Add OLM install scripts

playbooks/common/private/components.yml

@@ -51,6 +51,9 @@
 - import_playbook: ../../openshift-service-catalog/private/config.yml
   when: openshift_enable_service_catalog | default(true) | bool
 
+- import_playbook: ../../olm/private/config.yml
+  when: openshift_enable_olm | default(false) | bool
+
 - import_playbook: ../../openshift-management/private/config.yml
   when: openshift_management_install_management | default(false) | bool
 

playbooks/olm/config.yml

@@ -0,0 +1,9 @@
+---
+- import_playbook: ../init/main.yml
+  vars:
+    l_init_fact_hosts: "oo_masters_to_config"
+    l_openshift_version_set_hosts: "oo_masters_to_config:!oo_first_master"
+    l_openshift_version_check_hosts: "all:!all"
+    l_sanity_check_hosts: "{{ groups['oo_masters_to_config'] }}"
+
+- import_playbook: private/config.yml

playbooks/olm/private/config.yml

@@ -0,0 +1,35 @@
+---
+- name: OLM Install Checkpoint Start
+  hosts: all
+  gather_facts: false
+  tasks:
+  - name: Set OLM install 'In Progress'
+    run_once: true
+    set_stats:
+      data:
+        installer_phase_olm:
+          title: "OLM Install"
+          playbook: "deploy/playbook/config.yml"
+          status: "In Progress"
+          start: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}"
+
+- name: Operator Lifecycle Manager
+  hosts: oo_first_master
+  vars:
+    first_master: "{{ groups.oo_first_master[0] }}"
+  tasks:
+  - import_role:
+      name: olm
+    when: openshift_version | version_compare('3.9', '>=')
+
+- name: OLM Install Checkpoint End
+  hosts: all
+  gather_facts: false
+  tasks:
+  - name: Set OLM install 'Complete'
+    run_once: true
+    set_stats:
+      data:
+        installer_phase_olm:
+          status: "Complete"
+          end: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}"

playbooks/olm/private/roles

@@ -0,0 +1 @@
+../../../roles/

roles/olm/defaults/main.yaml

@@ -0,0 +1,3 @@
+---
+operator_lifecycle_manager_remove: false
+operator_lifecycle_manager_install: true

roles/olm/files/01-alm-operator.serviceaccount.yaml

@@ -0,0 +1,11 @@
+##---
+# Source: olm/templates/01-alm-operator.serviceaccount.yaml
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+  name: alm-operator-serviceaccount
+  namespace: operator-lifecycle-manager
+  labels:
+    tectonic-operators.coreos.com/managed-by: tectonic-x-operator
+imagePullSecrets:
+- name: coreos-pull-secret

roles/olm/files/02-alm-operator.rolebinding.yaml

@@ -0,0 +1,16 @@
+##---
+# Source: olm/templates/02-alm-operator.rolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: alm-operator-binding
+  labels:
+    tectonic-operators.coreos.com/managed-by: tectonic-x-operator
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+- kind: ServiceAccount
+  name: alm-operator-serviceaccount
+  namespace: operator-lifecycle-manager

