ocs_ci.deployment package

Subpackages

ocs_ci.deployment.helpers package

Submodules

ocs_ci.deployment.acm module

All ACM related deployment classes and functions should go here.

class ocs_ci.deployment.acm.Submariner

Bases: object

Submariner configuaration and deployment

create_acm_brew_idms(): This is a prereq for downstream unreleased submariner

deploy()

deploy_downstream()

deploy_upstream()

download_binary()

download_downstream_binary(download_url='registry.redhat.io/rhacm2/')

Download downstream subctl binary from container image. Extracts the binary directly from /usr/local/bin/subctl in the image.

Raises:

UnsupportedPlatformError – If current platform has no supported subctl binary
SubctlDownloadFailed – If the binary extraction fails

get_default_gateway_node()

Return the default node to be used as submariner gateway

Returns:: Name of the gateway node
Return type:: str

get_primary_cluster_index()

Return list index (in the config list) of the primary cluster A cluster is primary from DR perspective

Returns:: Index of the cluster designated as primary
Return type:: int

get_subctl_version()

Run ‘subctl version ‘ command and return a Version object

Returns:: semanctic version object
Return type:: vers (Version)

submariner_configure_upstream()

Deploy and Configure upstream submariner

Raises:: DRPrimaryNotFoundException – If there is no designated primary cluster found

ocs_ci.deployment.acm.run_subctl_cmd(cmd=None)

Run subctl command

Parameters:: cmd – subctl command to be executed

ocs_ci.deployment.acm.run_subctl_cmd_interactive(cmd, prompt, answer)

Handle interactive prompts with answers during subctl command

Parameters:

cmd (str) – Command to be executed
prompt (str) – Expected question during command run which needs to be provided
answer (str) – Answer for the prompt

Raises:

InteractivePromptException – in case something goes wrong

ocs_ci.deployment.assisted_installer module

This module implements functionality for deploying OCP cluster via Assisted Installer

class ocs_ci.deployment.assisted_installer.AssistedInstallerCluster(name, cluster_path, existing_cluster=False, openshift_version=None, base_dns_domain=None, api_vip=None, ingress_vip=None, ssh_public_key=None, pull_secret=None, cpu_architecture='x86_64', high_availability_mode='Full', image_type='minimal-iso', static_network_config=None, platform='baremetal')

Bases: object

create_cluster(): Create (register) new cluster in Assisted Installer console

create_infrastructure_environment(): Create new Infrastructure Environment for the cluster

create_kubeadmin_password_file(): Export password for kubeadmin to auth/kubeadmin-password file in cluster path

create_kubeconfig_file(): Export kubeconfig to auth directory in cluster path.

create_metadata_file(): Create metadata.json file.

create_openshift_install_log_file(): Create .openshift_install.log file containing URL to OpenShift console. It is used by our CI jobs to show the console URL in build description.

delete_cluster(): Delete the cluster

delete_infrastructure_environment(): Delete the Infrastructure Environment

download_discovery_iso(local_path)

Download the discovery iso image

Parameters:: local_path (str) – path where to store the discovery iso image

download_ipxe_config(local_path)

Download the ipxe config for discovery boot

Parameters:: local_path (str) – path where to store the ipxe config
Returns:: path to the downloaded ipxe config file
Return type:: str

get_host_id_mac_mapping()

Prepare mapping between host ID and mac addresses

Returns:: host id to mac mapping ([[host1_id, mac1], [host1_id, mac2], [host2_id, mac3],…])
Return type:: list of lists

get_infra_env_hosts()

Returns:: list of discovered hosts in the Infrastructure Environment
Return type:: list

get_ip_list_by_cluster_id(): Get list of IP addresses assigned to the hosts in the cluster.

install_cluster(pending_user_action_handler=None)

Trigger cluster installation

Parameters:: pending_user_action_handler (function) – function handling pending user action for particular host (host details as dict provided as first parameter)

load_existing_cluster_configuration(): Load configuration from existing cluster

prepare_pull_secret(original_pull_secret)

Combine original pull secret with the pull secret for the Assisted Installer console user. We have to replace cloud.openshift.com credentials in the original pull-secret with the credentials for the current user, otherwise Assisted Installer will comply that the pull secret belongs to different user.

Parameters:: original_pull_secret (str or dict) – content of pull secret

update_hosts_config(mac_name_mapping, mac_role_mapping)

Update host names and roles.

Parameters:

mac_name_mapping (dict) – host mac address to host name mapping
mac_role_mapping (dict) – host mac address to host role mapping

verify_validations_info_for_discovered_nodes(): Check and verify validations info for the discovered nodes.

wait_for_discovered_nodes(expected_nodes)

Wait for expected number of nodes to appear in the Assisted Installer infra/cluster

Parameters:: expected_nodes (int) – number of expected nodes

ocs_ci.deployment.aws module

This module contains platform specific methods and classes for deployment on AWS platform

class ocs_ci.deployment.aws.AWSIPI

Bases: AWSBase

A class to handle AWS IPI specific deployment

class OCPDeployment

Bases: IPIOCPDeployment

deploy_prereq(): Overriding deploy_prereq from parent. Perform all necessary prerequisites for cloud IPI here.

sts_setup(): Perform setup procedure for STS Mode deployments.

deploy_ocp(log_cli_level='DEBUG')

Deployment specific to OCP cluster on this platform

Parameters:: log_cli_level (str) – openshift installer’s log level (default: “DEBUG”)

destroy_cluster(log_level='DEBUG')

Destroy OCP cluster specific to AWS IPI

Parameters:: log_level (str) – log level openshift-installer (default: DEBUG)

class ocs_ci.deployment.aws.AWSUPI

Bases: AWSBase

A class to handle AWS UPI specific deployment

class OCPDeployment

Bases: OCPDeployment

deploy(log_cli_level='DEBUG')

Exact deployment will happen here

Parameters:: log_cli_level (str) – openshift installer’s log level (default: “DEBUG”)

deploy_prereq(): Overriding deploy_prereq from parent. Perform all necessary prerequisites for AWSUPI here.

add_rhel_workers(): Add RHEL worker nodes to the existing cluster

build_ansible_inventory(hosts)

Build the ansible hosts file from jinja template

Parameters:: hosts (list) – list of private host names
Returns:: path of the ansible file created
Return type:: str

check_connection(rhel_pod_obj, host, pem_dst_path)

create_rhel_instance(): This function does the following: 1. Create RHEL worker instances, copy required AWS tags from existing 2. worker instances to new RHEL instances 3. Copy IAM role from existing worker to new RHEL workers

deploy_ocp(log_cli_level='DEBUG')

OCP deployment specific to AWS UPI

Parameters:: log_cli_level (str) – openshift installer’s log level (default: ‘DEBUG’)

destroy_cluster(log_level='DEBUG')

Destroy OCP cluster for AWS UPI

Parameters:: log_level (str) – log level for openshift-installer ( default:DEBUG)

gather_worker_data(suffix='no0')

Gather various info like vpc, iam role, subnet,security group, cluster tag from existing RHCOS workers

Parameters:: suffix (str) – suffix to get resource of worker node, ‘no0’ by default

get_kube_tag(tags)

Fetch kubernets.io tag from worker instance

Parameters:

tags (dict) – AWS tags from existing worker

Returns:

key looks like: ”kubernetes.io/cluster/<cluster-name>” and value looks like “share” OR “owned”

Return type:

tuple

get_ready_status(node_ent)

Get the node ‘Ready’ status

Parameters:: node_ent (dict) – Node info which includes details
Returns:: True if node is Ready else False
Return type:: bool

get_rhcos_workers()

Returns a list of rhcos worker names

Returns:: list of rhcos worker nodes
Return type:: rhcos_workers (list)

get_worker_resource_id(resource)

Get the resource ID

Parameters:: resource (dict) – a dictionary of stack resource
Returns:: ID of worker stack resource
Return type:: str

remove_rhcos_workers()

After RHEL workers are added remove rhcos workers from the cluster

Raises:: FailedToRemoveNodeException – if rhcos removal is failed

run_ansible_playbook(): Bring up a helper pod (RHEL) to run openshift-ansible playbook

verify_nodes_added(hosts)

Verify RHEL workers are added

Parameters:: hosts (list) – list of aws private hostnames
Raises:: FailedToAddNodeException – if node addition failed

ocs_ci.deployment.azure module

This module contains platform specific methods and classes for deployment on Azure platform.

class ocs_ci.deployment.azure.AZUREIPI

Bases: AZUREBase

A class to handle Azure IPI specific deployment.

class OCPDeployment

Bases: IPIOCPDeployment

deploy_prereq(): Overriding deploy_prereq from parent. Perform all necessary prerequisites for cloud IPI here.

sts_setup(): Perform setup procedure for STS Mode deployments.

destroy_cluster(log_level='DEBUG')

Destroy OCP cluster specific to Azure IPI

Parameters:: log_level (str) – log level openshift-installer (default: DEBUG)

ocs_ci.deployment.baremetal module

class ocs_ci.deployment.baremetal.BAREMETALAI

Bases: BAREMETALBASE

A class to handle Bare metal Assisted Installer specific deployment

class OCPDeployment

Bases: BMBaseOCPDeployment

configure_ipxe_on_helper(): Configure iPXE on helper node

create_config(): Create the OCP deploy config.

create_dns_records(): Configure DNS records for api and ingress

create_pxe_file(template='ocp-deployment/pxelinux.cfg.ipxe.j2', **kwargs): Prepare content of PXE file for chain loading to ipxe

deploy(log_cli_level='DEBUG')

Deployment specific to OCP cluster on this platform

Parameters:: log_cli_level (str) – not used for Assisted Installer deployment

deploy_prereq(): Pre-Requisites for Bare Metal AI Deployment

destroy(): Cleanup cluster related resources.

pending_user_action_handler(host)

Method for handling pending user action during deployment (this usually means that the server didn’t boot properly from the disk.)

Parameters:: host (dict) – details about host with pending user action (from Assisted Installer api)

set_pxe_boot_and_reboot(machine)

Ipmi Set Pxe boot and Restart the machine

Parameters:: machine (str) – Machine Name

destroy_cluster(log_level='DEBUG')

Destroy OCP cluster specific to Baremetal - Assisted installer deployment

Parameters:: log_level (str) – this parameter is not used here

class ocs_ci.deployment.baremetal.BAREMETALBASE

Bases: Deployment

A common class for Bare metal deployments

class ocs_ci.deployment.baremetal.BAREMETALUPI

Bases: BAREMETALBASE

A class to handle Bare metal UPI specific deployment

class OCPDeployment

Bases: BMBaseOCPDeployment

configure_storage_for_image_registry(kubeconfig): Configures storage for the image registry

create_config(): Creates the OCP deploy config for the Bare Metal

create_ignitions(): Creates the ignition files

create_manifest(): Creates the Manifest files

create_pxe_files(ocp_version, role, disk_path)

Create pxe file for giver role

Parameters:

ocp_version (float) – OCP version
role (str) – Role of node eg:- bootstrap,master,worker

Returns:

temp file path

Return type:

str

deploy(log_cli_level='DEBUG'): Deploy

deploy_prereq(): Pre-Requisites for Bare Metal UPI Deployment

destroy(log_level=''): Destroy OCP cluster specific to BM UPI

set_pxe_boot_and_reboot(machine)

Ipmi Set Pxe boot and Restart the machine

Parameters:: machine (str) – Machine Name

class ocs_ci.deployment.baremetal.BMBaseOCPDeployment

Bases: OCPDeployment

check_bm_status_exist()

Check if BM Cluster already exist

Returns:: response status
Return type:: str

configure_dnsmasq_common_config(): Prepare common configuration for dnsmasq

configure_dnsmasq_hosts_config(): prepare hosts configuration for dnsmasq dhcp

configure_dnsmasq_on_helper_vm(): Install and configure dnsmasq and other required packages for DHCP and PXE boot server on helper VM

configure_dnsmasq_pxe_config(): Prepare PXE configuration for dnsmasq

deploy_prereq(): Pre-Requisites for Bare Metal deployments

destroy(log_level=''): Destroy OCP cluster

get_locked_username()

Get name of user who has locked baremetal resource

Returns:: username
Return type:: str

property helper_node_handler: Create connection to helper node hosting httpd, tftp and dhcp services for PXE boot

restart_dnsmasq_service_on_helper_vm(): Restart dnsmasq service providing DHCP and TFTP services for UPI deployment

start_dnsmasq_service_on_helper_vm(): Start dnsmasq service providing DHCP and TFTP services for UPI deployment

stop_dnsmasq_service_on_helper_vm(): Stop dnsmasq service providing DHCP and TFTP services for UPI deployment

update_bm_status(bm_status)

Update BM status when cluster is deployed/teardown

Parameters:: bm_status (str) – Status to be updated
Returns:: response message
Return type:: str

class ocs_ci.deployment.baremetal.BaremetalPSIUPI

Bases: Deployment

All the functionalities related to BaremetalPSI- UPI deployment lives here

class OCPDeployment

Bases: OCPDeployment

deploy(log_level=''): Implement ocp deploy in specific child class

deploy_prereq(): Instantiate proper flexy class here

destroy(log_level=''): Destroy volumes attached if any and then the cluster

ocs_ci.deployment.baremetal.clean_disk(node_name, device, size=None, run_sgdisk=True, ocp_obj=None, namespace='default')

Perform disks cleanup

Parameters:

node_name (str) – name of the (worker) node where to run the disk cleanup
device (str) – path to the device to be cleaned up
size (int) – size of the device, if not provided, it will be obtained via lsblk -n –output SIZE -b {device} command
run_sgdisk (bool) – run sgdisk –zap-all {device} command (default: True)
ocp_obj (obj) – OCP object, if not provided, new one is initialized
namespace (str) – namespace where the oc_debug command will be executed

ocs_ci.deployment.baremetal.clean_disks(worker, namespace='default')

Perform disks cleanup

Parameters:

worker (object) – worker node object
namespace (str) – namespace where the oc_debug command will be executed

ocs_ci.deployment.baremetal.detect_simulation_disk_on_node(wnode, namespace=None, timeout=300)

Detects the last available /dev/sd*, /dev/nvme*n0* disk on a given worker node.

Parameters:

wnode (ocs_ci.ocs.resources.ocs.OCS) – The worker node object.
namespace (str) – Namespace for the debug pod.
timeout (int) – Timeout for the command execution.

Returns:

The detected disk path (e.g., “/dev/sdb”, “/dev/nvme*n0*”) or None if not found.

Return type:

str or None

ocs_ci.deployment.baremetal.disks_available_to_cleanup(worker, namespace='default')

disks available for cleanup

Parameters:

worker (object) – worker node object
namespace (str) – namespace where the oc_debug command will be executed

Returns:

The disk names available for cleanup on a node

Return type:

disk_names_available_for_cleanup (list)

ocs_ci.deployment.cert_manager module

This module contains functions needed for installing cert-manager operator from Red Hat. More information about cert-manager can be found at https://github.com/openshift/cert-manager-operator and https://cert-manager.io/

ocs_ci.deployment.cert_manager.deploy_cert_manager(): Installs cert-manager

ocs_ci.deployment.cloud module

This module contains common code and a base class for any cloud platform deployment.

class ocs_ci.deployment.cloud.CloudDeploymentBase

Bases: Deployment

Base class for deployment on a cloud platform (such as AWS, Azure, …).

check_cluster_existence(cluster_name_prefix)

Check cluster existence according to cluster name prefix

Returns:

True if a cluster with the same name prefix already exists,: False otherwise

Return type:

bool

deploy_ocp(log_cli_level='DEBUG')

Deployment specific to OCP cluster on a cloud platform.

