Remove redundant tasks;Add readycheck;Housekeeping;Add further upgrade tasks
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
Danny Bessems 2023-01-30 16:24:37 +01:00
parent 2870041530
commit c793ced9f3
11 changed files with 189 additions and 32 deletions

View File

@ -124,23 +124,16 @@
- name: Trigger handlers - name: Trigger handlers
ansible.builtin.meta: flush_handlers ansible.builtin.meta: flush_handlers
- name: Retrieve step-ca configuration - name: Ensure step-ca API availability
kubernetes.core.k8s_info: ansible.builtin.uri:
kind: ConfigMap url: https://ca.{{ vapp['metacluster.fqdn'] }}/health
name: step-certificates-config method: GET
namespace: step-ca register: api_readycheck
kubeconfig: "{{ kubeconfig.path }}" until:
register: stepca_cm_config - api_readycheck.json.status is defined
- api_readycheck.json.status == 'ok'
- name: Install root CA in system truststore retries: "{{ playbook.retries }}"
ansible.builtin.shell: delay: "{{ playbook.delays.long }}"
cmd: >-
step ca bootstrap \
--ca-url=https://ca.{{ vapp['metacluster.fqdn'] }} \
--fingerprint={{ stepca_cm_config.resources[0].data['defaults.json'] | from_json | json_query('fingerprint') }} \
--install \
--force
update-ca-certificates
module_defaults: module_defaults:
ansible.builtin.uri: ansible.builtin.uri:

View File

@ -13,7 +13,7 @@
- users - users
- disks - disks
- metacluster - metacluster
# - workloadcluster - workloadcluster
- tty - tty
- cleanup - cleanup
handlers: handlers:

View File

@ -40,9 +40,8 @@
release_namespace: longhorn-system release_namespace: longhorn-system
create_namespace: yes create_namespace: yes
wait: no wait: no
values: "{{ components.longhorn.chart_values }}"
# Workaround; module_defaults are not respected by this module
kubeconfig: "{{ kubeconfig.path }}" kubeconfig: "{{ kubeconfig.path }}"
values: "{{ components.longhorn.chart_values }}"
- name: Ensure longhorn API availability - name: Ensure longhorn API availability
ansible.builtin.uri: ansible.builtin.uri:
@ -59,5 +58,3 @@
validate_certs: no validate_certs: no
status_code: [200, 201] status_code: [200, 201]
body_format: json body_format: json
group/k8s:
kubeconfig: "{{ kubeconfig.path }}"

View File

@ -0,0 +1,57 @@
- name: Gather hypervisor details
ansible.builtin.shell:
cmd: govc ls -L {{ item.moref }} | awk -F/ '{print ${{ item.part }}}'
environment:
GOVC_INSECURE: '1'
GOVC_URL: "{{ vapp['hv.fqdn'] }}"
GOVC_USERNAME: "{{ vapp['hv.username'] }}"
GOVC_PASSWORD: "{{ vapp['hv.password'] }}"
register: govc_inventory
loop:
- attribute: cluster
moref: >-
$(govc object.collect -json VirtualMachine:{{ moref_id }} | \
jq -r '.[] | select(.Name == "runtime").Val.Host | .Type + ":" + .Value')
part: (NF-1)
- attribute: datacenter
moref: VirtualMachine:{{ moref_id }}
part: 2
- attribute: datastore
moref: >-
$(govc object.collect -json VirtualMachine:{{ moref_id }} | \
jq -r '.[] | select(.Name == "datastore").Val.ManagedObjectReference | .[].Type + ":" + .[].Value')
part: NF
- attribute: folder
moref: >-
$(govc object.collect -json VirtualMachine:{{ moref_id }} | \
jq -r '.[] | select(.Name == "parent").Val | .Type + ":" + .Value')
part: 0
# - attribute: host
# moref: >-
# $(govc object.collect -json VirtualMachine:{{ moref_id }} | \
# jq -r '.[] | select(.Name == "runtime").Val.Host | .Type + ":" + .Value')
# part: NF
- attribute: network
moref: >-
$(govc object.collect -json VirtualMachine:{{ moref_id }} | \
jq -r '.[] | select(.Name == "network").Val.ManagedObjectReference | .[].Type + ":" + .[].Value')
part: NF
- attribute: resourcepool
moref: >-
$(govc object.collect -json VirtualMachine:{{ moref_id }} | \
jq -r '.[] | select(.Name == "resourcePool").Val | .Type + ":" + .Value')
part: 0
loop_control:
label: "{{ item.attribute }}"
- name: Retrieve hypervisor TLS thumbprint
ansible.builtin.shell:
cmd: openssl s_client -connect {{ vapp['hv.fqdn'] }}:443 < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout -in /dev/stdin | awk -F'=' '{print $2}'
register: tls_thumbprint
- name: Store hypervisor details in dictionary
ansible.builtin.set_fact:
vcenter_info: "{{ vcenter_info | default({}) | combine({ item.item.attribute : item.stdout }) }}"
loop: "{{ govc_inventory.results }}"
loop_control:
label: "{{ item.item.attribute }}"

