Change gitea config;Remove image compression logic;Switch to template;Reenable/Move workaround

2022-08-30 14:39:01 +02:00 · 2022-08-30 14:39:01 +02:00 · 9f2e6ee160
parent 042b9eb36f
commit 9f2e6ee160
10 changed files with 36 additions and 53 deletions
--- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/assets.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/assets.yml
@ -1,12 +1,5 @@
- name: Extract container images
-  ansible.builtin.unarchive:
-    src: /opt/metacluster/container-images/image-tarballs.tgz
-    dest: /opt/metacluster/container-images
-    list_files: yes
-  register: imagetarballs
-
 - name: Import container images
  ansible.builtin.command:
    cmd: k3s ctr image import {{ item }}
    chdir: /opt/metacluster/container-images
-  loop: "{{ imagetarballs.files }}"
+  with_fileglob: /opt/metacluster/container-images/*.tar
--- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/certauthority.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/certauthority.yml
@ -29,20 +29,19 @@
 - name: Store root certificate in namespaced secrets
  kubernetes.core.k8s:
    state: present
-    definition:
-      apiVersion: v1
-      kind: Secret
-      metadata:
-        name: step-certificates-certs
-        namespace: "{{ item.namespace }}"
-      data:
-        "{{ item.key }}": "{{ stepca_cm_certs.resources[0].data['root_ca.crt'] | b64encode }}"
+    template: secret.j2
+  vars:
+    _template:
+      name: step-certificates-certs
+      namespace: "{{ item.namespace }}"
+      key: "{{ item.filename }}"
+      value: "{{ stepca_cm_certs.resources[0].data['root_ca.crt'] | b64encode }}"
    kubeconfig: "{{ kubeconfig.path }}"
  loop:
    - namespace: argo-cd
-      key: custom-ca-certificates.crt
+      filename: custom-ca-certificates.crt
    - namespace: kube-system
-      key: root_ca.crt
+      filename: root_ca.crt

 - name: Configure step-ca passthrough ingress
  ansible.builtin.template:
--- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/cleanup.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/cleanup.yml
@ -1,21 +1,9 @@
-# - name: Create component entries in /etc/hosts
-#   ansible.builtin.lineinfile:
-#     path: /etc/hosts
-#     line: "{{ vapp['guestinfo.ipaddress'] }}  {{ item + '.' + vapp['metacluster.fqdn'] }}"
-#     state: present
-#   loop:
-#     # TODO: Make this list dynamic
-#     - git
-#     - gitops
-#     - ingress
-#     - registry
-#     - storage
-
- name: Delete container image tarballs/archives
-  ansible.builtin.file:
-    path: "{{ item }}"
-    state: absent
-  with_fileglob: /opt/metacluster/container-images/*.tar
+- name: Compress tarballs
+  community.general.archive:
+    dest: /opt/metacluster/container-images/image-tarballs.tgz
+    path: /opt/metacluster/container-images/*
+    format: gz
+    remove: yes

 - name: Cleanup tempfile
  ansible.builtin.file:
--- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/init.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/init.yml
@ -0,0 +1,12 @@
+- name: Create component entries in /etc/hosts
+  ansible.builtin.lineinfile:
+    path: /etc/hosts
+    line: "{{ vapp['guestinfo.ipaddress'] }}  {{ item + '.' + vapp['metacluster.fqdn'] }}"
+    state: present
+  loop:
+    # TODO: Make this list dynamic
+    - git
+    - gitops
+    - ingress
+    - registry
+    - storage
--- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/main.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/main.yml
@ -7,6 +7,4 @@
 - import_tasks: git.yml
 - import_tasks: gitops.yml

-# - include_tasks: certauthority.yml
-#   tags: final
 - import_tasks: cleanup.yml
--- a/ansible/roles/firstboot/files/ansible_payload/templates/secret.j2
+++ b/ansible/roles/firstboot/files/ansible_payload/templates/secret.j2
@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ _template.name }}
+  namespace: {{ _template.namespace }}
+data:
+  "{{ _template.key }}": {{ _template.value }}
--- a/ansible/roles/metacluster/tasks/cleanup.yml
+++ b/ansible/roles/metacluster/tasks/cleanup.yml
@ -1,4 +0,0 @@
- name: Zero-out disk
-  ansible.builtin.shell:
-    cmd: nice -n 10 dd bs=1M count=$(df -m . | awk '/[0-9]%/{print $(NF-2)}') if=/dev/zero of=./zero; sync; sync; rm -f ./zero
-    chdir: /opt/metacluster
--- a/ansible/roles/metacluster/tasks/components.yml
+++ b/ansible/roles/metacluster/tasks/components.yml
@ -66,10 +66,3 @@
 #   loop: "{{ lookup('ansible.builtin.dict', components) | map(attribute='value.manifests') | list | select('defined') | flatten }}"
 #   loop_control:
 #     label: "{{ item.type + '/' + item.name }}"
-
- name: Compress tarballs
-  community.general.archive:
-    dest: /opt/metacluster/container-images/image-tarballs.tgz
-    path: /opt/metacluster/container-images/*
-    format: xz
-    remove: yes
--- a/ansible/roles/metacluster/tasks/main.yml
+++ b/ansible/roles/metacluster/tasks/main.yml
@ -6,6 +6,3 @@

 - name: Pre-stage meta-cluster configuration and workload-cluster components
  import_tasks: staging.yml
-
- name: Cleanup
-  import_tasks: cleanup.yml
--- a/ansible/vars/metacluster.yml
+++ b/ansible/vars/metacluster.yml
@ -119,7 +119,7 @@ components:
        config:
          offlineMode: true
          server:
-            ROOT_URL: https://git.{{ vapp['metacluster.fqdn'] }}/
+            PROTOCOL: https
        gitea:
          admin:
            username: administrator