Parameters:: log_cli_level (str) – openshift installer’s log level (default: “DEBUG”)

class ocs_ci.deployment.cloud.IPIOCPDeployment

Bases: OCPDeployment

Common implementation of IPI OCP deployments for cloud platforms.

deploy(log_cli_level='DEBUG')

Deployment specific to OCP cluster on a cloud platform.

Parameters:: log_cli_level (str) – openshift installer’s log level (default: “DEBUG”)

deploy_prereq(): Overriding deploy_prereq from parent. Perform all necessary prerequisites for cloud IPI here.

ocs_ci.deployment.cnv module

This module contains functionality required for CNV installation.

class ocs_ci.deployment.cnv.CNVInstaller

Bases: object

CNV Installer class for CNV deployment

catalog_source_created(catalogsource_name=None)

Check if catalog source is created

Parameters:: catalogsource_name (str) – Name of the catalogsource
Returns:: True if catalog source is created, False otherwise
Return type:: bool

check_cnv_is_upgradable()

This method checks if the cnv operator is upgradable or not

Returns:: Returns True if Upgradable else False
Return type:: cnv_upgradeable (bool))

check_hyperconverged_healthy(raise_exception=True)

Validate that HyperConverged systemHealthStatus is healthy. Method throws an exception if the status is not healthy.

Parameters:

raise_exception – If True, allow the verification to fail the job and raise an exception if the
fails (verification) –
False. (otherwise return) –

Returns:

True if the status is healthy, False otherwise.

Return type:

bool

check_if_any_vm_and_vmi(namespace=None)

Checks if any VMs and VM instances are running

Parameters:: namespace (str) – namespace to check
Returns:: True if any VMs or VMi else False

check_virtctl_compatibility()

Check if the virtctl binary is compatible with the current system.

Raises:: exceptions.ArchitectureNotSupported – If virtctl is not compatible.

cnv_hyperconverged_installed(): Check if CNV HyperConverged is already installed. :returns: True if CNV HyperConverged is installed, False otherwise :rtype: bool

create_cnv_catalog_source(): Creates a nightly catalogsource manifest for CNV operator deployment from quay registry.

create_cnv_namespace()

Creates the namespace for CNV resources

Raises:: CommandFailed – If the ‘oc create’ command fails.

create_cnv_operatorgroup(): Creates an OperatorGroup for CNV

create_cnv_subscription(): Creates subscription for CNV operator

deploy_cnv(check_cnv_deployed=False, check_cnv_ready=False)

Installs CNV enabling software emulation.

Parameters:

check_cnv_deployed (bool) – If True, check if CNV is already deployed. If so, skip the deployment.
check_cnv_ready (bool) – If True, check if CNV is ready. If so, skip the deployment.

deploy_hyper_converged()

Deploys the HyperConverged CR.

Raises:: TimeoutExpiredError – If the HyperConverged resource does not become available within the specified time.

disable_multicluster_engine(): Disable multicluster engine on cluster

download_and_extract_virtctl_binary(bin_dir=None)

Download and extract the virtctl binary to bin_dir

Parameters:: bin_dir (str) – The directory to store the virtctl binary.

enable_software_emulation()

Enable software emulation. This is needed on a cluster where the nodes do not support hardware emulation.

Note that software emulation, when enabled, is only used as a fallback when hardware emulation is not available. Hardware emulation is always attempted first, regardless of the value of the useEmulation.

get_running_cnv_version()

Get the currently deployed cnv version

Returns:: cnv version
Return type:: string

get_virtctl_all_console_links()

Get all the URL links from virtctl specification links.

Returns:: A list of virtctl download URLs.
Return type:: List[str]
Raises:: exceptions.ResourceNotFoundError – If no URL entries are found.

get_virtctl_console_spec_links()

Retrieve the specification links for the virtctl client.

Returns:: A list of dictionaries containing specification links.
Return type:: List[dict]
Raises:: exceptions.ResourceNotFoundError – If virtctl ConsoleCLIDownload is not found.

get_virtctl_download_url(os_type, os_machine_type)

Get the virtctl download URL based on the specified platform and architecture.

Parameters:

os_type (str) – The operating system.
os_machine_type (str) – The operating system machine architecture.

Returns:

The virtctl download URL if found, otherwise None.

Return type:

Optional[str]

post_install_verification(raise_exception=False)

Performs CNV post-installation verification, with raise_exception = False may be used safely to run on clusters with CNV installed or not installed.

Parameters:: raise_exception – If True, allow function to fail the job and raise an exception. If false, return False

instead of raising an exception.

Returns:

True if the verification conditions are met, False otherwise

Return type:

bool

Raises:

TimeoutExpiredError – If the verification conditions are not met within the timeout
and raise_exception is True. –
HyperConvergedHealthException – If the HyperConverged cluster health is not health
and raise_exception is True. –
ResourceNotFoundError if the namespace does not exist and raise_exception is True. –
ResourceWrongStatusException if the nodes are not ready, verification fails and raise_exception –
is True. –

remove_cnv_csv(): Remove CNV ClusterServiceVersion

remove_cnv_operator(): Remove CNV operator

remove_cnv_subscription(): Remove CNV subscription

remove_crds(): Remove openshift virtualization CRDs

remove_hyperconverged(): Remove HyperConverged CR

remove_namespace(): Remove openshift virtualization namespace

uninstall_cnv(check_cnv_installed=True)

Uninstall CNV deployment

Parameters:: check_cnv_installed (bool) – True if want to check if CNV installed

upgrade_cnv()

Upgrade cnv operator

Returns: bool: if cnv operator is upgraded successfully

wait_for_the_resource_to_discover(kind, namespace, resource_name)

Waits for the specified resource to be discovered.

Parameters:

kind (str) – The type of the resource to wait for.
namespace (str) – The namespace in which to wait for the resource.
resource_name (str) – The name of the resource to wait for.

ocs_ci.deployment.deployment module

This module provides base class for different deployment platforms like AWS, VMWare, Baremetal etc.

class ocs_ci.deployment.deployment.Deployment

Bases: object

Base for all deployment platforms

class OCPDeployment(**kwargs)

Bases: OCPDeployment

This class has to be implemented in child class and should overload methods for platform specific config.

acm_operator_installed(): Check if ACM HUB is already installed :returns: True if ACM HUB operator is installed, False otherwise :rtype: bool

add_node(): Implement platform-specific add_node in child class

cleanup_pgsql_db(): Perform cleanup for noobaa external pgsql DB in case external pgsq is enabled.

property cluster_path

configure_acm_to_import_mce_clusters(): Configure ACM to import MCE operator cluster and hosted clusters

property custom_storage_class_path

deploy_acm_hub(): Handle ACM HUB deployment

deploy_acm_hub_released(): Handle ACM HUB released image deployment

deploy_acm_hub_unreleased(): Handle ACM HUB unreleased image deployment

deploy_acm_hub_unreleased_konflux(): Handle ACM HUB unreleased image deployment for 2.14 and later version

deploy_cluster(log_cli_level='DEBUG')

We are handling both OCP and OCS deployment here based on flags

Parameters:: log_cli_level (str) – log level for installer (default: DEBUG)

deploy_gitops_operator(switch_ctx=None)

Deploy GitOps operator

Parameters:: switch_ctx (int) – The cluster index by the cluster name

deploy_lvmo(): deploy lvmo for platform specific (for now only vsphere)

deploy_multicluster_hub(): Handle Multicluster HUB creation :returns: True if ACM HUB is installed, False otherwise :rtype: bool

deploy_ocp(log_cli_level='DEBUG')

Base deployment steps, the rest should be implemented in the child class.

Parameters:: log_cli_level (str) – log level for installer (default: DEBUG)

deploy_ocs(): Handle OCS deployment, since OCS deployment steps are common to any platform, implementing OCS deployment here in base class.

deploy_ocs_via_operator(image=None)

Method for deploy OCS via OCS operator

Parameters:: image (str) – Image of ocs registry.

deploy_odf_addon(): This method deploy ODF addon.

deploy_with_external_mode(): This function handles the deployment of OCS on external/indpendent RHCS cluster

deployment_with_ui(): Deployment OCS Operator via OpenShift Console

destroy_cluster(log_level='DEBUG')

Base destroy cluster method, for more platform specific stuff please overload this method in child class.

Parameters:: log_level (str) – log level for installer (default: DEBUG)

do_deploy_cert_manager(): Installs cert-manager operator

do_deploy_cnv(): Deploy CNV We run it in OCP deployment stage, hence ship_ocs_deployment is set True. When we run it in OCS deployment stage, the skip_ocs_deployment is set to False automatically and second installation does not happen.

do_deploy_external_spoke_clusters(): Deploy External spoke cluster(s)

do_deploy_hosted_spoke_clusters(): Deploy Hosted cluster(s)

do_deploy_hyperconverged(): Deploy HyperConverged Operator and resources that works instead of CNV operator. Should run on OCP deployment phase

do_deploy_lvmo(): call lvm deploy

do_deploy_mce(): Deploy Multicluster Engine Shall run on OCP deployment phase

do_deploy_metallb(): Deploy MetalLB

do_deploy_oadp(): Deploy OADP Operator

do_deploy_ocp(log_cli_level): Deploy OCP :param log_cli_level: log level for the installer :type log_cli_level: str

do_deploy_ocs(): Deploy OCS/ODF and run verification as well

do_deploy_rdr(): Call Regional DR deploy

do_deploy_submariner(): Deploy Submariner operator

do_gitops_deploy()

Deploy GitOps operator

Returns:

external_post_deploy_validation(): This function validates successful deployment of OCS in external mode, some of the steps overlaps with converged mode

get_rdr_conf()

Aggregate important Regional DR parameters in the dictionary

Returns:: of Regional DR config parameters
Return type:: dict

label_and_taint_nodes(): Label and taint worker nodes to be used by OCS operator

muliclusterhub_running()

Check if MultiCluster Hub is running

Returns:: True if MultiCluster Hub is running, False otherwise
Return type:: bool

property namespace

objectstore_user_check()

property ocp_deployment_type

odf_deployments_check(): Check on existance of deployments inspired by upstream check: https://github.com/red-hat-storage/odf-operator/blob/main/hack/install-odf.sh#L34-L44

patch_default_sc_to_non_default(): Patch storage class which comes as default with installation to non-default

property platform

post_ocp_deploy(): Function does post OCP deployment stuff we need to do.

set_noobaa_core_for_rgw_ssl()

Set env variables for noobaa-core StatefulSet to inject SSL environment variables required for RGW SSL connections in external mode to W/A issue: https://issues.redhat.com/browse/DFBUGS-3777#

This adds NODE_OPTIONS and SSL_CERT_FILE environment variables to the noobaa-core container to enable SSL certificate validation.

property storage_class

subscribe_ocs(): This method subscription manifest and subscribe to OCS operator.

wait_for_csv(csv_name, namespace=None)

Wait for the CSV to appear

Parameters:

csv_name (str) – CSV name pattern
namespace (str) – Namespace where CSV exists

wait_for_subscription(subscription_name, namespace=None)

Wait for the subscription to appear

Parameters:

subscription_name (str) – Subscription name pattern
namespace (str) – Namespace name for checking subscription if None then default from ENV_DATA

class ocs_ci.deployment.deployment.MDRMultiClusterDROperatorsDeploy(dr_conf)

Bases: MultiClusterDROperatorsDeploy

A class for Metro-DR deployments

deploy(): deploy ODF multicluster orchestrator operator

deploy_dr_policy(): Deploy dr policy with MDR perspective, only on active ACM

deploy_multicluster_orchestrator()

class ocs_ci.deployment.deployment.MultiClusterDROperatorsDeploy(dr_conf)

Bases: object

Implement Multicluster DR operators deploy part here, mainly 1. ODF Multicluster Orchestrator operator 2. Metadata object stores (s3 OR MCG) 3. ODF Hub operator 4. ODF Cluster operator

add_cacert_ramen_configmap(): Add CaCert to Ramen hub ConfigMap

apply_custom_ramen_image()

Replace the downstream Ramen operator image on hub and managed clusters when UPGRADE.custom_ramen_image config is set.

Activated by passing conf/ocsci/custom_ramen_image.yaml via –ocsci-conf. The YAML value can be true (uses the default upstream image) or a specific image URL string.

Must be called after configure_mirror_peer() (so managed cluster CSVs exist) and before deploy_dr_policy().

backup_pod_status_check()

build_bucket_name(acm_indexes): Create backupname from cluster names :param acm_indexes: List of acm indexes :type acm_indexes: list

configure_mirror_peer()

create_dpa(bucket_name): create DPA OADP will be already installed when we enable backup flag Here we will create dataprotection application and update bucket name and s3 storage link :param bucket_name: Name of the Bucket :type bucket_name: str

create_generic_credentials(access_key, secret_key, acm_indexes): Create s3 secret for backup and restore :param access_key: S3 access key :type access_key: str :param secret_key: S3 secret key :type secret_key: str :param acm_indexes: List of acm indexes :type acm_indexes: list

create_s3_bucket(access_key, secret_key, bucket_name): Create s3 bucket :param access_key: S3 access key :type access_key: str :param secret_key: S3 secret key :type secret_key: str :param acm_indexes: List of acm indexes :type acm_indexes: list

deploy(): deploy ODF multicluster orchestrator operator

deploy_dr_multicluster_orchestrator(use_fdf_catsrc=False): Deploy multicluster orchestrator

deploy_dr_policy()

enable_cluster_backup(): set cluster-backup to True in mch resource Note: changing this flag automatically installs OADP operator

enable_managed_serviceaccount(): update MultiClusterEngine

class mcg_meta_obj_store: Bases: object

class s3_meta_obj_store(conf=None)

Bases: object

Internal class to handle aws s3 metadata obj store

deploy_and_configure()

get_meta_access_secret_keys(): Get aws_access_key_id and aws_secret_access_key by default we go with AWS, in case of noobaa it should be implemented in mcg_meta_obj_store class

get_participating_regions()

Get all the participating regions in the DR scenario

Returns:: List of participating regions
Return type:: list of str

get_ramen_resource()

get_s3_profiles(): Get names of s3 profiles from hub configmap resource

get_s3_secret_names(): Get secret resource names for s3

s3_configure()

update_config_map_commit(config_map_data, prefix=None)

merge the config and update the resource

Parameters:

config_map_data (dict) – base dictionary which will be later converted to yaml content
prefix (str) – Used to identify temp yaml

update_ramen_config_misc()

validate_dpa(): Validate 1. 3 restic / Node-agent pods 2. 1 velero pod 3. backupstoragelocation resource in “Available” phase

validate_mirror_peer(resource_name)

Validate mirror peer, Begins with CTX: ACM

Check phase: if OCP >= 4.22: ‘Ready’ (both RDR and MDR)
if OCP < 4.22: RDR → ‘ExchangedSecret’, MDR → ‘S3ProfileSynced’
Check token-exchange-agent pod in ‘Running’ phase

Raises:: ResourceWrongStatusException – If pod is not in expected state

validate_policy_compliance_status(resource_name, resource_namespace, compliance_state)

Validate policy status for given resource

Returns: True if compliance check passes else raises ResourceWrongStatusException when resource state does not match

validate_secret_creation_oadp()

Verify Secret are created

Raises:: ResourceNotFoundError – raised when secret not found

verify_dr_hub_operator()

class ocs_ci.deployment.deployment.RBDDRDeployOps

Bases: object

All RBD specific DR deployment operations

configure_rbd()

deploy()

validate_csi_sidecar(): validate sidecar containers for rbd mirroring on each of the ODF cluster

validate_mirror_peer(resource_name)

Validate mirror peer, Begins with CTX: ACM

Check initial phase of ‘ExchangingSecret’
Check token-exchange-agent pod in ‘Running’ phase

Raises:: ResourceWrongStatusException – If pod is not in expected state

class ocs_ci.deployment.deployment.RDRMultiClusterDROperatorsDeploy(dr_conf)

Bases: MultiClusterDROperatorsDeploy

A class for Regional-DR deployments

check_observability_status()

Check observability status

Raises:: ACMObservabilityNotEnabled – if the cmd returns False, ACM observability is not enabled

deploy(): RDR specific steps for deploy

enable_acm_observability(): Function to enable ACM observability for enabling DR monitoring dashboard for Regional DR on the RHACM console.

thanos_secret(): Create thanos secret yaml by using Noobaa or AWS bucket (AWS bucket is used in this function)

ocs_ci.deployment.deployment.create_catalog_source(image=None, ignore_upgrade=False)

This prepare catalog source manifest for deploy OCS operator from quay registry.

