Merge branch 'master' into linting

Author: majst01

common/README.md

@@ -0,0 +1,11 @@
+# common
+
+Contains common roles for deploying the metal-stack.
+
+## Roles
+
+| Role Name                                              | Description                                                                                                                |
+| ------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------- |
+| [defaults](roles/defaults)                             | Provides defaults both relevant for partition and control-plane, it also provides a release vector mapping for metal-roles |
+| [metal-deployment-token](roles/metal-deployment-token) | Creates an V2 admin token that can be used during the deployment to create API resources                                   |
+| [metal-v2-client](roles/metal-v2-client)               | Installs metal-stack-api                                                                                                   |

common/roles/defaults/defaults/main.yaml

@@ -15,6 +15,7 @@ metal_stack_release:
     # control plane
     metal_api_image_tag: "docker-images.metal-stack.control-plane.metal-api.tag"
     metal_api_image_name: "docker-images.metal-stack.control-plane.metal-api.name"
+    metal_api_version: "projects.metal-stack.api.version"
     metal_apiserver_image_tag: "docker-images.metal-stack.control-plane.metal-apiserver.tag"
     metal_apiserver_image_name: "docker-images.metal-stack.control-plane.metal-apiserver.name"
     metal_metalctl_image_tag: "docker-images.metal-stack.control-plane.metalctl.tag"

common/roles/metal-deployment-token/README.md

@@ -0,0 +1,22 @@
+# metal-deployment-token
+
+This role can be used to create a short-lives admin deployment token intended for deploying infra services. Typically these require a dedicated tenant and a specific api token. The token is created through the metal-apiserver CLI through Kubernetes pod exec. So, it is required to have a connection to the Kubernetes cluster where the metal-apiserver is running.
+
+All tasks for this are run on the deployment machine (`localhost`). The token is then exported with the name `metal_deployment_admin_token` as an Ansible fact for the `localhost`.
+
+If a connection to the control plane Kubernetes cluster is unwanted, another option for the deployment would be to create a long-lived token for the deployment and just set `metal_deployment_admin_token` in `host_vars` for `localhost`. Then this role can be quickly swapped in or out.
+
+Please note that the created token has admin privileges by nature and expires fairly quickly. The created token is only intended to live during a CI deployment. It should not be stored on a target host.
+
+## Requirements
+
+- The metal-stack V2 API client needs to be installed (see [metal-v2-client role](../metal-v2-client/))
+
+## Variables
+
+You can look up all the default values of this role [here](defaults/main.yaml).
+
+| Name                              | Mandatory | Description                         |
+| --------------------------------- | --------- | ----------------------------------- |
+| metal_deployment_token_admin_role |           | The admin role to be created        |
+| metal_deployment_token_expiration |           | The expiration of the created token |

common/roles/metal-deployment-token/defaults/main.yaml

@@ -0,0 +1,3 @@
+---
+metal_deployment_token_admin_role: ADMIN_ROLE_EDITOR
+metal_deployment_token_expiration: 1h

common/roles/metal-deployment-token/meta/main.yml

@@ -0,0 +1,18 @@
+---
+galaxy_info:
+  role_name: metal-deployment-token
+  author: metal-stack
+  description: This role creates a deployment token and exports it in order to deploy infra services with it.
+  license: MIT
+  min_ansible_version: "2.18"
+  galaxy_tags: []
+
+  platforms:
+    - name: GenericLinux
+      versions:
+        - all
+
+dependencies:
+  - role: ansible-common
+  - role: metal-roles/common/roles/defaults
+  - role: metal-roles/control-plane/roles/defaults

common/roles/metal-deployment-token/tasks/main.yaml

@@ -0,0 +1,36 @@
+---
+- name: Create admin api token for the deployment
+  block:
+
+    - name: Wait until the metal-apiserver is running
+      kubernetes.core.k8s_info:
+        kind: Deployment
+        name: metal-apiserver
+        namespace: "{{ metal_control_plane_namespace }}"
+        wait: yes
+        wait_sleep: 1
+        wait_timeout: 60
+
+    - name: Get metal-apiserver pods
+      set_fact:
+        _metal_apiserver_pod: "{{ (lookup('k8s', api_version='v1', kind='Pod', namespace=metal_control_plane_namespace, label_selector='app=metal-apiserver') | list_wrap)[0].get('metadata', {}).get('name') }}"
+
+    - name: Generate deployment token
+      no_log: true
+      kubernetes.core.k8s_exec:
+        namespace: "{{ metal_control_plane_namespace }}"
+        pod: "{{ _metal_apiserver_pod }}"
+        command: |
+          /server token
+            --description=ansible-ci-deployment
+            --admin-role={{ metal_deployment_token_admin_role }}
+            --expiration={{ metal_deployment_token_expiration }}
+      register: _generated_token
+
+    - name: Set deployment token
+      set_fact:
+        metal_deployment_admin_token: "{{ _generated_token.stdout_lines[-1] }}"
+
+  delegate_to: localhost
+  run_once: true
+  when: metal_deployment_admin_token is not defined

…ol-plane/roles/metal-v2-client/README.md common/roles/metal-v2-client/README.mdcontrol-plane/roles/metal-v2-client/README.md renamed to common/roles/metal-v2-client/README.md control-plane/roles/metal-v2-client/README.md renamed to common/roles/metal-v2-client/README.md

@@ -1,9 +1,9 @@
 ---
-- name: Gather releases
-  setup_yaml:
-
 - name: Install metal-stack-api
   block:
+    - name: Gather releases
+      setup_yaml:
+
     - name: Install metal-stack-api client library {{ metal_api_version }}
       pip:
         name: