Remove redundant tasks;Add readycheck;Housekeeping;Add further upgrade tasks

ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/storage.yml

@@ -40,9 +40,8 @@
         release_namespace: longhorn-system
         create_namespace: yes
         wait: no
-        values: "{{ components.longhorn.chart_values }}"
-        # Workaround; module_defaults are not respected by this module
         kubeconfig: "{{ kubeconfig.path }}"
+        values: "{{ components.longhorn.chart_values }}"
 
     - name: Ensure longhorn API availability
       ansible.builtin.uri:
@@ -59,5 +58,3 @@
       validate_certs: no
       status_code: [200, 201]
       body_format: json
-    group/k8s:
-      kubeconfig: "{{ kubeconfig.path }}"

ansible/roles/firstboot/files/ansible_payload/upgrade/roles/workloadcluster/tasks/clusterapi.yml

@@ -0,0 +1 @@
+# ...

ansible/roles/firstboot/files/ansible_payload/upgrade/roles/workloadcluster/tasks/hypervisor.yml

@@ -0,0 +1,57 @@
+- name: Gather hypervisor details
+  ansible.builtin.shell:
+    cmd: govc ls -L {{ item.moref }} | awk -F/ '{print ${{ item.part }}}'
+  environment:
+    GOVC_INSECURE: '1'
+    GOVC_URL: "{{ vapp['hv.fqdn'] }}"
+    GOVC_USERNAME: "{{ vapp['hv.username'] }}"
+    GOVC_PASSWORD: "{{ vapp['hv.password'] }}"
+  register: govc_inventory
+  loop:
+    - attribute: cluster
+      moref: >-
+        $(govc object.collect -json VirtualMachine:{{ moref_id }} | \
+          jq -r '.[] | select(.Name == "runtime").Val.Host | .Type + ":" + .Value')
+      part: (NF-1)
+    - attribute: datacenter
+      moref: VirtualMachine:{{ moref_id }}
+      part: 2
+    - attribute: datastore
+      moref: >-
+        $(govc object.collect -json VirtualMachine:{{ moref_id }} | \
+          jq -r '.[] | select(.Name == "datastore").Val.ManagedObjectReference | .[].Type + ":" + .[].Value')
+      part: NF
+    - attribute: folder
+      moref: >-
+        $(govc object.collect -json VirtualMachine:{{ moref_id }} | \
+          jq -r '.[] | select(.Name == "parent").Val | .Type + ":" + .Value')
+      part: 0
+    # - attribute: host
+    #   moref: >-
+    #     $(govc object.collect -json VirtualMachine:{{ moref_id }} | \
+    #       jq -r '.[] | select(.Name == "runtime").Val.Host | .Type + ":" + .Value')
+    #   part: NF
+    - attribute: network
+      moref: >-
+        $(govc object.collect -json VirtualMachine:{{ moref_id }} | \
+          jq -r '.[] | select(.Name == "network").Val.ManagedObjectReference | .[].Type + ":" + .[].Value')
+      part: NF
+    - attribute: resourcepool
+      moref: >-
+        $(govc object.collect -json VirtualMachine:{{ moref_id }} | \
+          jq -r '.[] | select(.Name == "resourcePool").Val | .Type + ":" + .Value')
+      part: 0
+  loop_control:
+    label: "{{ item.attribute }}"
+
+- name: Retrieve hypervisor TLS thumbprint
+  ansible.builtin.shell:
+    cmd: openssl s_client -connect {{ vapp['hv.fqdn'] }}:443 < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout -in /dev/stdin | awk -F'=' '{print $2}'
+  register: tls_thumbprint
+
+- name: Store hypervisor details in dictionary
+  ansible.builtin.set_fact:
+    vcenter_info: "{{ vcenter_info | default({}) | combine({ item.item.attribute : item.stdout }) }}"
+  loop: "{{ govc_inventory.results }}"
+  loop_control:
+    label: "{{ item.item.attribute }}"

ansible/roles/firstboot/files/ansible_payload/upgrade/roles/workloadcluster/tasks/main.yml

@@ -0,0 +1,4 @@
+- import_tasks: hypervisor.yml
+- import_tasks: registry.yml
+- import_tasks: nodetemplates.yml
+# - import_tasks: clusterapi.yml

ansible/roles/firstboot/files/ansible_payload/upgrade/roles/workloadcluster/tasks/nodetemplates.yml

@@ -0,0 +1,85 @@
+- block:
+
+    - name: Check for existing templates on hypervisor
+      community.vmware.vmware_guest_info:
+        name: "{{ (item | basename | split('.'))[:-1] | join('.') }}"
+      register: existing_ova
+      loop: "{{ query('ansible.builtin.fileglob', '/opt/workloadcluster/node-templates/*.ova') | sort }}"
+      ignore_errors: yes
+
+    - name: Parse OVA files for network mappings
+      ansible.builtin.shell:
+        cmd: govc import.spec -json {{ item }}
+      environment:
+        GOVC_INSECURE: '1'
+        GOVC_URL: "{{ vapp['hv.fqdn'] }}"
+        GOVC_USERNAME: "{{ vapp['hv.username'] }}"
+        GOVC_PASSWORD: "{{ vapp['hv.password'] }}"
+      register: ova_spec
+      when: existing_ova.results[index] is failed
+      loop: "{{ query('ansible.builtin.fileglob', '/opt/workloadcluster/node-templates/*.ova') | sort }}"
+      loop_control:
+        index_var: index
+
+    - name: Deploy OVA templates on hypervisor
+      community.vmware.vmware_deploy_ovf:
+        cluster: "{{ vcenter_info.cluster }}"
+        datastore: "{{ vcenter_info.datastore }}"
+        folder: "{{ vcenter_info.folder }}"
+        name: "{{ (item | basename | split('.'))[:-1] | join('.') }}"
+        networks: "{u'{{ ova_spec.results[index].stdout | from_json | json_query('NetworkMapping[0].Name') }}':u'{{ vcenter_info.network }}'}"
+        allow_duplicates: no
+        power_on: false
+        ovf: "{{ item }}"
+      register: ova_deploy
+      when: existing_ova.results[index] is failed
+      loop: "{{ query('ansible.builtin.fileglob', '/opt/workloadcluster/node-templates/*.ova') | sort }}"
+      loop_control:
+        index_var: index
+
+    - name: Add vApp properties on deployed VM's
+      ansible.builtin.shell:
+        cmd: >-
+          npp-prepper \
+            --server "{{ vapp['hv.fqdn'] }}" \
+            --username "{{ vapp['hv.username'] }}" \
+            --password "{{ vapp['hv.password'] }}" \
+            vm \
+            --datacenter "{{ vcenter_info.datacenter }}" \
+            --portgroup "{{ vcenter_info.network }}" \
+            --name "{{ item.instance.hw_name }}"
+      when: existing_ova.results[index] is failed
+      loop: "{{ ova_deploy.results }}"
+      loop_control:
+        index_var: index
+        label: "{{ item.item }}"
+
+    - name: Create snapshot on deployed VM's
+      community.vmware.vmware_guest_snapshot:
+        folder: "{{ vcenter_info.folder }}"
+        name: "{{ item.instance.hw_name }}"
+        state: present
+        snapshot_name: "{{ ansible_date_time.iso8601_basic_short }}-base"
+      when: ova_deploy.results[index] is not skipped
+      loop: "{{ ova_deploy.results }}"
+      loop_control:
+        index_var: index
+        label: "{{ item.item }}"
+
+    - name: Mark deployed VM's as templates
+      community.vmware.vmware_guest:
+        name: "{{ item.instance.hw_name }}"
+        is_template: yes
+      when: ova_deploy.results[index] is not skipped
+      loop: "{{ ova_deploy.results }}"
+      loop_control:
+        index_var: index
+        label: "{{ item.item }}"
+
+  module_defaults:
+    group/vmware:
+      hostname: "{{ vapp['hv.fqdn'] }}"
+      validate_certs: no
+      username: "{{ vapp['hv.username'] }}"
+      password: "{{ vapp['hv.password'] }}"
+      datacenter: "{{ vcenter_info.datacenter }}"

ansible/roles/firstboot/files/ansible_payload/upgrade/roles/workloadcluster/tasks/registry.yml

@@ -0,0 +1,21 @@
+- block:
+
+  - name: Lookup kubeadm container images
+    ansible.builtin.set_fact:
+      kubeadm_images: "{{ lookup('ansible.builtin.file', '/opt/metacluster/cluster-api/imagelist').splitlines() }}"
+
+  - name: Copy kubeadm container images to dedicated project
+    ansible.builtin.uri:
+      url: https://registry.{{ vapp['metacluster.fqdn'] }}/api/v2.0/projects/kubeadm/repositories/{{ ( item | regex_findall('([^:/]+)') )[-2] }}/artifacts?from=library/{{ item | replace('/', '%2F') | replace(':', '%3A') }}
+      method: POST
+      headers:
+        Authorization: "Basic {{ ('admin:' ~ vapp['metacluster.password']) | b64encode }}"
+      body:
+        from: "{{ item }}"
+    loop: "{{ kubeadm_images }}"
+
+  module_defaults:
+    ansible.builtin.uri:
+      validate_certs: no
+      status_code: [200, 201, 409]
+      body_format: json