Move aro bastion (redhat-cop#6442)

* move aro install to bastion add specific role definition for vnet * fix variables * update azure open env * fix some waits * fix bug * change retries * add sub * add debug * fix debug * update identifier uri * remove identifier uri from provision * fix destroy * fix aro install * add login back * fix var * fix bad auth source * update attribute * fix pull secret * add parkinglot scope * fix role * remove unneccessary check * add missing required attribute * try again * fix bookbag deploy and destroy * fix broken argument * move bookbag to end * fix default var * fix destroy * remove satellite from deletion * fix cloud provider * add kubeconfig to user homedir * fix typo * fix typo * fix kubeconfig * fix var * install oc first * debug on delete * test apps * debugg * debug * try to fix delete * fix loop * fix delete * stupid microsoft * really stupid microsoft --------- Co-authored-by: rut31337 <rut31337@gmail.com> Co-authored-by: rut31337 <opentlc-mgr@admin-dev.na.shared.opentlc.com>
hhpatel14 · May 17, 2023 · e87c76e · e87c76e
1 parent c6e92fc
commit e87c76e
Show file tree

Hide file tree

Showing 18 changed files with 281 additions and 266 deletions.
diff --git a/ansible/cloud_providers/azure_destroy_env.yml b/ansible/cloud_providers/azure_destroy_env.yml
@@ -1,6 +1,4 @@
 ---
-- import_playbook: ../include_vars.yml
-
 - name: Delete Infrastructure
   hosts: localhost
   connection: local
@@ -13,3 +11,15 @@
     - name: Remove the service principal
       include_role:
         name: infra-azure-delete-service-principal
+
+- name: Cleanup Azure Sandbox
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  become: false
+  environment:
+    AZURE_CONFIG_DIR: "{{ output_dir }}/.azure-{{ project_tag }}"
+  tasks:
+    - name: Run the azure delete open env role
+      include_role:
+        name: open-env-azure-delete-open-env
diff --git a/ansible/cloud_providers/azure_infrastructure_deployment.yml b/ansible/cloud_providers/azure_infrastructure_deployment.yml
@@ -33,23 +33,6 @@
         msg: you need azure-cli installed
       when: az_result is failed
 
-    - set_fact:
-        t_dest: "{{output_dir}}/{{ env_type }}.{{ guid }}.{{cloud_provider}}_cloud_template"
-        params_dest: "{{output_dir}}/{{project_tag}}-cloud_template_parameters.json"
-      tags:
-        - azure_infrastructure_deployment
-        - validate_azure_template
-        - gen_azure_template
-
-    - name: Azure Generate Resource manager template
-      template:
-        src: "../configs/{{ env_type }}/files/cloud_providers/{{cloud_provider}}_cloud_template.j2"
-        dest: "{{t_dest}}"
-      tags:
-        - azure_infrastructure_deployment
-        - validate_azure_template
-        - gen_azure_template
-
     # use command line 'az' to validate template and deploy
     - name: Login to Azure
       command: >-
@@ -58,7 +41,6 @@
         -p {{ azure_password | quote }}
         --tenant {{ azure_tenant | quote }}
       tags:
-        - validate_azure_template
         - create_inventory
         - must
     - name: Create the resource group
@@ -73,53 +55,27 @@
 
     - name: Setting windows_password variable
       set_fact:
-        windows_password: "{{hostvars['localhost'].generated_windows_password}}"
+        windows_password: "{{hostvars.localhost.generated_windows_password}}"
       when:
         - windows_password is not defined
         - generated_windows_password is defined
 
