diff --git a/ansible/roles/assets/tasks/containerimages.yml b/ansible/roles/assets/tasks/containerimages.yml index 74ef9ed..504f49f 100644 --- a/ansible/roles/assets/tasks/containerimages.yml +++ b/ansible/roles/assets/tasks/containerimages.yml @@ -14,22 +14,31 @@ loop_control: label: "{{ item.dest | basename }}" -- name: Parse helm charts for container images +- name: Parse metacluster helm charts for container images ansible.builtin.shell: cmd: "{{ item.value.helm.parse_logic }}" chdir: /opt/metacluster/helm-charts/{{ item.key }} - register: chartimages + register: chartimages_metacluster when: item.value.helm is defined loop: "{{ lookup('ansible.builtin.dict', components) }}" loop_control: label: "{{ item.key }}" +- name: Parse workloadcluster helm charts for container images + ansible.builtin.shell: + cmd: "{{ item.value.parse_logic }}" + chdir: /opt/workloadcluster/helm-charts/{{ item.key }} + register: chartimages_workloadcluster + loop: "{{ lookup('ansible.builtin.dict', downstream.helm_charts) }}" + loop_control: + label: "{{ item.key }}" + - name: Store container images in dicts ansible.builtin.set_fact: containerimages_{{ item.source }}: "{{ item.results }}" loop: - source: charts - results: "{{ chartimages | json_query('results[*].stdout_lines') | select() | flatten | list }}" + results: "{{ (chartimages_metacluster | json_query('results[*].stdout_lines')) + (chartimages_workloadcluster | json_query('results[*].stdout_lines')) | select() | flatten | list }}" - source: kubeadm results: "{{ kubeadmimages.stdout_lines }}" - source: manifests diff --git a/ansible/roles/assets/tasks/helm.yml b/ansible/roles/assets/tasks/helm.yml index f03d073..e511453 100644 --- a/ansible/roles/assets/tasks/helm.yml +++ b/ansible/roles/assets/tasks/helm.yml @@ -3,17 +3,29 @@ name: "{{ item.name }}" repo_url: "{{ item.url }}" state: present - loop: "{{ platform.helm_repositories }}" + loop: "{{ platform.helm_repositories + downstream.helm_repositories }}" -- name: Fetch helm charts +- name: Fetch helm charts for metacluster ansible.builtin.command: cmd: helm fetch {{ item.value.helm.chart }} --untar --version {{ item.value.helm.version }} chdir: /opt/metacluster/helm-charts when: item.value.helm is defined - register: helmcharts + register: helmcharts_metacluster loop: "{{ lookup('ansible.builtin.dict', components) }}" loop_control: label: "{{ item.key }}" retries: 5 delay: 5 - until: helmcharts is not failed + until: helmcharts_metacluster is not failed + +- name: Fetch helm charts for workloadcluster + ansible.builtin.command: + cmd: helm fetch {{ item.value.chart }} --untar --version {{ item.value.version }} + chdir: /opt/workloadcluster/helm-charts + register: helmcharts_workloadcluster + loop: "{{ lookup('ansible.builtin.dict', downstream.helm_charts) }}" + loop_control: + label: "{{ item.key }}" + retries: 5 + delay: 5 + until: helmcharts_workloadcluster is not failed diff --git a/ansible/roles/assets/tasks/main.yml b/ansible/roles/assets/tasks/main.yml index 13d7529..23ba858 100644 --- a/ansible/roles/assets/tasks/main.yml +++ b/ansible/roles/assets/tasks/main.yml @@ -16,7 +16,9 @@ - /opt/metacluster/helm-charts - /opt/metacluster/k3s - /opt/metacluster/kube-vip - - /opt/metacluster/node-templates + - /opt/workloadcluster/git-repositories/gitops + - /opt/workloadcluster/helm-charts + - /opt/workloadcluster/node-templates - /var/lib/rancher/k3s/agent/images - /var/lib/rancher/k3s/server/manifests diff --git a/ansible/roles/assets/tasks/nodetemplates.yml b/ansible/roles/assets/tasks/nodetemplates.yml index 52104f2..eb7b93c 100644 --- a/ansible/roles/assets/tasks/nodetemplates.yml +++ b/ansible/roles/assets/tasks/nodetemplates.yml @@ -1,4 +1,4 @@ - name: Download node-template image ansible.builtin.uri: url: "{{ components.clusterapi.workload.node_template.url }}" - dest: /opt/metacluster/node-templates/{{ components.clusterapi.workload.node_template.url | basename}} + dest: /opt/workloadcluster/node-templates/{{ components.clusterapi.workload.node_template.url | basename}} diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/git.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/git.yml index 10fab3b..669d040 100644 --- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/git.yml +++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/git.yml @@ -110,12 +110,12 @@ - organization: mc body: name: GitOps.Config - auto_init: true - default_branch: main + # auto_init: true + # default_branch: main description: GitOps manifests - organization: wl body: - name: Template.GitOps.Config + name: GitOps.Config # auto_init: true # default_branch: main description: GitOps manifests diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/gitops.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/gitops.yml index 1112f4f..7355580 100644 --- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/gitops.yml +++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/gitops.yml @@ -1,3 +1,24 @@ +- name: Create hard-links to populate new git-repository + ansible.builtin.shell: + cmd: >- + cp -lr /opt/metacluster/helm-charts/{{ item.key }}/ /opt/workloadcluster/git-repositories/gitops/ + loop: "{{ lookup('ansible.builtin.dict', downstream.helm_charts) }}" + loop_control: + label: "{{ item.key }}" + +- name: Initialize/Push git repository + ansible.builtin.shell: + cmd: | + git init + git config --global user.email "administrator@{{ vapp['metacluster.fqdn'] }}" + git config --global user.name "administrator" + git checkout -b main + git add . + git commit -m "Upload charts" + git remote add origin https://git.{{ vapp['metacluster.fqdn'] }}/wl/GitOps.Config.git + git push https://administrator:{{ vapp['metacluster.password'] | urlencode }}@git.{{ vapp['metacluster.fqdn'] }}/wl/GitOps.Config.git --all + chdir: /opt/workloadcluster/git-repositories/gitops + - block: - name: Generate service account in workload cluster diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/nodetemplates.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/nodetemplates.yml index e867b67..c002cb5 100644 --- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/nodetemplates.yml +++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/nodetemplates.yml @@ -62,7 +62,7 @@ when: existing_ova is failed vars: - filename: "{{ query('ansible.builtin.fileglob', '/opt/metacluster/node-templates/*.ova') | first }}" + filename: "{{ query('ansible.builtin.fileglob', '/opt/workloadcluster/node-templates/*.ova') | first }}" module_defaults: group/vmware: hostname: "{{ vapp['hv.fqdn'] }}" diff --git a/ansible/vars/workloadcluster.yml b/ansible/vars/workloadcluster.yml index ae82752..a64dcea 100644 --- a/ansible/vars/workloadcluster.yml +++ b/ansible/vars/workloadcluster.yml @@ -3,6 +3,8 @@ downstream: helm_repositories: - name: longhorn url: https://charts.longhorn.io + - name: sealed-secrets + url: https://bitnami-labs.github.io/sealed-secrets helm_charts: @@ -13,3 +15,10 @@ downstream: chart_values: !unsafe | defaultSettings: defaultDataPath: /mnt/blockstorage + + sealedsecrets: + version: 2.8.1 # (= Sealed Secrets v0.20.2) + chart: sealed-secrets/sealed-secrets + parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /' + chart_values: !unsafe | + # Empty