Parallel build of bootstrap/upgrade ova;Split ansible tasks respectively

.drone.yml

@@ -1,7 +1,7 @@
 kind: pipeline
 type: kubernetes
 name: 'Packer Build'
-    
+
 volumes:
 - name: output
   claim:
@@ -39,7 +39,6 @@ steps:
   - |
     packer validate \
       -var vm_name=$DRONE_BUILD_NUMBER-${DRONE_COMMIT_SHA:0:10} \
-      -var vm_guestos=k8sbootstrap \
       -var repo_username=$${REPO_USERNAME} \
       -var repo_password=$${REPO_PASSWORD} \
       -var vsphere_password=$${VSPHERE_PASSWORD} \
@@ -49,7 +48,6 @@ steps:
     packer build \
       -on-error=cleanup -timestamp-ui \
       -var vm_name=$DRONE_BUILD_NUMBER-${DRONE_COMMIT_SHA:0:10} \
-      -var vm_guestos=k8sbootstrap \
       -var repo_username=$${REPO_USERNAME} \
       -var repo_password=$${REPO_PASSWORD} \
       -var vsphere_password=$${VSPHERE_PASSWORD} \

ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/gitops.yml

@@ -4,13 +4,6 @@
       kubernetes.core.k8s:
         template: serviceaccount.j2
         state: present
-      vars:
-        _template:
-          account:
-            name: argocd-sa
-            namespace: default
-          clusterrolebinding:
-            name: argocd-crb
 
     - name: Retrieve service account bearer token
       kubernetes.core.k8s_info:
@@ -39,6 +32,13 @@
             url: https://{{ vapp['workloadcluster.vip'] }}:6443
             token: "{{ workloadcluster_bearertoken.resources | json_query('[].data.token') }}"
 
+  vars:
+    _template:
+      account:
+        name: argocd-sa
+        namespace: default
+      clusterrolebinding:
+        name: argocd-crb
   module_defaults:
     group/k8s:
       kubeconfig: "{{ capi_kubeconfig.path }}"

ansible/roles/firstboot/files/ansible_payload/upgrade/playbook.yml

@@ -0,0 +1,26 @@
+---
+- hosts: 127.0.0.1
+  connection: local
+  gather_facts: true
+  vars_files:
+    - defaults.yml
+    - metacluster.yml
+  # become: true
+  roles:
+    - vapp
+    - network
+    - preflight
+    - users
+    - disks
+    # - metacluster
+    # - workloadcluster
+    - tty
+    - cleanup
+  handlers:
+    - name: Apply manifests
+      kubernetes.core.k8s:
+        src: "{{ item }}"
+        state: present
+        kubeconfig: "{{ kubeconfig.path }}"
+      loop: "{{ query('ansible.builtin.fileglob', '/var/lib/rancher/k3s/server/manifests/*.yaml') | sort }}"
+      ignore_errors: yes

ansible/roles/firstboot/tasks/main.yml

@@ -17,9 +17,17 @@
     special_time: reboot
     job: "/opt/firstboot/firstboot.sh >/dev/tty1 2>&1"
 
-- name: Copy payload folder
+- name: Copy payload folder (common)
   ansible.builtin.copy:
-    src: ansible_payload/
+    src: ansible_payload/common/
+    dest: /opt/firstboot/ansible/
+    owner: root
+    group: root
+    mode: '0644'
+
+- name: Copy payload folder (per appliancetype)
+  ansible.builtin.copy:
+    src: ansible_payload/{{ appliancetype }}
     dest: /opt/firstboot/ansible/
     owner: root
     group: root

