appuio · simu · Jan 24, 2024
diff --git a/docs/modules/ROOT/pages/how-tos/cloudscale/install.adoc b/docs/modules/ROOT/pages/how-tos/cloudscale/install.adoc
@@ -3,6 +3,7 @@
 :k8s-minor-version: 1.26
 :ocp-patch-version: {ocp-minor-version}.0
 :provider: cloudscale
+:needs_hieradata_edit: no
 
 [abstract]
 --
@@ -55,7 +56,6 @@ include::partial$install/register.adoc[]
 ----
 # https://control.cloudscale.ch/service/<your-project>/api-token
 export CLOUDSCALE_API_TOKEN=<cloudscale-api-token>
-export TF_VAR_lb_cloudscale_api_secret=<cloudscale-api-token-for-Floaty>
 ----
 
 include::partial$install/vshn-input.adoc[]
@@ -187,10 +187,6 @@ vault kv put clusters/kv/${TENANT_ID}/${CLUSTER_ID}/cloudscale \
   s3_access_key=$(mc config host ls ${CLUSTER_ID} -json | jq -r .accessKey) \
   s3_secret_key=$(mc config host ls ${CLUSTER_ID} -json | jq -r .secretKey)
 
-# Put LB API key in Vault
-vault kv put clusters/kv/${TENANT_ID}/${CLUSTER_ID}/floaty \
-  iam_secret=${TF_VAR_lb_cloudscale_api_secret}
-
 # Generate an HTTP secret for the registry
 vault kv put clusters/kv/${TENANT_ID}/${CLUSTER_ID}/registry \
   httpSecret=$(LC_ALL=C tr -cd "A-Za-z0-9" </dev/urandom | head -c 128)
@@ -216,8 +212,6 @@ vault kv get -format=json "clusters/kv/template/cert-manager" | jq '.data.data'
   | vault kv put -cas=0 "clusters/kv/${TENANT_ID}/${CLUSTER_ID}/cert-manager" -
 ----
 
-include::partial$get-hieradata-token-from-vault.adoc[]
-
 include::partial$install/prepare-commodore.adoc[]
 
 [#_configure_installer]
@@ -251,7 +245,7 @@ include::partial$cloudscale/configure-terraform-secrets.adoc[]
 
 include::partial$setup_terraform.adoc[]
 
-. Create LB hieradata
+. Create network and LBs
 +
 [source,bash]
 ----
@@ -264,40 +258,12 @@ module "cluster" {
   additional_worker_groups = {}
 }
 EOF
-terraform apply -target "module.cluster.module.lb.module.hiera"
-----
-
-. Review and merge the LB hieradata MR (listed in Terraform output `hieradata_mr`) and wait until the deploy pipeline after the merge is completed.
-
-. Create LBs
-+
-[source,bash]
-----
 terraform apply
 ----
 
 . Setup the DNS records shown in output variable `dns_entries` from the previous step in the cluster's parent zone.
 If you use a custom apps domain, make the necessary changes to the DNS record for `*.apps`.
 
-. Make LB FQDNs available for later steps
-+
-.Store LB FQDNs in environment
-[source,bash]
-----
-declare -a LB_FQDNS
-for id in 1 2; do
-  LB_FQDNS[$id]=$(terraform state show "module.cluster.module.lb.cloudscale_server.lb[$(expr $id - 1)]" | grep fqdn | awk '{print $2}' | tr -d ' "\r\n')
-done
-----
-+
-.Verify FQDNs
-[source,bash]
-----
-for lb in "${LB_FQDNS[@]}"; do echo $lb; done
-----
-
-include::partial$install/bootstrap-lb.adoc[]
-
 include::partial$install/bootstrap-nodes.adoc[]
 
 . Create secret with S3 credentials https://docs.openshift.com/container-platform/{ocp-minor-version}/registry/configuring_registry_storage/configuring-registry-storage-aws-user-infrastructure.html#registry-operator-config-resources-secret-aws_configuring-registry-storage-aws-user-infrastructure[for the registry]

diff --git a/docs/modules/ROOT/partials/cloudscale/configure-terraform-secrets.adoc b/docs/modules/ROOT/partials/cloudscale/configure-terraform-secrets.adoc
@@ -5,10 +5,5 @@
 cat <<EOF > ./terraform.env
 CLOUDSCALE_API_TOKEN
 TF_VAR_ignition_bootstrap
-TF_VAR_lb_cloudscale_api_secret
-TF_VAR_control_vshn_net_token
-GIT_AUTHOR_NAME
-GIT_AUTHOR_EMAIL
-HIERADATA_REPO_TOKEN
 EOF
 ----
diff --git a/docs/modules/ROOT/partials/install/bootstrap-nodes.adoc b/docs/modules/ROOT/partials/install/bootstrap-nodes.adoc
@@ -1,4 +1,5 @@
 
+ifeval::["{provider} == "exoscale"]
 . Deploy bootstrap node
 +
 [source,bash,subs="attributes+"]
@@ -37,8 +38,14 @@ while ! curl --connect-timeout 1 "${API_URL}/healthz" -k &>/dev/null; do
   sleep 5
 done && echo -e "\nAPI is up"
 ----
+endif::[]
 
+ifeval::["{provider}" == "cloudscale"]
+. Deploy bootstrap node and control plane nodes
+endif::[]
+ifeval::["{provider}" == "exoscale"]
 . Deploy control plane nodes
+endif::[]
 +
 [source,bash,subs="attributes+"]
 ----
@@ -121,6 +128,7 @@ This step isn't necessary if you've disabled the proxy protocol on the load-bala
 By default, PROXY protocol is enabled through the VSHN Commodore global defaults.
 ====
 
+ifeval::["{provider}" == "exoscale"]
 . Review and merge the LB hieradata MR (listed in Terraform output `hieradata_mr`) and run Puppet on the LBs after the deploy job has completed
 +
 [source,bash]
@@ -129,6 +137,7 @@ for fqdn in "${LB_FQDNS[@]}"; do
   ssh "${fqdn}" sudo puppetctl run
 done
 ----
+endif::[]
 
 . Wait for installation to complete
 +

diff --git a/docs/modules/ROOT/partials/install/finalize_part2.adoc b/docs/modules/ROOT/partials/install/finalize_part2.adoc
@@ -1,8 +1,5 @@
 === Finalize installation
 
-ifeval::["{provider}" == "cloudscale"]
-include::partial$install/finalize_part2_cloudscale_exoscale.adoc[]
-endif::[]
 ifeval::["{provider}" == "exoscale"]
 include::partial$install/finalize_part2_cloudscale_exoscale.adoc[]
 endif::[]

diff --git a/docs/modules/ROOT/partials/install/prepare-syn-config-terraform.adoc b/docs/modules/ROOT/partials/install/prepare-syn-config-terraform.adoc
@@ -1,16 +1,13 @@
-. Set team responsible for handling Icinga alerts
+. Prepare Terraform cluster config
 +
-[source,bash]
+[source,bash,subs="attributes+"]
 ----
-# use lower case for team name.
+ifeval::["{provider}" == "exoscale"]
+# Define team responsible for the Puppet-managed LBs
 # e.g. TEAM=tarazed
 TEAM=<team-name>
-----
+endif::[]
 
-. Prepare Terraform cluster config
-+
-[source,bash,subs="attributes+"]
-----
 CA_CERT=$(jq -r '.ignition.security.tls.certificateAuthorities[0].source' \
   "${INSTALLER_DIR}/master.ign" | \
   awk -F ',' '{ print $2 }' | \
@@ -22,20 +19,20 @@ yq eval -i ".parameters.openshift4_terraform.terraform_variables.base_domain = \
 yq eval -i ".parameters.openshift4_terraform.terraform_variables.ignition_ca = \"${CA_CERT}\"" \
   ${CLUSTER_ID}.yml
 
-ifeval::["{provider}" == "exoscale"]
-yq eval -i ".parameters.openshift4_terraform.terraform_variables.ssh_key = \"$(cat ${SSH_PUBLIC_KEY})\"" \
-  ${CLUSTER_ID}.yml
-endif::[]
 ifeval::["{provider}" != "exoscale"]
 yq eval -i ".parameters.openshift4_terraform.terraform_variables.ssh_keys = [\"$(cat ${SSH_PUBLIC_KEY})\"]" \
   ${CLUSTER_ID}.yml
 endif::[]
+ifeval::["{provider}" == "exoscale"]
+yq eval -i ".parameters.openshift4_terraform.terraform_variables.ssh_key = \"$(cat ${SSH_PUBLIC_KEY})\"" \
+  ${CLUSTER_ID}.yml
 
 yq eval -i ".parameters.openshift4_terraform.terraform_variables.team = \"${TEAM}\"" \
   ${CLUSTER_ID}.yml
 
 yq eval -i ".parameters.openshift4_terraform.terraform_variables.hieradata_repo_user = \"${HIERADATA_REPO_USER}\"" \
   ${CLUSTER_ID}.yml
+endif::[]
 ----
 
 ifeval::["{provider}" == "exoscale"]

diff --git a/docs/modules/ROOT/partials/install/prepare-syn-config.adoc b/docs/modules/ROOT/partials/install/prepare-syn-config.adoc
@@ -1,3 +1,10 @@
+ifeval::["{provider}" == "cloudscale"]
+:is-terraform: yes
+endif::[]
+ifeval::["{provider}" == "exoscale"]
+:is-terraform: yes
+endif::[]
+
 . Switch to the tenant repo
 +
 [source,bash]
@@ -59,13 +66,6 @@ yq eval -i ".parameters.openshift4_version.spec.channel = \"fast-{ocp-minor-vers
 ----
 ====
 
-ifeval::["{provider}" == "cloudscale"]
-:is-terraform: yes
-endif::[]
-ifeval::["{provider}" == "exoscale"]
-:is-terraform: yes
-endif::[]
-
 ifeval::["{is-terraform}" == "yes"]
 include::partial$install/prepare-syn-config-terraform.adoc[]
 endif::[]