From b86ec4b9be9d30d78c633db50ed60c630ddc0c28 Mon Sep 17 00:00:00 2001 From: "Shekhar Sorot ( MSFT )" Date: Mon, 16 Sep 2024 20:49:16 +0530 Subject: [PATCH 001/279] Update 5.5.4.0-clusterPrep-RedHat.yml --- .../5.5-hanadb-pacemaker/tasks/5.5.4.0-clusterPrep-RedHat.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/deploy/ansible/roles-sap/5.5-hanadb-pacemaker/tasks/5.5.4.0-clusterPrep-RedHat.yml b/deploy/ansible/roles-sap/5.5-hanadb-pacemaker/tasks/5.5.4.0-clusterPrep-RedHat.yml index e6f9471e0c..587150c756 100644 --- a/deploy/ansible/roles-sap/5.5-hanadb-pacemaker/tasks/5.5.4.0-clusterPrep-RedHat.yml +++ b/deploy/ansible/roles-sap/5.5-hanadb-pacemaker/tasks/5.5.4.0-clusterPrep-RedHat.yml @@ -9,6 +9,7 @@ # SAP HANA Cluster resources prep for ANF # https://learn.microsoft.com/en-us/azure/sap/workloads/sap-hana-high-availability-netapp-files-red-hat +# Additonal steps inherited from https://access.redhat.com/articles/6093611 # +------------------------------------4--------------------------------------*/ - name: "Backward Compatibility - Check required Database HA variables" From 96e82f03bca0977ca6396bc16e01f076e4109fcf Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 14 Oct 2024 22:59:54 +0300 Subject: [PATCH 002/279] Update deploy control plane script --- deploy/pipelines/01-deploy-control-plane.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index f96089caf3..57faa3898a 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -89,11 +89,12 @@ stages: boldred="\e[1;31m" cyan="\e[1;36m" - export ARM_CLIENT_ID=$servicePrincipalId + export ARM_CLIENT_ID=$servicePrincipalId; echo 'ARM_CLIENT_ID' $ARM_CLIENT_ID if [ -n "$(servicePrincipalKey)" ]; then export ARM_CLIENT_SECRET=$servicePrincipalKey else + echo "Use OIDC" export ARM_USE_OIDC=true export ARM_USE_AZUREAD=true export ARM_OIDC_TOKEN=$idToken From 099107b83557ec3760e7a79d0b5e595478809e6a Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 14 Oct 2024 23:08:46 +0300 Subject: [PATCH 003/279] Refactor deploy control plane script to simplify authentication logic --- deploy/pipelines/01-deploy-control-plane.yaml | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index 57faa3898a..3b78a8a028 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -91,15 +91,6 @@ stages: export ARM_CLIENT_ID=$servicePrincipalId; echo 'ARM_CLIENT_ID' $ARM_CLIENT_ID - if [ -n "$(servicePrincipalKey)" ]; then - export ARM_CLIENT_SECRET=$servicePrincipalKey - else - echo "Use OIDC" - export ARM_USE_OIDC=true - export ARM_USE_AZUREAD=true - export ARM_OIDC_TOKEN=$idToken - fi - export ARM_TENANT_ID=$tenantId set -eu @@ -252,8 +243,14 @@ stages: --library_parameter_file ${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder)/$(libraryconfig) \ --subscription $ARM_SUBSCRIPTION_ID --auto-approve --ado --only_deployer --msi else - export ARM_CLIENT_ID="$CP_ARM_CLIENT_ID" + export ARM_CLIENT_ID=$CP_ARM_CLIENT_ID + export ARM_CLIENT_SECRET=$CP_ARM_CLIENT_SECRET export ARM_CLIENT_SECRET=$CP_ARM_CLIENT_SECRET + export ARM_TENANT_ID=$CP_ARM_TENANT_ID + export ARM_USE_OIDC=false + export ARM_USE_AZUREAD=true + + $SAP_AUTOMATION_REPO_PATH/deploy/scripts/deploy_controlplane.sh \ --deployer_parameter_file ${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/$(deployerconfig) \ --library_parameter_file ${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder)/$(libraryconfig) \ From 5a5f8a582a66435be29feefc2c6901212502ea4d Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 14 Oct 2024 23:14:45 +0300 Subject: [PATCH 004/279] Refactor deploy control plane script to simplify authentication logic --- deploy/pipelines/01-deploy-control-plane.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index 3b78a8a028..efaf7f67ae 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -250,6 +250,8 @@ stages: export ARM_USE_OIDC=false export ARM_USE_AZUREAD=true + az login --service-principal -u $ARM_CLIENT_ID -p=$ARM_CLIENT_SECRET --tenant $ARM_TENANT_ID + $SAP_AUTOMATION_REPO_PATH/deploy/scripts/deploy_controlplane.sh \ --deployer_parameter_file ${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/$(deployerconfig) \ From ed0d0fa64bdd26651203725ea4c4d3f8f2f8090a Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 15 Oct 2024 13:56:32 +0300 Subject: [PATCH 005/279] Refactor deploy control plane script to include management subnet in storage account network rules --- .../terraform-units/modules/sap_deployer/infrastructure.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/terraform/terraform-units/modules/sap_deployer/infrastructure.tf b/deploy/terraform/terraform-units/modules/sap_deployer/infrastructure.tf index 1f00c03ccc..454a23d342 100644 --- a/deploy/terraform/terraform-units/modules/sap_deployer/infrastructure.tf +++ b/deploy/terraform/terraform-units/modules/sap_deployer/infrastructure.tf @@ -90,7 +90,7 @@ resource "azurerm_storage_account" "deployer" { shared_access_key_enabled = var.deployer.shared_access_key_enabled network_rules { default_action = "Deny" - virtual_network_subnet_ids = [azurerm_subnet.subnet_mgmt[0].id] + virtual_network_subnet_ids = [(local.management_subnet_exists) ? local.management_subnet_arm_id : azurerm_subnet.subnet_mgmt[0].id] } cross_tenant_replication_enabled = false depends_on = [ azurerm_subnet.subnet_mgmt ] From 6ffcef8e0fc211de12b75d669bf4ba5c1fc4ff71 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 15 Oct 2024 15:25:56 +0300 Subject: [PATCH 006/279] Refactor deploy control plane script to include management subnet in storage account network rules --- .../modules/sap_deployer/infrastructure.tf | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/deploy/terraform/terraform-units/modules/sap_deployer/infrastructure.tf b/deploy/terraform/terraform-units/modules/sap_deployer/infrastructure.tf index 454a23d342..c33f98f06d 100644 --- a/deploy/terraform/terraform-units/modules/sap_deployer/infrastructure.tf +++ b/deploy/terraform/terraform-units/modules/sap_deployer/infrastructure.tf @@ -88,12 +88,19 @@ resource "azurerm_storage_account" "deployer" { min_tls_version = "TLS1_2" allow_nested_items_to_be_public = false shared_access_key_enabled = var.deployer.shared_access_key_enabled - network_rules { - default_action = "Deny" - virtual_network_subnet_ids = [(local.management_subnet_exists) ? local.management_subnet_arm_id : azurerm_subnet.subnet_mgmt[0].id] - } + cross_tenant_replication_enabled = false depends_on = [ azurerm_subnet.subnet_mgmt ] + + dynamic "network_rules" { + for_each = range(var.use_service_endpoint ? 1 : 0) + content + { + default_action = "Deny" + virtual_network_subnet_ids = [(local.management_subnet_exists) ? local.management_subnet_arm_id : azurerm_subnet.subnet_mgmt[0].id] + } + } + } data "azurerm_storage_account" "deployer" { From dd2beca4d5dba1495ddcb3057c26c628ee21ddc4 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 15 Oct 2024 15:53:11 +0300 Subject: [PATCH 007/279] Refactor deploy control plane script to include management subnet in storage account network rules --- .../terraform-units/modules/sap_deployer/infrastructure.tf | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/deploy/terraform/terraform-units/modules/sap_deployer/infrastructure.tf b/deploy/terraform/terraform-units/modules/sap_deployer/infrastructure.tf index c33f98f06d..4dbc99e1cc 100644 --- a/deploy/terraform/terraform-units/modules/sap_deployer/infrastructure.tf +++ b/deploy/terraform/terraform-units/modules/sap_deployer/infrastructure.tf @@ -78,6 +78,7 @@ data "azurerm_subnet" "subnet_mgmt" { // Creates boot diagnostics storage account for Deployer resource "azurerm_storage_account" "deployer" { + depends_on = [ azurerm_subnet.subnet_mgmt ] count = length(var.deployer.deployer_diagnostics_account_arm_id) > 0 ? 0 : 1 name = local.storageaccount_names resource_group_name = local.resource_group_exists ? data.azurerm_resource_group.deployer[0].name : azurerm_resource_group.deployer[0].name @@ -90,12 +91,10 @@ resource "azurerm_storage_account" "deployer" { shared_access_key_enabled = var.deployer.shared_access_key_enabled cross_tenant_replication_enabled = false - depends_on = [ azurerm_subnet.subnet_mgmt ] - dynamic "network_rules" { + dynamic "network_rules" { for_each = range(var.use_service_endpoint ? 1 : 0) - content - { + content { default_action = "Deny" virtual_network_subnet_ids = [(local.management_subnet_exists) ? local.management_subnet_arm_id : azurerm_subnet.subnet_mgmt[0].id] } From 0d4f06571f3f2171de07b9cd6ccc7c6955b45939 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 15 Oct 2024 16:04:54 +0300 Subject: [PATCH 008/279] Refactor deploy control plane script to remove unused variable "plan" --- .../bootstrap/sap_deployer/tfvar_variables.tf | 10 ---------- deploy/terraform/bootstrap/sap_deployer/transform.tf | 2 -- deploy/terraform/run/sap_deployer/tfvar_variables.tf | 10 ---------- deploy/terraform/run/sap_deployer/transform.tf | 2 -- .../modules/sap_deployer/vm-deployer.tf | 7 +++---- 5 files changed, 3 insertions(+), 28 deletions(-) diff --git a/deploy/terraform/bootstrap/sap_deployer/tfvar_variables.tf b/deploy/terraform/bootstrap/sap_deployer/tfvar_variables.tf index 68876b134e..a0bf25a64e 100644 --- a/deploy/terraform/bootstrap/sap_deployer/tfvar_variables.tf +++ b/deploy/terraform/bootstrap/sap_deployer/tfvar_variables.tf @@ -240,16 +240,6 @@ variable "deployer_image" { } } -variable "plan" { - description = "The plan for the marketplace item" - default = { - use = false - "name" = "" - "publisher" = "" - "product" = "" - } - } - variable "deployer_private_ip_address" { description = "If provides, the value of the deployer Virtual machine IPs" default = [""] diff --git a/deploy/terraform/bootstrap/sap_deployer/transform.tf b/deploy/terraform/bootstrap/sap_deployer/transform.tf index c2687ef478..ae37d4b372 100644 --- a/deploy/terraform/bootstrap/sap_deployer/transform.tf +++ b/deploy/terraform/bootstrap/sap_deployer/transform.tf @@ -178,8 +178,6 @@ locals { ), "") } - plan = var.plan - private_ip_address = try(coalesce( var.deployer_private_ip_address, try(var.deployers[0].private_ip_address, "") diff --git a/deploy/terraform/run/sap_deployer/tfvar_variables.tf b/deploy/terraform/run/sap_deployer/tfvar_variables.tf index 5bd696982b..cf917a3fb1 100644 --- a/deploy/terraform/run/sap_deployer/tfvar_variables.tf +++ b/deploy/terraform/run/sap_deployer/tfvar_variables.tf @@ -240,16 +240,6 @@ variable "deployer_image" { } } -variable "plan" { - description = "The plan for the marketplace item" - default = { - use = false - "name" = "" - "publisher" = "" - "product" = "" - } - } - variable "deployer_private_ip_address" { description = "If provides, the value of the deployer Virtual machine IPs" default = [""] diff --git a/deploy/terraform/run/sap_deployer/transform.tf b/deploy/terraform/run/sap_deployer/transform.tf index 7e65b601e5..eadf3b5215 100644 --- a/deploy/terraform/run/sap_deployer/transform.tf +++ b/deploy/terraform/run/sap_deployer/transform.tf @@ -175,8 +175,6 @@ locals { ), "") } - plan = var.plan - private_ip_address = try(coalesce( var.deployer_private_ip_address, try(var.deployers[0].private_ip_address, "") diff --git a/deploy/terraform/terraform-units/modules/sap_deployer/vm-deployer.tf b/deploy/terraform/terraform-units/modules/sap_deployer/vm-deployer.tf index 9cfb588d7b..b99a2749b0 100644 --- a/deploy/terraform/terraform-units/modules/sap_deployer/vm-deployer.tf +++ b/deploy/terraform/terraform-units/modules/sap_deployer/vm-deployer.tf @@ -156,13 +156,12 @@ resource "azurerm_linux_virtual_machine" "deployer" { version = var.deployer.os.version } } - dynamic "plan" { for_each = range(var.deployer.os.type == "marketplace_with_plan" ? 1 : 0) content { - name = var.deployer.plan.name - publisher = var.deployer.plan.publisher - product = var.deployer.plan.product + name = var.deployer.os.sku + publisher = var.deployer.os.publisher + product = var.deployer.os.offer } } From 24294e80b8f1db60166ec95a44cc179432353782 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 15 Oct 2024 16:09:43 +0300 Subject: [PATCH 009/279] Refactor deploy control plane script to handle error when creating the deployer --- deploy/scripts/install_deployer.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/deploy/scripts/install_deployer.sh b/deploy/scripts/install_deployer.sh index bbf6648062..b9efb5aa73 100755 --- a/deploy/scripts/install_deployer.sh +++ b/deploy/scripts/install_deployer.sh @@ -390,6 +390,16 @@ then rm apply_output.json fi fi +if [ 0 != $return_value ] +then + echo "#########################################################################################" + echo "# #" + echo -e "# $boldreduscore !!! Error when Creating the deployer !!! $resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" + exit $return_value +fi keyvault=$(terraform -chdir="${terraform_module_directory}" output deployer_kv_user_name | tr -d \") temp=$(echo "${keyvault}" | grep "Warning") From bb740cd164663e539ecd99dda22030d5a127188a Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 15 Oct 2024 16:22:25 +0300 Subject: [PATCH 010/279] Refactor deploy control plane script to handle error during the init phase --- deploy/scripts/install_deployer.sh | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/deploy/scripts/install_deployer.sh b/deploy/scripts/install_deployer.sh index b9efb5aa73..5b4edbe12b 100755 --- a/deploy/scripts/install_deployer.sh +++ b/deploy/scripts/install_deployer.sh @@ -206,6 +206,19 @@ else terraform -chdir="${terraform_module_directory}" init -upgrade=true -backend-config "path=${param_dirname}/terraform.tfstate" fi fi +return_value=$? +if [ 1 == $return_value ] +then + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldreduscore Errors during the init phase $resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" + unset TF_DATA_DIR + exit $return_value +fi extra_vars="" From 0bc5ffc86581c82519c38d1068305356da657a2d Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 15 Oct 2024 16:32:15 +0300 Subject: [PATCH 011/279] Refactor deploy control plane script to include management subnet in storage account network rules --- .../modules/sap_deployer/infrastructure.tf | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/deploy/terraform/terraform-units/modules/sap_deployer/infrastructure.tf b/deploy/terraform/terraform-units/modules/sap_deployer/infrastructure.tf index 4dbc99e1cc..e27d70688a 100644 --- a/deploy/terraform/terraform-units/modules/sap_deployer/infrastructure.tf +++ b/deploy/terraform/terraform-units/modules/sap_deployer/infrastructure.tf @@ -92,13 +92,10 @@ resource "azurerm_storage_account" "deployer" { cross_tenant_replication_enabled = false - dynamic "network_rules" { - for_each = range(var.use_service_endpoint ? 1 : 0) - content { - default_action = "Deny" - virtual_network_subnet_ids = [(local.management_subnet_exists) ? local.management_subnet_arm_id : azurerm_subnet.subnet_mgmt[0].id] - } - } + network_rules { + default_action = var.enable_firewall_for_keyvaults_and_storage ? "Deny" : "Allow" + virtual_network_subnet_ids = var.use_service_endpoint ? [(local.management_subnet_exists) ? local.management_subnet_arm_id : azurerm_subnet.subnet_mgmt[0].id] : null + } } From ce7ec24ff49720c4ba68ebef6390e183b95cfc33 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 15 Oct 2024 16:58:59 +0300 Subject: [PATCH 012/279] Refactor deploy control plane script to include management subnet in storage account network rules --- .../sap_deployer/templates/configure_deployer.sh.tmpl | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl b/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl index ead70e2bc2..31c5ed53e2 100644 --- a/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl +++ b/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl @@ -758,14 +758,13 @@ else sudo touch "$${agent_home}/no_tok" fi - set -o xtrace if [ -f "$${agent_home}/agent_configured" ]; then echo "Agent already configured" else - set +o xtrace if [[ -n "$${TOKEN}" ]]; then + echo "Configuring Agent" sudo chmod -R 744 "$${agent_home}" - set -o xtrace + cd "$${agent_home}" ./env.sh @@ -776,6 +775,8 @@ else (echo "$${agent_home}/config.sh" --unattended --url "$${DEVURL}" --auth pat --token "$${TOKEN}" --pool "$${POOL}" --agent "$${AGENTNAME}" --replace --acceptTeeEula | sudo tee -a "$${agent_home}/config_fixed_params.sh") > /dev/null 2>&1 sudo chmod +x "$${agent_home}/config_fixed_params.sh" + echo "Installing Agent" + sudo runuser -l "$${local_user}" -c "$${agent_home}/config_fixed_params.sh" | sudo tee -a "$${agent_home}/log.txt" # automatic start configuration after VM reboot From e803d82bbfe2c7f8d9c06e5960726774026569b7 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 15 Oct 2024 17:02:29 +0300 Subject: [PATCH 013/279] Refactor deploy control plane script to include ownership change for config_fixed_params.sh --- .../modules/sap_deployer/templates/configure_deployer.sh.tmpl | 1 + 1 file changed, 1 insertion(+) diff --git a/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl b/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl index 31c5ed53e2..7b07c1aa40 100644 --- a/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl +++ b/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl @@ -774,6 +774,7 @@ else (echo "$${agent_home}/config.sh" --unattended --url "$${DEVURL}" --auth pat --token "$${TOKEN}" --pool "$${POOL}" --agent "$${AGENTNAME}" --replace --acceptTeeEula | sudo tee -a "$${agent_home}/config_fixed_params.sh") > /dev/null 2>&1 sudo chmod +x "$${agent_home}/config_fixed_params.sh" + sudo chown "$${local_user}" "$${agent_home}/config_fixed_params.sh" echo "Installing Agent" From de3636b431e2356de341a6558cd6efc86a51210d Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 15 Oct 2024 20:13:57 +0300 Subject: [PATCH 014/279] Refactor deploy control plane script to download and install Terraform from a specific URL --- .../sap_deployer/templates/configure_deployer.sh.tmpl | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl b/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl index 7b07c1aa40..8b3ba33e58 100644 --- a/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl +++ b/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl @@ -456,10 +456,12 @@ else "$${tf_bin}" \ "$${tf_cache}" - wget -nv -O "/tmp/$${tf_zip}" "https://releases.hashicorp.com/terraform/$${tfversion}/$${tf_zip}" - sudo unzip -o "/tmp/$${tf_zip}" -d "$${tf_dir}" + wget -nv -O "/$${asad_home}/$${tf_zip}" "https://releases.hashicorp.com/terraform/$${tfversion}/$${tf_zip}" + sudo unzip -o "/$${asad_home}/$${tf_zip}" -d "$${tf_dir}" sudo ln -vfs "../$(basename "$${tf_dir}")/terraform" "$${tf_bin}/terraform" + sudo rm "/$${asad_home}/$${tf_zip}" + # Uninstall Azure CLI - For some platforms case "$(get_distro_name)" in (ubuntu|sles) From 038b892320ac41986086cf86559b812ccc10cd11 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 15 Oct 2024 21:46:41 +0300 Subject: [PATCH 015/279] Refactor deploy control plane script to include sourcing deploy_server.sh --- deploy/pipelines/01-deploy-control-plane.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index efaf7f67ae..c0061ce61b 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -620,6 +620,7 @@ stages: else if [ $USE_MSI != "true" ]; then + source /etc/profile.d/deploy_server.sh echo -e "$cyan--- Using SPN ---$reset" export ARM_CLIENT_ID=$CP_ARM_CLIENT_ID export ARM_CLIENT_SECRET=$CP_ARM_CLIENT_SECRET @@ -638,7 +639,6 @@ stages: else echo -e "$cyan--- Using MSI ---$reset" source /etc/profile.d/deploy_server.sh - cat /etc/profile.d/deploy_server.sh # export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID export ARM_USE_MSI=true export ARM_USE_AZUREAD=true From 1c598c6ace7a5068e467773021f84064d33e4f85 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 15 Oct 2024 22:05:21 +0300 Subject: [PATCH 016/279] Refactor deploy control plane script to include sourcing deploy_server.sh and fix indentation --- deploy/pipelines/01-deploy-control-plane.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index c0061ce61b..1c77bf2c6d 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -619,8 +619,10 @@ stages: az account set --subscription $ARM_SUBSCRIPTION_ID else + echo "Sourcing the deploy_server.sh" + source /etc/profile.d/deploy_server.sh if [ $USE_MSI != "true" ]; then - source /etc/profile.d/deploy_server.sh + echo -e "$cyan--- Using SPN ---$reset" export ARM_CLIENT_ID=$CP_ARM_CLIENT_ID export ARM_CLIENT_SECRET=$CP_ARM_CLIENT_SECRET From 07a97fd9827e484ce19f8eaa705bde4b859f7d24 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 15 Oct 2024 22:23:12 +0300 Subject: [PATCH 017/279] Refactor deploy control plane script to include printing environment variables --- deploy/pipelines/01-deploy-control-plane.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index 1c77bf2c6d..9488681062 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -621,6 +621,8 @@ stages: else echo "Sourcing the deploy_server.sh" source /etc/profile.d/deploy_server.sh + + printenv if [ $USE_MSI != "true" ]; then echo -e "$cyan--- Using SPN ---$reset" From 8f5f0db113355b0a848c126a272b47ab54b5d210 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 15 Oct 2024 22:39:28 +0300 Subject: [PATCH 018/279] Refactor deploy control plane script to include printing Terraform version --- deploy/pipelines/01-deploy-control-plane.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index 9488681062..63ba0d46ac 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -623,6 +623,7 @@ stages: source /etc/profile.d/deploy_server.sh printenv + terraform --version if [ $USE_MSI != "true" ]; then echo -e "$cyan--- Using SPN ---$reset" From 9e9e7980d1ca4f3987591a626353e92f07dd1289 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 15 Oct 2024 22:44:26 +0300 Subject: [PATCH 019/279] Refactor deploy control plane script to include printing environment variables and use specific Terraform installation path --- deploy/pipelines/01-deploy-control-plane.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index 63ba0d46ac..8bef1ff9e1 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -622,8 +622,8 @@ stages: echo "Sourcing the deploy_server.sh" source /etc/profile.d/deploy_server.sh - printenv - terraform --version + printenv | grep PATH + /opt/terraform/bin/terraform --version if [ $USE_MSI != "true" ]; then echo -e "$cyan--- Using SPN ---$reset" From 32928c7bc3fb148dcfdef1e329fae3abbfd903c2 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 15 Oct 2024 22:54:03 +0300 Subject: [PATCH 020/279] Refactor deploy control plane script to include sourcing deploy_server.sh and fix indentation --- deploy/pipelines/01-deploy-control-plane.yaml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index 8bef1ff9e1..353c60bd9b 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -620,10 +620,8 @@ stages: else echo "Sourcing the deploy_server.sh" - source /etc/profile.d/deploy_server.sh + . /etc/profile.d/deploy_server.sh - printenv | grep PATH - /opt/terraform/bin/terraform --version if [ $USE_MSI != "true" ]; then echo -e "$cyan--- Using SPN ---$reset" @@ -643,7 +641,7 @@ stages: az account set --subscription $ARM_SUBSCRIPTION_ID else echo -e "$cyan--- Using MSI ---$reset" - source /etc/profile.d/deploy_server.sh + . /etc/profile.d/deploy_server.sh # export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID export ARM_USE_MSI=true export ARM_USE_AZUREAD=true From b44124bb3f54018a7183dd67085dd1790b65d29a Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 15 Oct 2024 22:59:59 +0300 Subject: [PATCH 021/279] Refactor deploy control plane script to include printing PATH variable --- deploy/pipelines/01-deploy-control-plane.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index 353c60bd9b..124eeb4dc5 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -622,6 +622,8 @@ stages: echo "Sourcing the deploy_server.sh" . /etc/profile.d/deploy_server.sh + echo $PATH + if [ $USE_MSI != "true" ]; then echo -e "$cyan--- Using SPN ---$reset" @@ -641,7 +643,6 @@ stages: az account set --subscription $ARM_SUBSCRIPTION_ID else echo -e "$cyan--- Using MSI ---$reset" - . /etc/profile.d/deploy_server.sh # export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID export ARM_USE_MSI=true export ARM_USE_AZUREAD=true From 64e65f9e960ae364b56a543a7e4f7c9a39197300 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 15 Oct 2024 23:07:04 +0300 Subject: [PATCH 022/279] Refactor deploy control plane script to include printing Terraform version --- deploy/pipelines/01-deploy-control-plane.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index 124eeb4dc5..151ecb310b 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -624,6 +624,8 @@ stages: echo $PATH + terraform --version + if [ $USE_MSI != "true" ]; then echo -e "$cyan--- Using SPN ---$reset" From b6111db6bb96cee9a86fac87b5a22a166c26a2d9 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 15 Oct 2024 23:15:10 +0300 Subject: [PATCH 023/279] Refactor deploy control plane script to use specific Terraform installation path --- deploy/pipelines/01-deploy-control-plane.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index 151ecb310b..ad3516d49a 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -624,7 +624,7 @@ stages: echo $PATH - terraform --version + /opt/terraform/bin/terraform --version if [ $USE_MSI != "true" ]; then From c22f835a1d8396e4a3031e133bc57fb4f32cc321 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 15 Oct 2024 23:30:13 +0300 Subject: [PATCH 024/279] Refactor deploy control plane script to include printing specific Terraform version and PATH variable --- deploy/pipelines/01-deploy-control-plane.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index ad3516d49a..121b083d81 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -624,7 +624,8 @@ stages: echo $PATH - /opt/terraform/bin/terraform --version + sudo /opt/terraform/bin/terraform --version + sudo /opt/terraform/terraform_1.9.5/terraform --version if [ $USE_MSI != "true" ]; then From 79de0aa3519e6788bdbe9df6229c1d331c3e2f31 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 15 Oct 2024 23:36:52 +0300 Subject: [PATCH 025/279] Refactor deploy control plane script to include sourcing deploy_server.sh and fix indentation --- deploy/pipelines/01-deploy-control-plane.yaml | 5 ----- deploy/scripts/deploy_controlplane.sh | 5 +++++ 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index 121b083d81..5718d49f35 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -622,11 +622,6 @@ stages: echo "Sourcing the deploy_server.sh" . /etc/profile.d/deploy_server.sh - echo $PATH - - sudo /opt/terraform/bin/terraform --version - sudo /opt/terraform/terraform_1.9.5/terraform --version - if [ $USE_MSI != "true" ]; then echo -e "$cyan--- Using SPN ---$reset" diff --git a/deploy/scripts/deploy_controlplane.sh b/deploy/scripts/deploy_controlplane.sh index 610c592e5b..6e8b65e4db 100755 --- a/deploy/scripts/deploy_controlplane.sh +++ b/deploy/scripts/deploy_controlplane.sh @@ -36,6 +36,11 @@ source "${script_directory}/deploy_utils.sh" #helper files source "${script_directory}/helpers/script_helpers.sh" +if [[ -f /etc/profile.d/deploy_server.sh ]]; then + . /etc/profile.d/deploy_server.sh +fi + + force=0 recover=0 ado_flag="" From f2e478294b3467d04e97502d6570e5d1438f274b Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 15 Oct 2024 23:46:08 +0300 Subject: [PATCH 026/279] Refactor deploy control plane script to include specific Terraform installation path and print Terraform version and PATH variable --- deploy/scripts/helpers/script_helpers.sh | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/deploy/scripts/helpers/script_helpers.sh b/deploy/scripts/helpers/script_helpers.sh index b179bf67db..fcbeec821f 100755 --- a/deploy/scripts/helpers/script_helpers.sh +++ b/deploy/scripts/helpers/script_helpers.sh @@ -380,8 +380,15 @@ function missing { function validate_dependencies { + sudo chown -R $USER:$USER /opt/terraform + tf_path="terraform" + + if [ -f /opt/terraform/bin/terraform ]; then + tf_path="/opt/terraform/bin/terraform" + fi + # Check terraform - tf=$(terraform -version | grep Terraform) + tf=$("${tf_path}" -version | grep Terraform) if [ -z "$tf" ]; then echo "" echo "#########################################################################################" @@ -397,7 +404,6 @@ function validate_dependencies { then mkdir -p /opt/terraform/.terraform.d/plugin-cache fi - sudo chown -R $USER:$USER /opt/terraform export TF_PLUGIN_CACHE_DIR=/opt/terraform/.terraform.d/plugin-cache From d57e013f729da4429c4c1465b4bacdbd16f6cf4f Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 15 Oct 2024 23:46:11 +0300 Subject: [PATCH 027/279] TF --- .../modules/sap_deployer/templates/configure_deployer.sh.tmpl | 1 + 1 file changed, 1 insertion(+) diff --git a/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl b/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl index 8b3ba33e58..f21e162555 100644 --- a/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl +++ b/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl @@ -459,6 +459,7 @@ else wget -nv -O "/$${asad_home}/$${tf_zip}" "https://releases.hashicorp.com/terraform/$${tfversion}/$${tf_zip}" sudo unzip -o "/$${asad_home}/$${tf_zip}" -d "$${tf_dir}" sudo ln -vfs "../$(basename "$${tf_dir}")/terraform" "$${tf_bin}/terraform" + sudo chmod 755 "$${tf_bin}/terraform" sudo rm "/$${asad_home}/$${tf_zip}" From d6ec2aba13e969668e0e8d36370a6101022db5dd Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 15 Oct 2024 23:51:29 +0300 Subject: [PATCH 028/279] Refactor deploy control plane script to include specific Terraform installation path and print Terraform version and PATH variable --- deploy/pipelines/01-deploy-control-plane.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index 5718d49f35..adb693ec75 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -620,7 +620,7 @@ stages: else echo "Sourcing the deploy_server.sh" - . /etc/profile.d/deploy_server.sh + . /etc/profile.d/deploy_server.sh ; terraform --version if [ $USE_MSI != "true" ]; then From 0394254ea9cec8450bc9ee01ff3ad4bc2bd465e4 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 15 Oct 2024 23:56:28 +0300 Subject: [PATCH 029/279] Refactor deploy control plane script to include specific Terraform installation path and print Terraform version and PATH variable --- deploy/pipelines/01-deploy-control-plane.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index adb693ec75..2464a5e5d2 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -620,7 +620,7 @@ stages: else echo "Sourcing the deploy_server.sh" - . /etc/profile.d/deploy_server.sh ; terraform --version + . /etc/profile.d/deploy_server.sh ; /opt/bin/terraform/terraform --version if [ $USE_MSI != "true" ]; then From 850d5f0e008843fbe5c01b4061dc5854b3665104 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Wed, 16 Oct 2024 00:04:30 +0300 Subject: [PATCH 030/279] Refactor deploy control plane script to include Terraform version check --- deploy/pipelines/01-deploy-control-plane.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index 2464a5e5d2..05b32b2399 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -438,6 +438,10 @@ stages: echo "Azure CLI version:" echo "-------------------------------------------------" az --version + echo "" + echo "Terraform version:" + echo "-------------------------------------------------" + terraform --version echo -e "$green--- Checkout $(Build.SourceBranchName) ---$reset" cd $CONFIG_REPO_PATH git checkout -q $(Build.SourceBranchName) From c8ae3ebdab8eabb822fe59d0e3c431871d19a138 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Wed, 16 Oct 2024 00:07:13 +0300 Subject: [PATCH 031/279] Refactor deploy control plane script to include specific Terraform installation path and print Terraform version and PATH variable --- .../templates/configure_deployer.sh.tmpl | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl b/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl index f21e162555..6c568bea8b 100644 --- a/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl +++ b/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl @@ -483,6 +483,38 @@ else ;; esac + # Install Terraform + case "$(get_distro_name)" in + (ubuntu) + # echo "Getting the Key" + sudo wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg + + sudo echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list + sudo apt update + sudo apt install terraform + ;; + (sles) + set +o errexit + if [ -f /home/"$${local_user}"/repos_configured ]; then + sudo zypper install -y --from azure-cli azure-cli + else + sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc + repo_found=$(zypper repos | grep "Azure CLI") + if [ -z "$${repo_found}" ]; then + sudo zypper addrepo --name 'Azure CLI' --check https://packages.microsoft.com/yumrepos/azure-cli azure-cli + fi + sudo touch /home/$${local_user}/repos_configured + sudo zypper install -y --from azure-cli azure-cli + fi + set -o errexit + ;; + (rhel*) + sudo yum install -y yum-utils + sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo + sudo yum -y install terraform + ;; + esac + # Install Azure CLI case "$(get_distro_name)" in (ubuntu) From ca3437a7681008d652aa813ae9121291935da992 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Wed, 16 Oct 2024 00:56:44 +0300 Subject: [PATCH 032/279] Refactor deploy control plane script to include specific Terraform installation path and print Terraform version and PATH variable --- .../sap_deployer/templates/configure_deployer.sh.tmpl | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl b/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl index 6c568bea8b..6e2bdc9991 100644 --- a/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl +++ b/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl @@ -486,12 +486,16 @@ else # Install Terraform case "$(get_distro_name)" in (ubuntu) + # GPG is required for the package signing key + sudo apt install gpg + # echo "Getting the Key" sudo wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg sudo echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list - sudo apt update - sudo apt install terraform + sudo chmod 644 /usr/share/keyrings/hashicorp-archive-keyring.gpg + sudo apt-get update + sudo apt-get install terraform -y ;; (sles) set +o errexit From b6b68f3bc8aa2a954cc09bfca0c5c4a186b23c19 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Wed, 16 Oct 2024 11:14:13 +0300 Subject: [PATCH 033/279] Refactor deploy control plane script to include environment variables for Azure credentials --- deploy/pipelines/01-deploy-control-plane.yaml | 4 ++++ deploy/scripts/deploy_controlplane.sh | 7 ++++--- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index 05b32b2399..20d6f497bf 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -612,6 +612,10 @@ stages: az extension add --name storage-blob-preview >/dev/null echo -e "$green--- az login ---$reset" + export ARM_CLIENT_ID=$CP_ARM_CLIENT_ID + export ARM_CLIENT_SECRET=$CP_ARM_CLIENT_SECRET + export ARM_TENANT_ID=$CP_ARM_TENANT_ID + export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID az login --service-principal --username $ARM_CLIENT_ID --password=$ARM_CLIENT_SECRET --tenant $ARM_TENANT_ID --output none return_code=$? if [ 0 != $return_code ]; then diff --git a/deploy/scripts/deploy_controlplane.sh b/deploy/scripts/deploy_controlplane.sh index 6e8b65e4db..724a4edbfc 100755 --- a/deploy/scripts/deploy_controlplane.sh +++ b/deploy/scripts/deploy_controlplane.sh @@ -30,15 +30,16 @@ resetformatting="\e[0m" full_script_path="$(realpath "${BASH_SOURCE[0]}")" script_directory="$(dirname "${full_script_path}")" +if [[ -f /etc/profile.d/deploy_server.sh ]]; then + . /etc/profile.d/deploy_server.sh +fi + #call stack has full scriptname when using source source "${script_directory}/deploy_utils.sh" #helper files source "${script_directory}/helpers/script_helpers.sh" -if [[ -f /etc/profile.d/deploy_server.sh ]]; then - . /etc/profile.d/deploy_server.sh -fi force=0 From 4ba19b92f0e7e0741a3db65db1a3baf76499cb19 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Wed, 16 Oct 2024 11:19:36 +0300 Subject: [PATCH 034/279] Refactor deploy control plane script to include ARM_USE_MSI environment variable --- deploy/scripts/deploy_controlplane.sh | 1 + deploy/scripts/helpers/script_helpers.sh | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/deploy/scripts/deploy_controlplane.sh b/deploy/scripts/deploy_controlplane.sh index 724a4edbfc..75e67c9d27 100755 --- a/deploy/scripts/deploy_controlplane.sh +++ b/deploy/scripts/deploy_controlplane.sh @@ -246,6 +246,7 @@ if [ 0 = "${deploy_using_msi_only:-}" ]; then set_executing_user_environment_variables "${spn_secret}" else echo "Using Managed Identity for deployment" + export ARM_USE_MSI=true set_executing_user_environment_variables "none" fi diff --git a/deploy/scripts/helpers/script_helpers.sh b/deploy/scripts/helpers/script_helpers.sh index fcbeec821f..d745d5801c 100755 --- a/deploy/scripts/helpers/script_helpers.sh +++ b/deploy/scripts/helpers/script_helpers.sh @@ -380,7 +380,7 @@ function missing { function validate_dependencies { - sudo chown -R $USER:$USER /opt/terraform + sudo chown -R $USER /opt/terraform tf_path="terraform" if [ -f /opt/terraform/bin/terraform ]; then From 42cedaa7f4ba23ec6bf2e33121313df2336a0f32 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Wed, 16 Oct 2024 11:39:09 +0300 Subject: [PATCH 035/279] Refactor deploy control plane script to remove Terraform installation and Azure CLI installation --- .../templates/configure_deployer.sh.tmpl | 36 ------------------- 1 file changed, 36 deletions(-) diff --git a/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl b/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl index 6e2bdc9991..f21e162555 100644 --- a/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl +++ b/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl @@ -483,42 +483,6 @@ else ;; esac - # Install Terraform - case "$(get_distro_name)" in - (ubuntu) - # GPG is required for the package signing key - sudo apt install gpg - - # echo "Getting the Key" - sudo wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg - - sudo echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list - sudo chmod 644 /usr/share/keyrings/hashicorp-archive-keyring.gpg - sudo apt-get update - sudo apt-get install terraform -y - ;; - (sles) - set +o errexit - if [ -f /home/"$${local_user}"/repos_configured ]; then - sudo zypper install -y --from azure-cli azure-cli - else - sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc - repo_found=$(zypper repos | grep "Azure CLI") - if [ -z "$${repo_found}" ]; then - sudo zypper addrepo --name 'Azure CLI' --check https://packages.microsoft.com/yumrepos/azure-cli azure-cli - fi - sudo touch /home/$${local_user}/repos_configured - sudo zypper install -y --from azure-cli azure-cli - fi - set -o errexit - ;; - (rhel*) - sudo yum install -y yum-utils - sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo - sudo yum -y install terraform - ;; - esac - # Install Azure CLI case "$(get_distro_name)" in (ubuntu) From 03d1b398008d77ff74356072c9e8660d9a395881 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Wed, 16 Oct 2024 13:24:36 +0300 Subject: [PATCH 036/279] Refactor deploy control plane script to remove unnecessary Terraform installation and Azure CLI installation --- deploy/scripts/helpers/script_helpers.sh | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/deploy/scripts/helpers/script_helpers.sh b/deploy/scripts/helpers/script_helpers.sh index d745d5801c..011d91f058 100755 --- a/deploy/scripts/helpers/script_helpers.sh +++ b/deploy/scripts/helpers/script_helpers.sh @@ -381,14 +381,12 @@ function missing { function validate_dependencies { sudo chown -R $USER /opt/terraform - tf_path="terraform" - - if [ -f /opt/terraform/bin/terraform ]; then - tf_path="/opt/terraform/bin/terraform" + if [[ -f /etc/profile.d/deploy_server.sh ]]; then + . /etc/profile.d/deploy_server.sh fi # Check terraform - tf=$("${tf_path}" -version | grep Terraform) + tf=$(terraform --version | grep Terraform) if [ -z "$tf" ]; then echo "" echo "#########################################################################################" From f4049d050c03d33fbde0c7be2e3ea9240a82197d Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Wed, 16 Oct 2024 13:43:20 +0300 Subject: [PATCH 037/279] Refactor deploy control plane script to include sourcing deploy_server.sh and fixing Terraform ownership --- deploy/scripts/helpers/script_helpers.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/deploy/scripts/helpers/script_helpers.sh b/deploy/scripts/helpers/script_helpers.sh index 011d91f058..40be9f124d 100755 --- a/deploy/scripts/helpers/script_helpers.sh +++ b/deploy/scripts/helpers/script_helpers.sh @@ -5,6 +5,11 @@ boldred="\e[1;31m" cyan="\e[1;36m" resetformatting="\e[0m" +if [[ -f /etc/profile.d/deploy_server.sh ]]; then +. /etc/profile.d/deploy_server.sh +fi + + function control_plane_showhelp { echo "" echo "#################################################################################################################" @@ -381,9 +386,6 @@ function missing { function validate_dependencies { sudo chown -R $USER /opt/terraform - if [[ -f /etc/profile.d/deploy_server.sh ]]; then - . /etc/profile.d/deploy_server.sh - fi # Check terraform tf=$(terraform --version | grep Terraform) From df3743ef938e29ccc6fc155381de1d8450f92505 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Wed, 16 Oct 2024 13:50:14 +0300 Subject: [PATCH 038/279] Refactor deploy control plane script to include sourcing deploy_server.sh and fixing Terraform ownership --- .../modules/sap_deployer/templates/configure_deployer.sh.tmpl | 3 +++ 1 file changed, 3 insertions(+) diff --git a/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl b/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl index f21e162555..b5f14076e9 100644 --- a/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl +++ b/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl @@ -271,6 +271,8 @@ export AZADHOME="/home/$${local_user}" if [ -f /etc/profile.d/deploy_server.sh ] ; then echo echo ##vso[task.logissue type=warning]Deployer already configured + sudo chmod 775 /etc/profile.d/deploy_server.sh +fi exit 0 else @@ -824,4 +826,5 @@ else echo "export CONFIG_REPO_PATH='$${AZADHOME}/Azure_SAP_Automated_Deployment/WORKSPACES'" | sudo tee -a /etc/profile.d/deploy_server.sh fi fi + sudo chmod 775 /etc/profile.d/deploy_server.sh fi From 67d629099d801d910231f01e9fb0da7662fe6eb8 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Wed, 16 Oct 2024 14:09:37 +0300 Subject: [PATCH 039/279] Refactor deploy control plane script to include azurerm_role_assignment for deployer and storage_sapbits_contributor --- .../modules/sap_deployer/infrastructure.tf | 9 +++++++++ .../modules/sap_library/storage_accounts.tf | 4 ++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/deploy/terraform/terraform-units/modules/sap_deployer/infrastructure.tf b/deploy/terraform/terraform-units/modules/sap_deployer/infrastructure.tf index e27d70688a..beb285d8d3 100644 --- a/deploy/terraform/terraform-units/modules/sap_deployer/infrastructure.tf +++ b/deploy/terraform/terraform-units/modules/sap_deployer/infrastructure.tf @@ -106,6 +106,15 @@ data "azurerm_storage_account" "deployer" { } +resource "azurerm_role_assignment" "deployer" { + provider = azurerm.main + count = length(var.deployer.deployer_diagnostics_account_arm_id) > 0 ? 0 : 1 + scope = length(var.deployer.deployer_diagnostics_account_arm_id) > 0 ? var.deployer.deployer_diagnostics_account_arm_id : azurerm_storage_account.deployer[0].id + role_definition_name = "Storage Blob Data Contributor" + principal_id = azurerm_linux_virtual_machine.deployer[count.index].identity[0].principal_id +} + + resource "azurerm_role_assignment" "resource_group_contributor" { provider = azurerm.main count = var.assign_subscription_permissions && var.deployer.add_system_assigned_identity ? var.deployer_vm_count : 0 diff --git a/deploy/terraform/terraform-units/modules/sap_library/storage_accounts.tf b/deploy/terraform/terraform-units/modules/sap_library/storage_accounts.tf index 0f87cbcaa8..44349cb1c4 100644 --- a/deploy/terraform/terraform-units/modules/sap_library/storage_accounts.tf +++ b/deploy/terraform/terraform-units/modules/sap_library/storage_accounts.tf @@ -476,7 +476,7 @@ resource "azurerm_role_assignment" "storage_sapbits_contributor" { provider = azurerm.main count = try(var.deployer_tfstate.deployer_uai.principal_id, "") != "" ? 1 : 0 scope = local.sa_sapbits_exists ? var.storage_account_sapbits.arm_id : azurerm_storage_account.storage_sapbits[0].id - role_definition_name = "Storage Account Contributor" + role_definition_name = "Storage Blob Data Contributor" principal_id = var.deployer_tfstate.deployer_uai.principal_id } @@ -484,7 +484,7 @@ resource "azurerm_role_assignment" "storage_sapbits_contributor_ssi" { provider = azurerm.main count = try(var.deployer_tfstate.add_system_assigned_identity, false) ? length(var.deployer_tfstate.deployer_system_assigned_identity) : 0 scope = local.sa_sapbits_exists ? var.storage_account_sapbits.arm_id : azurerm_storage_account.storage_sapbits[0].id - role_definition_name = "Storage Account Contributor" + role_definition_name = "Storage Blob Data Contributor" principal_id = var.deployer_tfstate.deployer_system_assigned_identity[count.index] } From ad3e3008b8b80d24652ab4e653a6c333fd033f48 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Wed, 16 Oct 2024 15:30:12 +0300 Subject: [PATCH 040/279] Refactor deploy control plane script to remove unnecessary Terraform installation and Azure CLI installation --- deploy/scripts/deploy_utils.sh | 8 +++++++- .../sap_deployer/templates/configure_deployer.sh.tmpl | 5 +++-- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/deploy/scripts/deploy_utils.sh b/deploy/scripts/deploy_utils.sh index 42e2753ad0..06a5dd2a17 100755 --- a/deploy/scripts/deploy_utils.sh +++ b/deploy/scripts/deploy_utils.sh @@ -1,6 +1,12 @@ #!/bin/bash -export PATH=${PATH}:/opt/terraform/bin:/opt/ansible/bin +if [ -d /opt/terraform/bin ]; then + export PATH=${PATH}:/opt/terraform/bin +fi + +if [ -d /opt/ansible/bin ]; then + export PATH=${PATH}:/opt/ansible/bin +fi ######################################################################### # Helper utilities diff --git a/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl b/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl index b5f14076e9..ccaa64ec1a 100644 --- a/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl +++ b/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl @@ -272,7 +272,6 @@ if [ -f /etc/profile.d/deploy_server.sh ] ; then echo echo ##vso[task.logissue type=warning]Deployer already configured sudo chmod 775 /etc/profile.d/deploy_server.sh -fi exit 0 else @@ -797,6 +796,7 @@ else sudo touch "$${agent_home}/agent_configured" echo export "PATH=$${ansible_bin}:$${tf_bin}:"'$${PATH}'::"$${DOTNET_ROOT}" | sudo tee -a /etc/profile.d/deploy_server.sh + sudo chmod 775 /etc/profile.d/deploy_server.sh # Install dotNet case "$(get_distro_name)" in (ubuntu) @@ -820,11 +820,12 @@ else else echo "NO TOKEN specified" echo export "PATH=$${ansible_bin}:$${tf_bin}:"'$${PATH}'::"$${DOTNET_ROOT}":'$${AZADHOME}/Azure_SAP_Automated_Deployment/sap-automation/deploy/scripts' | sudo tee -a /etc/profile.d/deploy_server.sh + sudo chmod 775 /etc/profile.d/deploy_server.sh echo "export SAP_AUTOMATION_REPO_PATH='$${AZADHOME}/Azure_SAP_Automated_Deployment/sap-automation'" | sudo tee -a /etc/profile.d/deploy_server.sh echo "export DEPLOYMENT_REPO_PATH='$${AZADHOME}/Azure_SAP_Automated_Deployment/sap-automation'" | sudo tee -a /etc/profile.d/deploy_server.sh echo "export CONFIG_REPO_PATH='$${AZADHOME}/Azure_SAP_Automated_Deployment/WORKSPACES'" | sudo tee -a /etc/profile.d/deploy_server.sh fi fi - sudo chmod 775 /etc/profile.d/deploy_server.sh + fi From 69a4ceec2e510e2d02de91fc51f907d57a83b93c Mon Sep 17 00:00:00 2001 From: hdamecharla Date: Wed, 16 Oct 2024 18:03:44 +0530 Subject: [PATCH 041/279] Refactor deploy control plane script to include sourcing deploy_server.sh and fixing Terraform ownership --- deploy/scripts/advanced_state_management.sh | 16 ++- deploy/scripts/deploy_controlplane.sh | 2 +- deploy/scripts/helpers/script_helpers.sh | 27 ++++- deploy/scripts/install_library.sh | 14 ++- deploy/scripts/install_workloadzone.sh | 14 ++- deploy/scripts/installer.sh | 15 ++- deploy/scripts/remover.sh | 13 ++- deploy/scripts/validate.sh | 117 ++++++++++---------- 8 files changed, 135 insertions(+), 83 deletions(-) diff --git a/deploy/scripts/advanced_state_management.sh b/deploy/scripts/advanced_state_management.sh index 16dd4d1d8b..fb6f789989 100755 --- a/deploy/scripts/advanced_state_management.sh +++ b/deploy/scripts/advanced_state_management.sh @@ -196,14 +196,20 @@ automation_config_directory=$CONFIG_REPO_PATH/.sap_deployment_automation/ system_config_information="${automation_config_directory}""${environment}""${region_code}" #Plugins -if [ ! -d /opt/terraform/.terraform.d/plugin-cache ] -then +isInCloudShellCheck=$(checkIfCloudShell) + +if [[ (($isInCloudShellCheck == 0)) ]]; then + mkdir -p "${HOME}/.terraform.d/plugin-cache" + export TF_PLUGIN_CACHE_DIR="${HOME}/.terraform.d/plugin-cache" +else + if [ ! -d /opt/terraform/.terraform.d/plugin-cache ]; then mkdir -p /opt/terraform/.terraform.d/plugin-cache + sudo chown -R $USER /opt/terraform + fi + export TF_PLUGIN_CACHE_DIR=/opt/terraform/.terraform.d/plugin-cache fi -sudo chown -R $USER:$USER /opt/terraform - -export TF_PLUGIN_CACHE_DIR=/opt/terraform/.terraform.d/plugin-cache +# export TF_PLUGIN_CACHE_DIR=/opt/terraform/.terraform.d/plugin-cache set_executing_user_environment_variables "none" diff --git a/deploy/scripts/deploy_controlplane.sh b/deploy/scripts/deploy_controlplane.sh index 75e67c9d27..ffd28f54f3 100755 --- a/deploy/scripts/deploy_controlplane.sh +++ b/deploy/scripts/deploy_controlplane.sh @@ -31,7 +31,7 @@ full_script_path="$(realpath "${BASH_SOURCE[0]}")" script_directory="$(dirname "${full_script_path}")" if [[ -f /etc/profile.d/deploy_server.sh ]]; then - . /etc/profile.d/deploy_server.sh + . /etc/profile.d/deploy_server.sh fi #call stack has full scriptname when using source diff --git a/deploy/scripts/helpers/script_helpers.sh b/deploy/scripts/helpers/script_helpers.sh index 40be9f124d..5b4924508d 100755 --- a/deploy/scripts/helpers/script_helpers.sh +++ b/deploy/scripts/helpers/script_helpers.sh @@ -5,6 +5,12 @@ boldred="\e[1;31m" cyan="\e[1;36m" resetformatting="\e[0m" +full_script_path="$(realpath "${BASH_SOURCE[0]}")" +script_directory="$(dirname "${full_script_path}")" + +#call stack has full scriptname when using source +source "../deploy_utils.sh" + if [[ -f /etc/profile.d/deploy_server.sh ]]; then . /etc/profile.d/deploy_server.sh fi @@ -385,7 +391,10 @@ function missing { function validate_dependencies { - sudo chown -R $USER /opt/terraform + # if /opt/terraform exists, assign permissions to the user + if [ -d /opt/terraform ]; then + sudo chown -R $USER /opt/terraform + fi # Check terraform tf=$(terraform --version | grep Terraform) @@ -399,12 +408,20 @@ function validate_dependencies { echo "" return 2 #No such file or directory fi - # Set Terraform Plug in cache - if [ ! -d /opt/terraform/.terraform.d/plugin-cache ] - then + + isInCloudShellCheck=$(checkIfCloudShell) + + if [[ (($isInCloudShellCheck == 0)) ]]; then + mkdir -p "${HOME}/.terraform.d/plugin-cache" + export TF_PLUGIN_CACHE_DIR="${HOME}/.terraform.d/plugin-cache" + else + if [ ! -d /opt/terraform/.terraform.d/plugin-cache ]; then mkdir -p /opt/terraform/.terraform.d/plugin-cache + fi + export TF_PLUGIN_CACHE_DIR=/opt/terraform/.terraform.d/plugin-cache fi - export TF_PLUGIN_CACHE_DIR=/opt/terraform/.terraform.d/plugin-cache + # Set Terraform Plug in cache + az --version >stdout.az 2>&1 diff --git a/deploy/scripts/install_library.sh b/deploy/scripts/install_library.sh index 3a6259d733..d2cfe51333 100755 --- a/deploy/scripts/install_library.sh +++ b/deploy/scripts/install_library.sh @@ -165,12 +165,18 @@ generic_config_information="${automation_config_directory}"config library_config_information="${automation_config_directory}""${environment}""${region_code}" #Plugins -if [ ! -d /opt/terraform/.terraform.d/plugin-cache ] -then +isInCloudShellCheck=$(checkIfCloudShell) + +if [[ (($isInCloudShellCheck == 0)) ]]; then + mkdir -p "${HOME}/.terraform.d/plugin-cache" + export TF_PLUGIN_CACHE_DIR="${HOME}/.terraform.d/plugin-cache" +else + if [ ! -d /opt/terraform/.terraform.d/plugin-cache ]; then mkdir -p /opt/terraform/.terraform.d/plugin-cache + sudo chown -R "$USER" /opt/terraform + fi + export TF_PLUGIN_CACHE_DIR=/opt/terraform/.terraform.d/plugin-cache fi -sudo chown -R $USER:$USER /opt/terraform -export TF_PLUGIN_CACHE_DIR=/opt/terraform/.terraform.d/plugin-cache param_dirname=$(pwd) diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index e2e9c9a6b9..20d0cc3fab 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -567,12 +567,18 @@ ok_to_proceed=false new_deployment=false #Plugins -if [ ! -d /opt/terraform/.terraform.d/plugin-cache ] -then +isInCloudShellCheck=$(checkIfCloudShell) + +if [[ (($isInCloudShellCheck == 0)) ]]; then + mkdir -p "${HOME}/.terraform.d/plugin-cache" + export TF_PLUGIN_CACHE_DIR="${HOME}/.terraform.d/plugin-cache" +else + if [ ! -d /opt/terraform/.terraform.d/plugin-cache ]; then mkdir -p /opt/terraform/.terraform.d/plugin-cache + sudo chown -R "$USER" /opt/terraform + fi + export TF_PLUGIN_CACHE_DIR=/opt/terraform/.terraform.d/plugin-cache fi -sudo chown -R $USER:$USER /opt/terraform -export TF_PLUGIN_CACHE_DIR=/opt/terraform/.terraform.d/plugin-cache root_dirname=$(pwd) diff --git a/deploy/scripts/installer.sh b/deploy/scripts/installer.sh index 95be504f6f..8fac020b0c 100755 --- a/deploy/scripts/installer.sh +++ b/deploy/scripts/installer.sh @@ -165,13 +165,18 @@ fi #Plugins -if [ ! -d /opt/terraform/.terraform.d/plugin-cache ] -then +isInCloudShellCheck=$(checkIfCloudShell) + +if [[ (($isInCloudShellCheck == 0)) ]]; then + mkdir -p "${HOME}/.terraform.d/plugin-cache" + export TF_PLUGIN_CACHE_DIR="${HOME}/.terraform.d/plugin-cache" +else + if [ ! -d /opt/terraform/.terraform.d/plugin-cache ]; then mkdir -p /opt/terraform/.terraform.d/plugin-cache + sudo chown -R "$USER" /opt/terraform + fi + export TF_PLUGIN_CACHE_DIR=/opt/terraform/.terraform.d/plugin-cache fi -sudo chown -R $USER:$USER /opt/terraform - -export TF_PLUGIN_CACHE_DIR=/opt/terraform/.terraform.d/plugin-cache parallelism=10 diff --git a/deploy/scripts/remover.sh b/deploy/scripts/remover.sh index 8dc14b1896..eaa71fb3c8 100755 --- a/deploy/scripts/remover.sh +++ b/deploy/scripts/remover.sh @@ -225,11 +225,18 @@ echo "Deployment region code: $region_code" key=$(echo "${parameterfile_name}" | cut -d. -f1) #Plugins -if [ ! -d /opt/terraform/.terraform.d/plugin-cache ] -then +isInCloudShellCheck=$(checkIfCloudShell) + +if [[ (($isInCloudShellCheck == 0)) ]]; then + mkdir -p "${HOME}/.terraform.d/plugin-cache" + export TF_PLUGIN_CACHE_DIR="${HOME}/.terraform.d/plugin-cache" +else + if [ ! -d /opt/terraform/.terraform.d/plugin-cache ]; then mkdir -p /opt/terraform/.terraform.d/plugin-cache + sudo chown -R "$USER" /opt/terraform + fi + export TF_PLUGIN_CACHE_DIR=/opt/terraform/.terraform.d/plugin-cache fi -export TF_PLUGIN_CACHE_DIR=/opt/terraform/.terraform.d/plugin-cache init "${automation_config_directory}" "${generic_config_information}" "${system_config_information}" diff --git a/deploy/scripts/validate.sh b/deploy/scripts/validate.sh index 433f7c17db..f2f9e02d5f 100755 --- a/deploy/scripts/validate.sh +++ b/deploy/scripts/validate.sh @@ -9,6 +9,11 @@ boldreduscore="\e[1;4;31m" boldred="\e[1;31m" cyan="\e[1;36m" resetformatting="\e[0m" +full_script_path="$(realpath "${BASH_SOURCE[0]}")" +script_directory="$(dirname "${full_script_path}")" + +#call stack has full scriptname when using source +source "${script_directory}/deploy_utils.sh" min() { printf "%s\n" "${@:2}" | sort "$1" | head -n1 @@ -26,7 +31,7 @@ heading() { echo "----------------------------------------------------------------------------" } -showhelp() +showhelp() { echo "" echo "#########################################################################################" @@ -132,7 +137,7 @@ else fi ############################################################################### -# SAP System # +# SAP System # ############################################################################### if [ "${deployment_system}" == sap_system ] ; then @@ -167,7 +172,7 @@ if [ "${deployment_system}" == sap_system ] ; then # subnet identifier and output prefix string changing. As such # they can be converted into a parameterised function call. - # Admin subnet + # Admin subnet subnet_name=$(jq --raw-output .infrastructure.vnets.sap.subnet_admin.name "${parameterfile}") subnet_arm_id=$(jq --raw-output .infrastructure.vnets.sap.subnet_admin.arm_id "${parameterfile}") @@ -176,7 +181,7 @@ if [ "${deployment_system}" == sap_system ] ; then then subnet_name=$(echo $subnet_arm_id | cut -d/ -f11 | xargs) fi - + subnet_nsg_name=$(jq --raw-output .infrastructure.vnets.sap.subnet_admin.nsg.name "${parameterfile}") subnet_nsg_arm_id=$(jq --raw-output .infrastructure.vnets.sap.subnet_admin.nsg.arm_id "${parameterfile}") @@ -205,9 +210,9 @@ if [ "${deployment_system}" == sap_system ] ; then else echo "Admin nsg: " "Defined by the workload/automation" fi - - # db subnet - + + # db subnet + subnet_name=$(jq --raw-output .infrastructure.vnets.sap.subnet_db.name "${parameterfile}") subnet_arm_id=$(jq --raw-output .infrastructure.vnets.sap.subnet_db.arm_id "${parameterfile}") subnet_prefix=$(jq --raw-output .infrastructure.vnets.sap.subnet_db.prefix "${parameterfile}") @@ -215,7 +220,7 @@ if [ "${deployment_system}" == sap_system ] ; then then subnet_name=$(echo $subnet_arm_id | cut -d/ -f11 | xargs) fi - + subnet_nsg_name=$(jq --raw-output .infrastructure.vnets.sap.subnet_db.nsg.name "${parameterfile}") subnet_nsg_arm_id=$(jq --raw-output .infrastructure.vnets.sap.subnet_db.nsg.arm_id "${parameterfile}") @@ -244,9 +249,9 @@ if [ "${deployment_system}" == sap_system ] ; then else echo "db nsg: " "Defined by the workload/automation" fi - - # app subnet - + + # app subnet + subnet_name=$(jq --raw-output .infrastructure.vnets.sap.subnet_app.name "${parameterfile}") subnet_arm_id=$(jq --raw-output .infrastructure.vnets.sap.subnet_app.arm_id "${parameterfile}") subnet_prefix=$(jq --raw-output .infrastructure.vnets.sap.subnet_app.prefix "${parameterfile}") @@ -265,7 +270,7 @@ if [ "${deployment_system}" == sap_system ] ; then if [ \( -n "${subnet_name}" \) -a \( "${subnet_name}" != "null" \) ] then echo "app subnet: " "${subnet_name}" - else + else echo "app subnet: " "Subnet defined by the workload/automation" fi @@ -282,9 +287,9 @@ if [ "${deployment_system}" == sap_system ] ; then else echo "app nsg: " "Defined by the workload/automation" fi - - # web subnet - + + # web subnet + subnet_name=$(jq --raw-output .infrastructure.vnets.sap.subnet_web.name "${parameterfile}") subnet_arm_id=$(jq --raw-output .infrastructure.vnets.sap.subnet_web.arm_id "${parameterfile}") subnet_prefix=$(jq --raw-output .infrastructure.vnets.sap.subnet_web.prefix "${parameterfile}") @@ -320,9 +325,9 @@ if [ "${deployment_system}" == sap_system ] ; then else echo "web nsg: " "Defined by the workload/automation" fi - + echo "" - + heading "Database tier" platform=$(jq --raw-output '.databases[0].platform' "${parameterfile}") echo "Platform: " "${platform}" @@ -357,7 +362,7 @@ if [ "${deployment_system}" == sap_system ] ; then version=$(jq --raw-output '.databases[0].os.version' "${parameterfile}") echo "Image version: " "${version}" fi - + if jq --exit-status '.databases[0].zones' "${parameterfile}" >/dev/null; then echo "Deployment: " "Zonal" zones=$(jq --compact-output '.databases[0].zones' "${parameterfile}") @@ -381,9 +386,9 @@ if [ "${deployment_system}" == sap_system ] ; then else echo "Authentication: " "key" fi - + echo - + heading "Application tier" if jq --exit-status '.application.authentication.type' "${parameterfile}" >/dev/null; then authentication=$(jq --raw-output '.application.authentication.type' "${parameterfile}") @@ -391,7 +396,7 @@ if [ "${deployment_system}" == sap_system ] ; then else echo "Authentication: " "key" fi - + echo "Application servers" if [ $app_zone_count -gt 1 ] ; then echo " Application avset: " "($app_zone_count) (name defined by automation)" @@ -426,7 +431,7 @@ if [ "${deployment_system}" == sap_system ] ; then else echo " Deployment: " "Regional" fi - + echo "Central Services" echo " SCS load balancer: " "(name defined by automation)" if [ $scs_zone_count -gt 1 ] ; then @@ -487,7 +492,7 @@ if [ "${deployment_system}" == sap_system ] ; then else echo " Deployment: " "Regional" fi - + echo "Web dispatcher" web_server_count=$(jq --raw-output .application.webdispatcher_count "${parameterfile}") echo " Web dispatcher lb: " "(name defined by automation)" @@ -497,7 +502,7 @@ if [ "${deployment_system}" == sap_system ] ; then echo " Web dispatcher avset: " "(name defined by automation)" fi echo " Number of servers: " "${web_server_count}" - + if jq --exit-status '.application.web_os' "${parameterfile}" >/dev/null; then if jq --exit-status '.application.web_os.source_image_id' "${parameterfile}" >/dev/null; then image=$(jq --raw-output .application.web_os.source_image_id "${parameterfile}") @@ -546,7 +551,7 @@ if [ "${deployment_system}" == sap_system ] ; then else echo " Deployment: " "Regional" fi - + echo "" heading "Key Vault" if jq --exit-status '.key_vault.kv_spn_id' "${parameterfile}" >/dev/null; then @@ -555,29 +560,29 @@ if [ "${deployment_system}" == sap_system ] ; then else echo " SPN Key Vault: " "Deployer keyvault" fi - + if jq --exit-status '.key_vault.kv_user_id' "${parameterfile}" >/dev/null; then kv=$(jq --raw-output .key_vault.kv_user_id "${parameterfile}") echo " User Key Vault: " "${kv}" else echo " User Key Vault: " "Workload keyvault" fi - + if jq --exit-status '.key_vault.kv_prvt_id' "${parameterfile}" >/dev/null; then kv=$(jq --raw-output .key_vault.kv_prvt_id "${parameterfile}") echo " Automation Key Vault: " "${kv}" else echo " Automation Key Vault: " "Workload keyvault" fi - + fi ############################################################################### -# SAP Landscape # +# SAP Landscape # ############################################################################### if [ "${deployment_system}" == sap_landscape ] ; then heading "Networking" - + vnet_name=$(jq --raw-output .infrastructure.vnets.sap.name "${parameterfile}") vnet_arm_id=$(jq --raw-output .infrastructure.vnets.sap.arm_id "${parameterfile}") vnet_address_space=$(jq --raw-output .infrastructure.vnets.sap.address_space "${parameterfile}") @@ -588,7 +593,7 @@ if [ "${deployment_system}" == sap_landscape ] ; then echo "VNet Logical name: " "${vnet_name}" echo "Address space: " "${vnet_address_space}" - # Admin subnet + # Admin subnet subnet_name=$(jq --raw-output .infrastructure.vnets.sap.subnet_admin.name "${parameterfile}") subnet_arm_id=$(jq --raw-output .infrastructure.vnets.sap.subnet_admin.arm_id "${parameterfile}") @@ -623,9 +628,9 @@ if [ "${deployment_system}" == sap_landscape ] ; then else echo "Admin nsg: " "Defined by the system/automation" fi - - # db subnet - + + # db subnet + subnet_name=$(jq --raw-output .infrastructure.vnets.sap.subnet_db.name "${parameterfile}") subnet_arm_id=$(jq --raw-output .infrastructure.vnets.sap.subnet_db.arm_id "${parameterfile}") subnet_prefix=$(jq --raw-output .infrastructure.vnets.sap.subnet_db.prefix "${parameterfile}") @@ -633,7 +638,7 @@ if [ "${deployment_system}" == sap_landscape ] ; then then subnet_name=$(echo $subnet_arm_id | cut -d/ -f11 | xargs) fi - + subnet_nsg_name=$(jq --raw-output .infrastructure.vnets.sap.subnet_db.nsg.name "${parameterfile}") subnet_nsg_arm_id=$(jq --raw-output .infrastructure.vnets.sap.subnet_db.nsg.arm_id "${parameterfile}") if [ -z "${subnet_nsg_arm_id}" ] @@ -659,9 +664,9 @@ if [ "${deployment_system}" == sap_landscape ] ; then else echo "db nsg: " "Defined by the system/automation" fi - - # app subnet - + + # app subnet + subnet_name=$(jq --raw-output .infrastructure.vnets.sap.subnet_app.name "${parameterfile}") subnet_arm_id=$(jq --raw-output .infrastructure.vnets.sap.subnet_app.arm_id "${parameterfile}") subnet_prefix=$(jq --raw-output .infrastructure.vnets.sap.subnet_app.prefix "${parameterfile}") @@ -695,9 +700,9 @@ if [ "${deployment_system}" == sap_landscape ] ; then else echo "app nsg: " "Defined by the system/automation" fi - - # web subnet - + + # web subnet + subnet_name=$(jq --raw-output .infrastructure.vnets.sap.subnet_web.name "${parameterfile}") subnet_arm_id=$(jq --raw-output .infrastructure.vnets.sap.subnet_web.arm_id "${parameterfile}") subnet_prefix=$(jq --raw-output .infrastructure.vnets.sap.subnet_web.prefix "${parameterfile}") @@ -716,7 +721,7 @@ if [ "${deployment_system}" == sap_landscape ] ; then if [ -z "${subnet_name}" ] then echo "web subnet: " "${subnet_name}" - else + else echo "web subnet: " "Subnet defined by the system/automation" fi if [ -z "${subnet_prefix}" ] @@ -731,8 +736,8 @@ if [ "${deployment_system}" == sap_landscape ] ; then else echo "web nsg: " "Defined by the system/automation" fi - - + + echo "" heading "Key Vault" if jq --exit-status '.key_vault.kv_spn_id' "${parameterfile}" >/dev/null; then @@ -741,14 +746,14 @@ if [ "${deployment_system}" == sap_landscape ] ; then else echo " SPN Key Vault: " "Deployer keyvault" fi - + if jq --exit-status '.key_vault.kv_user_id' "${parameterfile}" >/dev/null; then kv=$(jq --raw-output .key_vault.kv_user_id "${parameterfile}") echo " User Key Vault: " "${kv}" else echo " User Key Vault: " "Workload keyvault" fi - + if jq --exit-status '.key_vault.kv_prvt_id' "${parameterfile}" >/dev/null; then kv=$(jq --raw-output .key_vault.kv_prvt_id "${parameterfile}") echo " Automation Key Vault: " "${kv}" @@ -758,7 +763,7 @@ if [ "${deployment_system}" == sap_landscape ] ; then fi ############################################################################### -# SAP Library # +# SAP Library # ############################################################################### if [ "${deployment_system}" == sap_library ] ; then @@ -770,29 +775,29 @@ if [ "${deployment_system}" == sap_library ] ; then else echo " SPN Key Vault: " "Deployer keyvault" fi - + if jq --exit-status '.key_vault.kv_user_id' "${parameterfile}" >/dev/null; then kv=$(jq --raw-output .key_vault.kv_user_id "${parameterfile}") echo " User Key Vault: " "${kv}" else echo " User Key Vault: " "Library keyvault" fi - + if jq --exit-status '.key_vault.kv_prvt_id' "${parameterfile}" >/dev/null; then kv=$(jq --raw-output .key_vault.kv_prvt_id "${parameterfile}") echo " Automation Key Vault: " "${kv}" else echo " Automation Key Vault: " "Library keyvault" fi - + fi ############################################################################### -# SAP Deployer # +# SAP Deployer # ############################################################################### if [ "${deployment_system}" == sap_deployer ] ; then - heading "Networking" + heading "Networking" if jq --exit-status '.infrastructure.vnets.management' "${parameterfile}" >/dev/null; then if jq --exit-status '.infrastructure.vnets.management.arm_id' "${parameterfile}" >/dev/null; then arm_id=$(jq --raw-output .infrastructure.vnets.management.arm_id "${parameterfile}") @@ -812,23 +817,23 @@ if [ "${deployment_system}" == sap_deployer ] ; then else error "The Virtual network must be defined" fi - + echo "" - heading "Key Vault" + heading "Key Vault" if jq --exit-status '.key_vault.kv_spn_id' "${parameterfile}" >/dev/null; then kv=$(jq --raw-output .key_vault.kv_spn_id "${parameterfile}") echo " SPN Key Vault: " "${kv}" else echo " SPN Key Vault: " "Deployer keyvault" fi - + if jq --exit-status '.key_vault.kv_user_id' "${parameterfile}" >/dev/null; then kv=$(jq --raw-output .key_vault.kv_user_id "${parameterfile}") echo " User Key Vault: " "${kv}" else echo " User Key Vault: " "Deployer keyvault" fi - + if jq --exit-status '.key_vault.kv_prvt_id' "${parameterfile}" >/dev/null; then kv=$(jq --raw-output .key_vault.kv_prvt_id "${parameterfile}") echo " Automation Key Vault: " "${kv}" From df0df670327bb415b1adb170af3a72c9b7085c80 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Wed, 16 Oct 2024 16:07:45 +0300 Subject: [PATCH 042/279] Refactor deploy control plane script to include dynamic role assignment based on VM count --- .../terraform-units/modules/sap_deployer/infrastructure.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/terraform/terraform-units/modules/sap_deployer/infrastructure.tf b/deploy/terraform/terraform-units/modules/sap_deployer/infrastructure.tf index beb285d8d3..82e2c28764 100644 --- a/deploy/terraform/terraform-units/modules/sap_deployer/infrastructure.tf +++ b/deploy/terraform/terraform-units/modules/sap_deployer/infrastructure.tf @@ -108,7 +108,7 @@ data "azurerm_storage_account" "deployer" { resource "azurerm_role_assignment" "deployer" { provider = azurerm.main - count = length(var.deployer.deployer_diagnostics_account_arm_id) > 0 ? 