RedHatTraining/agnosticd.git

Checking if generated key were created or not before deployment (#1355)

Vince Power

2020-03-17 3c81a6ad667b9b8b395b5b5bbd8ae9a77479d986

commit \| author \| age
928f77	1	---
GC	2	- name: Step 001 Deploy Infrastructure
	3	hosts: localhost
	4	connection: local
	5	gather_facts: false
	6	become: false
	7	tags:
	8	- step001
	9	- deploy_infrastructure
	10	environment:
	11	AZURE_CLIENT_ID: "{{azure_service_principal}}"
	12	AZURE_TENANT: "{{azure_tenant}}"
	13	AZURE_SECRET: "{{azure_password}}"
	14	AZURE_SUBSCRIPTION_ID: "{{azure_subscription_id}}"
3371e8	15	# AZURE_CONFIG_DIR: create a specific config dir for this stack to allow concurrent access
928f77	16	AZURE_CONFIG_DIR: "/tmp/.azure-{{project_tag}}"
GC	17	tasks:
3371e8	18	- name: Ensure az is installed
04219c	19	environment:
GC	20	PATH: /usr/bin
928f77	21	command: which az
GC	22	register: az_result
	23
3371e8	24	- name: Fail if az not available
928f77	25	fail:
GC	26	msg: you need azure-cli installed
7c1c44	27	when: az_result is failed
928f77	28
GC	29	- set_fact:
281c84	30	t_dest: "{{output_dir}}/{{ env_type }}.{{ guid }}.{{cloud_provider}}_cloud_template"
GC	31	params_dest: "{{output_dir}}/{{project_tag}}-cloud_template_parameters.json"
3371e8	32	tags:
GC	33	- azure_infrastructure_deployment
	34	- validate_azure_template
	35	- gen_azure_template
928f77	36
GC	37	- name: Azure Generate Resource manager template
	38	template:
ae6f44	39	src: "../configs/{{ env_type }}/files/cloud_providers/{{cloud_provider}}_cloud_template.j2"
928f77	40	dest: "{{t_dest}}"
GC	41	tags:
	42	- azure_infrastructure_deployment
3371e8	43	- validate_azure_template
928f77	44	- gen_azure_template
GC	45
	46	# use command line 'az' to validate template and deploy
	47	- name: Login to Azure
04219c	48	command: >-
GC	49	az login --service-principal
57bfb6	50	-u "{{azure_service_principal}}"
04219c	51	-p {{azure_password}}
GC	52	--tenant {{azure_tenant}}
	53	environment:
	54	PATH: /usr/bin
928f77	55	tags:
3371e8	56	- validate_azure_template
928f77	57	- create_inventory
GC	58	- must
	59	- name: Create the resource group
	60	tags:
	61	- azure_infrastructure_deployment
3371e8	62	- validate_azure_template
04219c	63	azure_rm_resourcegroup:
GC	64	name: "{{ az_resource_group }}"
	65	location: "{{ azure_region }}"
928f77	66
3c81a6	67	- name: Check for auto-generated SSH Key
VP	68	stat:
	69	path: "{{output_dir}}/{{env_authorized_key}}"
	70	register: env_authorized_key_status
	71	tags:
	72	- check_for_env_keys
	73
3371e8	74	- name: Get SSH public key
928f77	75	set_fact:
GC	76	ssh_key: "~/.ssh/{{key_name}}.pem"
	77	ssh_key_data: "{{lookup('file', '~/.ssh/{{key_name}}.pub')}}"
3371e8	78	tags:
db6af5	79	- set_existing_ssh_key
c78adb	80	- must
GC	81	- create_inventory
3c81a6	82	when: not env_authorized_key_status.stat.exists
db6af5	83
VP	84	- name: Get SSH public key
	85	set_fact:
	86	ssh_key: "{{output_dir}}/{{env_authorized_key}}"
	87	ssh_key_data: "{{lookup('file', '{{output_dir}}/{{env_authorized_key}}.pub')}}"
	88	tags:
	89	- set_generated_ssh_key
	90	- must
	91	- create_inventory
3c81a6	92	when: env_authorized_key_status.stat.exists
928f77	93
b704b2	94	- name: Setting windows_password variable
WK	95	set_fact:
	96	windows_password: "{{hostvars['localhost'].generated_windows_password}}"
db6af5	97	when:
VP	98	- windows_password is not defined
	99	- generated_windows_password is defined
3c81a6	100
VP	101	- name: Check if the parameter file exists
	102	stat:
	103	path: "{{params_dest}}"
	104	register: params_dest_status
b704b2	105
928f77	106	- name: Build parameter file
GC	107	copy:
	108	content: \|
	109	{
	110	"adminUsername": { "value": "{{remote_user}}" },
	111	"sshKeyData": { "value": "{{ssh_key_data}}"},
	112	"DNSZone": { "value": "{{HostedZoneId}}"},
	113	"guid": { "value": "{{guid}}"},
	114	}
	115	dest: "{{params_dest}}"
3c81a6	116	when: not params_dest_status.stat.exists
928f77	117	tags:
GC	118	- azure_infrastructure_deployment
3371e8	119	- validate_azure_template
