From b51bec29ce1ee0d09b3e1a7452d70f1d12d8ea7a Mon Sep 17 00:00:00 2001 From: Samuel Rac Date: Thu, 2 Jul 2026 15:16:19 +0100 Subject: [PATCH] [federation] Fix RHSSO OperatorGroup conflict with RHOSO operators The federation role was deploying the RHSSO OperatorGroup into openstack-operators, which already has an OperatorGroup from the OpenStack operator. OLM enforces one OperatorGroup per namespace, so the second one triggered TooManyOperatorGroups and blocked InstallPlan creation for the RHSSO subscription. Change the default cifmw_federation_operator_namespace from openstack-operators to keycloak-operators, and add a task to create that namespace before applying the OLM manifest. Signed-off-by: Samuel Rac --- docs/dictionary/en-custom.txt | 1 + roles/federation/README.md | 1 + roles/federation/defaults/main.yml | 2 +- roles/federation/tasks/run_keycloak_setup.yml | 9 ++++++++- 4 files changed, 11 insertions(+), 2 deletions(-) diff --git a/docs/dictionary/en-custom.txt b/docs/dictionary/en-custom.txt index c3ad93607..b0eba327d 100644 --- a/docs/dictionary/en-custom.txt +++ b/docs/dictionary/en-custom.txt @@ -583,6 +583,7 @@ rsa rsync runtime RHCOS +RHSSO scansettingbinding scap scp diff --git a/roles/federation/README.md b/roles/federation/README.md index ea28a9882..1b1ce2d40 100644 --- a/roles/federation/README.md +++ b/roles/federation/README.md @@ -28,6 +28,7 @@ This role supports testing all OIDC authentication methods available in keystone | Variable | Default | Description | |----------|---------|-------------| +| `cifmw_federation_operator_namespace` | `keycloak-operators` | Kubernetes namespace for the RHSSO operator | | `cifmw_federation_keycloak_namespace` | `openstack` | Kubernetes namespace for Keycloak | | `cifmw_federation_run_osp_cmd_namespace` | `openstack` | Kubernetes namespace for openstackclient | | `cifmw_federation_domain` | - | Base domain for service URLs | diff --git a/roles/federation/defaults/main.yml b/roles/federation/defaults/main.yml index d0d07293c..5437dfcdf 100644 --- a/roles/federation/defaults/main.yml +++ b/roles/federation/defaults/main.yml @@ -12,7 +12,7 @@ # Basic namespace and domain settings for the federation deployment # Kubernetes namespaces -cifmw_federation_operator_namespace: openstack-operators +cifmw_federation_operator_namespace: keycloak-operators cifmw_federation_keycloak_namespace: openstack cifmw_federation_run_osp_cmd_namespace: openstack diff --git a/roles/federation/tasks/run_keycloak_setup.yml b/roles/federation/tasks/run_keycloak_setup.yml index 73e9bf87d..f945c3617 100644 --- a/roles/federation/tasks/run_keycloak_setup.yml +++ b/roles/federation/tasks/run_keycloak_setup.yml @@ -28,13 +28,20 @@ mode: "0640" when: cifmw_federation_deploy_type == "crc" -- name: Create namespace +- name: Create keycloak namespace kubernetes.core.k8s: name: "{{ cifmw_federation_keycloak_namespace }}" api_version: v1 kind: Namespace state: present +- name: Create operator namespace + kubernetes.core.k8s: + name: "{{ cifmw_federation_operator_namespace }}" + api_version: v1 + kind: Namespace + state: present + - name: Read federation rhsso operator template ansible.builtin.template: src: rhsso-operator-olm.yaml.j2