* Move the SNMP trap delivery checks

Move the SNMP trap delivery checks as where they are situated now seems
to cause false positives. Moves the checks closer to the end of the
smoketest run seems to result in a better change that the logs the check
is looking for have been provided.

* Use a loop to check for SNMP status with break and max time

This reverts commit af35714.

* Make all certs 8yr expiry
* Use certificate_duration and test against generated cert
* Better messages during CI cloning

* Expand support for OCP 4.11

Allow installation to be done on OCP 4.11 while updating the smoketest
jobs to support later versions of the client. Also migrate to using
community-operators CatalogSource instead of OperatorHub.io. Only enable
community-operators when the use_community strategy is enabled.

Update the token request syntax when requesting a service account token.
Add checks to look for oc client version and fail if we're using a
version that's too old.

* Make passwords safer in smoketest job template

Encapsulate the password values with double quotes to help make them
safer for consumption in the template. I had an odd situation where the
password contained a bunch of extended characters and caused the
smoketest to report an error on the template having an issue with yaml
to json.

The password contained several characters such as . and : which confused
the template. Wrapping the contents in the double quotes allowed the
smoketest to apply the job.batch template and result in a working
smoketest run.

* Replacing the placeholder namespace during the build results in a "there are local changes" error on next build
* This forces the checkout to discard that (and other!?) local changes
* Quicker dev/test loop

* Update oc to 4.11 in jenkins agent

Need 4.11 for new token handling changes

Remove the OperatorHub.io CatalogSource and instead use the
community-operators CatalogSource which is available with an OCP
installation. Ideally this will avoid some of the conflicts we've been
seeing in our CI environment. This is a short term fix as future
development will likely make use of Observability Operator to provide
the metrics data store and alert delivery mechanism.

* Catalog changes
* CI change to pre-clean cert-manager-operator
  * not 100% sure this is 4.12 related, but it's new and first seen during testing 4.12

* Remove Loki from stf-run-ci

* Return "Get new operator sdk" to stf-run-ci

The GitHub Actions checkout action v2 is deprecated and needs to move to
version 3.

* Implement SNMPtrap delivery controls

Implement ability to override the default values for the SNMPtrap
alertmanager receiver via prometheus-webhook-snmp component.

Closes: STF-559

* Run operator-sdk generate bundle

Run the following command to update the bundle artifacts:

operator-sdk-0.19.4 generate bundle   --metadata   --manifests   --channels unstable   --default-channel unstable

* Build out the remaining SNMP options

Build out the remaining options for prometheus-webhook-snmp to allow for
finer grained controls and delivery of SNMP traps via alertmanager
alerts.

* Generate bundle contents with operator-sdk

* Implement changes for operator-sdk-1.26.0 testing

Implement changes that allow testing validation via operator-sdk-1.26.0
without bumping the entire bundle generation process from
operator-sdk-0.19.4 to post-operator-sdk-1.x.

These are the same tests run for validation during product pipeline
verification.

* Adds test to verify building of the bundle image works.
* Adds KinD deployment to allow executing scorecard checks.

Related: STF-1252

* Fix properties.yaml

* Simplify use of RELEASE_VERSION variable (#412)

* Add note about why we're copying files in

* Adds duration param for CA and endpoint certs

Replaces certificate_duration for ca_certificate_duration
and endpoint_certificate_duration. Set default value for those
to 70080h (previous value)

Removes the certificate_duration param from the Issuer
resource since it's not actually needed (see [0])

[0] https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.IssuerConfig

* Exposes CA and endpoint certificate duration config

Exposes certificate duration config for both ElasticSearch
and QDR

Keeps the default value in use for now. Better default values
should be discussed to be included in a follow up change.

* Fix identation for certs duration param in servicetelemetry crd

* Adds cert duration to the OLM catalog

Includes cert duration params in the OLM catalog
for both ElasticSearch and QDR

* Changes snake_case to camelCase to yaml case

Fix to match style convention

* Adds pattern expresion for certs duration

* Add certificates param to events and transport

* Exposes duration parameter in the CI script

Adds the duration parameter for both ElasticSearch and QDR
in the CI script

Also updates the OLM Catalog with the latest changes (certificates object)

* Corrects naming to certificates params in CI script

* Fix snake cae in the CI script params for cert duration

* Fix identation for transports in the deploy_stf CI script

---------

Co-authored-by: Chris Sibbitt <csibbitt@redhat.com>

* Fix PROMETHEUS_K8S_TOKEN to account for oc version mismatch

* Fix to use correct variable name in test

* Move to newest oauth-proxy container

* Move to bcrypt for htpasswd

* Up/Downstream image handling for new oauth-proxy container

* Skip broken ansible lint for htpasswd

* Hack to add EPEL in upstream builds

…ion (#402)

* [jenkins] Add custom context labels for github build status notification

Multiple jenkins deployment can now be run and report their build
status separately instead of both reporting to the same
``continuous-integration/jenkins/pr-merge`` and overriding each other.

There is now ``continuous-integration/jenkins/ocp-<OCP_VERSION>/pr-merge``
NOTE: the OCP_VERSION is hardcoded at the moment

https://github.com/jenkinsci/github-scm-trait-notification-context-plugin

* [jenkins] Make the build status label configurable

Added the OCP_VERSION var to the casc-configmap.yaml, so that the
correct label can be set for the jobs

---------

Co-authored-by: Chris Sibbitt <csibbitt@redhat.com>

Default to Observability Operator for Prometheus & Alertmanager

- Adds two options to observability_strategy:
  * use_redhat (OBO Only)
  * use_hybrid (OBO + friends)
- Default to redhat supported components in deployment
- Use upstream source for ObO in CI
- Added sensubility to deployment validation
- Added required RBAC for OBO usage
-When no explicit observability_strategy is set:
  * Existing STF objects get an explicit "use_community" added
  * New STF objects get the default ("use_redhat") explicitly added
- Narrow the scope of the smoke test (#422)

Co-authored-by: Leif Madsen <lmadsen@redhat.com>

* Use stable-v1 cert-manager in CI for OCP >= 4.12

* Currently we are installing :latest
* We and OBO currently install v2.43.0
* This will mitigate any potential for a prometheus roll-back
* We will remove the pin in STF 1.5.5 after migration to OBO is complete

* The check for a missing observabilityStrategy was faulty
* STF object would be updated to `observabilityStrategy: use_community`
  any time there was a community Prometheus deployed

Allow bundle deployments to happen from unauthorized container
repositories.

* Manage Operator dependencies with properties.yaml

Use the properties.yaml to manage the packages we require when deploying
Service Telemetry Operator. Allows us to reference the Operator name
(which you can find via 'oc get packagemanifests' and reviewing the
packageName value of the packagemanifest (which should just match the
name listed in the oc get packagemanifests output).

Constraints allow the use of versions as well, setting a target of >=
the current version(ish).

Per
https://olm.operatorframework.io/docs/concepts/olm-architecture/dependency-resolution/#nested-compound-constraints:

> A nested compound constraint, one that contains at least one child
compound constraint along with zero or more simple constraints, is
evaluated from the bottom up following the procedures described for each
above.

For Prometheus, we set our ordered list from bottom to top, with a
preference for Observability Operator, followed by RHODS Prometheus
Operator, and finally Prometheus Operator from the Community Catalog.

Closes: STF-1356

* Move smart-gateway-operator dependency to properties.yaml

* Update deploy/olm-catalog/service-telemetry-operator/metadata/properties.yaml

Co-authored-by: Chris Sibbitt <csibbitt@redhat.com>

* Add index-based deployment method to stf-run-ci (#428)

* Create bundle and index builds for OLM deployment

Create bundle images using BuildConfigs through the internal registry
after generating contents using generate_bundles. Create a file-based
index image from the bundles created and available from the internal
registry.

