2023-01-24 15:41:18 +00:00
|
|
|
- block:
|
2023-01-25 09:28:28 +00:00
|
|
|
# Below tasks circumvent usernames with `<domain>\<username>` format, which causes CAPV to
|
|
|
|
# incorrectly interpret the backslash (despite automatic escaping) as an escape sequence.
|
|
|
|
# `vcenter_session.user` will instead contain the username in `<username>@<domain>` format.
|
2023-01-24 15:41:18 +00:00
|
|
|
|
|
|
|
- name: Generate vCenter API token
|
|
|
|
ansible.builtin.uri:
|
|
|
|
url: https://{{ vapp['hv.fqdn'] }}/api/session
|
|
|
|
method: POST
|
|
|
|
headers:
|
|
|
|
Authorization: Basic {{ ( vapp['hv.username'] ~ ':' ~ vapp['hv.password'] ) | b64encode }}
|
|
|
|
register: vcenterapi_token
|
|
|
|
|
|
|
|
- name: Retrieve vCenter API session details
|
|
|
|
ansible.builtin.uri:
|
|
|
|
url: https://{{ vapp['hv.fqdn'] }}/api/session
|
|
|
|
method: GET
|
|
|
|
headers:
|
2023-01-25 09:28:28 +00:00
|
|
|
vmware-api-session-id: "{{ vcenterapi_token.json }}"
|
2023-01-24 15:41:18 +00:00
|
|
|
register: vcenter_session
|
|
|
|
|
|
|
|
module_defaults:
|
|
|
|
ansible.builtin.uri:
|
|
|
|
validate_certs: no
|
|
|
|
status_code: [200, 201]
|
|
|
|
body_format: json
|
|
|
|
|
2022-11-08 13:43:40 +00:00
|
|
|
- name: Configure clusterctl
|
|
|
|
ansible.builtin.template:
|
|
|
|
src: clusterctl.j2
|
2022-11-24 09:59:41 +00:00
|
|
|
dest: /opt/metacluster/cluster-api/clusterctl.yaml
|
2022-11-08 13:43:40 +00:00
|
|
|
vars:
|
|
|
|
_template:
|
|
|
|
version:
|
|
|
|
base: "{{ components.clusterapi.management.version.base }}"
|
|
|
|
cert_manager: "{{ components.clusterapi.management.version.cert_manager }}"
|
|
|
|
infrastructure_vsphere: "{{ components.clusterapi.management.version.infrastructure_vsphere }}"
|
2022-12-04 10:22:17 +00:00
|
|
|
ipam_incluster: "{{ components.clusterapi.management.version.ipam_incluster }}"
|
2022-11-08 13:43:40 +00:00
|
|
|
hv:
|
|
|
|
fqdn: "{{ vapp['hv.fqdn'] }}"
|
2022-11-17 09:17:17 +00:00
|
|
|
tlsthumbprint: "{{ tls_thumbprint.stdout }}"
|
2023-01-24 15:41:18 +00:00
|
|
|
username: "{{ vcenter_session.json.user }}"
|
2022-11-08 13:43:40 +00:00
|
|
|
password: "{{ vapp['hv.password'] }}"
|
|
|
|
datacenter: "{{ vcenter_info.datacenter }}"
|
|
|
|
datastore: "{{ vcenter_info.datastore }}"
|
|
|
|
network: "{{ vcenter_info.network }}"
|
2022-11-08 18:46:37 +00:00
|
|
|
resourcepool: "{{ vcenter_info.resourcepool }}"
|
2022-11-17 09:17:17 +00:00
|
|
|
folder: "{{ vcenter_info.folder }}"
|
2022-11-08 13:43:40 +00:00
|
|
|
cluster:
|
2023-01-17 14:08:20 +00:00
|
|
|
nodetemplate: "{{ (components.clusterapi.workload.node_template.url | basename | split('.'))[:-1] | join('.') }}"
|
2022-11-08 13:43:40 +00:00
|
|
|
publickey: "{{ vapp['guestinfo.rootsshkey'] }}"
|
|
|
|
version: "{{ components.clusterapi.workload.version.k8s }}"
|
|
|
|
vip: "{{ vapp['workloadcluster.vip'] }}"
|
2022-11-09 15:43:49 +00:00
|
|
|
|
2023-01-26 15:58:15 +00:00
|
|
|
- name: WORKAROUND - Update image references to use local registry
|