928f77	120
3371e8	121	- name: Validate arm template
04219c	122	environment:
GC	123	PATH: /usr/bin
	124	command: >-
	125	az group deployment validate
	126	--template-file {{t_dest}}
	127	--resource-group {{az_resource_group}}
	128	--parameters @{{params_dest}}
928f77	129	changed_when: false
GC	130	tags:
	131	- azure_infrastructure_deployment
	132	- validate_azure_template
	133
	134	- name: ARM Group deployment create
04219c	135	environment:
GC	136	PATH: /usr/bin
	137	command: >-
	138	az group deployment create
	139	--name {{env_type}}.{{guid}}
	140	--template-file {{t_dest}}
	141	--resource-group {{az_resource_group}}
	142	--parameters @{{params_dest}}
928f77	143	register: az_deploy
GC	144	tags:
	145	- azure_infrastructure_deployment
04219c	146	- az_rm_deploy
GC	147	until: az_deploy is succeeded
	148	retries: 0
	149
928f77	150	- debug:
GC	151	var: az_deploy
	152	verbosity: 2
	153	tags:
	154	- azure_infrastructure_deployment
	155
	156	- name: Fetch DNS zone NS entries
	157	azure_rm_dnsrecordset_facts:
	158	zone_name: "{{guid}}.{{HostedZoneId}}"
3cc138	159	resource_group: "{{az_resource_group}}"
928f77	160	record_type: NS
3371e8	161	relative_name: '@'
GC	162	register: subzone_ns
928f77	163	tags:
GC	164	- azure_infrastructure_deployment
e376f7	165	when:
VP	166	- HostedZoneId != "none"
928f77	167
GC	168	- debug:
3371e8	169	var: subzone_ns
928f77	170	verbosity: 2
GC	171	tags:
	172	- azure_infrastructure_deployment
	173
	174	- name: Add delegation for NS to the main DNSZone
	175	azure_rm_dnsrecordset:
3371e8	176	resource_group: "{{az_dnszone_resource_group\|default('dns')}}"
928f77	177	relative_name: "{{guid}}"
GC	178	zone_name: "{{HostedZoneId}}"
	179	record_type: NS
	180	state: present
04219c	181	records: "{{ subzone_ns \| json_query('ansible_facts.azure_dnsrecordset[0].properties.NSRecords[*].{entry: nsdname}') }}"
928f77	182	tags:
GC	183	- azure_infrastructure_deployment
e376f7	184	when:
VP	185	- HostedZoneId != "none"
928f77	186
b704b2	187	- name: Run infra-azure-create-inventory Role
WK	188	import_role:
	189	name: infra-azure-create-inventory
928f77	190
ae6f44	191	# Copy env_vars variables from the config to all hosts
GC	192	- import_playbook: ../include_vars.yml
	193
281c84	194	# TODO: use common infra role instead of this playbook
928f77	195	- name: Configure local ssh config for bastion proxy use
281c84	196	import_playbook: "{{cloud_provider}}_ssh_config_setup.yml"
e376f7	197	when: groups["bastions"] is defined and (groups["bastions"]\|length>0)
c78adb	198	tags:
GC	199	- must
	200	- create_inventory
b704b2	201
928f77	202	- name: wait_for_connection for all non-windows machines and set hostname
GC	203	hosts:
	204	- all:!windows:!network
	205	gather_facts: false
	206	become: true
	207	tags:
	208	- step001
	209	- wait_ssh
	210	- set_hostname
	211	tasks:
	212	- name: wait for linux host to be available
	213	wait_for_connection:
3cc138	214	timeout: 300
GC	215	register: rwait
	216	ignore_errors: true
928f77	217
3cc138	218	- name: restart instance if wait_for_connection failed
a71e34	219	become: false
3cc138	220	environment:
GC	221	AZURE_CLIENT_ID: "{{azure_service_principal}}"
	222	AZURE_TENANT: "{{azure_tenant}}"
	223	AZURE_SECRET: "{{azure_password}}"
	224	AZURE_SUBSCRIPTION_ID: "{{azure_subscription_id}}"
	225	# AZURE_CONFIG_DIR: create a specific config dir for this stack to allow concurrent access
	226	AZURE_CONFIG_DIR: "/tmp/.azure-{{project_tag}}"
	227	command: "az vm restart --resource-group {{az_resource_group}} --name '{{inventory_hostname}}'"
	228	delegate_to: localhost
7c1c44	229	when: rwait is failed
928f77	230
3cc138	231	- name: wait for linux host to be available (retry)
GC	232	wait_for_connection:
7c1c44	233	when: rwait is failed
3cc138	234
GC	235	- ping:
	236	register: rping
	237	retries: 3
	238	delay: 10
f1b74f	239	until: rping is succeeded
3cc138	240
GC	241	# < get internal domain name for later use
	242	- name: Get internal fqdn
	243	command: domainname -d
	244	register: internalfqdn_r