packer/build.pkr.hcl

@@ -0,0 +1,46 @@
+packer {
+  required_plugins {
+  }
+}
+
+build {
+  source "vsphere-iso.ubuntu" {
+    name = "bootstrap"
+    vm_name = "${var.vm_name}-bootstrap"
+  }
+
+  source "vsphere-iso.ubuntu" {
+    name = "upgrade"
+    vm_name = "${var.vm_name}-upgrade"
+  }
+
+  provisioner "ansible" {
+    pause_before     = "2m30s"
+
+    playbook_file    = "ansible/playbook.yml"
+    user             = "ubuntu"
+    ansible_env_vars = [
+      "ANSIBLE_CONFIG=ansible/ansible.cfg"
+    ]
+    use_proxy        = "false"
+    extra_arguments  = [
+      "--extra-vars", "appliancetype=${source.name}",
+      "--extra-vars", "ansible_ssh_pass=${var.ssh_password}"//,
+      // "--extra-vars", "repo_username=${var.repo_username}",
+      // "--extra-vars", "repo_password=${var.repo_password}"
+    ]
+  }
+
+  post-processor "shell-local" {
+    inline = [
+      "pwsh -command \"& scripts/Update-OvfConfiguration.ps1 \\",
+      " -ApplianceType '${source.name} \\",
+      " -OVFFile '/scratch/airgapped-k8s/${var.vm_name}.ovf' \"",
+      "pwsh -file scripts/Update-Manifest.ps1 \\",
+      " -ManifestFileName '/scratch/airgapped-k8s/${var.vm_name}.mf'",
+      "ovftool --acceptAllEulas --allowExtraConfig --overwrite \\",
+      " '/scratch/airgapped-k8s/${var.vm_name}.ovf' \\",
+      " /output/airgapped-k8s.${source.name}.ova"
+    ]
+  }
+}

packer/sources.pkr.hcl

@@ -1,15 +1,9 @@
-packer {
-  required_plugins {
-  }
-}
-
-source "vsphere-iso" "k8sbootstrap" {
+source "vsphere-iso" "ubuntu" {
   vcenter_server          = var.vcenter_server
   username                = var.vsphere_username
   password                = var.vsphere_password
   insecure_connection     = "true"
 
-  vm_name                 = "${var.vm_guestos}-${var.vm_name}"
   datacenter              = var.vsphere_datacenter
   cluster                 = var.vsphere_cluster
   host                    = var.vsphere_host
@@ -60,42 +54,7 @@ source "vsphere-iso" "k8sbootstrap" {
 
   export {
     images                = false
-    output_directory      = "/scratch/k8sbootstrap"
+    output_directory      = "/scratch/airgapped-k8s"
   }
   remove_cdrom            = true
 }
-
-build {
-  sources = [
-    "source.vsphere-iso.k8sbootstrap"
-  ]
-
-  provisioner "ansible" {
-    pause_before     = "2m30s"
-
-    playbook_file    = "ansible/playbook.yml"
-    user             = "ubuntu"
-    ansible_env_vars = [
-      "ANSIBLE_CONFIG=ansible/ansible.cfg"
-    ]
-    use_proxy        = "false"
-    extra_arguments  = [
-      "--extra-vars", "ansible_ssh_pass=${var.ssh_password}",
-      "--extra-vars", "repo_username=${var.repo_username}",
-      "--extra-vars", "repo_password=${var.repo_password}"
-    ]
-  }
-
-  post-processor "shell-local" {
-    inline = [
-      "pwsh -command \"& scripts/Update-OvfConfiguration.ps1 \\",
-      " -OVFFile '/scratch/k8sbootstrap/${var.vm_guestos}-${var.vm_name}.ovf' \\",
-      " -Parameter @{'appliance.name'='${var.vm_guestos}';'appliance.version'='${var.vm_name}'}\"",
-      "pwsh -file scripts/Update-Manifest.ps1 \\",
-      " -ManifestFileName '/scratch/k8sbootstrap/${var.vm_guestos}-${var.vm_name}.mf'",
-      "ovftool --acceptAllEulas --allowExtraConfig --overwrite \\",
-      " '/scratch/k8sbootstrap/${var.vm_guestos}-${var.vm_name}.ovf' \\",
-      " /output/Kubernetes.Bootstrap.Appliance.ova"
-    ]
-  }
-}

packer/variables.pkr.hcl

@@ -14,7 +14,6 @@ variable "vsphere_datastore" {}
 variable "vsphere_network" {}
 
 variable "vm_name" {}
-variable "vm_guestos" {}
 variable "ssh_password" {
     sensitive = true
 }

scripts/Update-OvfConfiguration.bootstrap.yml

@@ -35,7 +35,7 @@ PropertyCategories:
     Type: string(1..15)
     Label: Hostname*
     Description: ''
-    DefaultValue: 'META-NODE-{{ hostname.suffix }}'
+    DefaultValue: 'meta-{{ hostname.suffix }}'
     Configurations: '*'
     UserConfigurable: true
 
@@ -102,7 +102,7 @@ PropertyCategories:
     Type: string(1..15)
     Label: Workload-cluster name*
     Description: ''
-    DefaultValue: 'WORKLOAD-{{ hostname.suffix }}'
+    DefaultValue: 'workload-{{ hostname.suffix }}'
     Configurations: '*'
     UserConfigurable: true
 
@@ -168,22 +168,8 @@ PropertyCategories:
     Configurations: '*'
     UserConfigurable: true
 
-AdvancedOptions:
-- Key: appliance.name
-  Value: "{{ appliance.name }}"
-  Required: false
-- Key: appliance.version
-  Value: "{{ appliance.version }}"
-  Required: false
-
 ---
 Variables:
 - Name: hostname.suffix
   Expression: |
-    (-join ((48..57) + (97..122) | Get-Random -Count 5 | % {[char]$_})).ToUpper()
-- Name: appliance.name
-  Expression: |
-    $Parameter['appliance.name']
-- Name: appliance.version
-  Expression: |
-    $Parameter['appliance.version']
+    (-join ((48..57) + (97..122) | Get-Random -Count 5 | % {[char]$_})).ToLower()

scripts/Update-OvfConfiguration.ps1

@@ -1,6 +1,9 @@
 #Requires -Modules 'powershell-yaml'
 [CmdletBinding()]
 Param(
+    [Parameter(Mandatory)]
+    [ValidateSet('Bootstrap', 'Upgrade')]
+    [string]$ApplianceType,
     [Parameter(Mandatory)]
     [ValidateScript({
             If (Test-Path($_)) {
@@ -14,7 +17,7 @@ Param(
 )
 
 $GetContentSplat = @{
-    Path = "$($PSScriptRoot)\$($MyInvocation.MyCommand)".Replace('.ps1', ".yml")
+    Path = "$($PSScriptRoot)\$($MyInvocation.MyCommand)".Replace('.ps1', ".$($ApplianceType.ToLower()).yml")
     Raw  = $True
 }
 $RawContent = Get-Content @GetContentSplat

scripts/Update-OvfConfiguration.upgrade.yml

@@ -0,0 +1,175 @@
+DeploymentConfigurations:
+
+- Id: cp1w1
+  Label: 'Workload-cluster: 1 control-plane node/1 worker node'
+  Description: 1 control-plane node/1 worker node
+
+- Id: cp1w2
+  Label: 'Workload-cluster: 1 control-plane node/2 worker nodes'
+  Description: 1 control-plane node/2 worker nodes
+
+DynamicDisks:
+
+- Description: Longhorn persistent storage
+  UnitSize: GB
+  Constraints:
+    Minimum: 100
+    Maximum: ''
+  PropertyCategory: 1
+
+PropertyCategories:
+
+- Name: 0) Deployment information
+  ProductProperties:
+  - Key: deployment.type
+    Type: string
+    Value:
+    - cp1w1
+    - cp1w2
+    UserConfigurable: false
+
+- Name: 1) Meta-cluster
+  ProductProperties:
+
+  - Key: guestinfo.hostname
+    Type: string(1..15)
+    Label: Hostname*
+    Description: ''
+    DefaultValue: 'meta-{{ hostname.suffix }}'
+    Configurations: '*'
+    UserConfigurable: true
+
+  - Key: metacluster.password
+    Type: password(7..)
+    Label: Appliance password*
+    Description: 'Initial password for respective administrator accounts within each component'
+    DefaultValue: ''
+    Configurations: '*'
+    UserConfigurable: true
+
+  - Key: guestinfo.ipaddress
+    Type: ip
+    Label: IP Address*
+    Description: ''
+    DefaultValue: ''
+    Configurations: '*'
+    UserConfigurable: true
+
+  - Key: guestinfo.prefixlength
+    Type: int(8..32)
+    Label: Subnet prefix length*
+    Description: ''
+    DefaultValue: '24'
+    Configurations: '*'
+    UserConfigurable: true
+
+  - Key: metacluster.fqdn
+    Type: string(1..)
+    Label: Appliance FQDN*
+    Description: Respective subdomains will be available for each component (e.g. storage.example.org); this address should already be configured as a wildcard record within your DNS zone.
+    DefaultValue: meta.k8s.cluster
+    Configurations: '*'
+    UserConfigurable: true
+
+  - Key: guestinfo.dnsserver
+    Type: ip
+    Label: DNS server*
+    Description: ''
+    DefaultValue: ''
+    Configurations: '*'
+    UserConfigurable: true
+
+  - Key: guestinfo.gateway
+    Type: ip
+    Label: Gateway*
+    Description: ''
+    DefaultValue: ''
+    Configurations: '*'
+    UserConfigurable: true
+
+  - Key: guestinfo.ntpserver
+    Type: string(1..)
+    Label: Time server*
+    Description: A comma-separated list of timeservers
+    DefaultValue: 0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org
+    Configurations: '*'
+    UserConfigurable: true
+
+- Name: 2) Workload-cluster
+  ProductProperties:
+
+  - Key: workloadcluster.name
+    Type: string(1..15)
+    Label: Workload-cluster name*
+    Description: ''
+    DefaultValue: 'workload-{{ hostname.suffix }}'
+    Configurations: '*'
+    UserConfigurable: true
+
+  - Key: workloadcluster.vip
+    Type: ip
+    Label: Workload-cluster virtual IP*
+    Description: Workload-cluster control plane endpoint virtual IP
+    DefaultValue: ''
+    Configurations: '*'
+    UserConfigurable: true
+
+  - Key: ippool.startip
+    Type: ip
+    Label: Workload-cluster IP-pool start IP*
+    Description: All nodes for the workload-cluster will be provisioned within this IP pool
+    DefaultValue: ''
+    Configurations: '*'
+    UserConfigurable: true
+
+  - Key: ippool.endip
+    Type: ip
+    Label: Workload-cluster IP-pool end IP*
+    Description: All nodes for the workload-cluster will be provisioned within this IP pool
+    DefaultValue: ''
+    Configurations: '*'
+    UserConfigurable: true
+
+- Name: 3) Common
+  ProductProperties:
+
+  - Key: guestinfo.rootsshkey
+    Type: password(1..)
+    Label: SSH public key*
+    Description: Authentication for any node (meta-cluster *and* workloadcluster); this line should start with 'ssh-rsa AAAAB3N'
+    DefaultValue: ''
+    Configurations: '*'
+    UserConfigurable: true
+
+- Name: 4) Hypervisor
+  ProductProperties:
+
+  - Key: hv.fqdn
+    Type: string(1..)
+    Label: vCenter FQDN/IP-address*
+    Description: The address of the vCenter instance which this bootstrap appliance will interact with for provisioning new VM's.
+    DefaultValue: ''
+    Configurations: '*'
+    UserConfigurable: true
+
+  - Key: hv.username
+    Type: string(1..)
+    Label: vCenter username*
+    Description: The username which this bootstrap appliance will authenticate with to the vCenter instance.
+    DefaultValue: 'administrator@vsphere.local'
+    Configurations: '*'
+    UserConfigurable: true
+
+  - Key: hv.password
+    Type: password(1..)
+    Label: vCenter password*
+    Description: The password which this bootstrap appliance will authenticate with to the vCenter instance.
+    DefaultValue: ''
+    Configurations: '*'
+    UserConfigurable: true
+
+---
+Variables:
+- Name: hostname.suffix
+  Expression: |
+    (-join ((48..57) + (97..122) | Get-Random -Count 5 | % {[char]$_})).ToLower()