Skip to content

Commit

Permalink
Hotfix for 3.11 (#564)
Browse files Browse the repository at this point in the history
Co-authored-by: Kimmo Forss <[email protected]>
  • Loading branch information
KimForss and Kimmo Forss authored Mar 14, 2024
1 parent fa802c9 commit ab30983
Show file tree
Hide file tree
Showing 5 changed files with 72 additions and 48 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -9,36 +9,36 @@
- name: "0.4 Installation Media: - Retrieve Deployer Keyvault details"
block:

- name: Check required variables are present and not empty
- name: Check required variables are present and not empty
ansible.builtin.assert:
that:
- "kv_name is defined" # Has the variable been defined
- "kv_name | type_debug != 'NoneType'" # and given a value
- "kv_name | string | length != 0 " # Detect null values
fail_msg: "Please define the kv_name parameter"
fail_msg: "Please define the kv_name parameter"

- name: "Parameters to be used..."
- name: "Parameters to be used..."
ansible.builtin.debug:
msg: # Best method for formatting output with Azure Devops Logs
- "kv_name: {{ kv_name }}"
- "deployer_kv_name_secret: {{ deployer_kv_name_secret }}"
verbosity: 2
- "kv_name: {{ kv_name }}"
- "deployer_kv_name_secret: {{ deployer_kv_name_secret }}"
verbosity: 2

- name: "0.4 Installation Media: - Get Deployer key vault name workload zone key vault"
- name: "0.4 Installation Media: - Get Deployer key vault name workload zone key vault"
ansible.builtin.command: >-
az keyvault secret show
--vault-name {{ kv_name }}
--name {{ deployer_kv_name_secret }}
--query value
--output tsv
changed_when: false
register: deployer_kv_name_secret_result
when: bom_processing is not defined

- name: "0.4 Installation Media: - Save Deployer key vault name"
az keyvault secret show
--vault-name {{ kv_name }}
--name {{ deployer_kv_name_secret }}
--query value
--output tsv
changed_when: false
register: deployer_kv_name_secret_result
when: bom_processing is not defined

- name: "0.4 Installation Media: - Save Deployer key vault name"
ansible.builtin.set_fact:
deployer_kv_name: "{{ deployer_kv_name_secret_result.stdout }}"
cacheable: true
deployer_kv_name: "{{ deployer_kv_name_secret_result.stdout }}"
cacheable: true

when: deployer_kv_name is not defined

Expand All @@ -50,6 +50,13 @@
- "deployer_kv_name: {{ deployer_kv_name }}"
verbosity: 2

- name: "0.4 Installation Media: - Get Control Plane Subscription"
ansible.builtin.set_fact:
control_plane_subscription_id: "{{ lookup('ansible.builtin.env', 'control_plane_subscription') | default('') }}"

- name: "0.4 Installation Media: - Extract SAP Binaries Storage Account SAS (temp)"
ansible.builtin.set_fact:
subscription_parameter: "{%if control_plane_subscription_id | length > 0 %}--subscription {{ control_plane_subscription_id }}{% else %}{% endif %}"

- name: "0.4 Installation Media: - Extract SAP Binaries Storage Account secrets"
block:
Expand All @@ -75,37 +82,41 @@
account_name: "{{ sapbits_location_base_path.rpartition('//')[2].split('.')[0] }}"
when: sapbits_location_base_path is defined

- name: "0.4 Installation Media: - Extract Shared Key Access token flag"
ansible.builtin.set_fact:
allowSharedKeyAccess: true

- name: "0.4 Installation Media: - Check Binaries Storage Account"
- name: "0.4 Installation Media: - Check Binaries Storage Account for Shared Key Access with Control Plane Subscription"
ansible.builtin.command: >-
az storage account show \
--name {{ account_name }} \
--query allowSharedKeyAccess \
az storage account show \
--name {{ account_name }} \
--query allowSharedKeyAccess \
{{ subscription_parameter }} \
--out tsv
changed_when: false
register: az_allowSharedKeyAccess

- name: "0.4 Installation Media: - Extract SAS token"
- name: "0.4 Installation Media: - Extract Shared Key Access token flag"
ansible.builtin.set_fact:
allowSharedKeyAccess: "{{ az_allowSharedKeyAccess.stdout | bool }}"
when: az_allowSharedKeyAccess is defined
when: az_allowSharedKeyAccess.stdout is defined and az_allowSharedKeyAccess.stdout | length > 0

- name: "Parameter review..."
ansible.builtin.debug:
msg: # Best method for formatting output with Azure Devops Logs
- "account_name: {{ account_name }}"
- "allowSharedKeyAccess: {{ allowSharedKeyAccess }}"
- "allowSharedKeyAccess: {{ allowSharedKeyAccess | default(true) }}"
verbosity: 2