roles/olm/files/03-clusterserviceversion.crd.yaml

@@ -0,0 +1,413 @@
+##---
+# Source: olm/templates/03-clusterserviceversion.crd.yaml
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterserviceversion-v1s.app.coreos.com
+  annotations:
+    displayName: Operator Version
+    description: Represents an Operator that should be running on the cluster, including requirements and install strategy.
+  labels:
+    tectonic-operators.coreos.com/managed-by: tectonic-x-operator
+spec:
+  names:
+    plural: clusterserviceversion-v1s
+    singular: clusterserviceversion-v1
+    kind: ClusterServiceVersion-v1
+    listKind: ClusterServiceVersionList-v1
+  group: app.coreos.com
+  version: v1alpha1
+  scope: Namespaced
+  validation:
+    openAPIV3Schema:
+      type: object
+      description: Represents a single version of the operator software
+      required:
+      - spec
+      properties:
+        spec:
+          type: object
+          description: Spec for a ClusterServiceVersion
+          required:
+          - displayName
+          - install
+          properties:
+            displayName:
+              type: string
+              description: Human readable name of the application that will be displayed in the ALM UI
+
+            description:
+              type: string
+              description: Human readable description of what the application does
+
+            keywords:
+              type: array
+              description: List of keywords which will be used to discover and categorize app types
+              items:
+                type: string
+
+            maintainers:
+              type: array
+              description: Those responsible for the creation of this specific app type
+              items:
+                type: object
+                description: Information for a single maintainer
+                required:
+                - name
+                - email
+                properties:
+                  name:
+                    type: string
+                    description: Maintainer's name
+                  email:
+                    type: string
+                    description: Maintainer's email address
+                    format: email
+                optionalProperties:
+                  type: string
+                  description: "Any additional key-value metadata you wish to expose about the maintainer, e.g. github: <username>"
+
+            links:
+              type: array
+              description: Interesting links to find more information about the project, such as marketing page, documentation, or github page
+              items:
+                type: object
+                description: A single link to describe one aspect of the project
+                required:
+                - name
+                - url
+                properties:
+                  name:
+                    type: string
+                    description: Name of the link type, e.g. homepage or github url
+                  url:
+                    type: string
+                    description: URL to which the link should point
+                    format: uri
+
+            icon:
+              type: array
+              description: Icon which should be rendered with the application information
+              required:
+              - base64data
+              - mediatype
+              properties:
+                base64data:
+                  type: string
+                  description: Base64 binary representation of the icon image
+                  pattern: ^(?:[A-Za-z0-9+/]{4}){0,16250}(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$
+                mediatype:
+                  type: string
+                  description: Mediatype for the binary data specified in the base64data property
+                  enum:
+                  - image/gif
+                  - image/jpeg
+                  - image/png
+                  - image/svg+xml
+            version:
+              type: string
+              description: Version string, recommended that users use semantic versioning
+              pattern: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(-(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(\.(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*)?(\+[0-9a-zA-Z-]+(\.[0-9a-zA-Z-]+)*)?$
+
+            replaces:
+              type: string
+              description: Name of the ClusterServiceVersion custom resource that this version replaces
+
+            maturity:
+              type: string
+              description: What level of maturity the software has achieved at this version
+              enum:
+              - planning
+              - pre-alpha
+              - alpha
+              - beta
+              - stable
+              - mature
+              - inactive
+              - deprecated
+            labels:
+              type: object
+              description: Labels that will be applied to associated resources created by the operator.
+            selector:
+              type: object
+              description: Label selector to find resources associated with or managed by the operator
+              properties:
+                matchLabels:
+                  type: object
+                  description: Label key:value pairs to match directly
+                matchExpressions:
+                  type: array
+                  descriptions: A set of expressions to match against the resource.
+                  items:
+                    allOf:
+                      - type: object
+                        required:
+                        - key
+                        - operator
+                        - values
+                        properties:
+                          key:
+                            type: string
+                            description: the key to match
+                          operator:
+                            type: string
+                            description: the operator for the expression
+                            enum:
+                            - In
+                            - NotIn
+                            - Exists
+                            - DoesNotExist
+                          values:
+                            type: array
+                            description: set of values for the expression
+            customresourcedefinitions:
+              type: object
+              properties:
+                owned:
+                  type: array
+                  description: What resources this operator is responsible for managing. No two running operators should manage the same resource.
+                  items:
+                    type: object
+                    required:
+                      - name
+                      - version
+                      - kind
+                      - displayName
+                      - description
+                    properties:
+                      name:
+                        type: string
+                        description: Fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com)
+                      version:
+                        type: string
+                        description: The version field of the CustomResourceDefinition
+                      kind:
+                        type: string
+                        description: The kind field of the CustomResourceDefinition
+                      displayName:
+                        type: string
+                        description: A human-readable name for the CRD.
+                      description:
+                        type: string
+                        description: A description of the CRD
+                      resources:
+                        type: array
+                        items:
+                          type: object
+                          description: A list of resources that should be displayed for the CRD
+                          required:
+                            - kind
+                            - version
+                          properties:
+                            name:
+                              type: string
+                              description: If a CRD, the fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com)
+                            version:
+                              type: string
+                              description: The version of the resource kind
+                            kind:
+                              type: string
+                              description: The kind field of the resource kind
+                      statusDescriptors:
+                        type: array
+                        items:
+                          type: object
+                          description: A spec for a field in the status block of the CRD
+                          required:
+                            - path
+                            - displayName
+                            - description
+                          properties:
+                            path:
+                              type: string
+                              description: A jsonpath indexing into the status object on the CR where the the status value can be found.
