AGENT-744: agent e2e tests support (#1602)

* use local registry certificate for connected scenarios

    Since the CI e2e step enables by default dev-scripts local registry to store specific CI test images, it's required to configure install-config.yaml with the registry certificate when the registry it's enabled (and this could happen even when MIRROR_IMAGES wasn't set)

* Adding missing bits to support CI e2e test execution

Author: andfasano

agent/06_agent_create_cluster.sh

@@ -406,3 +406,25 @@ wait_for_cluster_ready
 if [ ! -z "${AGENT_DEPLOY_MCE}" ]; then
   mce_complete_deployment
 fi
+
+# e2e test configuration
+
+# Configure storage for the image registry
+oc patch configs.imageregistry.operator.openshift.io \
+    cluster --type merge --patch '{"spec":{"storage":{"emptyDir":{}},"managementState":"Managed"}}'
+
+if [[ ! -z "${ENABLE_LOCAL_REGISTRY}" ]]; then        
+    # Configure tools image registry and cluster samples operator 
+    # when local image stream is enabled. These are basically to run CI tests
+    # depend on tools image.
+    add_local_certificate_as_trusted
+fi
+
+# Marketplace operators could not pull their images via internet
+# and stays degraded in disconnected.
+# This is the suggested way in
+# https://docs.openshift.com/container-platform/4.9/operators/admin/olm-managing-custom-catalogs.html#olm-restricted-networks-operatorhub_olm-managing-custom-catalogs
+if [[ -n "${MIRROR_IMAGES}" ]]; then
+  oc patch OperatorHub cluster --type json \
+      -p '[{"op": "add", "path": "/spec/disableAllDefaultSources", "value": true}]'
+fi

agent/roles/manifests/tasks/main.yml

@@ -1,7 +1,12 @@
 - name: Get additional trust bundle
   set_fact:
     ca_bundle_crt: "{{ lookup('file', mirror_path + '/ca-bundle.crt') | to_json }}"
-  when: mirror_images
+  when: mirror_images 
+  
+- name: Get local registry certificate
+  set_fact:
+    registry_certificate: "{{ lookup('file', registry_dir + '/certs/' + registry_crt) | to_json }}"
+  when: enable_local_registry
 
 - name: Set GoCPUArchitecture
   set_fact:

agent/roles/manifests/templates/install-config_yaml.j2

@@ -85,4 +85,6 @@ imageContentSources:
   source: "registry.redhat.io/redhat"
 {% endif %}
 additionalTrustBundle: {{ ca_bundle_crt }}
+{% elif enable_local_registry %}
+additionalTrustBundle: {{ registry_certificate }}
 {% endif %}

agent/roles/manifests/vars/main.yml

@@ -16,6 +16,7 @@ cluster_name: "{{ lookup('env', 'CLUSTER_NAME') }}"
 cluster_namespace: "{{ lookup('env', 'CLUSTER_NAMESPACE') }}"
 cluster_subnet_v4: "{{ lookup('env', 'CLUSTER_SUBNET_V4') }}"
 cluster_subnet_v6: "{{ lookup('env', 'CLUSTER_SUBNET_V6') }}"
+enable_local_registry: "{{ lookup('env', 'ENABLE_LOCAL_REGISTRY') != '' }}"
 external_subnet_v4: "{{ lookup('env', 'EXTERNAL_SUBNET_V4') }}"
 external_subnet_v6: "{{ lookup('env', 'EXTERNAL_SUBNET_V6') }}"
 external_subnet_v4_prefixlen: "{{ lookup('env', 'EXTERNAL_SUBNET_V4') | ansible.utils.ipaddr('prefix') }}"
@@ -40,6 +41,8 @@ provisioning_host_external_ip: "{{ lookup('env', 'PROVISIONING_HOST_EXTERNAL_IP'
 pull_secret: "{{ lookup('env', 'PULL_SECRET_FILE') }}"
 pull_secret_contents: "{{ lookup('file', pull_secret) | to_json }}"
 pxe_server_url: "{{ lookup('env', 'PXE_SERVER_URL')}}"
+registry_crt: "{{ lookup('env', 'REGISTRY_CRT')}}"
+registry_dir: "{{ lookup('env', 'REGISTRY_DIR')}}"
 ssh_pub_key: "{{ lookup('env', 'SSH_PUB_KEY') }}"
 service_subnet_v4: "{{ lookup('env', 'SERVICE_SUBNET_V4') }}"
 service_subnet_v6: "{{ lookup('env', 'SERVICE_SUBNET_V6') }}"