From dc4fa31070da04d2fbf43d3ba735a791db225026 Mon Sep 17 00:00:00 2001 From: Danny Bessems Date: Tue, 3 Jan 2023 11:09:51 +0100 Subject: [PATCH] Remove component;Disable restart;Force overwrite of network protocol profile;Housekeeping --- .../roles/metacluster/tasks/main.yml | 1 - .../roles/metacluster/tasks/registry.yml | 24 ++++----- .../roles/metacluster/tasks/secrets.yml | 52 ------------------- .../workloadcluster/tasks/hypervisor.yml | 3 +- ansible/vars/metacluster.yml | 17 +----- scripts/Update-OvfConfiguration.yml | 4 +- 6 files changed, 18 insertions(+), 83 deletions(-) delete mode 100644 ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/secrets.yml diff --git a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/main.yml b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/main.yml index 40fe115..5928850 100644 --- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/main.yml +++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/main.yml @@ -5,6 +5,5 @@ - import_tasks: storage.yml - import_tasks: certauthority.yml - import_tasks: registry.yml -- import_tasks: secrets.yml - import_tasks: git.yml - import_tasks: gitops.yml diff --git a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/registry.yml b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/registry.yml index eece196..806dd75 100644 --- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/registry.yml +++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/registry.yml @@ -64,19 +64,19 @@ hv: fqdn: "{{ vapp['metacluster.fqdn'] }}" - - name: Restart kubelet (k3s) to pick up configured registries - ansible.builtin.systemd: - name: k3s - state: restarted + # - name: Restart kubelet (k3s) to pick up configured registries + # ansible.builtin.systemd: + # name: k3s + # state: restarted - - name: Ensure k3s API availability - ansible.builtin.uri: - url: https://{{ vapp['guestinfo.ipaddress'] }}:6443/livez?verbose - method: GET - register: api_readycheck - until: api_readycheck.json.apiVersion is defined - retries: 5 - delay: 30 + # - name: Ensure k3s API availability + # ansible.builtin.uri: + # url: https://{{ vapp['guestinfo.ipaddress'] }}:6443/livez?verbose + # method: GET + # register: api_readycheck + # until: api_readycheck.json.apiVersion is defined + # retries: 5 + # delay: 30 module_defaults: ansible.builtin.uri: diff --git a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/secrets.yml b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/secrets.yml deleted file mode 100644 index 9fcc875..0000000 --- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/secrets.yml +++ /dev/null @@ -1,52 +0,0 @@ -- name: Install sealed-secrets chart - kubernetes.core.helm: - name: sealed-secrets-controller - chart_ref: /opt/metacluster/helm-charts/sealed-secrets - release_namespace: kube-system - wait: yes - kubeconfig: "{{ kubeconfig.path }}" - # values: "{{ components.sealedsecrets.chart_values }}" - -# - name: Store hypervisor details in configmap/secret -# kubernetes.core.k8s: -# state: present -# template: "{{ item.kind }}.j2" -# kubeconfig: "{{ kubeconfig.path }}" -# vars: -# _template: -# name: "{{ item.name }}" -# namespace: "{{ item.namespace }}" -# annotations: "{{ item.annotations | default('{}') | indent(width=4, first=True) }}" -# labels: "{{ item.labels | default('{}') | indent(width=4, first=True) }}" -# data: "{{ item.data }}" -# loop: -# - name: hypervisor-credentials -# namespace: kube-system -# kind: secret -# data: -# - key: HV_FQDN -# value: "{{ vapp['hv.fqdn'] | b64encode }}" -# - key: HV_USERNAME -# value: "{{ vapp['hv.username'] | b64encode }}" -# - key: HV_PASSWORD -# value: "{{ vapp['hv.password'] | b64encode }}" -# - name: hypervisor-ippool -# namespace: kube-system -# kind: configmap -# data: -# - key: VAPP_MOREF -# value: "{{ moref_id }}" -# - key: VAPP_IPPOOL_FQDN -# value: "{{ vapp['metacluster.fqdn'] }}" -# - key: VAPP_IPPOOL_NETWORK -# value: "{{ (vapp['guestinfo.ipaddress'] + '/' + vapp['guestinfo.prefixlength']) | ansible.utils.ipaddr('network') }}" -# - key: VAPP_IPPOOL_NETMASK -# value: "{{ (vapp['guestinfo.ipaddress'] + '/' + vapp['guestinfo.prefixlength']) | ansible.utils.ipaddr('netmask') }}" -# - key: VAPP_IPPOOL_DNSSERVER -# value: "{{ vapp['guestinfo.dnsserver'] }}" -# - key: VAPP_IPPOOL_GATEWAY -# value: "{{ vapp['guestinfo.gateway'] }}" -# - key: VAPP_IPPOOL_RANGE -# value: "{{ vapp['ippool.startip'] + '#' + (vapp['ippool.startip'] | netaddr_iter_iprange(vapp['ippool.endip']) | length | string) }}" -# loop_control: -# label: "{{ item.kind + '/' + item.name + ' (' + item.namespace + ')' }}" diff --git a/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/hypervisor.yml b/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/hypervisor.yml index 1fbe035..41eaa67 100644 --- a/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/hypervisor.yml +++ b/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/hypervisor.yml @@ -71,4 +71,5 @@ --netmask {{ (vapp['guestinfo.ipaddress'] + '/' + vapp['guestinfo.prefixlength']) | ansible.utils.ipaddr('netmask') }} \ {{ vapp['guestinfo.dnsserver'] | split(',') | map('trim') | map('regex_replace', '^', '--dnsserver ') | join(' ') }} \ --dnsdomain {{ vapp['metacluster.fqdn'] }} \ - --gateway {{ vapp['guestinfo.gateway'] }} + --gateway {{ vapp['guestinfo.gateway'] }} \ + --force diff --git a/ansible/vars/metacluster.yml b/ansible/vars/metacluster.yml index c2315d0..2ed2cb6 100644 --- a/ansible/vars/metacluster.yml +++ b/ansible/vars/metacluster.yml @@ -44,8 +44,6 @@ platform: url: https://charts.jetstack.io - name: longhorn url: https://charts.longhorn.io - - name: sealed-secrets - url: https://bitnami-labs.github.io/sealed-secrets - name: smallstep url: https://smallstep.github.io/helm-charts/ @@ -164,13 +162,6 @@ components: persistence: defaultClassReplicaCount: 1 - sealed-secrets: - helm: - # Must match the version referenced within `https://code.spamasaurus.com/djpbessems/GitOps.MetaCluster.git` - version: 2.7.1 # (= SealedSecrets v0.19.2) - chart: sealed-secrets/sealed-secrets - parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /' - step-certificates: helm: version: 1.18.2+20220324 @@ -209,7 +200,6 @@ dependencies: - kubernetes.core container_images: - # - vmware/powerclicore:12.7 # The following list is generated by running the following commands: # $ clusterctl init -i vsphere: [...] # $ clusterctl generate cluster [...] | yq eval '.data.data' | yq --no-doc eval '.. | .image? | select(.)' | sort -u @@ -231,9 +221,8 @@ dependencies: url: https://get.helm.sh/helm-v3.10.2-linux-amd64.tar.gz archive: compressed extra_opts: --strip-components=1 - - filename: kubeseal - url: https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.19.2/kubeseal-0.19.2-linux-amd64.tar.gz - archive: compressed + - filename: npp-prepper + url: https://code.spamasaurus.com/api/packages/djpbessems/generic/npp-prepper/v0.4.5/npp-prepper - filename: skopeo url: https://code.spamasaurus.com/api/packages/djpbessems/generic/skopeo/v1.11.0-dev/skopeo - filename: step @@ -242,8 +231,6 @@ dependencies: extra_opts: --strip-components=2 - filename: yq url: http://github.com/mikefarah/yq/releases/download/v4.30.5/yq_linux_amd64 - - filename: npp-prepper - url: https://code.spamasaurus.com/api/packages/djpbessems/generic/npp-prepper/v0.4.5/npp-prepper packages: apt: diff --git a/scripts/Update-OvfConfiguration.yml b/scripts/Update-OvfConfiguration.yml index a097a47..261633f 100644 --- a/scripts/Update-OvfConfiguration.yml +++ b/scripts/Update-OvfConfiguration.yml @@ -41,8 +41,8 @@ PropertyCategories: - Key: metacluster.password Type: password(7..) - Label: Local root password* - Description: '' + Label: Appliance password* + Description: 'Initial password for respective administrator accounts within each component' DefaultValue: '' Configurations: '*' UserConfigurable: true