-    - name: If windows password set pass it to parameters
-      set_fact:
-        adminPassword: '{% if windows_password is defined %}"adminPassword": { "value": "{{ windows_password }}" },{% endif %}'
-
-    - name: Check if the parameter file exists
-      stat:
-        path: "{{params_dest}}"
-      register: params_dest_status
-
-    - name: Build parameter file
-      copy:
-        content: |
-          {
-            "adminUsername": { "value": "{{remote_user}}" }, {{ adminPassword }}
-            "sshKeyData": { "value": "{{ ssh_provision_pubkey_content | default(env_authorized_key_content_pub) }}"},
-            "DNSZone": { "value": "{{HostedZoneId}}"},
-            "guid": { "value": "{{guid}}"},
-          }
-        dest: "{{params_dest}}"
-      when: not params_dest_status.stat.exists
-      tags:
-        - azure_infrastructure_deployment
-        - validate_azure_template
-
-    - name: Validate arm template
-      command: >-
-        az deployment group validate
-        --template-file {{t_dest}}
-        --resource-group {{az_resource_group}}
-        --parameters @{{params_dest}}
-      changed_when: false
-      tags:
-        - azure_infrastructure_deployment
-        - validate_azure_template
+    - name: Check if deployment exists
+      azure.azcollection.azure_rm_deployment_info:
+        name: "{{ env_type }}.{{ guid }}"
+        resource_group: "{{ az_resource_group }}"
+      register: az_dg_check
+      ignore_errors: true
 
-    - name: ARM deployment group create
-      command: >-
-        az deployment group create
-        --name {{env_type}}.{{guid}}
-        --template-file {{t_dest}}
-        --resource-group {{az_resource_group}}
-        --parameters @{{params_dest}}
+    - name: ARM deployment create
+      when: az_dg_check.deployments | length == 0
+      azure.azcollection.azure_rm_deployment:
+        name: "{{ env_type }}.{{ guid }}"
+        resource_group: "{{ az_resource_group }}"
+        location: "{{ azure_region }}"
+        parameters: "{{ lookup('ansible.builtin.template', '../configs/{{ env_type }}/files/cloud_providers/{{cloud_provider}}_parameters_template.j2') }}"
+        template: "{{ lookup('ansible.builtin.template', '../configs/{{ env_type }}/files/cloud_providers/{{cloud_provider}}_cloud_template.j2') }}"
+        state: present
       register: az_deploy
       tags:
         - azure_infrastructure_deployment
@@ -128,12 +84,6 @@
       retries: 5
       delay: 10
 
-    - debug:
-        var: az_deploy
-        verbosity: 2
-      tags:
-        - azure_infrastructure_deployment
-
     - name: Fetch DNS zone NS entries
       azure.azcollection.azure_rm_dnsrecordset_info:
         zone_name: "{{guid}}.{{HostedZoneId}}"
@@ -147,12 +97,6 @@
         - dns_delegation is defined
         - dns_delegation == true
 
-    - debug:
-        var: subzone_ns
-        verbosity: 2
-      tags:
-        - azure_infrastructure_deployment
-
     - name: Add delegation for NS to the main DNSZone
       azure.azcollection.azure_rm_dnsrecordset:
         resource_group: "{{az_dnszone_resource_group|default('dns')}}"
@@ -224,7 +168,7 @@
       tags:
         - create_inventory
       set_fact:
-        ansible_ssh_extra_args: "{{ ansible_ssh_extra_args|d() }} -F {{ hostvars.localhost.ansible_ssh_config }}"
+        ansible_ssh_extra_args: "{{ ansible_ssh_extra_args|default('') }} -F {{ hostvars.localhost.ansible_ssh_config }}"
 
     - name: wait for linux host to be available
       wait_for_connection:
@@ -287,9 +231,9 @@
     - name: Populate /etc/hosts
       lineinfile:
         dest: /etc/hosts
-        regexp: ' {{hostvars[item].internaldns}}$'
-        line: '{{hostvars[item].private_ip_address}} {{hostvars[item].internaldns}}'
-      with_items: "{{ groups['all'] }}"
+        regexp: " {{ hostvars[item].internaldns }}$"
+        line: "{{ hostvars[item].private_ip_address }} {{ hostvars[item].internaldns }}"
+      with_items: "{{ groups.all }}"
 
 - name: Set facts for Windows hosts if any exist and wait_for_connection
   gather_facts: false
@@ -301,7 +245,7 @@
         ansible_become: false
         ansible_connection: winrm
         ansible_host: "{{ public_dns_name }}"
-        ansible_password: "{{ windows_password | default(hostvars['localhost'].generated_windows_password) }}"
+        ansible_password: "{{ windows_password | default(hostvars.localhost.generated_windows_password) }}"
         ansible_port: 5986
         ansible_user: "{{ remote_user | default('Administrator') }}"
         ansible_winrm_server_cert_validation: ignore
@@ -355,7 +299,7 @@
             disk_map_device:
               name: "{{ item.name }}"
               lun: "{{ index }}"
-          when: item.enable|d(true)
+          when: item.enable|default(true)
           loop_control:
             index_var: index
           loop: >-

diff --git a/ansible/configs/open-environment-azure/default_vars.yml b/ansible/configs/open-environment-azure/default_vars.yml
@@ -12,6 +12,10 @@ output_dir: "/tmp/output-dir-{{ guid }}"
 
 # Automatically install ARO on top of OPEN Environment?
 install_aro: false
+az_aro_version: 4.11.26
+
+# For OC client
+ocp4_installer_root_url: https://mirror.openshift.com/pub/openshift-v4/clients
 
 # Set to true if you have azcollection > v1.13.0 (2022-05-27)
 install_aro_with_azcollection: false
@@ -26,6 +30,13 @@ ansible_user: azure
 
 dns_bastion: true
 
+repo_method: satellite
+update_packages: true
+install_common: true
+common_packages_el9:
+  - python39
+  - git
+
 rhel_vm_size: Standard_DS1_v2
 
 # Enable RHEL Gold Image

diff --git a/ansible/configs/open-environment-azure/destroy_env.yml b/ansible/configs/open-environment-azure/destroy_env.yml
diff --git a/ansible/configs/open-environment-azure/files/cloud_providers/azure_parameters_template.j2 b/ansible/configs/open-environment-azure/files/cloud_providers/azure_parameters_template.j2
@@ -0,0 +1,19 @@
+{
+  "adminUsername": {
+    "value": "{{remote_user}}"
+  },
+{% if windows_password is defined %}
+  "adminPassword": {
+    "value": "{{ windows_password }}"
+  },
+{% endif %}
+  "sshKeyData": {
+    "value": "{{ ssh_provision_pubkey_content | default(hostvars.localhost.env_authorized_key_content_pub) }}"
+  },
+  "DNSZone": {
+    "value": "{{ HostedZoneId }}"
+  },
+  "guid": {
+    "value": "{{ guid }}"
+  },
+}
diff --git a/ansible/configs/open-environment-azure/post_software.yml b/ansible/configs/open-environment-azure/post_software.yml
@@ -128,22 +128,13 @@
           bastion_ssh_command: "ssh {{ remote_user }}@bastion.{{ guid }}.{{ cluster_dns_zone }}"
           bastion_password: "{{ generated_password }}"
 
-- name: Step 002 Post Software
-  hosts: localhost
-  connection: local
-  become: false
-  tags:
-    - step001
-    - post_software
-  tasks:
-    - debug:
-        msg: "Step 002 Post Software - Completed"
-
 - name: Bookbag
   hosts: localhost
   connection: local
   gather_facts: false
   become: false
+  environment:
+    KUBECONFIG: "{{ output_dir }}/.kube/config"
   tasks:
   - name: Deploy Bookbag
     when: deploy_bookbag | bool
@@ -152,6 +143,17 @@
     vars:
       ACTION: create
 
+- name: Step 002 Post Software
+  hosts: localhost
+  connection: local
+  become: false
+  tags:
+    - step001
+    - post_software
+  tasks:
+    - debug:
+        msg: "Step 002 Post Software - Completed"
+
 - name: Software flight-check
   hosts: localhost
   connection: local

diff --git a/ansible/configs/open-environment-azure/pre_software.yml b/ansible/configs/open-environment-azure/pre_software.yml
@@ -43,13 +43,20 @@
             name: azure-cli
             state: latest
 
-- name: Install Azure CLI
+        - name: Install git and pip
+          ansible.builtin.package:
+            name:
+              - git
+              - python3-pip
+            state: latest
+
+- name: Stash Creds For Azure CLI
   hosts: bastions
   gather_facts: false
   become: true
   become_user: "{{ remote_user }}"
   tasks:
-    - name: Install Azure CLI
+    - name: Stash Creds For Azure CLI
       when: install_aro | default(false) | bool
       block:
         - name: Log into Azure SP and stash creds in remote user