From ab5f082933ccb1b0f4f4ebfab0d6572ed90eadb0 Mon Sep 17 00:00:00 2001 From: Danny Bessems Date: Sat, 10 Dec 2022 16:56:13 +0100 Subject: [PATCH] Define registry mirrors dynamically;Fix path;Fix Ansible config --- ansible/roles/assets/tasks/main.yml | 2 +- ansible/roles/assets/tasks/manifests.yml | 4 +-- .../roles/metacluster/tasks/registry.yml | 16 +++++++++ .../workloadcluster/tasks/clusterapi.yml | 2 +- .../ansible_payload/templates/clusterctl.j2 | 2 +- .../ansible_payload/templates/registries.j2 | 33 +++---------------- ansible/roles/os/templates/ansible.j2 | 2 +- 7 files changed, 27 insertions(+), 34 deletions(-) diff --git a/ansible/roles/assets/tasks/main.yml b/ansible/roles/assets/tasks/main.yml index 16df1ea..902192e 100644 --- a/ansible/roles/assets/tasks/main.yml +++ b/ansible/roles/assets/tasks/main.yml @@ -9,7 +9,7 @@ - /opt/metacluster/cluster-api/cni-calico/{{ components.clusterapi.workload.version.calico }} - /opt/metacluster/cluster-api/control-plane-kubeadm/{{ components.clusterapi.management.version.base }} - /opt/metacluster/cluster-api/infrastructure-vsphere/{{ components.clusterapi.management.version.infrastructure_vsphere }} - - /opt/metacluster/cluster-api/ipam-incluster/{{ components.clusterapi.management.version.ipam_incluster }} + - /opt/metacluster/cluster-api/ipam-in-cluster/{{ components.clusterapi.management.version.ipam_incluster }} - /opt/metacluster/container-images - /opt/metacluster/git-repositories/gitops - /opt/metacluster/helm-charts diff --git a/ansible/roles/assets/tasks/manifests.yml b/ansible/roles/assets/tasks/manifests.yml index 5202f75..af0e1da 100644 --- a/ansible/roles/assets/tasks/manifests.yml +++ b/ansible/roles/assets/tasks/manifests.yml @@ -49,9 +49,9 @@ dest: cni-calico/{{ components.clusterapi.workload.version.calico }}/calico.yaml # IPAM in-cluster provider (w/ metadata.yaml) - url: https://github.com/telekom/cluster-api-ipam-provider-in-cluster/releases/download/{{ components.clusterapi.management.version.ipam_incluster }}/ipam-components.yaml - dest: ipam-incluster/{{ components.clusterapi.management.version.ipam_incluster }}/ipam-components.yaml + dest: ipam-in-cluster/{{ components.clusterapi.management.version.ipam_incluster }}/ipam-components.yaml - url: https://github.com/telekom/cluster-api-ipam-provider-in-cluster/releases/download/{{ components.clusterapi.management.version.ipam_incluster }}/metadata.yaml - dest: ipam-incluster/{{ components.clusterapi.management.version.ipam_incluster }}/metadata.yaml + dest: ipam-in-cluster/{{ components.clusterapi.management.version.ipam_incluster }}/metadata.yaml loop_control: label: "{{ item.url | basename }}" retries: 5 diff --git a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/registry.yml b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/registry.yml index 6bd8bac..5de1233 100644 --- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/registry.yml +++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/registry.yml @@ -39,10 +39,26 @@ loop_control: label: "{{ item | basename }}" + - name: Get all stored container images (=artifacts) + ansible.builtin.uri: + url: https://registry.