diff --git a/velero/backup/license-service-reporter/label-singleton-lsr.sh b/velero/backup/license-service-reporter/label-singleton-lsr.sh new file mode 100644 index 000000000..a5d7372e1 --- /dev/null +++ b/velero/backup/license-service-reporter/label-singleton-lsr.sh @@ -0,0 +1,203 @@ +#!/usr/bin/env bash + +# Licensed Materials - Property of IBM +# Copyright IBM Corporation 2023. All Rights Reserved +# US Government Users Restricted Rights - +# Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. +# +# This is an internal component, bundled with an official IBM product. +# Please refer to that particular license for additional information. + +set -o errtrace +set -o nounset + +# ---------- Command arguments ---------- +OC=oc +LSR_NAMESPACE="ibm-lsr" + +# Catalog sources and namespace +ENABLE_PRIVATE_CATALOG=0 +LSR_SOURCE="ibm-license-service-reporter-catalog" +LSR_SOURCE_NS="openshift-marketplace" + +# ---------- Command variables ---------- + +# script base directory +BASE_DIR=$(cd $(dirname "$0")/$(dirname "$(readlink $0)") && pwd -P) + +# ---------- Main functions ---------- +function main() { + parse_arguments "$@" + pre_req + label_catalogsource + label_ns_and_related + label_subscription + label_lsr + success "Successfully labeled all the resources" +} + +function print_usage(){ #TODO update usage definition + script_name=`basename ${0}` + echo "Usage: ${script_name} [OPTIONS]" + echo "" + echo "Label License Service Reporter resources to prepare for Backup." + echo "License Service Reporter namespace is always required." + echo "" + echo "Options:" + echo " --oc string Optional. File path to oc CLI. Default uses oc in your PATH. Can also be set in env.properties." + echo " --lsr-ns Optional. Specifying will enable labeling of the license service reporter operator. Permissions may need to be updated to include the namespace." + echo " --enable-private-catalog Optional. Specifying will look for catalog sources in the operator namespace. If enabled, will look for license service reporter in its respective namespaces." + echo " --lsr-catalog Optional. Specifying will look for the license service reporter catalog source name." + echo " --lsr-catalog-ns Optional. Specifying will look for the license service reporter catalog source namespace." + echo " -h, --help Print usage information" + echo "" + +} + +function parse_arguments() { + script_name=`basename ${0}` + echo "All arguments passed into the ${script_name}: $@" + echo "" + + # process options + while [[ "$@" != "" ]]; do + case "$1" in + --oc) + shift + OC=$1 + ;; + --lsr-ns ) + shift + LSR_NAMESPACE=$1 + ;; + --enable-private-catalog) + ENABLE_PRIVATE_CATALOG=1 + ;; + --lsr-catalog) + shift + LSR_SOURCE=$1 + ;; + --lsr-catalog-ns) + shift + LSR_SOURCE_NS=$1 + ;; + -h | --help) + print_usage + exit 1 + ;; + *) + echo "Entered option $1 not supported. Run ./${script_name} -h for script usage info." + ;; + esac + shift + done + echo "" +} + +function pre_req(){ + + title "Start to validate the parameters passed into script... " + # Checking oc command logged in + user=$($OC whoami 2> /dev/null) + if [ $? -ne 0 ]; then + error "You must be logged into the OpenShift Cluster from the oc command line" + else + success "oc command logged in as ${user}" + fi +} + +function label_catalogsource() { + + title "Start to label the License Service Reporter catalog sources... " + # Label the Private CatalogSources in provided namespaces + if [ $ENABLE_PRIVATE_CATALOG -eq 1 ]; then + LSR_SOURCE_NS=$LSR_NAMESPACE + fi + ${OC} label catalogsource "$LSR_SOURCE" foundationservices.cloudpak.ibm.com=lsr -n "$CSR_SOURCE_NS" --overwrite=true 2>/dev/null + echo "" +} + +function label_ns_and_related() { + + title "Start to label the namespaces, operatorgroups... " + + # Label the cert manager namespace + ${OC} label namespace "$LSR_NAMESPACE" foundationservices.cloudpak.ibm.com=lsr --overwrite=true 2>/dev/null + + # Label the cert manager OperatorGroup + operator_group=$(${OC} get operatorgroup -n "$LSR_NAMESPACE" -o jsonpath='{.items[*].metadata.name}') + ${OC} label operatorgroup "$operator_group" foundationservices.cloudpak.ibm.com=lsr -n "$LSR_NAMESPACE" --overwrite=true 2>/dev/null + + echo "" +} + + +function label_subscription() { + + title "Start to label the Subscriptions... " + local lsr_pm="ibm-license-service-reporter-operator" + ${OC} label subscriptions.operators.coreos.com $lsr_pm foundationservices.cloudpak.ibm.com=lsr -n $LSR_NAMESPACE --overwrite=true 2>/dev/null + echo "" +} + +function label_lsr() { + + title "Start to label the License Service Reporter... " + ${OC} label customresourcedefinition ibmlicenseservicereporters.operator.ibm.com foundationservices.cloudpak.ibm.com=lsr --overwrite=true 2>/dev/null + + info "Start to label the LSR instances" + lsr_instances=$(${OC} get ibmlicenseservicereporters.operator.ibm.com -n $LSR_NAMESPACE -o jsonpath='{.items[*].metadata.name}') + while IFS= read -r lsr_instance; do + ${OC} label ibmlicenseservicereporters.operator.ibm.com $lsr_instance foundationservices.cloudpak.ibm.com=lsr -n $LSR_NAMESPACE --overwrite=true 2>/dev/null + + # Label the secrets with OIDC configured + client_secret_name=$(${OC} get ibmlicenseservicereporters.operator.ibm.com $lsr_instance -n $LSR_NAMESPACE -o yaml | awk -F '--client-secret-name=' '{print $2}' | tr -d '"' | tr -d '\n') + ${OC} label secret $client_secret_name foundationservices.cloudpak.ibm.com=lsr -n $LSR_NAMESPACE --overwrite=true 2>/dev/null + + provider_ca_secret_name=$(${OC} get ibmlicenseservicereporters.operator.ibm.com $lsr_instance -n $LSR_NAMESPACE -o yaml | awk -F '--provider-ca-secret-name=' '{print $2}' | tr -d '"' | tr -d '\n') + ${OC} label secret $provider_ca_secret_name foundationservices.cloudpak.ibm.com=lsr -n $LSR_NAMESPACE --overwrite=true 2>/dev/null + done <<< "$lsr_instances" + + info "Start to label the necessary secrets" + secrets=$(${OC} get secrets -n $LSR_NAMESPACE | grep ibm-license-service-reporter-token | cut -d ' ' -f1) + for secret in ${secrets[@]}; do + ${OC} label secret $secret foundationservices.cloudpak.ibm.com=lsr -n $LSR_NAMESPACE --overwrite=true 2>/dev/null + done + secrets=$(${OC} get secrets -n $LSR_NAMESPACE | grep ibm-license-service-reporter-credential | cut -d ' ' -f1) + for secret in ${secrets[@]}; do + ${OC} label secret $secret foundationservices.cloudpak.ibm.com=lsr -n $LSR_NAMESPACE --overwrite=true 2>/dev/null + done + + echo "" +} + +# ---------- Info functions ----------# + +function msg() { + printf '%b\n' "$1" +} + +function success() { + msg "\33[32m[✔] ${1}\33[0m" +} + +function error() { + msg "\33[31m[✘] ${1}\33[0m" + exit 1 +} + +function title() { + msg "\33[34m# ${1}\33[0m" +} + +function info() { + msg "[INFO] ${1}" +} + +function warning() { + msg "\33[33m[✗] ${1}\33[0m" +} + +main $* + +# ---------------- finish ---------------- diff --git a/velero/spectrum-fusion/license-service-reporter/backup-restore-workflow.yaml b/velero/spectrum-fusion/license-service-reporter/backup-restore-workflow.yaml