View File

@ -0,0 +1,4 @@
- import_tasks: hypervisor.yml
- import_tasks: registry.yml
- import_tasks: nodetemplates.yml
# - import_tasks: clusterapi.yml

View File

@ -0,0 +1,85 @@
- block:
- name: Check for existing templates on hypervisor
community.vmware.vmware_guest_info:
name: "{{ (item | basename | split('.'))[:-1] | join('.') }}"
register: existing_ova
loop: "{{ query('ansible.builtin.fileglob', '/opt/workloadcluster/node-templates/*.ova') | sort }}"
ignore_errors: yes
- name: Parse OVA files for network mappings
ansible.builtin.shell:
cmd: govc import.spec -json {{ item }}
environment:
GOVC_INSECURE: '1'
GOVC_URL: "{{ vapp['hv.fqdn'] }}"
GOVC_USERNAME: "{{ vapp['hv.username'] }}"
GOVC_PASSWORD: "{{ vapp['hv.password'] }}"
register: ova_spec
when: existing_ova.results[index] is failed
loop: "{{ query('ansible.builtin.fileglob', '/opt/workloadcluster/node-templates/*.ova') | sort }}"
loop_control:
index_var: index
- name: Deploy OVA templates on hypervisor
community.vmware.vmware_deploy_ovf:
cluster: "{{ vcenter_info.cluster }}"
datastore: "{{ vcenter_info.datastore }}"
folder: "{{ vcenter_info.folder }}"
name: "{{ (item | basename | split('.'))[:-1] | join('.') }}"
networks: "{u'{{ ova_spec.results[index].stdout | from_json | json_query('NetworkMapping[0].Name') }}':u'{{ vcenter_info.network }}'}"
allow_duplicates: no
power_on: false
ovf: "{{ item }}"
register: ova_deploy
when: existing_ova.results[index] is failed
loop: "{{ query('ansible.builtin.fileglob', '/opt/workloadcluster/node-templates/*.ova') | sort }}"
loop_control:
index_var: index
- name: Add vApp properties on deployed VM's
ansible.builtin.shell:
cmd: >-
npp-prepper \
--server "{{ vapp['hv.fqdn'] }}" \
--username "{{ vapp['hv.username'] }}" \
--password "{{ vapp['hv.password'] }}" \
vm \
--datacenter "{{ vcenter_info.datacenter }}" \
--portgroup "{{ vcenter_info.network }}" \
--name "{{ item.instance.hw_name }}"
when: existing_ova.results[index] is failed
loop: "{{ ova_deploy.results }}"
loop_control:
index_var: index
label: "{{ item.item }}"
- name: Create snapshot on deployed VM's
community.vmware.vmware_guest_snapshot:
folder: "{{ vcenter_info.folder }}"
name: "{{ item.instance.hw_name }}"
state: present
snapshot_name: "{{ ansible_date_time.iso8601_basic_short }}-base"
when: ova_deploy.results[index] is not skipped
loop: "{{ ova_deploy.results }}"
loop_control:
index_var: index
label: "{{ item.item }}"
- name: Mark deployed VM's as templates
community.vmware.vmware_guest:
name: "{{ item.instance.hw_name }}"
is_template: yes
when: ova_deploy.results[index] is not skipped
loop: "{{ ova_deploy.results }}"
loop_control:
index_var: index
label: "{{ item.item }}"
module_defaults:
group/vmware:
hostname: "{{ vapp['hv.fqdn'] }}"
validate_certs: no
username: "{{ vapp['hv.username'] }}"
password: "{{ vapp['hv.password'] }}"
datacenter: "{{ vcenter_info.datacenter }}"

View File

@ -0,0 +1,21 @@
- block:
- name: Lookup kubeadm container images
ansible.builtin.set_fact:
kubeadm_images: "{{ lookup('ansible.builtin.file', '/opt/metacluster/cluster-api/imagelist').splitlines() }}"
- name: Copy kubeadm container images to dedicated project
ansible.builtin.uri:
url: https://registry.{{ vapp['metacluster.fqdn'] }}/api/v2.0/projects/kubeadm/repositories/{{ ( item | regex_findall('([^:/]+)') )[-2] }}/artifacts?from=library/{{ item | replace('/', '%2F') | replace(':', '%3A') }}
method: POST
headers:
Authorization: "Basic {{ ('admin:' ~ vapp['metacluster.password']) | b64encode }}"
body:
from: "{{ item }}"
loop: "{{ kubeadm_images }}"
module_defaults:
ansible.builtin.uri:
validate_certs: no
status_code: [200, 201, 409]
body_format: json

View File

@ -64,7 +64,6 @@ components:
argo-cd: argo-cd:
helm: helm:
# version: 4.9.7 # (= ArgoCD v2.4.2)
version: 5.14.1 # (= ArgoCD v2.5.2) version: 5.14.1 # (= ArgoCD v2.5.2)
chart: argo/argo-cd chart: argo/argo-cd
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /' parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'

View File

@ -41,8 +41,8 @@ PropertyCategories:
- key: metacluster.vip - key: metacluster.vip
Type: ip Type: ip
Label: Meta-cluster virtual IP* Label: Meta-cluster virtual IP address*
Description: Meta-cluster control plane endpoint virtual IP Description: Meta-cluster control plane endpoint virtual IP address
DefaultValue: '' DefaultValue: ''
Configurations: '*' Configurations: '*'
UserConfigurable: true UserConfigurable: true
@ -127,15 +127,15 @@ PropertyCategories:
- Key: workloadcluster.vip - Key: workloadcluster.vip
Type: ip Type: ip
Label: Workload-cluster virtual IP* Label: Workload-cluster virtual IP address*
Description: Workload-cluster control plane endpoint virtual IP Description: Workload-cluster control plane endpoint virtual IP address
DefaultValue: '' DefaultValue: ''
Configurations: '*' Configurations: '*'
UserConfigurable: true UserConfigurable: true
- Key: ippool.startip - Key: ippool.startip
Type: ip Type: ip
Label: Workload-cluster IP-pool start IP* Label: Workload-cluster IP-pool start IP address*
Description: All nodes for the workload-cluster will be provisioned within this IP pool Description: All nodes for the workload-cluster will be provisioned within this IP pool
DefaultValue: '' DefaultValue: ''
Configurations: '*' Configurations: '*'
@ -143,7 +143,7 @@ PropertyCategories:
- Key: ippool.endip - Key: ippool.endip
Type: ip Type: ip
Label: Workload-cluster IP-pool end IP* Label: Workload-cluster IP-pool end IP address*
Description: All nodes for the workload-cluster will be provisioned within this IP pool Description: All nodes for the workload-cluster will be provisioned within this IP pool
DefaultValue: '' DefaultValue: ''
Configurations: '*' Configurations: '*'

View File

@ -22,8 +22,8 @@ PropertyCategories:
- key: metacluster.vip - key: metacluster.vip
Type: ip Type: ip
Label: Meta-cluster virtual IP* Label: Meta-cluster virtual IP address*
Description: Meta-cluster control plane endpoint virtual IP Description: Meta-cluster control plane endpoint virtual IP address
DefaultValue: '' DefaultValue: ''
Configurations: '*' Configurations: '*'
UserConfigurable: true UserConfigurable: true
@ -31,7 +31,7 @@ PropertyCategories:
- Key: metacluster.password - Key: metacluster.password
Type: password(7..) Type: password(7..)
Label: Meta-cluster administrator password* Label: Meta-cluster administrator password*
Description: 'Needed to authenticate with target meta-cluster' Description: Needed to authenticate with target meta-cluster
DefaultValue: '' DefaultValue: ''
Configurations: '*' Configurations: '*'
UserConfigurable: true UserConfigurable: true