Upgrade versions;Add delay;Housekeeping;Fix indentation

ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/certauthority.yml

@@ -133,7 +133,7 @@
         - api_readycheck.json.status is defined
         - api_readycheck.json.status == 'ok'
       retries: "{{ playbook.retries }}"
-      delay: "{{ playbook.delays.long }}"
+      delay: "{{ playbook.delay.long }}"
 
   module_defaults:
     ansible.builtin.uri:

ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/git.yml

@@ -19,7 +19,7 @@
         - api_readycheck.json.status is defined
         - api_readycheck.json.status == 'pass'
       retries: "{{ playbook.retries }}"
-      delay: "{{ playbook.delays.long }}"
+      delay: "{{ playbook.delay.long }}"
 
     - name: Configure additional SSH ingress
       ansible.builtin.template:

ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/gitops.yml

@@ -18,7 +18,7 @@
       until:
         - api_readycheck.json.Version is defined
       retries: "{{ playbook.retries }}"
-      delay: "{{ playbook.delays.long }}"
+      delay: "{{ playbook.delay.long }}"
 
     - name: Generate argo-cd API token
       ansible.builtin.uri:

ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/init.yml

@@ -64,11 +64,13 @@
     chdir: /opt/metacluster/container-images
   register: registry_artifacts
   loop: "{{ query('ansible.builtin.fileglob', '/opt/metacluster/container-images/*.tar') }}"
+  loop_control:
+    label: "{{ item | basename }}"
 
 - name: Get source registries of all artifacts
   ansible.builtin.set_fact:
     source_registries: "{{ (source_registries | default([]) + [(item | split('/'))[0]]) | unique | sort }}"
-    loop: "{{ registry_artifacts | json_query('results[*].stdout') | select() }}"
+  loop: "{{ registry_artifacts | json_query('results[*].stdout') | select }}"
 
 - name: Configure K3s node for private registry
   ansible.builtin.template:

ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/k3s.yml

@@ -51,7 +51,7 @@
   register: api_readycheck
   until: api_readycheck.json.apiVersion is defined
   retries: "{{ playbook.retries }}"
-  delay: "{{ playbook.delays.medium }}"
+  delay: "{{ playbook.delay.medium }}"
 
 - name: Install kubectl tab-completion
   ansible.builtin.shell:

ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/registry.yml

@@ -19,7 +19,7 @@
         - api_readycheck.json.status is defined
         - api_readycheck.json.status == 'healthy'
       retries: "{{ playbook.retries }}"
-      delay: "{{ playbook.delays.long }}"
+      delay: "{{ playbook.delay.long }}"
 
     - name: Push images to registry
       ansible.builtin.shell:
@@ -40,7 +40,7 @@
       loop_control:
         label: "{{ item | basename }}"
       retries: "{{ playbook.retries }}"
-      delay: "{{ playbook.delays.short }}"
+      delay: "{{ playbook.delay.short }}"
       until: push_result is not failed
 
     # - name: Get all stored container images (=artifacts)

ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/storage.yml

@@ -17,7 +17,7 @@
       until:
         - api_readycheck is not failed
       retries: "{{ playbook.retries }}"
-      delay: "{{ playbook.delays.long }}"
+      delay: "{{ playbook.delay.long }}"
 
   module_defaults:
     ansible.builtin.uri:

ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml

@@ -139,6 +139,16 @@
   ansible.builtin.copy:
     dest: /opt/metacluster/cluster-api/new-cluster.yaml
     content: "{{ clusterctl_newcluster.stdout }}"
+- name: WORKAROUND - Wait for ingress ACME requests to complete
+  ansible.builtin.shell:
+    cmd: >-
+      openssl s_client -connect registry.{{ vapp['metacluster.fqdn'] }}:443 -servername registry.{{ vapp['metacluster.fqdn'] }} 2>/dev/null </dev/null | \
+        openssl x509 -noout -subject | \
+      grep 'subject=CN = registry.{{ vapp['metacluster.fqdn'] }}'
+  register: certificate_subject
+  until: certificate_subject is not failed
+  retries: "{{ playbook.retries }}"
+  delay: "{{ playbook.delay.medium }}"
 - name: Apply workload cluster manifest
   kubernetes.core.k8s:
     definition: >-
@@ -156,7 +166,7 @@
   register: cluster_readycheck
   until: cluster_readycheck is succeeded
   retries: "{{ playbook.retries }}"
-  delay: "{{ playbook.delays.long }}"
+  delay: "{{ playbook.delay.long }}"
 
 - name: Initialize tempfile
   ansible.builtin.tempfile:

ansible/roles/firstboot/files/ansible_payload/common/roles/metacluster/tasks/assets.yml

@@ -8,5 +8,5 @@
     label: "{{ item | basename }}"
   # Probably should add a task before that ensures K3s node is fully initialized before starting imports; currently K3s goes away briefly during this loop
   retries: "{{ playbook.retries }}"
-  delay: "{{ playbook.delays.short }}"
+  delay: "{{ playbook.delay.short }}"
   until: import_result is not failed

ansible/roles/firstboot/files/ansible_payload/common/roles/preflight/tasks/vcenter.yml

@@ -5,7 +5,7 @@
         schema: vsphere
       register: vcenter_info
       retries: "{{ playbook.retries }}"
-      delay: "{{ playbook.delays.short }}"
+      delay: "{{ playbook.delay.short }}"
       until: vcenter_info is not failed
 
   module_defaults:

ansible/roles/firstboot/files/ansible_payload/common/vars/defaults.yml

@@ -1,6 +1,6 @@
 playbook:
   retries: 5
-  delays:
+  delay:
     long: 60
     medium: 30
     short: 10

ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/containerimages.yml

@@ -19,7 +19,7 @@
       loop_control:
         label: "{{ item | basename }}"
       retries: "{{ playbook.retries }}"
-      delay: "{{ playbook.delays.short }}"
+      delay: "{{ playbook.delay.short }}"
       until: push_result is not failed
 
     - name: Get all stored container images (=artifacts)

ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/k3s.yml

@@ -39,7 +39,7 @@
   register: api_readycheck
   until: api_readycheck.json.apiVersion is defined
   retries: "{{ playbook.retries }}"
-  delay: "{{ playbook.delays.medium }}"
+  delay: "{{ playbook.delay.medium }}"
 
 - name: Install kubectl tab-completion
   ansible.builtin.shell:

ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/registry.yml

@@ -19,7 +19,7 @@
         - api_readycheck.json.status is defined
         - api_readycheck.json.status == 'healthy'
       retries: "{{ playbook.retries }}"
-      delay: "{{ playbook.delays.long }}"
+      delay: "{{ playbook.delay.long }}"
 
   module_defaults:
     ansible.builtin.uri:

ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/storage.yml

@@ -32,7 +32,7 @@
         - (volume_details.json.data | json_query('[*].robustness') | unique | length) == 1
         - (volume_details.json.data | json_query('[*].robustness') | first) == "healthy"
       retries: "{{ playbook.retries }}"
-      delay: "{{ playbook.delays.medium }}"
+      delay: "{{ playbook.delay.medium }}"
 
     - name: Install longhorn chart
       kubernetes.core.helm:
@@ -52,7 +52,7 @@
       until:
         - api_readycheck is not failed
       retries: "{{ playbook.retries }}"
-      delay: "{{ playbook.delays.long }}"
+      delay: "{{ playbook.delay.long }}"
 
   module_defaults:
     ansible.builtin.uri:

ansible/roles/firstboot/files/ansible_payload/upgrade/roles/preflight/tasks/metacluster.yml

@@ -8,4 +8,4 @@
   until:
     - api_readycheck.json.apiVersion is defined
   retries: "{{ playbook.retries }}"
-  delay: "{{ playbook.delays.medium }}"
+  delay: "{{ playbook.delay.medium }}"

ansible/vars/metacluster.yml

@@ -81,7 +81,7 @@ components:
 
   cert-manager:
     helm:
-      version: 1.10.1
+      version: 1.11.0
       chart: jetstack/cert-manager
       parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
       # chart_values: !unsafe |
@@ -91,20 +91,21 @@ components:
     management:
       version:
         # Must match the version referenced at `dependencies.static_binaries[.filename==clusterctl].url`
-        base: v1.3.2
+        base: v1.3.3
         # Must match the version referenced at `components.cert-manager.helm.version`
-        cert_manager: v1.10.1
+        cert_manager: v1.11.0
         infrastructure_vsphere: v1.5.1
         ipam_incluster: v0.1.0-alpha.1
     workload:
       version:
         calico: v3.24.5
         # k8s: v1.25.5
-        k8s: v1.23.5
+        k8s: v1.23.15
       node_template:
-        # Refer to `https://github.com/kubernetes-sigs/cluster-api-provider-vsphere/blob/v1.3.5/README.md#kubernetes-versions-with-published-ovas` for a list of supported node templates
+        # Refer to `https://github.com/kubernetes-sigs/cluster-api-provider-vsphere/blob/main/README.md#kubernetes-versions-with-published-ovas` for a list of supported node templates
         # url: https://storage.googleapis.com/capv-templates/v1.25.5/ubuntu-2004-kube-v1.25.5.ova
-        url: https://storage.googleapis.com/capv-images/release/v1.23.5/ubuntu-2004-kube-v1.23.5.ova
+        # url: https://storage.googleapis.com/capv-images/release/v1.23.5/ubuntu-2004-kube-v1.23.5.ova
+        url: https://storage.googleapis.com/capv-templates/v1.23.15/ubuntu-2004-kube-v1.23.15.ova
 
   gitea:
     helm:
@@ -234,7 +235,7 @@ dependencies:
 
   static_binaries:
     - filename: clusterctl
-      url: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.3.2/clusterctl-linux-amd64
+      url: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.3.3/clusterctl-linux-amd64
     - filename: govc
       url: https://github.com/vmware/govmomi/releases/download/v0.29.0/govc_Linux_x86_64.tar.gz
       archive: compressed