0 : 1 + count = var.assign_subscription_permissions && var.deployer.add_system_assigned_identity ? var.deployer_vm_count : 0 scope = length(var.deployer.deployer_diagnostics_account_arm_id) > 0 ? var.deployer.deployer_diagnostics_account_arm_id : azurerm_storage_account.deployer[0].id role_definition_name = "Storage Blob Data Contributor" principal_id = azurerm_linux_virtual_machine.deployer[count.index].identity[0].principal_id From ff3e075f157ecf5ad991889d9d1e6951f0b6acc3 Mon Sep 17 00:00:00 2001 From: hdamecharla Date: Wed, 16 Oct 2024 18:42:41 +0530 Subject: [PATCH 043/279] Refactor deploy scripts to simplify checkIfCloudShell function --- deploy/scripts/advanced_state_management.sh | 2 +- deploy/scripts/deploy_utils.sh | 3 --- deploy/scripts/helpers/script_helpers.sh | 6 ++---- deploy/scripts/install_library.sh | 2 +- deploy/scripts/install_workloadzone.sh | 2 +- deploy/scripts/installer.sh | 2 +- deploy/scripts/remover.sh | 2 +- 7 files changed, 7 insertions(+), 12 deletions(-) diff --git a/deploy/scripts/advanced_state_management.sh b/deploy/scripts/advanced_state_management.sh index fb6f789989..b2c2198e90 100755 --- a/deploy/scripts/advanced_state_management.sh +++ b/deploy/scripts/advanced_state_management.sh @@ -198,7 +198,7 @@ system_config_information="${automation_config_directory}""${environment}""${reg #Plugins isInCloudShellCheck=$(checkIfCloudShell) -if [[ (($isInCloudShellCheck == 0)) ]]; then +if checkIfCloudShell; then mkdir -p "${HOME}/.terraform.d/plugin-cache" export TF_PLUGIN_CACHE_DIR="${HOME}/.terraform.d/plugin-cache" else diff --git a/deploy/scripts/deploy_utils.sh b/deploy/scripts/deploy_utils.sh index 06a5dd2a17..8dfeefb024 100755 --- a/deploy/scripts/deploy_utils.sh +++ b/deploy/scripts/deploy_utils.sh @@ -194,9 +194,6 @@ function checkIfCloudShell() { local isRunInCloudShell=1 # default value is false if [ "$POWERSHELL_DISTRIBUTION_CHANNEL" == "CloudShell" ]; then isRunInCloudShell=0 - echo "isRunInCloudShell: true" - else - echo "isRunInCloudShell: false" fi return $isRunInCloudShell diff --git a/deploy/scripts/helpers/script_helpers.sh b/deploy/scripts/helpers/script_helpers.sh index 5b4924508d..d5e2495691 100755 --- a/deploy/scripts/helpers/script_helpers.sh +++ b/deploy/scripts/helpers/script_helpers.sh @@ -9,7 +9,7 @@ full_script_path="$(realpath "${BASH_SOURCE[0]}")" script_directory="$(dirname "${full_script_path}")" #call stack has full scriptname when using source -source "../deploy_utils.sh" +source ../deploy_utils.sh if [[ -f /etc/profile.d/deploy_server.sh ]]; then . /etc/profile.d/deploy_server.sh @@ -409,9 +409,7 @@ function validate_dependencies { return 2 #No such file or directory fi - isInCloudShellCheck=$(checkIfCloudShell) - - if [[ (($isInCloudShellCheck == 0)) ]]; then + if checkIfCloudShell; then mkdir -p "${HOME}/.terraform.d/plugin-cache" export TF_PLUGIN_CACHE_DIR="${HOME}/.terraform.d/plugin-cache" else diff --git a/deploy/scripts/install_library.sh b/deploy/scripts/install_library.sh index d2cfe51333..2646c9d984 100755 --- a/deploy/scripts/install_library.sh +++ b/deploy/scripts/install_library.sh @@ -167,7 +167,7 @@ library_config_information="${automation_config_directory}""${environment}""${re #Plugins isInCloudShellCheck=$(checkIfCloudShell) -if [[ (($isInCloudShellCheck == 0)) ]]; then +if checkIfCloudShell; then mkdir -p "${HOME}/.terraform.d/plugin-cache" export TF_PLUGIN_CACHE_DIR="${HOME}/.terraform.d/plugin-cache" else diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index 20d0cc3fab..d73296bc18 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -569,7 +569,7 @@ new_deployment=false #Plugins isInCloudShellCheck=$(checkIfCloudShell) -if [[ (($isInCloudShellCheck == 0)) ]]; then +if checkIfCloudShell; then mkdir -p "${HOME}/.terraform.d/plugin-cache" export TF_PLUGIN_CACHE_DIR="${HOME}/.terraform.d/plugin-cache" else diff --git a/deploy/scripts/installer.sh b/deploy/scripts/installer.sh index 8fac020b0c..4203208bfa 100755 --- a/deploy/scripts/installer.sh +++ b/deploy/scripts/installer.sh @@ -167,7 +167,7 @@ fi #Plugins isInCloudShellCheck=$(checkIfCloudShell) -if [[ (($isInCloudShellCheck == 0)) ]]; then +if checkIfCloudShell; then mkdir -p "${HOME}/.terraform.d/plugin-cache" export TF_PLUGIN_CACHE_DIR="${HOME}/.terraform.d/plugin-cache" else diff --git a/deploy/scripts/remover.sh b/deploy/scripts/remover.sh index eaa71fb3c8..dc8f3e78ea 100755 --- a/deploy/scripts/remover.sh +++ b/deploy/scripts/remover.sh @@ -227,7 +227,7 @@ key=$(echo "${parameterfile_name}" | cut -d. -f1) #Plugins isInCloudShellCheck=$(checkIfCloudShell) -if [[ (($isInCloudShellCheck == 0)) ]]; then +if checkIfCloudShell; then mkdir -p "${HOME}/.terraform.d/plugin-cache" export TF_PLUGIN_CACHE_DIR="${HOME}/.terraform.d/plugin-cache" else From 832536e959473a9f4c25117fd225471851eafbe6 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Wed, 16 Oct 2024 16:18:54 +0300 Subject: [PATCH 044/279] Refactor deploy control plane script to include dynamic role assignment based on VM count and use managed service identity (MSI) for authentication --- deploy/terraform/bootstrap/sap_library/providers.tf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/deploy/terraform/bootstrap/sap_library/providers.tf b/deploy/terraform/bootstrap/sap_library/providers.tf index 73aecd7152..e184dd7431 100644 --- a/deploy/terraform/bootstrap/sap_library/providers.tf +++ b/deploy/terraform/bootstrap/sap_library/providers.tf @@ -26,6 +26,8 @@ provider "azurerm" { } storage_use_azuread = true + use_msi = var.use_spn ? false : true + } provider "azurerm" { @@ -44,6 +46,7 @@ provider "azurerm" { alias = "main" storage_use_azuread = true + use_msi = var.use_spn ? false : true } @@ -53,6 +56,7 @@ provider "azurerm" { alias = "deployer" storage_use_azuread = true + use_msi = var.use_spn ? false : true } provider "azurerm" { @@ -64,6 +68,7 @@ provider "azurerm" { alias = "dnsmanagement" storage_use_azuread = true + use_msi = var.use_spn ? false : true } provider "azurerm" { @@ -75,6 +80,7 @@ provider "azurerm" { alias = "privatelinkdnsmanagement" storage_use_azuread = true + use_msi = var.use_spn ? false : true } provider "azuread" { From 8164c97263df876d6e2131b0a81dde6f73917d09 Mon Sep 17 00:00:00 2001 From: hdamecharla Date: Wed, 16 Oct 2024 18:52:14 +0530 Subject: [PATCH 045/279] Refactor deploy scripts to include sourcing deploy_server.sh and fixing Terraform ownership --- deploy/scripts/helpers/script_helpers.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/deploy/scripts/helpers/script_helpers.sh b/deploy/scripts/helpers/script_helpers.sh index d5e2495691..331d90fbdd 100755 --- a/deploy/scripts/helpers/script_helpers.sh +++ b/deploy/scripts/helpers/script_helpers.sh @@ -7,12 +7,13 @@ resetformatting="\e[0m" full_script_path="$(realpath "${BASH_SOURCE[0]}")" script_directory="$(dirname "${full_script_path}")" +script_directory_parent="$(dirname "${script_directory}")" #call stack has full scriptname when using source -source ../deploy_utils.sh +source "${script_directory_parent}"/deploy_utils.sh if [[ -f /etc/profile.d/deploy_server.sh ]]; then -. /etc/profile.d/deploy_server.sh + . /etc/profile.d/deploy_server.sh fi From c5e1d4d375bf5ef0ea529c3bb3ac38fadf9b5fcc Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Wed, 16 Oct 2024 17:39:31 +0300 Subject: [PATCH 046/279] Refactor deploy control plane script to include dynamic role assignment based on VM count and use managed service identity (MSI) for authentication --- deploy/terraform/run/sap_library/providers.tf | 1 + .../terraform-units/modules/sap_library/key_vault.tf | 2 +- .../terraform-units/modules/sap_library/storage_accounts.tf | 4 ++-- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/deploy/terraform/run/sap_library/providers.tf b/deploy/terraform/run/sap_library/providers.tf index bb2c513d19..9f37ab1aca 100644 --- a/deploy/terraform/run/sap_library/providers.tf +++ b/deploy/terraform/run/sap_library/providers.tf @@ -73,6 +73,7 @@ provider "azurerm" { tenant_id = local.use_spn ? local.spn.tenant_id : null alias = "privatelinkdnsmanagement" storage_use_azuread = true + use_msi = var.use_spn ? false : true } diff --git a/deploy/terraform/terraform-units/modules/sap_library/key_vault.tf b/deploy/terraform/terraform-units/modules/sap_library/key_vault.tf index 4fbfa3c789..3c3986ec92 100644 --- a/deploy/terraform/terraform-units/modules/sap_library/key_vault.tf +++ b/deploy/terraform/terraform-units/modules/sap_library/key_vault.tf @@ -82,7 +82,7 @@ resource "azurerm_key_vault_secret" "tfstate" { resource "azurerm_private_dns_a_record" "kv_user" { - provider = azurerm.deployer + provider = azurerm.privatelinkdnsmanagement count = var.dns_settings.register_storage_accounts_keyvaults_with_dns ? 1 : 0 name = lower(split("/", var.key_vault.kv_spn_id)[8]) zone_name = var.dns_settings.dns_zone_names.vault_dns_zone_name diff --git a/deploy/terraform/terraform-units/modules/sap_library/storage_accounts.tf b/deploy/terraform/terraform-units/modules/sap_library/storage_accounts.tf index 44349cb1c4..6930834d21 100644 --- a/deploy/terraform/terraform-units/modules/sap_library/storage_accounts.tf +++ b/deploy/terraform/terraform-units/modules/sap_library/storage_accounts.tf @@ -105,7 +105,7 @@ resource "azurerm_role_assignment" "storage_tfstate_contributor_ssi" { } resource "azurerm_private_dns_a_record" "storage_tfstate_pep_a_record_registry" { - provider = azurerm.dnsmanagement + provider = azurerm.privatelinkdnsmanagement count = var.dns_settings.register_storage_accounts_keyvaults_with_dns && var.use_private_endpoint && var.use_custom_dns_a_registration && !local.sa_tfstate_exists ? 1 : 0 depends_on = [ azurerm_private_dns_zone.blob @@ -343,7 +343,7 @@ resource "azurerm_storage_account_network_rules" "storage_sapbits" { resource "azurerm_private_dns_a_record" "storage_sapbits_pep_a_record_registry" { - provider = azurerm.dnsmanagement + provider = azurerm.privatelinkdnsmanagement count = var.use_private_endpoint && var.use_custom_dns_a_registration && !local.sa_sapbits_exists ? 1 : 0 depends_on = [ azurerm_private_dns_zone.blob From 5ab33f384c680ded81c431b6ba44f8d0fc012216 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Wed, 16 Oct 2024 17:50:53 +0300 Subject: [PATCH 047/279] Refactor deploy control plane script to include dynamic role assignment based on VM count and use managed service identity (MSI) for authentication --- deploy/pipelines/01-deploy-control-plane.yaml | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index 20d6f497bf..71efd26486 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -713,22 +713,31 @@ stages: export TF_LOG_PATH=${CONFIG_REPO_PATH}/.sap_deployment_automation/terraform.log sudo chmod +x $SAP_AUTOMATION_REPO_PATH/deploy/scripts/deploy_controlplane.sh + if [ $USE_MSI != "true" ]; then + echo -e "$cyan--- Using SPN ---$reset" + export ARM_CLIENT_ID=$CP_ARM_CLIENT_ID + export ARM_CLIENT_SECRET=$CP_ARM_CLIENT_SECRET + export ARM_TENANT_ID=$CP_ARM_TENANT_ID + export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID + export ARM_USE_MSI=false - if [ "$USE_MSI" = "true" ]; then - echo -e "$cyan--- Using MSI ---$reset" $SAP_AUTOMATION_REPO_PATH/deploy/scripts/deploy_controlplane.sh \ --deployer_parameter_file "${deployer_configfile}" \ --library_parameter_file "${library_configfile}" \ --subscription $STATE_SUBSCRIPTION \ - --auto-approve --ado --msi \ + --spn_secret $ARM_CLIENT_SECRET --tenant_id $ARM_TENANT_ID \ + --auto-approve --ado \ ${storage_account_parameter} ${keyvault_parameter} else + echo -e "$cyan--- Using MSI ---$reset" + export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID + export ARM_USE_MSI=true + $SAP_AUTOMATION_REPO_PATH/deploy/scripts/deploy_controlplane.sh \ --deployer_parameter_file "${deployer_configfile}" \ --library_parameter_file "${library_configfile}" \ --subscription $STATE_SUBSCRIPTION \ - --spn_secret $ARM_CLIENT_SECRET --tenant_id $ARM_TENANT_ID \ - --auto-approve --ado \ + --auto-approve --ado --msi \ ${storage_account_parameter} ${keyvault_parameter} fi From 492e14091fc97ea8a6d7749c496ae41ba8c0d0f4 Mon Sep 17 00:00:00 2001 From: hdamecharla Date: Wed, 16 Oct 2024 20:25:30 +0530 Subject: [PATCH 048/279] handle the realfilepath and the scriptdir variables as they might be replaced with other values in child scripts --- deploy/scripts/install_workloadzone.sh | 3 +++ deploy/scripts/installer.sh | 11 ++++++++--- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index d73296bc18..3030d82d31 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -1073,6 +1073,9 @@ then az login --service-principal --username "${client_id}" --password="${spn_secret}" --tenant "${tenant_id}" --output none fi +full_script_path="$(realpath "${BASH_SOURCE[0]}")" +script_directory="$(dirname "${full_script_path}")" + rg_name=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw created_resource_group_name | tr -d \") az deployment group create --resource-group "${rg_name}" --name "SAP-WORKLOAD-ZONE_${rg_name}" --subscription "${subscription}" --template-file "${script_directory}/templates/empty-deployment.json" --output none diff --git a/deploy/scripts/installer.sh b/deploy/scripts/installer.sh index 4203208bfa..ce8eacf574 100755 --- a/deploy/scripts/installer.sh +++ b/deploy/scripts/installer.sh @@ -1193,7 +1193,8 @@ then else az login --identity --output none fi - + full_script_path="$(realpath "${BASH_SOURCE[0]}")" + script_directory="$(dirname "${full_script_path}")" az deployment group create --resource-group ${created_resource_group_name} --name "ControlPlane_Deployer_${created_resource_group_name}" --template-file "${script_directory}/templates/empty-deployment.json" --output none return_value=0 if [ 1 == $called_from_ado ] ; then @@ -1322,7 +1323,8 @@ then echo "#########################################################################################" echo "" echo "" - + full_script_path="$(realpath "${BASH_SOURCE[0]}")" + script_directory="$(dirname "${full_script_path}")" az deployment group create --resource-group ${rg_name} --name "SAP_${rg_name}" --subscription $ARM_SUBSCRIPTION_ID --template-file "${script_directory}/templates/empty-deployment.json" --output none fi @@ -1343,7 +1345,8 @@ then echo "#########################################################################################" echo "" echo "" - + full_script_path="$(realpath "${BASH_SOURCE[0]}")" + script_directory="$(dirname "${full_script_path}")" az deployment group create --resource-group ${rg_name} --name "SAP-WORKLOAD-ZONE_${rg_name}" --template-file "${script_directory}/templates/empty-deployment.json" --output none fi @@ -1398,6 +1401,8 @@ then echo "" echo "" + full_script_path="$(realpath "${BASH_SOURCE[0]}")" + script_directory="$(dirname "${full_script_path}")" az deployment group create --resource-group ${rg_name} --name "SAP-LIBRARY_${rg_name}" --template-file "${script_directory}/templates/empty-deployment.json" --output none fi From 61a37e2ad3cf03a1fc7f1b62fbab321fdce2edd2 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Wed, 16 Oct 2024 17:58:03 +0300 Subject: [PATCH 049/279] Refactor deploy_controlplane.sh to use managed service identity (MSI) for authentication --- deploy/scripts/deploy_controlplane.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/scripts/deploy_controlplane.sh b/deploy/scripts/deploy_controlplane.sh index ffd28f54f3..2fbe7803f9 100755 --- a/deploy/scripts/deploy_controlplane.sh +++ b/deploy/scripts/deploy_controlplane.sh @@ -246,7 +246,7 @@ if [ 0 = "${deploy_using_msi_only:-}" ]; then set_executing_user_environment_variables "${spn_secret}" else echo "Using Managed Identity for deployment" - export ARM_USE_MSI=true + set_executing_user_environment_variables "none" fi From f447684e9f50385dc17413b6271cac8d57c0aa46 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Wed, 16 Oct 2024 23:31:06 +0300 Subject: [PATCH 050/279] Refactor deploy_controlplane.sh to remove ARM_USE_MSI variable and use managed service identity (MSI) for authentication --- deploy/pipelines/01-deploy-control-plane.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index 71efd26486..542414bb55 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -637,7 +637,7 @@ stages: export ARM_CLIENT_SECRET=$CP_ARM_CLIENT_SECRET export ARM_TENANT_ID=$CP_ARM_TENANT_ID export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID - export ARM_USE_MSI=false + unset ARM_USE_MSI az login --service-principal --username $ARM_CLIENT_ID --password=$ARM_CLIENT_SECRET --tenant $ARM_TENANT_ID --output none return_code=$? @@ -652,6 +652,7 @@ stages: # export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID export ARM_USE_MSI=true export ARM_USE_AZUREAD=true + unset ARM_CLIENT_SECRET fi fi @@ -719,7 +720,7 @@ stages: export ARM_CLIENT_SECRET=$CP_ARM_CLIENT_SECRET export ARM_TENANT_ID=$CP_ARM_TENANT_ID export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID - export ARM_USE_MSI=false + unset ARM_USE_MSI $SAP_AUTOMATION_REPO_PATH/deploy/scripts/deploy_controlplane.sh \ --deployer_parameter_file "${deployer_configfile}" \ @@ -732,6 +733,7 @@ stages: echo -e "$cyan--- Using MSI ---$reset" export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID export ARM_USE_MSI=true + unset ARM_CLIENT_SECRET $SAP_AUTOMATION_REPO_PATH/deploy/scripts/deploy_controlplane.sh \ --deployer_parameter_file "${deployer_configfile}" \ From 8e06f99ec169ae1cfdd0dac56b82236f13661ff8 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 17 Oct 2024 00:11:27 +0300 Subject: [PATCH 051/279] Refactor deploy_utils.sh to remove ARM_USE_MSI variable and use managed service identity (MSI) for authentication --- deploy/scripts/deploy_controlplane.sh | 150 +++++++++++++------------- deploy/scripts/deploy_utils.sh | 2 + 2 files changed, 76 insertions(+), 76 deletions(-) diff --git a/deploy/scripts/deploy_controlplane.sh b/deploy/scripts/deploy_controlplane.sh index 2fbe7803f9..7171067cd6 100755 --- a/deploy/scripts/deploy_controlplane.sh +++ b/deploy/scripts/deploy_controlplane.sh @@ -31,7 +31,7 @@ full_script_path="$(realpath "${BASH_SOURCE[0]}")" script_directory="$(dirname "${full_script_path}")" if [[ -f /etc/profile.d/deploy_server.sh ]]; then - . /etc/profile.d/deploy_server.sh + . /etc/profile.d/deploy_server.sh fi #call stack has full scriptname when using source @@ -173,15 +173,15 @@ echo "########################################################################## noAccess=$( az account show --query name | grep "N/A(tenant level account)") if [ -n "$noAccess" ]; then - echo "#########################################################################################" - echo "# #" - echo -e "# $boldred The provided credentials do not have access to the subscription!!! $resetformatting #" - echo "# #" - echo "#########################################################################################" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldred The provided credentials do not have access to the subscription!!! $resetformatting #" + echo "# #" + echo "#########################################################################################" - az account show --output table + az account show --output table - exit 65 + exit 65 fi az account list --query "[].{Name:name,Id:id}" --output table #setting the user environment variables @@ -215,39 +215,37 @@ if [ -n "${subscription}" ]; then if [ -n "${keyvault}" ] ; then - kv_found=$(az keyvault list --subscription "${subscription}" --query [].name | grep "${keyvault}") + kv_found=$(az keyvault list --subscription "${subscription}" --query [].name | grep "${keyvault}") - if [ -z "${kv_found}" ] ; then - echo "#########################################################################################" - echo "# #" - echo -e "# $boldred Detected a failed deployment $resetformatting #" - echo "# #" - echo -e "# $cyan Trying to recover $resetformatting #" - echo "# #" - echo "#########################################################################################" - step=0 - save_config_var "step" "${deployer_config_information}" - fi + if [ -z "${kv_found}" ] ; then + echo "#########################################################################################" + echo "# #" + echo -e "# $boldred Detected a failed deployment $resetformatting #" + echo "# #" + echo -e "# $cyan Trying to recover $resetformatting #" + echo "# #" + echo "#########################################################################################" + step=0 + save_config_var "step" "${deployer_config_information}" + fi else - step=0 - save_config_var "step" "${deployer_config_information}" + step=0 + save_config_var "step" "${deployer_config_information}" fi - - fi load_config_vars "${deployer_config_information}" "step" if [ 0 = "${deploy_using_msi_only:-}" ]; then - echo "Using Service Principal for deployment" - set_executing_user_environment_variables "${spn_secret}" + echo "Using Service Principal for deployment" + set_executing_user_environment_variables "${spn_secret}" else - echo "Using Managed Identity for deployment" + echo "Using Managed Identity for deployment" - set_executing_user_environment_variables "none" + set_executing_user_environment_variables "none" fi if [ $recover == 1 ]; then @@ -316,11 +314,11 @@ if [ 0 == $step ]; then fi if [ -n "${FORCE_RESET}" ]; then - step=3 - save_config_var "step" "${deployer_config_information}" - exit 0 + step=3 + save_config_var "step" "${deployer_config_information}" + exit 0 else - export step=1 + export step=1 fi save_config_var "step" "${deployer_config_information}" @@ -348,18 +346,18 @@ if [ 1 == $step ] || [ 3 == $step ] ; then if [ -z "$keyvault" ]; then - key=$(echo "${deployer_file_parametername}" | cut -d. -f1) - if [ $recover == 1 ]; then - terraform_module_directory="$SAP_AUTOMATION_REPO_PATH"/deploy/terraform/run/sap_deployer/ - terraform -chdir="${terraform_module_directory}" init -upgrade=true \ - --backend-config "subscription_id=${STATE_SUBSCRIPTION}" \ - --backend-config "resource_group_name=${REMOTE_STATE_RG}" \ - --backend-config "storage_account_name=${REMOTE_STATE_SA}" \ - --backend-config "container_name=tfstate" \ - --backend-config "key=${key}.terraform.tfstate" - - keyvault=$(terraform -chdir="${terraform_module_directory}" output deployer_kv_user_name | tr -d \") - fi + key=$(echo "${deployer_file_parametername}" | cut -d. -f1) + if [ $recover == 1 ]; then + terraform_module_directory="$SAP_AUTOMATION_REPO_PATH"/deploy/terraform/run/sap_deployer/ + terraform -chdir="${terraform_module_directory}" init -upgrade=true \ + --backend-config "subscription_id=${STATE_SUBSCRIPTION}" \ + --backend-config "resource_group_name=${REMOTE_STATE_RG}" \ + --backend-config "storage_account_name=${REMOTE_STATE_SA}" \ + --backend-config "container_name=tfstate" \ + --backend-config "key=${key}.terraform.tfstate" + + keyvault=$(terraform -chdir="${terraform_module_directory}" output deployer_kv_user_name | tr -d \") + fi fi if [ -z "$keyvault" ]; then @@ -381,15 +379,15 @@ if [ 1 == $step ] || [ 3 == $step ] ; then kv_name_check=$(az keyvault list --query "[?name=='$keyvault'].name | [0]" --subscription "${subscription}") if [ -z $kv_name_check ]; then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $cyan Retrying keyvault access $resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" - sleep 60 - kv_name_check=$(az keyvault list --query "[?name=='$keyvault'].name | [0]" --subscription "${subscription}") + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $cyan Retrying keyvault access $resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" + sleep 60 + kv_name_check=$(az keyvault list --query "[?name=='$keyvault'].name | [0]" --subscription "${subscription}") fi if [ -z $kv_name_check ]; then @@ -428,30 +426,30 @@ if [ 1 == $step ] || [ 3 == $step ] ; then if [ 0 = "${deploy_using_msi_only:-}" ]; then - read -p "Do you want to specify the SPN Details Y/N?" ans - answer=${ans^^} - if [ "$answer" == 'Y' ]; then - allParams=$(printf " -e %s -r %s -v %s " "${environment}" "${region_code}" "${keyvault}" ) + read -p "Do you want to specify the SPN Details Y/N?" ans + answer=${ans^^} + if [ "$answer" == 'Y' ]; then + allParams=$(printf " -e %s -r %s -v %s " "${environment}" "${region_code}" "${keyvault}" ) - #$allParams as an array (); array math can be done in shell, allowing dynamic parameter lists to be created - #"${allParams[@]}" - quotes all elements of the array + #$allParams as an array (); array math can be done in shell, allowing dynamic parameter lists to be created + #"${allParams[@]}" - quotes all elements of the array - "${SAP_AUTOMATION_REPO_PATH}"/deploy/scripts/set_secrets.sh $allParams - return_code=$? - if [ 0 != $return_code ]; then - exit $return_code - fi - fi + "${SAP_AUTOMATION_REPO_PATH}"/deploy/scripts/set_secrets.sh $allParams + return_code=$? + if [ 0 != $return_code ]; then + exit $return_code + fi + fi else - allParams=$(printf " -e %s -r %s -v %s --subscription %s --msi " "${environment}" "${region_code}" "${keyvault}" "${subscription}") + allParams=$(printf " -e %s -r %s -v %s --subscription %s --msi " "${environment}" "${region_code}" "${keyvault}" "${subscription}") - "${SAP_AUTOMATION_REPO_PATH}"/deploy/scripts/set_secrets.sh $allParams - if [ -f secret.err ]; then - error_message=$(cat secret.err) - echo "##vso[task.logissue type=error]${error_message}" + "${SAP_AUTOMATION_REPO_PATH}"/deploy/scripts/set_secrets.sh $allParams + if [ -f secret.err ]; then + error_message=$(cat secret.err) + echo "##vso[task.logissue type=error]${error_message}" - exit 65 - fi + exit 65 + fi fi fi @@ -465,8 +463,8 @@ if [ 1 == $step ] || [ 3 == $step ] ; then fi cd "${curdir}" || exit if [ 1 == $step ] ; then - step=2 - save_config_var "step" "${deployer_config_information}" + step=2 + save_config_var "step" "${deployer_config_information}" fi else az_subscription_id=$(az account show --query id -o tsv) @@ -608,8 +606,8 @@ if [ 3 == $step ]; then v="" secret=$(az keyvault secret list --vault-name "${keyvault}" --query "[].{Name:name} | [? contains(Name,'${secretname}')] | [0]" | tr -d \") if [ "${secret}" == "${secretname}" ]; then - TF_VAR_sa_connection_string=$(az keyvault secret show --name "${secretname}" --vault-name "${keyvault}" --query value | tr -d \") - export TF_VAR_sa_connection_string + TF_VAR_sa_connection_string=$(az keyvault secret show --name "${secretname}" --vault-name "${keyvault}" --query value | tr -d \") + export TF_VAR_sa_connection_string fi diff --git a/deploy/scripts/deploy_utils.sh b/deploy/scripts/deploy_utils.sh index 8dfeefb024..563736bb8a 100755 --- a/deploy/scripts/deploy_utils.sh +++ b/deploy/scripts/deploy_utils.sh @@ -374,6 +374,7 @@ function set_executing_user_environment_variables() { export ARM_TENANT_ID export ARM_CLIENT_ID export ARM_CLIENT_SECRET + unset ARM_USE_MSI else echo -e "\t[set_executing_user_environment_variables]: unable to identify the executing user and client" @@ -396,6 +397,7 @@ function unset_executing_user_environment_variables() { unset ARM_TENANT_ID unset ARM_CLIENT_ID unset ARM_CLIENT_SECRET + unset ARM_USE_MSI } # print the script name and function being called From d86ad49732f17c50462d8de663457ab6df08f28d Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 17 Oct 2024 01:06:27 +0300 Subject: [PATCH 052/279] Refactor deploy_controlplane.sh to remove ARM_USE_MSI variable and use managed service identity (MSI) for authentication --- deploy/scripts/deploy_controlplane.sh | 2 +- deploy/scripts/helpers/script_helpers.sh | 7 +------ 2 files changed, 2 insertions(+), 7 deletions(-) diff --git a/deploy/scripts/deploy_controlplane.sh b/deploy/scripts/deploy_controlplane.sh index 7171067cd6..5c69d1d3ed 100755 --- a/deploy/scripts/deploy_controlplane.sh +++ b/deploy/scripts/deploy_controlplane.sh @@ -241,10 +241,10 @@ load_config_vars "${deployer_config_information}" "step" if [ 0 = "${deploy_using_msi_only:-}" ]; then echo "Using Service Principal for deployment" + unset ARM_USE_MSI set_executing_user_environment_variables "${spn_secret}" else echo "Using Managed Identity for deployment" - set_executing_user_environment_variables "none" fi diff --git a/deploy/scripts/helpers/script_helpers.sh b/deploy/scripts/helpers/script_helpers.sh index 331d90fbdd..b79b8d16b1 100755 --- a/deploy/scripts/helpers/script_helpers.sh +++ b/deploy/scripts/helpers/script_helpers.sh @@ -12,11 +12,6 @@ script_directory_parent="$(dirname "${script_directory}")" #call stack has full scriptname when using source source "${script_directory_parent}"/deploy_utils.sh -if [[ -f /etc/profile.d/deploy_server.sh ]]; then - . /etc/profile.d/deploy_server.sh -fi - - function control_plane_showhelp { echo "" echo "#################################################################################################################" @@ -398,7 +393,7 @@ function validate_dependencies { fi # Check terraform - tf=$(terraform --version | grep Terraform) + tf=$(/opt/terraform/bin/terraform --version | grep Terraform) if [ -z "$tf" ]; then echo "" echo "#########################################################################################" From b47eeb5d990d7ec591cc666e0b4d442dfa8d2296 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 17 Oct 2024 01:44:36 +0300 Subject: [PATCH 053/279] Refactor deploy_controlplane.sh to use managed service identity (MSI) for authentication --- deploy/pipelines/02-sap-workload-zone.yaml | 106 +++++++++------------ 1 file changed, 44 insertions(+), 62 deletions(-) diff --git a/deploy/pipelines/02-sap-workload-zone.yaml b/deploy/pipelines/02-sap-workload-zone.yaml index 169e5fa5e8..2fe91ca473 100644 --- a/deploy/pipelines/02-sap-workload-zone.yaml +++ b/deploy/pipelines/02-sap-workload-zone.yaml @@ -402,42 +402,48 @@ stages: secrets_set=1 echo -e "$green--- az login ---$reset" - if [ $LOGON_USING_SPN == "true" ]; then - echo "Using SPN" - az login --service-principal --username $CP_ARM_CLIENT_ID --password=$CP_ARM_CLIENT_SECRET --tenant $CP_ARM_TENANT_ID --output none - else - echo "Using MSI" - export ARM_USE_MSI=true - export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID - unset ARM_TENANT_ID - - az login --identity --allow-no-subscriptions --output none - fi + echo "Sourcing the deploy_server.sh" + . /etc/profile.d/deploy_server.sh ; /opt/bin/terraform/terraform --version - return_code=$? - if [ 0 != $return_code ]; then - echo -e "$boldred--- Login failed ---$reset" - echo "##vso[task.logissue type=error]az login failed." - exit $return_code - fi + if [ $USE_MSI != "true" ]; then - if [ $USE_MSI != "true" ]; then - echo -e "$green --- Set secrets ---$reset" + echo -e "$cyan--- Using SPN ---$reset" + export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID + export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET + export ARM_TENANT_ID=$WL_ARM_TENANT_ID + export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID + export ARM_USE_AZUREAD=true + unset ARM_USE_MSI + az login --service-principal --username $ARM_CLIENT_ID --password=$ARM_CLIENT_SECRET --tenant $ARM_TENANT_ID --output none - $SAP_AUTOMATION_REPO_PATH/deploy/scripts/set_secrets.sh --workload --vault "${key_vault}" --environment "${ENVIRONMENT}" \ - --region "${LOCATION}" --subscription $WL_ARM_SUBSCRIPTION_ID --spn_id $WL_ARM_CLIENT_ID --spn_secret "${WL_ARM_CLIENT_SECRET}" \ - --tenant_id $WL_ARM_TENANT_ID --keyvault_subscription $STATE_SUBSCRIPTION - secrets_set=$? ; echo -e "$cyan Set Secrets returned $secrets_set $reset" - az keyvault set-policy --name "${key_vault}" --object-id $WL_ARM_OBJECT_ID --secret-permissions get list --subscription $STATE_SUBSCRIPTION --output none - fi + return_code=$? + if [ 0 != $return_code ]; then + echo -e "$boldred--- Login failed ---$reset" + echo "##vso[task.logissue type=error]az login failed." + exit $return_code + fi + az account set --subscription $STATE_SUBSCRIPTION + echo -e "$green --- Set secrets ---$reset" + + $SAP_AUTOMATION_REPO_PATH/deploy/scripts/set_secrets.sh --workload --vault "${key_vault}" --environment "${ENVIRONMENT}" \ + --region "${LOCATION}" --subscription $WL_ARM_SUBSCRIPTION_ID --spn_id $WL_ARM_CLIENT_ID --spn_secret "${WL_ARM_CLIENT_SECRET}" \ + --tenant_id $WL_ARM_TENANT_ID --keyvault_subscription $STATE_SUBSCRIPTION + secrets_set=$? ; echo -e "$cyan Set Secrets returned $secrets_set $reset" + az keyvault set-policy --name "${key_vault}" --object-id $WL_ARM_OBJECT_ID --secret-permissions get list --subscription $STATE_SUBSCRIPTION --output none + else + echo -e "$cyan--- Using MSI ---$reset" + # export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID + export ARM_USE_MSI=true + export ARM_USE_AZUREAD=true + unset ARM_CLIENT_SECRET + fi debug_variable='--output none' debug_variable='' if [ $USE_MSI != "true" ]; then - az login --service-principal --username $CP_ARM_CLIENT_ID --password=$CP_ARM_CLIENT_SECRET --tenant $CP_ARM_TENANT_ID --output none - isUserAccessAdmin=$(az role assignment list --role "User Access Administrator" --subscription $STATE_SUBSCRIPTION --query "[?principalType=='ServicePrincipal'].principalId | [0] " --assignee $CP_ARM_CLIENT_ID) + isUserAccessAdmin=$(az role assignment list --role "User Access Administrator" --subscription $STATE_SUBSCRIPTION --query "[?principalType=='ServicePrincipal'].principalId | [0] " --assignee $ARM_CLIENT_ID) tfstate_resource_id=$(az resource list --name "${REMOTE_STATE_SA}" --subscription ${STATE_SUBSCRIPTION} --resource-type Microsoft.Storage/storageAccounts --query "[].id | [0]" -o tsv) @@ -450,10 +456,10 @@ stages: az role assignment create --assignee-object-id $WL_ARM_OBJECT_ID --assignee-principal-type ServicePrincipal --role "Reader" --scope "/subscriptions/${STATE_SUBSCRIPTION}" --output none fi - perms=$(az role assignment list --subscription ${STATE_SUBSCRIPTION} --role "Storage Account Contributor" --scope "${tfstate_resource_id}" --query "[?principalId=='$WL_ARM_OBJECT_ID'].principalName | [0]" -o tsv --only-show-errors) + perms=$(az role assignment list --subscription ${STATE_SUBSCRIPTION} --role "Storage Blob Data Contributor" --scope "${tfstate_resource_id}" --query "[?principalId=='$WL_ARM_OBJECT_ID'].principalName | [0]" -o tsv --only-show-errors) if [ -z "$perms" ]; then echo "Assigning Storage Account Contributor permissions for $WL_ARM_OBJECT_ID to ${tfstate_resource_id}" - az role assignment create --assignee-object-id $WL_ARM_OBJECT_ID --assignee-principal-type ServicePrincipal --role "Storage Account Contributor" --scope "${tfstate_resource_id}" --output none + az role assignment create --assignee-object-id $WL_ARM_OBJECT_ID --assignee-principal-type ServicePrincipal --role "Storage Blob Data Contributor" --scope "${tfstate_resource_id}" --output none fi resource_group_name=$(az resource show --id "${tfstate_resource_id}" --query resourceGroup -o tsv) @@ -484,34 +490,13 @@ stages: fi fi else - echo "##vso[task.logissue type=warning]Service Principal $CP_ARM_CLIENT_ID does not have 'User Access Administrator' permissions. Please ensure that the service principal $WL_ARM_CLIENT_ID has permissions on the Terrafrom state storage account and if needed on the Private DNS zone and the source management network resource" + echo "##vso[task.logissue type=warning]Service Principal $WL_ARM_CLIENT_ID does not have 'User Access Administrator' permissions. Please ensure that the service principal $WL_ARM_CLIENT_ID has permissions on the Terrafrom state storage account and if needed on the Private DNS zone and the source management network resource" fi fi echo -e "$green--- Deploy the workload zone ---$reset" cd $CONFIG_REPO_PATH/LANDSCAPE/$(workload_zone_folder) if [ -f /etc/profile.d/deploy_server.sh ]; then - if [ $LOGON_USING_SPN == "true" ]; then - echo "Logon Using SPN" - - az logout --output none - export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID - export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET - export ARM_TENANT_ID=$WL_ARM_TENANT_ID - export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID - export ARM_USE_MSI=false - az login --service-principal --username $WL_ARM_CLIENT_ID --password=$WL_ARM_CLIENT_SECRET --tenant $WL_ARM_TENANT_ID --output none - return_code=$? - if [ 0 != $return_code ]; then - echo -e "$boldred--- Login failed ---$reset" - echo "##vso[task.logissue type=error]az login failed." - exit $return_code - fi - else - export ARM_USE_MSI=true - az login --identity --allow-no-subscriptions --output none - fi - else if [ $USE_MSI != "true" ]; then az logout --output none export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID @@ -526,21 +511,19 @@ stages: echo "##vso[task.logissue type=error]az login failed." exit $return_code fi - fi - - fi - - if [ $USE_MSI != "true" ]; then $SAP_AUTOMATION_REPO_PATH/deploy/scripts/install_workloadzone.sh --parameterfile $(workload_zone_configuration_file) \ --deployer_environment $(deployer_environment) --subscription $(ARM_SUBSCRIPTION_ID) \ --spn_id $WL_ARM_CLIENT_ID --spn_secret $WL_ARM_CLIENT_SECRET --tenant_id $WL_ARM_TENANT_ID \ --deployer_tfstate_key "${deployer_tfstate_key}" --keyvault "${key_vault}" --storageaccountname "${REMOTE_STATE_SA}" \ --state_subscription "${STATE_SUBSCRIPTION}" --auto-approve --ado - else - $SAP_AUTOMATION_REPO_PATH/deploy/scripts/install_workloadzone.sh --parameterfile $(workload_zone_configuration_file) \ - --deployer_environment $(deployer_environment) --subscription $(ARM_SUBSCRIPTION_ID) \ - --deployer_tfstate_key "${deployer_tfstate_key}" --keyvault "${key_vault}" --storageaccountname "${REMOTE_STATE_SA}" \ - --state_subscription "${STATE_SUBSCRIPTION}" --auto-approve --ado --msi + else + $SAP_AUTOMATION_REPO_PATH/deploy/scripts/install_workloadzone.sh --parameterfile $(workload_zone_configuration_file) \ + --deployer_environment $(deployer_environment) --subscription $(ARM_SUBSCRIPTION_ID) \ + --deployer_tfstate_key "${deployer_tfstate_key}" --keyvault "${key_vault}" --storageaccountname "${REMOTE_STATE_SA}" \ + --state_subscription "${STATE_SUBSCRIPTION}" --auto-approve --ado --msi + + fi + fi return_code=$? @@ -553,7 +536,6 @@ stages: expiry_date=$(date -d "+365 days" +%Y-%m-%d) - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "FENCING_SPN_ID.value") if [ -z ${az_var} ]; then echo "##vso[task.logissue type=warning]Variable FENCING_SPN_ID is not set. Required for highly available deployments" From 527da293d1b0a2df658887d5f6395c887a6b828f Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 17 Oct 2024 11:27:02 +0300 Subject: [PATCH 054/279] Refactor installer.sh to include terraform output command --- deploy/scripts/installer.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/deploy/scripts/installer.sh b/deploy/scripts/installer.sh index ce8eacf574..6e1ff1991a 100755 --- a/deploy/scripts/installer.sh +++ b/deploy/scripts/installer.sh @@ -1162,6 +1162,9 @@ fi if [ "${deployment_system}" == sap_deployer ] then + + terraform -chdir="${terraform_module_directory}" output + deployer_public_ip_address=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw deployer_public_ip_address | tr -d \") keyvault=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw deployer_kv_user_name | tr -d \") From 1912cc82880d82dcf9f25a8fa137e53e342a5564 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 17 Oct 2024 11:42:50 +0300 Subject: [PATCH 055/279] Refactor installer.sh to comment out unnecessary terraform output command --- deploy/scripts/installer.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/scripts/installer.sh b/deploy/scripts/installer.sh index 6e1ff1991a..f0e2ae5921 100755 --- a/deploy/scripts/installer.sh +++ b/deploy/scripts/installer.sh @@ -1163,7 +1163,7 @@ fi if [ "${deployment_system}" == sap_deployer ] then - terraform -chdir="${terraform_module_directory}" output + # terraform -chdir="${terraform_module_directory}" output deployer_public_ip_address=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw deployer_public_ip_address | tr -d \") keyvault=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw deployer_kv_user_name | tr -d \") From 4a8fd559e62ad5e9f6885b6882bc233ef382b3a8 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 17 Oct 2024 11:47:49 +0300 Subject: [PATCH 056/279] Refactor variables_local.tf to use client_id instead of id for service principal object_id --- deploy/terraform/run/sap_landscape/variables_local.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/terraform/run/sap_landscape/variables_local.tf b/deploy/terraform/run/sap_landscape/variables_local.tf index cc0e882808..38fab4e5f3 100644 --- a/deploy/terraform/run/sap_landscape/variables_local.tf +++ b/deploy/terraform/run/sap_landscape/variables_local.tf @@ -51,7 +51,7 @@ locals { service_principal = { subscription_id = local.spn.subscription_id, tenant_id = local.spn.tenant_id, - object_id = var.use_spn ? try(data.azuread_service_principal.sp[0].id, null) : null + object_id = var.use_spn ? try(data.azuread_service_principal.sp[0].client_id, null) : null } account = { From 74f86225d65bec66929129dff02426b38ad4cc6c Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 17 Oct 2024 12:11:19 +0300 Subject: [PATCH 057/279] Refactor deploy_controlplane.sh to use managed service identity (MSI) for authentication and remove unnecessary ARM_USE_MSI variable --- deploy/pipelines/02-sap-workload-zone.yaml | 73 +++++++++++++--------- 1 file changed, 42 insertions(+), 31 deletions(-) diff --git a/deploy/pipelines/02-sap-workload-zone.yaml b/deploy/pipelines/02-sap-workload-zone.yaml index 2fe91ca473..e69aad3759 100644 --- a/deploy/pipelines/02-sap-workload-zone.yaml +++ b/deploy/pipelines/02-sap-workload-zone.yaml @@ -150,46 +150,57 @@ stages: git checkout -q $(Build.SourceBranchName) echo -e "$green--- Validations ---$reset" - - if [ -z $WL_ARM_SUBSCRIPTION_ID ]; then - echo "##vso[task.logissue type=error]Variable ARM_SUBSCRIPTION_ID was not defined in the $(variable_group) variable group." - exit 2 - fi if [ $USE_MSI != "true" ]; then - if [ -z $WL_ARM_CLIENT_ID ]; then - echo "##vso[task.logissue type=error]Variable ARM_CLIENT_ID was not defined in the $(variable_group) variable group." + if [ -z $WL_ARM_SUBSCRIPTION_ID ]; then + echo "##vso[task.logissue type=error]Variable ARM_SUBSCRIPTION_ID was not defined in the $(variable_group) variable group." exit 2 fi - if [ -z $WL_ARM_CLIENT_SECRET ]; then - echo "##vso[task.logissue type=error]Variable ARM_CLIENT_SECRET was not defined in the $(variable_group) variable group." + if [ $WL_ARM_SUBSCRIPTION_ID == '$$(ARM_SUBSCRIPTION_ID)' ]; then + echo "##vso[task.logissue type=error]Variable ARM_SUBSCRIPTION_ID was not defined in the $(variable_group) variable group." exit 2 fi - if [ -z $WL_ARM_TENANT_ID ]; then - echo "##vso[task.logissue type=error]Variable ARM_TENANT_ID was not defined in the $(variable_group) variable group." - exit 2 - fi + if [ -z $WL_ARM_CLIENT_ID ]; then + echo "##vso[task.logissue type=error]Variable ARM_CLIENT_ID was not defined in the $(variable_group) variable group." + exit 2 + fi - if [ -z $CP_ARM_SUBSCRIPTION_ID ]; then - echo "##vso[task.logissue type=error]Variable CP_ARM_SUBSCRIPTION_ID was not defined in the $(parent_variable_group) variable group." - exit 2 - fi + if [ $WL_ARM_CLIENT_ID == ]; then + echo "##vso[task.logissue type=error]Variable ARM_CLIENT_ID was not defined in the $(variable_group) variable group." + exit 2 + fi - if [ -z $CP_ARM_CLIENT_ID ]; then - echo "##vso[task.logissue type=error]Variable CP_ARM_CLIENT_ID was not defined in the $(parent_variable_group) variable group." - exit 2 - fi + if [ -z $WL_ARM_CLIENT_SECRET ]; then + echo "##vso[task.logissue type=error]Variable ARM_CLIENT_SECRET was not defined in the $(variable_group) variable group." + exit 2 + fi - if [ -z $CP_ARM_CLIENT_SECRET ]; then - echo "##vso[task.logissue type=error]Variable CP_ARM_CLIENT_SECRET was not defined in the $(parent_variable_group) variable group." - exit 2 - fi + if [ -z $WL_ARM_TENANT_ID ]; then + echo "##vso[task.logissue type=error]Variable ARM_TENANT_ID was not defined in the $(variable_group) variable group." + exit 2 + fi - if [ -z $CP_ARM_TENANT_ID ]; then - echo "##vso[task.logissue type=error]Variable CP_ARM_TENANT_ID was not defined in the $(parent_variable_group) variable group." - exit 2 + if [ -z $CP_ARM_SUBSCRIPTION_ID ]; then + echo "##vso[task.logissue type=error]Variable CP_ARM_SUBSCRIPTION_ID was not defined in the $(parent_variable_group) variable group." + exit 2 + fi + + if [ -z $CP_ARM_CLIENT_ID ]; then + echo "##vso[task.logissue type=error]Variable CP_ARM_CLIENT_ID was not defined in the $(parent_variable_group) variable group." + exit 2 + fi + + if [ -z $CP_ARM_CLIENT_SECRET ]; then + echo "##vso[task.logissue type=error]Variable CP_ARM_CLIENT_SECRET was not defined in the $(parent_variable_group) variable group." + exit 2 + fi + + if [ -z $CP_ARM_TENANT_ID ]; then + echo "##vso[task.logissue type=error]Variable CP_ARM_TENANT_ID was not defined in the $(parent_variable_group) variable group." + exit 2 + fi fi fi @@ -426,10 +437,10 @@ stages: echo -e "$green --- Set secrets ---$reset" $SAP_AUTOMATION_REPO_PATH/deploy/scripts/set_secrets.sh --workload --vault "${key_vault}" --environment "${ENVIRONMENT}" \ - --region "${LOCATION}" --subscription $WL_ARM_SUBSCRIPTION_ID --spn_id $WL_ARM_CLIENT_ID --spn_secret "${WL_ARM_CLIENT_SECRET}" \ - --tenant_id $WL_ARM_TENANT_ID --keyvault_subscription $STATE_SUBSCRIPTION + --region "${LOCATION}" --subscription $ARM_SUBSCRIPTION_ID --spn_id $ARM_CLIENT_ID --spn_secret "${ARM_CLIENT_SECRET}" \ + --tenant_id $ARM_TENANT_ID --keyvault_subscription $STATE_SUBSCRIPTION secrets_set=$? ; echo -e "$cyan Set Secrets returned $secrets_set $reset" - az keyvault set-policy --name "${key_vault}" --object-id $WL_ARM_OBJECT_ID --secret-permissions get list --subscription $STATE_SUBSCRIPTION --output none + az keyvault set-policy --name "${key_vault}" --object-id $ARM_OBJECT_ID --secret-permissions get list --subscription $STATE_SUBSCRIPTION --output none else echo -e "$cyan--- Using MSI ---$reset" # export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID From a3603eb2334ede055bba82fa922fc0849179fa61 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 17 Oct 2024 12:31:55 +0300 Subject: [PATCH 058/279] Refactor deploy_controlplane.sh to use managed service identity (MSI) for authentication --- deploy/pipelines/02-sap-workload-zone.yaml | 635 ++++++++++----------- 1 file changed, 317 insertions(+), 318 deletions(-) diff --git a/deploy/pipelines/02-sap-workload-zone.yaml b/deploy/pipelines/02-sap-workload-zone.yaml index e69aad3759..081baffad0 100644 --- a/deploy/pipelines/02-sap-workload-zone.yaml +++ b/deploy/pipelines/02-sap-workload-zone.yaml @@ -114,33 +114,33 @@ stages: - template: templates\download.yaml - task: PostBuildCleanup@4 - bash: | - #!/bin/bash - green="\e[1;32m" ; reset="\e[0m" ; boldred="\e[1;31m" ; cyan="\e[1;36m" + #!/bin/bash + green="\e[1;32m" ; reset="\e[0m" ; boldred="\e[1;31m" ; cyan="\e[1;36m" - echo "##vso[build.updatebuildnumber]Deploying the SAP Workload zone defined in $(workload_zone_folder)" + echo "##vso[build.updatebuildnumber]Deploying the SAP Workload zone defined in $(workload_zone_folder)" # Check if running on deployer if [ ! -f /etc/profile.d/deploy_server.sh ]; then - echo -e "$green --- Install dos2unix ---$reset" - sudo apt-get -qq install dos2unix - echo -e "$green --- Install terraform ---$reset" - - wget -q $(tf_url) - return_code=$? - if [ 0 != $return_code ]; then - echo "##vso[task.logissue type=error]Unable to download Terraform version $(tf_version)." - exit 2 - fi - unzip -qq terraform_$(tf_version)_linux_amd64.zip ; sudo mv terraform /bin/ - rm -f terraform_$(tf_version)_linux_amd64.zip + echo -e "$green --- Install dos2unix ---$reset" + sudo apt-get -qq install dos2unix + echo -e "$green --- Install terraform ---$reset" + + wget -q $(tf_url) + return_code=$? + if [ 0 != $return_code ]; then + echo "##vso[task.logissue type=error]Unable to download Terraform version $(tf_version)." + exit 2 + fi + unzip -qq terraform_$(tf_version)_linux_amd64.zip ; sudo mv terraform /bin/ + rm -f terraform_$(tf_version)_linux_amd64.zip else - source /etc/profile.d/deploy_server.sh + source /etc/profile.d/deploy_server.sh fi if [ ! -f $CONFIG_REPO_PATH/LANDSCAPE/$(workload_zone_folder)/$(workload_zone_configuration_file) ]; then - echo -e "$boldred--- $(workload_zone_configuration_file) was not found ---$reset" - echo "##vso[task.logissue type=error]File $(workload_zone_configuration_file) was not found." - exit 2 + echo -e "$boldred--- $(workload_zone_configuration_file) was not found ---$reset" + echo "##vso[task.logissue type=error]File $(workload_zone_configuration_file) was not found." + exit 2 fi echo -e "$green--- Checkout $(Build.SourceBranchName) ---$reset" @@ -152,65 +152,64 @@ stages: echo -e "$green--- Validations ---$reset" if [ $USE_MSI != "true" ]; then - if [ -z $WL_ARM_SUBSCRIPTION_ID ]; then - echo "##vso[task.logissue type=error]Variable ARM_SUBSCRIPTION_ID was not defined in the $(variable_group) variable group." - exit 2 - fi + if [ -z $WL_ARM_SUBSCRIPTION_ID ]; then + echo "##vso[task.logissue type=error]Variable ARM_SUBSCRIPTION_ID was not defined in the $(variable_group) variable group." + exit 2 + fi - if [ $WL_ARM_SUBSCRIPTION_ID == '$$(ARM_SUBSCRIPTION_ID)' ]; then - echo "##vso[task.logissue type=error]Variable ARM_SUBSCRIPTION_ID was not defined in the $(variable_group) variable group." - exit 2 - fi + if [ $WL_ARM_SUBSCRIPTION_ID == '$$(ARM_SUBSCRIPTION_ID)' ]; then + echo "##vso[task.logissue type=error]Variable ARM_SUBSCRIPTION_ID was not defined in the $(variable_group) variable group." + exit 2 + fi if [ -z $WL_ARM_CLIENT_ID ]; then - echo "##vso[task.logissue type=error]Variable ARM_CLIENT_ID was not defined in the $(variable_group) variable group." - exit 2 + echo "##vso[task.logissue type=error]Variable ARM_CLIENT_ID was not defined in the $(variable_group) variable group." + exit 2 fi - if [ $WL_ARM_CLIENT_ID == ]; then - echo "##vso[task.logissue type=error]Variable ARM_CLIENT_ID was not defined in the $(variable_group) variable group." - exit 2 + if [ $WL_ARM_CLIENT_ID == '$$(ARM_CLIENT_ID)' ]; then + echo "##vso[task.logissue type=error]Variable ARM_CLIENT_ID was not defined in the $(variable_group) variable group." + exit 2 fi if [ -z $WL_ARM_CLIENT_SECRET ]; then - echo "##vso[task.logissue type=error]Variable ARM_CLIENT_SECRET was not defined in the $(variable_group) variable group." - exit 2 + echo "##vso[task.logissue type=error]Variable ARM_CLIENT_SECRET was not defined in the $(variable_group) variable group." + exit 2 fi if [ -z $WL_ARM_TENANT_ID ]; then - echo "##vso[task.logissue type=error]Variable ARM_TENANT_ID was not defined in the $(variable_group) variable group." - exit 2 + echo "##vso[task.logissue type=error]Variable ARM_TENANT_ID was not defined in the $(variable_group) variable group." + exit 2 fi if [ -z $CP_ARM_SUBSCRIPTION_ID ]; then - echo "##vso[task.logissue type=error]Variable CP_ARM_SUBSCRIPTION_ID was not defined in the $(parent_variable_group) variable group." - exit 2 + echo "##vso[task.logissue type=error]Variable CP_ARM_SUBSCRIPTION_ID was not defined in the $(parent_variable_group) variable group." + exit 2 fi if [ -z $CP_ARM_CLIENT_ID ]; then - echo "##vso[task.logissue type=error]Variable CP_ARM_CLIENT_ID was not defined in the $(parent_variable_group) variable group." - exit 2 + echo "##vso[task.logissue type=error]Variable CP_ARM_CLIENT_ID was not defined in the $(parent_variable_group) variable group." + exit 2 fi if [ -z $CP_ARM_CLIENT_SECRET ]; then - echo "##vso[task.logissue type=error]Variable CP_ARM_CLIENT_SECRET was not defined in the $(parent_variable_group) variable group." - exit 2 + echo "##vso[task.logissue type=error]Variable CP_ARM_CLIENT_SECRET was not defined in the $(parent_variable_group) variable group." + exit 2 fi if [ -z $CP_ARM_TENANT_ID ]; then - echo "##vso[task.logissue type=error]Variable CP_ARM_TENANT_ID was not defined in the $(parent_variable_group) variable group." - exit 2 + echo "##vso[task.logissue type=error]Variable CP_ARM_TENANT_ID was not defined in the $(parent_variable_group) variable group." + exit 2 fi - fi fi - echo -e "$green--- Convert config file to UX format ---$reset" + echo -e "$green--- Convert config file to UX format ---$reset" dos2unix -q LANDSCAPE/$(workload_zone_folder)/$(workload_zone_configuration_file) - echo -e "$green--- Read details ---$reset" + echo -e "$green--- Read details ---$reset" ENVIRONMENT=$(grep "^environment" LANDSCAPE/$(workload_zone_folder)/$(workload_zone_configuration_file) | awk -F'=' '{print $2}' | xargs) - LOCATION=$(grep "^location" LANDSCAPE/$(workload_zone_folder)/$(workload_zone_configuration_file) | awk -F'=' '{print $2}' | xargs | tr 'A-Z' 'a-z') - NETWORK=$(grep "^network_logical_name" LANDSCAPE/$(workload_zone_folder)/$(workload_zone_configuration_file) | awk -F'=' '{print $2}' | xargs) + LOCATION=$(grep "^location" LANDSCAPE/$(workload_zone_folder)/$(workload_zone_configuration_file) | awk -F'=' '{print $2}' | xargs | tr 'A-Z' 'a-z') + NETWORK=$(grep "^network_logical_name" LANDSCAPE/$(workload_zone_folder)/$(workload_zone_configuration_file) | awk -F'=' '{print $2}' | xargs) echo Environment: ${ENVIRONMENT} echo Location: ${LOCATION} echo Network: ${NETWORK} @@ -225,64 +224,64 @@ stages: az --version ENVIRONMENT_IN_FILENAME=$(echo $(workload_zone_folder) | awk -F'-' '{print $1}' | xargs ) - LOCATION_CODE=$(echo $(workload_zone_folder) | awk -F'-' '{print $2}' | xargs ) + LOCATION_CODE=$(echo $(workload_zone_folder) | awk -F'-' '{print $2}' | xargs ) case "$LOCATION_CODE" in - "AUCE") LOCATION_IN_FILENAME="australiacentral" ;; - "AUC2") LOCATION_IN_FILENAME="australiacentral2" ;; - "AUEA") LOCATION_IN_FILENAME="australiaeast" ;; - "AUSE") LOCATION_IN_FILENAME="australiasoutheast" ;; - "BRSO") LOCATION_IN_FILENAME="brazilsouth" ;; - "BRSE") LOCATION_IN_FILENAME="brazilsoutheast" ;; - "BRUS") LOCATION_IN_FILENAME="brazilus" ;; - "CACE") LOCATION_IN_FILENAME="canadacentral" ;; - "CAEA") LOCATION_IN_FILENAME="canadaeast" ;; - "CEIN") LOCATION_IN_FILENAME="centralindia" ;; - "CEUS") LOCATION_IN_FILENAME="centralus" ;; - "CEUA") LOCATION_IN_FILENAME="centraluseuap" ;; - "EAAS") LOCATION_IN_FILENAME="eastasia" ;; - "EAUS") LOCATION_IN_FILENAME="eastus" ;; - "EUSA") LOCATION_IN_FILENAME="eastus2euap" ;; - "EUS2") LOCATION_IN_FILENAME="eastus2" ;; - "EUSG") LOCATION_IN_FILENAME="eastusstg" ;; - "FRCE") LOCATION_IN_FILENAME="francecentral" ;; - "FRSO") LOCATION_IN_FILENAME="francesouth" ;; - "GENO") LOCATION_IN_FILENAME="germanynorth" ;; - "GEWE") LOCATION_IN_FILENAME="germanywest" ;; - "GEWC") LOCATION_IN_FILENAME="germanywestcentral" ;; - "ISCE") LOCATION_IN_FILENAME="israelcentral" ;; - "ITNO") LOCATION_IN_FILENAME="italynorth" ;; - "JAEA") LOCATION_IN_FILENAME="japaneast" ;; - "JAWE") LOCATION_IN_FILENAME="japanwest" ;; - "JINC") LOCATION_IN_FILENAME="jioindiacentral" ;; - "JINW") LOCATION_IN_FILENAME="jioindiawest" ;; - "KOCE") LOCATION_IN_FILENAME="koreacentral" ;; - "KOSO") LOCATION_IN_FILENAME="koreasouth" ;; - "NCUS") LOCATION_IN_FILENAME="northcentralus" ;; - "NOEU") LOCATION_IN_FILENAME="northeurope" ;; - "NOEA") LOCATION_IN_FILENAME="norwayeast" ;; - "NOWE") LOCATION_IN_FILENAME="norwaywest" ;; - "PLCE") LOCATION_IN_FILENAME="polandcentral" ;; - "QACE") LOCATION_IN_FILENAME="qatarcentral" ;; - "SANO") LOCATION_IN_FILENAME="southafricanorth" ;; - "SAWE") LOCATION_IN_FILENAME="southafricawest" ;; - "SCUS") LOCATION_IN_FILENAME="southcentralus" ;; - "SCUG") LOCATION_IN_FILENAME="southcentralusstg" ;; - "SOEA") LOCATION_IN_FILENAME="southeastasia" ;; - "SOIN") LOCATION_IN_FILENAME="southindia" ;; - "SECE") LOCATION_IN_FILENAME="swedencentral" ;; - "SWNO") LOCATION_IN_FILENAME="switzerlandnorth" ;; - "SWWE") LOCATION_IN_FILENAME="switzerlandwest" ;; - "UACE") LOCATION_IN_FILENAME="uaecentral" ;; - "UANO") LOCATION_IN_FILENAME="uaenorth" ;; - "UKSO") LOCATION_IN_FILENAME="uksouth" ;; - "UKWE") LOCATION_IN_FILENAME="ukwest" ;; - "WCUS") LOCATION_IN_FILENAME="westcentralus" ;; - "WEEU") LOCATION_IN_FILENAME="westeurope" ;; - "WEIN") LOCATION_IN_FILENAME="westindia" ;; - "WEUS") LOCATION_IN_FILENAME="westus" ;; - "WUS2") LOCATION_IN_FILENAME="westus2" ;; - "WUS3") LOCATION_IN_FILENAME="westus3" ;; - *) LOCATION_IN_FILENAME="westeurope" ;; + "AUCE") LOCATION_IN_FILENAME="australiacentral" ;; + "AUC2") LOCATION_IN_FILENAME="australiacentral2" ;; + "AUEA") LOCATION_IN_FILENAME="australiaeast" ;; + "AUSE") LOCATION_IN_FILENAME="australiasoutheast" ;; + "BRSO") LOCATION_IN_FILENAME="brazilsouth" ;; + "BRSE") LOCATION_IN_FILENAME="brazilsoutheast" ;; + "BRUS") LOCATION_IN_FILENAME="brazilus" ;; + "CACE") LOCATION_IN_FILENAME="canadacentral" ;; + "CAEA") LOCATION_IN_FILENAME="canadaeast" ;; + "CEIN") LOCATION_IN_FILENAME="centralindia" ;; + "CEUS") LOCATION_IN_FILENAME="centralus" ;; + "CEUA") LOCATION_IN_FILENAME="centraluseuap" ;; + "EAAS") LOCATION_IN_FILENAME="eastasia" ;; + "EAUS") LOCATION_IN_FILENAME="eastus" ;; + "EUSA") LOCATION_IN_FILENAME="eastus2euap" ;; + "EUS2") LOCATION_IN_FILENAME="eastus2" ;; + "EUSG") LOCATION_IN_FILENAME="eastusstg" ;; + "FRCE") LOCATION_IN_FILENAME="francecentral" ;; + "FRSO") LOCATION_IN_FILENAME="francesouth" ;; + "GENO") LOCATION_IN_FILENAME="germanynorth" ;; + "GEWE") LOCATION_IN_FILENAME="germanywest" ;; + "GEWC") LOCATION_IN_FILENAME="germanywestcentral" ;; + "ISCE") LOCATION_IN_FILENAME="israelcentral" ;; + "ITNO") LOCATION_IN_FILENAME="italynorth" ;; + "JAEA") LOCATION_IN_FILENAME="japaneast" ;; + "JAWE") LOCATION_IN_FILENAME="japanwest" ;; + "JINC") LOCATION_IN_FILENAME="jioindiacentral" ;; + "JINW") LOCATION_IN_FILENAME="jioindiawest" ;; + "KOCE") LOCATION_IN_FILENAME="koreacentral" ;; + "KOSO") LOCATION_IN_FILENAME="koreasouth" ;; + "NCUS") LOCATION_IN_FILENAME="northcentralus" ;; + "NOEU") LOCATION_IN_FILENAME="northeurope" ;; + "NOEA") LOCATION_IN_FILENAME="norwayeast" ;; + "NOWE") LOCATION_IN_FILENAME="norwaywest" ;; + "PLCE") LOCATION_IN_FILENAME="polandcentral" ;; + "QACE") LOCATION_IN_FILENAME="qatarcentral" ;; + "SANO") LOCATION_IN_FILENAME="southafricanorth" ;; + "SAWE") LOCATION_IN_FILENAME="southafricawest" ;; + "SCUS") LOCATION_IN_FILENAME="southcentralus" ;; + "SCUG") LOCATION_IN_FILENAME="southcentralusstg" ;; + "SOEA") LOCATION_IN_FILENAME="southeastasia" ;; + "SOIN") LOCATION_IN_FILENAME="southindia" ;; + "SECE") LOCATION_IN_FILENAME="swedencentral" ;; + "SWNO") LOCATION_IN_FILENAME="switzerlandnorth" ;; + "SWWE") LOCATION_IN_FILENAME="switzerlandwest" ;; + "UACE") LOCATION_IN_FILENAME="uaecentral" ;; + "UANO") LOCATION_IN_FILENAME="uaenorth" ;; + "UKSO") LOCATION_IN_FILENAME="uksouth" ;; + "UKWE") LOCATION_IN_FILENAME="ukwest" ;; + "WCUS") LOCATION_IN_FILENAME="westcentralus" ;; + "WEEU") LOCATION_IN_FILENAME="westeurope" ;; + "WEIN") LOCATION_IN_FILENAME="westindia" ;; + "WEUS") LOCATION_IN_FILENAME="westus" ;; + "WUS2") LOCATION_IN_FILENAME="westus2" ;; + "WUS3") LOCATION_IN_FILENAME="westus3" ;; + *) LOCATION_IN_FILENAME="westeurope" ;; esac NETWORK_IN_FILENAME=$(echo $(workload_zone_folder) | awk -F'-' '{print $3}' | xargs ) @@ -304,21 +303,21 @@ stages: if [ $ENVIRONMENT != $ENVIRONMENT_IN_FILENAME ]; then - echo "##vso[task.logissue type=error]The environment setting in $(workload_zone_configuration_file) '$ENVIRONMENT' does not match the $(workload_zone_configuration_file) file name '$ENVIRONMENT_IN_FILENAME'. Filename should have the pattern [ENVIRONMENT]-[REGION_CODE]-[NETWORK_LOGICAL_NAME]-INFRASTRUCTURE" - exit 2 + echo "##vso[task.logissue type=error]The environment setting in $(workload_zone_configuration_file) '$ENVIRONMENT' does not match the $(workload_zone_configuration_file) file name '$ENVIRONMENT_IN_FILENAME'. Filename should have the pattern [ENVIRONMENT]-[REGION_CODE]-[NETWORK_LOGICAL_NAME]-INFRASTRUCTURE" + exit 2 fi if [ $LOCATION != $LOCATION_IN_FILENAME ]; then - echo "##vso[task.logissue type=error]The location setting in $(workload_zone_configuration_file) '$LOCATION' does not match the $(workload_zone_configuration_file) file name '$LOCATION_IN_FILENAME'. Filename should have the pattern [ENVIRONMENT]-[REGION_CODE]-[NETWORK_LOGICAL_NAME]-INFRASTRUCTURE" - exit 2 + echo "##vso[task.logissue type=error]The location setting in $(workload_zone_configuration_file) '$LOCATION' does not match the $(workload_zone_configuration_file) file name '$LOCATION_IN_FILENAME'. Filename should have the pattern [ENVIRONMENT]-[REGION_CODE]-[NETWORK_LOGICAL_NAME]-INFRASTRUCTURE" + exit 2 fi if [ $NETWORK != $NETWORK_IN_FILENAME ]; then - echo "##vso[task.logissue type=error]The network_logical_name setting in $(workload_zone_configuration_file) '$NETWORK' does not match the $(workload_zone_configuration_file) file name '$NETWORK_IN_FILENAME-. Filename should have the pattern [ENVIRONMENT]-[REGION_CODE]-[NETWORK_LOGICAL_NAME]-INFRASTRUCTURE" - exit 2 + echo "##vso[task.logissue type=error]The network_logical_name setting in $(workload_zone_configuration_file) '$NETWORK' does not match the $(workload_zone_configuration_file) file name '$NETWORK_IN_FILENAME-. Filename should have the pattern [ENVIRONMENT]-[REGION_CODE]-[NETWORK_LOGICAL_NAME]-INFRASTRUCTURE" + exit 2 fi - echo -e "$green--- Configure devops CLI extension ---$reset" + echo -e "$green--- Configure devops CLI extension ---$reset" az config set extension.use_dynamic_install=yes_without_prompt --output none az extension add --name azure-devops --output none @@ -328,20 +327,20 @@ stages: export PARENT_VARIABLE_GROUP_ID=$(az pipelines variable-group list --query "[?name=='$(parent_variable_group)'].id | [0]") echo '$(parent_variable_group) id: ' $PARENT_VARIABLE_GROUP_ID if [ -z ${PARENT_VARIABLE_GROUP_ID} ]; then - echo "##vso[task.logissue type=error]Variable group $(parent_variable_group) could not be found." - exit 2 + echo "##vso[task.logissue type=error]Variable group $(parent_variable_group) could not be found." + exit 2 fi export VARIABLE_GROUP_ID=$(az pipelines variable-group list --query "[?name=='$(variable_group)'].id | [0]") echo '$(variable_group) id: ' $VARIABLE_GROUP_ID if [ -z ${VARIABLE_GROUP_ID} ]; then - echo "##vso[task.logissue type=error]Variable group $(variable_group) could not be found." - exit 2 + echo "##vso[task.logissue type=error]Variable group $(variable_group) could not be found." + exit 2 fi echo "Agent Pool: " $(this_agent) - echo -e "$green--- Set CONFIG_REPO_PATH variable ---$reset" + echo -e "$green--- Set CONFIG_REPO_PATH variable ---$reset" deployer_environment_file_name=$CONFIG_REPO_PATH/.sap_deployment_automation/$(deployer_environment)$(deployer_region) ; echo 'Deployer Environment File' $deployer_environment_file_name workload_environment_file_name=$CONFIG_REPO_PATH/.sap_deployment_automation/${ENVIRONMENT}${LOCATION_CODE}${NETWORK} ; echo 'Workload Environment File' $workload_environment_file_name @@ -349,69 +348,69 @@ stages: dos2unix -q ${workload_environment_file_name} if [ ! -f ${deployer_environment_file_name} ]; then - echo -e "$boldred--- $(deployer_environment)$(deployer_region) was not found ---$reset" - echo "##vso[task.logissue type=error]Control plane configuration file $(deployer_environment)$(deployer_region) was not found." - exit 2 + echo -e "$boldred--- $(deployer_environment)$(deployer_region) was not found ---$reset" + echo "##vso[task.logissue type=error]Control plane configuration file $(deployer_environment)$(deployer_region) was not found." + exit 2 fi - echo -e "$green--- Read parameter values ---$reset" + echo -e "$green--- Read parameter values ---$reset" if [ "true" == $(inherit) ]; then - az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Deployer_State_FileName.value" | tr -d \") - if [ -z ${az_var} ]; then - deployer_tfstate_key=$(cat ${deployer_environment_file_name} | grep deployer_tfstate_key | awk -F'=' '{print $2}' | xargs) ; echo 'Deployer State File' $deployer_tfstate_key - else - deployer_tfstate_key=${az_var} ; echo 'Deployer State File' $deployer_tfstate_key - fi - - az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Deployer_Key_Vault.value" | tr -d \") - if [ -z ${az_var} ]; then - key_vault=$(cat ${deployer_environment_file_name} | grep keyvault= | awk -F'=' '{print $2}' | xargs) ; echo 'Deployer Key Vault' ${key_vault} - else - key_vault=${az_var}; echo 'Deployer Key Vault' ${key_vault} - fi - - az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Account_Name.value" | tr -d \") - if [ -z ${az_var} ]; then - REMOTE_STATE_SA=$(cat ${deployer_environment_file_name} | grep REMOTE_STATE_SA | awk -F'=' '{print $2}' | xargs) ; echo 'Terraform state file storage account' $REMOTE_STATE_SA - else - REMOTE_STATE_SA=${az_var}; echo 'Terraform state file storage account' $REMOTE_STATE_SA - fi - - az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Subscription.value" | tr -d \") - if [ -z ${az_var} ]; then - STATE_SUBSCRIPTION=$(cat ${deployer_environment_file_name} | grep STATE_SUBSCRIPTION | awk -F'=' '{print $2}' | xargs) ; echo 'Terraform state file subscription' $STATE_SUBSCRIPTION - else - STATE_SUBSCRIPTION=${az_var}; echo 'Terraform state file subscription' $STATE_SUBSCRIPTION - fi - - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "ARM_SUBSCRIPTION_ID.value" | tr -d \") - if [ -z ${az_var} ]; then - echo "##vso[task.logissue type=error]Variable ARM_SUBSCRIPTION_ID was not defined." - exit 2 - else - echo 'Target subscription' $WL_ARM_SUBSCRIPTION_ID - fi - - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Workload_Key_Vault.value" | tr -d \") - if [ -z ${az_var} ]; then - if [ -f ${workload_environment_file_name} ]; then - export workload_key_vault=$(cat ${workload_environment_file_name} | grep workloadkeyvault | awk -F'=' '{print $2}' | xargs) ; echo 'Workload Key Vault' ${workload_key_vault} + az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Deployer_State_FileName.value" | tr -d \") + if [ -z ${az_var} ]; then + deployer_tfstate_key=$(cat ${deployer_environment_file_name} | grep deployer_tfstate_key | awk -F'=' '{print $2}' | xargs) ; echo 'Deployer State File' $deployer_tfstate_key + else + deployer_tfstate_key=${az_var} ; echo 'Deployer State File' $deployer_tfstate_key + fi + + az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Deployer_Key_Vault.value" | tr -d \") + if [ -z ${az_var} ]; then + key_vault=$(cat ${deployer_environment_file_name} | grep keyvault= | awk -F'=' '{print $2}' | xargs) ; echo 'Deployer Key Vault' ${key_vault} + else + key_vault=${az_var}; echo 'Deployer Key Vault' ${key_vault} + fi + + az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Account_Name.value" | tr -d \") + if [ -z ${az_var} ]; then + REMOTE_STATE_SA=$(cat ${deployer_environment_file_name} | grep REMOTE_STATE_SA | awk -F'=' '{print $2}' | xargs) ; echo 'Terraform state file storage account' $REMOTE_STATE_SA + else + REMOTE_STATE_SA=${az_var}; echo 'Terraform state file storage account' $REMOTE_STATE_SA + fi + + az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Subscription.value" | tr -d \") + if [ -z ${az_var} ]; then + STATE_SUBSCRIPTION=$(cat ${deployer_environment_file_name} | grep STATE_SUBSCRIPTION | awk -F'=' '{print $2}' | xargs) ; echo 'Terraform state file subscription' $STATE_SUBSCRIPTION + else + STATE_SUBSCRIPTION=${az_var}; echo 'Terraform state file subscription' $STATE_SUBSCRIPTION + fi + + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "ARM_SUBSCRIPTION_ID.value" | tr -d \") + if [ -z ${az_var} ]; then + echo "##vso[task.logissue type=error]Variable ARM_SUBSCRIPTION_ID was not defined." + exit 2 + else + echo 'Target subscription' $WL_ARM_SUBSCRIPTION_ID + fi + + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Workload_Key_Vault.value" | tr -d \") + if [ -z ${az_var} ]; then + if [ -f ${workload_environment_file_name} ]; then + export workload_key_vault=$(cat ${workload_environment_file_name} | grep workloadkeyvault | awk -F'=' '{print $2}' | xargs) ; echo 'Workload Key Vault' ${workload_key_vault} + fi + else + export workload_key_vault=$(Workload_Key_Vault) ; echo 'Workload Key Vault' ${workload_key_vault} fi - else - export workload_key_vault=$(Workload_Key_Vault) ; echo 'Workload Key Vault' ${workload_key_vault} - fi else - deployer_tfstate_key=$(cat ${workload_environment_file_name} | grep deployer_tfstate_key | awk -F'=' '{print $2}' | xargs) ; echo 'Deployer State File' $deployer_tfstate_key - key_vault=$(cat ${workload_environment_file_name} | grep workload_key_vault= -m1 | awk -F'=' '{print $2}' | xargs) ; echo 'Deployer Key Vault' ${key_vault} - REMOTE_STATE_SA=$(cat ${workload_environment_file_name} | grep REMOTE_STATE_SA | awk -F'=' '{print $2}' | xargs) ; echo 'Terraform state file storage account' $REMOTE_STATE_SA - STATE_SUBSCRIPTION=$(cat ${workload_environment_file_name} | grep STATE_SUBSCRIPTION | awk -F'=' '{print $2}' | xargs) ; echo 'Terraform state file subscription' $STATE_SUBSCRIPTION + deployer_tfstate_key=$(cat ${workload_environment_file_name} | grep deployer_tfstate_key | awk -F'=' '{print $2}' | xargs) ; echo 'Deployer State File' $deployer_tfstate_key + key_vault=$(cat ${workload_environment_file_name} | grep workload_key_vault= -m1 | awk -F'=' '{print $2}' | xargs) ; echo 'Deployer Key Vault' ${key_vault} + REMOTE_STATE_SA=$(cat ${workload_environment_file_name} | grep REMOTE_STATE_SA | awk -F'=' '{print $2}' | xargs) ; echo 'Terraform state file storage account' $REMOTE_STATE_SA + STATE_SUBSCRIPTION=$(cat ${workload_environment_file_name} | grep STATE_SUBSCRIPTION | awk -F'=' '{print $2}' | xargs) ; echo 'Terraform state file subscription' $STATE_SUBSCRIPTION fi - secrets_set=1 - echo -e "$green--- az login ---$reset" + secrets_set=1 + echo -e "$green--- az login ---$reset" echo "Sourcing the deploy_server.sh" . /etc/profile.d/deploy_server.sh ; /opt/bin/terraform/terraform --version @@ -437,8 +436,8 @@ stages: echo -e "$green --- Set secrets ---$reset" $SAP_AUTOMATION_REPO_PATH/deploy/scripts/set_secrets.sh --workload --vault "${key_vault}" --environment "${ENVIRONMENT}" \ - --region "${LOCATION}" --subscription $ARM_SUBSCRIPTION_ID --spn_id $ARM_CLIENT_ID --spn_secret "${ARM_CLIENT_SECRET}" \ - --tenant_id $ARM_TENANT_ID --keyvault_subscription $STATE_SUBSCRIPTION + --region "${LOCATION}" --subscription $ARM_SUBSCRIPTION_ID --spn_id $ARM_CLIENT_ID --spn_secret "${ARM_CLIENT_SECRET}" \ + --tenant_id $ARM_TENANT_ID --keyvault_subscription $STATE_SUBSCRIPTION secrets_set=$? ; echo -e "$cyan Set Secrets returned $secrets_set $reset" az keyvault set-policy --name "${key_vault}" --object-id $ARM_OBJECT_ID --secret-permissions get list --subscription $STATE_SUBSCRIPTION --output none else @@ -449,117 +448,117 @@ stages: unset ARM_CLIENT_SECRET fi - debug_variable='--output none' - debug_variable='' + debug_variable='--output none' + debug_variable='' - if [ $USE_MSI != "true" ]; then + if [ $USE_MSI != "true" ]; then - isUserAccessAdmin=$(az role assignment list --role "User Access Administrator" --subscription $STATE_SUBSCRIPTION --query "[?principalType=='ServicePrincipal'].principalId | [0] " --assignee $ARM_CLIENT_ID) + isUserAccessAdmin=$(az role assignment list --role "User Access Administrator" --subscription $STATE_SUBSCRIPTION --query "[?principalType=='ServicePrincipal'].principalId | [0] " --assignee $ARM_CLIENT_ID) - tfstate_resource_id=$(az resource list --name "${REMOTE_STATE_SA}" --subscription ${STATE_SUBSCRIPTION} --resource-type Microsoft.Storage/storageAccounts --query "[].id | [0]" -o tsv) + tfstate_resource_id=$(az resource list --name "${REMOTE_STATE_SA}" --subscription ${STATE_SUBSCRIPTION} --resource-type Microsoft.Storage/storageAccounts --query "[].id | [0]" -o tsv) - if [ -n "${isUserAccessAdmin}" ]; then + if [ -n "${isUserAccessAdmin}" ]; then - echo -e "$green--- Set permissions ---$reset" - perms=$(az role assignment list --subscription ${STATE_SUBSCRIPTION} --role "Reader" --query "[?principalId=='$WL_ARM_CLIENT_ID'].principalId | [0]" -o tsv --only-show-errors) - if [ -z "$perms" ]; then - echo -e "$green --- Assign subscription permissions to $perms ---$reset" - az role assignment create --assignee-object-id $WL_ARM_OBJECT_ID --assignee-principal-type ServicePrincipal --role "Reader" --scope "/subscriptions/${STATE_SUBSCRIPTION}" --output none - fi + echo -e "$green--- Set permissions ---$reset" + perms=$(az role assignment list --subscription ${STATE_SUBSCRIPTION} --role "Reader" --query "[?principalId=='$WL_ARM_CLIENT_ID'].principalId | [0]" -o tsv --only-show-errors) + if [ -z "$perms" ]; then + echo -e "$green --- Assign subscription permissions to $perms ---$reset" + az role assignment create --assignee-object-id $WL_ARM_OBJECT_ID --assignee-principal-type ServicePrincipal --role "Reader" --scope "/subscriptions/${STATE_SUBSCRIPTION}" --output none + fi - perms=$(az role assignment list --subscription ${STATE_SUBSCRIPTION} --role "Storage Blob Data Contributor" --scope "${tfstate_resource_id}" --query "[?principalId=='$WL_ARM_OBJECT_ID'].principalName | [0]" -o tsv --only-show-errors) - if [ -z "$perms" ]; then - echo "Assigning Storage Account Contributor permissions for $WL_ARM_OBJECT_ID to ${tfstate_resource_id}" - az role assignment create --assignee-object-id $WL_ARM_OBJECT_ID --assignee-principal-type ServicePrincipal --role "Storage Blob Data Contributor" --scope "${tfstate_resource_id}" --output none - fi + perms=$(az role assignment list --subscription ${STATE_SUBSCRIPTION} --role "Storage Blob Data Contributor" --scope "${tfstate_resource_id}" --query "[?principalId=='$WL_ARM_OBJECT_ID'].principalName | [0]" -o tsv --only-show-errors) + if [ -z "$perms" ]; then + echo "Assigning Storage Account Contributor permissions for $WL_ARM_OBJECT_ID to ${tfstate_resource_id}" + az role assignment create --assignee-object-id $WL_ARM_OBJECT_ID --assignee-principal-type ServicePrincipal --role "Storage Blob Data Contributor" --scope "${tfstate_resource_id}" --output none + fi - resource_group_name=$(az resource show --id "${tfstate_resource_id}" --query resourceGroup -o tsv) + resource_group_name=$(az resource show --id "${tfstate_resource_id}" --query resourceGroup -o tsv) - if [ -n ${resource_group_name} ]; then - for scope in $(az resource list --resource-group "${resource_group_name}" --subscription ${STATE_SUBSCRIPTION} --resource-type Microsoft.Network/privateDnsZones --query "[].id" --output tsv); do - perms=$(az role assignment list --subscription ${STATE_SUBSCRIPTION} --role "Private DNS Zone Contributor" --scope $scope --query "[?principalId=='$WL_ARM_OBJECT_ID'].principalId | [0]" -o tsv --only-show-errors) - if [ -z "$perms" ]; then - echo "Assigning DNS Zone Contributor permissions for $WL_ARM_OBJECT_ID to ${scope}" - az role assignment create --assignee-object-id $WL_ARM_OBJECT_ID --assignee-principal-type ServicePrincipal --role "Private DNS Zone Contributor" --scope $scope --output none - fi - done - fi + if [ -n ${resource_group_name} ]; then + for scope in $(az resource list --resource-group "${resource_group_name}" --subscription ${STATE_SUBSCRIPTION} --resource-type Microsoft.Network/privateDnsZones --query "[].id" --output tsv); do + perms=$(az role assignment list --subscription ${STATE_SUBSCRIPTION} --role "Private DNS Zone Contributor" --scope $scope --query "[?principalId=='$WL_ARM_OBJECT_ID'].principalId | [0]" -o tsv --only-show-errors) + if [ -z "$perms" ]; then + echo "Assigning DNS Zone Contributor permissions for $WL_ARM_OBJECT_ID to ${scope}" + az role assignment create --assignee-object-id $WL_ARM_OBJECT_ID --assignee-principal-type ServicePrincipal --role "Private DNS Zone Contributor" --scope $scope --output none + fi + done + fi - resource_group_name=$(az keyvault show --name "${key_vault}" --query resourceGroup --subscription ${STATE_SUBSCRIPTION} -o tsv) + resource_group_name=$(az keyvault show --name "${key_vault}" --query resourceGroup --subscription ${STATE_SUBSCRIPTION} -o tsv) - if [ -n ${resource_group_name} ]; then - resource_group_id=$(az group show --name ${resource_group_name} --subscription ${STATE_SUBSCRIPTION} --query id -o tsv) + if [ -n "${resource_group_name}" ]; then + resource_group_id=$(az group show --name ${resource_group_name} --subscription ${STATE_SUBSCRIPTION} --query id -o tsv) - vnet_resource_id=$(az resource list --resource-group "${resource_group_name}" --subscription ${STATE_SUBSCRIPTION} --resource-type Microsoft.Network/virtualNetworks -o tsv --query "[].id | [0]") - if [ -n "${vnet_resource_id}" ]; then - perms=$(az role assignment list --subscription ${STATE_SUBSCRIPTION} --role "Network Contributor" --scope $vnet_resource_id --only-show-errors --query "[].principalId | [0]" --assignee $WL_ARM_OBJECT_ID -o tsv --only-show-errors) + vnet_resource_id=$(az resource list --resource-group "${resource_group_name}" --subscription ${STATE_SUBSCRIPTION} --resource-type Microsoft.Network/virtualNetworks -o tsv --query "[].id | [0]") + if [ -n "${vnet_resource_id}" ]; then + perms=$(az role assignment list --subscription ${STATE_SUBSCRIPTION} --role "Network Contributor" --scope $vnet_resource_id --only-show-errors --query "[].principalId | [0]" --assignee $WL_ARM_OBJECT_ID -o tsv --only-show-errors) - if [ -z "$perms" ]; then - echo "Assigning Network Contributor rights for $WL_ARM_OBJECT_ID to ${vnet_resource_id}" - az role assignment create --assignee-object-id $WL_ARM_OBJECT_ID --assignee-principal-type ServicePrincipal --role "Network Contributor" --scope $vnet_resource_id --output none + if [ -z "$perms" ]; then + echo "Assigning Network Contributor rights for $WL_ARM_OBJECT_ID to ${vnet_resource_id}" + az role assignment create --assignee-object-id $WL_ARM_OBJECT_ID --assignee-principal-type ServicePrincipal --role "Network Contributor" --scope $vnet_resource_id --output none + fi + fi fi - fi - fi - else - echo "##vso[task.logissue type=warning]Service Principal $WL_ARM_CLIENT_ID does not have 'User Access Administrator' permissions. Please ensure that the service principal $WL_ARM_CLIENT_ID has permissions on the Terrafrom state storage account and if needed on the Private DNS zone and the source management network resource" + else + echo "##vso[task.logissue type=warning]Service Principal $WL_ARM_CLIENT_ID does not have 'User Access Administrator' permissions. Please ensure that the service principal $WL_ARM_CLIENT_ID has permissions on the Terrafrom state storage account and if needed on the Private DNS zone and the source management network resource" + fi fi - fi - echo -e "$green--- Deploy the workload zone ---$reset" + echo -e "$green--- Deploy the workload zone ---$reset" cd $CONFIG_REPO_PATH/LANDSCAPE/$(workload_zone_folder) if [ -f /etc/profile.d/deploy_server.sh ]; then - if [ $USE_MSI != "true" ]; then - az logout --output none - export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID - export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET - export ARM_TENANT_ID=$WL_ARM_TENANT_ID - export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID - export ARM_USE_MSI=false - az login --service-principal --username $WL_ARM_CLIENT_ID --password=$WL_ARM_CLIENT_SECRET --tenant $WL_ARM_TENANT_ID --output none - return_code=$? - if [ 0 != $return_code ]; then - echo -e "$boldred--- Login failed ---$reset" - echo "##vso[task.logissue type=error]az login failed." - exit $return_code + if [ $USE_MSI != "true" ]; then + az logout --output none + export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID + export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET + export ARM_TENANT_ID=$WL_ARM_TENANT_ID + export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID + export ARM_USE_MSI=false + az login --service-principal --username $WL_ARM_CLIENT_ID --password=$WL_ARM_CLIENT_SECRET --tenant $WL_ARM_TENANT_ID --output none + return_code=$? + if [ 0 != $return_code ]; then + echo -e "$boldred--- Login failed ---$reset" + echo "##vso[task.logissue type=error]az login failed." + exit $return_code + fi + $SAP_AUTOMATION_REPO_PATH/deploy/scripts/install_workloadzone.sh --parameterfile $(workload_zone_configuration_file) \ + --deployer_environment $(deployer_environment) --subscription $(ARM_SUBSCRIPTION_ID) \ + --spn_id $WL_ARM_CLIENT_ID --spn_secret $WL_ARM_CLIENT_SECRET --tenant_id $WL_ARM_TENANT_ID \ + --deployer_tfstate_key "${deployer_tfstate_key}" --keyvault "${key_vault}" --storageaccountname "${REMOTE_STATE_SA}" \ + --state_subscription "${STATE_SUBSCRIPTION}" --auto-approve --ado + else + $SAP_AUTOMATION_REPO_PATH/deploy/scripts/install_workloadzone.sh --parameterfile $(workload_zone_configuration_file) \ + --deployer_environment $(deployer_environment) --subscription $(ARM_SUBSCRIPTION_ID) \ + --deployer_tfstate_key "${deployer_tfstate_key}" --keyvault "${key_vault}" --storageaccountname "${REMOTE_STATE_SA}" \ + --state_subscription "${STATE_SUBSCRIPTION}" --auto-approve --ado --msi + fi - $SAP_AUTOMATION_REPO_PATH/deploy/scripts/install_workloadzone.sh --parameterfile $(workload_zone_configuration_file) \ - --deployer_environment $(deployer_environment) --subscription $(ARM_SUBSCRIPTION_ID) \ - --spn_id $WL_ARM_CLIENT_ID --spn_secret $WL_ARM_CLIENT_SECRET --tenant_id $WL_ARM_TENANT_ID \ - --deployer_tfstate_key "${deployer_tfstate_key}" --keyvault "${key_vault}" --storageaccountname "${REMOTE_STATE_SA}" \ - --state_subscription "${STATE_SUBSCRIPTION}" --auto-approve --ado - else - $SAP_AUTOMATION_REPO_PATH/deploy/scripts/install_workloadzone.sh --parameterfile $(workload_zone_configuration_file) \ - --deployer_environment $(deployer_environment) --subscription $(ARM_SUBSCRIPTION_ID) \ - --deployer_tfstate_key "${deployer_tfstate_key}" --keyvault "${key_vault}" --storageaccountname "${REMOTE_STATE_SA}" \ - --state_subscription "${STATE_SUBSCRIPTION}" --auto-approve --ado --msi - - fi fi return_code=$? echo "Return code: ${return_code}" if [ -f ${workload_environment_file_name} ]; then - export workload_key_vault=$(cat ${workload_environment_file_name} | grep workloadkeyvault= | awk -F'=' '{print $2}' | xargs) ; echo 'Workload Key Vault' ${workload_key_vault} - export workload_prefix=$(cat ${workload_environment_file_name} | grep workload_zone_prefix= | awk -F'=' '{print $2}' | xargs) ; echo 'Workload Prefix' ${workload_prefix} - export landscape_tfstate_key=$(cat ${workload_environment_file_name} | grep landscape_tfstate_key= | awk -F'=' '{print $2}' | xargs) ; echo 'Workload Zone State File' $landscape_tfstate_key + export workload_key_vault=$(cat ${workload_environment_file_name} | grep workloadkeyvault= | awk -F'=' '{print $2}' | xargs) ; echo 'Workload Key Vault' ${workload_key_vault} + export workload_prefix=$(cat ${workload_environment_file_name} | grep workload_zone_prefix= | awk -F'=' '{print $2}' | xargs) ; echo 'Workload Prefix' ${workload_prefix} + export landscape_tfstate_key=$(cat ${workload_environment_file_name} | grep landscape_tfstate_key= | awk -F'=' '{print $2}' | xargs) ; echo 'Workload Zone State File' $landscape_tfstate_key fi expiry_date=$(date -d "+365 days" +%Y-%m-%d) az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "FENCING_SPN_ID.value") if [ -z ${az_var} ]; then - echo "##vso[task.logissue type=warning]Variable FENCING_SPN_ID is not set. Required for highly available deployments" + echo "##vso[task.logissue type=warning]Variable FENCING_SPN_ID is not set. Required for highly available deployments" else - export fencing_id=$(az keyvault secret list --vault-name $workload_key_vault --subscription $STATE_SUBSCRIPTION --query [].name -o tsv | grep ${workload_prefix}-fencing-spn-id | xargs) - if [ -z "$fencing_id" ]; then - az keyvault secret set --name ${workload_prefix}-fencing-spn-id --vault-name $workload_key_vault --value $(FENCING_SPN_ID) --subscription $STATE_SUBSCRIPTION --expires "$(date -d '+1 year' -u +%Y-%m-%dT%H:%M:%SZ)" --output none - az keyvault secret set --name ${workload_prefix}-fencing-spn-pwd --vault-name $workload_key_vault --value=$FENCING_SPN_PWD --subscription $STATE_SUBSCRIPTION --expires "$(date -d '+1 year' -u +%Y-%m-%dT%H:%M:%SZ)" --output none - az keyvault secret set --name ${workload_prefix}-fencing-spn-tenant --vault-name $workload_key_vault --value $(FENCING_SPN_TENANT) --subscription $STATE_SUBSCRIPTION --expires "$(date -d '+1 year' -u +%Y-%m-%dT%H:%M:%SZ)" --output none - fi + export fencing_id=$(az keyvault secret list --vault-name $workload_key_vault --subscription $STATE_SUBSCRIPTION --query [].name -o tsv | grep ${workload_prefix}-fencing-spn-id | xargs) + if [ -z "$fencing_id" ]; then + az keyvault secret set --name ${workload_prefix}-fencing-spn-id --vault-name $workload_key_vault --value $(FENCING_SPN_ID) --subscription $STATE_SUBSCRIPTION --expires "$(date -d '+1 year' -u +%Y-%m-%dT%H:%M:%SZ)" --output none + az keyvault secret set --name ${workload_prefix}-fencing-spn-pwd --vault-name $workload_key_vault --value=$FENCING_SPN_PWD --subscription $STATE_SUBSCRIPTION --expires "$(date -d '+1 year' -u +%Y-%m-%dT%H:%M:%SZ)" --output none + az keyvault secret set --name ${workload_prefix}-fencing-spn-tenant --vault-name $workload_key_vault --value $(FENCING_SPN_TENANT) --subscription $STATE_SUBSCRIPTION --expires "$(date -d '+1 year' -u +%Y-%m-%dT%H:%M:%SZ)" --output none + fi fi az logout --output none - echo -e "$green--- Add & update files in the DevOps Repository ---$reset" + echo -e "$green--- Add & update files in the DevOps Repository ---$reset" cd $(Build.Repository.LocalPath) git pull @@ -569,90 +568,90 @@ stages: added=0 if [ -f ${workload_environment_file_name} ]; then - git add ${workload_environment_file_name} - added=1 + git add ${workload_environment_file_name} + added=1 fi if [ -f ${workload_environment_file_name}.md ]; then - git add ${workload_environment_file_name}.md - added=1 + git add ${workload_environment_file_name}.md + added=1 fi if [ -f $(Deployment_Configuration_Path)/LANDSCAPE/$(workload_zone_folder)/.terraform/terraform.tfstate ]; then - git add -f $(Deployment_Configuration_Path)/LANDSCAPE/$(workload_zone_folder)/.terraform/terraform.tfstate - added=1 + git add -f $(Deployment_Configuration_Path)/LANDSCAPE/$(workload_zone_folder)/.terraform/terraform.tfstate + added=1 fi if [ 1 == $added ]; then - git config --global user.email "$(Build.RequestedForEmail)" - git config --global user.name "$(Build.RequestedFor)" - git commit -m "Added updates from devops deployment $(Build.DefinitionName) [skip ci]" - git -c http.extraheader="AUTHORIZATION: bearer $(System.AccessToken)" push --set-upstream origin $(Build.SourceBranchName) + git config --global user.email "$(Build.RequestedForEmail)" + git config --global user.name "$(Build.RequestedFor)" + git commit -m "Added updates from devops deployment $(Build.DefinitionName) [skip ci]" + git -c http.extraheader="AUTHORIZATION: bearer $(System.AccessToken)" push --set-upstream origin $(Build.SourceBranchName) fi if [ -f ${workload_environment_file_name}.md ]; then - echo "##vso[task.uploadsummary]${workload_environment_file_name}.md" + echo "##vso[task.uploadsummary]${workload_environment_file_name}.md" fi - echo -e "$green--- Adding variables to the variable group" $(variable_group) "---$reset" - if [ -n $VARIABLE_GROUP_ID ]; then - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query Terraform_Remote_Storage_Account_Name.value --output table) - if [ -n "${az_var}" ]; then - az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name Terraform_Remote_Storage_Account_Name --value "${REMOTE_STATE_SA}" --output none --only-show-errors - else - az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name Terraform_Remote_Storage_Account_Name --value "${REMOTE_STATE_SA}" --output none --only-show-errors - fi - - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query Terraform_Remote_Storage_Subscription.value --output table) - if [ -n "${az_var}" ]; then - az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name Terraform_Remote_Storage_Subscription --value "${STATE_SUBSCRIPTION}" --output none --only-show-errors - else - az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name Terraform_Remote_Storage_Subscription --value "${STATE_SUBSCRIPTION}" --output none --only-show-errors - fi - - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query Deployer_State_FileName.value --output table) - if [ -n "${az_var}" ]; then - az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name Deployer_State_FileName --value "${deployer_tfstate_key}" --output none --only-show-errors - else - az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name Deployer_State_FileName --value "${deployer_tfstate_key}" --output none --only-show-errors - fi - - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query Deployer_Key_Vault.value --output table) - if [ -n "${az_var}" ]; then - az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name Deployer_Key_Vault --value ${key_vault} --output none --only-show-errors - else - az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name Deployer_Key_Vault --value ${key_vault} --output none --only-show-errors - fi - - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "${NETWORK}"Workload_Key_Vault.value --output table) - if [ -n "${az_var}" ]; then - az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name "${NETWORK}"Workload_Key_Vault --value $workload_key_vault --output none --only-show-errors - else - az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name "${NETWORK}"Workload_Key_Vault --value $workload_key_vault --output none --only-show-errors - fi - - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "${NETWORK}"Workload_Secret_Prefix.value --output table) - if [ -n "${az_var}" ]; then - az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name "${NETWORK}"Workload_Secret_Prefix --value "${workload_prefix}" --output none --only-show-errors - else - az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name "${NETWORK}"Workload_Secret_Prefix --value "${workload_prefix}" --output none --only-show-errors - fi - - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "${NETWORK}"Workload_Zone_State_FileName.value --output table) - if [ -n "${az_var}" ]; then - az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name "${NETWORK}"Workload_Zone_State_FileName --value "${landscape_tfstate_key}" --output none --only-show-errors - else - az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name "${NETWORK}"Workload_Zone_State_FileName --value "${landscape_tfstate_key}" --output none --only-show-errors - fi + echo -e "$green--- Adding variables to the variable group" $(variable_group) "---$reset" + if [ -n "${VARIABLE_GROUP_ID}" ]; then + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query Terraform_Remote_Storage_Account_Name.value --output table) + if [ -n "${az_var}" ]; then + az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name Terraform_Remote_Storage_Account_Name --value "${REMOTE_STATE_SA}" --output none --only-show-errors + else + az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name Terraform_Remote_Storage_Account_Name --value "${REMOTE_STATE_SA}" --output none --only-show-errors + fi + + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query Terraform_Remote_Storage_Subscription.value --output table) + if [ -n "${az_var}" ]; then + az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name Terraform_Remote_Storage_Subscription --value "${STATE_SUBSCRIPTION}" --output none --only-show-errors + else + az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name Terraform_Remote_Storage_Subscription --value "${STATE_SUBSCRIPTION}" --output none --only-show-errors + fi + + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query Deployer_State_FileName.value --output table) + if [ -n "${az_var}" ]; then + az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name Deployer_State_FileName --value "${deployer_tfstate_key}" --output none --only-show-errors + else + az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name Deployer_State_FileName --value "${deployer_tfstate_key}" --output none --only-show-errors + fi + + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query Deployer_Key_Vault.value --output table) + if [ -n "${az_var}" ]; then + az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name Deployer_Key_Vault --value ${key_vault} --output none --only-show-errors + else + az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name Deployer_Key_Vault --value ${key_vault} --output none --only-show-errors + fi + + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "${NETWORK}"Workload_Key_Vault.value --output table) + if [ -n "${az_var}" ]; then + az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name "${NETWORK}"Workload_Key_Vault --value $workload_key_vault --output none --only-show-errors + else + az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name "${NETWORK}"Workload_Key_Vault --value $workload_key_vault --output none --only-show-errors + fi + + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "${NETWORK}"Workload_Secret_Prefix.value --output table) + if [ -n "${az_var}" ]; then + az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name "${NETWORK}"Workload_Secret_Prefix --value "${workload_prefix}" --output none --only-show-errors + else + az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name "${NETWORK}"Workload_Secret_Prefix --value "${workload_prefix}" --output none --only-show-errors + fi + + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "${NETWORK}"Workload_Zone_State_FileName.value --output table) + if [ -n "${az_var}" ]; then + az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name "${NETWORK}"Workload_Zone_State_FileName --value "${landscape_tfstate_key}" --output none --only-show-errors + else + az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name "${NETWORK}"Workload_Zone_State_FileName --value "${landscape_tfstate_key}" --output none --only-show-errors + fi fi if [ 0 != $return_code ]; then - echo "##vso[task.logissue type=error]Return code from install_workloadzone $return_code." - if [ -f ${workload_environment_file_name}.err ]; then - error_message=$(cat ${workload_environment_file_name}.err) - echo "##vso[task.logissue type=error]Error message: $error_message." - fi + echo "##vso[task.logissue type=error]Return code from install_workloadzone $return_code." + if [ -f ${workload_environment_file_name}.err ]; then + error_message=$(cat ${workload_environment_file_name}.err) + echo "##vso[task.logissue type=error]Error message: $error_message." + fi fi - exit $return_code + exit $return_code displayName: Deploy SAP Workload Zone env: From d8c5b4439aee9888b4dad40e231793e7a4cc2bb6 Mon Sep 17 00:00:00 2001 From: hdamecharla Date: Thu, 17 Oct 2024 15:08:58 +0530 Subject: [PATCH 059/279] chore: include OpenSSF Scorecard badge --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b00b803c9e..4293ee7693 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ The framework uses Terraform for infrastructure deployment, and Ansible for the ## Enterprise-scale - Reference Implementation -![Ansible Lint](https://github.com/Azure/sap-automation/workflows/Ansible%20Lint/badge.svg) [![Average time to resolve an issue](http://isitmaintained.com/badge/resolution/azure/sap-automation.svg)](http://isitmaintained.com/project/azure/sap-automation "Average time to resolve an issue") [![Percentage of issues still open](http://isitmaintained.com/badge/open/azure/sap-automation.svg)](http://isitmaintained.com/project/azure/sap-automation "Percentage of issues still open") +![Ansible Lint](https://github.com/Azure/sap-automation/workflows/Ansible%20Lint/badge.svg) [![Average time to resolve an issue](http://isitmaintained.com/badge/resolution/azure/sap-automation.svg)](http://isitmaintained.com/project/azure/sap-automation "Average time to resolve an issue") [![Percentage of issues still open](http://isitmaintained.com/badge/open/azure/sap-automation.svg)](http://isitmaintained.com/project/azure/sap-automation "Percentage of issues still open") [![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/Azure/sap-automation/badge)](https://scorecard.dev/viewer/?uri=github.com/Azure/sap-automation) ## Partnership From fb246b5ff6d9e2c1e69849699c9fb0242e9cafdf Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 17 Oct 2024 12:43:29 +0300 Subject: [PATCH 060/279] Refactor variables_local.tf to use client_id instead of id for service principal object_id Refactor installer.sh to comment out unnecessary terraform output command --- deploy/pipelines/02-sap-workload-zone.yaml | 23 +++++++++++++------ deploy/terraform/run/sap_landscape/imports.tf | 6 ----- .../run/sap_landscape/variables_local.tf | 2 +- 3 files changed, 17 insertions(+), 14 deletions(-) diff --git a/deploy/pipelines/02-sap-workload-zone.yaml b/deploy/pipelines/02-sap-workload-zone.yaml index 081baffad0..d34f950acb 100644 --- a/deploy/pipelines/02-sap-workload-zone.yaml +++ b/deploy/pipelines/02-sap-workload-zone.yaml @@ -177,11 +177,21 @@ stages: exit 2 fi + if [ $WL_ARM_CLIENT_SECRET == '$$(ARM_CLIENT_SECRET)' ]; then + echo "##vso[task.logissue type=error]Variable ARM_CLIENT_SECRET was not defined in the $(variable_group) variable group." + exit 2 + fi + if [ -z $WL_ARM_TENANT_ID ]; then echo "##vso[task.logissue type=error]Variable ARM_TENANT_ID was not defined in the $(variable_group) variable group." exit 2 fi + if [ $WL_ARM_TENANT_ID == '$$(ARM_TENANT_ID)' ]; then + echo "##vso[task.logissue type=error]Variable ARM_TENANT_ID was not defined in the $(variable_group) variable group." + exit 2 + fi + if [ -z $CP_ARM_SUBSCRIPTION_ID ]; then echo "##vso[task.logissue type=error]Variable CP_ARM_SUBSCRIPTION_ID was not defined in the $(parent_variable_group) variable group." exit 2 @@ -353,7 +363,6 @@ stages: exit 2 fi - echo -e "$green--- Read parameter values ---$reset" if [ "true" == $(inherit) ]; then @@ -513,7 +522,7 @@ stages: export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET export ARM_TENANT_ID=$WL_ARM_TENANT_ID export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID - export ARM_USE_MSI=false + unset ARM_USE_MSI az login --service-principal --username $WL_ARM_CLIENT_ID --password=$WL_ARM_CLIENT_SECRET --tenant $WL_ARM_TENANT_ID --output none return_code=$? if [ 0 != $return_code ]; then @@ -522,14 +531,14 @@ stages: exit $return_code fi $SAP_AUTOMATION_REPO_PATH/deploy/scripts/install_workloadzone.sh --parameterfile $(workload_zone_configuration_file) \ - --deployer_environment $(deployer_environment) --subscription $(ARM_SUBSCRIPTION_ID) \ - --spn_id $WL_ARM_CLIENT_ID --spn_secret $WL_ARM_CLIENT_SECRET --tenant_id $WL_ARM_TENANT_ID \ - --deployer_tfstate_key "${deployer_tfstate_key}" --keyvault "${key_vault}" --storageaccountname "${REMOTE_STATE_SA}" \ + --deployer_environment $(deployer_environment) --subscription $ARM_SUBSCRIPTION_ID \ + --spn_id $WL_ARM_CLIENT_ID --spn_secret $WL_ARM_CLIENT_SECRET --tenant_id $WL_ARM_TENANT_ID \ + --deployer_tfstate_key "${deployer_tfstate_key}" --keyvault "${key_vault}" --storageaccountname "${REMOTE_STATE_SA}" \ --state_subscription "${STATE_SUBSCRIPTION}" --auto-approve --ado else $SAP_AUTOMATION_REPO_PATH/deploy/scripts/install_workloadzone.sh --parameterfile $(workload_zone_configuration_file) \ - --deployer_environment $(deployer_environment) --subscription $(ARM_SUBSCRIPTION_ID) \ - --deployer_tfstate_key "${deployer_tfstate_key}" --keyvault "${key_vault}" --storageaccountname "${REMOTE_STATE_SA}" \ + --deployer_environment $(deployer_environment) --subscription $ARM_SUBSCRIPTION_ID \ + --deployer_tfstate_key "${deployer_tfstate_key}" --keyvault "${key_vault}" --storageaccountname "${REMOTE_STATE_SA}" \ --state_subscription "${STATE_SUBSCRIPTION}" --auto-approve --ado --msi fi diff --git a/deploy/terraform/run/sap_landscape/imports.tf b/deploy/terraform/run/sap_landscape/imports.tf index 6b2010c8f1..635f979069 100644 --- a/deploy/terraform/run/sap_landscape/imports.tf +++ b/deploy/terraform/run/sap_landscape/imports.tf @@ -67,9 +67,3 @@ data "azurerm_key_vault_secret" "cp_tenant_id" { key_vault_id = local.spn_key_vault_arm_id } -// Import current service principal -data "azuread_service_principal" "sp" { - count = var.use_spn ? 1 : 0 - client_id = local.spn.client_id -} - diff --git a/deploy/terraform/run/sap_landscape/variables_local.tf b/deploy/terraform/run/sap_landscape/variables_local.tf index 38fab4e5f3..6237105a45 100644 --- a/deploy/terraform/run/sap_landscape/variables_local.tf +++ b/deploy/terraform/run/sap_landscape/variables_local.tf @@ -51,7 +51,7 @@ locals { service_principal = { subscription_id = local.spn.subscription_id, tenant_id = local.spn.tenant_id, - object_id = var.use_spn ? try(data.azuread_service_principal.sp[0].client_id, null) : null + object_id = var.use_spn ? local.spn.client_id : null } account = { From 6601f942ae61158da0a5d473caaa04c850cdd76e Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 17 Oct 2024 12:48:07 +0300 Subject: [PATCH 061/279] Refactor pipeline script to use correct variable for workload ARM subscription ID --- deploy/pipelines/02-sap-workload-zone.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/pipelines/02-sap-workload-zone.yaml b/deploy/pipelines/02-sap-workload-zone.yaml index d34f950acb..f0f14507e4 100644 --- a/deploy/pipelines/02-sap-workload-zone.yaml +++ b/deploy/pipelines/02-sap-workload-zone.yaml @@ -395,9 +395,9 @@ stages: STATE_SUBSCRIPTION=${az_var}; echo 'Terraform state file subscription' $STATE_SUBSCRIPTION fi - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "ARM_SUBSCRIPTION_ID.value" | tr -d \") + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "WL_ARM_SUBSCRIPTION_ID.value" | tr -d \") if [ -z ${az_var} ]; then - echo "##vso[task.logissue type=error]Variable ARM_SUBSCRIPTION_ID was not defined." + echo "##vso[task.logissue type=error]Variable WL_ARM_SUBSCRIPTION_ID was not defined." exit 2 else echo 'Target subscription' $WL_ARM_SUBSCRIPTION_ID From 054283d2beba4a43b01b6126e0264358fe9b8146 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 17 Oct 2024 13:13:49 +0300 Subject: [PATCH 062/279] Refactor pipeline script to use correct variable for workload ARM subscription ID --- deploy/pipelines/02-sap-workload-zone.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/pipelines/02-sap-workload-zone.yaml b/deploy/pipelines/02-sap-workload-zone.yaml index f0f14507e4..d669b1692b 100644 --- a/deploy/pipelines/02-sap-workload-zone.yaml +++ b/deploy/pipelines/02-sap-workload-zone.yaml @@ -462,14 +462,14 @@ stages: if [ $USE_MSI != "true" ]; then - isUserAccessAdmin=$(az role assignment list --role "User Access Administrator" --subscription $STATE_SUBSCRIPTION --query "[?principalType=='ServicePrincipal'].principalId | [0] " --assignee $ARM_CLIENT_ID) + isUserAccessAdmin=$(az role assignment list --role "User Access Administrator" --subscription $STATE_SUBSCRIPTION --query "[?principalType=='ServicePrincipal'].principalId | [0] " --assignee $ARM_OBJECT_ID) tfstate_resource_id=$(az resource list --name "${REMOTE_STATE_SA}" --subscription ${STATE_SUBSCRIPTION} --resource-type Microsoft.Storage/storageAccounts --query "[].id | [0]" -o tsv) if [ -n "${isUserAccessAdmin}" ]; then echo -e "$green--- Set permissions ---$reset" - perms=$(az role assignment list --subscription ${STATE_SUBSCRIPTION} --role "Reader" --query "[?principalId=='$WL_ARM_CLIENT_ID'].principalId | [0]" -o tsv --only-show-errors) + perms=$(az role assignment list --subscription ${STATE_SUBSCRIPTION} --role "Reader" --query "[?principalId=='$WL_ARM_OBJECT_ID'].principalId | [0]" -o tsv --only-show-errors) if [ -z "$perms" ]; then echo -e "$green --- Assign subscription permissions to $perms ---$reset" az role assignment create --assignee-object-id $WL_ARM_OBJECT_ID --assignee-principal-type ServicePrincipal --role "Reader" --scope "/subscriptions/${STATE_SUBSCRIPTION}" --output none From 230d4000c4d6a0692f87669ab5011ee1e72cce1c Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 17 Oct 2024 13:25:21 +0300 Subject: [PATCH 063/279] Refactor pipeline script to include ARM_OBJECT_ID variable --- deploy/pipelines/02-sap-workload-zone.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/deploy/pipelines/02-sap-workload-zone.yaml b/deploy/pipelines/02-sap-workload-zone.yaml index d669b1692b..c190dfec98 100644 --- a/deploy/pipelines/02-sap-workload-zone.yaml +++ b/deploy/pipelines/02-sap-workload-zone.yaml @@ -429,6 +429,7 @@ stages: echo -e "$cyan--- Using SPN ---$reset" export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET + export ARM_OBJECT_ID=$WL_ARM_OBJECT_ID export ARM_TENANT_ID=$WL_ARM_TENANT_ID export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID export ARM_USE_AZUREAD=true From 3f08faed261fd62a90e7caf73fbf7e854f867855 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 17 Oct 2024 13:43:50 +0300 Subject: [PATCH 064/279] Refactor pipeline script to use correct variable for workload ARM_CLIENT_ID --- deploy/pipelines/02-sap-workload-zone.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/pipelines/02-sap-workload-zone.yaml b/deploy/pipelines/02-sap-workload-zone.yaml index c190dfec98..b82f084383 100644 --- a/deploy/pipelines/02-sap-workload-zone.yaml +++ b/deploy/pipelines/02-sap-workload-zone.yaml @@ -449,7 +449,7 @@ stages: --region "${LOCATION}" --subscription $ARM_SUBSCRIPTION_ID --spn_id $ARM_CLIENT_ID --spn_secret "${ARM_CLIENT_SECRET}" \ --tenant_id $ARM_TENANT_ID --keyvault_subscription $STATE_SUBSCRIPTION secrets_set=$? ; echo -e "$cyan Set Secrets returned $secrets_set $reset" - az keyvault set-policy --name "${key_vault}" --object-id $ARM_OBJECT_ID --secret-permissions get list --subscription $STATE_SUBSCRIPTION --output none + az keyvault set-policy --name "${key_vault}" --object-id $ARM_CLIENT_ID --secret-permissions get list --subscription $STATE_SUBSCRIPTION --output none else echo -e "$cyan--- Using MSI ---$reset" # export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID From 090b1b18d97ab713ff732d6f02ebc09c7f131541 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 17 Oct 2024 13:53:04 +0300 Subject: [PATCH 065/279] Refactor pipeline script to use correct variable for workload ARM_CLIENT_ID --- deploy/pipelines/02-sap-workload-zone.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/pipelines/02-sap-workload-zone.yaml b/deploy/pipelines/02-sap-workload-zone.yaml index b82f084383..b5f0585c3f 100644 --- a/deploy/pipelines/02-sap-workload-zone.yaml +++ b/deploy/pipelines/02-sap-workload-zone.yaml @@ -449,7 +449,7 @@ stages: --region "${LOCATION}" --subscription $ARM_SUBSCRIPTION_ID --spn_id $ARM_CLIENT_ID --spn_secret "${ARM_CLIENT_SECRET}" \ --tenant_id $ARM_TENANT_ID --keyvault_subscription $STATE_SUBSCRIPTION secrets_set=$? ; echo -e "$cyan Set Secrets returned $secrets_set $reset" - az keyvault set-policy --name "${key_vault}" --object-id $ARM_CLIENT_ID --secret-permissions get list --subscription $STATE_SUBSCRIPTION --output none + az keyvault set-policy --name "${key_vault}" --application-id $ARM_CLIENT_ID --secret-permissions get list --subscription $STATE_SUBSCRIPTION --output none else echo -e "$cyan--- Using MSI ---$reset" # export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID From a7ba8cccf4bc6a7eec865aa3a22987ac20c2f27a Mon Sep 17 00:00:00 2001 From: hdamecharla Date: Thu, 17 Oct 2024 16:50:51 +0530 Subject: [PATCH 066/279] check terraform when running in cloudshell --- deploy/scripts/helpers/script_helpers.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/deploy/scripts/helpers/script_helpers.sh b/deploy/scripts/helpers/script_helpers.sh index b79b8d16b1..dcda87748d 100755 --- a/deploy/scripts/helpers/script_helpers.sh +++ b/deploy/scripts/helpers/script_helpers.sh @@ -389,11 +389,16 @@ function missing { function validate_dependencies { # if /opt/terraform exists, assign permissions to the user if [ -d /opt/terraform ]; then - sudo chown -R $USER /opt/terraform + sudo chown -R "$USER" /opt/terraform fi # Check terraform - tf=$(/opt/terraform/bin/terraform --version | grep Terraform) + if checkIfCloudShell; then + tf=$(terraform --version | grep Terraform) + else + tf=$(/opt/terraform/bin/terraform --version | grep Terraform) + fi + if [ -z "$tf" ]; then echo "" echo "#########################################################################################" From 93e63e6408f8663d33d854535bb6459525ff4832 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 17 Oct 2024 15:24:21 +0300 Subject: [PATCH 067/279] Refactor pipeline script to include missing variable checks --- deploy/pipelines/10-remover-terraform.yaml | 86 +++++++++++++++++----- 1 file changed, 66 insertions(+), 20 deletions(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index cd4c80dded..c391aa594e 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -101,26 +101,70 @@ stages: exit 2 fi - if [ -z $WL_ARM_SUBSCRIPTION_ID ]; then - echo "##vso[task.logissue type=error]Variable ARM_SUBSCRIPTION_ID was not defined." - exit 2 - fi + if [ $USE_MSI != "true" ]; then - if [ -z $WL_ARM_CLIENT_ID ]; then - echo "##vso[task.logissue type=error]Variable ARM_CLIENT_ID was not defined." - exit 2 - fi + if [ -z $WL_ARM_SUBSCRIPTION_ID ]; then + echo "##vso[task.logissue type=error]Variable ARM_SUBSCRIPTION_ID was not defined in the $(variable_group) variable group." + exit 2 + fi - if [ -z $WL_ARM_CLIENT_SECRET ]; then - echo "##vso[task.logissue type=error]Variable ARM_CLIENT_SECRET was not defined." - exit 2 - fi + if [ $WL_ARM_SUBSCRIPTION_ID == '$$(ARM_SUBSCRIPTION_ID)' ]; then + echo "##vso[task.logissue type=error]Variable ARM_SUBSCRIPTION_ID was not defined in the $(variable_group) variable group." + exit 2 + fi - if [ -z $WL_ARM_TENANT_ID ]; then - echo "##vso[task.logissue type=error]Variable ARM_TENANT_ID was not defined." - exit 2 + if [ -z $WL_ARM_CLIENT_ID ]; then + echo "##vso[task.logissue type=error]Variable ARM_CLIENT_ID was not defined in the $(variable_group) variable group." + exit 2 + fi + + if [ $WL_ARM_CLIENT_ID == '$$(ARM_CLIENT_ID)' ]; then + echo "##vso[task.logissue type=error]Variable ARM_CLIENT_ID was not defined in the $(variable_group) variable group." + exit 2 + fi + + if [ -z $WL_ARM_CLIENT_SECRET ]; then + echo "##vso[task.logissue type=error]Variable ARM_CLIENT_SECRET was not defined in the $(variable_group) variable group." + exit 2 + fi + + if [ $WL_ARM_CLIENT_SECRET == '$$(ARM_CLIENT_SECRET)' ]; then + echo "##vso[task.logissue type=error]Variable ARM_CLIENT_SECRET was not defined in the $(variable_group) variable group." + exit 2 + fi + + if [ -z $WL_ARM_TENANT_ID ]; then + echo "##vso[task.logissue type=error]Variable ARM_TENANT_ID was not defined in the $(variable_group) variable group." + exit 2 + fi + + if [ $WL_ARM_TENANT_ID == '$$(ARM_TENANT_ID)' ]; then + echo "##vso[task.logissue type=error]Variable ARM_TENANT_ID was not defined in the $(variable_group) variable group." + exit 2 + fi + + if [ -z $CP_ARM_SUBSCRIPTION_ID ]; then + echo "##vso[task.logissue type=error]Variable CP_ARM_SUBSCRIPTION_ID was not defined in the $(parent_variable_group) variable group." + exit 2 + fi + + if [ -z $CP_ARM_CLIENT_ID ]; then + echo "##vso[task.logissue type=error]Variable CP_ARM_CLIENT_ID was not defined in the $(parent_variable_group) variable group." + exit 2 + fi + + if [ -z $CP_ARM_CLIENT_SECRET ]; then + echo "##vso[task.logissue type=error]Variable CP_ARM_CLIENT_SECRET was not defined in the $(parent_variable_group) variable group." + exit 2 + fi + + if [ -z $CP_ARM_TENANT_ID ]; then + echo "##vso[task.logissue type=error]Variable CP_ARM_TENANT_ID was not defined in the $(parent_variable_group) variable group." + exit 2 + fi fi + # Check if running on deployer if [[ ! -f /etc/profile.d/deploy_server.sh ]]; then echo -e "$green --- Install dos2unix ---$reset" @@ -137,14 +181,14 @@ stages: unzip -qq terraform_$(tf_version)_linux_amd64.zip ; sudo mv terraform /bin/ rm -f terraform_$(tf_version)_linux_amd64.zip else - if [ $LOGON_USING_SPN == "true" ]; then - echo "Logon Using SPN" + if [ $USE_MSI != "true" ]; then + echo "Using SPN" export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET export ARM_TENANT_ID=$WL_ARM_TENANT_ID export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID - export ARM_USE_MSI=false + unset ARM_USE_MSI az login --service-principal --username $WL_ARM_CLIENT_ID --password=$WL_ARM_CLIENT_SECRET --tenant $WL_ARM_TENANT_ID --output none return_code=$? if [ 0 != $return_code ]; then @@ -154,6 +198,8 @@ stages: fi else export ARM_USE_MSI=true + export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID + unset ARM_TENANT_ID az login --identity --allow-no-subscriptions --output none fi fi @@ -302,14 +348,14 @@ stages: else echo -e "$green --- Running on deployer ---$reset" - if [ $LOGON_USING_SPN == "true" ]; then + if [ $USE_MSI != "true" ]; then echo "Using SPN" export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET export ARM_TENANT_ID=$WL_ARM_TENANT_ID export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID - export ARM_USE_MSI=false + unset ARM_USE_MSI az login --service-principal --username $WL_ARM_CLIENT_ID --password=$WL_ARM_CLIENT_SECRET --tenant $WL_ARM_TENANT_ID --output none return_code=$? if [ 0 != $return_code ]; then From 866cb755fdd509c1935de3f7316f8f04aa1eac51 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 17 Oct 2024 15:26:46 +0300 Subject: [PATCH 068/279] Refactor pipeline script to remove unnecessary variable checks --- deploy/pipelines/10-remover-terraform.yaml | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index c391aa594e..504c07a83b 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -143,25 +143,6 @@ stages: exit 2 fi - if [ -z $CP_ARM_SUBSCRIPTION_ID ]; then - echo "##vso[task.logissue type=error]Variable CP_ARM_SUBSCRIPTION_ID was not defined in the $(parent_variable_group) variable group." - exit 2 - fi - - if [ -z $CP_ARM_CLIENT_ID ]; then - echo "##vso[task.logissue type=error]Variable CP_ARM_CLIENT_ID was not defined in the $(parent_variable_group) variable group." - exit 2 - fi - - if [ -z $CP_ARM_CLIENT_SECRET ]; then - echo "##vso[task.logissue type=error]Variable CP_ARM_CLIENT_SECRET was not defined in the $(parent_variable_group) variable group." - exit 2 - fi - - if [ -z $CP_ARM_TENANT_ID ]; then - echo "##vso[task.logissue type=error]Variable CP_ARM_TENANT_ID was not defined in the $(parent_variable_group) variable group." - exit 2 - fi fi From 4f44c61e6b729636dc3dd2f8d889234eaccd1913 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 17 Oct 2024 15:38:15 +0300 Subject: [PATCH 069/279] Refactor pipeline script to use correct variables for workload ARM_CLIENT_ID --- deploy/pipelines/10-remover-terraform.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index 504c07a83b..f0fcbb58a7 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -450,10 +450,10 @@ stages: displayName: "Remove SAP system" env: SYSTEM_ACCESSTOKEN: $(System.AccessToken) - WL_ARM_SUBSCRIPTION_ID: $(ARM_SUBSCRIPTION_ID) - WL_ARM_CLIENT_ID: $(ARM_CLIENT_ID) - WL_ARM_CLIENT_SECRET: $(ARM_CLIENT_SECRET) - WL_ARM_TENANT_ID: $(ARM_TENANT_ID) + WL_ARM_SUBSCRIPTION_ID: $(WL_ARM_SUBSCRIPTION_ID) + WL_ARM_CLIENT_ID: $(WL_ARM_CLIENT_ID) + WL_ARM_CLIENT_SECRET: $(WL_ARM_CLIENT_SECRET) + WL_ARM_TENANT_ID: $(WL_ARM_TENANT_ID) AZURE_DEVOPS_EXT_PAT: $(System.AccessToken) SAP_AUTOMATION_REPO_PATH: ${{ parameters.sap_automation_repo_path }} CONFIG_REPO_PATH: ${{ parameters.config_repo_path }}/$(Deployment_Configuration_Path) From 25fa5419d2ba72b8ceef4fb36cbe5f6e0e07f73e Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 17 Oct 2024 17:00:47 +0300 Subject: [PATCH 070/279] Refactor pipeline script to use correct variables for workload ARM_CLIENT_ID --- deploy/pipelines/10-remover-terraform.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index f0fcbb58a7..b0b370a775 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -799,10 +799,10 @@ stages: displayName: Remove SAP workload_zone env: SYSTEM_ACCESSTOKEN: $(System.AccessToken) - WL_ARM_SUBSCRIPTION_ID: $(ARM_SUBSCRIPTION_ID) - WL_ARM_CLIENT_ID: $(ARM_CLIENT_ID) - WL_ARM_CLIENT_SECRET: $(ARM_CLIENT_SECRET) - WL_ARM_TENANT_ID: $(ARM_TENANT_ID) + WL_ARM_SUBSCRIPTION_ID: $(WL_ARM_SUBSCRIPTION_ID) + WL_ARM_CLIENT_ID: $(WL_ARM_CLIENT_ID) + WL_ARM_CLIENT_SECRET: $(WL_ARM_CLIENT_SECRET) + WL_ARM_TENANT_ID: $(WL_ARM_TENANT_ID) AZURE_DEVOPS_EXT_PAT: $(System.AccessToken) SAP_AUTOMATION_REPO_PATH: ${{ parameters.sap_automation_repo_path }} CONFIG_REPO_PATH: ${{ parameters.config_repo_path }}/$(Deployment_Configuration_Path) From 8a42cdd539468e36d83ffafba9fc0297429656a6 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 17 Oct 2024 17:49:00 +0300 Subject: [PATCH 071/279] Refactor pipeline script to include missing variable checks --- deploy/pipelines/10-remover-terraform.yaml | 495 +++++++++++---------- 1 file changed, 248 insertions(+), 247 deletions(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index b0b370a775..50fc9e3ee5 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -7,84 +7,84 @@ # +------------------------------------4--------------------------------------*/ parameters: - - name: cleanup_sap - displayName: Remove the SAP system - type: boolean - default: true - - - name: sap_system - displayName: "SAP System configuration name, use this format: ENV-LOCA-VNET-SID" - type: string - default: DEV-WEEU-SAP01-X00 - - - name: cleanup_zone - displayName: Remove the SAP workload zone - type: boolean - default: true - - - name: workload_zone - displayName: "SAP workload zone configuration name, use this format: ENV-LOCA-VNET-INFRASTRUCTURE" - type: string - default: DEV-WEEU-SAP01-INFRASTRUCTURE - - - name: cleanup_region - displayName: Remove the control plane - type: boolean - default: true - - - name: deployer - displayName: "Deployer configuration name, use this format: ENV-LOCA-VNET-INFRASTRUCTURE" - type: string - default: MGMT-WEEU-DEP00-INFRASTRUCTURE - - - name: library - displayName: "Library configuration name, use this format: ENV-LOCA-SAP_LIBRARY" - type: string - default: MGMT-WEEU-SAP_LIBRARY - - - name: workload_environment - displayName: Environment (DEV, QUA, PRD) - type: string - default: DEV - - - name: deployer_environment - displayName: Environment (MGMT) - type: string - default: MMGMT - - - name: use_deployer - displayName: Run removal on self hosted agent - type: boolean - default: true - - - name: sap_automation_repo_path - displayName: The local path on the agent where the sap_automation repo can be found - type: string - - - name: config_repo_path - displayName: The local path on the agent where the config repo can be found - type: string + - name: cleanup_sap + displayName: Remove the SAP system + type: boolean + default: true + + - name: sap_system + displayName: "SAP System configuration name, use this format: ENV-LOCA-VNET-SID" + type: string + default: DEV-WEEU-SAP01-X00 + + - name: cleanup_zone + displayName: Remove the SAP workload zone + type: boolean + default: true + + - name: workload_zone + displayName: "SAP workload zone configuration name, use this format: ENV-LOCA-VNET-INFRASTRUCTURE" + type: string + default: DEV-WEEU-SAP01-INFRASTRUCTURE + + - name: cleanup_region + displayName: Remove the control plane + type: boolean + default: true + + - name: deployer + displayName: "Deployer configuration name, use this format: ENV-LOCA-VNET-INFRASTRUCTURE" + type: string + default: MGMT-WEEU-DEP00-INFRASTRUCTURE + + - name: library + displayName: "Library configuration name, use this format: ENV-LOCA-SAP_LIBRARY" + type: string + default: MGMT-WEEU-SAP_LIBRARY + + - name: workload_environment + displayName: Environment (DEV, QUA, PRD) + type: string + default: DEV + + - name: deployer_environment + displayName: Environment (MGMT) + type: string + default: MMGMT + + - name: use_deployer + displayName: Run removal on self hosted agent + type: boolean + default: true + + - name: sap_automation_repo_path + displayName: The local path on the agent where the sap_automation repo can be found + type: string + + - name: config_repo_path + displayName: The local path on the agent where the config repo can be found + type: string stages: - stage: Remove_SAP_systems displayName: "Removing the SAP System" condition: and(not(failed()), not(canceled()), eq(${{ parameters.cleanup_sap }}, true)) variables: - - template: variables/10-remover-terraform-variables.yaml + - template: variables/10-remover-terraform-variables.yaml parameters: - deployer_environment: ${{ parameters.deployer_environment }} - workload_environment: ${{ parameters.workload_environment }} - workload_zone: ${{ parameters.workload_zone }} - sap_system: ${{ parameters.sap_system }} + deployer_environment: ${{ parameters.deployer_environment }} + workload_environment: ${{ parameters.workload_environment }} + workload_zone: ${{ parameters.workload_zone }} + sap_system: ${{ parameters.sap_system }} jobs: - - job: Remove_SAP_systems - displayName: "Removing the SAP System" + - job: Remove_SAP_systems + displayName: "Removing the SAP System" variables: - - group: SDAF-${{ parameters.workload_environment }} + - group: SDAF-${{ parameters.workload_environment }} workspace: clean: all steps: - - template: templates\download.yaml + - template: templates\download.yaml - bash: | #!/bin/bash green="\e[1;32m" ; reset="\e[0m" @@ -447,129 +447,126 @@ stages: exit $return_code - displayName: "Remove SAP system" + displayName: "Remove SAP system" env: - SYSTEM_ACCESSTOKEN: $(System.AccessToken) - WL_ARM_SUBSCRIPTION_ID: $(WL_ARM_SUBSCRIPTION_ID) - WL_ARM_CLIENT_ID: $(WL_ARM_CLIENT_ID) - WL_ARM_CLIENT_SECRET: $(WL_ARM_CLIENT_SECRET) - WL_ARM_TENANT_ID: $(WL_ARM_TENANT_ID) - AZURE_DEVOPS_EXT_PAT: $(System.AccessToken) + SYSTEM_ACCESSTOKEN: $(System.AccessToken) + WL_ARM_SUBSCRIPTION_ID: $(WL_ARM_SUBSCRIPTION_ID) + WL_ARM_CLIENT_ID: $(WL_ARM_CLIENT_ID) + WL_ARM_CLIENT_SECRET: $(WL_ARM_CLIENT_SECRET) + WL_ARM_TENANT_ID: $(WL_ARM_TENANT_ID) + AZURE_DEVOPS_EXT_PAT: $(System.AccessToken) SAP_AUTOMATION_REPO_PATH: ${{ parameters.sap_automation_repo_path }} - CONFIG_REPO_PATH: ${{ parameters.config_repo_path }}/$(Deployment_Configuration_Path) - LOGON_USING_SPN: $(Logon_Using_SPN) - USE_MSI: $(Use_MSI) + CONFIG_REPO_PATH: ${{ parameters.config_repo_path }}/$(Deployment_Configuration_Path) + LOGON_USING_SPN: $(Logon_Using_SPN) + USE_MSI: $(Use_MSI) - failOnStderr: false + failOnStderr: false - stage: Remove_SAP_workload_zone displayName: "Removing the SAP workload zone" condition: and(not(failed()), not(canceled()), eq(${{ parameters.cleanup_zone }}, true)) variables: - - template: variables/10-remover-terraform-variables.yaml + - template: variables/10-remover-terraform-variables.yaml parameters: - deployer_environment: ${{ parameters.deployer_environment }} - workload_environment: ${{ parameters.workload_environment }} - workload_zone: ${{ parameters.workload_zone }} - sap_system: ${{ parameters.sap_system }} + deployer_environment: ${{ parameters.deployer_environment }} + workload_environment: ${{ parameters.workload_environment }} + workload_zone: ${{ parameters.workload_zone }} + sap_system: ${{ parameters.sap_system }} jobs: - - job: Remove_SAP_workload_zone - displayName: Remove the SAP Workload Zone + - job: Remove_SAP_workload_zone + displayName: Remove the SAP Workload Zone variables: - - group: SDAF-${{ parameters.workload_environment }} + - group: SDAF-${{ parameters.workload_environment }} workspace: - clean: all + clean: all steps: - - template: templates\download.yaml + - template: templates\download.yaml - bash: | #!/bin/bash - #!/bin/bash - green="\e[1;32m" ; reset="\e[0m" + green="\e[1;32m" ; reset="\e[0m" ; boldred="\e[1;31m" ; cyan="\e[1;36m" echo "##vso[build.updatebuildnumber]Removing the SAP Workload zone defined in $(workload_zone_folder)" echo -e "$green--- Validations ---$reset" - HOME_CONFIG=${CONFIG_REPO_PATH} - cd $HOME_CONFIG; mkdir -p .sap_deployment_automation + HOME_CONFIG=${CONFIG_REPO_PATH} + cd $HOME_CONFIG; mkdir -p .sap_deployment_automation - if [ ! -f LANDSCAPE/$(workload_zone_folder)/$(workload_zone_configuration_file) ]; then + if [ ! -f LANDSCAPE/$(workload_zone_folder)/$(workload_zone_configuration_file) ]; then echo -e "$boldred--- $(workload_zone_configuration_file) was not found ---$reset" echo "##vso[task.logissue type=error]File $(workload_zone_configuration_file) was not found." exit 2 - fi + fi - if [ -z $WL_ARM_SUBSCRIPTION_ID ]; then + if [ -z $WL_ARM_SUBSCRIPTION_ID ]; then echo "##vso[task.logissue type=error]Variable ARM_SUBSCRIPTION_ID was not defined." exit 2 - fi + fi - if [ -z $WL_ARM_CLIENT_ID ]; then + if [ -z $WL_ARM_CLIENT_ID ]; then echo "##vso[task.logissue type=error]Variable ARM_CLIENT_ID was not defined." exit 2 - fi + fi - if [ -z $WL_ARM_CLIENT_SECRET ]; then + if [ -z $WL_ARM_CLIENT_SECRET ]; then echo "##vso[task.logissue type=error]Variable ARM_CLIENT_SECRET was not defined." exit 2 - fi + fi - if [ -z $WL_ARM_TENANT_ID ]; then + if [ -z $WL_ARM_TENANT_ID ]; then echo "##vso[task.logissue type=error]Variable ARM_TENANT_ID was not defined." exit 2 - fi + fi # Check if running on deployer if [[ ! -f /etc/profile.d/deploy_server.sh ]]; then - echo -e "$green --- Install dos2unix ---$reset" + echo -e "$green --- Install dos2unix ---$reset" sudo apt-get -qq install dos2unix - echo -e "$green --- Install terraform ---$reset" + echo -e "$green --- Install terraform ---$reset" wget -q $(tf_url) return_code=$? if [ 0 != $return_code ]; then - echo "##vso[task.logissue type=error]Unable to download Terraform version $(tf_version)." - exit 2 + echo "##vso[task.logissue type=error]Unable to download Terraform version $(tf_version)." + exit 2 fi unzip -qq terraform_$(tf_version)_linux_amd64.zip ; sudo mv terraform /bin/ rm -f terraform_$(tf_version)_linux_amd64.zip else - source /etc/profile.d/deploy_server.sh + echo "sourcing /etc/profile.d/deploy_server.sh" + source /etc/profile.d/deploy_server.sh fi echo -e "$green--- Configure devops CLI extension ---$reset" - az config set extension.use_dynamic_install=yes_without_prompt --output none + az config set extension.use_dynamic_install=yes_without_prompt --output none - az devops configure --defaults organization=$(System.CollectionUri) project='$(System.TeamProject)' --output none + az devops configure --defaults organization=$(System.CollectionUri) project='$(System.TeamProject)' --output none - export VARIABLE_GROUP_ID=$(az pipelines variable-group list --query "[?name=='$(variable_group)'].id | [0]") - echo '$(variable_group) id: ' $VARIABLE_GROUP_ID - if [ -z ${VARIABLE_GROUP_ID} ]; then + export VARIABLE_GROUP_ID=$(az pipelines variable-group list --query "[?name=='$(variable_group)'].id | [0]") + echo '$(variable_group) id: ' $VARIABLE_GROUP_ID + if [ -z ${VARIABLE_GROUP_ID} ]; then echo "##vso[task.logissue type=error]Variable group $(variable_group) could not be found." exit 2 - fi - export PARENT_VARIABLE_GROUP_ID=$(az pipelines variable-group list --query "[?name=='$(parent_variable_group)'].id | [0]"); echo PARENT_VARIABLE_GROUP_ID $PARENT_VARIABLE_GROUP_ID - if [ -z ${PARENT_VARIABLE_GROUP_ID} ]; then - echo "##vso[task.logissue type=error]Variable group $(parent_variable_group) could not be found." - exit 2 - fi + fi + export PARENT_VARIABLE_GROUP_ID=$(az pipelines variable-group list --query "[?name=='$(parent_variable_group)'].id | [0]"); echo PARENT_VARIABLE_GROUP_ID $PARENT_VARIABLE_GROUP_ID + if [ -z ${PARENT_VARIABLE_GROUP_ID} ]; then + echo "##vso[task.logissue type=error]Variable group $(parent_variable_group) could not be found." + exit 2 + fi echo -e "$green--- Convert config file to UX format ---$reset" - dos2unix -q LANDSCAPE/$(workload_zone_folder)/$(workload_zone_configuration_file) + dos2unix -q LANDSCAPE/$(workload_zone_folder)/$(workload_zone_configuration_file) echo -e "$green--- Read details ---$reset" - ENVIRONMENT=$(grep "^environment" LANDSCAPE/$(workload_zone_folder)/$(workload_zone_configuration_file) | awk -F'=' '{print $2}' | xargs) - LOCATION=$(grep "^location" LANDSCAPE/$(workload_zone_folder)/$(workload_zone_configuration_file) | awk -F'=' '{print $2}' | xargs | tr 'A-Z' 'a-z') - NETWORK=$(grep "^network_logical_name" LANDSCAPE/$(workload_zone_folder)/$(workload_zone_configuration_file) | awk -F'=' '{print $2}' | xargs) - echo Environment: ${ENVIRONMENT} - echo Location: ${LOCATION} - echo Network: ${NETWORK} + ENVIRONMENT=$(grep "^environment" LANDSCAPE/$(workload_zone_folder)/$(workload_zone_configuration_file) | awk -F'=' '{print $2}' | xargs) + LOCATION=$(grep "^location" LANDSCAPE/$(workload_zone_folder)/$(workload_zone_configuration_file) | awk -F'=' '{print $2}' | xargs | tr 'A-Z' 'a-z') + NETWORK=$(grep "^network_logical_name" LANDSCAPE/$(workload_zone_folder)/$(workload_zone_configuration_file) | awk -F'=' '{print $2}' | xargs) - ENVIRONMENT_IN_FILENAME=$(echo $(workload_zone_folder) | awk -F'-' '{print $1}' | xargs ) - LOCATION_CODE=$(echo $(workload_zone_folder) | awk -F'-' '{print $2}' | xargs ) - case "$LOCATION_CODE" in + ENVIRONMENT_IN_FILENAME=$(echo $(workload_zone_folder) | awk -F'-' '{print $1}' | xargs ) + LOCATION_CODE=$(echo $(workload_zone_folder) | awk -F'-' '{print $2}' | xargs ) + case "$LOCATION_CODE" in "AUCE") LOCATION_IN_FILENAME="australiacentral" ;; "AUC2") LOCATION_IN_FILENAME="australiacentral2" ;; "AUEA") LOCATION_IN_FILENAME="australiaeast" ;; @@ -626,187 +623,191 @@ stages: "WUS2") LOCATION_IN_FILENAME="westus2" ;; "WUS3") LOCATION_IN_FILENAME="westus3" ;; *) LOCATION_IN_FILENAME="westeurope" ;; - esac - - NETWORK_IN_FILENAME=$(echo $(workload_zone_folder) | awk -F'-' '{print $3}' | xargs ) - echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" - echo "Location(filename): $LOCATION_IN_FILENAME" - echo "Network(filename): $NETWORK_IN_FILENAME" - - if [ $ENVIRONMENT != $ENVIRONMENT_IN_FILENAME ]; then + esac + + NETWORK_IN_FILENAME=$(echo $(workload_zone_folder) | awk -F'-' '{print $3}' | xargs ) + echo "Environment: ${ENVIRONMENT}" + echo "Location: ${LOCATION}" + echo "Network: ${NETWORK}" + echo "" + echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" + echo "Location(filename): $LOCATION_IN_FILENAME" + echo "Network(filename): $NETWORK_IN_FILENAME" + + if [ $ENVIRONMENT != $ENVIRONMENT_IN_FILENAME ]; then echo "##vso[task.logissue type=error]The environment setting in $(workload_zone_configuration_file) '$ENVIRONMENT' does not match the $(workload_zone_configuration_file) file name '$ENVIRONMENT_IN_FILENAME'. Filename should have the pattern [ENVIRONMENT]-[REGION_CODE]-[NETWORK_LOGICAL_NAME]-INFRASTRUCTURE" exit 2 - fi + fi - if [ $LOCATION != $LOCATION_IN_FILENAME ]; then + if [ $LOCATION != $LOCATION_IN_FILENAME ]; then echo "##vso[task.logissue type=error]The location setting in $(workload_zone_configuration_file) '$LOCATION' does not match the $(workload_zone_configuration_file) file name '$LOCATION_IN_FILENAME'. Filename should have the pattern [ENVIRONMENT]-[REGION_CODE]-[NETWORK_LOGICAL_NAME]-INFRASTRUCTURE" exit 2 - fi + fi - if [ $NETWORK != $NETWORK_IN_FILENAME ]; then + if [ $NETWORK != $NETWORK_IN_FILENAME ]; then echo "##vso[task.logissue type=error]The network_logical_name setting in $(workload_zone_configuration_file) '$NETWORK' does not match the $(workload_zone_configuration_file) file name '$NETWORK_IN_FILENAME-. Filename should have the pattern [ENVIRONMENT]-[REGION_CODE]-[NETWORK_LOGICAL_NAME]-INFRASTRUCTURE" exit 2 - fi + fi - if [ -z $(Deployer_Key_Vault) ]; then + if [ -z $(Deployer_Key_Vault) ]; then if [ ! -f ${workload_environment_file_name} ]; then - echo -e "$boldred--- $workload_environment_file_name was not found ---$reset" - echo "##vso[task.logissue type=error]Workload Zone configuration file ${workload_environment_file_name} was not found." - exit 2 + echo -e "$boldred--- $workload_environment_file_name was not found ---$reset" + echo "##vso[task.logissue type=error]Workload Zone configuration file ${workload_environment_file_name} was not found." + exit 2 fi - fi + fi - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query $NETWORK"Workload_Key_Vault.value") - if [ -z ${az_var} ]; then + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query $NETWORK"Workload_Key_Vault.value") + if [ -z ${az_var} ]; then export workload_key_vault=$(cat "${workload_environment_file_name}" | grep workloadkeyvault | awk -F'=' '{print $2}' | xargs) ; echo 'Workload Key Vault' ${workload_key_vault} - else + else export workload_key_vault="${az_var}" ; echo 'Workload Key Vault' ${workload_key_vault} - fi + fi - az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Deployer_Key_Vault.value" | tr -d \") - if [ -n "${az_var}" ]; then + az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Deployer_Key_Vault.value" | tr -d \") + if [ -n "${az_var}" ]; then key_vault="${az_var}" ; echo 'Deployer Key Vault' ${key_vault} - else + else key_vault=$(cat ${workload_environment_file_name} | grep keyvault= -m1 | awk -F'=' '{print $2}' | xargs) ; echo 'Deployer Key Vault' ${key_vault} - fi + fi - az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Subscription.value" | tr -d \") - if [ -n "${az_var}" ]; then + az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Subscription.value" | tr -d \") + if [ -n "${az_var}" ]; then STATE_SUBSCRIPTION="${az_var}" ; echo 'Terraform state file subscription' $STATE_SUBSCRIPTION - else + else STATE_SUBSCRIPTION=$(cat ${workload_environment_file_name} | grep STATE_SUBSCRIPTION | awk -F'=' '{print $2}' | xargs) ; echo 'Terraform state file subscription' $STATE_SUBSCRIPTION - fi + fi - az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Account_Name.value" | tr -d \") - if [ -n "${az_var}" ]; then + az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Account_Name.value" | tr -d \") + if [ -n "${az_var}" ]; then REMOTE_STATE_SA="${az_var}" ; echo 'Terraform state file storage account' $REMOTE_STATE_SA - else + else REMOTE_STATE_SA=$(cat ${workload_environment_file_name} | grep REMOTE_STATE_SA | awk -F'=' '{print $2}' | xargs) ; echo 'Terraform state file storage account' $REMOTE_STATE_SA - fi + fi # Check if running on deployer if [[ ! -f /etc/profile.d/deploy_server.sh ]]; then - az login --service-principal --username $WL_ARM_CLIENT_ID --password=$WL_ARM_CLIENT_SECRET --tenant $WL_ARM_TENANT_ID --output none - return_code=$? - if [ 0 != $return_code ]; then - echo -e "$boldred--- Login failed ---$reset" - echo "##vso[task.logissue type=error]az login failed." - exit $return_code - fi - else - echo -e "$green --- Running on deployer ---$reset" - - if [ $LOGON_USING_SPN == "true" ]; then - echo "Using SPN" - - export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID - export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET - export ARM_TENANT_ID=$WL_ARM_TENANT_ID - export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID - export ARM_USE_MSI=false - az login --service-principal --username $WL_ARM_CLIENT_ID --password=$WL_ARM_CLIENT_SECRET --tenant $WL_ARM_TENANT_ID --output none + az login --service-principal --username $WL_ARM_CLIENT_ID --password=$WL_ARM_CLIENT_SECRET --tenant $WL_ARM_TENANT_ID --output none return_code=$? if [ 0 != $return_code ]; then - echo -e "$boldred--- Login failed ---$reset" - echo "##vso[task.logissue type=error]az login failed." - exit $return_code + echo -e "$boldred--- Login failed ---$reset" + echo "##vso[task.logissue type=error]az login failed." + exit $return_code + fi + else + echo -e "$green --- Running on deployer ---$reset" + + if [ "${USE_MSI}" != "true" ]; then + + echo -e "$cyan --- Install using Service Principals ---$reset" + export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID + export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET + export ARM_TENANT_ID=$WL_ARM_TENANT_ID + export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID + export ARM_USE_MSI=false + az login --service-principal --username "${WL_ARM_CLIENT_ID}" --password="${WL_ARM_CLIENT_SECRET}" --tenant "${WL_ARM_TENANT_ID}" --output none + return_code=$? + if [ 0 != $return_code ]; then + echo -e "$boldred--- Login failed ---$reset" + echo "##vso[task.logissue type=error]az login failed." + exit $return_code + fi + else + export ARM_USE_MSI=true + export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID + unset ARM_TENANT_ID + az login --identity --allow-no-subscriptions --output none fi - else - export ARM_USE_MSI=true - export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID - unset ARM_TENANT_ID - az login --identity --allow-no-subscriptions --output none - fi fi echo -e "$green--- Run the remover script that destroys the SAP workload zone (landscape) ---$reset" - cd $CONFIG_REPO_PATH/LANDSCAPE/$(workload_zone_folder) + cd "$CONFIG_REPO_PATH/LANDSCAPE/$(workload_zone_folder)" - $SAP_AUTOMATION_REPO_PATH/deploy/scripts/remover.sh \ - --parameterfile $(workload_zone_configuration_file) \ - --type sap_landscape \ - --state_subscription ${STATE_SUBSCRIPTION} \ - --storageaccountname "${REMOTE_STATE_SA}" \ - --auto-approve \ - --ado + $SAP_AUTOMATION_REPO_PATH/deploy/scripts/remover.sh \ + --parameterfile $(workload_zone_configuration_file) \ + --type sap_landscape \ + --state_subscription ${STATE_SUBSCRIPTION} \ + --storageaccountname "${REMOTE_STATE_SA}" \ + --auto-approve \ + --ado - return_code=$? + return_code=$? - #stop the pipeline after you have reset the whitelisting on your resources - echo "Return code from remover.sh $return_code." - if [ 0 != $return_code ]; then + #stop the pipeline after you have reset the whitelisting on your resources + echo "Return code from remover.sh $return_code." + if [ 0 != $return_code ]; then echo "##vso[task.logissue type=error]Return code from remover.sh $return_code." exit $return_code - fi + fi echo -e "$green--- Add & update files in the DevOps Repository ---$reset" - cd $(Build.Repository.LocalPath) - changed=0 - git checkout -q $(Build.SourceBranchName) - git pull + cd $(Build.Repository.LocalPath) + changed=0 + git checkout -q $(Build.SourceBranchName) + git pull - if [ 0 == $return_code ]; then + if [ 0 == $return_code ]; then - if [ -f ${workload_environment_file_name} ]; then - git rm -q -f ${workload_environment_file_name} - echo "Removed ${workload_environment_file_name}" + if [ -f "${workload_environment_file_name}" ]; then + git rm -q -f ${workload_environment_file_name} + echo "Removed ${workload_environment_file_name}" - changed=1 + changed=1 fi - if [ -f ${workload_environment_file_name}.md ]; then - git rm -q --ignore-unmatch -f ${workload_environment_file_name}.md - changed=1 + if [ -f "${workload_environment_file_name}.md" ]; then + git rm -q --ignore-unmatch -f ${workload_environment_file_name}.md + changed=1 fi if [ -d $(Deployment_Configuration_Path)/LANDSCAPE/$(workload_zone_folder)/.terraform ]; then - git rm -r --ignore-unmatch -f $(Deployment_Configuration_Path)/LANDSCAPE/$(workload_zone_folder)/.terraform - changed=1 + git rm -r --ignore-unmatch -f $(Deployment_Configuration_Path)/LANDSCAPE/$(workload_zone_folder)/.terraform + changed=1 fi if [ 1 == $changed ] ; then - git config --global user.email "$(Build.RequestedForEmail)" - git config --global user.name "$(Build.RequestedFor)" - git commit -m "Workload zone ${workload_zone_folder} removal.[skip ci]" - git -c http.extraheader="AUTHORIZATION: bearer $(System.AccessToken)" push --set-upstream origin $(Build.SourceBranchName) + git config --global user.email "$(Build.RequestedForEmail)" + git config --global user.name "$(Build.RequestedFor)" + git commit -m "Workload zone ${workload_zone_folder} removal.