Parameters:

image (str) – Image of ocs registry.
ignore_upgrade (bool) – Ignore upgrade parameter.

ocs_ci.deployment.deployment.create_ocs_secret(namespace)

Function for creation of pull secret for OCS. (Mostly for ibmcloud purpose)

Parameters:: namespace (str) – namespace where to create the secret

ocs_ci.deployment.deployment.get_arbiter_location(): Get arbiter mon location for storage cluster

ocs_ci.deployment.deployment.get_multicluster_dr_deployment()

ocs_ci.deployment.deployment.setup_persistent_monitoring(): Change monitoring backend to OCS. See the procedure at: https://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation /4.16/html-single/managing_and_allocating_storage_resources/

ocs_ci.deployment.deployment.validate_acm_hub_install(): Verify the ACM MultiClusterHub installation was successful.

ocs_ci.deployment.disconnected module

This module contains functionality required for disconnected installation.

ocs_ci.deployment.disconnected.get_csv_from_image(bundle_image)

Extract clusterserviceversion.yaml file from operator bundle image.

Parameters:: bundle_image (str) – OCS operator bundle image
Returns:: loaded yaml from CSV file
Return type:: dict

ocs_ci.deployment.disconnected.mirror_images_from_mapping_file(mapping_file, idms=None, ignore_image=None)

Mirror images based on mapping.txt file.

Parameters:

mapping_file (str) – path to mapping.txt file
idms (dict) – ImageDigestMirrorSet used for mirroring (workaround for stage images, which are pointing to different registry than they really are)
ignore_image – image which should be ignored when applying idms (mirrored index image)

ocs_ci.deployment.disconnected.mirror_index_image_via_oc_mirror(index_image, packages, idms=None)

Mirror all images required for ODF deployment and testing to mirror registry via oc-mirror tool and create relevant imageContentSourcePolicy/imageDigestMirrorSet. https://github.com/openshift/oc-mirror

Parameters:

index_image (str) – index image which will be pruned and mirrored
packages (list) – list of packages to keep
idms (dict) – ImageDigestMirrorSet used for mirroring (workaround for stage images, which are pointing to different registry than they really are)

Returns:

mirrored index image

Return type:

str

ocs_ci.deployment.disconnected.mirror_ocp_release_images(ocp_image_path, ocp_version)

Mirror OCP release images to mirror registry.

Parameters:

ocp_image_path (str) – OCP release image path
ocp_version (str) – OCP release image version or checksum (starting with sha256:)

Returns:

tuple with four strings:

mirrored image path,
tag or checksum
imageContentSources (for install-config.yaml)
ImageDigestMirrorSet (for running cluster)

Return type:

tuple (str, str, str, str)

ocs_ci.deployment.disconnected.prepare_disconnected_ocs_deployment(upgrade=False)

Prepare disconnected ocs deployment: - mirror required images from redhat-operators - get related images from OCS operator bundle csv - mirror related images to mirror registry - create imageContentSourcePolicy for the mirrored images - disable the default OperatorSources

Parameters:

upgrade (bool) – is this fresh installation or upgrade process (default: False)

Returns:

mirrored OCS registry image prepared for disconnected installation: or None (for live deployment)

Return type:

str

ocs_ci.deployment.disconnected.prune_and_mirror_index_image(index_image, mirrored_index_image, packages, idms=None)

Prune given index image and push it to mirror registry, mirror all related images to mirror registry and create relevant imageContentSourcePolicy This uses opm index prune command, which supports only sqlite-based catalogs (<= OCP 4.10), for >= OCP 4.11 use oc-mirror tool implemented in mirror_index_image_via_oc_mirror(…) function.

Parameters:

index_image (str) – index image which will be pruned and mirrored
mirrored_index_image (str) – mirrored index image which will be pushed to mirror registry
packages (list) – list of packages to keep
idms (dict) – ImageDigestMirrorSet used for mirroring (workaround for stage images, which are pointing to different registry than they really are)

Returns:

path to generated catalogSource.yaml file

Return type:

str

ocs_ci.deployment.encryption module

This module provides functions for encryption configuration during deployment

ocs_ci.deployment.encryption.add_encryption_details_to_cluster_data(cluster_data)

Update storage cluster YAML data with encryption information from configuration.

Parameters:: cluster_data (dict) – storage cluster YAML data
Returns:: updated storage storage cluster yaml
Return type:: dict

ocs_ci.deployment.encryption.add_in_transit_encryption_to_cluster_data(cluster_data)

Update storage cluster YAML data with in-transit encryption configuration if required.

Parameters:: cluster_data (dict) – storage cluster YAML data
Returns:: updated storage storage cluster yaml
Return type:: dict

ocs_ci.deployment.factory module

class ocs_ci.deployment.factory.DeploymentFactory

Bases: object

A factory class to get specific platform object

get_deployment(): Get the exact deployment class based on ENV_DATA Example: deployment_platform may look like ‘aws’, ‘vmware’, ‘baremetal’ deployment_type may be like ‘ipi’, ‘upi’ or ‘ai’

ocs_ci.deployment.flexy module

All the flexy related classes and functionality lives here

class ocs_ci.deployment.flexy.FlexyAWSUPI

Bases: FlexyBase

A specific implementation of AWS UPI installation using flexy

class ocs_ci.deployment.flexy.FlexyBaremetalPSI

Bases: FlexyBase

A specific implementation of Baremetal with PSI using flexy

class ocs_ci.deployment.flexy.FlexyBase

Bases: object

A base class for all types of flexy installs

build_container_args(purpose='')

Builds most commonly used arguments for flexy container

Parameters:: purpose (str) – purpose for which we are building these args eg: destroy, debug. By default it will be empty string which turns into ‘deploy’ mode for flexy
Returns:: of flexy container args
Return type:: list

build_destroy_cmd(): Build flexy command line for ‘destroy’ operation

build_install_cmd(): Build flexy command line for ‘deploy’ operation

clone_and_unlock_ocs_private_conf(): Clone ocs_private_conf (flexy env and config) repo into flexy_host_dir

deploy(log_level='')

build and invoke flexy deployer here

Parameters:: log_level (str) – log level for flexy container

deploy_prereq(): Common flexy prerequisites like cloning the private-conf repo locally and updating the contents with user supplied values

destroy(): Invokes flexy container with ‘destroy’ argument

flexy_backup_work_dir(): Perform copying of flexy-dir to cluster_path.

flexy_post_processing(): Perform a few actions required after flexy execution: - update global pull-secret - login to mirror registry (disconnected cluster) - configure proxy server (disconnected cluster) - configure ntp (if required)

flexy_prepare_work_dir()

Prepare Flexy working directory (flexy-dir):

copy flexy-dir from cluster_path to data dir (if available)
set proper ownership

get_installer_payload(version=None): A proper installer payload url required for flexy based on DEPLOYMENT[‘installer_version’]. If ‘nigtly’ is present then we will use registry.svc to get latest nightly else if ‘-ga’ is present then we will look for ENV_DATA[‘installer_payload_image’]

merge_flexy_env(): Update the Flexy env file with the user supplied values. This function assumes that the flexy_env_file is available (e.g. flexy-ocs-private repo has been already cloned).

run_container(cmd_string)

Actual container run happens here, a thread will be spawned to asynchronously print flexy container logs

Parameters:: cmd_string (str) – Podman command line along with options

class ocs_ci.deployment.flexy.FlexyVSPHEREUPI

Bases: FlexyBase

A specific implementation of vSphere UPI installation using flexy

ocs_ci.deployment.fusion module

This module contains functions needed to install IBM Fusion

class ocs_ci.deployment.fusion.FusionDeployment

Bases: object

create_catalog_source(): Create Fusion CatalogSource

create_image_digest_mirror_set(): Create or update ImageDigestMirrorSet.

create_namespace_and_operator_group(): Create Fusion Namespace and OperatorGroup

create_spectrum_fusion_cr(): Create SpectrumFusion CR.

create_subscription(): Create Fusion Subscription

deploy(): Install IBM Fusion Operator

get_installed_version()

Retrieve the installed Fusion version.

Returns:: Installed Fusion version.
Return type:: str

verify(sleep=30)

Verify the Fusion deployment was successful.

Parameters:: sleep (int, optional) – Seconds to wait before checking status. Defaults to 30.

ocs_ci.deployment.fusion.spectrum_fusion_status_check()

Ensure SpectrumFusion is in the Completed state.

Raises:

AssertionError – If SpectrumFusion is not in a completed state.
KeyError – If the status isn’t present in the SpectrumFusion data.

ocs_ci.deployment.fusion.wait_for_csv(csv_name, namespace)

Wait for the CSV to appear.

Parameters:

csv_name (str) – Name of CSV
namespace (str) – Namespace where CSV exists

ocs_ci.deployment.fusion.wait_for_subscription(subscription_name, namespace)

Wait for the subscription to appear.

Parameters:

subscription_name (str) – Name of Subscription
namespace (str) – Namespace where Subscription exists

ocs_ci.deployment.fusion_aas module

This module contains platform specific methods and classes for deployment on Fusion aaS

class ocs_ci.deployment.fusion_aas.FUSIONAAS

Bases: ROSA

Deployment class for Fusion aaS.

OCPDeployment: alias of FUSIONAASOCP

deploy_ocp(log_cli_level='DEBUG')

Deployment specific to OCP cluster on a cloud platform.

Parameters:: log_cli_level (str) – openshift installer’s log level (default: “DEBUG”)

deploy_ocs(): Deployment of ODF Managed Service addon on Fusion aaS.

destroy_ocs(): Uninstall ODF Managed Service addon via rosa cli.

class ocs_ci.deployment.fusion_aas.FUSIONAASOCP

Bases: ROSAOCP

Fusion aaS deployment class.

deploy(log_level='')

Deployment specific to OCP cluster on a Fusion aaS platform.

Parameters:: log_level (str) – openshift installer’s log level that is expected from inherited class

ocs_ci.deployment.fusion_data_foundation module

This module contains functions needed to install IBM Fusion Data Foundation.

class ocs_ci.deployment.fusion_data_foundation.CustomResourceDefinition(resource_name='', *args, **kwargs): Bases: OCP

class ocs_ci.deployment.fusion_data_foundation.FusionDataFoundationDeployment

Bases: object

create_fdf_service_cr(): Create Fusion Data Foundation Service CR.

create_image_digest_mirror_set(): Create or update ImageTagMirrorSet.

create_image_tag_mirror_set(): Create or update ImageTagMirrorSet.

static create_odfcluster(): Create OdfCluster CR

property custom_storage_class_path

deploy(): Installs IBM Fusion Data Foundation.

ensure_install_plan_approval(): Wait for install plan and approve once available.

ensure_lso_installed(): In the case of LSO is not available - bring catalog for unreleased version and install it

get_installed_version()

Retrieve the installed FDF version.

Returns:: Installed FDF version.
Return type:: str

patch_catalogsource(): Patch the isf-data-foundation-catalog in order to ensure it is prioritized over redhat-operators.

setup_fdf_pre_release_deployment(): Perform steps to prepare for a Pre-release deployment of FDF.

setup_storage(): Setup storage

property storage_class

verify_fdf_installation(): Verify the FDF installation was successful.

class ocs_ci.deployment.fusion_data_foundation.FusionServiceInstance(resource_name='', *args, **kwargs): Bases: OCP

class ocs_ci.deployment.fusion_data_foundation.OdfCluster(resource_name='', *args, **kwargs): Bases: OCP

ocs_ci.deployment.fusion_data_foundation.add_storage_label(): Add storage label on nodes.

ocs_ci.deployment.fusion_data_foundation.extract_image_digest_mirror_set()

Extract the ImageDigestMirrorSet from the FDF build.

Returns:: Name of the extracted ImageDigestMirrorSet
Return type:: str

ocs_ci.deployment.fusion_data_foundation.fusion_service_instance_health_check()

Ensure the FusionServiceInstance is in the Healthy state.

Raises:

AssertionError – If the FusionServiceInstance is not in a completed state.
KeyError – If the health status isn’t present in the FusionServiceInstance data.

ocs_ci.deployment.fusion_data_foundation.is_not_arbiter_node(node_obj)

Determines if a node contains the arbiter zone label. Used to filter arbiter node from node list.

Parameters:: node_obj (ocs_ci.ocs.ocp.OCP) – OCP Node object
Returns:: True if node doesn’t contain the labelj, False if it does
Return type:: bool

ocs_ci.deployment.fusion_data_foundation.odfcluster_status_check()

Ensure the OdfCluster is in a Ready state.

Raises:

AssertionError – If the OdfCluster is not in a completed state.
KeyError – If the status phase isn’t present in the OdfCluster data.

ocs_ci.deployment.fusion_data_foundation.run_patch_cmd(cmd): Wrapper for run_cmd so we can retry if an CommandFailed is encountered

ocs_ci.deployment.fusion_data_foundation.storagecluster_health_check()

Ensure the StorageCluster (Ceph backend) is healthy and resilient.

Raises:

AssertionError – If the StorageCluster is not in a Ready state or Ceph health is not HEALTH_OK.
KeyError – If expected status keys are missing.

ocs_ci.deployment.fusion_data_foundation.wait_for_storageclusters_crd(): Wait for the storageclusters CRD to exist.

ocs_ci.deployment.gcp module

This module contains platform specific methods and classes for deployment on Google Cloud Platform (aka GCP).

class ocs_ci.deployment.gcp.GCPIPI

Bases: GCPBase

A class to handle GCP IPI specific deployment

OCPDeployment: alias of IPIOCPDeployment

ocs_ci.deployment.hub_spoke module

class ocs_ci.deployment.hub_spoke.AgentWorkflow(name: str)

Bases: object

approve_agents()

Approve agents for the hosted cluster Example: oc patch $a -n agents-ns –type=merge -p ‘{“spec”:{“approved”:true}}’

Returns:: True if agents are approved successfully, False otherwise
Return type:: bool

create_host_inventory()

Create InfraEnv resource for host inventory. For every new Agent cluster there must be specific InfraEnv resource, which makes HostedClient attached to InfraEnv by design.

Returns:: An OCS instance of kind InfraEnv

get_agents_external_ip_list()

Get the external IP address of the agent machines Any network masks (CIDR, e.g. “/24”) are stripped from the addresses.

