From 933615adebb71bf2f0304d8a702129fd3eb75f9c Mon Sep 17 00:00:00 2001
From: Danny Bessems <danny@bessems.eu>
Date: Fri, 31 Mar 2023 18:19:13 +0200
Subject: [PATCH] Refactor gitops repositories;Move capi manifests to
 subfolder;Sort components in tty console message;Generalize templates

---
 .../roles/metacluster/tasks/gitops.yml        | 13 +++++--
 .../workloadcluster/tasks/clusterapi.yml      | 21 +++++-----
 .../roles/workloadcluster/tasks/gitops.yml    | 39 +++++++++++++++++++
 .../bootstrap/templates/applicationset.j2     | 12 +++---
 .../bootstrap/templates/gitrepo.j2            |  4 +-
 .../ansible_payload/common/templates/tty.j2   |  2 +-
 6 files changed, 68 insertions(+), 23 deletions(-)

diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/gitops.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/gitops.yml
index 865b300..b4b1b1c 100644
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/gitops.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/gitops.yml
@@ -41,7 +41,7 @@
         _template:
           name: argocd-gitrepo-metacluster
           namespace: argo-cd
-          uid: "{{ lookup('ansible.builtin.password', '/dev/null length=5 chars=ascii_lowercase,digits seed=inventory_hostname') }}"
+          url: https://git.{{ vapp['metacluster.fqdn'] }}/mc/GitOps.Config.git
           privatekey: "{{ lookup('ansible.builtin.file', '~/.ssh/git_rsa_id') | indent(4, true) }}"
       notify:
         - Apply manifests
@@ -49,14 +49,19 @@
     - name: Create applicationset
       ansible.builtin.template:
         src: applicationset.j2
-        dest: /var/lib/rancher/k3s/server/manifests/{{ _template.name }}-manifest.yaml
+        dest: /var/lib/rancher/k3s/server/manifests/{{ _template.application.name }}-manifest.yaml
         owner: root
         group: root
         mode: 0600
       vars:
         _template:
-          name: argocd-applicationset-metacluster
-          namespace: argo-cd
+          application:
+            name: argocd-applicationset-metacluster
+            namespace: argo-cd
+          cluster:
+            name: https://kubernetes.default.svc
+          repository:
+            url: https://git.{{ vapp['metacluster.fqdn'] }}/mc/GitOps.Config.git
       notify:
         - Apply manifests
 
diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml
index 10429ef..5ed2c42 100644
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml
@@ -137,9 +137,9 @@
     chdir: /opt/metacluster/cluster-api
   register: clusterctl_newcluster
 
-- name: Initialize tempfile
+- name: Initialize tempfolder
   ansible.builtin.tempfile:
-    state: file
+    state: directory
   register: capi_clustermanifest
 
 - name: Save workload cluster manifest
@@ -152,7 +152,7 @@
     cmd: >-
       kubectl slice \
         -f {{ capi_clustermanifest.path }} \
-        -o /opt/metacluster/cluster-api/new-cluster
+        -o {{ capi_clustermanifest.path }}/manifests
 
 - name: Initialize/Push git repository
   ansible.builtin.shell:
@@ -161,17 +161,18 @@
       git config --global user.email "administrator@{{ vapp['metacluster.fqdn'] }}"
       git config --global user.name "administrator"
       git checkout -b main
-      git add .
+      git add ./manifests
       git commit -m "Upload manifests"
       git remote add origin https://git.{{ vapp['metacluster.fqdn'] }}/mc/GitOps.ClusterAPI.git
       git push https://administrator:{{ vapp['metacluster.password'] | urlencode }}@git.{{ vapp['metacluster.fqdn'] }}/mc/GitOps.ClusterAPI.git --all
-    chdir: /opt/metacluster/cluster-api/new-cluster
+    chdir: "{{ capi_clustermanifest.path }}"
 
-- name: Cleanup tempfile
-  ansible.builtin.file:
-    path: "{{ capi_clustermanifest.path }}"
-    state: absent
-  when: capi_clustermanifest.path is defined
+# Temporarily disabled until manifests are properly managed by gitops
+# - name: Cleanup tempfolder
+#   ansible.builtin.file:
+#     path: "{{ capi_clustermanifest.path }}"
+#     state: absent
+#   when: capi_clustermanifest.path is defined
 
 - name: Create in-cluster IpPool
   kubernetes.core.k8s:
diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/gitops.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/gitops.yml
index 77147a0..961fe51 100644
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/gitops.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/gitops.yml
@@ -53,6 +53,45 @@
             url: https://{{ vapp['workloadcluster.vip'] }}:6443
             token: "{{ workloadcluster_bearertoken.resources | json_query('[].data.token') }}"
 
+    - name: Configure workload-cluster GitOps repository
+      ansible.builtin.template:
+        src: gitrepo.j2
+        dest: /var/lib/rancher/k3s/server/manifests/{{ _template.name }}-manifest.yaml
+        owner: root
+        group: root
+        mode: 0600
+      vars:
+        _template:
+          name: argocd-gitrepo-workloadcluster
+          namespace: argo-cd
+          url: https://git.{{ vapp['metacluster.fqdn'] }}/wl/GitOps.Config.git
+          privatekey: "{{ lookup('ansible.builtin.file', '~/.ssh/git_rsa_id') | indent(4, true) }}"
+      notify:
+        - Apply manifests
+
+    - name: Create applicationset
+      ansible.builtin.template:
+        src: applicationset.j2
+        dest: /var/lib/rancher/k3s/server/manifests/{{ _template.application.name }}-manifest.yaml
+        owner: root
+        group: root
+        mode: 0600
+      vars:
+        _template:
+          application:
+            name: argocd-applicationset-workloadcluster
+            namespace: argo-cd
+          cluster:
+            name: "{{ vapp['workloadcluster.name'] | lower }}"
+          repository:
+            url: https://git.{{ vapp['metacluster.fqdn'] }}/wl/GitOps.Config.git
+
+      notify:
+        - Apply manifests
+
+    - name: Trigger handlers
+      ansible.builtin.meta: flush_handlers
+
   vars:
     _template:
       account:
diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/applicationset.j2 b/ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/applicationset.j2
index 0f8bf57..5417227 100644
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/applicationset.j2
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/applicationset.j2
@@ -1,15 +1,15 @@
 apiVersion: argoproj.io/v1alpha1
 kind: ApplicationSet
 metadata:
-  name: {{ _template.name }}
-  namespace: {{ _template.namespace }}
+  name: {{ _template.application.name }}
+  namespace: {{ _template.application.namespace }}
 spec:
   generators:
   - git:
-      repoURL: https://git.{{ vapp['metacluster.fqdn'] }}/wl/GitOps.Config.git
+      repoURL: {{ _template.repository.url }}
       revision: HEAD
       directories:
-      - path: metacluster-applicationset/*
+      - path: applicationset/*
   template:
     metadata:
       name: {% raw %}'{{ path.basename }}'{% endraw +%}
@@ -20,9 +20,9 @@ spec:
           prune: true
           selfHeal: true
       source:
-        repoURL: https://git.{{ vapp['metacluster.fqdn'] }}/wl/GitOps.Config.git
+        repoURL: {{ _template.repository.url }}
         targetRevision: HEAD
         path: {% raw %}'{{ path }}'{% endraw +%}
       destination:
-        server: https://kubernetes.default.svc
+        server: {{ _template.cluster.name }}
         namespace: default
diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/gitrepo.j2 b/ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/gitrepo.j2
index c5351f9..6541588 100644
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/gitrepo.j2
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/gitrepo.j2
@@ -1,12 +1,12 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ _template.name }}-{{ _template.uid }}
+  name: {{ _template.name }}
   namespace: {{ _template.namespace }}
   labels:
     argocd.argoproj.io/secret-type: repository
 stringData:
-  url: ssh://git@gitea-ssh.gitea.svc.cluster.local/mc/GitOps.Config.git
+  url: {{ _template.url }}
   name: {{ _template.name }}
   insecure: 'true'
   sshPrivateKey: |
diff --git a/ansible/roles/firstboot/files/ansible_payload/common/templates/tty.j2 b/ansible/roles/firstboot/files/ansible_payload/common/templates/tty.j2
index 8eb0e83..882376d 100644
--- a/ansible/roles/firstboot/files/ansible_payload/common/templates/tty.j2
+++ b/ansible/roles/firstboot/files/ansible_payload/common/templates/tty.j2
@@ -33,7 +33,7 @@ while /bin/true; do
   echo -e "${PRST}" > /dev/tty1
   echo -e "\n\n\t${DFLT}To manage this appliance, please connect to one of the following:${LCLR}\n" > /dev/tty1
 
-  for c in "${!COMPONENTS[@]}"; do
+  for c in $( echo "${!COMPONENTS[@]}" | tr ' ' $'\n' | sort); do
     STATUS=$(curl -kLs "${COMPONENTS[${c}]}" -o /dev/null -w '%{http_code}')
 
     if [[ "${STATUS}" -eq "200" ]]; then