From dd802e06208947c45ebf6ae4d908cb6a218127ca Mon Sep 17 00:00:00 2001
From: djpbessems <danny@bessems.eu>
Date: Tue, 24 Jan 2023 16:41:18 +0100
Subject: [PATCH] Remove debugging;Sanitize hypervisor username;Traefik /data
 volume permission fix #2;Specify kubeconfig x3

---
 .../workloadcluster/tasks/clusterapi.yml      | 26 ++++++++++++++++++-
 .../roles/metacluster/tasks/storage.yml       |  5 ++--
 ansible/vars/metacluster.yml                  | 15 ++++++-----
 packer/build.pkr.hcl                          |  8 ------
 4 files changed, 36 insertions(+), 18 deletions(-)

diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml
index b612f1f..a653df1 100644
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml
@@ -1,3 +1,27 @@
+- block:
+
+    - name: Generate vCenter API token
+      ansible.builtin.uri:
+        url: https://{{ vapp['hv.fqdn'] }}/api/session
+        method: POST
+        headers:
+          Authorization: Basic {{ ( vapp['hv.username'] ~ ':' ~ vapp['hv.password'] ) | b64encode }}
+      register: vcenterapi_token
+
+    - name: Retrieve vCenter API session details
+      ansible.builtin.uri:
+        url: https://{{ vapp['hv.fqdn'] }}/api/session
+        method: GET
+        headers:
+          vmware-api-session-id: "{{ vcenter_api_token.json }}"
+      register: vcenter_session
+
+  module_defaults:
+    ansible.builtin.uri:
+      validate_certs: no
+      status_code: [200, 201]
+      body_format: json
+
 - name: Configure clusterctl
   ansible.builtin.template:
     src: clusterctl.j2
@@ -12,7 +36,7 @@
       hv:
         fqdn: "{{ vapp['hv.fqdn'] }}"
         tlsthumbprint: "{{ tls_thumbprint.stdout }}"
-        username: "{{ vapp['hv.username'] }}"
+        username: "{{ vcenter_session.json.user }}"
         password: "{{ vapp['hv.password'] }}"
         datacenter: "{{ vcenter_info.datacenter }}"
         datastore: "{{ vcenter_info.datastore }}"
diff --git a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/storage.yml b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/storage.yml
index d97d34c..cb76a0e 100644
--- a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/storage.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/storage.yml
@@ -7,7 +7,8 @@
     state: patched
     definition: |
       spec:
-        numberOfReplicas: {{ lookup('kubernetes.core.k8s', kind='node') | length | int }}
-  loop: "{{ lookup('kubernetes.core.k8s', api_version='longhorn.io/v1beta2', kind='volume', namespace='longhorn-system') }}"
+        numberOfReplicas: {{ lookup('kubernetes.core.k8s', kind='node', kubeconfig=(kubeconfig.path)) | length | int }}
+    kubeconfig: "{{ kubeconfig.path }}"
+  loop: "{{ lookup('kubernetes.core.k8s', api_version='longhorn.io/v1beta2', kind='volume', namespace='longhorn-system', kubeconfig=(kubeconfig.path)) }}"
   loop_control:
     label: "{{ item.metadata.name }}"
diff --git a/ansible/vars/metacluster.yml b/ansible/vars/metacluster.yml
index a503c1d..985a46a 100644
--- a/ansible/vars/metacluster.yml
+++ b/ansible/vars/metacluster.yml
@@ -19,17 +19,18 @@ platform:
               - "--certificatesResolvers.stepca.acme.storage=/data/acme.json"
               - "--certificatesResolvers.stepca.acme.tlsChallenge=true"
               - "--certificatesresolvers.stepca.acme.certificatesduration=24"
+            deployment:
+              initContainers:
+                - name: volume-permissions
+                  image: busybox:1
+                  command: ["sh", "-c", "touch /data/acme.json && chmod -Rv 600 /data/* && chown 65532:65532 /data/acme.json"]
+                  volumeMounts:
+                    - name: data
+                      mountPath: /data
             globalArguments: []
             ingressRoute:
               dashboard:
                 enabled: false
-            initContainers:
-              - name: volume-permissions
-                image: busybox:1
-                command: ["sh", "-c", "touch /data/acme.json && chmod -Rv 600 /data/* && chown 65532:65532 /data/acme.json"]
-                volumeMounts:
-                  - name: data
-                    mountPath: /data
             persistence:
               enabled: true
             ports:
diff --git a/packer/build.pkr.hcl b/packer/build.pkr.hcl
index f730e2f..228fcb5 100644
--- a/packer/build.pkr.hcl
+++ b/packer/build.pkr.hcl
@@ -14,10 +14,6 @@ build {
     vm_name = "${var.vm_name}-upgrade"
   }
 
-  provisioner "shell" {
-    inline = ["echo ${source.name}"]
-  }
-
   provisioner "ansible" {
     pause_before     = "2m30s"
 
@@ -36,10 +32,6 @@ build {
     ]
   }
 
-  provisioner "shell" {
-    inline = ["echo ${source.name}"]
-  }
-
   post-processor "shell-local" {
     inline = [
       "pwsh -command \"& scripts/Update-OvfConfiguration.ps1 \\",