djpbessems/Packer.Images
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Test ansible output regression workaround #2;Refactor vapp properties;Add kube-vip dependency;Refactor netplan;Download/Trust root CA
Some checks failed
continuous-integration/drone/push Build is failing
Details

Browse Source
This commit is contained in:
Danny Bessems
2023-01-21 16:12:11 +01:00
parent 43d83e8e31
commit d67bf86dab
13 changed files with 141 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ansible/roles/assets/tasks/main.yml
View File

@ -15,6 +15,7 @@
- /opt/metacluster/git-repositories/gitops
- /opt/metacluster/helm-charts
- /opt/metacluster/k3s
- /opt/metacluster/kube-vip
- /opt/workloadcluster/node-templates
- /var/lib/rancher/k3s/agent/images
- /var/lib/rancher/k3s/server/manifests

18
ansible/roles/assets/tasks/manifests.yml
View File

@ -11,7 +11,14 @@
- name: Write dict to vars_file
ansible.builtin.copy:
dest: /opt/firstboot/ansible/vars/metacluster.yml
content: "{{ { 'components': (chart_values | combine({ 'clusterapi': components.clusterapi })) } | to_nice_yaml(indent=2, width=4096) }}"
content: >-
{{
{ 'components': (
chart_values |
combine({ 'clusterapi': components.clusterapi }) |
combine({ 'kubevip' : components.kubevip }) )
} | to_nice_yaml(indent=2, width=4096)
}}
- name: Download ClusterAPI manifests
ansible.builtin.get_url:
@ -58,6 +65,15 @@
delay: 5
until: clusterapi_manifests is not failed
- name: Download kube-vip RBAC manifest
ansible.builtin.get_url:
url: https://kube-vip.io/manifests/rbac.yaml
dest: /opt/metacluster/kube-vip/rbac.yaml
register: clusterapi_manifest
retries: 5
delay: 5
until: kubevip_manifest is not failed
# - name: Inject manifests
# ansible.builtin.template:
# src: "{{ item.type }}.j2"

2
ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/k3s.yml
View File

@ -27,7 +27,7 @@
chdir: /opt/metacluster/k3s
environment:
INSTALL_K3S_SKIP_DOWNLOAD: 'true'
INSTALL_K3S_EXEC: "server --cluster-init --token {{ vapp['metacluster.token'] }} --disable local-storage --config /etc/rancher/k3s/config.yaml"
INSTALL_K3S_EXEC: "server --cluster-init --token {{ vapp['metacluster.token'] }} --tls-san {{ vapp['metacluster.vip'] }} --disable local-storage --config /etc/rancher/k3s/config.yaml"
when: ansible_facts.services['k3s.service'] is undefined
- name: Debug possible taints on k3s node

27
ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/kube-vip.yml Normal file
View File

@ -0,0 +1,27 @@
- name: Generate kube-vip manifest
ansible.builtin.command:
cmd: >-
ctr run --rm --net-host ghcr.io/kube-vip/kube-vip:{{ components.kubevip.version }} vip \
/kube-vip manifest daemonset \
--interface eth0 \
--address {{ vapp['metacluster.vip'] }} \
--inCluster \
--taint \
--controlplane \
--services \
--arp \
--leaderElection
register: kubevip_manifest
- name: Inject manifests
ansible.builtin.copy:
dest: /var/lib/rancher/k3s/server/manifests/kubevip-manifest.yaml
content: >-
{{ lookup('ansible.builtin.file', '/opt/metacluster/kube-vip/rbac.yaml') }}
---
{{ kubevip_manifest.stdout }}
notify:
- Apply manifests
- name: Trigger handlers
ansible.builtin.meta: flush_handlers

1
ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/main.yml
View File

@ -1,5 +1,6 @@
- import_tasks: init.yml
- import_tasks: k3s.yml
- import_tasks: kube-vip.yml
- import_tasks: assets.yml
- import_tasks: ingress.yml
- import_tasks: storage.yml

7
ansible/roles/firstboot/files/ansible_payload/common/roles/network/tasks/main.yml
View File

@ -6,6 +6,13 @@
ansible.builtin.template:
src: netplan.j2
dest: /etc/netplan/00-installer-config.yaml
vars:
_template:
macaddress: "{{ ansible_facts.ansible_facts.default_ipv4.macaddress }}"
ipaddress: "{{ vapp['guestinfo.ipaddress'] }}"
prefixlength: "{{ vapp['guestinfo.prefixlength'] }}"
gateway: "{{ vapp['guestinfo.gateway'] }}"
dnsserver: "{{ vapp['guestinfo.dnsserver'] }}"
- name: Apply netplan configuration
ansible.builtin.shell:

11
ansible/roles/firstboot/files/ansible_payload/common/roles/network/templates/netplan.j2
View File

@ -1,10 +1,13 @@
network:
version: 2
ethernets:
ens192:
id0:
set-name: eth0
match:
macaddress: {{ _template.macaddress }}
addresses:
- {{ vapp['guestinfo.ipaddress'] }}/{{ vapp['guestinfo.prefixlength'] }}
gateway4: {{ vapp['guestinfo.gateway'] }}
- {{ _template.ipaddress }}/{{ _template.prefixlength }}
gateway4: {{ _template.gateway }}
nameservers:
addresses:
- {{ vapp['guestinfo.dnsserver'] }}
- {{ _template.dnsserver }}

30
ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/init.yml Normal file
View File

@ -0,0 +1,30 @@
- name: Configure fallback name resolution
ansible.builtin.lineinfile:
path: /etc/hosts
line: "{{ vapp['metacluster.vip'] }} {{ item + '.' + vapp['metacluster.fqdn'] }}"
state: present
loop:
# TODO: Make this list dynamic
- ca
- git
- gitops
- ingress
- registry
- storage
- name: Retrieve root CA certificate
ansible.builtin.uri:
url: https://ca.{{ vapp['metacluster.fqdn'] }}/roots
validate_certs: no
method: GET
status_code: [200, 201]
register: rootca_certificate
- name: Store root CA certificate
ansible.builtin.copy:
dest: /usr/local/share/ca-certificates/root_ca.crt
content: "{{ rootca_certificate.json.crts | list | join('\n') }}"
- name: Update certificate truststore
ansible.builtin.command:
cmd: update-ca-certificates

2
ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/main.yml
View File

@ -1,4 +1,4 @@
# - import_tasks: init.yml
- import_tasks: init.yml
- import_tasks: k3s.yml
# - import_tasks: assets.yml
# - import_tasks: ingress.yml

2
ansible/roles/firstboot/templates/firstboot.j2
View File

@ -1,4 +1,4 @@
#!/bin/bash
# Apply firstboot configuration w/ ansible
/usr/local/bin/ansible-playbook /opt/firstboot/ansible/playbook.yml | tee -a /var/log/firstboot.log > /dev/tty1 2>&1
/usr/local/bin/ansible-playbook -e "PYTHONUNBUFFERED=1" /opt/firstboot/ansible/playbook.yml | tee -a /var/log/firstboot.log > /dev/tty1 2>&1