From 2531a4fb5d4015e18482a2cab7c3b8e8db6d0546 Mon Sep 17 00:00:00 2001 From: Danny Bessems Date: Mon, 23 Jan 2023 09:12:35 +0100 Subject: [PATCH] Add preflight retries;Housekeeping;Upload&Import images;Fix var reference;Improve UX --- .../roles/metacluster/tasks/registry.yml | 14 ------ .../roles/metacluster/tasks/assets.yml | 0 .../common/roles/preflight/tasks/vcenter.yml | 3 ++ .../upgrade/roles/metacluster/tasks/k3s.yml | 2 +- .../upgrade/roles/metacluster/tasks/main.yml | 4 +- .../roles/metacluster/tasks/registry.yml | 50 +++++++++++++++++++ .../roles/preflight/tasks/metacluster.yml | 2 +- scripts/Update-OvfConfiguration.upgrade.yml | 16 +++--- 8 files changed, 65 insertions(+), 26 deletions(-) rename ansible/roles/firstboot/files/ansible_payload/{bootstrap => common}/roles/metacluster/tasks/assets.yml (100%) create mode 100644 ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/registry.yml diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/registry.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/registry.yml index 58cad16..2fb42a0 100644 --- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/registry.yml +++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/registry.yml @@ -64,20 +64,6 @@ hv: fqdn: "{{ vapp['metacluster.fqdn'] }}" - # - name: Restart kubelet (k3s) to pick up configured registries - # ansible.builtin.systemd: - # name: k3s - # state: restarted - - # - name: Ensure k3s API availability - # ansible.builtin.uri: - # url: https://{{ vapp['guestinfo.ipaddress'] }}:6443/livez?verbose - # method: GET - # register: api_readycheck - # until: api_readycheck.json.apiVersion is defined - # retries: 5 - # delay: 30 - module_defaults: ansible.builtin.uri: validate_certs: no diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/assets.yml b/ansible/roles/firstboot/files/ansible_payload/common/roles/metacluster/tasks/assets.yml similarity index 100% rename from ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/assets.yml rename to ansible/roles/firstboot/files/ansible_payload/common/roles/metacluster/tasks/assets.yml diff --git a/ansible/roles/firstboot/files/ansible_payload/common/roles/preflight/tasks/vcenter.yml b/ansible/roles/firstboot/files/ansible_payload/common/roles/preflight/tasks/vcenter.yml index b609a8a..55d03b7 100644 --- a/ansible/roles/firstboot/files/ansible_payload/common/roles/preflight/tasks/vcenter.yml +++ b/ansible/roles/firstboot/files/ansible_payload/common/roles/preflight/tasks/vcenter.yml @@ -4,6 +4,9 @@ community.vmware.vmware_vcenter_settings_info: schema: vsphere register: vcenter_info + retries: "{{ playbook.retries }}" + delay: "{{ playbook.delays.short }}" + until: vcenter_info is not failed module_defaults: group/vmware: diff --git a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/k3s.yml b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/k3s.yml index c0670bf..b54cb98 100644 --- a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/k3s.yml +++ b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/k3s.yml @@ -27,7 +27,7 @@ chdir: /opt/metacluster/k3s environment: INSTALL_K3S_SKIP_DOWNLOAD: 'true' - INSTALL_K3S_EXEC: "server --token {{ vapp['metacluster.token'] | trim }} --server https://{{ vapp['metacluster.fqdn'] }}:6443 --disable local-storage --config /etc/rancher/k3s/config.yaml" + INSTALL_K3S_EXEC: "server --token {{ vapp['metacluster.token'] | trim }} --server https://{{ vapp['metacluster.vip'] }}:6443 --disable local-storage --config /etc/rancher/k3s/config.yaml" when: ansible_facts.services['k3s.service'] is undefined - name: Ensure API availability diff --git a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/main.yml b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/main.yml index bad0a94..91401f0 100644 --- a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/main.yml +++ b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/main.yml @@ -1,9 +1,9 @@ - import_tasks: init.yml +- import_tasks: registry.yml - import_tasks: k3s.yml -# - import_tasks: assets.yml +- import_tasks: assets.yml # - import_tasks: ingress.yml # - import_tasks: storage.yml # - import_tasks: certauthority.yml -# - import_tasks: registry.yml # - import_tasks: git.yml # - import_tasks: gitops.yml diff --git a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/registry.yml b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/registry.yml new file mode 100644 index 0000000..c0ba9c4 --- /dev/null +++ b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/registry.yml @@ -0,0 +1,50 @@ +- block: + + - name: Push images to registry + ansible.builtin.shell: + cmd: >- + skopeo copy \ + --insecure-policy \ + --dest-tls-verify=false \ + --dest-creds admin:{{ vapp['metacluster.password'] }} \ + docker-archive:./{{ item | basename }} \ + docker://registry.{{ vapp['metacluster.fqdn'] }}/library/$( \ + skopeo list-tags \ + --insecure-policy \ + docker-archive:./{{ item | basename }} | \ + jq -r '.Tags[0]') + chdir: /opt/metacluster/container-images/ + register: push_result + loop: "{{ query('ansible.builtin.fileglob', '/opt/metacluster/container-images/*.tar') | sort }}" + loop_control: + label: "{{ item | basename }}" + retries: "{{ playbook.retries }}" + delay: "{{ playbook.delays.short }}" + until: push_result is not failed + + - name: Get all stored container images (=artifacts) + ansible.builtin.uri: + url: https://registry.{{ vapp['metacluster.fqdn'] }}/api/v2.0/search?q=library + method: GET + register: registry_artifacts + + - name: Get source registries of all artifacts + ansible.builtin.set_fact: + source_registries: "{{ (source_registries | default([]) + [(item | split('/'))[1]]) | unique | sort }}" + loop: "{{ registry_artifacts.json.repository | json_query('[*].repository_name') }}" + + - name: Configure K3s node for private registry + ansible.builtin.template: + dest: /etc/rancher/k3s/registries.yaml + src: registries.j2 + vars: + _template: + data: "{{ source_registries }}" + hv: + fqdn: "{{ vapp['metacluster.fqdn'] }}" + + module_defaults: + ansible.builtin.uri: + validate_certs: no + status_code: [200, 201, 401] + body_format: json diff --git a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/preflight/tasks/metacluster.yml b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/preflight/tasks/metacluster.yml index 08d12c3..dce935d 100644 --- a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/preflight/tasks/metacluster.yml +++ b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/preflight/tasks/metacluster.yml @@ -1,6 +1,6 @@ - name: Check for metacluster connectivity ansible.builtin.uri: - url: https://{{ vapp['metacluster.fqdn'] }}:6443/livez?verbose + url: https://{{ vapp['metacluster.vip'] }}:6443/livez?verbose method: GET validate_certs: no status_code: [200, 401] diff --git a/scripts/Update-OvfConfiguration.upgrade.yml b/scripts/Update-OvfConfiguration.upgrade.yml index b059b54..346ba44 100644 --- a/scripts/Update-OvfConfiguration.upgrade.yml +++ b/scripts/Update-OvfConfiguration.upgrade.yml @@ -28,6 +28,14 @@ PropertyCategories: Configurations: '*' UserConfigurable: true + - Key: metacluster.password + Type: password(7..) + Label: Meta-cluster administrator password* + Description: 'Needed to authenticate with target meta-cluster' + DefaultValue: '' + Configurations: '*' + UserConfigurable: true + - key: metacluster.token Type: string(1..) Label: K3s install token* @@ -47,14 +55,6 @@ PropertyCategories: Configurations: '*' UserConfigurable: true - - Key: metacluster.password - Type: password(7..) - Label: Appliance password* - Description: '' - DefaultValue: '' - Configurations: '*' - UserConfigurable: true - - Key: guestinfo.ipaddress Type: ip Label: IP Address*