Deploy STF using a local CatalogSource that references the internal
index image which allows OLM to stand up dependencies using
properties.yaml within the Service Teleletry Operator metadata. Skips
over pre-deployment artifacts and uses only data available via
CatalogSource for dependency validation.

* Add bundle builds to stf-run-ci for index-based deployments

Initial working code to allow bundle builds to be created in support of
index-based (CatalogSource) deployments of STF using local builds.

Updates the create_builds.yml logic so that it allows deployments to
proceed when builds have already been created. If local builds are
enabled then if BuildConfigs have already been created, then the role
will lookup the latest Build object and set the internal image path so
that the deployment can continue. Primary function is for iterative
development.

Stubbed out functionality to start creating the index image is
available, but still needs to be developed fully.

* Update generate_bundle.sh to return a JSON map

Update generate_bundle.sh to return a JSON map so that it can be
consumed by Ansible in stf-run-ci.

* Working development for index-based deployment

Completed the initial implementation of a local bundle build and
index-image created from bundle images. Generated via opm and loaded in
a CatalogSource that allows stf-run-ci to Subscribe to the
service-telemetry-operator package.

Created to allow testing of the properties.yaml now included in Service
Telemetry Operator to allow dependencies to be resolved without
pre-Subscribing to the Operators.

Closes: STF-1362

* Test and Tune

- clean up some ordering of object creation
- update index name in a couple of spots (service-telemetry-framework vs
  service-telemetry-operator)
- more checks to allow better idempotency when running stf-run-ci
  multiple times
- create CatalogSource
- syntax error on a couple of plays
- add some more clean up to make re-running deployments without full
  artifact builds possible
- always need OperatorGroup from CLI... had a check because testing was
  done from UI incorrectly

* Fix syntax error for pre-Subscription

* Remove unused template file

* Move OCP version lookup to top of plays (#433)

* Make debug output of generate_bundle consistent

* Clean up block usage for BuildConfig creation

* Set operator base image and tag as parameters

* Fix typo in annotation

* Add check if index and bundle deploys both enabled (#438)

Add a fail check to make sure we're not deploying from both index images
and bundle images at the same time.

* Drop rhods-prometheus-operator from satisfying STO

Don't allow rhods-prometheus-operator package to satisfy for
installation of Service Telemetry Operator as it is expected to go away.

---------

Co-authored-by: Chris Sibbitt <csibbitt@redhat.com>

The SNMP_TIMEOUT environment variable in the manifest_snmp_traps.j2
template for Service Telemetry Operator uses the wrong parameter,
passing port instead of timeout value to the template.

This change updates the template to use the appropriate parameter as
input.

Closes: rhbz#2213016

* Support External Elasticsearch

* Deprecate existing STF-deployed ES
* New CRD properties for external ES
* Adjust SG and Grafana to use new vars

* Fix servicetelemetry_vars in grafana ds

* Fix grafana and event SG conditions

* Fixed ansible snake_case vs camelCase and s/ElasticS/Elastics/

* Correct apiVersion

* Swap [] for () in CRD

* regenerated olm-catalog content

* Set default TLS server name from URL

* Fix observability_strategy: none

* More fixes to observability_strategy: none

* Move new vars into a "forwarding" section and remove the ext_

* Updates to CRD/CR for variable refactor

* Move tls_server_name logic into a task for clarity

* Fixing lint

* Update deprecation comments

* Update deprecation comments in the OLM manifests

* Make hostUrl defaults match legacy for easy migration

* Fix bug with supplied user.crt/key not persisting

* Update component_clouds.yml

* Test with "external" elasticsearch

* Strip all ES config except "enable" (for forwarding)
* Create ECK subscription no matter the observability_strategy
* Deploy ES from CI for events testing (Code copied/trimmed from STO)
* Default to use_redhat for CI

