From a67ef0e1bdaf4cc18dbc2ca10113d083221e24fd Mon Sep 17 00:00:00 2001
From: djpbessems <danny@bessems.eu>
Date: Tue, 6 Sep 2022 13:34:39 +0200
Subject: [PATCH] Divide hypervisor/vapp details over secret/configmap;Add
 filter plugin;Retain newlines in template;Add vApp properties

---
 .../ansible_payload/filter_plugins/netaddr.py | 14 +++++++++
 .../roles/metacluster/tasks/secrets.yml       | 29 +++++++++++++++++--
 .../ansible_payload/templates/configmap.j2    |  3 +-
 scripts/Update-OvfConfiguration.yml           | 20 +++++++++++--
 4 files changed, 60 insertions(+), 6 deletions(-)
 create mode 100644 ansible/roles/firstboot/files/ansible_payload/filter_plugins/netaddr.py

diff --git a/ansible/roles/firstboot/files/ansible_payload/filter_plugins/netaddr.py b/ansible/roles/firstboot/files/ansible_payload/filter_plugins/netaddr.py
new file mode 100644
index 0000000..cc788ef
--- /dev/null
+++ b/ansible/roles/firstboot/files/ansible_payload/filter_plugins/netaddr.py
@@ -0,0 +1,14 @@
+import netaddr
+
+def netaddr_iter_iprange(ip_start, ip_end):
+    return [str(ip) for ip in netaddr.iter_iprange(ip_start, ip_end)]
+
+class FilterModule(object):
+        ''' Ansible filter. Interface to netaddr methods.
+            https://pypi.org/project/netaddr/
+        '''
+
+        def filters(self):
+            return {
+                'netaddr_iter_iprange': netaddr_iter_iprange
+            }
\ No newline at end of file
diff --git a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/secrets.yml b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/secrets.yml
index 391dce8..28dfee1 100644
--- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/secrets.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/secrets.yml
@@ -7,15 +7,20 @@
     kubeconfig: "{{ kubeconfig.path }}"
     # values: "{{ components.sealedsecrets.chart_values }}"
 
-- name: Store hypervisor details in secret
+- name: Store hypervisor details in configmap/secret
   kubernetes.core.k8s:
     state: present
-    template: secret.j2
+    template: "{{ item.kind }}.j2"
     kubeconfig: "{{ kubeconfig.path }}"
   vars:
     _template:
-      name: hypervisor-credentials
+      name: "{{ item.name }}"
+      namespace: "{{ item.namespace }}"
+      data: "{{ item.data }}"
+  loop:
+    - name: hypervisor-credentials
       namespace: kube-system
+      kind: secret
       data:
         - key: HV_FQDN
           value: "{{ vapp['hv.fqdn'] | b64encode }}"
@@ -23,3 +28,21 @@
           value: "{{ vapp['hv.username'] | b64encode }}"
         - key: HV_PASSWORD
           value: "{{ vapp['hv.password'] | b64encode }}"
+    - name: hypervisor-ippool
+      namespace: kube-system
+      kind: configmap
+      data:
+        - key: VAPP_MOREF
+          value: "{{ moref_id }}"
+        - key: VAPP_IPPOOL_NETWORK
+          value: "{{ (vapp['guestinfo.ipaddress'] + '/' + vapp['guestinfo.prefixlength']) | ansible.utils.ipaddr('network') }}"
+        - key: VAPP_IPPOOL_NETMASK
+          value: "{{ (vapp['guestinfo.ipaddress'] + '/' + vapp['guestinfo.prefixlength']) | ansible.utils.ipaddr('netmask') }}"
+        - key: VAPP_IPPOOL_DNSSERVER
+          value: "{{ vapp['guestinfo.dnsserver'] }}"
+        - key: VAPP_IPPOOL_GATEWAY
+          value: "{{ vapp['guestinfo.gateway'] }}"
+        - key: VAPP_IPPOOL_RANGE
+          value: "{{ vapp['ippool.startip'] + '#' + (vapp['ippool.startip'] | netaddr_iter_iprange(vapp['ippool.endip']) | length | string) }}"
+  loop_control:
+    label: "{{ item.kind + '/' + item.name + ' (' + item.namespace + ')' }}"
\ No newline at end of file
diff --git a/ansible/roles/firstboot/files/ansible_payload/templates/configmap.j2 b/ansible/roles/firstboot/files/ansible_payload/templates/configmap.j2
index c0f6852..639ae9b 100644
--- a/ansible/roles/firstboot/files/ansible_payload/templates/configmap.j2
+++ b/ansible/roles/firstboot/files/ansible_payload/templates/configmap.j2
@@ -9,5 +9,6 @@ metadata:
 {{ _template.labels }}
 data:
 {% for kv_pair in _template.data %}
-  "{{ kv_pair.key }}": "{{ kv_pair.value }}"
+  "{{ kv_pair.key }}": |
+{{ kv_pair.value | indent(width=4, first=True) }}
 {% endfor %}
diff --git a/scripts/Update-OvfConfiguration.yml b/scripts/Update-OvfConfiguration.yml
index b8b03dd..791b615 100644
--- a/scripts/Update-OvfConfiguration.yml
+++ b/scripts/Update-OvfConfiguration.yml
@@ -39,8 +39,24 @@ PropertyCategories:
   - Key: metacluster.fqdn
     Type: string(1..)
     Label: Appliance FQDN*
-    Description: 'Respective subdomains will be available for each component (e.g. storage.example.org); this address should already be configured as a wildcard record within your DNS zone.'
-    DefaultValue: 'meta.k8s.cluster'
+    Description: Respective subdomains will be available for each component (e.g. storage.example.org); this address should already be configured as a wildcard record within your DNS zone.
+    DefaultValue: meta.k8s.cluster
+    Configurations: '*'
+    UserConfigurable: true
+
+  - Key: ippool.startip
+    Type: ip
+    Label: IP-pool start IP*
+    Description: All nodes for the workload cluster will be provisioned within this IP pool
+    DefaultValue: ''
+    Configurations: '*'
+    UserConfigurable: true
+
+  - Key: ippool.endip
+    Type: ip
+    Label: IP-pool end IP*
+    Description: All nodes for the workload cluster will be provisioned within this IP pool
+    DefaultValue: ''
     Configurations: '*'
     UserConfigurable: true