new file mode 100644 index 000000000..7371446f9 --- /dev/null +++ b/velero/spectrum-fusion/license-service-reporter/backup-restore-workflow.yaml @@ -0,0 +1,136 @@ +apiVersion: application.isf.ibm.com/v1alpha1 +kind: Application +metadata: + name: lsr-application + namespace: ibm-spectrum-fusion-ns +spec: + enableDR: false + includedNamespaces: + - + - openshift-marketplace + - openshift-config +--- + +apiVersion: data-protection.isf.ibm.com/v1alpha1 +kind: BackupPolicy +metadata: + name: lsr-backup-policy +spec: + backupStorageLocation: + provider: isf-backup-restore + retention: + number: 5 + unit: days + schedule: + cron: '00 0 * * * ' + timezone: America/New_York +--- + +apiVersion: spp-data-protection.isf.ibm.com/v1alpha1 +kind: Recipe +metadata: + name: lsr-recipe + namespace: ibm-spectrum-fusion-ns +spec: + appType: license-service-reporter + groups: + - includeClusterResources: true + includedResourceTypes: + - customresourcedefinitions.apiextensions.k8s.io + - secrets + - ibmlicenseservicereporters.operator.ibm.com + labelSelector: foundationservices.cloudpak.ibm.com=lsr + name: license-service-reporter-parent + type: resource + - backupRef: license-service-reporter-parent + includeClusterResources: true + includedResourceTypes: + - customresourcedefinitions.apiextensions.k8s.io + name: license-service-reporter-crd + type: resource + - backupRef: license-service-reporter-parent + includeClusterResources: true + includedResourceTypes: + - secrets + - ibmlicenseservicereporters.operator.ibm.com + name: license-service-reporter-instances + type: resource + - includedResourceTypes: + - catalogsources.operators.coreos.com + labelSelector: foundationservices.cloudpak.ibm.com=lsr + name: license-service-reporter-catalog + type: resource + - includeClusterResources: true + labelSelector: foundationservices.cloudpak.ibm.com=lsr + name: license-service-reporter-namespace + type: resource + - includedResourceTypes: + - operatorgroups.operators.coreos.com + labelSelector: foundationservices.cloudpak.ibm.com=lsr + name: license-service-reporter-operatorgroup + type: resource + - includedResourceTypes: + - subscriptions.operators.coreos.com + labelSelector: foundationservices.cloudpak.ibm.com=lsr + name: license-service-reporter-subscription + type: resource + hooks: + - chks: + - condition: '{$.status.phase} == {"Running"}' + name: podReady + onError: fail + timeout: 600 + name: license-service-reporter-check + labelSelector: app.kubernetes.io/name=ibm-license-service-reporter + namespace: + onError: fail + selectResource: pod + timeout: 600 + type: check + - chks: + - condition: '{$.status.phase} == {"Running"}' + name: podReady + onError: fail + timeout: 600 + name: license-service-reporter-instance-check + labelSelector: app.kubernetes.io/instance=ibm-license-service-reporter + namespace: + onError: fail + selectResource: pod + timeout: 600 + type: check + workflows: + - failOn: any-error + name: backup + sequence: + - group: license-service-reporter-namespace + - group: license-service-reporter-catalog + - group: license-service-reporter-operatorgroup + - group: license-service-reporter-parent + - group: license-service-reporter-subscription + - failOn: any-error + name: restore + sequence: + - group: license-service-reporter-namespace + - group: license-service-reporter-catalog + - group: license-service-reporter-operatorgroup + - group: license-service-reporter-crd + - group: license-service-reporter-instances + - group: license-service-reporter-subscription + - hook: license-service-reporter-check/podReady + - hook: license-service-reporter-instance-check/podReady +--- + +apiVersion: data-protection.isf.ibm.com/v1alpha1 +kind: PolicyAssignment +metadata: + name: lsr-policy-assignment + namespace: ibm-spectrum-fusion-ns +spec: + application: lsr-application + backupPolicy: lsr-backup-policy + runNow: false + recipe: + apiVersion: spp-data-protection.isf.ibm.com/v1alpha1 + name: lsr-recipe + namespace: ibm-spectrum-fusion-ns \ No newline at end of file diff --git a/velero/spectrum-fusion/recipes/4.0-4.5-example-recipe-multi-ns.yaml b/velero/spectrum-fusion/recipes/4.0-4.5-example-recipe-multi-ns.yaml index b4eeb02d7..8b984bf24 100644 --- a/velero/spectrum-fusion/recipes/4.0-4.5-example-recipe-multi-ns.yaml +++ b/velero/spectrum-fusion/recipes/4.0-4.5-example-recipe-multi-ns.yaml @@ -93,7 +93,7 @@ spec: includedResourceTypes: - customresourcedefinitions.apiextensions.k8s.io labelSelector: foundationservices.cloudpak.ibm.com=crd - name: commonservices-crd + name: commonservice-crd type: resource - includedResourceTypes: - commonservices.operator.ibm.com @@ -370,7 +370,7 @@ spec: - group: common-services-catalogs - group: common-services-operatorgroups - group: common-services-configmaps - - group: commonservices-crd + - group: commonservice-crd - group: commonservice-cr - group: nss-resources - group: cs-operator-permissions @@ -398,7 +398,7 @@ spec: - group: licensing-resources # restore common services - group: common-services-configmaps - - group: commonservices-crd + - group: commonservice-crd - group: commonservice-cr - group: nss-resources - group: common-services-subscriptions diff --git a/velero/spectrum-fusion/recipes/4.7-example-recipe-multi-ns-multi-zen.yaml b/velero/spectrum-fusion/recipes/4.7-example-recipe-multi-ns-multi-zen.yaml index 76f714576..4cd6c2713 100644 --- a/velero/spectrum-fusion/recipes/4.7-example-recipe-multi-ns-multi-zen.yaml +++ b/velero/spectrum-fusion/recipes/4.7-example-recipe-multi-ns-multi-zen.yaml @@ -134,7 +134,7 @@ spec: includedResourceTypes: - customresourcedefinitions.apiextensions.k8s.io labelSelector: foundationservices.cloudpak.ibm.com=crd - name: commonservices-crd + name: commonservice-crd type: resource - includedResourceTypes: - commonservices.operator.ibm.com @@ -303,6 +303,18 @@ spec: selectResource: pod timeout: 600 type: check + - chks: + - condition: '{$.status.phase} == {"Running"}' + name: podReady + onError: fail + timeout: 600 + name: license-service-reporter-instance-check + labelSelector: app.kubernetes.io/instance=ibm-license-service-reporter + namespace: + onError: fail + selectResource: pod + timeout: 600 + type: check - chks: - condition: '{$.spec.replicas} == {$.status.readyReplicas}' name: podReady @@ -522,7 +534,7 @@ spec: - group: common-services-operatorgroups - group: common-services-configmaps - group: license-service-reporter-crd - - group: commonservices-crd + - group: commonservice-crd - group: commonservice-cr - group: nss-resources - group: singleton-subscriptions @@ -553,6 +565,7 @@ spec: - group: license-service-reporter-subscriptions - hook: license-service-reporter-check/podReady - group: license-service-reporter-instances + - hook: license-service-reporter-instance-check/podReady - group: lsr-pre-deploy - group: lsr-volume - group: lsr-deployment @@ -560,7 +573,7 @@ spec: - hook: lsr-data/restore # restore common services - group: common-services-configmaps - - group: commonservices-crd + - group: commonservice-crd - group: commonservice-cr - group: nss-resources - group: common-services-subscriptions diff --git a/velero/spectrum-fusion/recipes/4.7-example-recipe-multi-ns.yaml b/velero/spectrum-fusion/recipes/4.7-example-recipe-multi-ns.yaml index 22f98265e..5666cd6ae 100644 --- a/velero/spectrum-fusion/recipes/4.7-example-recipe-multi-ns.yaml +++ b/velero/spectrum-fusion/recipes/4.7-example-recipe-multi-ns.yaml @@ -136,7 +136,7 @@ spec: includedResourceTypes: - customresourcedefinitions.apiextensions.k8s.io labelSelector: foundationservices.cloudpak.ibm.com=crd - name: commonservices-crd + name: commonservice-crd type: resource - includedResourceTypes: - commonservices.operator.ibm.com @@ -303,6 +303,18 @@ spec: selectResource: pod timeout: 600 type: check + - chks: + - condition: '{$.status.phase} == {"Running"}' + name: podReady + onError: fail + timeout: 600 + name: license-service-reporter-instance-check + labelSelector: app.kubernetes.io/instance=ibm-license-service-reporter + namespace: + onError: fail + selectResource: pod + timeout: 600 + type: check - chks: - condition: '{$.spec.replicas} == {$.status.readyReplicas}' name: podReady @@ -462,10 +474,12 @@ spec: - group: common-services-operatorgroups - group: common-services-configmaps - group: license-service-reporter-crd + - group: commonservice-crd + - group: commonservice-cr - group: singleton-subscriptions - group: cert-manager-resources - group: license-service-reporter-subscriptions - - group: commonservices-crd + - group: commonservice-crd - group: commonservice-cr - group: nss-resources - group: common-services-subscriptions @@ -493,6 +507,7 @@ spec: - group: license-service-reporter-subscriptions - hook: license-service-reporter-check/podReady - group: license-service-reporter-instances + - hook: license-service-reporter-instance-check/podReady - group: lsr-pre-deploy - group: lsr-volume - group: lsr-deployment @@ -500,7 +515,7 @@ spec: - hook: lsr-data/restore # restore common services - group: common-services-configmaps - - group: commonservices-crd + - group: commonservice-crd - group: commonservice-cr - group: nss-resources - group: common-services-subscriptions diff --git a/velero/spectrum-fusion/recipes/4.7-example-recipe-single-ns.yaml b/velero/spectrum-fusion/recipes/4.7-example-recipe-single-ns.yaml index 6305ec1f4..2a0358e6d 100644 --- a/velero/spectrum-fusion/recipes/4.7-example-recipe-single-ns.yaml +++ b/velero/spectrum-fusion/recipes/4.7-example-recipe-single-ns.yaml @@ -280,6 +280,18 @@ spec: selectResource: pod timeout: 600 type: check + - chks: + - condition: '{$.status.phase} == {"Running"}' + name: podReady + onError: fail + timeout: 600 + name: license-service-reporter-instance-check + labelSelector: app.kubernetes.io/instance=ibm-license-service-reporter + namespace: + onError: fail + selectResource: pod + timeout: 600 + type: check - chks: - condition: '{$.spec.replicas} == {$.status.readyReplicas}' name: podReady @@ -405,7 +417,6 @@ spec: - group: common-services-catalogs - group: common-services-operatorgroups - group: common-services-configmaps - - group: license-service-reporter-crd - group: commonservice-crd - group: commonservice-cr - group: singleton-subscriptions @@ -436,6 +447,7 @@ spec: - group: license-service-reporter-subscriptions - hook: license-service-reporter-check/podReady - group: license-service-reporter-instances + - hook: license-service-reporter-instance-check/podReady - group: lsr-pre-deploy - group: lsr-volume - group: lsr-deployment