fix: wait for cloud-init before package install during bootstrap

Fresh Ubuntu cloud-init clones still hold apt and dpkg locks during first boot,
which caused the Ansible common role to fail before the control plane could
finish bootstrap. Wait for cloud-init, increase apt lock timeouts, and skip the
final kubeconfig rewrite when no kubeconfig was fetched yet.

ansible/roles/common/tasks/main.yml

@@ -1,12 +1,25 @@
 ---
+- name: Check if cloud-init is installed
+  command: which cloud-init
+  register: cloud_init_binary
+  changed_when: false
+  failed_when: false
+
+- name: Wait for cloud-init to finish first-boot tasks
+  command: cloud-init status --wait
+  changed_when: false
+  when: cloud_init_binary.rc == 0
+
 - name: Update apt cache
   apt:
     update_cache: true
     cache_valid_time: 3600
+    lock_timeout: 600
 
 - name: Upgrade packages
   apt:
     upgrade: dist
+    lock_timeout: 600
   when: common_upgrade_packages | default(false)
 
 - name: Install required packages
@@ -23,6 +36,7 @@
       - htop
       - vim
     state: present
+    lock_timeout: 600
 
 - name: Disable swap
   command: swapoff -a

ansible/site.yml

@@ -148,10 +148,16 @@
   hosts: localhost
   connection: local
   tasks:
+    - name: Check whether kubeconfig was fetched
+      stat:
+        path: ../outputs/kubeconfig
+      register: kubeconfig_file
+
     - name: Update kubeconfig server address
       command: |
         sed -i 's/127.0.0.1/{{ hostvars[groups["control_plane"][0]]["ansible_host"] }}/g' ../outputs/kubeconfig
       changed_when: true
+      when: kubeconfig_file.stat.exists
 
     - name: Display success message
       debug: