Update .gitignore to include .env file and enhance README.md with instructions for deploying secrets. Refactor noble.yml to improve Kubernetes health check handling and update templates for error reporting. Modify cert-manager and metallb tasks to apply secrets from .env and adjust timeout settings. Clarify Newt installation requirements in tasks. These changes aim to streamline deployment processes and improve documentation clarity.

2026-03-28 15:36:52 -04:00
parent 46cedc965f
commit a48ac16c14
15 changed files with 123 additions and 14 deletions
--- a/ansible/playbooks/noble.yml
+++ b/ansible/playbooks/noble.yml
@@ -107,7 +107,7 @@
          - --request-timeout=15s
      environment:
        KUBECONFIG: "{{ noble_kubeconfig }}"
-      register: noble_k8s_health
+      register: noble_k8s_health_first
      failed_when: false
      changed_when: false
      tags: [always]
@@ -119,9 +119,9 @@
        - noble_k8s_api_server_auto_fallback | default(true) | bool
        - noble_k8s_api_server_override | default('') | length == 0
        - not (noble_skip_k8s_health_check | default(false) | bool)
-        - noble_k8s_health.rc != 0 or (noble_k8s_health.stdout | default('') | trim) != 'ok'
-        - ('network is unreachable' in (noble_k8s_health.stderr | default('') | lower)) or
-          ('no route to host' in (noble_k8s_health.stderr | default('') | lower))
+        - (noble_k8s_health_first.rc | default(1)) != 0 or (noble_k8s_health_first.stdout | default('') | trim) != 'ok'
+        - ('network is unreachable' in (noble_k8s_health_first.stderr | default('') | lower)) or
+          ('no route to host' in (noble_k8s_health_first.stderr | default('') | lower))
      block:
        - name: Ensure temp dir for kubeconfig auto-fallback
          ansible.builtin.file:
@@ -174,16 +174,27 @@
              - --request-timeout=15s
          environment:
            KUBECONFIG: "{{ noble_kubeconfig }}"
-          register: noble_k8s_health
+          register: noble_k8s_health_after_fallback
          failed_when: false
          changed_when: false

+        - name: Mark that API was re-checked after kubeconfig fallback
+          ansible.builtin.set_fact:
+            noble_k8s_api_fallback_used: true
+
+    - name: Normalize API health result for preflight (scalars; avoids dict merge / set_fact stringification)
+      ansible.builtin.set_fact:
+        noble_k8s_health_rc: "{{ noble_k8s_health_after_fallback.rc | default(1) if (noble_k8s_api_fallback_used | default(false) | bool) else (noble_k8s_health_first.rc | default(1)) }}"
+        noble_k8s_health_stdout: "{{ noble_k8s_health_after_fallback.stdout | default('') if (noble_k8s_api_fallback_used | default(false) | bool) else (noble_k8s_health_first.stdout | default('')) }}"
+        noble_k8s_health_stderr: "{{ noble_k8s_health_after_fallback.stderr | default('') if (noble_k8s_api_fallback_used | default(false) | bool) else (noble_k8s_health_first.stderr | default('')) }}"
+      tags: [always]
+
    - name: Fail when API check did not return ok
      ansible.builtin.fail:
        msg: "{{ lookup('template', 'templates/api_health_hint.j2') }}"
      when:
        - not (noble_skip_k8s_health_check | default(false) | bool)
-        - noble_k8s_health.rc != 0 or (noble_k8s_health.stdout | default('') | trim) != 'ok'
+        - (noble_k8s_health_rc | int) != 0 or (noble_k8s_health_stdout | default('') | trim) != 'ok'
      tags: [always]

  roles: