From a67ef0e1bdaf4cc18dbc2ca10113d083221e24fd Mon Sep 17 00:00:00 2001 From: djpbessems Date: Tue, 6 Sep 2022 13:34:39 +0200 Subject: [PATCH] Divide hypervisor/vapp details over secret/configmap;Add filter plugin;Retain newlines in template;Add vApp properties --- .../ansible_payload/filter_plugins/netaddr.py | 14 +++++++++ .../roles/metacluster/tasks/secrets.yml | 29 +++++++++++++++++-- .../ansible_payload/templates/configmap.j2 | 3 +- scripts/Update-OvfConfiguration.yml | 20 +++++++++++-- 4 files changed, 60 insertions(+), 6 deletions(-) create mode 100644 ansible/roles/firstboot/files/ansible_payload/filter_plugins/netaddr.py diff --git a/ansible/roles/firstboot/files/ansible_payload/filter_plugins/netaddr.py b/ansible/roles/firstboot/files/ansible_payload/filter_plugins/netaddr.py new file mode 100644 index 0000000..cc788ef --- /dev/null +++ b/ansible/roles/firstboot/files/ansible_payload/filter_plugins/netaddr.py @@ -0,0 +1,14 @@ +import netaddr + +def netaddr_iter_iprange(ip_start, ip_end): + return [str(ip) for ip in netaddr.iter_iprange(ip_start, ip_end)] + +class FilterModule(object): + ''' Ansible filter. Interface to netaddr methods. + https://pypi.org/project/netaddr/ + ''' + + def filters(self): + return { + 'netaddr_iter_iprange': netaddr_iter_iprange + } \ No newline at end of file diff --git a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/secrets.yml b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/secrets.yml index 391dce8..28dfee1 100644 --- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/secrets.yml +++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/secrets.yml @@ -7,15 +7,20 @@ kubeconfig: "{{ kubeconfig.path }}" # values: "{{ components.sealedsecrets.chart_values }}" -- name: Store hypervisor details in secret +- name: Store hypervisor details in configmap/secret kubernetes.core.k8s: state: present - template: secret.j2 + template: "{{ item.kind }}.j2" kubeconfig: "{{ kubeconfig.path }}" vars: _template: - name: hypervisor-credentials + name: "{{ item.name }}" + namespace: "{{ item.namespace }}" + data: "{{ item.data }}" + loop: + - name: hypervisor-credentials namespace: kube-system + kind: secret data: - key: HV_FQDN value: "{{ vapp['hv.fqdn'] | b64encode }}" @@ -23,3 +28,21 @@ value: "{{ vapp['hv.username'] | b64encode }}" - key: HV_PASSWORD value: "{{ vapp['hv.password'] | b64encode }}" + - name: hypervisor-ippool + namespace: kube-system + kind: configmap + data: + - key: VAPP_MOREF + value: "{{ moref_id }}" + - key: VAPP_IPPOOL_NETWORK + value: "{{ (vapp['guestinfo.ipaddress'] + '/' + vapp['guestinfo.prefixlength']) | ansible.utils.ipaddr('network') }}" + - key: VAPP_IPPOOL_NETMASK + value: "{{ (vapp['guestinfo.ipaddress'] + '/' + vapp['guestinfo.prefixlength']) | ansible.utils.ipaddr('netmask') }}" + - key: VAPP_IPPOOL_DNSSERVER + value: "{{ vapp['guestinfo.dnsserver'] }}" + - key: VAPP_IPPOOL_GATEWAY + value: "{{ vapp['guestinfo.gateway'] }}" + - key: VAPP_IPPOOL_RANGE + value: "{{ vapp['ippool.startip'] + '#' + (vapp['ippool.startip'] | netaddr_iter_iprange(vapp['ippool.endip']) | length | string) }}" + loop_control: + label: "{{ item.kind + '/' + item.name + ' (' + item.namespace + ')' }}" \ No newline at end of file diff --git a/ansible/roles/firstboot/files/ansible_payload/templates/configmap.j2 b/ansible/roles/firstboot/files/ansible_payload/templates/configmap.j2 index c0f6852..639ae9b 100644 --- a/ansible/roles/firstboot/files/ansible_payload/templates/configmap.j2 +++ b/ansible/roles/firstboot/files/ansible_payload/templates/configmap.j2 @@ -9,5 +9,6 @@ metadata: {{ _template.labels }} data: {% for kv_pair in _template.data %} - "{{ kv_pair.key }}": "{{ kv_pair.value }}" + "{{ kv_pair.key }}": | +{{ kv_pair.value | indent(width=4, first=True) }} {% endfor %} diff --git a/scripts/Update-OvfConfiguration.yml b/scripts/Update-OvfConfiguration.yml index b8b03dd..791b615 100644 --- a/scripts/Update-OvfConfiguration.yml +++ b/scripts/Update-OvfConfiguration.yml @@ -39,8 +39,24 @@ PropertyCategories: - Key: metacluster.fqdn Type: string(1..) Label: Appliance FQDN* - Description: 'Respective subdomains will be available for each component (e.g. storage.example.org); this address should already be configured as a wildcard record within your DNS zone.' - DefaultValue: 'meta.k8s.cluster' + Description: Respective subdomains will be available for each component (e.g. storage.example.org); this address should already be configured as a wildcard record within your DNS zone. + DefaultValue: meta.k8s.cluster + Configurations: '*' + UserConfigurable: true + + - Key: ippool.startip + Type: ip + Label: IP-pool start IP* + Description: All nodes for the workload cluster will be provisioned within this IP pool + DefaultValue: '' + Configurations: '*' + UserConfigurable: true + + - Key: ippool.endip + Type: ip + Label: IP-pool end IP* + Description: All nodes for the workload cluster will be provisioned within this IP pool + DefaultValue: '' Configurations: '*' UserConfigurable: true