From 464ed497feaab4babbdb16f35e3f6d2bbea72cec Mon Sep 17 00:00:00 2001 From: Danny Bessems Date: Mon, 7 Nov 2022 03:11:59 +0100 Subject: [PATCH] Move config to firstboot;Split yaml;Improve feedback --- .../workloadcluster/tasks/clusterapi.yml | 17 +++ .../workloadcluster/tasks/hypervisor.yml | 47 ++++++++ .../roles/workloadcluster/tasks/main.yml | 109 +----------------- .../workloadcluster/tasks/nodetemplates.yml | 56 +++++++++ .../roles/metacluster/tasks/components.yml | 4 - .../roles/metacluster/templates/clusterctl.j2 | 13 --- ansible/roles/os/tasks/tty.yml | 2 + 7 files changed, 125 insertions(+), 123 deletions(-) create mode 100644 ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/clusterapi.yml create mode 100644 ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/hypervisor.yml create mode 100644 ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/nodetemplates.yml diff --git a/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/clusterapi.yml b/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/clusterapi.yml new file mode 100644 index 0000000..cfba14d --- /dev/null +++ b/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/clusterapi.yml @@ -0,0 +1,17 @@ +- name: Configure clusterctl with hypervisor details + ansible.builtin.blockinfile: + path: /opt/metacluster/manifests/clusterctl.yml + block: | + ## -- Controller settings -- ## + VSPHERE_USERNAME: {{ vapp['hv.username'] }} + VSPHERE_PASSWORD: {{ vapp['hv.password'] }} + ## -- Required workload cluster default settings -- ## + VSPHERE_SERVER: "{{ vapp['hv.fqdn'] }} + VSPHERE_DATACENTER: {{ vcenter_info.datacenter }} + VSPHERE_DATASTORE: {{ vcenter_info.datastore }} + VSPHERE_NETWORK: {{ vcenter_info.network }} + # VSPHERE_RESOURCE_POOL: "" + # VSPHERE_FOLDER: "" + # VSPHERE_TEMPLATE: "centos-7-kube-v1.18.2" + # VSPHERE_SSH_AUTHORIZED_KEY: "output of cat /root/.ssh/id_rsa.pub" + marker: '# {mark} ANSIBLE MANAGED BLOCK' diff --git a/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/hypervisor.yml b/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/hypervisor.yml new file mode 100644 index 0000000..7408cad --- /dev/null +++ b/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/hypervisor.yml @@ -0,0 +1,47 @@ +- name: Gather hypervisor details + ansible.builtin.shell: + cmd: govc ls -L {{ item.moref }} | awk -F/ '{print ${{ item.part }}}' + environment: + GOVC_INSECURE: '1' + GOVC_URL: "{{ vapp['hv.fqdn'] }}" + GOVC_USERNAME: "{{ vapp['hv.username'] }}" + GOVC_PASSWORD: "{{ vapp['hv.password'] }}" + register: govc_inventory + loop: + - attribute: cluster + moref: >- + $(govc object.collect -json VirtualMachine:{{ moref_id }} | \ + jq -r '.[] | select(.Name == "runtime").Val.Host | .Type + ":" + .Value') + part: (NF-1) + - attribute: datacenter + moref: VirtualMachine:{{ moref_id }} + part: 2 + - attribute: datastore + moref: >- + $(govc object.collect -json VirtualMachine:{{ moref_id }} | \ + jq -r '.[] | select(.Name == "datastore").Val.ManagedObjectReference | .[].Type + ":" + .[].Value') + part: NF + - attribute: folder + moref: >- + $(govc object.collect -json VirtualMachine:{{ moref_id }} | \ + jq -r '.[] | select(.Name == "parent").Val | .Type + ":" + .Value') + part: 0 + # - attribute: host + # moref: >- + # $(govc object.collect -json VirtualMachine:{{ moref_id }} | \ + # jq -r '.[] | select(.Name == "runtime").Val.Host | .Type + ":" + .Value') + # part: NF + - attribute: network + moref: >- + $(govc object.collect -json VirtualMachine:{{ moref_id }} | \ + jq -r '.[] | select(.Name == "network").Val.ManagedObjectReference | .[].Type + ":" + .