From 95bb861049560f3115e8faac9dff91b058b649f2 Mon Sep 17 00:00:00 2001 From: NaeiKinDus Date: Wed, 10 Jul 2024 00:00:00 +0000 Subject: [PATCH] refactor(k3s): replace code with what the provisioner role now offers and store opentofu data accordingly --- .../infrastructure/roles/k3s/tasks/main.yml | 39 ------------ .../roles/k3s/tasks/opentofu.yml | 59 +++++++------------ .../infrastructure/roles/k3s/tasks/server.yml | 5 +- inventory/host_vars/actinium/vars.yml | 2 - 4 files changed, 22 insertions(+), 83 deletions(-) diff --git a/collections/ansible_collections/nullified/infrastructure/roles/k3s/tasks/main.yml b/collections/ansible_collections/nullified/infrastructure/roles/k3s/tasks/main.yml index 92cc326..bcc0d7f 100644 --- a/collections/ansible_collections/nullified/infrastructure/roles/k3s/tasks/main.yml +++ b/collections/ansible_collections/nullified/infrastructure/roles/k3s/tasks/main.yml @@ -1,9 +1,4 @@ --- -- name: gather facts if not already done - ansible.builtin.setup: - gather_subset: - - user_id - - name: group by cluster name ansible.builtin.group_by: key: "k3s_clusters_{{ k3s_cluster_name }}_{{ k3s_cluster_role }}" @@ -22,40 +17,6 @@ k3s_nft_operators6: "{{ k3s_operator_ips | ansible.utils.ipv6 }}" changed_when: false -- name: get local controller account information - connection: local - ansible.builtin.getent: - database: passwd - key: "{{ ansible_facts.user_id }}" - split: ":" - changed_when: false - when: ansible_facts['getent_passwd'] is undefined or ansible_facts['user_id'] not in ansible_facts['getent_passwd'] - -- name: set controller environment variables - ansible.builtin.set_fact: - controller_user_home: "{{ ansible_facts['getent_passwd'][ansible_facts['user_id']][4] }}" - k3sup_binary: "{{ ansible_facts['getent_passwd'][ansible_facts['user_id']][4] }}/.local/bin/k3sup" - kubeconfig_repository: "{{ ansible_facts['getent_passwd'][ansible_facts['user_id']][4] }}/.kubeconfig_repository" - changed_when: false - -- name: retrieve k3sup on Ansible controller - connection: local - nullified.infrastructure.github_artifact: - asset_name: k3sup - asset_type: release - repository: alexellis/k3sup - creates: '{{ k3sup_binary }}' - cmds: - - mkdir -p $HOME/.local/bin - - "install --mode=750 {asset_dirname}/{asset_filename} {{ k3sup_binary }}" - -- name: setup kubeconfig repository - connection: local - ansible.builtin.file: - path: "{{ kubeconfig_repository }}" - state: directory - mode: '0700' - - name: setup permissions become: true block: diff --git a/collections/ansible_collections/nullified/infrastructure/roles/k3s/tasks/opentofu.yml b/collections/ansible_collections/nullified/infrastructure/roles/k3s/tasks/opentofu.yml index b1556fb..299b47a 100644 --- a/collections/ansible_collections/nullified/infrastructure/roles/k3s/tasks/opentofu.yml +++ b/collections/ansible_collections/nullified/infrastructure/roles/k3s/tasks/opentofu.yml @@ -1,75 +1,56 @@ - name: deploy OpenTofu resource connection: local block: - - name: find terraform binary - ansible.builtin.command: - cmd: bash -c 'command -v terraform || command -v tofu || echo /usr/local/bin/terraform' - register: located_tf_binary - when: terraform_binary_path is undefined - changed_when: false - - - name: set terraform binary + - name: set TF resource facts ansible.builtin.set_fact: - terraform_binary_path: '{{ terraform_binary_path | default(located_tf_binary.stdout, true) }}' - when: terraform_binary_path is undefined + k3s_tf_safe_item_name: "{{ item.name | regex_replace('[^\\w]', '') }}" + k3s_tf_project_git_path: "{{ provisioner_facts.artifacts_dir }}/{{ item.name | regex_replace('[^\\w]', '') }}.git" - - name: create temp directory - ansible.builtin.tempfile: - state: directory - register: tmp_file + - name: check pre-existing TF state file + ansible.builtin.file: + path: "{{ provisioner_facts.k8s_states_dir }}/{{ k3s_tf_safe_item_name }}.tfstate" + register: tfstate_file_info changed_when: false - when: item.storage_dir is not defined - - - name: set target directory for git repository - ansible.builtin.set_fact: - git_clone_dir: '{{ item.storage_dir | default(tmp_file.path, true) }}' + failed_when: false - name: fetch git repository ansible.builtin.git: repo: '{{ item.git_repository }}' - dest: '{{ git_clone_dir }}' + dest: '{{ k3s_tf_project_git_path }}' version: '{{ item.git_revision }}' force: true - name: prepare variables file ansible.builtin.copy: content: '{{ item.tfvars_content }}' - dest: '{{ git_clone_dir }}/{{ item.terraform_dir }}/terraform.tfvars' - mode: '0500' + dest: '{{ k3s_tf_project_git_path }}/{{ item.terraform_dir }}/terraform.tfvars' + mode: '0600' force: true - name: prepare tfstate file ansible.builtin.copy: - src: '{{ item.tfstate_path }}' - dest: '{{ git_clone_dir }}/{{ item.terraform_dir }}/terraform.tfstate' + src: '{{ provisioner_facts.k8s_states_dir }}/{{ k3s_tf_safe_item_name }}.tfstate' + dest: '{{ k3s_tf_project_git_path }}/{{ item.terraform_dir }}/terraform.tfstate' force: true mode: '0600' - when: git_clone_dir not in item.tfstate_path - name: deploy k8s resources community.general.terraform: - binary_path: "{{ terraform_binary_path }}" - project_path: '{{ git_clone_dir }}/{{ item.terraform_dir}}' + binary_path: "{{ provisioner_facts.tofu_binary_path }}" + project_path: '{{ k3s_tf_project_git_path }}/{{ item.terraform_dir }}' provider_upgrade: true force_init: true - - name: backup source stored state + - name: backup source state file ansible.builtin.copy: - src: '{{ item.tfstate_path }}' - dest: '{{ item.tfstate_path }}.ansible.backup' + src: '{{ provisioner_facts.k8s_states_dir }}/{{ k3s_tf_safe_item_name }}.tfstate' + dest: '{{ provisioner_facts.k8s_states_dir }}/{{ k3s_tf_safe_item_name }}.tfstate.previous' force: true mode: '0600' - name: update source tfstate file ansible.builtin.copy: - src: '{{ git_clone_dir }}/{{ item.terraform_dir}}/terraform.tfstate' - dest: '{{ item.tfstate_path }}' + src: '{{ k3s_tf_project_git_path }}/{{ item.terraform_dir }}/terraform.tfstate' + dest: '{{ provisioner_facts.k8s_states_dir }}/{{ k3s_tf_safe_item_name }}.tfstate' force: true mode: '0600' - when: git_clone_dir not in item.tfstate_path - - - name: cleanup - ansible.builtin.file: - path: '{{ tmp_file.path }}' - state: absent - when: item.storage_dir is not defined diff --git a/collections/ansible_collections/nullified/infrastructure/roles/k3s/tasks/server.yml b/collections/ansible_collections/nullified/infrastructure/roles/k3s/tasks/server.yml index 1291412..051a17d 100644 --- a/collections/ansible_collections/nullified/infrastructure/roles/k3s/tasks/server.yml +++ b/collections/ansible_collections/nullified/infrastructure/roles/k3s/tasks/server.yml @@ -1,6 +1,5 @@ --- # TODO: disable swap - - name: setup firewall rules become: true ansible.builtin.template: @@ -18,11 +17,11 @@ connection: local ansible.builtin.command: argv: - - "{{ k3sup_binary }}" + - "{{ provisioner_facts.k3sup_binary_path }}" - install - "--merge" - "--local-path" - - "{{ kubeconfig_repository }}/{{ k3s_cluster_name }}.kubeconfig" + - "{{ provisioner_facts.kubeconfig_repository }}/{{ k3s_cluster_name }}.kubeconfig" - "--context" - "{{ k3s_kube_context }}" - "--k3s-extra-args" diff --git a/inventory/host_vars/actinium/vars.yml b/inventory/host_vars/actinium/vars.yml index dfb1e39..8e0eac9 100644 --- a/inventory/host_vars/actinium/vars.yml +++ b/inventory/host_vars/actinium/vars.yml @@ -28,8 +28,6 @@ k3s_cluster_additional_tf_resources: git_revision: 0.0.5 terraform_dir: 'terraform' tfvars_content: '{{ vault_invoice_ninja_tfvars }}' - tfstate_path: '{{ vault_invoice_ninja_tfstate_path }}' - # storage_dir: hc_vault_server_tls_cert_data: '{{ vault_hc_vault_server_tls_cert_data }}' hc_vault_server_tls_key_data: '{{ vault_hc_vault_server_tls_key_data }}'