Remove component;Disable restart;Force overwrite of network protocol profile;Housekeeping

2023-01-03 11:09:51 +01:00 · 2023-01-03 11:09:51 +01:00 · dc4fa31070
commit dc4fa31070
parent d91acb9c0d
6 changed files with 18 additions and 83 deletions
--- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/main.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/main.yml
@ -5,6 +5,5 @@
 - import_tasks: storage.yml
 - import_tasks: certauthority.yml
 - import_tasks: registry.yml
- import_tasks: secrets.yml
 - import_tasks: git.yml
 - import_tasks: gitops.yml
--- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/registry.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/registry.yml
@ -64,19 +64,19 @@
          hv:
            fqdn: "{{ vapp['metacluster.fqdn'] }}"

-    - name: Restart kubelet (k3s) to pick up configured registries
-      ansible.builtin.systemd:
-        name: k3s
-        state: restarted
+    # - name: Restart kubelet (k3s) to pick up configured registries
+    #   ansible.builtin.systemd:
+    #     name: k3s
+    #     state: restarted

-    - name: Ensure k3s API availability
-      ansible.builtin.uri:
-        url: https://{{ vapp['guestinfo.ipaddress'] }}:6443/livez?verbose
-        method: GET
-      register: api_readycheck
-      until: api_readycheck.json.apiVersion is defined
-      retries: 5
-      delay: 30
+    # - name: Ensure k3s API availability
+    #   ansible.builtin.uri:
+    #     url: https://{{ vapp['guestinfo.ipaddress'] }}:6443/livez?verbose
+    #     method: GET
+    #   register: api_readycheck
+    #   until: api_readycheck.json.apiVersion is defined
+    #   retries: 5
+    #   delay: 30

  module_defaults:
    ansible.builtin.uri:
--- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/secrets.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/secrets.yml
@ -1,52 +0,0 @@
- name: Install sealed-secrets chart
-  kubernetes.core.helm:
-    name: sealed-secrets-controller
-    chart_ref: /opt/metacluster/helm-charts/sealed-secrets
-    release_namespace: kube-system
-    wait: yes
-    kubeconfig: "{{ kubeconfig.path }}"
-    # values: "{{ components.sealedsecrets.chart_values }}"
-
-# - name: Store hypervisor details in configmap/secret
-#   kubernetes.core.k8s:
-#     state: present
-#     template: "{{ item.kind }}.j2"
-#     kubeconfig: "{{ kubeconfig.path }}"
-#   vars:
-#     _template:
-#       name: "{{ item.name }}"
-#       namespace: "{{ item.namespace }}"
-#       annotations: "{{ item.annotations | default('{}') | indent(width=4, first=True) }}"
-#       labels: "{{ item.labels | default('{}') | indent(width=4, first=True) }}"
-#       data: "{{ item.data }}"
-#   loop:
-#     - name: hypervisor-credentials
-#       namespace: kube-system
-#       kind: secret
-#       data:
-#         - key: HV_FQDN
-#           value: "{{ vapp['hv.fqdn'] | b64encode }}"
-#         - key: HV_USERNAME
-#           value: "{{ vapp['hv.username'] | b64encode }}"
-#         - key: HV_PASSWORD
-#           value: "{{ vapp['hv.password'] | b64encode }}"
-#     - name: hypervisor-ippool
-#       namespace: kube-system
-#       kind: configmap
-#       data:
-#         - key: VAPP_MOREF
-#           value: "{{ moref_id }}"
-#         - key: VAPP_IPPOOL_FQDN
-#           value: "{{ vapp['metacluster.fqdn'] }}"
-#         - key: VAPP_IPPOOL_NETWORK
-#           value: "{{ (vapp['guestinfo.ipaddress'] + '/' + vapp['guestinfo.prefixlength']) | ansible.utils.ipaddr('network') }}"
-#         - key: VAPP_IPPOOL_NETMASK
-#           value: "{{ (vapp['guestinfo.ipaddress'] + '/' + vapp['guestinfo.prefixlength']) | ansible.utils.ipaddr('netmask') }}"
-#         - key: VAPP_IPPOOL_DNSSERVER
-#           value: "{{ vapp['guestinfo.dnsserver'] }}"
-#         - key: VAPP_IPPOOL_GATEWAY
-#           value: "{{ vapp['guestinfo.gateway'] }}"
-#         - key: VAPP_IPPOOL_RANGE
-#           value: "{{ vapp['ippool.startip'] + '#' + (vapp['ippool.startip'] | netaddr_iter_iprange(vapp['ippool.endip']) | length | string) }}"
-#   loop_control:
-#     label: "{{ item.kind + '/' + item.name + ' (' + item.namespace + ')' }}"
--- a/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/hypervisor.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/hypervisor.yml
@ -71,4 +71,5 @@
        --netmask {{ (vapp['guestinfo.ipaddress'] + '/' + vapp['guestinfo.prefixlength']) | ansible.utils.ipaddr('netmask') }} \
        {{ vapp['guestinfo.dnsserver'] | split(',') | map('trim') | map('regex_replace', '^', '--dnsserver ') | join(' ') }} \
        --dnsdomain {{ vapp['metacluster.fqdn'] }} \
-        --gateway {{ vapp['guestinfo.gateway'] }}
+        --gateway {{ vapp['guestinfo.gateway'] }} \
+        --force
--- a/ansible/vars/metacluster.yml
+++ b/ansible/vars/metacluster.yml
@ -44,8 +44,6 @@ platform:
      url: https://charts.jetstack.io
    - name: longhorn
      url: https://charts.longhorn.io
-    - name: sealed-secrets
-      url: https://bitnami-labs.github.io/sealed-secrets
    - name: smallstep
      url: https://smallstep.github.io/helm-charts/

@ -164,13 +162,6 @@ components:
        persistence:
          defaultClassReplicaCount: 1

-  sealed-secrets:
-    helm:
-      # Must match the version referenced within `https://code.spamasaurus.com/djpbessems/GitOps.MetaCluster.git`
-      version: 2.7.1  # (= SealedSecrets v0.19.2)
-      chart: sealed-secrets/sealed-secrets
-      parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
-
  step-certificates:
    helm:
      version: 1.18.2+20220324
@ -209,7 +200,6 @@ dependencies:
    - kubernetes.core

  container_images:
-    # - vmware/powerclicore:12.7
    # The following list is generated by running the following commands:
    #   $ clusterctl init -i vsphere:<version> [...]
    #   $ clusterctl generate cluster <name> [...] | yq eval '.data.data' | yq --no-doc eval '.. | .image? | select(.)' | sort -u
@ -231,9 +221,8 @@ dependencies:
      url: https://get.helm.sh/helm-v3.10.2-linux-amd64.tar.gz
      archive: compressed
      extra_opts: --strip-components=1
-    - filename: kubeseal
-      url: https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.19.2/kubeseal-0.19.2-linux-amd64.tar.gz
-      archive: compressed
+    - filename: npp-prepper
+      url: https://code.spamasaurus.com/api/packages/djpbessems/generic/npp-prepper/v0.4.5/npp-prepper
    - filename: skopeo
      url: https://code.spamasaurus.com/api/packages/djpbessems/generic/skopeo/v1.11.0-dev/skopeo
    - filename: step
@ -242,8 +231,6 @@ dependencies:
      extra_opts: --strip-components=2
    - filename: yq
      url: http://github.com/mikefarah/yq/releases/download/v4.30.5/yq_linux_amd64
-    - filename: npp-prepper
-      url: https://code.spamasaurus.com/api/packages/djpbessems/generic/npp-prepper/v0.4.5/npp-prepper

  packages:
    apt:
--- a/scripts/Update-OvfConfiguration.yml
+++ b/scripts/Update-OvfConfiguration.yml
@ -41,8 +41,8 @@ PropertyCategories:

  - Key: metacluster.password
    Type: password(7..)
-    Label: Local root password*
-    Description: ''
+    Label: Appliance password*
+    Description: 'Initial password for respective administrator accounts within each component'
    DefaultValue: ''
    Configurations: '*'
    UserConfigurable: true