From d1f5c64c657412b33f19185a78c7700eb472d5a4 Mon Sep 17 00:00:00 2001 From: Stefan Majer Date: Mon, 20 Oct 2025 10:15:21 +0200 Subject: [PATCH 1/9] WIP install image-cache into partition --- deploy_partition.yaml | 2 ++ inventories/group_vars/all/images.yaml | 15 ++++++++++----- inventories/group_vars/partition/image_cache.yaml | 7 +++++++ 3 files changed, 19 insertions(+), 5 deletions(-) create mode 100644 inventories/group_vars/partition/image_cache.yaml diff --git a/deploy_partition.yaml b/deploy_partition.yaml index c8299608..875400b3 100644 --- a/deploy_partition.yaml +++ b/deploy_partition.yaml @@ -31,6 +31,8 @@ tags: dhcp - name: metal-roles/partition/roles/pixiecore tags: pixiecore + - name: metal-roles/partition/roles/image-cache + tags: image-cache - name: Deploy metal-core hosts: leaves diff --git a/inventories/group_vars/all/images.yaml b/inventories/group_vars/all/images.yaml index f79bfd9f..b77e2a9b 100644 --- a/inventories/group_vars/all/images.yaml +++ b/inventories/group_vars/all/images.yaml @@ -10,8 +10,8 @@ setup_yaml: ## # metal_hammer_image_url: https://images.metal-stack.io/metal-hammer/pull-requests//metal-hammer-initrd.img.lz4 -# metal_api_image_name: -# metal_api_image_tag: +# metal_api_image_name: ghcr.io/metal-stack/metal-api +# metal_api_image_tag: mep-4-network-migration # metal_apiserver_image_name: # metal_apiserver_image_tag: # metal_metalctl_image_name: @@ -25,17 +25,22 @@ setup_yaml: # headscale_image_tag: v0.26.1 # headscale_db_backup_restore_sidecar_image_tag: latest # headscale_db_backup_restore_sidecar_image_name: ghcr.io/metal-stack/backup-restore-sidecar -# headscale_db_image_tag: 17-alpine +# headscale_db_image_tag: 16-alpine +ipam_db_image_tag: 18.0-alpine +masterdata_db_image_tag: 18.0-alpine # headscale_db_image_name: postgres # ... # +image_cache_sync_image_tag: migrate-to-metal-apiserver +image_cache_sync_image_name: ghcr.io/metal-stack/metal-image-cache-sync + ## ## for ansible roles ## -# ansible_common_version: -# metal_roles_version: +# ansible_common_version: support-systemd-credentials +metal_roles_version: migrate-metal-image-cache-sync-to-metal-apiserver # metal_ansible_modules_version: ## diff --git a/inventories/group_vars/partition/image_cache.yaml b/inventories/group_vars/partition/image_cache.yaml new file mode 100644 index 00000000..505f9de2 --- /dev/null +++ b/inventories/group_vars/partition/image_cache.yaml @@ -0,0 +1,7 @@ +--- +image_cache_sync_metal_apiserver_url: "http://v2.api.172.17.0.1.nip.io:8080" +image_cache_sync_metal_apiserver_token: "eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwOi8vdjIuYXBpLjE3Mi4xNy4wLjEubmlwLmlvOjgwODAiLCJzdWIiOiJDaVF3TURBd01EQXdNQzB3TURBd0xUQXdNREF0TURBd01DMHdNREF3TURBd01EQXdNREVTQld4dlkyRnNAb2lkYyIsImV4cCI6MTc1MjY3NjgzNSwibmJmIjoxNzUyNjczMjM1LCJpYXQiOjE3NTI2NzMyMzUsImp0aSI6IjY1M2EyNTc0LTIxZTctNDUwMC05ZTkzLTNiMzVkYTI4M2IzNyIsInR5cGUiOiJUT0tFTl9UWVBFX0FQSSJ9.ASd6Yhp1s9XdTegAO4OeXEh2hLnvolVYW6jJ0g8ZJkBlpKXssmK8xm97nDHAu1JzSoZ0C_wZ2leZLIuKUQ4UqNJ9AayLScnH_POT2b9dsVP3XV56RleQFXLItCvAsLh86EfLVRbaJjO3HvUgMvHDiNwYI7veuker8BKGpKEoCrcDDZ_F" +image_cache_sync_excludes: + - "/pull_requests/" + - "/stable/" +image_cache_sync_expiration_grace_period: 100 From 957a2d2fca2499d0112728c59b3762d798ce11c3 Mon Sep 17 00:00:00 2001 From: Gerrit Date: Fri, 24 Oct 2025 10:47:24 +0200 Subject: [PATCH 2/9] [ci skip] Update but not yet working. --- compose.yaml | 2 ++ deploy_partition.yaml | 12 ++++++++++-- inventories/control-plane.yaml | 1 + inventories/group_vars/all/images.yaml | 2 +- inventories/group_vars/partition/image_cache.yaml | 1 - inventories/partition.yaml | 1 + 6 files changed, 15 insertions(+), 4 deletions(-) diff --git a/compose.yaml b/compose.yaml index 67762c08..e2a42109 100644 --- a/compose.yaml +++ b/compose.yaml @@ -47,6 +47,8 @@ services: # - ${HOME}/.ansible/roles/metal-ansible-modules:/root/.ansible/roles/metal-ansible-modules:ro environment: - ANSIBLE_CONFIG=/mini-lab/ansible.cfg + - KUBECONFIG=/mini-lab/.kubeconfig + - K8S_AUTH_KUBECONFIG=/mini-lab/.kubeconfig - CI=${CI} - DOCKER_HUB_USER=${DOCKER_HUB_USER} - DOCKER_HUB_TOKEN=${DOCKER_HUB_TOKEN} diff --git a/deploy_partition.yaml b/deploy_partition.yaml index 875400b3..94d840d4 100644 --- a/deploy_partition.yaml +++ b/deploy_partition.yaml @@ -1,4 +1,14 @@ --- +- name: Install python client and generate deployment token + hosts: localhost + connection: local + gather_facts: false + roles: + - name: ansible-common + tags: always + - name: metal-roles/control-plane/roles/metal-python + - name: metal-roles/control-plane/roles/metal-deployment-token + - name: Configure leaves hosts: leaves any_errors_fatal: true @@ -54,8 +64,6 @@ tags: always - name: metal-ansible-modules tags: always - - name: metal-roles/control-plane/roles/metal-python - tags: metal-python post_tasks: - name: Wait for switches to register command: echo diff --git a/inventories/control-plane.yaml b/inventories/control-plane.yaml index f6d4f244..42af64e0 100644 --- a/inventories/control-plane.yaml +++ b/inventories/control-plane.yaml @@ -3,3 +3,4 @@ control-plane: hosts: localhost: ansible_python_interpreter: "{{ ansible_playbook_python }}" + ansible_connection: local diff --git a/inventories/group_vars/all/images.yaml b/inventories/group_vars/all/images.yaml index b77e2a9b..7ae5d5a3 100644 --- a/inventories/group_vars/all/images.yaml +++ b/inventories/group_vars/all/images.yaml @@ -41,7 +41,7 @@ image_cache_sync_image_name: ghcr.io/metal-stack/metal-image-cache-sync # ansible_common_version: support-systemd-credentials metal_roles_version: migrate-metal-image-cache-sync-to-metal-apiserver -# metal_ansible_modules_version: +metal_ansible_modules_version: v2-modules ## ## helm charts diff --git a/inventories/group_vars/partition/image_cache.yaml b/inventories/group_vars/partition/image_cache.yaml index 505f9de2..71709675 100644 --- a/inventories/group_vars/partition/image_cache.yaml +++ b/inventories/group_vars/partition/image_cache.yaml @@ -1,6 +1,5 @@ --- image_cache_sync_metal_apiserver_url: "http://v2.api.172.17.0.1.nip.io:8080" -image_cache_sync_metal_apiserver_token: "eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwOi8vdjIuYXBpLjE3Mi4xNy4wLjEubmlwLmlvOjgwODAiLCJzdWIiOiJDaVF3TURBd01EQXdNQzB3TURBd0xUQXdNREF0TURBd01DMHdNREF3TURBd01EQXdNREVTQld4dlkyRnNAb2lkYyIsImV4cCI6MTc1MjY3NjgzNSwibmJmIjoxNzUyNjczMjM1LCJpYXQiOjE3NTI2NzMyMzUsImp0aSI6IjY1M2EyNTc0LTIxZTctNDUwMC05ZTkzLTNiMzVkYTI4M2IzNyIsInR5cGUiOiJUT0tFTl9UWVBFX0FQSSJ9.ASd6Yhp1s9XdTegAO4OeXEh2hLnvolVYW6jJ0g8ZJkBlpKXssmK8xm97nDHAu1JzSoZ0C_wZ2leZLIuKUQ4UqNJ9AayLScnH_POT2b9dsVP3XV56RleQFXLItCvAsLh86EfLVRbaJjO3HvUgMvHDiNwYI7veuker8BKGpKEoCrcDDZ_F" image_cache_sync_excludes: - "/pull_requests/" - "/stable/" diff --git a/inventories/partition.yaml b/inventories/partition.yaml index 23c0490e..f5f84812 100644 --- a/inventories/partition.yaml +++ b/inventories/partition.yaml @@ -6,6 +6,7 @@ partition: hosts: localhost: ansible_python_interpreter: "{{ ansible_playbook_python }}" + ansible_connection: local children: leaves: From 7f6663da3fcd6476efc731311e7644b9e84cc2d6 Mon Sep 17 00:00:00 2001 From: Gerrit Date: Fri, 13 Feb 2026 15:16:48 +0100 Subject: [PATCH 3/9] Fixes. --- compose.yaml | 11 ++++++----- deploy_partition.yaml | 4 ++-- inventories/group_vars/all/release_vector.yaml | 4 ++-- inventories/group_vars/control-plane/metal.yml | 2 ++ 4 files changed, 12 insertions(+), 9 deletions(-) diff --git a/compose.yaml b/compose.yaml index f8996ff7..7a65c838 100644 --- a/compose.yaml +++ b/compose.yaml @@ -8,10 +8,10 @@ services: - .:/mini-lab # for developing role dependencies # TODO: make this a switch - # - ${HOME}/.ansible/roles/ansible-common:/root/.ansible/roles/ansible-common:ro + - ${HOME}/.ansible/roles/ansible-common:/root/.ansible/roles/ansible-common:ro # - ${HOME}/.ansible/roles/metal-roles:/root/.ansible/roles/metal-roles:ro # - ${HOME}/.ansible/roles/metal-ansible-modules:/root/.ansible/roles/metal-ansible-modules:ro - # - ${HOME}/git/github.com/metal-stack/helm-charts:/helm-charts:ro + - ${HOME}/git/github.com/metal-stack/helm-charts:/helm-charts:ro environment: - ANSIBLE_CONFIG=/mini-lab/ansible.cfg - ANSIBLE_INVENTORY=inventories/control-plane.yaml @@ -40,8 +40,8 @@ services: - .:/mini-lab # for developing role dependencies # TODO: make this a switch - # - ${HOME}/.ansible/roles/ansible-common:/root/.ansible/roles/ansible-common:ro - # - ${HOME}/.ansible/roles/metal-roles:/root/.ansible/roles/metal-roles:ro + - ${HOME}/.ansible/roles/ansible-common:/root/.ansible/roles/ansible-common:ro + - ${HOME}/.ansible/roles/metal-roles:/root/.ansible/roles/metal-roles:ro # - ${HOME}/.ansible/roles/metal-ansible-modules:/root/.ansible/roles/metal-ansible-modules:ro environment: - ANSIBLE_CONFIG=/mini-lab/ansible.cfg @@ -60,7 +60,8 @@ services: - | cosign verify --key files/cosign.pub ghcr.io/metal-stack/metal-deployment-base:${DEPLOYMENT_BASE_IMAGE_TAG} ansible -m metalstack.base.metal_stack_release_vector localhost --extra-vars "@.extra_vars.yaml" - ansible-playbook deploy_partition.yaml --extra-vars "@.extra_vars.yaml" + #ansible-playbook deploy_partition.yaml --extra-vars "@.extra_vars.yaml" + tail -f /etc/hosts metalctl: image: ghcr.io/metal-stack/metalctl:${METALCTL_IMAGE_TAG} diff --git a/deploy_partition.yaml b/deploy_partition.yaml index f4d70680..aaf20d2c 100644 --- a/deploy_partition.yaml +++ b/deploy_partition.yaml @@ -6,8 +6,8 @@ roles: - name: ansible-common tags: always - - name: metal-roles/control-plane/roles/metal-python - - name: metal-roles/control-plane/roles/metal-deployment-token + - name: metal-roles/common/roles/metal-v2-client + - name: metal-roles/common/roles/metal-deployment-token - name: Configure leaves (Community SONiC) hosts: leaves:!dell_sonic diff --git a/inventories/group_vars/all/release_vector.yaml b/inventories/group_vars/all/release_vector.yaml index 09043381..1240e386 100644 --- a/inventories/group_vars/all/release_vector.yaml +++ b/inventories/group_vars/all/release_vector.yaml @@ -14,7 +14,7 @@ metal_stack_release_vectors: # metal_api_image_name: ghcr.io/metal-stack/metal-api # metal_api_image_tag: mep-4-network-migration # metal_apiserver_image_name: -# metal_apiserver_image_tag: +metal_apiserver_image_tag: pr-133 # metal_metalctl_image_name: # metal_metalctl_image_tag: # metal_masterdata_api_image_name: @@ -42,7 +42,7 @@ image_cache_sync_image_name: ghcr.io/metal-stack/metal-image-cache-sync # ansible_common_version: support-systemd-credentials metal_roles_version: migrate-metal-image-cache-sync-to-metal-apiserver -metal_ansible_modules_version: v2-modules +metal_ansible_modules_version: v2-module-adaptions ## ## helm charts diff --git a/inventories/group_vars/control-plane/metal.yml b/inventories/group_vars/control-plane/metal.yml index 9e5568d9..be79cfc2 100644 --- a/inventories/group_vars/control-plane/metal.yml +++ b/inventories/group_vars/control-plane/metal.yml @@ -3,6 +3,8 @@ metal_set_resource_limits: no metal_check_api_health_endpoint: http://api.{{ metal_control_plane_ingress_dns }}:8080/metal/v1/health metal_api_headscale_control_plane_address: "http://headscale.{{ metal_control_plane_ingress_dns }}:8080" +metal_helm_chart_local_path: /helm-charts/charts/metal-control-plane + metal_api_pdb_min_available: 1 metal_api_replicas: 1 metal_api_view_key: metal-view From 2eaef4d0aaf47a523dc25852d2894d4abb7848d6 Mon Sep 17 00:00:00 2001 From: Gerrit Date: Fri, 13 Feb 2026 15:25:27 +0100 Subject: [PATCH 4/9] Revert compose changes. --- compose.yaml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/compose.yaml b/compose.yaml index 7a65c838..f8996ff7 100644 --- a/compose.yaml +++ b/compose.yaml @@ -8,10 +8,10 @@ services: - .:/mini-lab # for developing role dependencies # TODO: make this a switch - - ${HOME}/.ansible/roles/ansible-common:/root/.ansible/roles/ansible-common:ro + # - ${HOME}/.ansible/roles/ansible-common:/root/.ansible/roles/ansible-common:ro # - ${HOME}/.ansible/roles/metal-roles:/root/.ansible/roles/metal-roles:ro # - ${HOME}/.ansible/roles/metal-ansible-modules:/root/.ansible/roles/metal-ansible-modules:ro - - ${HOME}/git/github.com/metal-stack/helm-charts:/helm-charts:ro + # - ${HOME}/git/github.com/metal-stack/helm-charts:/helm-charts:ro environment: - ANSIBLE_CONFIG=/mini-lab/ansible.cfg - ANSIBLE_INVENTORY=inventories/control-plane.yaml @@ -40,8 +40,8 @@ services: - .:/mini-lab # for developing role dependencies # TODO: make this a switch - - ${HOME}/.ansible/roles/ansible-common:/root/.ansible/roles/ansible-common:ro - - ${HOME}/.ansible/roles/metal-roles:/root/.ansible/roles/metal-roles:ro + # - ${HOME}/.ansible/roles/ansible-common:/root/.ansible/roles/ansible-common:ro + # - ${HOME}/.ansible/roles/metal-roles:/root/.ansible/roles/metal-roles:ro # - ${HOME}/.ansible/roles/metal-ansible-modules:/root/.ansible/roles/metal-ansible-modules:ro environment: - ANSIBLE_CONFIG=/mini-lab/ansible.cfg @@ -60,8 +60,7 @@ services: - | cosign verify --key files/cosign.pub ghcr.io/metal-stack/metal-deployment-base:${DEPLOYMENT_BASE_IMAGE_TAG} ansible -m metalstack.base.metal_stack_release_vector localhost --extra-vars "@.extra_vars.yaml" - #ansible-playbook deploy_partition.yaml --extra-vars "@.extra_vars.yaml" - tail -f /etc/hosts + ansible-playbook deploy_partition.yaml --extra-vars "@.extra_vars.yaml" metalctl: image: ghcr.io/metal-stack/metalctl:${METALCTL_IMAGE_TAG} From a4ac4a5cd8f07318bed7954889fefce6553e5b62 Mon Sep 17 00:00:00 2001 From: Gerrit Date: Fri, 13 Feb 2026 15:26:00 +0100 Subject: [PATCH 5/9] Common overwrite. --- inventories/group_vars/all/release_vector.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inventories/group_vars/all/release_vector.yaml b/inventories/group_vars/all/release_vector.yaml index 1240e386..dea23df5 100644 --- a/inventories/group_vars/all/release_vector.yaml +++ b/inventories/group_vars/all/release_vector.yaml @@ -40,7 +40,7 @@ image_cache_sync_image_name: ghcr.io/metal-stack/metal-image-cache-sync ## for ansible roles ## -# ansible_common_version: support-systemd-credentials +ansible_common_version: test-is-list metal_roles_version: migrate-metal-image-cache-sync-to-metal-apiserver metal_ansible_modules_version: v2-module-adaptions From c3f58f0e4c90d83f789b549f80588200b89ec2c8 Mon Sep 17 00:00:00 2001 From: Stefan Majer Date: Mon, 16 Feb 2026 11:39:41 +0100 Subject: [PATCH 6/9] Fix --- inventories/group_vars/all/release_vector.yaml | 6 +++--- inventories/group_vars/control-plane/metal.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/inventories/group_vars/all/release_vector.yaml b/inventories/group_vars/all/release_vector.yaml index dea23df5..76f26ea4 100644 --- a/inventories/group_vars/all/release_vector.yaml +++ b/inventories/group_vars/all/release_vector.yaml @@ -40,9 +40,9 @@ image_cache_sync_image_name: ghcr.io/metal-stack/metal-image-cache-sync ## for ansible roles ## -ansible_common_version: test-is-list -metal_roles_version: migrate-metal-image-cache-sync-to-metal-apiserver -metal_ansible_modules_version: v2-module-adaptions +# ansible_common_version: +# metal_roles_version: +# metal_ansible_modules_version: ## ## helm charts diff --git a/inventories/group_vars/control-plane/metal.yml b/inventories/group_vars/control-plane/metal.yml index be79cfc2..6e914d6e 100644 --- a/inventories/group_vars/control-plane/metal.yml +++ b/inventories/group_vars/control-plane/metal.yml @@ -3,7 +3,7 @@ metal_set_resource_limits: no metal_check_api_health_endpoint: http://api.{{ metal_control_plane_ingress_dns }}:8080/metal/v1/health metal_api_headscale_control_plane_address: "http://headscale.{{ metal_control_plane_ingress_dns }}:8080" -metal_helm_chart_local_path: /helm-charts/charts/metal-control-plane +# metal_helm_chart_local_path: /helm-charts/charts/metal-control-plane metal_api_pdb_min_available: 1 metal_api_replicas: 1 From 8612b4ce3c75a93449a19847378ce76f0a112f40 Mon Sep 17 00:00:00 2001 From: Gerrit Date: Mon, 16 Feb 2026 14:49:08 +0100 Subject: [PATCH 7/9] Move token generation to later point in time. --- deploy_partition.yaml | 29 ++++++++++++------- .../group_vars/all/release_vector.yaml | 2 +- 2 files changed, 20 insertions(+), 11 deletions(-) diff --git a/deploy_partition.yaml b/deploy_partition.yaml index aaf20d2c..fc50184b 100644 --- a/deploy_partition.yaml +++ b/deploy_partition.yaml @@ -1,14 +1,4 @@ --- -- name: Install python client and generate deployment token - hosts: localhost - connection: local - gather_facts: false - roles: - - name: ansible-common - tags: always - - name: metal-roles/common/roles/metal-v2-client - - name: metal-roles/common/roles/metal-deployment-token - - name: Configure leaves (Community SONiC) hosts: leaves:!dell_sonic any_errors_fatal: true @@ -88,6 +78,25 @@ pull: true failed_when: false +- name: Install python client and generate deployment token + hosts: localhost + connection: local + gather_facts: false + pre_tasks: + - name: Wait until the metal-apiserver is running + kubernetes.core.k8s_info: + kind: Deployment + name: metal-apiserver + namespace: "{{ metal_control_plane_namespace }}" + wait: true + wait_sleep: 1 + wait_timeout: 600 + roles: + - name: ansible-common + tags: always + - name: metal-roles/common/roles/metal-v2-client + - name: metal-roles/common/roles/metal-deployment-token + - name: Deploy pixiecore on leaf01 hosts: leaf01 become: true diff --git a/inventories/group_vars/all/release_vector.yaml b/inventories/group_vars/all/release_vector.yaml index 76f26ea4..3c1245ab 100644 --- a/inventories/group_vars/all/release_vector.yaml +++ b/inventories/group_vars/all/release_vector.yaml @@ -41,7 +41,7 @@ image_cache_sync_image_name: ghcr.io/metal-stack/metal-image-cache-sync ## # ansible_common_version: -# metal_roles_version: +metal_roles_version: migrate-metal-image-cache-sync-to-metal-apiserver # metal_ansible_modules_version: ## From ca495980aca617372eb626c6e0fd060df16a8413 Mon Sep 17 00:00:00 2001 From: Gerrit Date: Mon, 16 Feb 2026 15:03:37 +0100 Subject: [PATCH 8/9] Still install client for old modules. --- deploy_partition.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/deploy_partition.yaml b/deploy_partition.yaml index fc50184b..349b1f4f 100644 --- a/deploy_partition.yaml +++ b/deploy_partition.yaml @@ -165,6 +165,8 @@ tags: always - name: metal-ansible-modules tags: always + - name: metal-roles/control-plane/roles/metal-python + tags: metal-python post_tasks: - name: Wait for switches to register command: echo From d70c5bba4f431a7912af16c6c0a0b10af3b0c285 Mon Sep 17 00:00:00 2001 From: Gerrit Date: Mon, 23 Feb 2026 11:09:14 +0100 Subject: [PATCH 9/9] Remove overrides. --- inventories/group_vars/all/release_vector.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/inventories/group_vars/all/release_vector.yaml b/inventories/group_vars/all/release_vector.yaml index 3c1245ab..7aee7e4c 100644 --- a/inventories/group_vars/all/release_vector.yaml +++ b/inventories/group_vars/all/release_vector.yaml @@ -11,10 +11,10 @@ metal_stack_release_vectors: ## # metal_hammer_image_url: https://images.metal-stack.io/metal-hammer/pull-requests//metal-hammer-initrd.img.lz4 -# metal_api_image_name: ghcr.io/metal-stack/metal-api -# metal_api_image_tag: mep-4-network-migration +# metal_api_image_name: +# metal_api_image_tag: # metal_apiserver_image_name: -metal_apiserver_image_tag: pr-133 +# metal_apiserver_image_tag: # metal_metalctl_image_name: # metal_metalctl_image_tag: # metal_masterdata_api_image_name: