diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml index 74e703d..29154cb 100644 --- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml +++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml @@ -75,16 +75,13 @@ dest: /opt/metacluster/cluster-api/infrastructure-vsphere/{{ components.clusterapi.management.version.infrastructure_vsphere }}/kustomization.yaml vars: _template: + additionaldisk: "{{ vapp['workloadcluster.additionaldisk'] }}" network: fqdn: "{{ vapp['metacluster.fqdn'] }}" dnsserver: "{{ vapp['guestinfo.dnsserver'] }}" rootca: "{{ stepca_cm_certs.resources[0].data['root_ca.crt'] }}" - # script: - # # Base64 encoded; to avoid variable substitution when clusterctl parses the cluster-template.yml - # encoded: IyEvYmluL2Jhc2gKdm10b29sc2QgLS1jbWQgJ2luZm8tZ2V0IGd1ZXN0aW5mby5vdmZFbnYnID4gL3RtcC9vdmZlbnYKCklQQWRkcmVzcz0kKHNlZCAtbiAncy8uKlByb3BlcnR5IG9lOmtleT0iZ3Vlc3RpbmZvLmludGVyZmFjZS4wLmlwLjAuYWRkcmVzcyIgb2U6dmFsdWU9IlwoW14iXSpcKS4qL1wxL3AnIC90bXAvb3ZmZW52KQpTdWJuZXRNYXNrPSQoc2VkIC1uICdzLy4qUHJvcGVydHkgb2U6a2V5PSJndWVzdGluZm8uaW50ZXJmYWNlLjAuaXAuMC5uZXRtYXNrIiBvZTp2YWx1ZT0iXChbXiJdKlwpLiovXDEvcCcgL3RtcC9vdmZlbnYpCkdhdGV3YXk9JChzZWQgLW4gJ3MvLipQcm9wZXJ0eSBvZTprZXk9Imd1ZXN0aW5mby5pbnRlcmZhY2UuMC5yb3V0ZS4wLmdhdGV3YXkiIG9lOnZhbHVlPSJcKFteIl0qXCkuKi9cMS9wJyAvdG1wL292ZmVudikKRE5TPSQoc2VkIC1uICdzLy4qUHJvcGVydHkgb2U6a2V5PSJndWVzdGluZm8uZG5zLnNlcnZlcnMiIG9lOnZhbHVlPSJcKFteIl0qXCkuKi9cMS9wJyAvdG1wL292ZmVudikKTUFDQWRkcmVzcz0kKHNlZCAtbiAncy8uKnZlOkFkYXB0ZXIgdmU6bWFjPSJcKFteIl0qXCkuKi9cMS9wJyAvdG1wL292ZmVudikKCm1hc2syY2lkcigpIHsKICBjPTAKICB4PTAkKCBwcmludGYgJyVvJyAkezEvLy4vIH0gKQoKICB3aGlsZSBbICR4IC1ndCAwIF07IGRvCiAgICBsZXQgYys9JCgoeCUyKSkgJ3g+Pj0xJwogIGRvbmUKCiAgZWNobyAkYwp9CgpQcmVmaXg9JChtYXNrMmNpZHIgJFN1Ym5ldE1hc2spCgpjYXQgPiAvZXRjL25ldHBsYW4vMDEtbmV0Y2ZnLnlhbWwgPDxFT0YKbmV0d29yazoKICB2ZXJzaW9uOiAyCiAgcmVuZGVyZXI6IG5ldHdvcmtkCiAgZXRoZXJuZXRzOgogICAgaWQwOgogICAgICBzZXQtbmFtZTogZXRoMAogICAgICBtYXRjaDoKICAgICAgICBtYWNhZGRyZXNzOiAkTUFDQWRkcmVzcwogICAgICBhZGRyZXNzZXM6CiAgICAgICAgLSAkSVBBZGRyZXNzLyRQcmVmaXgKICAgICAgZ2F0ZXdheTQ6ICRHYXRld2F5CiAgICAgIG5hbWVzZXJ2ZXJzOgogICAgICAgIGFkZHJlc3NlcyA6IFskRE5TXQpFT0YKcm0gL2V0Yy9uZXRwbGFuLzUwKi55YW1sIC1mCgpzdWRvIG5ldHBsYW4gYXBwbHk= runcmds: - update-ca-certificates - # - bash /root/network.sh - name: Store custom cluster-template ansible.builtin.copy: diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/hypervisor.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/hypervisor.yml index 253f70b..a83da4c 100644 --- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/hypervisor.yml +++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/hypervisor.yml @@ -55,21 +55,3 @@ loop: "{{ govc_inventory.results }}" loop_control: label: "{{ item.item.attribute }}" - -# - name: Configure network protocol profile on hypervisor -# ansible.builtin.shell: -# cmd: >- -# npp-prepper \ -# --server "{{ vapp['hv.fqdn'] }}" \ -# --username "{{ vapp['hv.username'] }}" \ -# --password "{{ vapp['hv.password'] }}" \ -# dc \ -# --name "{{ vcenter_info.datacenter }}" \ -# --portgroup "{{ vcenter_info.network }}" \ -# --startaddress {{ vapp['ippool.startip'] }} \ -# --endaddress {{ vapp['ippool.endip'] }} \ -# --netmask {{ (vapp['guestinfo.ipaddress'] ~ '/' ~ vapp['guestinfo.prefixlength']) | ansible.utils.ipaddr('netmask') }} \ -# {{ vapp['guestinfo.dnsserver'] | split(',') | map('trim') | map('regex_replace', '^', '--dnsserver ') | join(' ') }} \ -# --dnsdomain {{ vapp['metacluster.fqdn'] }} \ -# --gateway {{ vapp['guestinfo.gateway'] }} \ -# --force diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/nodetemplates.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/nodetemplates.yml index aec266f..8354cac 100644 --- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/nodetemplates.yml +++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/nodetemplates.yml @@ -36,34 +36,25 @@ loop_control: index_var: index - # - name: Add vApp properties on deployed VM's - # ansible.builtin.shell: - # cmd: >- - # npp-prepper \ - # --server "{{ vapp['hv.fqdn'] }}" \ - # --username "{{ vapp['hv.username'] }}" \ - # --password "{{ vapp['hv.password'] }}" \ - # vm \ - # --datacenter "{{ vcenter_info.datacenter }}" \ - # --portgroup "{{ vcenter_info.network }}" \ - # --name "{{ item.instance.hw_name }}" - # when: existing_ova.results[index] is failed + - name: Add additional placeholder disk + community.vmware.vmware_guest_disk: + name: "{{ item.instance.hw_name }}" + disk: + - size: 1Gb + unit_number: 1 + + # Disabled to allow disks to be resized; at the cost of cloning speed + # - name: Create snapshot on deployed VM's + # community.vmware.vmware_guest_snapshot: + # name: "{{ item.instance.hw_name }}" + # state: present + # snapshot_name: "{{ ansible_date_time.iso8601_basic_short }}-base" + # when: ova_deploy.results[index] is not skipped # loop: "{{ ova_deploy.results }}" # loop_control: # index_var: index # label: "{{ item.item }}" - - name: Create snapshot on deployed VM's - community.vmware.vmware_guest_snapshot: - name: "{{ item.instance.hw_name }}" - state: present - snapshot_name: "{{ ansible_date_time.iso8601_basic_short }}-base" - when: ova_deploy.results[index] is not skipped - loop: "{{ ova_deploy.results }}" - loop_control: - index_var: index - label: "{{ item.item }}" - - name: Mark deployed VM's as templates community.vmware.vmware_guest: name: "{{ item.instance.hw_name }}" diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/kustomization.cluster-template.j2 b/ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/kustomization.cluster-template.j2 index f483ac8..2a4a90b 100644 --- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/kustomization.cluster-template.j2 +++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/kustomization.cluster-template.j2 @@ -72,6 +72,8 @@ patchesStrategicMerge: template: spec: network: + additionalDisksGiB: + - {{ _template.additionaldisk }} devices: - dhcp4: false addressesFromPools: diff --git a/ansible/vars/metacluster.yml b/ansible/vars/metacluster.yml index 54ba3ae..996728f 100644 --- a/ansible/vars/metacluster.yml +++ b/ansible/vars/metacluster.yml @@ -239,14 +239,14 @@ components: parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sed '/:/!s/$/:latest/' | sort -u chart_values: !unsafe | ca: - bootstrap: - postInitHook: | - echo '{{ vapp["metacluster.password"] }}' > ~/pwfile - step ca provisioner add acme \ - --type ACME \ - --password-file=~/pwfile \ - --force-cn - rm ~/pwfile + # bootstrap: + # postInitHook: | + # echo '{{ vapp["metacluster.password"] }}' > ~/pwfile + # step ca provisioner add acme \ + # --type ACME \ + # --password-file=~/pwfile \ + # --force-cn + # rm ~/pwfile dns: ca.{{ vapp['metacluster.fqdn'] }},step-certificates.step-ca.svc.cluster.local,127.0.0.1 password: "{{ vapp['metacluster.password'] }}" provisioner: @@ -297,8 +297,6 @@ dependencies: - filename: kubectl-slice url: https://github.com/patrickdappollonio/kubectl-slice/releases/download/v1.2.5/kubectl-slice_linux_x86_64.tar.gz archive: compressed - # - filename: npp-prepper - # url: https://code.spamasaurus.com/api/packages/djpbessems/generic/npp-prepper/v0.5.1/npp-prepper - filename: skopeo url: https://code.spamasaurus.com/api/packages/djpbessems/generic/skopeo/v1.11.1/skopeo_linux_amd64 - filename: step