Parallel build of bootstrap/upgrade ova;Split ansible tasks respectively

ansible/roles/firstboot/files/ansible_payload/common/roles/cleanup/tasks/cron.yml

@@ -0,0 +1,4 @@
+- name: Disable crontab job
+  ansible.builtin.cron:
+    name: firstboot
+    state: absent

ansible/roles/firstboot/files/ansible_payload/common/roles/cleanup/tasks/main.yml

@@ -0,0 +1,12 @@
+- import_tasks: service.yml
+- import_tasks: cron.yml
+
+- name: Cleanup tempfile
+  ansible.builtin.file:
+    path: "{{ kubeconfig.path }}"
+    state: absent
+  when: kubeconfig.path is defined
+
+# - name: Reboot host
+#   ansible.builtin.shell:
+#     cmd: systemctl reboot

ansible/roles/firstboot/files/ansible_payload/common/roles/cleanup/tasks/service.yml

@@ -0,0 +1,30 @@
+- name: Create tarball compression service
+  ansible.builtin.template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    owner: root
+    group: root
+    mode: "{{ item.mode | default(omit) }}"
+  vars:
+    _template:
+      service:
+        name: compressTarballs
+        executable: /opt/firstboot/compresstarballs.sh
+        workingdir: /opt/metacluster/container-images/
+  loop:
+    - src: compresstarballs.j2
+      dest: "{{ _template.service.executable }}"
+      mode: o+x
+    - src: systemdunit.j2
+      dest: /etc/systemd/system/{{ _template.service.name }}.service
+  loop_control:
+    label: "{{ item.src }}"
+
+- name: Enable/Start services
+  ansible.builtin.systemd:
+    name: "{{ item }}"
+    enabled: yes
+    state: started
+  loop:
+    - compressTarballs
+    - ttyConsoleMessage

ansible/roles/firstboot/files/ansible_payload/common/roles/disks/tasks/main.yml

@@ -0,0 +1,24 @@
+- name: Create volume group
+  community.general.lvg:
+    vg: longhorn_vg
+    pvs:
+      - /dev/sdb
+    pvresize: yes
+
+- name: Create logical volume
+  community.general.lvol:
+    vg: longhorn_vg
+    lv: longhorn_lv
+    size: 100%VG
+
+- name: Create filesystem
+  community.general.filesystem:
+    dev: /dev/mapper/longhorn_vg-longhorn_lv
+    fstype: ext4
+
+- name: Mount dynamic disk
+  ansible.posix.mount:
+    path: /mnt/blockstorage
+    src: /dev/mapper/longhorn_vg-longhorn_lv
+    fstype: ext4
+    state: mounted

ansible/roles/firstboot/files/ansible_payload/common/roles/network/tasks/main.yml

@@ -0,0 +1,12 @@
+- name: Set hostname
+  ansible.builtin.hostname:
+    name: "{{ vapp['guestinfo.hostname'] }}"
+
+- name: Create netplan configuration file
+  ansible.builtin.template:
+    src: netplan.j2
+    dest: /etc/netplan/00-installer-config.yaml
+
+- name: Apply netplan configuration
+  ansible.builtin.shell:
+    cmd: /usr/sbin/netplan apply

ansible/roles/firstboot/files/ansible_payload/common/roles/network/templates/netplan.j2

@@ -0,0 +1,10 @@
+network:
+  version: 2
+  ethernets:
+    ens192:
+      addresses:
+      - {{ vapp['guestinfo.ipaddress'] }}/{{ vapp['guestinfo.prefixlength'] }}
+      gateway4: {{ vapp['guestinfo.gateway'] }}
+      nameservers:
+        addresses:
+        - {{ vapp['guestinfo.dnsserver'] }}

ansible/roles/firstboot/files/ansible_payload/common/roles/preflight/tasks/main.yml