[skip ci]" + git -c http.extraheader="AUTHORIZATION: bearer $(System.AccessToken)" push --set-upstream origin $(Build.SourceBranchName) fi - echo -e "$green--- Deleting variables ---$reset" - if [ -n $VARIABLE_GROUP_ID ]; then - echo "Deleting variables" + echo -e "$green--- Deleting variables ---$reset" + if [ -n "${VARIABLE_GROUP_ID}" ]; then + echo "Deleting variables" - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query ${NETWORK}"Workload_Key_Vault.value") - if [ -n "${az_var}" ]; then - az pipelines variable-group variable delete --group-id ${VARIABLE_GROUP_ID} --name $NETWORK"Workload_Key_Vault" --yes --only-show-errors - fi + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query ${NETWORK}"Workload_Key_Vault.value") + if [ -n "${az_var}" ]; then + az pipelines variable-group variable delete --group-id ${VARIABLE_GROUP_ID} --name $NETWORK"Workload_Key_Vault" --yes --only-show-errors + fi - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query $NETWORK"Workload_Zone_State_FileName.value") - if [ -n "${az_var}" ]; then - az pipelines variable-group variable delete --group-id ${VARIABLE_GROUP_ID} --name $NETWORK"Workload_Zone_State_FileName" --yes --only-show-errors - fi + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query $NETWORK"Workload_Zone_State_FileName.value") + if [ -n "${az_var}" ]; then + az pipelines variable-group variable delete --group-id ${VARIABLE_GROUP_ID} --name $NETWORK"Workload_Zone_State_FileName" --yes --only-show-errors + fi - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "${NETWORK}"Workload_Secret_Prefix.value --output table) - if [ -n "${az_var}" ]; then - az pipelines variable-group variable delete --group-id ${VARIABLE_GROUP_ID} --name $NETWORK"Workload_Secret_Prefix" --yes --only-show-errors - fi + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "${NETWORK}"Workload_Secret_Prefix.value --output table) + if [ -n "${az_var}" ]; then + az pipelines variable-group variable delete --group-id ${VARIABLE_GROUP_ID} --name $NETWORK"Workload_Secret_Prefix" --yes --only-show-errors + fi fi - fi + fi exit $return_code - displayName: Remove SAP workload_zone + displayName: Remove SAP workload_zone env: - SYSTEM_ACCESSTOKEN: $(System.AccessToken) - WL_ARM_SUBSCRIPTION_ID: $(WL_ARM_SUBSCRIPTION_ID) - WL_ARM_CLIENT_ID: $(WL_ARM_CLIENT_ID) - WL_ARM_CLIENT_SECRET: $(WL_ARM_CLIENT_SECRET) - WL_ARM_TENANT_ID: $(WL_ARM_TENANT_ID) - AZURE_DEVOPS_EXT_PAT: $(System.AccessToken) + SYSTEM_ACCESSTOKEN: $(System.AccessToken) + WL_ARM_SUBSCRIPTION_ID: $(WL_ARM_SUBSCRIPTION_ID) + WL_ARM_CLIENT_ID: $(WL_ARM_CLIENT_ID) + WL_ARM_CLIENT_SECRET: $(WL_ARM_CLIENT_SECRET) + WL_ARM_TENANT_ID: $(WL_ARM_TENANT_ID) + AZURE_DEVOPS_EXT_PAT: $(System.AccessToken) SAP_AUTOMATION_REPO_PATH: ${{ parameters.sap_automation_repo_path }} - CONFIG_REPO_PATH: ${{ parameters.config_repo_path }}/$(Deployment_Configuration_Path) - LOGON_USING_SPN: $(Logon_Using_SPN) - USE_MSI: $(Use_MSI) + CONFIG_REPO_PATH: ${{ parameters.config_repo_path }}/$(Deployment_Configuration_Path) + LOGON_USING_SPN: $(Logon_Using_SPN) + USE_MSI: $(Use_MSI) - failOnStderr: false + failOnStderr: false From d2e4d754e980e08540a66693f5a8d3885377218a Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 17 Oct 2024 17:58:54 +0300 Subject: [PATCH 072/279] Refactor pipeline script to update echo statements for installation method --- deploy/pipelines/01-deploy-control-plane.yaml | 8 ++++---- deploy/pipelines/02-sap-workload-zone.yaml | 4 ++-- deploy/pipelines/03-sap-system-deployment.yaml | 3 ++- deploy/pipelines/10-remover-terraform.yaml | 8 +++++--- deploy/pipelines/12-remove-control-plane.yaml | 14 ++++++++------ 5 files changed, 21 insertions(+), 16 deletions(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index 542414bb55..612aecd013 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -632,7 +632,7 @@ stages: if [ $USE_MSI != "true" ]; then - echo -e "$cyan--- Using SPN ---$reset" + echo -e "$cyan --- Install using Service Principals ---$reset" export ARM_CLIENT_ID=$CP_ARM_CLIENT_ID export ARM_CLIENT_SECRET=$CP_ARM_CLIENT_SECRET export ARM_TENANT_ID=$CP_ARM_TENANT_ID @@ -648,7 +648,7 @@ stages: fi az account set --subscription $ARM_SUBSCRIPTION_ID else - echo -e "$cyan--- Using MSI ---$reset" + echo -e "$cyan --- Install using Managed Identity ---$reset" # export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID export ARM_USE_MSI=true export ARM_USE_AZUREAD=true @@ -715,7 +715,7 @@ stages: sudo chmod +x $SAP_AUTOMATION_REPO_PATH/deploy/scripts/deploy_controlplane.sh if [ $USE_MSI != "true" ]; then - echo -e "$cyan--- Using SPN ---$reset" + echo -e "$cyan --- Install using Service Principals ---$reset" export ARM_CLIENT_ID=$CP_ARM_CLIENT_ID export ARM_CLIENT_SECRET=$CP_ARM_CLIENT_SECRET export ARM_TENANT_ID=$CP_ARM_TENANT_ID @@ -730,7 +730,7 @@ stages: --auto-approve --ado \ ${storage_account_parameter} ${keyvault_parameter} else - echo -e "$cyan--- Using MSI ---$reset" + echo -e "$cyan --- Install using Managed Identity ---$reset" export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID export ARM_USE_MSI=true unset ARM_CLIENT_SECRET diff --git a/deploy/pipelines/02-sap-workload-zone.yaml b/deploy/pipelines/02-sap-workload-zone.yaml index b5f0585c3f..d4b2902c12 100644 --- a/deploy/pipelines/02-sap-workload-zone.yaml +++ b/deploy/pipelines/02-sap-workload-zone.yaml @@ -426,7 +426,7 @@ stages: if [ $USE_MSI != "true" ]; then - echo -e "$cyan--- Using SPN ---$reset" + echo -e "$cyan --- Install using Service Principals ---$reset" export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET export ARM_OBJECT_ID=$WL_ARM_OBJECT_ID @@ -451,7 +451,7 @@ stages: secrets_set=$? ; echo -e "$cyan Set Secrets returned $secrets_set $reset" az keyvault set-policy --name "${key_vault}" --application-id $ARM_CLIENT_ID --secret-permissions get list --subscription $STATE_SUBSCRIPTION --output none else - echo -e "$cyan--- Using MSI ---$reset" + echo -e "$cyan --- Install using Managed Identity ---$reset" # export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID export ARM_USE_MSI=true export ARM_USE_AZUREAD=true diff --git a/deploy/pipelines/03-sap-system-deployment.yaml b/deploy/pipelines/03-sap-system-deployment.yaml index 4a8dbc626e..d37dfa6ccd 100644 --- a/deploy/pipelines/03-sap-system-deployment.yaml +++ b/deploy/pipelines/03-sap-system-deployment.yaml @@ -256,7 +256,7 @@ stages: fi if [ $USE_MSI != "true" ]; then - echo "Using SPN" + echo -e "$cyan --- Install using Service Principals ---$reset" export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET @@ -271,6 +271,7 @@ stages: exit $return_code fi else + echo -e "$cyan --- Install using Managed Identity ---$reset" export ARM_USE_MSI=true export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID unset ARM_TENANT_ID diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index 50fc9e3ee5..645c2e73e2 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -163,7 +163,7 @@ stages: rm -f terraform_$(tf_version)_linux_amd64.zip else if [ $USE_MSI != "true" ]; then - echo "Using SPN" + echo -e "$cyan --- Remove using Service Principals ---$reset" export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET @@ -178,6 +178,7 @@ stages: exit $return_code fi else + echo -e "$cyan --- Remove using Managed Identity ---$reset" export ARM_USE_MSI=true export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID unset ARM_TENANT_ID @@ -330,7 +331,7 @@ stages: echo -e "$green --- Running on deployer ---$reset" if [ $USE_MSI != "true" ]; then - echo "Using SPN" + echo -e "$cyan --- Remove using Service Principals ---$reset" export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET @@ -345,6 +346,7 @@ stages: exit $return_code fi else + echo -e "$cyan --- Remove using Managed Identity ---$reset" export ARM_USE_MSI=true export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID unset ARM_TENANT_ID @@ -721,7 +723,7 @@ stages: fi fi - echo -e "$green--- Run the remover script that destroys the SAP workload zone (landscape) ---$reset" + echo -e "$green --- Run the remover script that destroys the SAP workload zone (landscape) ---$reset" cd "$CONFIG_REPO_PATH/LANDSCAPE/$(workload_zone_folder)" $SAP_AUTOMATION_REPO_PATH/deploy/scripts/remover.sh \ diff --git a/deploy/pipelines/12-remove-control-plane.yaml b/deploy/pipelines/12-remove-control-plane.yaml index 4ed304869e..3361e17714 100644 --- a/deploy/pipelines/12-remove-control-plane.yaml +++ b/deploy/pipelines/12-remove-control-plane.yaml @@ -131,8 +131,8 @@ stages: rm -f terraform_$(tf_version)_linux_amd64.zip fi if [ $USE_MSI != "true" ]; then - echo "Login using SPN" - export ARM_USE_MSI=false + echo -e "$cyan --- Remove using Service Principals ---$reset" + unset ARM_USE_MSI az login --service-principal --username $ARM_CLIENT_ID --password=$ARM_CLIENT_SECRET --tenant $ARM_TENANT_ID --output none return_code=$? if [ 0 != $return_code ]; then @@ -141,6 +141,7 @@ stages: exit $return_code fi else + echo -e "$cyan --- Remove using Managed Identity ---$reset" source /etc/profile.d/deploy_server.sh export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID export ARM_USE_MSI=true @@ -420,12 +421,12 @@ stages: green="\e[1;32m" ; reset="\e[0m" export ARM_USE_MSI=false if [ $USE_MSI != "true" ]; then - echo "use Service Principal" + echo -e "$cyan --- Remove using Service Principals ---$reset" export ARM_CLIENT_ID=$CP_ARM_CLIENT_ID export ARM_TENANT_ID=$CP_ARM_TENANT_ID export ARM_CLIENT_SECRET=$CP_ARM_CLIENT_SECRET else - echo "use MSI" + echo -e "$cyan --- Remove using Managed Identity ---$reset" export ARM_CLIENT_ID=$servicePrincipalId export ARM_TENANT_ID=$tenantId export ARM_CLIENT_SECRET=$servicePrincipalKey @@ -588,8 +589,9 @@ stages: echo -e "$green--- az login ---$reset" if [ $USE_MSI != "true" ]; then - echo "Login using SPN" - export ARM_USE_MSI=false + echo -e "$cyan --- Remove using Service Principals ---$reset" + + unset ARM_USE_MSI az login --service-principal --username $ARM_CLIENT_ID --password=$ARM_CLIENT_SECRET --tenant $ARM_TENANT_ID --output none return_code=$? if [ 0 != $return_code ]; then From d47cd4aff11f34116e69c89a9551912f2ba2624b Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 17 Oct 2024 18:06:54 +0300 Subject: [PATCH 073/279] Refactor pipeline script to update echo statements for installation method --- deploy/pipelines/10-remover-terraform.yaml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index 645c2e73e2..1624c4c1d5 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -635,6 +635,7 @@ stages: echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" echo "Location(filename): $LOCATION_IN_FILENAME" echo "Network(filename): $NETWORK_IN_FILENAME" + echo "" if [ $ENVIRONMENT != $ENVIRONMENT_IN_FILENAME ]; then echo "##vso[task.logissue type=error]The environment setting in $(workload_zone_configuration_file) '$ENVIRONMENT' does not match the $(workload_zone_configuration_file) file name '$ENVIRONMENT_IN_FILENAME'. Filename should have the pattern [ENVIRONMENT]-[REGION_CODE]-[NETWORK_LOGICAL_NAME]-INFRASTRUCTURE" @@ -661,16 +662,16 @@ stages: az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query $NETWORK"Workload_Key_Vault.value") if [ -z ${az_var} ]; then - export workload_key_vault=$(cat "${workload_environment_file_name}" | grep workloadkeyvault | awk -F'=' '{print $2}' | xargs) ; echo 'Workload Key Vault' ${workload_key_vault} + export workload_key_vault=$(cat "${workload_environment_file_name}" | grep workloadkeyvault | awk -F'=' '{print $2}' | xargs) ; echo "Workload Key Vault: ${workload_key_vault}" else - export workload_key_vault="${az_var}" ; echo 'Workload Key Vault' ${workload_key_vault} + export workload_key_vault="${az_var}" ; echo "Workload Key Vault: ${workload_key_vault}" fi az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Deployer_Key_Vault.value" | tr -d \") if [ -n "${az_var}" ]; then - key_vault="${az_var}" ; echo 'Deployer Key Vault' ${key_vault} + key_vault="${az_var}" ; echo "Deployer Key Vault: ${key_vault}" else - key_vault=$(cat ${workload_environment_file_name} | grep keyvault= -m1 | awk -F'=' '{print $2}' | xargs) ; echo 'Deployer Key Vault' ${key_vault} + key_vault=$(cat ${workload_environment_file_name} | grep keyvault= -m1 | awk -F'=' '{print $2}' | xargs) ; echo "Deployer Key Vault: ${key_vault}" fi az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Subscription.value" | tr -d \") From 958c3f0e15e4f41e68bbdd8fa98e4c0fa681510d Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 17 Oct 2024 18:43:16 +0300 Subject: [PATCH 074/279] Refactor pipeline script to use correct variables for workload ARM_CLIENT_ID --- deploy/pipelines/01-deploy-control-plane.yaml | 32 ++++---- deploy/pipelines/02-sap-workload-zone.yaml | 12 +-- .../pipelines/03-sap-system-deployment.yaml | 8 +- .../pipelines/04-sap-software-download.yaml | 2 +- deploy/pipelines/10-remover-terraform.yaml | 76 ++++++++++++------- deploy/pipelines/11-remover-arm-fallback.yaml | 18 ++--- 6 files changed, 83 insertions(+), 65 deletions(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index 612aecd013..810fb45f29 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -310,26 +310,26 @@ stages: fi echo -e "$green--- Adding variables to the variable group:" $(variable_group) "---$reset" if [ 0 = $return_code ]; then - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Deployer_State_FileName.value") + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Deployer_State_FileName.value" --out tsv) if [ -z ${az_var} ]; then az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name Deployer_State_FileName --value ${file_deployer_tfstate_key} --output none --only-show-errors else az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name Deployer_State_FileName --value ${file_deployer_tfstate_key} --output none --only-show-errors fi - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Deployer_Key_Vault.value") + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Deployer_Key_Vault.value" --out tsv) if [ -z ${az_var} ]; then az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name Deployer_Key_Vault --value ${file_key_vault} --output none --only-show-errors else az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name Deployer_Key_Vault --value ${file_key_vault} --output none --only-show-errors fi - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "ControlPlaneEnvironment.value") + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "ControlPlaneEnvironment.value" --out tsv) if [ -z ${az_var} ]; then az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name ControlPlaneEnvironment --value ${ENVIRONMENT} --output none --only-show-errors else az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name ControlPlaneEnvironment --value ${ENVIRONMENT} --output none --only-show-errors fi - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "ControlPlaneLocation.value") + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "ControlPlaneLocation.value" --out tsv) if [ -z ${az_var} ]; then az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name ControlPlaneLocation --value ${LOCATION} --output none --only-show-errors else @@ -337,7 +337,7 @@ stages: fi if [ -n "${deployer_random_id}" ] ; then - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "DEPLOYER_RANDOM_ID_SEED.value") + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "DEPLOYER_RANDOM_ID_SEED.value" --out tsv) if [ -z ${az_var} ]; then az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name DEPLOYER_RANDOM_ID_SEED --value ${deployer_random_id} --output none --only-show-errors else @@ -545,14 +545,14 @@ stages: bootstrapped=0 if [ ! -f $deployer_environment_file_name ]; then - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Account_Name.value") + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Account_Name.value" --out tsv) if [[ ${#az_var} -ne 0 ]]; then echo "REMOTE_STATE_SA="${az_var} echo "REMOTE_STATE_SA="${az_var} | tee -a $deployer_environment_file_name > /dev/null echo "STATE_SUBSCRIPTION="$ARM_SUBSCRIPTION_ID | tee -a $deployer_environment_file_name > /dev/null fi - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Resource_Group_Name.value") + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Resource_Group_Name.value" --out tsv) if [[ ${#az_var} -ne 0 ]]; then echo "REMOTE_STATE_RG="${az_var} echo "REMOTE_STATE_RG="${az_var} | tee -a $deployer_environment_file_name > /dev/null @@ -560,12 +560,12 @@ stages: fi - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Deployer_State_FileName.value") + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Deployer_State_FileName.value" --out tsv) if [[ ${#az_var} -ne 0 ]]; then echo "deployer_tfstate_key="${az_var} | tee -a $deployer_environment_file_name > /dev/null fi - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Deployer_Key_Vault.value") + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Deployer_Key_Vault.value" --out tsv) if [[ ${#az_var} -ne 0 ]]; then echo "keyvault="${az_var} | tee -a $deployer_environment_file_name > /dev/null bootstrapped=1 @@ -856,49 +856,49 @@ stages: echo -e "$green--- Adding variables to the variable group:" $(variable_group) "---$reset" if [ 0 = $return_code ]; then - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Account_Name.value") + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Account_Name.value" --out tsv) if [ -z ${az_var} ]; then az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name Terraform_Remote_Storage_Account_Name --value ${file_REMOTE_STATE_SA} --output none --only-show-errors else az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name Terraform_Remote_Storage_Account_Name --value ${file_REMOTE_STATE_SA} --output none --only-show-errors fi - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Resource_Group_Name.value") + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Resource_Group_Name.value" --out tsv) if [ -z ${az_var} ]; then az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name Terraform_Remote_Storage_Resource_Group_Name --value ${file_REMOTE_STATE_RG} --output none --only-show-errors else az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name Terraform_Remote_Storage_Resource_Group_Name --value ${file_REMOTE_STATE_RG} --output none --only-show-errors fi - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Subscription.value") + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Subscription.value" --out tsv) if [ -z ${az_var} ]; then az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name Terraform_Remote_Storage_Subscription --value $ARM_SUBSCRIPTION_ID --output none --only-show-errors else az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name Terraform_Remote_Storage_Subscription --value $ARM_SUBSCRIPTION_ID --output none --only-show-errors fi - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Deployer_State_FileName.value") + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Deployer_State_FileName.value" --out tsv) if [ -z ${az_var} ]; then az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name Deployer_State_FileName --value ${file_deployer_tfstate_key} --output none --only-show-errors else az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name Deployer_State_FileName --value ${file_deployer_tfstate_key} --output none --only-show-errors fi - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Deployer_Key_Vault.value") + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Deployer_Key_Vault.value" --out tsv) if [ -z ${az_var} ]; then az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name Deployer_Key_Vault --value ${file_key_vault} --output none --only-show-errors else az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name Deployer_Key_Vault --value ${file_key_vault} --output none --only-show-errors fi - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "ControlPlaneEnvironment.value") + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "ControlPlaneEnvironment.value" --out tsv) if [ -z ${az_var} ]; then az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name ControlPlaneEnvironment --value ${ENVIRONMENT} --output none --only-show-errors else az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name ControlPlaneEnvironment --value ${ENVIRONMENT} --output none --only-show-errors fi - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "ControlPlaneLocation.value") + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "ControlPlaneLocation.value" --out tsv) if [ -z ${az_var} ]; then az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name ControlPlaneLocation --value ${LOCATION} --output none --only-show-errors else diff --git a/deploy/pipelines/02-sap-workload-zone.yaml b/deploy/pipelines/02-sap-workload-zone.yaml index d4b2902c12..a082240a34 100644 --- a/deploy/pipelines/02-sap-workload-zone.yaml +++ b/deploy/pipelines/02-sap-workload-zone.yaml @@ -367,35 +367,35 @@ stages: if [ "true" == $(inherit) ]; then - az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Deployer_State_FileName.value" | tr -d \") + az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Deployer_State_FileName.value" --out tsv) if [ -z ${az_var} ]; then deployer_tfstate_key=$(cat ${deployer_environment_file_name} | grep deployer_tfstate_key | awk -F'=' '{print $2}' | xargs) ; echo 'Deployer State File' $deployer_tfstate_key else deployer_tfstate_key=${az_var} ; echo 'Deployer State File' $deployer_tfstate_key fi - az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Deployer_Key_Vault.value" | tr -d \") + az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Deployer_Key_Vault.value" --out tsv) if [ -z ${az_var} ]; then key_vault=$(cat ${deployer_environment_file_name} | grep keyvault= | awk -F'=' '{print $2}' | xargs) ; echo 'Deployer Key Vault' ${key_vault} else key_vault=${az_var}; echo 'Deployer Key Vault' ${key_vault} fi - az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Account_Name.value" | tr -d \") + az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Account_Name.value" --out tsv) if [ -z ${az_var} ]; then REMOTE_STATE_SA=$(cat ${deployer_environment_file_name} | grep REMOTE_STATE_SA | awk -F'=' '{print $2}' | xargs) ; echo 'Terraform state file storage account' $REMOTE_STATE_SA else REMOTE_STATE_SA=${az_var}; echo 'Terraform state file storage account' $REMOTE_STATE_SA fi - az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Subscription.value" | tr -d \") + az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Subscription.value" --out tsv) if [ -z ${az_var} ]; then STATE_SUBSCRIPTION=$(cat ${deployer_environment_file_name} | grep STATE_SUBSCRIPTION | awk -F'=' '{print $2}' | xargs) ; echo 'Terraform state file subscription' $STATE_SUBSCRIPTION else STATE_SUBSCRIPTION=${az_var}; echo 'Terraform state file subscription' $STATE_SUBSCRIPTION fi - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "WL_ARM_SUBSCRIPTION_ID.value" | tr -d \") + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "WL_ARM_SUBSCRIPTION_ID.value" --out tsv) if [ -z ${az_var} ]; then echo "##vso[task.logissue type=error]Variable WL_ARM_SUBSCRIPTION_ID was not defined." exit 2 @@ -403,7 +403,7 @@ stages: echo 'Target subscription' $WL_ARM_SUBSCRIPTION_ID fi - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Workload_Key_Vault.value" | tr -d \") + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Workload_Key_Vault.value" --out tsv) if [ -z ${az_var} ]; then if [ -f ${workload_environment_file_name} ]; then export workload_key_vault=$(cat ${workload_environment_file_name} | grep workloadkeyvault | awk -F'=' '{print $2}' | xargs) ; echo 'Workload Key Vault' ${workload_key_vault} diff --git a/deploy/pipelines/03-sap-system-deployment.yaml b/deploy/pipelines/03-sap-system-deployment.yaml index d37dfa6ccd..44256a3e38 100644 --- a/deploy/pipelines/03-sap-system-deployment.yaml +++ b/deploy/pipelines/03-sap-system-deployment.yaml @@ -281,21 +281,21 @@ stages: echo -e "$green--- Define variables ---$reset" cd $HOME_CONFIG/SYSTEM/$(sap_system_folder) - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Subscription.value" | tr -d \") + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Subscription.value" --out tsv) if [ -z ${az_var} ]; then export STATE_SUBSCRIPTION=$(grep STATE_SUBSCRIPTION ${environment_file_name} | awk -F'=' '{print $2}' | xargs) ; echo 'Terraform state file subscription' $STATE_SUBSCRIPTION else export STATE_SUBSCRIPTION=${az_var} ; echo 'Terraform state file subscription' $STATE_SUBSCRIPTION fi - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Account_Name.value" | tr -d \") + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Account_Name.value" --out tsv) if [ -z ${az_var} ]; then export REMOTE_STATE_SA=$(grep REMOTE_STATE_SA ${environment_file_name} | awk -F'=' '{print $2}' | xargs) ; echo 'Terraform state file storage account' $REMOTE_STATE_SA else export REMOTE_STATE_SA=${az_var} ; echo 'Terraform state file storage account' $REMOTE_STATE_SA fi - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Deployer_State_FileName.value" | tr -d \") + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Deployer_State_FileName.value" --out tsv) if [ -z ${az_var} ]; then export deployer_tfstate_key=$(grep deployer_tfstate_key ${environment_file_name} | awk -F'=' '{print $2}' | xargs) ; echo 'Deployer State File' $deployer_tfstate_key else @@ -309,7 +309,7 @@ stages: export landscape_tfstate_key=${az_var} ; echo 'landscape_tfstate_key' $landscape_tfstate_key fi - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Deployer_Key_Vault.value" | tr -d \") + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Deployer_Key_Vault.value" --out tsv) if [ -z ${az_var} ]; then export key_vault=$(grep keyvault= ${environment_file_name} | awk -F'=' '{print $2}' | xargs) ; echo 'Deployer Key Vault' $key_vault else diff --git a/deploy/pipelines/04-sap-software-download.yaml b/deploy/pipelines/04-sap-software-download.yaml index 0966999505..fc13d25f86 100644 --- a/deploy/pipelines/04-sap-software-download.yaml +++ b/deploy/pipelines/04-sap-software-download.yaml @@ -117,7 +117,7 @@ stages: echo "##vso[task.logissue type=error]Variable group $(variable_group) could not be found." exit 2 fi - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Deployer_Key_Vault.value" | tr -d \") + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Deployer_Key_Vault.value" --out tsv) if [ -n ${az_var} ]; then kv_name=${az_var}; echo "Key Vault="$kv_name else diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index 1624c4c1d5..5b5ddc6f97 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -212,11 +212,6 @@ stages: NETWORK=$(grep "^network_logical_name" $HOME_CONFIG/SYSTEM/$(sap_system_folder)/$(sap_system_configuration) | awk -F'=' '{print $2}' | xargs) SID=$(grep "^sid" $HOME_CONFIG/SYSTEM/$(sap_system_folder)/$(sap_system_configuration) | awk -F'=' '{print $2}' | xargs) - echo "Environment: $ENVIRONMENT" - echo "Location: $LOCATION" - echo "Network: $NETWORK" - echo "SID: $SID" - ENVIRONMENT_IN_FILENAME=$(echo $(sap_system_folder) | awk -F'-' '{print $1}' | xargs) ; LOCATION_CODE=$(echo $(sap_system_folder) | awk -F'-' '{print $2}' | xargs) ; NETWORK_IN_FILENAME=$(echo $(sap_system_folder) | awk -F'-' '{print $3}' | xargs) ; @@ -280,11 +275,19 @@ stages: *) LOCATION_IN_FILENAME="westeurope" ;; esac + + echo "Environment: $ENVIRONMENT" + echo "Location: $LOCATION" + echo "Network: $NETWORK" + echo "SID: $SID" + echo "" echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" echo "Location(filename): $LOCATION_IN_FILENAME" echo "Network(filename): $NETWORK_IN_FILENAME" echo "SID(filename): $SID_IN_FILENAME" + echo "" + if [ $ENVIRONMENT != $ENVIRONMENT_IN_FILENAME ]; then echo "##vso[task.logissue type=error]The environment setting in $(sap_system_configuration) '$ENVIRONMENT' does not match the $(sap_system_configuration) file name '$ENVIRONMENT_IN_FILENAME'. Filename should have the pattern [ENVIRONMENT]-[REGION_CODE]-[NETWORK_LOGICAL_NAME]-[SID]" exit 2 @@ -356,31 +359,39 @@ stages: echo -e "$green--- Set variables ---$reset" - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "${NETWORK}Workload_Key_Vault.value" | tr -d \") + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "${NETWORK}Workload_Key_Vault.value" --out tsv) if [ -z ${az_var} ]; then - export workload_key_vault=$(cat "${workload_environment_file_name}" | grep workloadkeyvault | awk -F'=' '{print $2}' | xargs) ; echo 'Workload Key Vault' ${workload_key_vault} + export workload_key_vault=$(cat "${workload_environment_file_name}" | grep workloadkeyvault | awk -F'=' '{print $2}' | xargs) + echo "Workload Key Vault: ${workload_key_vault}" else - export workload_key_vault="${az_var}" ; echo 'Workload Key Vault' ${workload_key_vault} + export workload_key_vault="${az_var}" + echo "Workload Key Vault: ${workload_key_vault}" fi if [ -n $(Deployer_Key_Vault) ]; then - export key_vault=$(Deployer_Key_Vault) ; echo 'Deployer Key Vault' ${key_vault} + export key_vault=$(Deployer_Key_Vault) + echo "Deployer Key Vault: ${key_vault}" else - export key_vault=$(cat ${workload_environment_file_name} | grep keyvault= -m1 | awk -F'=' '{print $2}' | xargs) ; echo 'Deployer Key Vault' ${key_vault} + export key_vault=$(cat ${workload_environment_file_name} | grep keyvault= -m1 | awk -F'=' '{print $2}' | xargs) + echo "Deployer Key Vault: ${key_vault}" fi - az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Subscription.value" | tr -d \") + az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Subscription.value" --out tsv) if [ -n "${az_var}" ]; then - STATE_SUBSCRIPTION="${az_var}" ; echo 'Terraform state file subscription' $STATE_SUBSCRIPTION + STATE_SUBSCRIPTION="${az_var}" + echo "TF state subscription: $STATE_SUBSCRIPTION" else - STATE_SUBSCRIPTION=$(cat ${workload_environment_file_name} | grep STATE_SUBSCRIPTION= | awk -F'=' '{print $2}' | xargs) ; echo 'Terraform state file subscription' $STATE_SUBSCRIPTION + STATE_SUBSCRIPTION=$(cat ${workload_environment_file_name} | grep STATE_SUBSCRIPTION= | awk -F'=' '{print $2}' | xargs) + echo "TF state subscription: $STATE_SUBSCRIPTION" fi - az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Account_Name.value" | tr -d \") + az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Account_Name.value" --out tsv) if [ -n "${az_var}" ]; then - REMOTE_STATE_SA="${az_var}" ; echo 'Terraform state file storage account' $REMOTE_STATE_SA + REMOTE_STATE_SA="${az_var}" + echo "TF state account: $REMOTE_STATE_SA" else - REMOTE_STATE_SA=$(cat ${workload_environment_file_name} | grep REMOTE_STATE_SA | awk -F'=' '{print $2}' | xargs) ; echo 'Terraform state file storage account' $REMOTE_STATE_SA + REMOTE_STATE_SA=$(cat ${workload_environment_file_name} | grep REMOTE_STATE_SA | awk -F'=' '{print $2}' | xargs) + echo "TF state account: $REMOTE_STATE_SA" fi echo -e "$green--- Run the remover script that destroys the SAP system ---$reset" @@ -660,32 +671,39 @@ stages: fi fi - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query $NETWORK"Workload_Key_Vault.value") + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "${NETWORK}Workload_Key_Vault.value" --out tsv) if [ -z ${az_var} ]; then - export workload_key_vault=$(cat "${workload_environment_file_name}" | grep workloadkeyvault | awk -F'=' '{print $2}' | xargs) ; echo "Workload Key Vault: ${workload_key_vault}" + export workload_key_vault=$(cat "${workload_environment_file_name}" | grep workloadkeyvault | awk -F'=' '{print $2}' | xargs) + echo "Workload Key Vault: ${workload_key_vault}" else - export workload_key_vault="${az_var}" ; echo "Workload Key Vault: ${workload_key_vault}" + export workload_key_vault="${az_var}" + echo "Workload Key Vault: ${workload_key_vault}" fi - az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Deployer_Key_Vault.value" | tr -d \") - if [ -n "${az_var}" ]; then - key_vault="${az_var}" ; echo "Deployer Key Vault: ${key_vault}" + if [ -n $(Deployer_Key_Vault) ]; then + export key_vault=$(Deployer_Key_Vault) + echo "Deployer Key Vault: ${key_vault}" else - key_vault=$(cat ${workload_environment_file_name} | grep keyvault= -m1 | awk -F'=' '{print $2}' | xargs) ; echo "Deployer Key Vault: ${key_vault}" + export key_vault=$(cat ${workload_environment_file_name} | grep keyvault= -m1 | awk -F'=' '{print $2}' | xargs) + echo "Deployer Key Vault: ${key_vault}" fi - az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Subscription.value" | tr -d \") + az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Subscription.value" --out tsv) if [ -n "${az_var}" ]; then - STATE_SUBSCRIPTION="${az_var}" ; echo 'Terraform state file subscription' $STATE_SUBSCRIPTION + STATE_SUBSCRIPTION="${az_var}" + echo "TF state subscription: $STATE_SUBSCRIPTION" else - STATE_SUBSCRIPTION=$(cat ${workload_environment_file_name} | grep STATE_SUBSCRIPTION | awk -F'=' '{print $2}' | xargs) ; echo 'Terraform state file subscription' $STATE_SUBSCRIPTION + STATE_SUBSCRIPTION=$(cat ${workload_environment_file_name} | grep STATE_SUBSCRIPTION= | awk -F'=' '{print $2}' | xargs) + echo "TF state subscription: $STATE_SUBSCRIPTION" fi - az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Account_Name.value" | tr -d \") + az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Account_Name.value" --out tsv) if [ -n "${az_var}" ]; then - REMOTE_STATE_SA="${az_var}" ; echo 'Terraform state file storage account' $REMOTE_STATE_SA + REMOTE_STATE_SA="${az_var}" + echo "TF state account: $REMOTE_STATE_SA" else - REMOTE_STATE_SA=$(cat ${workload_environment_file_name} | grep REMOTE_STATE_SA | awk -F'=' '{print $2}' | xargs) ; echo 'Terraform state file storage account' $REMOTE_STATE_SA + REMOTE_STATE_SA=$(cat ${workload_environment_file_name} | grep REMOTE_STATE_SA | awk -F'=' '{print $2}' | xargs) + echo "TF state account: $REMOTE_STATE_SA" fi # Check if running on deployer diff --git a/deploy/pipelines/11-remover-arm-fallback.yaml b/deploy/pipelines/11-remover-arm-fallback.yaml index bc2d5d8e38..1baad59df9 100644 --- a/deploy/pipelines/11-remover-arm-fallback.yaml +++ b/deploy/pipelines/11-remover-arm-fallback.yaml @@ -319,7 +319,7 @@ stages: return_code=0 export VARIABLE_GROUP_ID=$(az pipelines variable-group list --query "[?name=='$(parent_variable_group)'].id | [0]"); echo "Variable group: " $VARIABLE_GROUP_ID - variable_value=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "CP_ARM_SUBSCRIPTION_ID.value" | tr -d \") + variable_value=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "CP_ARM_SUBSCRIPTION_ID.value" --out tsv) if [ -z $variable_value ]; then subscription=$ARM_SUBSCRIPTION_ID else @@ -406,42 +406,42 @@ stages: if [ ${#VARIABLE_GROUP_ID} != 0 ]; then echo "Deleting variables" - variable_value=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Account_Name.value" ) + variable_value=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Account_Name.value" --out tsv) if [ ${#variable_value} != 0 ]; then az pipelines variable-group variable delete --group-id ${VARIABLE_GROUP_ID} --name Terraform_Remote_Storage_Account_Name --yes --only-show-errors fi - variable_value=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Resource_Group_Name.value" ) + variable_value=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Resource_Group_Name.value" --out tsv) if [ ${#variable_value} != 0 ]; then az pipelines variable-group variable delete --group-id ${VARIABLE_GROUP_ID} --name Terraform_Remote_Storage_Resource_Group_Name --yes --only-show-errors fi - variable_value=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Subscription.value" ) + variable_value=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Subscription.value" --out tsv) if [ ${#variable_value} != 0 ]; then az pipelines variable-group variable delete --group-id ${VARIABLE_GROUP_ID} --name Terraform_Remote_Storage_Subscription --yes --only-show-errors fi - variable_value=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Deployer_State_FileName.value" ) + variable_value=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Deployer_State_FileName.value" --out tsv) if [ ${#variable_value} != 0 ]; then az pipelines variable-group variable delete --group-id ${VARIABLE_GROUP_ID} --name Deployer_State_FileName --yes --only-show-errors fi - variable_value=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Deployer_Key_Vault.value" ) + variable_value=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Deployer_Key_Vault.value" --out tsv) if [ ${#variable_value} != 0 ]; then az pipelines variable-group variable delete --group-id ${VARIABLE_GROUP_ID} --name Deployer_Key_Vault --yes --only-show-errors fi - variable_value=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "WEBAPP_URL_BASE.value" ) + variable_value=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "WEBAPP_URL_BASE.value" --out tsv) if [ ${#variable_value} != 0 ]; then az pipelines variable-group variable delete --group-id ${VARIABLE_GROUP_ID} --name WEBAPP_URL_BASE --yes --only-show-errors fi - variable_value=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "WEBAPP_IDENTITY.value" ) + variable_value=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "WEBAPP_IDENTITY.value" --out tsv) if [ ${#variable_value} != 0 ]; then az pipelines variable-group variable delete --group-id ${VARIABLE_GROUP_ID} --name WEBAPP_IDENTITY --yes --only-show-errors fi - variable_value=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "WEBAPP_ID.value" ) + variable_value=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "WEBAPP_ID.value" --out tsv) if [ ${#variable_value} != 0 ]; then az pipelines variable-group variable delete --group-id ${VARIABLE_GROUP_ID} --name WEBAPP_ID --yes --only-show-errors fi From ed19676c242d07c207ab27d4ad1e781020578e77 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 17 Oct 2024 18:53:03 +0300 Subject: [PATCH 075/279] Refactor pipeline script to update echo statements for installation method --- deploy/pipelines/10-remover-terraform.yaml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index 5b5ddc6f97..2c03d8e45c 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -148,10 +148,10 @@ stages: # Check if running on deployer if [[ ! -f /etc/profile.d/deploy_server.sh ]]; then - echo -e "$green --- Install dos2unix ---$reset" + echo -e "$green--- Install dos2unix ---$reset" sudo apt-get -qq install dos2unix - echo -e "$green --- Install terraform ---$reset" + echo -e "$green--- Install terraform ---$reset" wget -q $(tf_url) return_code=$? @@ -163,7 +163,7 @@ stages: rm -f terraform_$(tf_version)_linux_amd64.zip else if [ $USE_MSI != "true" ]; then - echo -e "$cyan --- Remove using Service Principals ---$reset" + echo -e "$cyan--- Remove using Service Principals ---$reset" export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET @@ -178,7 +178,7 @@ stages: exit $return_code fi else - echo -e "$cyan --- Remove using Managed Identity ---$reset" + echo -e "$cyan--- Remove using Managed Identity ---$reset" export ARM_USE_MSI=true export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID unset ARM_TENANT_ID @@ -331,10 +331,10 @@ stages: az login --identity --allow-no-subscriptions --output none fi else - echo -e "$green --- Running on deployer ---$reset" + echo -e "$green--- Running on deployer ---$reset" if [ $USE_MSI != "true" ]; then - echo -e "$cyan --- Remove using Service Principals ---$reset" + echo -e "$cyan--- Remove using Service Principals ---$reset" export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET @@ -533,10 +533,10 @@ stages: # Check if running on deployer if [[ ! -f /etc/profile.d/deploy_server.sh ]]; then - echo -e "$green --- Install dos2unix ---$reset" + echo -e "$green--- Install dos2unix ---$reset" sudo apt-get -qq install dos2unix - echo -e "$green --- Install terraform ---$reset" + echo -e "$green--- Install terraform ---$reset" wget -q $(tf_url) return_code=$? @@ -717,11 +717,11 @@ stages: exit $return_code fi else - echo -e "$green --- Running on deployer ---$reset" + echo -e "$green--- Running on deployer ---$reset" if [ "${USE_MSI}" != "true" ]; then - echo -e "$cyan --- Install using Service Principals ---$reset" + echo -e "$cyan--- Remove using Service Principals ---$reset" export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET export ARM_TENANT_ID=$WL_ARM_TENANT_ID From 7423f476403cccbe10c2362e5603d17d36e463a8 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 17 Oct 2024 18:56:32 +0300 Subject: [PATCH 076/279] Refactor pipeline script to update echo statements for installation method --- deploy/pipelines/10-remover-terraform.yaml | 3 ++- deploy/pipelines/12-remove-control-plane.yaml | 16 +++++++--------- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index 2c03d8e45c..236be63dc4 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -87,7 +87,8 @@ stages: - template: templates\download.yaml - bash: | #!/bin/bash - green="\e[1;32m" ; reset="\e[0m" + green="\e[1;32m" ; reset="\e[0m" ; boldred="\e[1;31m" ; cyan="\e[1;36m" + echo -e "$green--- Checkout $(Build.SourceBranchName) ---$reset" echo "##vso[build.updatebuildnumber]Removing the SAP System defined in $(sap_system_folder)" diff --git a/deploy/pipelines/12-remove-control-plane.yaml b/deploy/pipelines/12-remove-control-plane.yaml index 3361e17714..1b7fbc2672 100644 --- a/deploy/pipelines/12-remove-control-plane.yaml +++ b/deploy/pipelines/12-remove-control-plane.yaml @@ -66,9 +66,7 @@ stages: set -u echo "##vso[build.updatebuildnumber]Removing the control plane defined in $(deployer_folder) $(library_folder)" - green="\e[1;32m" ; reset="\e[0m" - - + green="\e[1;32m" ; reset="\e[0m" ; boldred="\e[1;31m" ; cyan="\e[1;36m" # echo -e "$green--- Checkout $(Build.SourceBranchName) ---$reset" # git fetch -q --all @@ -131,7 +129,7 @@ stages: rm -f terraform_$(tf_version)_linux_amd64.zip fi if [ $USE_MSI != "true" ]; then - echo -e "$cyan --- Remove using Service Principals ---$reset" + echo -e "$cyan--- Remove using Service Principals ---$reset" unset ARM_USE_MSI az login --service-principal --username $ARM_CLIENT_ID --password=$ARM_CLIENT_SECRET --tenant $ARM_TENANT_ID --output none return_code=$? @@ -141,7 +139,7 @@ stages: exit $return_code fi else - echo -e "$cyan --- Remove using Managed Identity ---$reset" + echo -e "$cyan--- Remove using Managed Identity ---$reset" source /etc/profile.d/deploy_server.sh export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID export ARM_USE_MSI=true @@ -418,15 +416,15 @@ stages: inlineScript: | #!/bin/bash echo "##vso[build.updatebuildnumber]Removing the control plane defined in $(deployer_folder) $(library_folder)" - green="\e[1;32m" ; reset="\e[0m" + green="\e[1;32m" ; reset="\e[0m" ; boldred="\e[1;31m" ; cyan="\e[1;36m" export ARM_USE_MSI=false if [ $USE_MSI != "true" ]; then - echo -e "$cyan --- Remove using Service Principals ---$reset" + echo -e "$cyan--- Remove using Service Principals ---$reset" export ARM_CLIENT_ID=$CP_ARM_CLIENT_ID export ARM_TENANT_ID=$CP_ARM_TENANT_ID export ARM_CLIENT_SECRET=$CP_ARM_CLIENT_SECRET else - echo -e "$cyan --- Remove using Managed Identity ---$reset" + echo -e "$cyan--- Remove using Managed Identity ---$reset" export ARM_CLIENT_ID=$servicePrincipalId export ARM_TENANT_ID=$tenantId export ARM_CLIENT_SECRET=$servicePrincipalKey @@ -589,7 +587,7 @@ stages: echo -e "$green--- az login ---$reset" if [ $USE_MSI != "true" ]; then - echo -e "$cyan --- Remove using Service Principals ---$reset" + echo -e "$cyan--- Remove using Service Principals ---$reset" unset ARM_USE_MSI az login --service-principal --username $ARM_CLIENT_ID --password=$ARM_CLIENT_SECRET --tenant $ARM_TENANT_ID --output none From 12739196a8464e2176b83d51a80f40efb713b5c5 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 17 Oct 2024 19:44:56 +0300 Subject: [PATCH 077/279] Refactor pipeline script to update echo statements for installation method and use correct variables for workload ARM_CLIENT_ID --- deploy/pipelines/01-deploy-control-plane.yaml | 25 ++++++----- deploy/pipelines/12-remove-control-plane.yaml | 43 ++++++++++++------- deploy/scripts/helpers/script_helpers.sh | 5 ++- 3 files changed, 46 insertions(+), 27 deletions(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index 810fb45f29..6cad3a6245 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -96,8 +96,9 @@ stages: file_deployer_tfstate_key=$(deployerfolder).tfstate - ENVIRONMENT=$(echo $(deployerfolder) | awk -F'-' '{print $1}' | xargs) ; echo Environment ${ENVIRONMENT} - LOCATION=$(echo $(deployerfolder) | awk -F'-' '{print $2}' | xargs) ; echo Location ${LOCATION} + ENVIRONMENT=$(echo $(deployerfolder) | awk -F'-' '{print $1}' | xargs) + LOCATION=$(echo $(deployerfolder) | awk -F'-' '{print $2}' | xargs) + deployer_environment_file_name=$CONFIG_REPO_PATH/.sap_deployment_automation/${ENVIRONMENT}${LOCATION} echo -e "$green--- Checkout $(Build.SourceBranchName) ---$reset" @@ -109,13 +110,18 @@ stages: az extension add --name azure-devops --output none - echo "Agent: " $(this_agent) - echo "Organization: " $(System.CollectionUri) - echo "Project: " $(System.TeamProject) + + echo "Environment: ${ENVIRONMENT}" + echo "Location: ${LOCATION}" + echo "" + echo "Agent: $(this_agent)" + echo "Organization: $(System.CollectionUri)" + echo "Project: $(System.TeamProject)" az devops configure --defaults organization=$(System.CollectionUri) project='$(System.TeamProject)' --output none export VARIABLE_GROUP_ID=$(az pipelines variable-group list --query "[?name=='$(variable_group)'].id | [0]") - echo "$(variable_group) id: ${VARIABLE_GROUP_ID}" + + echo "$(variable_group) id: ${VARIABLE_GROUP_ID}" echo "${{ parameters.force_reset }}" @@ -161,7 +167,6 @@ stages: fi fi fi - echo "Agent: " $(this_agent) if [ -z ${VARIABLE_GROUP_ID} ]; then echo "##vso[task.logissue type=error]Variable group $(variable_group) could not be found." exit 2 @@ -215,11 +220,12 @@ stages: echo 'Deployer Agent PAT is defined' fi if [ -n "$(POOL)" ]; then - echo 'Deployer Agent Pool' $(POOL) + echo "Deployer Agent Pool: $(POOL)" fi if [ -f ${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/state.zip ]; then pass=$(echo $(System.CollectionId) | sed 's/-//g') + echo "Unzipping state.zip" unzip -qq -o -P "${pass}" ${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/state.zip -d ${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder) fi @@ -250,8 +256,7 @@ stages: export ARM_USE_OIDC=false export ARM_USE_AZUREAD=true - az login --service-principal -u $ARM_CLIENT_ID -p=$ARM_CLIENT_SECRET --tenant $ARM_TENANT_ID - + az login --service-principal -u $ARM_CLIENT_ID -p=$ARM_CLIENT_SECRET --tenant $ARM_TENANT_ID --output none $SAP_AUTOMATION_REPO_PATH/deploy/scripts/deploy_controlplane.sh \ --deployer_parameter_file ${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/$(deployerconfig) \ diff --git a/deploy/pipelines/12-remove-control-plane.yaml b/deploy/pipelines/12-remove-control-plane.yaml index 1b7fbc2672..9854c0ffe9 100644 --- a/deploy/pipelines/12-remove-control-plane.yaml +++ b/deploy/pipelines/12-remove-control-plane.yaml @@ -155,8 +155,6 @@ stages: ENVIRONMENT=$(grep "^environment" $CONFIG_REPO_PATH/DEPLOYER/$(deployer_folder)/$(deployer_configuration_file) | awk -F'=' '{print $2}' | xargs) LOCATION=$(grep "^location" $CONFIG_REPO_PATH/DEPLOYER/$(deployer_folder)/$(deployer_configuration_file) | awk -F'=' '{print $2}' | xargs | tr 'A-Z' 'a-z') - echo Environment: ${ENVIRONMENT} - echo Location: ${LOCATION} ENVIRONMENT_IN_FILENAME=$(echo $(deployer_folder) | awk -F'-' '{print $1}' | xargs ) LOCATION_CODE=$(echo $(deployer_folder) | awk -F'-' '{print $2}' | xargs ) @@ -219,8 +217,11 @@ stages: *) LOCATION_IN_FILENAME="westeurope" ;; esac + echo "Environment: ${ENVIRONMENT}" + echo "Location: ${LOCATION}" echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" echo "Location(filename): $LOCATION_IN_FILENAME" + echo "" if [ $ENVIRONMENT != $ENVIRONMENT_IN_FILENAME ]; then echo "##vso[task.logissue type=error]The environment setting in $(workload_zone_configuration_file) '$ENVIRONMENT' does not match the $(workload_zone_configuration_file) file name '$ENVIRONMENT_IN_FILENAME'. Filename should have the pattern [ENVIRONMENT]-[REGION_CODE]-[NETWORK_LOGICAL_NAME]-INFRASTRUCTURE" @@ -234,30 +235,40 @@ stages: deployer_environment_file_name=$HOME/.sap_deployment_automation/$ENVIRONMENT$LOCATION_CODE; echo "Environment file: " $deployer_environment_file_name - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Deployer_Key_Vault.value" | tr -d \") + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Deployer_Key_Vault.value" --out tsv) if [ -n "${az_var}" ]; then - key_vault="${az_var}" ; echo 'Deployer Key Vault' ${key_vault} + key_vault="${az_var}" + echo "Deployer Key Vault: ${key_vault}" else echo "Reading key vault from environment file" - key_vault=$(cat ${deployer_environment_file_name} | grep keyvault= -m1 | awk -F'=' '{print $2}' | xargs) ; echo 'Deployer Key Vault' ${key_vault} + key_vault=$(cat ${deployer_environment_file_name} | grep keyvault= -m1 | awk -F'=' '{print $2}' | xargs) + echo "Deployer Key Vault: ${key_vault}" fi - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Account_Name.value" | tr -d \") + export STATE_SUBSCRIPTION=$ARM_SUBSCRIPTION_ID + echo "TF state subscription: $STATE_SUBSCRIPTION" + + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Account_Name.value" --out tsv) if [ -n "${az_var}" ]; then - REMOTE_STATE_SA="${az_var}" ; echo 'Terraform state file storage account' $REMOTE_STATE_SA + REMOTE_STATE_SA="${az_var}" + echo "TF state account: $REMOTE_STATE_SA" + else echo "Reading storage account from environment file" - REMOTE_STATE_SA=$(cat ${deployer_environment_file_name} | grep REMOTE_STATE_SA | awk -F'=' '{print $2}' | xargs) ; echo 'Terraform state file storage account' $REMOTE_STATE_SA + REMOTE_STATE_SA=$(cat ${deployer_environment_file_name} | grep REMOTE_STATE_SA | awk -F'=' '{print $2}' | xargs) + echo "TF state account: $REMOTE_STATE_SA" fi - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Resource_Group_Name.value" | tr -d \") + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Resource_Group_Name.value" --out tsv) if [ -n "${az_var}" ]; then - REMOTE_STATE_RG="${az_var}" ; echo 'Terraform state file resource group' $REMOTE_STATE_RG + REMOTE_STATE_RG="${az_var}" + echo "TF state rg name: $REMOTE_STATE_RG" else - REMOTE_STATE_RG=$(cat ${deployer_environment_file_name} | grep REMOTE_STATE_RG | awk -F'=' '{print $2}' | xargs) ; echo 'Terraform state file resource group' $REMOTE_STATE_RG + REMOTE_STATE_RG=$(cat ${deployer_environment_file_name} | grep REMOTE_STATE_RG | awk -F'=' '{print $2}' | xargs) + echo "TF state rg name: $REMOTE_STATE_RG" fi - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "DEPLOYER_RANDOM_ID_SEED.value" | tr -d \") + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "DEPLOYER_RANDOM_ID_SEED.value" --out tsv) if [ -n "${az_var}" ]; then deployer_random_id="${az_var}" else @@ -266,7 +277,6 @@ stages: fi fi - export STATE_SUBSCRIPTION=$ARM_SUBSCRIPTION_ID ; echo 'Terraform state file subscription' $STATE_SUBSCRIPTION if [ -f ${CONFIG_REPO_PATH}/LIBRARY/$(library_folder)/state.zip ]; then pass=$(echo $DEPLOYER_RANDOM_ID_SEED | sed 's/-//g') unzip -qq -o -P "${pass}" ${CONFIG_REPO_PATH}/LIBRARY/$(library_folder)/state.zip -d ${CONFIG_REPO_PATH}/LIBRARY/$(library_folder) @@ -503,8 +513,6 @@ stages: ENVIRONMENT=$(grep "^environment" $CONFIG_REPO_PATH/DEPLOYER/$(deployer_folder)/$(deployer_configuration_file) | awk -F'=' '{print $2}' | xargs) LOCATION=$(grep "^location" $CONFIG_REPO_PATH/DEPLOYER/$(deployer_folder)/$(deployer_configuration_file) | awk -F'=' '{print $2}' | xargs | tr 'A-Z' 'a-z') - echo Environment: ${ENVIRONMENT} - echo Location: ${LOCATION} ENVIRONMENT_IN_FILENAME=$(echo $(deployer_folder) | awk -F'-' '{print $1}' | xargs ) LOCATION_CODE=$(echo $(deployer_folder) | awk -F'-' '{print $2}' | xargs ) @@ -567,8 +575,11 @@ stages: *) LOCATION_IN_FILENAME="westeurope" ;; esac + echo "Environment: ${ENVIRONMENT}" + echo "Location: ${LOCATION}" echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" echo "Location(filename): $LOCATION_IN_FILENAME" + echo "" if [ $ENVIRONMENT != $ENVIRONMENT_IN_FILENAME ]; then echo "##vso[task.logissue type=error]The environment setting in $(workload_zone_configuration_file) '$ENVIRONMENT' does not match the $(workload_zone_configuration_file) file name '$ENVIRONMENT_IN_FILENAME'. Filename should have the pattern [ENVIRONMENT]-[REGION_CODE]-[NETWORK_LOGICAL_NAME]-INFRASTRUCTURE" @@ -600,7 +611,7 @@ stages: fi az account set --subscription $ARM_SUBSCRIPTION_ID - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Deployer_Key_Vault.value" | tr -d \") + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Deployer_Key_Vault.value" --out tsv) if [ -n "${az_var}" ]; then key_vault="${az_var}" ; echo 'Deployer Key Vault' ${key_vault} else diff --git a/deploy/scripts/helpers/script_helpers.sh b/deploy/scripts/helpers/script_helpers.sh index dcda87748d..3a65aef107 100755 --- a/deploy/scripts/helpers/script_helpers.sh +++ b/deploy/scripts/helpers/script_helpers.sh @@ -387,16 +387,19 @@ function missing { function validate_dependencies { + local tfPath="/opt/terraform/bin/terraform" # if /opt/terraform exists, assign permissions to the user if [ -d /opt/terraform ]; then sudo chown -R "$USER" /opt/terraform + else + tfPath=$(which terraform) fi # Check terraform if checkIfCloudShell; then tf=$(terraform --version | grep Terraform) else - tf=$(/opt/terraform/bin/terraform --version | grep Terraform) + tf=$($tfPath --version | grep Terraform) fi if [ -z "$tf" ]; then From 2d5710c593a6bf05ad0d8257a6c90331118f255d Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 17 Oct 2024 19:50:59 +0300 Subject: [PATCH 078/279] Refactor pipeline script to update echo statements for installation method and use correct variables for workload ARM_CLIENT_ID --- deploy/pipelines/01-deploy-control-plane.yaml | 10 ++-- deploy/scripts/helpers/script_helpers.sh | 56 ++++++++++--------- 2 files changed, 34 insertions(+), 32 deletions(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index 6cad3a6245..4b618b3d52 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -123,11 +123,9 @@ stages: echo "$(variable_group) id: ${VARIABLE_GROUP_ID}" - - echo "${{ parameters.force_reset }}" if [ "${{ parameters.force_reset }}" = "True" ]; then echo "##vso[task.logissue type=warning]Forcing a re-install" - echo "running on $(this_agent)" + echo "Running on: $(this_agent)" sed -i 's/step=1/step=0/' $deployer_environment_file_name sed -i 's/step=2/step=0/' $deployer_environment_file_name sed -i 's/step=3/step=0/' $deployer_environment_file_name @@ -599,7 +597,7 @@ stages: # Check if running on deployer if [[ ! -f /etc/profile.d/deploy_server.sh ]]; then - echo -e "$green --- Install dos2unix ---$reset" + echo -e "$green--- Install dos2unix ---$reset" sudo apt-get -qq install dos2unix sudo apt -qq install zip @@ -637,7 +635,7 @@ stages: if [ $USE_MSI != "true" ]; then - echo -e "$cyan --- Install using Service Principals ---$reset" + echo -e "$cyan--- Install using Service Principals ---$reset" export ARM_CLIENT_ID=$CP_ARM_CLIENT_ID export ARM_CLIENT_SECRET=$CP_ARM_CLIENT_SECRET export ARM_TENANT_ID=$CP_ARM_TENANT_ID @@ -653,7 +651,7 @@ stages: fi az account set --subscription $ARM_SUBSCRIPTION_ID else - echo -e "$cyan --- Install using Managed Identity ---$reset" + echo -e "$cyan--- Install using Managed Identity ---$reset" # export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID export ARM_USE_MSI=true export ARM_USE_AZUREAD=true diff --git a/deploy/scripts/helpers/script_helpers.sh b/deploy/scripts/helpers/script_helpers.sh index 3a65aef107..6ec81f31be 100755 --- a/deploy/scripts/helpers/script_helpers.sh +++ b/deploy/scripts/helpers/script_helpers.sh @@ -304,21 +304,21 @@ function validate_webapp_exports { fi if [ "${ARM_USE_MSI}" == "false" ]; then - if [ -z "$TF_VAR_webapp_client_secret" ]; then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldred Missing environment variables (TF_VAR_webapp_client_secret)!!! $resetformatting #" - echo "# #" - echo "# Please export the following variables to successfully deploy the Webapp: #" - echo "# TF_VAR_app_registration_app_id (webapp registration application id) #" - echo "# TF_VAR_webapp_client_secret (webapp registration password / secret) #" - echo "# #" - echo "# If you do not wish to deploy the Webapp, unset the TF_VAR_use_webapp variable #" - echo "# #" - echo "#########################################################################################" - return 65 #data format error - fi + if [ -z "$TF_VAR_webapp_client_secret" ]; then + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldred Missing environment variables (TF_VAR_webapp_client_secret)!!! $resetformatting #" + echo "# #" + echo "# Please export the following variables to successfully deploy the Webapp: #" + echo "# TF_VAR_app_registration_app_id (webapp registration application id) #" + echo "# TF_VAR_webapp_client_secret (webapp registration password / secret) #" + echo "# #" + echo "# If you do not wish to deploy the Webapp, unset the TF_VAR_use_webapp variable #" + echo "# #" + echo "#########################################################################################" + return 65 #data format error + fi fi return 0 @@ -387,19 +387,23 @@ function missing { function validate_dependencies { - local tfPath="/opt/terraform/bin/terraform" + + if [ -f /opt/terraform/bin/terraform ]; then + tfPath="/opt/terraform/bin/terraform" + else + tfPath=$(which terraform) + fi + # if /opt/terraform exists, assign permissions to the user if [ -d /opt/terraform ]; then sudo chown -R "$USER" /opt/terraform - else - tfPath=$(which terraform) fi # Check terraform if checkIfCloudShell; then - tf=$(terraform --version | grep Terraform) + tf=$(terraform --version | grep Terraform) else - tf=$($tfPath --version | grep Terraform) + tf=$($tfPath --version | grep Terraform) fi if [ -z "$tf" ]; then @@ -414,13 +418,13 @@ function validate_dependencies { fi if checkIfCloudShell; then - mkdir -p "${HOME}/.terraform.d/plugin-cache" - export TF_PLUGIN_CACHE_DIR="${HOME}/.terraform.d/plugin-cache" + mkdir -p "${HOME}/.terraform.d/plugin-cache" + export TF_PLUGIN_CACHE_DIR="${HOME}/.terraform.d/plugin-cache" else - if [ ! -d /opt/terraform/.terraform.d/plugin-cache ]; then - mkdir -p /opt/terraform/.terraform.d/plugin-cache - fi - export TF_PLUGIN_CACHE_DIR=/opt/terraform/.terraform.d/plugin-cache + if [ ! -d /opt/terraform/.terraform.d/plugin-cache ]; then + mkdir -p /opt/terraform/.terraform.d/plugin-cache + fi + export TF_PLUGIN_CACHE_DIR=/opt/terraform/.terraform.d/plugin-cache fi # Set Terraform Plug in cache From 870233ebfd35d64433ae16202b501ab99e1a247d Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 17 Oct 2024 19:55:01 +0300 Subject: [PATCH 079/279] Refactor pipeline script to update echo statements for installation method and use correct variables for workload ARM_CLIENT_ID --- deploy/pipelines/01-deploy-control-plane.yaml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index 4b618b3d52..1962aceb12 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -193,17 +193,20 @@ stages: fi # Check if running on deployer if [ ! -f /etc/profile.d/deploy_server.sh ]; then - echo -e "$green --- Install dos2unix ---$reset" + echo -e "$green--- Install dos2unix ---$reset" sudo apt-get -qq install dos2unix sudo apt -qq install zip - echo -e "$green --- Install terraform ---$reset" + echo -e "$green--- Install terraform ---$reset" wget -q $(tf_url) return_code=$? if [ 0 != $return_code ]; then echo "##vso[task.logissue type=error]Unable to download Terraform version $(tf_version)." exit 2 fi - unzip -qq terraform_$(tf_version)_linux_amd64.zip ; sudo mv terraform /bin/ + sudo mkdir -p /opt/terraform/bin/ + unzip -qq terraform_$(tf_version)_linux_amd64.zip + sudo mv terraform /opt/terraform/bin/terraform + sudo chmod +x /opt/terraform/bin/terraform rm -f terraform_$(tf_version)_linux_amd64.zip az extension add --name storage-blob-preview >/dev/null fi From 6b05fbfebff7d21712175b7cab3abdc67088f86c Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 17 Oct 2024 20:44:41 +0300 Subject: [PATCH 080/279] Refactor pipeline script to update echo statements for installation method and use correct variables for workload ARM_CLIENT_ID --- deploy/pipelines/01-deploy-control-plane.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index 1962aceb12..8e29b03126 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -447,7 +447,13 @@ stages: echo "" echo "Terraform version:" echo "-------------------------------------------------" - terraform --version + if [ -f /opt/terraform/bin/terraform ]; then + tfPath="/opt/terraform/bin/terraform" + else + tfPath=$(which terraform) + fi + + "${tfPath}" --version echo -e "$green--- Checkout $(Build.SourceBranchName) ---$reset" cd $CONFIG_REPO_PATH git checkout -q $(Build.SourceBranchName) From 373c901df760f1281842338531610634834ba241 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 17 Oct 2024 20:45:51 +0300 Subject: [PATCH 081/279] Refactor pipeline script to update echo statements for installation method and use correct variables for workload ARM_CLIENT_ID --- deploy/scripts/helpers/script_helpers.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/deploy/scripts/helpers/script_helpers.sh b/deploy/scripts/helpers/script_helpers.sh index 6ec81f31be..cde85d6a56 100755 --- a/deploy/scripts/helpers/script_helpers.sh +++ b/deploy/scripts/helpers/script_helpers.sh @@ -394,6 +394,8 @@ function validate_dependencies { tfPath=$(which terraform) fi + echo "Checking Terraform: $tfPath" + # if /opt/terraform exists, assign permissions to the user if [ -d /opt/terraform ]; then sudo chown -R "$USER" /opt/terraform From 761f633e8073facc2b1201aac1823981fc730342 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 17 Oct 2024 21:36:45 +0300 Subject: [PATCH 082/279] Refactor pipeline script --- deploy/pipelines/01-deploy-control-plane.yaml | 1010 +++++++++-------- 1 file changed, 512 insertions(+), 498 deletions(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index 8e29b03126..7c6856ca6c 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -413,512 +413,526 @@ stages: parameters: getLatestFromBranch: true - bash: | - #!/bin/bash - set -u - - echo "##vso[build.updatebuildnumber]Deploying the control plane defined in $(deployerfolder) $(libraryfolder)" - green="\e[1;32m" - reset="\e[0m" - boldred="\e[1;31m" - cyan="\e[1;36m" - - ENVIRONMENT=$(echo $(deployerfolder) | awk -F'-' '{print $1}' | xargs) - LOCATION=$(echo $(deployerfolder) | awk -F'-' '{print $2}' | xargs) - deployer_environment_file_name=${CONFIG_REPO_PATH}/.sap_deployment_automation/${ENVIRONMENT}${LOCATION} - file_deployer_tfstate_key=$(deployerfolder).tfstate - file_key_vault="" - file_REMOTE_STATE_SA="" - file_REMOTE_STATE_RG=$(deployerfolder) - - echo -e "$green--- Information ---$reset" - echo "Environment: ${ENVIRONMENT}" - echo "Location: ${LOCATION}" - echo "Agent: $(this_agent)" - echo "Organization: $(System.CollectionUri)" - echo "Project: $(System.TeamProject)" - echo "Deployer Folder $(deployerfolder)" - echo "Deployer TFvars $(deployerconfig)" - echo "Library Folder $(libraryfolder)" - echo "Library TFvars $(libraryconfig)" - echo "" - echo "Azure CLI version:" - echo "-------------------------------------------------" - az --version - echo "" - echo "Terraform version:" - echo "-------------------------------------------------" - if [ -f /opt/terraform/bin/terraform ]; then - tfPath="/opt/terraform/bin/terraform" - else - tfPath=$(which terraform) - fi - - "${tfPath}" --version - echo -e "$green--- Checkout $(Build.SourceBranchName) ---$reset" - cd $CONFIG_REPO_PATH - git checkout -q $(Build.SourceBranchName) - - deployer_configfile="${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/$(deployerconfig)" - library_configfile="${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder)/$(libraryconfig)" - - deployer_configfile="${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/$(deployerconfig)" - library_configfile="${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder)/$(libraryconfig)" - - echo -e "$green--- Configure devops CLI extension ---$reset" - az config set extension.use_dynamic_install=yes_without_prompt - az extension add --name azure-devops --output none - - az devops configure --defaults organization=$(System.CollectionUri) project='$(System.TeamProject)' - - export VARIABLE_GROUP_ID=$(az pipelines variable-group list --query "[?name=='$(variable_group)'].id | [0]") - echo VARIABLE_GROUP_ID ${VARIABLE_GROUP_ID} - if [ -z ${VARIABLE_GROUP_ID} ]; then - echo "##vso[task.logissue type=error]Variable group $(variable_group) could not be found." - exit 2 - fi - echo -e "$green--- Variables ---$reset" - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Deployer_Key_Vault.value" --output tsv) - if [ -n "${az_var}" ]; then - key_vault="${az_var}" - echo -e "$cyan 'Deployer Key Vault' ${key_vault} $reset" - else - if [ -f ${deployer_environment_file_name} ] ; then - key_vault=$(cat ${deployer_environment_file_name} | grep keyvault= | awk -F'=' '{print $2}' | xargs) - echo -e "$cyan 'Deployer Key Vault' ${key_vault} $reset" - az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name Deployer_Key_Vault --value ${key_vault} --output none --only-show-errors - fi - fi - - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Subscription.value" --output tsv) - if [ -n "${az_var}" ]; then - STATE_SUBSCRIPTION="${az_var}" ; echo 'Terraform state file subscription' $STATE_SUBSCRIPTION - else - if [ -f ${deployer_environment_file_name} ] ; then - STATE_SUBSCRIPTION=$(cat ${deployer_environment_file_name} | grep STATE_SUBSCRIPTION | awk -F'=' '{print $2}' | xargs) ; echo 'Terraform state file subscription' $STATE_SUBSCRIPTION - az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name Terraform_Remote_Storage_Subscription --value ${STATE_SUBSCRIPTION} --output none --only-show-errors - fi - fi - - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "DEPLOYER_RANDOM_ID_SEED.value" --output tsv) - if [ -n "${az_var}" ]; then - deployer_random_id="${az_var}" - else - deployer_random_id=$(cat ${deployer_environment_file_name} | grep deployer_random_id= | awk -F'=' '{print $2}' | xargs) - az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name DEPLOYER_RANDOM_ID_SEED --value ${deployer_random_id} --output none --only-show-errors - fi - - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Account_Name.value" --output tsv) - if [ -n "${az_var}" ]; then - REMOTE_STATE_SA="${az_var}" ; echo 'Terraform state file storage account' $REMOTE_STATE_SA - else - if [ -f ${deployer_environment_file_name} ] ; then - REMOTE_STATE_SA=$(cat ${deployer_environment_file_name} | grep REMOTE_STATE_SA | awk -F'=' '{print $2}' | xargs) ; echo 'Terraform state file storage account' $REMOTE_STATE_SA - az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name Terraform_Remote_Storage_Account_Name --value ${REMOTE_STATE_SA} --output none --only-show-errors - fi - fi - - storage_account_parameter="" - if [ -n "${REMOTE_STATE_SA}" ]; then - storage_account_parameter="--storageaccountname ${REMOTE_STATE_SA}" - else - sed -i 's/step=2/step=1/' $deployer_environment_file_name - sed -i 's/step=3/step=1/' $deployer_environment_file_name - fi - - keyvault_parameter="" - if [ -n "${key_vault}" ]; then - keyvault_parameter=" --vault ${key_vault} " - fi - - echo -e "$green--- Validations ---$reset" - - if [ -z ${TF_VAR_ansible_core_version} ]; then - export TF_VAR_ansible_core_version=2.15 - fi - - if [ "$USE_WEBAPP" = "true" ]; then - echo "Use WebApp is selected" - - if [ -z ${APP_REGISTRATION_APP_ID} ]; then - echo "##vso[task.logissue type=error]Variable APP_REGISTRATION_APP_ID was not defined." - exit 2 - fi + #!/bin/bash + set -u + + echo "##vso[build.updatebuildnumber]Deploying the control plane defined in $(deployerfolder) $(libraryfolder)" + green="\e[1;32m" + reset="\e[0m" + boldred="\e[1;31m" + cyan="\e[1;36m" + + ENVIRONMENT=$(echo $(deployerfolder) | awk -F'-' '{print $1}' | xargs) + LOCATION=$(echo $(deployerfolder) | awk -F'-' '{print $2}' | xargs) + deployer_environment_file_name=${CONFIG_REPO_PATH}/.sap_deployment_automation/"${ENVIRONMENT}${LOCATION}" + file_deployer_tfstate_key=$(deployerfolder).tfstate + file_key_vault="" + file_REMOTE_STATE_SA="" + file_REMOTE_STATE_RG=$(deployerfolder) + + echo -e "$green--- Information ---$reset" + echo "Environment: ${ENVIRONMENT}" + echo "Location: ${LOCATION}" + echo "Agent: $(this_agent)" + echo "Organization: $(System.CollectionUri)" + echo "Project: $(System.TeamProject)" + echo "Deployer Folder: $(deployerfolder)" + echo "Deployer TFvars: $(deployerconfig)" + echo "Library Folder: $(libraryfolder)" + echo "Library TFvars: $(libraryconfig)" + + echo "" + echo "Azure CLI version:" + echo "-------------------------------------------------" + az --version + echo "" + echo "Terraform version:" + echo "-------------------------------------------------" + if [ -f /opt/terraform/bin/terraform ]; then + tfPath="/opt/terraform/bin/terraform" + else + tfPath=$(which terraform) + fi + + "${tfPath}" --version + echo -e "$green--- Checkout $(Build.SourceBranchName) ---$reset" + cd "$CONFIG_REPO_PATH" || exit + git checkout -q $(Build.SourceBranchName) + + deployer_configfile="${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/$(deployerconfig)" + library_configfile="${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder)/$(libraryconfig)" + + deployer_configfile="${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/$(deployerconfig)" + library_configfile="${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder)/$(libraryconfig)" + + echo -e "$green--- Configure devops CLI extension ---$reset" + az config set extension.use_dynamic_install=yes_without_prompt + az extension add --name azure-devops --output none + + az devops configure --defaults organization=$(System.CollectionUri) project='$(System.TeamProject)' + + VARIABLE_GROUP_ID=$(az pipelines variable-group list --query "[?name=='$(variable_group)'].id | [0]") + export VARIABLE_GROUP_ID + if [ -z "${VARIABLE_GROUP_ID}" ]; then + echo "##vso[task.logissue type=error]Variable group $(variable_group) could not be found." + exit 2 + fi + echo "VARIABLE_GROUP_ID: ${VARIABLE_GROUP_ID}" + + + echo -e "$green--- Variables ---$reset" + az_var=$(az pipelines variable-group variable list --group-id "${VARIABLE_GROUP_ID}" --query "Deployer_Key_Vault.value" --output tsv) + if [ -n "${az_var}" ]; then + key_vault="${az_var}" + echo -e "$cyan 'Deployer Key Vault' ${key_vault} $reset" + else + if [ -f "${deployer_environment_file_name}" ] ; then + + key_vault=$(grep "^keyvault=" "${deployer_environment_file_name}" | awk -F'=' '{print $2}' | xargs) + echo -e "$cyan 'Deployer Key Vault' ${key_vault} $reset" + az pipelines variable-group variable create --group-id "${VARIABLE_GROUP_ID}" --name Deployer_Key_Vault --value "${key_vault}" --output none --only-show-errors + fi + fi + + az_var=$(az pipelines variable-group variable list --group-id "${VARIABLE_GROUP_ID}" --query "Terraform_Remote_Storage_Subscription.value" --output tsv) + if [ -n "${az_var}" ]; then + STATE_SUBSCRIPTION="${az_var}" ; echo 'Terraform state file subscription' "$STATE_SUBSCRIPTION" + else + if [ -f "${deployer_environment_file_name}" ] ; then + STATE_SUBSCRIPTION=$(grep "^STATE_SUBSCRIPTION=" "${deployer_environment_file_name}" | awk -F'=' '{print $2}' | xargs) + echo 'Terraform state file subscription' "${STATE_SUBSCRIPTION}" + az pipelines variable-group variable create --group-id "${VARIABLE_GROUP_ID}" --name Terraform_Remote_Storage_Subscription --value "${STATE_SUBSCRIPTION}" --output none --only-show-errors + fi + fi + + az_var=$(az pipelines variable-group variable list --group-id "${VARIABLE_GROUP_ID}" --query "DEPLOYER_RANDOM_ID_SEED.value" --output tsv) + if [ -n "${az_var}" ]; then + deployer_random_id="${az_var}" + else + deployer_random_id=$(grep "^deployer_random_id=" "${deployer_environment_file_name}" | awk -F'=' '{print $2}' | xargs) + az pipelines variable-group variable create --group-id "${VARIABLE_GROUP_ID}" --name DEPLOYER_RANDOM_ID_SEED --value "${deployer_random_id}" --output none --only-show-errors + fi + + az_var=$(az pipelines variable-group variable list --group-id "${VARIABLE_GROUP_ID}" --query "Terraform_Remote_Storage_Account_Name.value" --output tsv) + if [ -n "${az_var}" ]; then + REMOTE_STATE_SA="${az_var}" ; echo 'Terraform state file storage account' "${REMOTE_STATE_SA}" + else + if [ -f "${deployer_environment_file_name}" ] ; then + REMOTE_STATE_SA=$(grep "^REMOTE_STATE_SA=" "${deployer_environment_file_name}" | awk -F'=' '{print $2}' | xargs) + echo 'Terraform state file storage account' "${REMOTE_STATE_SA}" + az pipelines variable-group variable create --group-id "${VARIABLE_GROUP_ID}" --name Terraform_Remote_Storage_Account_Name --value "${REMOTE_STATE_SA}" --output none --only-show-errors + fi + fi - if [ -z ${WEB_APP_CLIENT_SECRET} ]; then - echo "##vso[task.logissue type=error]Variable WEB_APP_CLIENT_SECRET was not defined." - exit 2 - fi - export TF_VAR_app_registration_app_id=$(APP_REGISTRATION_APP_ID); echo 'App Registration App ID' ${TF_VAR_app_registration_app_id} - export TF_VAR_webapp_client_secret=$(WEB_APP_CLIENT_SECRET) - export TF_VAR_use_webapp=true - - fi - - bootstrapped=0 - - if [ ! -f $deployer_environment_file_name ]; then - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Account_Name.value" --out tsv) - if [[ ${#az_var} -ne 0 ]]; then - echo "REMOTE_STATE_SA="${az_var} - echo "REMOTE_STATE_SA="${az_var} | tee -a $deployer_environment_file_name > /dev/null - echo "STATE_SUBSCRIPTION="$ARM_SUBSCRIPTION_ID | tee -a $deployer_environment_file_name > /dev/null - fi - - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Resource_Group_Name.value" --out tsv) - if [[ ${#az_var} -ne 0 ]]; then - echo "REMOTE_STATE_RG="${az_var} - echo "REMOTE_STATE_RG="${az_var} | tee -a $deployer_environment_file_name > /dev/null - echo "step=3" | tee -a $deployer_environment_file_name > /dev/null - - fi - - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Deployer_State_FileName.value" --out tsv) - if [[ ${#az_var} -ne 0 ]]; then - echo "deployer_tfstate_key="${az_var} | tee -a $deployer_environment_file_name > /dev/null - fi - - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Deployer_Key_Vault.value" --out tsv) - if [[ ${#az_var} -ne 0 ]]; then - echo "keyvault="${az_var} | tee -a $deployer_environment_file_name > /dev/null - bootstrapped=1 - fi - - fi - - echo -e "$green--- Update .sap_deployment_automation/config as SAP_AUTOMATION_REPO_PATH can change on devops agent ---$reset" - cd ${CONFIG_REPO_PATH} - mkdir -p .sap_deployment_automation - echo SAP_AUTOMATION_REPO_PATH=$SAP_AUTOMATION_REPO_PATH >.sap_deployment_automation/config - export SAP_AUTOMATION_REPO_PATH=$SAP_AUTOMATION_REPO_PATH - - echo -e "$green--- File Validations ---$reset" - if [ ! -f ${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/$(deployerconfig) ]; then - echo -e "$boldred--- File ${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/$(deployerconfig) was not found ---$reset" - echo "##vso[task.logissue type=error]File ${CONFIG_REPO_PATH}/${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/$(deployerconfig) was not found." - exit 2 - fi - - if [ ! -f ${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder)/$(libraryconfig) ]; then - echo -e "$boldred--- File ${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder)/$(libraryconfig) was not found ---$reset" - echo "##vso[task.logissue type=error]File ${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder)/$(libraryconfig) was not found." - exit 2 - fi - - # Check if running on deployer - if [[ ! -f /etc/profile.d/deploy_server.sh ]]; then - echo -e "$green--- Install dos2unix ---$reset" - sudo apt-get -qq install dos2unix - - sudo apt -qq install zip - - echo -e "$green --- Install terraform ---$reset" - - wget -q $(tf_url) - return_code=$? - if [ 0 != $return_code ]; then - echo "##vso[task.logissue type=error]Unable to download Terraform version $(tf_version)." - exit 2 - fi - unzip -qq terraform_$(tf_version)_linux_amd64.zip ; sudo mv terraform /bin/ - rm -f terraform_$(tf_version)_linux_amd64.zip - - az extension add --name storage-blob-preview >/dev/null - echo -e "$green--- az login ---$reset" - export ARM_CLIENT_ID=$CP_ARM_CLIENT_ID - export ARM_CLIENT_SECRET=$CP_ARM_CLIENT_SECRET - export ARM_TENANT_ID=$CP_ARM_TENANT_ID - export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID - az login --service-principal --username $ARM_CLIENT_ID --password=$ARM_CLIENT_SECRET --tenant $ARM_TENANT_ID --output none - return_code=$? - if [ 0 != $return_code ]; then - echo -e "$boldred--- Login failed ---$reset" - echo "##vso[task.logissue type=error]az login failed." - exit $return_code - fi - - az account set --subscription $ARM_SUBSCRIPTION_ID - - else - echo "Sourcing the deploy_server.sh" - . /etc/profile.d/deploy_server.sh ; /opt/bin/terraform/terraform --version - - if [ $USE_MSI != "true" ]; then - - echo -e "$cyan--- Install using Service Principals ---$reset" - export ARM_CLIENT_ID=$CP_ARM_CLIENT_ID - export ARM_CLIENT_SECRET=$CP_ARM_CLIENT_SECRET - export ARM_TENANT_ID=$CP_ARM_TENANT_ID - export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID - unset ARM_USE_MSI - az login --service-principal --username $ARM_CLIENT_ID --password=$ARM_CLIENT_SECRET --tenant $ARM_TENANT_ID --output none - - return_code=$? - if [ 0 != $return_code ]; then - echo -e "$boldred--- Login failed ---$reset" - echo "##vso[task.logissue type=error]az login failed." - exit $return_code - fi - az account set --subscription $ARM_SUBSCRIPTION_ID - else - echo -e "$cyan--- Install using Managed Identity ---$reset" - # export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID - export ARM_USE_MSI=true - export ARM_USE_AZUREAD=true - unset ARM_CLIENT_SECRET - fi - fi + storage_account_parameter="" + if [ -n "${REMOTE_STATE_SA}" ]; then + storage_account_parameter="--storageaccountname ${REMOTE_STATE_SA}" + else + sed -i 's/step=2/step=1/' "$deployer_environment_file_name" + sed -i 's/step=3/step=1/' "$deployer_environment_file_name" + fi - echo -e "$green--- Configure parameters ---$reset" + keyvault_parameter="" + if [ -n "${key_vault}" ]; then + keyvault_parameter=" --vault ${key_vault} " + fi - echo -e "$green--- Convert config files to UX format ---$reset" - dos2unix -q ${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/$(deployerconfig) - dos2unix -q ${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder)/$(libraryconfig) + echo -e "$green--- Validations ---$reset" - echo -e "$green--- Configuring variables ---$reset" + if [ -z "${TF_VAR_ansible_core_version}" ]; then + export TF_VAR_ansible_core_version=2.15 + fi - deployer_environment_file_name=${CONFIG_REPO_PATH}/.sap_deployment_automation/${ENVIRONMENT}$LOCATION + if [ "$USE_WEBAPP" = "true" ]; then + echo "Use WebApp is selected" - export key_vault="" - ip_added=0 + if [ -z "${APP_REGISTRATION_APP_ID}" ]; then + echo "##vso[task.logissue type=error]Variable APP_REGISTRATION_APP_ID was not defined." + exit 2 + fi - if [ -f ${deployer_environment_file_name} ]; then - if [ 0 = $bootstrapped ]; then - export key_vault=$(cat ${deployer_environment_file_name} | grep key_vault | awk -F'=' '{print $2}' | xargs) ; echo "Key Vault: $key_vault" - if [ -n "${key_vault}" ]; then - echo 'Deployer Key Vault' ${key_vault} - key_vault_id=$(az resource list --name "${key_vault}" --resource-type Microsoft.KeyVault/vaults --query "[].id | [0]" -o tsv) - if [ -n "${key_vault_id}" ]; then + if [ -z "${WEB_APP_CLIENT_SECRET}" ]; then + echo "##vso[task.logissue type=error]Variable