{{ vapp['metacluster.fqdn'] }}/api/v2.0/search?q=library + method: GET + register: registry_artifacts + + - name: Get source registries of all artifacts + ansible.builtin.set_fact: + source_registries: "{{ (source_registries | default([]) + [(item | split('/'))[1]]) | unique | sort }}" + loop: "{{ registry_artifacts.json.repository | json_query('[*].repository_name') }}" + - name: Configure K3s node for private registry ansible.builtin.template: dest: /etc/rancher/k3s/registries.yaml src: registries.j2 + vars: + _template: + data: "{{ source_registries }}" + hv: + fqdn: "{{ vapp['metacluster.fqdn'] }}" - name: Restart kubelet (k3s) to pick up configured registries ansible.builtin.systemd: diff --git a/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/clusterapi.yml b/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/clusterapi.yml index 8801f8b..4f1be47 100644 --- a/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/clusterapi.yml +++ b/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/clusterapi.yml @@ -31,7 +31,7 @@ clusterctl init \ -v5 \ --infrastructure vsphere:{{ components.clusterapi.management.version.infrastructure_vsphere }} \ - --ipam in-cluster:{{ components.clusterapi.management.version.ipam_incluster }} + --ipam in-cluster:{{ components.clusterapi.management.version.ipam_incluster }} \ --config ./clusterctl.yaml \ --kubeconfig {{ kubeconfig.path }} chdir: /opt/metacluster/cluster-api diff --git a/ansible/roles/firstboot/files/ansible_payload/templates/clusterctl.j2 b/ansible/roles/firstboot/files/ansible_payload/templates/clusterctl.j2 index 9f603c7..4898754 100644 --- a/ansible/roles/firstboot/files/ansible_payload/templates/clusterctl.j2 +++ b/ansible/roles/firstboot/files/ansible_payload/templates/clusterctl.j2 @@ -12,7 +12,7 @@ providers: url: "/opt/metacluster/cluster-api/infrastructure-vsphere/{{ _template.version.infrastructure_vsphere }}/infrastructure-components.yaml" type: "InfrastructureProvider" - name: "in-cluster" - url: "/opt/metacluster/cluster-api/ipam-incluster/{{ _template.version.ipam_incluster }}/ipam-components.yaml" + url: "/opt/metacluster/cluster-api/ipam-in-cluster/{{ _template.version.ipam_incluster }}/ipam-components.yaml" type: "IPAMProvider" cert-manager: diff --git a/ansible/roles/firstboot/files/ansible_payload/templates/registries.j2 b/ansible/roles/firstboot/files/ansible_payload/templates/registries.j2 index a07ddcd..6a6016c 100644 --- a/ansible/roles/firstboot/files/ansible_payload/templates/registries.j2 +++ b/ansible/roles/firstboot/files/ansible_payload/templates/registries.j2 @@ -1,31 +1,8 @@ mirrors: - cr.step.cm: +{% for value in _template.data %} + {{ value }}: endpoint: - - https://registry.{{ vapp['metacluster.fqdn'] }} + - https://registry.{{ _template.hv.fqdn }} rewrite: - "(.*)": "library/cr.step.sm/$1" - docker.io: - endpoint: - - https://registry.{{ vapp['metacluster.fqdn'] }} - rewrite: - "(.*)": "library/docker.io/$1" - gcr.io: - endpoint: - - https://registry.{{ vapp['metacluster.fqdn'] }} - rewrite: - "(.*)": "library/gcr.io/$1" - ghcr.io: - endpoint: - - https://registry.{{ vapp['metacluster.fqdn'] }} - rewrite: - "(.*)": "library/ghcr.io/$1" - k8s.gcr.io: - endpoint: - - https://registry.{{ vapp['metacluster.fqdn'] }} - rewrite: - "(.*)": "library/k8s.gcr.io/$1" - quay.io: - endpoint: - - https://registry.{{ vapp['metacluster.fqdn'] }} - rewrite: - "(.*)": "library/quay.io/$1" + "(.*)": "library/{{ value }}/$1" +{% endfor %} diff --git a/ansible/roles/os/templates/ansible.j2 b/ansible/roles/os/templates/ansible.j2 index 467a737..11523ea 100644 --- a/ansible/roles/os/templates/ansible.j2 +++ b/ansible/roles/os/templates/ansible.j2 @@ -1,2 +1,2 @@ [defaults] -callback_whitelist = ansible.posix.profile_tasks +callbacks_enabled = ansible.posix.profile_tasks