From f47777763ad6c5f31f6de2be0cc61a2300a0ee2d Mon Sep 17 00:00:00 2001 From: Danny Bessems Date: Wed, 8 Mar 2023 17:07:44 +0100 Subject: [PATCH] Add serviceaccount token creation;Base delays on storage benchmark --- .../bootstrap/roles/metacluster/tasks/certauthority.yml | 2 +- .../bootstrap/roles/metacluster/tasks/git.yml | 2 +- .../bootstrap/roles/metacluster/tasks/gitops.yml | 2 +- .../bootstrap/roles/metacluster/tasks/k3s.yml | 4 ++-- .../bootstrap/roles/metacluster/tasks/registry.yml | 4 ++-- .../bootstrap/roles/metacluster/tasks/storage.yml | 2 +- .../bootstrap/roles/workloadcluster/tasks/clusterapi.yml | 4 ++-- .../bootstrap/roles/workloadcluster/tasks/gitops.yml | 9 +-------- .../bootstrap/templates/serviceaccount.j2 | 9 +++++++++ .../common/roles/metacluster/tasks/assets.yml | 2 +- .../common/roles/preflight/tasks/vcenter.yml | 2 +- .../files/ansible_payload/common/vars/defaults.yml | 7 ++++--- .../upgrade/roles/decommission/tasks/k3s.yml | 2 +- .../upgrade/roles/metacluster/tasks/certauthority.yml | 2 +- .../upgrade/roles/metacluster/tasks/containerimages.yml | 2 +- .../upgrade/roles/metacluster/tasks/git.yml | 2 +- .../upgrade/roles/metacluster/tasks/gitops.yml | 2 +- .../upgrade/roles/metacluster/tasks/k3s.yml | 4 ++-- .../upgrade/roles/metacluster/tasks/registry.yml | 2 +- .../upgrade/roles/metacluster/tasks/storage.yml | 4 ++-- .../upgrade/roles/preflight/tasks/metacluster.yml | 2 +- 21 files changed, 37 insertions(+), 34 deletions(-) diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/certauthority.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/certauthority.yml index 82d4d91..cf38fa7 100644 --- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/certauthority.yml +++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/certauthority.yml @@ -133,7 +133,7 @@ - api_readycheck.json.status is defined - api_readycheck.json.status == 'ok' retries: "{{ playbook.retries }}" - delay: "{{ playbook.delay.long }}" + delay: "{{ (storage_benchmark * playbook.delay.long) | int }}" module_defaults: ansible.builtin.uri: diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/git.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/git.yml index 952dc84..aa7899e 100644 --- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/git.yml +++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/git.yml @@ -19,7 +19,7 @@ - api_readycheck.json.status is defined - api_readycheck.json.status == 'pass' retries: "{{ playbook.retries }}" - delay: "{{ playbook.delay.long }}" + delay: "{{ (storage_benchmark * playbook.delay.long) | int }}" - name: Configure additional SSH ingress ansible.builtin.template: diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/gitops.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/gitops.yml index 8155cb7..4413406 100644 --- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/gitops.yml +++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/gitops.yml @@ -18,7 +18,7 @@ until: - api_readycheck.json.Version is defined retries: "{{ playbook.retries }}" - delay: "{{ playbook.delay.long }}" + delay: "{{ (storage_benchmark * playbook.delay.long) | int }}" - name: Generate argo-cd API token ansible.builtin.uri: diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/k3s.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/k3s.yml index 64d1481..a2047be 100644 --- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/k3s.yml +++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/k3s.yml @@ -40,7 +40,7 @@ register: api_readycheck until: api_readycheck.json.apiVersion is defined retries: "{{ playbook.retries }}" - delay: "{{ playbook.delay.medium }}" + delay: "{{ (storage_benchmark * playbook.delay.medium) | int }}" - name: Install kubectl tab-completion ansible.builtin.shell: @@ -77,4 +77,4 @@ until: - k8snode_patch.result.metadata.labels['ova.airgappedk8s/moref_id'] is defined retries: "{{ playbook.retries }}" - delay: "{{ playbook.delay.medium }}" + delay: "{{ (storage_benchmark * playbook.delay.medium) | int }}" diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/registry.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/registry.yml index 415fe13..fa7cd92 100644 --- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/registry.yml +++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/registry.yml @@ -19,7 +19,7 @@ - api_readycheck.json.status is defined - api_readycheck.json.status == 'healthy' retries: "{{ playbook.retries }}" - delay: "{{ playbook.delay.long }}" + delay: "{{ (storage_benchmark * playbook.delay.long) | int }}" - name: Push images to registry ansible.builtin.shell: @@ -40,7 +40,7 @@ loop_control: label: "{{ item | basename }}" retries: "{{ playbook.retries }}" - delay: "{{ playbook.delay.short }}" + delay: "{{ (storage_benchmark * playbook.delay.short) | int }}" until: push_result is not failed module_defaults: diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/storage.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/storage.yml index f48cda7..c68a278 100644 --- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/storage.yml +++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/storage.yml @@ -17,7 +17,7 @@ until: - api_readycheck is not failed retries: "{{ playbook.retries }}" - delay: "{{ playbook.delay.long }}" + delay: "{{ (storage_benchmark * playbook.delay.long) | int }}" module_defaults: ansible.builtin.uri: diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml index 027fa14..a3b4887 100644 --- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml +++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml @@ -150,7 +150,7 @@ register: certificate_subject until: certificate_subject is not failed retries: "{{ playbook.retries }}" - delay: "{{ playbook.delay.medium }}" + delay: "{{ (storage_benchmark * playbook.delay.medium) | int }}" - name: Apply workload cluster manifest kubernetes.core.k8s: definition: >- @@ -168,7 +168,7 @@ register: cluster_readycheck until: cluster_readycheck is succeeded retries: "{{ playbook.retries }}" - delay: "{{ playbook.delay.long }}" + delay: "{{ (storage_benchmark * playbook.delay.long) | int }}" - name: Initialize tempfile ansible.builtin.tempfile: diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/gitops.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/gitops.yml index 320ddb9..1112f4f 100644 --- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/gitops.yml +++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/gitops.yml @@ -5,17 +5,10 @@ template: serviceaccount.j2 state: present - - name: Retrieve service account bearer token - kubernetes.core.k8s_info: - kind: ServiceAccount - name: "{{ _template.account.name }}" - namespace: "{{ _template.account.namespace }}" - register: workloadcluster_serviceaccount - - name: Retrieve service account bearer token kubernetes.core.k8s_info: kind: Secret - name: "{{ workloadcluster_serviceaccount.resources | json_query('[].secrets[].name') | first }}" + name: "{{ _template.account.name }}-secret" namespace: "{{ _template.account.namespace }}" register: workloadcluster_bearertoken diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/serviceaccount.j2 b/ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/serviceaccount.j2 index 5788c15..cec2c90 100644 --- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/serviceaccount.j2 +++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/serviceaccount.j2 @@ -4,6 +4,15 @@ metadata: name: {{ _template.account.name }} namespace: {{ _template.account.namespace }} --- +apiVersion: v1 +kind: Secret +metadata: + name: {{ _template.account.name }}-secret + namespace: {{ _template.account.namespace }} + annotations: + kubernetes.io/service-account.name: {{ _template.account.name }} +type: kubernetes.io/service-account-token +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: diff --git a/ansible/roles/firstboot/files/ansible_payload/common/roles/metacluster/tasks/assets.yml b/ansible/roles/firstboot/files/ansible_payload/common/roles/metacluster/tasks/assets.yml index ad9ba9a..6d0d9b8 100644 --- a/ansible/roles/firstboot/files/ansible_payload/common/roles/metacluster/tasks/assets.yml +++ b/ansible/roles/firstboot/files/ansible_payload/common/roles/metacluster/tasks/assets.yml @@ -8,5 +8,5 @@ label: "{{ item | basename }}" # Probably should add a task before that ensures K3s node is fully initialized before starting imports; currently K3s goes away briefly during this loop retries: "{{ playbook.retries }}" - delay: "{{ playbook.delay.short }}" + delay: "{{ (storage_benchmark * playbook.delay.short) | int }}" until: import_result is not failed diff --git a/ansible/roles/firstboot/files/ansible_payload/common/roles/preflight/tasks/vcenter.yml b/ansible/roles/firstboot/files/ansible_payload/common/roles/preflight/tasks/vcenter.yml index 6623650..9a2af80 100644 --- a/ansible/roles/firstboot/files/ansible_payload/common/roles/preflight/tasks/vcenter.yml +++ b/ansible/roles/firstboot/files/ansible_payload/common/roles/preflight/tasks/vcenter.yml @@ -5,7 +5,7 @@ schema: vsphere register: vcenter_info retries: "{{ playbook.retries }}" - delay: "{{ playbook.delay.short }}" + delay: "{{ (storage_benchmark * playbook.delay.short) | int }}" until: vcenter_info is not failed module_defaults: diff --git a/ansible/roles/firstboot/files/ansible_payload/common/vars/defaults.yml b/ansible/roles/firstboot/files/ansible_payload/common/vars/defaults.yml index 4b215f7..f28f8af 100644 --- a/ansible/roles/firstboot/files/ansible_payload/common/vars/defaults.yml +++ b/ansible/roles/firstboot/files/ansible_payload/common/vars/defaults.yml @@ -1,6 +1,7 @@ playbook: retries: 5 delay: - long: 60 - medium: 30 - short: 10 + # These values are multiplied with the value of `storage_benchmark` + long: 2 + medium: 1 + short: 0.5 diff --git a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/decommission/tasks/k3s.yml b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/decommission/tasks/k3s.yml index 8431e6b..71f2d8f 100644 --- a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/decommission/tasks/k3s.yml +++ b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/decommission/tasks/k3s.yml @@ -24,7 +24,7 @@ - nodedrain_results is not failed - (nodedrain_results.stdout_lines | last) is match('node/.