Returns:: List of IPv4 addresses (possibly empty)
Return type:: list

wait_agents_available(expected_count, timeout=600)

Wait for a specific number of agents to be available in the namespace

Parameters:

expected_count (int) – Expected number of agents to wait for
timeout (int) – Timeout in seconds to wait for agents (default: 600 seconds / 10 minutes)

Returns:

True if the expected number of agents are available within timeout, False otherwise

Return type:

bool

wait_for_image_created_in_infraenv(timeout=300)

Wait for the image to be created in the InfraEnv using TimeoutSampler

Parameters:: timeout (int) – Timeout in seconds, default 5 minutes (300 seconds)
Returns:: True if image is created within timeout, False otherwise
Return type:: bool

class ocs_ci.deployment.hub_spoke.ExternalClients

Bases: object

The class is intended to deploy multiple external ODF clients on top of pre-existing OCP clusters and connect them to the storage Hub cluster. Kubeconfig of running OCP clusters must be provided with ENV_DATA.clusters.<cluster_name>.kubeconfig_path

do_deploy()

Deploy multiple external ODF clients on top of pre-existing OCP clusters and connect them to the storage Hub cluster. Unlike HostedClients.do_deploy, this method does not deploy OCP clusters, only ODF clients on top of existing OCP clusters. This is a reason why we do not provide cluster_names dynamically, but take all clusters from config.ENV_DATA.clusters.

Stages:

Validate kubeconfig presence
Network checks (ping + port) to provider
Deploy ODF client operator (if image configured)
Verify ODF client operator installed
Create StorageClient (connect to Hub) + enable console plugin
Validate storage resources (SCs, consumer objects, backing Ceph entities)

Returns:

ExternalODF objects successfully connected.

Return type:

list(ExternalODF)

Raises:

FileNotFoundError – If kubeconfig file for any cluster is not found
AssertionError – If any of the verification steps fail

class ocs_ci.deployment.hub_spoke.ExternalOCP(name)

Bases: SpokeOCP, Deployment

Class to represent functionality necessary to interact with external OCP cluster from the Hub cluster

deploy_dependencies(**kwargs)

Deploy dependencies required for the cluster. Must be implemented by child classes.

Parameters:

deploy_acm_hub (bool) – Deploy ACM Hub
deploy_cnv (bool) – Deploy CNV
deploy_metallb (bool) – Deploy MetalLB
download_hcp_binary (bool) – Download HCP binary
deploy_hyperconverged (bool) – Deploy Hyperconverged
deploy_mce (bool) – Deploy MCE
deploy_hypershift_oidc (bool) – AWS-specific, setup S3 bucket for OIDC
create_deployer_iam_role (bool) – AWS-specific, create IAM role for deployer

deploy_ocp(**kwargs)

Deploy OCP cluster. Must be implemented by child classes.

Parameters:: **kwargs – Additional arguments for deploy_hosted_ocp_cluster (currently not in use)
Returns:: Name of the hosted cluster
Return type:: str

latency_threshold_ms = 10

verify_ping_to_provider(*args, **kwargs)

verify_port_on_provider(ip_address, port)

Verify if a specific port on the provider address is open from the external OCP cluster

Parameters:

ip_address (str) – Address to check, usually one of the worker nodes
port (int) – Port number to check

Returns:

True if the port is open, False otherwise

Return type:

bool

class ocs_ci.deployment.hub_spoke.ExternalODF(name: str)

Bases: ExternalOCP, SpokeODF

Class for managing External ODF clusters.

create_idms(insecure=False): Method to extract IDMS file from image and create it on External Spoke cluster

do_deploy(*args, **kwargs)

class ocs_ci.deployment.hub_spoke.HostedClients

Bases: HyperShiftBase

The class is intended to deploy multiple hosted OCP clusters on Provider platform and setup ODF client on them. All functions are for multiple clusters deployment or the helper functions. All functions related to OCP deployment or ODF client setup are in the respective classes.

apply_idms_to_hosted_clusters(): Apply ImageDigestMirrorSet data to all existing HostedClusters as imageContentSources. This patches spec.imageContentSources of the HostedCluster resource in the management (hub) cluster, replacing old items.

deploy_multiple_odf_clients(): Deploy multiple ODF clients on hosted OCP clusters. Method tries to deploy ODF client on all hosted OCP clusters If ODF was already deployed on some of the clusters, it will be skipped for those clusters.

do_deploy(cluster_names=None)

Deploy multiple hosted OCP clusters on Provider platform and setup ODF client on them Perform the 7 stages of deployment: 1. Deploy multiple hosted OCP clusters 2. Download kubeconfig files 3. Verify OCP clusters are ready 4. Deploy ODF on all hosted clusters if version set in ENV_DATA 5. Verify ODF client is installed on all hosted clusters if deployed 6. Setup storage client on all hosted clusters if ENV_DATA.clusters.<cluster_name> has setup_storage_client:true 7. Verify all hosted clusters are ready and print kubeconfig paths to the console

If the CNV, OCP versions are unreleased we can not use that with released upstream MCE which is a component of Openshift Virtualization operator, MCE will be always behind failing the cluster creation. solution: disable MCE and install upstream Hypershift on the cluster

! Important ! due to n-1 logic we are assuming that desired CNV version <= OCP version of managing/Provider cluster

Parameters:: cluster_names (list) – cluster names to deploy, if None, all clusters from ENV_DATA will be deployed
Returns:: the list of HostedODF objects for all hosted OCP clusters deployed by the method successfully
Return type:: list

download_hosted_clusters_kubeadmin_password_files(cluster_names_paths_dict=None)

Download kubeadmin-password for multiple HyperShift hosted clusters.

Parameters:: cluster_names_paths_dict (dict) – Optional mapping of cluster name to cluster path. If omitted, uses clusters from config.
Returns:: paths to downloaded kubeadmin-password files
Return type:: list

download_hosted_clusters_kubeconfig_files(cluster_names_paths_dict=None, from_hcp=True)

Get HyperShift hosted cluster kubeconfig for multiple clusters. Provided cluster_names_paths_dict will always be a default source of cluster names and paths

Parameters:

cluster_names_paths_dict (dict) – Optional argument. The function will download all kubeconfigs
configuration (to the folders specified in the) –
kubeconfig (or download a specific cluster's) –
argument. (to the folder provided as an) –
from_hcp (bool) – If True, download kubeconfig from HCP, otherwise from the secret

Returns:

the list of hosted cluster kubeconfig paths

Return type:

list

get_kubeconfig_path(cluster_name)

Get the kubeconfig path for the cluster

Parameters:: cluster_name (str) – Name of the cluster
Returns:: Path to the kubeconfig file
Return type:: str

upgrade_ocp_on_kubevirt_clusters(): Upgrade OCP on hosted OCP clusters deployed using KubeVirt platform.

verify_hosted_ocp_clusters_from_provider()

Verify multiple HyperShift hosted clusters from provider. If cluster_names is not provided at ENV_DATA, it will get the list of hosted clusters from the provider to verify them all

Returns:: True if all hosted clusters passed verification, False otherwise
Return type:: bool

class ocs_ci.deployment.hub_spoke.HostedFDF(name: str)

Bases: HypershiftHostedOCP, SpokeODF

Class for managing Hosted FDF (Fusion Data Foundation) client clusters. When FDF is installed on the management/provider cluster, this class deploys the FDF Client operator on hosted spoke clusters using the FDF CatalogSource image from the management cluster.

FDF_CATALOGSOURCE_NAME = 'isf-data-foundation-catalog'

catalog_source_exists(*args, **kwargs)

create_catalog_source(*args, **kwargs)

Create catalog source for MetalLB

Returns:: True if catalog source is created, False otherwise, error if not get Ready state
Return type:: bool

create_subscription(*args, **kwargs): Creates subscription for hyperconverged operator

do_deploy(): Deploy FDF Client on hosted OCP cluster.

class ocs_ci.deployment.hub_spoke.HostedODF(name: str)

Bases: HypershiftHostedOCP, SpokeODF

Class for managing Hosted ODF clusters.

class ocs_ci.deployment.hub_spoke.HypershiftAWSHostedOCP(name)

Bases: SpokeOCP, HyperShiftBase, Deployment, MCEInstaller, AWS

Class to represent functionality necessary to deploy and manage AWS HCP (Hosted Control Plane) cluster with EC2 worker nodes.

Control plane runs on the management cluster (hub). Worker nodes run as independent EC2 instances in AWS.

Inherits:

SpokeOCP: Base spoke cluster functionality (kubeconfig, exec_oc_cmd)
HyperShiftBase: HCP binary management, cluster operations
Deployment: Deployment utilities and base methods
MCEInstaller: MCE installation (if needed for HCP)

ODF Deployment: Use SpokeODF methods via instantiation, not inheritance Orchestration: Integrates with existing HostedClients class

accept_vpc_peering_connection(pcx_id)

Accept a VPC peering connection.

Parameters:: pcx_id (str) – VPC peering connection ID
Returns:: Response from the accept call
Return type:: dict

add_ceph_ports_to_security_group(security_group_id, source_cidr, nodeport=None)

Add Ceph-related ports to a security group.

This method adds the standard Ceph ports plus an optional NodePort: - 3300: Ceph Monitor (msgr2) - 6789: Ceph Monitor (legacy) - 9283: Ceph Exporter (metrics) - 6800-7300: Ceph OSD communication

Parameters:

security_group_id (str) – Security group ID to modify
source_cidr (str) – Source CIDR block to allow traffic from
nodeport (int) – Optional NodePort to add (e.g., for Ceph RBD service)

Returns:

Results of the security group modifications

Return type:

dict

authorize_security_group_ingress_port(security_group_id, port, cidr, protocol='tcp')

Add an ingress rule to a security group for a specific port.

Parameters:

security_group_id (str) – Security group ID
port (int) – Port number to allow
cidr (str) – Source CIDR block
protocol (str) – Protocol (default: tcp)

Returns:

Response from the authorize call

Return type:

dict

authorize_security_group_ingress_ports(security_group_id, ports_config, cidr)

Add multiple ingress rules to a security group.

Parameters:

security_group_id (str) – Security group ID
ports_config (list) – List of port configurations, each being: - int: Single port number - tuple: (from_port, to_port) for port range - dict: {“from_port”: int, “to_port”: int, “protocol”: str}
cidr (str) – Source CIDR block

Returns:

Response from the authorize call

Return type:

dict

create_aws_hcp_cluster(nodepool_replicas, release_image, worker_instance_type, cp_availability_policy='SingleReplica', infra_availability_policy='SingleReplica', disable_default_sources=True, generate_ssh=True)

Create AWS HCP cluster using the hypershift CLI.

Executes the ‘hypershift create cluster aws’ command with appropriate parameters to create a hosted control plane cluster with EC2 worker nodes.

This method assumes the following functions have already been called: - retrieve_sts_session_token() - creates self.sts_credentials_file - create_aws_infra() - creates self.output_infra_file and self.vpc_cidr - read_infra_output() - populates zone IDs and infra_id - create_aws_iam() - creates self.output_iam_file

Parameters:

nodepool_replicas (int) – Number of worker nodes
release_image (str) – The OCP release image for the cluster. If none, command will run without
used. (--release-image flag and default will be) –
worker_instance_type (str) – AWS EC2 instance type (e.g., “m5.xlarge”)
cp_availability_policy (str) – Control plane availability policy (default: constants.AVAILABILITY_POLICY_HA)
infra_availability_policy (str) – Infrastructure availability policy (default: constants.AVAILABILITY_POLICY_HA)
disable_default_sources (bool) – Disable default operator sources (default: True)
generate_ssh (bool) – Generate SSH key for node access (default: True)

Returns:

Cluster name if successful, empty string if failed

Return type:

str

create_aws_iam(timeout=1800)

Create AWS IAM resources for HyperShift hosted cluster.

Executes ‘hypershift create iam aws’ command to create the necessary IAM resources (roles, policies, etc.) for the hosted cluster.

Equivalent to:

hypershift create iam aws –infra-id $INFRA_ID: –sts-creds $STS_CREDENTIALS –role-arn $ROLE_ARN –oidc-storage-provider-s3-bucket-name $OIDC_BUCKET_NAME –oidc-storage-provider-s3-region $OIDC_BUCKET_REGION –region $REGION –public-zone-id $PUBLIC_ZONE_ID –private-zone-id $PRIVATE_ZONE_ID –local-zone-id $LOCAL_ZONE_ID –output-file $OUTPUT_IAM_FILE

Parameters:

timeout (int) – Timeout in seconds for the IAM creation command. Default is 1800 (30 minutes).

Returns:

Path to the output IAM file if successful

Return type:

str

Raises:

ValueError – If required parameters are missing
CommandFailed – If the IAM creation fails

create_aws_infra(timeout=1800)

Create AWS infrastructure for HyperShift hosted cluster.

Executes ‘hypershift create infra aws’ command to create the necessary AWS infrastructure (VPC, subnets, security groups, etc.) for the hosted cluster. Automatically selects an unused VPC CIDR to avoid conflicts with existing VPCs.

Equivalent to:

hypershift create infra aws –name $NAME: –sts-creds $STS_CREDENTIALS –base-domain $BASEDOMAIN –infra-id $INFRA_ID –region $REGION –role-arn $ROLE_ARN –output-file $OUTPUT_INFRA_FILE –vpc-cidr $VPC_CIDR

Parameters:

timeout (int) – Timeout in seconds for the infra creation command. Default is 1800 (30 minutes).

Returns:

Path to the output infra file if successful

Return type:

str

Raises:

ValueError – If required parameters are missing
CommandFailed – If the infrastructure creation fails

create_deployer_iam_role(role_name, policy_name, principal_arn=None, description='IAM role for HyperShift deployer')

Create an IAM role for a deployer with assume role policy and attach a custom policy.

This function performs the following:

Fetches the caller identity ARN (if principal_arn not provided)
Creates an IAM role with an assume role policy that allows the principal to assume it
Attaches an inline policy to the role
Verifies the policy was attached correctly

Equivalent to:

aws iam create-role --role-name <role_name> --assume-role-policy-document <trust_policy>
aws iam put-role-policy --role-name <role_name> --policy-name <policy_name> --policy-document <policy>

Parameters:

role_name (str) – Name of the IAM role to create (e.g., “aws-agent-deployer-role”)
policy_name (str) – Name of the inline policy to attach (e.g., “aws-agent-deployer-policy”)
principal_arn (str, optional) – The ARN of the principal allowed to assume the role. If not provided, uses the caller’s ARN from get_caller_identity_arn().
description (str, optional) – Description for the IAM role.

Returns:

Dictionary containing role information with keys:

role_arn (str): ARN of the created role

role_name (str): Name of the role

policy_name (str): Name of the attached policy

principal_arn (str): ARN of the principal that can assume the role

Return type:

dict

Raises:

ClientError – If role creation or policy attachment fails

create_route_to_peering(route_table_id, destination_cidr, pcx_id)

Create a route in a route table to a VPC peering connection.

Parameters:

route_table_id (str) – Route table ID
destination_cidr (str) – Destination CIDR block
pcx_id (str) – VPC peering connection ID

Returns:

True if route was created successfully

Return type:

bool

create_s3_bucket_for_hypershift_oidc(bucket_name, region, namespace='local-cluster')

Create an S3 bucket for HyperShift OIDC provider with public read policy and create Kubernetes secret with bucket credentials.