WEB_APP_CLIENT_SECRET was not defined." + exit 2 + fi + TF_VAR_app_registration_app_id=$(APP_REGISTRATION_APP_ID); + echo 'App Registration App ID' "${TF_VAR_app_registration_app_id}" + export TF_VAR_app_registration_app_id + TF_VAR_webapp_client_secret=$(WEB_APP_CLIENT_SECRET) + export TF_VAR_webapp_client_secret + export TF_VAR_use_webapp=true + + fi + + bootstrapped=0 + + if [ ! -f "$deployer_environment_file_name" ]; then + az_var=$(az pipelines variable-group variable list --group-id "${VARIABLE_GROUP_ID}" --query "Terraform_Remote_Storage_Account_Name.value" --out tsv) + if [[ ${#az_var} -ne 0 ]]; then + echo "REMOTE_STATE_SA="${az_var} + echo "REMOTE_STATE_SA="${az_var} | tee -a "$deployer_environment_file_name" > /dev/null + echo "STATE_SUBSCRIPTION="$ARM_SUBSCRIPTION_ID | tee -a "$deployer_environment_file_name" > /dev/null + fi - if [ "azure pipelines" = "$(this_agent)" ]; then - this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 - az keyvault network-rule add --name ${key_vault} --ip-address ${this_ip} --only-show-errors --output none - ip_added=1 - fi - fi - fi - fi - fi - - echo -e "$green--- Deploy the Control Plane ---$reset" - - if [ -n $(POOL) ]; then - echo 'Deployer Agent Pool' $(POOL) - fi - - if [ -f ${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder)/state.zip ]; then - pass=$(echo $(System.CollectionId) | sed 's/-//g') - - echo "Unzipping the library state file" - unzip -o -P "${pass}" ${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder)/state.zip -d ${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder) - fi - - # ls -lart ${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder) - - if [ -f ${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/state.zip ]; then - pass=$(echo $(System.CollectionId) | sed 's/-//g') - - echo "Unzipping the deployer state file" - unzip -o -P "${pass}" ${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/state.zip -d ${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder) - fi - - # ls -lart ${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder) - - export TF_LOG_PATH=${CONFIG_REPO_PATH}/.sap_deployment_automation/terraform.log - - sudo chmod +x $SAP_AUTOMATION_REPO_PATH/deploy/scripts/deploy_controlplane.sh - if [ $USE_MSI != "true" ]; then - echo -e "$cyan --- Install using Service Principals ---$reset" - export ARM_CLIENT_ID=$CP_ARM_CLIENT_ID - export ARM_CLIENT_SECRET=$CP_ARM_CLIENT_SECRET - export ARM_TENANT_ID=$CP_ARM_TENANT_ID - export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID - unset ARM_USE_MSI - - $SAP_AUTOMATION_REPO_PATH/deploy/scripts/deploy_controlplane.sh \ - --deployer_parameter_file "${deployer_configfile}" \ - --library_parameter_file "${library_configfile}" \ - --subscription $STATE_SUBSCRIPTION \ - --spn_secret $ARM_CLIENT_SECRET --tenant_id $ARM_TENANT_ID \ - --auto-approve --ado \ - ${storage_account_parameter} ${keyvault_parameter} - else - echo -e "$cyan --- Install using Managed Identity ---$reset" - export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID - export ARM_USE_MSI=true - unset ARM_CLIENT_SECRET - - $SAP_AUTOMATION_REPO_PATH/deploy/scripts/deploy_controlplane.sh \ - --deployer_parameter_file "${deployer_configfile}" \ - --library_parameter_file "${library_configfile}" \ - --subscription $STATE_SUBSCRIPTION \ - --auto-approve --ado --msi \ - ${storage_account_parameter} ${keyvault_parameter} - fi - - return_code=$? - - if [ 0 != $return_code ]; then - echo "##vso[task.logissue type=error]Return code from deploy_controlplane $return_code." - if [ -f .sap_deployment_automation/${ENVIRONMENT}${LOCATION}.err ]; then - error_message=$(cat .sap_deployment_automation/${ENVIRONMENT}${LOCATION}.err) - echo "##vso[task.logissue type=error]Error message: $error_message." - fi - fi - - echo -e "$green--- Adding deployment automation configuration to devops repository ---$reset" - added=0 - cd ${CONFIG_REPO_PATH} - git fetch -q --all - git pull -q - - if [ -f ${deployer_environment_file_name} ]; then - - file_deployer_tfstate_key=$(cat ${deployer_environment_file_name} | grep deployer_tfstate_key | awk -F'=' '{print $2}' | xargs) - echo 'Deployer State File' $file_deployer_tfstate_key - - file_key_vault=$(cat ${deployer_environment_file_name} | grep keyvault= | awk -F'=' '{print $2}' | xargs) - echo '(File) Deployer Key Vault' ${file_key_vault} - - file_REMOTE_STATE_SA=$(cat ${deployer_environment_file_name} | grep REMOTE_STATE_SA | awk -F'=' '{print $2}' | xargs) - echo '(File) Terraform state file storage account' $file_REMOTE_STATE_SA - - file_REMOTE_STATE_RG=$(cat ${deployer_environment_file_name} | grep REMOTE_STATE_RG | awk -F'=' '{print $2}' | xargs) - echo '(File) Terraform state file resource group' $file_REMOTE_STATE_RG - fi - - echo -e "$green--- Update repo ---$reset" - if [ -f .sap_deployment_automation/${ENVIRONMENT}${LOCATION} ]; then - git add .sap_deployment_automation/${ENVIRONMENT}${LOCATION} - added=1 - fi - - if [ -f .sap_deployment_automation/${ENVIRONMENT}${LOCATION}.md ]; then - git add .sap_deployment_automation/${ENVIRONMENT}${LOCATION}.md - added=1 - fi - - if [ -f ${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/.terraform/terraform.tfstate ]; then - git add -f ${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/.terraform/terraform.tfstate - added=1 - fi - # || true suppresses the exitcode of grep. To not trigger the strict exit on error - backend=$(grep "local" ${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/.terraform/terraform.tfstate || true) - if [ -n "${backend}" ]; then - echo "Local Terraform state" - if [ -f ${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/terraform.tfstate ]; then - sudo apt install zip - echo "Compressing the deployer state file" - pass=$(echo $(System.CollectionId) | sed 's/-//g') - zip -j -P "${pass}" ${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/state ${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/terraform.tfstate - git add -f ${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/state.zip - added=1 - fi - else - echo "Remote Terraform state" - if [ -f ${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/terraform.tfstate ]; then - git rm -q --ignore-unmatch -f ${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/terraform.tfstate - added=1 - fi - if [ -f ${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/state.zip ]; then - git rm -q --ignore-unmatch -f ${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/state.zip - added=1 - fi - fi - - # || true suppresses the exitcode of grep. To not trigger the strict exit on error - backend=$(grep "local" ${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder)/.terraform/terraform.tfstate || true) - if [ -n "${backend}" ]; then - echo "Local Terraform state" - if [ -f ${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder)/terraform.tfstate ]; then - sudo apt install zip - echo "Compressing the library state file" - pass=$(echo $(System.CollectionId) | sed 's/-//g') - zip -j -P "${pass}" ${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder)/state ${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder)/terraform.tfstate - git add -f ${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder)/state.zip - added=1 - fi - else - echo "Remote Terraform state" - if [ -f ${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder)/terraform.tfstate ]; then - git rm -q -f --ignore-unmatch ${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder)/terraform.tfstate - added=1 - fi - if [ -f ${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder)/state.zip ]; then - git rm -q --ignore-unmatch -f ${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder)/state.zip - added=1 - fi - fi - - if [ -f ${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder)/.terraform/terraform.tfstate ]; then - git add -f ${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder)/.terraform/terraform.tfstate - added=1 - fi - - if [ 1 = $added ]; then - git config --global user.email "$(Build.RequestedForEmail)" - git config --global user.name "$(Build.RequestedFor)" - git commit -m "Added updates from control plane deployment $(Build.DefinitionName) [skip ci]" - - git -c http.extraheader="AUTHORIZATION: bearer $(System.AccessToken)" push --set-upstream origin $(Build.SourceBranchName) - fi - - if [ -f ${CONFIG_REPO_PATH}/.sap_deployment_automation/${ENVIRONMENT}${LOCATION}.md ]; then - echo "##vso[task.uploadsummary]${CONFIG_REPO_PATH}/.sap_deployment_automation/${ENVIRONMENT}${LOCATION}.md" - fi - - echo -e "$green--- Adding variables to the variable group:" $(variable_group) "---$reset" - if [ 0 = $return_code ]; then - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Account_Name.value" --out tsv) - if [ -z ${az_var} ]; then - az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name Terraform_Remote_Storage_Account_Name --value ${file_REMOTE_STATE_SA} --output none --only-show-errors - else - az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name Terraform_Remote_Storage_Account_Name --value ${file_REMOTE_STATE_SA} --output none --only-show-errors - fi - - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Resource_Group_Name.value" --out tsv) - if [ -z ${az_var} ]; then - az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name Terraform_Remote_Storage_Resource_Group_Name --value ${file_REMOTE_STATE_RG} --output none --only-show-errors - else - az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name Terraform_Remote_Storage_Resource_Group_Name --value ${file_REMOTE_STATE_RG} --output none --only-show-errors - fi - - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Subscription.value" --out tsv) - if [ -z ${az_var} ]; then - az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name Terraform_Remote_Storage_Subscription --value $ARM_SUBSCRIPTION_ID --output none --only-show-errors - else - az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name Terraform_Remote_Storage_Subscription --value $ARM_SUBSCRIPTION_ID --output none --only-show-errors - fi - - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Deployer_State_FileName.value" --out tsv) - if [ -z ${az_var} ]; then - az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name Deployer_State_FileName --value ${file_deployer_tfstate_key} --output none --only-show-errors - else - az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name Deployer_State_FileName --value ${file_deployer_tfstate_key} --output none --only-show-errors - fi - - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Deployer_Key_Vault.value" --out tsv) - if [ -z ${az_var} ]; then - az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name Deployer_Key_Vault --value ${file_key_vault} --output none --only-show-errors - else - az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name Deployer_Key_Vault --value ${file_key_vault} --output none --only-show-errors - fi - - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "ControlPlaneEnvironment.value" --out tsv) - if [ -z ${az_var} ]; then - az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name ControlPlaneEnvironment --value ${ENVIRONMENT} --output none --only-show-errors - else - az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name ControlPlaneEnvironment --value ${ENVIRONMENT} --output none --only-show-errors - fi - - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "ControlPlaneLocation.value" --out tsv) - if [ -z ${az_var} ]; then - az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name ControlPlaneLocation --value ${LOCATION} --output none --only-show-errors - else - az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name ControlPlaneLocation --value ${LOCATION} --output none --only-show-errors - fi - - fi - exit $return_code + az_var=$(az pipelines variable-group variable list --group-id "${VARIABLE_GROUP_ID}" --query "Terraform_Remote_Storage_Resource_Group_Name.value" --out tsv) + if [[ ${#az_var} -ne 0 ]]; then + echo "REMOTE_STATE_RG="${az_var} + echo "REMOTE_STATE_RG="${az_var} | tee -a "$deployer_environment_file_name" > /dev/null + echo "step=3" | tee -a "$deployer_environment_file_name" > /dev/null + + fi + + az_var=$(az pipelines variable-group variable list --group-id "${VARIABLE_GROUP_ID}" --query "Deployer_State_FileName.value" --out tsv) + if [[ ${#az_var} -ne 0 ]]; then + echo "deployer_tfstate_key="${az_var} | tee -a "$deployer_environment_file_name" > /dev/null + fi + + az_var=$(az pipelines variable-group variable list --group-id "${VARIABLE_GROUP_ID}" --query "Deployer_Key_Vault.value" --out tsv) + if [[ ${#az_var} -ne 0 ]]; then + echo "keyvault="${az_var} | tee -a "$deployer_environment_file_name" > /dev/null + bootstrapped=1 + fi + + fi + + echo -e "$green--- Update .sap_deployment_automation/config as SAP_AUTOMATION_REPO_PATH can change on devops agent ---$reset" + cd ${CONFIG_REPO_PATH} + mkdir -p .sap_deployment_automation + echo SAP_AUTOMATION_REPO_PATH=$SAP_AUTOMATION_REPO_PATH >.sap_deployment_automation/config + export SAP_AUTOMATION_REPO_PATH=$SAP_AUTOMATION_REPO_PATH + + echo -e "$green--- File Validations ---$reset" + if [ ! -f "${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/$(deployerconfig)" ]; then + echo -e "$boldred--- File "${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/$(deployerconfig)" was not found ---$reset" + echo "##vso[task.logissue type=error]File "${CONFIG_REPO_PATH}/${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/$(deployerconfig)" was not found." + exit 2 + fi + + if [ ! -f "${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder)/$(libraryconfig)" ]; then + echo -e "$boldred--- File ${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder)/$(libraryconfig) was not found ---$reset" + echo "##vso[task.logissue type=error]File ${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder)/$(libraryconfig) was not found." + exit 2 + fi + + # Check if running on deployer + if [[ ! -f /etc/profile.d/deploy_server.sh ]]; then + echo -e "$green--- Install dos2unix ---$reset" + sudo apt-get -qq install dos2unix + + sudo apt -qq install zip + + echo -e "$green --- Install terraform ---$reset" + + wget -q $(tf_url) + return_code=$? + if [ 0 != $return_code ]; then + echo "##vso[task.logissue type=error]Unable to download Terraform version $(tf_version)." + exit 2 + fi + unzip -qq terraform_$(tf_version)_linux_amd64.zip ; sudo mv terraform /bin/ + rm -f terraform_$(tf_version)_linux_amd64.zip + + az extension add --name storage-blob-preview >/dev/null + echo -e "$green--- az login ---$reset" + export ARM_CLIENT_ID=$CP_ARM_CLIENT_ID + export ARM_CLIENT_SECRET=$CP_ARM_CLIENT_SECRET + export ARM_TENANT_ID=$CP_ARM_TENANT_ID + export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID + az login --service-principal --username "$ARM_CLIENT_ID" --password="$ARM_CLIENT_SECRET" --tenant "$ARM_TENANT_ID" --output none + return_code=$? + if [ 0 != $return_code ]; then + echo -e "$boldred--- Login failed ---$reset" + echo "##vso[task.logissue type=error]az login failed." + exit $return_code + fi + + az account set --subscription "$ARM_SUBSCRIPTION_ID" + + else + echo "Sourcing the deploy_server.sh" + . /etc/profile.d/deploy_server.sh ; /opt/bin/terraform/terraform --version + + if [ $USE_MSI != "true" ]; then + + echo -e "$cyan--- Install using Service Principals ---$reset" + export ARM_CLIENT_ID=$CP_ARM_CLIENT_ID + export ARM_CLIENT_SECRET=$CP_ARM_CLIENT_SECRET + export ARM_TENANT_ID=$CP_ARM_TENANT_ID + export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID + unset ARM_USE_MSI + az login --service-principal --username "${ARM_CLIENT_ID}" --password="${ARM_CLIENT_SECRET}" --tenant "${ARM_TENANT_ID}" --output none + + return_code=$? + if [ 0 != $return_code ]; then + echo -e "$boldred--- Login failed ---$reset" + echo "##vso[task.logissue type=error]az login failed." + exit $return_code + fi + az account set --subscription "${ARM_SUBSCRIPTION_ID}" + else + echo -e "$cyan--- Install using Managed Identity ---$reset" + # export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID + export ARM_USE_MSI=true + export ARM_USE_AZUREAD=true + unset ARM_CLIENT_SECRET + fi + fi + + echo -e "$green--- Configure parameters ---$reset" + + echo -e "$green--- Convert config files to UX format ---$reset" + dos2unix -q "${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/$(deployerconfig)" + dos2unix -q "${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder)/$(libraryconfig)" + + echo -e "$green--- Configuring variables ---$reset" + + deployer_environment_file_name=${CONFIG_REPO_PATH}/.sap_deployment_automation/${ENVIRONMENT}$LOCATION + + export key_vault="" + ip_added=0 + + if [ -f "${deployer_environment_file_name}" ]; then + if [ 0 = $bootstrapped ]; then + key_vault=$(grep "^keyvault=" "${deployer_environment_file_name}" | awk -F'=' '{print $2}' | xargs) + export key_vault + echo "Key Vault: $key_vault" + if [ -n "${key_vault}" ]; then + echo 'Deployer Key Vault' ${key_vault} + key_vault_id=$(az resource list --name "${key_vault}" --resource-type Microsoft.KeyVault/vaults --query "[].id | [0]" -o tsv) + if [ -n "${key_vault_id}" ]; then + + if [ "azure pipelines" = "$(this_agent)" ]; then + this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 + az keyvault network-rule add --name ${key_vault} --ip-address ${this_ip} --only-show-errors --output none + ip_added=1 + fi + fi + fi + fi + fi + + echo -e "$green--- Deploy the Control Plane ---$reset" + + if [ -n "$(POOL)" ]; then + echo 'Deployer Agent Pool' $(POOL) + fi + + if [ -f "${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder)/state.zip" ]; then + pass=$(echo $(System.CollectionId) | sed 's/-//g') + + echo "Unzipping the library state file" + unzip -o -P "${pass}" "${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder)/state.zip" -d "${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder)" + fi + + # ls -lart ${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder) + + if [ -f "${CONFIG_REPO_PATH}"/DEPLOYER/$(deployerfolder)/state.zip ]; then + pass=$(echo $(System.CollectionId) | sed 's/-//g') + + echo "Unzipping the deployer state file" + unzip -o -P "${pass}" "${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/state.zip2" -d "${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)" + fi + + # ls -lart "${CONFIG_REPO_PATH}"/DEPLOYER/$(deployerfolder) + + export TF_LOG_PATH=${CONFIG_REPO_PATH}/.sap_deployment_automation/terraform.log + + sudo chmod +x $SAP_AUTOMATION_REPO_PATH/deploy/scripts/deploy_controlplane.sh + if [ $USE_MSI != "true" ]; then + echo -e "$cyan --- Install using Service Principals ---$reset" + export ARM_CLIENT_ID=$CP_ARM_CLIENT_ID + export ARM_CLIENT_SECRET=$CP_ARM_CLIENT_SECRET + export ARM_TENANT_ID=$CP_ARM_TENANT_ID + export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID + unset ARM_USE_MSI + + $SAP_AUTOMATION_REPO_PATH/deploy/scripts/deploy_controlplane.sh \ + --deployer_parameter_file "${deployer_configfile}" \ + --library_parameter_file "${library_configfile}" \ + --subscription $STATE_SUBSCRIPTION \ + --spn_secret "${ARM_CLIENT_SECRET}" \ + --tenant_id "${ARM_TENANT_ID}" \ + --auto-approve --ado \ + ${storage_account_parameter} ${keyvault_parameter} + else + echo -e "$cyan --- Install using Managed Identity ---$reset" + export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID + export ARM_USE_MSI=true + unset ARM_CLIENT_SECRET + + ${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/deploy_controlplane.sh \ + --deployer_parameter_file "${deployer_configfile}" \ + --library_parameter_file "${library_configfile}" \ + --subscription "${STATE_SUBSCRIPTION}" \ + --auto-approve --ado --msi \ + "${storage_account_parameter}" "${keyvault_parameter}" + fi + + return_code=$? + + if [ 0 != $return_code ]; then + echo "##vso[task.logissue type=error]Return code from deploy_controlplane $return_code." + if [ -f .sap_deployment_automation/"${ENVIRONMENT}${LOCATION}".err ]; then + error_message=$(cat .sap_deployment_automation/"${ENVIRONMENT}${LOCATION}".err) + echo "##vso[task.logissue type=error]Error message: $error_message." + fi + fi + + echo -e "$green--- Adding deployment automation configuration to devops repository ---$reset" + added=0 + cd "${CONFIG_REPO_PATH}" || exit + git fetch -q --all + git pull -q + + if [ -f "${deployer_environment_file_name}" ]; then + + file_deployer_tfstate_key=$(grep "^deployer_tfstate_key=" "${deployer_environment_file_name}" | awk -F'=' '{print $2}' | xargs) + echo "Deployer State File ${file_deployer_tfstate_key}" + + file_key_vault=$(grep "^keyvault=" "${deployer_environment_file_name}" | awk -F'=' '{print $2}' | xargs) + echo "(File) Deployer Key Vault ${file_key_vault}" + + file_REMOTE_STATE_SA=$(grep "^REMOTE_STATE_SA=" "${deployer_environment_file_name}" | awk -F'=' '{print $2}' | xargs) + echo "(File) Terraform state file storage account ${file_REMOTE_STATE_SA}" + + file_REMOTE_STATE_RG=$(grep "^REMOTE_STATE_RG=" "${deployer_environment_file_name}" | awk -F'=' '{print $2}' | xargs) + + echo "(File) Terraform state file resource group ${file_REMOTE_STATE_RG}" + fi + + echo -e "$green--- Update repo ---$reset" + if [ -f .sap_deployment_automation/"${ENVIRONMENT}${LOCATION}" ]; then + git add .sap_deployment_automation/"${ENVIRONMENT}${LOCATION}" + added=1 + fi + + if [ -f .sap_deployment_automation/"${ENVIRONMENT}${LOCATION}".md ]; then + git add .sap_deployment_automation/"${ENVIRONMENT}${LOCATION}".md + added=1 + fi + + if [ -f "${CONFIG_REPO_PATH}"/DEPLOYER/$(deployerfolder)/.terraform/terraform.tfstate ]; then + git add -f "${CONFIG_REPO_PATH}"/DEPLOYER/$(deployerfolder)/.terraform/terraform.tfstate + added=1 + fi + # || true suppresses the exitcode of grep. To not trigger the strict exit on error + backend=$(grep "local" "${CONFIG_REPO_PATH}"/DEPLOYER/$(deployerfolder)/.terraform/terraform.tfstate || true) + if [ -n "${backend}" ]; then + echo "Local Terraform state" + if [ -f "${CONFIG_REPO_PATH}"/DEPLOYER/$(deployerfolder)/terraform.tfstate ]; then + sudo apt install zip + echo "Compressing the deployer state file" + pass=$(echo $(System.CollectionId) | sed 's/-//g') + zip -j -P "${pass}" "${CONFIG_REPO_PATH}"/DEPLOYER/$(deployerfolder)/state "${CONFIG_REPO_PATH}"/DEPLOYER/$(deployerfolder)/terraform.tfstate + git add -f "${CONFIG_REPO_PATH}"/DEPLOYER/$(deployerfolder)/state.zip + added=1 + fi + else + echo "Remote Terraform state" + if [ -f "${CONFIG_REPO_PATH}"/DEPLOYER/$(deployerfolder)/terraform.tfstate ]; then + git rm -q --ignore-unmatch -f "${CONFIG_REPO_PATH}"/DEPLOYER/$(deployerfolder)/terraform.tfstate + added=1 + fi + if [ -f "${CONFIG_REPO_PATH}"/DEPLOYER/$(deployerfolder)/state.zip ]; then + git rm -q --ignore-unmatch -f "${CONFIG_REPO_PATH}"/DEPLOYER/$(deployerfolder)/state.zip + added=1 + fi + fi + + # || true suppresses the exitcode of grep. To not trigger the strict exit on error + backend=$(grep "local" "${CONFIG_REPO_PATH}"/LIBRARY/$(libraryfolder)/.terraform/terraform.tfstate || true) + if [ -n "${backend}" ]; then + echo "Local Terraform state" + if [ -f "${CONFIG_REPO_PATH}"/LIBRARY/$(libraryfolder)/terraform.tfstate ]; then + sudo apt install zip + echo "Compressing the library state file" + pass=$(echo $(System.CollectionId) | sed 's/-//g') + zip -j -P "${pass}" "${CONFIG_REPO_PATH}"/LIBRARY/$(libraryfolder)/state ${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder)/terraform.tfstate + git add -f "${CONFIG_REPO_PATH}"/LIBRARY/$(libraryfolder)/state.zip + added=1 + fi + else + echo "Remote Terraform state" + if [ -f ${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder)/terraform.tfstate ]; then + git rm -q -f --ignore-unmatch "${CONFIG_REPO_PATH}"/LIBRARY/$(libraryfolder)/terraform.tfstate + added=1 + fi + if [ -f ${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder)/state.zip ]; then + git rm -q --ignore-unmatch -f "${CONFIG_REPO_PATH}"/LIBRARY/$(libraryfolder)/state.zip + added=1 + fi + fi + + if [ -f ${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder)/.terraform/terraform.tfstate ]; then + git add -f "${CONFIG_REPO_PATH}"/LIBRARY/$(libraryfolder)/.terraform/terraform.tfstate + added=1 + fi + + if [ 1 = $added ]; then + git config --global user.email "$(Build.RequestedForEmail)" + git config --global user.name "$(Build.RequestedFor)" + git commit -m "Added updates from control plane deployment $(Build.DefinitionName) [skip ci]" + + git -c http.extraheader="AUTHORIZATION: bearer $(System.AccessToken)" push --set-upstream origin $(Build.SourceBranchName) + fi + + if [ -f "${CONFIG_REPO_PATH}"/.sap_deployment_automation/"${ENVIRONMENT}""${LOCATION}".md ]; then + echo "##vso[task.uploadsummary]${CONFIG_REPO_PATH}/.sap_deployment_automation/"${ENVIRONMENT}${LOCATION}".md" + fi + + echo -e "$green--- Adding variables to the variable group:" $(variable_group) "---$reset" + if [ 0 = $return_code ]; then + az_var=$(az pipelines variable-group variable list --group-id "${VARIABLE_GROUP_ID}" --query "Terraform_Remote_Storage_Account_Name.value" --out tsv) + if [ -z ${az_var} ]; then + az pipelines variable-group variable create --group-id "${VARIABLE_GROUP_ID}" --name Terraform_Remote_Storage_Account_Name --value "${file_REMOTE_STATE_SA}" --output none --only-show-errors + else + az pipelines variable-group variable update --group-id "${VARIABLE_GROUP_ID}" --name Terraform_Remote_Storage_Account_Name --value "${file_REMOTE_STATE_SA}" --output none --only-show-errors + fi + + az_var=$(az pipelines variable-group variable list --group-id "${VARIABLE_GROUP_ID}" --query "Terraform_Remote_Storage_Resource_Group_Name.value" --out tsv) + if [ -z ${az_var} ]; then + az pipelines variable-group variable create --group-id "${VARIABLE_GROUP_ID}" --name Terraform_Remote_Storage_Resource_Group_Name --value "${file_REMOTE_STATE_RG}" --output none --only-show-errors + else + az pipelines variable-group variable update --group-id "${VARIABLE_GROUP_ID}" --name Terraform_Remote_Storage_Resource_Group_Name --value "${file_REMOTE_STATE_RG}" --output none --only-show-errors + fi + + az_var=$(az pipelines variable-group variable list --group-id "${VARIABLE_GROUP_ID}" --query "Terraform_Remote_Storage_Subscription.value" --out tsv) + if [ -z ${az_var} ]; then + az pipelines variable-group variable create --group-id "${VARIABLE_GROUP_ID}" --name Terraform_Remote_Storage_Subscription --value "${ARM_SUBSCRIPTION_ID}" --output none --only-show-errors + else + az pipelines variable-group variable update --group-id "${VARIABLE_GROUP_ID}" --name Terraform_Remote_Storage_Subscription --value "${ARM_SUBSCRIPTION_ID}" --output none --only-show-errors + fi + + az_var=$(az pipelines variable-group variable list --group-id "${VARIABLE_GROUP_ID}" --query "Deployer_State_FileName.value" --out tsv) + if [ -z ${az_var} ]; then + az pipelines variable-group variable create --group-id "${VARIABLE_GROUP_ID}" --name Deployer_State_FileName --value "${file_deployer_tfstate_key}" --output none --only-show-errors + else + az pipelines variable-group variable update --group-id "${VARIABLE_GROUP_ID}" --name Deployer_State_FileName --value "${file_deployer_tfstate_key}" --output none --only-show-errors + fi + + az_var=$(az pipelines variable-group variable list --group-id "${VARIABLE_GROUP_ID}" --query "Deployer_Key_Vault.value" --out tsv) + if [ -z ${az_var} ]; then + az pipelines variable-group variable create --group-id "${VARIABLE_GROUP_ID}" --name Deployer_Key_Vault --value "${file_key_vault}" --output none --only-show-errors + else + az pipelines variable-group variable update --group-id "${VARIABLE_GROUP_ID}" --name Deployer_Key_Vault --value "${file_key_vault}" --output none --only-show-errors + fi + + az_var=$(az pipelines variable-group variable list --group-id "${VARIABLE_GROUP_ID}" --query "ControlPlaneEnvironment.value" --out tsv) + if [ -z ${az_var} ]; then + az pipelines variable-group variable create --group-id "${VARIABLE_GROUP_ID}" --name ControlPlaneEnvironment --value "${ENVIRONMENT}" --output none --only-show-errors + else + az pipelines variable-group variable update --group-id "${VARIABLE_GROUP_ID}" --name ControlPlaneEnvironment --value "${ENVIRONMENT}" --output none --only-show-errors + fi + + az_var=$(az pipelines variable-group variable list --group-id "${VARIABLE_GROUP_ID}" --query "ControlPlaneLocation.value" --out tsv) + if [ -z ${az_var} ]; then + az pipelines variable-group variable create --group-id "${VARIABLE_GROUP_ID}" --name ControlPlaneLocation --value "${LOCATION}" --output none --only-show-errors + else + az pipelines variable-group variable update --group-id "${VARIABLE_GROUP_ID}" --name ControlPlaneLocation --value "${LOCATION}" --output none --only-show-errors + fi + + fi + exit $return_code displayName: Deploy control plane From 89c480d6e278b80c2bc9f36f389bd32712b15194 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 17 Oct 2024 21:48:36 +0300 Subject: [PATCH 083/279] Refactor pipeline script to update echo statements for installation method and use correct variables for workload ARM_CLIENT_ID --- deploy/pipelines/01-deploy-control-plane.yaml | 8 +- deploy/scripts/set_secrets.sh | 433 +++++++++--------- 2 files changed, 223 insertions(+), 218 deletions(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index 7c6856ca6c..5ea174706c 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -489,7 +489,7 @@ stages: if [ -f "${deployer_environment_file_name}" ] ; then key_vault=$(grep "^keyvault=" "${deployer_environment_file_name}" | awk -F'=' '{print $2}' | xargs) - echo -e "$cyan 'Deployer Key Vault' ${key_vault} $reset" + echo "Deployer Key Vault: ${key_vault}" az pipelines variable-group variable create --group-id "${VARIABLE_GROUP_ID}" --name Deployer_Key_Vault --value "${key_vault}" --output none --only-show-errors fi fi @@ -500,7 +500,8 @@ stages: else if [ -f "${deployer_environment_file_name}" ] ; then STATE_SUBSCRIPTION=$(grep "^STATE_SUBSCRIPTION=" "${deployer_environment_file_name}" | awk -F'=' '{print $2}' | xargs) - echo 'Terraform state file subscription' "${STATE_SUBSCRIPTION}" + echo "TF Subscription: ${STATE_SUBSCRIPTION}" + az pipelines variable-group variable create --group-id "${VARIABLE_GROUP_ID}" --name Terraform_Remote_Storage_Subscription --value "${STATE_SUBSCRIPTION}" --output none --only-show-errors fi fi @@ -519,7 +520,8 @@ stages: else if [ -f "${deployer_environment_file_name}" ] ; then REMOTE_STATE_SA=$(grep "^REMOTE_STATE_SA=" "${deployer_environment_file_name}" | awk -F'=' '{print $2}' | xargs) - echo 'Terraform state file storage account' "${REMOTE_STATE_SA}" + echo "TF Account: ${REMOTE_STATE_SA}" + az pipelines variable-group variable create --group-id "${VARIABLE_GROUP_ID}" --name Terraform_Remote_Storage_Account_Name --value "${REMOTE_STATE_SA}" --output none --only-show-errors fi fi diff --git a/deploy/scripts/set_secrets.sh b/deploy/scripts/set_secrets.sh index 046929bedf..db90998a81 100755 --- a/deploy/scripts/set_secrets.sh +++ b/deploy/scripts/set_secrets.sh @@ -60,54 +60,54 @@ fi eval set -- "$INPUT_ARGUMENTS" while :; do case "$1" in - -e | --environment) - environment="$2" - shift 2 + -e | --environment) + environment="$2" + shift 2 ;; - -r | --region) - region_code="$2" - shift 2 + -r | --region) + region_code="$2" + shift 2 ;; - -v | --vault) - keyvault="$2" - shift 2 + -v | --vault) + keyvault="$2" + shift 2 ;; - -s | --subscription) - subscription="$2" - shift 2 + -s | --subscription) + subscription="$2" + shift 2 ;; - -c | --spn_id) - client_id="$2" - shift 2 + -c | --spn_id) + client_id="$2" + shift 2 ;; - -p | --spn_secret) - client_secret="$2" - shift 2 + -p | --spn_secret) + client_secret="$2" + shift 2 ;; - -t | --tenant_id) - tenant_id="$2" - shift 2 + -t | --tenant_id) + tenant_id="$2" + shift 2 ;; - -b | --keyvault_subscription) - STATE_SUBSCRIPTION="$2" - shift 2 + -b | --keyvault_subscription) + STATE_SUBSCRIPTION="$2" + shift 2 ;; - -w | --workload) - workload=1 - shift + -w | --workload) + workload=1 + shift ;; - -m | --msi) - deploy_using_msi_only=1 - shift + -m | --msi) + deploy_using_msi_only=1 + shift ;; - -h | --help) - showhelp - exit 3 - shift + -h | --help) + showhelp + exit 3 + shift ;; - --) - shift - break + --) + shift + break ;; esac done @@ -121,8 +121,8 @@ while [ -z "${region_code}" ]; do done if [ -z "${region_code}" ]; then - # Convert the region to the correct code - get_region_code $region + # Convert the region to the correct code + get_region_code $region fi # if ! valid_environment "${environment}"; then @@ -194,79 +194,79 @@ fi if [ 0 = "${deploy_using_msi_only:-}" ]; then - if [ -z "${client_id}" ]; then - load_config_vars "${environment_config_information}" "client_id" - if [ -z "$client_id" ]; then - read -r -p "SPN App ID: " client_id - fi - else - if is_valid_guid "${client_id}" ; then - echo "Valid client_id specified" - else - printf -v val %-40.40s "$client_id" - echo "#########################################################################################" - echo "# #" - echo -e "# The provided client_id is not valid:$boldred ${val} $resetformatting #" - echo "# #" - echo "#########################################################################################" - return_code=65 - echo "The provided client_id is not valid " "${val}" > secret.err - exit $return_code - fi - fi - - if [ ! -n "$client_secret" ]; then - #do not output the secret to screen - read -rs -p " -> Kindly provide SPN Password: " client_secret - echo "********" - fi - - if [ -z "${tenant_id}" ]; then - load_config_vars "${environment_config_information}" "tenant_id" - if [ -z "${tenant_id}" ]; then - read -r -p "SPN Tenant ID: " tenant_id - fi - else - if is_valid_guid "${tenant_id}" ; then - echo "Valid tenant_id specified" - else - printf -v val %-40.40s "$tenant_id" - echo "#########################################################################################" - echo "# #" - echo -e "# The provided tenant_id is not valid:$boldred ${val} $resetformatting #" - echo "# #" - echo "#########################################################################################" - return_code=65 - echo "The provided tenant_id is not valid " "${val}" > secret.err - exit $return_code - fi - fi - if [ -z "${client_id}" ]; then - echo "Missing client_id" - echo "No client_id specified" > secret.err - showhelp - return_code=65 #/* data format error */ - echo $return_code - exit $return_code - fi - - if [ -z "$client_secret" ]; then - echo "Missing client_secret" - echo "No client_secret specified" > secret.err - showhelp - return_code=65 #/* data format error */ - echo $return_code - exit $return_code - fi - - if [ -z "${tenant_id}" ]; then - echo "Missing tenant_id" - echo "No tenant_id specified" > secret.err - showhelp - return_code=65 #/* data format error */ - echo $return_code - exit $return_code - fi + if [ -z "${client_id}" ]; then + load_config_vars "${environment_config_information}" "client_id" + if [ -z "$client_id" ]; then + read -r -p "SPN App ID: " client_id + fi + else + if is_valid_guid "${client_id}" ; then + echo "Valid client_id specified" + else + printf -v val %-40.40s "$client_id" + echo "#########################################################################################" + echo "# #" + echo -e "# The provided client_id is not valid:$boldred ${val} $resetformatting #" + echo "# #" + echo "#########################################################################################" + return_code=65 + echo "The provided client_id is not valid " "${val}" > secret.err + exit $return_code + fi + fi + + if [ ! -n "$client_secret" ]; then + #do not output the secret to screen + read -rs -p " -> Kindly provide SPN Password: " client_secret + echo "********" + fi + + if [ -z "${tenant_id}" ]; then + load_config_vars "${environment_config_information}" "tenant_id" + if [ -z "${tenant_id}" ]; then + read -r -p "SPN Tenant ID: " tenant_id + fi + else + if is_valid_guid "${tenant_id}" ; then + echo "Valid tenant_id specified" + else + printf -v val %-40.40s "$tenant_id" + echo "#########################################################################################" + echo "# #" + echo -e "# The provided tenant_id is not valid:$boldred ${val} $resetformatting #" + echo "# #" + echo "#########################################################################################" + return_code=65 + echo "The provided tenant_id is not valid " "${val}" > secret.err + exit $return_code + fi + fi + if [ -z "${client_id}" ]; then + echo "Missing client_id" + echo "No client_id specified" > secret.err + showhelp + return_code=65 #/* data format error */ + echo $return_code + exit $return_code + fi + + if [ -z "$client_secret" ]; then + echo "Missing client_secret" + echo "No client_secret specified" > secret.err + showhelp + return_code=65 #/* data format error */ + echo $return_code + exit $return_code + fi + + if [ -z "${tenant_id}" ]; then + echo "Missing tenant_id" + echo "No tenant_id specified" > secret.err + showhelp + return_code=65 #/* data format error */ + echo $return_code + exit $return_code + fi fi if [ -z "${subscription}" ]; then read -r -p "SPN Subscription: " subscription @@ -294,13 +294,16 @@ echo "# echo "#########################################################################################" echo "" +echo "Keyvault: ${keyvault}" +echo "Subscription: ${STATE_SUBSCRIPTION}" + save_config_vars "${environment_config_information}" \ - keyvault \ - environment \ - subscription \ - client_id \ - tenant_id \ - STATE_SUBSCRIPTION +keyvault \ +environment \ +subscription \ +client_id \ +tenant_id \ +STATE_SUBSCRIPTION secretname="${environment}"-subscription-id @@ -325,110 +328,110 @@ if [ "${deleted}" == "${secretname}" ]; then else exists=$(az keyvault secret list --vault-name "${keyvault}" --subscription "${STATE_SUBSCRIPTION}" --query "[].{Name:name} | [? contains(Name,'${secretname}')] | [0]" -o tsv) if [ "${exists}" == "${secretname}" ]; then - v=$(az keyvault secret show --name "${secretname}" --vault-name "${keyvault}" --subscription "${STATE_SUBSCRIPTION}" --query value -o tsv) - if [ "${v}" != "${subscription}" ] ; then - echo -e "\t $cyan Setting secret ${secretname} in keyvault ${keyvault} $resetformatting \n" - az keyvault secret set --name "${secretname}" --vault-name "${keyvault}" --subscription "${STATE_SUBSCRIPTION}" --value "${subscription}" --expires "$(date -d '+1 year' -u +%Y-%m-%dT%H:%M:%SZ)" >stdout.az 2>&1 - fi + v=$(az keyvault secret show --name "${secretname}" --vault-name "${keyvault}" --subscription "${STATE_SUBSCRIPTION}" --query value -o tsv) + if [ "${v}" != "${subscription}" ] ; then + echo -e "\t $cyan Setting secret ${secretname} in keyvault ${keyvault} $resetformatting \n" + az keyvault secret set --name "${secretname}" --vault-name "${keyvault}" --subscription "${STATE_SUBSCRIPTION}" --value "${subscription}" --expires "$(date -d '+1 year' -u +%Y-%m-%dT%H:%M:%SZ)" >stdout.az 2>&1 + fi else - az keyvault secret set --name "${secretname}" --vault-name "${keyvault}" --subscription "${STATE_SUBSCRIPTION}" --value "${subscription}" --expires "$(date -d '+1 year' -u +%Y-%m-%dT%H:%M:%SZ)" >stdout.az 2>&1 + az keyvault secret set --name "${secretname}" --vault-name "${keyvault}" --subscription "${STATE_SUBSCRIPTION}" --value "${subscription}" --expires "$(date -d '+1 year' -u +%Y-%m-%dT%H:%M:%SZ)" >stdout.az 2>&1 fi fi if [ -f stdout.az ]; then - result=$(grep "ERROR: The user, group or application" stdout.az) - - if [ -n "${result}" ]; then - printf -v val "%-20.20s" "$keyvault" - echo "#########################################################################################" - echo "# #" - echo -e "# No access to add the secrets in the$boldred" "${val}" "$resetformatting keyvault #" - echo "# Please add an access policy for the account you use #" - echo "# #" - echo "#########################################################################################" - echo "" - rm stdout.az - echo "No access to add the secrets in the " "${val}" "keyvault" > secret.err - return_code=77 - exit $return_code - fi - - result=$(grep "The Vault may not exist" stdout.az) - if [ -n "${result}" ]; then - printf -v val "%-20.20s could not be found!" "$keyvault" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldred Keyvault" "${val}" "$resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" - rm stdout.az - return_code=65 #/* name unknown */ - echo "Keyvault" "${val}" > secret.err - exit $return_code - - fi + result=$(grep "ERROR: The user, group or application" stdout.az) + + if [ -n "${result}" ]; then + printf -v val "%-20.20s" "$keyvault" + echo "#########################################################################################" + echo "# #" + echo -e "# No access to add the secrets in the$boldred" "${val}" "$resetformatting keyvault #" + echo "# Please add an access policy for the account you use #" + echo "# #" + echo "#########################################################################################" + echo "" + rm stdout.az + echo "No access to add the secrets in the " "${val}" "keyvault" > secret.err + return_code=77 + exit $return_code + fi + + result=$(grep "The Vault may not exist" stdout.az) + if [ -n "${result}" ]; then + printf -v val "%-20.20s could not be found!" "$keyvault" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldred Keyvault" "${val}" "$resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" + rm stdout.az + return_code=65 #/* name unknown */ + echo "Keyvault" "${val}" > secret.err + exit $return_code + + fi fi if [ 0 = "${deploy_using_msi_only:-}" ]; then - #turn off output, we do not want to show the details being uploaded to keyvault - secretname="${environment}"-client-id - deleted=$(az keyvault secret list-deleted --vault-name "${keyvault}" --subscription "${STATE_SUBSCRIPTION}" --query "[].{Name:name} | [? contains(Name,'${secretname}')] | [0]" -o tsv) - if [ "${deleted}" == "${secretname}" ]; then - echo -e "\t $cyan Recovering secret ${secretname} in keyvault ${keyvault} $resetformatting \n" - az keyvault secret recover --name "${secretname}" --vault-name "${keyvault}" --subscription $STATE_SUBSCRIPTION - sleep 10 - fi - - v="" - secret=$(az keyvault secret list --vault-name "${keyvault}" --subscription "${STATE_SUBSCRIPTION}" --query "[].{Name:name} | [? contains(Name,'${secretname}')] | [0]" -o tsv) - if [ "${secret}" == "${secretname}" ]; - then - v=$(az keyvault secret show --name "${secretname}" --vault-name "${keyvault}" --subscription "${STATE_SUBSCRIPTION}" --query value -o tsv) - if [ "${v}" != "${client_id}" ] ; then - az keyvault secret set --name "${secretname}" --vault-name "${keyvault}" --subscription "${STATE_SUBSCRIPTION}" --value "${client_id}" --expires "$(date -d '+1 year' -u +%Y-%m-%dT%H:%M:%SZ)" --only-show-errors --output none - fi - else - az keyvault secret set --name "${secretname}" --vault-name "${keyvault}" --subscription "${STATE_SUBSCRIPTION}" --value "${client_id}" --expires "$(date -d '+1 year' -u +%Y-%m-%dT%H:%M:%SZ)" --only-show-errors --output none - fi - - secretname="${environment}"-tenant-id - deleted=$(az keyvault secret list-deleted --vault-name "${keyvault}" --subscription "${STATE_SUBSCRIPTION}" --query "[].{Name:name} | [? contains(Name,'${secretname}')] | [0]" -o tsv) - if [ "${deleted}" == "${secretname}" ]; then - echo -e "\t $cyan Recovering secret ${secretname} in keyvault ${keyvault} $resetformatting \n" - az keyvault secret recover --name "${secretname}" --vault-name "${keyvault}" --subscription $STATE_SUBSCRIPTION - sleep 10 - fi - v="" - secret=$(az keyvault secret list --vault-name "${keyvault}" --subscription "${STATE_SUBSCRIPTION}" --query "[].{Name:name} | [? contains(Name,'${secretname}')] | [0]" -o tsv) - if [ "${secret}" == "${secretname}" ]; - then - v=$(az keyvault secret show --name "${secretname}" --vault-name "${keyvault}" --subscription "${STATE_SUBSCRIPTION}" --query value -o tsv) - if [ "${v}" != "${tenant_id}" ] ; then - az keyvault secret set --name "${secretname}" --vault-name "${keyvault}" --subscription "${STATE_SUBSCRIPTION}" --value "${tenant_id}" --expires "$(date -d '+1 year' -u +%Y-%m-%dT%H:%M:%SZ)" --only-show-errors --output none - fi - else - az keyvault secret set --name "${secretname}" --vault-name "${keyvault}" --subscription "${STATE_SUBSCRIPTION}" --value "${tenant_id}" --expires "$(date -d '+1 year' -u +%Y-%m-%dT%H:%M:%SZ)" --only-show-errors --output none - fi - - secretname="${environment}"-client-secret - deleted=$(az keyvault secret list-deleted --vault-name "${keyvault}" --subscription "${STATE_SUBSCRIPTION}" --query "[].{Name:name} | [? contains(Name,'${secretname}')] | [0]" -o tsv) - if [ "${deleted}" == "${secretname}" ]; then - echo -e "\t $cyan Recovering secret ${secretname} in keyvault ${keyvault} $resetformatting \n" - az keyvault secret recover --name "${secretname}" --vault-name "${keyvault}" --subscription $STATE_SUBSCRIPTION - sleep 10 - fi - - v="" - secret=$(az keyvault secret list --vault-name "${keyvault}" --subscription "${STATE_SUBSCRIPTION}" --query "[].{Name:name} | [? contains(Name,'${secretname}')] | [0]" -o tsv) - if [ "${secret}" == "${secretname}" ]; - then - v=$(az keyvault secret show --name "${secretname}" --vault-name "${keyvault}" --subscription "${STATE_SUBSCRIPTION}" --query value -o tsv) - if [ "${v}" != "${client_secret}" ] ; then - az keyvault secret set --name "${secretname}" --vault-name "${keyvault}" --subscription "${STATE_SUBSCRIPTION}" --value="${client_secret}" --expires "$(date -d '+1 year' -u +%Y-%m-%dT%H:%M:%SZ)" --only-show-errors --output none - fi - else - az keyvault secret set --name "${secretname}" --vault-name "${keyvault}" --subscription "${STATE_SUBSCRIPTION}" --value="${client_secret}" --expires "$(date -d '+1 year' -u +%Y-%m-%dT%H:%M:%SZ)" --only-show-errors --output none - fi + #turn off output, we do not want to show the details being uploaded to keyvault + secretname="${environment}"-client-id + deleted=$(az keyvault secret list-deleted --vault-name "${keyvault}" --subscription "${STATE_SUBSCRIPTION}" --query "[].{Name:name} | [? contains(Name,'${secretname}')] | [0]" -o tsv) + if [ "${deleted}" == "${secretname}" ]; then + echo -e "\t $cyan Recovering secret ${secretname} in keyvault ${keyvault} $resetformatting \n" + az keyvault secret recover --name "${secretname}" --vault-name "${keyvault}" --subscription "${STATE_SUBSCRIPTION}" + sleep 10 + fi + + v="" + secret=$(az keyvault secret list --vault-name "${keyvault}" --subscription "${STATE_SUBSCRIPTION}" --query "[].{Name:name} | [? contains(Name,'${secretname}')] | [0]" -o tsv) + if [ "${secret}" == "${secretname}" ]; + then + v=$(az keyvault secret show --name "${secretname}" --vault-name "${keyvault}" --subscription "${STATE_SUBSCRIPTION}" --query value -o tsv) + if [ "${v}" != "${client_id}" ] ; then + az keyvault secret set --name "${secretname}" --vault-name "${keyvault}" --subscription "${STATE_SUBSCRIPTION}" --value "${client_id}" --expires "$(date -d '+1 year' -u +%Y-%m-%dT%H:%M:%SZ)" --only-show-errors --output none + fi + else + az keyvault secret set --name "${secretname}" --vault-name "${keyvault}" --subscription "${STATE_SUBSCRIPTION}" --value "${client_id}" --expires "$(date -d '+1 year' -u +%Y-%m-%dT%H:%M:%SZ)" --only-show-errors --output none + fi + + secretname="${environment}"-tenant-id + deleted=$(az keyvault secret list-deleted --vault-name "${keyvault}" --subscription "${STATE_SUBSCRIPTION}" --query "[].{Name:name} | [? contains(Name,'${secretname}')] | [0]" -o tsv) + if [ "${deleted}" == "${secretname}" ]; then + echo -e "\t $cyan Recovering secret ${secretname} in keyvault ${keyvault} $resetformatting \n" + az keyvault secret recover --name "${secretname}" --vault-name "${keyvault}" --subscription $STATE_SUBSCRIPTION + sleep 10 + fi + v="" + secret=$(az keyvault secret list --vault-name "${keyvault}" --subscription "${STATE_SUBSCRIPTION}" --query "[].{Name:name} | [? contains(Name,'${secretname}')] | [0]" -o tsv) + if [ "${secret}" == "${secretname}" ]; + then + v=$(az keyvault secret show --name "${secretname}" --vault-name "${keyvault}" --subscription "${STATE_SUBSCRIPTION}" --query value -o tsv) + if [ "${v}" != "${tenant_id}" ] ; then + az keyvault secret set --name "${secretname}" --vault-name "${keyvault}" --subscription "${STATE_SUBSCRIPTION}" --value "${tenant_id}" --expires "$(date -d '+1 year' -u +%Y-%m-%dT%H:%M:%SZ)" --only-show-errors --output none + fi + else + az keyvault secret set --name "${secretname}" --vault-name "${keyvault}" --subscription "${STATE_SUBSCRIPTION}" --value "${tenant_id}" --expires "$(date -d '+1 year' -u +%Y-%m-%dT%H:%M:%SZ)" --only-show-errors --output none + fi + + secretname="${environment}"-client-secret + deleted=$(az keyvault secret list-deleted --vault-name "${keyvault}" --subscription "${STATE_SUBSCRIPTION}" --query "[].{Name:name} | [? contains(Name,'${secretname}')] | [0]" -o tsv) + if [ "${deleted}" == "${secretname}" ]; then + echo -e "\t $cyan Recovering secret ${secretname} in keyvault ${keyvault} $resetformatting \n" + az keyvault secret recover --name "${secretname}" --vault-name "${keyvault}" --subscription $STATE_SUBSCRIPTION + sleep 10 + fi + + v="" + secret=$(az keyvault secret list --vault-name "${keyvault}" --subscription "${STATE_SUBSCRIPTION}" --query "[].{Name:name} | [? contains(Name,'${secretname}')] | [0]" -o tsv) + if [ "${secret}" == "${secretname}" ]; + then + v=$(az keyvault secret show --name "${secretname}" --vault-name "${keyvault}" --subscription "${STATE_SUBSCRIPTION}" --query value -o tsv) + if [ "${v}" != "${client_secret}" ] ; then + az keyvault secret set --name "${secretname}" --vault-name "${keyvault}" --subscription "${STATE_SUBSCRIPTION}" --value="${client_secret}" --expires "$(date -d '+1 year' -u +%Y-%m-%dT%H:%M:%SZ)" --only-show-errors --output none + fi + else + az keyvault secret set --name "${secretname}" --vault-name "${keyvault}" --subscription "${STATE_SUBSCRIPTION}" --value="${client_secret}" --expires "$(date -d '+1 year' -u +%Y-%m-%dT%H:%M:%SZ)" --only-show-errors --output none + fi fi exit $return_code From b8d7f1cfb100cff89ff17d52016c101b0ea14d1a Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 17 Oct 2024 21:55:07 +0300 Subject: [PATCH 084/279] Refactor pipeline script to update echo statements and export variables for installation method and workload ARM_CLIENT_ID --- deploy/pipelines/01-deploy-control-plane.yaml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index 5ea174706c..5d9d15801b 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -483,8 +483,8 @@ stages: echo -e "$green--- Variables ---$reset" az_var=$(az pipelines variable-group variable list --group-id "${VARIABLE_GROUP_ID}" --query "Deployer_Key_Vault.value" --output tsv) if [ -n "${az_var}" ]; then - key_vault="${az_var}" - echo -e "$cyan 'Deployer Key Vault' ${key_vault} $reset" + export key_vault="${az_var}" + echo "Deployer Key Vault: ${key_vault}" else if [ -f "${deployer_environment_file_name}" ] ; then @@ -496,10 +496,11 @@ stages: az_var=$(az pipelines variable-group variable list --group-id "${VARIABLE_GROUP_ID}" --query "Terraform_Remote_Storage_Subscription.value" --output tsv) if [ -n "${az_var}" ]; then - STATE_SUBSCRIPTION="${az_var}" ; echo 'Terraform state file subscription' "$STATE_SUBSCRIPTION" + export STATE_SUBSCRIPTION="${az_var}" + echo "TF Subscription: ${STATE_SUBSCRIPTION}" else if [ -f "${deployer_environment_file_name}" ] ; then - STATE_SUBSCRIPTION=$(grep "^STATE_SUBSCRIPTION=" "${deployer_environment_file_name}" | awk -F'=' '{print $2}' | xargs) + export STATE_SUBSCRIPTION=$(grep "^STATE_SUBSCRIPTION=" "${deployer_environment_file_name}" | awk -F'=' '{print $2}' | xargs) echo "TF Subscription: ${STATE_SUBSCRIPTION}" az pipelines variable-group variable create --group-id "${VARIABLE_GROUP_ID}" --name Terraform_Remote_Storage_Subscription --value "${STATE_SUBSCRIPTION}" --output none --only-show-errors @@ -516,7 +517,8 @@ stages: az_var=$(az pipelines variable-group variable list --group-id "${VARIABLE_GROUP_ID}" --query "Terraform_Remote_Storage_Account_Name.value" --output tsv) if [ -n "${az_var}" ]; then - REMOTE_STATE_SA="${az_var}" ; echo 'Terraform state file storage account' "${REMOTE_STATE_SA}" + export REMOTE_STATE_SA="${az_var}" + echo "TF Account: ${REMOTE_STATE_SA}" else if [ -f "${deployer_environment_file_name}" ] ; then REMOTE_STATE_SA=$(grep "^REMOTE_STATE_SA=" "${deployer_environment_file_name}" | awk -F'=' '{print $2}' | xargs) From 4946481fcad055798cd4b87df28966b64ac8c330 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 17 Oct 2024 22:05:11 +0300 Subject: [PATCH 085/279] Refactor pipeline script to update PATH variable in deploy_controlplane.sh --- deploy/scripts/deploy_controlplane.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/deploy/scripts/deploy_controlplane.sh b/deploy/scripts/deploy_controlplane.sh index 5c69d1d3ed..dd5c0f15db 100755 --- a/deploy/scripts/deploy_controlplane.sh +++ b/deploy/scripts/deploy_controlplane.sh @@ -31,7 +31,8 @@ full_script_path="$(realpath "${BASH_SOURCE[0]}")" script_directory="$(dirname "${full_script_path}")" if [[ -f /etc/profile.d/deploy_server.sh ]]; then - . /etc/profile.d/deploy_server.sh + path=$(grep -m 1 "export PATH=" /etc/profile.d/deploy_server.sh | awk -F'=' '{print $2}' | xargs) + export PATH=$path fi #call stack has full scriptname when using source From 7d5d7020f1c1b9f9f2ba2da43843b813a3aa0a82 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 17 Oct 2024 22:19:12 +0300 Subject: [PATCH 086/279] Refactor pipeline script to update echo statements and export variables for installation method, workload ARM_CLIENT_ID, and Terraform state information --- deploy/scripts/installer.sh | 37 +++++++++++++++++++------------------ 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/deploy/scripts/installer.sh b/deploy/scripts/installer.sh index f0e2ae5921..25a9acefe6 100755 --- a/deploy/scripts/installer.sh +++ b/deploy/scripts/installer.sh @@ -50,9 +50,8 @@ do done -echo "Parameter file: $parameterfile" -echo "Current directory: $(pwd)" - +echo "Parameter file: $parameterfile" +echo "Current directory: $(pwd)" tfstate_resource_id="" tfstate_parameter="" @@ -154,13 +153,14 @@ automation_config_directory=$CONFIG_REPO_PATH/.sap_deployment_automation/ generic_config_information="${automation_config_directory}"config system_config_information="${automation_config_directory}""${environment}""${region_code}""${network_logical_name}" -echo "Configuration file: $system_config_information" -echo "Deployment region: $region" -echo "Deployment region code: $region_code" +echo "Configuration file: $system_config_information" +echo "Deployment region: $region" +echo "Deployment region code: $region_code" + if [ 1 == $called_from_ado ] ; then this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 export TF_VAR_Agent_IP=$this_ip - echo "Agent IP: $this_ip" + echo "Agent IP: $this_ip" fi @@ -186,7 +186,7 @@ if [[ -n "${TF_PARALLELLISM}" ]]; then parallelism=$TF_PARALLELLISM fi -echo "Parallelism count $parallelism" +echo "Parallelism count: $parallelism" param_dirname=$(pwd) @@ -221,8 +221,8 @@ else save_config_vars "${system_config_information}" REMOTE_STATE_SA fi -echo "Terraform state file storage:" "${REMOTE_STATE_SA}" -echo "Terraform state subscription:" "${STATE_SUBSCRIPTION}" +echo "Terraform state subscription: ${STATE_SUBSCRIPTION}" +echo "Terraform state account: ${REMOTE_STATE_SA}" deployer_tfstate_key_parameter='' @@ -230,7 +230,7 @@ if [[ -z $deployer_tfstate_key ]]; then load_config_vars "${system_config_information}" "deployer_tfstate_key" else - echo "Deployer state file name:" "${deployer_tfstate_key}" + echo "Deployer state file name: ${deployer_tfstate_key}" save_config_vars "${system_config_information}" deployer_tfstate_key fi @@ -261,17 +261,17 @@ else load_config_vars "${system_config_information}" "keyvault" export TF_VAR_deployer_kv_user_arm_id=$(az resource list --name "${keyvault}" --subscription ${STATE_SUBSCRIPTION} --resource-type Microsoft.KeyVault/vaults --query "[].id | [0]" -o tsv) - echo "Deployer Keyvault: $TF_VAR_deployer_kv_user_arm_id" + echo "Deployer Keyvault ID: $TF_VAR_deployer_kv_user_arm_id" fi useSAS=$(az storage account show --name "${REMOTE_STATE_SA}" --query allowSharedKeyAccess --subscription "${STATE_SUBSCRIPTION}" --out tsv) if [ "$useSAS" = "true" ] ; then - echo "Authenticate storage using SAS" + echo "Storage Account Authentication: Key" export ARM_USE_AZUREAD=false else - echo "Authenticate storage using Entra ID" + echo "Storage Account Authentication: Entra ID" export ARM_USE_AZUREAD=true fi @@ -309,6 +309,7 @@ then fi else landscape_tfstate_key_parameter=" -var landscape_tfstate_key=${landscape_tfstate_key}" + echo "Workload zone state file: ${landscape_tfstate_key}" fi fi @@ -396,7 +397,7 @@ if [[ -z ${REMOTE_STATE_SA} ]]; then fi fi -echo "Terraform state storage " "${REMOTE_STATE_SA}" +echo "Terraform state storage account: ${REMOTE_STATE_SA}" if [ -z ${REMOTE_STATE_SA} ]; then option="REMOTE_STATE_SA" @@ -445,9 +446,9 @@ fi ok_to_proceed=false -echo "Terraform state subscription_id = ${STATE_SUBSCRIPTION}" -echo "Terraform state resource group name = ${REMOTE_STATE_RG}" -echo "Terraform state storage account name = ${REMOTE_STATE_SA}" +echo "Terraform subscription_id: ${STATE_SUBSCRIPTION}" +echo "Terraform resource group name: ${REMOTE_STATE_RG}" +echo "Terraform state storage account: ${REMOTE_STATE_SA}" # This is used to tell Terraform if this is a new deployment or an update deployment_parameter="" From 6e7417b3c8b64b4ff3708bb5ffcfb6c0d53cd64e Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 17 Oct 2024 22:30:15 +0300 Subject: [PATCH 087/279] Refactor pipeline script to update echo statements and export variables for installation method, workload ARM_CLIENT_ID, and Terraform state information --- deploy/pipelines/01-deploy-control-plane.yaml | 8 ++++---- deploy/terraform/run/sap_deployer/providers.tf | 1 + 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index 5d9d15801b..dc0b46de16 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -662,7 +662,7 @@ stages: export ARM_CLIENT_ID=$CP_ARM_CLIENT_ID export ARM_CLIENT_SECRET=$CP_ARM_CLIENT_SECRET export ARM_TENANT_ID=$CP_ARM_TENANT_ID - export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID + export ARM_SUBSCRIPTION_ID=$CP_ARM_SUBSCRIPTION_ID unset ARM_USE_MSI az login --service-principal --username "${ARM_CLIENT_ID}" --password="${ARM_CLIENT_SECRET}" --tenant "${ARM_TENANT_ID}" --output none @@ -672,7 +672,7 @@ stages: echo "##vso[task.logissue type=error]az login failed." exit $return_code fi - az account set --subscription "${ARM_SUBSCRIPTION_ID}" + az account set --subscription $ARM_SUBSCRIPTION_ID else echo -e "$cyan--- Install using Managed Identity ---$reset" # export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID @@ -747,7 +747,7 @@ stages: export ARM_CLIENT_ID=$CP_ARM_CLIENT_ID export ARM_CLIENT_SECRET=$CP_ARM_CLIENT_SECRET export ARM_TENANT_ID=$CP_ARM_TENANT_ID - export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID + export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID: $(CP_ARM_SUBSCRIPTION_ID) unset ARM_USE_MSI $SAP_AUTOMATION_REPO_PATH/deploy/scripts/deploy_controlplane.sh \ @@ -942,7 +942,7 @@ stages: displayName: Deploy control plane env: SYSTEM_ACCESSTOKEN: $(System.AccessToken) - ARM_SUBSCRIPTION_ID: $(CP_ARM_SUBSCRIPTION_ID) + CP_ARM_SUBSCRIPTION_ID: $(CP_ARM_SUBSCRIPTION_ID) CP_ARM_CLIENT_ID: $(CP_ARM_CLIENT_ID) CP_ARM_CLIENT_SECRET: $(CP_ARM_CLIENT_SECRET) CP_ARM_TENANT_ID: $(CP_ARM_TENANT_ID) diff --git a/deploy/terraform/run/sap_deployer/providers.tf b/deploy/terraform/run/sap_deployer/providers.tf index 8709f410de..62af19dfb1 100644 --- a/deploy/terraform/run/sap_deployer/providers.tf +++ b/deploy/terraform/run/sap_deployer/providers.tf @@ -27,6 +27,7 @@ provider "azurerm" { } partner_id = "f94f50f2-2539-42f8-9c8e-c65b28c681f7" storage_use_azuread = !var.shared_access_key_enabled + subscription_id = local.spn.subscription_id use_msi = var.use_spn ? false : true } From a71bb7eba1a760f591bd21f3b93af8ed883baa68 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 17 Oct 2024 23:07:11 +0300 Subject: [PATCH 088/279] Refactor pipeline script to update echo statement for displaying the key vault information --- deploy/scripts/deploy_controlplane.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/scripts/deploy_controlplane.sh b/deploy/scripts/deploy_controlplane.sh index dd5c0f15db..f801892f77 100755 --- a/deploy/scripts/deploy_controlplane.sh +++ b/deploy/scripts/deploy_controlplane.sh @@ -287,7 +287,7 @@ if [ 0 == $step ]; then fi load_config_vars "${deployer_config_information}" "keyvault" - echo "Key vault:" $keyvault + echo "Key vault: ${keyvault}" if [ -z "$keyvault" ]; then echo "#########################################################################################" From ce6304c321191386263c0b676e83c5ffa14b0eb8 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Fri, 18 Oct 2024 00:48:01 +0300 Subject: [PATCH 089/279] Refactor pipeline script to update echo statements and export variables for installation method, workload ARM_CLIENT_ID, and Terraform state information --- deploy/pipelines/01-deploy-control-plane.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index dc0b46de16..352b13c7dc 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -747,7 +747,7 @@ stages: export ARM_CLIENT_ID=$CP_ARM_CLIENT_ID export ARM_CLIENT_SECRET=$CP_ARM_CLIENT_SECRET export ARM_TENANT_ID=$CP_ARM_TENANT_ID - export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID: $(CP_ARM_SUBSCRIPTION_ID) + export ARM_SUBSCRIPTION_ID=$CP_ARM_SUBSCRIPTION_ID unset ARM_USE_MSI $SAP_AUTOMATION_REPO_PATH/deploy/scripts/deploy_controlplane.sh \ @@ -760,7 +760,7 @@ stages: ${storage_account_parameter} ${keyvault_parameter} else echo -e "$cyan --- Install using Managed Identity ---$reset" - export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID + export ARM_SUBSCRIPTION_ID=$CP_ARM_SUBSCRIPTION_ID export ARM_USE_MSI=true unset ARM_CLIENT_SECRET From a43f162a5462a89a535da072eb6fef8651170c5e Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Fri, 18 Oct 2024 00:57:28 +0300 Subject: [PATCH 090/279] Refactor pipeline script to update usage of Azure CLI command in installer.sh --- deploy/scripts/installer.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/scripts/installer.sh b/deploy/scripts/installer.sh index 25a9acefe6..7c145444ba 100755 --- a/deploy/scripts/installer.sh +++ b/deploy/scripts/installer.sh @@ -265,7 +265,7 @@ else fi -useSAS=$(az storage account show --name "${REMOTE_STATE_SA}" --query allowSharedKeyAccess --subscription "${STATE_SUBSCRIPTION}" --out tsv) +useSAS=$(az storage account show --name "${REMOTE_STATE_SA}" --query allowSharedKeyAccess --subscription ${STATE_SUBSCRIPTION} --out tsv) if [ "$useSAS" = "true" ] ; then echo "Storage Account Authentication: Key" From ff450532a417167d06b1dd8760c026306e7f0134 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Fri, 18 Oct 2024 01:03:48 +0300 Subject: [PATCH 091/279] Refactor pipeline script to update echo statements and export variables for installation method, workload ARM_CLIENT_ID, and Terraform state information --- deploy/pipelines/01-deploy-control-plane.yaml | 20 +++++++------------ 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index 352b13c7dc..d4f50f9c6c 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -560,7 +560,7 @@ stages: exit 2 fi TF_VAR_app_registration_app_id=$(APP_REGISTRATION_APP_ID); - echo 'App Registration App ID' "${TF_VAR_app_registration_app_id}" + echo "App Registration ID: ${TF_VAR_app_registration_app_id}" export TF_VAR_app_registration_app_id TF_VAR_webapp_client_secret=$(WEB_APP_CLIENT_SECRET) export TF_VAR_webapp_client_secret @@ -641,7 +641,7 @@ stages: export ARM_CLIENT_ID=$CP_ARM_CLIENT_ID export ARM_CLIENT_SECRET=$CP_ARM_CLIENT_SECRET export ARM_TENANT_ID=$CP_ARM_TENANT_ID - export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID + export ARM_SUBSCRIPTION_ID=$CP_ARM_SUBSCRIPTION_ID az login --service-principal --username "$ARM_CLIENT_ID" --password="$ARM_CLIENT_SECRET" --tenant "$ARM_TENANT_ID" --output none return_code=$? if [ 0 != $return_code ]; then @@ -679,6 +679,7 @@ stages: export ARM_USE_MSI=true export ARM_USE_AZUREAD=true unset ARM_CLIENT_SECRET + az account set --subscription $ARM_SUBSCRIPTION_ID fi fi @@ -699,9 +700,10 @@ stages: if [ 0 = $bootstrapped ]; then key_vault=$(grep "^keyvault=" "${deployer_environment_file_name}" | awk -F'=' '{print $2}' | xargs) export key_vault - echo "Key Vault: $key_vault" + echo "Deployer Key Vault: ${key_vault}" if [ -n "${key_vault}" ]; then - echo 'Deployer Key Vault' ${key_vault} + echo "Deployer Key Vault: ${key_vault}" + key_vault_id=$(az resource list --name "${key_vault}" --resource-type Microsoft.KeyVault/vaults --query "[].id | [0]" -o tsv) if [ -n "${key_vault_id}" ]; then @@ -718,7 +720,7 @@ stages: echo -e "$green--- Deploy the Control Plane ---$reset" if [ -n "$(POOL)" ]; then - echo 'Deployer Agent Pool' $(POOL) + echo "Deployer Agent Pool: $(POOL)" fi if [ -f "${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder)/state.zip" ]; then @@ -744,11 +746,6 @@ stages: sudo chmod +x $SAP_AUTOMATION_REPO_PATH/deploy/scripts/deploy_controlplane.sh if [ $USE_MSI != "true" ]; then echo -e "$cyan --- Install using Service Principals ---$reset" - export ARM_CLIENT_ID=$CP_ARM_CLIENT_ID - export ARM_CLIENT_SECRET=$CP_ARM_CLIENT_SECRET - export ARM_TENANT_ID=$CP_ARM_TENANT_ID - export ARM_SUBSCRIPTION_ID=$CP_ARM_SUBSCRIPTION_ID - unset ARM_USE_MSI $SAP_AUTOMATION_REPO_PATH/deploy/scripts/deploy_controlplane.sh \ --deployer_parameter_file "${deployer_configfile}" \ @@ -760,9 +757,6 @@ stages: ${storage_account_parameter} ${keyvault_parameter} else echo -e "$cyan --- Install using Managed Identity ---$reset" - export ARM_SUBSCRIPTION_ID=$CP_ARM_SUBSCRIPTION_ID - export ARM_USE_MSI=true - unset ARM_CLIENT_SECRET ${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/deploy_controlplane.sh \ --deployer_parameter_file "${deployer_configfile}" \ From 9ced70b03e47c5b2eab9714202ac7d348ec1e229 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Fri, 18 Oct 2024 01:08:54 +0300 Subject: [PATCH 092/279] Refactor pipeline script to update echo statements and export variables for installation method, workload ARM_CLIENT_ID, and Terraform state information --- deploy/pipelines/01-deploy-control-plane.yaml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index d4f50f9c6c..b08c2f716c 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -747,6 +747,8 @@ stages: if [ $USE_MSI != "true" ]; then echo -e "$cyan --- Install using Service Principals ---$reset" + export TF_VAR_use_spn=true + $SAP_AUTOMATION_REPO_PATH/deploy/scripts/deploy_controlplane.sh \ --deployer_parameter_file "${deployer_configfile}" \ --library_parameter_file "${library_configfile}" \ @@ -757,6 +759,7 @@ stages: ${storage_account_parameter} ${keyvault_parameter} else echo -e "$cyan --- Install using Managed Identity ---$reset" + export TF_VAR_use_spn=false ${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/deploy_controlplane.sh \ --deployer_parameter_file "${deployer_configfile}" \ @@ -785,17 +788,16 @@ stages: if [ -f "${deployer_environment_file_name}" ]; then file_deployer_tfstate_key=$(grep "^deployer_tfstate_key=" "${deployer_environment_file_name}" | awk -F'=' '{print $2}' | xargs) - echo "Deployer State File ${file_deployer_tfstate_key}" + echo "Deployer State: ${file_deployer_tfstate_key}" file_key_vault=$(grep "^keyvault=" "${deployer_environment_file_name}" | awk -F'=' '{print $2}' | xargs) - echo "(File) Deployer Key Vault ${file_key_vault}" + echo "Deployer Keyvault: ${file_key_vault}" file_REMOTE_STATE_SA=$(grep "^REMOTE_STATE_SA=" "${deployer_environment_file_name}" | awk -F'=' '{print $2}' | xargs) - echo "(File) Terraform state file storage account ${file_REMOTE_STATE_SA}" + echo "Terraform account: ${file_REMOTE_STATE_SA}" file_REMOTE_STATE_RG=$(grep "^REMOTE_STATE_RG=" "${deployer_environment_file_name}" | awk -F'=' '{print $2}' | xargs) - - echo "(File) Terraform state file resource group ${file_REMOTE_STATE_RG}" + echo "Terraform rgname: ${file_REMOTE_STATE_SA}" fi echo -e "$green--- Update repo ---$reset" From 2c2b7570812438534d0a5e5c6ae9b0bbeb7b9e1b Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Fri, 18 Oct 2024 01:29:24 +0300 Subject: [PATCH 093/279] Refactor pipeline script to update echo statements and export variables for installation method, workload ARM_CLIENT_ID, and Terraform state information --- deploy/scripts/installer.sh | 2 ++ deploy/terraform/run/sap_deployer/providers.tf | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/deploy/scripts/installer.sh b/deploy/scripts/installer.sh index 7c145444ba..a900a6800f 100755 --- a/deploy/scripts/installer.sh +++ b/deploy/scripts/installer.sh @@ -217,12 +217,14 @@ then load_config_vars "${system_config_information}" "REMOTE_STATE_RG" load_config_vars "${system_config_information}" "tfstate_resource_id" load_config_vars "${system_config_information}" "STATE_SUBSCRIPTION" + load_config_vars "${system_config_information}" "ARM_SUBSCRIPTION_ID" else save_config_vars "${system_config_information}" REMOTE_STATE_SA fi echo "Terraform state subscription: ${STATE_SUBSCRIPTION}" echo "Terraform state account: ${REMOTE_STATE_SA}" +echo "Target subscription: ${ARM_SUBSCRIPTION_ID}" deployer_tfstate_key_parameter='' diff --git a/deploy/terraform/run/sap_deployer/providers.tf b/deploy/terraform/run/sap_deployer/providers.tf index 62af19dfb1..b11d3088b8 100644 --- a/deploy/terraform/run/sap_deployer/providers.tf +++ b/deploy/terraform/run/sap_deployer/providers.tf @@ -27,7 +27,7 @@ provider "azurerm" { } partner_id = "f94f50f2-2539-42f8-9c8e-c65b28c681f7" storage_use_azuread = !var.shared_access_key_enabled - subscription_id = local.spn.subscription_id + use_msi = var.use_spn ? false : true } From 370d80d79b9dbfa32939da5b34e9911a038bba40 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Fri, 18 Oct 2024 01:38:23 +0300 Subject: [PATCH 094/279] Refactor pipeline script to update echo statements and export variables for installation method, workload ARM_CLIENT_ID, and Terraform state information --- deploy/scripts/installer.