* Fixes from testing

* ephemeral volume
* wait for CRD to establish

* Adjust smoketest to always test events

* Test events to external ES in any observability_strategy mode
* We no longer need the smoketest to know the observability_strategy at all

* Update build/stf-run-ci/tasks/setup_elasticsearch.yml

Co-authored-by: Leif Madsen <lmadsen@redhat.com>

* Apply spelling/caps suggestions from code review

---------

Co-authored-by: Leif Madsen <lmadsen@redhat.com>

We recently changed the channel being used to retrieve cert-manager
from "tech-preview" to "stable-v1"

Since we only support tech-preview for up to STF 1.5.2, we should
stick to test using that version

* Fix infinite reconcile loop

Fix a potential infinite reconcile loop when deploying Grafana due to
updated hashing algorithm which changes the hash contents each time the
contents is hashed. Adds a fix which results in skipping the update of
the default-grafana-htpasswd Secret object to avoid the situation.

Also makes a small add to the when clause list for deploying
Elasticsearch so that only when it is enabled are the tasks included.

Closes: STF-1499
Signed-off-by: Leif Madsen <lmadsen@redhat.com>

* Logic change so Secret updates on parameter change

Update the htpasswd secret when the ServiceTelemetry CRD is updated for
a basicAuth password change. Will work with existing deployments, adding
the annotation to an existing secret to get everything aligned.

Signed-off-by: Leif Madsen <lmadsen@redhat.com>

* Syntax and lint fix

* Remove TODO for creating dashboards

Remove TODO for creating dashboards as management of dashboards is
outside the scope of STF.

* Update grafana htpasswd management logic

Update the logic for grafana htpasswd management to no longer use sha256
hashes and instead use bcrypt. Update the logic so that we create the
initial contents of the secret before writing it to the first secret so
that we can avoid a second Secret k8s_info call. Create the secret if it
isn't already created. If it is created, then read the existing salt and
generate a hash with it. Update the secret and the annotation for
grafana deployment. If no changes are found, then the secret and the
annotation will not be updated, resulting in no grafana restart.

NOTE: this commit has debugging logic in it to show how it works.
Following commit removes it and won't be available in future squashed
history. See original pull-request.

* Remove debug logic

* Adjust Ansible play names

---------

Signed-off-by: Leif Madsen <lmadsen@redhat.com>

* Add checks for not set sto and sgo bundle paths

This change adds a check for whether sto and sgo bundle paths
are defined and properly inform the user if they are undefined.

Also sets the nightly builds available in Quay as defaults.

Allow management of Grafana in all observability modes. Grafana
continues to be installed from community operators, but can continue to
be used even when deploying STF in the default observability strategy of
use_redhat.

Closes STF-1500

Signed-off-by: Leif Madsen <lmadsen@redhat.com>

* Add tests/infrared/17.1

Add a new tests/infrared/17.1/ configuration. Add extra hosts file entry
configuration to make it easier to point at an existing OpenShift deployment
(primarily used with stf-verify-containers).

* Sync enable-stf.yaml template to documentation

* Add qdr::router_id configuration

Update template to match documentation for qdr::router_id values in order to
avoid rhbz#2208020

* Additional templating and add extra hosts

Some additional templating and removing ceph from the deployment framework
since STF isn't monitoring ceph going forward. Update templating so that extra
hosts for QDR can be passed at deployment time to provide entries in /etc/hosts
on all the nodes.

Co-authored-by: Eric Nothen <enothen@enothen-thinkpadp1gen4i.muc.csb>
Co-authored-by: Leif Madsen <lmadsen@redhat.com>

* [stf-run-ci] Update vars in README

Update default values
Remove the vars that are no longer used

* Update build/stf-run-ci/README.md

Co-authored-by: Chris Sibbitt <csibbitt@redhat.com>

---------

Co-authored-by: Chris Sibbitt <csibbitt@redhat.com>

…ed (#458)

* Clean up dependency installation in stf-run-ci

Clean up the dependency installation when not using index images (which
installs dependencies via dependencies.yaml). Adjust installation of
cert-manager for versions of OCP 4.10 vs 4.12 and later.

