Talos using DCI works

2023-09-25 14:51:59 +02:00 · 2023-09-25 14:51:59 +02:00 · 19c83649ca
parent 378a8f868b
commit 19c83649ca
14 changed files with 93 additions and 58 deletions
--- a/dci_reinstall_talos.yml
+++ b/dci_reinstall_talos.yml
@ -5,5 +5,5 @@
  hosts:
    - talos_hardware_nodes
  roles:
-    - role: talos_dci_finish
-    - role: talos_dci_reinstall
+    - role: dci_finish
+    - role: dci_reinstall_talos
--- a/roles/common/defaults/main.yml
+++ b/roles/common/defaults/main.yml
@ -1,12 +1,14 @@
 ---
 kubernetes_version: v1.26.7
-talos_version: v1.5.2
+talos_version: v1.5.3
 ansible_root_dir: "{{ inventory_dir | ansible.builtin.dirname }}"
 ansible_vault_password_file: "{{ ansible_root_dir }}/.ansible/vault_pass"
 talos_generic_config_dir: "{{ ansible_root_dir }}/configs/talos"
 talos_cluster_config_dir: "{{ ansible_root_dir }}/configs/{{ cluster_name }}"
+talos_cluster_tmp_dir: "{{ ansible_root_dir }}/configs/{{ cluster_name }}/tmp"
 talos_cluster_secrets_file: "{{ talos_cluster_config_dir }}/talos-secrets.yaml"
 talos_control_lb_hostname: "control.{{ cluster_name }}"
+talos_node_override_file: "{{ talos_cluster_config_dir }}/talos-override-{{ inventory_hostname }}.yaml"
 talos_node_config_file: "{{ talos_cluster_config_dir }}/talos-{{ inventory_hostname }}.yaml"
 talos_disk: /dev/sda
 talosconfig: "{{ talos_cluster_config_dir }}/talosconfig.yaml"
@ -17,4 +19,6 @@ talosctl_host: localhost
 ingress_lb_hostname: "workers.{{ cluster_name }}"
 ingress_ips: [] # One or more IPs must be defined for first cluster node using Inventory
 rancher_hostname: "rancher.{{ cluster_name }}"
-letsencrypt_email: "jeroen@deovero.com"
+letsencrypt_email: "jeroen@deovero.com"
+network_interface: "eth0"
+network_cidr_prefix: "24"
--- a/roles/dci_finish/handlers/main.yml
+++ b/roles/dci_finish/handlers/main.yml
@ -0,0 +1,6 @@
+---
+
+- name: Set fact dci_finish_called
+  ansible.builtin.set_fact:
+    dci_finish_called: true
+    cacheable: no
--- a/roles/talos_dci_finish/meta/main.yml
+++ b/roles/talos_dci_finish/meta/main.yml
@ -1,4 +1,4 @@
 ---
 dependencies:
  - role: common
-  - role: talos_dci_login
+  - role: dci_login
--- a/roles/talos_dci_finish/tasks/main.yml
+++ b/roles/talos_dci_finish/tasks/main.yml
@ -13,3 +13,4 @@
    body: "{}"
  register: dci_finish
  until: dci_finish.status != 503
+  notify: Set fact dci_finish_called
--- a/roles/talos_dci_login/defaults/main.yml
+++ b/roles/talos_dci_login/defaults/main.yml
--- a/roles/talos_dci_login/tasks/main.yml
+++ b/roles/talos_dci_login/tasks/main.yml
@ -27,7 +27,6 @@
  ansible.builtin.set_fact:
    dci_token: "{{ (_dci_manager_login.content | from_json).token }}"

-
 - name: Get TOTP code from BitWarden
  delegate_to: "localhost"
  ansible.builtin.command:
--- a/roles/dci_reinstall_talos/meta/main.yml
+++ b/roles/dci_reinstall_talos/meta/main.yml
@ -1,4 +1,4 @@
 ---
 dependencies:
  - role: common
-  - role: talos_dci_login
+  - role: dci_login
--- a/roles/dci_reinstall_talos/tasks/main.yml
+++ b/roles/dci_reinstall_talos/tasks/main.yml
@ -1,9 +1,10 @@
 ---

- name: Sleep 60 seconds because we just called Finish
-  when: dci_finish is defined and dci_finish is success
+- name: Sleep a bit because we just called the 'Finish' operation at DCI Manager
+  when: dci_finish_called is defined
  ansible.builtin.pause:
-    minutes: 1
+    prompt: Please wait
+    seconds: 30

 - name: Call DCI Manager API to reinstall Talos Linux
  delegate_to: "{{ dci_manager_access_host }}"
--- a/roles/talos_config_apply/meta/main.yml
+++ b/roles/talos_config_apply/meta/main.yml
@ -1,3 +1,4 @@
 ---
 dependencies:
  - role: common
+  - role: talos_wait_port
--- a/roles/talos_config_apply/tasks/main.yml
+++ b/roles/talos_config_apply/tasks/main.yml
@ -10,40 +10,7 @@
 - name: Import talos_machine_status tasks
  ansible.builtin.import_tasks: "{{ role_path }}/../../shared/tasks/talos_machine_status.yml"

- name: Try Talos node config
-  delegate_to: "{{ talosctl_host }}"
-  become: no
-  ansible.builtin.command:
-    cmd: >-
-      talosctl  apply-config
-        --file '{{ talos_node_config_file }}'
-        --nodes '{{ ansible_remote }}'
-        --endpoints '{{ ansible_remote }}'
-        --mode reboot
-        --timeout 2m
-        {% if talos_machine_status.spec.stage == 'maintenance' %} --insecure{% endif %}
-  changed_when: true
-  environment:
-    TALOSCONFIG: "{{ talosconfig }}"
-
- name: Wait for Talos port 50000 to close
-  delegate_to: "{{ talosctl_host }}"
-  become: no
-  ansible.builtin.wait_for:
-    host: "{{ ansible_remote }}"
-    port: 50000
-    timeout: 100
-    state: stopped
-
- name: Wait for Talos port 50000 to open
-  delegate_to: "{{ talosctl_host }}"
-  become: no
-  ansible.builtin.wait_for:
-    host: "{{ ansible_remote }}"
-    port: 50000
-    delay: 5
-    timeout: 100
-
+# 'mode=try' does not work when the machine is in Maintenance mode.
 - name: Apply Talos node config
  delegate_to: "{{ talosctl_host }}"
  become: no
@ -66,4 +33,4 @@
    host: "{{ ansible_remote }}"
    port: 50000
    delay: 5
-    timeout: 60
+    timeout: 600
--- a/roles/talos_config_create/tasks/create_worker_configs.yml
+++ b/roles/talos_config_create/tasks/create_worker_configs.yml
@ -1,20 +1,67 @@
 ---

+- name: Set Talos override config
+  ansible.builtin.set_fact:
+    _talos_override_config:
+      machine:
+        network:
+          hostname: "{{ inventory_hostname }}"
+          interfaces:
+            - interface: "{{ network_interface }}"
+              addresses:
+                - "{{ ansible_remote }}/{{ network_cidr_prefix }}"
+              routes:
+                - network: 0.0.0.0/0
+                  gateway: "{{ (ansible_remote ~ '/' ~ network_cidr_prefix) | ansible.utils.ipaddr('1') | ansible.utils.ipaddr('address') }}"
+        install:
+          disk: "{{ talos_disk }}"
+
+- name: Create Talos interfaces bond append
+  when: "network_interfaces_bond is defined"
+  ansible.utils.update_fact:
+    updates:
+      - path: "_talos_override_config.machine.network.interfaces.0.bond"
+        value: "{{ network_interfaces_bond }}"
+  register: _talos_override_update
+
+- name: Apply Talos interfaces bond append
+  when: "network_interfaces_bond is defined"
+  ansible.builtin.set_fact:
+    _talos_override_config: "{{ _talos_override_update._talos_override_config }}"
+
+- name: Create temp directory
+  delegate_to: "{{ talosctl_host }}"
+  ansible.builtin.file:
+    state: directory
+    path: "{{ talos_cluster_tmp_dir }}"
+    mode: u=rwX,go=
+
+- name: Set fact with overrides file
+  ansible.builtin.set_fact:
+    _talos_override_tempfile: "{{ talos_cluster_tmp_dir }}/overrides_{{ inventory_hostname }}.yaml"
+
+- name: Wride overrides to tempfile
+  delegate_to: "{{ talosctl_host }}"
+  ansible.builtin.copy:
+    dest: "{{ _talos_override_tempfile }}"
+    mode: u=rw,go=
+    content: "{{ _talos_override_config | ansible.builtin.to_yaml }}"
+
 - name: Create Talos worker node config
  delegate_to: "{{ talosctl_host }}"
-  become: no
  ansible.builtin.command:
    cmd: >-
      talosctl  gen  config  '{{ cluster_name }}'  'https://{{ talos_control_lb_hostname }}:6443'
-        --output-types worker
-        --output '{{ talos_node_config_file }}'
-        --with-secrets '{{ talos_cluster_secrets_file }}'
-        --config-patch @'{{ talos_generic_config_dir }}/talos-patch.yaml'
-        --config-patch-worker @'{{ talos_generic_config_dir }}/talos-patch-worker.yaml'
-        --config-patch='[{"op": "replace", "path": "/machine/network/hostname", "value": "{{ inventory_hostname }}"}]'
-        --config-patch='[{"op": "replace", "path": "/machine/install/disk", "value": "{{ talos_disk }}"}]'
-        --talos-version '{{ talos_image_version }}'
-        --kubernetes-version '{{ kubernetes_version }}'
-        --additional-sans '{{ talos_control_lb_hostname }}'
+        --output-types='worker'
+        --output='{{ talos_node_config_file }}'
+        --with-secrets='{{ talos_cluster_secrets_file }}'
+        --config-patch=@'{{ talos_generic_config_dir }}/talos-patch.yaml'
+        --config-patch-worker=@'{{ talos_generic_config_dir }}/talos-patch-worker.yaml'
+        --config-patch=@'{{ _talos_override_tempfile }}'
+        --talos-version='{{ talos_image_version }}'
+        --kubernetes-version='{{ kubernetes_version }}'
+        --additional-sans='{{ talos_control_lb_hostname }}'
        --force
+        --with-docs=false
+        --with-examples=false
  changed_when: true
--- a/roles/talos_upgrade/tasks/main.yml
+++ b/roles/talos_upgrade/tasks/main.yml
@ -21,3 +21,5 @@
  ansible.builtin.wait_for:
    host: "{{ ansible_remote }}"
    port: 50000
+    delay: 5
+    timeout: 300
--- a/talos.yml
+++ b/talos.yml
@ -8,6 +8,9 @@
    - talos
  roles:
    - role: talos_wait_port
+      tags:
+        - talos_wait_port
+        - talos_config_apply

 - name: Talos hardware nodes
  become: no
@ -15,9 +18,9 @@
  hosts:
    - talos_hardware_nodes
  roles:
-    - role: talos_dci_finish
+    - role: dci_finish
      tags:
-        - talos_dci_finish
+        - dci_finish

 - name: Talos config
  become: no
@ -26,7 +29,11 @@
    - talos
  roles:
    - role: talos_config_create
+      tags:
+        - talos_config_create
    - role: talos_config_apply
+      tags:
+        - talos_config_apply

 - name: Talos bootstrap
  become: no