From 43d83e8e31fa9143e65fde423a7ff232b26cb187 Mon Sep 17 00:00:00 2001 From: Danny Bessems Date: Fri, 20 Jan 2023 13:23:34 +0100 Subject: [PATCH] Move files between payload folders;Define upgrade vapp properties;Join metacluster --- .../common/roles/preflight/tasks/main.yml | 14 +---- .../common/roles/preflight/tasks/vcenter.yml | 13 ++++ .../templates/compresstarballs.j2 | 0 .../templates/systemdunit.j2 | 0 .../{bootstrap => common}/templates/tty.j2 | 0 .../ansible_payload/upgrade/playbook.yml | 2 +- .../upgrade/roles/metacluster/tasks/k3s.yml | 63 +++++++++++++++++++ .../upgrade/roles/metacluster/tasks/main.yml | 9 +++ .../upgrade/roles/preflight/tasks/main.yml | 2 + .../roles/preflight/tasks/metacluster.yml | 6 ++ scripts/Update-OvfConfiguration.upgrade.yml | 57 +++++------------ 11 files changed, 110 insertions(+), 56 deletions(-) create mode 100644 ansible/roles/firstboot/files/ansible_payload/common/roles/preflight/tasks/vcenter.yml rename ansible/roles/firstboot/files/ansible_payload/{bootstrap => common}/templates/compresstarballs.j2 (100%) rename ansible/roles/firstboot/files/ansible_payload/{bootstrap => common}/templates/systemdunit.j2 (100%) rename ansible/roles/firstboot/files/ansible_payload/{bootstrap => common}/templates/tty.j2 (100%) create mode 100644 ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/k3s.yml create mode 100644 ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/main.yml create mode 100644 ansible/roles/firstboot/files/ansible_payload/upgrade/roles/preflight/tasks/main.yml create mode 100644 ansible/roles/firstboot/files/ansible_payload/upgrade/roles/preflight/tasks/metacluster.yml diff --git a/ansible/roles/firstboot/files/ansible_payload/common/roles/preflight/tasks/main.yml b/ansible/roles/firstboot/files/ansible_payload/common/roles/preflight/tasks/main.yml index b609a8a..64af762 100644 --- a/ansible/roles/firstboot/files/ansible_payload/common/roles/preflight/tasks/main.yml +++ b/ansible/roles/firstboot/files/ansible_payload/common/roles/preflight/tasks/main.yml @@ -1,13 +1 @@ -- block: - - - name: Check for vCenter connectivity - community.vmware.vmware_vcenter_settings_info: - schema: vsphere - register: vcenter_info - - module_defaults: - group/vmware: - hostname: "{{ vapp['hv.fqdn'] }}" - validate_certs: no - username: "{{ vapp['hv.username'] }}" - password: "{{ vapp['hv.password'] }}" +- import_tasks: vcenter.yml diff --git a/ansible/roles/firstboot/files/ansible_payload/common/roles/preflight/tasks/vcenter.yml b/ansible/roles/firstboot/files/ansible_payload/common/roles/preflight/tasks/vcenter.yml new file mode 100644 index 0000000..b609a8a --- /dev/null +++ b/ansible/roles/firstboot/files/ansible_payload/common/roles/preflight/tasks/vcenter.yml @@ -0,0 +1,13 @@ +- block: + + - name: Check for vCenter connectivity + community.vmware.vmware_vcenter_settings_info: + schema: vsphere + register: vcenter_info + + module_defaults: + group/vmware: + hostname: "{{ vapp['hv.fqdn'] }}" + validate_certs: no + username: "{{ vapp['hv.username'] }}" + password: "{{ vapp['hv.password'] }}" diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/compresstarballs.j2 b/ansible/roles/firstboot/files/ansible_payload/common/templates/compresstarballs.j2 similarity index 100% rename from ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/compresstarballs.j2 rename to ansible/roles/firstboot/files/ansible_payload/common/templates/compresstarballs.j2 diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/systemdunit.j2 b/ansible/roles/firstboot/files/ansible_payload/common/templates/systemdunit.j2 similarity index 100% rename from ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/systemdunit.j2 rename to ansible/roles/firstboot/files/ansible_payload/common/templates/systemdunit.j2 diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/tty.j2 b/ansible/roles/firstboot/files/ansible_payload/common/templates/tty.j2 similarity index 100% rename from ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/tty.j2 rename to ansible/roles/firstboot/files/ansible_payload/common/templates/tty.j2 diff --git a/ansible/roles/firstboot/files/ansible_payload/upgrade/playbook.yml b/ansible/roles/firstboot/files/ansible_payload/upgrade/playbook.yml index 2750a68..2bbf474 100644 --- a/ansible/roles/firstboot/files/ansible_payload/upgrade/playbook.yml +++ b/ansible/roles/firstboot/files/ansible_payload/upgrade/playbook.yml @@ -12,7 +12,7 @@ - preflight - users - disks - # - metacluster + - metacluster # - workloadcluster - tty - cleanup diff --git a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/k3s.yml b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/k3s.yml new file mode 100644 index 0000000..50393cd --- /dev/null +++ b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/k3s.yml @@ -0,0 +1,63 @@ +- name: Store custom configuration files + ansible.builtin.copy: + dest: "{{ item.filename }}" + content: "{{ item.content }}" + loop: + - filename: /etc/rancher/k3s/config.yaml + content: | + kubelet-arg: + - "config=/etc/rancher/k3s/kubelet.config" + - filename: /etc/rancher/k3s/kubelet.config + content: | + apiVersion: kubelet.config.k8s.io/v1beta1 + kind: KubeletConfiguration + + shutdownGracePeriod: 180s + shtudownGracePeriodCriticalPods: 60s + loop_control: + label: "{{ item.filename }}" + +- name: Gather service facts + ansible.builtin.service_facts: + # Module requires no attributes + +- name: Install K3s + ansible.builtin.command: + cmd: ./install.sh + chdir: /opt/metacluster/k3s + environment: + INSTALL_K3S_SKIP_DOWNLOAD: 'true' + INSTALL_K3S_EXEC: "server --token {{ vapp['metacluster.token'] }} --server https://{{ vapp['metacluster.fqdn'] }}:6443 --disable local-storage --config /etc/rancher/k3s/config.yaml" + when: ansible_facts.services['k3s.service'] is undefined + +- name: Ensure API availability + ansible.builtin.uri: + url: https://{{ vapp['guestinfo.ipaddress'] }}:6443/livez?verbose + method: GET + validate_certs: no + status_code: [200, 401] + register: api_readycheck + until: api_readycheck.json.apiVersion is defined + retries: "{{ playbook.retries }}" + delay: "{{ playbook.delays.medium }}" + +- name: Install kubectl tab-completion + ansible.builtin.shell: + cmd: kubectl completion bash | tee /etc/bash_completion.d/kubectl + +- name: Initialize tempfile + ansible.builtin.tempfile: + state: file + register: kubeconfig + +- name: Retrieve kubeconfig + ansible.builtin.command: + cmd: kubectl config view --raw + register: kubectl_config + +- name: Store kubeconfig in tempfile + ansible.builtin.copy: + dest: "{{ kubeconfig.path }}" + content: "{{ kubectl_config.stdout }}" + mode: 0600 + no_log: true diff --git a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/main.yml b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/main.yml new file mode 100644 index 0000000..d35e121 --- /dev/null +++ b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/main.yml @@ -0,0 +1,9 @@ +# - import_tasks: init.yml +- import_tasks: k3s.yml +# - import_tasks: assets.yml +# - import_tasks: ingress.yml +# - import_tasks: storage.yml +# - import_tasks: certauthority.yml +# - import_tasks: registry.yml +# - import_tasks: git.yml +# - import_tasks: gitops.yml diff --git a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/preflight/tasks/main.yml b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/preflight/tasks/main.yml new file mode 100644 index 0000000..0b59838 --- /dev/null +++ b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/preflight/tasks/main.yml @@ -0,0 +1,2 @@ +- import_tasks: vcenter.yml +- import_tasks: metacluster.yml diff --git a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/preflight/tasks/metacluster.yml b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/preflight/tasks/metacluster.yml new file mode 100644 index 0000000..08d12c3 --- /dev/null +++ b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/preflight/tasks/metacluster.yml @@ -0,0 +1,6 @@ +- name: Check for metacluster connectivity + ansible.builtin.uri: + url: https://{{ vapp['metacluster.fqdn'] }}:6443/livez?verbose + method: GET + validate_certs: no + status_code: [200, 401] diff --git a/scripts/Update-OvfConfiguration.upgrade.yml b/scripts/Update-OvfConfiguration.upgrade.yml index 331727f..a7eedf6 100644 --- a/scripts/Update-OvfConfiguration.upgrade.yml +++ b/scripts/Update-OvfConfiguration.upgrade.yml @@ -42,7 +42,7 @@ PropertyCategories: - Key: metacluster.password Type: password(7..) Label: Appliance password* - Description: 'Initial password for respective administrator accounts within each component' + Description: '' DefaultValue: '' Configurations: '*' UserConfigurable: true @@ -65,9 +65,17 @@ PropertyCategories: - Key: metacluster.fqdn Type: string(1..) - Label: Appliance FQDN* - Description: Respective subdomains will be available for each component (e.g. storage.example.org); this address should already be configured as a wildcard record within your DNS zone. - DefaultValue: meta.k8s.cluster + Label: Meta-cluster FQDN/IP-address* + Description: The address of the target meta-cluster which this appliance will perform an upgrade on. + DefaultValue: '' + Configurations: '*' + UserConfigurable: true + + - key: metacluster.token + Type: string(1..) + Label: K3s install token* + Description: Must match the token originally used for the target meta-cluster + DefaultValue: '' Configurations: '*' UserConfigurable: true @@ -95,53 +103,18 @@ PropertyCategories: Configurations: '*' UserConfigurable: true -- Name: 2) Workload-cluster - ProductProperties: - - - Key: workloadcluster.name - Type: string(1..15) - Label: Workload-cluster name* - Description: '' - DefaultValue: 'workload-{{ hostname.suffix }}' - Configurations: '*' - UserConfigurable: true - - - Key: workloadcluster.vip - Type: ip - Label: Workload-cluster virtual IP* - Description: Workload-cluster control plane endpoint virtual IP - DefaultValue: '' - Configurations: '*' - UserConfigurable: true - - - Key: ippool.startip - Type: ip - Label: Workload-cluster IP-pool start IP* - Description: All nodes for the workload-cluster will be provisioned within this IP pool - DefaultValue: '' - Configurations: '*' - UserConfigurable: true - - - Key: ippool.endip - Type: ip - Label: Workload-cluster IP-pool end IP* - Description: All nodes for the workload-cluster will be provisioned within this IP pool - DefaultValue: '' - Configurations: '*' - UserConfigurable: true - -- Name: 3) Common +- Name: 2) Common ProductProperties: - Key: guestinfo.rootsshkey Type: password(1..) Label: SSH public key* - Description: Authentication for any node (meta-cluster *and* workloadcluster); this line should start with 'ssh-rsa AAAAB3N' + Description: Authentication for this meta-cluster node; this line should start with 'ssh-rsa AAAAB3N' DefaultValue: '' Configurations: '*' UserConfigurable: true -- Name: 4) Hypervisor +- Name: 3) Hypervisor ProductProperties: - Key: hv.fqdn