@@ -0,0 +1,13 @@
+- block:
+
+    - name: Check for vCenter connectivity
+      community.vmware.vmware_vcenter_settings_info:
+        schema: vsphere
+      register: vcenter_info
+
+  module_defaults:
+    group/vmware:
+      hostname: "{{ vapp['hv.fqdn'] }}"
+      validate_certs: no
+      username: "{{ vapp['hv.username'] }}"
+      password: "{{ vapp['hv.password'] }}"

ansible/roles/firstboot/files/ansible_payload/common/roles/tty/tasks/main.yml

@@ -0,0 +1,28 @@
+- name: Create folder structure(s)
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+  loop:
+    - /opt/firstboot
+
+- name: Create tty console message service
+  ansible.builtin.template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    owner: root
+    group: root
+    mode: "{{ item.mode | default(omit) }}"
+  vars:
+    _template:
+      service:
+        name: ttyConsoleMessage
+        executable: /opt/firstboot/tty.sh
+        workingdir: /tmp/
+  loop:
+    - src: tty.j2
+      dest: "{{ _template.service.executable }}"
+      mode: o+x
+    - src: systemdunit.j2
+      dest: /etc/systemd/system/{{ _template.service.name }}.service
+  loop_control:
+    label: "{{ item.src }}"

ansible/roles/firstboot/files/ansible_payload/common/roles/users/tasks/main.yml

@@ -0,0 +1,39 @@
+- name: Set root password
+  ansible.builtin.user:
+    name: root
+    password: "{{ vapp['metacluster.password'] | password_hash('sha512', 65534 | random(seed=vapp['guestinfo.hostname']) | string) }}"
+    generate_ssh_key: yes
+    ssh_key_bits: 2048
+    ssh_key_file: .ssh/id_rsa
+
+- name: Save root SSH publickey
+  ansible.builtin.lineinfile:
+    path: /root/.ssh/authorized_keys
+    line: "{{ vapp['guestinfo.rootsshkey'] }}"
+
+- name: Disable SSH password authentication
+  ansible.builtin.lineinfile:
+    path: /etc/ssh/sshd_config
+    regex: "{{ item.regex }}"
+    line: "{{ item.line }}"
+    state: "{{ item.state }}"
+  loop:
+  - regex: '^#PasswordAuthentication'
+    line: 'PasswordAuthentication no'
+    state: present
+  - regex: '^PasswordAuthentication yes'
+    line: 'PasswordAuthentication yes'
+    state: absent
+  loop_control:
+    label: "{{ '[' + item.regex + '] ' + item.state }}"
+
+- name: Create dedicated SSH keypair
+  community.crypto.openssh_keypair:
+    path: /root/.ssh/git_rsa_id
+  register: gitops_sshkey
+
+- name: Delete 'ubuntu' user
+  ansible.builtin.user:
+    name: ubuntu
+    state: absent
+    remove: yes

ansible/roles/firstboot/files/ansible_payload/common/roles/vapp/tasks/main.yml

@@ -0,0 +1,38 @@
+- name: Store current ovfEnvironment
+  ansible.builtin.shell:
+    cmd: /usr/bin/vmtoolsd --cmd "info-get guestinfo.ovfEnv"
+  register: ovfenv
+
+- name: Parse XML for MoRef ID
+  community.general.xml:
+    xmlstring: "{{ ovfenv.stdout }}"
+    namespaces:
+      ns: http://schemas.dmtf.org/ovf/environment/1
+      ve: http://www.vmware.com/schema/ovfenv
+    xpath: /ns:Environment
+    content: attribute
+  register: environment_attribute
+
+- name: Store MoRef ID
+  ansible.builtin.set_fact:
+    moref_id: "{{ ((environment_attribute.matches[0].values() | list)[0].values() | list)[1] }}"
+
+- name: Parse XML for vApp properties
+  community.general.xml:
+    xmlstring: "{{ ovfenv.stdout }}"
+    namespaces:
+      ns: http://schemas.dmtf.org/ovf/environment/1
+    xpath: /ns:Environment/ns:PropertySection/ns:Property
+    content: attribute
+  register: property_section
+
+- name: Assign vApp properties to dictionary
+  ansible.builtin.set_fact:
+    vapp: >-
+      {{ vapp | default({}) | combine({
+        ((item.values() | list)[0].values() | list)[0]:
+        ((item.values() | list)[0].values() | list)[1]})
+      }}
+  loop: "{{ property_section.matches }}"
+  loop_control:
+    label: "{{ ((item.values() | list)[0].values() | list)[0] }}"