Revert readycheck for step-ca;Revert retries;DRY;Upgrade components;Fix syntax

ansible/roles/assets/tasks/manifests.yml

@@ -54,8 +54,8 @@
       dest: ipam-in-cluster/{{ components.clusterapi.management.version.ipam_incluster }}/metadata.yaml
   loop_control:
     label: "{{ item.url | basename }}"
-  retries: 5
-  delay: 5
+  retries: "{{ playbook.retries }}"
+  delay: "{{ playbook.delays.short }}"
   until: clusterapi_manifests is not failed
 
 # - name: Inject manifests

ansible/roles/firstboot/files/ansible_payload/playbook.yml

@@ -3,6 +3,7 @@
   connection: local
   gather_facts: true
   vars_files:
+    - defaults.yml
     - metacluster.yml
   # become: true
   roles:

ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/assets.yml

@@ -7,6 +7,6 @@
   loop_control:
     label: "{{ item | basename }}"
   # Probably should add a task before that ensures K3s node is fully initialized before starting imports; currently K3s goes away briefly during this loop
-  retries: 9
-  delay: 10
+  retries: "{{ playbook.retries }}"
+  delay: "{{ playbook.delays.short }}"
   until: import_result is not failed

ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/certauthority.yml

@@ -6,21 +6,11 @@
         chart_ref: /opt/metacluster/helm-charts/step-certificates
         release_namespace: step-ca
         create_namespace: yes
-        wait: no
+        # Unable to use REST api based readycheck due to missing ingress
+        wait: yes
         kubeconfig: "{{ kubeconfig.path }}"
         values: "{{ components.stepcertificates.chart_values }}"
 
-    - name: Ensure step-ca API availability
-      ansible.builtin.uri:
-        url: https://ca.{{ vapp['metacluster.fqdn'] }}/health
-        method: GET
-      register: api_readycheck
-      until:
-        - api_readycheck.json.status is defined
-        - api_readycheck.json.status == 'ok'
-      retries: 9
-      delay: 60
-
     - name: Retrieve configmap w/ root certificate
       kubernetes.core.k8s_info:
         kind: ConfigMap

ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/git.yml

@@ -18,8 +18,8 @@
       until:
         - api_readycheck.json.status is defined
         - api_readycheck.json.status == 'pass'
-      retries: 9
-      delay: 60
+      retries: "{{ playbook.retries }}"
+      delay: "{{ playbook.delays.long }}"
 
     - name: Configure additional SSH ingress
       ansible.builtin.template:

ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/gitops.yml

@@ -17,8 +17,8 @@
       register: api_readycheck
       until:
         - api_readycheck.json.Version is defined
-      retries: 9
-      delay: 60
+      retries: "{{ playbook.retries }}"
+      delay: "{{ playbook.delays.long }}"
 
     - name: Generate argo-cd API token
       ansible.builtin.uri:

ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/k3s.yml

@@ -49,8 +49,8 @@
     status_code: [200, 401]
   register: api_readycheck
   until: api_readycheck.json.apiVersion is defined
-  retries: 5
-  delay: 30
+      retries: "{{ playbook.retries }}"
+      delay: "{{ playbook.delays.medium }}"
 
 - name: Install kubectl tab-completion
   ansible.builtin.shell:

ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/registry.yml

@@ -18,8 +18,8 @@
       until:
         - api_readycheck.json.status is defined
         - api_readycheck.json.status == 'healthy'
-      retries: 9
-      delay: 60
+      retries: "{{ playbook.retries }}"
+      delay: "{{ playbook.delays.long }}"
 
     - name: Push images to registry
       ansible.builtin.shell:
@@ -39,8 +39,8 @@
       loop: "{{ query('ansible.builtin.fileglob', '/opt/metacluster/container-images/*.tar') | sort }}"
       loop_control:
         label: "{{ item | basename }}"
-      retries: 5
-      delay: 10
+      retries: "{{ playbook.retries }}"
+      delay: "{{ playbook.delays.short }}"
       until: push_result is not failed
 
     - name: Get all stored container images (=artifacts)

ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/storage.yml

@@ -16,8 +16,8 @@
       register: api_readycheck
       until:
         - api_readycheck is not failed
-      retries: 9
-      delay: 60
+      retries: "{{ playbook.retries }}"
+      delay: "{{ playbook.delays.long }}"
 
   module_defaults:
     ansible.builtin.uri:

ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/clusterapi.yml

@@ -58,7 +58,7 @@
 - name: Store custom cluster-template
   ansible.builtin.copy:
     dest: /opt/metacluster/cluster-api/custom-cluster-template.yaml
-    content: "{{ lookup('kubernetes.core.kustomize', dir='/opt/metacluster/cluster-api/infrastructure-vsphere/' + {{ components.clusterapi.management.version.infrastructure_vsphere }}) }}"
+    content: "{{ lookup('kubernetes.core.kustomize', dir='/opt/metacluster/cluster-api/infrastructure-vsphere/' + components.clusterapi.management.version.infrastructure_vsphere ) }}"
 
 - name: Initialize Cluster API management cluster
   ansible.builtin.shell:

ansible/roles/firstboot/files/ansible_payload/vars/defaults.yml

@@ -0,0 +1,6 @@
+playbook:
+  retries: 5
+  delays:
+    long: 60
+    medium: 30
+    short: 10

ansible/vars/metacluster.yml

@@ -1,9 +1,7 @@
 platform:
 
   k3s:
-    # version: v1.26.0+k3s1
-    # max supported version by Longhorn is <v1.25.0
-    version: v1.24.9+k3s1
+    version: v1.26.0+k3s1
 
   gitops:
     repository:
@@ -151,7 +149,7 @@ components:
 
   longhorn:
     helm:
-      version: 1.3.2
+      version: 1.4.0
       chart: longhorn/longhorn
       parse_logic: cat values.yaml | yq eval '.. | select(has("repository")) | .repository + ":" + .tag'
       chart_values: !unsafe |
@@ -167,7 +165,8 @@ components:
 
   step-certificates:
     helm:
-      version: 1.18.2+20220324
+      # version: 1.18.2+20220324
+      version: 1.23.0
       chart: smallstep/step-certificates
       parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sed '/:/!s/$/:latest/' | sort -u
       chart_values: !unsafe |