remove unnecessary parts of playbook, restructure playbook

ansible/bootstrap.yml

@@ -37,29 +37,30 @@
   # See https://open.greenhost.net/openappstack/openappstack/issues/102
   strategy: linear
   roles:
-    - role: configure
-      tags: ['configure']
+    - role: pre-configure
+      tags: ['pre-configure']
 
-- name: Prepare nodes
-  hosts: all
-  roles:
-    - role: prepare_node
-      tags: ['prepare_node']
-
-- name: Install control shell
+- name: Install Kubernetes
   hosts: master
   tasks:
   - name: Run everything
     block:
       - import_role:
-          name: get_control
-        tags: ['get_control']
-      # - import_role:
-      #     name: rke_configuration
-      #   tags: ['rke_configuration']
+          name: configure
+        tags: ['configure']
       - import_role:
-          name: setup
-        tags: ['setup']
+          name: setup-kubernetes
+        tags: ['setup-kubernetes']
+    always:
+      - import_role:
+          name: finalize
+        tags: ['finalize']
+
+- name: Install OpenAppStack
+  hosts: master
+  tasks:
+  - name: Run everything
+    block:
       - import_role:
           name: apps
         tags: ['apps']

ansible/roles/additional_config/README.md

-This role configures the cluster after app installation has started via
-flux.
-All resources that are not needed for flux should go here, so we save time by
-starting the flux install process early in the background.

ansible/roles/additional_config/tasks/dns.yml

----
-- name: Use core-dns service for system resolver
-  tags:
-    - dns
-    - core-dns
-  lineinfile:
-    path: /etc/resolv.conf
-    insertbefore: BOF
-    line: nameserver 10.43.0.10

ansible/roles/additional_config/tasks/main.yml

----
-- import_tasks: dns.yml

ansible/roles/apps/tasks/flux.yml → ansible/roles/apps/tasks/core.yml

 ---
+- name: Create OAS namespaces
+  tags:
+    - kubernetes
+    - namespace
+  k8s:
+    name: '{{ item }}'
+    api_version: v1
+    kind: Namespace
+    state: present
+  with_items:
+    - 'oas'
+    - 'oas-apps'
+    - 'cert-manager'
+
 - name: Install helm-operator
   tags:
     - flux

ansible/roles/apps/tasks/main.yml

 ---
 
-- name: Install helm operator, local-path-provisioner and flux
-  import_tasks: flux.yml
+- name: Install namespaces, helm operator, local-path-provisioner and flux
+  import_tasks: core.yml
 
 - name: Tasks pertaining to cert-manager
   import_tasks: cert-manager.yml

ansible/roles/configure/tasks/main.yml

 ---
+# Create relevant directories
 
-- name: Configure journald
-  import_tasks: journald.yml
+- name: Create some directories
+  file:
+    path: "{{ item }}"
+    state: directory
+  become: true
+  with_items:
+    - "{{ configuration_directory }}"
+    - "/usr/local/share/bash-completion/completions"
 
-- name: Update apt packages cache and install needed packages
-  # apt-transport-https is needed for docker apt repo
-  # curl and git is needed for helm plugin install
-  tags:
-    - firewall
-  apt:
-    state: present
-    name:
-      - apt-transport-https
-      - curl
-      - dnsutils
-      - git
-      - nftables
-      - rsync
-      - snapd
-      - unattended-upgrades
-    # Update again after 1 day
-    cache_valid_time: 86400
-    update_cache: yes
+- name: Create README in configuration directory
+  template:
+    src: configuration_README.md
+    dest: "{{ configuration_directory }}/README.md"
+  become: true
 
-- name: Remove unwanted packages
+- name: Install bash-completion
   tags:
-    - package
+    - bash
+    - completion
   package:
-    state: absent
-    name: "{{ item }}"
-  with_items:
-    # In order to save disk space we remove traditional syslog packages
-    # and only rely on systemd journald
-    # see https://open.greenhost.net/openappstack/openappstack/-/issues/575
-    - rsyslog
-    - syslog-ng
+    name: "bash-completion"
 
-- name: Install python deps
+- name: Add kubectl bash kompletion
   tags:
-    - package
-  package:
-    name: "{{ item }}"
-  with_items:
-    - python3-pip
-    - python3-setuptools
-    - python3-wheel
-    - python3-psutil
+    - bash
+    - kubectl
+    - completion
+  shell: kubectl completion bash > /etc/bash_completion.d/kubectl
+  args:
+    creates: /etc/bash_completion.d/kubectl
 
-- name: Install python packages via pip3
+- name: Add helm bash completion
   tags:
-    - package
-    - pip
-  pip:
-    name:
-      # The openshift python package is needed for ansible k8s resource.
-      - openshift
-    executable: /usr/bin/pip3
-
-- name: Set configuration directory
-  set_fact:
-    configuration_directory: "{{ configuration_directory }}"
-
-- name: Install kubectl snap
-  # kubectl needs to get installed as "classic" snap
-  command: snap install --classic kubectl
+    - bash
+    - helm
+    - completion
+  shell: helm completion bash > /etc/bash_completion.d/helm
   args:
-    creates: /snap/bin/kubectl
-
-- name: Create kubectl symlink to /usr/local/bin
-  file:
-    state: link
-    src: /snap/bin/kubectl
-    dest: /usr/local/bin/kubectl
+    creates: /etc/bash_completion.d/helm
 
-- name: Get current helm version
+- name: Deploy /root/.bashrc_oas
   tags:
-    - helm
-  shell: helm version | grep 'Client' | cut -d'"' -f 2 | tr -d 'v'
-  failed_when: false
-  register: helm_version
-  changed_when: false
+    - bash
+    - krew
+  copy:
+    dest: /root/.bashrc_oas
+    src: bashrc_oas
 
-- name: Show current helm version
+- name: Source /root/.bashrc_oas from /root/.bashrc
   tags:
-    - helm
-    - debug
-  debug:
-    msg: 'Current helm version is: {{ helm_version.stdout }}'
+    - bash
+  blockinfile:
+    path: "/root/.bashrc"
+    state: present
+    create: true
+    block: |
+      # Source Openappstack addtions from .bashrc_oas
+      . /root/.bashrc_oas
 
-- name: Download helm install script
+- name: Record OpenAppStack version info
   tags:
-    - helm
-  get_url:
-    url: https://raw.githubusercontent.com/helm/helm/master/scripts/get
-    dest: /usr/local/bin/get-helm
-    force: yes
-    mode: '0755'
-  become: true
+    - version
+  shell: "{{ item }}"
+  with_items:
+    - cat ../VERSION
+    - git log --pretty=format:"%H" -n 1
+    - git tag -l $(<../VERSION) '--format=%(*objectname)'
+  delegate_to: localhost
+  register: openappstack_version
+  changed_when: false
 
-- name: Install helm
+- name: Create OpenAppStack version file
   tags:
-    - helm
-  command: /usr/local/bin/get-helm --version v{{ helm.version }}
-  when: helm_version.stdout != helm.version
+    - version
+  template:
+    src: "version.txt"
+    dest: "/var/lib/OpenAppStack/version.txt"
+    mode: "0444"
+  become: true
 
-- name: Get list of installed helm repos
+- name: Install oas-version-info.sh script
   tags:
-    - helm
-  command: /usr/local/bin/helm repo list
-  # `helm repo list` exits with an error code if the list of repos is empty.
-  failed_when: false
-  register: helm_repo_list
+    - debug
+    - scripts
+    - version
+  copy:
+    dest: /usr/local/bin/
+    src: oas-version-info.sh
+    mode: '0755'
+  become: true
 
-- name: Add helm stable repo
+- name: Use core-dns service for system resolver
   tags:
-    - helm
-  command: /usr/local/bin/helm repo add stable https://kubernetes-charts.storage.googleapis.com/
-  when: not (helm_repo_list.stdout | regex_search('^stable\\s', multiline=True))
+    - dns
+    - core-dns
+  lineinfile:
+    path: /etc/resolv.conf
+    insertbefore: BOF
+    line: nameserver 10.43.0.10

ansible/roles/get_control/tasks/main.yml

----
-
-- name: Create some directories
-  file:
-    path: "{{ item }}"
-    state: directory
-  become: true
-  with_items:
-    - "{{ configuration_directory }}"
-    - "{{ data_directory }}"
-    - "{{ data_directory }}/ssh"
-    - "{{ data_directory }}/rke"
-    - "/usr/local/share/bash-completion/completions"
-
-- name: Create directory for values
-  file:
-    path: "{{ configuration_directory }}/values"
-    state: directory
-  become: true
-
-- name: Create README in configuration directory
-  template:
-    src: configuration_README.md
-    dest: "{{ configuration_directory }}/README.md"
-  become: true
-
-- name: Generate SSH keys for rke
-  shell: ssh-keygen -f {{ data_directory }}/ssh/ssh_key -C "oas-control@${hostname}" -q -N ""
-  args:
-    creates: "{{ data_directory }}/ssh/ssh_key"
-  become: true
-
-- name: Retrieve new public key
-  slurp:
-    src: "{{ data_directory }}/ssh/ssh_key.pub"
-  register: ssh_key
-  become: true
-
-- name: Allow access to node using new key
-  authorized_key:
-    key: "{{ ssh_key.content | b64decode }}"
-    user: "root"
-    comment: "OpenAppStack control"
-  become: true
-
-- name: Store external ip on the node itself
-  copy:
-    content: "{{ ip_address }}"
-    dest: "{{ data_directory }}/ip"
-
-- name: Install bash-completion
-  tags:
-    - bash
-    - completion
-  package:
-    name: "bash-completion"
-
-- name: Add kubectl bash kompletion
-  tags:
-    - bash
-    - kubectl
-    - completion
-  shell: kubectl completion bash > /etc/bash_completion.d/kubectl
-  args:
-    creates: /etc/bash_completion.d/kubectl
-
-- name: Add helm bash completion
-  tags:
-    - bash
-    - helm
-    - completion
-  shell: helm completion bash > /etc/bash_completion.d/helm
-  args:
-    creates: /etc/bash_completion.d/helm
-
-- name: Deploy /root/.bashrc_oas
-  tags:
-    - bash
-    - krew
-  copy:
-    dest: /root/.bashrc_oas
-    src: bashrc_oas
-
-- name: Source /root/.bashrc_oas from /root/.bashrc
-  tags:
-    - bash
-  blockinfile:
-    path: "/root/.bashrc"
-    state: present
-    create: true
-    block: |
-      # Source Openappstack addtions from .bashrc_oas
-      . /root/.bashrc_oas
-
-- name: Remove old oas_control and oas_control scripts
-  file:
-    state: absent
-    path: '/usr/local/bin/{{ item }}'
-  with_items:
-    - 'oas_control'
-    - 'oas_controlshell'
-  become: true
-
-- name: Record OpenAppStack version info
-  tags:
-    - version
-  shell: "{{ item }}"
-  with_items:
-    - cat ../VERSION
-    - git log --pretty=format:"%H" -n 1
-    - git tag -l $(<../VERSION) '--format=%(*objectname)'
-  delegate_to: localhost
-  register: openappstack_version
-  changed_when: false
-
-- name: Create OpenAppStack version file
-  tags:
-    - version
-  template:
-    src: "version.txt"
-    dest: "/var/lib/OpenAppStack/version.txt"
-    mode: "0444"
-  become: true
-
-- name: Install oas-version-info.sh script
-  tags:
-    - debug
-    - scripts
-    - version
-  copy:
-    dest: /usr/local/bin/
-    src: oas-version-info.sh
-    mode: '0755'
-  become: true

ansible/roles/prepare_node/tasks/main.yml → ansible/roles/pre-configure/tasks/firewall.yml

@@ -40,6 +40,3 @@
     state: absent
     path: "/etc/iptables/"
   become: true
-
-  # - name: Install docker if necessary
-  #   import_tasks: "docker.yml"

ansible/roles/pre-configure/tasks/main.yml

+---
+# Configures the VPS and ensures all the software we need running on it, is
+# running on it.
+
+- name: Configure journald
+  import_tasks: journald.yml
+
+- name: Update apt packages cache and install needed packages
+  # apt-transport-https is needed for docker apt repo
+  # curl and git is needed for helm plugin install
+  tags:
+    - firewall
+  apt:
+    state: present
+    name:
+      - apt-transport-https
+      - curl
+      - dnsutils
+      - git
+      - nftables
+      - rsync
+      - snapd
+      - unattended-upgrades
+    # Update again after 1 day
+    cache_valid_time: 86400
+    update_cache: yes
+
+- name: Remove unwanted packages
+  tags:
+    - package
+  package:
+    state: absent
+    name: "{{ item }}"
+  with_items:
+    # In order to save disk space we remove traditional syslog packages
+    # and only rely on systemd journald
+    # see https://open.greenhost.net/openappstack/openappstack/-/issues/575
+    - rsyslog
+    - syslog-ng
+
+- name: Install python deps
+  tags:
+    - package
+  package:
+    name: "{{ item }}"
+  with_items:
+    - python3-pip
+    - python3-setuptools
+    - python3-wheel
+    - python3-psutil
+
+- name: Install python packages via pip3
+  tags:
+    - package
+    - pip
+  pip:
+    name:
+      # The openshift python package is needed for ansible k8s resource.
+      - openshift
+    executable: /usr/bin/pip3
+
+- name: Set configuration directory
+  set_fact:
+    configuration_directory: "{{ configuration_directory }}"
+
+- name: Install kubectl snap
+  # kubectl needs to get installed as "classic" snap
+  command: snap install --classic kubectl
+  args:
+    creates: /snap/bin/kubectl
+
+- name: Create kubectl symlink to /usr/local/bin
+  file:
+    state: link
+    src: /snap/bin/kubectl
+    dest: /usr/local/bin/kubectl
+
+- name: Get current helm version
+  tags:
+    - helm
+  shell: helm version | grep 'Client' | cut -d'"' -f 2 | tr -d 'v'
+  failed_when: false
+  register: helm_version
+  changed_when: false
+
+- name: Show current helm version
+  tags:
+    - helm
+    - debug
+  debug:
+    msg: 'Current helm version is: {{ helm_version.stdout }}'
+
+- name: Download helm install script
+  tags:
+    - helm
+  get_url:
+    url: https://raw.githubusercontent.com/helm/helm/master/scripts/get
+    dest: /usr/local/bin/get-helm
+    force: yes
+    mode: '0755'
+  become: true
+
+- name: Install helm
+  tags:
+    - helm
+  command: /usr/local/bin/get-helm --version v{{ helm.version }}
+  when: helm_version.stdout != helm.version
+
+- name: Configure firewall
+  import_tasks: journald.yml

ansible/roles/prepare_node/defaults/main.yml

-docker_version: "5:18.09.2~3-0~debian-buster"

ansible/roles/prepare_node/handlers/main.yml

----
-- name: restart docker
-  service:
-    name: "docker"
-    state: restarted