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/deploy/scripts/installer.sh b/deploy/scripts/installer.sh index a900a6800f..c9919e89a4 100755 --- a/deploy/scripts/installer.sh +++ b/deploy/scripts/installer.sh @@ -50,8 +50,11 @@ do done -echo "Parameter file: $parameterfile" -echo "Current directory: $(pwd)" +echo "Parameter file: $parameterfile" +echo "Current directory: $(pwd)" +echo "Terraform state subscription_id: ${STATE_SUBSCRIPTION}" +echo "Terraform state storage account name: ${REMOTE_STATE_SA}" + tfstate_resource_id="" tfstate_parameter="" From d124b74776c22827417ca2a7b0adbbae71c63baa Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Fri, 18 Oct 2024 01:45:26 +0300 Subject: [PATCH 095/279] Refactor pipeline script to update echo statements and export variables for installation method, workload ARM_CLIENT_ID, and Terraform state information --- deploy/scripts/installer.sh | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/deploy/scripts/installer.sh b/deploy/scripts/installer.sh index c9919e89a4..4763026f9b 100755 --- a/deploy/scripts/installer.sh +++ b/deploy/scripts/installer.sh @@ -156,14 +156,15 @@ automation_config_directory=$CONFIG_REPO_PATH/.sap_deployment_automation/ generic_config_information="${automation_config_directory}"config system_config_information="${automation_config_directory}""${environment}""${region_code}""${network_logical_name}" -echo "Configuration file: $system_config_information" -echo "Deployment region: $region" -echo "Deployment region code: $region_code" +echo "Configuration file: $system_config_information" +echo "Deployment region: $region" +echo "Deployment region code: $region_code" if [ 1 == $called_from_ado ] ; then this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 export TF_VAR_Agent_IP=$this_ip - echo "Agent IP: $this_ip" + echo "Agent IP: $this_ip" + fi @@ -189,7 +190,7 @@ if [[ -n "${TF_PARALLELLISM}" ]]; then parallelism=$TF_PARALLELLISM fi -echo "Parallelism count: $parallelism" +echo "Parallelism count: $parallelism" param_dirname=$(pwd) @@ -206,7 +207,8 @@ fi if [ "${deployment_system}" == sap_deployer ] then deployer_tfstate_key=${key}.terraform.tfstate - STATE_SUBSCRIPTION=$ARM_SUBSCRIPTION_ID + ARM_SUBSCRIPTION_ID=$STATE_SUBSCRIPTION + export ARM_SUBSCRIPTION_ID fi if [[ -z $STATE_SUBSCRIPTION ]]; then @@ -225,9 +227,9 @@ else save_config_vars "${system_config_information}" REMOTE_STATE_SA fi -echo "Terraform state subscription: ${STATE_SUBSCRIPTION}" -echo "Terraform state account: ${REMOTE_STATE_SA}" -echo "Target subscription: ${ARM_SUBSCRIPTION_ID}" +echo "Terraform state subscription: ${STATE_SUBSCRIPTION}" +echo "Terraform state account: ${REMOTE_STATE_SA}" +echo "Target subscription: ${ARM_SUBSCRIPTION_ID}" deployer_tfstate_key_parameter='' From 0b79ccd25a08e7f3743af74f3e7583742cbb05e3 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Fri, 18 Oct 2024 01:52:11 +0300 Subject: [PATCH 096/279] Refactor pipeline script to update echo statements and export variables for installation method, workload ARM_CLIENT_ID, and Terraform state information --- deploy/scripts/installer.sh | 65 +++++++++++++++++++------------------ 1 file changed, 33 insertions(+), 32 deletions(-) diff --git a/deploy/scripts/installer.sh b/deploy/scripts/installer.sh index 4763026f9b..eb0782502d 100755 --- a/deploy/scripts/installer.sh +++ b/deploy/scripts/installer.sh @@ -190,7 +190,7 @@ if [[ -n "${TF_PARALLELLISM}" ]]; then parallelism=$TF_PARALLELLISM fi -echo "Parallelism count: $parallelism" +echo "Parallelism count: $parallelism" param_dirname=$(pwd) @@ -215,6 +215,35 @@ then STATE_SUBSCRIPTION=$ARM_SUBSCRIPTION_ID fi + +if [[ -n $STATE_SUBSCRIPTION ]]; +then + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $cyan Changing the subscription to: $STATE_SUBSCRIPTION $resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" + az account set --sub "${STATE_SUBSCRIPTION}" + + return_code=$? + if [ 0 != $return_code ]; then + + echo "#########################################################################################" + echo "# #" + echo -e "# $boldred The deployment account (MSI or SPN) does not have access to $resetformatting #" + echo -e "# $boldred ${STATE_SUBSCRIPTION} $resetformatting #" + echo "# #" + echo "#########################################################################################" + + echo "##vso[task.logissue type=error]The deployment account (MSI or SPN) does not have access to ${STATE_SUBSCRIPTION}" + exit $return_code + fi + + account_set=1 +fi + if [[ -z $REMOTE_STATE_SA ]]; then echo "Loading the State file information" @@ -227,9 +256,9 @@ else save_config_vars "${system_config_information}" REMOTE_STATE_SA fi -echo "Terraform state subscription: ${STATE_SUBSCRIPTION}" -echo "Terraform state account: ${REMOTE_STATE_SA}" -echo "Target subscription: ${ARM_SUBSCRIPTION_ID}" +echo "Terraform state subscription: ${STATE_SUBSCRIPTION}" +echo "Terraform state account: ${REMOTE_STATE_SA}" +echo "Target subscription: ${ARM_SUBSCRIPTION_ID}" deployer_tfstate_key_parameter='' @@ -361,34 +390,6 @@ if [[ -n ${subscription} ]]; then export ARM_SUBSCRIPTION_ID="${subscription}" fi -if [[ -n $STATE_SUBSCRIPTION ]]; -then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $cyan Changing the subscription to: $STATE_SUBSCRIPTION $resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" - az account set --sub "${STATE_SUBSCRIPTION}" - - return_code=$? - if [ 0 != $return_code ]; then - - echo "#########################################################################################" - echo "# #" - echo -e "# $boldred The deployment account (MSI or SPN) does not have access to $resetformatting #" - echo -e "# $boldred ${STATE_SUBSCRIPTION} $resetformatting #" - echo "# #" - echo "#########################################################################################" - - echo "##vso[task.logissue type=error]The deployment account (MSI or SPN) does not have access to ${STATE_SUBSCRIPTION}" - exit $return_code - fi - - account_set=1 -fi - load_config_vars "${system_config_information}" "STATE_SUBSCRIPTION" load_config_vars "${system_config_information}" "REMOTE_STATE_RG" load_config_vars "${system_config_information}" "tfstate_resource_id" From ccdf33b724f8641d76a63d4fbee6c2451561551f Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Fri, 18 Oct 2024 01:56:43 +0300 Subject: [PATCH 097/279] Refactor pipeline script to update echo statements and export variables for installation method, workload ARM_CLIENT_ID, and Terraform state information --- deploy/terraform/run/sap_deployer/variables_local.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/deploy/terraform/run/sap_deployer/variables_local.tf b/deploy/terraform/run/sap_deployer/variables_local.tf index 6dbb79d863..879de6874d 100644 --- a/deploy/terraform/run/sap_deployer/variables_local.tf +++ b/deploy/terraform/run/sap_deployer/variables_local.tf @@ -36,10 +36,10 @@ locals { ) spn = { - subscription_id = length(var.deployer_kv_user_arm_id) > 0 && var.use_spn ? data.azurerm_key_vault_secret.subscription_id[0].value : null, - client_id = length(var.deployer_kv_user_arm_id) > 0 && var.use_spn ? data.azurerm_key_vault_secret.client_id[0].value : null, - client_secret = length(var.deployer_kv_user_arm_id) > 0 && var.use_spn ? data.azurerm_key_vault_secret.client_secret[0].value : null, - tenant_id = length(var.deployer_kv_user_arm_id) > 0 && var.use_spn ? data.azurerm_key_vault_secret.tenant_id[0].value : null + subscription_id = data.azurerm_key_vault_secret.subscription_id[0].value + client_id = var.use_spn ? data.azurerm_key_vault_secret.client_id[0].value : null, + client_secret = var.use_spn ? data.azurerm_key_vault_secret.client_secret[0].value : null, + tenant_id = var.use_spn ? data.azurerm_key_vault_secret.tenant_id[0].value : null } } From e7698bfcaaa7311faf6e5a69d95b2881ccc0c1e0 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Fri, 18 Oct 2024 02:09:25 +0300 Subject: [PATCH 098/279] Refactor provider configuration to use Azure Key Vault for subscription ID retrieval --- deploy/terraform/run/sap_deployer/providers.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/terraform/run/sap_deployer/providers.tf b/deploy/terraform/run/sap_deployer/providers.tf index b11d3088b8..46bad00e85 100644 --- a/deploy/terraform/run/sap_deployer/providers.tf +++ b/deploy/terraform/run/sap_deployer/providers.tf @@ -27,7 +27,7 @@ provider "azurerm" { } partner_id = "f94f50f2-2539-42f8-9c8e-c65b28c681f7" storage_use_azuread = !var.shared_access_key_enabled - + subscription_id = data.azurerm_key_vault_secret.subscription_id[0].value use_msi = var.use_spn ? false : true } @@ -45,7 +45,7 @@ provider "azurerm" { } partner_id = "f94f50f2-2539-42f8-9c8e-c65b28c681f7" - subscription_id = local.spn.subscription_id + subscription_id = data.azurerm_key_vault_secret.subscription_id[0].value client_id = var.use_spn ? local.spn.client_id : null client_secret = var.use_spn ? local.spn.client_secret: null tenant_id = var.use_spn ? local.spn.tenant_id: null From 2dfed5635e60cd78d87477e09676a60313d6517a Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Fri, 18 Oct 2024 02:21:08 +0300 Subject: [PATCH 099/279] Fixes #1: Added a new line to the installer script --- deploy/scripts/installer.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy/scripts/installer.sh b/deploy/scripts/installer.sh index eb0782502d..7d601fd29f 100755 --- a/deploy/scripts/installer.sh +++ b/deploy/scripts/installer.sh @@ -266,8 +266,8 @@ if [[ -z $deployer_tfstate_key ]]; then load_config_vars "${system_config_information}" "deployer_tfstate_key" else - echo "Deployer state file name: ${deployer_tfstate_key}" - save_config_vars "${system_config_information}" deployer_tfstate_key + echo "Deployer state file name: ${deployer_tfstate_key}" + echo "Target subscription: ${ARM_SUBSCRIPTION_ID}" fi if [ "${deployment_system}" != sap_deployer ] @@ -297,7 +297,7 @@ else load_config_vars "${system_config_information}" "keyvault" export TF_VAR_deployer_kv_user_arm_id=$(az resource list --name "${keyvault}" --subscription ${STATE_SUBSCRIPTION} --resource-type Microsoft.KeyVault/vaults --query "[].id | [0]" -o tsv) - echo "Deployer Keyvault ID: $TF_VAR_deployer_kv_user_arm_id" + echo "Deployer Keyvault ID: $TF_VAR_deployer_kv_user_arm_id" fi From cfa253e7714bf08ea1d71617afa211d7373e021e Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Fri, 18 Oct 2024 02:27:39 +0300 Subject: [PATCH 100/279] Refactor pipeline script to fix unzip command in deploy control plane stage --- deploy/pipelines/01-deploy-control-plane.yaml | 2 +- deploy/terraform/run/sap_deployer/providers.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index b08c2f716c..a1b3ef203c 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -736,7 +736,7 @@ stages: pass=$(echo $(System.CollectionId) | sed 's/-//g') echo "Unzipping the deployer state file" - unzip -o -P "${pass}" "${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/state.zip2" -d "${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)" + unzip -o -P "${pass}" "${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/state.zip" -d "${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)" fi # ls -lart "${CONFIG_REPO_PATH}"/DEPLOYER/$(deployerfolder) diff --git a/deploy/terraform/run/sap_deployer/providers.tf b/deploy/terraform/run/sap_deployer/providers.tf index 46bad00e85..fc4e4c90dc 100644 --- a/deploy/terraform/run/sap_deployer/providers.tf +++ b/deploy/terraform/run/sap_deployer/providers.tf @@ -27,7 +27,7 @@ provider "azurerm" { } partner_id = "f94f50f2-2539-42f8-9c8e-c65b28c681f7" storage_use_azuread = !var.shared_access_key_enabled - subscription_id = data.azurerm_key_vault_secret.subscription_id[0].value + use_msi = var.use_spn ? false : true } From 45e58489c1e6996a1681f3874bd98466fd3391c8 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Fri, 18 Oct 2024 15:33:15 +0300 Subject: [PATCH 101/279] Refactor pipeline script to update echo statements and export variables for installation method, workload ARM_CLIENT_ID, and Terraform state information --- deploy/scripts/helpers/script_helpers.sh | 1 + deploy/scripts/set_secrets.sh | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/deploy/scripts/helpers/script_helpers.sh b/deploy/scripts/helpers/script_helpers.sh index cde85d6a56..0ab45d04b1 100755 --- a/deploy/scripts/helpers/script_helpers.sh +++ b/deploy/scripts/helpers/script_helpers.sh @@ -387,6 +387,7 @@ function missing { function validate_dependencies { + tfPath="/opt/terraform/bin/terraform" if [ -f /opt/terraform/bin/terraform ]; then tfPath="/opt/terraform/bin/terraform" diff --git a/deploy/scripts/set_secrets.sh b/deploy/scripts/set_secrets.sh index db90998a81..dcff8f21ba 100755 --- a/deploy/scripts/set_secrets.sh +++ b/deploy/scripts/set_secrets.sh @@ -294,8 +294,8 @@ echo "# echo "#########################################################################################" echo "" -echo "Keyvault: ${keyvault}" -echo "Subscription: ${STATE_SUBSCRIPTION}" +echo "Key vault: ${keyvault}" +echo "Subscription: ${STATE_SUBSCRIPTION}" save_config_vars "${environment_config_information}" \ keyvault \ From 652a153e843db6a069d479492f9a5a88a77af5f0 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Fri, 18 Oct 2024 18:08:18 +0300 Subject: [PATCH 102/279] Refactor deploy_controlplane.sh script to save deployer_tfstate_key in config information --- deploy/scripts/deploy_controlplane.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/deploy/scripts/deploy_controlplane.sh b/deploy/scripts/deploy_controlplane.sh index f801892f77..839e197dad 100755 --- a/deploy/scripts/deploy_controlplane.sh +++ b/deploy/scripts/deploy_controlplane.sh @@ -81,6 +81,8 @@ done echo "ADO flag ${ado_flag}" +deployer_tfstate_key=$(echo "${deployer_file_parametername}" | cut -d. -f1).terraform.tfstate + this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 root_dirname=$(pwd) @@ -136,6 +138,9 @@ fi init "${automation_config_directory}" "${generic_config_information}" "${deployer_config_information}" +save_config_var "deployer_tfstate_key" "${deployer_config_information}" + + # Check that the exports ARM_SUBSCRIPTION_ID and SAP_AUTOMATION_REPO_PATH are defined validate_exports return_code=$? From fb8879e8087979d7a40574ec9fe3080d38a81be9 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Fri, 18 Oct 2024 18:34:54 +0300 Subject: [PATCH 103/279] remove the deployer provider --- deploy/terraform/run/sap_library/imports.tf | 4 ---- 1 file changed, 4 deletions(-) diff --git a/deploy/terraform/run/sap_library/imports.tf b/deploy/terraform/run/sap_library/imports.tf index 2c67219195..ac54316d02 100644 --- a/deploy/terraform/run/sap_library/imports.tf +++ b/deploy/terraform/run/sap_library/imports.tf @@ -18,28 +18,24 @@ data "terraform_remote_state" "deployer" { } data "azurerm_key_vault_secret" "subscription_id" { - provider = azurerm.deployer count = local.use_spn ? 1 : 0 name = format("%s-subscription-id", upper(local.infrastructure.environment)) key_vault_id = local.spn_key_vault_arm_id } data "azurerm_key_vault_secret" "client_id" { - provider = azurerm.deployer count = local.use_spn ? 1 : 0 name = format("%s-client-id", upper(local.infrastructure.environment)) key_vault_id = local.spn_key_vault_arm_id } data "azurerm_key_vault_secret" "client_secret" { - provider = azurerm.deployer count = local.use_spn ? 1 : 0 name = format("%s-client-secret", upper(local.infrastructure.environment)) key_vault_id = local.spn_key_vault_arm_id } data "azurerm_key_vault_secret" "tenant_id" { - provider = azurerm.deployer count = local.use_spn ? 1 : 0 name = format("%s-tenant-id", upper(local.infrastructure.environment)) key_vault_id = local.spn_key_vault_arm_id From 3d906b4f935ac14fd9fbaa9617855078fd8c6b25 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Fri, 18 Oct 2024 18:53:08 +0300 Subject: [PATCH 104/279] Refactor deploy_controlplane.sh script to use the azurerm.deployer provider for retrieving key vault secrets --- deploy/terraform/run/sap_library/imports.tf | 4 ++++ deploy/terraform/run/sap_library/providers.tf | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/deploy/terraform/run/sap_library/imports.tf b/deploy/terraform/run/sap_library/imports.tf index ac54316d02..2c67219195 100644 --- a/deploy/terraform/run/sap_library/imports.tf +++ b/deploy/terraform/run/sap_library/imports.tf @@ -18,24 +18,28 @@ data "terraform_remote_state" "deployer" { } data "azurerm_key_vault_secret" "subscription_id" { + provider = azurerm.deployer count = local.use_spn ? 1 : 0 name = format("%s-subscription-id", upper(local.infrastructure.environment)) key_vault_id = local.spn_key_vault_arm_id } data "azurerm_key_vault_secret" "client_id" { + provider = azurerm.deployer count = local.use_spn ? 1 : 0 name = format("%s-client-id", upper(local.infrastructure.environment)) key_vault_id = local.spn_key_vault_arm_id } data "azurerm_key_vault_secret" "client_secret" { + provider = azurerm.deployer count = local.use_spn ? 1 : 0 name = format("%s-client-secret", upper(local.infrastructure.environment)) key_vault_id = local.spn_key_vault_arm_id } data "azurerm_key_vault_secret" "tenant_id" { + provider = azurerm.deployer count = local.use_spn ? 1 : 0 name = format("%s-tenant-id", upper(local.infrastructure.environment)) key_vault_id = local.spn_key_vault_arm_id diff --git a/deploy/terraform/run/sap_library/providers.tf b/deploy/terraform/run/sap_library/providers.tf index 9f37ab1aca..b122fb4571 100644 --- a/deploy/terraform/run/sap_library/providers.tf +++ b/deploy/terraform/run/sap_library/providers.tf @@ -49,7 +49,8 @@ provider "azurerm" { } alias = "deployer" storage_use_azuread = !var.shared_access_key_enabled - use_msi = var.use_spn ? false : true + use_msi = true + subscription_id = data.azurerm_key_vault_secret.subscription_id[0].value } From 9d5528278969473bd057b93083ced360c362fd9c Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Fri, 18 Oct 2024 19:05:35 +0300 Subject: [PATCH 105/279] Refactor tfvar_variables.tf to add "tags" variable for providing tags to all resources --- .../bootstrap/sap_deployer/tfvar_variables.tf | 8 +- .../bootstrap/sap_library/tfvar_variables.tf | 5 + .../bootstrap/sap_library/transform.tf | 122 +++++------------- .../run/sap_library/tfvar_variables.tf | 5 + deploy/terraform/run/sap_library/transform.tf | 119 +++++------------ 5 files changed, 77 insertions(+), 182 deletions(-) diff --git a/deploy/terraform/bootstrap/sap_deployer/tfvar_variables.tf b/deploy/terraform/bootstrap/sap_deployer/tfvar_variables.tf index a0bf25a64e..8c22bc8e00 100644 --- a/deploy/terraform/bootstrap/sap_deployer/tfvar_variables.tf +++ b/deploy/terraform/bootstrap/sap_deployer/tfvar_variables.tf @@ -401,10 +401,10 @@ variable "subnets_to_add_to_firewall_for_keyvaults_and_storage" { default = [] } -variable "tags" { - description = "If provided, tags for all resources" - default = {} - } +variable "tags" { + description = "If provided, tags for all resources" + default = {} + } ######################################################################################### # # # DNS settings # diff --git a/deploy/terraform/bootstrap/sap_library/tfvar_variables.tf b/deploy/terraform/bootstrap/sap_library/tfvar_variables.tf index 2e9efbf7fa..e74f9a63fd 100644 --- a/deploy/terraform/bootstrap/sap_library/tfvar_variables.tf +++ b/deploy/terraform/bootstrap/sap_library/tfvar_variables.tf @@ -42,6 +42,11 @@ variable "use_spn" { default = false } +variable "tags" { + description = "If provided, tags for all resources" + default = {} + } + #######################################4#######################################8 # # # Resource group definitioms # diff --git a/deploy/terraform/bootstrap/sap_library/transform.tf b/deploy/terraform/bootstrap/sap_library/transform.tf index 0f3c93c59a..d55571cd3b 100644 --- a/deploy/terraform/bootstrap/sap_library/transform.tf +++ b/deploy/terraform/bootstrap/sap_library/transform.tf @@ -1,123 +1,67 @@ locals { infrastructure = { - environment = coalesce(var.environment, try(var.infrastructure.environment, "")) - region = coalesce(var.location, try(var.infrastructure.region, "")) - codename = try(var.codename, try(var.infrastructure.codename, "")) + environment = var.environment + region = var.location + codename = var.codename resource_group = { - name = try(coalesce(var.resourcegroup_name, try(var.infrastructure.resource_group.name, "")), "") - arm_id = try(coalesce(var.resourcegroup_arm_id, try(var.infrastructure.resource_group.arm_id, "")), "") + name = var.resourcegroup_name + arm_id = var.resourcegroup_arm_id } - tags = try(coalesce(var.resourcegroup_tags, try(var.infrastructure.tags, {})), {}) + tags = try(coalesce(var.resourcegroup_tags, var.tags, {}), {}) } deployer = { use = var.use_deployer } key_vault = { - kv_spn_id = try(coalesce(local.spn_key_vault_arm_id, var.spn_keyvault_id, try(var.key_vault.kv_spn_id, "")), "") + kv_spn_id = coalesce(local.spn_key_vault_arm_id, var.spn_keyvault_id) } storage_account_sapbits = { - arm_id = try(coalesce(var.library_sapmedia_arm_id, try(var.storage_account_sapbits.arm_id, "")), "") - name = var.library_sapmedia_name - account_tier = coalesce( - var.library_sapmedia_account_tier, - try(var.storage_account_sapbits.account_tier, "Standard") - ) - account_replication_type = coalesce( - var.library_sapmedia_account_replication_type, - try(var.storage_account_sapbits.account_replication_type, "ZRS") - ) - account_kind = coalesce( - var.library_sapmedia_account_kind, - try(var.storage_account_sapbits.account_kind, "StorageV2") - ) + arm_id = var.library_sapmedia_arm_id + name = var.library_sapmedia_name + account_tier = var.library_sapmedia_account_tier + account_replication_type = var.library_sapmedia_account_replication_type + account_kind = var.library_sapmedia_account_kind file_share = { - enable_deployment = ( - var.library_sapmedia_file_share_enable_deployment || - try(var.storage_account_sapbits.file_share.enable_deployment, true) - ) - is_existing = ( - var.library_sapmedia_file_share_is_existing || - try(var.storage_account_sapbits.file_share.is_existing, false) - ) - name = coalesce( - var.library_sapmedia_file_share_name, - try( - var.storage_account_sapbits.file_share.name, - module.sap_namegenerator.naming.resource_suffixes.sapbits - ) - ) + enable_deployment = var.library_sapmedia_file_share_enable_deployment + is_existing = var.library_sapmedia_file_share_is_existing + name = coalesce(var.library_sapmedia_file_share_name,module.sap_namegenerator.naming.resource_suffixes.sapbits) } sapbits_blob_container = { - enable_deployment = ( - var.library_sapmedia_blob_container_enable_deployment || - try(var.storage_account_sapbits.sapbits_blob_container.enable_deployment, true) - ) - is_existing = ( - var.library_sapmedia_blob_container_is_existing || - try(var.storage_account_sapbits.sapbits_blob_container.is_existing, false) - ) - name = coalesce( - var.library_sapmedia_blob_container_name, - try( - var.storage_account_sapbits.sapbits_blob_container.name, - module.sap_namegenerator.naming.resource_suffixes.sapbits - ) - ) + enable_deployment = var.library_sapmedia_blob_container_enable_deployment + is_existing = var.library_sapmedia_blob_container_is_existing + name = coalesce(var.library_sapmedia_blob_container_name, module.sap_namegenerator.naming.resource_suffixes.sapbits) } shared_access_key_enabled = var.shared_access_key_enabled public_network_access_enabled = var.public_network_access_enabled } + storage_account_tfstate = { - arm_id = try( - coalesce( - var.library_terraform_state_arm_id, - try(var.storage_account_tfstate.arm_id, "")) - , "" - ) - name = var.library_terraform_state_name - account_tier = coalesce( - var.library_terraform_state_account_tier, - try(var.storage_account_tfstate.account_tier, "Standard") - ) - account_replication_type = coalesce( - var.library_terraform_state_account_replication_type, - try(var.storage_account_tfstate.account_replication_type, "ZRS") - ) - account_kind = coalesce( - var.library_terraform_state_account_kind, - try(var.storage_account_tfstate.account_kind, "StorageV2") - ) + arm_id = var.library_terraform_state_arm_id + name = var.library_terraform_state_name + account_tier = var.library_terraform_state_account_tier + account_replication_type = var.library_terraform_state_account_replication_type + account_kind = var.library_terraform_state_account_kind tfstate_blob_container = { - is_existing = ( - var.library_terraform_state_blob_container_is_existing || - try(var.storage_account_tfstate.tfstate_blob_container.is_existing, false) - ) - name = coalesce( - var.library_terraform_state_blob_container_name, - try(var.storage_account_tfstate.tfstate_blob_container.name, "tfstate") - ) + is_existing = var.library_terraform_state_blob_container_is_existing + name = var.library_terraform_state_blob_container_name } tfvars_blob_container = { - is_existing = var.library_terraform_vars_blob_container_is_existing - name = var.library_terraform_vars_blob_container_name + is_existing = var.library_terraform_vars_blob_container_is_existing + name = var.library_terraform_vars_blob_container_name } ansible_blob_container = { - is_existing = ( - var.library_ansible_blob_container_is_existing || - try(var.storage_account_tfstate.ansible_blob_container.is_existing, false) - ) - name = coalesce( - var.library_ansible_blob_container_name, - try(var.storage_account_tfstate.ansible_blob_container.name, "ansible") - ) + is_existing = var.library_ansible_blob_container_is_existing + name = var.library_ansible_blob_container_name } - shared_access_key_enabled = var.shared_access_key_enabled + + shared_access_key_enabled = var.shared_access_key_enabled public_network_access_enabled = var.public_network_access_enabled } + dns_settings = { use_custom_dns_a_registration = var.use_custom_dns_a_registration dns_label = var.dns_label diff --git a/deploy/terraform/run/sap_library/tfvar_variables.tf b/deploy/terraform/run/sap_library/tfvar_variables.tf index 8627d877de..e0a4878a6a 100644 --- a/deploy/terraform/run/sap_library/tfvar_variables.tf +++ b/deploy/terraform/run/sap_library/tfvar_variables.tf @@ -328,3 +328,8 @@ variable "dns_label" { description = "DNS label" default = "" } + +variable "tags" { + description = "If provided, tags for all resources" + default = {} + } diff --git a/deploy/terraform/run/sap_library/transform.tf b/deploy/terraform/run/sap_library/transform.tf index ede51c324b..1d3afd89b3 100644 --- a/deploy/terraform/run/sap_library/transform.tf +++ b/deploy/terraform/run/sap_library/transform.tf @@ -1,122 +1,63 @@ locals { infrastructure = { - environment = coalesce(var.environment, try(var.infrastructure.environment, "")) - region = coalesce(var.location, try(var.infrastructure.region, "")) - codename = try(var.codename, try(var.infrastructure.codename, "")) + environment = var.environment + region = var.location + codename = var.codename resource_group = { - name = try(coalesce(var.resourcegroup_name, try(var.infrastructure.resource_group.name, "")), "") - arm_id = try(coalesce(var.resourcegroup_arm_id, try(var.infrastructure.resource_group.arm_id, "")), "") + name = var.resourcegroup_name + arm_id = var.resourcegroup_arm_id } - tags = try(coalesce(var.resourcegroup_tags, try(var.infrastructure.tags, {})), {}) + tags = try(coalesce(var.resourcegroup_tags, var.tags, {}), {}) } deployer = { use = var.use_deployer } key_vault = { - kv_spn_id = try(coalesce(local.spn_key_vault_arm_id, var.spn_keyvault_id, try(var.key_vault.kv_spn_id, "")), "") + kv_spn_id = coalesce(local.spn_key_vault_arm_id, var.spn_keyvault_id) } storage_account_sapbits = { - arm_id = try(coalesce(var.library_sapmedia_arm_id, try(var.storage_account_sapbits.arm_id, "")), "") - name = var.library_sapmedia_name - account_tier = coalesce( - var.library_sapmedia_account_tier, - try(var.storage_account_sapbits.account_tier, "Standard") - ) - account_replication_type = coalesce( - var.library_sapmedia_account_replication_type, - try(var.storage_account_sapbits.account_replication_type, "ZRS") - ) - account_kind = coalesce( - var.library_sapmedia_account_kind, - try(var.storage_account_sapbits.account_kind, "StorageV2") - ) + arm_id = var.library_sapmedia_arm_id + name = var.library_sapmedia_name + account_tier = var.library_sapmedia_account_tier + account_replication_type = var.library_sapmedia_account_replication_type + account_kind = var.library_sapmedia_account_kind file_share = { - enable_deployment = ( - var.library_sapmedia_file_share_enable_deployment || - try(var.storage_account_sapbits.file_share.enable_deployment, true) - ) - is_existing = ( - var.library_sapmedia_file_share_is_existing || - try(var.storage_account_sapbits.file_share.is_existing, false) - ) - name = coalesce( - var.library_sapmedia_file_share_name, - try( - var.storage_account_sapbits.file_share.name, - module.sap_namegenerator.naming.resource_suffixes.sapbits - ) - ) + enable_deployment = var.library_sapmedia_file_share_enable_deployment + is_existing = var.library_sapmedia_file_share_is_existing + name = coalesce(var.library_sapmedia_file_share_name,module.sap_namegenerator.naming.resource_suffixes.sapbits) } sapbits_blob_container = { - enable_deployment = ( - var.library_sapmedia_blob_container_enable_deployment || - try(var.storage_account_sapbits.sapbits_blob_container.enable_deployment, true) - ) - is_existing = ( - var.library_sapmedia_blob_container_is_existing || - try(var.storage_account_sapbits.sapbits_blob_container.is_existing, false) - ) - name = coalesce( - var.library_sapmedia_blob_container_name, - try( - var.storage_account_sapbits.sapbits_blob_container.name, - module.sap_namegenerator.naming.resource_suffixes.sapbits - ) - ) + enable_deployment = var.library_sapmedia_blob_container_enable_deployment + is_existing = var.library_sapmedia_blob_container_is_existing + name = coalesce(var.library_sapmedia_blob_container_name, module.sap_namegenerator.naming.resource_suffixes.sapbits) } shared_access_key_enabled = var.shared_access_key_enabled public_network_access_enabled = var.public_network_access_enabled } storage_account_tfstate = { - arm_id = try( - coalesce( - var.library_terraform_state_arm_id, - try(var.storage_account_tfstate.arm_id, "")) - , "" - ) - name = var.library_terraform_state_name - account_tier = coalesce( - var.library_terraform_state_account_tier, - try(var.storage_account_tfstate.account_tier, "Standard") - ) - account_replication_type = coalesce( - var.library_terraform_state_account_replication_type, - try(var.storage_account_tfstate.account_replication_type, "ZRS") - ) - account_kind = coalesce( - var.library_terraform_state_account_kind, - try(var.storage_account_tfstate.account_kind, "StorageV2") - ) + arm_id = var.library_terraform_state_arm_id + name = var.library_terraform_state_name + account_tier = var.library_terraform_state_account_tier + account_replication_type = var.library_terraform_state_account_replication_type + account_kind = var.library_terraform_state_account_kind tfstate_blob_container = { - is_existing = ( - var.library_terraform_state_blob_container_is_existing || - try(var.storage_account_tfstate.tfstate_blob_container.is_existing, false) - ) - name = coalesce( - var.library_terraform_state_blob_container_name, - try(var.storage_account_tfstate.tfstate_blob_container.name, "tfstate") - ) + is_existing = var.library_terraform_state_blob_container_is_existing + name = var.library_terraform_state_blob_container_name } tfvars_blob_container = { - is_existing = var.library_terraform_vars_blob_container_is_existing - name = var.library_terraform_vars_blob_container_name + is_existing = var.library_terraform_vars_blob_container_is_existing + name = var.library_terraform_vars_blob_container_name } ansible_blob_container = { - is_existing = ( - var.library_ansible_blob_container_is_existing || - try(var.storage_account_tfstate.ansible_blob_container.is_existing, false) - ) - name = coalesce( - var.library_ansible_blob_container_name, - try(var.storage_account_tfstate.ansible_blob_container.name, "ansible") - ) + is_existing = var.library_ansible_blob_container_is_existing + name = var.library_ansible_blob_container_name } - shared_access_key_enabled = var.shared_access_key_enabled + shared_access_key_enabled = var.shared_access_key_enabled public_network_access_enabled = var.public_network_access_enabled } From 97bca286b080a62832af3bf9d05b4d1c526448c1 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Fri, 18 Oct 2024 20:40:49 +0300 Subject: [PATCH 106/279] Refactor providers.tf to use local variable for subscription_id in deployer provider --- deploy/terraform/run/sap_library/providers.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/terraform/run/sap_library/providers.tf b/deploy/terraform/run/sap_library/providers.tf index b122fb4571..47dbf7c4a2 100644 --- a/deploy/terraform/run/sap_library/providers.tf +++ b/deploy/terraform/run/sap_library/providers.tf @@ -50,7 +50,7 @@ provider "azurerm" { alias = "deployer" storage_use_azuread = !var.shared_access_key_enabled use_msi = true - subscription_id = data.azurerm_key_vault_secret.subscription_id[0].value + subscription_id = local.spn.subscription_id } From c0bb1b1114369eb979584bb82c0b09bcd6e3fd5c Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Fri, 18 Oct 2024 21:08:59 +0300 Subject: [PATCH 107/279] Refactor providers.tf to remove subscription_id from deployer provider --- deploy/terraform/run/sap_library/providers.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/deploy/terraform/run/sap_library/providers.tf b/deploy/terraform/run/sap_library/providers.tf index 47dbf7c4a2..ffce934586 100644 --- a/deploy/terraform/run/sap_library/providers.tf +++ b/deploy/terraform/run/sap_library/providers.tf @@ -50,7 +50,6 @@ provider "azurerm" { alias = "deployer" storage_use_azuread = !var.shared_access_key_enabled use_msi = true - subscription_id = local.spn.subscription_id } From 5ed9669ac7741ffbadaf97d053d92c787f83558f Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Fri, 18 Oct 2024 21:29:59 +0300 Subject: [PATCH 108/279] Refactor deploy_controlplane.sh script to use local variables for deployer and library state file keys --- deploy/scripts/deploy_controlplane.sh | 12 ++++++++++-- deploy/terraform/bootstrap/sap_library/imports.tf | 8 ++++---- deploy/terraform/bootstrap/sap_library/transform.tf | 2 +- deploy/terraform/run/sap_library/imports.tf | 8 ++++---- deploy/terraform/run/sap_library/transform.tf | 2 +- deploy/terraform/run/sap_library/variables_local.tf | 2 +- 6 files changed, 21 insertions(+), 13 deletions(-) diff --git a/deploy/scripts/deploy_controlplane.sh b/deploy/scripts/deploy_controlplane.sh index 839e197dad..1b18817a74 100755 --- a/deploy/scripts/deploy_controlplane.sh +++ b/deploy/scripts/deploy_controlplane.sh @@ -79,9 +79,17 @@ do esac done -echo "ADO flag ${ado_flag}" +echo "ADO flag: ${ado_flag}" -deployer_tfstate_key=$(echo "${deployer_file_parametername}" | cut -d. -f1).terraform.tfstate +key=$(echo "${deployer_file_parametername}" | cut -d. -f1) +deployer_tfstate_key="${key}.terraform.tfstate" + +echo "Deployer State File: ${deployer_tfstate_key}" + +key=$(echo "${library_parameter_file}" | cut -d. -f1) +library_tfstate_key="${key}.terraform.tfstate" + +echo "Library State File: ${library_tfstate_key}" this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 root_dirname=$(pwd) diff --git a/deploy/terraform/bootstrap/sap_library/imports.tf b/deploy/terraform/bootstrap/sap_library/imports.tf index 02cb5d22ba..d846e9b9fd 100644 --- a/deploy/terraform/bootstrap/sap_library/imports.tf +++ b/deploy/terraform/bootstrap/sap_library/imports.tf @@ -18,28 +18,28 @@ data "azurerm_key_vault_secret" "subscription_id" { provider = azurerm.deployer count = local.use_spn ? 1 : 0 name = format("%s-subscription-id", upper(local.infrastructure.environment)) - key_vault_id = local.spn_key_vault_arm_id + key_vault_id = locals.key_vault.kv_spn_id } data "azurerm_key_vault_secret" "client_id" { provider = azurerm.deployer count = local.use_spn ? 1 : 0 name = format("%s-client-id", upper(local.infrastructure.environment)) - key_vault_id = local.spn_key_vault_arm_id + key_vault_id = locals.key_vault.kv_spn_id } data "azurerm_key_vault_secret" "client_secret" { provider = azurerm.deployer count = local.use_spn ? 1 : 0 name = format("%s-client-secret", upper(local.infrastructure.environment)) - key_vault_id = local.spn_key_vault_arm_id + key_vault_id = locals.key_vault.kv_spn_id } data "azurerm_key_vault_secret" "tenant_id" { provider = azurerm.deployer count = local.use_spn ? 1 : 0 name = format("%s-tenant-id", upper(local.infrastructure.environment)) - key_vault_id = local.spn_key_vault_arm_id + key_vault_id = locals.key_vault.kv_spn_id } // Import current service principal diff --git a/deploy/terraform/bootstrap/sap_library/transform.tf b/deploy/terraform/bootstrap/sap_library/transform.tf index d55571cd3b..7cbfc2be08 100644 --- a/deploy/terraform/bootstrap/sap_library/transform.tf +++ b/deploy/terraform/bootstrap/sap_library/transform.tf @@ -14,7 +14,7 @@ locals { use = var.use_deployer } key_vault = { - kv_spn_id = coalesce(local.spn_key_vault_arm_id, var.spn_keyvault_id) + kv_spn_id = coalesce(var.spn_keyvault_id, local.spn_key_vault_arm_id) } storage_account_sapbits = { arm_id = var.library_sapmedia_arm_id diff --git a/deploy/terraform/run/sap_library/imports.tf b/deploy/terraform/run/sap_library/imports.tf index 2c67219195..4ad9b809c6 100644 --- a/deploy/terraform/run/sap_library/imports.tf +++ b/deploy/terraform/run/sap_library/imports.tf @@ -21,28 +21,28 @@ data "azurerm_key_vault_secret" "subscription_id" { provider = azurerm.deployer count = local.use_spn ? 1 : 0 name = format("%s-subscription-id", upper(local.infrastructure.environment)) - key_vault_id = local.spn_key_vault_arm_id + key_vault_id = locals.key_vault.kv_spn_id } data "azurerm_key_vault_secret" "client_id" { provider = azurerm.deployer count = local.use_spn ? 1 : 0 name = format("%s-client-id", upper(local.infrastructure.environment)) - key_vault_id = local.spn_key_vault_arm_id + key_vault_id = locals.key_vault.kv_spn_id } data "azurerm_key_vault_secret" "client_secret" { provider = azurerm.deployer count = local.use_spn ? 1 : 0 name = format("%s-client-secret", upper(local.infrastructure.environment)) - key_vault_id = local.spn_key_vault_arm_id + key_vault_id = locals.key_vault.kv_spn_id } data "azurerm_key_vault_secret" "tenant_id" { provider = azurerm.deployer count = local.use_spn ? 1 : 0 name = format("%s-tenant-id", upper(local.infrastructure.environment)) - key_vault_id = local.spn_key_vault_arm_id + key_vault_id = locals.key_vault.kv_spn_id } // Import current service principal diff --git a/deploy/terraform/run/sap_library/transform.tf b/deploy/terraform/run/sap_library/transform.tf index 1d3afd89b3..1e71d20b52 100644 --- a/deploy/terraform/run/sap_library/transform.tf +++ b/deploy/terraform/run/sap_library/transform.tf @@ -14,7 +14,7 @@ locals { use = var.use_deployer } key_vault = { - kv_spn_id = coalesce(local.spn_key_vault_arm_id, var.spn_keyvault_id) + kv_spn_id = coalesce(var.spn_keyvault_id, local.spn_key_vault_arm_id) } storage_account_sapbits = { arm_id = var.library_sapmedia_arm_id diff --git a/deploy/terraform/run/sap_library/variables_local.tf b/deploy/terraform/run/sap_library/variables_local.tf index 59798b8039..f5f491dadd 100644 --- a/deploy/terraform/run/sap_library/variables_local.tf +++ b/deploy/terraform/run/sap_library/variables_local.tf @@ -31,7 +31,7 @@ locals { ) // Retrieve the arm_id of deployer's Key Vault from deployer's terraform.tfstate - spn_key_vault_arm_id = try(data.terraform_remote_state.deployer[0].outputs.deployer_kv_user_arm_id, "") + spn_key_vault_arm_id = try(data.terraform_remote_state.deployer[0].outputs.deployer_kv_user_arm_id, "") spn = { subscription_id = local.use_spn ? data.azurerm_key_vault_secret.subscription_id[0].value : null, From 14ddf0cf36bc15f78d6d3ad0d682f4a72f05694f Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Fri, 18 Oct 2024 21:44:44 +0300 Subject: [PATCH 109/279] Refactor deploy_controlplane.sh script to use local variables for deployer and library state file keys --- deploy/scripts/deploy_controlplane.sh | 4 ++-- deploy/terraform/bootstrap/sap_library/imports.tf | 8 ++++---- deploy/terraform/run/sap_library/imports.tf | 8 ++++---- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/deploy/scripts/deploy_controlplane.sh b/deploy/scripts/deploy_controlplane.sh index 1b18817a74..e6c97c5a7d 100755 --- a/deploy/scripts/deploy_controlplane.sh +++ b/deploy/scripts/deploy_controlplane.sh @@ -81,12 +81,12 @@ done echo "ADO flag: ${ado_flag}" -key=$(echo "${deployer_file_parametername}" | cut -d. -f1) +key=$(basename "${deployer_parameter_file}" | cut -d. -f1) deployer_tfstate_key="${key}.terraform.tfstate" echo "Deployer State File: ${deployer_tfstate_key}" -key=$(echo "${library_parameter_file}" | cut -d. -f1) +key=$(basename "${library_parameter_file}" | cut -d. -f1) library_tfstate_key="${key}.terraform.tfstate" echo "Library State File: ${library_tfstate_key}" diff --git a/deploy/terraform/bootstrap/sap_library/imports.tf b/deploy/terraform/bootstrap/sap_library/imports.tf index d846e9b9fd..2ba1c4a262 100644 --- a/deploy/terraform/bootstrap/sap_library/imports.tf +++ b/deploy/terraform/bootstrap/sap_library/imports.tf @@ -18,28 +18,28 @@ data "azurerm_key_vault_secret" "subscription_id" { provider = azurerm.deployer count = local.use_spn ? 1 : 0 name = format("%s-subscription-id", upper(local.infrastructure.environment)) - key_vault_id = locals.key_vault.kv_spn_id + key_vault_id = local.key_vault.kv_spn_id } data "azurerm_key_vault_secret" "client_id" { provider = azurerm.deployer count = local.use_spn ? 1 : 0 name = format("%s-client-id", upper(local.infrastructure.environment)) - key_vault_id = locals.key_vault.kv_spn_id + key_vault_id = local.key_vault.kv_spn_id } data "azurerm_key_vault_secret" "client_secret" { provider = azurerm.deployer count = local.use_spn ? 1 : 0 name = format("%s-client-secret", upper(local.infrastructure.environment)) - key_vault_id = locals.key_vault.kv_spn_id + key_vault_id = local.key_vault.kv_spn_id } data "azurerm_key_vault_secret" "tenant_id" { provider = azurerm.deployer count = local.use_spn ? 1 : 0 name = format("%s-tenant-id", upper(local.infrastructure.environment)) - key_vault_id = locals.key_vault.kv_spn_id + key_vault_id = local.key_vault.kv_spn_id } // Import current service principal diff --git a/deploy/terraform/run/sap_library/imports.tf b/deploy/terraform/run/sap_library/imports.tf index 4ad9b809c6..c601e7ea02 100644 --- a/deploy/terraform/run/sap_library/imports.tf +++ b/deploy/terraform/run/sap_library/imports.tf @@ -21,28 +21,28 @@ data "azurerm_key_vault_secret" "subscription_id" { provider = azurerm.deployer count = local.use_spn ? 1 : 0 name = format("%s-subscription-id", upper(local.infrastructure.environment)) - key_vault_id = locals.key_vault.kv_spn_id + key_vault_id = local.key_vault.kv_spn_id } data "azurerm_key_vault_secret" "client_id" { provider = azurerm.deployer count = local.use_spn ? 1 : 0 name = format("%s-client-id", upper(local.infrastructure.environment)) - key_vault_id = locals.key_vault.kv_spn_id + key_vault_id = local.key_vault.kv_spn_id } data "azurerm_key_vault_secret" "client_secret" { provider = azurerm.deployer count = local.use_spn ? 1 : 0 name = format("%s-client-secret", upper(local.infrastructure.environment)) - key_vault_id = locals.key_vault.kv_spn_id + key_vault_id = local.key_vault.kv_spn_id } data "azurerm_key_vault_secret" "tenant_id" { provider = azurerm.deployer count = local.use_spn ? 1 : 0 name = format("%s-tenant-id", upper(local.infrastructure.environment)) - key_vault_id = locals.key_vault.kv_spn_id + key_vault_id = local.key_vault.kv_spn_id } // Import current service principal From 3046808cf6ecabab095cf0a2753b81a9ba9463f8 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Fri, 18 Oct 2024 22:30:24 +0300 Subject: [PATCH 110/279] Refactor azurerm provider versions to 4.6.0 --- Webapp/SDAF/SDAFWebApp.csproj | 12 ++++++------ deploy/pipelines/12-remove-control-plane.yaml | 13 +++++++++---- deploy/scripts/New-SDAFDevopsProject.ps1 | 2 +- .../terraform/bootstrap/sap_deployer/providers.tf | 2 +- .../bootstrap/sap_deployer/tfvar_variables.tf | 2 +- deploy/terraform/bootstrap/sap_library/providers.tf | 2 +- deploy/terraform/run/sap_deployer/providers.tf | 2 +- .../terraform/run/sap_deployer/tfvar_variables.tf | 2 +- deploy/terraform/run/sap_landscape/providers.tf | 2 +- deploy/terraform/run/sap_library/providers.tf | 2 +- deploy/terraform/run/sap_system/providers.tf | 2 +- .../modules/sap_deployer/providers.tf | 2 +- .../modules/sap_landscape/providers.tf | 2 +- .../modules/sap_library/providers.tf | 2 +- .../modules/sap_system/anydb_node/providers.tf | 2 +- .../modules/sap_system/app_tier/providers.tf | 2 +- .../sap_system/common_infrastructure/providers.tf | 2 +- .../modules/sap_system/hdb_node/providers.tf | 2 +- .../modules/sap_system/output_files/providers.tf | 2 +- 19 files changed, 32 insertions(+), 27 deletions(-) diff --git a/Webapp/SDAF/SDAFWebApp.csproj b/Webapp/SDAF/SDAFWebApp.csproj index 295391fb10..4f15f4fee8 100644 --- a/Webapp/SDAF/SDAFWebApp.csproj +++ b/Webapp/SDAF/SDAFWebApp.csproj @@ -16,18 +16,18 @@ - + - - - - - + + + + + diff --git a/deploy/pipelines/12-remove-control-plane.yaml b/deploy/pipelines/12-remove-control-plane.yaml index 9854c0ffe9..7972cc55d5 100644 --- a/deploy/pipelines/12-remove-control-plane.yaml +++ b/deploy/pipelines/12-remove-control-plane.yaml @@ -85,7 +85,9 @@ stages: az devops configure --defaults organization=$(System.CollectionUri) project='$(System.TeamProject)' --output none export VARIABLE_GROUP_ID=$(az pipelines variable-group list --query "[?name=='$(parent_variable_group)'].id | [0]") - echo '$(parent_variable_group) id: ' $VARIABLE_GROUP_ID + + printf -v val %-15.15s "$VARIABLE_GROUP_ID" + echo "${val}: $VARIABLE_GROUP_ID" if [ -z ${VARIABLE_GROUP_ID} ]; then echo "##vso[task.logissue type=error]Variable group $(parent_variable_group) could not be found." exit 2 @@ -151,7 +153,7 @@ stages: dos2unix -q $CONFIG_REPO_PATH/DEPLOYER/$(deployer_folder)/$(deployer_configuration_file) dos2unix -q $CONFIG_REPO_PATH/LIBRARY/$(library_folder)/$(library_configuration_file) - echo -e "$green--- Running the remove region script that destroys deployer VM and SAP library ---$reset" + echo -e "$green--- Environment information ---$reset" ENVIRONMENT=$(grep "^environment" $CONFIG_REPO_PATH/DEPLOYER/$(deployer_folder)/$(deployer_configuration_file) | awk -F'=' '{print $2}' | xargs) LOCATION=$(grep "^location" $CONFIG_REPO_PATH/DEPLOYER/$(deployer_folder)/$(deployer_configuration_file) | awk -F'=' '{print $2}' | xargs | tr 'A-Z' 'a-z') @@ -223,6 +225,7 @@ stages: echo "Location(filename): $LOCATION_IN_FILENAME" echo "" + if [ $ENVIRONMENT != $ENVIRONMENT_IN_FILENAME ]; then echo "##vso[task.logissue type=error]The environment setting in $(workload_zone_configuration_file) '$ENVIRONMENT' does not match the $(workload_zone_configuration_file) file name '$ENVIRONMENT_IN_FILENAME'. Filename should have the pattern [ENVIRONMENT]-[REGION_CODE]-[NETWORK_LOGICAL_NAME]-INFRASTRUCTURE" exit 2 @@ -477,7 +480,9 @@ stages: az devops configure --defaults organization=$(System.CollectionUri) project='$(System.TeamProject)' --output none export VARIABLE_GROUP_ID=$(az pipelines variable-group list --query "[?name=='$(parent_variable_group)'].id | [0]") - echo '$(variable_group) id: ' $VARIABLE_GROUP_ID + + printf -v val %-15.15s "$VARIABLE_GROUP_ID" + echo "${val}: $VARIABLE_GROUP_ID" if [ -z ${VARIABLE_GROUP_ID} ]; then echo "##vso[task.logissue type=error]Variable group $(parent_variable_group) could not be found." exit 2 @@ -509,7 +514,7 @@ stages: dos2unix -q $CONFIG_REPO_PATH/DEPLOYER/$(deployer_folder)/$(deployer_configuration_file) dos2unix -q $CONFIG_REPO_PATH/LIBRARY/$(library_folder)/$(library_configuration_file) - echo -e "$green--- Running the remove region script that destroys deployer VM and SAP library ---$reset" + echo -e "$green--- Environment information ---$reset" ENVIRONMENT=$(grep "^environment" $CONFIG_REPO_PATH/DEPLOYER/$(deployer_folder)/$(deployer_configuration_file) | awk -F'=' '{print $2}' | xargs) LOCATION=$(grep "^location" $CONFIG_REPO_PATH/DEPLOYER/$(deployer_folder)/$(deployer_configuration_file) | awk -F'=' '{print $2}' | xargs | tr 'A-Z' 'a-z') diff --git a/deploy/scripts/New-SDAFDevopsProject.ps1 b/deploy/scripts/New-SDAFDevopsProject.ps1 index c0ac01fdd0..bb5181f51c 100644 --- a/deploy/scripts/New-SDAFDevopsProject.ps1 +++ b/deploy/scripts/New-SDAFDevopsProject.ps1 @@ -466,7 +466,7 @@ Write-Host "Creating the variable group SDAF-General" -ForegroundColor Green $general_group_id = (az pipelines variable-group list --query "[?name=='SDAF-General'].id | [0]" --only-show-errors) if ($general_group_id.Length -eq 0) { - az pipelines variable-group create --name SDAF-General --variables ANSIBLE_HOST_KEY_CHECKING=false Deployment_Configuration_Path=WORKSPACES Branch=main tf_version="1.9.5" ansible_core_version="2.15" S-Username=$SUserName S-Password=$SPassword --output yaml --authorize true --output none + az pipelines variable-group create --name SDAF-General --variables ANSIBLE_HOST_KEY_CHECKING=false Deployment_Configuration_Path=WORKSPACES Branch=main tf_version="1.9.8" ansible_core_version="2.15" S-Username=$SUserName S-Password=$SPassword --output yaml --authorize true --output none $general_group_id = (az pipelines variable-group list --query "[?name=='SDAF-General'].id | [0]" --only-show-errors) az pipelines variable-group variable update --group-id $general_group_id --name "S-Password" --value $SPassword --secret true --output none --only-show-errors } diff --git a/deploy/terraform/bootstrap/sap_deployer/providers.tf b/deploy/terraform/bootstrap/sap_deployer/providers.tf index cdc795d5a1..660cc0ed5f 100644 --- a/deploy/terraform/bootstrap/sap_deployer/providers.tf +++ b/deploy/terraform/bootstrap/sap_deployer/providers.tf @@ -86,7 +86,7 @@ terraform { } azurerm = { source = "hashicorp/azurerm" - version = "4.4.0" + version = "4.6.0" } } } diff --git a/deploy/terraform/bootstrap/sap_deployer/tfvar_variables.tf b/deploy/terraform/bootstrap/sap_deployer/tfvar_variables.tf index 8c22bc8e00..a2fea50615 100644 --- a/deploy/terraform/bootstrap/sap_deployer/tfvar_variables.tf +++ b/deploy/terraform/bootstrap/sap_deployer/tfvar_variables.tf @@ -371,7 +371,7 @@ variable "deployer_diagnostics_account_arm_id" { variable "tf_version" { description = "Terraform version to install on deployer" - default = "1.9.5" + default = "1.9.8" } variable "name_override_file" { diff --git a/deploy/terraform/bootstrap/sap_library/providers.tf b/deploy/terraform/bootstrap/sap_library/providers.tf index e184dd7431..ce94129da8 100644 --- a/deploy/terraform/bootstrap/sap_library/providers.tf +++ b/deploy/terraform/bootstrap/sap_library/providers.tf @@ -110,7 +110,7 @@ terraform { } azurerm = { source = "hashicorp/azurerm" - version = "4.4.0" + version = "4.6.0" } } } diff --git a/deploy/terraform/run/sap_deployer/providers.tf b/deploy/terraform/run/sap_deployer/providers.tf index fc4e4c90dc..40e5d55546 100644 --- a/deploy/terraform/run/sap_deployer/providers.tf +++ b/deploy/terraform/run/sap_deployer/providers.tf @@ -86,7 +86,7 @@ terraform { } azurerm = { source = "hashicorp/azurerm" - version = "4.4.0" + version = "4.6.0" } } } diff --git a/deploy/terraform/run/sap_deployer/tfvar_variables.tf b/deploy/terraform/run/sap_deployer/tfvar_variables.tf index cf917a3fb1..cad9d90772 100644 --- a/deploy/terraform/run/sap_deployer/tfvar_variables.tf +++ b/deploy/terraform/run/sap_deployer/tfvar_variables.tf @@ -368,7 +368,7 @@ variable "deployer_diagnostics_account_arm_id" { variable "tf_version" { description = "Terraform version to install on deployer" - default = "1.9.5" + default = "1.9.8" } variable "name_override_file" { diff --git a/deploy/terraform/run/sap_landscape/providers.tf b/deploy/terraform/run/sap_landscape/providers.tf index 563b3b20f7..867327b13a 100644 --- a/deploy/terraform/run/sap_landscape/providers.tf +++ b/deploy/terraform/run/sap_landscape/providers.tf @@ -130,7 +130,7 @@ terraform { } azurerm = { source = "hashicorp/azurerm" - version = "4.4.0" + version = "4.6.0" } azapi = { source = "Azure/azapi" diff --git a/deploy/terraform/run/sap_library/providers.tf b/deploy/terraform/run/sap_library/providers.tf index ffce934586..24013b1dac 100644 --- a/deploy/terraform/run/sap_library/providers.tf +++ b/deploy/terraform/run/sap_library/providers.tf @@ -105,7 +105,7 @@ terraform { } azurerm = { source = "hashicorp/azurerm" - version = "4.4.0" + version = "4.6.0" } } } diff --git a/deploy/terraform/run/sap_system/providers.tf b/deploy/terraform/run/sap_system/providers.tf index f61497c0c7..050d29beb9 100644 --- a/deploy/terraform/run/sap_system/providers.tf +++ b/deploy/terraform/run/sap_system/providers.tf @@ -99,7 +99,7 @@ terraform { } azurerm = { source = "hashicorp/azurerm" - version = "4.4.0" + version = "4.6.0" } } } diff --git a/deploy/terraform/terraform-units/modules/sap_deployer/providers.tf b/deploy/terraform/terraform-units/modules/sap_deployer/providers.tf index e64b177544..9a31dbf08c 100644 --- a/deploy/terraform/terraform-units/modules/sap_deployer/providers.tf +++ b/deploy/terraform/terraform-units/modules/sap_deployer/providers.tf @@ -3,7 +3,7 @@ terraform { azurerm = { source = "hashicorp/azurerm" configuration_aliases = [azurerm.dnsmanagement, azurerm.main] - version = "4.4.0" + version = "4.6.0" } } } diff --git a/deploy/terraform/terraform-units/modules/sap_landscape/providers.tf b/deploy/terraform/terraform-units/modules/sap_landscape/providers.tf index 3704a96e56..94690842df 100644 --- a/deploy/terraform/terraform-units/modules/sap_landscape/providers.tf +++ b/deploy/terraform/terraform-units/modules/sap_landscape/providers.tf @@ -3,7 +3,7 @@ terraform { azurerm = { source = "hashicorp/azurerm" configuration_aliases = [azurerm.main, azurerm.deployer, azurerm.dnsmanagement, azurerm.peering, azurerm.privatelinkdnsmanagement] - version = "4.4.0" + version = "4.6.0" } azapi = { diff --git a/deploy/terraform/terraform-units/modules/sap_library/providers.tf b/deploy/terraform/terraform-units/modules/sap_library/providers.tf index fb48736d38..6367145873 100644 --- a/deploy/terraform/terraform-units/modules/sap_library/providers.tf +++ b/deploy/terraform/terraform-units/modules/sap_library/providers.tf @@ -3,7 +3,7 @@ terraform { azurerm = { source = "hashicorp/azurerm" configuration_aliases = [azurerm.main, azurerm.deployer, azurerm.dnsmanagement, azurerm.privatelinkdnsmanagement] - version = "4.4.0" + version = "4.6.0" } } } diff --git a/deploy/terraform/terraform-units/modules/sap_system/anydb_node/providers.tf b/deploy/terraform/terraform-units/modules/sap_system/anydb_node/providers.tf index 31e19ce0d8..9a5ea245e6 100644 --- a/deploy/terraform/terraform-units/modules/sap_system/anydb_node/providers.tf +++ b/deploy/terraform/terraform-units/modules/sap_system/anydb_node/providers.tf @@ -3,7 +3,7 @@ terraform { azurerm = { source = "hashicorp/azurerm" configuration_aliases = [azurerm.main, azurerm.deployer, azurerm.dnsmanagement, azurerm.privatelinkdnsmanagement] // - version = "4.4.0" + version = "4.6.0" } } } diff --git a/deploy/terraform/terraform-units/modules/sap_system/app_tier/providers.tf b/deploy/terraform/terraform-units/modules/sap_system/app_tier/providers.tf index 31e19ce0d8..9a5ea245e6 100644 --- a/deploy/terraform/terraform-units/modules/sap_system/app_tier/providers.tf +++ b/deploy/terraform/terraform-units/modules/sap_system/app_tier/providers.tf @@ -3,7 +3,7 @@ terraform { azurerm = { source = "hashicorp/azurerm" configuration_aliases = [azurerm.main, azurerm.deployer, azurerm.dnsmanagement, azurerm.privatelinkdnsmanagement] // - version = "4.4.0" + version = "4.6.0" } } } diff --git a/deploy/terraform/terraform-units/modules/sap_system/common_infrastructure/providers.tf b/deploy/terraform/terraform-units/modules/sap_system/common_infrastructure/providers.tf index 31e19ce0d8..9a5ea245e6 100644 --- a/deploy/terraform/terraform-units/modules/sap_system/common_infrastructure/providers.tf +++ b/deploy/terraform/terraform-units/modules/sap_system/common_infrastructure/providers.tf @@ -3,7 +3,7 @@ terraform { azurerm = { source = "hashicorp/azurerm" configuration_aliases = [azurerm.main, azurerm.deployer, azurerm.dnsmanagement, azurerm.privatelinkdnsmanagement] // - version = "4.4.0" + version = "4.6.0" } } } diff --git a/deploy/terraform/terraform-units/modules/sap_system/hdb_node/providers.tf b/deploy/terraform/terraform-units/modules/sap_system/hdb_node/providers.tf index 48bf4b3735..1447e1ee52 100644 --- a/deploy/terraform/terraform-units/modules/sap_system/hdb_node/providers.tf +++ b/deploy/terraform/terraform-units/modules/sap_system/hdb_node/providers.tf @@ -3,7 +3,7 @@ terraform { azurerm = { source = "hashicorp/azurerm" configuration_aliases = [azurerm.main, azurerm.deployer, azurerm.dnsmanagement, azurerm.privatelinkdnsmanagement] - version = "4.4.0" + version = "4.6.0" } # azapi = { diff --git a/deploy/terraform/terraform-units/modules/sap_system/output_files/providers.tf b/deploy/terraform/terraform-units/modules/sap_system/output_files/providers.tf index abc9ae403b..5ef1914498 100644 --- a/deploy/terraform/terraform-units/modules/sap_system/output_files/providers.tf +++ b/deploy/terraform/terraform-units/modules/sap_system/output_files/providers.tf @@ -3,7 +3,7 @@ terraform { azurerm = { source = "hashicorp/azurerm" configuration_aliases = [azurerm.main, azurerm.dnsmanagement] - version = "4.4.0" + version = "4.6.0" } } } From 6630e9dce35ce8e9e825a03b90d8b1dcc9ba228a Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Fri, 18 Oct 2024 22:39:33 +0300 Subject: [PATCH 111/279] Refactor deploy_controlplane.sh script to use local variables for deployer and library state file keys --- deploy/pipelines/01-deploy-control-plane.yaml | 6 ++---- deploy/scripts/deploy_controlplane.sh | 9 ++++----- 2 files changed, 6 insertions(+), 9 deletions(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index a1b3ef203c..38dc115b7c 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -230,12 +230,10 @@ stages: unzip -qq -o -P "${pass}" ${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/state.zip -d ${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder) fi - ls -lart ${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder) - if [ $(use_webapp) = "true" ]; then - echo "Use WebApp is selected" + echo "Deploy Web App: true" else - echo "No WebApp" + echo "Deploy Web App: false" fi export TF_LOG_PATH=$CONFIG_REPO_PATH/.sap_deployment_automation/terraform.log diff --git a/deploy/scripts/deploy_controlplane.sh b/deploy/scripts/deploy_controlplane.sh index e6c97c5a7d..5368b98853 100755 --- a/deploy/scripts/deploy_controlplane.sh +++ b/deploy/scripts/deploy_controlplane.sh @@ -132,7 +132,7 @@ fi # Convert the region to the correct code get_region_code "$region" -echo "Region code for deployment: $region_code" +echo "Region code: ${region_code}" automation_config_directory=$CONFIG_REPO_PATH/.sap_deployment_automation generic_config_information="${automation_config_directory}"/config @@ -254,11 +254,11 @@ fi load_config_vars "${deployer_config_information}" "step" if [ 0 = "${deploy_using_msi_only:-}" ]; then - echo "Using Service Principal for deployment" + echo "Identity to use: Service Principal" unset ARM_USE_MSI set_executing_user_environment_variables "${spn_secret}" else - echo "Using Managed Identity for deployment" + echo "Identity to use: Managed Identity" set_executing_user_environment_variables "none" fi @@ -300,7 +300,7 @@ if [ 0 == $step ]; then fi load_config_vars "${deployer_config_information}" "keyvault" - echo "Key vault: ${keyvault}" + echo "Key vault: ${keyvault}" if [ -z "$keyvault" ]; then echo "#########################################################################################" @@ -530,7 +530,6 @@ if [ 2 == $step ]; then fi allParams=$(printf " -p %s -d %s %s" "${library_file_parametername}" "${relative_path}" "${approveparam}") - echo "${allParams}" "${SAP_AUTOMATION_REPO_PATH}"/deploy/scripts/install_library.sh $allParams return_code=$? From fde137dc5a9f93e5ef9fb88bb5044491cfb7710d Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Fri, 18 Oct 2024 22:42:39 +0300 Subject: [PATCH 112/279] Refactor deploy_controlplane.sh script to use local variables for deployer and library state file keys --- deploy/pipelines/01-deploy-control-plane.yaml | 6 ++++++ deploy/scripts/helpers/script_helpers.sh | 5 +++++ 2 files changed, 11 insertions(+) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index 38dc115b7c..2fecd83d95 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -428,6 +428,12 @@ stages: file_REMOTE_STATE_SA="" file_REMOTE_STATE_RG=$(deployerfolder) + if [[ -f /etc/profile.d/deploy_server.sh ]]; then + path=$(grep -m 1 "export PATH=" /etc/profile.d/deploy_server.sh | awk -F'=' '{print $2}' | xargs) + export PATH=$path + fi + + echo -e "$green--- Information ---$reset" echo "Environment: ${ENVIRONMENT}" echo "Location: ${LOCATION}" diff --git a/deploy/scripts/helpers/script_helpers.sh b/deploy/scripts/helpers/script_helpers.sh index 0ab45d04b1..3e8bacca47 100755 --- a/deploy/scripts/helpers/script_helpers.sh +++ b/deploy/scripts/helpers/script_helpers.sh @@ -12,6 +12,11 @@ script_directory_parent="$(dirname "${script_directory}")" #call stack has full scriptname when using source source "${script_directory_parent}"/deploy_utils.sh +if [[ -f /etc/profile.d/deploy_server.sh ]]; then + path=$(grep -m 1 "export PATH=" /etc/profile.d/deploy_server.sh | awk -F'=' '{print $2}' | xargs) + export PATH=$path +fi + function control_plane_showhelp { echo "" echo "#################################################################################################################" From f933adc5ba4dc5141216033bb7eadad173619b15 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Fri, 18 Oct 2024 22:46:37 +0300 Subject: [PATCH 113/279] Refactor deploy_controlplane.sh script to use local variables for deployer and library state file keys --- deploy/pipelines/01-deploy-control-plane.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index 2fecd83d95..ebcee3b166 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -433,7 +433,6 @@ stages: export PATH=$path fi - echo -e "$green--- Information ---$reset" echo "Environment: ${ENVIRONMENT}" echo "Location: ${LOCATION}" @@ -528,7 +527,6 @@ stages: REMOTE_STATE_SA=$(grep "^REMOTE_STATE_SA=" "${deployer_environment_file_name}" | awk -F'=' '{print $2}' | xargs) echo "TF Account: ${REMOTE_STATE_SA}" - az pipelines variable-group variable create --group-id "${VARIABLE_GROUP_ID}" --name Terraform_Remote_Storage_Account_Name --value "${REMOTE_STATE_SA}" --output none --only-show-errors fi fi From 46446cf991003b8c76072aec02a34b682a0ab12e Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sat, 19 Oct 2024 00:24:09 +0300 Subject: [PATCH 114/279] Refactor az keyvault set-policy command in deploy_controlplane.sh script --- deploy/pipelines/02-sap-workload-zone.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/pipelines/02-sap-workload-zone.yaml b/deploy/pipelines/02-sap-workload-zone.yaml index a082240a34..0357ef0e2d 100644 --- a/deploy/pipelines/02-sap-workload-zone.yaml +++ b/deploy/pipelines/02-sap-workload-zone.yaml @@ -449,7 +449,7 @@ stages: --region "${LOCATION}" --subscription $ARM_SUBSCRIPTION_ID --spn_id $ARM_CLIENT_ID --spn_secret "${ARM_CLIENT_SECRET}" \ --tenant_id $ARM_TENANT_ID --keyvault_subscription $STATE_SUBSCRIPTION secrets_set=$? ; echo -e "$cyan Set Secrets returned $secrets_set $reset" - az keyvault set-policy --name "${key_vault}" --application-id $ARM_CLIENT_ID --secret-permissions get list --subscription $STATE_SUBSCRIPTION --output none + az keyvault set-policy --name "${key_vault}" --spn $ARM_CLIENT_ID --secret-permissions get list --subscription $STATE_SUBSCRIPTION --output none else echo -e "$cyan --- Install using Managed Identity ---$reset" # export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID From 1ed640762583b0093538e2a9247ede9ea171efd1 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sat, 19 Oct 2024 00:36:48 +0300 Subject: [PATCH 115/279] Refactor az keyvault set-policy command in deploy_controlplane.sh script --- deploy/pipelines/02-sap-workload-zone.yaml | 2 +- deploy/scripts/install_workloadzone.sh | 27 ++++++++++++---------- deploy/scripts/installer.sh | 18 +++++++-------- 3 files changed, 24 insertions(+), 23 deletions(-) diff --git a/deploy/pipelines/02-sap-workload-zone.yaml b/deploy/pipelines/02-sap-workload-zone.yaml index 0357ef0e2d..d6460f82ac 100644 --- a/deploy/pipelines/02-sap-workload-zone.yaml +++ b/deploy/pipelines/02-sap-workload-zone.yaml @@ -449,7 +449,7 @@ stages: --region "${LOCATION}" --subscription $ARM_SUBSCRIPTION_ID --spn_id $ARM_CLIENT_ID --spn_secret "${ARM_CLIENT_SECRET}" \ --tenant_id $ARM_TENANT_ID --keyvault_subscription $STATE_SUBSCRIPTION secrets_set=$? ; echo -e "$cyan Set Secrets returned $secrets_set $reset" - az keyvault set-policy --name "${key_vault}" --spn $ARM_CLIENT_ID --secret-permissions get list --subscription $STATE_SUBSCRIPTION --output none + az keyvault set-policy --name "${key_vault}" --spn $ARM_OBJECT_ID --secret-permissions get list --subscription $STATE_SUBSCRIPTION --output none else echo -e "$cyan --- Install using Managed Identity ---$reset" # export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index 3030d82d31..42ac11d6e4 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -142,10 +142,6 @@ get_region_code "$region" key=$(echo "${workload_file_parametername}" | cut -d. -f1) landscape_tfstate_key=${key}.terraform.tfstate -echo "Deployment region: $region" -echo "Deployment region code: $region_code" -echo "Keyvault: $keyvault" - #Persisting the parameters across executions automation_config_directory=$CONFIG_REPO_PATH/.sap_deployment_automation @@ -169,7 +165,11 @@ then rm -Rf .terraform terraform.tfstate* fi -echo "Workload configuration file: $workload_config_information" + +echo "Configuration file: $workload_config_information" +echo "Deployment region: $region" +echo "Deployment region code: $region_code" +echo "Keyvault: $keyvault" if [ -n "$STATE_SUBSCRIPTION" ] then @@ -286,7 +286,9 @@ then fi fi else - echo "tfstate_resource_id $tfstate_resource_id" + + echo "Terraform resource Id: $tfstate_resource_id" + save_config_vars "${workload_config_information}" \ tfstate_resource_id fi @@ -419,10 +421,10 @@ fi useSAS=$(az storage account show --name "${REMOTE_STATE_SA}" --query allowSharedKeyAccess --subscription "${STATE_SUBSCRIPTION}" --out tsv) if [ "$useSAS" = "true" ] ; then - echo "Authenticate storage using SAS" + echo "Storage Account authentication: key" export ARM_USE_AZUREAD=false else - echo "Authenticate storage using Entra ID" + echo "Storage Account authentication: Entra ID" export ARM_USE_AZUREAD=true fi @@ -582,10 +584,11 @@ fi root_dirname=$(pwd) -echo " subscription_id=${STATE_SUBSCRIPTION}" -echo " resource_group_name=${REMOTE_STATE_RG}" -echo "storage_account_name=${REMOTE_STATE_SA}" - +echo "Terraform details" +echo "Subscription: ${STATE_SUBSCRIPTION}" +echo "Storage Account: ${REMOTE_STATE_SA}" +echo "Resource Group: ${REMOTE_STATE_RG}" +echo "State file: ${key}.terraform.tfstate" if [ ! -d ./.terraform/ ]; then diff --git a/deploy/scripts/installer.sh b/deploy/scripts/installer.sh index 7d601fd29f..8de7c36b7c 100755 --- a/deploy/scripts/installer.sh +++ b/deploy/scripts/installer.sh @@ -256,10 +256,6 @@ else save_config_vars "${system_config_information}" REMOTE_STATE_SA fi -echo "Terraform state subscription: ${STATE_SUBSCRIPTION}" -echo "Terraform state account: ${REMOTE_STATE_SA}" -echo "Target subscription: ${ARM_SUBSCRIPTION_ID}" - deployer_tfstate_key_parameter='' if [[ -z $deployer_tfstate_key ]]; @@ -405,8 +401,6 @@ if [[ -z ${REMOTE_STATE_SA} ]]; then fi fi -echo "Terraform state storage account: ${REMOTE_STATE_SA}" - if [ -z ${REMOTE_STATE_SA} ]; then option="REMOTE_STATE_SA" missing @@ -454,10 +448,6 @@ fi ok_to_proceed=false -echo "Terraform subscription_id: ${STATE_SUBSCRIPTION}" -echo "Terraform resource group name: ${REMOTE_STATE_RG}" -echo "Terraform state storage account: ${REMOTE_STATE_SA}" - # This is used to tell Terraform if this is a new deployment or an update deployment_parameter="" # This is used to tell Terraform the version information from the state file @@ -467,6 +457,14 @@ export TF_DATA_DIR="${param_dirname}/.terraform" terraform --version +echo "Terraform details" +echo "Subscription: ${STATE_SUBSCRIPTION}" +echo "Storage Account: ${REMOTE_STATE_SA}" +echo "Resource Group: ${REMOTE_STATE_RG}" +echo "State file: ${key}.terraform.tfstate" +echo "Target subscription: ${ARM_SUBSCRIPTION_ID}" + + check_output=0 if [ -f terraform.tfstate ]; then From aab65032c44189e8a32717f736f85f93ccebd4e9 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sat, 19 Oct 2024 23:44:33 +0300 Subject: [PATCH 116/279] Add SPN to workload zone key vault --- .../sap_landscape/key_vault_sap_landscape.tf | 21 ++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/deploy/terraform/terraform-units/modules/sap_landscape/key_vault_sap_landscape.tf b/deploy/terraform/terraform-units/modules/sap_landscape/key_vault_sap_landscape.tf index 1d2288a86a..23d5391977 100644 --- a/deploy/terraform/terraform-units/modules/sap_landscape/key_vault_sap_landscape.tf +++ b/deploy/terraform/terraform-units/modules/sap_landscape/key_vault_sap_landscape.tf @@ -85,7 +85,7 @@ resource "azurerm_role_assignment" "role_assignment_msi" { resource "azurerm_role_assignment" "role_assignment_spn" { provider = azurerm.main - count = var.enable_rbac_authorization_for_keyvault && local.service_principal.object_id != "" ? 1 : 0 + count = var.enable_rbac_authorization_for_keyvault && local.service_principal.object_id != "" && !var.options.use_spn ? 1 : 0 scope = local.user_keyvault_exist ? ( local.user_key_vault_id) : ( azurerm_key_vault.kv_user[0].id @@ -115,6 +115,25 @@ resource "azurerm_key_vault_access_policy" "kv_user" { ] } +resource "azurerm_key_vault_access_policy" "kv_user_spn" { + provider = azurerm.main + count = var.options.use_spn && !var.enable_rbac_authorization_for_keyvault ? 1 : 0 + key_vault_id = local.user_keyvault_exist ? local.user_key_vault_id : azurerm_key_vault.kv_user[0].id + tenant_id = local.service_principal.tenant_id + object_id = local.service_principal.object_id != "" ? local.service_principal.object_id : "00000000-0000-0000-0000-000000000000" + + secret_permissions = [ + "Get", + "List", + "Set", + "Delete", + "Recover", + "Restore", + "Purge" + ] +} + + ############################################################################### # # # Secrets # From e9098d67ca18d9de60c8a26efca31d2fcce5fb56 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sat, 19 Oct 2024 23:58:31 +0300 Subject: [PATCH 117/279] Remove the permission setting from the pipeline --- deploy/pipelines/02-sap-workload-zone.