ibm-mas · IanBoden · Aug 12, 2025 · Aug 12, 2025 · Aug 12, 2025 · Aug 12, 2025
@@ -18,11 +18,21 @@
       - mas.ibm.com/idmsContent=ibm
   register: idms_lookup
 
+# 3. Look for the new aiservice IDMS
+# -----------------------------------------------------------------------------
+- name: "detect-airgap : Look for the MAS ImageDigestMirrorSet"
+  kubernetes.core.k8s_info:
+    api_version: config.openshift.io/v1
+    kind: ImageDigestMirrorSet
+    label_selectors:
+      - aiservice.ibm.com/idmsContent=ibm
+  register: aiservice_idms_lookup
+
 # 3. Set the airgap boolena and print debug
 # -----------------------------------------------------------------------------
 - name: "detect-airgap : Set airgap_install property"
   set_fact:
-    airgap_install: "{{ idms_lookup.resources | length == 1 | bool }}"
+    airgap_install: "{{ ( idms_lookup.resources | length == 1 or aiservice_idms_lookup.resources | length == 1 ) | bool }}"
 
 - name: "detect-airgap : Debug Airgap detection"
   debug:

@@ -1,12 +1,35 @@
 ---
+
+- name: Get authorino operator package manifest
+  kubernetes.core.k8s_info:
+    api_version: packages.operators.coreos.com/v1
+    kind: PackageManifest
+    name: authorino-operator
+    namespace: openshift-marketplace  # Note: A namespace must be provided when calling packages.operators.coreos.com/v1
+  register: authorino_operator_manifest
+
+- name: Assert that PackageManifest exists
+  ansible.builtin.assert:
+    that:
+      - authorino_operator_manifest is defined
+      - authorino_operator_manifest.resources is defined
+      - authorino_operator_manifest.resources | length == 1
+    fail_msg: "PackageManifest not found: authorino-operator"
+
+- name: Set the subscription information
+  set_fact:
+    authorino_operator_source: "{{ authorino_operator_manifest.resources[0].status.catalogSource }}"
+    authorino_operator_source_namespace: "{{ authorino_operator_manifest.resources[0].status.catalogSourceNamespace }}"
+    authorino_operator_default_channel: "{{ authorino_operator_manifest.resources[0].status.defaultChannel }}"
+
 # 1. Install Operator & create entitlement openshift-authorino
 # -----------------------------------------------------------------------------
 - name: "Install Openshift authorino Operator"
   ibm.mas_devops.apply_subscription:
     namespace: "{{ openshift_namespace }}"
     package_name: "authorino-operator"
-    package_channel: "{{ serverless_channel }}"  # This looks wrong, but that's what was in the original template
-    catalog_source: "{{ authorino_catalog_source }}"
+    package_channel: "{{ authorino_operator_default_channel }}"
+    catalog_source: "{{ authorino_operator_source }}"
   register: subscription
 
 

@@ -1,9 +1,32 @@
 ---
+- name: Get servless operator package manifest
+  kubernetes.core.k8s_info:
+    api_version: packages.operators.coreos.com/v1
+    kind: PackageManifest
+    name: serverless-operator
+    namespace: openshift-marketplace  # Note: A namespace must be provided when calling packages.operators.coreos.com/v1
+  register: serverless_operator_manifest
+
+- name: Assert that PackageManifest exists
+  ansible.builtin.assert:
+    that:
+      - serverless_operator_manifest is defined
+      - serverless_operator_manifest.resources is defined
+      - serverless_operator_manifest.resources | length == 1
+    fail_msg: "PackageManifest not found: serverless-operator"
+
+- name: Set the subscription information
+  set_fact:
+    serverless_operator_source: "{{ serverless_operator_manifest.resources[0].status.catalogSource }}"
+    serverless_operator_source_namespace: "{{ serverless_operator_manifest.resources[0].status.catalogSourceNamespace }}"
+    serverless_operator_default_channel: "{{ serverless_operator_manifest.resources[0].status.defaultChannel }}"
+
+# 1. Install Operator & create entitlement serverless
+# -----------------------------------------------------------------------------
 - name: "install : Create Serverless Subscription"
   ibm.mas_devops.apply_subscription:
-    namespace: openshift-serverless
-    package_name: serverless-operator
-    package_channel: stable
-    catalog_source: redhat-operators
-    catalog_source_namespace: openshift-marketplace
+    namespace: "{{ serverless_namespace }}"
+    package_name: "serverless-operator"
+    package_channel: "{{ serverless_operator_default_channel }}"
+    catalog_source: "{{ serverless_operator_source }}"
   register: serverless_subscription
@@ -1,12 +1,35 @@
 ---
+
+- name: Get service mesh operator package manifest
+  kubernetes.core.k8s_info:
+    api_version: packages.operators.coreos.com/v1
+    kind: PackageManifest
+    name: servicemeshoperator
+    namespace: openshift-marketplace  # Note: A namespace must be provided when calling packages.operators.coreos.com/v1
+  register: service_mesh_operator_manifest
+
+- name: Assert that PackageManifest exists
+  ansible.builtin.assert:
+    that:
+      - service_mesh_operator_manifest is defined
+      - service_mesh_operator_manifest.resources is defined
+      - service_mesh_operator_manifest.resources | length == 1
+    fail_msg: "PackageManifest not found: servicemeshoperator"
+
+- name: Set the subscription information
+  set_fact:
+    service_mesh_operator_source: "{{ service_mesh_operator_manifest.resources[0].status.catalogSource }}"
+    service_mesh_operator_source_namespace: "{{ service_mesh_operator_manifest.resources[0].status.catalogSourceNamespace }}"
+    service_mesh_operator_default_channel: "{{ service_mesh_operator_manifest.resources[0].status.defaultChannel }}"
+
 # 1. Install Operator & create entitlement openshift-service-mesh
 # -----------------------------------------------------------------------------
 - name: "Install Openshift ServiceMesh Operator"
   ibm.mas_devops.apply_subscription:
     namespace: "{{ service_mesh_namespace }}"
     package_name: "servicemeshoperator"
-    package_channel: "{{ service_mesh_channel }}"
-    catalog_source: "{{ service_mesh_catalog_source }}"
+    package_channel: "{{ service_mesh_operator_default_channel }}"
+    catalog_source: "{{ service_mesh_operator_source }}"
   register: subscription
 
 

@@ -23,4 +23,5 @@ minio_namespace: "{{ lookup('env', 'MINIO_NAMESPACE') | default('minio', True) }
 minio_instance_name: "{{ lookup('env', 'MINIO_INSTANCE_NAME') | default('minio', True) }}"
 minio_root_user: "{{ lookup('env', 'MINIO_ROOT_USER') | default('minio', True) }}"
 minio_root_password: "{{ lookup('env', 'MINIO_ROOT_PASSWORD') | default('', True) }}"
-minio_version: "quay.io/minio/minio:latest"
+# needs to move to catalog
+minio_version: "RELEASE.2025-06-13T11-33-47Z"
@@ -6,6 +6,17 @@
 # -----------------------------------------------------------------------------
 - include_tasks: tasks/determine-storage-classes.yml
 
+- name: Load minio defaults
+  include_vars:
+    file: "{{ role_path }}/../mirror_extras_prepare/vars/minio_{{ minio_version }}.yml"
+
+- name: Retrieve image setting parts
+  set_fact:
+    minio_image_name: "{{ extra_images | selectattr('name', 'match', '.*/minio$') | map(attribute='name') | first }}"
+    minio_image_registry: "{{ extra_images | selectattr('name', 'match', '.*/minio$') | map(attribute='registry') | first }}"
+    minio_image_digest: "{{ extra_images | selectattr('name', 'match', '.*/minio$') | map(attribute='digest') | first }}"
+    minio_image_tag: "{{ extra_images | selectattr('name', 'match', '.*/minio$') | map(attribute='tag') | first }}"
+
 # create minio namespace
 - name: 'Create minio namespace'
   kubernetes.core.k8s:

@@ -19,7 +19,10 @@ spec:
             claimName: minio-pvc
       containers:
         - name: "{{ minio_instance_name }}"
-          image: "{{ minio_version }}"
+          image: "{{ minio_image_registry }}/{{ minio_image_name}}@{{ minio_image_digest}}"
+          metadata:
+            labels:
+              tag: "{{ minio_image_tag }}"
           command:
             - /bin/bash
             - -c

