Ingress Firewall Operator Automation

README.md

@@ -40,6 +40,7 @@ This repository consists of additional ansible playbooks for the following:
 1. Cluster Resource Override Operator deployment and e2e test run
 1. Deploy MetalLB operator and run e2e
 1. Hypershift Agent based installation
+1. Deploy Ingress Firewall Operator and run e2e.
 
 ## Assumptions:
 

examples/all.yaml

@@ -423,3 +423,16 @@ db_volume_size: "10Gi"
 fs_volume_size: "100Gi"
 iso_url: ""
 root_fs_url: ""
+
+# ocp-ingress-firewall-operator vars
+ingress_enabled: false            #set to true for ingress firewall operator installation
+ingress_catalogsource_image: ""   #quay.io/openshift-qe-optional-operators/aosqe-index:v4.17
+ingress_catalogsource_name: ""       #qe-app-registry
+ingress_namespace: ""                   #openshift-ingress-node-firewall
+ingress_directory: "/tmp/ingress"
+ingress_go_tarball: https://dl.google.com/go/go1.22.1.linux-ppc64le.tar.gz
+ingress_e2e: true
+ingress_e2e_github_repo: "https://github.com/openshift/openshift-tests-private"
+ingress_e2e_github_branch: "master"
+ingress_github_username: ""
+ingress_github_token: ""

examples/ocp_ingress_vars.yaml

@@ -0,0 +1,14 @@
+---
+#ocp-ingress vars
+
+ingress_enabled: false            #set to true for ingress firewall operator installation
+ingress_catalogsource_image: ""   #quay.io/openshift-qe-optional-operators/aosqe-index:v4.17
+ingress_catalogsource_name: ""       #qe-app-registry
+ingress_namespace: ""                   #openshift-ingress-node-firewall
+ingress_directory: "/tmp/ingress"
+ingress_go_tarball: "https://dl.google.com/go/go1.22.1.linux-ppc64le.tar.gz"
+ingress_e2e: false
+ingress_e2e_github_repo: ""
+ingress_e2e_github_branch: "master"
+ingress_github_username: ""
+ingress_github_token: ""

playbooks/main.yml

@@ -123,3 +123,6 @@
   when: >
         (hypershift_agent_install is defined and hypershift_agent_install) or
         (hypershift_agent_destroy is defined and hypershift_agent_destroy)
+
+- import_playbook: ocp-ingress-firewall-operator.yml
+  when: ingress_enabled is defined and ingress_enabled

playbooks/ocp-ingress-firewall-operator.yml

@@ -0,0 +1,5 @@
+---
+- name: Automate ingress firewall operator in OpenShift
+  hosts: bastion 
+  roles:
+  - ocp-ingress-firewall-operator

playbooks/roles/ocp-ingress-firewall-operator/README.md

@@ -0,0 +1,58 @@
+ocp-ingress-firewall-operator
+=========
+
+This role is used to deploy Ingress Firewall Operator in a OCP cluster .
+
+This playbook has two modules:
+Installation of the Ingress Firewall Operator.
+Running the end to end tests for Ingress Firewall Operator.
+
+Requirements
+------------
+
+- Access to the cluster as a user with the cluster-admin role.
+- The cluster is in a known good state, without any errors.
+- OCP secret with name ***podman-secret*** in the default namespace which is used for global secret update and has following keys: ***username***, ***password*** and ***registry***
+
+Role Variables
+--------------
+
+Role Variables
+--------------
+| Variable                       | Required | Default     | Comments                                       |
+|--------------------------------|----------|-------------|------------------------------------------------|
+| ingress_enabled             | no       |    false    | Set it to true to run this playbook            |
+| ingress_directory           | no       | `/tmp/ingress` | Working directory for ingress operator         |
+| ingress_catalogsource_image | no       |             | Catlog source index image.  |
+| ingress_catalogsource_name | no       |             | Catlog source index name.  |
+| ingress_namespace | no       |             | Namespace for deploying ingress operator |
+| ingress_e2e                 | no       |    false    | Set it true for running e2e tests              |
+| ingress_e2e_github_repo     | no       |     ""      | github repository for running e2e tests        |
+| ingress_e2e_github_branch   | no       |    master   | github repository branch for running e2e tests |
+| ingress_go_tarball          | no       | https://go.dev/dl/go1.22.4.linux-ppc64le.tar.gz | HTTPS URL for golang tarball |
+| ingress_github_username     | no       |     ""      | Github username                                |
+| ingress_github_token        | no       |     ""      | Github token                                   |
+
+Dependencies
+------------
+
+- To run e2e test cases, it requires access to the openshift-test-private repository.
+
+Example Playbook
+----------------
+
+```
+  - name: Deploy ingress firewall operator in OpenShift
+    include_role:
+      name: ocp-ingress-firewall-operator
+```
+
+License
+-------
+
+See LICENCE.txt
+
+Author Information
+------------------
+
+[email protected]