+                            displayName:
+                              type: string
+                              description: A human-readable name for the status entry.
+                            description:
+                              type: string
+                              description: A description of the status entry.
+                            x-descriptors:
+                              type: array
+                              description: A list of descriptors for the status entry that indicate the meaning of the field.
+                              items:
+                                type: string
+                            value:
+                              type: object
+                              description: If present, the value of this status is the same for all instances of the CRD and can be found here instead of on the CR.
+                      specDescriptors:
+                        type: array
+                        items:
+                          type: object
+                          description: A spec for a field in the spec block of the CRD
+                          required:
+                            - path
+                            - displayName
+                            - description
+                          properties:
+                            path:
+                              type: string
+                              description: A jsonpath indexing into the spec object on the CR where the the spec value can be found.
+                            displayName:
+                              type: string
+                              description: A human-readable name for the spec entry.
+                            description:
+                              type: string
+                              description: A description of the spec entry.
+                            x-descriptors:
+                              type: array
+                              description: A list of descriptors for the spec entry that indicate the meaning of the field.
+                              items:
+                                type: string
+                            value:
+                              type: object
+                              description: If present, the value of this spec is the same for all instances of the CRD and can be found here instead of on the CR.
+                required:
+                  type: array
+                  description: What resources this operator is responsible for managing. No two running operators should manage the same resource.
+                  items:
+                    type: object
+                    required:
+                      - name
+                      - version
+                      - kind
+                      - displayName
+                      - description
+                    properties:
+                      name:
+                        type: string
+                        description: Fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com)
+                      version:
+                        type: string
+                        description: The version field of the CustomResourceDefinition
+                      kind:
+                        type: string
+                        description: The kind field of the CustomResourceDefinition
+                      displayName:
+                        type: string
+                        description: A human-readable name for the CRD.
+                      description:
+                        type: string
+                        description: A description of the CRD
+                      statusDescriptors:
+                        type: array
+                        items:
+                          type: object
+                          description: A spec for a field in the status block of the CRD
+                          required:
+                            - path
+                            - displayName
+                            - description
+                          properties:
+                            path:
+                              type: string
+                              description: A jsonpath indexing into the status object on the CR where the the status value can be found.
+                            displayName:
+                              type: string
+                              description: A human-readable name for the status entry.
+                            description:
+                              type: string
+                              description: A description of the status entry.
+                            x-descriptors:
+                              type: array
+                              description: A list of descriptors for the status entry that indicate the meaning of the field.
+                              items:
+                                type: string
+                            value:
+                              type: object
+                              description: If present, the value of this status is the same for all instances of the CRD and can be found here instead of on the CR.
+
+
+            install:
+              type: object
+              description: Information required to install this specific version of the operator software
+              oneOf:
+              - type: object
+                required:
+                - strategy
+                - spec
+                properties:
+                  strategy:
+                    type: string
+                    enum: ['image']
+                  spec:
+                    type: object
+                    required:
+                    - image
+                    properties:
+                      image:
+                        type: string
+              - type: object
+                required:
+                - strategy
+                - spec
+                properties:
+                  strategy:
+                    type: string
+                    enum: ['deployment']
+                  spec:
+                    type: object
+                    required:
+                    - deployments
+                    properties:
+                      deployments:
+                        type: array
+                        description: List of deployments to create
+                        items:
+                          type: object
+                          description: A name and deployment to create in the cluster
+                          required:
+                            - name
+                            - spec
+                          properties:
+                            name:
+                              type: string
+                              description: the consistent name of the deployment
+                            spec:
+                              type: object
+                              description: The deployment spec to create in the cluster
+                      permissions:
+                        type: array
+                        description: Permissions needed by the deployement to run correctly
+                        items:
+                          type: object
+                          required:
+                            - serviceAccountName
+                            - rules
+                          properties:
+                            serviceAccountName:
+                              type: string
+                              description: The service account name to create for the deployment
+                            rules:
+                              type: array
+                              items:
+                                type: object
+                                description: a rule required by the service account
+                                properties:
+                                  apiGroups:
+                                    type: array
+                                    description: apiGroups the rule applies to
+                                    items:
+                                      type: string
+                                  resources:
+                                    type: array
+                                    items:
+                                      type: string
+                                  resourceNames:
+                                    type: array
+                                    items:
+                                      type: string
+                                  verbs:
+                                    type: array
+                                    items:
+                                      type: string
+                                      enum:
+                                        - "*"
+                                        - get
+                                        - list
+                                        - watch
+                                        - create
+                                        - update
+                                        - patch
+                                        - delete
+                                        - deletecollection

roles/olm/files/05-catalogsource.crd.yaml

@@ -0,0 +1,54 @@
+##---
+# Source: olm/templates/05-catalogsource.crd.yaml
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: catalogsource-v1s.app.coreos.com
+  annotations:
+    displayName: CatalogSource
+    description: A source configured to find packages and updates.
+  labels:
+    tectonic-operators.coreos.com/managed-by: tectonic-x-operator
+spec:
+  group: app.coreos.com
+  version: v1alpha1
+  scope: Namespaced
+  names:
+    plural: catalogsource-v1s
+    singular: catalogsource-v1
+    kind: CatalogSource-v1
+    listKind: CatalogSourceList-v1
+  validation:
+    openAPIV3Schema:
+      type: object
+      description: Represents a subscription to a source and channel
+      required:
+      - spec
+      properties:
+        spec:
+          type: object
+          description: Spec for a subscription
+          required:
+          - sourceType
+          - name
+          properties:
+            sourceType:
+              type: string
+              description: The type of the source. Currently the only supported type is "internal".
+              enum:
+              - internal
+
+            configMap:
+              type: string
+              string: The name of a ConfigMap that holds the entries for an in-memory catalog.
+
+            name:
+              type: string
+              description: Name of this catalog source
+
+            secrets:
+              type: array
+              description: A set of secrets that can be used to access the contents of the catalog. It is best to keep this list small, since each will need to be tried for every catalog entry.
+              items:
+                type: string
+                description: A name of a secret in the namespace where the CatalogSource is defined.

roles/olm/files/06-installplan.crd.yaml

@@ -0,0 +1,60 @@
+##---
+# Source: olm/templates/06-installplan.crd.yaml
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: installplan-v1s.app.coreos.com
+  annotations:
+    displayName: Install Plan
+    description: Represents a plan to install and resolve dependencies for Cluster Services
+  labels:
+    tectonic-operators.coreos.com/managed-by: tectonic-x-operator
+spec:
+  group: app.coreos.com
+  version: v1alpha1
+  scope: Namespaced
+  names:
+    plural: installplan-v1s
+    singular: installplan-v1
+    kind: InstallPlan-v1
+    listKind: InstallPlanList-v1
+  validation:
+    openAPIV3Schema:
+      type: object
+      description: Document which defines the desire and current state of an installation of a Cluster Service
+      required:
+      - spec
+      properties:
+        spec:
+          type: object
+          description: Spec for an InstallPlan
+          required:
+          - clusterServiceVersionNames
+          - approval
+          properties:
+            clusterServiceVersionNames:
+              type: array
+              description: A list of the names of the Cluster Services
+              items:
+                type: string
+            approval:
+              type: string
+              enum:
+              - Automatic
+              - Manual
+              - Update-Only # Will only apply an update if it updates existing packages only and doesn't add any new ones
+            approved:
+              type: boolean
+      anyOf:
+        - properties:
+          approval: 
+            enum: 
+              - Manual
+          required:
+            - approved
+        - properties:
+          approval:
+            enum:
+              - Automatic
+              - Update-Only
+          required: []

roles/olm/files/07-subscription.crd.yaml

@@ -0,0 +1,49 @@
+##---
+# Source: olm/templates/07-subscription.crd.yaml
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: subscription-v1s.app.coreos.com
+  annotations:
+    displayName: Subscription
+    description: Subcribes service catalog to a source and channel to recieve updates for packages.
+  labels:
+    tectonic-operators.coreos.com/managed-by: tectonic-x-operator
+spec:
+  group: app.coreos.com
+  version: v1alpha1
+  scope: Namespaced
+  names:
+    plural: subscription-v1s
+    singular: subscription-v1
+    kind: Subscription-v1
+    listKind: SubscriptionList-v1
+  validation:
+    openAPIV3Schema:
+      type: object
+      description: Represents a subscription to a source and channel
+      required:
+      - spec
+      properties:
+        spec:
+          type: object
+          description: Spec for a Subscription
+          required:
+          - source
+          - name
+          properties:
+            source:
+              type: string
+              description: Name of a CatalogSource that defines where and how to find the channel
+
+            name:
+              type: string
+              description: Name of the package that defines the application
+
+            channel:
+              type: string
+              description: Name of the channel to track
+            
+            startingCSV:
+              type: string
+              description: Name of the AppType that this subscription tracks

roles/olm/files/10-tectonicocs.catalogsource.yaml

@@ -0,0 +1,19 @@
+##---
+# Source: olm/templates/10-tectonicocs.catalogsource.yaml
+
+#! validate-crd: ./deploy/chart/templates/05-catalogsource.crd.yaml
+#! parse-kind: CatalogSource
+apiVersion: app.coreos.com/v1alpha1
+kind: CatalogSource-v1
+metadata:
+  name: tectonic-ocs
+  namespace: operator-lifecycle-manager
+  annotations:
+    tectonic-operators.coreos.com/upgrade-strategy: 'DeleteAndRecreate'
+spec:
+  name: tectonic-ocs
+  sourceType: internal
+  configMap: tectonic-ocs
+  displayName: Tectonic Open Cloud Services
+  publisher: CoreOS, Inc.
+

roles/olm/files/12-alm-operator.deployment.yaml

@@ -0,0 +1,48 @@
+##---
+# Source: olm/templates/12-alm-operator.deployment.yaml
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: alm-operator
+  namespace: operator-lifecycle-manager
+  labels:
+    app: alm-operator
+    tectonic-operators.coreos.com/managed-by: tectonic-x-operator
+spec:
+  strategy:
+    type: RollingUpdate
+  replicas: 1
+  selector:
+    matchLabels:
+      app: alm-operator
+  template:
+    metadata:
+      labels:
+        app: alm-operator
+    spec:
+      serviceAccountName: alm-operator-serviceaccount
+      containers:
+        - name: alm-operator
+          command:
+          - /bin/alm
+          image: quay.io/coreos/olm@sha256:d19b64d801a08fd4838ed4bd9752712688ac9f2a26fab89bcb4f28b1bbdcab16
+          imagePullPolicy: IfNotPresent
+          ports:
+            - containerPort: 8080
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: 8080
+          readinessProbe:
+            httpGet:
+              path: /healthz
+              port: 8080
+          env:
+          - name: OPERATOR_NAMESPACE
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
+          - name: OPERATOR_NAME
+            value: alm-operator
+      imagePullSecrets:
+        - name: coreos-pull-secret

roles/olm/files/13-catalog-operator.deployment.yaml

@@ -0,0 +1,44 @@
+##---
+# Source: olm/templates/13-catalog-operator.deployment.yaml
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: catalog-operator
+  namespace: operator-lifecycle-manager
+  labels:
+    app: catalog-operator
+    tectonic-operators.coreos.com/managed-by: tectonic-x-operator
+spec:
+  strategy:
+    type: RollingUpdate
+  replicas: 1
+  selector:
+    matchLabels:
+      app: catalog-operator
+  template:
+    metadata:
+      labels:
+        app: catalog-operator
+    spec:
+      serviceAccountName: alm-operator-serviceaccount
+      containers:
+        - name: catalog-operator
+          command:
+          - /bin/catalog
+          - '-namespace'
+          - operator-lifecycle-manager
+          - '-debug'
+          image: quay.io/coreos/catalog@sha256:299a9cd6b34c9ccb601d6fffa8b6a633658165510940ed8c5481ce6acdad46b1
+          imagePullPolicy: IfNotPresent
+          ports:
+            - containerPort: 8080
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: 8080
+          readinessProbe:
+            httpGet:
+              path: /healthz
+              port: 8080
+      imagePullSecrets:
+        - name: coreos-pull-secret

roles/olm/files/14-alm-servicebroker.clusterservicebroker.yaml

@@ -0,0 +1,20 @@
+##---
+# Source: olm/templates/14-alm-servicebroker.clusterservicebroker.yaml
+
+apiVersion: servicecatalog.k8s.io/v1beta1
+kind: ClusterServiceBroker
+metadata:
+  finalizers:
+  - kubernetes-incubator/service-catalog
+  name: alm-service-broker
+spec:
+  authInfo:
+    bearer:
+      secretRef:
+        name: almservicebroker-client
+        namespace: operator-lifecycle-manager
+  relistBehavior: Duration
+  relistDuration: 15m0s
+  relistRequests: 0
+  url: http://alm-service-broker.operator-lifecycle-manager.svc:8005
+

roles/olm/files/15-alm-servicebroker.service.yaml

@@ -0,0 +1,21 @@
+##---
+# Source: olm/templates/15-alm-servicebroker.service.yaml
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: alm-service-broker
+  namespace: operator-lifecycle-manager
+  labels:
+    app: alm-service-broker
+    tectonic-operators.coreos.com/managed-by: tectonic-x-operator
+spec:
+  type: ClusterIP
+  ports:
+    - name: healthz
+      port: 8080
+    - name: broker
+      port: 8005
+  selector:
+    app: alm-service-broker
+

roles/olm/files/16-almservicebroker-client.secret.yaml

@@ -0,0 +1,13 @@
+##---
+# Source: olm/templates/16-almservicebroker-client.secret.yaml
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: almservicebroker-client
+  namespace: operator-lifecycle-manager
+  annotations:
+    kubernetes.io/service-account.name: alm-operator-serviceaccount
+    tectonic-operators.coreos.com/managed-by: tectonic-x-operator
+type: kubernetes.io/service-account-token
+

roles/olm/files/17-alm-servicebroker.deployment.yaml

@@ -0,0 +1,44 @@
+##---
+# Source: olm/templates/17-alm-servicebroker.deployment.yaml
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: alm-service-broker
+  namespace: operator-lifecycle-manager
+  labels:
+    app: alm-service-broker
+    tectonic-operators.coreos.com/managed-by: tectonic-x-operator
+spec:
+  strategy:
+    type: RollingUpdate
+  replicas: 1
+  selector:
+    matchLabels:
+      app: alm-service-broker
+  template:
+    metadata:
+      labels:
+        app: alm-service-broker
+    spec:
+      serviceAccountName: alm-operator-serviceaccount
+      containers:
+        - name: alm-service-broker
+          command:
+          - /bin/servicebroker
+          - '-debug'
+          image: quay.io/coreos/alm-service-broker@sha256:3f7bc4b3ead4372df6f455f4f4f791c241e6e47b5fbdf2296de257282a8aec80
+          imagePullPolicy: IfNotPresent
+          ports:
+            - containerPort: 8080
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: 8080
+          readinessProbe:
+            httpGet:
+              path: /healthz
+              port: 8080
+      imagePullSecrets:
+        - name: coreos-pull-secret
+