- name: "0.4 Installation Media: - Retrieve Access Key secret"
when:
- sapbits_access_key is not defined
- allowSharedKeyAccess
- allowSharedKeyAccess | default(true)
block:
- name: "0.4 Installation Media: - Check if Access Key secret exists"
ansible.builtin.command: >-
az keyvault secret list
--vault-name {{ deployer_kv_name }} --query "[].{Name:name} | [? contains(Name,'sapbits-access-key')] | [0]"
--vault-name {{ deployer_kv_name }} --query "[?name=='sapbits-access-key'].name | [0]" --output tsv
changed_when: false
register: keyvault_secrets

Expand Down Expand Up @@ -133,12 +144,13 @@
when:
- sapbits_access_key is not defined
- sapbits_sas_token is not defined or (sapbits_sas_token | string | length == 0)
- allowSharedKeyAccess
block:
- name: "0.4 Installation Media: - Check if SAS token secret exists"
ansible.builtin.command: >-
az keyvault secret list
--vault-name {{ deployer_kv_name }} --query "[].{Name:name} | [? contains(Name,'sapbits-sas-token')] | [0]"
--vault-name {{ deployer_kv_name }}
--query "[?name =='sapbits-sas-token'].name | [0]"
--output tsv
changed_when: false
register: keyvault_secrets

Expand All @@ -158,7 +170,6 @@
ansible.builtin.set_fact:
sapbits_sas_token: "{{ keyvault_secret_show_sas_token.stdout }}"
cacheable: true

no_log: true
when: keyvault_secret_show_sas_token is defined

Expand All @@ -167,7 +178,6 @@
when:
- sapbits_sas_token is not defined or (sapbits_sas_token | string | length == 0)
- sapbits_access_key is defined
- allowSharedKeyAccess is defined
- allowSharedKeyAccess
block:

Expand All @@ -179,7 +189,7 @@
ansible.builtin.command: "date +'%Y-%m-%d' -d '+3 days'"
register: expiry

- name: "0.4 Installation Media: - Create SAP Binaries Storage Account SAS"
- name: "0.4 Installation Media: - Create SAP Binaries Storage Account SAS in Control Plane subscription"
ansible.builtin.command: >-
az storage account generate-sas \
--account-name {{ account_name }} \
Expand All @@ -188,18 +198,22 @@
--services b \
--resource-types sco \
--account-key {{ sapbits_access_key }} \
{{ subscription_parameter }} \
--out tsv
changed_when: false
register: az_sapbits_sas_token

- name: "0.4 Installation Media: - Extract SAP Binaries Storage Account SAS (temp)"
ansible.builtin.set_fact:
sapbits_sas_token: "{{ az_sapbits_sas_token.stdout }}"
- name: "0.4 Installation Media: - Debug storage account details (sas)"
ansible.builtin.debug:
var: az_sapbits_sas_token
verbosity: 4

- name: "0.4 Installation Media: - Extract SAP Binaries Storage Account SAS (temp)"
ansible.builtin.set_fact:
sapbits_sas_token: "{{ az_sapbits_sas_token.stdout }}"

- name: "0.0 Validations - Check required variables are present and not empty"
- name: "0.0 Validations - Check required variables are present and not empty"
when:
- allowSharedKeyAccess is defined
- allowSharedKeyAccess
ansible.builtin.assert:
that:
Expand All @@ -219,7 +233,7 @@
ansible.builtin.debug:
msg:
- "SAS : {{ sapbits_sas_token }}"
verbosity: 2
verbosity: 4

...
# /*---------------------------------------------------------------------------8
Expand Down
2 changes: 1 addition & 1 deletion deploy/ansible/roles-sap/5.2-pas-install/tasks/main.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -467,7 +467,7 @@
when:
- database_high_availability
- platform == 'HANA'
- hdbuserstore_file | length > 0
- hdbuserstore_file.matched > 0

- name: "PAS Install: show hdbuserstore path"
ansible.builtin.debug:
Expand Down
20 changes: 14 additions & 6 deletions deploy/pipelines/05-DB-and-SAP-installation.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -233,14 +233,21 @@ stages:
if [ -z ${az_var} ]; then
export workload_key_vault=$(cat "${environment_file_name}" | grep workloadkeyvault | awk -F'=' '{print $2}' | xargs) ; echo 'Workload Key Vault' ${workload_key_vault}
else
export workload_key_vault=${az_var} ; echo 'Workload Key Vault' ${workload_key_vault} ; echo 'Workload Key Vault' ${workload_key_vault}
export workload_key_vault=${az_var} ; echo 'Workload Key Vault' ${workload_key_vault} ;
fi
az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "${NETWORK}"Workload_Secret_Prefix.value --output tsv)
if [ -z ${az_var} ]; then
export workload_prefix=$(cat "${environment_file_name}" | grep workload_zone_prefix | awk -F'=' '{print $2}' | xargs) ; echo 'Workload Prefix' ${workload_prefix}
else
export workload_prefix=${az_var} ; echo 'Workload Prefix' ${workload_prefix}; echo 'Workload Prefix' ${workload_prefix}
export workload_prefix=${az_var} ; echo 'Workload Prefix' ${workload_prefix};
fi
az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query Terraform_Remote_Storage_Subscription.value --output tsv)
if [ -z ${az_var} ]; then
export control_plane_subscription=$(cat "${environment_file_name}" | grep STATE_SUBSCRIPTION | awk -F'=' '{print $2}' | xargs) ; echo 'Control Plane Subscription' ${control_plane_subscription}
else
export control_plane_subscription=${az_var} ; echo 'Control Plane Subscription' ${control_plane_subscription}
fi
if [[ $EXTRA_PARAMETERS = "'$(EXTRA_PARAMETERS)'" ]]; then
Expand All @@ -255,6 +262,7 @@ stages:
echo "##vso[task.setvariable variable=PASSWORD_KEY_NAME;isOutput=true]${workload_prefix}-sid-password"
echo "##vso[task.setvariable variable=USERNAME_KEY_NAME;isOutput=true]${workload_prefix}-sid-username"
echo "##vso[task.setvariable variable=NEW_PARAMETERS;isOutput=true]${new_parameters}"
echo "##vso[task.setvariable variable=CP_SUBSCRIPTION;isOutput=true]${control_plane_subscription}"
echo -e "$green--- az login ---$reset"
Expand All @@ -263,7 +271,7 @@ stages:
if [ "$USE_MSI" = "true" ]; then
echo "Using MSI"
source /etc/profile.d/deploy_server.sh
az account set --subscription $ARM_SUBSCRIPTION_ID
az account set --subscription $control_plane_subscription
else
if [ ! -n $AZURE_CLIENT_ID ]; then
Expand All @@ -287,7 +295,7 @@ stages:
echo "##vso[task.logissue type=error]az login failed."
exit $return_code
fi
az account set --subscription $AZURE_SUBSCRIPTION_ID
az account set --subscription $control_plane_subscription
fi
return_code=$?
Expand All @@ -297,7 +305,7 @@ stages:
exit $return_code
fi
az keyvault secret show --name ${workload_prefix}-sid-sshkey --vault-name $workload_key_vault --query value -o tsv > artifacts/${SAP_SYSTEM_CONFIGURATION_NAME}_sshkey
az keyvault secret show --name ${workload_prefix}-sid-sshkey --vault-name $workload_key_vault --subscription $AZURE_SUBSCRIPTION_ID --query value -o tsv > artifacts/${SAP_SYSTEM_CONFIGURATION_NAME}_sshkey
cp sap-parameters.yaml artifacts/.
cp ${SID}_hosts.yaml artifacts/.
Expand All @@ -312,7 +320,7 @@ stages:
AZURE_CLIENT_ID: $(ARM_CLIENT_ID)
AZURE_CLIENT_SECRET: $(ARM_CLIENT_SECRET)
AZURE_TENANT_ID: $(ARM_TENANT_ID)
AZURE_SUBSCRIPTION_ID: $(ARM_SUBSCRIPTION_ID)
AZURE_SUBSCRIPTION_ID: $(Terraform_Remote_Storage_Subscription)
ANSIBLE_COLLECTIONS_PATHS: /opt/ansible/collections
CONFIG_REPO_PATH: ${{ parameters.config_repo_path }}
BOM_BASE_NAME: ${{ parameters.bom_base_name }}
Expand Down
1 change: 1 addition & 0 deletions deploy/pipelines/templates/run-ansible.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ steps:
#If the deployer_file exists we run on a deployer configured by the framework instead of a azdo hosted one
export control_plane_subscription=$(Terraform_Remote_Storage_Subscription)
deployer_file=/etc/profile.d/deploy_server.sh
if [ $USE_MSI == "true" ]; then
Expand Down
5 changes: 3 additions & 2 deletions deploy/scripts/New-SDAFDevopsProject.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -468,7 +468,8 @@ else {
Add-Content -Path $templatename " type: GitHub"
Add-Content -Path $templatename -Value (" endpoint: " + $ghConn)
Add-Content -Path $templatename " name: Azure/sap-automation"
Add-Content -Path $templatename -Value (" ref: refs/tags/" + $versionLabel)
Add-Content -Path $templatename " ref: refs/heads/main"
# Add-Content -Path $templatename -Value (" ref: refs/tags/" + $versionLabel)

$cont = Get-Content -Path $templatename -Raw

Expand Down Expand Up @@ -517,7 +518,7 @@ else {
Add-Content -Path $templatename " type: GitHub"
Add-Content -Path $templatename -Value (" endpoint: " + $ghConn)
Add-Content -Path $templatename " name: Azure/sap-automation"
Add-Content -Path $templatename -Value (" ref: refs/tags/" + $versionLabel)
Add-Content -Path $templatename " ref: refs/heads/main"
Add-Content -Path $templatename " - repository: sap-samples"
Add-Content -Path $templatename " type: GitHub"
Add-Content -Path $templatename -Value (" endpoint: " + $ghConn)
Expand Down

0 comments on commit ab30983

Please sign in to comment.