Upgrade versions;Add delay;Housekeeping;Fix indentation

2023-02-01 10:54:47 +01:00 · 2023-02-01 10:54:47 +01:00 · aacfbfc2fa
commit aacfbfc2fa
parent 0c44f1fd54
17 changed files with 38 additions and 25 deletions
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/certauthority.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/certauthority.yml
@ -133,7 +133,7 @@
        - api_readycheck.json.status is defined
        - api_readycheck.json.status == 'ok'
      retries: "{{ playbook.retries }}"
-      delay: "{{ playbook.delays.long }}"
+      delay: "{{ playbook.delay.long }}"

  module_defaults:
    ansible.builtin.uri:
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/git.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/git.yml
@ -19,7 +19,7 @@
        - api_readycheck.json.status is defined
        - api_readycheck.json.status == 'pass'
      retries: "{{ playbook.retries }}"
-      delay: "{{ playbook.delays.long }}"
+      delay: "{{ playbook.delay.long }}"

    - name: Configure additional SSH ingress
      ansible.builtin.template:
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/gitops.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/gitops.yml
@ -18,7 +18,7 @@
      until:
        - api_readycheck.json.Version is defined
      retries: "{{ playbook.retries }}"
-      delay: "{{ playbook.delays.long }}"
+      delay: "{{ playbook.delay.long }}"

    - name: Generate argo-cd API token
      ansible.builtin.uri:
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/init.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/init.yml
@ -64,11 +64,13 @@
    chdir: /opt/metacluster/container-images
  register: registry_artifacts
  loop: "{{ query('ansible.builtin.fileglob', '/opt/metacluster/container-images/*.tar') }}"
+  loop_control:
+    label: "{{ item | basename }}"

 - name: Get source registries of all artifacts
  ansible.builtin.set_fact:
    source_registries: "{{ (source_registries | default([]) + [(item | split('/'))[0]]) | unique | sort }}"
-    loop: "{{ registry_artifacts | json_query('results[*].stdout') | select() }}"
+  loop: "{{ registry_artifacts | json_query('results[*].stdout') | select }}"

 - name: Configure K3s node for private registry
  ansible.builtin.template:
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/k3s.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/k3s.yml
@ -51,7 +51,7 @@
  register: api_readycheck
  until: api_readycheck.json.apiVersion is defined
  retries: "{{ playbook.retries }}"
-  delay: "{{ playbook.delays.medium }}"
+  delay: "{{ playbook.delay.medium }}"

 - name: Install kubectl tab-completion
  ansible.builtin.shell:
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/registry.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/registry.yml
@ -19,7 +19,7 @@
        - api_readycheck.json.status is defined
        - api_readycheck.json.status == 'healthy'
      retries: "{{ playbook.retries }}"
-      delay: "{{ playbook.delays.long }}"
+      delay: "{{ playbook.delay.long }}"

    - name: Push images to registry
      ansible.builtin.shell:
@ -40,7 +40,7 @@
      loop_control:
        label: "{{ item | basename }}"
      retries: "{{ playbook.retries }}"
-      delay: "{{ playbook.delays.short }}"
+      delay: "{{ playbook.delay.short }}"
      until: push_result is not failed

    # - name: Get all stored container images (=artifacts)
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/storage.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/storage.yml
@ -17,7 +17,7 @@
      until:
        - api_readycheck is not failed
      retries: "{{ playbook.retries }}"
-      delay: "{{ playbook.delays.long }}"
+      delay: "{{ playbook.delay.long }}"

  module_defaults:
    ansible.builtin.uri:
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml
@ -139,6 +139,16 @@
  ansible.builtin.copy:
    dest: /opt/metacluster/cluster-api/new-cluster.yaml
    content: "{{ clusterctl_newcluster.stdout }}"
+- name: WORKAROUND - Wait for ingress ACME requests to complete
+  ansible.builtin.shell:
+    cmd: >-
+      openssl s_client -connect registry.{{ vapp['metacluster.fqdn'] }}:443 -servername registry.{{ vapp['metacluster.fqdn'] }} 2>/dev/null </dev/null | \
+        openssl x509 -noout -subject | \
+      grep 'subject=CN = registry.{{ vapp['metacluster.fqdn'] }}'
+  register: certificate_subject
+  until: certificate_subject is not failed
+  retries: "{{ playbook.retries }}"
+  delay: "{{ playbook.delay.medium }}"
 - name: Apply workload cluster manifest
  kubernetes.core.k8s:
    definition: >-
@ -156,7 +166,7 @@
  register: cluster_readycheck
  until: cluster_readycheck is succeeded
  retries: "{{ playbook.retries }}"
-  delay: "{{ playbook.delays.long }}"
+  delay: "{{ playbook.delay.long }}"