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/pipelines/02-sap-workload-zone.yaml b/deploy/pipelines/02-sap-workload-zone.yaml index d6460f82ac..170b096fcd 100644 --- a/deploy/pipelines/02-sap-workload-zone.yaml +++ b/deploy/pipelines/02-sap-workload-zone.yaml @@ -449,7 +449,7 @@ stages: --region "${LOCATION}" --subscription $ARM_SUBSCRIPTION_ID --spn_id $ARM_CLIENT_ID --spn_secret "${ARM_CLIENT_SECRET}" \ --tenant_id $ARM_TENANT_ID --keyvault_subscription $STATE_SUBSCRIPTION secrets_set=$? ; echo -e "$cyan Set Secrets returned $secrets_set $reset" - az keyvault set-policy --name "${key_vault}" --spn $ARM_OBJECT_ID --secret-permissions get list --subscription $STATE_SUBSCRIPTION --output none + # az keyvault set-policy --name "${key_vault}" --spn $ARM_OBJECT_ID --secret-permissions get list --subscription $STATE_SUBSCRIPTION --output none else echo -e "$cyan --- Install using Managed Identity ---$reset" # export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID From 532cc795e340510a74e9c3cb1fc89e5dc72585a5 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sun, 20 Oct 2024 15:35:23 +0300 Subject: [PATCH 118/279] Refactor echo statements in script_helpers.sh and installer.sh --- deploy/scripts/helpers/script_helpers.sh | 2 +- deploy/scripts/installer.sh | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/deploy/scripts/helpers/script_helpers.sh b/deploy/scripts/helpers/script_helpers.sh index 3e8bacca47..afb3abf301 100755 --- a/deploy/scripts/helpers/script_helpers.sh +++ b/deploy/scripts/helpers/script_helpers.sh @@ -485,7 +485,7 @@ function validate_dependencies { } function validate_key_parameters { - echo "Validating $1" + echo "Validating: $1" ext=$(echo $1 | cut -d. -f2) # Helper variables diff --git a/deploy/scripts/installer.sh b/deploy/scripts/installer.sh index 8de7c36b7c..e01fb8a1eb 100755 --- a/deploy/scripts/installer.sh +++ b/deploy/scripts/installer.sh @@ -300,10 +300,10 @@ fi useSAS=$(az storage account show --name "${REMOTE_STATE_SA}" --query allowSharedKeyAccess --subscription ${STATE_SUBSCRIPTION} --out tsv) if [ "$useSAS" = "true" ] ; then - echo "Storage Account Authentication: Key" + echo "Storage Account Authentication: Key" export ARM_USE_AZUREAD=false else - echo "Storage Account Authentication: Entra ID" + echo "Storage Account Authentication: Entra ID" export ARM_USE_AZUREAD=true fi @@ -314,7 +314,7 @@ if [[ -z $landscape_tfstate_key ]]; then load_config_vars "${system_config_information}" "landscape_tfstate_key" else - echo "Workload zone file name:" "${landscape_tfstate_key}" + echo "Workload zone state file: ${landscape_tfstate_key}" save_config_vars "${system_config_information}" landscape_tfstate_key fi @@ -341,7 +341,7 @@ then fi else landscape_tfstate_key_parameter=" -var landscape_tfstate_key=${landscape_tfstate_key}" - echo "Workload zone state file: ${landscape_tfstate_key}" + echo "Workload zone state file: ${landscape_tfstate_key}" fi fi From fc510f99f674b536165216a392528bfd46c6545b Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sun, 20 Oct 2024 15:43:07 +0300 Subject: [PATCH 119/279] Refactor echo statements in script_helpers.sh and installer.sh --- deploy/pipelines/02-sap-workload-zone.yaml | 1 - deploy/pipelines/03-sap-system-deployment.yaml | 12 ++++++------ 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/deploy/pipelines/02-sap-workload-zone.yaml b/deploy/pipelines/02-sap-workload-zone.yaml index 170b096fcd..c1f4a36ac4 100644 --- a/deploy/pipelines/02-sap-workload-zone.yaml +++ b/deploy/pipelines/02-sap-workload-zone.yaml @@ -311,7 +311,6 @@ stages: echo "-------------------------------------------------" az --version - if [ $ENVIRONMENT != $ENVIRONMENT_IN_FILENAME ]; then echo "##vso[task.logissue type=error]The environment setting in $(workload_zone_configuration_file) '$ENVIRONMENT' does not match the $(workload_zone_configuration_file) file name '$ENVIRONMENT_IN_FILENAME'. Filename should have the pattern [ENVIRONMENT]-[REGION_CODE]-[NETWORK_LOGICAL_NAME]-INFRASTRUCTURE" exit 2 diff --git a/deploy/pipelines/03-sap-system-deployment.yaml b/deploy/pipelines/03-sap-system-deployment.yaml index 44256a3e38..40c30eca80 100644 --- a/deploy/pipelines/03-sap-system-deployment.yaml +++ b/deploy/pipelines/03-sap-system-deployment.yaml @@ -283,23 +283,23 @@ stages: az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Subscription.value" --out tsv) if [ -z ${az_var} ]; then - export STATE_SUBSCRIPTION=$(grep STATE_SUBSCRIPTION ${environment_file_name} | awk -F'=' '{print $2}' | xargs) ; echo 'Terraform state file subscription' $STATE_SUBSCRIPTION + export STATE_SUBSCRIPTION=$(grep STATE_SUBSCRIPTION ${environment_file_name} | awk -F'=' '{print $2}' | xargs) else - export STATE_SUBSCRIPTION=${az_var} ; echo 'Terraform state file subscription' $STATE_SUBSCRIPTION + export STATE_SUBSCRIPTION=${az_var} fi az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Account_Name.value" --out tsv) if [ -z ${az_var} ]; then - export REMOTE_STATE_SA=$(grep REMOTE_STATE_SA ${environment_file_name} | awk -F'=' '{print $2}' | xargs) ; echo 'Terraform state file storage account' $REMOTE_STATE_SA + export REMOTE_STATE_SA=$(grep REMOTE_STATE_SA ${environment_file_name} | awk -F'=' '{print $2}' | xargs) else - export REMOTE_STATE_SA=${az_var} ; echo 'Terraform state file storage account' $REMOTE_STATE_SA + export REMOTE_STATE_SA=${az_var} fi az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Deployer_State_FileName.value" --out tsv) if [ -z ${az_var} ]; then - export deployer_tfstate_key=$(grep deployer_tfstate_key ${environment_file_name} | awk -F'=' '{print $2}' | xargs) ; echo 'Deployer State File' $deployer_tfstate_key + export deployer_tfstate_key=$(grep deployer_tfstate_key ${environment_file_name} | awk -F'=' '{print $2}' | xargs) else - export deployer_tfstate_key=${az_var} ; echo 'Deployer State File' $deployer_tfstate_key + export deployer_tfstate_key=${az_var} fi az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "${NETWORK}"Workload_Zone_State_FileName.value | tr -d \") From 151871eebf1f1986006d3593bf5d4aee8d96e452 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sun, 20 Oct 2024 15:46:39 +0300 Subject: [PATCH 120/279] Refactor echo statements in script_helpers.sh and installer.sh --- deploy/pipelines/03-sap-system-deployment.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/deploy/pipelines/03-sap-system-deployment.yaml b/deploy/pipelines/03-sap-system-deployment.yaml index 40c30eca80..bbd414284c 100644 --- a/deploy/pipelines/03-sap-system-deployment.yaml +++ b/deploy/pipelines/03-sap-system-deployment.yaml @@ -231,14 +231,14 @@ stages: fi echo -e "$green--- Configure devops CLI extension ---$reset" - az config set extension.use_dynamic_install=yes_without_prompt --output none + az config set extension.use_dynamic_install=yes_without_prompt --output none --only-show-errors - az extension add --name azure-devops --output none + az extension add --name azure-devops --output none --only-show-errors - az devops configure --defaults organization=$(System.CollectionUri) project='$(System.TeamProject)' --output none + az devops configure --defaults organization=$(System.CollectionUri) project='$(System.TeamProject)' --output none --only-show-errors export VARIABLE_GROUP_ID=$(az pipelines variable-group list --query "[?name=='$(variable_group)'].id | [0]") - echo '$(variable_group) id: ' $VARIABLE_GROUP_ID + echo "$(variable_group) id: $VARIABLE_GROUP_ID" if [ -z ${VARIABLE_GROUP_ID} ]; then echo "##vso[task.logissue type=error]Variable group $(variable_group) could not be found." exit 2 From 2684ec214e39239db49eb30bdcdf30fd7cabbd2b Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sun, 20 Oct 2024 15:51:08 +0300 Subject: [PATCH 121/279] Refactor echo statements in script_helpers.sh and installer.sh --- deploy/pipelines/03-sap-system-deployment.yaml | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/deploy/pipelines/03-sap-system-deployment.yaml b/deploy/pipelines/03-sap-system-deployment.yaml index bbd414284c..05a9aa17b1 100644 --- a/deploy/pipelines/03-sap-system-deployment.yaml +++ b/deploy/pipelines/03-sap-system-deployment.yaml @@ -304,16 +304,16 @@ stages: az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "${NETWORK}"Workload_Zone_State_FileName.value | tr -d \") if [ -z ${az_var} ]; then - export landscape_tfstate_key=$(grep landscape_tfstate_key= ${environment_file_name} | awk -F'=' '{print $2}' | xargs) ; echo 'landscape_tfstate_key' $landscape_tfstate_key + export landscape_tfstate_key=$(grep landscape_tfstate_key= ${environment_file_name} | awk -F'=' '{print $2}' | xargs) else - export landscape_tfstate_key=${az_var} ; echo 'landscape_tfstate_key' $landscape_tfstate_key + export landscape_tfstate_key=${az_var} fi az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Deployer_Key_Vault.value" --out tsv) if [ -z ${az_var} ]; then - export key_vault=$(grep keyvault= ${environment_file_name} | awk -F'=' '{print $2}' | xargs) ; echo 'Deployer Key Vault' $key_vault + export key_vault=$(grep keyvault= ${environment_file_name} | awk -F'=' '{print $2}' | xargs) else - export key_vault=${az_var} ; echo 'Deployer Key Vault' $key_vault + export key_vault=${az_var} fi az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "${NETWORK}"Workload_Key_Vault.value | tr -d \") @@ -323,6 +323,11 @@ stages: export workload_key_vault=${az_var} ; echo 'Workload Key Vault' ${workload_key_vault} fi + echo "Deployer state file: $deployer_tfstate_key" + echo "Deployer Key Vault: $key_vault" + echo "Workload Zone state file: $landscape_tfstate_key" + echo "Workload Zone Key Vault: $workload_key_vault" + echo -e "$green--- Run the installer script that deploys the SAP System ---$reset" $SAP_AUTOMATION_REPO_PATH/deploy/scripts/installer.sh --parameterfile $(sap_system_configuration) --type sap_system \ From f64c90ee31e3086ea724637733259f34ecf50305 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sun, 20 Oct 2024 15:56:34 +0300 Subject: [PATCH 122/279] Refactor echo statements in script_helpers.sh and installer.sh --- deploy/pipelines/03-sap-system-deployment.yaml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/deploy/pipelines/03-sap-system-deployment.yaml b/deploy/pipelines/03-sap-system-deployment.yaml index 05a9aa17b1..ce4c0a9cfe 100644 --- a/deploy/pipelines/03-sap-system-deployment.yaml +++ b/deploy/pipelines/03-sap-system-deployment.yaml @@ -238,11 +238,13 @@ stages: az devops configure --defaults organization=$(System.CollectionUri) project='$(System.TeamProject)' --output none --only-show-errors export VARIABLE_GROUP_ID=$(az pipelines variable-group list --query "[?name=='$(variable_group)'].id | [0]") - echo "$(variable_group) id: $VARIABLE_GROUP_ID" + if [ -z ${VARIABLE_GROUP_ID} ]; then echo "##vso[task.logissue type=error]Variable group $(variable_group) could not be found." exit 2 fi + printf -v val '%-15s' "$VARIABLE_GROUP_ID" + echo "$val id: $VARIABLE_GROUP_ID" echo -e "$green--- Login ---$reset" if [ -z $USE_MSI ]; then @@ -318,9 +320,9 @@ stages: az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "${NETWORK}"Workload_Key_Vault.value | tr -d \") if [ -z ${az_var} ]; then - export workload_key_vault=$(grep workloadkeyvault= ${environment_file_name} | awk -F'=' '{print $2}' | xargs) ; echo 'Workload Key Vault' ${workload_key_vault} + export workload_key_vault=$(grep workloadkeyvault= ${environment_file_name} | awk -F'=' '{print $2}' | xargs) else - export workload_key_vault=${az_var} ; echo 'Workload Key Vault' ${workload_key_vault} + export workload_key_vault=${az_var} fi echo "Deployer state file: $deployer_tfstate_key" From ae5e71feae28188782c224532e07d14af9d52e63 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sun, 20 Oct 2024 16:00:54 +0300 Subject: [PATCH 123/279] Refactor echo statements in script_helpers.sh and installer.sh --- deploy/pipelines/02-sap-workload-zone.yaml | 18 +++++++++--------- deploy/pipelines/03-sap-system-deployment.yaml | 10 +++++----- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/deploy/pipelines/02-sap-workload-zone.yaml b/deploy/pipelines/02-sap-workload-zone.yaml index c1f4a36ac4..370734aacb 100644 --- a/deploy/pipelines/02-sap-workload-zone.yaml +++ b/deploy/pipelines/02-sap-workload-zone.yaml @@ -295,17 +295,17 @@ stages: esac NETWORK_IN_FILENAME=$(echo $(workload_zone_folder) | awk -F'-' '{print $3}' | xargs ) - echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" - echo "Location(filename): $LOCATION_IN_FILENAME" - echo "Network(filename): $NETWORK_IN_FILENAME" - echo "Deployer Environment $(deployer_environment)" - echo "Deployer Region $(deployer_region)" - echo "Workload TFvars $workload_zone_configuration_file" + echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" + echo "Location(filename): $LOCATION_IN_FILENAME" + echo "Network(filename): $NETWORK_IN_FILENAME" + echo "Deployer Environment $(deployer_environment)" + echo "Deployer Region $(deployer_region)" + echo "Workload TFvars $workload_zone_configuration_file" echo "" - echo "Agent: $(this_agent)" - echo "Organization: $(System.CollectionUri)" - echo "Project: $(System.TeamProject)" + echo "Agent: $(this_agent)" + echo "Organization: $(System.CollectionUri)" + echo "Project: $(System.TeamProject)" echo "" echo "Azure CLI version:" echo "-------------------------------------------------" diff --git a/deploy/pipelines/03-sap-system-deployment.yaml b/deploy/pipelines/03-sap-system-deployment.yaml index ce4c0a9cfe..3061c72771 100644 --- a/deploy/pipelines/03-sap-system-deployment.yaml +++ b/deploy/pipelines/03-sap-system-deployment.yaml @@ -191,10 +191,10 @@ stages: *) LOCATION_IN_FILENAME="westeurope" ;; esac - echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" - echo "Location(filename): $LOCATION_IN_FILENAME" - echo "Network(filename): $NETWORK_IN_FILENAME" - echo "SID(filename): $SID_IN_FILENAME" + echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" + echo "Location(filename): $LOCATION_IN_FILENAME" + echo "Network(filename): $NETWORK_IN_FILENAME" + echo "SID(filename): $SID_IN_FILENAME" if [ $ENVIRONMENT != $ENVIRONMENT_IN_FILENAME ]; then echo "##vso[task.logissue type=error]The environment setting in $(sap_system_configuration) '$ENVIRONMENT' does not match the $(sap_system_configuration) file name '$ENVIRONMENT_IN_FILENAME'. Filename should have the pattern [ENVIRONMENT]-[REGION_CODE]-[NETWORK_LOGICAL_NAME]-[SID]" @@ -243,7 +243,7 @@ stages: echo "##vso[task.logissue type=error]Variable group $(variable_group) could not be found." exit 2 fi - printf -v val '%-15s' "$VARIABLE_GROUP_ID" + printf -v val '%-15s' $(variable_group) echo "$val id: $VARIABLE_GROUP_ID" echo -e "$green--- Login ---$reset" From c42821a4c75d85ee0cb0a63d01a7732afac41971 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sun, 20 Oct 2024 16:15:38 +0300 Subject: [PATCH 124/279] Refactor echo statements in script_helpers.sh and installer.sh --- .../pipelines/03-sap-system-deployment.yaml | 36 ++++++++++--------- 1 file changed, 19 insertions(+), 17 deletions(-) diff --git a/deploy/pipelines/03-sap-system-deployment.yaml b/deploy/pipelines/03-sap-system-deployment.yaml index 3061c72771..27353db82d 100644 --- a/deploy/pipelines/03-sap-system-deployment.yaml +++ b/deploy/pipelines/03-sap-system-deployment.yaml @@ -114,19 +114,11 @@ stages: NETWORK=$(grep "^network_logical_name" $HOME_CONFIG/SYSTEM/$(sap_system_folder)/$(sap_system_configuration) | awk -F'=' '{print $2}' | xargs) SID=$(grep "^sid" $HOME_CONFIG/SYSTEM/$(sap_system_folder)/$(sap_system_configuration) | awk -F'=' '{print $2}' | xargs) - echo "Environment: $ENVIRONMENT" - echo "Location: $LOCATION" - echo "Network: $NETWORK" - echo "SID: $SID" - echo "System TFvars $sap_system_configuration" - echo "" - echo "Agent: $(this_agent)" - echo "Organization: $(System.CollectionUri)" - echo "Project: $(System.TeamProject)" - echo "" - echo "Azure CLI version:" - echo "-------------------------------------------------" - az --version + echo "Environment: $ENVIRONMENT" + echo "Location: $LOCATION" + echo "Network: $NETWORK" + echo "SID: $SID" + echo "System TFvars $sap_system_configuration" ENVIRONMENT_IN_FILENAME=$(echo $(sap_system_folder) | awk -F'-' '{print $1}' | xargs) ; LOCATION_CODE=$(echo $(sap_system_folder) | awk -F'-' '{print $2}' | xargs) ; @@ -191,10 +183,20 @@ stages: *) LOCATION_IN_FILENAME="westeurope" ;; esac - echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" - echo "Location(filename): $LOCATION_IN_FILENAME" - echo "Network(filename): $NETWORK_IN_FILENAME" - echo "SID(filename): $SID_IN_FILENAME" + echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" + echo "Location(filename): $LOCATION_IN_FILENAME" + echo "Network(filename): $NETWORK_IN_FILENAME" + echo "SID(filename): $SID_IN_FILENAME" + + echo "" + echo "Agent: $(this_agent)" + echo "Organization: $(System.CollectionUri)" + echo "Project: $(System.TeamProject)" + echo "" + echo "Azure CLI version:" + echo "-------------------------------------------------" + az --version + if [ $ENVIRONMENT != $ENVIRONMENT_IN_FILENAME ]; then echo "##vso[task.logissue type=error]The environment setting in $(sap_system_configuration) '$ENVIRONMENT' does not match the $(sap_system_configuration) file name '$ENVIRONMENT_IN_FILENAME'. Filename should have the pattern [ENVIRONMENT]-[REGION_CODE]-[NETWORK_LOGICAL_NAME]-[SID]" From ba92e7cdd1c9a28309cd72fe8a742a9269c1079c Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sun, 20 Oct 2024 16:17:23 +0300 Subject: [PATCH 125/279] Refactor echo statements in deploy_utils.sh for better readability --- deploy/scripts/deploy_utils.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/scripts/deploy_utils.sh b/deploy/scripts/deploy_utils.sh index 563736bb8a..c30cd324df 100755 --- a/deploy/scripts/deploy_utils.sh +++ b/deploy/scripts/deploy_utils.sh @@ -128,7 +128,7 @@ function get_and_store_sa_details { local REMOTE_STATE_SA="${1}" local config_file_name="${2}" - echo "Trying to find the storage account ${REMOTE_STATE_SA}" + echo "Trying to find the storage account: ${REMOTE_STATE_SA}" save_config_vars "${config_file_name}" REMOTE_STATE_SA if [ -z $STATE_SUBSCRIPTION ];then @@ -144,7 +144,7 @@ function get_and_store_sa_details { REMOTE_STATE_RG \ tfstate_resource_id \ STATE_SUBSCRIPTION - echo "Found the storage account ${REMOTE_STATE_SA}" + echo "Found the storage account: ${REMOTE_STATE_SA}" } # /*---------------------------------------------------------------------------8 From c6288f9ed8983ba699fc91a741755bc7b3cd0731 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sun, 20 Oct 2024 16:20:13 +0300 Subject: [PATCH 126/279] Refactor echo statement in 03-sap-system-deployment.yaml --- deploy/pipelines/03-sap-system-deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/pipelines/03-sap-system-deployment.yaml b/deploy/pipelines/03-sap-system-deployment.yaml index 27353db82d..0b3580af4c 100644 --- a/deploy/pipelines/03-sap-system-deployment.yaml +++ b/deploy/pipelines/03-sap-system-deployment.yaml @@ -118,7 +118,7 @@ stages: echo "Location: $LOCATION" echo "Network: $NETWORK" echo "SID: $SID" - echo "System TFvars $sap_system_configuration" + echo "System TFvars: $(sap_system_configuration)" ENVIRONMENT_IN_FILENAME=$(echo $(sap_system_folder) | awk -F'-' '{print $1}' | xargs) ; LOCATION_CODE=$(echo $(sap_system_folder) | awk -F'-' '{print $2}' | xargs) ; From 15b53a17408324cdb6a9d75996afb73cdcd9b8c9 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sun, 20 Oct 2024 16:21:33 +0300 Subject: [PATCH 127/279] Refactor echo statement in 03-sap-system-deployment.yaml for better readability --- deploy/pipelines/03-sap-system-deployment.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/pipelines/03-sap-system-deployment.yaml b/deploy/pipelines/03-sap-system-deployment.yaml index 0b3580af4c..3852f77709 100644 --- a/deploy/pipelines/03-sap-system-deployment.yaml +++ b/deploy/pipelines/03-sap-system-deployment.yaml @@ -245,8 +245,8 @@ stages: echo "##vso[task.logissue type=error]Variable group $(variable_group) could not be found." exit 2 fi - printf -v val '%-15s' $(variable_group) - echo "$val id: $VARIABLE_GROUP_ID" + printf -v val '%-15s id:' $(variable_group) + echo "$val $VARIABLE_GROUP_ID" echo -e "$green--- Login ---$reset" if [ -z $USE_MSI ]; then From 9fefedeb8c8c7bce43121f857b02afd398de48fe Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sun, 20 Oct 2024 16:24:59 +0300 Subject: [PATCH 128/279] Refactor echo statement in 03-sap-system-deployment.yaml for better readability --- deploy/pipelines/03-sap-system-deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/pipelines/03-sap-system-deployment.yaml b/deploy/pipelines/03-sap-system-deployment.yaml index 3852f77709..3366f174ae 100644 --- a/deploy/pipelines/03-sap-system-deployment.yaml +++ b/deploy/pipelines/03-sap-system-deployment.yaml @@ -245,7 +245,7 @@ stages: echo "##vso[task.logissue type=error]Variable group $(variable_group) could not be found." exit 2 fi - printf -v val '%-15s id:' $(variable_group) + printf -v val '%-15s' "$(variable_group) id:" echo "$val $VARIABLE_GROUP_ID" echo -e "$green--- Login ---$reset" From fbf2938523335aa8e7f4cba0a2812294994351d8 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sun, 20 Oct 2024 18:53:45 +0300 Subject: [PATCH 129/279] Refactor echo statements for better readability and consistency --- deploy/pipelines/01-deploy-control-plane.yaml | 65 ++++++++++--------- deploy/pipelines/02-sap-workload-zone.yaml | 16 +++-- .../pipelines/03-sap-system-deployment.yaml | 2 +- 3 files changed, 46 insertions(+), 37 deletions(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index ebcee3b166..403831e408 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -106,22 +106,26 @@ stages: git checkout -q $(Build.SourceBranchName) echo -e "$green--- Configure devops CLI extension ---$reset" az config set extension.use_dynamic_install=yes_without_prompt - az --version - az extension add --name azure-devops --output none + az extension add --name azure-devops --output none --only-show-errors + echo "Environment: $ENVIRONMENT" + echo "Location: $LOCATION" - echo "Environment: ${ENVIRONMENT}" - echo "Location: ${LOCATION}" echo "" - echo "Agent: $(this_agent)" - echo "Organization: $(System.CollectionUri)" - echo "Project: $(System.TeamProject)" - + echo "Agent: $(this_agent)" + echo "Organization: $(System.CollectionUri)" + echo "Project: $(System.TeamProject)" + echo "" + echo "Azure CLI version:" + echo "-------------------------------------------------" + az --version + echo "" az devops configure --defaults organization=$(System.CollectionUri) project='$(System.TeamProject)' --output none - export VARIABLE_GROUP_ID=$(az pipelines variable-group list --query "[?name=='$(variable_group)'].id | [0]") - echo "$(variable_group) id: ${VARIABLE_GROUP_ID}" + export VARIABLE_GROUP_ID=$(az pipelines variable-group list --query "[?name=='$(variable_group)'].id | [0]") + printf -v val '%-15s' "$(variable_group) id:" + echo "$val $VARIABLE_GROUP_ID" if [ "${{ parameters.force_reset }}" = "True" ]; then echo "##vso[task.logissue type=warning]Forcing a re-install" @@ -434,15 +438,15 @@ stages: fi echo -e "$green--- Information ---$reset" - echo "Environment: ${ENVIRONMENT}" - echo "Location: ${LOCATION}" - echo "Agent: $(this_agent)" - echo "Organization: $(System.CollectionUri)" - echo "Project: $(System.TeamProject)" - echo "Deployer Folder: $(deployerfolder)" - echo "Deployer TFvars: $(deployerconfig)" - echo "Library Folder: $(libraryfolder)" - echo "Library TFvars: $(libraryconfig)" + echo "Environment: ${ENVIRONMENT}" + echo "Location: ${LOCATION}" + echo "Agent: $(this_agent)" + echo "Organization: $(System.CollectionUri)" + echo "Project: $(System.TeamProject)" + echo "Deployer Folder: $(deployerfolder)" + echo "Deployer TFvars: $(deployerconfig)" + echo "Library Folder: $(libraryfolder)" + echo "Library TFvars: $(libraryconfig)" echo "" echo "Azure CLI version:" @@ -480,19 +484,20 @@ stages: echo "##vso[task.logissue type=error]Variable group $(variable_group) could not be found." exit 2 fi - echo "VARIABLE_GROUP_ID: ${VARIABLE_GROUP_ID}" - + printf -v val '%-15s' "$(variable_group) id:" + echo "$val $VARIABLE_GROUP_ID" echo -e "$green--- Variables ---$reset" az_var=$(az pipelines variable-group variable list --group-id "${VARIABLE_GROUP_ID}" --query "Deployer_Key_Vault.value" --output tsv) if [ -n "${az_var}" ]; then export key_vault="${az_var}" - echo "Deployer Key Vault: ${key_vault}" + echo "Deployer Key Vault: ${key_vault}" else if [ -f "${deployer_environment_file_name}" ] ; then key_vault=$(grep "^keyvault=" "${deployer_environment_file_name}" | awk -F'=' '{print $2}' | xargs) - echo "Deployer Key Vault: ${key_vault}" + echo "Deployer Key Vault: ${key_vault}" + echo "Deployer TFvars: $(deployerconfig)" az pipelines variable-group variable create --group-id "${VARIABLE_GROUP_ID}" --name Deployer_Key_Vault --value "${key_vault}" --output none --only-show-errors fi fi @@ -500,11 +505,11 @@ stages: az_var=$(az pipelines variable-group variable list --group-id "${VARIABLE_GROUP_ID}" --query "Terraform_Remote_Storage_Subscription.value" --output tsv) if [ -n "${az_var}" ]; then export STATE_SUBSCRIPTION="${az_var}" - echo "TF Subscription: ${STATE_SUBSCRIPTION}" + echo "Terraform Subscription: ${STATE_SUBSCRIPTION}" else if [ -f "${deployer_environment_file_name}" ] ; then export STATE_SUBSCRIPTION=$(grep "^STATE_SUBSCRIPTION=" "${deployer_environment_file_name}" | awk -F'=' '{print $2}' | xargs) - echo "TF Subscription: ${STATE_SUBSCRIPTION}" + echo "Terraform Subscription: ${STATE_SUBSCRIPTION}" az pipelines variable-group variable create --group-id "${VARIABLE_GROUP_ID}" --name Terraform_Remote_Storage_Subscription --value "${STATE_SUBSCRIPTION}" --output none --only-show-errors fi @@ -521,11 +526,12 @@ stages: az_var=$(az pipelines variable-group variable list --group-id "${VARIABLE_GROUP_ID}" --query "Terraform_Remote_Storage_Account_Name.value" --output tsv) if [ -n "${az_var}" ]; then export REMOTE_STATE_SA="${az_var}" - echo "TF Account: ${REMOTE_STATE_SA}" + echo "Terraform storage account: ${REMOTE_STATE_SA}" + else if [ -f "${deployer_environment_file_name}" ] ; then REMOTE_STATE_SA=$(grep "^REMOTE_STATE_SA=" "${deployer_environment_file_name}" | awk -F'=' '{print $2}' | xargs) - echo "TF Account: ${REMOTE_STATE_SA}" + echo "Terraform storage account: ${REMOTE_STATE_SA}" fi fi @@ -550,7 +556,7 @@ stages: fi if [ "$USE_WEBAPP" = "true" ]; then - echo "Use WebApp is selected" + echo "Deploy Web Application: true" if [ -z "${APP_REGISTRATION_APP_ID}" ]; then echo "##vso[task.logissue type=error]Variable APP_REGISTRATION_APP_ID was not defined." @@ -567,7 +573,8 @@ stages: TF_VAR_webapp_client_secret=$(WEB_APP_CLIENT_SECRET) export TF_VAR_webapp_client_secret export TF_VAR_use_webapp=true - + else + echo "Deploy Web Application: false" fi bootstrapped=0 diff --git a/deploy/pipelines/02-sap-workload-zone.yaml b/deploy/pipelines/02-sap-workload-zone.yaml index 370734aacb..8e43f405e8 100644 --- a/deploy/pipelines/02-sap-workload-zone.yaml +++ b/deploy/pipelines/02-sap-workload-zone.yaml @@ -220,14 +220,16 @@ stages: ENVIRONMENT=$(grep "^environment" LANDSCAPE/$(workload_zone_folder)/$(workload_zone_configuration_file) | awk -F'=' '{print $2}' | xargs) LOCATION=$(grep "^location" LANDSCAPE/$(workload_zone_folder)/$(workload_zone_configuration_file) | awk -F'=' '{print $2}' | xargs | tr 'A-Z' 'a-z') NETWORK=$(grep "^network_logical_name" LANDSCAPE/$(workload_zone_folder)/$(workload_zone_configuration_file) | awk -F'=' '{print $2}' | xargs) - echo Environment: ${ENVIRONMENT} - echo Location: ${LOCATION} - echo Network: ${NETWORK} - echo "TFvars $workload_zone_configuration_file" + + echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" + echo "Location(filename): $LOCATION_IN_FILENAME" + echo "Network(filename): $NETWORK_IN_FILENAME" + echo "SID(filename): $SID_IN_FILENAME" + echo "" - echo "Agent: $(this_agent)" - echo "Organization: $(System.CollectionUri)" - echo "Project: $(System.TeamProject)" + echo "Agent: $(this_agent)" + echo "Organization: $(System.CollectionUri)" + echo "Project: $(System.TeamProject)" echo "" echo "Azure CLI version:" echo "-------------------------------------------------" diff --git a/deploy/pipelines/03-sap-system-deployment.yaml b/deploy/pipelines/03-sap-system-deployment.yaml index 3366f174ae..6bc585d1f0 100644 --- a/deploy/pipelines/03-sap-system-deployment.yaml +++ b/deploy/pipelines/03-sap-system-deployment.yaml @@ -246,7 +246,7 @@ stages: exit 2 fi printf -v val '%-15s' "$(variable_group) id:" - echo "$val $VARIABLE_GROUP_ID" + echo "$val $VARIABLE_GROUP_ID" echo -e "$green--- Login ---$reset" if [ -z $USE_MSI ]; then From d96d17f5a8e20fe1f216a8f12df39e14b5eea0c3 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sun, 20 Oct 2024 18:56:04 +0300 Subject: [PATCH 130/279] Refactor echo statements for better readability and consistency --- deploy/scripts/deploy_utils.sh | 13 +++++++++++-- deploy/scripts/install_workloadzone.sh | 1 - deploy/scripts/installer.sh | 2 +- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/deploy/scripts/deploy_utils.sh b/deploy/scripts/deploy_utils.sh index c30cd324df..ca79caf342 100755 --- a/deploy/scripts/deploy_utils.sh +++ b/deploy/scripts/deploy_utils.sh @@ -46,12 +46,12 @@ function load_config_vars() { return fi for var_name; do # iterate over function params - # NOTE: Should we care if we fail to retrieve a value from the file? + # NOTE: Should we care if we fail to retrieve a value from the file? var_value="$(grep -m1 "^${var_name}=" "${var_file}" | cut -d'=' -f2- | tr -d ' ' | tr -d '"')" if [ -z "${var_value}" ] then - var_value="$(grep -m1 "^${var_name} " "${var_file}" | cut -d'=' -f2- | tr -d ' ' | tr -d '"')" + var_value="$(grep -m1 "^${var_name} " "${var_file}" | cut -d'=' -f2- | tr -d ' ' | tr -d '"')" fi # NOTE: this continue means we skip setting an empty value for a variable @@ -285,6 +285,12 @@ function set_executing_user_environment_variables() { az_client_secret="$1" + echo "" + echo "----------------------------------------------------------------------------------------------" + + echo "Setting the environment variables for the executing user" + + echo -e "\t[set_executing_user_environment_variables]: Identifying the executing user and client" set_azure_cloud_environment @@ -388,6 +394,9 @@ function set_executing_user_environment_variables() { echo -e "\t\tARM_SUBSCRIPTION_ID: $(printenv ARM_SUBSCRIPTION_ID)" echo -e "\t\tARM_USE_MSI: $(printenv ARM_USE_MSI)" fi + echo "----------------------------------------------------------------------------------------------" + echo "" + } function unset_executing_user_environment_variables() { diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index 42ac11d6e4..215a20900b 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -173,7 +173,6 @@ echo "Keyvault: $keyvault" if [ -n "$STATE_SUBSCRIPTION" ] then - echo "Saving the state subscription" if is_valid_guid "$STATE_SUBSCRIPTION" ; then echo "Valid subscription format" save_config_vars "${workload_config_information}" \ diff --git a/deploy/scripts/installer.sh b/deploy/scripts/installer.sh index e01fb8a1eb..bc87e4526e 100755 --- a/deploy/scripts/installer.sh +++ b/deploy/scripts/installer.sh @@ -349,7 +349,7 @@ if [[ -z $STATE_SUBSCRIPTION ]]; then load_config_vars "${system_config_information}" "STATE_SUBSCRIPTION" else - echo "Saving the state subscription" + if is_valid_guid "$STATE_SUBSCRIPTION" ; then save_config_var "STATE_SUBSCRIPTION" "${system_config_information}" else From c0c6273bb85b2f8d51daca38bfb03e793327f3ff Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sun, 20 Oct 2024 20:15:45 +0300 Subject: [PATCH 131/279] Refactor echo statements for better readability and consistency --- deploy/pipelines/02-sap-workload-zone.yaml | 23 ++++++++-------------- deploy/scripts/helpers/script_helpers.sh | 2 +- 2 files changed, 9 insertions(+), 16 deletions(-) diff --git a/deploy/pipelines/02-sap-workload-zone.yaml b/deploy/pipelines/02-sap-workload-zone.yaml index 8e43f405e8..449ca5b5c9 100644 --- a/deploy/pipelines/02-sap-workload-zone.yaml +++ b/deploy/pipelines/02-sap-workload-zone.yaml @@ -221,20 +221,6 @@ stages: LOCATION=$(grep "^location" LANDSCAPE/$(workload_zone_folder)/$(workload_zone_configuration_file) | awk -F'=' '{print $2}' | xargs | tr 'A-Z' 'a-z') NETWORK=$(grep "^network_logical_name" LANDSCAPE/$(workload_zone_folder)/$(workload_zone_configuration_file) | awk -F'=' '{print $2}' | xargs) - echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" - echo "Location(filename): $LOCATION_IN_FILENAME" - echo "Network(filename): $NETWORK_IN_FILENAME" - echo "SID(filename): $SID_IN_FILENAME" - - echo "" - echo "Agent: $(this_agent)" - echo "Organization: $(System.CollectionUri)" - echo "Project: $(System.TeamProject)" - echo "" - echo "Azure CLI version:" - echo "-------------------------------------------------" - az --version - ENVIRONMENT_IN_FILENAME=$(echo $(workload_zone_folder) | awk -F'-' '{print $1}' | xargs ) LOCATION_CODE=$(echo $(workload_zone_folder) | awk -F'-' '{print $2}' | xargs ) case "$LOCATION_CODE" in @@ -297,9 +283,15 @@ stages: esac NETWORK_IN_FILENAME=$(echo $(workload_zone_folder) | awk -F'-' '{print $3}' | xargs ) + + echo "Environment: $ENVIRONMENT" + echo "Location: $LOCATION" + echo "Network: $NETWORK" + echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" echo "Location(filename): $LOCATION_IN_FILENAME" echo "Network(filename): $NETWORK_IN_FILENAME" + echo "Deployer Environment $(deployer_environment)" echo "Deployer Region $(deployer_region)" echo "Workload TFvars $workload_zone_configuration_file" @@ -331,11 +323,12 @@ stages: echo -e "$green--- Configure devops CLI extension ---$reset" az config set extension.use_dynamic_install=yes_without_prompt --output none - az extension add --name azure-devops --output none + az extension add --name azure-devops --output none --only-show-errors az devops configure --defaults organization=$(System.CollectionUri) project='$(System.TeamProject)' --output none export PARENT_VARIABLE_GROUP_ID=$(az pipelines variable-group list --query "[?name=='$(parent_variable_group)'].id | [0]") + echo '$(parent_variable_group) id: ' $PARENT_VARIABLE_GROUP_ID if [ -z ${PARENT_VARIABLE_GROUP_ID} ]; then echo "##vso[task.logissue type=error]Variable group $(parent_variable_group) could not be found." diff --git a/deploy/scripts/helpers/script_helpers.sh b/deploy/scripts/helpers/script_helpers.sh index afb3abf301..fc96089bea 100755 --- a/deploy/scripts/helpers/script_helpers.sh +++ b/deploy/scripts/helpers/script_helpers.sh @@ -400,7 +400,7 @@ function validate_dependencies { tfPath=$(which terraform) fi - echo "Checking Terraform: $tfPath" + echo "Checking Terraform: $tfPath" # if /opt/terraform exists, assign permissions to the user if [ -d /opt/terraform ]; then From b89b11179faf8fc177dace1131ce57282f7dd36f Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sun, 20 Oct 2024 20:23:44 +0300 Subject: [PATCH 132/279] Refactor echo statements for better readability and consistency --- deploy/pipelines/02-sap-workload-zone.yaml | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/deploy/pipelines/02-sap-workload-zone.yaml b/deploy/pipelines/02-sap-workload-zone.yaml index 449ca5b5c9..49ade05b4a 100644 --- a/deploy/pipelines/02-sap-workload-zone.yaml +++ b/deploy/pipelines/02-sap-workload-zone.yaml @@ -213,9 +213,8 @@ stages: fi fi - echo -e "$green--- Convert config file to UX format ---$reset" dos2unix -q LANDSCAPE/$(workload_zone_folder)/$(workload_zone_configuration_file) - echo -e "$green--- Read details ---$reset" + echo -e "$green--- Read deployment details ---$reset" ENVIRONMENT=$(grep "^environment" LANDSCAPE/$(workload_zone_folder)/$(workload_zone_configuration_file) | awk -F'=' '{print $2}' | xargs) LOCATION=$(grep "^location" LANDSCAPE/$(workload_zone_folder)/$(workload_zone_configuration_file) | awk -F'=' '{print $2}' | xargs | tr 'A-Z' 'a-z') @@ -328,23 +327,22 @@ stages: az devops configure --defaults organization=$(System.CollectionUri) project='$(System.TeamProject)' --output none export PARENT_VARIABLE_GROUP_ID=$(az pipelines variable-group list --query "[?name=='$(parent_variable_group)'].id | [0]") + printf -v val '%-15s' "$(parent_variable_group) id:" + echo "$val $VARIABLE_GROUP_ID" - echo '$(parent_variable_group) id: ' $PARENT_VARIABLE_GROUP_ID if [ -z ${PARENT_VARIABLE_GROUP_ID} ]; then echo "##vso[task.logissue type=error]Variable group $(parent_variable_group) could not be found." exit 2 fi export VARIABLE_GROUP_ID=$(az pipelines variable-group list --query "[?name=='$(variable_group)'].id | [0]") - echo '$(variable_group) id: ' $VARIABLE_GROUP_ID + if [ -z ${VARIABLE_GROUP_ID} ]; then echo "##vso[task.logissue type=error]Variable group $(variable_group) could not be found." exit 2 fi - - echo "Agent Pool: " $(this_agent) - - echo -e "$green--- Set CONFIG_REPO_PATH variable ---$reset" + printf -v val '%-15s' "$(variable_group) id:" + echo "$val $VARIABLE_GROUP_ID" deployer_environment_file_name=$CONFIG_REPO_PATH/.sap_deployment_automation/$(deployer_environment)$(deployer_region) ; echo 'Deployer Environment File' $deployer_environment_file_name workload_environment_file_name=$CONFIG_REPO_PATH/.sap_deployment_automation/${ENVIRONMENT}${LOCATION_CODE}${NETWORK} ; echo 'Workload Environment File' $workload_environment_file_name From 591f09e24706107144e3feb8abcc093675dab86a Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sun, 20 Oct 2024 20:24:46 +0300 Subject: [PATCH 133/279] Refactor echo statements for better readability and consistency --- deploy/scripts/set_secrets.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/scripts/set_secrets.sh b/deploy/scripts/set_secrets.sh index dcff8f21ba..c7d65b832a 100755 --- a/deploy/scripts/set_secrets.sh +++ b/deploy/scripts/set_secrets.sh @@ -294,8 +294,8 @@ echo "# echo "#########################################################################################" echo "" -echo "Key vault: ${keyvault}" -echo "Subscription: ${STATE_SUBSCRIPTION}" +echo "Key vault: ${keyvault}" +echo "Subscription: ${STATE_SUBSCRIPTION}" save_config_vars "${environment_config_information}" \ keyvault \ From 30256759cbe1fc382e07fcc2507c486efba71730 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sun, 20 Oct 2024 20:48:23 +0300 Subject: [PATCH 134/279] Refactor echo statements for better readability and consistency --- deploy/pipelines/02-sap-workload-zone.yaml | 53 ++++++++++++++-------- 1 file changed, 34 insertions(+), 19 deletions(-) diff --git a/deploy/pipelines/02-sap-workload-zone.yaml b/deploy/pipelines/02-sap-workload-zone.yaml index 49ade05b4a..9aeda85298 100644 --- a/deploy/pipelines/02-sap-workload-zone.yaml +++ b/deploy/pipelines/02-sap-workload-zone.yaml @@ -296,7 +296,7 @@ stages: echo "Workload TFvars $workload_zone_configuration_file" echo "" - echo "Agent: $(this_agent)" + echo "Agent pool: $(this_agent)" echo "Organization: $(System.CollectionUri)" echo "Project: $(System.TeamProject)" echo "" @@ -361,64 +361,79 @@ stages: az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Deployer_State_FileName.value" --out tsv) if [ -z ${az_var} ]; then - deployer_tfstate_key=$(cat ${deployer_environment_file_name} | grep deployer_tfstate_key | awk -F'=' '{print $2}' | xargs) ; echo 'Deployer State File' $deployer_tfstate_key + deployer_tfstate_key=$(grep "^deployer_tfstate_key=" ${deployer_environment_file_name} | awk -F'=' '{print $2}' | xargs) else - deployer_tfstate_key=${az_var} ; echo 'Deployer State File' $deployer_tfstate_key + deployer_tfstate_key=${az_var} fi az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Deployer_Key_Vault.value" --out tsv) if [ -z ${az_var} ]; then - key_vault=$(cat ${deployer_environment_file_name} | grep keyvault= | awk -F'=' '{print $2}' | xargs) ; echo 'Deployer Key Vault' ${key_vault} + key_vault=$(grep "^keyvault=" ${deployer_environment_file_name} | awk -F'=' '{print $2}' | xargs) else - key_vault=${az_var}; echo 'Deployer Key Vault' ${key_vault} + key_vault=${az_var} fi az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Account_Name.value" --out tsv) if [ -z ${az_var} ]; then - REMOTE_STATE_SA=$(cat ${deployer_environment_file_name} | grep REMOTE_STATE_SA | awk -F'=' '{print $2}' | xargs) ; echo 'Terraform state file storage account' $REMOTE_STATE_SA + REMOTE_STATE_SA=$(grep "^REMOTE_STATE_SA" ${deployer_environment_file_name} | awk -F'=' '{print $2}' | xargs) ; else REMOTE_STATE_SA=${az_var}; echo 'Terraform state file storage account' $REMOTE_STATE_SA fi az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Subscription.value" --out tsv) if [ -z ${az_var} ]; then - STATE_SUBSCRIPTION=$(cat ${deployer_environment_file_name} | grep STATE_SUBSCRIPTION | awk -F'=' '{print $2}' | xargs) ; echo 'Terraform state file subscription' $STATE_SUBSCRIPTION + STATE_SUBSCRIPTION=$(grep "^STATE_SUBSCRIPTION" ${deployer_environment_file_name} | awk -F'=' '{print $2}' | xargs) else STATE_SUBSCRIPTION=${az_var}; echo 'Terraform state file subscription' $STATE_SUBSCRIPTION + fi az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "WL_ARM_SUBSCRIPTION_ID.value" --out tsv) if [ -z ${az_var} ]; then echo "##vso[task.logissue type=error]Variable WL_ARM_SUBSCRIPTION_ID was not defined." exit 2 - else - echo 'Target subscription' $WL_ARM_SUBSCRIPTION_ID fi az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Workload_Key_Vault.value" --out tsv) if [ -z ${az_var} ]; then if [ -f ${workload_environment_file_name} ]; then - export workload_key_vault=$(cat ${workload_environment_file_name} | grep workloadkeyvault | awk -F'=' '{print $2}' | xargs) ; echo 'Workload Key Vault' ${workload_key_vault} + export workload_key_vault=$(grep "^workloadkeyvault" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) fi else - export workload_key_vault=$(Workload_Key_Vault) ; echo 'Workload Key Vault' ${workload_key_vault} + export workload_key_vault=$(Workload_Key_Vault) + fi else - deployer_tfstate_key=$(cat ${workload_environment_file_name} | grep deployer_tfstate_key | awk -F'=' '{print $2}' | xargs) ; echo 'Deployer State File' $deployer_tfstate_key - key_vault=$(cat ${workload_environment_file_name} | grep workload_key_vault= -m1 | awk -F'=' '{print $2}' | xargs) ; echo 'Deployer Key Vault' ${key_vault} - REMOTE_STATE_SA=$(cat ${workload_environment_file_name} | grep REMOTE_STATE_SA | awk -F'=' '{print $2}' | xargs) ; echo 'Terraform state file storage account' $REMOTE_STATE_SA - STATE_SUBSCRIPTION=$(cat ${workload_environment_file_name} | grep STATE_SUBSCRIPTION | awk -F'=' '{print $2}' | xargs) ; echo 'Terraform state file subscription' $STATE_SUBSCRIPTION + deployer_tfstate_key=$(grep "^deployer_tfstate_key=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) + echo "Deployer State File (file) $deployer_tfstate_key" + + key_vault=$(grep "^workload_key_vault="" -m1 ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) ; + echo "Deployer Key Vault (file) ${key_vault}" + + REMOTE_STATE_SA=$(grep "^REMOTE_STATE_SA=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) + + STATE_SUBSCRIPTION=$(grep "^STATE_SUBSCRIPTION=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) fi + echo "Deployer State File $deployer_tfstate_key" + echo "Deployer Key vault $key_vault" + echo "Workload Key Vault: ${workload_key_vault}" + echo "Target subscription $WL_ARM_SUBSCRIPTION_ID" + + echo "Terraform state file subscription: $STATE_SUBSCRIPTION" + echo "Terraform state file storage account: $REMOTE_STATE_SA" + secrets_set=1 - echo -e "$green--- az login ---$reset" + echo -e "$green---az login ---$reset" - echo "Sourcing the deploy_server.sh" + echo -e "$cyan---Sourcing the deploy_server.sh file$reset" . /etc/profile.d/deploy_server.sh ; /opt/bin/terraform/terraform --version if [ $USE_MSI != "true" ]; then - echo -e "$cyan --- Install using Service Principals ---$reset" + echo "Deployment credentials: Service Principal" + echo "Deployment credential ID: $WL_ARM_CLIENT_ID" + export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET export ARM_OBJECT_ID=$WL_ARM_OBJECT_ID @@ -443,7 +458,7 @@ stages: secrets_set=$? ; echo -e "$cyan Set Secrets returned $secrets_set $reset" # az keyvault set-policy --name "${key_vault}" --spn $ARM_OBJECT_ID --secret-permissions get list --subscription $STATE_SUBSCRIPTION --output none else - echo -e "$cyan --- Install using Managed Identity ---$reset" + echo "Deployment credentials: MAnaged Identity" # export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID export ARM_USE_MSI=true export ARM_USE_AZUREAD=true From 465bb5bc737eebad2913a762593012aa084761de Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sun, 20 Oct 2024 20:53:29 +0300 Subject: [PATCH 135/279] Refactor echo statements for better readability and consistency --- deploy/pipelines/02-sap-workload-zone.yaml | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/deploy/pipelines/02-sap-workload-zone.yaml b/deploy/pipelines/02-sap-workload-zone.yaml index 9aeda85298..ec0a2b453c 100644 --- a/deploy/pipelines/02-sap-workload-zone.yaml +++ b/deploy/pipelines/02-sap-workload-zone.yaml @@ -328,7 +328,7 @@ stages: export PARENT_VARIABLE_GROUP_ID=$(az pipelines variable-group list --query "[?name=='$(parent_variable_group)'].id | [0]") printf -v val '%-15s' "$(parent_variable_group) id:" - echo "$val $VARIABLE_GROUP_ID" + echo "$val $PARENT_VARIABLE_GROUP_ID" if [ -z ${PARENT_VARIABLE_GROUP_ID} ]; then echo "##vso[task.logissue type=error]Variable group $(parent_variable_group) could not be found." @@ -344,8 +344,12 @@ stages: printf -v val '%-15s' "$(variable_group) id:" echo "$val $VARIABLE_GROUP_ID" - deployer_environment_file_name=$CONFIG_REPO_PATH/.sap_deployment_automation/$(deployer_environment)$(deployer_region) ; echo 'Deployer Environment File' $deployer_environment_file_name - workload_environment_file_name=$CONFIG_REPO_PATH/.sap_deployment_automation/${ENVIRONMENT}${LOCATION_CODE}${NETWORK} ; echo 'Workload Environment File' $workload_environment_file_name + deployer_environment_file_name=$CONFIG_REPO_PATH/.sap_deployment_automation/$(deployer_environment)$(deployer_region) + echo "Deployer Environment File: $deployer_environment_file_name" + + workload_environment_file_name=$CONFIG_REPO_PATH/.sap_deployment_automation/${ENVIRONMENT}${LOCATION_CODE}${NETWORK} + echo "Workload Zone Environment File: $workload_environment_file_name" + dos2unix -q ${deployer_environment_file_name} dos2unix -q ${workload_environment_file_name} @@ -405,19 +409,17 @@ stages: fi else deployer_tfstate_key=$(grep "^deployer_tfstate_key=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) - echo "Deployer State File (file) $deployer_tfstate_key" key_vault=$(grep "^workload_key_vault="" -m1 ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) ; - echo "Deployer Key Vault (file) ${key_vault}" REMOTE_STATE_SA=$(grep "^REMOTE_STATE_SA=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) STATE_SUBSCRIPTION=$(grep "^STATE_SUBSCRIPTION=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) fi - echo "Deployer State File $deployer_tfstate_key" - echo "Deployer Key vault $key_vault" - echo "Workload Key Vault: ${workload_key_vault}" + echo "Deployer statefile: $deployer_tfstate_key" + echo "Deployer Key vault: $key_vault" + echo "Workload Key vault: ${workload_key_vault}" echo "Target subscription $WL_ARM_SUBSCRIPTION_ID" echo "Terraform state file subscription: $STATE_SUBSCRIPTION" From 672569964db583bcb3e8f43941090dec6f42312a Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sun, 20 Oct 2024 20:55:02 +0300 Subject: [PATCH 136/279] Refactor echo statements to use variable for workload TFvars --- deploy/pipelines/02-sap-workload-zone.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/pipelines/02-sap-workload-zone.yaml b/deploy/pipelines/02-sap-workload-zone.yaml index ec0a2b453c..628391b383 100644 --- a/deploy/pipelines/02-sap-workload-zone.yaml +++ b/deploy/pipelines/02-sap-workload-zone.yaml @@ -293,7 +293,7 @@ stages: echo "Deployer Environment $(deployer_environment)" echo "Deployer Region $(deployer_region)" - echo "Workload TFvars $workload_zone_configuration_file" + echo "Workload TFvars $(workload_zone_configuration_file)" echo "" echo "Agent pool: $(this_agent)" From 61bd36b1e89341d058665ed1a21d431d6d31a1d5 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sun, 20 Oct 2024 21:06:53 +0300 Subject: [PATCH 137/279] Refactor echo statements to use variable for workload TFvars --- deploy/pipelines/02-sap-workload-zone.yaml | 1114 ++++++++++---------- 1 file changed, 557 insertions(+), 557 deletions(-) diff --git a/deploy/pipelines/02-sap-workload-zone.yaml b/deploy/pipelines/02-sap-workload-zone.yaml index 628391b383..15409c7d0d 100644 --- a/deploy/pipelines/02-sap-workload-zone.yaml +++ b/deploy/pipelines/02-sap-workload-zone.yaml @@ -114,563 +114,563 @@ stages: - template: templates\download.yaml - task: PostBuildCleanup@4 - bash: | - #!/bin/bash - green="\e[1;32m" ; reset="\e[0m" ; boldred="\e[1;31m" ; cyan="\e[1;36m" - - echo "##vso[build.updatebuildnumber]Deploying the SAP Workload zone defined in $(workload_zone_folder)" - - # Check if running on deployer - if [ ! -f /etc/profile.d/deploy_server.sh ]; then - echo -e "$green --- Install dos2unix ---$reset" - sudo apt-get -qq install dos2unix - echo -e "$green --- Install terraform ---$reset" - - wget -q $(tf_url) - return_code=$? - if [ 0 != $return_code ]; then - echo "##vso[task.logissue type=error]Unable to download Terraform version $(tf_version)." - exit 2 - fi - unzip -qq terraform_$(tf_version)_linux_amd64.zip ; sudo mv terraform /bin/ - rm -f terraform_$(tf_version)_linux_amd64.zip - else - source /etc/profile.d/deploy_server.sh - fi - - if [ ! -f $CONFIG_REPO_PATH/LANDSCAPE/$(workload_zone_folder)/$(workload_zone_configuration_file) ]; then - echo -e "$boldred--- $(workload_zone_configuration_file) was not found ---$reset" - echo "##vso[task.logissue type=error]File $(workload_zone_configuration_file) was not found." - exit 2 - fi - - echo -e "$green--- Checkout $(Build.SourceBranchName) ---$reset" - - cd $CONFIG_REPO_PATH - mkdir -p .sap_deployment_automation - git checkout -q $(Build.SourceBranchName) - - echo -e "$green--- Validations ---$reset" - if [ $USE_MSI != "true" ]; then - - if [ -z $WL_ARM_SUBSCRIPTION_ID ]; then - echo "##vso[task.logissue type=error]Variable ARM_SUBSCRIPTION_ID was not defined in the $(variable_group) variable group." - exit 2 - fi - - if [ $WL_ARM_SUBSCRIPTION_ID == '$$(ARM_SUBSCRIPTION_ID)' ]; then - echo "##vso[task.logissue type=error]Variable ARM_SUBSCRIPTION_ID was not defined in the $(variable_group) variable group." - exit 2 - fi - - if [ -z $WL_ARM_CLIENT_ID ]; then - echo "##vso[task.logissue type=error]Variable ARM_CLIENT_ID was not defined in the $(variable_group) variable group." - exit 2 - fi - - if [ $WL_ARM_CLIENT_ID == '$$(ARM_CLIENT_ID)' ]; then - echo "##vso[task.logissue type=error]Variable ARM_CLIENT_ID was not defined in the $(variable_group) variable group." - exit 2 - fi - - if [ -z $WL_ARM_CLIENT_SECRET ]; then - echo "##vso[task.logissue type=error]Variable ARM_CLIENT_SECRET was not defined in the $(variable_group) variable group." - exit 2 - fi - - if [ $WL_ARM_CLIENT_SECRET == '$$(ARM_CLIENT_SECRET)' ]; then - echo "##vso[task.logissue type=error]Variable ARM_CLIENT_SECRET was not defined in the $(variable_group) variable group." - exit 2 - fi - - if [ -z $WL_ARM_TENANT_ID ]; then - echo "##vso[task.logissue type=error]Variable ARM_TENANT_ID was not defined in the $(variable_group) variable group." - exit 2 - fi - - if [ $WL_ARM_TENANT_ID == '$$(ARM_TENANT_ID)' ]; then - echo "##vso[task.logissue type=error]Variable ARM_TENANT_ID was not defined in the $(variable_group) variable group." - exit 2 - fi - - if [ -z $CP_ARM_SUBSCRIPTION_ID ]; then - echo "##vso[task.logissue type=error]Variable CP_ARM_SUBSCRIPTION_ID was not defined in the $(parent_variable_group) variable group." - exit 2 - fi - - if [ -z $CP_ARM_CLIENT_ID ]; then - echo "##vso[task.logissue type=error]Variable CP_ARM_CLIENT_ID was not defined in the $(parent_variable_group) variable group." - exit 2 - fi - - if [ -z $CP_ARM_CLIENT_SECRET ]; then - echo "##vso[task.logissue type=error]Variable CP_ARM_CLIENT_SECRET was not defined in the $(parent_variable_group) variable group." - exit 2 - fi - - if [ -z $CP_ARM_TENANT_ID ]; then - echo "##vso[task.logissue type=error]Variable CP_ARM_TENANT_ID was not defined in the $(parent_variable_group) variable group." - exit 2 - fi - fi - - dos2unix -q LANDSCAPE/$(workload_zone_folder)/$(workload_zone_configuration_file) - echo -e "$green--- Read deployment details ---$reset" - - ENVIRONMENT=$(grep "^environment" LANDSCAPE/$(workload_zone_folder)/$(workload_zone_configuration_file) | awk -F'=' '{print $2}' | xargs) - LOCATION=$(grep "^location" LANDSCAPE/$(workload_zone_folder)/$(workload_zone_configuration_file) | awk -F'=' '{print $2}' | xargs | tr 'A-Z' 'a-z') - NETWORK=$(grep "^network_logical_name" LANDSCAPE/$(workload_zone_folder)/$(workload_zone_configuration_file) | awk -F'=' '{print $2}' | xargs) - - ENVIRONMENT_IN_FILENAME=$(echo $(workload_zone_folder) | awk -F'-' '{print $1}' | xargs ) - LOCATION_CODE=$(echo $(workload_zone_folder) | awk -F'-' '{print $2}' | xargs ) - case "$LOCATION_CODE" in - "AUCE") LOCATION_IN_FILENAME="australiacentral" ;; - "AUC2") LOCATION_IN_FILENAME="australiacentral2" ;; - "AUEA") LOCATION_IN_FILENAME="australiaeast" ;; - "AUSE") LOCATION_IN_FILENAME="australiasoutheast" ;; - "BRSO") LOCATION_IN_FILENAME="brazilsouth" ;; - "BRSE") LOCATION_IN_FILENAME="brazilsoutheast" ;; - "BRUS") LOCATION_IN_FILENAME="brazilus" ;; - "CACE") LOCATION_IN_FILENAME="canadacentral" ;; - "CAEA") LOCATION_IN_FILENAME="canadaeast" ;; - "CEIN") LOCATION_IN_FILENAME="centralindia" ;; - "CEUS") LOCATION_IN_FILENAME="centralus" ;; - "CEUA") LOCATION_IN_FILENAME="centraluseuap" ;; - "EAAS") LOCATION_IN_FILENAME="eastasia" ;; - "EAUS") LOCATION_IN_FILENAME="eastus" ;; - "EUSA") LOCATION_IN_FILENAME="eastus2euap" ;; - "EUS2") LOCATION_IN_FILENAME="eastus2" ;; - "EUSG") LOCATION_IN_FILENAME="eastusstg" ;; - "FRCE") LOCATION_IN_FILENAME="francecentral" ;; - "FRSO") LOCATION_IN_FILENAME="francesouth" ;; - "GENO") LOCATION_IN_FILENAME="germanynorth" ;; - "GEWE") LOCATION_IN_FILENAME="germanywest" ;; - "GEWC") LOCATION_IN_FILENAME="germanywestcentral" ;; - "ISCE") LOCATION_IN_FILENAME="israelcentral" ;; - "ITNO") LOCATION_IN_FILENAME="italynorth" ;; - "JAEA") LOCATION_IN_FILENAME="japaneast" ;; - "JAWE") LOCATION_IN_FILENAME="japanwest" ;; - "JINC") LOCATION_IN_FILENAME="jioindiacentral" ;; - "JINW") LOCATION_IN_FILENAME="jioindiawest" ;; - "KOCE") LOCATION_IN_FILENAME="koreacentral" ;; - "KOSO") LOCATION_IN_FILENAME="koreasouth" ;; - "NCUS") LOCATION_IN_FILENAME="northcentralus" ;; - "NOEU") LOCATION_IN_FILENAME="northeurope" ;; - "NOEA") LOCATION_IN_FILENAME="norwayeast" ;; - "NOWE") LOCATION_IN_FILENAME="norwaywest" ;; - "PLCE") LOCATION_IN_FILENAME="polandcentral" ;; - "QACE") LOCATION_IN_FILENAME="qatarcentral" ;; - "SANO") LOCATION_IN_FILENAME="southafricanorth" ;; - "SAWE") LOCATION_IN_FILENAME="southafricawest" ;; - "SCUS") LOCATION_IN_FILENAME="southcentralus" ;; - "SCUG") LOCATION_IN_FILENAME="southcentralusstg" ;; - "SOEA") LOCATION_IN_FILENAME="southeastasia" ;; - "SOIN") LOCATION_IN_FILENAME="southindia" ;; - "SECE") LOCATION_IN_FILENAME="swedencentral" ;; - "SWNO") LOCATION_IN_FILENAME="switzerlandnorth" ;; - "SWWE") LOCATION_IN_FILENAME="switzerlandwest" ;; - "UACE") LOCATION_IN_FILENAME="uaecentral" ;; - "UANO") LOCATION_IN_FILENAME="uaenorth" ;; - "UKSO") LOCATION_IN_FILENAME="uksouth" ;; - "UKWE") LOCATION_IN_FILENAME="ukwest" ;; - "WCUS") LOCATION_IN_FILENAME="westcentralus" ;; - "WEEU") LOCATION_IN_FILENAME="westeurope" ;; - "WEIN") LOCATION_IN_FILENAME="westindia" ;; - "WEUS") LOCATION_IN_FILENAME="westus" ;; - "WUS2") LOCATION_IN_FILENAME="westus2" ;; - "WUS3") LOCATION_IN_FILENAME="westus3" ;; - *) LOCATION_IN_FILENAME="westeurope" ;; - esac - - NETWORK_IN_FILENAME=$(echo $(workload_zone_folder) | awk -F'-' '{print $3}' | xargs ) - - echo "Environment: $ENVIRONMENT" - echo "Location: $LOCATION" - echo "Network: $NETWORK" - - echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" - echo "Location(filename): $LOCATION_IN_FILENAME" - echo "Network(filename): $NETWORK_IN_FILENAME" - - echo "Deployer Environment $(deployer_environment)" - echo "Deployer Region $(deployer_region)" - echo "Workload TFvars $(workload_zone_configuration_file)" - echo "" - - echo "Agent pool: $(this_agent)" - echo "Organization: $(System.CollectionUri)" - echo "Project: $(System.TeamProject)" - echo "" - echo "Azure CLI version:" - echo "-------------------------------------------------" - az --version - - if [ $ENVIRONMENT != $ENVIRONMENT_IN_FILENAME ]; then - echo "##vso[task.logissue type=error]The environment setting in $(workload_zone_configuration_file) '$ENVIRONMENT' does not match the $(workload_zone_configuration_file) file name '$ENVIRONMENT_IN_FILENAME'. Filename should have the pattern [ENVIRONMENT]-[REGION_CODE]-[NETWORK_LOGICAL_NAME]-INFRASTRUCTURE" - exit 2 - fi - - if [ $LOCATION != $LOCATION_IN_FILENAME ]; then - echo "##vso[task.logissue type=error]The location setting in $(workload_zone_configuration_file) '$LOCATION' does not match the $(workload_zone_configuration_file) file name '$LOCATION_IN_FILENAME'. Filename should have the pattern [ENVIRONMENT]-[REGION_CODE]-[NETWORK_LOGICAL_NAME]-INFRASTRUCTURE" - exit 2 - fi - - if [ $NETWORK != $NETWORK_IN_FILENAME ]; then - echo "##vso[task.logissue type=error]The network_logical_name setting in $(workload_zone_configuration_file) '$NETWORK' does not match the $(workload_zone_configuration_file) file name '$NETWORK_IN_FILENAME-. Filename should have the pattern [ENVIRONMENT]-[REGION_CODE]-[NETWORK_LOGICAL_NAME]-INFRASTRUCTURE" - exit 2 - fi - - echo -e "$green--- Configure devops CLI extension ---$reset" - az config set extension.use_dynamic_install=yes_without_prompt --output none - - az extension add --name azure-devops --output none --only-show-errors - - az devops configure --defaults organization=$(System.CollectionUri) project='$(System.TeamProject)' --output none - - export PARENT_VARIABLE_GROUP_ID=$(az pipelines variable-group list --query "[?name=='$(parent_variable_group)'].id | [0]") - printf -v val '%-15s' "$(parent_variable_group) id:" - echo "$val $PARENT_VARIABLE_GROUP_ID" - - if [ -z ${PARENT_VARIABLE_GROUP_ID} ]; then - echo "##vso[task.logissue type=error]Variable group $(parent_variable_group) could not be found." - exit 2 - fi - - export VARIABLE_GROUP_ID=$(az pipelines variable-group list --query "[?name=='$(variable_group)'].id | [0]") - - if [ -z ${VARIABLE_GROUP_ID} ]; then - echo "##vso[task.logissue type=error]Variable group $(variable_group) could not be found." - exit 2 - fi - printf -v val '%-15s' "$(variable_group) id:" - echo "$val $VARIABLE_GROUP_ID" - - deployer_environment_file_name=$CONFIG_REPO_PATH/.sap_deployment_automation/$(deployer_environment)$(deployer_region) - echo "Deployer Environment File: $deployer_environment_file_name" - - workload_environment_file_name=$CONFIG_REPO_PATH/.sap_deployment_automation/${ENVIRONMENT}${LOCATION_CODE}${NETWORK} - echo "Workload Zone Environment File: $workload_environment_file_name" - - dos2unix -q ${deployer_environment_file_name} - dos2unix -q ${workload_environment_file_name} - - if [ ! -f ${deployer_environment_file_name} ]; then - echo -e "$boldred--- $(deployer_environment)$(deployer_region) was not found ---$reset" - echo "##vso[task.logissue type=error]Control plane configuration file $(deployer_environment)$(deployer_region) was not found." - exit 2 - fi - - echo -e "$green--- Read parameter values ---$reset" - - if [ "true" == $(inherit) ]; then - - az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Deployer_State_FileName.value" --out tsv) - if [ -z ${az_var} ]; then - deployer_tfstate_key=$(grep "^deployer_tfstate_key=" ${deployer_environment_file_name} | awk -F'=' '{print $2}' | xargs) - else - deployer_tfstate_key=${az_var} - fi - - az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Deployer_Key_Vault.value" --out tsv) - if [ -z ${az_var} ]; then - key_vault=$(grep "^keyvault=" ${deployer_environment_file_name} | awk -F'=' '{print $2}' | xargs) - else - key_vault=${az_var} - fi - - az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Account_Name.value" --out tsv) - if [ -z ${az_var} ]; then - REMOTE_STATE_SA=$(grep "^REMOTE_STATE_SA" ${deployer_environment_file_name} | awk -F'=' '{print $2}' | xargs) ; - else - REMOTE_STATE_SA=${az_var}; echo 'Terraform state file storage account' $REMOTE_STATE_SA - fi - - az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Subscription.value" --out tsv) - if [ -z ${az_var} ]; then - STATE_SUBSCRIPTION=$(grep "^STATE_SUBSCRIPTION" ${deployer_environment_file_name} | awk -F'=' '{print $2}' | xargs) - else - STATE_SUBSCRIPTION=${az_var}; echo 'Terraform state file subscription' $STATE_SUBSCRIPTION - - fi - - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "WL_ARM_SUBSCRIPTION_ID.value" --out tsv) - if [ -z ${az_var} ]; then - echo "##vso[task.logissue type=error]Variable WL_ARM_SUBSCRIPTION_ID was not defined." - exit 2 - fi - - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Workload_Key_Vault.value" --out tsv) - if [ -z ${az_var} ]; then - if [ -f ${workload_environment_file_name} ]; then - export workload_key_vault=$(grep "^workloadkeyvault" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) - fi - else - export workload_key_vault=$(Workload_Key_Vault) - - fi - else - deployer_tfstate_key=$(grep "^deployer_tfstate_key=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) - - key_vault=$(grep "^workload_key_vault="" -m1 ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) ; - - REMOTE_STATE_SA=$(grep "^REMOTE_STATE_SA=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) - - STATE_SUBSCRIPTION=$(grep "^STATE_SUBSCRIPTION=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) - fi - - echo "Deployer statefile: $deployer_tfstate_key" - echo "Deployer Key vault: $key_vault" - echo "Workload Key vault: ${workload_key_vault}" - echo "Target subscription $WL_ARM_SUBSCRIPTION_ID" - - echo "Terraform state file subscription: $STATE_SUBSCRIPTION" - echo "Terraform state file storage account: $REMOTE_STATE_SA" - - secrets_set=1 - echo -e "$green---az login ---$reset" - - echo -e "$cyan---Sourcing the deploy_server.sh file$reset" - . /etc/profile.d/deploy_server.sh ; /opt/bin/terraform/terraform --version - - if [ $USE_MSI != "true" ]; then - - echo "Deployment credentials: Service Principal" - echo "Deployment credential ID: $WL_ARM_CLIENT_ID" - - export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID - export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET - export ARM_OBJECT_ID=$WL_ARM_OBJECT_ID - export ARM_TENANT_ID=$WL_ARM_TENANT_ID - export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID - export ARM_USE_AZUREAD=true - unset ARM_USE_MSI - az login --service-principal --username $ARM_CLIENT_ID --password=$ARM_CLIENT_SECRET --tenant $ARM_TENANT_ID --output none - - return_code=$? - if [ 0 != $return_code ]; then - echo -e "$boldred--- Login failed ---$reset" - echo "##vso[task.logissue type=error]az login failed." - exit $return_code - fi - az account set --subscription $STATE_SUBSCRIPTION - echo -e "$green --- Set secrets ---$reset" - - $SAP_AUTOMATION_REPO_PATH/deploy/scripts/set_secrets.sh --workload --vault "${key_vault}" --environment "${ENVIRONMENT}" \ - --region "${LOCATION}" --subscription $ARM_SUBSCRIPTION_ID --spn_id $ARM_CLIENT_ID --spn_secret "${ARM_CLIENT_SECRET}" \ - --tenant_id $ARM_TENANT_ID --keyvault_subscription $STATE_SUBSCRIPTION - secrets_set=$? ; echo -e "$cyan Set Secrets returned $secrets_set $reset" - # az keyvault set-policy --name "${key_vault}" --spn $ARM_OBJECT_ID --secret-permissions get list --subscription $STATE_SUBSCRIPTION --output none - else - echo "Deployment credentials: MAnaged Identity" - # export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID - export ARM_USE_MSI=true - export ARM_USE_AZUREAD=true - unset ARM_CLIENT_SECRET - fi - - debug_variable='--output none' - debug_variable='' - - if [ $USE_MSI != "true" ]; then - - isUserAccessAdmin=$(az role assignment list --role "User Access Administrator" --subscription $STATE_SUBSCRIPTION --query "[?principalType=='ServicePrincipal'].principalId | [0] " --assignee $ARM_OBJECT_ID) - - tfstate_resource_id=$(az resource list --name "${REMOTE_STATE_SA}" --subscription ${STATE_SUBSCRIPTION} --resource-type Microsoft.Storage/storageAccounts --query "[].id | [0]" -o tsv) - - if [ -n "${isUserAccessAdmin}" ]; then - - echo -e "$green--- Set permissions ---$reset" - perms=$(az role assignment list --subscription ${STATE_SUBSCRIPTION} --role "Reader" --query "[?principalId=='$WL_ARM_OBJECT_ID'].principalId | [0]" -o tsv --only-show-errors) - if [ -z "$perms" ]; then - echo -e "$green --- Assign subscription permissions to $perms ---$reset" - az role assignment create --assignee-object-id $WL_ARM_OBJECT_ID --assignee-principal-type ServicePrincipal --role "Reader" --scope "/subscriptions/${STATE_SUBSCRIPTION}" --output none - fi - - perms=$(az role assignment list --subscription ${STATE_SUBSCRIPTION} --role "Storage Blob Data Contributor" --scope "${tfstate_resource_id}" --query "[?principalId=='$WL_ARM_OBJECT_ID'].principalName | [0]" -o tsv --only-show-errors) - if [ -z "$perms" ]; then - echo "Assigning Storage Account Contributor permissions for $WL_ARM_OBJECT_ID to ${tfstate_resource_id}" - az role assignment create --assignee-object-id $WL_ARM_OBJECT_ID --assignee-principal-type ServicePrincipal --role "Storage Blob Data Contributor" --scope "${tfstate_resource_id}" --output none - fi - - resource_group_name=$(az resource show --id "${tfstate_resource_id}" --query resourceGroup -o tsv) - - if [ -n ${resource_group_name} ]; then - for scope in $(az resource list --resource-group "${resource_group_name}" --subscription ${STATE_SUBSCRIPTION} --resource-type Microsoft.Network/privateDnsZones --query "[].id" --output tsv); do - perms=$(az role assignment list --subscription ${STATE_SUBSCRIPTION} --role "Private DNS Zone Contributor" --scope $scope --query "[?principalId=='$WL_ARM_OBJECT_ID'].principalId | [0]" -o tsv --only-show-errors) - if [ -z "$perms" ]; then - echo "Assigning DNS Zone Contributor permissions for $WL_ARM_OBJECT_ID to ${scope}" - az role assignment create --assignee-object-id $WL_ARM_OBJECT_ID --assignee-principal-type ServicePrincipal --role "Private DNS Zone Contributor" --scope $scope --output none - fi - done - fi - - resource_group_name=$(az keyvault show --name "${key_vault}" --query resourceGroup --subscription ${STATE_SUBSCRIPTION} -o tsv) - - if [ -n "${resource_group_name}" ]; then - resource_group_id=$(az group show --name ${resource_group_name} --subscription ${STATE_SUBSCRIPTION} --query id -o tsv) - - vnet_resource_id=$(az resource list --resource-group "${resource_group_name}" --subscription ${STATE_SUBSCRIPTION} --resource-type Microsoft.Network/virtualNetworks -o tsv --query "[].id | [0]") - if [ -n "${vnet_resource_id}" ]; then - perms=$(az role assignment list --subscription ${STATE_SUBSCRIPTION} --role "Network Contributor" --scope $vnet_resource_id --only-show-errors --query "[].principalId | [0]" --assignee $WL_ARM_OBJECT_ID -o tsv --only-show-errors) - - if [ -z "$perms" ]; then - echo "Assigning Network Contributor rights for $WL_ARM_OBJECT_ID to ${vnet_resource_id}" - az role assignment create --assignee-object-id $WL_ARM_OBJECT_ID --assignee-principal-type ServicePrincipal --role "Network Contributor" --scope $vnet_resource_id --output none - fi - fi - fi - else - echo "##vso[task.logissue type=warning]Service Principal $WL_ARM_CLIENT_ID does not have 'User Access Administrator' permissions. Please ensure that the service principal $WL_ARM_CLIENT_ID has permissions on the Terrafrom state storage account and if needed on the Private DNS zone and the source management network resource" - fi - fi - - echo -e "$green--- Deploy the workload zone ---$reset" - cd $CONFIG_REPO_PATH/LANDSCAPE/$(workload_zone_folder) - if [ -f /etc/profile.d/deploy_server.sh ]; then - if [ $USE_MSI != "true" ]; then - az logout --output none - export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID - export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET - export ARM_TENANT_ID=$WL_ARM_TENANT_ID - export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID - unset ARM_USE_MSI - az login --service-principal --username $WL_ARM_CLIENT_ID --password=$WL_ARM_CLIENT_SECRET --tenant $WL_ARM_TENANT_ID --output none - return_code=$? - if [ 0 != $return_code ]; then - echo -e "$boldred--- Login failed ---$reset" - echo "##vso[task.logissue type=error]az login failed." - exit $return_code - fi - $SAP_AUTOMATION_REPO_PATH/deploy/scripts/install_workloadzone.sh --parameterfile $(workload_zone_configuration_file) \ - --deployer_environment $(deployer_environment) --subscription $ARM_SUBSCRIPTION_ID \ - --spn_id $WL_ARM_CLIENT_ID --spn_secret $WL_ARM_CLIENT_SECRET --tenant_id $WL_ARM_TENANT_ID \ - --deployer_tfstate_key "${deployer_tfstate_key}" --keyvault "${key_vault}" --storageaccountname "${REMOTE_STATE_SA}" \ - --state_subscription "${STATE_SUBSCRIPTION}" --auto-approve --ado - else - $SAP_AUTOMATION_REPO_PATH/deploy/scripts/install_workloadzone.sh --parameterfile $(workload_zone_configuration_file) \ - --deployer_environment $(deployer_environment) --subscription $ARM_SUBSCRIPTION_ID \ - --deployer_tfstate_key "${deployer_tfstate_key}" --keyvault "${key_vault}" --storageaccountname "${REMOTE_STATE_SA}" \ - --state_subscription "${STATE_SUBSCRIPTION}" --auto-approve --ado --msi - - fi - - fi - return_code=$? - - echo "Return code: ${return_code}" - if [ -f ${workload_environment_file_name} ]; then - export workload_key_vault=$(cat ${workload_environment_file_name} | grep workloadkeyvault= | awk -F'=' '{print $2}' | xargs) ; echo 'Workload Key Vault' ${workload_key_vault} - export workload_prefix=$(cat ${workload_environment_file_name} | grep workload_zone_prefix= | awk -F'=' '{print $2}' | xargs) ; echo 'Workload Prefix' ${workload_prefix} - export landscape_tfstate_key=$(cat ${workload_environment_file_name} | grep landscape_tfstate_key= | awk -F'=' '{print $2}' | xargs) ; echo 'Workload Zone State File' $landscape_tfstate_key - fi - - expiry_date=$(date -d "+365 days" +%Y-%m-%d) - - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "FENCING_SPN_ID.value") - if [ -z ${az_var} ]; then - echo "##vso[task.logissue type=warning]Variable FENCING_SPN_ID is not set. Required for highly available deployments" - else - export fencing_id=$(az keyvault secret list --vault-name $workload_key_vault --subscription $STATE_SUBSCRIPTION --query [].name -o tsv | grep ${workload_prefix}-fencing-spn-id | xargs) - if [ -z "$fencing_id" ]; then - az keyvault secret set --name ${workload_prefix}-fencing-spn-id --vault-name $workload_key_vault --value $(FENCING_SPN_ID) --subscription $STATE_SUBSCRIPTION --expires "$(date -d '+1 year' -u +%Y-%m-%dT%H:%M:%SZ)" --output none - az keyvault secret set --name ${workload_prefix}-fencing-spn-pwd --vault-name $workload_key_vault --value=$FENCING_SPN_PWD --subscription $STATE_SUBSCRIPTION --expires "$(date -d '+1 year' -u +%Y-%m-%dT%H:%M:%SZ)" --output none - az keyvault secret set --name ${workload_prefix}-fencing-spn-tenant --vault-name $workload_key_vault --value $(FENCING_SPN_TENANT) --subscription $STATE_SUBSCRIPTION --expires "$(date -d '+1 year' -u +%Y-%m-%dT%H:%M:%SZ)" --output none - fi - fi - az logout --output none - echo -e "$green--- Add & update files in the DevOps Repository ---$reset" - cd $(Build.Repository.LocalPath) - git pull - - echo -e "$green--- Pull latest ---$reset" - cd $CONFIG_REPO_PATH - git pull - - added=0 - if [ -f ${workload_environment_file_name} ]; then - git add ${workload_environment_file_name} - added=1 - fi - if [ -f ${workload_environment_file_name}.md ]; then - git add ${workload_environment_file_name}.md - added=1 - fi - if [ -f $(Deployment_Configuration_Path)/LANDSCAPE/$(workload_zone_folder)/.terraform/terraform.tfstate ]; then - git add -f $(Deployment_Configuration_Path)/LANDSCAPE/$(workload_zone_folder)/.terraform/terraform.tfstate - added=1 - fi - if [ 1 == $added ]; then - git config --global user.email "$(Build.RequestedForEmail)" - git config --global user.name "$(Build.RequestedFor)" - git commit -m "Added updates from devops deployment $(Build.DefinitionName) [skip ci]" - git -c http.extraheader="AUTHORIZATION: bearer $(System.AccessToken)" push --set-upstream origin $(Build.SourceBranchName) - fi - - if [ -f ${workload_environment_file_name}.md ]; then - echo "##vso[task.uploadsummary]${workload_environment_file_name}.md" - fi - echo -e "$green--- Adding variables to the variable group" $(variable_group) "---$reset" - if [ -n "${VARIABLE_GROUP_ID}" ]; then - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query Terraform_Remote_Storage_Account_Name.value --output table) - if [ -n "${az_var}" ]; then - az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name Terraform_Remote_Storage_Account_Name --value "${REMOTE_STATE_SA}" --output none --only-show-errors - else - az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name Terraform_Remote_Storage_Account_Name --value "${REMOTE_STATE_SA}" --output none --only-show-errors - fi - - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query Terraform_Remote_Storage_Subscription.value --output table) - if [ -n "${az_var}" ]; then - az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name Terraform_Remote_Storage_Subscription --value "${STATE_SUBSCRIPTION}" --output none --only-show-errors - else - az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name Terraform_Remote_Storage_Subscription --value "${STATE_SUBSCRIPTION}" --output none --only-show-errors - fi - - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query Deployer_State_FileName.value --output table) - if [ -n "${az_var}" ]; then - az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name Deployer_State_FileName --value "${deployer_tfstate_key}" --output none --only-show-errors - else - az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name Deployer_State_FileName --value "${deployer_tfstate_key}" --output none --only-show-errors - fi - - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query Deployer_Key_Vault.value --output table) - if [ -n "${az_var}" ]; then - az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name Deployer_Key_Vault --value ${key_vault} --output none --only-show-errors - else - az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name Deployer_Key_Vault --value ${key_vault} --output none --only-show-errors - fi - - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "${NETWORK}"Workload_Key_Vault.value --output table) - if [ -n "${az_var}" ]; then - az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name "${NETWORK}"Workload_Key_Vault --value $workload_key_vault --output none --only-show-errors - else - az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name "${NETWORK}"Workload_Key_Vault --value $workload_key_vault --output none --only-show-errors - fi - - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "${NETWORK}"Workload_Secret_Prefix.value --output table) - if [ -n "${az_var}" ]; then - az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name "${NETWORK}"Workload_Secret_Prefix --value "${workload_prefix}" --output none --only-show-errors - else - az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name "${NETWORK}"Workload_Secret_Prefix --value "${workload_prefix}" --output none --only-show-errors - fi - - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "${NETWORK}"Workload_Zone_State_FileName.value --output table) - if [ -n "${az_var}" ]; then - az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name "${NETWORK}"Workload_Zone_State_FileName --value "${landscape_tfstate_key}" --output none --only-show-errors - else - az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name "${NETWORK}"Workload_Zone_State_FileName --value "${landscape_tfstate_key}" --output none --only-show-errors - fi - - fi - - if [ 0 != $return_code ]; then - echo "##vso[task.logissue type=error]Return code from install_workloadzone $return_code." - if [ -f ${workload_environment_file_name}.err ]; then - error_message=$(cat ${workload_environment_file_name}.err) - echo "##vso[task.logissue type=error]Error message: $error_message." - fi - - fi - - exit $return_code + #!