Fix and improve Hive instllation

Pass pull_secret to Hive installation script, improve secret creation, use nameref local var, and more shell options. Skip missing ResourceGroup/KeyVault at clean_rp_dev_env, fix double quote to prevent word splitting and correct if statements

docs/deploy-full-rp-service-in-dev.md

@@ -143,7 +143,7 @@ Run the below command to automate the full RP int-like dev env using a container
         ```bash
         make aks.kubeconfig
         ./hack/hive/hive-generate-config.sh
-        KUBECONFIG=$(pwd)/aks.kubeconfig ./hack/hive/hive-dev-install.sh
+        KUBECONFIG=$(pwd)/aks.kubeconfig ./hack/hive/hive-dev-install.sh $PULL_SECRET
         ```
 
 1. Mirror the OpenShift images to your new Azure Container Registry (ACR)

docs/hive.md

@@ -7,7 +7,7 @@ The commit sha is used to specify the image tag and also used during config gene
 1. You can either
    1. Provide the hive image commit has as an argument to `hack/hive/hive-generate-config.sh`. This is useful for testing new hive images before hive releases.
       1. Example: `./hack/hive/hive-generate-config.sh d7ead609f4`
-   2. Accept the default version by providing no arguments, which should be the latest.
+   1. Accept the default version by providing no arguments, which should be the latest.
       1. Example: `./hack/hive/hive-generate-config.sh`
 
 ## Generating config
@@ -27,20 +27,24 @@ This will download the latest source, reset to the hash specified in HIVE_IMAGE_
 