* Move ObO CatalogSource removal to pre-clean stage

Fix a static namespace reference introduced in #455

* [ansible-lint] Use fqcn for modules

* command -> ansible.builtin.command
* debug -> ansible.builtin.debug
* file -> ansible.builtin.file
* k8s -> kubernetes.core.k8s
* k8s_info -> kubernetes.core.k8s_info
* set_fact -> ansible.builtin.set_fact
* shell -> ansible.builtin.shell
* template -> ansible.builtin.template


#455

* Add lint testing for stf-run-ci fqcn (#462)

---------

Co-authored-by: Leif Madsen <lmadsen@redhat.com>

If the CSV doesn't succeed, the task continues indefinitely.
This will cause an infinite loop in CI if there is no timeout on the
job.

Adding in a 10 minute timeout allows the CI job to return a failure
instead of running indefinitely.

* Expose operator_sdk versions used in CI

Currently we use two different versions of the operator_sdk
in our CI. One is being used for building the operator bundles (v0.x)
and the other is being used for deploying with operator bundles (v1.x).

This change makes this fact more explicit across the code and also
enables the possibility of configuring which versions to use.

* Update build/stf-run-ci/tasks/main.yml

* [run-ci] Set gather_facts true

We are using ansible_env, so facts need to be gathered


---------

Co-authored-by: Emma Foley <efoley@redhat.com>

* Remove registry access config tags

Remove "bundle_registry_tls_ca" and "bundle_registry_auth" tags
in favor of "setup_bundle_registry_tls_ca" and
"setup_bundle_registry_auth" config options.

Values for these new options are set to true to keep
backwards compatibility.

* Add bundle registry setup options to README

Adds setup_bundle_registry_tls_ca and setup_bundle_registry_auth
options definitions to the README

---------

Co-authored-by: Emma Foley <efoley@redhat.com>

* use absolute dir for REL
* specify default value for OPERATOR_SDK
* pass a logfile
* use -x for more debug info

* [better_logging][stf-run-ci] Add more output information and logfiles

Update s{t,g}o_bundle_info
Use stdout_lines to get the last line of the output, and from_json to
parse it from json to a dict.
Additional lines of debug in the generate_bundle script will not effect
the value of *_bundle_info

* main: add timeout and logfile for validate deployment
* create_builds: always show output of the build (block/always)
* Show more verbose output on builds
* Always show the build output (block/always)
* Name the tasks to describe what's happening
* smoketest: set -x to see more details
* pass LOGFILE to generate_bundle.sh

* [improve_logging] Add logfile_dir var

* Remove set -x from smoketests

* Update build/generate_bundle.sh

Co-authored-by: Emma Foley <efoley@redhat.com>
Co-authored-by: Leif Madsen <lmadsen@redhat.com>
Co-authored-by: Victoria Martinez de la Cruz <victoria@redhat.com>

* Relax pod admission controls when using a local catalog index

See https://docs.openshift.com/container-platform/4.13/operators/admin/olm-managing-custom-catalogs.html#olm-catalog-sources-and-psa_olm-managing-custom-catalogs

* Fix FQCN lint

When switching from tags to skipping using a bool, the check
``pull_secret is defined`` became invalid.
When a task is skipped, it still returns a value, which is captured with
`register: pull_secret`

The run bundle command was using `pull_secret is defined` to determine
whether to pass the pull-secret arg, and this check was defunct,
since pull_secret is always defined.

The solution for this is to re-set the value back to a 0-length
string, and change the conditional to check the length.

Additionally, the boolean values needed to be explicitly treated
as bools so that the registry setup tasks would be skipped

Because Observability Operator (ObO) is a cluster-scoped Operator, the
OLM dependency management can't resolve the dependency for us. Update
setup_base to pre-install ObO when observabilityStrategy is use_redhat
or use_hybrid, even when when index-based deployment is enabled.

Resolves: STF-1483

Update the README to move the OCP_ROUTE_IP to the top making it easier to not
include it when copying the command (since it needs to be populated manually).
Update the default path contents with an oc command to fill that in
automatically.

* [issue#306] Add missing ClusterRoles

The cluster-monitoring-operator is required for STF to install. It
creates the required alertmanager-main and prometheus-k8s.
ClusterRoles, and STF relies on these being present.
These are not present when using CRC, so ClusterRoles need to be
explicitly created.

The names of the ClusterRoles have been updated, in case there is some
conflict when cluster-monitoring-operator is installed after STF.

This is a workaround for not having cluster-monitoring-operator
installed: #306

resolves #306

* Fix up the RBAC setup for prometheus-stf (#467)

Fix up the RBAC changes to fully get prometheus-stf working and
decoupled from prometheus-k8s. Changes to using a separate
prometheus-stf ClusterRole, ClusterRoleBinding, and ServiceAccount,
along with a Role and RoleBinding, all using prometheus-stf as the
ServiceAccount. Also updates the Alertmanager configuration to use
alertmanager-stf instead of alertmanager-main.

* Fix smoketest to use prometheus-stf for token retrieval

* Refactor smoketest script (#468)

* Refactor smoketest script

Perform a bit of smoketest refactoring and fix up a few bugs.

* Update alert trigger to use startsAt in order to potentially speed up
  delivery of the alerts. Failures in the SNMP_WEBHOOK_STATUS seems to
  be primarily to delayed alert notification through
  prometheus-snmp-webhook.
* Add an alert clean up task as part of the clean up logic at the end.
* Update openssl x509 to not use the -in flag which seems unnecessary
  and on some systems causes a failure.
* Add new SMOKETEST_VERBOSE boolean so local testing can skip massive
  amounts of information dumped to stdout.
* Remove curl pod using label selector for slightly cleaner output.
* Update failure check to combine RET and SNMP_WEBHOOK_STATUS since
  testing seems to show changes are slightly more reliable.

* Show logs from curl

* Remove nodes/metrics permission from ClusterRole

As part of least priviledge work, remove the nodes/metrics permission as
we're not scraping nodes for information. Everything appears to continue
working in STF without this permission.

* Move SCC RBAC from ClusterRole to Role

Working on simplifying and reducing our access scope as much as
possible. It appears moving SCC RBAC from ClusterRole to Role allows
things to continue to work with Prometheus. It's possible further
testing may reveal this will need to reverted.

* Convert alertmanager-stf Role to ClusterRole (#473)

Convert alertmanager-stf Role to ClusterRole as the tokenreviews and
subjectaccessreviews resources need to be accessable at the cluster
scope.

* Create ClusterRoleBinding and Role for alertmanager (#475)

* Create ClusterRoleBinding and Role for alertmanager

Create appropriate ClusterRoleBinding and Role for alertmanager-stf,
breaking out SCC into a Role vs ClusterRole to keep things in alignment
to prometheus-stf RBAC setup.

* Adjust smoketest.sh for SNMP webhook test failures

Adjust the smoketest script to also fail when the SNMP webhook test has
failed. Add a wait condition for the curl pod to complete so logs can be
retrieved.

* Add *RoleBinding rescue capabilities

If changes happen to the ClusterRoleBinding or RoleBinding then
generally the system is not going to allow you to patch the object. Adds
block/rescue logic to remove the existing ClusterRoleBinding or
RoleBinding before creating it when patching the object fails.

