From 464ed497feaab4babbdb16f35e3f6d2bbea72cec Mon Sep 17 00:00:00 2001
From: Danny Bessems <danny@bessems.eu>
Date: Mon, 7 Nov 2022 03:11:59 +0100
Subject: [PATCH] Move config to firstboot;Split yaml;Improve feedback

---
 .../workloadcluster/tasks/clusterapi.yml      |  17 +++
 .../workloadcluster/tasks/hypervisor.yml      |  47 ++++++++
 .../roles/workloadcluster/tasks/main.yml      | 109 +-----------------
 .../workloadcluster/tasks/nodetemplates.yml   |  56 +++++++++
 .../roles/metacluster/tasks/components.yml    |   4 -
 .../roles/metacluster/templates/clusterctl.j2 |  13 ---
 ansible/roles/os/tasks/tty.yml                |   2 +
 7 files changed, 125 insertions(+), 123 deletions(-)
 create mode 100644 ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/clusterapi.yml
 create mode 100644 ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/hypervisor.yml
 create mode 100644 ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/nodetemplates.yml

diff --git a/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/clusterapi.yml b/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/clusterapi.yml
new file mode 100644
index 0000000..cfba14d
--- /dev/null
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/clusterapi.yml
@@ -0,0 +1,17 @@
+- name: Configure clusterctl with hypervisor details
+  ansible.builtin.blockinfile:
+    path: /opt/metacluster/manifests/clusterctl.yml
+    block: |
+      ## -- Controller settings -- ##
+      VSPHERE_USERNAME: {{ vapp['hv.username'] }}
+      VSPHERE_PASSWORD: {{ vapp['hv.password'] }}
+      ## -- Required workload cluster default settings -- ##
+      VSPHERE_SERVER: "{{ vapp['hv.fqdn'] }}
+      VSPHERE_DATACENTER: {{ vcenter_info.datacenter }}
+      VSPHERE_DATASTORE: {{ vcenter_info.datastore }}
+      VSPHERE_NETWORK: {{ vcenter_info.network }}
+      # VSPHERE_RESOURCE_POOL: ""
+      # VSPHERE_FOLDER: ""
+      # VSPHERE_TEMPLATE: "centos-7-kube-v1.18.2"
+      # VSPHERE_SSH_AUTHORIZED_KEY: "output of cat /root/.ssh/id_rsa.pub"
+    marker: '# {mark} ANSIBLE MANAGED BLOCK'
diff --git a/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/hypervisor.yml b/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/hypervisor.yml
new file mode 100644
index 0000000..7408cad
--- /dev/null
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/hypervisor.yml
@@ -0,0 +1,47 @@
+- name: Gather hypervisor details
+  ansible.builtin.shell:
+    cmd: govc ls -L {{ item.moref }} | awk -F/ '{print ${{ item.part }}}'
+  environment:
+    GOVC_INSECURE: '1'
+    GOVC_URL: "{{ vapp['hv.fqdn'] }}"
+    GOVC_USERNAME: "{{ vapp['hv.username'] }}"
+    GOVC_PASSWORD: "{{ vapp['hv.password'] }}"
+  register: govc_inventory
+  loop:
+    - attribute: cluster
+      moref: >-
+        $(govc object.collect -json VirtualMachine:{{ moref_id }} | \
+          jq -r '.[] | select(.Name == "runtime").Val.Host | .Type + ":" + .Value')
+      part: (NF-1)
+    - attribute: datacenter
+      moref: VirtualMachine:{{ moref_id }}
+      part: 2
+    - attribute: datastore
+      moref: >-
+        $(govc object.collect -json VirtualMachine:{{ moref_id }} | \
+          jq -r '.[] | select(.Name == "datastore").Val.ManagedObjectReference | .[].Type + ":" + .[].Value')
+      part: NF
+    - attribute: folder
+      moref: >-
+        $(govc object.collect -json VirtualMachine:{{ moref_id }} | \
+          jq -r '.[] | select(.Name == "parent").Val | .Type + ":" + .Value')
+      part: 0
+    # - attribute: host
+    #   moref: >-
+    #     $(govc object.collect -json VirtualMachine:{{ moref_id }} | \
+    #       jq -r '.[] | select(.Name == "runtime").Val.Host | .Type + ":" + .Value')
+    #   part: NF
+    - attribute: network
+      moref: >-
+        $(govc object.collect -json VirtualMachine:{{ moref_id }} | \
+          jq -r '.[] | select(.Name == "network").Val.ManagedObjectReference | .[].Type + ":" + .[].Value')
+      part: NF
+  loop_control:
+    label: "{{ item.attribute }}"
+
+- name: Store hypervisor details in dictionary
+  ansible.builtin.set_fact:
+    vcenter_info: "{{ vcenter_info | default({}) | combine({ item.item.attribute : item.stdout }) }}"
+  loop: "{{ govc_inventory.results }}"
+  loop_control:
+    label: "{{ item.item.attribute }}"
diff --git a/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/main.yml b/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/main.yml
index 3596366..9d0f87c 100644
--- a/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/main.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/main.yml
@@ -1,106 +1,3 @@
-- block:
-
-    - name: Gather hypervisor details
-      ansible.builtin.shell:
-        cmd: govc ls -L {{ item.moref }} | awk -F/ '{print ${{ item.part }}}'
-      environment:
-        GOVC_INSECURE: '1'
-        GOVC_URL: "{{ vapp['hv.fqdn'] }}"
-        GOVC_USERNAME: "{{ vapp['hv.username'] }}"
-        GOVC_PASSWORD: "{{ vapp['hv.password'] }}"
-      register: govc_inventory
-      loop:
-        - attribute: cluster
-          moref: >-
-            $(govc object.collect -json VirtualMachine:{{ moref_id }} | \
-              jq -r '.[] | select(.Name == "runtime").Val.Host | .Type + ":" + .Value')
-          part: (NF-1)
-        - attribute: datacenter
-          moref: VirtualMachine:{{ moref_id }}
-          part: 2
-        - attribute: datastore
-          moref: >-
-            $(govc object.collect -json VirtualMachine:{{ moref_id }} | \
-              jq -r '.[] | select(.Name == "datastore").Val.ManagedObjectReference | .[].Type + ":" + .[].Value')
-          part: NF
-        - attribute: folder
-          moref: >-
-            $(govc object.collect -json VirtualMachine:{{ moref_id }} | \
-              jq -r '.[] | select(.Name == "parent").Val | .Type + ":" + .Value')
-          part: 0
-        # - attribute: host
-        #   moref: >-
-        #     $(govc object.collect -json VirtualMachine:{{ moref_id }} | \
-        #       jq -r '.[] | select(.Name == "runtime").Val.Host | .Type + ":" + .Value')
-        #   part: NF
-        - attribute: network
-          moref: >-
-            $(govc object.collect -json VirtualMachine:{{ moref_id }} | \
-              jq -r '.[] | select(.Name == "network").Val.ManagedObjectReference | .[].Type + ":" + .[].Value')
-          part: NF
-      loop_control:
-        label: "{{ item.attribute }}"
-
-    - name: Store hypervisor details in dictionary
-      ansible.builtin.set_fact:
-        vcenter_info: "{{ vcenter_info | default({}) | combine({ item.item.attribute : item.stdout }) }}"
-      loop: "{{ govc_inventory.results }}"
-      loop_control:
-        label: "{{ item.item.attribute }}"
-
-- block:
-
-    - name: Check for existing templates on hypervisor
-      community.vmware.vmware_guest_info:
-        name: "{{ (item | basename | split('.'))[:-1] | join('.') }}"
-      register: existing_ova
-      loop: "{{ query('ansible.builtin.fileglob', '/opt/workloadcluster/node-templates/*.ova') | sort }}"
-      ignore_errors: yes
-
-    - name: Parse OVA files for network mappings
-      ansible.builtin.shell:
-        cmd: govc import.spec -json {{ item }}
-      environment:
-        GOVC_INSECURE: '1'
-        GOVC_URL: "{{ vapp['hv.fqdn'] }}"
-        GOVC_USERNAME: "{{ vapp['hv.username'] }}"
-        GOVC_PASSWORD: "{{ vapp['hv.password'] }}"
-      register: ova_spec
-      when: existing_ova.results[index] is failed
-      loop: "{{ query('ansible.builtin.fileglob', '/opt/workloadcluster/node-templates/*.ova') | sort }}"
-      loop_control:
-        index_var: index
-
-    - name: Deploy OVA templates on hypervisor
-      community.vmware.vmware_deploy_ovf:
-        cluster: "{{ vcenter_info.cluster }}"
-        datastore: "{{ vcenter_info.datastore }}"
-        folder: "{{ vcenter_info.folder }}"
-        name: "{{ (item | basename | split('.'))[:-1] | join('.') }}"
-        networks: "{u'{{ ova_spec.results[index].stdout | from_json | json_query('NetworkMapping[0].Name') }}':u'{{ vcenter_info.network }}'}"
-        allow_duplicates: no
-        power_on: false
-        ovf: "{{ item }}"
-      register: ova_deploy
-      when: existing_ova.results[index] is failed
-      loop: "{{ query('ansible.builtin.fileglob', '/opt/workloadcluster/node-templates/*.ova') | sort }}"
-      loop_control:
-        index_var: index
-
-    - name: Mark deployed VM's as templates
-      community.vmware.vmware_guest:
-        name: "{{ item.instance.hw_name }}"
-        is_template: yes
-      when: ova_deploy.results[index] is not skipped
-      loop: "{{ ova_deploy.results }}"
-      loop_control:
-        index_var: index
-        label: "{{ item.item }}"
-
-  module_defaults:
-    group/vmware:
-      hostname: "{{ vapp['hv.fqdn'] }}"
-      validate_certs: no
-      username: "{{ vapp['hv.username'] }}"
-      password: "{{ vapp['hv.password'] }}"
-      datacenter: "{{ vcenter_info.datacenter }}"
+- import_tasks: hypervisor.yml
+- import_tasks: clusterapi.yml
+- import_tasks: nodetemplates.yml
diff --git a/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/nodetemplates.yml b/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/nodetemplates.yml
new file mode 100644
index 0000000..2c8d069
--- /dev/null
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/nodetemplates.yml
@@ -0,0 +1,56 @@
+- block:
+
+    - name: Check for existing templates on hypervisor
+      community.vmware.vmware_guest_info:
+        name: "{{ (item | basename | split('.'))[:-1] | join('.') }}"
+      register: existing_ova
+      loop: "{{ query('ansible.builtin.fileglob', '/opt/workloadcluster/node-templates/*.ova') | sort }}"
+      ignore_errors: yes
+
+    - name: Parse OVA files for network mappings
+      ansible.builtin.shell:
+        cmd: govc import.spec -json {{ item }}
+      environment:
+        GOVC_INSECURE: '1'
+        GOVC_URL: "{{ vapp['hv.fqdn'] }}"
+        GOVC_USERNAME: "{{ vapp['hv.username'] }}"
+        GOVC_PASSWORD: "{{ vapp['hv.password'] }}"
+      register: ova_spec
+      when: existing_ova.results[index] is failed
+      loop: "{{ query('ansible.builtin.fileglob', '/opt/workloadcluster/node-templates/*.ova') | sort }}"
+      loop_control:
+        index_var: index
+
+    - name: Deploy OVA templates on hypervisor
+      community.vmware.vmware_deploy_ovf:
+        cluster: "{{ vcenter_info.cluster }}"
+        datastore: "{{ vcenter_info.datastore }}"
+        folder: "{{ vcenter_info.folder }}"
+        name: "{{ (item | basename | split('.'))[:-1] | join('.') }}"
+        networks: "{u'{{ ova_spec.results[index].stdout | from_json | json_query('NetworkMapping[0].Name') }}':u'{{ vcenter_info.network }}'}"
+        allow_duplicates: no
+        power_on: false
+        ovf: "{{ item }}"
+      register: ova_deploy
+      when: existing_ova.results[index] is failed
+      loop: "{{ query('ansible.builtin.fileglob', '/opt/workloadcluster/node-templates/*.ova') | sort }}"
+      loop_control:
+        index_var: index
+
+    - name: Mark deployed VM's as templates
+      community.vmware.vmware_guest:
+        name: "{{ item.instance.hw_name }}"
+        is_template: yes
+      when: ova_deploy.results[index] is not skipped
+      loop: "{{ ova_deploy.results }}"
+      loop_control:
+        index_var: index
+        label: "{{ item.item }}"
+
+  module_defaults:
+    group/vmware:
+      hostname: "{{ vapp['hv.fqdn'] }}"
+      validate_certs: no
+      username: "{{ vapp['hv.username'] }}"
+      password: "{{ vapp['hv.password'] }}"
+      datacenter: "{{ vcenter_info.datacenter }}"
diff --git a/ansible/roles/metacluster/tasks/components.yml b/ansible/roles/metacluster/tasks/components.yml
index c3b2058..6ad4b3d 100644
--- a/ansible/roles/metacluster/tasks/components.yml
+++ b/ansible/roles/metacluster/tasks/components.yml
@@ -89,10 +89,6 @@
         dest: /opt/metacluster/manifests/clusterctl.yaml
       vars:
         _template:
-          hv:
-            fqdn: "{{ vapp['hv.fqdn'] }}"
-            username: "{{ vapp['hv.username'] }}"
-            password: "{{ vapp['hv.password'] }}"
           version:
             base: "{{ components.clusterapi.manifest.version.base }}"
             infrastructure_vsphere: "{{ components.clusterapi.manifest.version.infrastructure_vsphere }}"
diff --git a/ansible/roles/metacluster/templates/clusterctl.j2 b/ansible/roles/metacluster/templates/clusterctl.j2
index d07ad2f..0a157a0 100644
--- a/ansible/roles/metacluster/templates/clusterctl.j2
+++ b/ansible/roles/metacluster/templates/clusterctl.j2
@@ -11,16 +11,3 @@ providers:
   - name: "vsphere"
     url: "/opt/metacluster/manifests/infrastructure-vsphere/{{ _template.version.infrastructure-vsphere }}/infrastructure-components.yaml"
     type: "InfrastructureProvider"
-
-## -- Controller settings -- ##
-VSPHERE_USERNAME: "{{ _template.hv.username }}"
-VSPHERE_PASSWORD: "{{ _template.hv.password }}"
-## -- Required workload cluster default settings -- ##
-VSPHERE_SERVER: "{{ _template.hv.fqdn }}"
-VSPHERE_DATACENTER: "{{ _template.hv.datacenter }}"
-VSPHERE_DATASTORE: "{{ _template.hv.datastore }}"
-VSPHERE_NETWORK: "{{ _template.hv.network }}"
-#VSPHERE_RESOURCE_POOL: ""
-#VSPHERE_FOLDER: ""
-#VSPHERE_TEMPLATE: "centos-7-kube-v1.18.2"
-#VSPHERE_SSH_AUTHORIZED_KEY: "output of cat /root/.ssh/id_rsa.pub"
diff --git a/ansible/roles/os/tasks/tty.yml b/ansible/roles/os/tasks/tty.yml
index acc02c0..a38a3b5 100644
--- a/ansible/roles/os/tasks/tty.yml
+++ b/ansible/roles/os/tasks/tty.yml
@@ -8,6 +8,8 @@
     line: 'NAutoVTs=1'
   - regexp: '^#ReserveVT='
     line: 'ReserveVT=11'
+  loop_control:
+    label: "{{ item.line }}"
 
 - name: Mask getty@tty1 service
   ansible.builtin.systemd: