Remove component;Disable restart;Force overwrite of network protocol profile;Housekeeping

2023-01-03 11:09:51 +01:00
parent d91acb9c0d
commit dc4fa31070
6 changed files with 18 additions and 83 deletions
--- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/main.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/main.yml
@ -5,6 +5,5 @@
 - import_tasks: storage.yml
 - import_tasks: certauthority.yml
 - import_tasks: registry.yml
- import_tasks: secrets.yml
 - import_tasks: git.yml
 - import_tasks: gitops.yml
--- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/registry.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/registry.yml
@ -64,19 +64,19 @@
          hv:
            fqdn: "{{ vapp['metacluster.fqdn'] }}"

-    - name: Restart kubelet (k3s) to pick up configured registries
-      ansible.builtin.systemd:
-        name: k3s
-        state: restarted
+    # - name: Restart kubelet (k3s) to pick up configured registries
+    #   ansible.builtin.systemd:
+    #     name: k3s
+    #     state: restarted

-    - name: Ensure k3s API availability
-      ansible.builtin.uri:
-        url: https://{{ vapp['guestinfo.ipaddress'] }}:6443/livez?verbose
-        method: GET
-      register: api_readycheck
-      until: api_readycheck.json.apiVersion is defined
-      retries: 5
-      delay: 30
+    # - name: Ensure k3s API availability
+    #   ansible.builtin.uri:
+    #     url: https://{{ vapp['guestinfo.ipaddress'] }}:6443/livez?verbose
+    #     method: GET
+    #   register: api_readycheck
+    #   until: api_readycheck.json.apiVersion is defined
+    #   retries: 5
+    #   delay: 30

  module_defaults:
    ansible.builtin.uri:
--- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/secrets.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/secrets.yml
@ -1,52 +0,0 @@
- name: Install sealed-secrets chart
-  kubernetes.core.helm:
-    name: sealed-secrets-controller
-    chart_ref: /opt/metacluster/helm-charts/sealed-secrets
-    release_namespace: kube-system
-    wait: yes
-    kubeconfig: "{{ kubeconfig.path }}"
-    # values: "{{ components.sealedsecrets.chart_values }}"
-
-# - name: Store hypervisor details in configmap/secret
-#   kubernetes.core.k8s:
-#     state: present
-#     template: "{{ item.kind }}.j2"
-#     kubeconfig: "{{ kubeconfig.path }}"
-#   vars:
-#     _template:
-#       name: "{{ item.name }}"
-#       namespace: "{{ item.namespace }}"
-#       annotations: "{{ item.annotations | default('{}') | indent(width=4, first=True) }}"
-#       labels: "{{ item.labels | default('{}') | indent(width=4, first=True) }}"
-#       data: "{{ item.data }}"
-#   loop:
-#     - name: hypervisor-credentials
-#       namespace: kube-system
-#       kind: secret
-#       data:
-#         - key: HV_FQDN
-#           value: "{{ vapp['hv.fqdn'] | b64encode }}"
-#         - key: HV_USERNAME
-#           value: "{{ vapp['hv.username'] | b64encode }}"
-#         - key: HV_PASSWORD
-#           value: "{{ vapp['hv.password'] | b64encode }}"
-#     - name: hypervisor-ippool
-#       namespace: kube-system
-#       kind: configmap
-#       data:
-#         - key: VAPP_MOREF
-#           value: "{{ moref_id }}"
-#         - key: VAPP_IPPOOL_FQDN
-#           value: "{{ vapp['metacluster.fqdn'] }}"
-#         - key: VAPP_IPPOOL_NETWORK
-#           value: "{{ (vapp['guestinfo.ipaddress'] + '/' + vapp['guestinfo.prefixlength']) | ansible.utils.ipaddr('network') }}"
-#         - key: VAPP_IPPOOL_NETMASK
-#           value: "{{ (vapp['guestinfo.ipaddress'] + '/' + vapp['guestinfo.prefixlength']) | ansible.utils.ipaddr('netmask') }}"
-#         - key: VAPP_IPPOOL_DNSSERVER
-#           value: "{{ vapp['guestinfo.dnsserver'] }}"
-#         - key: VAPP_IPPOOL_GATEWAY
-#           value: "{{ vapp['guestinfo.gateway'] }}"
-#         - key: VAPP_IPPOOL_RANGE
-#           value: "{{ vapp['ippool.startip'] + '#' + (vapp['ippool.startip'] | netaddr_iter_iprange(vapp['ippool.endip']) | length | string) }}"
-#   loop_control:
-#     label: "{{ item.kind + '/' + item.name + ' (' + item.namespace + ')' }}"
--- a/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/hypervisor.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/hypervisor.yml
@ -71,4 +71,5 @@
        --netmask {{ (vapp['guestinfo.ipaddress'] + '/' + vapp['guestinfo.prefixlength']) | ansible.utils.ipaddr('netmask') }} \
        {{ vapp['guestinfo.dnsserver'] | split(',') | map('trim') | map('regex_replace', '^', '--dnsserver ') | join(' ') }} \
        --dnsdomain {{ vapp['metacluster.fqdn'] }} \
-        --gateway {{ vapp['guestinfo.gateway'] }}
+        --gateway {{ vapp['guestinfo.gateway'] }} \
+        --force