---------

Co-authored-by: Leif Madsen <lmadsen@redhat.com>

* [stf-run-ci] Use {{ base_dir }} instead of relative paths

* Add base_dir for script imports in stf-run-ci
* Update destination in stf-run-ci/{clone_repos,setup_stf_local_build}
* Use base_dir instead of relative paths
* main: build_list
* create_stf_local_build: use base_dir for logfile in generate bundle

get_operator_sdk.sh: Use readlink to use absolute dir

* [add_base_dir] specify chdir for get_operator_sdk

The get_operator_sdk.sh script downloads the operator-sdk into a directory relative to directory it was called from.
To get the expected behaviour, it needs to be run from base_dir, since that value is used later, when operator-sdk is called

* [add_base_dir] Update shell task to use chdir for git command

* add timeout for validate deployment

* Adjust the default scrape interval

Adjust the default scrape interval to be 15s in alignment with default
configuration changes setting the polling rate in RHOSP to 30 seconds.

Related STF-1512

* Update 17.1 helper script for poll frequency

Update the 17.1 helper script for poll frequency and match upstream
documentation for event-less deployment.

* Update tests/infrared/17.1/enable-stf.yaml.template

* Align 17.1 help stf-connectors to docs

Update the 17.1 helper scripts stf-connectors.yaml.template file to match the
default configuration we're pursuing for STF 1.5.3 and beyond.

* Update scrape_interval to 30s in alignment with data collectors

* Add local generation difference check

Check if generating a bundle locally would result in a git diff. If so,
then we should fail since that means changes are missed in the resulting
bundle.

* Fix missed bundle generation

Fix missed bundle generation in 805ada4
which I introduced by not running a local bundle generation before
merging.

---------

Co-authored-by: Chris Sibbitt <csibbitt@redhat.com>

Bump the origin-ansible-operator base image from 4.10 to 4.12.

Related STF-1524

* Remove logs API interface from STF

The logs interface in STF has never been supported or productized. A
recent bug was found where Loki can be interfered with when deployed on
the same system as STF. Since this has never been documented or
productized, it is being removed, as OpenStack logging should be sent
off-cluster from rsyslog directly to Elasticsearch.

Closes STF-1504

* Remove logs interface from CRD

Missed removing the logs interface from the CRD and defaults.

Update the ceilometer pollsters used by the 17.1 deployment helper script.

Related: rhbz#2239390

* [zuul] Add base job for testing with zuul

* Update default crc_parameters, so that there's enough memory for
  cluster_monitoring and for schedulling all the pods [1]
* Add a 60 minute timeout to the job, since the default (~30 minutes)
  is not enough to run through all the job stages
* galaxy collection and pip package versions are pinned to known-working
  versions
* post task:
    Gathers some information from oc (builds, images, CSVs, etc)
    Copies logs from the job nodes so they can be viewed in the job buildresults

* Move the metrics_result retrieve

Move the metrics_result value retrieval to above an echo command so that
the result is of the curl command and not the echo command. Also change
the scripts to set +e so that the scripts don't exist right away since
there are checks at the end that set an appropriate exit code (and gives
more information since the script will complete vs exit immediately).

Reported by Chris in Slack

* Update tests/smoketest/smoketest_ceilometer_entrypoint.sh

Co-authored-by: Chris Sibbitt <csibbitt@redhat.com>

---------

Co-authored-by: Chris Sibbitt <csibbitt@redhat.com>

Increase the ring buffer size of the sensubility Smart Gateway as
messages often exceed the default of 16384 bytes, resulting in no API
healt check data from controllers arriving.

Closes: rhbz#2241033

Disable the event pipeline management in the enable-stf.yaml file for the RHOSP
17.1 helper script to align to STF 1.5.3 disabling eventing by default,
matching our documentation changes.

Related STF-1498

Add the common and scenario vars to prepare stage so that namespace is
defined before being used

* Initial changes for QDR basicAuth

* Update roles/servicetelemetry/tasks/pre.yml

Co-authored-by: Leif Madsen <lmadsen@redhat.com>

* correct API version on secret

* Touchups from fresh environment test

* swap ansible_date_time for a filter that doesnt required facts

...and adheres to the rules for label text

* Update CSV

* Disable qdr auth in smoketests

See: #492

---------

Co-authored-by: Leif Madsen <lmadsen@redhat.com>

The format was incorrect, and cannot include '#' or capital letters.

