152 lines
5.1 KiB
YAML
152 lines
5.1 KiB
YAML
- block:
|
|
|
|
- name: Install gitea chart
|
|
kubernetes.core.helm:
|
|
name: gitea
|
|
chart_ref: /opt/metacluster/helm-charts/gitea
|
|
release_namespace: gitea
|
|
create_namespace: true
|
|
wait: false
|
|
kubeconfig: "{{ kubeconfig.path }}"
|
|
values: "{{ components['gitea'].chart_values }}"
|
|
|
|
- name: Ensure gitea API availability
|
|
ansible.builtin.uri:
|
|
url: https://git.{{ vapp['metacluster.fqdn'] }}/api/healthz
|
|
method: GET
|
|
register: api_readycheck
|
|
until:
|
|
- api_readycheck.json.status is defined
|
|
- api_readycheck.json.status == 'pass'
|
|
retries: "{{ playbook.retries }}"
|
|
delay: "{{ (storage_benchmark | int) * (playbook.delay.long | int) }}"
|
|
|
|
- name: Configure additional SSH ingress
|
|
ansible.builtin.template:
|
|
src: ingressroutetcp.j2
|
|
dest: /var/lib/rancher/k3s/server/manifests/{{ _template.name }}-manifest.yaml
|
|
owner: root
|
|
group: root
|
|
mode: 0600
|
|
vars:
|
|
_template:
|
|
name: gitea-ssh
|
|
namespace: gitea
|
|
config: |2
|
|
entryPoints:
|
|
- ssh
|
|
routes:
|
|
- match: HostSNI(`*`)
|
|
services:
|
|
- name: gitea-ssh
|
|
port: 22
|
|
notify:
|
|
- Apply manifests
|
|
|
|
- name: Trigger handlers
|
|
ansible.builtin.meta: flush_handlers
|
|
|
|
- name: Generate gitea API token
|
|
ansible.builtin.uri:
|
|
url: https://git.{{ vapp['metacluster.fqdn'] }}/api/v1/users/administrator/tokens
|
|
method: POST
|
|
user: administrator
|
|
password: "{{ vapp['metacluster.password'] }}"
|
|
force_basic_auth: yes
|
|
body:
|
|
name: token_init_{{ lookup('password', '/dev/null length=5 chars=ascii_letters,digits') }}
|
|
register: gitea_api_token
|
|
|
|
- name: Retrieve existing gitea configuration
|
|
ansible.builtin.uri:
|
|
url: https://git.{{ vapp['metacluster.fqdn'] }}/api/v1/repos/search
|
|
method: GET
|
|
register: gitea_existing_config
|
|
|
|
- block:
|
|
|
|
- name: Register SSH public key
|
|
ansible.builtin.uri:
|
|
url: https://git.{{ vapp['metacluster.fqdn'] }}/api/v1/user/keys
|
|
method: POST
|
|
headers:
|
|
Authorization: token {{ gitea_api_token.json.sha1 }}
|
|
body:
|
|
key: "{{ gitops_sshkey.public_key }}"
|
|
read_only: false
|
|
title: GitOps
|
|
|
|
- name: Create organization(s)
|
|
ansible.builtin.uri:
|
|
url: https://git.{{ vapp['metacluster.fqdn'] }}/api/v1/orgs
|
|
method: POST
|
|
headers:
|
|
Authorization: token {{ gitea_api_token.json.sha1 }}
|
|
body: "{{ item }}"
|
|
loop:
|
|
- full_name: Meta-cluster
|
|
description: Meta-cluster configuration items
|
|
username: mc
|
|
website: https://git.{{ vapp['metacluster.fqdn'] }}/mc
|
|
location: '[...]'
|
|
visibility: public
|
|
- full_name: Workload-cluster
|
|
description: Workload-cluster configuration items
|
|
username: wl
|
|
website: https://git.{{ vapp['metacluster.fqdn'] }}/wl
|
|
location: '[...]'
|
|
visibility: public
|
|
loop_control:
|
|
label: "{{ item.full_name }}"
|
|
|
|
- name: Create repositories
|
|
ansible.builtin.uri:
|
|
url: https://git.{{ vapp['metacluster.fqdn'] }}/api/v1/orgs/{{ item.organization }}/repos
|
|
method: POST
|
|
headers:
|
|
Authorization: token {{ gitea_api_token.json.sha1 }}
|
|
body: "{{ item.body }}"
|
|
loop:
|
|
- organization: mc
|
|
body:
|
|
name: GitOps.ClusterAPI
|
|
# auto_init: true
|
|
# default_branch: main
|
|
description: ClusterAPI manifests
|
|
- organization: mc
|
|
body:
|
|
name: GitOps.Config
|
|
# auto_init: true
|
|
# default_branch: main
|
|
description: GitOps manifests
|
|
- organization: wl
|
|
body:
|
|
name: GitOps.Config
|
|
# auto_init: true
|
|
# default_branch: main
|
|
description: GitOps manifests
|
|
- organization: wl
|
|
body:
|
|
name: GitOps.HelmCharts
|
|
# auto_init: true
|
|
# default_branch: main
|
|
description: Helm charts
|
|
loop_control:
|
|
label: "{{ item.organization ~ '/' ~ item.body.name }}"
|
|
|
|
# - name: Rebase/Push source gitops repository
|
|
# ansible.builtin.shell:
|
|
# cmd: |
|
|
# git config --local http.sslVerify false
|
|
# git remote set-url origin https://administrator:{{ vapp['metacluster.password'] | urlencode }}@git.{{ vapp['metacluster.fqdn'] }}/mc/GitOps.Config.git
|
|
# git push
|
|
# chdir: /opt/metacluster/git-repositories/gitops
|
|
|
|
when: (gitea_existing_config.json is undefined) or (gitea_existing_config.json.data | length == 0)
|
|
|
|
module_defaults:
|
|
ansible.builtin.uri:
|
|
validate_certs: no
|
|
status_code: [200, 201]
|
|
body_format: json
|