@@ -0,0 +1,6 @@
+---
+extra_images:
+  - name: minio/minio
+    registry: quay.io
+    digest: sha256:064117214caceaa8d8a90ef7caa58f2b2aeb316b5156afe9ee8da5b4d83e12c8
+    tag: RELEASE.2025-06-13T11-33-47Z
@@ -1,6 +1,10 @@
 ocp_idms
 ===============================================================================
-Installs an **ImageDigestMirrorSet** (IDMS)for IBM Maximo Application Suite's Maximo Operator Catalog.  Optionally can also install a second IDMS suitable for the Red Hat Operator Catalogs created by [mirror_ocp](mirror_ocp.md).  If there are legacy **ImageContentSourcePolicies** installed by previous versions of this role, they will be deleted.
+Installs an **ImageDigestMirrorSet** (IDMS)for IBM Maximo Application Suite's Maximo Operator Catalog.  
+Also install IDMS suitable for the Red Hat Operator Catalogs created by [mirror_ocp](mirror_ocp.md).  
+If there are legacy **ImageContentSourcePolicies** installed by previous versions of this role, they will be deleted.
+
+If PRODUCT_FAMILY is aiservice then it will install an **ImageTagMirrorSet** for OpenDataHub
 
 !!! warning
     This role doesn't work on IBMCloud ROKS.  IBM Cloud RedHat OpenShift Service does not implement support for `ImageDigestMirrorSet`.  If you want to use image mirroring you must manually configure each worker node individually using the IBM Cloud command line tool.
@@ -59,6 +63,14 @@ If you are managing the Red Hat Operator Catalogs yourself the content therein m
 
 Role Variables
 -------------------------------------------------------------------------------
+### product_family
+Creates the **ImageDigestMirrorSet** for the respective product family
+
+- **Required**
+- Environment Variable: `PRODUCT_FAMILY`
+- Default: `mas`
+- Values: `mas` | `aiservice`
+
 ### setup_redhat_release
 Instruct the role to setup **ImageDigestMirrorSet** for the mirrored release content generated by [mirror_ocp](mirror_ocp.md).  This will create an additional policy named `ibm-mas-redhat-release`.
 

@@ -26,6 +26,7 @@ artifactory_auth: "{{ artifactory_username }}:{{ artifactory_token }}"
 registry_prefix: "{{ lookup('env', 'REGISTRY_PREFIX') | default('', true) }}"
 registry_private_url_with_path: "{{ registry_private_url }}{% if registry_prefix | length > 0 %}/{{ registry_prefix }}{% endif %}"
 idms_suffix: "{% if registry_prefix | length > 0 %}-{{ registry_prefix }}{% endif %}"
+itms_suffix: "{% if registry_prefix | length > 0 %}-{{ registry_prefix }}{% endif %}"
 
 
 # Optional Registry Prefix - Red Hat Content
@@ -40,3 +41,5 @@ idms_suffix_redhat: "{% if registry_prefix_redhat | length > 0 %}-{{ registry_pr
 redhat_catalogs_prefix: "{{ lookup('env', 'REDHAT_CATALOGS_PREFIX') | default('', true) }}"
 
 machine_config_multiupdate: "{{ lookup('env','MACHINE_CONFIG_MULTIUPDATE') | default('False',true) | bool}}"
+
+product_family: "{{ lookup('env','PRODUCT_FAMILY') | default('mas',true) }}"
@@ -20,5 +20,6 @@ galaxy_info:
     - devops
     - rhocp
     - airgap
+    - aiservice
 
 dependencies: []
@@ -51,9 +51,17 @@
 - name: Create ImageDigestMirrorSet
   kubernetes.core.k8s:
     apply: yes
-    template: 'templates/idms/mas-ibm-catalog.yml.j2'
+    template: 'templates/idms/{{ product_family }}/ibm-catalog.yml.j2'
   register: idms_result
 
+# 4. IBM Maximo Operator Catalog
+# -----------------------------------------------------------------------------
+- name: Create ImageDigestMirrorSet
+  kubernetes.core.k8s:
+    apply: yes
+    template: 'templates/itms/{{ product_family }}/itms.yml.j2'
+  when: product_family == "aiservice"
+  register: itms_result
 
 # 5. Red Hat Operator Catalogs
 # -----------------------------------------------------------------------------
@@ -88,7 +96,7 @@
   when: setup_redhat_catalogs
   kubernetes.core.k8s:
     apply: yes
-    template: "templates/idms/mas-redhat-catalogs.yml.j2"
+    template: "templates/idms/{{product_family}}/redhat-catalogs.yml.j2"
 
 
 # 6. Red Hat Release Catalog
@@ -97,7 +105,7 @@
   when: setup_redhat_release
   kubernetes.core.k8s:
     apply: yes
-    template: "templates/idms/mas-redhat-release.yml.j2"
+    template: "templates/idms/{{product_family}}/redhat-release.yml.j2"
 
 
 # 7. Delete the old ICSPs
@@ -131,5 +139,5 @@
 # 7. Wait until the nodes have applied the updates
 # -----------------------------------------------------------------------------
 - name: Wait for Machine Configs to update
-  when: idms_result.changed
+  when: idms_result.changed or itms_result.changed
   include_tasks: "{{ role_path }}/../../common_tasks/wait-machine-config-update.yml"
@@ -0,0 +1,75 @@
+apiVersion: config.openshift.io/v1
+kind: ImageDigestMirrorSet
+metadata:
+  name: aiservice-ibm-catalog{{ idms_suffix }}
+  labels:
+    aiservice.ibm.com/idmsContent: ibm
+  annotations:
+    aiservice.ibm.com/idmsRegistry: "{{ registry_private_url_with_path }}"
+    aiservice.ibm.com/idmsRegistryHost: "{{ registry_private_host }}"
+    aiservice.ibm.com/idmsRegistryPort: "{{ registry_private_port }}"
+    aiservice.ibm.com/idmsRegistryPrefix: "{{ registry_prefix }}"
+spec:
+  imageDigestMirrors:
+    # 1. IBM Container Registry
+    # -------------------------------------------------------------------------
+    # All IBM operators live in the cpopen namespace
+    - source: icr.io/cpopen
+      mirrors:
+        - {{ registry_private_url_with_path }}/cpopen
+      mirrorSourcePolicy: NeverContactSource
+    # IBM truststoremanager worker image lives in ibm-truststore-mgr namespace
+    - source: icr.io/ibm-truststore-mgr
+      mirrors:
+        - {{ registry_private_url_with_path }}/ibm-truststore-mgr
+      mirrorSourcePolicy: NeverContactSource
+    # IBM SLS content live in ibm-sls namespace
+    - source: icr.io/ibm-sls
+      mirrors:
+        - {{ registry_private_url_with_path }}/ibm-sls
+      mirrorSourcePolicy: NeverContactSource
+    # IBM UDS content live in ibm-uds namespace
+    - source: icr.io/ibm-uds
+      mirrors:
+        - {{ registry_private_url_with_path }}/ibm-uds
+      mirrorSourcePolicy: NeverContactSource
+    # IBM Db2 Universal operator content live in db2u namespace
+    - source: icr.io/db2u
+      mirrors:
+        - {{ registry_private_url_with_path }}/db2u
+      mirrorSourcePolicy: NeverContactSource
+
+    # 2. IBM Entitled Container Registry
+    # -------------------------------------------------------------------------
+    # All IBM entitled container images live under cp namespace
+    - source: cp.icr.io/cp
+      mirrors:
+        - {{ registry_private_url_with_path }}/cp
+      mirrorSourcePolicy: NeverContactSource
+
+    # 3. Red Hat Quay.io Container Registry
+    # -------------------------------------------------------------------------
+    # IBM common services live here
+    # MongoDb Community Edition Operator & associated container images
+    - source: quay.io/mongodb
+      mirrors:
+        - {{ registry_private_url_with_path }}/mongodb
+      mirrorSourcePolicy: NeverContactSource
+    - source: quay.io/minio
+      mirrors:
+        - {{ registry_private_url_with_path }}/minio
+      mirrorSourcePolicy: NeverContactSource
+    # Non-product IBM Maximo Application Suite images (e.g CLI & mirror of dockerhub mongodb image)
+    - source: quay.io/ibmmas
+      mirrors:
+        - {{ registry_private_url_with_path }}/ibmmas
+      mirrorSourcePolicy: NeverContactSource
+
+{% if artifactory_username != "" %}
+    # 4. Artifactory
+    # -------------------------------------------------------------------------
+    - source: docker-na-public.artifactory.swg-devops.com/wiotp-docker-local
+      mirrors:
+        - docker-us-south-edge-public.artifactory.swg-devops.com/wiotp-docker-local
+      mirrorSourcePolicy: NeverContactSource
+{% endif %}
-Original file line number
+Diff line change
@@ Expand Up / @@ -20,5 +20,6 @@ galaxy_info: @@
         - devops
         - rhocp
         - airgap
+        - aiservice
     dependencies: []