This function:

Creates an S3 bucket in the specified region
Applies a public read policy to allow OIDC discovery
Creates a Kubernetes secret with AWS credentials and bucket info

Parameters:

bucket_name (str) – Name of the S3 bucket to create
region (str) – AWS region where the bucket should be created
namespace (str) – Kubernetes namespace for the secret (default: “local-cluster”)

Returns:

Dictionary with bucket details:

bucket_name (str): Name of the bucket

region (str): AWS region of the bucket

bucket_arn (str): ARN of the bucket

location (str): URL location of the bucket

secret_name (str): Name of the Kubernetes secret

namespace (str): Kubernetes namespace of the secret

Return type:

dict

Raises:

ClientError – If bucket creation or policy application fails
CommandFailed – If Kubernetes secret creation fails

create_vpc_peering_connection(client_vpc_id, mgmt_vpc_id)

Create a VPC peering connection between two VPCs.

Parameters:

client_vpc_id (str) – VPC ID of the client cluster
mgmt_vpc_id (str) – VPC ID of the management cluster

Returns:

VPC peering connection ID

Return type:

str

deploy_dependencies(deploy_acm_hub=False, deploy_mce=False, download_hcp_binary=False, deploy_cnv=False, deploy_metallb=False, deploy_hyperconverged=False, deploy_hypershift_oidc=True, create_deployer_iam_role=True)

Deploy dependencies for AWS HCP cluster.

AWS HCP clusters don’t require CNV, MetalLB, or HyperConverged since workers run as EC2 instances, not as VMs on the management cluster.

Parameters:

deploy_acm_hub (bool) – Deploy ACM hub (mutually exclusive with MCE)
deploy_mce (bool) – Deploy MCE (mutually exclusive with ACM)
download_hcp_binary (bool) – Download HCP binary
deploy_cnv (bool) – Ignored for AWS (not needed)
deploy_metallb (bool) – Ignored for AWS (not needed)
deploy_hyperconverged (bool) – Ignored for AWS (not needed)
deploy_hypershift_oidc (bool) – Setup S3 bucket for HyperShift OIDC provider and create secret with bucket info. Default True (required for create_aws_iam).
create_deployer_iam_role (bool) – Create IAM role for deployer. Default True (required for create_aws_infra and create_aws_iam). Set to False only if role_arn is pre-configured.

deploy_ocp(**kwargs) → str

Deploy AWS HCP cluster with EC2 workers.

This method orchestrates the complete AWS HCP cluster deployment including: 1. Validation of AWS prerequisites 2. Creation of AWS credentials secret 3. HCP cluster creation via hcp CLI 4. Waiting for EC2 workers to become ready

Parameters:: **kwargs – Additional arguments (reserved for future use)
Returns:: Name of the hosted cluster if successful, empty string if failed
Return type:: str

destroy_aws_hcp_cluster(timeout=1200)

Orchestrate the full destruction of an AWS HCP cluster and its resources.

Runs the following steps in order: 1. Destroy cluster via hypershift CLI 2. Verify infrastructure is gone, fallback to hypershift destroy infra 3. Manual VPC cleanup if infrastructure still exists 4. Clean up IAM resources (roles, OIDC provider) 5. Clean up S3 OIDC documents for this infra_id 6. Delete stale OIDC providers for this cluster’s OIDC bucket 7. Clean up VPC peering routes from management cluster 8. Clean up HostedCluster secrets from management cluster

Parameters:: timeout (int) – Timeout in seconds for the hypershift destroy cluster command
Returns:: True if all resources cleaned up, False if any remain
Return type:: bool

get_instance_id_by_private_ip(private_ip)

Get EC2 instance ID by private IP address.

Parameters:: private_ip (str) – Private IP address of the instance
Returns:: Instance ID
Return type:: str

get_mgmt_vpc_id()

Get VPC ID for the management cluster using a node’s private IP.

This method is used for management clusters that don’t have kubernetes.io/cluster infra tags. It retrieves a node’s private IP from the cluster and uses it to find the VPC ID.

Returns:: VPC ID for the management cluster
Return type:: str
Raises:: ValueError – If unable to get node IP or VPC ID

get_node_private_ip(node_name=None)

Get the private IP address of a node in a cluster.

Parameters:: node_name (str) – Optional - specific node name. If not provided, uses first worker node.
Returns:: Private IP address of the node
Return type:: str

get_route_table_id_by_subnet_id(subnet_id)

Get route table ID associated with a subnet.

Parameters:: subnet_id (str) – Subnet ID
Returns:: Route table ID
Return type:: str

get_security_group_id_by_instance_id(instance_id)

Get the first security group ID attached to an EC2 instance.

Parameters:: instance_id (str) – EC2 instance ID
Returns:: Security group ID
Return type:: str

get_subnet_id_by_instance_id(instance_id)

Get subnet ID for an EC2 instance.

Parameters:: instance_id (str) – EC2 instance ID
Returns:: Subnet ID
Return type:: str

get_vpc_cidr_by_vpc_id(vpc_id)

Get VPC CIDR block by VPC ID.

Parameters:: vpc_id (str) – VPC ID
Returns:: CIDR block for the VPC
Return type:: str

get_vpc_from_existing_infra(infra_id=None)

Check for existing VPCs with the tag corresponding to the infrastructure ID.

Parameters:: infra_id (str) – Optional infrastructure ID to check for. If not provided, uses self.infra_id.
Returns:: List of existing VPCs matching the infrastructure tag. Empty if none found.
Return type:: list

get_vpc_id_by_node_ip(node_ip)

Get VPC ID by looking up the EC2 instance with the given private IP.

This method is useful for clusters that don’t have kubernetes.io/cluster tags (like management clusters or external clusters).

Parameters:: node_ip (str) – Private IP address of a node in the cluster
Returns:: VPC ID where the node resides
Return type:: str
Raises:: ValueError – If no instance is found with the given IP

get_vpc_id_for_cluster(cluster_name=None)

Get VPC ID for a cluster by looking up the infrastructure with kubernetes.io/cluster tag.

Parameters:: cluster_name (str) – Name of the cluster. If not provided, uses self.name
Returns:: VPC ID for the cluster
Return type:: str
Raises:: ValueError – If no VPC is found for the cluster

read_infra_output()

Read the infrastructure output file and extract zone IDs and machine CIDR.

Reads the JSON output file created by ‘hypershift create infra aws’ and assigns the relevant values to instance attributes: - self.infra_id from ‘infraID’ - self.public_zone_id from ‘publicZoneID’ - self.private_zone_id from ‘privateZoneID’ - self.local_zone_id from ‘localZoneID’ - self.infra_machine_cidr from ‘machineCIDR’

Returns:

The parsed infrastructure output data

Return type:

dict

Raises:

FileNotFoundError – If output_infra_file does not exist
ValueError – If output_infra_file is not set
json.JSONDecodeError – If the file is not valid JSON

retrieve_sts_session_token(duration_seconds=7200, output_file=None)

Retrieve AWS STS session token and save it to a file.

This method retrieves temporary AWS credentials and stores the file path in self.sts_credentials_file for later use.

Parameters:

duration_seconds (int) – Duration of the session token in seconds. Default is 7200 (2 hours). Valid range: 900 (15 min) to 129600 (36 hours).
output_file (str) – Path to the file where credentials will be saved. If not provided, creates a temp file with cluster name prefix.

Returns:

Path to the credentials file

Return type:

str

retrieve_sts_session_token_via_cli(duration_seconds=7200, output_file=None)

Alternative method to retrieve AWS STS session token using AWS CLI directly.

Executes: aws sts get-session-token –duration-seconds <duration> > <output_file>

This is an alternative to retrieve_sts_session_token() that uses the AWS CLI command directly instead of using boto3. Useful when boto3 has issues or when you need to match exact CLI behavior.

Parameters:

duration_seconds (int) – Duration of the session token in seconds. Default is 7200 (2 hours). Valid range: 900 (15 min) to 129600 (36 hours).
output_file (str) – Path to the file where credentials will be saved. If not provided, saves to cluster_path/sts-creds-{cluster_name}.json

Returns:

Path to the credentials file

Return type:

str

Raises:

CommandFailed – If AWS CLI command fails

setup_and_verify_network(nodeport=None)

Setup VPC peering, routing, security groups and verify network connectivity from client cluster to management cluster.

Parameters:

nodeport (int) – Optional NodePort to add to security group rules

Returns:

Network setup result including peering, security group, and VPC info

Return type:

dict

Raises:

ConnectivityFail – If network connectivity verification fails
ValueError – If management cluster name is not configured or VPCs not found
ClientError – If AWS API calls fail

setup_hypershift_oidc(bucket_name=None)

Setup S3 bucket for HyperShift OIDC provider.

Creates an S3 bucket with public read policy and a Kubernetes secret containing AWS credentials and bucket information needed for HyperShift OIDC provider functionality.

Parameters:: bucket_name (str, optional) – Name of the S3 bucket to create. If not provided, defaults to “{cluster_name}-oidc-bucket”. To reuse an existing shared bucket across clusters, pass the bucket name.
Returns:: True if setup successful, False otherwise
Return type:: bool

setup_network_for_client_cluster(client_cluster_name, mgmt_cluster_name, mgmt_instance_id, nodeport=None)

Complete network setup for a client cluster to communicate with management cluster.

This method performs the full network setup required for a client cluster to communicate with a management/provider cluster: 1. Sets up VPC peering between client and management VPCs 2. Configures routing in both VPCs 3. Adds Ceph ports to the management cluster’s security group

Parameters:

client_cluster_name (str) – Name of the client cluster
mgmt_cluster_name (str) – Name of the management cluster
mgmt_instance_id (str) – EC2 instance ID in management cluster (used for SG and routing)
nodeport (int) – Optional NodePort to add to security group rules

Returns:

Complete network setup information

Return type:

dict

setup_vpc_peering_and_routing(client_cluster_name, mgmt_cluster_name, client_instance_id=None, mgmt_instance_id=None)

Setup VPC peering and routing between client and management clusters.

This method performs the complete VPC peering setup: 1. Creates VPC peering connection between client and management VPCs 2. Accepts the peering connection 3. Creates routes in both VPCs to enable traffic flow 4. Waits for the peering to become active

Parameters:

client_cluster_name (str) – Name of the client cluster
mgmt_cluster_name (str) – Name of the management cluster
client_instance_id (str) – Optional - EC2 instance ID in client VPC (used to find route table)
mgmt_instance_id (str) – Optional - EC2 instance ID in management VPC (used to find route table)

Returns:

Dictionary containing:

pcx_id: VPC peering connection ID
client_vpc_id: Client VPC ID
mgmt_vpc_id: Management VPC ID
client_vpc_cidr: Client VPC CIDR
mgmt_vpc_cidr: Management VPC CIDR

Return type:

dict

validate_aws_prerequisites()

Validate AWS prerequisites before cluster deployment.

Checks: - AWS credentials are available - Base domain is configured - AWS region is valid - VPC exists (if specified) - Subnets are available (if specified)

Returns:: True if all prerequisites are met, False otherwise
Return type:: bool

validate_sts_credentials_not_expired()

Validate that STS credentials file exists and credentials are not expired.

Returns:: True if credentials are valid and not expired, False otherwise
Return type:: bool
Raises:: FileNotFoundError – If credentials file doesn’t exist

verify_network_connectivity(*args, **kwargs)

wait_for_vpc_peering_active(pcx_id, timeout=300, interval=10)

Wait for VPC peering connection to become active.

Parameters:

pcx_id (str) – VPC peering connection ID
timeout (int) – Timeout in seconds
interval (int) – Polling interval in seconds

Returns:

True if peering is active

Return type:

bool

Raises:

TimeoutExpiredError – If peering doesn’t become active within timeout

class ocs_ci.deployment.hub_spoke.HypershiftHostedOCP(name)

Bases: SpokeOCP, HyperShiftBase, MetalLBInstaller, CNVInstaller, Deployment, MCEInstaller, HyperConverged

Class to represent functionality necessary to deploy and manage Hosted OCP cluster from the Hub cluster

apply_admin_acks_to_hosted_cluster(): perform patch to hosted cluster necessary for 4.19 to 4.20 upgrade

apply_idms_to_hosted_clusters(): Apply ImageDigestMirrorSet data to all existing HostedClusters as imageContentSources. This patches spec.imageContentSources of the HostedCluster resource in the management (hub) cluster.

boot_machines_for_agent()

Boot the bare metal machines and acks on successful boot This method uses VSPHEREAgentAI deployer to boot the machines and is running within the Client context

Returns: bool: True if machines are booted successfully, False otherwise

deploy_dependencies(deploy_acm_hub=False, deploy_cnv=False, deploy_metallb=False, download_hcp_binary=False, deploy_hyperconverged=False, deploy_mce=False, deploy_hypershift_oidc=False, create_deployer_iam_role=False)

Deploy dependencies for hosted OCP cluster.

Parameters:

deploy_acm_hub (bool) – Deploy ACM Hub
deploy_cnv (bool) – Deploy CNV
deploy_metallb (bool) – Deploy MetalLB
download_hcp_binary (bool) – Download HCP binary
deploy_hyperconverged (bool) – Deploy Hyperconverged
deploy_mce (bool) – Deploy MCE
deploy_hypershift_oidc (bool) – AWS-specific, ignored in base class
create_deployer_iam_role (bool) – AWS-specific, ignored in base class

deploy_ocp(**kwargs) → str

Deploy hosted OCP cluster on provisioned Provider platform

Parameters:: **kwargs – Additional arguments for create_kubevirt_ocp_cluster (currently not in use)
Returns:: Name of the hosted cluster
Return type:: str

patch_hosted_cluster_for_ocp_upgrade()

Patch hosted cluster to allow OCP upgrade

Returns:: True if patch is applied, False otherwise
Return type:: bool

patch_nodepool_for_ocp_upgrade()

Patch nodepool to allow OCP upgrade

Returns:: True if patch is applied, False otherwise
Return type:: bool

wait_hosted_cluster_upgrade_completed(timeout=3600)

Wait for hosted cluster upgrade to complete.

Parameters:: timeout (int) – Timeout in seconds to wait for upgrade completion.

Checks:

HostedCluster .status.version.history[0].state == “Completed”
NodePool .status.conditions[?(@.type==”UpdatingVersion”)].status != “True”

Returns:: True if upgrade completed within timeout, False otherwise.
Return type:: bool

class ocs_ci.deployment.hub_spoke.SpokeOCP(name)

Bases: ABC

A base class representing a Spoke OCP cluster.

This abstract base class provides common functionality for all spoke clusters. Concrete implementations must define their platform-specific initialization and implement the abstract methods.

apply_network_policy()

Apply network policy to the client namespace. Network policy is created always on Provider side.

Returns:: True if network policy is created or existed before, False otherwise
Return type:: bool

compute_target_release_image(upgrade_scenario=False)

Compute the target release image for OCP upgrade based on:

Configured ocp_version in config.ENV_DATA[“clusters”][cluster_name] and configured version is lower than provider version
If configured version is matching to existing hosted ocp version, use the provider OCP version from get_server_version()

Parameters:

upgrade_scenario (bool) – If True, the method is being called in the context of OCP upgrade,
image. (and additional checks may be applied to determine the target release) –

Returns:

Full release image reference, or None if it cannot be determined.

Return type:

str

abstract deploy_dependencies(deploy_acm_hub=False, deploy_cnv=False, deploy_metallb=False, download_hcp_binary=False, deploy_hyperconverged=False, deploy_mce=False, deploy_hypershift_oidc=False, create_deployer_iam_role=False)

Deploy dependencies required for the cluster. Must be implemented by child classes.

Parameters:

deploy_acm_hub (bool) – Deploy ACM Hub
deploy_cnv (bool) – Deploy CNV
deploy_metallb (bool) – Deploy MetalLB
download_hcp_binary (bool) – Download HCP binary
deploy_hyperconverged (bool) – Deploy Hyperconverged
deploy_mce (bool) – Deploy MCE
deploy_hypershift_oidc (bool) – AWS-specific, setup S3 bucket for OIDC
create_deployer_iam_role (bool) – AWS-specific, create IAM role for deployer

abstract deploy_ocp(**kwargs)

Deploy OCP cluster. Must be implemented by child classes.

Parameters:: **kwargs – Additional arguments for deploy_hosted_ocp_cluster (currently not in use)
Returns:: Name of the hosted cluster
Return type:: str

exec_oc_cmd(*args, **kwargs)

get_hosted_cluster_ocp_version()

Get hosted cluster OCP version from version history.

Returns:: Version string (e.g. 4.18.9) if available, otherwise None.
Return type:: Optional[str]

property is_external: Check if this instance is an ExternalOCP cluster

network_policy_exists(namespace)

Check if the network policy is created

Returns:: True if the network policy exists, False otherwise
Return type:: bool

class ocs_ci.deployment.hub_spoke.SpokeODF(name)

Bases: SpokeOCP, ABC

apply_storage_client_cr(onboarding_key_decrypted)

Internal function to apply storage client CR

Returns:: True if storage client CR is applied and exists on cluster, False otherwise
Return type:: bool

catalog_source_exists(*args, **kwargs)

create_catalog_source(*args, **kwargs)

create_ns(*args, **kwargs)

create_operator_group(*args, **kwargs)

create_storage_client(*args, **kwargs)

create_subscription(*args, **kwargs)

csi_pods_exist()

Check if the CSI pods exist

Returns:: True if the CSI pods exist, False otherwise
Return type:: bool

do_deploy(*args, **kwargs)

enable_client_console_plugin(*args, **kwargs)

get_onboarding_key()

Get onboarding key using the private key from the secret

Returns:: onboarding token key
Return type:: str

get_onboarding_key_ui()

Get onboarding key from UI

Returns:: onboarding key from Provider UI
Return type:: str

get_storage_client_status(*args, **kwargs)

odf_client_installed(*args, **kwargs)

odf_csv_installed()

Check if ODF CSV is installed at client’s namespace

Returns:: True if ODF CSV is installed, False otherwise
Return type:: bool

operator_group_exists(*args, **kwargs)

setup_storage_client_converged(storage_consumer_name)

Setup storage client for converged cluster

Returns:: True if storage client is setup, False otherwise
Return type:: bool

storage_class_exists(*args, **kwargs)

storage_client_exists(*args, **kwargs)

subscription_exists(*args, **kwargs)

verify_storage_classes_on_client()

Verify storage connectivity for a single cluster by checking storage class existence

Returns:: True if storage classes exist and are properly configured, False otherwise
Return type:: bool

wait_console_plugin_pod_running(*args, **kwargs)

ocs_ci.deployment.hub_spoke.apply_cluster_roles_wa(cluster_names): Apply workaround for OCPBUGS-56015: apply cluster roles to all hosted clusters

ocs_ci.deployment.hub_spoke.apply_hosted_cluster_mirrors_max_items_wa(): Apply workaround for MCE mirrors max items issue. This workaround is needed to avoid the error: “The number of items in the mirrors list exceeds the maximum allowed limit of 25”

ocs_ci.deployment.hub_spoke.apply_hosted_control_plane_mirrors_max_items_wa(): Apply workaround for Hosted Control Plane mirrors max items issue. This workaround is needed to avoid the error: “The number of items in the mirrors list exceeds the maximum allowed limit of 25”

ocs_ci.deployment.hub_spoke.check_ceph_resources(cluster_names): Check that all RNS and SVG that should be created for the clients are present in the backing Ceph cluster

ocs_ci.deployment.hub_spoke.check_odf_prerequisites(): Check prerequisites for ODF installation and Client cluster connection

ocs_ci.deployment.hub_spoke.config_has_hosted_odf_image(cluster_name)

Check if the config has hosted ODF image set for the cluster

Parameters:: cluster_name –
Returns:: True if the config has hosted ODF image, False otherwise
Return type:: bool

ocs_ci.deployment.hub_spoke.create_agent_service_config(): Create AgentServiceConfig resource in case it does not exist

ocs_ci.deployment.hub_spoke.create_patch_provisioning(): Create or patch the provisioning resource to set watchAllNamespaces to true. This is required for hosted cluster creation using agent platform.

ocs_ci.deployment.hub_spoke.deploy_hosted_ocp_clusters(cluster_names_list=None)

Deploy multiple hosted OCP clusters on Provider platform

Parameters:: cluster_names_list (list) – List of cluster names to deploy. If not provided, all clusters in config.ENV_DATA[“clusters”] will be deployed (optional argument)
Returns:: The list of cluster names for all hosted OCP clusters deployed by the func successfully
Return type:: list

ocs_ci.deployment.hub_spoke.destroy_aws_hcp_clusters(cluster_names_list=None)

Destroy all AWS HCP hosted clusters and clean up their AWS resources.

Uses get_hosted_cluster_names() and get_client_type_by_name() to discover AWS HCP clusters and calls destroy_aws_hcp_cluster() on each one. Must be called before the management cluster is destroyed.

Parameters:: cluster_names_list (list) – Optional list of cluster names to destroy. If not provided, discovers all hosted clusters from the hub.
Returns:: True if all clusters destroyed successfully, False otherwise
Return type:: bool

ocs_ci.deployment.hub_spoke.enable_nested_virtualization(): Enable nested virtualization for the hosted OCP cluster

ocs_ci.deployment.hub_spoke.get_autodistributed_storage_classes()

Get the list of StorageClasses that were provisioned by ODF and should be auto-distributed

Returns:: List of StorageClass names that were provisioned by ODF
Return type:: list

ocs_ci.deployment.hub_spoke.get_autodistributed_volume_snapshot_classes()

Get the list of VolumeSnapshotClasses that were provisioned by ODF and should be auto-distributed upon client connection

Returns:: List of VolumeSnapshotClass names that were provisioned by ODF
Return type:: list

ocs_ci.deployment.hub_spoke.get_autodistributed_volumegroup_snapshot_classes()

Get the list of VolumeGroupSnapshotClasses that were provisioned by ODF

Returns:: List of VolumeGroupSnapshotClass names that were created by ODF
Return type:: list

ocs_ci.deployment.hub_spoke.get_fdf_catalog_image()

Get the FDF CatalogSource image from the management cluster. If the image uses a registry that requires ITMS (tag-based mirrors), resolve it through the management cluster’s ImageTagMirrorSet so it is pullable from spoke clusters. Result is cached to avoid redundant API calls across HostedFDF instances.

Returns:: The pullable image reference for the FDF CatalogSource
Return type:: str
Raises:: ValueError – If the CatalogSource is not found or has no image

ocs_ci.deployment.hub_spoke.get_hosted_cluster_version_history(cluster_name: str)

Get hosted cluster version history.

Parameters:

cluster_name (str) – Name of the cluster

Returns:

json list of version history entries. example for a deploy and upgrade [: {“completionTime”:”2025-05-07T13:12:04Z”,”image”:”quay.io/openshift-release-dev/ocp-release@sha256:<sha>”, “startedTime”:”2025-05-07T13:07:19Z”,”state”:”Completed”,”verified”:false,”version”:”4.19.0-ec.5”}, {“completionTime”:”2025-04-30T08:27:46Z”,”image”:”quay.io/openshift-release-dev/ocp-release@sha256:<sha>”, “startedTime”:”2025-04-30T08:19:01Z”,”state”:”Completed”,”verified”:false,”version”:”4.18.9”}]

Return type:

list

ocs_ci.deployment.hub_spoke.get_onboarding_token_from_secret(secret_name)

Get onboarding token from the secret

Parameters:: secret_name (str) – Name of the secret
Returns:: Onboarding token
Return type:: str

ocs_ci.deployment.hub_spoke.get_provider_address(): Get the provider address

ocs_ci.deployment.hub_spoke.hypershift_cluster_factory(*args, **kwargs)

ocs_ci.deployment.hub_spoke.is_fdf_on_provider()

Check if FDF (Fusion Data Foundation) is installed on the management/provider cluster by examining the odf-operator CSV displayName for ‘Fusion’.

Returns:: True if FDF is installed, False otherwise
Return type:: bool

ocs_ci.deployment.hub_spoke.skip_if_not_hcp_provider(func)

Decorator to skip the function execution if deployment is not Hosted Control Plane provider

Returns:: wrapped function
Return type:: function

ocs_ci.deployment.hub_spoke.storage_installation_requested(cluster_name)

Check if the storage client installation was requested in the config

Parameters:: cluster_name (str) – Name of the cluster
Returns:: True if the storage client installation was requested, False otherwise
Return type:: bool

ocs_ci.deployment.hub_spoke.verify_backing_ceph_storage_for_clients()

Verify that backing Ceph storage classes exist on the Provider cluster

Returns:: True if all checks passed, False otherwise
Return type:: bool

ocs_ci.deployment.hyperconverged module

class ocs_ci.deployment.hyperconverged.HyperConverged

Bases: object

This class represent HyperConverged and contains all related methods we need to do with it. Hyperconverged Operator is used instead of unreleased CNV, to overcome catalogsource limitations on Client clusters

create_catalog_source(): Creates catalog source for hyperconverged resources ! No customization by purpose. Will always align with branch default image that is set in the default config.

create_hyperconverged_instance(): Create Hyperconverged instance

create_hyperconverged_namespace(): Creates the namespace for hyperconverged resources

create_operator_group(): Creates operator group for hyperconverged resources

create_subscription(): Creates subscription for hyperconverged operator

deploy_hyperconverged(): Deploy Hyperconverged Operator and resources

ocs_ci.deployment.hyperconverged.get_hyperconverged_corresponding_version(ocp_version: str) → str

Given an OCP version, return the corresponding Hyperconverged version.

Rule: - Hyperconverged Major = OCP Major - 3 - Hyperconverged Minor = OCP Minor - 4

Parameters:: ocp_version – OCP version as a string (e.g., “4.18” or “4.18.3”)
Returns:: Corresponding Hyperconverged version as a string (e.g., “1.14”)

ocs_ci.deployment.hyperconverged.get_ocp_corresponding_version(hyperconverged_version: str) → str

Given a Hyperconverged version, return the corresponding OCP version.

Rule: - OCP Major = Hyperconverged Major + 3 - OCP Minor = Hyperconverged Minor + 4

Parameters:: hyperconverged_version – Hyperconverged version as a string (e.g., “1.14”)
Returns:: Corresponding OCP version as a string (e.g., “4.18”)

ocs_ci.deployment.ibm module

This module implements the OCS deployment for IBM Power platform Base code in deployment.py contains the required changes to keep code duplication to minimum. Only destroy_ocs is retained here.

class ocs_ci.deployment.ibm.IBMDeployment

Bases: Deployment

Implementation of Deploy for IBM Power architecture

destroy_lso()

destroy_ocs(): Handle OCS destruction. Remove storage classes, PVCs, Storage Cluster, Openshift-storage namespace, LocalVolume, unlabel worker-storage nodes, delete ocs CRDs, etc.

ocs_ci.deployment.ibmcloud module

This module contains platform specific methods and classes for deployment on IBM Cloud Platform.

class ocs_ci.deployment.ibmcloud.IBMCloud

Bases: CloudDeploymentBase

Deployment class for IBM Cloud

OCPDeployment: alias of IBMCloudOCPDeployment

check_cluster_existence(cluster_name_prefix)

Check cluster existence based on a cluster name prefix.

Parameters:

cluster_name_prefix (str) – name prefix which identifies a cluster

Returns:

True if a cluster with the same name prefix already exists,: False otherwise

Return type:

bool

deploy_ocp(log_cli_level='DEBUG')

Deployment specific to OCP cluster on a cloud platform.

Parameters:: log_cli_level (str) – openshift installer’s log level (default: “DEBUG”)

class ocs_ci.deployment.ibmcloud.IBMCloudIPI

Bases: CloudDeploymentBase

A class to handle IBM Cloud IPI specific deployment

OCPDeployment: alias of IPIOCPDeployment

add_security_group_to_vsi(instance_name, security_group_name=None)

Add a security group to a VSI’s network interface using security-group-target-add command. This is safer than update command as it doesn’t require listing all existing security groups.

Parameters:

instance_name (str) – The VSI instance name
security_group_name (str) – Name of the security group to add (if None, it will be fetched from ENV_DATA)

Returns:

True if successful, False otherwise

Return type:

bool

static check_cluster_existence(cluster_name_prefix)

Check cluster existence based on a cluster name prefix.

Parameters:

cluster_name_prefix (str) – name prefix which identifies a cluster

Returns:

True if a cluster with the same name prefix already exists,: False otherwise

Return type:

bool

delete_bucket(): Deletes the COS bucket

delete_cos_instances(prefix)

Delete COS Instances matching the provided prefix.

Parameters:: prefix (str) – The prefix string to match instance names.
Returns:: A tuple containing the count of matched COS instances and the number of errors occurred during deletion. Errors are raised as CommandFailed exceptions.
Return type:: tuple

delete_custom_images(prefix)

Delete Custom Images matching the provided prefix.

Parameters:: prefix (str) – The prefix string to match image names.
Returns:: A tuple containing the count of matched custom images and the number of errors occurred during deletion. Errors are raised as CommandFailed exceptions.
Return type:: tuple

delete_floating_ips(prefix)

Delete Floating IPs matching the provided prefix.

Parameters:: prefix (str) – The prefix string to match floating IP names.
Returns:: A tuple containing the count of matched floating IPs and the number of errors occurred during deletion. Errors are raised as CommandFailed exceptions.
Return type:: tuple

delete_leftover_resources(resource_group)

Delete leftovers from IBM Cloud.

Parameters:: resource_group (str) – Resource group in IBM Cloud that contains the cluster resources.
Raises:: LeftoversExistError – In case the leftovers after attempt to clean them out.

delete_load_balancers(prefix)

Delete Load Balancers matching the provided prefix.

Parameters:: prefix (str) – The prefix string to match load balancer names.
Returns:: A tuple containing the count of matched load balancers and the number of errors occurred during deletion. Errors are raised as CommandFailed exceptions.
Return type:: tuple

delete_resource_group(resource_group)

Delete the resource group that contained the cluster assets.

Parameters:: resource_group (str) – Resource group in IBM Cloud that contains the cluster resources.

delete_security_groups(prefix)

Delete Security Groups matching the provided prefix.

Parameters:: prefix (str) – The prefix string to match security group names.
Returns:: A tuple containing the count of matched security groups and the number of errors occurred during deletion. Errors are raised as CommandFailed exceptions.
Return type:: tuple

delete_volumes(resource_group)

Delete the pvc volumes created in IBM Cloud that the openshift installer doesn’t remove.

Parameters:: resource_group (str) – Resource group in IBM Cloud that contains the cluster resources.

delete_vsis(prefix)

Delete Virtual Server Instances matching the provided prefix.

Parameters:: prefix (str) – The prefix string to match VSI names.
Returns:: A tuple containing the count of matched VSIs and the number of errors occurred during deletion. Errors are raised as CommandFailed exceptions.
Return type:: tuple

deploy_ocp(log_cli_level='DEBUG')

Perform IBMCloudIPI OCP deployment.

Parameters:: log_cli_level (str) – log level for installer (default: DEBUG)

destroy_cluster(log_level='DEBUG')

Destroy the OCP cluster.