 1. Connect to the appropriate aks vpn
    1. vpn-aks-westeurope.ovpn
-   2. vpn-aks-eastus.ovpn
-   3. vpn-aks-australiaeast.ovpn
-2. Ensure you have the latest AKS kubeconfig  
+   1. vpn-aks-eastus.ovpn
+   1. vpn-aks-australiaeast.ovpn
+1. Ensure you have the latest AKS kubeconfig  
+
     ```bash
     # get the AKS kubeconfig
     . ./env
     make aks.kubeconfig
     ```
-3. Set KUBECONFIG to the aks.kubeconfig file, for example:
+
+1. Set KUBECONFIG to the aks.kubeconfig file, for example:
+
     ```bash
     export KUBECONFIG="$PWD/aks.kubeconfig"
     ```
-4. Installing then simply requires the running of the install script.
+
+1. Run Hive installation script with PULL_SECRET
+
     ```bash
-    ./hack/hive/hive-dev-install.sh
+    ./hack/hive/hive-dev-install.sh $PULL_SECRET
     ```
-   > __NOTE:__  When Hive is already installed and SKIP_DEPLOYMENTS is set to "true" then Hive installation can be skipped without user's approval.

hack/devtools/rp_dev_helper.sh

@@ -53,7 +53,7 @@ check_vmss() {
     provisioning_state="$( jq -r '.provisioningState' <<< "${vmss_info}")"
     if [[ "${provisioning_state}" == "${provisioning_state_succeeded}" ]]; then
         log "🟢🖥️ VMSS '${vmss_name}' in Resource group '$resource_group' has been provisioned successfully. DELETE_VMSS:${delete_vmss}"
-        if ! is_boolean "${delete_vmss}" &&  [ "${delete_vmss}" = true ]; then
+        if is_boolean "${delete_vmss}" &&  [ "${delete_vmss}" = true ]; then
            az vmss delete --resource-group "${resource_group}" --name  "${vmss_name}" --force-deletion
            log "🗑️🖥️ VMSS '${vmss_name}' in Resource group '$resource_group' has been deleted."
         fi
@@ -71,7 +71,7 @@ check_deployment() {
     # Check if the ResourceGroup exists
     resource_group_info="$(az group show --resource-group "${resource_group}" 2>/dev/null)"
     if [ -z "${resource_group_info}" ]; then
-        log "🔴❌📦 Resource group '${resource_group}' does not exist."
+        log "🔴❌📦 Resource group '${resource_group}' of deployment '${deployment_name}' does not exist."
         return 1
     fi
 
@@ -143,11 +143,10 @@ check_acr_repo() {
     fi
 
     # Check if the repository tag is not empty and if it matches an optional tag
-    repo_tag="$(az acr repository show-tags --name "$acr_name" --repository "${repository}" -o tsv | tr '' ' ')"
+    repo_tag="$(az acr repository show-tags --name "$acr_name" --repository "${repository}" -o tsv | awk '{printf "%s%s", sep, $0; sep=","} END {print ""}')"
     if [[ -n "$repo_tag" ]]; then
-        # TODO: Loop all the repo tags and print all the tags in one line
         if [[ "${tag}" != "no-tag" && "${tag}" != "${repo_tag}" ]] ; then
-            log "🔴✈️ Repository '${repository}' in ACR '$acr_name' exists, but with a wrong tag '${repo_tag}'. Expected tag: '${tag}'."
+            log "🔴✈️ Repository '${repository}' in ACR '$acr_name' exists with different tag/s '${repo_tag}'. Expected tag: '${tag}'."
             return 1
         fi
         log "🟢✈️ Repository '${repository}' in ACR '$acr_name' exists with tag '${repo_tag}'."
@@ -198,7 +197,7 @@ check_acr_repos() {
         log "🟢✈️ All repositories exist in ACR '$acr_name'."
         return 0
     fi
-    echo -e "🔴✈️ Some repositories are missing and need to be imported.\nRepositories: ${missing_repos_names[*]}\n"
+    log "🔴✈️ Some repositories are missing and need to be imported: ${missing_repos_names[*]}."
     return 1
 }
 
@@ -340,7 +339,7 @@ clean_rp_dev_env() {
      # shellcheck disable=SC2068
      for rg in ${rgs[@]}; do
         log "########## Delete Resource Group $rg in $location ##########"
-        az group delete --resource-group "$rg" -y
+        az group delete --resource-group "$rg" -y || true
     done
 
     if [[ ${#kvs[@]} -eq 0 ]]; then
@@ -355,7 +354,7 @@ clean_rp_dev_env() {
     # shellcheck disable=SC2068
     for kv in ${kvs[@]}; do
         log "########## Delete KeyVault $kv in $location ##########"
-        az keyvault purge --name "$kv" # add --no-wait to stop waiting
+        az keyvault purge --name "$kv" || true  # add --no-wait to stop waiting
     done
 }
 
@@ -378,7 +377,7 @@ Available functions:
   check_keyvault_certificate    - Check certificate CERTIFICATE existance in keyVault KEYVAULT, enablement and expiration date
   skip_and_import_certificates  - Import array of certificates <CERTIFICATE...> using array of secret files <SECRET_FILE...> to keyVault KEYVAULT
   check_and_import_certificates - Import the certificates if possible based on prefix KEYVAULT_PREFIX
-  clean_rp_dev_env              - Cleanup all the created resources from the full RP dev (4 resourceGroups and 4 KeyVaults)
+  clean_rp_dev_env              - Cleanup all the created resources from the full RP dev (4 resourceGroups and 4 KeyVaults) based on input or defualt values.
 
 Examples:
   $0 verify_downloading_secrets
@@ -394,7 +393,7 @@ Examples:
   $0 check_keyvault_certificate xxx-aro-eastus-svc rp-mdm true
   $0 skip_and_import_certificates xxx-aro-eastus-svc rp-mdm rp-mdsd secrets/rp-mdm-self-signed.pem secrets/rp-mdsd-self-signed.pem true
   $0 check_and_import_certificates xxx-aro-eastus-svc true
-  $0 clean_rp_dev_env eastus
+  $0 clean_rp_dev_env eastus "xxx-global xxx-subscription" "xxx-aro-eastus-gwy xxx-aro-eastus-por"
 
 To get detailed usage for a specific function, run:
   $0 usage_rp_dev <function_name>

hack/hive/hive-dev-install.sh

@@ -1,7 +1,8 @@
 #!/bin/bash
 
 set -o errexit \
-    -o nounset
+    -o nounset \
+    -o monitor
 
 declare -r utils=hack/util.sh
 if [ -f "$utils" ]; then
@@ -10,7 +11,9 @@ if [ -f "$utils" ]; then
 fi
 
 HIVE_OPERATOR_NS="hive"
-KUBECTL="$( which kubectl 2> /dev/null || which oc 2> /dev/null)"
+HIVE_CONFIG_DIR="hack/hive/hive-config"
+HIVE_CONFIG_CRDS="${HIVE_CONFIG_DIR}/crds"
+HIVE_CONFIG_DEP="${HIVE_CONFIG_DIR}/hive-deployment.yaml"
 
 if [ ! -f go.mod ] || [ ! -d ".git" ]; then
 	abort "this script must by run from the repo's root directory"
@@ -24,27 +27,29 @@ trap cleanup EXIT
 
 main() {
 	log "enter hive installation"
-	local skip_deployments=${1:-"none"}
+    err_str="Usage $0 <PULL_SECRET> [SKIP_DEPLOYMENTS]. Please try again"
+	local pull_secret="${1?$err_str}"
+    local skip_deployments="${2:-"none"}"
 
-	if [ ! -f "./hack/hive/hive-config/hive-deployment.yaml" ] || [ ! -d "./hack/hive/hive-config/crds" ] ; then
+	if [ ! -f "./${HIVE_CONFIG_DEP}" ] || [ ! -d "./${HIVE_CONFIG_CRDS}" ] ; then
 		log "hive config is missing, generating config, please rerun this script afterwards"
-		if ./hack/hive/hive-generate-config.sh; then
+		if ! ./hack/hive/hive-generate-config.sh; then
 			abort "error generating the hive configs"
 		fi
 	fi
 
-	if [ -z "$PULL_SECRET" ]; then
-		log "global pull secret variable required, please source ./env"
-		exit
+    local kubectl
+    set_kubectl_binary kubectl
+    if ! $kubectl get nodes >/dev/null 2>&1; then
+		abort "unable to connect to the cluster"
 	fi
-	verify_tools
-
-    if [ "$( $KUBECTL get namespace $HIVE_OPERATOR_NS -o yaml 2>/dev/null | wc -l )" -ne 0 ]; then
-        echo "hive is already installed in the namespace"
+    log "Connected to the AKS cluster"
+    if $kubectl get namespace $HIVE_OPERATOR_NS >/dev/null 2>&1; then
+        log "Hive is already installed in namespace '$HIVE_OPERATOR_NS'"
         if [ "${skip_deployments}" = false ]; then
-            echo "'skip_deployments' is set to 'false'. ❌⏩ Don't skip Hive installation, and try to reinstall it"
+            log "'skip_deployments' is set to 'false'. ❌⏩ Don't skip Hive installation, and try to reinstall it"
         elif [ "${skip_deployments}" = true ]; then
-            echo "'skip_deployments' is set to `true`. ⏩📋 Skip Hive installation"
+            log "'skip_deployments' is set to 'true'. ⏩📋 Skip Hive installation"
             exit
         else
             echo -n "would you like to reapply the configs? (y/N): "
@@ -54,51 +59,50 @@ main() {
             fi
         fi
     else
-        $KUBECTL create namespace $HIVE_OPERATOR_NS
+        $kubectl create namespace $HIVE_OPERATOR_NS
     fi
 
 	log "Hive is ready to be installed"
-	$KUBECTL apply -f ./hack/hive/hive-config/crds
-	echo "$PULL_SECRET" > /tmp/.tmp-secret
+	$kubectl apply -f ./${HIVE_CONFIG_CRDS}
 	# Using dry-run allows updates to work seamlessly
-	$KUBECTL create secret generic hive-global-pull-secret \
-        --from-file=.dockerconfigjson=/tmp/.tmp-secret \
+	$kubectl create secret generic hive-global-pull-secret \
+        --from-literal=.dockerconfigjson="${pull_secret}" \
         --type=kubernetes.io/dockerconfigjson \
         --namespace $HIVE_OPERATOR_NS \
         -o yaml \
         --dry-run=client \
-        | $KUBECTL apply -f - 2>/dev/null
-	rm -f /tmp/.tmp-secret
+        | $kubectl apply -f -
 
-	sed "s/HIVE_OPERATOR_NS/$HIVE_OPERATOR_NS/g" hack/hive/hive-config/hive-config.yaml | $KUBECTL apply -f -