* Add var to set QDR auth to none

The smoketests don't support spec.transport.qdr.auth = basic.
Add a var to allow us to set this value to "none" in ci.

This commit can be reverted when PR#492 is merged.

)

* [zuul] Add a job that does a local build and deploys an STF object

This job replicates the job in Jenkinsfile

Bumps [requests](https://github.com/psf/requests) from 2.27.1 to 2.31.0.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.27.1...v2.31.0)

---
updated-dependencies:
- dependency-name: requests
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Emma Foley <elfiesmelfie@users.noreply.github.com>

* [stf-run-ci] Generate extra logs if preflight checks fail

* Update preflight checks

Bumps [oauthlib](https://github.com/oauthlib/oauthlib) from 3.2.0 to 3.2.2.
- [Release notes](https://github.com/oauthlib/oauthlib/releases)
- [Changelog](https://github.com/oauthlib/oauthlib/blob/master/CHANGELOG.rst)
- [Commits](oauthlib/oauthlib@v3.2.0...v3.2.2)

---
updated-dependencies:
- dependency-name: oauthlib
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Emma Foley <elfiesmelfie@users.noreply.github.com>

* [stf-run-ci][create_catalog] Swap query for a command task

Using query looks up the kubeconfig on localhost, rather than the host
that ansible is executing against. This behaviour is different from
either using the shell/command modules or using k8s modules.
For consistent behaviour, the queries are replaced with an alternative
way to get the same information that will have consistent behahaviour
whether executing against localhost or a remote host.

* Add requires infrastructure annotations

Add required infrastructure annotations for the bundle. Implementation
is done in generate_bundle.sh because the annotations.yaml file in the
deploy/olm-catalog/ directory is not read by operator-sdk-0.19.4. Append
required additional feature annotations to the generated
annotations.yaml by operator-sdk generate bundle.

Related STF-1530

* Include annotations in the CSV directly

* Revert "Add requires infrastructure annotations"

This reverts commit c9e9b2a.

* Generate CSV contents with operator-sdk

* [stf-collect-logs] Add a role for log collection

* Update build/run-ci.yaml

* [stf-collect-logs] Update the resource name in

* [stf-collect-logs] Update README

* [stf-collect-logs] Remove unnecessary lines

* ci/post-collect_logs: Use stf-collect-logs role

* [stf-collect-logs]: Use namespace in oc commands

---------

Co-authored-by: Chris Sibbitt <csibbitt@redhat.com>

* [zuul] Add job to deploy from nightly bundles

This job doesn't build STF, but deploys from the pre-built and published
bundles.
This is useful to be able to do periodically to make sure our latest
bundles are deploying, and no dependencies are out-of-date, for example

Support STF 1.5 from OCP 4.11 through 4.14 for the next release as OCP 4.10 is now EOL.

* Update base image to pass security scans

Update the base image with a dnf update (need to excluse ansible because
ansible updates aren't compatible with the current build). This keeps
packages up to date to allow the resulting image to pass registry
security scans at the expence of image size.

* Clean up intermediate layer

Co-authored-by: Chris Sibbitt <csibbitt@redhat.com>

* Add comments to help understand Dockerfile readout

* Spellcheck fix

---------

Co-authored-by: Chris Sibbitt <csibbitt@redhat.com>

Add cluster observability operator as the preferred dependency (bottom
of list is highest priority) when installing Service Telemetry Operator.
The cluster-observability-operator is the name of the downstream
(product) bundle in the Red Hat Operators CatalogSource.

If installing for upstream, preferred operator will be
observability-operator (when the Red Hat Operators CatalogSource is not
available or enabled). And then as a fall-back method when neither
Observability Operator or Cluster Observability Operator is not
available, allow for Prometheus Operator from the Community Operators to
satisfy for the Prometheus storage backend.