From 2531a4fb5d4015e18482a2cab7c3b8e8db6d0546 Mon Sep 17 00:00:00 2001
From: Danny Bessems <danny@bessems.eu>
Date: Mon, 23 Jan 2023 09:12:35 +0100
Subject: [PATCH] Add preflight retries;Housekeeping;Upload&Import images;Fix
 var reference;Improve UX

---
 .../roles/metacluster/tasks/registry.yml      | 14 ------
 .../roles/metacluster/tasks/assets.yml        |  0
 .../common/roles/preflight/tasks/vcenter.yml  |  3 ++
 .../upgrade/roles/metacluster/tasks/k3s.yml   |  2 +-
 .../upgrade/roles/metacluster/tasks/main.yml  |  4 +-
 .../roles/metacluster/tasks/registry.yml      | 50 +++++++++++++++++++
 .../roles/preflight/tasks/metacluster.yml     |  2 +-
 scripts/Update-OvfConfiguration.upgrade.yml   | 16 +++---
 8 files changed, 65 insertions(+), 26 deletions(-)
 rename ansible/roles/firstboot/files/ansible_payload/{bootstrap => common}/roles/metacluster/tasks/assets.yml (100%)
 create mode 100644 ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/registry.yml

diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/registry.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/registry.yml
index 58cad16..2fb42a0 100644
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/registry.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/registry.yml
@@ -64,20 +64,6 @@
           hv:
             fqdn: "{{ vapp['metacluster.fqdn'] }}"
 
-    # - name: Restart kubelet (k3s) to pick up configured registries
-    #   ansible.builtin.systemd:
-    #     name: k3s
-    #     state: restarted
-
-    # - name: Ensure k3s API availability
-    #   ansible.builtin.uri:
-    #     url: https://{{ vapp['guestinfo.ipaddress'] }}:6443/livez?verbose
-    #     method: GET
-    #   register: api_readycheck
-    #   until: api_readycheck.json.apiVersion is defined
-    #   retries: 5
-    #   delay: 30
-
   module_defaults:
     ansible.builtin.uri:
       validate_certs: no
diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/assets.yml b/ansible/roles/firstboot/files/ansible_payload/common/roles/metacluster/tasks/assets.yml
similarity index 100%
rename from ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/assets.yml
rename to ansible/roles/firstboot/files/ansible_payload/common/roles/metacluster/tasks/assets.yml
diff --git a/ansible/roles/firstboot/files/ansible_payload/common/roles/preflight/tasks/vcenter.yml b/ansible/roles/firstboot/files/ansible_payload/common/roles/preflight/tasks/vcenter.yml
index b609a8a..55d03b7 100644
--- a/ansible/roles/firstboot/files/ansible_payload/common/roles/preflight/tasks/vcenter.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/common/roles/preflight/tasks/vcenter.yml
@@ -4,6 +4,9 @@
       community.vmware.vmware_vcenter_settings_info:
         schema: vsphere
       register: vcenter_info
+      retries: "{{ playbook.retries }}"
+      delay: "{{ playbook.delays.short }}"
+      until: vcenter_info is not failed
 
   module_defaults:
     group/vmware:
diff --git a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/k3s.yml b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/k3s.yml
index c0670bf..b54cb98 100644
--- a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/k3s.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/k3s.yml
@@ -27,7 +27,7 @@
     chdir: /opt/metacluster/k3s
   environment:
     INSTALL_K3S_SKIP_DOWNLOAD: 'true'
-    INSTALL_K3S_EXEC: "server --token {{ vapp['metacluster.token'] | trim }} --server https://{{ vapp['metacluster.fqdn'] }}:6443 --disable local-storage --config /etc/rancher/k3s/config.yaml"
+    INSTALL_K3S_EXEC: "server --token {{ vapp['metacluster.token'] | trim }} --server https://{{ vapp['metacluster.vip'] }}:6443 --disable local-storage --config /etc/rancher/k3s/config.yaml"
   when: ansible_facts.services['k3s.service'] is undefined
 
 - name: Ensure API availability
diff --git a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/main.yml b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/main.yml
index bad0a94..91401f0 100644
--- a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/main.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/main.yml
@@ -1,9 +1,9 @@
 - import_tasks: init.yml
+- import_tasks: registry.yml
 - import_tasks: k3s.yml
-# - import_tasks: assets.yml
+- import_tasks: assets.yml
 # - import_tasks: ingress.yml
 # - import_tasks: storage.yml
 # - import_tasks: certauthority.yml
-# - import_tasks: registry.yml
 # - import_tasks: git.yml
 # - import_tasks: gitops.yml
diff --git a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/registry.yml b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/registry.yml
new file mode 100644
index 0000000..c0ba9c4
--- /dev/null
+++ b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/registry.yml
@@ -0,0 +1,50 @@
+- block:
+
+    - name: Push images to registry
+      ansible.builtin.shell:
+        cmd: >-
+          skopeo copy \
+            --insecure-policy \
+            --dest-tls-verify=false \
+            --dest-creds admin:{{ vapp['metacluster.password'] }} \
+            docker-archive:./{{ item | basename }} \
+            docker://registry.{{ vapp['metacluster.fqdn'] }}/library/$( \
+              skopeo list-tags \
+                --insecure-policy \
+                docker-archive:./{{ item | basename }} | \
+              jq -r '.Tags[0]')
+        chdir: /opt/metacluster/container-images/
+      register: push_result
+      loop: "{{ query('ansible.builtin.fileglob', '/opt/metacluster/container-images/*.tar') | sort }}"
+      loop_control:
+        label: "{{ item | basename }}"
+      retries: "{{ playbook.retries }}"
+      delay: "{{ playbook.delays.short }}"
+      until: push_result is not failed
+
+    - name: Get all stored container images (=artifacts)
+      ansible.builtin.uri:
+        url: https://registry.{{ vapp['metacluster.fqdn'] }}/api/v2.0/search?q=library
+        method: GET
+      register: registry_artifacts
+
+    - name: Get source registries of all artifacts
+      ansible.builtin.set_fact:
+        source_registries: "{{ (source_registries | default([]) + [(item | split('/'))[1]]) | unique | sort }}"
+      loop: "{{ registry_artifacts.json.repository | json_query('[*].repository_name') }}"
+
+    - name: Configure K3s node for private registry
+      ansible.builtin.template:
+        dest: /etc/rancher/k3s/registries.yaml
+        src: registries.j2
+      vars:
+        _template:
+          data: "{{ source_registries }}"
+          hv:
+            fqdn: "{{ vapp['metacluster.fqdn'] }}"
+
+  module_defaults:
+    ansible.builtin.uri:
+      validate_certs: no
+      status_code: [200, 201, 401]
+      body_format: json
diff --git a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/preflight/tasks/metacluster.yml b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/preflight/tasks/metacluster.yml
index 08d12c3..dce935d 100644
--- a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/preflight/tasks/metacluster.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/preflight/tasks/metacluster.yml
@@ -1,6 +1,6 @@
 - name: Check for metacluster connectivity
   ansible.builtin.uri:
-    url: https://{{ vapp['metacluster.fqdn'] }}:6443/livez?verbose
+    url: https://{{ vapp['metacluster.vip'] }}:6443/livez?verbose
     method: GET
     validate_certs: no
     status_code: [200, 401]
diff --git a/scripts/Update-OvfConfiguration.upgrade.yml b/scripts/Update-OvfConfiguration.upgrade.yml
index b059b54..346ba44 100644
--- a/scripts/Update-OvfConfiguration.upgrade.yml
+++ b/scripts/Update-OvfConfiguration.upgrade.yml
@@ -28,6 +28,14 @@ PropertyCategories:
     Configurations: '*'
     UserConfigurable: true
 
+  - Key: metacluster.password
+    Type: password(7..)
+    Label: Meta-cluster administrator password*
+    Description: 'Needed to authenticate with target meta-cluster'
+    DefaultValue: ''
+    Configurations: '*'
+    UserConfigurable: true
+
   - key: metacluster.token
     Type: string(1..)
     Label: K3s install token*
@@ -47,14 +55,6 @@ PropertyCategories:
     Configurations: '*'
     UserConfigurable: true
 
-  - Key: metacluster.password
-    Type: password(7..)
-    Label: Appliance password*
-    Description: ''
-    DefaultValue: ''
-    Configurations: '*'
-    UserConfigurable: true
-
   - Key: guestinfo.ipaddress
     Type: ip
     Label: IP Address*