2022-12-29 11:31:27 +00:00
|
|
|
ansible.builtin.replace:
|
2023-02-07 21:11:09 +00:00
|
|
|
dest: "{{ item }}"
|
2022-12-29 11:31:27 +00:00
|
|
|
regexp: '([ ]+image:[ "]+)(?!({{ _template.pattern }}|"{{ _template.pattern }}))'
|
|
|
|
replace: '\1{{ _template.pattern }}'
|
|
|
|
vars:
|
2023-02-07 21:11:09 +00:00
|
|
|
fileglobs:
|
|
|
|
- "{{ query('ansible.builtin.fileglob', '/opt/metacluster/cluster-api/cni-calico/' ~ components.clusterapi.workload.version.calico ~ '/*.yaml') }}"
|
|
|
|
- "{{ query('ansible.builtin.fileglob', '/opt/metacluster/cluster-api/infrastructure-vsphere/' ~ components.clusterapi.management.version.infrastructure_vsphere ~ '/*.yaml') }}"
|
2022-12-29 11:31:27 +00:00
|
|
|
_template:
|
|
|
|
pattern: registry.{{ vapp['metacluster.fqdn'] }}/library/
|
2023-02-07 21:11:09 +00:00
|
|
|
loop: "{{ fileglobs[0:] | flatten | select }}"
|
2022-12-29 11:31:27 +00:00
|
|
|
loop_control:
|
2023-02-07 21:11:09 +00:00
|
|
|
label: "{{ item | basename }}"
|
2022-12-29 11:31:27 +00:00
|
|
|
when:
|
2023-02-07 21:11:09 +00:00
|
|
|
- item is not search("components.yaml|metadata.yaml")
|
2022-12-29 11:31:27 +00:00
|
|
|
|
2023-01-02 13:39:01 +00:00
|
|
|
- name: Generate kustomization template
|
|
|
|
ansible.builtin.template:
|
|
|
|
src: kustomization.cluster-template.j2
|
|
|
|
dest: /opt/metacluster/cluster-api/infrastructure-vsphere/{{ components.clusterapi.management.version.infrastructure_vsphere }}/kustomization.yaml
|
|
|
|
vars:
|
|
|
|
_template:
|
2023-03-18 17:25:09 +00:00
|
|
|
additionaldisk: "{{ vapp['workloadcluster.additionaldisk'] }}"
|
2023-03-15 09:24:45 +00:00
|
|
|
network:
|
|
|
|
fqdn: "{{ vapp['metacluster.fqdn'] }}"
|
|
|
|
dnsserver: "{{ vapp['guestinfo.dnsserver'] }}"
|
2023-01-02 13:39:01 +00:00
|
|
|
rootca: "{{ stepca_cm_certs.resources[0].data['root_ca.crt'] }}"
|
2023-01-02 20:20:08 +00:00
|
|
|
runcmds:
|
|
|
|
- update-ca-certificates
|
2023-01-02 13:39:01 +00:00
|
|
|
|
2023-01-04 12:22:35 +00:00
|
|
|
- name: Store custom cluster-template
|
|
|
|
ansible.builtin.copy:
|
|
|
|
dest: /opt/metacluster/cluster-api/custom-cluster-template.yaml
|
2023-01-25 09:28:28 +00:00
|
|
|
content: "{{ lookup('kubernetes.core.kustomize', dir='/opt/metacluster/cluster-api/infrastructure-vsphere/' ~ components.clusterapi.management.version.infrastructure_vsphere ) }}"
|
2023-01-04 12:22:35 +00:00
|
|
|
|
2022-11-09 15:43:49 +00:00
|
|
|
- name: Initialize Cluster API management cluster
|
|
|
|
ansible.builtin.shell:
|
2022-12-04 10:22:17 +00:00
|
|
|
cmd: >-
|
|
|
|
clusterctl init \
|
|
|
|
-v5 \
|
|
|
|
--infrastructure vsphere:{{ components.clusterapi.management.version.infrastructure_vsphere }} \
|
2022-12-10 15:56:13 +00:00
|
|
|
--ipam in-cluster:{{ components.clusterapi.management.version.ipam_incluster }} \
|
2022-12-04 10:22:17 +00:00
|
|
|
--config ./clusterctl.yaml \
|
|
|
|
--kubeconfig {{ kubeconfig.path }}
|
2022-11-24 09:59:41 +00:00
|
|
|
chdir: /opt/metacluster/cluster-api
|
2023-01-04 12:22:35 +00:00
|
|
|
|
2023-03-23 15:55:11 +00:00
|
|
|
- name: Ensure controller availability
|
2023-01-17 10:45:25 +00:00
|
|
|
kubernetes.core.k8s_info:
|
|
|
|
kind: Deployment
|
|
|
|
name: "{{ item.name }}"
|
|
|
|
namespace: "{{ item.namespace }}"
|
|
|
|
wait: true
|
|
|
|
kubeconfig: "{{ kubeconfig.path }}"
|
|
|
|
loop:
|
2023-03-23 15:55:11 +00:00
|
|
|
- name: caip-in-cluster-controller-manager
|
|
|
|
namespace: caip-in-cluster-system
|
2023-01-17 10:45:25 +00:00
|
|
|
- name: capi-controller-manager
|
|
|
|
namespace: capi-system
|
|
|
|
- name: capv-controller-manager
|
|
|
|
namespace: capv-system
|
|
|
|
loop_control:
|
|
|
|
label: "{{ item.name }}"
|
|
|
|
|
2023-01-04 12:22:35 +00:00
|
|
|
- name: Parse vApp for workload cluster sizing
|
|
|
|
ansible.builtin.set_fact:
|
|
|
|
clustersize: >-
|
|
|
|
{{ {
|
|
|
|
'controlplane': vapp['deployment.type'] | regex_findall('^cp(\d)+') | first,
|
|
|
|
'workers': vapp['deployment.type'] | regex_findall('w(\d)+$') | first
|
|
|
|
} }}
|
|
|
|
|
|
|
|
- name: Generate workload cluster manifest
|
|
|
|
ansible.builtin.shell:
|
|
|
|
cmd: >-
|
|
|
|
clusterctl generate cluster \
|
2023-01-04 14:36:20 +00:00
|
|
|
{{ vapp['workloadcluster.name'] | lower }} \
|
2023-01-04 12:22:35 +00:00
|
|
|
--control-plane-machine-count {{ clustersize.controlplane }} \
|
|
|
|
--worker-machine-count {{ clustersize.workers }} \
|
|
|
|
--from ./custom-cluster-template.yaml \
|
|
|
|
--config ./clusterctl.yaml \
|
|
|
|
--kubeconfig {{ kubeconfig.path }}
|
|
|
|
chdir: /opt/metacluster/cluster-api
|
|
|
|
register: clusterctl_newcluster
|
|
|
|
|
2023-03-14 13:28:24 +00:00
|
|
|
- name: Initialize tempfile
|
|
|
|
ansible.builtin.tempfile:
|
|
|
|
state: file
|
|
|
|
register: capi_clustermanifest
|
|
|
|
|
2023-01-04 12:22:35 +00:00
|
|
|
- name: Save workload cluster manifest
|
|
|
|
ansible.builtin.copy:
|
2023-03-14 13:28:24 +00:00
|
|
|
dest: "{{ capi_clustermanifest.path }}"
|
2023-01-04 12:22:35 +00:00
|
|
|
content: "{{ clusterctl_newcluster.stdout }}"
|
2023-03-14 13:28:24 +00:00
|
|
|
|
|
|
|
- name: Split manifest into separate files
|
|
|
|
ansible.builtin.shell:
|
|
|
|
cmd: >-
|
|
|
|
kubectl slice \
|
|
|
|
-f {{ capi_clustermanifest.path }} \
|
|
|
|
-o /opt/metacluster/cluster-api/new-cluster
|
|
|
|
|
|
|
|
- name: Cleanup tempfile
|
|
|
|
ansible.builtin.file:
|
|
|
|
path: "{{ capi_clustermanifest.path }}"
|
|
|
|
state: absent
|
|
|
|
when: capi_clustermanifest.path is defined
|
|
|
|
|
2023-03-14 14:43:11 +00:00
|
|
|
- name: Create in-cluster IpPool
|
|
|
|
kubernetes.core.k8s:
|
|
|
|
template: ippool.j2
|
|
|
|
state: present
|
|
|
|
kubeconfig: "{{ kubeconfig.path }}"
|
|
|
|
vars:
|
|
|
|
_template:
|
|
|
|
cluster:
|
|
|
|
name: "{{ vapp['workloadcluster.name'] | lower }}"
|
2023-03-15 09:24:45 +00:00
|
|
|
namespace: default
|
2023-03-14 14:43:11 +00:00
|
|
|
network:
|
|
|
|
startip: "{{ vapp['ippool.startip'] }}"
|
|
|
|
endip: "{{ vapp['ippool.endip'] }}"
|
|
|
|
