Fix var reference;Housekeeping;Improve UX

ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/certauthority.yml

@@ -62,7 +62,7 @@
             - key: root_ca.crt
               value: "{{ stepca_cm_certs.resources[0].data['root_ca.crt'] | b64encode }}"
       loop_control:
-        label: "{{ item.kind + '/' + item.name + ' (' + item.namespace + ')' }}"
+        label: "{{ item.kind ~ '/' ~ item.name ~ ' (' ~ item.namespace ~ ')' }}"
 
     - name: Configure step-ca passthrough ingress
       ansible.builtin.template:

ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/git.yml

@@ -120,7 +120,7 @@
                 # default_branch: main
                 description: GitOps manifests
           loop_control:
-            label: "{{ item.organization + '/' + item.body.name }}"
+            label: "{{ item.organization ~ '/' ~ item.body.name }}"
 
         - name: Rebase/Push source gitops repository
           ansible.builtin.shell:

ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/init.yml

@@ -1,7 +1,7 @@
 - name: Configure fallback name resolution
   ansible.builtin.lineinfile:
     path: /etc/hosts
-    line: "{{ vapp['guestinfo.ipaddress'] }}  {{ item + '.' + vapp['metacluster.fqdn'] }}"
+    line: "{{ vapp['guestinfo.ipaddress'] }}  {{ item ~ '.' ~ vapp['metacluster.fqdn'] }}"
     state: present
   loop:
     # TODO: Make this list dynamic

ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml

@@ -1,4 +1,7 @@
 - block:
+  # Below tasks circumvent usernames with `<domain>\<username>` format, which causes CAPV to
+  # incorrectly interpret the backslash (despite automatic escaping) as an escape sequence.
+  # `vcenter_session.user` will instead contain the username in `<username>@<domain>` format.
 
     - name: Generate vCenter API token
       ansible.builtin.uri:
@@ -13,7 +16,7 @@
         url: https://{{ vapp['hv.fqdn'] }}/api/session
         method: GET
         headers:
-          vmware-api-session-id: "{{ vcenter_api_token.json }}"
+          vmware-api-session-id: "{{ vcenterapi_token.json }}"
       register: vcenter_session
 
   module_defaults:
@@ -51,7 +54,7 @@
 
 - name: Update image references to use local registry
   ansible.builtin.replace:
-    dest: "{{ item.root + '/' + item.path }}"
+    dest: "{{ item.root ~ '/' ~ item.path }}"
     regexp: '([ ]+image:[ "]+)(?!({{ _template.pattern }}|"{{ _template.pattern }}))'
     replace: '\1{{ _template.pattern }}'
   vars:
@@ -82,7 +85,7 @@
 - name: Store custom cluster-template
   ansible.builtin.copy:
     dest: /opt/metacluster/cluster-api/custom-cluster-template.yaml
-    content: "{{ lookup('kubernetes.core.kustomize', dir='/opt/metacluster/cluster-api/infrastructure-vsphere/' + components.clusterapi.management.version.infrastructure_vsphere ) }}"
+    content: "{{ lookup('kubernetes.core.kustomize', dir='/opt/metacluster/cluster-api/infrastructure-vsphere/' ~ components.clusterapi.management.version.infrastructure_vsphere ) }}"
 
 - name: Initialize Cluster API management cluster
   ansible.builtin.shell:

ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/hypervisor.yml

@@ -68,7 +68,7 @@
         --portgroup "{{ vcenter_info.network }}" \
         --startaddress {{ vapp['ippool.startip'] }} \
         --endaddress {{ vapp['ippool.endip'] }} \
-        --netmask {{ (vapp['guestinfo.ipaddress'] + '/' + vapp['guestinfo.prefixlength']) | ansible.utils.ipaddr('netmask') }} \
+        --netmask {{ (vapp['guestinfo.ipaddress'] ~ '/' ~ vapp['guestinfo.prefixlength']) | ansible.utils.ipaddr('netmask') }} \
         {{ vapp['guestinfo.dnsserver'] | split(',') | map('trim') | map('regex_replace', '^', '--dnsserver ') | join(' ') }} \
         --dnsdomain {{ vapp['metacluster.fqdn'] }} \
         --gateway {{ vapp['guestinfo.gateway'] }} \

ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/registry.yml

@@ -5,7 +5,7 @@
       url: https://registry.{{ vapp['metacluster.fqdn'] }}/api/v2.0/projects
       method: POST
       headers:
-        Authorization: "Basic {{ ('admin:' + vapp['metacluster.password']) | b64encode }}"
+        Authorization: "Basic {{ ('admin:' ~ vapp['metacluster.password']) | b64encode }}"
       body:
         project_name: kubeadm
         public: true
@@ -28,7 +28,7 @@
       url: https://registry.{{ vapp['metacluster.fqdn'] }}/api/v2.0/projects/kubeadm/repositories/{{ ( item | regex_findall('([^:/]+)') )[-2] }}/artifacts?from=library/{{ item | replace('/', '%2F') | replace(':', '%3A') }}
       method: POST
       headers:
-        Authorization: "Basic {{ ('admin:' + vapp['metacluster.password']) | b64encode }}"
+        Authorization: "Basic {{ ('admin:' ~ vapp['metacluster.password']) | b64encode }}"
       body:
         from: "{{ item }}"
     loop: "{{ kubeadm_images }}"

ansible/roles/firstboot/files/ansible_payload/common/roles/users/tasks/main.yml

@@ -25,7 +25,7 @@
     line: 'PasswordAuthentication yes'
     state: absent
   loop_control:
-    label: "{{ '[' + item.regex + '] ' + item.state }}"
+    label: "{{ '[' ~ item.regex ~ '] ' ~ item.state }}"
 
 - name: Create dedicated SSH keypair
   community.crypto.openssh_keypair:

ansible/roles/firstboot/files/ansible_payload/common/templates/tty.j2

@@ -17,7 +17,7 @@ COMPONENTS=('storage' 'registry' 'git' 'gitops')
 FQDN='{{ _template.metacluster.fqdn }}'
 IPADDRESS='{{ _template.metacluster.vip }}'
 
-I=60
+I=0
 
 while /bin/true; do
   if [[ $I -gt 59 ]]; then

ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/init.yml

@@ -1,7 +1,7 @@
 - name: Configure fallback name resolution
   ansible.builtin.lineinfile:
     path: /etc/hosts
-    line: "{{ vapp['metacluster.vip'] }}  {{ item + '.' + vapp['metacluster.fqdn'] }}"
+    line: "{{ vapp['metacluster.vip'] }}  {{ item ~ '.' ~ vapp['metacluster.fqdn'] }}"
     state: present
   loop:
     # TODO: Make this list dynamic