Upgrade version;Housekeeping;Reduce verbosity;Sanitize input;Fix url reference;Test Dex

2023-02-10 15:12:54 +01:00 · 2023-02-10 15:12:54 +01:00 · 7931b1ed44
parent b8cb76e7ac
commit 7931b1ed44
6 changed files with 32 additions and 28 deletions
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/k3s.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/k3s.yml
@ -65,7 +65,7 @@

 - name: Add label to node object
  kubernetes.core.k8s:
-    name: "{{ ansible_facts.nodename }}"
+    name: "{{ ansible_facts.nodename | lower }}"
    kind: Node
    state: patched
    definition:
@ -75,6 +75,6 @@
    kubeconfig: "{{ kubeconfig.path }}"
  register: patch_result
  until:
-    - patch_result.changed is true
+    - k8snode_patch.result.metadata.labels['ova.airgappedk8s/moref_id'] is defined
  retries: "{{ playbook.retries }}"
  delay: "{{ playbook.delay.medium }}"
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/registry.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/registry.yml
@ -43,27 +43,6 @@
      delay: "{{ playbook.delay.short }}"
      until: push_result is not failed

-    # - name: Get all stored container images (=artifacts)
-    #   ansible.builtin.uri:
-    #     url: https://registry.{{ vapp['metacluster.fqdn'] }}/api/v2.0/search?q=library
-    #     method: GET
-    #   register: registry_artifacts
-
-    # - name: Get source registries of all artifacts
-    #   ansible.builtin.set_fact:
-    #     source_registries: "{{ (source_registries | default([]) + [(item | split('/'))[1]]) | unique | sort }}"
-    #   loop: "{{ registry_artifacts.json.repository | json_query('[*].repository_name') }}"
-
-    # - name: Configure K3s node for private registry
-    #   ansible.builtin.template:
-    #     dest: /etc/rancher/k3s/registries.yaml
-    #     src: registries.j2
-    #   vars:
-    #     _template:
-    #       data: "{{ source_registries }}"
-    #       hv:
-    #         fqdn: "{{ vapp['metacluster.fqdn'] }}"
-
  module_defaults:
    ansible.builtin.uri:
      validate_certs: no
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/preflight/tasks/vapp.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/preflight/tasks/vapp.yml
@ -3,6 +3,7 @@
    that:
      - vapp[item] is defined
      - (vapp[item] | length) > 0
+    quiet: true
  loop:
    - deployment.type
    - guestinfo.dnsserver
--- a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/k3s.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/k3s.yml
@ -65,7 +65,7 @@

 - name: Add label to node object
  kubernetes.core.k8s:
-    name: "{{ ansible_facts.nodename }}"
+    name: "{{ ansible_facts.nodename | lower }}"
    kind: Node
    state: patched
    definition:
@ -73,8 +73,8 @@
        labels:
          ova.airgappedk8s/moref_id: "{{ moref_id }}"
    kubeconfig: "{{ kubeconfig.path }}"
-  register: patch_result
+  register: k8snode_patch
  until:
-    - patch_result.changed is true
+    - k8snode_patch.result.metadata.labels['ova.airgappedk8s/moref_id'] is defined
  retries: "{{ playbook.retries }}"
  delay: "{{ playbook.delay.medium }}"
--- a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/preflight/tasks/vapp.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/preflight/tasks/vapp.yml
@ -3,6 +3,7 @@
    that:
      - vapp[item] is defined
      - (vapp[item] | length) > 0
+    quiet: true
  loop:
    - guestinfo.dnsserver
    - guestinfo.gateway
--- a/ansible/vars/metacluster.yml
+++ b/ansible/vars/metacluster.yml
@ -39,6 +39,8 @@ platform:
  helm_repositories:
    - name: argo
      url: https://argoproj.github.io/argo-helm
+    - name: dex
+      url: https://charts.dexidp.io
    - name: gitea-charts
      url: https://dl.gitea.io/charts/
    - name: harbor
@ -54,7 +56,7 @@ components:

  argo-cd:
    helm:
-      version: 5.20.0  # (= ArgoCD v2.6.0)
+      version: 5.20.1  # (= ArgoCD v2.6.0)
      chart: argo/argo-cd
      parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
      chart_values: !unsafe |
@ -96,6 +98,27 @@ components:
        # url: https://storage.googleapis.com/capv-templates/v1.25.5/ubuntu-2004-kube-v1.25.5.ova
        url: https://storage.googleapis.com/capv-images/release/v1.23.5/ubuntu-2004-kube-v1.23.5.ova

+  dex:
+    helm:
+      version: 0.13.0 # (= Dex 2.35.3)
+      chart: dex/dex
+      parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
+      chart_values: !unsafe |
+        config:
+          enablePasswordDB: true
+          issuer: https://oidc.{{ vapp['metacluster.fqdn'] }}
+          storage:
+            type: kubernetes
+            config:
+              inCluster: true
+        ingress:
+          enabled: true
+          hosts:
+            - host: oidc.{{ vapp['metacluster.fqdn'] }}
+              paths:
+                - path: /
+                  pathType: Prefix
+
  gitea:
    helm:
      version: v7.0.2 # (= Gitea v1.18.3)
@ -235,7 +258,7 @@ dependencies:
    - filename: npp-prepper
      url: https://code.spamasaurus.com/api/packages/djpbessems/generic/npp-prepper/v0.4.5/npp-prepper
    - filename: skopeo
-      url: https://code.spamasaurus.com/api/packages/djpbessems/generic/skopeo/v1.11.0/skopeo
+      url: https://code.spamasaurus.com/api/packages/djpbessems/generic/skopeo/v1.11.0/skopeo_linux_amd64
    - filename: step
      url: https://dl.step.sm/gh-release/cli/gh-release-header/v0.23.0/step_linux_0.23.0_amd64.tar.gz
      archive: compressed