Add upgrade tasks;Housekeeping

2023-02-06 14:17:05 +01:00 · 2023-02-06 14:17:05 +01:00 · 27106b1f34
commit 27106b1f34
parent abcf530b49
7 changed files with 109 additions and 8 deletions
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/init.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/init.yml
@ -23,7 +23,7 @@
    content: "{{ vapp['metacluster.password'] }}"
  no_log: true

- name: Generate root CA
+- name: Generate step-ca helm chart values (including root CA certificate)
  ansible.builtin.shell:
    cmd: >-
      step ca init \
--- a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/certauthority.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/certauthority.yml
@ -0,0 +1,52 @@
+- block:
+
+    - name: Initialize tempfile
+      ansible.builtin.tempfile:
+        state: file
+      register: values_file
+
+    - name: Lookup current chart values
+      kubernetes.core.helm_info:
+        name: step-certificates
+        namespace: step-ca
+        kubeconfig: "{{ kubeconfig.path }}"
+      register: stepca_values
+
+    - name: Write chart values w/ password to tempfile
+      ansible.builtin.copy:
+        dest: "{{ values_file.path }}"
+        content: "{{ stepca_values.status | json_query('values') | to_yaml }}"
+      no_log: true
+
+    - name: Upgrade step-ca chart
+      kubernetes.core.helm:
+        name: step-certificates
+        chart_ref: /opt/metacluster/helm-charts/step-certificates
+        release_namespace: step-ca
+        wait: false
+        kubeconfig: "{{ kubeconfig.path }}"
+        values_files:
+          - "{{ values_file.path }}"
+
+    - name: Cleanup tempfile
+      ansible.builtin.file:
+        path: "{{ values_file.path }}"
+        state: absent
+      when: values_file.path is defined
+
+    - name: Ensure step-ca API availability
+      ansible.builtin.uri:
+        url: https://ca.{{ vapp['metacluster.fqdn'] }}/health
+        method: GET
+      register: api_readycheck
+      until:
+        - api_readycheck.json.status is defined
+        - api_readycheck.json.status == 'ok'
+      retries: "{{ playbook.retries }}"
+      delay: "{{ playbook.delay.long }}"
+
+  module_defaults:
+    ansible.builtin.uri:
+      validate_certs: no
+      status_code: [200, 201]
+      body_format: json
--- a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/git.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/git.yml
@ -0,0 +1,27 @@
+- block:
+
+    - name: Upgrade gitea chart
+      kubernetes.core.helm:
+        name: gitea
+        chart_ref: /opt/metacluster/helm-charts/gitea
+        release_namespace: gitea
+        wait: false
+        kubeconfig: "{{ kubeconfig.path }}"
+        values: "{{ components.gitea.chart_values }}"
+
+    - name: Ensure gitea API availability
+      ansible.builtin.uri:
+        url: https://git.{{ vapp['metacluster.fqdn'] }}/api/healthz
+        method: GET
+      register: api_readycheck
+      until:
+        - api_readycheck.json.status is defined
+        - api_readycheck.json.status == 'pass'
+      retries: "{{ playbook.retries }}"
+      delay: "{{ playbook.delay.long }}"
+
+  module_defaults:
+    ansible.builtin.uri:
+      validate_certs: no
+      status_code: [200, 201]
+      body_format: json
--- a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/gitops.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/gitops.yml
@ -0,0 +1,26 @@
+- block:
+
+    - name: Upgrade argo-cd chart
+      kubernetes.core.helm:
+        name: argo-cd
+        chart_ref: /opt/metacluster/helm-charts/argo-cd
+        release_namespace: argo-cd
+        wait: false
+        kubeconfig: "{{ kubeconfig.path }}"
+        values: "{{ components.argocd.chart_values }}"
+
+    - name: Ensure argo-cd API availability
+      ansible.builtin.uri:
+        url: https://gitops.{{ vapp['metacluster.fqdn'] }}/api/version
+        method: GET
+      register: api_readycheck
+      until:
+        - api_readycheck.json.Version is defined
+      retries: "{{ playbook.retries }}"
+      delay: "{{ playbook.delay.long }}"
+
+  module_defaults:
+    ansible.builtin.uri:
+      validate_certs: no
+      status_code: [200, 201]
+      body_format: json
--- a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/main.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/main.yml
@ -3,9 +3,7 @@
 - import_tasks: k3s.yml
 - import_tasks: assets.yml
 - import_tasks: storage.yml
-
-# - import_tasks: charts.yml
 - import_tasks: registry.yml
-# - import_tasks: certauthority.yml
-# - import_tasks: git.yml
-# - import_tasks: gitops.yml
+- import_tasks: certauthority.yml
+- import_tasks: git.yml
+- import_tasks: gitops.yml
--- a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/registry.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/registry.yml
@ -5,7 +5,6 @@
        name: harbor
        chart_ref: /opt/metacluster/helm-charts/harbor
        release_namespace: harbor
-        create_namespace: true
        wait: false
        kubeconfig: "{{ kubeconfig.path }}"
        values: "{{ components.harbor.chart_values }}"
--- a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/storage.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/storage.yml
@ -32,7 +32,6 @@
        name: longhorn
        chart_ref: /opt/metacluster/helm-charts/longhorn
        release_namespace: longhorn-system
-        create_namespace: true
        wait: false
        kubeconfig: "{{ kubeconfig.path }}"
        values: "{{ components.longhorn.chart_values }}"