Remove component;Disable restart;Force overwrite of network protocol profile;Housekeeping

ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/main.yml

@@ -5,6 +5,5 @@
 - import_tasks: storage.yml
 - import_tasks: certauthority.yml
 - import_tasks: registry.yml
-- import_tasks: secrets.yml
 - import_tasks: git.yml
 - import_tasks: gitops.yml

ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/registry.yml

@@ -64,19 +64,19 @@
           hv:
             fqdn: "{{ vapp['metacluster.fqdn'] }}"
 
-    - name: Restart kubelet (k3s) to pick up configured registries
+    # - name: Restart kubelet (k3s) to pick up configured registries
-      ansible.builtin.systemd:
+    #   ansible.builtin.systemd:
-        name: k3s
+    #     name: k3s
-        state: restarted
+    #     state: restarted
 
-    - name: Ensure k3s API availability
+    # - name: Ensure k3s API availability
-      ansible.builtin.uri:
+    #   ansible.builtin.uri:
-        url: https://{{ vapp['guestinfo.ipaddress'] }}:6443/livez?verbose
+    #     url: https://{{ vapp['guestinfo.ipaddress'] }}:6443/livez?verbose
-        method: GET
+    #     method: GET
-      register: api_readycheck
+    #   register: api_readycheck
-      until: api_readycheck.json.apiVersion is defined
+    #   until: api_readycheck.json.apiVersion is defined
-      retries: 5
+    #   retries: 5
-      delay: 30
+    #   delay: 30
 
   module_defaults:
     ansible.builtin.uri:

ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/secrets.yml

@@ -1,52 +0,0 @@
-- name: Install sealed-secrets chart
-  kubernetes.core.helm:
-    name: sealed-secrets-controller
-    chart_ref: /opt/metacluster/helm-charts/sealed-secrets
-    release_namespace: kube-system
-    wait: yes
-    kubeconfig: "{{ kubeconfig.path }}"
-    # values: "{{ components.sealedsecrets.chart_values }}"
-
-# - name: Store hypervisor details in configmap/secret
-#   kubernetes.core.k8s:
-#     state: present
-#     template: "{{ item.kind }}.j2"
-#     kubeconfig: "{{ kubeconfig.path }}"
-#   vars:
-#     _template:
-#       name: "{{ item.name }}"
-#       namespace: "{{ item.namespace }}"
-#       annotations: "{{ item.annotations | default('{}') | indent(width=4, first=True) }}"
-#       labels: "{{ item.labels | default('{}') | indent(width=4, first=True) }}"
-#       data: "{{ item.data }}"
-#   loop:
-#     - name: hypervisor-credentials
-#       namespace: kube-system
-#       kind: secret
-#       data:
-#         - key: HV_FQDN
-#           value: "{{ vapp['hv.fqdn'] | b64encode }}"
-#         - key: HV_USERNAME
-#           value: "{{ vapp['hv.username'] | b64encode }}"
-#         - key: HV_PASSWORD
-#           value: "{{ vapp['hv.password'] | b64encode }}"
-#     - name: hypervisor-ippool
-#       namespace: kube-system
-#       kind: configmap
-#       data:
-#         - key: VAPP_MOREF
-#           value: "{{ moref_id }}"
-#         - key: VAPP_IPPOOL_FQDN
-#           value: "{{ vapp['metacluster.fqdn'] }}"
-#         - key: VAPP_IPPOOL_NETWORK
-#           value: "{{ (vapp['guestinfo.ipaddress'] + '/' + vapp['guestinfo.prefixlength']) | ansible.utils.ipaddr('network') }}"
-#         - key: VAPP_IPPOOL_NETMASK
-#           value: "{{ (vapp['guestinfo.ipaddress'] + '/' + vapp['guestinfo.prefixlength']) | ansible.utils.ipaddr('netmask') }}"
-#         - key: VAPP_IPPOOL_DNSSERVER
-#           value: "{{ vapp['guestinfo.dnsserver'] }}"
-#         - key: VAPP_IPPOOL_GATEWAY
-#           value: "{{ vapp['guestinfo.gateway'] }}"
-#         - key: VAPP_IPPOOL_RANGE
-#           value: "{{ vapp['ippool.startip'] + '#' + (vapp['ippool.startip'] | netaddr_iter_iprange(vapp['ippool.endip']) | length | string) }}"
-#   loop_control:
-#     label: "{{ item.kind + '/' + item.name + ' (' + item.namespace + ')' }}"

ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/hypervisor.yml

@@ -71,4 +71,5 @@
         --netmask {{ (vapp['guestinfo.ipaddress'] + '/' + vapp['guestinfo.prefixlength']) | ansible.utils.ipaddr('netmask') }} \
         {{ vapp['guestinfo.dnsserver'] | split(',') | map('trim') | map('regex_replace', '^', '--dnsserver ') | join(' ') }} \
         --dnsdomain {{ vapp['metacluster.fqdn'] }} \
-        --gateway {{ vapp['guestinfo.gateway'] }}
+        --gateway {{ vapp['guestinfo.gateway'] }} \
+        --force

ansible/vars/metacluster.yml

@@ -44,8 +44,6 @@ platform:
       url: https://charts.jetstack.io
     - name: longhorn
       url: https://charts.longhorn.io
-    - name: sealed-secrets
-      url: https://bitnami-labs.github.io/sealed-secrets
     - name: smallstep
       url: https://smallstep.github.io/helm-charts/
 
@@ -164,13 +162,6 @@ components:
         persistence:
           defaultClassReplicaCount: 1
 
-  sealed-secrets:
-    helm:
-      # Must match the version referenced within `https://code.spamasaurus.com/djpbessems/GitOps.MetaCluster.git`
-      version: 2.7.1  # (= SealedSecrets v0.19.2)
-      chart: sealed-secrets/sealed-secrets
-      parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
-
   step-certificates:
     helm:
       version: 1.18.2+20220324
@@ -209,7 +200,6 @@ dependencies:
     - kubernetes.core
 
   container_images:
-    # - vmware/powerclicore:12.7
     # The following list is generated by running the following commands:
     #   $ clusterctl init -i vsphere:<version> [...]
     #   $ clusterctl generate cluster <name> [...] | yq eval '.data.data' | yq --no-doc eval '.. | .image? | select(.)' | sort -u
@@ -231,9 +221,8 @@ dependencies:
       url: https://get.helm.sh/helm-v3.10.2-linux-amd64.tar.gz
       archive: compressed
       extra_opts: --strip-components=1
-    - filename: kubeseal
+    - filename: npp-prepper
-      url: https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.19.2/kubeseal-0.19.2-linux-amd64.tar.gz
+      url: https://code.spamasaurus.com/api/packages/djpbessems/generic/npp-prepper/v0.4.5/npp-prepper
-      archive: compressed
     - filename: skopeo
       url: https://code.spamasaurus.com/api/packages/djpbessems/generic/skopeo/v1.11.0-dev/skopeo
     - filename: step
@@ -242,8 +231,6 @@ dependencies:
       extra_opts: --strip-components=2
     - filename: yq
       url: http://github.com/mikefarah/yq/releases/download/v4.30.5/yq_linux_amd64
-    - filename: npp-prepper
-      url: https://code.spamasaurus.com/api/packages/djpbessems/generic/npp-prepper/v0.4.5/npp-prepper
 
   packages:
     apt:

scripts/Update-OvfConfiguration.yml

@@ -41,8 +41,8 @@ PropertyCategories:
 
   - Key: metacluster.password
     Type: password(7..)
-    Label: Local root password*
+    Label: Appliance password*
-    Description: ''
+    Description: 'Initial password for respective administrator accounts within each component'
     DefaultValue: ''
     Configurations: '*'
     UserConfigurable: true