Refactor gitops repositories;Move capi manifests to subfolder;Sort components in tty console message;Generalize templates

2023-03-31 18:19:13 +02:00 · 2023-03-31 18:19:13 +02:00 · 933615adeb
commit 933615adeb
parent 1c60214f5a
6 changed files with 68 additions and 23 deletions
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/gitops.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/gitops.yml
@ -41,7 +41,7 @@
        _template:
          name: argocd-gitrepo-metacluster
          namespace: argo-cd
-          uid: "{{ lookup('ansible.builtin.password', '/dev/null length=5 chars=ascii_lowercase,digits seed=inventory_hostname') }}"
+          url: https://git.{{ vapp['metacluster.fqdn'] }}/mc/GitOps.Config.git
          privatekey: "{{ lookup('ansible.builtin.file', '~/.ssh/git_rsa_id') | indent(4, true) }}"
      notify:
        - Apply manifests
@ -49,14 +49,19 @@
    - name: Create applicationset
      ansible.builtin.template:
        src: applicationset.j2
-        dest: /var/lib/rancher/k3s/server/manifests/{{ _template.name }}-manifest.yaml
+        dest: /var/lib/rancher/k3s/server/manifests/{{ _template.application.name }}-manifest.yaml
        owner: root
        group: root
        mode: 0600
      vars:
        _template:
-          name: argocd-applicationset-metacluster
-          namespace: argo-cd
+          application:
+            name: argocd-applicationset-metacluster
+            namespace: argo-cd
+          cluster:
+            name: https://kubernetes.default.svc
+          repository:
+            url: https://git.{{ vapp['metacluster.fqdn'] }}/mc/GitOps.Config.git
      notify:
        - Apply manifests

--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml
@ -137,9 +137,9 @@
    chdir: /opt/metacluster/cluster-api
  register: clusterctl_newcluster

- name: Initialize tempfile
+- name: Initialize tempfolder
  ansible.builtin.tempfile:
-    state: file
+    state: directory
  register: capi_clustermanifest

 - name: Save workload cluster manifest
@ -152,7 +152,7 @@
    cmd: >-
      kubectl slice \
        -f {{ capi_clustermanifest.path }} \
-        -o /opt/metacluster/cluster-api/new-cluster
+        -o {{ capi_clustermanifest.path }}/manifests

 - name: Initialize/Push git repository
  ansible.builtin.shell:
@ -161,17 +161,18 @@
      git config --global user.email "administrator@{{ vapp['metacluster.fqdn'] }}"
      git config --global user.name "administrator"
      git checkout -b main
-      git add .
+      git add ./manifests
      git commit -m "Upload manifests"
      git remote add origin https://git.{{ vapp['metacluster.fqdn'] }}/mc/GitOps.ClusterAPI.git
      git push https://administrator:{{ vapp['metacluster.password'] | urlencode }}@git.{{ vapp['metacluster.fqdn'] }}/mc/GitOps.ClusterAPI.git --all
-    chdir: /opt/metacluster/cluster-api/new-cluster
+    chdir: "{{ capi_clustermanifest.path }}"

- name: Cleanup tempfile
-  ansible.builtin.file:
-    path: "{{ capi_clustermanifest.path }}"
-    state: absent
-  when: capi_clustermanifest.path is defined
+# Temporarily disabled until manifests are properly managed by gitops
+# - name: Cleanup tempfolder
+#   ansible.builtin.file:
+#     path: "{{ capi_clustermanifest.path }}"
+#     state: absent
+#   when: capi_clustermanifest.path is defined

 - name: Create in-cluster IpPool
  kubernetes.core.k8s:
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/gitops.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/gitops.yml
@ -53,6 +53,45 @@
            url: https://{{ vapp['workloadcluster.vip'] }}:6443
            token: "{{ workloadcluster_bearertoken.resources | json_query('[].data.token') }}"

+    - name: Configure workload-cluster GitOps repository
+      ansible.builtin.template:
+        src: gitrepo.j2
+        dest: /var/lib/rancher/k3s/server/manifests/{{ _template.name }}-manifest.yaml
+        owner: root
+        group: root
+        mode: 0600
+      vars:
+        _template:
+          name: argocd-gitrepo-workloadcluster
+          namespace: argo-cd
+          url: https://git.{{ vapp['metacluster.fqdn'] }}/wl/GitOps.Config.git
+          privatekey: "{{ lookup('ansible.builtin.file', '~/.ssh/git_rsa_id') | indent(4, true) }}"
+      notify:
+        - Apply manifests
+
+    - name: Create applicationset
+      ansible.builtin.template:
+        src: applicationset.j2
+        dest: /var/lib/rancher/k3s/server/manifests/{{ _template.application.name }}-manifest.yaml
+        owner: root
+        group: root
+        mode: 0600
+      vars:
+        _template:
+          application:
+            name: argocd-applicationset-workloadcluster
+            namespace: argo-cd
+          cluster:
+            name: "{{ vapp['workloadcluster.name'] | lower }}"
+          repository:
+            url: https://git.{{ vapp['metacluster.fqdn'] }}/wl/GitOps.Config.git
+
+      notify:
+        - Apply manifests
+
+    - name: Trigger handlers
+      ansible.builtin.meta: flush_handlers
+
  vars:
    _template:
      account:
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/applicationset.j2
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/applicationset.j2
@ -1,15 +1,15 @@
 apiVersion: argoproj.io/v1alpha1
 kind: ApplicationSet
 metadata:
-  name: {{ _template.name }}
-  namespace: {{ _template.namespace }}
+  name: {{ _template.application.name }}
+  namespace: {{ _template.application.namespace }}
 spec:
  generators:
  - git:
-      repoURL: https://git.{{ vapp['metacluster.fqdn'] }}/wl/GitOps.Config.git
+      repoURL: {{ _template.repository.url }}
      revision: HEAD
      directories:
-      - path: metacluster-applicationset/*
+      - path: applicationset/*
  template:
    metadata:
      name: {% raw %}'{{ path.basename }}'{% endraw +%}
@ -20,9 +20,9 @@ spec:
          prune: true
          selfHeal: true
      source:
-        repoURL: https://git.{{ vapp['metacluster.fqdn'] }}/wl/GitOps.Config.git
+        repoURL: {{ _template.repository.url }}
        targetRevision: HEAD
        path: {% raw %}'{{ path }}'{% endraw +%}
      destination:
-        server: https://kubernetes.default.svc
+        server: {{ _template.cluster.name }}
        namespace: default
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/gitrepo.j2
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/gitrepo.j2
@ -1,12 +1,12 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ _template.name }}-{{ _template.uid }}
+  name: {{ _template.name }}
  namespace: {{ _template.namespace }}
  labels:
    argocd.argoproj.io/secret-type: repository
 stringData:
-  url: ssh://git@gitea-ssh.gitea.svc.cluster.local/mc/GitOps.Config.git
+  url: {{ _template.url }}
  name: {{ _template.name }}
  insecure: 'true'
  sshPrivateKey: |
--- a/ansible/roles/firstboot/files/ansible_payload/common/templates/tty.j2
+++ b/ansible/roles/firstboot/files/ansible_payload/common/templates/tty.j2
@ -33,7 +33,7 @@ while /bin/true; do
  echo -e "${PRST}" > /dev/tty1
  echo -e "\n\n\t${DFLT}To manage this appliance, please connect to one of the following:${LCLR}\n" > /dev/tty1

-  for c in "${!COMPONENTS[@]}"; do
+  for c in $( echo "${!COMPONENTS[@]}" | tr ' ' $'\n' | sort); do
    STATUS=$(curl -kLs "${COMPONENTS[${c}]}" -o /dev/null -w '%{http_code}')

    if [[ "${STATUS}" -eq "200" ]]; then