commit | author | age
|
928f77
|
1 |
--- |
GC |
2 |
- name: Step 001 Deploy Infrastructure |
|
3 |
hosts: localhost |
|
4 |
connection: local |
|
5 |
gather_facts: false |
|
6 |
become: false |
|
7 |
tags: |
|
8 |
- step001 |
|
9 |
- deploy_infrastructure |
|
10 |
environment: |
|
11 |
AZURE_CLIENT_ID: "{{azure_service_principal}}" |
|
12 |
AZURE_TENANT: "{{azure_tenant}}" |
|
13 |
AZURE_SECRET: "{{azure_password}}" |
|
14 |
AZURE_SUBSCRIPTION_ID: "{{azure_subscription_id}}" |
3371e8
|
15 |
# AZURE_CONFIG_DIR: create a specific config dir for this stack to allow concurrent access |
928f77
|
16 |
AZURE_CONFIG_DIR: "/tmp/.azure-{{project_tag}}" |
GC |
17 |
tasks: |
3371e8
|
18 |
- name: Ensure az is installed |
04219c
|
19 |
environment: |
GC |
20 |
PATH: /usr/bin |
928f77
|
21 |
command: which az |
GC |
22 |
register: az_result |
|
23 |
|
3371e8
|
24 |
- name: Fail if az not available |
928f77
|
25 |
fail: |
GC |
26 |
msg: you need azure-cli installed |
7c1c44
|
27 |
when: az_result is failed |
928f77
|
28 |
|
GC |
29 |
- set_fact: |
281c84
|
30 |
t_dest: "{{output_dir}}/{{ env_type }}.{{ guid }}.{{cloud_provider}}_cloud_template" |
GC |
31 |
params_dest: "{{output_dir}}/{{project_tag}}-cloud_template_parameters.json" |
3371e8
|
32 |
tags: |
GC |
33 |
- azure_infrastructure_deployment |
|
34 |
- validate_azure_template |
|
35 |
- gen_azure_template |
928f77
|
36 |
|
GC |
37 |
- name: Azure Generate Resource manager template |
|
38 |
template: |
ae6f44
|
39 |
src: "../configs/{{ env_type }}/files/cloud_providers/{{cloud_provider}}_cloud_template.j2" |
928f77
|
40 |
dest: "{{t_dest}}" |
GC |
41 |
tags: |
|
42 |
- azure_infrastructure_deployment |
3371e8
|
43 |
- validate_azure_template |
928f77
|
44 |
- gen_azure_template |
GC |
45 |
|
|
46 |
# use command line 'az' to validate template and deploy |
|
47 |
- name: Login to Azure |
04219c
|
48 |
command: >- |
GC |
49 |
az login --service-principal |
57bfb6
|
50 |
-u "{{azure_service_principal}}" |
04219c
|
51 |
-p {{azure_password}} |
GC |
52 |
--tenant {{azure_tenant}} |
|
53 |
environment: |
|
54 |
PATH: /usr/bin |
928f77
|
55 |
tags: |
3371e8
|
56 |
- validate_azure_template |
928f77
|
57 |
- create_inventory |
GC |
58 |
- must |
|
59 |
- name: Create the resource group |
|
60 |
tags: |
|
61 |
- azure_infrastructure_deployment |
3371e8
|
62 |
- validate_azure_template |
04219c
|
63 |
azure_rm_resourcegroup: |
GC |
64 |
name: "{{ az_resource_group }}" |
|
65 |
location: "{{ azure_region }}" |
928f77
|
66 |
|
3c81a6
|
67 |
- name: Check for auto-generated SSH Key |
VP |
68 |
stat: |
|
69 |
path: "{{output_dir}}/{{env_authorized_key}}" |
|
70 |
register: env_authorized_key_status |
|
71 |
tags: |
|
72 |
- check_for_env_keys |
|
73 |
|
3371e8
|
74 |
- name: Get SSH public key |
928f77
|
75 |
set_fact: |
GC |
76 |
ssh_key: "~/.ssh/{{key_name}}.pem" |
|
77 |
ssh_key_data: "{{lookup('file', '~/.ssh/{{key_name}}.pub')}}" |
3371e8
|
78 |
tags: |
db6af5
|
79 |
- set_existing_ssh_key |
c78adb
|
80 |
- must |
GC |
81 |
- create_inventory |
3c81a6
|
82 |
when: not env_authorized_key_status.stat.exists |
db6af5
|
83 |
|
VP |
84 |
- name: Get SSH public key |
|
85 |
set_fact: |
|
86 |
ssh_key: "{{output_dir}}/{{env_authorized_key}}" |
|
87 |
ssh_key_data: "{{lookup('file', '{{output_dir}}/{{env_authorized_key}}.pub')}}" |
|
88 |
tags: |
|
89 |
- set_generated_ssh_key |
|
90 |
- must |
|
91 |
- create_inventory |
3c81a6
|
92 |
when: env_authorized_key_status.stat.exists |
928f77
|
93 |
|
b704b2
|
94 |
- name: Setting windows_password variable |
WK |
95 |
set_fact: |
|
96 |
windows_password: "{{hostvars['localhost'].generated_windows_password}}" |
db6af5
|
97 |
when: |
VP |
98 |
- windows_password is not defined |
|
99 |
- generated_windows_password is defined |
3c81a6
|
100 |
|
VP |
101 |
- name: Check if the parameter file exists |
|
102 |
stat: |
|
103 |
path: "{{params_dest}}" |
|
104 |
register: params_dest_status |
b704b2
|
105 |
|
928f77
|
106 |
- name: Build parameter file |
GC |
107 |
copy: |
|
108 |
content: | |
|
109 |
{ |
|
110 |
"adminUsername": { "value": "{{remote_user}}" }, |
|
111 |
"sshKeyData": { "value": "{{ssh_key_data}}"}, |
|
112 |
"DNSZone": { "value": "{{HostedZoneId}}"}, |
|
113 |
"guid": { "value": "{{guid}}"}, |
|
114 |
} |
|
115 |
dest: "{{params_dest}}" |
3c81a6
|
116 |
when: not params_dest_status.stat.exists |
928f77
|
117 |
tags: |
GC |
118 |
- azure_infrastructure_deployment |
3371e8
|
119 |
- validate_azure_template |
928f77
|
120 |
|
3371e8
|
121 |
- name: Validate arm template |
04219c
|
122 |
environment: |
GC |
123 |
PATH: /usr/bin |
|
124 |
command: >- |
|
125 |
az group deployment validate |
|
126 |
--template-file {{t_dest}} |
|
127 |
--resource-group {{az_resource_group}} |
|
128 |
--parameters @{{params_dest}} |
928f77
|
129 |
changed_when: false |
GC |
130 |
tags: |
|
131 |
- azure_infrastructure_deployment |
|
132 |
- validate_azure_template |
|
133 |
|
|
134 |
- name: ARM Group deployment create |
04219c
|
135 |
environment: |
GC |
136 |
PATH: /usr/bin |
|
137 |
command: >- |
|
138 |
az group deployment create |
|
139 |
--name {{env_type}}.{{guid}} |
|
140 |
--template-file {{t_dest}} |
|
141 |
--resource-group {{az_resource_group}} |
|
142 |
--parameters @{{params_dest}} |
928f77
|
143 |
register: az_deploy |
GC |
144 |
tags: |
|
145 |
- azure_infrastructure_deployment |
04219c
|
146 |
- az_rm_deploy |
GC |
147 |
until: az_deploy is succeeded |
|
148 |
retries: 0 |
|
149 |
|
928f77
|
150 |
- debug: |
GC |
151 |
var: az_deploy |
|
152 |
verbosity: 2 |
|
153 |
tags: |
|
154 |
- azure_infrastructure_deployment |
|
155 |
|
|
156 |
- name: Fetch DNS zone NS entries |
|
157 |
azure_rm_dnsrecordset_facts: |
|
158 |
zone_name: "{{guid}}.{{HostedZoneId}}" |
3cc138
|
159 |
resource_group: "{{az_resource_group}}" |
928f77
|
160 |
record_type: NS |
3371e8
|
161 |
relative_name: '@' |
GC |
162 |
register: subzone_ns |
928f77
|
163 |
tags: |
GC |
164 |
- azure_infrastructure_deployment |
e376f7
|
165 |
when: |
VP |
166 |
- HostedZoneId != "none" |
928f77
|
167 |
|
GC |
168 |
- debug: |
3371e8
|
169 |
var: subzone_ns |
928f77
|
170 |
verbosity: 2 |
GC |
171 |
tags: |
|
172 |
- azure_infrastructure_deployment |
|
173 |
|
|
174 |
- name: Add delegation for NS to the main DNSZone |
|
175 |
azure_rm_dnsrecordset: |
3371e8
|
176 |
resource_group: "{{az_dnszone_resource_group|default('dns')}}" |
928f77
|
177 |
relative_name: "{{guid}}" |
GC |
178 |
zone_name: "{{HostedZoneId}}" |
|
179 |
record_type: NS |
|
180 |
state: present |
04219c
|
181 |
records: "{{ subzone_ns | json_query('ansible_facts.azure_dnsrecordset[0].properties.NSRecords[*].{entry: nsdname}') }}" |
928f77
|
182 |
tags: |
GC |
183 |
- azure_infrastructure_deployment |
e376f7
|
184 |
when: |
VP |
185 |
- HostedZoneId != "none" |
928f77
|
186 |
|
b704b2
|
187 |
- name: Run infra-azure-create-inventory Role |
WK |
188 |
import_role: |
|
189 |
name: infra-azure-create-inventory |
928f77
|
190 |
|
ae6f44
|
191 |
# Copy env_vars variables from the config to all hosts |
GC |
192 |
- import_playbook: ../include_vars.yml |
|
193 |
|
281c84
|
194 |
# TODO: use common infra role instead of this playbook |
928f77
|
195 |
- name: Configure local ssh config for bastion proxy use |
281c84
|
196 |
import_playbook: "{{cloud_provider}}_ssh_config_setup.yml" |
e376f7
|
197 |
when: groups["bastions"] is defined and (groups["bastions"]|length>0) |
c78adb
|
198 |
tags: |
GC |
199 |
- must |
|
200 |
- create_inventory |
b704b2
|
201 |
|
928f77
|
202 |
- name: wait_for_connection for all non-windows machines and set hostname |
GC |
203 |
hosts: |
|
204 |
- all:!windows:!network |
|
205 |
gather_facts: false |
|
206 |
become: true |
|
207 |
tags: |
|
208 |
- step001 |
|
209 |
- wait_ssh |
|
210 |
- set_hostname |
|
211 |
tasks: |
|
212 |
- name: wait for linux host to be available |
|
213 |
wait_for_connection: |
3cc138
|
214 |
timeout: 300 |
GC |
215 |
register: rwait |
|
216 |
ignore_errors: true |
928f77
|
217 |
|
3cc138
|
218 |
- name: restart instance if wait_for_connection failed |
a71e34
|
219 |
become: false |
3cc138
|
220 |
environment: |
GC |
221 |
AZURE_CLIENT_ID: "{{azure_service_principal}}" |
|
222 |
AZURE_TENANT: "{{azure_tenant}}" |
|
223 |
AZURE_SECRET: "{{azure_password}}" |
|
224 |
AZURE_SUBSCRIPTION_ID: "{{azure_subscription_id}}" |
|
225 |
# AZURE_CONFIG_DIR: create a specific config dir for this stack to allow concurrent access |
|
226 |
AZURE_CONFIG_DIR: "/tmp/.azure-{{project_tag}}" |
|
227 |
command: "az vm restart --resource-group {{az_resource_group}} --name '{{inventory_hostname}}'" |
|
228 |
delegate_to: localhost |
7c1c44
|
229 |
when: rwait is failed |
928f77
|
230 |
|
3cc138
|
231 |
- name: wait for linux host to be available (retry) |
GC |
232 |
wait_for_connection: |
7c1c44
|
233 |
when: rwait is failed |
3cc138
|
234 |
|
GC |
235 |
- ping: |
|
236 |
register: rping |
|
237 |
retries: 3 |
|
238 |
delay: 10 |
f1b74f
|
239 |
until: rping is succeeded |
3cc138
|
240 |
|
GC |
241 |
# < get internal domain name for later use |
|
242 |
- name: Get internal fqdn |
|
243 |
command: domainname -d |
|
244 |
register: internalfqdn_r |
|
245 |
changed_when: false |
|
246 |
|
|
247 |
- name: NetworkManager get active interface uuid |
|
248 |
command: nmcli --get-values UUID connection show --active |
|
249 |
register: result_active_uuid |
|
250 |
changed_when: false |
|
251 |
|
|
252 |
- name: set fact internal_azure_dns_suffix for later use |
|
253 |
set_fact: |
|
254 |
internal_azure_dns_suffix: "{{internalfqdn_r.stdout}}" |
|
255 |
nm_active_connection: "{{result_active_uuid.stdout}}" |
|
256 |
|
|
257 |
- name: Stat /etc/cloud/cloud.cf file |
|
258 |
stat: |
928f77
|
259 |
path: /etc/cloud/cloud.cfg |
GC |
260 |
register: cloud_cfg_file |
|
261 |
|
|
262 |
- name: disable updating hostname in /etc/cloud/cloud.cfg |
|
263 |
lineinfile: |
|
264 |
dest: /etc/cloud/cloud.cfg |
|
265 |
regexp: 'update_hostname$' |
|
266 |
line: '# - update_hostname' |
|
267 |
backup: yes |
|
268 |
when: cloud_cfg_file.stat.exists |
|
269 |
tags: disable_cloud_cfg_hostname |
3cc138
|
270 |
|
GC |
271 |
- name: Populate /etc/hosts |
|
272 |
lineinfile: |
|
273 |
dest: /etc/hosts |
|
274 |
regexp: ' {{hostvars[item].internaldns}}$' |
|
275 |
line: '{{hostvars[item].private_ip_address}} {{hostvars[item].internaldns}}' |
|
276 |
with_items: "{{ groups['all'] }}" |
928f77
|
277 |
|
GC |
278 |
- name: Set facts for Windows hosts if any exist and wait_for_connection |
|
279 |
gather_facts: false |
|
280 |
hosts: |
|
281 |
- windows |
|
282 |
tasks: |
|
283 |
- name: set facts for remote access |
|
284 |
set_fact: |
|
285 |
ansible_become: false |
|
286 |
ansible_connection: winrm |
|
287 |
ansible_host: "{{ public_dns_name }}" |
|
288 |
ansible_password: "{{ windows_password | default(hostvars['localhost'].generated_windows_password) }}" |
|
289 |
ansible_port: 5986 |
b704b2
|
290 |
ansible_user: "{{ remote_user | default('Administrator') }}" |
928f77
|
291 |
ansible_winrm_server_cert_validation: ignore |
GC |
292 |
|
|
293 |
- name: wait for windows host to be available |
|
294 |
wait_for_connection: |
|
295 |
timeout: 900 |
3cc138
|
296 |
connect_timeout: 60 |
GC |
297 |
delay: 120 |
|
298 |
register: rwait |
|
299 |
ignore_errors: true |
|
300 |
|
|
301 |
- name: restart instance if wait_for_connection failed |
a71e34
|
302 |
become: false |
3cc138
|
303 |
environment: |
GC |
304 |
AZURE_CLIENT_ID: "{{azure_service_principal}}" |
|
305 |
AZURE_TENANT: "{{azure_tenant}}" |
|
306 |
AZURE_SECRET: "{{azure_password}}" |
|
307 |
AZURE_SUBSCRIPTION_ID: "{{azure_subscription_id}}" |
|
308 |
# AZURE_CONFIG_DIR: create a specific config dir for this stack to allow concurrent access |
|
309 |
AZURE_CONFIG_DIR: "/tmp/.azure-{{project_tag}}" |
|
310 |
command: "az vm restart --resource-group {{az_resource_group}} --name '{{inventory_hostname}}'" |
|
311 |
delegate_to: localhost |
7c1c44
|
312 |
when: rwait is failed |
3cc138
|
313 |
|
GC |
314 |
- name: wait for windows host to be available (retry) |
|
315 |
wait_for_connection: |
|
316 |
timeout: 900 |
|
317 |
connect_timeout: 60 |
|
318 |
delay: 120 |
7c1c44
|
319 |
when: rwait is failed |
04219c
|
320 |
|
GC |
321 |
- name: Detect and map data disks for Azure |
|
322 |
hosts: all |
|
323 |
become: true |
|
324 |
gather_facts: false |
|
325 |
tasks: |
|
326 |
- when: instances is defined |
|
327 |
block: |
|
328 |
- name: Map Azure disks using LUN. |
|
329 |
include_role: |
ae6f44
|
330 |
name: infra-azure-disk-map |
04219c
|
331 |
vars: |
GC |
332 |
disk_map_device: |
|
333 |
name: "{{ item.name }}" |
|
334 |
lun: "{{ index }}" |
|
335 |
when: item.enable|d(true) |
|
336 |
loop_control: |
|
337 |
index_var: index |
|
338 |
loop: >- |
|
339 |
{{ instances |
|
340 |
| json_query(" |
|
341 |
[?name == '" + instance_canonical_name + "'] |
|
342 |
| [].volumes[] |
|
343 |
") |
|
344 |
}} |
e376f7
|
345 |
ignore_errors: true |
57bfb6
|
346 |
|
VP |
347 |
- name: Create Azure Service Principal for OSBA/Cloud Provider |
|
348 |
hosts: localhost |
|
349 |
connection: local |
|
350 |
gather_facts: False |
|
351 |
become: no |
|
352 |
tags: |
|
353 |
- env-specific |
|
354 |
- create_azure_service_principal |
|
355 |
environment: |
|
356 |
AZURE_CLIENT_ID: "{{azure_service_principal}}" |
|
357 |
AZURE_TENANT: "{{azure_tenant}}" |
|
358 |
AZURE_SECRET: "{{azure_password}}" |
|
359 |
AZURE_SUBSCRIPTION_ID: "{{azure_subscription_id}}" |
|
360 |
# AZURE_CONFIG_DIR: create a specific config dir for this stack to allow concurrent access |
|
361 |
AZURE_CONFIG_DIR: "/tmp/.azure-{{project_tag}}" |
|
362 |
tasks: |
|
363 |
- include_role: |
|
364 |
name: infra-azure-create-service-principal |
e376f7
|
365 |
when: env_type == "ocp-workshop" |
57bfb6
|
366 |
|