skip-cli-download and change default case repository #840
Conversation
remove task calls for openshift-download-client Remove openshift client download task skip cli downloads when option set to true
|
| GitGuardian id | GitGuardian status | Secret | Commit | Filename | |
|---|---|---|---|---|---|
| 10070264 | Triggered | Generic Password | d1114fc | automation-roles/50-install-cloud-pak/cp4ba/cp4ba-cluster/tasks/main.yml | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secret safely. Learn here the best practices.
- Revoke and rotate this secret.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
| @@ -3,5 +3,7 @@ setup-instance-topology \ | |||
| --cpd_operator_ns={{ current_cp4d_cluster.operators_project }} \ | |||
| --cpd_instance_ns={{ current_cp4d_cluster.project }} \ | |||
| --release={{ current_cp4d_cluster.cp4d_version }} \ | |||
| --case_download=true \ | |||
There was a problem hiding this comment.
I think the --case_download and --from_oci should only be used with non-airgapped clusters. setup-instance-topology will not download the images if they are already in the case directory and that is how it should work.
| @@ -1,6 +1,7 @@ | |||
| /opt/ansible/bin/apply-olm \ | |||
| --release={{ _p_current_cp4d_cluster.cp4d_version }} \ | |||
| --case_download={%- if cpd_airgap | default(False) | bool -%}false{%- else -%}true{%- endif %} \ | |||
| --from_oci=true \ | |||
There was a problem hiding this comment.
Also make --from_oci dependent on cpd_airgap
| @@ -1,3 +1,4 @@ | |||
| case-download \ | |||
| --release={{ _p_current_cp4d_cluster.cp4d_version }} \ | |||
| --from_oci=true \ | |||
There was a problem hiding this comment.
make --from_oci dependent on cpd_airgap
| @@ -5,6 +5,7 @@ set -o pipefail | |||
| apply-cluster-components \ | |||
| --release={{ _p_cp4d_version }} \ | |||
| --license_acceptance=true \ | |||
| --from_oci=true \ | |||
There was a problem hiding this comment.
make --from_oci dependent on cpd_airgap
| extra_opts: | ||
| - --strip-components=1 | ||
|
|
||
| when: not (cpd_skip_cli_downloads | default(False) | bool) |
There was a problem hiding this comment.
The unpack of cpd-cli should still be done if downloads are skipped.
| retries: 5 | ||
| delay: 10 | ||
|
|
||
| - name: Unpack OpenJDK 9 package |
There was a problem hiding this comment.
Unpacking and installing Java should still be done if download skipped
| @@ -1,50 +0,0 @@ | |||
| --- | |||
There was a problem hiding this comment.
I would like to keep the openshift-download-client role, just in case it is useful in the future
| - name: Unpack OpenShift installer |
There was a problem hiding this comment.
Unpack of installer should be done even if download skipped
automation-roles/99-generic/terraform/terraform-download/tasks/main.yml
Outdated
Show resolved
Hide resolved
address comments from review address comments from review address comments from review address comments from review address comments from review
argeiger
force-pushed
the
roks-airgapped
branch
from
d8cc9bc to
1671d13
Compare
Add a new option called skip-cli-downloads to skip the download of utilities. Useful in an air-gapped environment where you don't need to install them or if they are contained in your image.
Also, change the CASE repository from github to OCI