[].Value') + part: NF + loop_control: + label: "{{ item.attribute }}" + +- name: Store hypervisor details in dictionary + ansible.builtin.set_fact: + vcenter_info: "{{ vcenter_info | default({}) | combine({ item.item.attribute : item.stdout }) }}" + loop: "{{ govc_inventory.results }}" + loop_control: + label: "{{ item.item.attribute }}" diff --git a/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/main.yml b/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/main.yml index 3596366..9d0f87c 100644 --- a/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/main.yml +++ b/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/main.yml @@ -1,106 +1,3 @@ -- block: - - - name: Gather hypervisor details - ansible.builtin.shell: - cmd: govc ls -L {{ item.moref }} | awk -F/ '{print ${{ item.part }}}' - environment: - GOVC_INSECURE: '1' - GOVC_URL: "{{ vapp['hv.fqdn'] }}" - GOVC_USERNAME: "{{ vapp['hv.username'] }}" - GOVC_PASSWORD: "{{ vapp['hv.password'] }}" - register: govc_inventory - loop: - - attribute: cluster - moref: >- - $(govc object.collect -json VirtualMachine:{{ moref_id }} | \ - jq -r '.[] | select(.Name == "runtime").Val.Host | .Type + ":" + .Value') - part: (NF-1) - - attribute: datacenter - moref: VirtualMachine:{{ moref_id }} - part: 2 - - attribute: datastore - moref: >- - $(govc object.collect -json VirtualMachine:{{ moref_id }} | \ - jq -r '.[] | select(.Name == "datastore").Val.ManagedObjectReference | .[].Type + ":" + .[].Value') - part: NF - - attribute: folder - moref: >- - $(govc object.collect -json VirtualMachine:{{ moref_id }} | \ - jq -r '.[] | select(.Name == "parent").Val | .Type + ":" + .Value') - part: 0 - # - attribute: host - # moref: >- - # $(govc object.collect -json VirtualMachine:{{ moref_id }} | \ - # jq -r '.[] | select(.Name == "runtime").Val.Host | .Type + ":" + .Value') - # part: NF - - attribute: network - moref: >- - $(govc object.collect -json VirtualMachine:{{ moref_id }} | \ - jq -r '.[] | select(.Name == "network").Val.ManagedObjectReference | .[].Type + ":" + .[].Value') - part: NF - loop_control: - label: "{{ item.attribute }}" - - - name: Store hypervisor details in dictionary - ansible.builtin.set_fact: - vcenter_info: "{{ vcenter_info | default({}) | combine({ item.item.attribute : item.stdout }) }}" - loop: "{{ govc_inventory.results }}" - loop_control: - label: "{{ item.item.attribute }}" - -- block: - - - name: Check for existing templates on hypervisor - community.vmware.vmware_guest_info: - name: "{{ (item | basename | split('.'))[:-1] | join('.') }}" - register: existing_ova - loop: "{{ query('ansible.builtin.fileglob', '/opt/workloadcluster/node-templates/*.ova') | sort }}" - ignore_errors: yes - - - name: Parse OVA files for network mappings - ansible.builtin.shell: - cmd: govc import.spec -json {{ item }} - environment: - GOVC_INSECURE: '1' - GOVC_URL: "{{ vapp['hv.fqdn'] }}" - GOVC_USERNAME: "{{ vapp['hv.username'] }}" - GOVC_PASSWORD: "{{ vapp['hv.password'] }}" - register: ova_spec - when: existing_ova.results[index] is failed - loop: "{{ query('ansible.builtin.fileglob', '/opt/workloadcluster/node-templates/*.ova') | sort }}" - loop_control: - index_var: index - - - name: Deploy OVA templates on hypervisor - community.vmware.vmware_deploy_ovf: - cluster: "{{ vcenter_info.cluster }}" - datastore: "{{ vcenter_info.datastore }}" - folder: "{{ vcenter_info.folder }}" - name: "{{ (item | basename | split('.'))[:-1] | join('.') }}" - networks: "{u'{{ ova_spec.results[index].stdout | from_json | json_query('NetworkMapping[0].Name') }}':u'{{ vcenter_info.network }}'}" - allow_duplicates: no - power_on: false - ovf: "{{ item }}" - register: ova_deploy - when: existing_ova.results[index] is failed - loop: "{{ query('ansible.builtin.fileglob', '/opt/workloadcluster/node-templates/*.ova') | sort }}" - loop_control: - index_var: index - - - name: Mark deployed VM's as templates - community.vmware.vmware_guest: - name: "{{ item.instance.hw_name }}" - is_template: yes - when: ova_deploy.results[index] is not skipped - loop: "{{ ova_deploy.results }}" - loop_control: - index_var: index - label: "{{ item.item }}" - - module_defaults: - group/vmware: - hostname: "{{ vapp['hv.fqdn'] }}" - validate_certs: no - username: "{{ vapp['hv.username'] }}" - password: "{{ vapp['hv.password'] }}" - datacenter: "{{ vcenter_info.datacenter }}" +- import_tasks: hypervisor.yml +- import_tasks: clusterapi.yml +- import_tasks: nodetemplates.yml diff --git a/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/nodetemplates.yml b/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/nodetemplates.yml new file mode 100644 index 0000000..2c8d069 --- /dev/null +++ b/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/nodetemplates.yml @@ -0,0 +1,56 @@ +- block: + + - name: Check for existing templates on hypervisor + community.vmware.vmware_guest_info: + name: "{{ (item | basename | split('.'))