e2c56108ee
1. Extending templater with kyaml functions and creating combined catalogue to be able to request/update the existing resources. This is based on 'everything is transformer' concept introduced in kustomize 4.x That includes gathering all secrets into 1 variable catalogue and special mechanism to regenerate/merge with manual secrets. 2. Implementing 'catalogue per cluster' approach for secrets. 3. Rearranging secrets so it's possible to use: pgp (each person may have his own key), age, Hachicorp Vault and etc and the list of people who can decrypt documents is set in a special file. Since in some cases there should be a separate list of people who can decrypt data - this list is set for each cluster (ephemeral and target) separatelly. Closes: #586 Change-Id: I038f84dd138d5ad4a35f4862c61ff2124c2fd530
70 lines
2.5 KiB
YAML
70 lines
2.5 KiB
YAML
# Licensed under the Apache License, Version 4.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
- name: get BareMetalHost objects
|
|
shell: |
|
|
set -e
|
|
kustomize build --enable-alpha-plugins --network \
|
|
{{ airship_config_manifest_directory }}/{{ airship_config_site_path }}/{{ path }} 2>/dev/null |
|
|
kustomize cfg grep "kind=BareMetalHost"
|
|
register: bmh_command
|
|
failed_when: "bmh_command.stdout == ''"
|
|
environment:
|
|
KUSTOMIZE_ENABLE_ALPHA_COMMANDS: "true"
|
|
SOPS_IMPORT_PGP: "{{ airship_config_pgp }}"
|
|
|
|
- set_fact:
|
|
bmh: "{{ bmh_command.stdout | from_yaml_all | list }}"
|
|
|
|
- name: get network configuration for BareMetalHost objects
|
|
shell: |
|
|
set -e
|
|
kustomize build --enable-alpha-plugins --network \
|
|
{{ airship_config_manifest_directory }}/{{ airship_config_site_path }}/{{ path }} 2>/dev/null |
|
|
kustomize cfg grep "metadata.name={{ item.spec.networkData.name }}"
|
|
register: netdata_command
|
|
failed_when: "netdata_command.stdout == ''"
|
|
environment:
|
|
KUSTOMIZE_ENABLE_ALPHA_COMMANDS: "true"
|
|
SOPS_IMPORT_PGP: "{{ airship_config_pgp }}"
|
|
with_items: "{{ bmh }}"
|
|
|
|
- name: get links from network data per BareMetalHost object
|
|
set_fact:
|
|
links: |
|
|
{{
|
|
netdata_command.results |
|
|
map(attribute='stdout')| map('from_yaml') |
|
|
map(attribute='stringData.networkData') | map('from_yaml') |
|
|
map(attribute='links') | list
|
|
}}
|
|
|
|
- name: define list of VM mac addresses and VM boot mode
|
|
set_fact:
|
|
vm_cfg: "{{ dict(['boot_mode', 'nat_mac', 'provision_mac'] | zip([item.spec.bootMode, nat_mac_list[0], item.spec.bootMACAddress])) }}"
|
|
vars:
|
|
nat_mac_list: |
|
|
{{
|
|
links[idx] |
|
|
rejectattr('ethernet_mac_address', 'undefined') |
|
|
selectattr('ethernet_mac_address', '!=', item.spec.bootMACAddress) |
|
|
map(attribute='ethernet_mac_address') | list
|
|
}}
|
|
failed_when: nat_mac_list | length == 0
|
|
loop: "{{ bmh }}"
|
|
loop_control:
|
|
index_var: idx
|
|
register: vm_cfg_fact
|
|
|
|
- set_fact:
|
|
"{{ name }}_vm_cfg": "{{ vm_cfg_fact.results | map(attribute='ansible_facts.vm_cfg') | list }}"
|