 - name: Initialize tempfile
  ansible.builtin.tempfile:
--- a/ansible/roles/firstboot/files/ansible_payload/common/roles/metacluster/tasks/assets.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/common/roles/metacluster/tasks/assets.yml
@ -8,5 +8,5 @@
    label: "{{ item | basename }}"
  # Probably should add a task before that ensures K3s node is fully initialized before starting imports; currently K3s goes away briefly during this loop
  retries: "{{ playbook.retries }}"
-  delay: "{{ playbook.delays.short }}"
+  delay: "{{ playbook.delay.short }}"
  until: import_result is not failed
--- a/ansible/roles/firstboot/files/ansible_payload/common/roles/preflight/tasks/vcenter.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/common/roles/preflight/tasks/vcenter.yml
@ -5,7 +5,7 @@
        schema: vsphere
      register: vcenter_info
      retries: "{{ playbook.retries }}"
-      delay: "{{ playbook.delays.short }}"
+      delay: "{{ playbook.delay.short }}"
      until: vcenter_info is not failed

  module_defaults:
--- a/ansible/roles/firstboot/files/ansible_payload/common/vars/defaults.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/common/vars/defaults.yml
@ -1,6 +1,6 @@
 playbook:
  retries: 5
-  delays:
+  delay:
    long: 60
    medium: 30
    short: 10
--- a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/containerimages.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/containerimages.yml
@ -19,7 +19,7 @@
      loop_control:
        label: "{{ item | basename }}"
      retries: "{{ playbook.retries }}"
-      delay: "{{ playbook.delays.short }}"
+      delay: "{{ playbook.delay.short }}"
      until: push_result is not failed

    - name: Get all stored container images (=artifacts)
--- a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/k3s.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/k3s.yml
@ -39,7 +39,7 @@
  register: api_readycheck
  until: api_readycheck.json.apiVersion is defined
  retries: "{{ playbook.retries }}"
-  delay: "{{ playbook.delays.medium }}"
+  delay: "{{ playbook.delay.medium }}"

 - name: Install kubectl tab-completion
  ansible.builtin.shell:
--- a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/registry.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/registry.yml
@ -19,7 +19,7 @@
        - api_readycheck.json.status is defined
        - api_readycheck.json.status == 'healthy'
      retries: "{{ playbook.retries }}"
-      delay: "{{ playbook.delays.long }}"
+      delay: "{{ playbook.delay.long }}"

  module_defaults:
    ansible.builtin.uri:
--- a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/storage.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/storage.yml
@ -32,7 +32,7 @@
        - (volume_details.json.data | json_query('[*].robustness') | unique | length) == 1
        - (volume_details.json.data | json_query('[*].robustness') | first) == "healthy"
      retries: "{{ playbook.retries }}"
-      delay: "{{ playbook.delays.medium }}"
+      delay: "{{ playbook.delay.medium }}"

    - name: Install longhorn chart
      kubernetes.core.helm:
@ -52,7 +52,7 @@
      until:
        - api_readycheck is not failed
      retries: "{{ playbook.retries }}"
-      delay: "{{ playbook.delays.long }}"
+      delay: "{{ playbook.delay.long }}"

  module_defaults:
    ansible.builtin.uri:
--- a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/preflight/tasks/metacluster.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/preflight/tasks/metacluster.yml
@ -8,4 +8,4 @@
  until:
    - api_readycheck.json.apiVersion is defined
  retries: "{{ playbook.retries }}"
-  delay: "{{ playbook.delays.medium }}"
+  delay: "{{ playbook.delay.medium }}"
--- a/ansible/vars/metacluster.yml
+++ b/ansible/vars/metacluster.yml
@ -81,7 +81,7 @@ components:

  cert-manager:
    helm:
-      version: 1.10.1
+      version: 1.11.0
      chart: jetstack/cert-manager
      parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
      # chart_values: !unsafe |
@ -91,20 +91,21 @@ components:
    management:
      version:
        # Must match the version referenced at `dependencies.static_binaries[.filename==clusterctl].url`
-        base: v1.3.2
+        base: v1.3.3
        # Must match the version referenced at `components.cert-manager.helm.version`
-        cert_manager: v1.10.1
+        cert_manager: v1.11.0
        infrastructure_vsphere: v1.5.1
        ipam_incluster: v0.1.0-alpha.1
    workload:
      version:
        calico: v3.24.5
        # k8s: v1.25.5
-        k8s: v1.23.5
+        k8s: v1.23.15
      node_template:
-        # Refer to `https://github.com/kubernetes-sigs/cluster-api-provider-vsphere/blob/v1.3.5/README.md#kubernetes-versions-with-published-ovas` for a list of supported node templates
+        # Refer to `https://github.com/kubernetes-sigs/cluster-api-provider-vsphere/blob/main/README.md#kubernetes-versions-with-published-ovas` for a list of supported node templates
        # url: https://storage.googleapis.com/capv-templates/v1.25.5/ubuntu-2004-kube-v1.25.5.ova
-        url: https://storage.googleapis.com/capv-images/release/v1.23.5/ubuntu-2004-kube-v1.23.5.ova
+        # url: https://storage.googleapis.com/capv-images/release/v1.23.5/ubuntu-2004-kube-v1.23.5.ova
+        url: https://storage.googleapis.com/capv-templates/v1.23.15/ubuntu-2004-kube-v1.23.15.ova

  gitea:
    helm:
@ -234,7 +235,7 @@ dependencies:

  static_binaries:
    - filename: clusterctl
-      url: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.3.2/clusterctl-linux-amd64
+      url: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.3.3/clusterctl-linux-amd64
    - filename: govc
      url: https://github.com/vmware/govmomi/releases/download/v0.29.0/govc_Linux_x86_64.tar.gz
      archive: compressed