	245	changed_when: false
	246
	247	- name: NetworkManager get active interface uuid
	248	command: nmcli --get-values UUID connection show --active
	249	register: result_active_uuid
	250	changed_when: false
	251
	252	- name: set fact internal_azure_dns_suffix for later use
	253	set_fact:
	254	internal_azure_dns_suffix: "{{internalfqdn_r.stdout}}"
	255	nm_active_connection: "{{result_active_uuid.stdout}}"
	256
	257	- name: Stat /etc/cloud/cloud.cf file
	258	stat:
928f77	259	path: /etc/cloud/cloud.cfg
GC	260	register: cloud_cfg_file
	261
	262	- name: disable updating hostname in /etc/cloud/cloud.cfg
	263	lineinfile:
	264	dest: /etc/cloud/cloud.cfg
	265	regexp: 'update_hostname$'
	266	line: '# - update_hostname'
	267	backup: yes
	268	when: cloud_cfg_file.stat.exists
	269	tags: disable_cloud_cfg_hostname
3cc138	270
GC	271	- name: Populate /etc/hosts
	272	lineinfile:
	273	dest: /etc/hosts
	274	regexp: ' {{hostvars[item].internaldns}}$'
	275	line: '{{hostvars[item].private_ip_address}} {{hostvars[item].internaldns}}'
	276	with_items: "{{ groups['all'] }}"
928f77	277
GC	278	- name: Set facts for Windows hosts if any exist and wait_for_connection
	279	gather_facts: false
	280	hosts:
	281	- windows
	282	tasks:
	283	- name: set facts for remote access
	284	set_fact:
	285	ansible_become: false
	286	ansible_connection: winrm
	287	ansible_host: "{{ public_dns_name }}"
	288	ansible_password: "{{ windows_password \| default(hostvars['localhost'].generated_windows_password) }}"
	289	ansible_port: 5986
b704b2	290	ansible_user: "{{ remote_user \| default('Administrator') }}"
928f77	291	ansible_winrm_server_cert_validation: ignore
GC	292
	293	- name: wait for windows host to be available
	294	wait_for_connection:
	295	timeout: 900
3cc138	296	connect_timeout: 60
GC	297	delay: 120
	298	register: rwait
	299	ignore_errors: true
	300
	301	- name: restart instance if wait_for_connection failed
a71e34	302	become: false
3cc138	303	environment:
GC	304	AZURE_CLIENT_ID: "{{azure_service_principal}}"
	305	AZURE_TENANT: "{{azure_tenant}}"
	306	AZURE_SECRET: "{{azure_password}}"
	307	AZURE_SUBSCRIPTION_ID: "{{azure_subscription_id}}"
	308	# AZURE_CONFIG_DIR: create a specific config dir for this stack to allow concurrent access
	309	AZURE_CONFIG_DIR: "/tmp/.azure-{{project_tag}}"
	310	command: "az vm restart --resource-group {{az_resource_group}} --name '{{inventory_hostname}}'"
	311	delegate_to: localhost
7c1c44	312	when: rwait is failed
3cc138	313
GC	314	- name: wait for windows host to be available (retry)
	315	wait_for_connection:
	316	timeout: 900
	317	connect_timeout: 60
	318	delay: 120
7c1c44	319	when: rwait is failed
04219c	320
GC	321	- name: Detect and map data disks for Azure
	322	hosts: all
	323	become: true
	324	gather_facts: false
	325	tasks:
	326	- when: instances is defined
	327	block:
	328	- name: Map Azure disks using LUN.
	329	include_role:
ae6f44	330	name: infra-azure-disk-map
04219c	331	vars:
GC	332	disk_map_device:
	333	name: "{{ item.name }}"
	334	lun: "{{ index }}"
	335	when: item.enable\|d(true)
	336	loop_control:
	337	index_var: index
	338	loop: >-
	339	{{ instances
	340	\| json_query("
	341	[?name == '" + instance_canonical_name + "']
	342	\| [].volumes[]
	343	")
	344	}}
e376f7	345	ignore_errors: true
57bfb6	346
VP	347	- name: Create Azure Service Principal for OSBA/Cloud Provider
	348	hosts: localhost
	349	connection: local
	350	gather_facts: False
	351	become: no
	352	tags:
	353	- env-specific
	354	- create_azure_service_principal
	355	environment:
	356	AZURE_CLIENT_ID: "{{azure_service_principal}}"
	357	AZURE_TENANT: "{{azure_tenant}}"
	358	AZURE_SECRET: "{{azure_password}}"
	359	AZURE_SUBSCRIPTION_ID: "{{azure_subscription_id}}"
	360	# AZURE_CONFIG_DIR: create a specific config dir for this stack to allow concurrent access
	361	AZURE_CONFIG_DIR: "/tmp/.azure-{{project_tag}}"
	362	tasks:
	363	- include_role:
	364	name: infra-azure-create-service-principal
e376f7	365	when: env_type == "ocp-workshop"
57bfb6	366