feat: Upgrade Cloud Pak for AIOps to 4.4.0

[nastacio]

closes: #326

Description of changes:

• Updates subscription channels
• Add installation of license manager
• Default test pipeline to OCP 4.14 (upgrade from OCP 4.12)

Output of argocd app list command or screenshot of the Argo CD Application synchronization window showing successful application of changes in this branch.

argocd app get cp4aiops-app
2024-02-06T22:15:55+0000: INFO: Synchronization of cp4aiops-app complete.
Name:               openshift-gitops/cp4aiops-app
Project:            default
Server:             https://kubernetes.default.svc/
Namespace:          cp4aiops
URL:                https://openshift-gitops-server-openshift-gitops.gitops-326-aiops-440-1e3af63cfd19e855098d645120e18baf-0000.us-south.containers.appdomain.cloud/applications/cp4aiops-app
Repo:               https://github.com/IBM/cloudpak-gitops
Target:             326-aiops-440
Path:               config/argocd-cloudpaks/cp4aiops
SyncWindow:         Sync Allowed
Sync Policy:        Automated (Prune)
Sync Status:        Synced to 326-aiops-440 (e69adb6)
Health Status:      Healthy

GROUP                      KIND       NAMESPACE                   NAME                              STATUS     HEALTH  HOOK  MESSAGE
                           Namespace  openshift-gitops            cp4aiops                          Succeeded  Synced        namespace/cp4aiops configured
rbac.authorization.k8s.io  Role       cp4aiops                    ibm-waiops-aimgr-role             Synced                   role.rbac.authorization.k8s.io/ibm-waiops-aimgr-role reconciled. role.rbac.authorization.k8s.io/ibm-waiops-aimgr-role replaced
rbac.authorization.k8s.io  Role       openshift-ingress-operator  ibm-waiops-ingress-operator-role  Synced                   role.rbac.authorization.k8s.io/ibm-waiops-ingress-operator-role reconciled. reconciliation required create
...
                           Namespace    cp4aiops          cp4aiops        Succeeded  Synced     namespace/cp4aiops configured
argoproj.io                Application  openshift-gitops  cp4aiops-aimgr  Synced     Healthy    application.argoproj.io/cp4aiops-aimgr created
                           Namespace                      cp4aiops        Synced

[nastacio]

Hit an error in the post-sync phase, with the setting of the route certificate for the console:

+ export HOME=/tmp
+ HOME=/tmp
+ cd /tmp
+ oc project cp4aiops
Now using project "cp4aiops" on server "https://172.21.0.1:443".
+ oc get ZenService/iaf-zen-cpdservice
NAME                 VERSION   STATUS      AGE
iaf-zen-cpdservice             Completed   43m
++ oc get ZenService/iaf-zen-cpdservice -o 'jsonpath={.spec.zenCustomRoute.route_secret}'
+ secret_set=
+ '[' '' == customer-tls-secret ']'
+ result=0
++ oc get ingresscontroller.operator default --namespace openshift-ingress-operator -o 'jsonpath={.spec.defaultCertificate.name}'
+ ingress_secret_name=gitops-326-aiops-440-1e3af63cfd19e855098d645120e18baf-0000
+ '[' -n gitops-326-aiops-440-1e3af63cfd19e855098d645120e18baf-0000 ']'
+ '[' 0 -eq 0 ']'
+ echo 'INFO: Create a secret called customer-tls-secret with your custom certificates.'
INFO: Create a secret called customer-tls-secret with your custom certificates.
+ oc extract secret/gitops-326-aiops-440-1e3af63cfd19e855098d645120e18baf-0000 -n openshift-ingress --keys=tls.crt,tls.key --confirm
tls.crt
tls.key
+ oc delete secret customer-tls-secret --ignore-not-found=true
+ tail -n +2
++ sed -n '/END CERTIFICATE/=' tls.crt
++ head -1
+ sed -n '35,$p' tls.crt
+ sed -i /END/q tls.crt
+ oc create secret generic customer-tls-secret --from-file=tls.crt=tls.crt --from-file=tls.key=tls.key --from-file=ca.crt=ca.crt --dry-run=client -o yaml
+ oc apply -f -
secret/customer-tls-secret created
INFO: Restart the nginx pods to pickup the new custom certificates.
+ echo 'INFO: Restart the nginx pods to pickup the new custom certificates.'
+ oc rollout restart Deployment/ibm-nginx
deployment.apps/ibm-nginx restarted
+ oc rollout status Deployment/ibm-nginx
Waiting for deployment spec update to be observed...
Waiting for deployment "ibm-nginx" rollout to finish: 0 out of 2 new replicas have been updated...
Waiting for deployment "ibm-nginx" rollout to finish: 1 out of 2 new replicas have been updated...
Waiting for deployment "ibm-nginx" rollout to finish: 1 out of 2 new replicas have been updated...
Waiting for deployment "ibm-nginx" rollout to finish: 1 out of 2 new replicas have been updated...
Waiting for deployment "ibm-nginx" rollout to finish: 1 old replicas are pending termination...
Waiting for deployment "ibm-nginx" rollout to finish: 1 old replicas are pending termination...
deployment "ibm-nginx" successfully rolled out
INFO: Patch ZenService with the new customer-tls-secret.
+ echo 'INFO: Patch ZenService with the new customer-tls-secret.'
+ oc patch ZenService/iaf-zen-cpdservice --type merge -p '{"spec":{"zenCustomRoute":{"route_reencrypt":true,"route_secret": "customer-tls-secret"}}}'
zenservice.zen.cpd.ibm.com/iaf-zen-cpdservice patched
INFO: Patch IBM Cloud Pak® foundational services with the new custom certificate.
+ echo 'INFO: Patch IBM Cloud Pak® foundational services with the new custom certificate.'
++ oc get operandrequest ibm-aiops-common-services -o 'jsonpath={.spec.requests[0].registryNamespace}'
+ cs_namespace=cp4aiops
+ oc -n cp4aiops patch managementingress default --type merge --patch '{"spec":{"ignoreRouteCert":true}}'
error: the server doesn't have a resource type "managementingress"
ERROR: Custom certificate could not be set. "
+ echo 'ERROR: Custom certificate could not be set.' '"'
+ result=1
+ exit 1

[nastacio]

:tada: This PR is included in version 0.39.0 :tada:

The release is available on GitHub release

Your semantic-release bot :package::rocket: