diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/certauthority.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/certauthority.yml index fe76be6..9fc7707 100644 --- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/certauthority.yml +++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/certauthority.yml @@ -133,7 +133,7 @@ - api_readycheck.json.status is defined - api_readycheck.json.status == 'ok' retries: "{{ playbook.retries }}" - delay: "{{ playbook.delays.long }}" + delay: "{{ playbook.delay.long }}" module_defaults: ansible.builtin.uri: diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/git.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/git.yml index bed25b9..c1f875a 100644 --- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/git.yml +++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/git.yml @@ -19,7 +19,7 @@ - api_readycheck.json.status is defined - api_readycheck.json.status == 'pass' retries: "{{ playbook.retries }}" - delay: "{{ playbook.delays.long }}" + delay: "{{ playbook.delay.long }}" - name: Configure additional SSH ingress ansible.builtin.template: diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/gitops.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/gitops.yml index 2214b9b..2e1eb23 100644 --- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/gitops.yml +++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/gitops.yml @@ -18,7 +18,7 @@ until: - api_readycheck.json.Version is defined retries: "{{ playbook.retries }}" - delay: "{{ playbook.delays.long }}" + delay: "{{ playbook.delay.long }}" - name: Generate argo-cd API token ansible.builtin.uri: diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/init.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/init.yml index 9e49c64..d22f97f 100644 --- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/init.yml +++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/init.yml @@ -64,11 +64,13 @@ chdir: /opt/metacluster/container-images register: registry_artifacts loop: "{{ query('ansible.builtin.fileglob', '/opt/metacluster/container-images/*.tar') }}" + loop_control: + label: "{{ item | basename }}" - name: Get source registries of all artifacts ansible.builtin.set_fact: source_registries: "{{ (source_registries | default([]) + [(item | split('/'))[0]]) | unique | sort }}" - loop: "{{ registry_artifacts | json_query('results[*].stdout') | select() }}" + loop: "{{ registry_artifacts | json_query('results[*].stdout') | select }}" - name: Configure K3s node for private registry ansible.builtin.template: diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/k3s.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/k3s.yml index 92a2948..94f80ec 100644 --- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/k3s.yml +++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/k3s.yml @@ -51,7 +51,7 @@ register: api_readycheck until: api_readycheck.json.apiVersion is defined retries: "{{ playbook.retries }}" - delay: "{{ playbook.delays.medium }}" + delay: "{{ playbook.delay.medium }}" - name: Install kubectl tab-completion ansible.builtin.shell: diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/registry.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/registry.yml index 2abefc8..e9a49a2 100644 --- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/registry.yml +++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/registry.yml @@ -19,7 +19,7 @@ - api_readycheck.json.status is defined - api_readycheck.json.status == 'healthy' retries: "{{ playbook.retries }}" - delay: "{{ playbook.delays.long }}" + delay: "{{ playbook.delay.long }}" - name: Push images to registry ansible.builtin.shell: @@ -40,7 +40,7 @@ loop_control: label: "{{ item | basename }}" retries: "{{ playbook.retries }}" - delay: "{{ playbook.delays.short }}" + delay: "{{ playbook.delay.short }}" until: push_result is not failed # - name: Get all stored container images (=artifacts) diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/storage.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/storage.yml index cf818f6..00b859c 100644 --- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/storage.yml +++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/storage.yml @@ -17,7 +17,7 @@ until: - api_readycheck is not failed retries: "{{ playbook.retries }}" - delay: "{{ playbook.delays.long }}" + delay: "{{ playbook.delay.long }}" module_defaults: ansible.builtin.uri: diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml index 88ac69d..110eb5a 100644 --- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml +++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml @@ -139,6 +139,16 @@ ansible.builtin.copy: dest: /opt/metacluster/cluster-api/new-cluster.yaml content: "{{ clusterctl_newcluster.stdout }}" +- name: WORKAROUND - Wait for ingress ACME requests to complete + ansible.builtin.shell: + cmd: >- + openssl s_client -connect registry.{{ vapp['metacluster.fqdn'] }}:443 -servername registry.{{ vapp['metacluster.fqdn'] }} 2>/dev/null - @@ -156,7 +166,7 @@ register: cluster_readycheck until: cluster_readycheck is succeeded retries: "{{ playbook.retries }}" - delay: "{{ playbook.delays.long }}" + delay: "{{ playbook.delay.long }}" - name: Initialize tempfile ansible.builtin.tempfile: diff --git a/ansible/roles/firstboot/files/ansible_payload/common/roles/metacluster/tasks/assets.yml b/ansible/roles/firstboot/files/ansible_payload/common/roles/metacluster/tasks/assets.yml index 35f4b91..ad9ba9a 100644 --- a/ansible/roles/firstboot/files/ansible_payload/common/roles/metacluster/tasks/assets.yml +++ b/ansible/roles/firstboot/files/ansible_payload/common/roles/metacluster/tasks/assets.yml @@ -8,5 +8,5 @@ label: "{{ item | basename }}" # Probably should add a task before that ensures K3s node is fully initialized before starting imports; currently K3s goes away briefly during this loop retries: "{{ playbook.retries }}" - delay: "{{ playbook.delays.short }}" + delay: "{{ playbook.delay.short }}" until: import_result is not failed diff --git a/ansible/roles/firstboot/files/ansible_payload/common/roles/preflight/tasks/vcenter.yml b/ansible/roles/firstboot/files/ansible_payload/common/roles/preflight/tasks/vcenter.yml index 55d03b7..6623650 100644 --- a/ansible/roles/firstboot/files/ansible_payload/common/roles/preflight/tasks/vcenter.yml +++ b/ansible/roles/firstboot/files/ansible_payload/common/roles/preflight/tasks/vcenter.yml @@ -5,7 +5,7 @@ schema: vsphere register: vcenter_info retries: "{{ playbook.retries }}" - delay: "{{ playbook.delays.short }}" + delay: "{{ playbook.delay.short }}" until: vcenter_info is not failed module_defaults: diff --git a/ansible/roles/firstboot/files/ansible_payload/common/vars/defaults.yml b/ansible/roles/firstboot/files/ansible_payload/common/vars/defaults.yml index 6a7457b..4b215f7 100644 --- a/ansible/roles/firstboot/files/ansible_payload/common/vars/defaults.yml +++ b/ansible/roles/firstboot/files/ansible_payload/common/vars/defaults.yml @@ -1,6 +1,6 @@ playbook: retries: 5 - delays: + delay: long: 60 medium: 30 short: 10 diff --git a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/containerimages.yml b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/containerimages.yml index c0ba9c4..1124af7 100644 --- a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/containerimages.yml +++ b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/containerimages.yml @@ -19,7 +19,7 @@ loop_control: label: "{{ item | basename }}" retries: "{{ playbook.retries }}" - delay: "{{ playbook.delays.short }}" + delay: "{{ playbook.delay.short }}" until: push_result is not failed - name: Get all stored container images (=artifacts) diff --git a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/k3s.yml b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/k3s.yml index b54cb98..b5147dd 100644 --- a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/k3s.yml +++ b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/k3s.yml @@ -39,7 +39,7 @@ register: api_readycheck until: api_readycheck.json.apiVersion is defined retries: "{{ playbook.retries }}" - delay: "{{ playbook.delays.medium }}" + delay: "{{ playbook.delay.medium }}" - name: Install kubectl tab-completion ansible.builtin.shell: diff --git a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/registry.yml b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/registry.yml index 43a6090..cf8f708 100644 --- a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/registry.yml +++ b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/registry.yml @@ -19,7 +19,7 @@ - api_readycheck.json.status is defined - api_readycheck.json.status == 'healthy' retries: "{{ playbook.retries }}" - delay: "{{ playbook.delays.long }}" + delay: "{{ playbook.delay.long }}" module_defaults: ansible.builtin.uri: diff --git a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/storage.yml b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/storage.yml index 3e465fd..6f08c78 100644 --- a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/storage.yml +++ b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/storage.yml @@ -32,7 +32,7 @@ - (volume_details.json.data | json_query('[*].robustness') | unique | length) == 1 - (volume_details.json.data | json_query('[*].robustness') | first) == "healthy" retries: "{{ playbook.retries }}" - delay: "{{ playbook.delays.medium }}" + delay: "{{ playbook.delay.medium }}" - name: Install longhorn chart kubernetes.core.helm: @@ -52,7 +52,7 @@ until: - api_readycheck is not failed retries: "{{ playbook.retries }}" - delay: "{{ playbook.delays.long }}" + delay: "{{ playbook.delay.long }}" module_defaults: ansible.builtin.uri: diff --git a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/preflight/tasks/metacluster.yml b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/preflight/tasks/metacluster.yml index 5e37d56..3af9f5f 100644 --- a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/preflight/tasks/metacluster.yml +++ b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/preflight/tasks/metacluster.yml @@ -8,4 +8,4 @@ until: - api_readycheck.json.apiVersion is defined retries: "{{ playbook.retries }}" - delay: "{{ playbook.delays.medium }}" + delay: "{{ playbook.delay.medium }}" diff --git a/ansible/vars/metacluster.yml b/ansible/vars/metacluster.yml index b07c119..6f1ce6c 100644 --- a/ansible/vars/metacluster.yml +++ b/ansible/vars/metacluster.yml @@ -81,7 +81,7 @@ components: cert-manager: helm: - version: 1.10.1 + version: 1.11.0 chart: jetstack/cert-manager parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /' # chart_values: !unsafe | @@ -91,20 +91,21 @@ components: management: version: # Must match the version referenced at `dependencies.static_binaries[.filename==clusterctl].url` - base: v1.3.2 + base: v1.3.3 # Must match the version referenced at `components.cert-manager.helm.version` - cert_manager: v1.10.1 + cert_manager: v1.11.0 infrastructure_vsphere: v1.5.1 ipam_incluster: v0.1.0-alpha.1 workload: version: calico: v3.24.5 # k8s: v1.25.5 - k8s: v1.23.5 + k8s: v1.23.15 node_template: - # Refer to `https://github.com/kubernetes-sigs/cluster-api-provider-vsphere/blob/v1.3.5/README.md#kubernetes-versions-with-published-ovas` for a list of supported node templates + # Refer to `https://github.com/kubernetes-sigs/cluster-api-provider-vsphere/blob/main/README.md#kubernetes-versions-with-published-ovas` for a list of supported node templates # url: https://storage.googleapis.com/capv-templates/v1.25.5/ubuntu-2004-kube-v1.25.5.ova - url: https://storage.googleapis.com/capv-images/release/v1.23.5/ubuntu-2004-kube-v1.23.5.ova + # url: https://storage.googleapis.com/capv-images/release/v1.23.5/ubuntu-2004-kube-v1.23.5.ova + url: https://storage.googleapis.com/capv-templates/v1.23.15/ubuntu-2004-kube-v1.23.15.ova gitea: helm: @@ -234,7 +235,7 @@ dependencies: static_binaries: - filename: clusterctl - url: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.3.2/clusterctl-linux-amd64 + url: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.3.3/clusterctl-linux-amd64 - filename: govc url: https://github.com/vmware/govmomi/releases/download/v0.29.0/govc_Linux_x86_64.tar.gz archive: compressed