openshift-eng · openshift-merge-bot · Mar 16, 2026 · Mar 10, 2026 · Mar 10, 2026 · Mar 10, 2026
diff --git a/deploy/aws-hypervisor/scripts/configure.sh b/deploy/aws-hypervisor/scripts/configure.sh
@@ -48,3 +48,21 @@ sudo subscription-manager repos \
 --enable "rhel-9-for-$(uname -m)-appstream-rpms" \
 --enable "rhel-9-for-$(uname -m)-baseos-rpms" \
 --enable "rhocp-$(get_ocp_version)-for-rhel-9-$(uname -m)-rpms"
+
+# Enable CodeReady Builder (CRB) repo for -devel packages (e.g. libvirt-devel).
+# On RHUI instances (like AWS), subscription-manager repos --enable doesn't work
+# for CRB because repos are managed by RHUI configuration. The 'crb' command
+# handles both RHUI and non-RHUI environments correctly.
+enable_crb_repo() {
+    if command -v crb &>/dev/null; then
+        sudo crb enable
+    else
+        sudo subscription-manager repos --enable "codeready-builder-for-rhel-9-$(uname -m)-rpms"
+    fi
+}
+
+echo "Enabling CRB repository..."
+if ! enable_crb_repo; then
+    echo "ERROR: Failed to enable CRB repository. libvirt-devel will be unavailable."
+    exit 1
+fi
diff --git a/deploy/openshift-clusters/roles/dev-scripts/install-dev/handlers/main.yml b/deploy/openshift-clusters/roles/dev-scripts/install-dev/handlers/main.yml
@@ -1,3 +1,25 @@
 ---
-- name: Set OCP project
-  command: oc --kubeconfig="{{kubeconfig_path}}" project openshift-machine-api
+- name: Check kubeconfig exists for OCP project
+  stat:
+    path: "{{ kubeconfig_path }}"
+  register: kubeconfig_stat
+  when: kubeconfig_path is defined
+  listen: Set OCP project
+
+- name: Run oc project
+  command: oc --kubeconfig="{{ kubeconfig_path }}" project openshift-machine-api
+  when:
+    - kubeconfig_path is defined
+    - kubeconfig_stat.stat.exists | default(false)
+  changed_when: false
+  listen: Set OCP project
+
+- name: Warn about missing kubeconfig
+  debug:
+    msg: >-
+      Could not set OCP project: kubeconfig not found at '{{ kubeconfig_path }}'.
+      The cluster may not have been deployed yet.
+  when:
+    - kubeconfig_path is defined
+    - not (kubeconfig_stat.stat.exists | default(false))
+  listen: Set OCP project
diff --git a/deploy/openshift-clusters/roles/dev-scripts/install-dev/tasks/config.yml b/deploy/openshift-clusters/roles/dev-scripts/install-dev/tasks/config.yml
@@ -1,4 +1,36 @@
 ---
+- name: Read config file to check for CI registry usage
+  set_fact:
+    config_content: "{{ lookup('file', config_file[method]) }}"
+  delegate_to: localhost
+  become: false
+
+- name: Parse pull secret JSON
+  block:
+    - name: Read pull secret to check for CI registry auth
+      set_fact:
+        pull_secret_content: "{{ lookup('file', 'pull-secret.json') | from_json }}"
+      delegate_to: localhost
+      become: false
+  rescue:
+    - name: Fail with pull secret parse error
+      fail:
+        msg: >-
+          Failed to parse pull-secret.json. Ensure the file contains valid JSON.
+          You can validate it with: python3 -m json.tool pull-secret.json
+
+- name: Warn if using CI registry images without CI auth in pull secret
+  fail:
+    msg: >-
+      Your config uses a CI registry image (registry.ci.openshift.org) but your
+      pull secret does not include credentials for registry.ci.openshift.org.
+      Either add CI registry credentials to your pull secret or switch to a
+      public release image (e.g. quay.io/openshift-release-dev/ocp-release).
+      See the setup guide for instructions on obtaining CI registry credentials.
+  when:
+    - "'registry.ci.openshift.org' in config_content"
+    - "'registry.ci.openshift.org' not in (pull_secret_content.auths | default({}) | list)"
+
 - name: Copy pull secrets
   copy:
     dest: "{{dev_scripts_path}}/pull_secret.json"

diff --git a/deploy/openshift-clusters/scripts/redeploy-cluster.sh b/deploy/openshift-clusters/scripts/redeploy-cluster.sh
@@ -215,9 +215,10 @@ echo "=================================="
 
 # Call ansible in non-interactive mode with all parameters pre-determined
 # Convert method to lowercase for ansible (state file stores uppercase)
+# Uses tr instead of ${var,,} for bash 3.2 (macOS) compatibility.
 ansible-playbook redeploy.yml -i inventory.ini \
     --extra-vars "topology=${topology}" \
-    --extra-vars "method=${current_installation_method,,}" \
+    --extra-vars "method=$(echo "${current_installation_method}" | tr '[:upper:]' '[:lower:]')" \
     --extra-vars "vm_cleanup_needed=${vm_cleanup_needed}" \
     --extra-vars "clean_needed=${clean_needed:-false}" \
     --extra-vars "cleanup_reason=${cleanup_reason}" \
@@ -234,4 +235,4 @@ echo "1. Source the proxy environment from anywhere:"
 echo "   source ${DEPLOY_DIR}/openshift-clusters/proxy.env"
 echo "   (or from openshift-clusters directory: source proxy.env)"
 echo "2. Verify cluster access: oc get nodes"
-echo "3. Access the cluster console if needed"
+echo "3. Access the cluster console if needed"