Parameters:: log_level (str) – log level openshift-installer (default: DEBUG)

destroy_cluster_from_existing_vpc(prefix)

Destroy the OCP cluster from existing VPC infrastructure on IBM Cloud. This function will destroy the cluster and the following resources: - Virtual Server Instances (VSIs) - Floating IPs - Load Balancers - Security Groups - Custom Images - Volumes (Block Storage) - Cloud Object Storage

prefix: the prefix of the cluster (can be obtained from metadata infraID or cluster_name-)

raises LeftoversExistError if any errors occur during deletion.

static export_api_key(): Exports the IBM CLoud API key as an environment variable.

force_cleanup_leftovers(resource_group): Extra force cleanup for IBM Cloud leftovers that installer + normal ocs-ci cleanup misses. Mirrors what the bash script does.

get_instance_names_by_prefix(prefix)

Get all instance names for instances whose names start with the given prefix.

Parameters:: prefix (str) – The prefix to match instance names against
Returns:: List of instance names that match the prefix, empty list if none found
Return type:: list

get_load_balancers()

Gets the load balancers

Returns:: load balancers in json format
Return type:: json

get_load_balancers_count(region=None)

Gets the number of load balancers

Parameters:: region (str) – region (e.g. us-south), if not defined it will take from config.
Returns:: number of load balancers
Return type:: int

get_resource_group(return_id=False)

Retrieve and set the resource group being utilized for the cluster assets.

Parameters:: return_id (bool) – If True, it will return ID instead of name.
Returns:: name or ID of resource group if found. None: in case no RG found.
Return type:: str

manually_create_iam_for_vpc(): Manually specify the IAM secrets for the cloud provider

prepare_custom_vpc_and_network(): Prepare resource group, VPC, address prefixes, subnets, public gateways and attach subnets to public gateways. All for using custom VPC for IBM Cloud IPI deployment described here: https://docs.openshift.com/container-platform/4.15/installing/installing_ibm_cloud_public/installing-ibm-cloud-vpc.html

prepare_existing_vpc_and_network()

Prepare to use existing VPC, resource group, and subnets for IBM Cloud IPI deployment. This function allows you to use your own pre-existing VPC infrastructure.

Required ENV_DATA configuration: - existing_vpc: true - resource_group_name: name of existing resource group - network_resource_group_name: name of existing network resource group (can be same as resource_group_name) - vpc_name: name of existing VPC - control_plane_subnets: list of existing control plane subnet names - compute_subnets: list of existing compute subnet names

ocs_ci.deployment.ingress_node_firewall module

ocs_ci.deployment.ingress_node_firewall.create_config(): Creates configuration for IngressNodeFirewall

ocs_ci.deployment.ingress_node_firewall.create_rules(rules)

Create IngressNodeFirewall Rules

Parameters:: rules (dict) – dictionary of IngressNodeFirewall Rules (content of spec.ingress)

ocs_ci.deployment.ingress_node_firewall.deploy_ingress_node_firewall(rules)

Deploy Ingress Node Firewall Operator used for example for restricting SSH access to nodes

Parameters:: rules (dict) – dictionary of IngressNodeFirewall Rules (content of spec.ingress)

ocs_ci.deployment.ingress_node_firewall.restrict_ssh_access_to_nodes(): Deploy IngressNodeFirewall and configure rules to restrict SSH access to nodes

ocs_ci.deployment.install_ocp_on_rhel module

This module will install OCP on RHEL nodes

class ocs_ci.deployment.install_ocp_on_rhel.OCPINSTALLRHEL(rhel_worker_nodes)

Bases: object

Class to install OCP on RHEL nodes

create_inventory()

Creates the inventory file

Returns:: Path to inventory file
Return type:: str

create_inventory_for_haproxy()

Creates the inventory file for haproxy

Returns:: Path to inventory file for haproxy
Return type:: str

execute_ansible_playbook(): Run ansible-playbook on pod

prepare_rhel_nodes(): Prepare RHEL nodes for OCP installation

upload_helpers(ocp_repo)

Upload helper files to pod for OCP installation on RHEL Helper Files:

- ssh_key pem
- ocp repo
- ocp pem
- kubeconfig
- pull secret
- inventory yaml

Parameters:: ocp_repo (str) – OCP repo to upload

ocs_ci.deployment.mce module

This module contains functionality required for mce installation.

class ocs_ci.deployment.mce.MCEInstaller

Bases: object

mce Installer class for mce deployment

check_hypershift_namespace(): Check hypershift namespace created

check_supported_versions(): Check supported ocp versions for hcp cluster creation

create_image_override(): Create hypershift image override cm

create_mce_namespace()

Creates the namespace for mce resources

Raises:: CommandFailed – If the ‘oc create’ command fails.

create_mce_subscription(): Creates subscription for mce operator

create_multiclusterengine_operatorgroup(): Creates multiclusterengine operator group

create_multiclusterengine_resource(): Creates multiclusterengine resource

csv_succeeded()

Check if MCE CSV is in succeeded phase

Returns:: True if MCE CSV is in succeeded phase, False otherwise
Return type:: bool

deploy_mce(): Installs mce enabling software emulation.

enable_hypershift_preview()

Enable hypershift-preview component in MultiClusterEngine.

Patches the multiclusterengine resource to enable the hypershift-preview component which is required for HyperShift hosted control plane functionality.

Equivalent to:: oc patch mce multiclusterengine –type=merge -p ‘{“spec”:{“overrides”:{“components”:[{“name”:”hypershift-preview”,”enabled”: true}]}}}’

Returns:: True if patch was successful, False otherwise
Return type:: bool
Raises:: CommandFailed – If the patch operation fails

get_mce_csv_name()

Get MCE CSV name

Returns:: MCE CSV name
Return type:: str

get_parsed_versions()

Get parsed versions for current running mce and upgrade target version.

Returns:: Parsed versions of current running MCE and upgrade target version.
Return type:: tuple

get_running_mce_version()

Get the currently running MCE version.

Returns:: The current MCE version or an empty string if not found.
Return type:: str

get_supported_versions()

Get supported versions from the supported-versions configmap.

Returns:: Supported versions string or empty string if command fails.
Return type:: str

mce_exists()

Check if MCE exists

Returns:: True if MCE exists, False otherwise
Return type:: bool

mce_installed()

Check if MCE is already installed.

Returns:: True if MCE is installed, False otherwise
Return type:: bool

patch_channel(): Method to patch mce subscription channel during upgrade where we do Y to Y upgrade

patch_mce_catsrc_with_image_tag()

patch_subscription_with_mce_catsrc(): Patch subscription to use mce catalogsource

set_catalogsource_image(): Set catalogsource image for mce upgrade. Works with catsrc already created or creates a new one.

upgrade_mce()

Upgrade mce to the latest build of desired target version. Important ! Latest unreleased versions are not always available in the registry, and not always stable. Important ! scopeo cli tool must be installed and pull-secret must be in a location expected in a config Important ! MCE operator upgrade will be aborted if ACM operator is installed; use ACMUpgrade().run_upgrade() Important ! MCE operator upgrade will be aborted if MCE operator is not deployed New mce-dev-catalog catalogSource will be created and propagated, even if mce was initially installed with a different catalogSource

Returns:: upgrade pass type: “version change upgrade” or “z-stream upgrade” or “” (if no upgrade performed)
Return type:: str
Raises:: MultiClusterEngineNotDeployedException – If MCE is not deployed

verify_mce_version_major_minor_matches()

Verify that the major and minor version of MCE csv matches the desired upgrade version.

Returns:: True if major and minor versions match, False otherwise.
Return type:: bool

wait_csv_upgraded()

Wait for mce operator csv upgraded

Raises:: TimeoutExpiredError – If the CSV is not in the ‘Succeeded’ state within the timeout

wait_mce_csv_succeeded(timeout=None, sleep=10)

Wait until the MCE CSV reaches the ‘Succeeded’ phase.

Parameters:

timeout (int) – Timeout in seconds. If None, defaults to self.timeout_wait_csvs_minutes * 60.
sleep (int) – Sleep interval between checks in seconds.

Returns:

True if CSV reached ‘Succeeded’ within timeout.

Return type:

bool

Raises:

TimeoutExpiredError – If the CSV does not reach ‘Succeeded’ within the timeout.

wait_mce_resources()

Wait for mce Available state and deployments Ready state

Raises:: TimeoutExpiredError – If the deployment is not in the ‘Available’ state within the timeout

ocs_ci.deployment.mce.set_mirror_registry_configmap()

Set mirror registry config cm for mce/hypershift

Raises:: CommandFailed – If the ‘oc create’ command fails.

ocs_ci.deployment.metallb module

class ocs_ci.deployment.metallb.MetalLBInstaller(namespace: str = 'metallb-system')

Bases: object

apply_icsp(): Apply the ICSP to the cluster

apply_idms(): Apply the IDMS to the cluster

catalog_source_created()

Check if catalog source is created

Returns:: True if catalog source is created, False otherwise
Return type:: bool

correct_idms()

This is a workaround for the issue with IDMS Brew registry. We don’t want to affect other components, so we only delete one mirror item that causes the issue.

This resolves issue with metallb operator deployment installation when they stuck in ImagePullBackOff

create_catalog_source()

Create catalog source for MetalLB

Returns:: True if catalog source is created, False otherwise, error if not get Ready state
Return type:: bool

create_ip_address_pool()

Create IP address pool for MetalLB

Returns:

True if IP address pool is created, False if creation failed

Return type:

bool

Raises:

NotImplementedError – if platform is not supported
ValueError – if number of reserved IP addresses for MetalLB is not specified

create_l2advertisement()

Create L2 advertisement for IP address pool

Returns:: True if L2 advertisement is created, False if failed, None if L2 advertisement already exists
Return type:: bool

create_metallb_instance(): Create MetalLB instance :returns: True if MetalLB instance is created, False/None otherwise :rtype: bool

create_metallb_namespace(): Create MetalLB namespace :returns: True if namespace is created, False otherwise :rtype: bool

create_metallb_operator_group()

Create MetalLB operator group

Returns:: True if operator group is created, False otherwise
Return type:: bool

create_metallb_subscription()

Create MetalLB subscription

Returns:: True if subscription is created, and metallb pods are Ready, False otherwise
Return type:: bool

delete_catalogsource()

Delete catalog source

Returns:: True if catalog source is deleted, False otherwise
Return type:: bool

delete_ipaddresspool()

Delete ipaddresspool

Returns:: True if ipaddresspool is deleted, False otherwise
Return type:: bool

delete_l2advertisement()

Delete l2advertisement

Returns:: True if l2advertisement is deleted, False otherwise
Return type:: bool

delete_metallb_namespace()

Delete MetalLB namespace

Returns:: True if namespace is deleted, False otherwise

delete_operatorgroup()

Delete operator group

Returns:: True if operator group is deleted, False otherwise
Return type:: bool

delete_subscription()

Delete subscription

Returns:: True if subscription is deleted, False otherwise
Return type:: bool

deploy_lb()

Deploy MetalLB If resources are already created, method will not create them again

Returns:: True if MetalLB is deployed, False otherwise
Return type:: bool

get_catsrc_name()

Helper function to get the catalog source name

Returns:: The name of the catalog source for MetalLB
Return type:: str

get_running_metallb_version()

Get the currently deployed cnv version

Returns:: metalLB version
Return type:: string

idms_brew_registry_exists()

Check if the IDMS Brew registry exists

Returns:: True if the IDMS Brew registry exists, False otherwise
Return type:: bool

ip_address_pool_created()

Check if IP address pool is created

Returns:: True if IP address pool is created, False otherwise
Return type:: bool

l2advertisement_created(): Check if L2 advertisement is created :returns: True if L2 advertisement is created, False otherwise :rtype: bool

metallb_instance_created()

Check if MetalLB instance is created

Returns:: True if MetalLB instance is created, False otherwise
Return type:: bool

metallb_kind_available()

Check if MetalLB Kind is available This method is a hack to avoid ‘Error is error: the server doesn’t have a resource type “MetalLB”’ or time.sleep

Returns:: True if MetalLB Kind is available, False otherwise
Return type:: bool

metallb_operator_group_created()

Check if MetalLB operator group is created

Returns:: True if operator group is created, False otherwise
Return type:: bool

metallb_patch_subscription(patch)

Update the subscription with patch information

Parameters:: patch (dict) – patch information

subscription_created(): Check if subscription already exists :returns: True if subscription already exists, False otherwise :rtype: bool

undeploy(): Undeploy MetalLB

update_ip_address_pool_cr(ipaddresspool_data)

Update IP address pool custom resource

Parameters:: ipaddresspool_data (dict) – IP address pool data. YAML accessible as dict

upgrade_metallb()

Upgrade metalLB operator

Returns:: if metallb operator is upgraded successfully
Return type:: bool

wait_csv_installed()

Verify if MetalLB CSV is installed

Returns:: True if MetalLB CSV is installed, False otherwise
Return type:: bool

ocs_ci.deployment.multicluster_deployment module

class ocs_ci.deployment.multicluster_deployment.OCPDeployWithACM

Bases: Deployment

When we instantiate this class, the assumption is we already have an OCP cluster with ACM installed and current context is ACM

deploy_cluster(log_cli_level='INFO'): We deploy new OCP clusters using ACM Note: Importing cluster through ACM has been implemented as part of Jenkins pipeline

destroy_cluster(log_cli_level=None): Teardown OCP clusters deployed through ACM

do_deploy_ocp(log_cli_level='INFO'): This function overrides the parent’s function in order accomodate ACM based OCP cluster deployments

do_rdr_acm_ocp_deploy(): Specific to regional DR OCP cluster deployments

post_deploy_ops()

Install ingress certificates on OCP clusters deployed through ACM
Run post_ocp_deploy on OCP clusters

post_destroy_ops(cluster_list)

Post destroy ops mainly includes ip clean up and dns cleanup

Parameters:: cluster_list (list[ACMOCPClusterDeploy]) – list of platform specific instances

wait_for_all_cluster_async_destroy(destroy_cluster_list)

wait_for_all_clusters_async()

ocs_ci.deployment.netsplit module

ocs_ci.deployment.netsplit.get_netsplit_mc(tmp_path, master_zones, worker_zones, enable_split=True, x_addr_list=None, arbiter_zone=None, latency=None)

Generate machineconfig with network split scripts and configuration, tailored for the current cluster state.

Parameters:

tmp_path (pathlib.Path) – Directory where a temporary yaml file will be created. In test context, use pytest fixture tmp_path.
master_zones (list[str]) – zones where master nodes are placed
worker_zones (list[str]) – zones where worker nodes are placed
x_addr_list (list[str]) – IP addressess of external services (zone x)
arbiter_zone (str) – name of arbiter zone if arbiter deployment is used
latency (int) – additional latency in miliseconds, which will be introduced among zones

Returns:

mc (dict with MachineConfig) to deploy via: deploy_machineconfig()

Raises:

UnexpectedDeploymentConfiguration – in case of invalid cluster configuration, which prevents deployment of network split scripts
ValueError – in case given zone configuration doesn’t make any sense

ocs_ci.deployment.ocp module

This module provides base class for OCP deployment.

class ocs_ci.deployment.ocp.OCPDeployment(**kwargs)

Bases: object

create_config(): Create the OCP deploy config, if something needs to be changed for specific platform you can overload this method in child class.

deploy(log_cli_level='DEBUG'): Implement ocp deploy in specific child class

deploy_prereq(): Perform generic prereq before calling openshift-installer This method performs all the basic steps necessary before invoking the installer

destroy(log_level='DEBUG')

Destroy OCP cluster specific

Parameters:: log_level (str) – log level openshift-installer (default: DEBUG)

download_installer()

Method to download installer

Returns:: path to the installer
Return type:: str

get_pull_secret()

Load pull secret file

Returns:: content of pull secret
Return type:: str

get_ssh_key()

Loads public ssh to be used for deployment

Returns:: public ssh key or empty string if not found
Return type:: str

test_cluster(): Test if OCP cluster installed successfuly

ocs_ci.deployment.ocp.download_pull_secret()

Download the pull secret from the cluster and store it locally.

Returns:: pull secret path
Return type:: str

ocs_ci.deployment.on_prem module

This module contains common code and a base class for any on-premise platform deployment.

class ocs_ci.deployment.on_prem.IPIOCPDeployment

Bases: OCPDeployment

Common implementation of IPI OCP deployments for on-premise platforms

deploy(log_cli_level='DEBUG')

Deployment specific to OCP cluster for on-prem platform

Parameters:: log_cli_level (str) – openshift installer’s log level (default: “DEBUG”)

deploy_prereq(): Overriding deploy_prereq from parent. Perform all necessary prerequisites for on-premise IPI here

class ocs_ci.deployment.on_prem.OnPremDeploymentBase

Bases: Deployment

Base class for deployment in on-premise platforms

check_cluster_existence(cluster_name_prefix)

Check cluster existence according to cluster name prefix

Returns:

True if a cluster with the same name prefix already exists,: False otherwise

Return type:

bool

deploy_ocp(log_cli_level='DEBUG')

Deployment specific to OCP cluster in on-premise platform

Parameters:: log_cli_level (str) – openshift installer’s log level (default: “DEBUG”)

ocs_ci.deployment.openshift_dedicated module

This module contains platform specific methods and classes for deployment on Openshfit Dedicated Platform.

class ocs_ci.deployment.openshift_dedicated.OpenshiftDedicated

Bases: CloudDeploymentBase

Deployment class for Openshift Dedicated.

OCPDeployment: alias of OpenshiftDedicatedOCP

check_cluster_existence(cluster_name_prefix)

Check cluster existence based on a cluster name.

Parameters:

cluster_name_prefix (str) – name prefix which identifies a cluster

Returns:

True if a cluster with the same name prefix already exists,: False otherwise

Return type:

bool

deploy_ocp(log_cli_level='DEBUG')

Deployment specific to OCP cluster on a cloud platform.

Parameters:: log_cli_level (str) – openshift installer’s log level (default: “DEBUG”)

class ocs_ci.deployment.openshift_dedicated.OpenshiftDedicatedOCP

Bases: OCPDeployment

Openshift Dedicated deployment class.

deploy(log_level='')

Deployment specific to OCP cluster on a cloud platform.

Parameters:: log_cli_level (str) – openshift installer’s log level

deploy_prereq(): Overriding deploy_prereq from parent. Perform all necessary prerequisites for Openshfit Dedciated deployment.

destroy(log_level='DEBUG')

Destroy OCP cluster specific

Parameters:: log_level (str) – log level openshift-installer (default: DEBUG)

ocs_ci.deployment.qe_app_registry module

class ocs_ci.deployment.qe_app_registry.QeAppRegistry

Bases: object

catalog_source(): Make sure the Catalog source from QE App registry exists on the cluster.

icsp(): Make sure the required ICSP is applied on the cluster

icsp_brew_registry_exists()

Check if the ICSP Brew registry exists

Returns:: True if the ICSP Brew registry exists, False otherwise
Return type:: bool

ocs_ci.deployment.rhv module

This module contains platform specific methods and classes for deployment on Red Hat Virtualization (RHV) platform

class ocs_ci.deployment.rhv.RHVIPI

Bases: RHVBASE

A class to handle RHV IPI specific deployment

OCPDeployment: alias of IPIOCPDeployment

ocs_ci.deployment.rosa module

This module contains platform specific methods and classes for deployment on Openshfit Dedicated Platform.

class ocs_ci.deployment.rosa.ROSA

Bases: CloudDeploymentBase

Deployment class for ROSA and ROSA HCP.

OCPDeployment: alias of ROSAOCP

check_cluster_existence(cluster_name_prefix)

Check cluster existence based on a cluster name. Cluster in Uninstalling phase is not considered to be existing

Parameters:

cluster_name_prefix (str) – name prefix which identifies a cluster

Returns:

True if a cluster with the same name prefix already exists,: False otherwise

Return type:

bool

deploy_ocp(log_cli_level='DEBUG')

Deployment specific to OCP cluster on a cloud platform.

Parameters:: log_cli_level (str) – openshift installer’s log level (default: “DEBUG”)

deploy_ocs(): Deployment of ODF Managed Service addon on ROSA or ODF operator on ROSA HCP.

destroy_ocs(): Uninstall ODF Managed Service addon via rosa cli.

host_network_update(): Update security group rules for HostNetwork

class ocs_ci.deployment.rosa.ROSAOCP

Bases: OCPDeployment

ROSA deployment class.

cluster_present()

Check if the cluster is present in the cluster list, regardless of its state.

Returns:: True if a cluster with the given name exists, False otherwise
Return type:: bool

deploy(log_level='')

Deployment specific to OCP cluster on a ROSA Managed Service platform.

Parameters:: log_level (str) – openshift installer’s log level

deploy_prereq(): Overriding deploy_prereq from parent. Perform all necessary prerequisites for Openshfit Dedciated deployment.

destroy(log_level='DEBUG')

Destroy OCP cluster specific

Parameters:: log_level (str) – log level openshift-installer (default: DEBUG)

ocs_ci.deployment.terraform module

This module contains terraform specific methods and classes needed for deployment on vSphere platform

class ocs_ci.deployment.terraform.Terraform(path, bin_path=None, state_file_path=None)

Bases: object

Wrapper for terraform

apply(tfvars, bootstrap_complete=False, module=None, refresh=True)

Apply the changes required to reach the desired state of the configuration

Parameters:

tfvars (str) – path to terraform.tfvars file
bootstrap_complete (bool) – Removes bootstrap node if True
module (str) – Module to apply e.g: constants.COMPUTE_MODULE
refresh (bool) – If True, updates the state for each resource prior to planning and applying

change_statefile(module, vm_index)

Remove the records from the state file so that terraform will no longer be tracking the corresponding remote objects.

Note: terraform state file should be present in the directory from where the commands are initiated

Parameters:

module (str) – Name of the module e.g: compute_vm, module.control_plane_vm etc.
vm_index (int) – VM index. If the VM is compute-1, index is 1 and if the VM is compute-2, then index is 2

Examples:

terraform = Terraform(os.path.join(upi_repo_path, "upi/vsphere/"))
terraform.change_statefile(
    module="compute_vm", vm_index=2
)

destroy(tfvars, refresh=True)

Destroys the cluster

Parameters:: tfvars (str) – path to terraform.tfvars file

destroy_module(tfvars, module)

Destroys the particular module/node

Parameters:

tfvars (str) – path to terraform.tfvars file
module (str) – Module to destroy e.g: constants.BOOTSTRAP_MODULE

static get_terraform_version()

initialize(upgrade=False)

Initialize a working directory containing Terraform configuration files

Parameters:: upgrade (bool) – True in case installing modules needs upgrade from previously-downloaded objects, False otherwise

output(tfstate, module, json_format=True)

Extracts the value of an output variable from the state file

Parameters:

tfstate (str) – path to terraform.tfstate file
module (str) – module to extract
json_format (bool) – True if format output as json

Returns:

output from tfstate

Return type:

str

ocs_ci.deployment.vmware module

This module contains platform specific methods and classes for deployment on vSphere platform

class ocs_ci.deployment.vmware.VSPHEREAI

Bases: VSPHEREBASE

A class to handle vSphere Assisted Installer specific deployment

class OCPDeployment

Bases: OCPDeployment

assign_api_ingress_ips(): Request API and Ingress IPs from IPAM server

create_config(): Creates the OCP deploy config for the vSphere - not required for Assisted installer deployment

deploy(log_cli_level='DEBUG')

Deployment specific to OCP cluster on this platform

Parameters:: log_cli_level (str) – not used for Assisted Installer deployment

deploy_prereq(): Pre-Requisites for vSphere Assisted installer deployment

generate_terraform_vars(): Generates the terraform.tfvars.json file

deploy_ocp(log_cli_level='DEBUG')

Deployment specific to OCP cluster on vSphere platform

Parameters:: log_cli_level (str) – openshift installer’s log level (default: “DEBUG”)

destroy_cluster(log_level='DEBUG')

Destroy OCP cluster specific to vSphere Assisted installer

Parameters:: log_level (str) – this parameter is not used here

class ocs_ci.deployment.vmware.VSPHEREAgentAI

Bases: VSPHEREBASE

A class to handle vSphere specific deployment for HCP Agent clusters via Assisted Installer running on HCP cluster To use this class we need to switch to client context first

class OCPDeployment

Bases: OCPDeployment

assign_api_ingress_ips(): Request API and Ingress IPs from IPAM server

create_config(): Creates the OCP deploy config for the vSphere - not required for Assisted installer deployment

deploy(log_cli_level='DEBUG')

Deployment specific to OCP cluster on this platform

Parameters:: log_cli_level (str) – not used for Assisted Installer deployment

deploy_prereq(): Pre-Requisites for vSphere Assisted installer deployment

download_discovery_iso()

Download the ISO image from the InfraEnv to cluster_path of the client cluster Assumption is that this method is called from the client context, and th InfraEnv is created on the management cluster (Provider context)

Returns:: Path to downloaded ISO image or None if download failed
Return type:: str

generate_terraform_vars(): Generates the terraform.tfvars.json file

deploy_ocp(log_cli_level='DEBUG')

Deployment specific to OCP cluster on vSphere platform

Parameters:: log_cli_level (str) – openshift installer’s log level (default: “DEBUG”)

destroy_cluster(log_level='DEBUG')

Destroy OCP cluster specific to vSphere Assisted installer

Parameters:: log_level (str) – this parameter is not used here

class ocs_ci.deployment.vmware.VSPHEREIPI

Bases: VSPHEREBASE

A class to handle vSphere IPI specific deployment

class OCPDeployment

Bases: OCPDeployment

create_config(): Creates the OCP deploy config for the vSphere

deploy(log_cli_level='DEBUG')

Deployment specific to OCP cluster on this platform

Parameters:: log_cli_level (str) – openshift installer’s log level (default: “DEBUG”)

deploy_prereq(): Overriding deploy_prereq from parent. Perform all necessary prerequisites for VSPHEREIPI here.

deploy_ocp(log_cli_level='DEBUG')

Deployment specific to OCP cluster on this platform

Parameters:: log_cli_level (str) – openshift installer’s log level (default: “DEBUG”)

destroy_cluster(log_level='DEBUG')

Destroy OCP cluster specific to vSphere IPI

Parameters:: log_level (str) – log level openshift-installer (default: DEBUG)

post_destroy_checks(template_folder)

Post destroy checks on vSphere IPI cluster

Parameters:: template_folder (str) – template folder for the cluster

class ocs_ci.deployment.vmware.VSPHEREUPI

Bases: VSPHEREBASE

A class to handle vSphere UPI specific deployment

class OCPDeployment

Bases: OCPDeployment

change_ignition_ip_and_hostname(ip_address): Embed into iso.ign ip address and hostname (sno-edge-0) :param ip_address: ip address we got from IPAM to embed inside iso” :type ip_address: str

configure_storage_for_image_registry(kubeconfig): Configures storage for the image registry

create_config(): Creates the OCP deploy config for the vSphere

create_ignitions(): Creates the ignition files

create_sno_iso_and_upload(): Creating iso file with values for SNO deployment

deploy(log_cli_level='DEBUG')

Deployment specific to OCP cluster on this platform

Parameters:: log_cli_level (str) – openshift installer’s log level (default: “DEBUG”)

deploy_prereq(): Pre-Requisites for vSphere UPI Deployment

generate_manifests(): Generates manifest files

wait_for_sno_second_boot_change_ip_and_hostname(ip_address)

After second boot ocp is booting with the right ip address but after a while the ip is changed to dhcp. We monitor the ip address and when it changed we ssh to the node and change back the ip address and hostname :param ip_address: The ip address given from the IPAM server :type ip_address: str

Raises:: ConnectivityFail – Incase after the change we ping the ip_address. If it doesn’t reply we raise.

deploy_ocp(log_cli_level='DEBUG')

Deployment specific to OCP cluster on vSphere platform

Parameters:: log_cli_level (str) – openshift installer’s log level (default: “DEBUG”)

destroy_cluster(log_level='DEBUG')

Destroy OCP cluster specific to vSphere UPI

Parameters:: log_level (str) – log level openshift-installer (default: DEBUG)

destroy_scaleup_nodes(scale_up_terraform_data_dir, scale_up_terraform_var)

Destroy the scale-up nodes

Parameters:

scale_up_terraform_data_dir (str) – Path to scale-up terraform data directory
scale_up_terraform_var (str) – Path to scale-up terraform.tfvars file

ocs_ci.deployment.zones module

ocs_ci.deployment.zones.are_zone_labels_missing()

Check that there are no nodes with zone labels.

Returns:: True if all nodes are missing zone label, False otherwise.
Return type:: Bool

ocs_ci.deployment.zones.are_zone_labels_present()

Check that there are no nodes without zone labels.

Returns:: True if all nodes have a zone label, False otherwise.
Return type:: Bool

ocs_ci.deployment.zones.assign_dummy_zones(zones, nodes, overwrite=False)

Assign node labels to given nodes based on given zone lists. Zones are assigned so that there is the same number of nodes in each zone.

Parameters:

zones (list[str]) – list of k8s zone names
nodes (list[str]) – list of node names to label
overwrite (bool) – if True, labeling will not fail on already defined zone labels (False by default)

Raises:

ValueError – when number of nodes is not divisible by number of zones

ocs_ci.deployment.zones.create_dummy_zone_labels()

Create dummy zone labels on cluster nodes: try to label all master and worker nodes based on values of worker_availability_zones and master_availability_zones options, but only if there are no zone labels already defined.

Raises:: UnexpectedDeploymentConfiguration – when either cluster or ocs-ci config file are in conflict with dummy zone labels.

ocs_ci.deployment package

Subpackages

Submodules

ocs_ci.deployment.acm module

ocs_ci.deployment.assisted_installer module

ocs_ci.deployment.aws module

ocs_ci.deployment.azure module

ocs_ci.deployment.baremetal module

ocs_ci.deployment.cert_manager module

ocs_ci.deployment.cloud module

ocs_ci.deployment.cnv module

ocs_ci.deployment.deployment module

ocs_ci.deployment.disconnected module

ocs_ci.deployment.encryption module

ocs_ci.deployment.factory module

ocs_ci.deployment.flexy module

ocs_ci.deployment.fusion module

ocs_ci.deployment.fusion_aas module

ocs_ci.deployment.fusion_data_foundation module

ocs_ci.deployment.gcp module

ocs_ci.deployment.hub_spoke module

ocs_ci.deployment.hyperconverged module

ocs_ci.deployment.ibm module

ocs_ci.deployment.ibmcloud module

ocs_ci.deployment.ingress_node_firewall module

ocs_ci.deployment.install_ocp_on_rhel module

ocs_ci.deployment.mce module

ocs_ci.deployment.metallb module

ocs_ci.deployment.multicluster_deployment module

ocs_ci.deployment.netsplit module

ocs_ci.deployment.ocp module

ocs_ci.deployment.on_prem module

ocs_ci.deployment.openshift_dedicated module

ocs_ci.deployment.qe_app_registry module

ocs_ci.deployment.rhv module

ocs_ci.deployment.rosa module

ocs_ci.deployment.terraform module

ocs_ci.deployment.vmware module

ocs_ci.deployment.zones module

Module contents