From acacf77fce357095d147a3bd78bf91ef5e8fca4d Mon Sep 17 00:00:00 2001
From: David Parker <parkerda@uk.ibm.com>
Date: Fri, 24 Nov 2023 19:13:14 +0000
Subject: [PATCH] [patch] Fixes and tweaks for better Red Hat content mirroring
 (#1115)

---
 .../tasks/actions/to-filesystem.yml           |  2 +-
 .../templates/imagesetconfiguration.yml.j2    | 22 ++++----
 ibm/mas_devops/roles/nvidia_gpu/README.md     |  2 +-
 .../templates/redhat-catalogs.yml.j2          | 56 +++++++++++--------
 4 files changed, 47 insertions(+), 35 deletions(-)

diff --git a/ibm/mas_devops/roles/mirror_ocp/tasks/actions/to-filesystem.yml b/ibm/mas_devops/roles/mirror_ocp/tasks/actions/to-filesystem.yml
index c11bc7fae..6d0d69ea0 100644
--- a/ibm/mas_devops/roles/mirror_ocp/tasks/actions/to-filesystem.yml
+++ b/ibm/mas_devops/roles/mirror_ocp/tasks/actions/to-filesystem.yml
@@ -25,4 +25,4 @@
 
 - name: "Mirror Red Hat content from source registry to filesystem"
   shell: >
-    DOCKER_CONFIG={{ mirror_working_dir }} oc mirror --config={{ mirror_working_dir }}/imageset-ocp{{ ocp_release }}.yml file:///{{ mirror_working_dir }} &> {{ mirror_working_dir }}/logs/mirror-ocp{{ ocp_release }}.log
+    DOCKER_CONFIG={{ mirror_working_dir }} oc mirror --config={{ mirror_working_dir }}/imageset-ocp{{ ocp_release }}.yml file:///{{ mirror_working_dir }} &> {{ mirror_working_dir }}/logs/mirror-to-filesystem-ocp{{ ocp_release }}.log
diff --git a/ibm/mas_devops/roles/mirror_ocp/templates/imagesetconfiguration.yml.j2 b/ibm/mas_devops/roles/mirror_ocp/templates/imagesetconfiguration.yml.j2
index abdbbcb07..78bd616aa 100644
--- a/ibm/mas_devops/roles/mirror_ocp/templates/imagesetconfiguration.yml.j2
+++ b/ibm/mas_devops/roles/mirror_ocp/templates/imagesetconfiguration.yml.j2
@@ -25,11 +25,11 @@ mirror:
           channels:
             - name: v5
         - name: gpu-operator-certified  # Required by ibm.mas_devops.nvidia_gpu role
-        # - name: kubeturbo-certified  # Required by ibm.mas_devops.kubeturbo role
-        #   OCI images are not supported by oc image mirror
-        #   https://access.redhat.com/solutions/6997884
-        #   https://issues.redhat.com/browse/CFE-780
-        #   OCI index found, but accept header does not support OCI indexes
+          channels:
+            - name: v23.3
+        - name: kubeturbo-certified  # Required by ibm.mas_devops.kubeturbo role
+          channels:
+            - name: stable
 
     # community-operators
     - catalog: registry.redhat.io/redhat/community-operator-index:v{{ ocp_release }}
@@ -37,12 +37,12 @@ mirror:
         - name: grafana-operator  #  Required by ibm.mas_devops.cluster_monitoring role
           channels:
             - name: v4
-    #   - name: opentelemetry-operator  # Required by ibm.mas_devops.cluster_monitoring role
-
-    #   OCI images are not supported by oc image mirror
-    #   https://access.redhat.com/solutions/6997884
-    #   https://issues.redhat.com/browse/CFE-780
-    #   OCI index found, but accept header does not support OCI indexes
+        - name: opentelemetry-operator  # Required by ibm.mas_devops.cluster_monitoring role
+          channels:
+            - name: alpha
+        - name: strimzi-kafka-operator  #  Required by ibm.mas_devops.kafka role
+          channels:
+            - name: stable
 
     # redhat-operators
     - catalog: registry.redhat.io/redhat/redhat-operator-index:v{{ ocp_release }}
diff --git a/ibm/mas_devops/roles/nvidia_gpu/README.md b/ibm/mas_devops/roles/nvidia_gpu/README.md
index 0693394d0..d8aeb4252 100644
--- a/ibm/mas_devops/roles/nvidia_gpu/README.md
+++ b/ibm/mas_devops/roles/nvidia_gpu/README.md
@@ -29,7 +29,7 @@ The namespace where the NVIDIA GPU operator will be deployed. For version 1.8.x,
 The channel to subscribe to for the gpu operator installation and updates. Available channels may be found in the package manifest of gpu-operator-certified operator in openshift.
 
 - Environment Variable: `GPU_CHANNEL`
-- Default Value: `v1.11`
+- Default Value: `v23.3`
 
 ### gpu_driver_version
 The gpu driver version image that needs to be pulled from the gpu driver repository. It is recommended that the right version of GPU driver is used depending on the OS version. The default versions are shown below. See the attached links for more information and to decide which driver version to use.
diff --git a/ibm/mas_devops/roles/ocp_contentsourcepolicy/templates/redhat-catalogs.yml.j2 b/ibm/mas_devops/roles/ocp_contentsourcepolicy/templates/redhat-catalogs.yml.j2
index fab64409e..7ef6bef79 100644
--- a/ibm/mas_devops/roles/ocp_contentsourcepolicy/templates/redhat-catalogs.yml.j2
+++ b/ibm/mas_devops/roles/ocp_contentsourcepolicy/templates/redhat-catalogs.yml.j2
@@ -40,51 +40,63 @@ metadata:
     operators.openshift.org/catalog: "true"
 spec:
   repositoryDigestMirrors:
+  - mirrors:
+    - {{ registry_private_url }}/cpopen
+    source: icr.io/cpopen
+  - mirrors:
+    - {{ registry_private_url }}/rhel8
+    source: registry.redhat.io/rhel8
   - mirrors:
     - {{ registry_private_url }}/crunchydata
     source: registry.connect.redhat.com/crunchydata
   - mirrors:
-    - {{ registry_private_url }}/kubebuilder
-    source: gcr.io/kubebuilder
+    - {{ registry_private_url }}/nvidia
+    source: registry.connect.redhat.com/nvidia
   - mirrors:
-    - {{ registry_private_url }}/amq-streams
-    source: registry.redhat.io/amq-streams
+    - {{ registry_private_url }}/grafana-operator
+    source: quay.io/grafana-operator
+  - mirrors:
+    - {{ registry_private_url }}/open-telemetry
+    source: ghcr.io/open-telemetry
+  - mirrors:
+    - {{ registry_private_url }}/source-to-image
+    source: registry.redhat.io/source-to-image
+  - mirrors:
+    - {{ registry_private_url }}/odf4
+    source: registry.redhat.io/odf4
+  - mirrors:
+    - {{ registry_private_url }}/operator-pipeline-prod
+    source: quay.io/operator-pipeline-prod
+  - mirrors:
+    - {{ registry_private_url }}/strimzi
+    source: quay.io/strimzi
   - mirrors:
     - {{ registry_private_url }}/rhceph
     source: registry.redhat.io/rhceph
+  - mirrors:
+    - {{ registry_private_url }}/amq-streams
+    source: registry.redhat.io/amq-streams
   - mirrors:
     - {{ registry_private_url }}/nvidia
     source: nvcr.io/nvidia
   - mirrors:
     - {{ registry_private_url }}/openshift4
     source: registry.redhat.io/openshift4
-  - mirrors:
-    - {{ registry_private_url }}/openshift-pipelines
-    source: registry.redhat.io/openshift-pipelines
-  - mirrors:
-    - {{ registry_private_url }}/operator-pipeline-prod
-    source: quay.io/operator-pipeline-prod
   - mirrors:
     - {{ registry_private_url }}/openshift-community-operators
     source: quay.io/openshift-community-operators
   - mirrors:
-    - {{ registry_private_url }}/grafana-operator
-    source: quay.io/grafana-operator
+    - {{ registry_private_url }}/kubebuilder
+    source: gcr.io/kubebuilder
   - mirrors:
     - {{ registry_private_url }}/ubi8
     source: registry.redhat.io/ubi8
   - mirrors:
-    - {{ registry_private_url }}/ocp-tools-4-tech-preview
-    source: registry.redhat.io/ocp-tools-4-tech-preview
+    - {{ registry_private_url }}/openshift-pipelines
+    source: registry.redhat.io/openshift-pipelines
   - mirrors:
     - {{ registry_private_url }}/openshift-serverless-1
     source: registry.redhat.io/openshift-serverless-1
   - mirrors:
-    - {{ registry_private_url }}/odf4
-    source: registry.redhat.io/odf4
-  - mirrors:
-    - {{ registry_private_url }}/rhel8
-    source: registry.redhat.io/rhel8
-  - mirrors:
-    - {{ registry_private_url }}/nvidia
-    source: registry.connect.redhat.com/nvidia
+    - {{ registry_private_url }}/turbonomic
+    source: registry.connect.redhat.com/turbonomic