* drained') retries: "{{ playbook.retries }}" - delay: "{{ playbook.delay.short }}" + delay: "{{ (storage_benchmark * playbook.delay.short) | int }}" - name: Delete node kubernetes.core.k8s: diff --git a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/certauthority.yml b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/certauthority.yml index 03812da..270dae0 100644 --- a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/certauthority.yml +++ b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/certauthority.yml @@ -43,7 +43,7 @@ - api_readycheck.json.status is defined - api_readycheck.json.status == 'ok' retries: "{{ playbook.retries }}" - delay: "{{ playbook.delay.long }}" + delay: "{{ (storage_benchmark * playbook.delay.long) | int }}" module_defaults: ansible.builtin.uri: diff --git a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/containerimages.yml b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/containerimages.yml index 1124af7..5e9fa56 100644 --- a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/containerimages.yml +++ b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/containerimages.yml @@ -19,7 +19,7 @@ loop_control: label: "{{ item | basename }}" retries: "{{ playbook.retries }}" - delay: "{{ playbook.delay.short }}" + delay: "{{ (storage_benchmark * playbook.delay.short) | int }}" until: push_result is not failed - name: Get all stored container images (=artifacts) diff --git a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/git.yml b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/git.yml index 6f1ff8a..d0ef7bf 100644 --- a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/git.yml +++ b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/git.yml @@ -18,7 +18,7 @@ - api_readycheck.json.status is defined - api_readycheck.json.status == 'pass' retries: "{{ playbook.retries }}" - delay: "{{ playbook.delay.long }}" + delay: "{{ (storage_benchmark * playbook.delay.long) | int }}" module_defaults: ansible.builtin.uri: diff --git a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/gitops.yml b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/gitops.yml index 77e99d1..56a4c97 100644 --- a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/gitops.yml +++ b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/gitops.yml @@ -17,7 +17,7 @@ until: - api_readycheck.json.Version is defined retries: "{{ playbook.retries }}" - delay: "{{ playbook.delay.long }}" + delay: "{{ (storage_benchmark * playbook.delay.long) | int }}" module_defaults: ansible.builtin.uri: diff --git a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/k3s.yml b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/k3s.yml index fc72e7d..280f1c5 100644 --- a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/k3s.yml +++ b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/k3s.yml @@ -40,7 +40,7 @@ register: api_readycheck until: api_readycheck.json.apiVersion is defined retries: "{{ playbook.retries }}" - delay: "{{ playbook.delay.medium }}" + delay: "{{ (storage_benchmark * playbook.delay.medium) | int }}" - name: Install kubectl tab-completion ansible.builtin.shell: @@ -77,4 +77,4 @@ until: - k8snode_patch.result.metadata.labels['ova.airgappedk8s/moref_id'] is defined retries: "{{ playbook.retries }}" - delay: "{{ playbook.delay.medium }}" + delay: "{{ (storage_benchmark * playbook.delay.medium) | int }}" diff --git a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/registry.yml b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/registry.yml index b0db1a5..0a2082a 100644 --- a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/registry.yml +++ b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/registry.yml @@ -18,7 +18,7 @@ - api_readycheck.json.status is defined - api_readycheck.json.status == 'healthy' retries: "{{ playbook.retries }}" - delay: "{{ playbook.delay.long }}" + delay: "{{ (storage_benchmark * playbook.delay.long) | int }}" module_defaults: ansible.builtin.uri: diff --git a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/storage.yml b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/storage.yml index 07badf7..06d0cbd 100644 --- a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/storage.yml +++ b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/storage.yml @@ -25,7 +25,7 @@ - (volume_details.json | json_query('data[? state==`attached`].robustness') | unique | length) == 1 - (volume_details.json | json_query('data[? state==`attached`].robustness') | first) == "healthy" retries: "{{ ( playbook.retries * 2) | int }}" - delay: "{{ playbook.delay.long }}" + delay: "{{ (storage_benchmark * playbook.delay.long) | int }}" - name: Upgrade longhorn chart kubernetes.core.helm: @@ -44,7 +44,7 @@ until: - api_readycheck is not failed retries: "{{ playbook.retries }}" - delay: "{{ playbook.delay.long }}" + delay: "{{ (storage_benchmark * playbook.delay.long) | int }}" module_defaults: ansible.builtin.uri: diff --git a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/preflight/tasks/metacluster.yml b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/preflight/tasks/metacluster.yml index 3af9f5f..2cc7ebe 100644 --- a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/preflight/tasks/metacluster.yml +++ b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/preflight/tasks/metacluster.yml @@ -8,4 +8,4 @@ until: - api_readycheck.json.apiVersion is defined retries: "{{ playbook.retries }}" - delay: "{{ playbook.delay.medium }}" + delay: "{{ (storage_benchmark * playbook.delay.medium) | int }}"