[patch] Don't set SLS domain by default

ibm/mas_devops/roles/sls/tasks/gencfg/main.yml

@@ -2,47 +2,64 @@
 ###############################################################################
 #                             New / Existing SLS                              #
 ###############################################################################
+- name: Obtain sls-suite-registration ConfigMap
+  when: (sls_tls_crt is not defined or sls_tls_crt == "") or
+        (sls_registration_key is not defined or sls_registration_key == "") or
+        (sls_domain is not defined or sls_domain == "")
+  kubernetes.core.k8s_info:
+    api_version: v1
+    kind: ConfigMap
+    name: "{{ sls_instance_name }}-suite-registration"
+    namespace: "{{ sls_namespace }}"
+  register: _sls_suite_registration
 
-- name: Get SLS facts
-  when:
-    - sls_url is not defined or sls_url == ""
-    - sls_registration_key is not defined or sls_registration_key == ""
-    - sls_tls_crt is not defined or sls_tls_crt == ""
-  block:
-    - name: Obtain sls-suite-registration ConfigMap
-      kubernetes.core.k8s_info:
-        api_version: v1
-        kind: ConfigMap
-        name: "sls-suite-registration"
-        namespace: "{{ sls_namespace }}"
-      register: _sls_suite_registration
-
-    - name: "Assert that SLS registrationKey has been provided"
-      ansible.builtin.assert:
-        that:
-          - _sls_suite_registration.resources[0].data['registrationKey'] is defined
-          - _sls_suite_registration.resources[0].data['registrationKey'] != ""
-        fail_msg: "registrationKey is not defined in sls-suite-registration configmap"
-
-    - name: "Assert that SLS url has been provided"
-      ansible.builtin.assert:
-        that:
-          - _sls_suite_registration.resources[0].data['url'] is defined
-          - _sls_suite_registration.resources[0].data['url'] != ""
-        fail_msg: "url is not defined in sls-suite-registration configmap"
-
-    - name: "Assert that SLS CA certificate has been provided"
-      ansible.builtin.assert:
-        that:
-          - _sls_suite_registration.resources[0].data['ca'] is defined
-          - _sls_suite_registration.resources[0].data['ca'] != ""
-        fail_msg: "ca certificate is not defined in sls-suite-registration configmap"
-
-    - name: Set facts for SLSCfg
-      ansible.builtin.set_fact:
-        sls_registration_key: "{{ _sls_suite_registration.resources[0].data['registrationKey'] }}"
-        sls_url: "{{ _sls_suite_registration.resources[0].data['url'] }}"
-        sls_tls_crt: "{{ _sls_suite_registration.resources[0].data['ca'] }}"
+- name: "Assert that SLS CA certificate has been provided"
+  when: sls_tls_crt is not defined or sls_tls_crt == ""
+  ansible.builtin.assert:
+    that:
+      - _sls_suite_registration.resources[0].data['ca'] is defined
+      - _sls_suite_registration.resources[0].data['ca'] != ""
+    fail_msg: "ca certificate is not defined in sls-suite-registration configmap"
+
+- name: Set sls_tls_crt from sls-suite-registration ConfigMap
+  when: sls_tls_crt is not defined or sls_tls_crt == ""
+  ansible.builtin.set_fact:
+    sls_tls_crt: "{{ _sls_suite_registration.resources[0].data['ca'] }}"
+
+- name: "Assert that SLS registrationKey has been provided"
+  when: sls_registration_key is not defined or sls_registration_key == ""
+  ansible.builtin.assert:
+    that:
+      - _sls_suite_registration.resources[0].data['registrationKey'] is defined
+      - _sls_suite_registration.resources[0].data['registrationKey'] != ""
+    fail_msg: "registrationKey is not defined in sls-suite-registration configmap"
+
+- name: Set sls_registration_key from sls-suite-registration ConfigMap
+  when: sls_registration_key is not defined or sls_registration_key == ""
+  ansible.builtin.set_fact:
+    sls_registration_key: "{{ _sls_suite_registration.resources[0].data['registrationKey'] }}"
+
+# When sls_url is provided, and you run this task over an existing SLS instance that
+# has no Route (no domain field in CR), then there is a delay until the operator reconciles
+# and updates the url field in the configmap. Hence, we should not take the value from
+# the configmap as it may still hold the old value (service url instead of domain).
+- name: Set sls_url when sls_domain is defined
+  when: sls_domain is defined and sls_domain != ""
+  ansible.builtin.set_fact:
+    sls_url: "https://{{sls_instance_name}}.{{sls_namespace}}.{{sls_domain}}"
+
+- name: "Assert that SLS url has been provided"
+  when: sls_domain is not defined or sls_domain == ""
+  ansible.builtin.assert:
+    that:
+      - _sls_suite_registration.resources[0].data['url'] is defined
+      - _sls_suite_registration.resources[0].data['url'] != ""
+    fail_msg: "url is not defined in sls-suite-registration configmap"
+
+- name: Set sls_url from sls-suite-registration ConfigMap
+  when: sls_domain is not defined or sls_domain == ""
+  ansible.builtin.set_fact:
+    sls_url: "{{ _sls_suite_registration.resources[0].data['url'] }}"
 
 
 ###############################################################################
@@ -100,7 +117,7 @@
 
 # 4. Generate SLSCfg for MAS
 # -----------------------------------------------------------------------------
-- name: Copy SLSCfg to filesytem
+- name: Copy SLSCfg to filesystem
   ansible.builtin.template:
     src: slscfg.yml.j2
     dest: "{{ mas_config_dir }}/sls.yml"

ibm/mas_devops/roles/sls/tasks/install/main.yml

@@ -166,22 +166,7 @@
     config_files: ["ibm-sls-licenseservice.yml"]
 
 
-# 6. Set up the domain name for SLS
-# -----------------------------------------------------------------------------
-- name: "Get cluster subdomain"
-  kubernetes.core.k8s_info:
-    api_version: config.openshift.io/v1
-    kind: Ingress
-    name: cluster
-  register: _cluster_subdomain
-
-- name: "Configure default domain if not set"
-  ansible.builtin.set_fact:
-    sls_domain: "{{ sls_namespace }}.{{ _cluster_subdomain.resources[0].spec.domain }}"
-  when: not sls_domain
-
-
-# 7. Install Operator & create entitlement
+# 6. Install Operator & create entitlement
 # -----------------------------------------------------------------------------
 - name: "Create IBM Entitlement Key"
   when: before_sls_380 or (artifactory_username is defined and artifactory_username != "")
@@ -192,7 +177,7 @@
     artifactory_username: "{{ artifactory_username }}"
     artifactory_password: "{{ artifactory_token }}"
 
-- name: "Create ibm-mas Subscription"
+- name: "Create ibm-sls Subscription"
   ibm.mas_devops.apply_subscription:
     namespace: "{{ sls_namespace }}"
     package_name: "ibm-sls"
@@ -201,15 +186,15 @@
   register: subscription
 
 
-# 8. Wait until the LicenseService CRD is available
+# 7. Wait until the LicenseService CRD is available
 # -----------------------------------------------------------------------------
 - name: "Wait until the LicenseService CRD is available"
   include_tasks: "{{ role_path }}/../../common_tasks/wait_for_crd.yml"
   vars:
     crd_name: licenseservices.sls.ibm.com
 
 
-# 9. Create Mongo Secret
+# 8. Create Mongo Secret
 # -----------------------------------------------------------------------------
 - name: Read MongoDb config file
   ansible.builtin.set_fact:
@@ -264,7 +249,7 @@
     template: templates/mongo-secret.yml.j2
 
 
-# 10. Bootstrap the license service
+# 9. Bootstrap the license service
 # -----------------------------------------------------------------------------
 - name: Initialize Bootstrap
   when: bootstrap_mode
@@ -314,7 +299,7 @@
     - entitlement_file != ""
 
 
-# 11. Create the license service CR
+# 10. Create the license service CR
 # -----------------------------------------------------------------------------
 - name: Create the sls.ibm.com/v1.LicenseService
   kubernetes.core.k8s:
@@ -324,7 +309,7 @@
   register: sls_cr_result
 
 
-# 12. Wait for it to hit Ready
+# 11. Wait for it to hit Ready
 # -----------------------------------------------------------------------------
 - name: Verify LicenseService CR
   ansible.builtin.include_tasks: "tasks/install/sls-verify.yml"

ibm/mas_devops/roles/sls/templates/licenseservice.yml.j2

@@ -10,7 +10,9 @@ metadata:
 {% endfor %}
 {% endif %}
 spec:
+{% if sls_domain is defined and sls_domain != "" %}
   domain: {{ sls_domain }}
+{% endif %}
 {% if after_sls_380 and ibm_sls_licenseservice_pod_templates is defined %}
   podTemplates: {{ ibm_sls_licenseservice_pod_templates }}
 {% endif %}

ibm/mas_devops/roles/sls/templates/mongo-certificates.yml.j2

@@ -1,5 +1,5 @@
-{% for certs in mongocfg[1].spec.certificates %}
-- alias: {{ certs.alias }}
+{% for cert in mongocfg[1].spec.certificates %}
+- alias: {{ cert.alias }}
   crt: |
-    {{ certs.crt | indent(4)}}
+    {{ cert.crt | indent(4)}}
 {% endfor %}