prefix: "{{ vapp['guestinfo.prefixlength'] }}"
|
|
|
|
gateway: "{{ vapp['guestinfo.gateway'] }}"
|
|
|
|
|
2023-02-01 09:54:47 +00:00
|
|
|
- name: WORKAROUND - Wait for ingress ACME requests to complete
|
|
|
|
ansible.builtin.shell:
|
|
|
|
cmd: >-
|
|
|
|
openssl s_client -connect registry.{{ vapp['metacluster.fqdn'] }}:443 -servername registry.{{ vapp['metacluster.fqdn'] }} 2>/dev/null </dev/null | \
|
|
|
|
openssl x509 -noout -subject | \
|
|
|
|
grep 'subject=CN = registry.{{ vapp['metacluster.fqdn'] }}'
|
|
|
|
register: certificate_subject
|
|
|
|
until: certificate_subject is not failed
|
|
|
|
retries: "{{ playbook.retries }}"
|
2023-03-09 08:59:45 +00:00
|
|
|
delay: "{{ (storage_benchmark | int) * (playbook.delay.medium | int) }}"
|
2023-03-14 13:28:24 +00:00
|
|
|
|
2023-01-05 15:42:20 +00:00
|
|
|
- name: Apply workload cluster manifest
|
|
|
|
kubernetes.core.k8s:
|
|
|
|
definition: >-
|
|
|
|
{{ clusterctl_newcluster.stdout }}
|
2023-02-03 12:11:54 +00:00
|
|
|
wait: true
|
2023-01-05 15:42:20 +00:00
|
|
|
kubeconfig: "{{ kubeconfig.path }}"
|
2023-01-06 15:27:33 +00:00
|
|
|
# TODO: move to git repo
|
|
|
|
|
2023-01-17 14:08:20 +00:00
|
|
|
- name: Wait for cluster to be available
|
|
|
|
ansible.builtin.shell:
|
|
|
|
cmd: >-
|
|
|
|
kubectl wait clusters.cluster.x-k8s.io/{{ vapp['workloadcluster.name'] | lower }} \
|
|
|
|
--for=condition=Ready \
|
|
|
|
--timeout 0s
|
|
|
|
register: cluster_readycheck
|
|
|
|
until: cluster_readycheck is succeeded
|
|
|
|
retries: "{{ playbook.retries }}"
|
2023-03-09 08:59:45 +00:00
|
|
|
delay: "{{ (storage_benchmark | int) * (playbook.delay.long | int) }}"
|
2023-01-17 14:08:20 +00:00
|
|
|
|
2023-01-05 15:42:20 +00:00
|
|
|
- name: Initialize tempfile
|
|
|
|
ansible.builtin.tempfile:
|
|
|
|
state: file
|
|
|
|
register: capi_kubeconfig
|
2023-01-06 15:27:33 +00:00
|
|
|
|
2023-01-05 15:42:20 +00:00
|
|
|
- name: Retrieve kubeconfig
|
2023-01-13 08:03:35 +00:00
|
|
|
ansible.builtin.shell:
|
2023-01-07 10:58:58 +00:00
|
|
|
cmd: >-
|
|
|
|
clusterctl get kubeconfig \
|
|
|
|
{{ vapp['workloadcluster.name'] | lower }} \
|
|
|
|
--kubeconfig {{ kubeconfig.path }}
|
2023-01-05 15:42:20 +00:00
|
|
|
register: capi_kubectl_config
|
2023-01-06 15:27:33 +00:00
|
|
|
|
2023-01-05 15:42:20 +00:00
|
|
|
- name: Store kubeconfig in tempfile
|
|
|
|
ansible.builtin.copy:
|
|
|
|
dest: "{{ capi_kubeconfig.path }}"
|
|
|
|
content: "{{ capi_kubectl_config.stdout }}"
|
|
|
|
mode: 0600
|
|
|
|
no_log: true
|
2023-01-06 12:34:26 +00:00
|
|
|
|
2023-01-06 15:27:33 +00:00
|
|
|
# TODO: move to git repo
|
2023-01-05 15:42:20 +00:00
|
|
|
- name: Apply cni plugin manifest
|
|
|
|
kubernetes.core.k8s:
|
|
|
|
src: /opt/metacluster/cluster-api/cni-calico/{{ components.clusterapi.workload.version.calico }}/calico.yaml
|
|
|
|
state: present
|
2023-02-03 12:11:54 +00:00
|
|
|
wait: true
|
2023-01-05 15:42:20 +00:00
|
|
|
kubeconfig: "{{ capi_kubeconfig.path }}"
|
2023-01-06 15:27:33 +00:00
|
|
|
# TODO: move to git repo
|