djpbessems/Packer.Images
djpbessems
/
Packer.Images
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Packer.Images/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/init.yml

101 lines
3.2 KiB
YAML
Raw Blame History

- name: Configure fallback name resolution
ansible.builtin.lineinfile:
path: /etc/hosts
line: "{{ vapp['guestinfo.ipaddress'] }} {{ item ~ '.' ~ vapp['metacluster.fqdn'] }}"
state: present
loop:
# TODO: Make this list dynamic
- ca
- git
- gitops
- ingress
- registry
- storage
- name: Create step-ca config dictionary
ansible.builtin.set_fact:
stepconfig: "{{ { 'path': ansible_env.HOME ~ '/.step/config/values.yaml' } }}"
- name: Create step-ca target folder
ansible.builtin.file:
path: "{{ stepconfig.path | dirname }}"
state: directory
- name: Initialize tempfile
ansible.builtin.tempfile:
state: file
register: stepca_password
- name: Store password in tempfile
ansible.builtin.copy:
dest: "{{ stepca_password.path }}"
content: "{{ vapp['metacluster.password'] }}"
no_log: true
- name: Generate step-ca helm chart values (including root CA certificate)
ansible.builtin.shell:
cmd: >-
step ca init \
--helm \
--deployment-type=standalone \
--name=ca.{{ vapp['metacluster.fqdn'] }} \
--dns=ca.{{ vapp['metacluster.fqdn'] }} \
--dns=step-certificates.step-ca.svc.cluster.local \
--dns=127.0.0.1 \
--address=:9000 \
--provisioner=admin \
--acme \
--password-file={{ stepca_password.path }} | tee {{ stepconfig.path }}
creates: "{{ stepconfig.path }}"
- name: Cleanup tempfile
ansible.builtin.file:
path: "{{ stepca_password.path }}"
state: absent
when: stepca_password.path is defined
- name: Store root CA certificate
ansible.builtin.copy:
dest: /usr/local/share/ca-certificates/root_ca.crt
content: "{{ (lookup('ansible.builtin.file', stepconfig.path) | from_yaml).inject.certificates.root_ca }}"
- name: Update certificate truststore
ansible.builtin.command:
cmd: update-ca-certificates
- name: Extract container images (for idempotency purposes)
ansible.builtin.unarchive:
src: /opt/metacluster/container-images/image-tarballs.tgz
dest: /opt/metacluster/container-images
remote_src: no
when:
- lookup('ansible.builtin.fileglob', '/opt/metacluster/container-images/*.tgz') is match('.*image-tarballs.tgz')
- name: Get all stored fully qualified container image names
ansible.builtin.shell:
cmd: >-
skopeo list-tags \
--insecure-policy \
docker-archive:./{{ item | basename }} | \
jq -r '.Tags[0]'
chdir: /opt/metacluster/container-images
register: registry_artifacts
loop: "{{ query('ansible.builtin.fileglob', '/opt/metacluster/container-images/*.tar') | sort }}"
loop_control:
label: "{{ item | basename }}"
- name: Get source registries of all artifacts
ansible.builtin.set_fact:
source_registries: "{{ (source_registries | default([]) + [(item | split('/'))[0]]) | unique | sort }}"
loop: "{{ registry_artifacts | json_query('results[*].stdout') | select | sort }}"
- name: Configure K3s node for private registry
ansible.builtin.template:
dest: /etc/rancher/k3s/registries.yaml
src: registries.j2
vars:
_template:
registries: "{{ source_registries }}"
hv:
fqdn: "{{ vapp['metacluster.fqdn'] }}"
Reference in New Issue View Git Blame Copy Permalink