-	$KUBECTL apply -f ./hack/hive/hive-config/hive-additional-install-log-regexes.yaml
-	$KUBECTL apply -f ./hack/hive/hive-config/hive-deployment.yaml
-	$KUBECTL wait --timeout=5m --for=condition=Available --namespace $HIVE_OPERATOR_NS deployment/hive-operator
+	sed "s/HIVE_OPERATOR_NS/$HIVE_OPERATOR_NS/g" ${HIVE_CONFIG_DIR}/hive-config.yaml | $kubectl apply -f -
+	$kubectl apply -f ./${HIVE_CONFIG_DIR}/hive-additional-install-log-regexes.yaml
+	$kubectl apply -f ./${HIVE_CONFIG_DEP}
+	$kubectl wait --timeout=5m --for=condition=Available --namespace $HIVE_OPERATOR_NS deployment/hive-operator
 
 	log "Hive is installed but to check Hive readiness use one of the following options to monitor the deployment rollout:
-        'kubectl wait --timeout=5m --for=condition=Available --namespace "$HIVE_OPERATOR_NS" deployment/hive-controllers' 
-        or 'kubectl wait --timeout=5m  --for=condition=Ready --namespace "$HIVE_OPERATOR_NS" pod --selector control-plane=clustersync'"
+        'kubectl wait --timeout=5m --for=condition=Available --namespace $HIVE_OPERATOR_NS deployment/hive-controllers' 
+        or 'kubectl wait --timeout=5m  --for=condition=Ready --namespace $HIVE_OPERATOR_NS pod --selector control-plane=clustersync'"
 }
 
-function download_tmp_kubectl() {
-	if curl -sLO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"; then  
-		abort ": error downloading kubectl"
-	fi
-	chmod 755 kubectl
-	KUBECTL="$(pwd)/kubectl"
-}
 
-function verify_tools() {
-	if [ -n "$KUBECTL" ]; then
-		return
+function set_kubectl_binary() {
+    local -n tmp_kubectl="$1"
+    tmp_kubectl="$( which kubectl 2> /dev/null || true)"
+    local oc="$( which oc 2> /dev/null || true)"
+    if [[ -n "$tmp_kubectl" ]]; then
+		log "'kubectl' was detected"
+        return
+    elif [[ -n "$oc" ]]; then
+		log "'oc' was detected"
+        tmp_kubectl="$oc"
+        return
 	fi
-	log "kubectl or oc not detected, downloading"
-	download_tmp_kubectl
-	log "done: downloading kubectl/oc was completed"
-
-	if [ "$( $KUBECTL get nodes 2>/dev/null | wc -l )" -eq 0 ]; then
-		abort "unable to connect to the cluster"
+	log "'kubectl' and 'oc' were not detected, downloading kubectl"
+	if ! curl -sLO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"; then  
+		abort "error downloading kubectl"
 	fi
+	chmod 755 kubectl
+    log "done: downloading kubectl was completed"
+	tmp_kubectl="$(pwd)/kubectl"
 }
 
 main "$@"

hack/hive/hive-generate-config.sh

@@ -1,7 +1,8 @@
 #!/bin/bash
 
 set -o errexit \
-    -o nounset
+    -o nounset \
+    -o monitor
 
 main() {
     abort_directory

hack/rp-dev/full_rp_deploy.sh

@@ -4,18 +4,18 @@
 main() {
     echo "##### Make sure to be logged in to Azure prior to running this script ####"
     echo "##### In case of failure when creating Azure reseource, consider running the clean_rp_dev_env function ####"
-    echo "#### E.g., AZURE_PREFIX=$AZURE_PREFIX clean_rp_dev_env $LOCATION ####"
+    echo "#### E.g., AZURE_PREFIX=${AZURE_PREFIX} clean_rp_dev_env $LOCATION ####"
     source hack/rp-dev/full_rp_funcs.sh
     local git_commit="$(git rev-parse --short=7 HEAD)"
-    is_full_rp_succeeded $AZURE_PREFIX "${AZURE_PREFIX}-aro-$LOCATION" "${AZURE_PREFIX}-gwy-$LOCATION" $git_commit
+    is_full_rp_succeeded "${AZURE_PREFIX}" "${AZURE_PREFIX}-aro-$LOCATION" "${AZURE_PREFIX}-gwy-$LOCATION" "${git_commit}"
 
-    setup_rp_config $AZURE_PREFIX $git_commit $LOCATION
-    pre_deploy_resources $AZURE_PREFIX $LOCATION $RESOURCEGROUP $SKIP_DEPLOYMENTS
-    add_hive $LOCATION $RESOURCEGROUP $SKIP_DEPLOYMENTS
-    mirror_images $AZURE_PREFIX $USER_PULL_SECRET $PULL_SECRET $git_commit $SKIP_DEPLOYMENTS
-    prepare_RP_deployment $AZURE_PREFIX $git_commit $LOCATION $SKIP_DEPLOYMENTS
+    setup_rp_config "${AZURE_PREFIX}" "${git_commit}" "${LOCATION}"
+    pre_deploy_resources "${AZURE_PREFIX}" "${LOCATION}" "${RESOURCEGROUP}" "${SKIP_DEPLOYMENTS}"
+    add_hive "${LOCATION}" "${RESOURCEGROUP}" "${PULL_SECRET}" "${SKIP_DEPLOYMENTS}"
+    mirror_images "${AZURE_PREFIX}" "${USER_PULL_SECRET}" "${PULL_SECRET}" "${git_commit}" "${SKIP_DEPLOYMENTS}"
+    prepare_RP_deployment "${AZURE_PREFIX}" "${git_commit}" "${LOCATION}" "${SKIP_DEPLOYMENTS}"
     log "VMSSs suffix is $git_commit"
-    fully_deploy_resources $AZURE_PREFIX $git_commit $LOCATION $RESOURCEGROUP $SKIP_DEPLOYMENTS
+    fully_deploy_resources "${AZURE_PREFIX}" "${git_commit}" "${LOCATION}" "${RESOURCEGROUP}" "${SKIP_DEPLOYMENTS}"
 }
 
 main "$@"