--- - name: Step 001 Deploy Infrastructure hosts: localhost connection: local gather_facts: false become: false tags: - step001 - deploy_infrastructure environment: AZURE_CLIENT_ID: "{{azure_service_principal}}" AZURE_TENANT: "{{azure_tenant}}" AZURE_SECRET: "{{azure_password}}" AZURE_SUBSCRIPTION_ID: "{{azure_subscription_id}}" # AZURE_CONFIG_DIR: create a specific config dir for this stack to allow concurrent access AZURE_CONFIG_DIR: "/tmp/.azure-{{project_tag}}" tasks: - name: Ensure az is installed environment: PATH: /usr/bin command: which az register: az_result - name: Fail if az not available fail: msg: you need azure-cli installed when: az_result is failed - set_fact: t_dest: "{{output_dir}}/{{ env_type }}.{{ guid }}.{{cloud_provider}}_cloud_template" params_dest: "{{output_dir}}/{{project_tag}}-cloud_template_parameters.json" tags: - azure_infrastructure_deployment - validate_azure_template - gen_azure_template - name: Azure Generate Resource manager template template: src: "../configs/{{ env_type }}/files/cloud_providers/{{cloud_provider}}_cloud_template.j2" dest: "{{t_dest}}" tags: - azure_infrastructure_deployment - validate_azure_template - gen_azure_template # use command line 'az' to validate template and deploy - name: Login to Azure command: >- az login --service-principal -u "{{azure_service_principal}}" -p {{azure_password}} --tenant {{azure_tenant}} environment: PATH: /usr/bin tags: - validate_azure_template - create_inventory - must - name: Create the resource group tags: - azure_infrastructure_deployment - validate_azure_template azure_rm_resourcegroup: name: "{{ az_resource_group }}" location: "{{ azure_region }}" - name: Check for auto-generated SSH Key stat: path: "{{output_dir}}/{{env_authorized_key}}" register: env_authorized_key_status tags: - check_for_env_keys - name: Get SSH public key set_fact: ssh_key: "~/.ssh/{{key_name}}.pem" ssh_key_data: "{{lookup('file', '~/.ssh/{{key_name}}.pub')}}" tags: - set_existing_ssh_key - must - create_inventory when: not env_authorized_key_status.stat.exists - name: Get SSH public key set_fact: ssh_key: "{{output_dir}}/{{env_authorized_key}}" ssh_key_data: "{{lookup('file', '{{output_dir}}/{{env_authorized_key}}.pub')}}" tags: - set_generated_ssh_key - must - create_inventory when: env_authorized_key_status.stat.exists - name: Setting windows_password variable set_fact: windows_password: "{{hostvars['localhost'].generated_windows_password}}" when: - windows_password is not defined - generated_windows_password is defined - name: Check if the parameter file exists stat: path: "{{params_dest}}" register: params_dest_status - name: Build parameter file copy: content: | { "adminUsername": { "value": "{{remote_user}}" }, "sshKeyData": { "value": "{{ssh_key_data}}"}, "DNSZone": { "value": "{{HostedZoneId}}"}, "guid": { "value": "{{guid}}"}, } dest: "{{params_dest}}" when: not params_dest_status.stat.exists tags: - azure_infrastructure_deployment - validate_azure_template - name: Validate arm template environment: PATH: /usr/bin command: >- az group deployment validate --template-file {{t_dest}} --resource-group {{az_resource_group}} --parameters @{{params_dest}} changed_when: false tags: - azure_infrastructure_deployment - validate_azure_template - name: ARM Group deployment create environment: PATH: /usr/bin command: >- az group deployment create --name {{env_type}}.{{guid}} --template-file {{t_dest}} --resource-group {{az_resource_group}} --parameters @{{params_dest}} register: az_deploy tags: - azure_infrastructure_deployment - az_rm_deploy until: az_deploy is succeeded retries: 0 - debug: var: az_deploy verbosity: 2 tags: - azure_infrastructure_deployment - name: Fetch DNS zone NS entries azure_rm_dnsrecordset_facts: zone_name: "{{guid}}.{{HostedZoneId}}" resource_group: "{{az_resource_group}}" record_type: NS relative_name: '@' register: subzone_ns tags: - azure_infrastructure_deployment when: - HostedZoneId != "none" - debug: var: subzone_ns verbosity: 2 tags: - azure_infrastructure_deployment - name: Add delegation for NS to the main DNSZone azure_rm_dnsrecordset: resource_group: "{{az_dnszone_resource_group|default('dns')}}" relative_name: "{{guid}}" zone_name: "{{HostedZoneId}}" record_type: NS state: present records: "{{ subzone_ns | json_query('ansible_facts.azure_dnsrecordset[0].properties.NSRecords[*].{entry: nsdname}') }}" tags: - azure_infrastructure_deployment when: - HostedZoneId != "none" - name: Run infra-azure-create-inventory Role import_role: name: infra-azure-create-inventory # Copy env_vars variables from the config to all hosts - import_playbook: ../include_vars.yml # TODO: use common infra role instead of this playbook - name: Configure local ssh config for bastion proxy use import_playbook: "{{cloud_provider}}_ssh_config_setup.yml" when: groups["bastions"] is defined and (groups["bastions"]|length>0) tags: - must - create_inventory - name: wait_for_connection for all non-windows machines and set hostname hosts: - all:!windows:!network gather_facts: false become: true tags: - step001 - wait_ssh - set_hostname tasks: - name: wait for linux host to be available wait_for_connection: timeout: 300 register: rwait ignore_errors: true - name: restart instance if wait_for_connection failed become: false environment: AZURE_CLIENT_ID: "{{azure_service_principal}}" AZURE_TENANT: "{{azure_tenant}}" AZURE_SECRET: "{{azure_password}}" AZURE_SUBSCRIPTION_ID: "{{azure_subscription_id}}" # AZURE_CONFIG_DIR: create a specific config dir for this stack to allow concurrent access AZURE_CONFIG_DIR: "/tmp/.azure-{{project_tag}}" command: "az vm restart --resource-group {{az_resource_group}} --name '{{inventory_hostname}}'" delegate_to: localhost when: rwait is failed - name: wait for linux host to be available (retry) wait_for_connection: when: rwait is failed - ping: register: rping retries: 3 delay: 10 until: rping is succeeded # < get internal domain name for later use - name: Get internal fqdn command: domainname -d register: internalfqdn_r changed_when: false - name: NetworkManager get active interface uuid command: nmcli --get-values UUID connection show --active register: result_active_uuid changed_when: false - name: set fact internal_azure_dns_suffix for later use set_fact: internal_azure_dns_suffix: "{{internalfqdn_r.stdout}}" nm_active_connection: "{{result_active_uuid.stdout}}" - name: Stat /etc/cloud/cloud.cf file stat: path: /etc/cloud/cloud.cfg register: cloud_cfg_file - name: disable updating hostname in /etc/cloud/cloud.cfg lineinfile: dest: /etc/cloud/cloud.cfg regexp: 'update_hostname$' line: '# - update_hostname' backup: yes when: cloud_cfg_file.stat.exists tags: disable_cloud_cfg_hostname - name: Populate /etc/hosts lineinfile: dest: /etc/hosts regexp: ' {{hostvars[item].internaldns}}$' line: '{{hostvars[item].private_ip_address}} {{hostvars[item].internaldns}}' with_items: "{{ groups['all'] }}" - name: Set facts for Windows hosts if any exist and wait_for_connection gather_facts: false hosts: - windows tasks: - name: set facts for remote access set_fact: ansible_become: false ansible_connection: winrm ansible_host: "{{ public_dns_name }}" ansible_password: "{{ windows_password | default(hostvars['localhost'].generated_windows_password) }}" ansible_port: 5986 ansible_user: "{{ remote_user | default('Administrator') }}" ansible_winrm_server_cert_validation: ignore - name: wait for windows host to be available wait_for_connection: timeout: 900 connect_timeout: 60 delay: 120 register: rwait ignore_errors: true - name: restart instance if wait_for_connection failed become: false environment: AZURE_CLIENT_ID: "{{azure_service_principal}}" AZURE_TENANT: "{{azure_tenant}}" AZURE_SECRET: "{{azure_password}}" AZURE_SUBSCRIPTION_ID: "{{azure_subscription_id}}" # AZURE_CONFIG_DIR: create a specific config dir for this stack to allow concurrent access AZURE_CONFIG_DIR: "/tmp/.azure-{{project_tag}}" command: "az vm restart --resource-group {{az_resource_group}} --name '{{inventory_hostname}}'" delegate_to: localhost when: rwait is failed - name: wait for windows host to be available (retry) wait_for_connection: timeout: 900 connect_timeout: 60 delay: 120 when: rwait is failed - name: Detect and map data disks for Azure hosts: all become: true gather_facts: false tasks: - when: instances is defined block: - name: Map Azure disks using LUN. include_role: name: infra-azure-disk-map vars: disk_map_device: name: "{{ item.name }}" lun: "{{ index }}" when: item.enable|d(true) loop_control: index_var: index loop: >- {{ instances | json_query(" [?name == '" + instance_canonical_name + "'] | [].volumes[] ") }} ignore_errors: true - name: Create Azure Service Principal for OSBA/Cloud Provider hosts: localhost connection: local gather_facts: False become: no tags: - env-specific - create_azure_service_principal environment: AZURE_CLIENT_ID: "{{azure_service_principal}}" AZURE_TENANT: "{{azure_tenant}}" AZURE_SECRET: "{{azure_password}}" AZURE_SUBSCRIPTION_ID: "{{azure_subscription_id}}" # AZURE_CONFIG_DIR: create a specific config dir for this stack to allow concurrent access AZURE_CONFIG_DIR: "/tmp/.azure-{{project_tag}}" tasks: - include_role: name: infra-azure-create-service-principal when: env_type == "ocp-workshop"