roles/olm/files/18-upstreamcomponents.configmap.yaml

@@ -0,0 +1,462 @@
+##---
+# Source: olm/templates/18-upstreamcomponents.configmap.yaml
+
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: upstream-components
+  namespace: operator-lifecycle-manager
+  labels:
+    tectonic-operators.coreos.com/managed-by: tectonic-x-operator
+
+data:
+  customResourceDefinitions: |-
+    - apiVersion: apiextensions.k8s.io/v1beta1
+      kind: CustomResourceDefinition
+      metadata:
+        name: meterings.chargeback.coreos.com
+        annotations:
+          catalog.app.coreos.com/description: An instance of Chargeback
+          catalog.app.coreos.com/displayName: Chargeback
+      spec:
+        group: chargeback.coreos.com
+        version: v1alpha1
+        scope: Namespaced
+        names:
+          plural: meterings
+          singular: metering
+          kind: Metering
+          listKind: MeteringList
+      
+    - apiVersion: apiextensions.k8s.io/v1beta1
+      kind: CustomResourceDefinition
+      metadata:
+        name: prestotables.chargeback.coreos.com
+        annotations:
+          catalog.app.coreos.com/displayName: "Chargeback Presto Table"
+          catalog.app.coreos.com/description: "A table within PrestoDB"
+      spec:
+        group: chargeback.coreos.com
+        version: v1alpha1
+        scope: Namespaced
+        names:
+          plural: prestotables
+          singular: prestotable
+          kind: PrestoTable
+      
+    - apiVersion: apiextensions.k8s.io/v1beta1
+      kind: CustomResourceDefinition
+      metadata:
+        name: reports.chargeback.coreos.com
+        annotations:
+          catalog.app.coreos.com/displayName: "Chargeback Report"
+          catalog.app.coreos.com/description: "A chargeback report for a specific time interval"
+      spec:
+        group: chargeback.coreos.com
+        version: v1alpha1
+        scope: Namespaced
+        names:
+          plural: reports
+          kind: Report
+      
+    - apiVersion: apiextensions.k8s.io/v1beta1
+      kind: CustomResourceDefinition
+      metadata:
+        name: reportdatasources.chargeback.coreos.com
+        annotations:
+          catalog.app.coreos.com/displayName: "Chargeback data source"
+          catalog.app.coreos.com/description: "A resource describing a source of data for usage by Report Generation Queries"
+      spec:
+        group: chargeback.coreos.com
+        version: v1alpha1
+        scope: Namespaced
+        names:
+          plural: reportdatasources
+          singular: reportdatasource
+          kind: ReportDataSource
+      
+    - apiVersion: apiextensions.k8s.io/v1beta1
+      kind: CustomResourceDefinition
+      metadata:
+        name: reportgenerationqueries.chargeback.coreos.com
+        annotations:
+          catalog.app.coreos.com/displayName: "Chargeback generation query"
+          catalog.app.coreos.com/description: "A SQL query used by Chargeback to generate reports"
+      spec:
+        group: chargeback.coreos.com
+        version: v1alpha1
+        scope: Namespaced
+        names:
+          plural: reportgenerationqueries
+          singular: reportgenerationquery
+          kind: ReportGenerationQuery
+      
+    - apiVersion: apiextensions.k8s.io/v1beta1
+      kind: CustomResourceDefinition
+      metadata:
+        name: reportprometheusqueries.chargeback.coreos.com
+        annotations:
+          catalog.app.coreos.com/displayName: "Chargeback prometheus query"
+          catalog.app.coreos.com/description: "A Prometheus query by Chargeback to do metering"
+      spec:
+        group: chargeback.coreos.com
+        version: v1alpha1
+        scope: Namespaced
+        names:
+          plural: reportprometheusqueries
+          singular: reportprometheusquery
+          kind: ReportPrometheusQuery
+      
+    - apiVersion: apiextensions.k8s.io/v1beta1
+      kind: CustomResourceDefinition
+      metadata:
+        name: scheduledreports.chargeback.coreos.com
+        annotations:
+          catalog.app.coreos.com/displayName: "Chargeback Scheduled Report"
+          catalog.app.coreos.com/description: "A chargeback report that runs on a scheduled interval"
+      spec:
+        group: chargeback.coreos.com
+        version: v1alpha1
+        scope: Namespaced
+        names:
+          plural: scheduledreports
+          kind: ScheduledReport
+      
+    - apiVersion: apiextensions.k8s.io/v1beta1
+      kind: CustomResourceDefinition
+      metadata:
+        name: storagelocations.chargeback.coreos.com
+        annotations:
+          catalog.app.coreos.com/displayName: "Chargeback storage location"
+          catalog.app.coreos.com/description: "Represents a configurable storage location for Chargeback to store metering and report data"
+      spec:
+        group: chargeback.coreos.com
+        version: v1alpha1
+        scope: Namespaced
+        names:
+          plural: storagelocations
+          kind: StorageLocation
+      
+  clusterServiceVersions: |-
+    - #! validate-crd: ./deploy/chart/templates/03-clusterserviceversion.crd.yaml
+      #! parse-kind: ClusterServiceVersion
+      apiVersion: app.coreos.com/v1alpha1
+      kind: ClusterServiceVersion-v1
+      metadata:
+        name: metering-helm-operator.v0.6.0
+        namespace: placeholder
+        annotations:
+          tectonic-visibility: tectonic-feature
+        labels:
+          alm-catalog: tectonic-feature
+          operator-metering: "true"
+      spec:
+        displayName: Metering
+        description: Metering can generate reports based on historical usage data from a cluster, providing accountability for how resources have been used.
+        keywords: [metering metrics reporting coreos]
+        version: 0.6.0
+        maturity: alpha
+        maintainers:
+          - email: support@coreos.com
+            name: CoreOS, Inc
+        provider:
+          name: CoreOS, Inc
+        labels:
+          alm-owner-metering: metering-helm-operator
+          alm-status-descriptors: metering-helm-operator.v0.6.0
+        selector:
+          matchLabels:
+            alm-owner-metering: metering-helm-operator
+        install:
+          strategy: deployment
+          spec:
+            permissions:
+              - rules:
+                - apiGroups:
+                  - chargeback.coreos.com
+                  resources:
+                  - '*'
+                  verbs:
+                  - '*'
+                - apiGroups:
+                  - ""
+                  resources:
+                  - pods
+                  - pods/attach
+                  - pods/exec
+                  - pods/portforward
+                  - pods/proxy
+                  verbs:
+                  - create
+                  - delete
+                  - deletecollection
+                  - get
+                  - list
+                  - patch
+                  - update
+                  - watch
+                - apiGroups:
+                  - ""
+                  resources:
+                  - configmaps
+                  - endpoints
+                  - persistentvolumeclaims
+                  - replicationcontrollers
+                  - replicationcontrollers/scale
+                  - secrets
+                  - serviceaccounts
+                  - services
+                  - services/proxy
+                  verbs:
+                  - create
+                  - delete
+                  - deletecollection
+                  - get
+                  - list
+                  - patch
+                  - update
+                  - watch
+                - apiGroups:
+                  - ""
+                  resources:
+                  - bindings
+                  - events
+                  - limitranges
+                  - namespaces/status
+                  - pods/log
+                  - pods/status
+                  - replicationcontrollers/status
+                  - resourcequotas
+                  - resourcequotas/status
+                  verbs:
+                  - get
+                  - list
+                  - watch
+                - apiGroups:
+                  - ""
+                  resources:
+                  - events
+                  verbs:
+                  - create
+                  - update
+                  - patch
+                - apiGroups:
+                  - ""
+                  resources:
+                  - namespaces
+                  verbs:
+                  - get
+                  - list
+                  - watch
+                - apiGroups:
+                  - apps
+                  resources:
+                  - deployments
+                  - deployments/rollback
+                  - deployments/scale
+                  - statefulsets
+                  verbs:
+                  - create
+                  - delete
+                  - deletecollection
+                  - get
+                  - list
+                  - patch
+                  - update
+                  - watch
+                - apiGroups:
+                  - batch
+                  resources:
+                  - cronjobs
+                  - jobs
+                  verbs:
+                  - create
+                  - delete
+                  - deletecollection
+                  - get
+                  - list
+                  - patch
+                  - update
+                  - watch
+                - apiGroups:
+                  - extensions
+                  resources:
+                  - daemonsets
+                  - deployments
+                  - deployments/rollback
+                  - deployments/scale
+                  - replicasets
+                  - replicasets/scale
+                  - replicationcontrollers/scale
+                  verbs:
+                  - create
+                  - delete
+                  - deletecollection
+                  - get
+                  - list
+                  - patch
+                  - update
+                  - watch
+                - apiGroups:
+                  - rbac.authorization.k8s.io
+                  resources:
+                  - rolebindings
+                  - roles
+                  verbs:
+                  - create
+                  - delete
+                  - deletecollection
+                  - get
+                  - list
+                  - patch
+                  - update
+                  - watch
+                serviceAccountName: metering-helm-operator
+            deployments:
+              - name: metering-helm-operator
+                spec:
+                  replicas: 1
+                  selector:
+                    matchLabels:
+                      app: metering-helm-operator
+                  strategy:
+                    type: Recreate
+                  template:
+                    metadata:
+                      labels:
+                        app: metering-helm-operator
+                    spec:
+                      containers:
+                      - args:
+                        - run-operator.sh
+                        env:
+                        - name: HELM_RELEASE_CRD_NAME
+                          value: Metering
+                        - name: HELM_RELEASE_CRD_API_GROUP
+                          value: chargeback.coreos.com
+                        - name: HELM_CHART_PATH
+                          value: /operator-metering-0.1.0.tgz
+                        - name: MY_POD_NAME
+                          valueFrom:
+                            fieldRef:
+                              fieldPath: metadata.name
+                        - name: MY_POD_NAMESPACE
+                          valueFrom:
+                            fieldRef:
+                              fieldPath: metadata.namespace
+                        - name: HELM_HOST
+                          value: 127.0.0.1:44134
+                        - name: HELM_WAIT
+                          value: "false"
+                        - name: HELM_RECONCILE_INTERVAL_SECONDS
+                          value: "30"
+                        - name: RELEASE_HISTORY_LIMIT
+                          value: "3"
+                        image: quay.io/coreos/chargeback-helm-operator:0.6.0
+                        imagePullPolicy: Always
+                        name: metering-helm-operator
+                        resources:
+                          limits:
+                            cpu: 50m
+                            memory: 25Mi
+                          requests:
+                            cpu: 50m
+                            memory: 25Mi
+                      - args:
+                        - /tiller
+                        env:
+                        - name: TILLER_NAMESPACE
+                          valueFrom:
+                            fieldRef:
+                              fieldPath: metadata.namespace
+                        - name: TILLER_HISTORY_MAX
+                          value: "3"
+                        image: quay.io/coreos/chargeback-helm-operator:0.6.0
+                        imagePullPolicy: Always
+                        livenessProbe:
+                          failureThreshold: 3
+                          httpGet:
+                            path: /liveness
+                            port: 44135
+                            scheme: HTTP
+                          initialDelaySeconds: 1
+                          periodSeconds: 10
+                          successThreshold: 1
+                          timeoutSeconds: 1
+                        name: tiller
+                        readinessProbe:
+                          failureThreshold: 3
+                          httpGet:
+                            path: /readiness
+                            port: 44135
+                            scheme: HTTP
+                          initialDelaySeconds: 1
+                          periodSeconds: 10
+                          successThreshold: 1
+                          timeoutSeconds: 1
+                        resources:
+                          limits:
+                            cpu: 50m
+                            memory: 100Mi
+                          requests:
+                            cpu: 50m
+                            memory: 50Mi
+                      imagePullSecrets: []
+                      restartPolicy: Always
+                      securityContext:
+                        runAsNonRoot: true
+                      serviceAccount: metering-helm-operator
+                      terminationGracePeriodSeconds: 30
+        customresourcedefinitions:
+          owned:
+          - description: An instance of Metering
+            displayName: Metering
+            kind: Metering
+            name: meterings.chargeback.coreos.com
+            version: v1alpha1
+          - description: A table within PrestoDB
+            displayName: Chargeback Presto Table
+            kind: PrestoTable
+            name: prestotables.chargeback.coreos.com
+            version: v1alpha1
+          - description: A resource describing a source of data for usage by Report Generation
+              Queries
+            displayName: Chargeback data source
+            kind: ReportDataSource
+            name: reportdatasources.chargeback.coreos.com
+            version: v1alpha1
+          - description: A SQL query used by Chargeback to generate reports
+            displayName: Chargeback generation query
+            kind: ReportGenerationQuery
+            name: reportgenerationqueries.chargeback.coreos.com
+            version: v1alpha1
+          - description: A Prometheus query by Chargeback to do metering
+            displayName: Chargeback prometheus query
+            kind: ReportPrometheusQuery
+            name: reportprometheusqueries.chargeback.coreos.com
+            version: v1alpha1
+          - description: A chargeback report for a specific time interval
+            displayName: Chargeback Report
+            kind: Report
+            name: reports.chargeback.coreos.com
+            version: v1alpha1
+          - description: A chargeback report that runs on a scheduled interval
+            displayName: Chargeback Scheduled Report
+            kind: ScheduledReport
+            name: scheduledreports.chargeback.coreos.com
+            version: v1alpha1
+          - description: Represents a configurable storage location for Chargeback to store
+              metering and report data
+            displayName: Chargeback storage location
+            kind: StorageLocation
+            name: storagelocations.chargeback.coreos.com
+            version: v1alpha1
+      
+  packages: |-
+    - #! package-manifest: ./deploy/chart/catalog_resources/upstream/metering.0.6.0.clusterserviceversion.yaml
+      packageName: metering
+      channels:
+      - currentCSV: metering-helm-operator.v0.6.0
+        name: alpha
+      
+

