- block: - name: Install gitea chart kubernetes.core.helm: name: gitea chart_ref: /opt/metacluster/helm-charts/gitea release_namespace: gitea create_namespace: true wait: false kubeconfig: "{{ kubeconfig.path }}" values: "{{ components['gitea'].chart_values }}" - name: Ensure gitea API availability ansible.builtin.uri: url: https://git.{{ vapp['metacluster.fqdn'] }}/api/healthz method: GET register: api_readycheck until: - api_readycheck.json.status is defined - api_readycheck.json.status == 'pass' retries: "{{ playbook.retries }}" delay: "{{ (storage_benchmark | int) * (playbook.delay.long | int) }}" - name: Configure additional SSH ingress ansible.builtin.template: src: ingressroutetcp.j2 dest: /var/lib/rancher/k3s/server/manifests/{{ _template.name }}-manifest.yaml owner: root group: root mode: 0600 vars: _template: name: gitea-ssh namespace: gitea spec: |2 entryPoints: - ssh routes: - match: HostSNI(`*`) services: - name: gitea-ssh port: 22 notify: - Apply manifests - name: Trigger handlers ansible.builtin.meta: flush_handlers - name: Generate gitea API token ansible.builtin.uri: url: https://git.{{ vapp['metacluster.fqdn'] }}/api/v1/users/administrator/tokens method: POST user: administrator password: "{{ vapp['metacluster.password'] }}" force_basic_auth: yes body: name: token_init_{{ lookup('password', '/dev/null length=5 chars=ascii_letters,digits') }} register: gitea_api_token - name: Retrieve existing gitea configuration ansible.builtin.uri: url: https://git.{{ vapp['metacluster.fqdn'] }}/api/v1/repos/search method: GET register: gitea_existing_config - block: - name: Register SSH public key ansible.builtin.uri: url: https://git.{{ vapp['metacluster.fqdn'] }}/api/v1/user/keys method: POST headers: Authorization: token {{ gitea_api_token.json.sha1 }} body: key: "{{ gitops_sshkey.public_key }}" read_only: false title: GitOps - name: Create organization(s) ansible.builtin.uri: url: https://git.{{ vapp['metacluster.fqdn'] }}/api/v1/orgs method: POST headers: Authorization: token {{ gitea_api_token.json.sha1 }} body: "{{ item }}" loop: - full_name: Meta-cluster description: Meta-cluster configuration items username: mc website: https://git.{{ vapp['metacluster.fqdn'] }}/mc location: '[...]' visibility: public - full_name: Workload-cluster description: Workload-cluster configuration items username: wl website: https://git.{{ vapp['metacluster.fqdn'] }}/wl location: '[...]' visibility: public loop_control: label: "{{ item.full_name }}" - name: Create repositories ansible.builtin.uri: url: https://git.{{ vapp['metacluster.fqdn'] }}/api/v1/orgs/{{ item.organization }}/repos method: POST headers: Authorization: token {{ gitea_api_token.json.sha1 }} body: "{{ item.body }}" loop: - organization: mc body: name: GitOps.ClusterAPI auto_init: true default_branch: main description: ClusterAPI manifests - organization: mc body: name: GitOps.Config # auto_init: true # default_branch: main description: GitOps manifests - organization: wl body: name: GitOps.Config auto_init: true default_branch: main description: GitOps manifests - organization: wl body: name: ClusterAccess.Store auto_init: true default_branch: main description: Kubeconfig files loop_control: label: "{{ item.organization ~ '/' ~ item.body.name }}" # - name: Rebase/Push source gitops repository # ansible.builtin.shell: # cmd: | # git config --local http.sslVerify false # git remote set-url origin https://administrator:{{ vapp['metacluster.password'] | urlencode }}@git.{{ vapp['metacluster.fqdn'] }}/mc/GitOps.Config.git # git push # chdir: /opt/metacluster/git-repositories/gitops when: (gitea_existing_config.json is undefined) or (gitea_existing_config.json.data | length == 0) module_defaults: ansible.builtin.uri: validate_certs: no status_code: [200, 201] body_format: json