Housekeeping;Disable redundant hook;Add configurable data-disk

ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml

@@ -75,16 +75,13 @@
     dest: /opt/metacluster/cluster-api/infrastructure-vsphere/{{ components.clusterapi.management.version.infrastructure_vsphere }}/kustomization.yaml
   vars:
     _template:
+      additionaldisk: "{{ vapp['workloadcluster.additionaldisk'] }}"
       network:
         fqdn: "{{ vapp['metacluster.fqdn'] }}"
         dnsserver: "{{ vapp['guestinfo.dnsserver'] }}"
       rootca: "{{ stepca_cm_certs.resources[0].data['root_ca.crt'] }}"
-      # script:
-      #   # Base64 encoded; to avoid variable substitution when clusterctl parses the cluster-template.yml
-      #   encoded: IyEvYmluL2Jhc2gKdm10b29sc2QgLS1jbWQgJ2luZm8tZ2V0IGd1ZXN0aW5mby5vdmZFbnYnID4gL3RtcC9vdmZlbnYKCklQQWRkcmVzcz0kKHNlZCAtbiAncy8uKlByb3BlcnR5IG9lOmtleT0iZ3Vlc3RpbmZvLmludGVyZmFjZS4wLmlwLjAuYWRkcmVzcyIgb2U6dmFsdWU9IlwoW14iXSpcKS4qL1wxL3AnIC90bXAvb3ZmZW52KQpTdWJuZXRNYXNrPSQoc2VkIC1uICdzLy4qUHJvcGVydHkgb2U6a2V5PSJndWVzdGluZm8uaW50ZXJmYWNlLjAuaXAuMC5uZXRtYXNrIiBvZTp2YWx1ZT0iXChbXiJdKlwpLiovXDEvcCcgL3RtcC9vdmZlbnYpCkdhdGV3YXk9JChzZWQgLW4gJ3MvLipQcm9wZXJ0eSBvZTprZXk9Imd1ZXN0aW5mby5pbnRlcmZhY2UuMC5yb3V0ZS4wLmdhdGV3YXkiIG9lOnZhbHVlPSJcKFteIl0qXCkuKi9cMS9wJyAvdG1wL292ZmVudikKRE5TPSQoc2VkIC1uICdzLy4qUHJvcGVydHkgb2U6a2V5PSJndWVzdGluZm8uZG5zLnNlcnZlcnMiIG9lOnZhbHVlPSJcKFteIl0qXCkuKi9cMS9wJyAvdG1wL292ZmVudikKTUFDQWRkcmVzcz0kKHNlZCAtbiAncy8uKnZlOkFkYXB0ZXIgdmU6bWFjPSJcKFteIl0qXCkuKi9cMS9wJyAvdG1wL292ZmVudikKCm1hc2syY2lkcigpIHsKICBjPTAKICB4PTAkKCBwcmludGYgJyVvJyAkezEvLy4vIH0gKQoKICB3aGlsZSBbICR4IC1ndCAwIF07IGRvCiAgICBsZXQgYys9JCgoeCUyKSkgJ3g+Pj0xJwogIGRvbmUKCiAgZWNobyAkYwp9CgpQcmVmaXg9JChtYXNrMmNpZHIgJFN1Ym5ldE1hc2spCgpjYXQgPiAvZXRjL25ldHBsYW4vMDEtbmV0Y2ZnLnlhbWwgPDxFT0YKbmV0d29yazoKICB2ZXJzaW9uOiAyCiAgcmVuZGVyZXI6IG5ldHdvcmtkCiAgZXRoZXJuZXRzOgogICAgaWQwOgogICAgICBzZXQtbmFtZTogZXRoMAogICAgICBtYXRjaDoKICAgICAgICBtYWNhZGRyZXNzOiAkTUFDQWRkcmVzcwogICAgICBhZGRyZXNzZXM6CiAgICAgICAgLSAkSVBBZGRyZXNzLyRQcmVmaXgKICAgICAgZ2F0ZXdheTQ6ICRHYXRld2F5CiAgICAgIG5hbWVzZXJ2ZXJzOgogICAgICAgIGFkZHJlc3NlcyA6IFskRE5TXQpFT0YKcm0gL2V0Yy9uZXRwbGFuLzUwKi55YW1sIC1mCgpzdWRvIG5ldHBsYW4gYXBwbHk=
       runcmds:
         - update-ca-certificates
-        # - bash /root/network.sh
 
 - name: Store custom cluster-template
   ansible.builtin.copy:

ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/hypervisor.yml

@@ -55,21 +55,3 @@
   loop: "{{ govc_inventory.results }}"
   loop_control:
     label: "{{ item.item.attribute }}"
-
-# - name: Configure network protocol profile on hypervisor
-#   ansible.builtin.shell:
-#     cmd: >-
-#       npp-prepper \
-#         --server "{{ vapp['hv.fqdn'] }}" \
-#         --username "{{ vapp['hv.username'] }}" \
-#         --password "{{ vapp['hv.password'] }}" \
-#         dc \
-#         --name "{{ vcenter_info.datacenter }}" \
-#         --portgroup "{{ vcenter_info.network }}" \
-#         --startaddress {{ vapp['ippool.startip'] }} \
-#         --endaddress {{ vapp['ippool.endip'] }} \
-#         --netmask {{ (vapp['guestinfo.ipaddress'] ~ '/' ~ vapp['guestinfo.prefixlength']) | ansible.utils.ipaddr('netmask') }} \
-#         {{ vapp['guestinfo.dnsserver'] | split(',') | map('trim') | map('regex_replace', '^', '--dnsserver ') | join(' ') }} \
-#         --dnsdomain {{ vapp['metacluster.fqdn'] }} \
-#         --gateway {{ vapp['guestinfo.gateway'] }} \
-#         --force

ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/nodetemplates.yml

@@ -36,34 +36,25 @@
       loop_control:
         index_var: index
 
-    # - name: Add vApp properties on deployed VM's
+    - name: Add additional placeholder disk
-    #   ansible.builtin.shell:
+      community.vmware.vmware_guest_disk:
-    #     cmd: >-
+        name: "{{ item.instance.hw_name }}"
-    #       npp-prepper \
+        disk:
-    #         --server "{{ vapp['hv.fqdn'] }}" \
+          - size: 1Gb
-    #         --username "{{ vapp['hv.username'] }}" \
+            unit_number: 1
-    #         --password "{{ vapp['hv.password'] }}" \
+
-    #         vm \
+    # Disabled to allow disks to be resized; at the cost of cloning speed
-    #         --datacenter "{{ vcenter_info.datacenter }}" \
+    # - name: Create snapshot on deployed VM's
-    #         --portgroup "{{ vcenter_info.network }}" \
+    #   community.vmware.vmware_guest_snapshot:
-    #         --name "{{ item.instance.hw_name }}"
+    #     name: "{{ item.instance.hw_name }}"
-    #   when: existing_ova.results[index] is failed
+    #     state: present
+    #     snapshot_name: "{{ ansible_date_time.iso8601_basic_short }}-base"
+    #   when: ova_deploy.results[index] is not skipped
     #   loop: "{{ ova_deploy.results }}"
     #   loop_control:
     #     index_var: index
     #     label: "{{ item.item }}"
 
-    - name: Create snapshot on deployed VM's
-      community.vmware.vmware_guest_snapshot:
-        name: "{{ item.instance.hw_name }}"
-        state: present
-        snapshot_name: "{{ ansible_date_time.iso8601_basic_short }}-base"
-      when: ova_deploy.results[index] is not skipped
-      loop: "{{ ova_deploy.results }}"
-      loop_control:
-        index_var: index
-        label: "{{ item.item }}"
-
     - name: Mark deployed VM's as templates
       community.vmware.vmware_guest:
         name: "{{ item.instance.hw_name }}"

ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/kustomization.cluster-template.j2

@@ -72,6 +72,8 @@ patchesStrategicMerge:
       template:
         spec:
           network:
+            additionalDisksGiB:
+            - {{ _template.additionaldisk }}
             devices:
             - dhcp4: false
               addressesFromPools:

ansible/vars/metacluster.yml

@@ -239,14 +239,14 @@ components:
       parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sed '/:/!s/$/:latest/' | sort -u
       chart_values: !unsafe |
         ca:
-          bootstrap:
+          # bootstrap:
-            postInitHook: |
+          #   postInitHook: |
-              echo '{{ vapp["metacluster.password"] }}' > ~/pwfile
+          #     echo '{{ vapp["metacluster.password"] }}' > ~/pwfile
-              step ca provisioner add acme \
+          #     step ca provisioner add acme \
-                --type ACME \
+          #       --type ACME \
-                --password-file=~/pwfile \
+          #       --password-file=~/pwfile \
-                --force-cn
+          #       --force-cn
-              rm ~/pwfile
+          #     rm ~/pwfile
           dns: ca.{{ vapp['metacluster.fqdn'] }},step-certificates.step-ca.svc.cluster.local,127.0.0.1
           password: "{{ vapp['metacluster.password'] }}"
           provisioner:
@@ -297,8 +297,6 @@ dependencies:
     - filename: kubectl-slice
       url: https://github.com/patrickdappollonio/kubectl-slice/releases/download/v1.2.5/kubectl-slice_linux_x86_64.tar.gz
       archive: compressed
-    # - filename: npp-prepper
-    #   url: https://code.spamasaurus.com/api/packages/djpbessems/generic/npp-prepper/v0.5.1/npp-prepper
     - filename: skopeo
       url: https://code.spamasaurus.com/api/packages/djpbessems/generic/skopeo/v1.11.1/skopeo_linux_amd64
     - filename: step