roles/olm/files/19-upstreamcomponents.catalogsource.yaml

@@ -0,0 +1,19 @@
+##---
+# Source: olm/templates/19-upstreamcomponents.catalogsource.yaml
+
+#! validate-crd: ./deploy/chart/templates/05-catalogsource.crd.yaml
+#! parse-kind: CatalogSource
+apiVersion: app.coreos.com/v1alpha1
+kind: CatalogSource-v1
+metadata:
+  name: upstream-components
+  namespace: operator-lifecycle-manager
+  annotations:
+    tectonic-operators.coreos.com/upgrade-strategy: 'DeleteAndRecreate'
+spec:
+  name: upstream-components
+  sourceType: internal
+  configMap: upstream-components
+  displayName: OLM Upstream Components
+  publisher: CoreOS, Inc.
+

roles/olm/meta/main.yaml

@@ -0,0 +1,16 @@
+---
+galaxy_info:
+  author: Evan Cordell
+  description: Operator Lifecycle Manager
+  company: Red Hat, Inc.
+  license: Apache License, Version 2.0
+  min_ansible_version: 2.1
+  platforms:
+  - name: EL
+    versions:
+    - 7
+  categories:
+  - cloud
+dependencies:
+- role: lib_utils
+- role: lib_openshift

roles/olm/tasks/install.yaml

@@ -0,0 +1,126 @@
+---
+
+- name: create operator-lifecycle-manager project
+  oc_project:
+    name: operator-lifecycle-manager
+    state: present
+    node_selector:
+      - ""
+
+- name: Make temp directory for manifests
+  command: mktemp -d /tmp/olm-ansible-XXXXXX
+  register: mktemp
+  changed_when: False
+
+- name: Copy manifests to temp directory
+  copy:
+    src: "{{ item }}"
+    dest: "{{ mktemp.stdout }}"
+  with_fileglob: files/*.yaml
+- name: Apply alm-operator-serviceaccount ServiceAccount manifest
+  oc_obj:
+    state: present
+    kind: ServiceAccount
+    name: alm-operator-serviceaccount
+    namespace: operator-lifecycle-manager
+    files:
+      - "{{ mktemp.stdout }}/01-alm-operator.serviceaccount.yaml"
+
+- name: Apply alm-operator-binding ClusterRoleBinding manifest
+  oc_obj:
+    state: present
+    kind: ClusterRoleBinding
+    name: alm-operator-binding
+    namespace: operator-lifecycle-manager
+    files:
+      - "{{ mktemp.stdout }}/02-alm-operator.rolebinding.yaml"
+
+- name: Apply clusterserviceversion-v1s.app.coreos.com CustomResourceDefinition manifest
+  oc_obj:
+    state: present
+    kind: CustomResourceDefinition
+    name: clusterserviceversion-v1s.app.coreos.com
+    namespace: operator-lifecycle-manager
+    files:
+      - "{{ mktemp.stdout }}/03-clusterserviceversion.crd.yaml"
+
+- name: Apply catalogsource-v1s.app.coreos.com CustomResourceDefinition manifest
+  oc_obj:
+    state: present
+    kind: CustomResourceDefinition
+    name: catalogsource-v1s.app.coreos.com
+    namespace: operator-lifecycle-manager
+    files:
+      - "{{ mktemp.stdout }}/05-catalogsource.crd.yaml"
+
+- name: Apply installplan-v1s.app.coreos.com CustomResourceDefinition manifest
+  oc_obj:
+    state: present
+    kind: CustomResourceDefinition
+    name: installplan-v1s.app.coreos.com
+    namespace: operator-lifecycle-manager
+    files:
+      - "{{ mktemp.stdout }}/06-installplan.crd.yaml"
+
+- name: Apply subscription-v1s.app.coreos.com CustomResourceDefinition manifest
+  oc_obj:
+    state: present
+    kind: CustomResourceDefinition
+    name: subscription-v1s.app.coreos.com
+    namespace: operator-lifecycle-manager
+    files:
+      - "{{ mktemp.stdout }}/07-subscription.crd.yaml"
+
+- name: Apply tectonic-ocs ConfigMap manifest
+  oc_obj:
+    state: present
+    kind: ConfigMap
+    name: tectonic-ocs
+    namespace: operator-lifecycle-manager
+    files:
+      - "{{ mktemp.stdout }}/08-tectonicocs.configmap.yaml"
+
+- name: Apply tectonic-ocs CatalogSource-v1 manifest
+  oc_obj:
+    state: present
+    kind: CatalogSource-v1
+    name: tectonic-ocs
+    namespace: operator-lifecycle-manager
+    files:
+      - "{{ mktemp.stdout }}/10-tectonicocs.catalogsource.yaml"
+
+- name: Apply alm-operator Deployment manifest
+  oc_obj:
+    state: present
+    kind: Deployment
+    name: alm-operator
+    namespace: operator-lifecycle-manager
+    files:
+      - "{{ mktemp.stdout }}/12-alm-operator.deployment.yaml"
+
+- name: Apply catalog-operator Deployment manifest
+  oc_obj:
+    state: present
+    kind: Deployment
+    name: catalog-operator
+    namespace: operator-lifecycle-manager
+    files:
+      - "{{ mktemp.stdout }}/13-catalog-operator.deployment.yaml"
+
+- name: Apply upstream-components ConfigMap manifest
+  oc_obj:
+    state: present
+    kind: ConfigMap
+    name: upstream-components
+    namespace: operator-lifecycle-manager
+    files:
+      - "{{ mktemp.stdout }}/18-upstreamcomponents.configmap.yaml"
+
+- name: Apply upstream-components CatalogSource-v1 manifest
+  oc_obj:
+    state: present
+    kind: CatalogSource-v1
+    name: upstream-components
+    namespace: operator-lifecycle-manager
+    files:
+      - "{{ mktemp.stdout }}/19-upstreamcomponents.catalogsource.yaml"

roles/olm/tasks/main.yaml

@@ -0,0 +1,8 @@
+---
+# do any asserts here
+
+- include_tasks: install.yaml
+  when: operator_lifecycle_manager_install | bool
+
+- include_tasks: remove.yaml
+  when: operator_lifecycle_manager_remove | bool

roles/olm/tasks/remove.yaml

@@ -0,0 +1,8 @@
+---
+
+- import_tasks: remove_components.yaml
+
+- name: remove openshift-ansible-service-broker project
+  oc_project:
+    name: openshift-ansible-service-broker
+    state: absent

roles/olm/tasks/remove_components.yaml

@@ -0,0 +1,84 @@
+---
+- name: Remove alm-operator-serviceaccount ServiceAccount manifest
+  oc_obj:
+    state: absent
+    kind: ServiceAccount
+    name: alm-operator-serviceaccount
+    namespace: operator-lifecycle-manager
+
+- name: Remove alm-operator-binding ClusterRoleBinding manifest
+  oc_obj:
+    state: absent
+    kind: ClusterRoleBinding
+    name: alm-operator-binding
+    namespace: operator-lifecycle-manager
+
+- name: Remove clusterserviceversion-v1s.app.coreos.com CustomResourceDefinition manifest
+  oc_obj:
+    state: absent
+    kind: CustomResourceDefinition
+    name: clusterserviceversion-v1s.app.coreos.com
+    namespace: operator-lifecycle-manager
+
+- name: Remove catalogsource-v1s.app.coreos.com CustomResourceDefinition manifest
+  oc_obj:
+    state: absent
+    kind: CustomResourceDefinition
+    name: catalogsource-v1s.app.coreos.com
+    namespace: operator-lifecycle-manager
+
+- name: Remove installplan-v1s.app.coreos.com CustomResourceDefinition manifest
+  oc_obj:
+    state: absent
+    kind: CustomResourceDefinition
+    name: installplan-v1s.app.coreos.com
+    namespace: operator-lifecycle-manager
+
+- name: Remove subscription-v1s.app.coreos.com CustomResourceDefinition manifest
+  oc_obj:
+    state: absent
+    kind: CustomResourceDefinition
+    name: subscription-v1s.app.coreos.com
+    namespace: operator-lifecycle-manager
+
+- name: Remove tectonic-ocs ConfigMap manifest
+  oc_obj:
+    state: absent
+    kind: ConfigMap
+    name: tectonic-ocs
+    namespace: operator-lifecycle-manager
+
+- name: Remove tectonic-ocs CatalogSource-v1 manifest
+  oc_obj:
+    state: absent
+    kind: CatalogSource-v1
+    name: tectonic-ocs
+    namespace: operator-lifecycle-manager
+
+- name: Remove alm-operator Deployment manifest
+  oc_obj:
+    state: absent
+    kind: Deployment
+    name: alm-operator
+    namespace: operator-lifecycle-manager
+
+- name: Remove catalog-operator Deployment manifest
+  oc_obj:
+    state: absent
+    kind: Deployment
+    name: catalog-operator
+    namespace: operator-lifecycle-manager
+
+- name: Remove upstream-components ConfigMap manifest
+  oc_obj:
+    state: absent
+    kind: ConfigMap
+    name: upstream-components
+    namespace: operator-lifecycle-manager
+
+- name: Remove upstream-components CatalogSource-v1 manifest
+  oc_obj:
+    state: absent
+    kind: CatalogSource-v1
+    name: upstream-components
+    namespace: operator-lifecycle-manager