[:-1] | join('.') }}" + register: existing_ova + loop: "{{ query('ansible.builtin.fileglob', '/opt/workloadcluster/node-templates/*.ova') | sort }}" + ignore_errors: yes + + - name: Parse OVA files for network mappings + ansible.builtin.shell: + cmd: govc import.spec -json {{ item }} + environment: + GOVC_INSECURE: '1' + GOVC_URL: "{{ vapp['hv.fqdn'] }}" + GOVC_USERNAME: "{{ vapp['hv.username'] }}" + GOVC_PASSWORD: "{{ vapp['hv.password'] }}" + register: ova_spec + when: existing_ova.results[index] is failed + loop: "{{ query('ansible.builtin.fileglob', '/opt/workloadcluster/node-templates/*.ova') | sort }}" + loop_control: + index_var: index + + - name: Deploy OVA templates on hypervisor + community.vmware.vmware_deploy_ovf: + cluster: "{{ vcenter_info.cluster }}" + datastore: "{{ vcenter_info.datastore }}" + folder: "{{ vcenter_info.folder }}" + name: "{{ (item | basename | split('.'))[:-1] | join('.') }}" + networks: "{u'{{ ova_spec.results[index].stdout | from_json | json_query('NetworkMapping[0].Name') }}':u'{{ vcenter_info.network }}'}" + allow_duplicates: no + power_on: false + ovf: "{{ item }}" + register: ova_deploy + when: existing_ova.results[index] is failed + loop: "{{ query('ansible.builtin.fileglob', '/opt/workloadcluster/node-templates/*.ova') | sort }}" + loop_control: + index_var: index + + - name: Mark deployed VM's as templates + community.vmware.vmware_guest: + name: "{{ item.instance.hw_name }}" + is_template: yes + when: ova_deploy.results[index] is not skipped + loop: "{{ ova_deploy.results }}" + loop_control: + index_var: index + label: "{{ item.item }}" + + module_defaults: + group/vmware: + hostname: "{{ vapp['hv.fqdn'] }}" + validate_certs: no + username: "{{ vapp['hv.username'] }}" + password: "{{ vapp['hv.password'] }}" + datacenter: "{{ vcenter_info.datacenter }}" diff --git a/ansible/roles/metacluster/tasks/components.yml b/ansible/roles/metacluster/tasks/components.yml index c3b2058..6ad4b3d 100644 --- a/ansible/roles/metacluster/tasks/components.yml +++ b/ansible/roles/metacluster/tasks/components.yml @@ -89,10 +89,6 @@ dest: /opt/metacluster/manifests/clusterctl.yaml vars: _template: - hv: - fqdn: "{{ vapp['hv.fqdn'] }}" - username: "{{ vapp['hv.username'] }}" - password: "{{ vapp['hv.password'] }}" version: base: "{{ components.clusterapi.manifest.version.base }}" infrastructure_vsphere: "{{ components.clusterapi.manifest.version.infrastructure_vsphere }}" diff --git a/ansible/roles/metacluster/templates/clusterctl.j2 b/ansible/roles/metacluster/templates/clusterctl.j2 index d07ad2f..0a157a0 100644 --- a/ansible/roles/metacluster/templates/clusterctl.j2 +++ b/ansible/roles/metacluster/templates/clusterctl.j2 @@ -11,16 +11,3 @@ providers: - name: "vsphere" url: "/opt/metacluster/manifests/infrastructure-vsphere/{{ _template.version.infrastructure-vsphere }}/infrastructure-components.yaml" type: "InfrastructureProvider" - -## -- Controller settings -- ## -VSPHERE_USERNAME: "{{ _template.hv.username }}" -VSPHERE_PASSWORD: "{{ _template.hv.password }}" -## -- Required workload cluster default settings -- ## -VSPHERE_SERVER: "{{ _template.hv.fqdn }}" -VSPHERE_DATACENTER: "{{ _template.hv.datacenter }}" -VSPHERE_DATASTORE: "{{ _template.hv.datastore }}" -VSPHERE_NETWORK: "{{ _template.hv.network }}" -#VSPHERE_RESOURCE_POOL: "" -#VSPHERE_FOLDER: "" -#VSPHERE_TEMPLATE: "centos-7-kube-v1.18.2" -#VSPHERE_SSH_AUTHORIZED_KEY: "output of cat /root/.ssh/id_rsa.pub" diff --git a/ansible/roles/os/tasks/tty.yml b/ansible/roles/os/tasks/tty.yml index acc02c0..a38a3b5 100644 --- a/ansible/roles/os/tasks/tty.yml +++ b/ansible/roles/os/tasks/tty.yml @@ -8,6 +8,8 @@ line: 'NAutoVTs=1' - regexp: '^#ReserveVT=' line: 'ReserveVT=11' + loop_control: + label: "{{ item.line }}" - name: Mask getty@tty1 service ansible.builtin.systemd: