Automated EULA agreement etc. via ansible?

tl;dr: After a rancher helm deploy, what API endpoints do I need to call, which what parameters, in order to finish the installation and prevent the “first login” screen from showing to the first person to visit the cluster in a browser?

I’ve spent the last several weeks getting much of our infrastructure deployments automated and retiring old manual processes. At this point I’ve reached a single sticking point that I just haven’t yet been able to figure out.

My goal is to automatically accept the EULA/TOS, perhaps opt out of telemetry (we’re undecided here), and create a few users from records that Ansible retrieves from Vault. After spending way too much time trying to figure this out by reading Rancher docs and source code, I decided to try just automating the web calls made in the browser when the process is done manually.

Yesterday this “worked”. I was able to fully deploy a Rancher cluster along with admin users, and the users are able to log in and administer the cluster. However, in this Rancher cluster adding k8s clusters to manage is never successful. They’re always stuck in the “waiting for API to be available” state. If I remove the post-install ansible plays and instead go interactively do the “first login” manually, the k8s clusters are added successfully.

My plays call the following API endpoints to try automating the post-install process and I’m wondering if I’m calling some of them incorrectly, or maybe missing one or more. Any help is greatly appreciated!

POST /v3-public/localProviders/local?action=login – I call this to get the login token needed in future calls.

POST /v1/management.cattle.io.settings – with a json body like :{'type': 'management.cattle.io.setting', 'metadata': {'name': 'eula-agreed'}, 'value': '{{ ansible_date_time.iso8601 }}'} to set the EULA

GET /v1/management.cattle.io.settings/server-url to get the current server url metadata resource version, as putting without that field set results in an error.

PUT /v1/management.cattle.io.settings/server-url to set the server url. I wasn’t sure if I needed to raise the resource version here or not, using the same version number I retrieved from the GET without modifying it seemed to work. JSON: {'id': 'server-url', 'type': 'management.cattle.io.setting', 'kind': 'Setting', 'apiVersion': 'management.cattle.io/v3', 'metadata': {'name': 'server-url', 'resourceVersion': '{{ serverurldataout.json.metadata.resourceVersion }}'}, 'value': '{{ rancher_url }}/'}

GET /v1/management.cattle.io.settings/telemetry-opt for the resource version again

PUT /v1/management.cattle.io.settings/telemetry-opt to opt in/out of the telemetry data.

GET /v1/management.cattle.io.settings/first-login once again, for the resource version

PUT /v1/management.cattle.io.settings/first-login to set the value in metadata to false and prevent that “first login” screen from coming up.

After this I add the users, which worked fine as I mentioned.