Add support for local registry

docs/quickstart.md

@@ -182,3 +182,11 @@ Do not manually clean up your environment unless both of the following are true:
 
 1. You know what you are doing
 2. Something went wrong with an automated deletion.
+
+### Setup Local Registry Variables
+
+Update the following variables specific to OCP local registry. Note that this is required only for restricted network install.
+
+ * `enable_local_registry` : (Optional) Set to true to enable usage of local registry for restricted network install.
+ * `local_registry_image` : (Optional) This is the name of the image used for creating the local registry container.
+ * `ocp_release_tag` : (Optional) The version of OpenShift you want to sync. Determine the tag by referring the [Repository Tags](https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags) page.

modules/3_helpernode/helpernode.tf

@@ -20,7 +20,13 @@
 
 locals {
     forwarders = tolist(split(";", var.dns_forwarders))
-
+    local_registry  = {
+        enable_local_registry   = var.enable_local_registry
+        registry_image          = var.local_registry_image
+        ocp_release_repo        = "ocp4/openshift4"
+        ocp_release_tag         = var.ocp_release_tag
+    }
+
     helpernode_vars = {
         cluster_domain  = var.cluster_domain
         cluster_id      = var.cluster_id
@@ -55,7 +61,8 @@ locals {
                 name = "worker-${ix}"
             }
         ]
-
+
+        local_registry  = local.local_registry
         client_tarball  = var.openshift_client_tarball
         install_tarball = var.openshift_install_tarball
     }
@@ -78,13 +85,19 @@ resource "null_resource" "config" {
 
     provisioner "remote-exec" {
         inline = [
+            "mkdir -p .openshift",
             "rm -rf ocp4-helpernode",
             "echo 'Cloning into ocp4-helpernode...'",
             "git clone https://github.com/RedHatOfficial/ocp4-helpernode --quiet",
             "cd ocp4-helpernode && git checkout ${var.helpernode_tag}"
         ]
     }
 
+    provisioner "file" {
+        source      = "data/pull-secret.txt"
+        destination = "~/.openshift/pull-secret"
+    }
+
     provisioner "file" {
         content     = templatefile("${path.module}/templates/helpernode_inventory", local.helpernode_inventory)
         destination = "~/ocp4-helpernode/inventory"

modules/3_helpernode/templates/helpernode_vars.yaml

@@ -54,3 +54,14 @@ ocp_installer: "${install_tarball}"
 ocp_bios: "file:///dev/null"
 ocp_initramfs: "file:///dev/null"
 ocp_install_kernel: "file:///dev/null"
+
+%{ if local_registry.enable_local_registry }
+setup_registry:
+  deploy: true
+  autosync_registry: true
+  registry_image: "${local_registry.registry_image}"
+  local_repo: "${local_registry.ocp_release_repo}"
+  product_repo: "openshift-release-dev"
+  release_name: "ocp-release"
+  release_tag: "${local_registry.ocp_release_tag}"
+%{ endif }

modules/3_helpernode/variables.tf

@@ -52,3 +52,7 @@ variable "openshift_install_tarball" {}
 variable "helpernode_tag" {}
 
 variable "ansible_extra_options" {}
+
+variable "enable_local_registry" {}
+variable "local_registry_image" {}
+variable "ocp_release_tag" {}

modules/5_install/install.tf

@@ -19,21 +19,31 @@
 ################################################################
 
 locals {
+    local_registry  = {
+        enable_local_registry   = var.enable_local_registry
+        registry_image          = var.local_registry_image
+        ocp_release_repo        = "ocp4/openshift4"
+        ocp_release_tag         = var.ocp_release_tag
+    }
+
     inventory = {
         bastion_ip      = var.bastion_ip
         bootstrap_ip    = var.bootstrap_ip
         master_ips      = var.master_ips
         worker_ips      = var.worker_ips
     }
 
+    local_registry_ocp_image = "registry.${var.cluster_id}.${var.cluster_domain}:5000/${local.local_registry.ocp_release_repo}:${var.ocp_release_tag}"
+
     install_vars = {
         cluster_id              = var.cluster_id
         cluster_domain          = var.cluster_domain
         pull_secret             = var.pull_secret
         public_ssh_key          = var.public_key
         storage_type            = var.storage_type
+        enable_local_registry   = var.enable_local_registry
+        release_image_override  = var.enable_local_registry ? "${local.local_registry_ocp_image}" : var.release_image_override
         log_level               = var.log_level
-        release_image_override  = var.release_image_override
         chrony_config           = var.chrony_config
         chrony_config_servers   = var.chrony_config_servers
     }

modules/5_install/templates/install_vars.yaml

@@ -20,3 +20,4 @@ chronyconfig:
 %{ endif ~}
 powervm_rmc: false
 
+enable_local_registry: ${enable_local_registry}

modules/5_install/variables.tf

@@ -53,3 +53,7 @@ variable "upgrade_version" {}
 variable "upgrade_channel" {}
 variable "upgrade_pause_time" {}
 variable "upgrade_delay_time" {}
+
+variable "enable_local_registry" {}
+variable "local_registry_image" {}
+variable "ocp_release_tag" {}

ocp.tf

@@ -132,6 +132,9 @@ module "helpernode" {
     helpernode_tag                  = var.helpernode_tag
     openshift_install_tarball       = var.openshift_install_tarball
     openshift_client_tarball        = var.openshift_client_tarball
+    enable_local_registry           = var.enable_local_registry
+    local_registry_image            = var.local_registry_image
+    ocp_release_tag                 = var.ocp_release_tag
     ansible_extra_options           = var.ansible_extra_options
 }
 
@@ -175,6 +178,9 @@ module "install" {
     pull_secret                     = file(coalesce(var.pull_secret_file, "/dev/null"))
     storage_type                    = var.storage_type
     release_image_override          = var.release_image_override
+    enable_local_registry           = var.enable_local_registry
+    local_registry_image            = var.local_registry_image
+    ocp_release_tag                 = var.ocp_release_tag
     install_playbook_tag            = var.install_playbook_tag
     log_level                       = var.installer_log_level
     ansible_extra_options           = var.ansible_extra_options

var.tfvars

@@ -50,3 +50,9 @@ volume_size                 = "300" # Value in GB
 #upgrade_channel = ""  #(stable-4.x, fast-4.x, candidate-4.x) eg. stable-4.5
 #upgrade_pause_time = "90"
 #upgrade_delay_time = "600"
+
+### Local registry variables
+enable_local_registry = false  #Set to true to enable usage of the local registry for restricted network install.
+
+#local_registry_image = "docker.io/ibmcom/registry-ppc64le:2.6.2.5"
+#ocp_release_tag      = "4.6.1-ppc64le"

variables.tf

@@ -259,3 +259,22 @@ variable "upgrade_delay_time" {
     description = "Number of seconds to wait before re-checking the upgrade status once the playbook execution resumes."
     default = "600"
 }
+
+################################################################
+# Local registry variables ( used only in disconnected install )
+################################################################
+variable "enable_local_registry" {
+    description = "Set to true to enable usage of local registry for restricted network install."
+    type = bool
+    default = false
+}
+
+variable "local_registry_image" {
+    description = "Name of the image used for creating the local registry container."
+    default = "docker.io/ibmcom/registry-ppc64le:2.6.2.5"
+}
+
+variable "ocp_release_tag" {
+    description = "The version of OpenShift you want to sync."
+    default = "4.6.1-ppc64le"
+}