---
|
- name: Step 001 Deploy Infrastructure
|
hosts: localhost
|
connection: local
|
gather_facts: false
|
become: false
|
tags:
|
- step001
|
- deploy_infrastructure
|
environment:
|
AZURE_CLIENT_ID: "{{azure_service_principal}}"
|
AZURE_TENANT: "{{azure_tenant}}"
|
AZURE_SECRET: "{{azure_password}}"
|
AZURE_SUBSCRIPTION_ID: "{{azure_subscription_id}}"
|
# AZURE_CONFIG_DIR: create a specific config dir for this stack to allow concurrent access
|
AZURE_CONFIG_DIR: "/tmp/.azure-{{project_tag}}"
|
tasks:
|
- name: Ensure az is installed
|
environment:
|
PATH: /usr/bin
|
command: which az
|
register: az_result
|
|
- name: Fail if az not available
|
fail:
|
msg: you need azure-cli installed
|
when: az_result is failed
|
|
- set_fact:
|
t_dest: "{{output_dir}}/{{ env_type }}.{{ guid }}.{{cloud_provider}}_cloud_template"
|
params_dest: "{{output_dir}}/{{project_tag}}-cloud_template_parameters.json"
|
tags:
|
- azure_infrastructure_deployment
|
- validate_azure_template
|
- gen_azure_template
|
|
- name: Azure Generate Resource manager template
|
template:
|
src: "../configs/{{ env_type }}/files/cloud_providers/{{cloud_provider}}_cloud_template.j2"
|
dest: "{{t_dest}}"
|
tags:
|
- azure_infrastructure_deployment
|
- validate_azure_template
|
- gen_azure_template
|
|
# use command line 'az' to validate template and deploy
|
- name: Login to Azure
|
command: >-
|
az login --service-principal
|
-u "{{azure_service_principal}}"
|
-p {{azure_password}}
|
--tenant {{azure_tenant}}
|
environment:
|
PATH: /usr/bin
|
tags:
|
- validate_azure_template
|
- create_inventory
|
- must
|
- name: Create the resource group
|
tags:
|
- azure_infrastructure_deployment
|
- validate_azure_template
|
azure_rm_resourcegroup:
|
name: "{{ az_resource_group }}"
|
location: "{{ azure_region }}"
|
|
- name: Check for auto-generated SSH Key
|
stat:
|
path: "{{output_dir}}/{{env_authorized_key}}"
|
register: env_authorized_key_status
|
tags:
|
- check_for_env_keys
|
|
- name: Get SSH public key
|
set_fact:
|
ssh_key: "~/.ssh/{{key_name}}.pem"
|
ssh_key_data: "{{lookup('file', '~/.ssh/{{key_name}}.pub')}}"
|
tags:
|
- set_existing_ssh_key
|
- must
|
- create_inventory
|
when: not env_authorized_key_status.stat.exists
|
|
- name: Get SSH public key
|
set_fact:
|
ssh_key: "{{output_dir}}/{{env_authorized_key}}"
|
ssh_key_data: "{{lookup('file', '{{output_dir}}/{{env_authorized_key}}.pub')}}"
|
tags:
|
- set_generated_ssh_key
|
- must
|
- create_inventory
|
when: env_authorized_key_status.stat.exists
|
|
- name: Setting windows_password variable
|
set_fact:
|
windows_password: "{{hostvars['localhost'].generated_windows_password}}"
|
when:
|
- windows_password is not defined
|
- generated_windows_password is defined
|
|
- name: Check if the parameter file exists
|
stat:
|
path: "{{params_dest}}"
|
register: params_dest_status
|
|
- name: Build parameter file
|
copy:
|
content: |
|
{
|
"adminUsername": { "value": "{{remote_user}}" },
|
"sshKeyData": { "value": "{{ssh_key_data}}"},
|
"DNSZone": { "value": "{{HostedZoneId}}"},
|
"guid": { "value": "{{guid}}"},
|
}
|
dest: "{{params_dest}}"
|
when: not params_dest_status.stat.exists
|
tags:
|
- azure_infrastructure_deployment
|
- validate_azure_template
|
|
- name: Validate arm template
|
environment:
|
PATH: /usr/bin
|
command: >-
|
az group deployment validate
|
--template-file {{t_dest}}
|
--resource-group {{az_resource_group}}
|
--parameters @{{params_dest}}
|
changed_when: false
|
tags:
|
- azure_infrastructure_deployment
|
- validate_azure_template
|
|
- name: ARM Group deployment create
|
environment:
|
PATH: /usr/bin
|
command: >-
|
az group deployment create
|
--name {{env_type}}.{{guid}}
|
--template-file {{t_dest}}
|
--resource-group {{az_resource_group}}
|
--parameters @{{params_dest}}
|
register: az_deploy
|
tags:
|
- azure_infrastructure_deployment
|
- az_rm_deploy
|
until: az_deploy is succeeded
|
retries: 0
|
|
- debug:
|
var: az_deploy
|
verbosity: 2
|
tags:
|
- azure_infrastructure_deployment
|
|
- name: Fetch DNS zone NS entries
|
azure_rm_dnsrecordset_facts:
|
zone_name: "{{guid}}.{{HostedZoneId}}"
|
resource_group: "{{az_resource_group}}"
|
record_type: NS
|
relative_name: '@'
|
register: subzone_ns
|
tags:
|
- azure_infrastructure_deployment
|
when:
|
- HostedZoneId != "none"
|
|
- debug:
|
var: subzone_ns
|
verbosity: 2
|
tags:
|
- azure_infrastructure_deployment
|
|
- name: Add delegation for NS to the main DNSZone
|
azure_rm_dnsrecordset:
|
resource_group: "{{az_dnszone_resource_group|default('dns')}}"
|
relative_name: "{{guid}}"
|
zone_name: "{{HostedZoneId}}"
|
record_type: NS
|
state: present
|
records: "{{ subzone_ns | json_query('ansible_facts.azure_dnsrecordset[0].properties.NSRecords[*].{entry: nsdname}') }}"
|
tags:
|
- azure_infrastructure_deployment
|
when:
|
- HostedZoneId != "none"
|
|
- name: Run infra-azure-create-inventory Role
|
import_role:
|
name: infra-azure-create-inventory
|
|
# Copy env_vars variables from the config to all hosts
|
- import_playbook: ../include_vars.yml
|
|
# TODO: use common infra role instead of this playbook
|
- name: Configure local ssh config for bastion proxy use
|
import_playbook: "{{cloud_provider}}_ssh_config_setup.yml"
|
when: groups["bastions"] is defined and (groups["bastions"]|length>0)
|
tags:
|
- must
|
- create_inventory
|
|
- name: wait_for_connection for all non-windows machines and set hostname
|
hosts:
|
- all:!windows:!network
|
gather_facts: false
|
become: true
|
tags:
|
- step001
|
- wait_ssh
|
- set_hostname
|
tasks:
|
- name: wait for linux host to be available
|
wait_for_connection:
|
timeout: 300
|
register: rwait
|
ignore_errors: true
|
|
- name: restart instance if wait_for_connection failed
|
become: false
|
environment:
|
AZURE_CLIENT_ID: "{{azure_service_principal}}"
|
AZURE_TENANT: "{{azure_tenant}}"
|
AZURE_SECRET: "{{azure_password}}"
|
AZURE_SUBSCRIPTION_ID: "{{azure_subscription_id}}"
|
# AZURE_CONFIG_DIR: create a specific config dir for this stack to allow concurrent access
|
AZURE_CONFIG_DIR: "/tmp/.azure-{{project_tag}}"
|
command: "az vm restart --resource-group {{az_resource_group}} --name '{{inventory_hostname}}'"
|
delegate_to: localhost
|
when: rwait is failed
|
|
- name: wait for linux host to be available (retry)
|
wait_for_connection:
|
when: rwait is failed
|
|
- ping:
|
register: rping
|
retries: 3
|
delay: 10
|
until: rping is succeeded
|
|
# < get internal domain name for later use
|
- name: Get internal fqdn
|
command: domainname -d
|
register: internalfqdn_r
|
changed_when: false
|
|
- name: NetworkManager get active interface uuid
|
command: nmcli --get-values UUID connection show --active
|
register: result_active_uuid
|
changed_when: false
|
|
- name: set fact internal_azure_dns_suffix for later use
|
set_fact:
|
internal_azure_dns_suffix: "{{internalfqdn_r.stdout}}"
|
nm_active_connection: "{{result_active_uuid.stdout}}"
|
|
- name: Stat /etc/cloud/cloud.cf file
|
stat:
|
path: /etc/cloud/cloud.cfg
|
register: cloud_cfg_file
|
|
- name: disable updating hostname in /etc/cloud/cloud.cfg
|
lineinfile:
|
dest: /etc/cloud/cloud.cfg
|
regexp: 'update_hostname$'
|
line: '# - update_hostname'
|
backup: yes
|
when: cloud_cfg_file.stat.exists
|
tags: disable_cloud_cfg_hostname
|
|
- name: Populate /etc/hosts
|
lineinfile:
|
dest: /etc/hosts
|
regexp: ' {{hostvars[item].internaldns}}$'
|
line: '{{hostvars[item].private_ip_address}} {{hostvars[item].internaldns}}'
|
with_items: "{{ groups['all'] }}"
|
|
- name: Set facts for Windows hosts if any exist and wait_for_connection
|
gather_facts: false
|
hosts:
|
- windows
|
tasks:
|
- name: set facts for remote access
|
set_fact:
|
ansible_become: false
|
ansible_connection: winrm
|
ansible_host: "{{ public_dns_name }}"
|
ansible_password: "{{ windows_password | default(hostvars['localhost'].generated_windows_password) }}"
|
ansible_port: 5986
|
ansible_user: "{{ remote_user | default('Administrator') }}"
|
ansible_winrm_server_cert_validation: ignore
|
|
- name: wait for windows host to be available
|
wait_for_connection:
|
timeout: 900
|
connect_timeout: 60
|
delay: 120
|
register: rwait
|
ignore_errors: true
|
|
- name: restart instance if wait_for_connection failed
|
become: false
|
environment:
|
AZURE_CLIENT_ID: "{{azure_service_principal}}"
|
AZURE_TENANT: "{{azure_tenant}}"
|
AZURE_SECRET: "{{azure_password}}"
|
AZURE_SUBSCRIPTION_ID: "{{azure_subscription_id}}"
|
# AZURE_CONFIG_DIR: create a specific config dir for this stack to allow concurrent access
|
AZURE_CONFIG_DIR: "/tmp/.azure-{{project_tag}}"
|
command: "az vm restart --resource-group {{az_resource_group}} --name '{{inventory_hostname}}'"
|
delegate_to: localhost
|
when: rwait is failed
|
|
- name: wait for windows host to be available (retry)
|
wait_for_connection:
|
timeout: 900
|
connect_timeout: 60
|
delay: 120
|
when: rwait is failed
|
|
- name: Detect and map data disks for Azure
|
hosts: all
|
become: true
|
gather_facts: false
|
tasks:
|
- when: instances is defined
|
block:
|
- name: Map Azure disks using LUN.
|
include_role:
|
name: infra-azure-disk-map
|
vars:
|
disk_map_device:
|
name: "{{ item.name }}"
|
lun: "{{ index }}"
|
when: item.enable|d(true)
|
loop_control:
|
index_var: index
|
loop: >-
|
{{ instances
|
| json_query("
|
[?name == '" + instance_canonical_name + "']
|
| [].volumes[]
|
")
|
}}
|
ignore_errors: true
|
|
- name: Create Azure Service Principal for OSBA/Cloud Provider
|
hosts: localhost
|
connection: local
|
gather_facts: False
|
become: no
|
tags:
|
- env-specific
|
- create_azure_service_principal
|
environment:
|
AZURE_CLIENT_ID: "{{azure_service_principal}}"
|
AZURE_TENANT: "{{azure_tenant}}"
|
AZURE_SECRET: "{{azure_password}}"
|
AZURE_SUBSCRIPTION_ID: "{{azure_subscription_id}}"
|
# AZURE_CONFIG_DIR: create a specific config dir for this stack to allow concurrent access
|
AZURE_CONFIG_DIR: "/tmp/.azure-{{project_tag}}"
|
tasks:
|
- include_role:
|
name: infra-azure-create-service-principal
|
when: env_type == "ocp-workshop"
|