovision-suite-workspace - params: - {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/gitops-params.yml.j2') | indent(8) }} - {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/secrets-params.yml.j2') | indent(8) }} - {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/git-params.yml.j2') | indent(8) }} - - - name: mas_instance_id - value: $(params.mas_instance_id) - - taskRef: - kind: Task - name: gitops-deprovision-suite-smtp-config - workspaces: - - name: configs - workspace: configs - - # Deprovision IDP config - # ------------------------------------------------------------------------- - - name: gitops-deprovision-suite-idp-config - runAfter: - - gitops-deprovision-suite-workspace - params: - {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/gitops-params.yml.j2') | indent(8) }} - {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/secrets-params.yml.j2') | indent(8) }} - {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/git-params.yml.j2') | indent(8) }} - - - name: mas_instance_id - value: $(params.mas_instance_id) - - taskRef: - kind: Task - name: gitops-deprovision-suite-idp-config - workspaces: - - name: configs - workspace: configs # Deprovision Suite config # ------------------------------------------------------------------------- @@ -221,8 +182,6 @@ spec: # ------------------------------------------------------------------------- - name: gitops-delete-kafka-config runAfter: - - gitops-deprovision-suite-smtp-config - - gitops-deprovision-suite-idp-config - gitops-deprovision-suite-objectstorage-config params: {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/gitops-params.yml.j2') | indent(8) }} diff --git a/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2 b/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2 new file mode 100644 index 00000000000..0e90ef8acb7 --- /dev/null +++ b/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2 @@ -0,0 +1,160 @@ +--- +apiVersion: tekton.dev/v1beta1 +kind: Pipeline +metadata: +{% if wait_for_provision == true %} + name: gitops-aiservice-deps-after-provision +{% else %} + name: gitops-aiservice-deps +{% endif %} +spec: + description: MAS Cluster off-cluster dependencies + workspaces: + - name: configs + params: +{% if wait_for_provision == true %} + # Name of the PipelineRun to wait for + - name: pipelinerun_name + type: string + - name: ignore_failure + type: string + default: "False" + description: Set to 'True' or 'False' (case-sensitive) to configure whether this pipeline continue if the pipeline we are waiting for has failed. +{% endif %} + - name: cluster_name + type: string + - name: account + type: string + - name: secrets_path + type: string + - name: avp_aws_secret_region + type: string + - name: avp_aws_secret_key + type: string + - name: avp_aws_access_key + type: string + - name: github_pat + type: string + + - name: vpc_ipv4_cidr + type: string + - name: mongo_provider + type: string + default: aws + - name: aws_docdb_instance_number + type: string + default: 3 + - name: aws_docdb_engine_version + type: string + default: 4.0.0 + - name: mongodb_action + type: string + + - name: efs_action + type: string + description: efs action to be performed (provision or deprovision) + default: "" + + - name: mas_app_channel_aiservice + type: string + default: "" + ################# Added on Parameters + - name: cloud_provider + type: string + default: aws + - name: cluster_url + type: string + default: "" + - name: mas_instance_id + type: string + + tasks: +{% if wait_for_provision == true %} + # 0. Wait for the provsion pipeline to complete + # ------------------------------------------------------------------------- + - name: wait-for-provision + timeout: "0" + taskRef: + kind: Task + name: mas-devops-wait-for-tekton + params: + - name: type + value: pipelinerun + - name: name + value: $(params.pipelinerun_name) + - name: delay + value: 120 # seconds between checking the status of the pipelinerun + - name: max_retries + value: 120 # attempts before giving up + - name: ignore_failure + value: $(params.ignore_failure) # fails and exit once the first failure is detected +{% endif %} + + #1 Install AWS Elastic File Service (EFS) + - name: gitops-efs +{% if wait_for_provision == true %} + runAfter: + - wait-for-provision +{% endif %} + params: + {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/secrets-params.yml.j2') | indent(8) }} + - name: cluster_name + value: $(params.cluster_name) + - name: cloud_provider + value: $(params.cloud_provider) + - name: avp_aws_secret_key + value: $(params.avp_aws_secret_key) + - name: avp_aws_access_key + value: $(params.avp_aws_access_key) + - name: efs_action + value: $(params.efs_action) + - name: mas_instance_id + value: $(params.mas_instance_id) + workspaces: + - name: configs + workspace: configs + taskRef: + kind: Task + name: gitops-efs + when: + - input: "$(params.efs_action)" + operator: notin + values: [""] + - input: "$(params.efs_action)" + operator: in + values: ["provision"] + + - name: gitops-provision-mongo + runAfter: + - gitops-efs + params: + - name: cluster_name + value: $(params.cluster_name) + - name: account + value: $(params.account) + - name: secrets_path + value: $(params.secrets_path) + - name: avp_aws_secret_region + value: $(params.avp_aws_secret_region) + - name: avp_aws_secret_key + value: $(params.avp_aws_secret_key) + - name: avp_aws_access_key + value: $(params.avp_aws_access_key) + - name: vpc_ipv4_cidr + value: $(params.vpc_ipv4_cidr) + - name: mongo_provider + value: $(params.mongo_provider) + - name: aws_docdb_instance_number + value: $(params.aws_docdb_instance_number) + - name: aws_docdb_engine_version + value: $(params.aws_docdb_engine_version) + taskRef: + kind: Task + name: gitops-mongo + workspaces: + - name: configs + workspace: configs + when: + - input: "$(params.mongodb_action)" + operator: notin + values: [""] diff --git a/tekton/src/pipelines/gitops/gitops-aiservice-pipeline.yml.j2 b/tekton/src/pipelines/gitops/gitops-aiservice-pipeline.yml.j2 index 49254042750..5c9be3ee67e 100644 --- a/tekton/src/pipelines/gitops/gitops-aiservice-pipeline.yml.j2 +++ b/tekton/src/pipelines/gitops/gitops-aiservice-pipeline.yml.j2 @@ -63,6 +63,8 @@ spec: type: string - name: use_aws_db2 type: string + - name: is_gitops_fvt_env + type: string # ODH-specific - name: odh_channel @@ -242,4 +244,6 @@ spec: - name: jdbc_secret value: $(params.jdbc_secret) - name: use_aws_db2 - value: $(params.use_aws_db2) \ No newline at end of file + value: $(params.use_aws_db2) + - name: is_gitops_fvt_env + value: $(params.is_gitops_fvt_env) \ No newline at end of file diff --git a/tekton/src/pipelines/gitops/gitops-mas-fvt-preparer-pipeline.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-fvt-preparer-pipeline.yml.j2 index 1936553b3bb..d4b7a5d6560 100644 --- a/tekton/src/pipelines/gitops/gitops-mas-fvt-preparer-pipeline.yml.j2 +++ b/tekton/src/pipelines/gitops/gitops-mas-fvt-preparer-pipeline.yml.j2 @@ -24,6 +24,8 @@ spec: type: string - name: mas_instance_id type: string + - name: aiservice_instance_id + type: string - name: pipeline_storage_class type: string - name: avp_aws_secret_region @@ -67,6 +69,8 @@ spec: type: string - name: fvt_version_facilities type: string + - name: fvt_version_aiservice + type: string - name: fvt_blacklist_core type: string @@ -134,7 +138,10 @@ spec: - name: launchfvt_facilities type: string default: "true" - + - name: launchfvt_aiservice + type: string + default: "true" + description: "Set this to any value other than 'true' to disable lauch of the AI Service FVT Pipeline after app-cfg-aiservice completes" - name: mas_app_channel_iot type: string default: "" @@ -159,6 +166,9 @@ spec: - name: mas_app_channel_facilities type: string default: "" + - name: mas_app_channel_aiservice + type: string + default: "" - name: ldap_url type: string @@ -196,6 +206,8 @@ spec: value: $(params.launcher_id) - name: mas_instance_id value: $(params.mas_instance_id) + - name: aiservice_instance_id + value: $(params.aiservice_instance_id) - name: pipeline_storage_class value: $(params.pipeline_storage_class) - name: aws_region @@ -240,6 +252,8 @@ spec: value: $(params.fvt_version_sls) - name: fvt_version_facilities value: $(params.fvt_version_facilities) + - name: fvt_version_aiservice + value: $(params.fvt_version_aiservice) - name: fvt_blacklist_core value: $(params.fvt_blacklist_core) @@ -287,6 +301,8 @@ spec: value: $(params.launchfvt_manage_is) - name: launchfvt_facilities value: $(params.launchfvt_facilities) + - name: launchfvt_aiservice + value: $(params.launchfvt_aiservice) - name: mas_app_channel_iot value: $(params.mas_app_channel_iot) @@ -304,6 +320,8 @@ spec: value: $(params.mas_app_channel_predict) - name: mas_app_channel_facilities value: $(params.mas_app_channel_facilities) + - name: mas_app_channel_aiservice + value: $(params.mas_app_channel_aiservice) - name: ldap_url value: $(params.ldap_url) diff --git a/tekton/src/pipelines/gitops/gitops-mas-initiator.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-initiator.yml.j2 index 42c4edc924c..0b8655d23b3 100644 --- a/tekton/src/pipelines/gitops/gitops-mas-initiator.yml.j2 +++ b/tekton/src/pipelines/gitops/gitops-mas-initiator.yml.j2 @@ -56,11 +56,19 @@ spec: type: string - name: mas_channel type: string + default: "" - name: mas_operationalmode type: string default: "" - name: mas_instance_id type: string + default: "" + - name: aiservice_instance_id + type: string + default: "" + - name: is_gitops_fvt_env + type: string + default: "" - name: mas_app_channel_assist type: string default: "" @@ -82,6 +90,9 @@ spec: - name: mas_app_channel_visualinspection type: string default: "" + - name: mas_app_channel_aiservice + type: string + default: "" - name: mas_app_channel_facilities type: string default: "" @@ -190,6 +201,10 @@ spec: value: $(params.mas_operationalmode) - name: mas_instance_id value: $(params.mas_instance_id) + - name: aiservice_instance_id + value: $(params.aiservice_instance_id) + - name: is_gitops_fvt_env + value: $(params.is_gitops_fvt_env) - name: mas_app_channel_assist value: $(params.mas_app_channel_assist) - name: mas_app_channel_iot @@ -204,6 +219,8 @@ spec: value: $(params.mas_app_channel_predict) - name: mas_app_channel_visualinspection value: $(params.mas_app_channel_visualinspection) + - name: mas_app_channel_aiservice + value: $(params.mas_app_channel_aiservice) - name: mas_app_channel_facilities value: $(params.mas_app_channel_facilities) - name: github_pat diff --git a/tekton/src/pipelines/gitops/gitops-mas-instance.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-instance.yml.j2 index b8e5fa58836..6b83df5bb84 100644 --- a/tekton/src/pipelines/gitops/gitops-mas-instance.yml.j2 +++ b/tekton/src/pipelines/gitops/gitops-mas-instance.yml.j2 @@ -674,180 +674,6 @@ spec: workspace: configs - # 5. MAS Suite SMTP Config - # ------------------------------------------------------------------------- - - name: gitops-suite-smtp-config - runAfter: - - gitops-suite-config - params: - - name: cluster_name - value: $(params.cluster_name) - - name: account - value: $(params.account) - - name: secrets_path - value: $(params.secrets_path) - - name: mas_instance_id - value: $(params.mas_instance_id) - - name: git_branch - value: $(params.git_branch) - - name: github_org - value: $(params.github_org) - - name: github_repo - value: $(params.github_repo) - - name: github_host - value: $(params.github_host) - - name: git_commit_msg - value: $(params.git_commit_msg) - - name: github_pat - value: $(params.github_pat) - - name: avp_aws_secret_region - value: $(params.avp_aws_secret_region) - - name: smtp_host - value: $(params.smtp_host) - - name: smtp_port - value: $(params.smtp_port) - - name: smtp_security - value: $(params.smtp_security) - - name: smtp_authentication - value: $(params.smtp_authentication) - - name: smtp_default_sender_email - value: $(params.smtp_default_sender_email) - - name: smtp_default_sender_name - value: $(params.smtp_default_sender_name) - - name: smtp_default_recipient_email - value: $(params.smtp_default_recipient_email) - - name: smtp_default_should_email_passwords - value: $(params.smtp_default_should_email_passwords) - - name: smtp_disabled_templates - value: $(params.smtp_disabled_templates) - - name: cluster_url - value: $(params.cluster_url) - - name: mas_smtpcfg_pod_template_yaml - value: $(params.mas_smtpcfg_pod_template_yaml) - - name: smtp_config_ca_certificate_file - value: $(params.smtp_config_ca_certificate_file) - taskRef: - kind: Task - name: gitops-suite-smtp-config - when: - - input: "$(params.smtp_host)" - operator: notin - values: [""] - - input: "$(params.smtp_use_sendgrid)" - operator: notin - values: ["true"] - workspaces: - - name: configs - workspace: configs - - name: shared-gitops-configs - workspace: shared-gitops-configs - - - name: gitops-suite-smtp-config-sendgrid - runAfter: - - gitops-suite-config - params: - - name: cluster_name - value: $(params.cluster_name) - - name: account - value: $(params.account) - - name: secrets_path - value: $(params.secrets_path) - - name: mas_instance_id - value: $(params.mas_instance_id) - - name: git_branch - value: $(params.git_branch) - - name: github_org - value: $(params.github_org) - - name: github_repo - value: $(params.github_repo) - - name: github_host - value: $(params.github_host) - - name: avp_aws_secret_region - value: $(params.avp_aws_secret_region) - - name: smtp_disabled_templates - value: $(params.smtp_disabled_templates) - - name: mas_smtpcfg_pod_template_yaml - value: $(params.mas_smtpcfg_pod_template_yaml) - - name: smtp_config_ca_certificate_file - value: $(params.smtp_config_ca_certificate_file) - - - name: icn - value: $(params.sls_license_icn) - - name: mas_domain - value: $(params.mas_domain) - - name: cis_mas_domain - value: $(params.cis_mas_domain) - - name: cis_crn - value: $(params.cis_crn) - taskRef: - kind: Task - name: gitops-suite-smtp-config-sendgrid - when: - - input: "$(params.smtp_host)" - operator: in - values: [""] - - input: "$(params.smtp_use_sendgrid)" - operator: in - values: ["true"] - workspaces: - - name: configs - workspace: configs - - name: shared-gitops-configs - workspace: shared-gitops-configs - - - # 6. MAS Suite IDP Config - # ------------------------------------------------------------------------- - - name: gitops-suite-idp-config - runAfter: - - gitops-suite-config - params: - - name: cluster_name - value: $(params.cluster_name) - - name: account - value: $(params.account) - - name: secrets_path - value: $(params.secrets_path) - - name: mas_instance_id - value: $(params.mas_instance_id) - - name: git_branch - value: $(params.git_branch) - - name: github_org - value: $(params.github_org) - - name: github_repo - value: $(params.github_repo) - - name: github_host - value: $(params.github_host) - - name: git_commit_msg - value: $(params.git_commit_msg) - - name: github_pat - value: $(params.github_pat) - - name: avp_aws_secret_region - value: $(params.avp_aws_secret_region) - - name: ldap_url - value: $(params.ldap_url) - - name: ldap_basedn - value: $(params.ldap_basedn) - - name: ldap_userid_map - value: $(params.ldap_userid_map) - - name: ldap_certificate_file - value: $(params.ldap_certificate_file) - - name: cluster_url - value: $(params.cluster_url) - taskRef: - kind: Task - name: gitops-suite-idp-config - when: - - input: "$(params.ldap_url)" - operator: notin - values: [""] - workspaces: - - name: configs - workspace: configs - - name: shared-additional-configs - workspace: shared-additional-configs - - # 6. MAS Suite App Config # ------------------------------------------------------------------------- - name: gitops-maf-config @@ -942,53 +768,6 @@ spec: - name: configs workspace: configs - # 2. Deprovision SMTP config - # ------------------------------------------------------------------------- - - name: gitops-deprovision-suite-smtp-config - params: - {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/gitops-params.yml.j2') | indent(8) }} - {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/secrets-params.yml.j2') | indent(8) }} - {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/git-params.yml.j2') | indent(8) }} - - - name: mas_instance_id - value: $(params.mas_instance_id) - - taskRef: - kind: Task - name: gitops-deprovision-suite-smtp-config - when: - - input: "$(params.smtp_host)" - operator: in - values: [""] - - input: "$(params.smtp_use_sendgrid)" - operator: notin - values: ["true"] - workspaces: - - name: configs - workspace: configs - - # 3. Deprovision IDP config - # ------------------------------------------------------------------------- - - name: gitops-deprovision-suite-idp-config - params: - {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/gitops-params.yml.j2') | indent(8) }} - {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/secrets-params.yml.j2') | indent(8) }} - {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/git-params.yml.j2') | indent(8) }} - - - name: mas_instance_id - value: $(params.mas_instance_id) - - taskRef: - kind: Task - name: gitops-deprovision-suite-idp-config - when: - - input: "$(params.ldap_url)" - operator: in - values: [""] - workspaces: - - name: configs - workspace: configs - # 3. Deprovision app config # ------------------------------------------------------------------------- diff --git a/tekton/src/pipelines/mas-fvt-launcher.yml.j2 b/tekton/src/pipelines/mas-fvt-launcher.yml.j2 index 88f64d227cf..04c45b29a71 100644 --- a/tekton/src/pipelines/mas-fvt-launcher.yml.j2 +++ b/tekton/src/pipelines/mas-fvt-launcher.yml.j2 @@ -103,11 +103,15 @@ spec: type: string default: "false" description: "Set this to 'true' to enable launch of the Visual Inspection FVT pipeline after app-cfg-visualinspection completes" + - name: launchfvt_aiservice + type: string + default: "false" + description: "Set this to 'true' to enable launch of the AI Service FVT pipeline after app-cfg-aiservice completes" - name: launchivt_manage type: string default: "false" description: "Set this to 'true' to enable launch of the IVT pipeline at the end of applications FVT" - + - # Finalize # ------------------------------------------------------------------------- - name: finalize @@ -945,6 +949,80 @@ spec: values: ["true", "True"] runAfter: - launchfvt-visualinspection + + # 10. Application FVT - AI Service + # ------------------------------------------------------------------------- + - name: waitfor-aiservice + timeout: "0" + taskRef: + kind: Task + name: mas-devops-wait-for-configmap + params: + - name: image_pull_policy + value: $(params.image_pull_policy) + - name: namespace + value: $(context.taskRun.namespace) + - name: configmap_name + value: approval-app-cfg-aiservice + - name: configmap_target_value + value: pending + # Escape route + - name: escape_configmap_name + value: sync-install + # 25 retries at 5 minute intervals = 2 hours + - name: delay + value: "300" + - name: max_retries + value: "25" + - name: ignore_failure + value: "False" + when: + - input: $(params.launchfvt_aiservice) + operator: in + values: ["true", "True"] + - input: $(params.sync_with_install) + operator: in + values: ["true", "True"] + runAfter: + - approval-suite-verify + - approval-manage + + - name: launchfvt-aiservice + timeout: "0" + params: + - name: image_pull_policy + value: $(params.image_pull_policy) + - name: pipelinerun_name + value: "$(params.mas_instance_id)-fvt-aiservice" + taskRef: + kind: Task + name: aiservice-launchfvt + when: + - input: $(params.launchfvt_aiservice) + operator: in + values: ["true", "True"] + runAfter: + - waitfor-aiservice + + - name: approval-aiservice + timeout: "0" + taskRef: + kind: Task + name: mas-devops-update-configmap + params: + - name: image_pull_policy + value: $(params.image_pull_policy) + - name: configmap_name + value: approval-app-cfg-aiservice + - name: configmap_value + value: approved + when: + - input: $(params.sync_with_install) + operator: in + values: ["true", "True"] + runAfter: + - launchfvt-aiservice + # 11. Application FVT - Facilities diff --git a/tekton/src/pipelines/taskdefs/apps/aiservice-app.yml.j2 b/tekton/src/pipelines/taskdefs/apps/aiservice-app.yml.j2 new file mode 100644 index 00000000000..c3f13f63700 --- /dev/null +++ b/tekton/src/pipelines/taskdefs/apps/aiservice-app.yml.j2 @@ -0,0 +1,31 @@ +- name: app-install-aiservice + timeout: "0" + params: + {{ lookup('template', pipeline_src_dir ~ '/taskdefs/common/cli-params.yml.j2') | indent(4) }} + - name: devops_suite_name + value: app-aiservice-install + + - name: artifactory_username + value: $(params.artifactory_username) + - name: artifactory_token + value: $(params.artifactory_token) + + - name: mas_instance_id + value: $(params.mas_instance_id) + - name: mas_app_id + value: aiservice + - name: mas_app_channel + value: "$(params.mas_app_channel_aiservice)" + - name: ibm_entitlement_key + value: $(params.ibm_entitlement_key) + - name: custom_labels + value: $(params.custom_labels) + + taskRef: + name: mas-devops-suite-app-install + kind: Task + # Only install aiservice if a channel has been chosen + when: + - input: "$(params.mas_app_channel_aiservice)" + operator: notin + values: [""] \ No newline at end of file diff --git a/tekton/src/pipelines/taskdefs/apps/aiservice-workspace.yml.j2 b/tekton/src/pipelines/taskdefs/apps/aiservice-workspace.yml.j2 new file mode 100644 index 00000000000..92aba435959 --- /dev/null +++ b/tekton/src/pipelines/taskdefs/apps/aiservice-workspace.yml.j2 @@ -0,0 +1,26 @@ +- name: app-cfg-aiservice + timeout: "0" + params: + {{ lookup('template', pipeline_src_dir ~ '/taskdefs/common/cli-params.yml.j2') | indent(4) }} + - name: devops_suite_name + value: app-aiservice-cfg + + - name: mas_instance_id + value: $(params.mas_instance_id) + - name: mas_app_id + value: aiservice + - name: mas_workspace_id + value: "$(params.mas_workspace_id)" + - name: custom_labels + value: $(params.custom_labels) + taskRef: + name: mas-devops-suite-app-config + kind: Task + # Only configure a workspace for aiservice if a channel has been chosen + when: + - input: "$(params.mas_app_channel_aiservice)" + operator: notin + values: [""] + workspaces: + - name: configs + workspace: shared-configs \ No newline at end of file diff --git a/tekton/src/pipelines/taskdefs/gitops/apps/aiservice-app.yml.j2 b/tekton/src/pipelines/taskdefs/gitops/apps/aiservice-app.yml.j2 new file mode 100644 index 00000000000..4ec06a2a3d3 --- /dev/null +++ b/tekton/src/pipelines/taskdefs/gitops/apps/aiservice-app.yml.j2 @@ -0,0 +1,51 @@ +- name: app-install-aiservice + params: + {{ lookup('template', pipeline_src_dir ~ '/taskdefs/common/cli-params.yml.j2') | indent(4) }} + + {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/gitops-params.yml.j2') | indent(4) }} + + {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/secrets-params.yml.j2') | indent(4) }} + + {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/git-params.yml.j2') | indent(4) }} + + - name: devops_suite_name + value: app-aiservice-install + - name: mas_manual_cert_mgmt + value: $(params.mas_manual_cert_mgmt) + - name: mas_instance_id + value: $(params.mas_instance_id) + - name: mas_app_id + value: aiservice + - name: mas_app_channel + value: $(params.mas_app_channel_aiservice) + - name: mas_app_install_plan + value: $(params.mas_app_install_plan_aiservice) + - name: custom_labels + value: $(params.custom_labels) + - name: mas_app_spec_yaml + value: $(params.mas_app_spec_yaml_aiservice) + - name: mas_app_catalog_source + value: $(params.mas_app_catalog_source_aiservice) + - name: mas_app_api_version + value: $(params.mas_app_api_version_aiservice) + - name: mas_app_kind + value: $(params.mas_app_kind_aiservice) + - name: default_file_storage_class + value: $(params.default_file_storage_class) + - name: mas_edition + value: $(params.mas_edition) + - name: mas_manual_certs_yaml + value: $(params.mas_manual_certs_yaml) + taskRef: + name: gitops-suite-app-install + kind: Task + # Only install aiservice if a channel has been chosen + when: + - input: "$(params.mas_app_channel_aiservice)" + operator: notin + values: [""] + workspaces: + - name: configs + workspace: configs + - name: shared-gitops-configs + workspace: shared-gitops-configs diff --git a/tekton/src/pipelines/taskdefs/gitops/apps/aiservice-workspace.yml.j2 b/tekton/src/pipelines/taskdefs/gitops/apps/aiservice-workspace.yml.j2 new file mode 100644 index 00000000000..1f9859e55ca --- /dev/null +++ b/tekton/src/pipelines/taskdefs/gitops/apps/aiservice-workspace.yml.j2 @@ -0,0 +1,48 @@ +- name: app-cfg-aiservice + params: + {{ lookup('template', pipeline_src_dir ~ '/taskdefs/common/cli-params.yml.j2') | indent(4) }} + + {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/gitops-params.yml.j2') | indent(4) }} + + {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/secrets-params.yml.j2') | indent(4) }} + + {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/git-params.yml.j2') | indent(4) }} + + - name: devops_suite_name + value: app-aiservice-cfg + - name: mas_instance_id + value: $(params.mas_instance_id) + - name: mas_app_id + value: aiservice + - name: mas_workspace_id + value: $(params.mas_workspace_id) + - name: custom_labels + value: $(params.custom_labels) + - name: mas_appws_spec_yaml + value: $(params.mas_appws_spec_yaml_aiservice) + - name: mas_appws_api_version + value: $(params.mas_appws_api_version_aiservice) + - name: mas_appws_kind + value: $(params.mas_appws_kind_aiservice) + - name: mas_app_kind + value: $(params.mas_app_kind_aiservice) + - name: ingress + value: $(params.ingress) + - name: run_sanity_test + value: $(params.run_sanity_test) + taskRef: + name: gitops-suite-app-config + kind: Task + # Only configure a workspace for aiservice if a channel has been chosen + when: + - input: "$(params.mas_app_channel_aiservice)" + operator: notin + values: [""] + - input: "$(params.aiservice_workspace_action)" + operator: in + values: ["activate"] + workspaces: + - name: configs + workspace: configs + - name: shared-gitops-configs + workspace: shared-gitops-configs \ No newline at end of file diff --git a/tekton/src/tasks/aiservice/minio.yml.j2 b/tekton/src/tasks/aiservice/minio.yml.j2 index 8a4e6301932..1a33dcc0954 100644 --- a/tekton/src/tasks/aiservice/minio.yml.j2 +++ b/tekton/src/tasks/aiservice/minio.yml.j2 @@ -71,3 +71,4 @@ spec: - minio image: quay.io/ibmmas/cli:latest imagePullPolicy: $(params.image_pull_policy) + \ No newline at end of file diff --git a/tekton/src/tasks/gitops/gitops-aiservice-tenant.yml.j2 b/tekton/src/tasks/gitops/gitops-aiservice-tenant.yml.j2 index 56a1d2c1797..1bf20ea2998 100644 --- a/tekton/src/tasks/gitops/gitops-aiservice-tenant.yml.j2 +++ b/tekton/src/tasks/gitops/gitops-aiservice-tenant.yml.j2 @@ -93,6 +93,9 @@ spec: - name: sls_service type: string default: "" + - name: is_gitops_fvt_env + type: string + default: "false" stepTemplate: name: gitops-aiservice-tenant env: @@ -180,6 +183,8 @@ spec: value: $(params.tenant_scheduling_config_yaml) - name: STANDALONE_SLS_SERVICE value: $(params.sls_service) + - name: IS_GITOPS_FVT_ENV + value: $(params.is_gitops_fvt_env) envFrom: - configMapRef: name: environment-properties diff --git a/tekton/src/tasks/gitops/gitops-aiservice.yml.j2 b/tekton/src/tasks/gitops/gitops-aiservice.yml.j2 index 7f3a5a3b69a..d771cd17312 100644 --- a/tekton/src/tasks/gitops/gitops-aiservice.yml.j2 +++ b/tekton/src/tasks/gitops/gitops-aiservice.yml.j2 @@ -79,6 +79,9 @@ spec: type: string - name: use_aws_db2 type: string + - name: is_gitops_fvt_env + type: string + default: "false" stepTemplate: name: gitops-aiservice @@ -155,6 +158,8 @@ spec: value: $(params.jdbc_secret) - name: USE_AWS_DB2 value: $(params.use_aws_db2) + - name: IS_GITOPS_FVT_ENV + value: $(params.is_gitops_fvt_env) envFrom: - configMapRef: diff --git a/tekton/src/tasks/gitops/gitops-deprovision-cp4d-service.yml.j2 b/tekton/src/tasks/gitops/gitops-deprovision-cp4d-service.yml.j2 index d3ed67fc6f1..09ed21f4f7f 100644 --- a/tekton/src/tasks/gitops/gitops-deprovision-cp4d-service.yml.j2 +++ b/tekton/src/tasks/gitops/gitops-deprovision-cp4d-service.yml.j2 @@ -99,4 +99,5 @@ spec: imagePullPolicy: IfNotPresent image: quay.io/ibmmas/cli:latest workspaces: - - name: configs \ No newline at end of file + - name: configs + \ No newline at end of file diff --git a/tekton/src/tasks/gitops/gitops-deprovision-kmodel.yml.j2 b/tekton/src/tasks/gitops/gitops-deprovision-kmodel.yml.j2 new file mode 100644 index 00000000000..d596d7b61de --- /dev/null +++ b/tekton/src/tasks/gitops/gitops-deprovision-kmodel.yml.j2 @@ -0,0 +1,89 @@ + +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: gitops-deprovision-kmodel +spec: + params: + - name: cluster_name + type: string + - name: account + type: string + - name: cluster_id + type: string + - name: cluster_url + type: string + default: "" + - name: secrets_path + type: string + - name: avp_aws_secret_region + type: string + - name: git_branch + type: string + - name: github_org + type: string + - name: github_repo + type: string + - name: github_host + type: string + - name: aiservice_instance_id + type: string + + stepTemplate: + name: gitops-deprovision-kmodel + env: + - name: CLUSTER_NAME + value: $(params.cluster_name) + - name: ACCOUNT + value: $(params.account) + - name: CLUSTER_URL + value: $(params.cluster_url) + - name: SECRET_PATH + value: $(params.secrets_path) + - name: SM_AWS_REGION + value: $(params.avp_aws_secret_region) + - name: GIT_BRANCH + value: $(params.git_branch) + - name: GITHUB_ORG + value: $(params.github_org) + - name: GITHUB_HOST + value: $(params.github_host) + - name: GITHUB_REPO + value: $(params.github_repo) + - name: AISERVICE_INSTANCE_ID + value: $(params.aiservice_instance_id) + + + envFrom: + - configMapRef: + name: environment-properties + optional: true + - secretRef: + name: secure-properties + steps: + - args: + - |- + git config --global user.name "MAS Automation" + git config --global user.email "you@example.com" + git config --global user.password $GITHUB_PAT + + mkdir -p /tmp/deprovision-kmodel + mas gitops-deprovision-kmodel -a $ACCOUNT -c $CLUSTER_NAME \ + --dir /tmp/deprovision-kmodel \ + --secrets-path $SECRET_PATH \ + --github-push \ + --github-host $GITHUB_HOST \ + --github-org $GITHUB_ORG \ + --github-repo $GITHUB_REPO \ + --git-branch $GIT_BRANCH \ + + exit $? + command: + - /bin/sh + - -c + name: gitops-deprovision-kmodel + imagePullPolicy: IfNotPresent + image: quay.io/ibmmas/cli:latest + workspaces: + - name: configs + \ No newline at end of file diff --git a/tekton/src/tasks/gitops/gitops-kmodel.yml.j2 b/tekton/src/tasks/gitops/gitops-kmodel.yml.j2 new file mode 100644 index 00000000000..8ccfa138f0c --- /dev/null +++ b/tekton/src/tasks/gitops/gitops-kmodel.yml.j2 @@ -0,0 +1,191 @@ + +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: gitops-kmodel +spec: + params: + - name: cluster_name + type: string + - name: account + type: string + - name: cluster_id + type: string + - name: cluster_url + type: string + default: "" + - name: secrets_path + type: string + - name: avp_aws_secret_region + type: string + - name: git_branch + type: string + - name: github_org + type: string + - name: github_repo + type: string + - name: github_host + type: string + + - name: aiservice_instance_id + type: string + - name: aiservice_internal_tls + type: string + - name: aiservice_namespace + type: string + - name: pull_secret_name + type: string + - name: aiservice_storage_provider + type: string + - name: aiservice_storage_ssl + type: string + - name: aiservice_storage_host + type: string + - name: aiservice_storage_port + type: string + - name: aiservice_storage_region + type: string + - name: aiservice_storage_templates_bucket + type: string + - name: aiservice_storage_tenants_bucket + type: string + - name: aiservice_storage_pipelines_bucket + type: string + - name: ssh_secret_name + type: string + - name: docker_server + type: string + - name: tenantNamespace + type: string + - name: aiservice_provision_tenant + type: string + - name: primary_storage_class + type: string + - name: image_store + type: string + - name: image_watcher + type: string + - name: image_controller + type: string + - name: aiservice_connector_tag + type: string + - name: aiservice_saas + type: string + - name: model_id_unique_length + type: string + - name: model_id_prefix + type: string + + - name: mas_app_channel + type: string + - name: mas_icr_cp + type: string + + stepTemplate: + name: gitops-kmodel + env: + - name: CLUSTER_NAME + value: $(params.cluster_name) + - name: ACCOUNT + value: $(params.account) + #- name: CLUSTER_ID + # value: $(params.cluster_id) + - name: CLUSTER_URL + value: $(params.cluster_url) + - name: SECRET_PATH + value: $(params.secrets_path) + - name: SM_AWS_REGION + value: $(params.avp_aws_secret_region) + - name: GIT_BRANCH + value: $(params.git_branch) + - name: GITHUB_ORG + value: $(params.github_org) + - name: GITHUB_HOST + value: $(params.github_host) + - name: GITHUB_REPO + value: $(params.github_repo) + - name: AISERVICE_INSTANCE_ID + value: $(params.aiservice_instance_id) + - name: AISERVICE_INTERNAL_TLS + value: $(params.aiservice_internal_tls) + - name: AISERVICE_NAMESPACE + value: $(params.aiservice_namespace) + - name: PULL_SECRET_NAME + value: $(params.pull_secret_name) + - name: AISERVICE_STORAGE_PROVIDER + value: $(params.aiservice_storage_provider) + - name: AISERVICE_STORAGE_SSL + value: $(params.aiservice_storage_ssl) + - name: AISERVICE_STORAGE_HOST + value: $(params.aiservice_storage_host) + - name: AISERVICE_STORAGE_PORT + value: $(params.aiservice_storage_port) + - name: AISERVICE_STORAGE_REGION + value: $(params.aiservice_storage_region) + - name: AISERVICE_STORAGE_TEMPLATES_BUCKET + value: $(params.aiservice_storage_templates_bucket) + - name: AISERVICE_STORAGE_TENANTS_BUCKET + value: $(params.aiservice_storage_tenants_bucket) + - name: AISERVICE_STORAGE_PIPELINES_BUCKET + value: $(params.aiservice_storage_pipelines_bucket) + - name: SSH_SECRET_NAME + value: $(params.ssh_secret_name) + - name: DOCKER_SERVER + value: $(params.docker_server) + - name: TENANT_NAMESPACE + value: $(params.tenantNamespace) + - name: AISERVICE_PROVISION_TENANT + value: $(params.aiservice_provision_tenant) + - name: PRIMARY_STORAGE_CLASS + value: $(params.primary_storage_class) + - name: IMAGE_STORE + value: $(params.image_store) + - name: IMAGE_WATCHER + value: $(params.image_watcher) + - name: IMAGE_CONTROLLER + value: $(params.image_controller) + - name: AISERVICE_CONNECTOR_TAG + value: $(params.aiservice_connector_tag) + - name: AISERVICE_SAAS + value: $(params.aiservice_saas) + - name: MODEL_ID_UNIQUE_LENGTH + value: $(params.model_id_unique_length) + - name: MODEL_ID_PREFIX + value: $(params.model_id_prefix) + - name: MAS_APP_CHANNEL + value: $(params.mas_app_channel) + - name: MAS_ICR_CP + value: $(params.mas_icr_cp) + + envFrom: + - configMapRef: + name: environment-properties + optional: true + - secretRef: + name: secure-properties + steps: + - args: + - |- + git config --global user.name "MAS Automation" + git config --global user.email "you@example.com" + git config --global user.password $GITHUB_PAT + + mkdir -p /tmp/init-kmodel + mas gitops-kmodel -a $ACCOUNT -c $CLUSTER_NAME \ + --dir /tmp/init-kmodel \ + --secrets-path $SECRET_PATH \ + --github-push \ + --github-host $GITHUB_HOST \ + --github-org $GITHUB_ORG \ + --github-repo $GITHUB_REPO \ + --git-branch $GIT_BRANCH \ + + exit $? + command: + - /bin/sh + - -c + name: gitops-kmodel + imagePullPolicy: IfNotPresent + image: quay.io/ibmmas/cli:latest + workspaces: + - name: configs diff --git a/tekton/src/tasks/gitops/gitops-mas-fvt-preparer.yml.j2 b/tekton/src/tasks/gitops/gitops-mas-fvt-preparer.yml.j2 index ead29fdf80b..f815fdda781 100644 --- a/tekton/src/tasks/gitops/gitops-mas-fvt-preparer.yml.j2 +++ b/tekton/src/tasks/gitops/gitops-mas-fvt-preparer.yml.j2 @@ -53,7 +53,8 @@ spec: type: string - name: fvt_version_facilities type: string - + - name: fvt_version_aiservice + type: string - name: fvt_blacklist_core type: string - name: fvt_whitelist_core @@ -88,6 +89,9 @@ spec: - name: mas_instance_id type: string default: "" + - name: aiservice_instance_id + type: string + default: "" - name: mas_workspace_id type: string default: "" @@ -139,6 +143,10 @@ spec: - name: launchfvt_facilities type: string default: "true" + - name: launchfvt_aiservice + type: string + default: "true" + description: "Set this to any value other than 'true' to disable lauch of the AI Service FVT Pipeline after app-cfg-aiservice completes" - name: mas_app_channel_facilities type: string @@ -164,6 +172,9 @@ spec: - name: mas_app_channel_predict type: string default: "" + - name: mas_app_channel_aiservice + type: string + default: "" - name: ldap_url type: string @@ -211,6 +222,8 @@ spec: value: $(params.mas_instance_id) - name: FVT_ENVIRONMENT value: $(params.mas_instance_id) + - name: AISERVICE_INSTANCE_ID + value: $(params.aiservice_instance_id) - name: PIPELINE_STORAGE_CLASS value: $(params.pipeline_storage_class) - name: AWS_REGION @@ -259,6 +272,8 @@ spec: value: $(params.fvt_version_sls) - name: FVT_VERSION_FACILITIES value: $(params.fvt_version_facilities) + - name: FVT_VERSION_AISERVICE + value: $(params.fvt_version_aiservice) - name: FVT_BLACKLIST_CORE value: $(params.fvt_blacklist_core) - name: FVT_WHITELIST_CORE @@ -297,6 +312,8 @@ spec: value: $(params.launchfvt_manage_is) - name: LAUNCHFVT_FACILITIES value: $(params.launchfvt_facilities) + - name: LAUNCHFVT_AISERVICE + value: $(params.launchfvt_aiservice) - name: MAS_APP_CHANNEL_FACILITIES value: $(params.mas_app_channel_facilities) - name: MAS_APP_CHANNEL_IOT @@ -313,7 +330,8 @@ spec: value: $(params.mas_app_channel_optimizer) - name: MAS_APP_CHANNEL_PREDICT value: $(params.mas_app_channel_predict) - + - name: MAS_APP_CHANNEL_AISERVICE + value: $(params.mas_app_channel_aiservice) - name: LDAP_URL value: $(params.ldap_url) - name: LDAP_BASE_DN @@ -612,7 +630,13 @@ spec: check_argo_app_healthy "${MASAPP_APP}" 120 check_argo_app_healthy "${MAS_WORKSPACE_ID}.${MASAPP_APP}" 120 fi - + fi + if [[ "$LAUNCHER_ID" == "aiservice" ]]; then + if [[ "$LAUNCHFVT_AISERVICE" == "true" ]]; then + MASAPP_APP="aiservice.${CLUSTER_NAME}.${AISERVICE_INSTANCE_ID}" + check_argo_app_healthy "${MASAPP_APP}" 140 + check_argo_app_healthy "${MAS_WORKSPACE_ID}.${MASAPP_APP}" 140 + fi fi # If use_sendgrid: true, disable the subuser so we do not accidentally send out real emails when running tests against the instance diff --git a/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2 b/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2 index 0a0f3fc5c69..b237676c4bc 100644 --- a/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2 +++ b/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2 @@ -32,10 +32,16 @@ spec: default: "gitops-initiator deploy" - name: mas_channel type: string + default: "" - name: mas_operationalmode type: string + default: "" - name: mas_instance_id type: string + default: "" + - name: aiservice_instance_id + type: string + default: "" - name: mas_app_channel_assist type: string - name: mas_app_install_plan_assist @@ -73,6 +79,9 @@ spec: default: "Automatic" - name: mas_app_channel_visualinspection type: string + - name: mas_app_channel_aiservice + type: string + default: "" - name: mas_app_install_plan_visualinspection type: string default: "Automatic" @@ -116,6 +125,9 @@ spec: - name: centralised_sls type: string default: "" + - name: is_gitops_fvt_env + type: string + default: "" stepTemplate: name: gitops-mas-initiator env: @@ -149,6 +161,10 @@ spec: value: $(params.mas_operationalmode) - name: MAS_INSTANCE_ID value: $(params.mas_instance_id) + - name: AISERVICE_INSTANCE_ID + value: $(params.aiservice_instance_id) + - name: IS_GITOPS_FVT_ENV + value: $(params.is_gitops_fvt_env) - name: MAS_APP_CHANNEL_ASSIST value: $(params.mas_app_channel_assist) - name: MAS_APP_INSTALL_PLAN_ASSIST @@ -179,6 +195,8 @@ spec: value: $(params.mas_app_install_plan_predict) - name: MAS_APP_CHANNEL_VISUALINSPECTION value: $(params.mas_app_channel_visualinspection) + - name: MAS_APP_CHANNEL_AISERVICE + value: $(params.mas_app_channel_aiservice) - name: MAS_APP_INSTALL_PLAN_VISUALINSPECTION value: $(params.mas_app_install_plan_visualinspection) - name: GITHUB_PAT @@ -239,6 +257,16 @@ spec: exit 1 fi + # Validate that at least one of MAS_INSTANCE_ID or AISERVICE_INSTANCE_ID is provided + if [ -z "$MAS_INSTANCE_ID" ] && [ -z "$AISERVICE_INSTANCE_ID" ]; then + echo "Error: At least one of MAS_INSTANCE_ID or AISERVICE_INSTANCE_ID must be provided" + exit 1 + fi + + echo "gitops-mas-initiator: Deployment mode - MAS_INSTANCE_ID=${MAS_INSTANCE_ID}, AISERVICE_INSTANCE_ID=${AISERVICE_INSTANCE_ID}" + + echo "gitops-mas-initiator: AI Service Deployment mode - MAS_INSTANCE_ID=${MAS_INSTANCE_ID}, IS_GITOPS_FVT_ENV=${IS_GITOPS_FVT_ENV}" + if [ -n $IBMCLOUD_APIKEY ]; then export SECRET_NAME=${ACCOUNT}${SECRETS_KEY_SEPERATOR}${CLUSTER_NAME}${SECRETS_KEY_SEPERATOR}cis @@ -331,158 +359,233 @@ spec: echo "copy $SOURCE_LOCAL_DIR/$SOURCE_GITHUB_REPO/order-status/* to $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/order-status" cp -r $SOURCE_LOCAL_DIR/$SOURCE_GITHUB_REPO/order-status/* $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/order-status - mkdir -p $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID - echo "copying $SOURCE_LOCAL_DIR/$SOURCE_GITHUB_REPO/$SOURCE_PATH/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/* to $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID" - cp -r $SOURCE_LOCAL_DIR/$SOURCE_GITHUB_REPO/$SOURCE_PATH/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/* $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/ + # Copy MAS instance files if MAS_INSTANCE_ID is provided + if [ -n "$MAS_INSTANCE_ID" ]; then + echo "gitops-mas-initiator: Processing MAS instance: $MAS_INSTANCE_ID" + mkdir -p $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID + echo "copying $SOURCE_LOCAL_DIR/$SOURCE_GITHUB_REPO/$SOURCE_PATH/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/* to $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID" + cp -r $SOURCE_LOCAL_DIR/$SOURCE_GITHUB_REPO/$SOURCE_PATH/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/* $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/ - # Process any .j2 files - process_j2_files "$TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID" + # Process any .j2 files + process_j2_files "$TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID" + fi + + # If AISERVICE_INSTANCE_ID is set, copy the AISERVICE_INSTANCE_ID specific files + if [ -n "$AISERVICE_INSTANCE_ID" ]; then + # 1. Ensure target AIBroker instance folder exists + mkdir -p $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$AISERVICE_INSTANCE_ID + # 2. Log what is being copied + echo "copying $SOURCE_LOCAL_DIR/$SOURCE_GITHUB_REPO/$SOURCE_PATH/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$AISERVICE_INSTANCE_ID/* to $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$AISERVICE_INSTANCE_ID" + # 3. Copy recursively from source to target + if [ -d "$SOURCE_LOCAL_DIR/$SOURCE_GITHUB_REPO/$SOURCE_PATH/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$AISERVICE_INSTANCE_ID" ]; then + cp -r $SOURCE_LOCAL_DIR/$SOURCE_GITHUB_REPO/$SOURCE_PATH/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$AISERVICE_INSTANCE_ID/* $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$AISERVICE_INSTANCE_ID/ + else + echo "Warning: Source AIBroker directory not found." + fi # ICN folder will be created later after extracting ICN and SAAS_SUB_ID - echo "gitops-mas-initiator:: DNS_PROVIDER_CONTROL_IDEN=${DNS_PROVIDER_CONTROL_IDEN} MANUAL_CERTS_CONTROL_FLAG=${MANUAL_CERTS_CONTROL_FLAG}" - if [[ "${MANUAL_CERTS_CONTROL_FLAG}" == "true" ]]; then + process_j2_files "$TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$AISERVICE_INSTANCE_ID" + fi + + cd $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO - mkdir -p $TARGET_LOCAL_DIR/manual-certs - cd $TARGET_LOCAL_DIR/manual-certs + # MAS-specific configurations (only if MAS_INSTANCE_ID is provided) + if [ -n "$MAS_INSTANCE_ID" ]; then + echo "gitops-mas-initiator: Configuring MAS-specific settings for $MAS_INSTANCE_ID" + echo "gitops-mas-initiator:: DNS_PROVIDER_CONTROL_IDEN=${DNS_PROVIDER_CONTROL_IDEN} MANUAL_CERTS_CONTROL_FLAG=${MANUAL_CERTS_CONTROL_FLAG}" + + if [[ "${MANUAL_CERTS_CONTROL_FLAG}" == "true" ]]; then - git clone https://git:$GITHUB_PAT@$GITHUB_HOST/$SOURCE_GITHUB_ORG/devops-configs.git -b master || exit + mkdir -p $TARGET_LOCAL_DIR/manual-certs + cd $TARGET_LOCAL_DIR/manual-certs - mkdir -p $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/manual-certs + git clone https://git:$GITHUB_PAT@$GITHUB_HOST/$SOURCE_GITHUB_ORG/devops-configs.git -b master || exit - # Copy manual certs of mas_instance - cp -r $TARGET_LOCAL_DIR/manual-certs/devops-configs/certs/$MAS_INSTANCE_ID/* $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/manual-certs + mkdir -p $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/manual-certs - # Invoke create-aggregate-manual-certs.sh to generate combined_manual_certs.yaml + # Copy manual certs of mas_instance + cp -r $TARGET_LOCAL_DIR/manual-certs/devops-configs/certs/$MAS_INSTANCE_ID/* $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/manual-certs - chmod +x $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/create-aggregate-manual-certs.sh + # Invoke create-aggregate-manual-certs.sh to generate combined_manual_certs.yaml - $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/create-aggregate-manual-certs.sh $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/manual-certs + chmod +x $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/create-aggregate-manual-certs.sh - # Remove manual-certs folder - rm -rf $TARGET_LOCAL_DIR/manual-certs + $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/create-aggregate-manual-certs.sh $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/manual-certs - fi + # Remove manual-certs folder + rm -rf $TARGET_LOCAL_DIR/manual-certs + + cd $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO + fi - cd $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO - if [[ "${MANUAL_CERTS_CONTROL_FLAG}" != "true" ]]; then - yq -i 'del(.dns.manual_certs)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-instance-params.yaml - echo "gitops-mas-initiator: removed .dns.manual_certs node" + if [[ "${DNS_PROVIDER_CONTROL_IDEN}" == "cis" ]]; then + yq -i '.cluster.dns.provider = env(DNS_PROVIDER_CONTROL_IDEN)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml + echo "gitops-mas-initiator: .cluster.dns.provider set to $DNS_PROVIDER_CONTROL_IDEN in $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml" fi + if [[ "${MANUAL_CERTS_CONTROL_FLAG}" != "true" ]]; then + yq -i 'del(.dns.manual_certs)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-instance-params.yaml + echo "gitops-mas-initiator: removed .dns.manual_certs node" + fi - # Update the domain name in the mas-instance-params.yaml. - export ROSA_CONFIG=/workspace/configs/tmp-rosa/rosa-$(params.cluster_name)-details.yaml - export OCP_SERVER=$(cat $ROSA_CONFIG | yq '.data.api_url') - export DOMAIN=$(echo -n $OCP_SERVER | sed -n -e 's/^.*api.//p' | cut -d: -f1) - export MASDOMAIN=$MAS_INSTANCE_ID.apps.$DOMAIN - export APPSDOMAIN=apps.$DOMAIN + # Update the domain name in the mas-instance-params.yaml. + export ROSA_CONFIG=/workspace/configs/tmp-rosa/rosa-$(params.cluster_name)-details.yaml + export OCP_SERVER=$(cat $ROSA_CONFIG | yq '.data.api_url') + export DOMAIN=$(echo -n $OCP_SERVER | sed -n -e 's/^.*api.//p' | cut -d: -f1) + export MASDOMAIN=$MAS_INSTANCE_ID.apps.$DOMAIN + export APPSDOMAIN=apps.$DOMAIN - yq -i '.mas_instance.domain = env(MASDOMAIN)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-instance-params.yaml + yq -i '.mas_instance.domain = env(MASDOMAIN)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-instance-params.yaml - # Update the ocp server url & ingress domain url in the cluster-params.yaml. - yq -i '.cluster.url = env(OCP_SERVER)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml - yq -i '.cluster.domain = env(APPSDOMAIN)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml + # Update the channel in the mas-instance-params.yaml. + if [ -n "$MAS_CHANNEL" ]; then + yq -i '.mas_instance.channel = env(MAS_CHANNEL)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-instance-params.yaml + fi - # Update the provisioner_domain in cluster-params.yaml. - yq -i '(. | select(has("mas_provisioner")) | .mas_provisioner.provisioner_domain) = env(APPSDOMAIN)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml + # Update the operationalmode in the mas-instance-params.yaml. + if [ -n "$MAS_OPERATIONALMODE" ]; then + yq -i '.mas_instance.annotations."mas.ibm.com/operationalMode" = env(MAS_OPERATIONALMODE)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-instance-params.yaml + fi + fi - # Update the channel in the mas-instance-params.yaml. - yq -i '.mas_instance.channel = env(MAS_CHANNEL)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-instance-params.yaml + # Update cluster-level configurations (common for both MAS and AIService) + export ROSA_CONFIG=/workspace/configs/tmp-rosa/rosa-$(params.cluster_name)-details.yaml + if [ -f "$ROSA_CONFIG" ]; then + export OCP_SERVER=$(cat $ROSA_CONFIG | yq '.data.api_url') + export DOMAIN=$(echo -n $OCP_SERVER | sed -n -e 's/^.*api.//p' | cut -d: -f1) + export APPSDOMAIN=apps.$DOMAIN - # Update the operationalmode in the mas-instance-params.yaml. - yq -i '.mas_instance.annotations."mas.ibm.com/operationalMode" = env(MAS_OPERATIONALMODE)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-instance-params.yaml + # Update the ocp server url & ingress domain url in the cluster-params.yaml. + yq -i '.cluster.url = env(OCP_SERVER)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml + yq -i '.cluster.domain = env(APPSDOMAIN)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml - # Remove dns node when DNS_PROVIDER_CONTROL_IDEN is not set - if [ "${DNS_PROVIDER_CONTROL_IDEN}" == "" ]; then - yq -i 'del(.dns)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-instance-params.yaml - yq -i 'del(.cluster.dns)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml - echo "gitops-mas-initiator: removed .dns / .cluster.dns node from gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-instance-params.yaml & gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml" + # Update the provisioner_domain in cluster-params.yaml. + yq -i '(. | select(has("mas_provisioner")) | .mas_provisioner.provisioner_domain) = env(APPSDOMAIN)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml fi - # Deploy fvtsaas with CIS as DNS provider and Manual_certs=True on Mon, Tue, Wed, Thu, Fri - # Deploy fvtsaas with CIS as DNS provider and Manual_certs=False on Sun + # Additional MAS-specific configurations (only if MAS_INSTANCE_ID is provided) + if [ -n "$MAS_INSTANCE_ID" ]; then + # Remove dns node when DNS_PROVIDER_CONTROL_IDEN is not set + if [ "${DNS_PROVIDER_CONTROL_IDEN}" == "" ]; then + yq -i 'del(.dns)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-instance-params.yaml + yq -i 'del(.cluster.dns)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml + echo "gitops-mas-initiator: removed .dns / .cluster.dns node from $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-instance-params.yaml & gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml" + fi - yq -i '.mas_instance.manual_cert_mgmt = env(MANUAL_CERTS_CONTROL_FLAG)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-instance-params.yaml - echo "gitops-mas-initiator: .mas_instance.manual_cert_mgmt set to $MANUAL_CERTS_CONTROL_FLAG" + # Deploy fvtsaas with CIS as DNS provider and Manual_certs=True on Mon, Tue, Wed, Thu, Fri + # Deploy fvtsaas with CIS as DNS provider and Manual_certs=False on Sun + yq -i '.mas_instance.manual_cert_mgmt = env(MANUAL_CERTS_CONTROL_FLAG)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-instance-params.yaml + echo "gitops-mas-initiator: .mas_instance.manual_cert_mgmt set to $MANUAL_CERTS_CONTROL_FLAG" - if [[ "${DNS_PROVIDER_CONTROL_IDEN}" == "cis" ]]; then - yq -i '.cluster.dns.provider = env(DNS_PROVIDER_CONTROL_IDEN)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml - echo "gitops-mas-initiator: .cluster.dns.provider set to $DNS_PROVIDER_CONTROL_IDEN in gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml" - fi + if [[ "${DNS_PROVIDER_CONTROL_IDEN}" == "cis" ]]; then + yq -i '.cluster.dns.provider = env(DNS_PROVIDER_CONTROL_IDEN)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml + echo "gitops-mas-initiator: .cluster.dns.provider set to $DNS_PROVIDER_CONTROL_IDEN in $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml" + fi - #customizationList customizationArchive credentials - if [ -f "gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/appws_spec_manage.yaml" ]; then + #customizationList customizationArchive credentials + if [ -f "$TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/appws_spec_manage.yaml" ]; then - MAS_APPWS_SPEC_YAML=gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/appws_spec_manage.yaml - secret_names=$(yq eval '.mas_appws_spec.settings.customizationList | to_entries | .[].value.customizationArchiveCredentials.secretName' ${MAS_APPWS_SPEC_YAML}) - for customization_archive_secret_name in ${secret_names[@]}; do + MAS_APPWS_SPEC_YAML=$TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/appws_spec_manage.yaml + secret_names=$(yq eval '.mas_appws_spec.settings.customizationList | to_entries | .[].value.customizationArchiveCredentials.secretName' ${MAS_APPWS_SPEC_YAML}) + for customization_archive_secret_name in ${secret_names[@]}; do - export CUSTOMIZATION_ARCHIVE_SECRET=${ACCOUNT}${SECRETS_KEY_SEPERATOR}${CLUSTER_NAME}${SECRETS_KEY_SEPERATOR}$MAS_INSTANCE_ID${SECRETS_KEY_SEPERATOR} - export CUSTOMIZATION_ARCHIVE_SECRET_NAME=${CUSTOMIZATION_ARCHIVE_SECRET}${customization_archive_secret_name} - echo "gitops-mas-initiator: creating AWS SM with name :: ${CUSTOMIZATION_ARCHIVE_SECRET_NAME}" + export CUSTOMIZATION_ARCHIVE_SECRET=${ACCOUNT}${SECRETS_KEY_SEPERATOR}${CLUSTER_NAME}${SECRETS_KEY_SEPERATOR}$MAS_INSTANCE_ID${SECRETS_KEY_SEPERATOR} + export CUSTOMIZATION_ARCHIVE_SECRET_NAME=${CUSTOMIZATION_ARCHIVE_SECRET}${customization_archive_secret_name} + echo "gitops-mas-initiator: creating AWS SM with name :: ${CUSTOMIZATION_ARCHIVE_SECRET_NAME}" - if [[ -n "${ARTIFACTORY_USERNAME}" && -n "${ARTIFACTORY_TOKEN}" ]]; then - export SECRET_VALUE="{\"username\":\"${ARTIFACTORY_USERNAME}\",\"password\":\"${ARTIFACTORY_TOKEN}\"}" + if [[ -n "${ARTIFACTORY_USERNAME}" && -n "${ARTIFACTORY_TOKEN}" ]]; then + export SECRET_VALUE="{\"username\":\"${ARTIFACTORY_USERNAME}\",\"password\":\"${ARTIFACTORY_TOKEN}\"}" - aws configure set aws_access_key_id ${SM_AWS_ACCESS_KEY_ID} - aws configure set aws_secret_access_key ${SM_AWS_SECRET_ACCESS_KEY} - aws configure set default.region $SM_AWS_REGION - export AWS_REGION=$SM_AWS_REGION - aws configure list - set +e +o pipefail - aws secretsmanager delete-secret --force-delete-without-recovery --secret-id ${CUSTOMIZATION_ARCHIVE_SECRET_NAME} --region $SM_AWS_REGION --output json 2> /dev/null - aws secretsmanager describe-secret --secret-id ${CUSTOMIZATION_ARCHIVE_SECRET_NAME} --region $SM_AWS_REGION --output json 2> /dev/null - aws secretsmanager create-secret --name ${CUSTOMIZATION_ARCHIVE_SECRET_NAME} --region $SM_AWS_REGION --secret-string "${SECRET_VALUE}" || exit 1 + aws configure set aws_access_key_id ${SM_AWS_ACCESS_KEY_ID} + aws configure set aws_secret_access_key ${SM_AWS_SECRET_ACCESS_KEY} + aws configure set default.region $SM_AWS_REGION + export AWS_REGION=$SM_AWS_REGION + aws configure list + set +e +o pipefail + aws secretsmanager delete-secret --force-delete-without-recovery --secret-id ${CUSTOMIZATION_ARCHIVE_SECRET_NAME} --region $SM_AWS_REGION --output json 2> /dev/null + aws secretsmanager describe-secret --secret-id ${CUSTOMIZATION_ARCHIVE_SECRET_NAME} --region $SM_AWS_REGION --output json 2> /dev/null + aws secretsmanager create-secret --name ${CUSTOMIZATION_ARCHIVE_SECRET_NAME} --region $SM_AWS_REGION --secret-string "${SECRET_VALUE}" || exit 1 - echo "created AWS secret secret ${CUSTOMIZATION_ARCHIVE_SECRET_NAME} with value ${SECRET_VALUE:0:6} in region $SM_AWS_REGION" - set -e -o pipefail - else - echo "gitops-mas-initiator: ARTIFACTORY_USERNAME and/or ARTIFACTORY_TOKEN not set, exit with error" - exit 1 - fi + echo "created AWS secret secret ${CUSTOMIZATION_ARCHIVE_SECRET_NAME} with value ${SECRET_VALUE:0:6} in region $SM_AWS_REGION" + set -e -o pipefail + else + echo "gitops-mas-initiator: ARTIFACTORY_USERNAME and/or ARTIFACTORY_TOKEN not set, exit with error" + exit 1 + fi - done + done - fi - # Update the app channels in the mas-apps-params.yaml. - if [ -n $MAS_APP_CHANNEL_ASSIST ]; then - yq -i '(. | select(has("assist")) | .assist.app_channel) = env(MAS_APP_CHANNEL_ASSIST)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml - # Assist not supported in v8 due to no CP4D WD support - if [[ "$MAS_APP_CHANNEL_ASSIST" =~ ^8\. ]]; then - yq -i 'del(.assist)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml - echo "gitops-mas-initiator: removed .assist node" - yq -i '.launchfvt.assist = false' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-fvt-params.yaml - echo "gitops-mas-initiator: set .launchfvt.assist to false" fi - fi - if [ -n $MAS_APP_CHANNEL_FACILITIES ]; then - yq -i '(. | select(has("facilities")) | .facilities.app_channel) = env(MAS_APP_CHANNEL_FACILITIES)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml - fi - if [ -n $MAS_APP_CHANNEL_IOT ]; then - yq -i '(. | select(has("iot")) | .iot.app_channel) = env(MAS_APP_CHANNEL_IOT)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml - fi - if [ -n $MAS_APP_CHANNEL_MANAGE ]; then - yq -i '(. | select(has("manage")) | .manage.app_channel) = env(MAS_APP_CHANNEL_MANAGE)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml - fi - if [ -n $MAS_APP_CHANNEL_MONITOR ]; then - yq -i '(. | select(has("monitor")) | .monitor.app_channel) = env(MAS_APP_CHANNEL_MONITOR)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml - fi - if [ -n $MAS_APP_CHANNEL_OPTIMIZER ]; then - yq -i '(. | select(has("optimizer")) | .optimizer.app_channel) = env(MAS_APP_CHANNEL_OPTIMIZER)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml - fi - if [ -n $MAS_APP_CHANNEL_PREDICT ]; then - yq -i '(. | select(has("predict")) | .predict.app_channel) = env(MAS_APP_CHANNEL_PREDICT)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml - fi - if [ -n $MAS_APP_CHANNEL_VISUALINSPECTION ]; then - yq -i '(. | select(has("visualinspection")) | .visualinspection.app_channel) = env(MAS_APP_CHANNEL_VISUALINSPECTION)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml + # Update the app channels in the mas-apps-params.yaml. + if [ -n $MAS_APP_CHANNEL_ASSIST ]; then + echo "MAS_APP_CHANNEL_ASSIST found" + yq -i '(. | select(has("assist")) | .assist.app_channel) = env(MAS_APP_CHANNEL_ASSIST)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml + # Assist not supported in v8 due to no CP4D WD support + if [[ "$MAS_APP_CHANNEL_ASSIST" =~ ^8\. ]]; then + yq -i 'del(.assist)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml + echo "gitops-mas-initiator: removed .assist node" + yq -i '.launchfvt.assist = false' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-fvt-params.yaml + echo "gitops-mas-initiator: set .launchfvt.assist to false" + fi + fi + + if [ -n $MAS_APP_CHANNEL_FACILITIES ]; then + echo "MAS_APP_CHANNEL_FACILITIES found" + yq -i '(. | select(has("facilities")) | .facilities.app_channel) = env(MAS_APP_CHANNEL_FACILITIES)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml + fi + if [ -n $MAS_APP_CHANNEL_IOT ]; then + echo "MAS_APP_CHANNEL_IOT found" + yq -i '(. | select(has("iot")) | .iot.app_channel) = env(MAS_APP_CHANNEL_IOT)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml + fi + if [ -n $MAS_APP_CHANNEL_MANAGE ]; then + echo "MAS_APP_CHANNEL_MANAGE found" + yq -i '(. | select(has("manage")) | .manage.app_channel) = env(MAS_APP_CHANNEL_MANAGE)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml + fi + if [ -n $MAS_APP_CHANNEL_MONITOR ]; then + echo "MAS_APP_CHANNEL_MONITOR found" + yq -i '(. | select(has("monitor")) | .monitor.app_channel) = env(MAS_APP_CHANNEL_MONITOR)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml + fi + if [ -n $MAS_APP_CHANNEL_OPTIMIZER ]; then + echo "MAS_APP_CHANNEL_OPTIMIZER found" + yq -i '(. | select(has("optimizer")) | .optimizer.app_channel) = env(MAS_APP_CHANNEL_OPTIMIZER)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml + fi + if [ -n $MAS_APP_CHANNEL_PREDICT ]; then + echo "MAS_APP_CHANNEL_PREDICT found" + yq -i '(. | select(has("predict")) | .predict.app_channel) = env(MAS_APP_CHANNEL_PREDICT)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml + fi + if [ -n $MAS_APP_CHANNEL_VISUALINSPECTION ]; then + echo "MAS_APP_CHANNEL_VISUALINSPECTION found" + yq -i '(. | select(has("visualinspection")) | .visualinspection.app_channel) = env(MAS_APP_CHANNEL_VISUALINSPECTION)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml + fi + # Update the cli_version and ansible_fvt ansible version if mas_fvt_params exists + if [ -f $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-fvt-params.yaml ]; then + echo "MAS_INSTANCE_ID mas-fvt-params.yaml found" + yq -i '.fvt.cli_version = env(CLI_VERSION)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-fvt-params.yaml + yq -i '.fvt.ansible_version = env(FVT_ANSIBLE_VERSION)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-fvt-params.yaml + fi fi - # Update the cli_version and ansible_fvt ansible version if mas_fvt_params exists - if [ -f gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-fvt-params.yaml ]; then - yq -i '.fvt.cli_version = env(CLI_VERSION)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-fvt-params.yaml - yq -i '.fvt.ansible_version = env(FVT_ANSIBLE_VERSION)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-fvt-params.yaml + # AIService-specific configurations (only if AISERVICE_INSTANCE_ID is provided) + if [ -n "$AISERVICE_INSTANCE_ID" ]; then + echo "gitops-mas-initiator: Configuring AIService-specific settings for $AISERVICE_INSTANCE_ID" + + # Update AIService app channel if provided + if [ -n "$MAS_APP_CHANNEL_AISERVICE" ] && [ -f "$TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$AISERVICE_INSTANCE_ID/mas-apps-params.yaml" ]; then + yq -i '(. | select(has("aiservice")) | .aiservice.app_channel) = env(MAS_APP_CHANNEL_AISERVICE)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$AISERVICE_INSTANCE_ID/mas-apps-params.yaml + echo "gitops-mas-initiator: Updated AIService channel to $MAS_APP_CHANNEL_AISERVICE" + fi + + # Update the cli_version and ansible_fvt version if mas_fvt_params exists for AIService + if [ -f "$TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$AISERVICE_INSTANCE_ID/mas-fvt-params.yaml" ]; then + if [ -n "$CLI_VERSION" ]; then + yq -i '.fvt.cli_version = env(CLI_VERSION)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$AISERVICE_INSTANCE_ID/mas-fvt-params.yaml + fi + if [ -n "$FVT_ANSIBLE_VERSION" ]; then + yq -i '.fvt.ansible_version = env(FVT_ANSIBLE_VERSION)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$AISERVICE_INSTANCE_ID/mas-fvt-params.yaml + fi + fi fi # Check if CENTRALISED_SLS is set to true @@ -498,10 +601,14 @@ spec: process_j2_files "$TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/icn" # Now extract ICN and SAAS_SUB_ID from sls.sls_service parameter - SLS_SERVICE=$(yq '.sls.sls_service // ""' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-instance-params.yaml) - + if [[ "${IS_GITOPS_FVT_ENV}" == true ]] && [ -n "$AISERVICE_INSTANCE_ID" ]; then + SLS_SERVICE=$(yq '.sls.sls_service // ""' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$AISERVICE_INSTANCE_ID/aiservice-params.yaml) + else + SLS_SERVICE=$(yq '.sls.sls_service // ""' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-instance-params.yaml) + fi + if [ -z "$SLS_SERVICE" ]; then - echo "Error: CENTRALISED_SLS is true but no SLS service reference found in mas-instance-params.yaml" >&2 + echo "Error: CENTRALISED_SLS is true but no SLS service reference found in either mas-instance-params.yaml or aiservice-params.yaml" >&2 exit 1 fi diff --git a/tekton/src/tasks/gitops/gitops-mongo.yml.j2 b/tekton/src/tasks/gitops/gitops-mongo.yml.j2 index 79c8551ab9e..473923915b0 100644 --- a/tekton/src/tasks/gitops/gitops-mongo.yml.j2 +++ b/tekton/src/tasks/gitops/gitops-mongo.yml.j2 @@ -99,7 +99,7 @@ spec: - /bin/sh - -c name: gitops-mongo - imagePullPolicy: IfNotPresent + imagePullPolicy: Always image: quay.io/ibmmas/cli:latest workspaces: - name: configs diff --git a/tekton/src/tasks/gitops/gitops-odh.yml.j2 b/tekton/src/tasks/gitops/gitops-odh.yml.j2 index 444ba7d4803..3d400793d9a 100644 --- a/tekton/src/tasks/gitops/gitops-odh.yml.j2 +++ b/tekton/src/tasks/gitops/gitops-odh.yml.j2 @@ -24,8 +24,6 @@ spec: type: string - name: secrets_path type: string - - name: aiservice_namespace - type: string - name: avp_aws_secret_region type: string - name: odh_channel @@ -44,13 +42,6 @@ spec: - name: aiservice_storage_ssl type: string default: "true" - - name: aiservice_storage_region - type: string - - name: opendatahub_source - type: string - - name: aiservice_odh_model_deployment_type - type: string - stepTemplate: name: gitops-odh env: @@ -76,8 +67,6 @@ spec: value: $(params.github_repo) - name: SM_AWS_REGION value: $(params.avp_aws_secret_region) - - name: AISERVICE_NAMESPACE - value: $(params.aiservice_namespace) - name: ODH_CHANNEL value: $(params.odh_channel) - name: ODH_INSTALL_PLAN @@ -92,12 +81,6 @@ spec: value: $(params.odh_operator_version) - name: AISERVICE_STORAGE_SSL value: $(params.aiservice_storage_ssl) - - name: AISERVICE_STORAGE_REGION - value: $(params.aiservice_storage_region) - - name: OPENDATAHUB_SOURCE - value: $(params.opendatahub_source) - - name: AISERVICE_ODH_MODEL_DEPLOYMENT_TYPE - value: $(params.aiservice_odh_model_deployment_type) envFrom: - configMapRef: name: environment-properties