playbooks/roles/ocp-ingress-firewall-operator/default/main.yaml

@@ -0,0 +1,13 @@
+#ocp-lso vars
+
+ingress_enabled: true            #set to true for ingress firewall operator installation
+ingress_catalogsource_image: "quay.io/openshift-qe-optional-operators/aosqe-index:v4.17"   #quay.io/openshift-qe-optional-operators/aosqe-index:v4.17
+ingress_catalogsource_name: "qe-app-registry"       #qe-app-registry
+ingress_namespace: "openshift-ingress-node-firewall"                   #openshift-ingress-node-firewall
+ingress_directory: "/tmp/ingress"
+ingress_go_tarball: https://dl.google.com/go/go1.22.1.linux-ppc64le.tar.gz
+ingress_e2e: true
+ingress_e2e_github_repo: "https://github.com/openshift/openshift-tests-private"
+ingress_e2e_github_branch: "master"
+ingress_github_username: ""
+ingress_github_token: ""

playbooks/roles/ocp-ingress-firewall-operator/files/run-e2e.sh

@@ -0,0 +1,16 @@
+re_run_count=0
+max_re_runs=1
+echo -e "\ne2e summary:" > $INGRESS_WORKDIR/e2e-summary.txt
+cat "${INGRESS_WORKDIR}/e2e-output.txt" | tail -n 1 >> $INGRESS_WORKDIR/e2e-summary.txt
+sed -e 's/\"/\\"/g;s/.*/\"&\"/' "${INGRESS_WORKDIR}/e2e-output.txt" | awk '/Failing tests:/,EOF' | tail -n +3 | head -n -2 > $INGRESS_WORKDIR/failed_tests.txt
+while [ $re_run_count -lt $max_re_runs ] && [ "0" -ne "$(wc -l < "${INGRESS_WORKDIR}/failed_tests.txt")" ]
+do
+    re_run_count=$(( $re_run_count + 1 ))
+    ./bin/extended-platform-tests run -f $INGRESS_WORKDIR/failed_tests.txt -o $INGRESS_WORKDIR/e2e-re-run-output-${re_run_count}.txt
+    sed -e 's/\"/\\"/g;s/.*/\"&\"/' "${INGRESS_WORKDIR}/e2e-re-run-output-${re_run_count}.txt" | awk '/Failing tests:/,EOF' | tail -n +3 | head -n -2 > $INGRESS_WORKDIR/failed_tests.txt
+done
+if [  $re_run_count -ne 0 ]; then
+  echo -e "\n\ne2e summary after re-running:" >> $INGRESS_WORKDIR/e2e-summary.txt
+  cat $INGRESS_WORKDIR/failed_tests.txt >> $INGRESS_WORKDIR/e2e-summary.txt
+  cat "${INGRESS_WORKDIR}/e2e-re-run-output-${re_run_count}.txt" | tail -n 2 >> $INGRESS_WORKDIR/e2e-summary.txt
+fi