/bin/bash + green="\e[1;32m" ; reset="\e[0m" ; boldred="\e[1;31m" ; cyan="\e[1;36m" + + echo "##vso[build.updatebuildnumber]Deploying the SAP Workload zone defined in $(workload_zone_folder)" + + # Check if running on deployer + if [ ! -f /etc/profile.d/deploy_server.sh ]; then + echo -e "$green --- Install dos2unix ---$reset" + sudo apt-get -qq install dos2unix + echo -e "$green --- Install terraform ---$reset" + + wget -q $(tf_url) + return_code=$? + if [ 0 != $return_code ]; then + echo "##vso[task.logissue type=error]Unable to download Terraform version $(tf_version)." + exit 2 + fi + unzip -qq terraform_$(tf_version)_linux_amd64.zip ; sudo mv terraform /bin/ + rm -f terraform_$(tf_version)_linux_amd64.zip + else + source /etc/profile.d/deploy_server.sh + fi + + if [ ! -f $CONFIG_REPO_PATH/LANDSCAPE/$(workload_zone_folder)/$(workload_zone_configuration_file) ]; then + echo -e "$boldred--- $(workload_zone_configuration_file) was not found ---$reset" + echo "##vso[task.logissue type=error]File $(workload_zone_configuration_file) was not found." + exit 2 + fi + + echo -e "$green--- Checkout $(Build.SourceBranchName) ---$reset" + + cd "${CONFIG_REPO_PATH}" || exit + mkdir -p .sap_deployment_automation + git checkout -q $(Build.SourceBranchName) + + echo -e "$green--- Validations ---$reset" + if [ $USE_MSI != "true" ]; then + + if [ -z $WL_ARM_SUBSCRIPTION_ID ]; then + echo "##vso[task.logissue type=error]Variable ARM_SUBSCRIPTION_ID was not defined in the $(variable_group) variable group." + exit 2 + fi + + if [ $WL_ARM_SUBSCRIPTION_ID == '$$(ARM_SUBSCRIPTION_ID)' ]; then + echo "##vso[task.logissue type=error]Variable ARM_SUBSCRIPTION_ID was not defined in the $(variable_group) variable group." + exit 2 + fi + + if [ -z $WL_ARM_CLIENT_ID ]; then + echo "##vso[task.logissue type=error]Variable ARM_CLIENT_ID was not defined in the $(variable_group) variable group." + exit 2 + fi + + if [ $WL_ARM_CLIENT_ID == '$$(ARM_CLIENT_ID)' ]; then + echo "##vso[task.logissue type=error]Variable ARM_CLIENT_ID was not defined in the $(variable_group) variable group." + exit 2 + fi + + if [ -z $WL_ARM_CLIENT_SECRET ]; then + echo "##vso[task.logissue type=error]Variable ARM_CLIENT_SECRET was not defined in the $(variable_group) variable group." + exit 2 + fi + + if [ $WL_ARM_CLIENT_SECRET == '$$(ARM_CLIENT_SECRET)' ]; then + echo "##vso[task.logissue type=error]Variable ARM_CLIENT_SECRET was not defined in the $(variable_group) variable group." + exit 2 + fi + + if [ -z $WL_ARM_TENANT_ID ]; then + echo "##vso[task.logissue type=error]Variable ARM_TENANT_ID was not defined in the $(variable_group) variable group." + exit 2 + fi + + if [ $WL_ARM_TENANT_ID == '$$(ARM_TENANT_ID)' ]; then + echo "##vso[task.logissue type=error]Variable ARM_TENANT_ID was not defined in the $(variable_group) variable group." + exit 2 + fi + + if [ -z $CP_ARM_SUBSCRIPTION_ID ]; then + echo "##vso[task.logissue type=error]Variable CP_ARM_SUBSCRIPTION_ID was not defined in the $(parent_variable_group) variable group." + exit 2 + fi + + if [ -z $CP_ARM_CLIENT_ID ]; then + echo "##vso[task.logissue type=error]Variable CP_ARM_CLIENT_ID was not defined in the $(parent_variable_group) variable group." + exit 2 + fi + + if [ -z $CP_ARM_CLIENT_SECRET ]; then + echo "##vso[task.logissue type=error]Variable CP_ARM_CLIENT_SECRET was not defined in the $(parent_variable_group) variable group." + exit 2 + fi + + if [ -z $CP_ARM_TENANT_ID ]; then + echo "##vso[task.logissue type=error]Variable CP_ARM_TENANT_ID was not defined in the $(parent_variable_group) variable group." + exit 2 + fi + fi + + dos2unix -q LANDSCAPE/$(workload_zone_folder)/$(workload_zone_configuration_file) + echo -e "$green--- Read deployment details ---$reset" + + ENVIRONMENT=$(grep "^environment" LANDSCAPE/$(workload_zone_folder)/$(workload_zone_configuration_file) | awk -F'=' '{print $2}' | xargs) + LOCATION=$(grep "^location" LANDSCAPE/$(workload_zone_folder)/$(workload_zone_configuration_file) | awk -F'=' '{print $2}' | xargs | tr 'A-Z' 'a-z') + NETWORK=$(grep "^network_logical_name" LANDSCAPE/$(workload_zone_folder)/$(workload_zone_configuration_file) | awk -F'=' '{print $2}' | xargs) + + ENVIRONMENT_IN_FILENAME=$(echo $(workload_zone_folder) | awk -F'-' '{print $1}' | xargs ) + LOCATION_CODE=$(echo $(workload_zone_folder) | awk -F'-' '{print $2}' | xargs ) + case "$LOCATION_CODE" in + "AUCE") LOCATION_IN_FILENAME="australiacentral" ;; + "AUC2") LOCATION_IN_FILENAME="australiacentral2" ;; + "AUEA") LOCATION_IN_FILENAME="australiaeast" ;; + "AUSE") LOCATION_IN_FILENAME="australiasoutheast" ;; + "BRSO") LOCATION_IN_FILENAME="brazilsouth" ;; + "BRSE") LOCATION_IN_FILENAME="brazilsoutheast" ;; + "BRUS") LOCATION_IN_FILENAME="brazilus" ;; + "CACE") LOCATION_IN_FILENAME="canadacentral" ;; + "CAEA") LOCATION_IN_FILENAME="canadaeast" ;; + "CEIN") LOCATION_IN_FILENAME="centralindia" ;; + "CEUS") LOCATION_IN_FILENAME="centralus" ;; + "CEUA") LOCATION_IN_FILENAME="centraluseuap" ;; + "EAAS") LOCATION_IN_FILENAME="eastasia" ;; + "EAUS") LOCATION_IN_FILENAME="eastus" ;; + "EUSA") LOCATION_IN_FILENAME="eastus2euap" ;; + "EUS2") LOCATION_IN_FILENAME="eastus2" ;; + "EUSG") LOCATION_IN_FILENAME="eastusstg" ;; + "FRCE") LOCATION_IN_FILENAME="francecentral" ;; + "FRSO") LOCATION_IN_FILENAME="francesouth" ;; + "GENO") LOCATION_IN_FILENAME="germanynorth" ;; + "GEWE") LOCATION_IN_FILENAME="germanywest" ;; + "GEWC") LOCATION_IN_FILENAME="germanywestcentral" ;; + "ISCE") LOCATION_IN_FILENAME="israelcentral" ;; + "ITNO") LOCATION_IN_FILENAME="italynorth" ;; + "JAEA") LOCATION_IN_FILENAME="japaneast" ;; + "JAWE") LOCATION_IN_FILENAME="japanwest" ;; + "JINC") LOCATION_IN_FILENAME="jioindiacentral" ;; + "JINW") LOCATION_IN_FILENAME="jioindiawest" ;; + "KOCE") LOCATION_IN_FILENAME="koreacentral" ;; + "KOSO") LOCATION_IN_FILENAME="koreasouth" ;; + "NCUS") LOCATION_IN_FILENAME="northcentralus" ;; + "NOEU") LOCATION_IN_FILENAME="northeurope" ;; + "NOEA") LOCATION_IN_FILENAME="norwayeast" ;; + "NOWE") LOCATION_IN_FILENAME="norwaywest" ;; + "PLCE") LOCATION_IN_FILENAME="polandcentral" ;; + "QACE") LOCATION_IN_FILENAME="qatarcentral" ;; + "SANO") LOCATION_IN_FILENAME="southafricanorth" ;; + "SAWE") LOCATION_IN_FILENAME="southafricawest" ;; + "SCUS") LOCATION_IN_FILENAME="southcentralus" ;; + "SCUG") LOCATION_IN_FILENAME="southcentralusstg" ;; + "SOEA") LOCATION_IN_FILENAME="southeastasia" ;; + "SOIN") LOCATION_IN_FILENAME="southindia" ;; + "SECE") LOCATION_IN_FILENAME="swedencentral" ;; + "SWNO") LOCATION_IN_FILENAME="switzerlandnorth" ;; + "SWWE") LOCATION_IN_FILENAME="switzerlandwest" ;; + "UACE") LOCATION_IN_FILENAME="uaecentral" ;; + "UANO") LOCATION_IN_FILENAME="uaenorth" ;; + "UKSO") LOCATION_IN_FILENAME="uksouth" ;; + "UKWE") LOCATION_IN_FILENAME="ukwest" ;; + "WCUS") LOCATION_IN_FILENAME="westcentralus" ;; + "WEEU") LOCATION_IN_FILENAME="westeurope" ;; + "WEIN") LOCATION_IN_FILENAME="westindia" ;; + "WEUS") LOCATION_IN_FILENAME="westus" ;; + "WUS2") LOCATION_IN_FILENAME="westus2" ;; + "WUS3") LOCATION_IN_FILENAME="westus3" ;; + *) LOCATION_IN_FILENAME="westeurope" ;; + esac + + NETWORK_IN_FILENAME=$(echo $(workload_zone_folder) | awk -F'-' '{print $3}' | xargs ) + + echo "Environment: $ENVIRONMENT" + echo "Location: $LOCATION" + echo "Network: $NETWORK" + + echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" + echo "Location(filename): $LOCATION_IN_FILENAME" + echo "Network(filename): $NETWORK_IN_FILENAME" + + echo "Deployer Environment $(deployer_environment)" + echo "Deployer Region $(deployer_region)" + echo "Workload TFvars $(workload_zone_configuration_file)" + echo "" + + echo "Agent pool: $(this_agent)" + echo "Organization: $(System.CollectionUri)" + echo "Project: $(System.TeamProject)" + echo "" + echo "Azure CLI version:" + echo "-------------------------------------------------" + az --version + + if [ $ENVIRONMENT != $ENVIRONMENT_IN_FILENAME ]; then + echo "##vso[task.logissue type=error]The environment setting in $(workload_zone_configuration_file) '$ENVIRONMENT' does not match the $(workload_zone_configuration_file) file name '$ENVIRONMENT_IN_FILENAME'. Filename should have the pattern [ENVIRONMENT]-[REGION_CODE]-[NETWORK_LOGICAL_NAME]-INFRASTRUCTURE" + exit 2 + fi + + if [ $LOCATION != $LOCATION_IN_FILENAME ]; then + echo "##vso[task.logissue type=error]The location setting in $(workload_zone_configuration_file) '$LOCATION' does not match the $(workload_zone_configuration_file) file name '$LOCATION_IN_FILENAME'. Filename should have the pattern [ENVIRONMENT]-[REGION_CODE]-[NETWORK_LOGICAL_NAME]-INFRASTRUCTURE" + exit 2 + fi + + if [ $NETWORK != $NETWORK_IN_FILENAME ]; then + echo "##vso[task.logissue type=error]The network_logical_name setting in $(workload_zone_configuration_file) '$NETWORK' does not match the $(workload_zone_configuration_file) file name '$NETWORK_IN_FILENAME-. Filename should have the pattern [ENVIRONMENT]-[REGION_CODE]-[NETWORK_LOGICAL_NAME]-INFRASTRUCTURE" + exit 2 + fi + + echo -e "$green--- Configure devops CLI extension ---$reset" + az config set extension.use_dynamic_install=yes_without_prompt --output none + + az extension add --name azure-devops --output none --only-show-errors + + az devops configure --defaults organization=$(System.CollectionUri) project='$(System.TeamProject)' --output none + + export PARENT_VARIABLE_GROUP_ID=$(az pipelines variable-group list --query "[?name=='$(parent_variable_group)'].id | [0]") + printf -v val '%-15s' "$(parent_variable_group) id:" + echo "$val $PARENT_VARIABLE_GROUP_ID" + + if [ -z ${PARENT_VARIABLE_GROUP_ID} ]; then + echo "##vso[task.logissue type=error]Variable group $(parent_variable_group) could not be found." + exit 2 + fi + + export VARIABLE_GROUP_ID=$(az pipelines variable-group list --query "[?name=='$(variable_group)'].id | [0]") + + if [ -z ${VARIABLE_GROUP_ID} ]; then + echo "##vso[task.logissue type=error]Variable group $(variable_group) could not be found." + exit 2 + fi + printf -v val '%-15s' "$(variable_group) id:" + echo "$val $VARIABLE_GROUP_ID" + + deployer_environment_file_name=$CONFIG_REPO_PATH/.sap_deployment_automation/$(deployer_environment)$(deployer_region) + echo "Deployer Environment File: $deployer_environment_file_name" + + workload_environment_file_name=$CONFIG_REPO_PATH/.sap_deployment_automation/${ENVIRONMENT}${LOCATION_CODE}${NETWORK} + echo "Workload Zone Environment File: $workload_environment_file_name" + + dos2unix -q ${deployer_environment_file_name} + dos2unix -q ${workload_environment_file_name} + + if [ ! -f ${deployer_environment_file_name} ]; then + echo -e "$boldred--- $(deployer_environment)$(deployer_region) was not found ---$reset" + echo "##vso[task.logissue type=error]Control plane configuration file $(deployer_environment)$(deployer_region) was not found." + exit 2 + fi + + echo -e "$green--- Read parameter values ---$reset" + + if [ "true" == $(inherit) ]; then + + az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Deployer_State_FileName.value" --out tsv) + if [ -z ${az_var} ]; then + deployer_tfstate_key=$(grep "^deployer_tfstate_key=" ${deployer_environment_file_name} | awk -F'=' '{print $2}' | xargs) + else + deployer_tfstate_key=${az_var} + fi + + az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Deployer_Key_Vault.value" --out tsv) + if [ -z ${az_var} ]; then + key_vault=$(grep "^keyvault=" ${deployer_environment_file_name} | awk -F'=' '{print $2}' | xargs) + else + key_vault=${az_var} + fi + + az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Account_Name.value" --out tsv) + if [ -z ${az_var} ]; then + REMOTE_STATE_SA=$(grep "^REMOTE_STATE_SA" ${deployer_environment_file_name} | awk -F'=' '{print $2}' | xargs) ; + else + REMOTE_STATE_SA=${az_var}; echo 'Terraform state file storage account' $REMOTE_STATE_SA + fi + + az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Subscription.value" --out tsv) + if [ -z ${az_var} ]; then + STATE_SUBSCRIPTION=$(grep "^STATE_SUBSCRIPTION" ${deployer_environment_file_name} | awk -F'=' '{print $2}' | xargs) + else + STATE_SUBSCRIPTION=${az_var}; echo 'Terraform state file subscription' $STATE_SUBSCRIPTION + + fi + + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "WL_ARM_SUBSCRIPTION_ID.value" --out tsv) + if [ -z ${az_var} ]; then + echo "##vso[task.logissue type=error]Variable WL_ARM_SUBSCRIPTION_ID was not defined." + exit 2 + fi + + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Workload_Key_Vault.value" --out tsv) + if [ -z ${az_var} ]; then + if [ -f ${workload_environment_file_name} ]; then + export workload_key_vault=$(grep "^workloadkeyvault" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) + fi + else + export workload_key_vault=$(Workload_Key_Vault) + + fi + else + deployer_tfstate_key=$(grep "^deployer_tfstate_key=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) + + key_vault=$(grep "^workload_key_vault=" -m1 ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) ; + + REMOTE_STATE_SA=$(grep "^REMOTE_STATE_SA=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) + + STATE_SUBSCRIPTION=$(grep "^STATE_SUBSCRIPTION=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) + fi + + echo "Deployer statefile: $deployer_tfstate_key" + echo "Deployer Key vault: $key_vault" + echo "Workload Key vault: ${workload_key_vault}" + echo "Target subscription $WL_ARM_SUBSCRIPTION_ID" + + echo "Terraform state file subscription: $STATE_SUBSCRIPTION" + echo "Terraform state file storage account: $REMOTE_STATE_SA" + + secrets_set=1 + echo -e "$green---az login ---$reset" + + echo -e "$cyan---Sourcing the deploy_server.sh file$reset" + . /etc/profile.d/deploy_server.sh ; /opt/bin/terraform/terraform --version + + if [ $USE_MSI != "true" ]; then + + echo "Deployment credentials: Service Principal" + echo "Deployment credential ID: $WL_ARM_CLIENT_ID" + + export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID + export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET + export ARM_OBJECT_ID=$WL_ARM_OBJECT_ID + export ARM_TENANT_ID=$WL_ARM_TENANT_ID + export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID + export ARM_USE_AZUREAD=true + unset ARM_USE_MSI + az login --service-principal --username $ARM_CLIENT_ID --password=$ARM_CLIENT_SECRET --tenant $ARM_TENANT_ID --output none + + return_code=$? + if [ 0 != $return_code ]; then + echo -e "$boldred--- Login failed ---$reset" + echo "##vso[task.logissue type=error]az login failed." + exit $return_code + fi + az account set --subscription $STATE_SUBSCRIPTION + echo -e "$green --- Set secrets ---$reset" + + $SAP_AUTOMATION_REPO_PATH/deploy/scripts/set_secrets.sh --workload --vault "${key_vault}" --environment "${ENVIRONMENT}" \ + --region "${LOCATION}" --subscription $ARM_SUBSCRIPTION_ID --spn_id $ARM_CLIENT_ID --spn_secret "${ARM_CLIENT_SECRET}" \ + --tenant_id $ARM_TENANT_ID --keyvault_subscription $STATE_SUBSCRIPTION + secrets_set=$? ; echo -e "$cyan Set Secrets returned $secrets_set $reset" + # az keyvault set-policy --name "${key_vault}" --spn $ARM_OBJECT_ID --secret-permissions get list --subscription $STATE_SUBSCRIPTION --output none + else + echo "Deployment credentials: Managed Identity" + # export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID + export ARM_USE_MSI=true + export ARM_USE_AZUREAD=true + unset ARM_CLIENT_SECRET + fi + + debug_variable='--output none' + debug_variable='' + + if [ $USE_MSI != "true" ]; then + + isUserAccessAdmin=$(az role assignment list --role "User Access Administrator" --subscription $STATE_SUBSCRIPTION --query "[?principalType=='ServicePrincipal'].principalId | [0] " --assignee $ARM_OBJECT_ID) + + tfstate_resource_id=$(az resource list --name "${REMOTE_STATE_SA}" --subscription ${STATE_SUBSCRIPTION} --resource-type Microsoft.Storage/storageAccounts --query "[].id | [0]" -o tsv) + + if [ -n "${isUserAccessAdmin}" ]; then + + echo -e "$green--- Set permissions ---$reset" + perms=$(az role assignment list --subscription ${STATE_SUBSCRIPTION} --role "Reader" --query "[?principalId=='$WL_ARM_OBJECT_ID'].principalId | [0]" -o tsv --only-show-errors) + if [ -z "$perms" ]; then + echo -e "$green --- Assign subscription permissions to $perms ---$reset" + az role assignment create --assignee-object-id $WL_ARM_OBJECT_ID --assignee-principal-type ServicePrincipal --role "Reader" --scope "/subscriptions/${STATE_SUBSCRIPTION}" --output none + fi + + perms=$(az role assignment list --subscription ${STATE_SUBSCRIPTION} --role "Storage Blob Data Contributor" --scope "${tfstate_resource_id}" --query "[?principalId=='$WL_ARM_OBJECT_ID'].principalName | [0]" -o tsv --only-show-errors) + if [ -z "$perms" ]; then + echo "Assigning Storage Account Contributor permissions for $WL_ARM_OBJECT_ID to ${tfstate_resource_id}" + az role assignment create --assignee-object-id $WL_ARM_OBJECT_ID --assignee-principal-type ServicePrincipal --role "Storage Blob Data Contributor" --scope "${tfstate_resource_id}" --output none + fi + + resource_group_name=$(az resource show --id "${tfstate_resource_id}" --query resourceGroup -o tsv) + + if [ -n "${resource_group_name}" ]; then + for scope in $(az resource list --resource-group "${resource_group_name}" --subscription ${STATE_SUBSCRIPTION} --resource-type Microsoft.Network/privateDnsZones --query "[].id" --output tsv); do + perms=$(az role assignment list --subscription ${STATE_SUBSCRIPTION} --role "Private DNS Zone Contributor" --scope $scope --query "[?principalId=='$WL_ARM_OBJECT_ID'].principalId | [0]" -o tsv --only-show-errors) + if [ -z "$perms" ]; then + echo "Assigning DNS Zone Contributor permissions for $WL_ARM_OBJECT_ID to ${scope}" + az role assignment create --assignee-object-id $WL_ARM_OBJECT_ID --assignee-principal-type ServicePrincipal --role "Private DNS Zone Contributor" --scope $scope --output none + fi + done + fi + + resource_group_name=$(az keyvault show --name "${key_vault}" --query resourceGroup --subscription ${STATE_SUBSCRIPTION} -o tsv) + + if [ -n "${resource_group_name}" ]; then + resource_group_id=$(az group show --name ${resource_group_name} --subscription ${STATE_SUBSCRIPTION} --query id -o tsv) + + vnet_resource_id=$(az resource list --resource-group "${resource_group_name}" --subscription ${STATE_SUBSCRIPTION} --resource-type Microsoft.Network/virtualNetworks -o tsv --query "[].id | [0]") + if [ -n "${vnet_resource_id}" ]; then + perms=$(az role assignment list --subscription ${STATE_SUBSCRIPTION} --role "Network Contributor" --scope $vnet_resource_id --only-show-errors --query "[].principalId | [0]" --assignee $WL_ARM_OBJECT_ID -o tsv --only-show-errors) + + if [ -z "$perms" ]; then + echo "Assigning Network Contributor rights for $WL_ARM_OBJECT_ID to ${vnet_resource_id}" + az role assignment create --assignee-object-id $WL_ARM_OBJECT_ID --assignee-principal-type ServicePrincipal --role "Network Contributor" --scope $vnet_resource_id --output none + fi + fi + fi + else + echo "##vso[task.logissue type=warning]Service Principal $WL_ARM_CLIENT_ID does not have 'User Access Administrator' permissions. Please ensure that the service principal $WL_ARM_CLIENT_ID has permissions on the Terrafrom state storage account and if needed on the Private DNS zone and the source management network resource" + fi + fi + + echo -e "$green--- Deploy the workload zone ---$reset" + cd $CONFIG_REPO_PATH/LANDSCAPE/$(workload_zone_folder) + if [ -f /etc/profile.d/deploy_server.sh ]; then + if [ $USE_MSI != "true" ]; then + az logout --output none + export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID + export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET + export ARM_TENANT_ID=$WL_ARM_TENANT_ID + export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID + unset ARM_USE_MSI + az login --service-principal --username $WL_ARM_CLIENT_ID --password=$WL_ARM_CLIENT_SECRET --tenant $WL_ARM_TENANT_ID --output none + return_code=$? + if [ 0 != $return_code ]; then + echo -e "$boldred--- Login failed ---$reset" + echo "##vso[task.logissue type=error]az login failed." + exit $return_code + fi + $SAP_AUTOMATION_REPO_PATH/deploy/scripts/install_workloadzone.sh --parameterfile $(workload_zone_configuration_file) \ + --deployer_environment $(deployer_environment) --subscription $ARM_SUBSCRIPTION_ID \ + --spn_id $WL_ARM_CLIENT_ID --spn_secret $WL_ARM_CLIENT_SECRET --tenant_id $WL_ARM_TENANT_ID \ + --deployer_tfstate_key "${deployer_tfstate_key}" --keyvault "${key_vault}" --storageaccountname "${REMOTE_STATE_SA}" \ + --state_subscription "${STATE_SUBSCRIPTION}" --auto-approve --ado + else + $SAP_AUTOMATION_REPO_PATH/deploy/scripts/install_workloadzone.sh --parameterfile $(workload_zone_configuration_file) \ + --deployer_environment $(deployer_environment) --subscription $ARM_SUBSCRIPTION_ID \ + --deployer_tfstate_key "${deployer_tfstate_key}" --keyvault "${key_vault}" --storageaccountname "${REMOTE_STATE_SA}" \ + --state_subscription "${STATE_SUBSCRIPTION}" --auto-approve --ado --msi + + fi + + fi + return_code=$? + + echo "Return code: ${return_code}" + if [ -f ${workload_environment_file_name} ]; then + export workload_key_vault=$(cat ${workload_environment_file_name} | grep workloadkeyvault= | awk -F'=' '{print $2}' | xargs) ; echo 'Workload Key Vault' ${workload_key_vault} + export workload_prefix=$(cat ${workload_environment_file_name} | grep workload_zone_prefix= | awk -F'=' '{print $2}' | xargs) ; echo 'Workload Prefix' ${workload_prefix} + export landscape_tfstate_key=$(cat ${workload_environment_file_name} | grep landscape_tfstate_key= | awk -F'=' '{print $2}' | xargs) ; echo 'Workload Zone State File' $landscape_tfstate_key + fi + + expiry_date=$(date -d "+365 days" +%Y-%m-%d) + + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "FENCING_SPN_ID.value") + if [ -z ${az_var} ]; then + echo "##vso[task.logissue type=warning]Variable FENCING_SPN_ID is not set. Required for highly available deployments" + else + export fencing_id=$(az keyvault secret list --vault-name $workload_key_vault --subscription $STATE_SUBSCRIPTION --query [].name -o tsv | grep ${workload_prefix}-fencing-spn-id | xargs) + if [ -z "$fencing_id" ]; then + az keyvault secret set --name ${workload_prefix}-fencing-spn-id --vault-name $workload_key_vault --value $(FENCING_SPN_ID) --subscription $STATE_SUBSCRIPTION --expires "$(date -d '+1 year' -u +%Y-%m-%dT%H:%M:%SZ)" --output none + az keyvault secret set --name ${workload_prefix}-fencing-spn-pwd --vault-name $workload_key_vault --value=$FENCING_SPN_PWD --subscription $STATE_SUBSCRIPTION --expires "$(date -d '+1 year' -u +%Y-%m-%dT%H:%M:%SZ)" --output none + az keyvault secret set --name ${workload_prefix}-fencing-spn-tenant --vault-name $workload_key_vault --value $(FENCING_SPN_TENANT) --subscription $STATE_SUBSCRIPTION --expires "$(date -d '+1 year' -u +%Y-%m-%dT%H:%M:%SZ)" --output none + fi + fi + az logout --output none + echo -e "$green--- Add & update files in the DevOps Repository ---$reset" + cd $(Build.Repository.LocalPath) + git pull + + echo -e "$green--- Pull latest ---$reset" + cd $CONFIG_REPO_PATH + git pull + + added=0 + if [ -f ${workload_environment_file_name} ]; then + git add ${workload_environment_file_name} + added=1 + fi + if [ -f ${workload_environment_file_name}.md ]; then + git add ${workload_environment_file_name}.md + added=1 + fi + if [ -f $(Deployment_Configuration_Path)/LANDSCAPE/$(workload_zone_folder)/.terraform/terraform.tfstate ]; then + git add -f $(Deployment_Configuration_Path)/LANDSCAPE/$(workload_zone_folder)/.terraform/terraform.tfstate + added=1 + fi + if [ 1 == $added ]; then + git config --global user.email "$(Build.RequestedForEmail)" + git config --global user.name "$(Build.RequestedFor)" + git commit -m "Added updates from devops deployment $(Build.DefinitionName) [skip ci]" + git -c http.extraheader="AUTHORIZATION: bearer $(System.AccessToken)" push --set-upstream origin $(Build.SourceBranchName) + fi + + if [ -f ${workload_environment_file_name}.md ]; then + echo "##vso[task.uploadsummary]${workload_environment_file_name}.md" + fi + echo -e "$green--- Adding variables to the variable group" $(variable_group) "---$reset" + if [ -n "${VARIABLE_GROUP_ID}" ]; then + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query Terraform_Remote_Storage_Account_Name.value --output table) + if [ -n "${az_var}" ]; then + az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name Terraform_Remote_Storage_Account_Name --value "${REMOTE_STATE_SA}" --output none --only-show-errors + else + az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name Terraform_Remote_Storage_Account_Name --value "${REMOTE_STATE_SA}" --output none --only-show-errors + fi + + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query Terraform_Remote_Storage_Subscription.value --output table) + if [ -n "${az_var}" ]; then + az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name Terraform_Remote_Storage_Subscription --value "${STATE_SUBSCRIPTION}" --output none --only-show-errors + else + az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name Terraform_Remote_Storage_Subscription --value "${STATE_SUBSCRIPTION}" --output none --only-show-errors + fi + + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query Deployer_State_FileName.value --output table) + if [ -n "${az_var}" ]; then + az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name Deployer_State_FileName --value "${deployer_tfstate_key}" --output none --only-show-errors + else + az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name Deployer_State_FileName --value "${deployer_tfstate_key}" --output none --only-show-errors + fi + + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query Deployer_Key_Vault.value --output table) + if [ -n "${az_var}" ]; then + az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name Deployer_Key_Vault --value ${key_vault} --output none --only-show-errors + else + az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name Deployer_Key_Vault --value ${key_vault} --output none --only-show-errors + fi + + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "${NETWORK}"Workload_Key_Vault.value --output table) + if [ -n "${az_var}" ]; then + az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name "${NETWORK}"Workload_Key_Vault --value $workload_key_vault --output none --only-show-errors + else + az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name "${NETWORK}"Workload_Key_Vault --value $workload_key_vault --output none --only-show-errors + fi + + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "${NETWORK}"Workload_Secret_Prefix.value --output table) + if [ -n "${az_var}" ]; then + az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name "${NETWORK}"Workload_Secret_Prefix --value "${workload_prefix}" --output none --only-show-errors + else + az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name "${NETWORK}"Workload_Secret_Prefix --value "${workload_prefix}" --output none --only-show-errors + fi + + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "${NETWORK}"Workload_Zone_State_FileName.value --output table) + if [ -n "${az_var}" ]; then + az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name "${NETWORK}"Workload_Zone_State_FileName --value "${landscape_tfstate_key}" --output none --only-show-errors + else + az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name "${NETWORK}"Workload_Zone_State_FileName --value "${landscape_tfstate_key}" --output none --only-show-errors + fi + + fi + + if [ 0 != $return_code ]; then + echo "##vso[task.logissue type=error]Return code from install_workloadzone $return_code." + if [ -f ${workload_environment_file_name}.err ]; then + error_message=$(cat ${workload_environment_file_name}.err) + echo "##vso[task.logissue type=error]Error message: $error_message." + fi + + fi + + exit $return_code displayName: Deploy SAP Workload Zone env: From ffd2ef124afc909f377b441e36093929d72049b1 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sun, 20 Oct 2024 21:25:26 +0300 Subject: [PATCH 138/279] Refactor echo statements to use variable for workload TFvars --- deploy/pipelines/02-sap-workload-zone.yaml | 3 +-- deploy/scripts/install_deployer.sh | 3 +-- deploy/scripts/install_workloadzone.sh | 5 +++-- deploy/scripts/remove_controlplane.sh | 6 ++++-- deploy/scripts/remover.sh | 13 +++++++------ 5 files changed, 16 insertions(+), 14 deletions(-) diff --git a/deploy/pipelines/02-sap-workload-zone.yaml b/deploy/pipelines/02-sap-workload-zone.yaml index 15409c7d0d..13c39a743a 100644 --- a/deploy/pipelines/02-sap-workload-zone.yaml +++ b/deploy/pipelines/02-sap-workload-zone.yaml @@ -434,7 +434,7 @@ stages: if [ $USE_MSI != "true" ]; then echo "Deployment credentials: Service Principal" - echo "Deployment credential ID: $WL_ARM_CLIENT_ID" + echo "Deployment credential ID (SPN): $WL_ARM_CLIENT_ID" export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET @@ -458,7 +458,6 @@ stages: --region "${LOCATION}" --subscription $ARM_SUBSCRIPTION_ID --spn_id $ARM_CLIENT_ID --spn_secret "${ARM_CLIENT_SECRET}" \ --tenant_id $ARM_TENANT_ID --keyvault_subscription $STATE_SUBSCRIPTION secrets_set=$? ; echo -e "$cyan Set Secrets returned $secrets_set $reset" - # az keyvault set-policy --name "${key_vault}" --spn $ARM_OBJECT_ID --secret-permissions get list --subscription $STATE_SUBSCRIPTION --output none else echo "Deployment credentials: Managed Identity" # export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID diff --git a/deploy/scripts/install_deployer.sh b/deploy/scripts/install_deployer.sh index 5b4edbe12b..551b0b91a0 100755 --- a/deploy/scripts/install_deployer.sh +++ b/deploy/scripts/install_deployer.sh @@ -139,8 +139,7 @@ export TF_DATA_DIR="${param_dirname}"/.terraform this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 export TF_VAR_Agent_IP=$this_ip -echo "Agent IP: $this_ip" - +echo "Agent IP: $this_ip" ok_to_proceed=false new_deployment=false diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index 215a20900b..4bf03f452a 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -64,12 +64,13 @@ this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 deployer_environment=$(echo "${deployer_environment}" | tr "[:lower:]" "[:upper:]") -echo "Deployer environment: $deployer_environment" +echo "Deployer environment: $deployer_environment" if [ 1 == $called_from_ado ] ; then this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 export TF_VAR_Agent_IP=$this_ip - echo "Agent IP: $this_ip" + echo "Agent IP: $this_ip" + fi diff --git a/deploy/scripts/remove_controlplane.sh b/deploy/scripts/remove_controlplane.sh index 630452b8ec..cc6163108b 100755 --- a/deploy/scripts/remove_controlplane.sh +++ b/deploy/scripts/remove_controlplane.sh @@ -177,11 +177,13 @@ init "${automation_config_directory}" "${generic_config_information}" "${deploye this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 export TF_IN_AUTOMATION="true" -echo "Deployer environment: $deployer_environment" +echo "Deployer environment: $deployer_environment" this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 export TF_VAR_Agent_IP=$this_ip -echo "Agent IP: $this_ip" +echo "Agent IP: $this_ip" + + if [ -n "${subscription}" ] then diff --git a/deploy/scripts/remover.sh b/deploy/scripts/remover.sh index dc8f3e78ea..6149e7a29a 100755 --- a/deploy/scripts/remover.sh +++ b/deploy/scripts/remover.sh @@ -193,11 +193,11 @@ fi this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 -echo "Deployer environment: $deployer_environment" - this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 export TF_VAR_Agent_IP=$this_ip -echo "Agent IP: $this_ip" +echo "Agent IP: $this_ip" + + automation_config_directory=$CONFIG_REPO_PATH/.sap_deployment_automation generic_config_information="${automation_config_directory}"/config @@ -218,9 +218,10 @@ if [ "${deployment_system}" == sap_system ]; then system_config_information="${automation_config_directory}"/"${environment}""${region_code}""${network_logical_name}" fi -echo "Configuration file: $system_config_information" -echo "Deployment region: $region" -echo "Deployment region code: $region_code" +echo "Deployer environment: $deployer_environment" +echo "Configuration file: $system_config_information" +echo "Deployment region: $region" +echo "Deployment region code: $region_code" key=$(echo "${parameterfile_name}" | cut -d. -f1) From 7441c0a9471478ca164c459cab344b860cab5a1e Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sun, 20 Oct 2024 21:29:38 +0300 Subject: [PATCH 139/279] Refactor echo statement to use variable for Terraform Storage Account Id --- deploy/scripts/install_workloadzone.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index 4bf03f452a..dc1c5e3b42 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -287,13 +287,14 @@ then fi else - echo "Terraform resource Id: $tfstate_resource_id" + echo "Terraform Storage Account Id: $tfstate_resource_id" save_config_vars "${workload_config_information}" \ tfstate_resource_id fi +echo "" init "${automation_config_directory}" "${generic_config_information}" "${workload_config_information}" param_dirname=$(pwd) From ca31cab981197db374e7e9cfbbee859ca703e8f3 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sun, 20 Oct 2024 21:32:04 +0300 Subject: [PATCH 140/279] Refactor echo statements to use variables for Terraform details --- deploy/scripts/install_workloadzone.sh | 10 ++++++---- deploy/scripts/installer.sh | 15 ++++++++------- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index dc1c5e3b42..e21937ce4e 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -585,11 +585,13 @@ fi root_dirname=$(pwd) +echo "" echo "Terraform details" -echo "Subscription: ${STATE_SUBSCRIPTION}" -echo "Storage Account: ${REMOTE_STATE_SA}" -echo "Resource Group: ${REMOTE_STATE_RG}" -echo "State file: ${key}.terraform.tfstate" +echo "-------------------------------------------------------------------------" +echo "Subscription: ${STATE_SUBSCRIPTION}" +echo "Storage Account: ${REMOTE_STATE_SA}" +echo "Resource Group: ${REMOTE_STATE_RG}" +echo "State file: ${key}.terraform.tfstate" if [ ! -d ./.terraform/ ]; then diff --git a/deploy/scripts/installer.sh b/deploy/scripts/installer.sh index bc87e4526e..240e0d6879 100755 --- a/deploy/scripts/installer.sh +++ b/deploy/scripts/installer.sh @@ -456,14 +456,15 @@ version_parameter="" export TF_DATA_DIR="${param_dirname}/.terraform" terraform --version - +echo "" echo "Terraform details" -echo "Subscription: ${STATE_SUBSCRIPTION}" -echo "Storage Account: ${REMOTE_STATE_SA}" -echo "Resource Group: ${REMOTE_STATE_RG}" -echo "State file: ${key}.terraform.tfstate" -echo "Target subscription: ${ARM_SUBSCRIPTION_ID}" - +echo "-------------------------------------------------------------------------" +echo "Subscription: ${STATE_SUBSCRIPTION}" +echo "Storage Account: ${REMOTE_STATE_SA}" +echo "Resource Group: ${REMOTE_STATE_RG}" +echo "State file: ${key}.terraform.tfstate" +echo "Target subscription: ${ARM_SUBSCRIPTION_ID}" +echo "" check_output=0 if [ -f terraform.tfstate ]; then From ba98a5c0dee58117e58cb733aa324fc03cab025b Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sun, 20 Oct 2024 21:36:30 +0300 Subject: [PATCH 141/279] Refactor echo statements to use variables for Terraform details --- deploy/scripts/helpers/script_helpers.sh | 4 ++-- deploy/scripts/install_workloadzone.sh | 8 ++++---- deploy/scripts/installer.sh | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/deploy/scripts/helpers/script_helpers.sh b/deploy/scripts/helpers/script_helpers.sh index fc96089bea..84ce9ff48d 100755 --- a/deploy/scripts/helpers/script_helpers.sh +++ b/deploy/scripts/helpers/script_helpers.sh @@ -400,7 +400,7 @@ function validate_dependencies { tfPath=$(which terraform) fi - echo "Checking Terraform: $tfPath" + echo "Checking Terraform: $tfPath" # if /opt/terraform exists, assign permissions to the user if [ -d /opt/terraform ]; then @@ -485,7 +485,7 @@ function validate_dependencies { } function validate_key_parameters { - echo "Validating: $1" + echo "Validating: $1" ext=$(echo $1 | cut -d. -f2) # Helper variables diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index e21937ce4e..c45d15e913 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -167,10 +167,10 @@ then fi -echo "Configuration file: $workload_config_information" -echo "Deployment region: $region" -echo "Deployment region code: $region_code" -echo "Keyvault: $keyvault" +echo "Configuration file: $workload_config_information" +echo "Deployment region: $region" +echo "Deployment region code: $region_code" +echo "Keyvault: $keyvault" if [ -n "$STATE_SUBSCRIPTION" ] then diff --git a/deploy/scripts/installer.sh b/deploy/scripts/installer.sh index 240e0d6879..534293255d 100755 --- a/deploy/scripts/installer.sh +++ b/deploy/scripts/installer.sh @@ -156,9 +156,9 @@ automation_config_directory=$CONFIG_REPO_PATH/.sap_deployment_automation/ generic_config_information="${automation_config_directory}"config system_config_information="${automation_config_directory}""${environment}""${region_code}""${network_logical_name}" -echo "Configuration file: $system_config_information" -echo "Deployment region: $region" -echo "Deployment region code: $region_code" +echo "Configuration file: $system_config_information" +echo "Deployment region: $region" +echo "Deployment region code: $region_code" if [ 1 == $called_from_ado ] ; then this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 From c08dd5e3632181ecfc7ff7e7548a0b00c764eb26 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sun, 20 Oct 2024 21:37:14 +0300 Subject: [PATCH 142/279] Refactor echo statements to use variables for Terraform details --- deploy/scripts/deploy_utils.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/scripts/deploy_utils.sh b/deploy/scripts/deploy_utils.sh index ca79caf342..6028f0291a 100755 --- a/deploy/scripts/deploy_utils.sh +++ b/deploy/scripts/deploy_utils.sh @@ -128,7 +128,7 @@ function get_and_store_sa_details { local REMOTE_STATE_SA="${1}" local config_file_name="${2}" - echo "Trying to find the storage account: ${REMOTE_STATE_SA}" + echo "Trying to find the storage account: ${REMOTE_STATE_SA}" save_config_vars "${config_file_name}" REMOTE_STATE_SA if [ -z $STATE_SUBSCRIPTION ];then @@ -144,7 +144,7 @@ function get_and_store_sa_details { REMOTE_STATE_RG \ tfstate_resource_id \ STATE_SUBSCRIPTION - echo "Found the storage account: ${REMOTE_STATE_SA}" + echo "Found the storage account: ${REMOTE_STATE_SA}" } # /*---------------------------------------------------------------------------8 From a51c461cb7edddd5dc656d2afda6edc020cca760 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sun, 20 Oct 2024 21:49:29 +0300 Subject: [PATCH 143/279] Refactor echo statements to use variables consistently --- deploy/pipelines/03-sap-system-deployment.yaml | 8 ++++---- deploy/scripts/installer.sh | 12 ++++++------ 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/deploy/pipelines/03-sap-system-deployment.yaml b/deploy/pipelines/03-sap-system-deployment.yaml index 6bc585d1f0..9acea5d156 100644 --- a/deploy/pipelines/03-sap-system-deployment.yaml +++ b/deploy/pipelines/03-sap-system-deployment.yaml @@ -327,10 +327,10 @@ stages: export workload_key_vault=${az_var} fi - echo "Deployer state file: $deployer_tfstate_key" - echo "Deployer Key Vault: $key_vault" - echo "Workload Zone state file: $landscape_tfstate_key" - echo "Workload Zone Key Vault: $workload_key_vault" + echo "Deployer state file: $deployer_tfstate_key" + echo "Deployer Key Vault: $key_vault" + echo "Workload Zone state file: $landscape_tfstate_key" + echo "Workload Zone Key Vault: $workload_key_vault" echo -e "$green--- Run the installer script that deploys the SAP System ---$reset" diff --git a/deploy/scripts/installer.sh b/deploy/scripts/installer.sh index 534293255d..f475abed9c 100755 --- a/deploy/scripts/installer.sh +++ b/deploy/scripts/installer.sh @@ -50,10 +50,10 @@ do done -echo "Parameter file: $parameterfile" -echo "Current directory: $(pwd)" -echo "Terraform state subscription_id: ${STATE_SUBSCRIPTION}" -echo "Terraform state storage account name: ${REMOTE_STATE_SA}" +echo "Parameter file: $parameterfile" +echo "Current directory: $(pwd)" +echo "Terraform state subscription_id: ${STATE_SUBSCRIPTION}" +echo "Terraform state storage account name:${REMOTE_STATE_SA}" tfstate_resource_id="" tfstate_parameter="" @@ -163,7 +163,7 @@ echo "Deployment region code: $region_code" if [ 1 == $called_from_ado ] ; then this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 export TF_VAR_Agent_IP=$this_ip - echo "Agent IP: $this_ip" + echo "Agent IP: $this_ip" fi @@ -190,7 +190,7 @@ if [[ -n "${TF_PARALLELLISM}" ]]; then parallelism=$TF_PARALLELLISM fi -echo "Parallelism count: $parallelism" +echo "Parallelism count: $parallelism" param_dirname=$(pwd) From d27620a653b69d8a8c6d6bdc0ab059b747862526 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sun, 20 Oct 2024 21:58:25 +0300 Subject: [PATCH 144/279] Refactor echo statements to use variables consistently --- deploy/pipelines/01-deploy-control-plane.yaml | 7 ++++++- deploy/pipelines/03-sap-system-deployment.yaml | 5 +++-- deploy/pipelines/10-remover-terraform.yaml | 11 ++++++++++- 3 files changed, 19 insertions(+), 4 deletions(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index 403831e408..009941686d 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -246,6 +246,8 @@ stages: if [ "$USE_MSI" = "true" ]; then export ARM_CLIENT_SECRET=$servicePrincipalKey export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID + echo "Deployment credentials: Managed Identity" + $SAP_AUTOMATION_REPO_PATH/deploy/scripts/deploy_controlplane.sh \ --deployer_parameter_file ${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/$(deployerconfig) \ @@ -259,6 +261,9 @@ stages: export ARM_USE_OIDC=false export ARM_USE_AZUREAD=true + echo "Deployment credentials: Service Principal" + echo "Deployment credential ID (SPN): $WL_ARM_CLIENT_ID" + az login --service-principal -u $ARM_CLIENT_ID -p=$ARM_CLIENT_SECRET --tenant $ARM_TENANT_ID --output none $SAP_AUTOMATION_REPO_PATH/deploy/scripts/deploy_controlplane.sh \ @@ -270,7 +275,7 @@ stages: fi return_code=$? - echo "Return code from deploy_controlplane $return_code." + echo "Deploy_controlplane returned $return_code." set -eu diff --git a/deploy/pipelines/03-sap-system-deployment.yaml b/deploy/pipelines/03-sap-system-deployment.yaml index 9acea5d156..1789521a63 100644 --- a/deploy/pipelines/03-sap-system-deployment.yaml +++ b/deploy/pipelines/03-sap-system-deployment.yaml @@ -260,7 +260,8 @@ stages: fi if [ $USE_MSI != "true" ]; then - echo -e "$cyan --- Install using Service Principals ---$reset" + echo "Deployment credentials: Service Principal" + echo "Deployment credential ID (SPN): $WL_ARM_CLIENT_ID" export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET @@ -275,7 +276,7 @@ stages: exit $return_code fi else - echo -e "$cyan --- Install using Managed Identity ---$reset" + echo "Deployment credentials: Managed Identity" export ARM_USE_MSI=true export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID unset ARM_TENANT_ID diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index 236be63dc4..89e1c7dec0 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -193,7 +193,7 @@ stages: az devops configure --defaults organization=$(System.CollectionUri) project='$(System.TeamProject)' --output none export VARIABLE_GROUP_ID=$(az pipelines variable-group list --query "[?name=='$(variable_group)'].id | [0]") - echo '$(variable_group) id: ' $VARIABLE_GROUP_ID + if [ -z ${VARIABLE_GROUP_ID} ]; then echo "##vso[task.logissue type=error]Variable group $(variable_group) could not be found." exit 2 @@ -287,6 +287,11 @@ stages: echo "Network(filename): $NETWORK_IN_FILENAME" echo "SID(filename): $SID_IN_FILENAME" + printf -v val '%-15s' "$(variable_group) id:" + echo "$val $VARIABLE_GROUP_ID" + printf -v val '%-15s' "$(parent_variable_group) id:" + echo "$val $PARENT_VARIABLE_GROUP_ID" + echo "" if [ $ENVIRONMENT != $ENVIRONMENT_IN_FILENAME ]; then @@ -648,6 +653,10 @@ stages: echo "Location(filename): $LOCATION_IN_FILENAME" echo "Network(filename): $NETWORK_IN_FILENAME" echo "" + printf -v val '%-15s' "$(variable_group) id:" + echo "$val $VARIABLE_GROUP_ID" + printf -v val '%-15s' "$(parent_variable_group) id:" + echo "$val $PARENT_VARIABLE_GROUP_ID" if [ $ENVIRONMENT != $ENVIRONMENT_IN_FILENAME ]; then echo "##vso[task.logissue type=error]The environment setting in $(workload_zone_configuration_file) '$ENVIRONMENT' does not match the $(workload_zone_configuration_file) file name '$ENVIRONMENT_IN_FILENAME'. Filename should have the pattern [ENVIRONMENT]-[REGION_CODE]-[NETWORK_LOGICAL_NAME]-INFRASTRUCTURE" From 8d849068be5b2fc755c05c39e8cb7940c0b021d4 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sun, 20 Oct 2024 22:08:42 +0300 Subject: [PATCH 145/279] Refactor echo statements to use variables consistently and for Terraform details --- deploy/pipelines/10-remover-terraform.yaml | 46 ++++++++++------------ 1 file changed, 21 insertions(+), 25 deletions(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index 89e1c7dec0..89a047cbdf 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -164,7 +164,8 @@ stages: rm -f terraform_$(tf_version)_linux_amd64.zip else if [ $USE_MSI != "true" ]; then - echo -e "$cyan--- Remove using Service Principals ---$reset" + echo "Deployment credentials: Service Principal" + echo "Deployment credential ID (SPN): $WL_ARM_CLIENT_ID" export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET @@ -179,7 +180,8 @@ stages: exit $return_code fi else - echo -e "$cyan--- Remove using Managed Identity ---$reset" + echo "Deployment credentials: ^Managed Identity" + export ARM_USE_MSI=true export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID unset ARM_TENANT_ID @@ -188,9 +190,9 @@ stages: fi echo -e "$green--- Configure devops CLI extension ---$reset" - az config set extension.use_dynamic_install=yes_without_prompt --output none + az config set extension.use_dynamic_install=yes_without_prompt --output none --only-show-errors - az devops configure --defaults organization=$(System.CollectionUri) project='$(System.TeamProject)' --output none + az devops configure --defaults organization=$(System.CollectionUri) project='$(System.TeamProject)' --output none --only-show-errors export VARIABLE_GROUP_ID=$(az pipelines variable-group list --query "[?name=='$(variable_group)'].id | [0]") @@ -368,38 +370,35 @@ stages: az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "${NETWORK}Workload_Key_Vault.value" --out tsv) if [ -z ${az_var} ]; then export workload_key_vault=$(cat "${workload_environment_file_name}" | grep workloadkeyvault | awk -F'=' '{print $2}' | xargs) - echo "Workload Key Vault: ${workload_key_vault}" else export workload_key_vault="${az_var}" - echo "Workload Key Vault: ${workload_key_vault}" fi if [ -n $(Deployer_Key_Vault) ]; then export key_vault=$(Deployer_Key_Vault) - echo "Deployer Key Vault: ${key_vault}" else export key_vault=$(cat ${workload_environment_file_name} | grep keyvault= -m1 | awk -F'=' '{print $2}' | xargs) - echo "Deployer Key Vault: ${key_vault}" fi az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Subscription.value" --out tsv) if [ -n "${az_var}" ]; then STATE_SUBSCRIPTION="${az_var}" - echo "TF state subscription: $STATE_SUBSCRIPTION" else - STATE_SUBSCRIPTION=$(cat ${workload_environment_file_name} | grep STATE_SUBSCRIPTION= | awk -F'=' '{print $2}' | xargs) - echo "TF state subscription: $STATE_SUBSCRIPTION" + STATE_SUBSCRIPTION=$(grep "^STATE_SUBSCRIPTION=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) fi az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Account_Name.value" --out tsv) if [ -n "${az_var}" ]; then REMOTE_STATE_SA="${az_var}" - echo "TF state account: $REMOTE_STATE_SA" else - REMOTE_STATE_SA=$(cat ${workload_environment_file_name} | grep REMOTE_STATE_SA | awk -F'=' '{print $2}' | xargs) - echo "TF state account: $REMOTE_STATE_SA" + REMOTE_STATE_SA=$(grep "REMOTE_STATE_SA" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) fi + echo "Deployer Key Vault: ${key_vault}" + echo "Workload Key Vault: ${workload_key_vault}" + echo "TF state subscription: $STATE_SUBSCRIPTION" + echo "TF state account: $REMOTE_STATE_SA" + echo -e "$green--- Run the remover script that destroys the SAP system ---$reset" cd $CONFIG_REPO_PATH/SYSTEM/$(sap_system_folder) ${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/remover.sh \ @@ -684,38 +683,35 @@ stages: az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "${NETWORK}Workload_Key_Vault.value" --out tsv) if [ -z ${az_var} ]; then export workload_key_vault=$(cat "${workload_environment_file_name}" | grep workloadkeyvault | awk -F'=' '{print $2}' | xargs) - echo "Workload Key Vault: ${workload_key_vault}" else export workload_key_vault="${az_var}" - echo "Workload Key Vault: ${workload_key_vault}" fi if [ -n $(Deployer_Key_Vault) ]; then export key_vault=$(Deployer_Key_Vault) - echo "Deployer Key Vault: ${key_vault}" else - export key_vault=$(cat ${workload_environment_file_name} | grep keyvault= -m1 | awk -F'=' '{print $2}' | xargs) - echo "Deployer Key Vault: ${key_vault}" + export key_vault=$(grep "^keyvault=" -m1 ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) fi az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Subscription.value" --out tsv) if [ -n "${az_var}" ]; then STATE_SUBSCRIPTION="${az_var}" - echo "TF state subscription: $STATE_SUBSCRIPTION" else - STATE_SUBSCRIPTION=$(cat ${workload_environment_file_name} | grep STATE_SUBSCRIPTION= | awk -F'=' '{print $2}' | xargs) - echo "TF state subscription: $STATE_SUBSCRIPTION" + STATE_SUBSCRIPTION=$(grep "^STATE_SUBSCRIPTION=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) fi az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Account_Name.value" --out tsv) if [ -n "${az_var}" ]; then REMOTE_STATE_SA="${az_var}" - echo "TF state account: $REMOTE_STATE_SA" else - REMOTE_STATE_SA=$(cat ${workload_environment_file_name} | grep REMOTE_STATE_SA | awk -F'=' '{print $2}' | xargs) - echo "TF state account: $REMOTE_STATE_SA" + REMOTE_STATE_SA=$(grep "REMOTE_STATE_SA" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) fi + echo "Workload Key Vault: ${workload_key_vault}" + echo "Deployer Key Vault: ${key_vault}" + echo "TF state subscription: $STATE_SUBSCRIPTION" + echo "TF state account: $REMOTE_STATE_SA" + # Check if running on deployer if [[ ! -f /etc/profile.d/deploy_server.sh ]]; then From 7a21c1a7b75bcbd62761077e7ee0176d599ece72 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sun, 20 Oct 2024 22:19:34 +0300 Subject: [PATCH 146/279] Refactor echo statements to consistently use variables --- deploy/pipelines/10-remover-terraform.yaml | 417 +++++++++++---------- 1 file changed, 209 insertions(+), 208 deletions(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index 89a047cbdf..f6f20f4f59 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -94,132 +94,132 @@ stages: echo "##vso[build.updatebuildnumber]Removing the SAP System defined in $(sap_system_folder)" echo -e "$green--- Validations ---$reset" - HOME_CONFIG=${CONFIG_REPO_PATH} - cd $HOME_CONFIG; mkdir -p .sap_deployment_automation - if [ ! -f SYSTEM/$(sap_system_folder)/$(sap_system_configuration) ]; then + HOME_CONFIG=${CONFIG_REPO_PATH} + cd $HOME_CONFIG; mkdir -p .sap_deployment_automation + if [ ! -f SYSTEM/$(sap_system_folder)/$(sap_system_configuration) ]; then echo -e "$boldred--- $HOME_CONFIG/SYSTEM/$(sap_system_folder)/$(sap_system_configuration) was not found ---$reset" echo "##vso[task.logissue type=error]File SYSTEM/$(sap_system_folder)/$(sap_system_configuration) was not found." exit 2 - fi + fi - if [ $USE_MSI != "true" ]; then + if [ $USE_MSI != "true" ]; then - if [ -z $WL_ARM_SUBSCRIPTION_ID ]; then - echo "##vso[task.logissue type=error]Variable ARM_SUBSCRIPTION_ID was not defined in the $(variable_group) variable group." - exit 2 - fi + if [ -z $WL_ARM_SUBSCRIPTION_ID ]; then + echo "##vso[task.logissue type=error]Variable ARM_SUBSCRIPTION_ID was not defined in the $(variable_group) variable group." + exit 2 + fi - if [ $WL_ARM_SUBSCRIPTION_ID == '$$(ARM_SUBSCRIPTION_ID)' ]; then - echo "##vso[task.logissue type=error]Variable ARM_SUBSCRIPTION_ID was not defined in the $(variable_group) variable group." - exit 2 - fi + if [ $WL_ARM_SUBSCRIPTION_ID == '$$(ARM_SUBSCRIPTION_ID)' ]; then + echo "##vso[task.logissue type=error]Variable ARM_SUBSCRIPTION_ID was not defined in the $(variable_group) variable group." + exit 2 + fi - if [ -z $WL_ARM_CLIENT_ID ]; then - echo "##vso[task.logissue type=error]Variable ARM_CLIENT_ID was not defined in the $(variable_group) variable group." - exit 2 - fi + if [ -z $WL_ARM_CLIENT_ID ]; then + echo "##vso[task.logissue type=error]Variable ARM_CLIENT_ID was not defined in the $(variable_group) variable group." + exit 2 + fi - if [ $WL_ARM_CLIENT_ID == '$$(ARM_CLIENT_ID)' ]; then - echo "##vso[task.logissue type=error]Variable ARM_CLIENT_ID was not defined in the $(variable_group) variable group." - exit 2 - fi + if [ $WL_ARM_CLIENT_ID == '$$(ARM_CLIENT_ID)' ]; then + echo "##vso[task.logissue type=error]Variable ARM_CLIENT_ID was not defined in the $(variable_group) variable group." + exit 2 + fi - if [ -z $WL_ARM_CLIENT_SECRET ]; then - echo "##vso[task.logissue type=error]Variable ARM_CLIENT_SECRET was not defined in the $(variable_group) variable group." - exit 2 - fi + if [ -z $WL_ARM_CLIENT_SECRET ]; then + echo "##vso[task.logissue type=error]Variable ARM_CLIENT_SECRET was not defined in the $(variable_group) variable group." + exit 2 + fi - if [ $WL_ARM_CLIENT_SECRET == '$$(ARM_CLIENT_SECRET)' ]; then - echo "##vso[task.logissue type=error]Variable ARM_CLIENT_SECRET was not defined in the $(variable_group) variable group." - exit 2 - fi + if [ $WL_ARM_CLIENT_SECRET == '$$(ARM_CLIENT_SECRET)' ]; then + echo "##vso[task.logissue type=error]Variable ARM_CLIENT_SECRET was not defined in the $(variable_group) variable group." + exit 2 + fi - if [ -z $WL_ARM_TENANT_ID ]; then - echo "##vso[task.logissue type=error]Variable ARM_TENANT_ID was not defined in the $(variable_group) variable group." - exit 2 - fi + if [ -z $WL_ARM_TENANT_ID ]; then + echo "##vso[task.logissue type=error]Variable ARM_TENANT_ID was not defined in the $(variable_group) variable group." + exit 2 + fi - if [ $WL_ARM_TENANT_ID == '$$(ARM_TENANT_ID)' ]; then - echo "##vso[task.logissue type=error]Variable ARM_TENANT_ID was not defined in the $(variable_group) variable group." - exit 2 - fi + if [ $WL_ARM_TENANT_ID == '$$(ARM_TENANT_ID)' ]; then + echo "##vso[task.logissue type=error]Variable ARM_TENANT_ID was not defined in the $(variable_group) variable group." + exit 2 + fi - fi + fi # Check if running on deployer if [[ ! -f /etc/profile.d/deploy_server.sh ]]; then - echo -e "$green--- Install dos2unix ---$reset" + echo -e "$green--- Install dos2unix ---$reset" sudo apt-get -qq install dos2unix - echo -e "$green--- Install terraform ---$reset" + echo -e "$green--- Install terraform ---$reset" wget -q $(tf_url) return_code=$? if [ 0 != $return_code ]; then - echo "##vso[task.logissue type=error]Unable to download Terraform version $(tf_version)." - exit 2 + echo "##vso[task.logissue type=error]Unable to download Terraform version $(tf_version)." + exit 2 fi unzip -qq terraform_$(tf_version)_linux_amd64.zip ; sudo mv terraform /bin/ rm -f terraform_$(tf_version)_linux_amd64.zip else - if [ $USE_MSI != "true" ]; then - echo "Deployment credentials: Service Principal" - echo "Deployment credential ID (SPN): $WL_ARM_CLIENT_ID" - - export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID - export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET - export ARM_TENANT_ID=$WL_ARM_TENANT_ID - export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID - unset ARM_USE_MSI - az login --service-principal --username $WL_ARM_CLIENT_ID --password=$WL_ARM_CLIENT_SECRET --tenant $WL_ARM_TENANT_ID --output none - return_code=$? - if [ 0 != $return_code ]; then - echo -e "$boldred--- Login failed ---$reset" - echo "##vso[task.logissue type=error]az login failed." - exit $return_code - fi - else - echo "Deployment credentials: ^Managed Identity" + if [ $USE_MSI != "true" ]; then + echo "Deployment credentials: Service Principal" + echo "Deployment credential ID (SPN): $WL_ARM_CLIENT_ID" + + export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID + export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET + export ARM_TENANT_ID=$WL_ARM_TENANT_ID + export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID + unset ARM_USE_MSI + az login --service-principal --username $WL_ARM_CLIENT_ID --password=$WL_ARM_CLIENT_SECRET --tenant $WL_ARM_TENANT_ID --output none + return_code=$? + if [ 0 != $return_code ]; then + echo -e "$boldred--- Login failed ---$reset" + echo "##vso[task.logissue type=error]az login failed." + exit $return_code + fi + else + echo "Deployment credentials: ^Managed Identity" - export ARM_USE_MSI=true - export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID - unset ARM_TENANT_ID - az login --identity --allow-no-subscriptions --output none - fi + export ARM_USE_MSI=true + export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID + unset ARM_TENANT_ID + az login --identity --allow-no-subscriptions --output none + fi fi echo -e "$green--- Configure devops CLI extension ---$reset" - az config set extension.use_dynamic_install=yes_without_prompt --output none --only-show-errors + az config set extension.use_dynamic_install=yes_without_prompt --output none --only-show-errors - az devops configure --defaults organization=$(System.CollectionUri) project='$(System.TeamProject)' --output none --only-show-errors + az devops configure --defaults organization=$(System.CollectionUri) project='$(System.TeamProject)' --output none --only-show-errors - export VARIABLE_GROUP_ID=$(az pipelines variable-group list --query "[?name=='$(variable_group)'].id | [0]") + export VARIABLE_GROUP_ID=$(az pipelines variable-group list --query "[?name=='$(variable_group)'].id | [0]") - if [ -z ${VARIABLE_GROUP_ID} ]; then + if [ -z ${VARIABLE_GROUP_ID} ]; then echo "##vso[task.logissue type=error]Variable group $(variable_group) could not be found." exit 2 - fi - export PARENT_VARIABLE_GROUP_ID=$(az pipelines variable-group list --query "[?name=='$(parent_variable_group)'].id | [0]"); echo PARENT_VARIABLE_GROUP_ID $PARENT_VARIABLE_GROUP_ID - if [ -z ${PARENT_VARIABLE_GROUP_ID} ]; then - echo "##vso[task.logissue type=error]Variable group $(parent_variable_group) could not be found." - exit 2 - fi + fi + export PARENT_VARIABLE_GROUP_ID=$(az pipelines variable-group list --query "[?name=='$(parent_variable_group)'].id | [0]"); echo PARENT_VARIABLE_GROUP_ID $PARENT_VARIABLE_GROUP_ID + if [ -z ${PARENT_VARIABLE_GROUP_ID} ]; then + echo "##vso[task.logissue type=error]Variable group $(parent_variable_group) could not be found." + exit 2 + fi echo -e "$green--- Convert config file to UX format ---$reset" - dos2unix -q $HOME_CONFIG/SYSTEM/$(sap_system_folder)/$(sap_system_configuration) + dos2unix -q $HOME_CONFIG/SYSTEM/$(sap_system_folder)/$(sap_system_configuration) echo -e "$green--- Read parameters ---$reset" - ENVIRONMENT=$(grep "^environment" $HOME_CONFIG/SYSTEM/$(sap_system_folder)/$(sap_system_configuration) | awk -F'=' '{print $2}' | xargs) - LOCATION=$(grep "^location" $HOME_CONFIG/SYSTEM/$(sap_system_folder)/$(sap_system_configuration) | awk -F'=' '{print $2}' | xargs | tr 'A-Z' 'a-z') - NETWORK=$(grep "^network_logical_name" $HOME_CONFIG/SYSTEM/$(sap_system_folder)/$(sap_system_configuration) | awk -F'=' '{print $2}' | xargs) - SID=$(grep "^sid" $HOME_CONFIG/SYSTEM/$(sap_system_folder)/$(sap_system_configuration) | awk -F'=' '{print $2}' | xargs) + ENVIRONMENT=$(grep "^environment" $HOME_CONFIG/SYSTEM/$(sap_system_folder)/$(sap_system_configuration) | awk -F'=' '{print $2}' | xargs) + LOCATION=$(grep "^location" $HOME_CONFIG/SYSTEM/$(sap_system_folder)/$(sap_system_configuration) | awk -F'=' '{print $2}' | xargs | tr 'A-Z' 'a-z') + NETWORK=$(grep "^network_logical_name" $HOME_CONFIG/SYSTEM/$(sap_system_folder)/$(sap_system_configuration) | awk -F'=' '{print $2}' | xargs) + SID=$(grep "^sid" $HOME_CONFIG/SYSTEM/$(sap_system_folder)/$(sap_system_configuration) | awk -F'=' '{print $2}' | xargs) - ENVIRONMENT_IN_FILENAME=$(echo $(sap_system_folder) | awk -F'-' '{print $1}' | xargs) ; - LOCATION_CODE=$(echo $(sap_system_folder) | awk -F'-' '{print $2}' | xargs) ; - NETWORK_IN_FILENAME=$(echo $(sap_system_folder) | awk -F'-' '{print $3}' | xargs) ; - SID_IN_FILENAME=$(echo $(sap_system_folder) | awk -F'-' '{print $4}' | xargs) ; - case "$LOCATION_CODE" in + ENVIRONMENT_IN_FILENAME=$(echo $(sap_system_folder) | awk -F'-' '{print $1}' | xargs) ; + LOCATION_CODE=$(echo $(sap_system_folder) | awk -F'-' '{print $2}' | xargs) ; + NETWORK_IN_FILENAME=$(echo $(sap_system_folder) | awk -F'-' '{print $3}' | xargs) ; + SID_IN_FILENAME=$(echo $(sap_system_folder) | awk -F'-' '{print $4}' | xargs) ; + case "$LOCATION_CODE" in "AUCE") LOCATION_IN_FILENAME="australiacentral" ;; "AUC2") LOCATION_IN_FILENAME="australiacentral2" ;; "AUEA") LOCATION_IN_FILENAME="australiaeast" ;; @@ -276,192 +276,193 @@ stages: "WUS2") LOCATION_IN_FILENAME="westus2" ;; "WUS3") LOCATION_IN_FILENAME="westus3" ;; *) LOCATION_IN_FILENAME="westeurope" ;; - esac + esac - echo "Environment: $ENVIRONMENT" - echo "Location: $LOCATION" - echo "Network: $NETWORK" - echo "SID: $SID" - echo "" - echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" - echo "Location(filename): $LOCATION_IN_FILENAME" - echo "Network(filename): $NETWORK_IN_FILENAME" - echo "SID(filename): $SID_IN_FILENAME" + echo "Environment: $ENVIRONMENT" + echo "Location: $LOCATION" + echo "Network: $NETWORK" + echo "SID: $SID" + echo "" + echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" + echo "Location(filename): $LOCATION_IN_FILENAME" + echo "Network(filename): $NETWORK_IN_FILENAME" + echo "SID(filename): $SID_IN_FILENAME" + echo "Deployment credentials: Service Principal" - printf -v val '%-15s' "$(variable_group) id:" - echo "$val $VARIABLE_GROUP_ID" - printf -v val '%-15s' "$(parent_variable_group) id:" - echo "$val $PARENT_VARIABLE_GROUP_ID" + printf -v val '%-15s' "$(variable_group) id:" + echo "$val $VARIABLE_GROUP_ID" + printf -v val '%-15s' "$(parent_variable_group) id:" + echo "$val $PARENT_VARIABLE_GROUP_ID" - echo "" + echo "" - if [ $ENVIRONMENT != $ENVIRONMENT_IN_FILENAME ]; then + if [ $ENVIRONMENT != $ENVIRONMENT_IN_FILENAME ]; then echo "##vso[task.logissue type=error]The environment setting in $(sap_system_configuration) '$ENVIRONMENT' does not match the $(sap_system_configuration) file name '$ENVIRONMENT_IN_FILENAME'. Filename should have the pattern [ENVIRONMENT]-[REGION_CODE]-[NETWORK_LOGICAL_NAME]-[SID]" exit 2 - fi + fi - if [ $LOCATION != $LOCATION_IN_FILENAME ]; then + if [ $LOCATION != $LOCATION_IN_FILENAME ]; then echo "##vso[task.logissue type=error]The location setting in $(sap_system_configuration) '$LOCATION' does not match the $(sap_system_configuration) file name '$LOCATION_IN_FILENAME'. Filename should have the pattern [ENVIRONMENT]-[REGION_CODE]-[NETWORK_LOGICAL_NAME]-[SID]" exit 2 - fi + fi - if [ $NETWORK != $NETWORK_IN_FILENAME ]; then + if [ $NETWORK != $NETWORK_IN_FILENAME ]; then echo "##vso[task.logissue type=error]The network_logical_name setting in $(sap_system_configuration) '$NETWORK' does not match the $(sap_system_configuration) file name '$NETWORK_IN_FILENAME-. Filename should have the pattern [ENVIRONMENT]-[REGION_CODE]-[NETWORK_LOGICAL_NAME]-[SID]" exit 2 - fi + fi - if [ $SID != $SID_IN_FILENAME ]; then + if [ $SID != $SID_IN_FILENAME ]; then echo "##vso[task.logissue type=error]The sid setting in $(sap_system_configuration) '$SID' does not match the $(sap_system_configuration) file name '$SID_IN_FILENAME-. Filename should have the pattern [ENVIRONMENT]-[REGION_CODE]-[NETWORK_LOGICAL_NAME]-[SID]" exit 2 - fi + fi # Check if running on deployer if [[ ! -f /etc/profile.d/deploy_server.sh ]]; then - if [ $LOGON_USING_SPN == "true" ]; then - echo "Logon Using SPN" + if [ $LOGON_USING_SPN == "true" ]; then + echo "Logon Using SPN" - export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID - export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET - export ARM_TENANT_ID=$WL_ARM_TENANT_ID - export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID - export ARM_USE_MSI=false - az login --service-principal --username $WL_ARM_CLIENT_ID --password=$WL_ARM_CLIENT_SECRET --tenant $WL_ARM_TENANT_ID --output none - return_code=$? - if [ 0 != $return_code ]; then - echo -e "$boldred--- Login failed ---$reset" - echo "##vso[task.logissue type=error]az login failed." - exit $return_code + export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID + export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET + export ARM_TENANT_ID=$WL_ARM_TENANT_ID + export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID + export ARM_USE_MSI=false + az login --service-principal --username $WL_ARM_CLIENT_ID --password=$WL_ARM_CLIENT_SECRET --tenant $WL_ARM_TENANT_ID --output none + return_code=$? + if [ 0 != $return_code ]; then + echo -e "$boldred--- Login failed ---$reset" + echo "##vso[task.logissue type=error]az login failed." + exit $return_code + fi + else + export ARM_USE_MSI=true + az login --identity --allow-no-subscriptions --output none fi - else - export ARM_USE_MSI=true - az login --identity --allow-no-subscriptions --output none - fi else - echo -e "$green--- Running on deployer ---$reset" + echo -e "$green--- Running on deployer ---$reset" - if [ $USE_MSI != "true" ]; then - echo -e "$cyan--- Remove using Service Principals ---$reset" + if [ $USE_MSI != "true" ]; then + echo -e "$cyan--- Remove using Service Principals ---$reset" - export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID - export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET - export ARM_TENANT_ID=$WL_ARM_TENANT_ID - export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID - unset ARM_USE_MSI - az login --service-principal --username $WL_ARM_CLIENT_ID --password=$WL_ARM_CLIENT_SECRET --tenant $WL_ARM_TENANT_ID --output none - return_code=$? - if [ 0 != $return_code ]; then - echo -e "$boldred--- Login failed ---$reset" - echo "##vso[task.logissue type=error]az login failed." - exit $return_code + export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID + export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET + export ARM_TENANT_ID=$WL_ARM_TENANT_ID + export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID + unset ARM_USE_MSI + az login --service-principal --username $WL_ARM_CLIENT_ID --password=$WL_ARM_CLIENT_SECRET --tenant $WL_ARM_TENANT_ID --output none + return_code=$? + if [ 0 != $return_code ]; then + echo -e "$boldred--- Login failed ---$reset" + echo "##vso[task.logissue type=error]az login failed." + exit $return_code + fi + else + echo -e "$cyan --- Remove using Managed Identity ---$reset" + export ARM_USE_MSI=true + export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID + unset ARM_TENANT_ID + az login --identity --allow-no-subscriptions --output none fi - else - echo -e "$cyan --- Remove using Managed Identity ---$reset" - export ARM_USE_MSI=true - export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID - unset ARM_TENANT_ID - az login --identity --allow-no-subscriptions --output none - fi fi echo -e "$green--- Set variables ---$reset" - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "${NETWORK}Workload_Key_Vault.value" --out tsv) - if [ -z ${az_var} ]; then - export workload_key_vault=$(cat "${workload_environment_file_name}" | grep workloadkeyvault | awk -F'=' '{print $2}' | xargs) - else + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "${NETWORK}Workload_Key_Vault.value" --out tsv) + if [ -z ${az_var} ]; then + export workload_key_vault=$(grep "^workloadkeyvault=" -m1 "${workload_environment_file_name}" | awk -F'=' '{print $2}' | xargs) + else export workload_key_vault="${az_var}" - fi + fi - if [ -n $(Deployer_Key_Vault) ]; then + if [ -n $(Deployer_Key_Vault) ]; then export key_vault=$(Deployer_Key_Vault) - else - export key_vault=$(cat ${workload_environment_file_name} | grep keyvault= -m1 | awk -F'=' '{print $2}' | xargs) - fi + else + export key_vault=$(grep "^keyvault=" -m1 ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) + fi - az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Subscription.value" --out tsv) - if [ -n "${az_var}" ]; then + az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Subscription.value" --out tsv) + if [ -n "${az_var}" ]; then STATE_SUBSCRIPTION="${az_var}" - else + else STATE_SUBSCRIPTION=$(grep "^STATE_SUBSCRIPTION=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) - fi + fi - az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Account_Name.value" --out tsv) - if [ -n "${az_var}" ]; then + az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Account_Name.value" --out tsv) + if [ -n "${az_var}" ]; then REMOTE_STATE_SA="${az_var}" - else + else REMOTE_STATE_SA=$(grep "REMOTE_STATE_SA" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) - fi + fi - echo "Deployer Key Vault: ${key_vault}" - echo "Workload Key Vault: ${workload_key_vault}" - echo "TF state subscription: $STATE_SUBSCRIPTION" - echo "TF state account: $REMOTE_STATE_SA" + echo "Deployer Key Vault: ${key_vault}" + echo "Workload Key Vault: ${workload_key_vault}" + echo "TF state subscription: $STATE_SUBSCRIPTION" + echo "TF state account: $REMOTE_STATE_SA" echo -e "$green--- Run the remover script that destroys the SAP system ---$reset" - cd $CONFIG_REPO_PATH/SYSTEM/$(sap_system_folder) - ${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/remover.sh \ - --parameterfile $(sap_system_configuration) \ - --type sap_system \ - --state_subscription ${STATE_SUBSCRIPTION} \ - --storageaccountname "${REMOTE_STATE_SA}" \ - --auto-approve - return_code=$? + cd $CONFIG_REPO_PATH/SYSTEM/$(sap_system_folder) + ${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/remover.sh \ + --parameterfile $(sap_system_configuration) \ + --type sap_system \ + --state_subscription ${STATE_SUBSCRIPTION} \ + --storageaccountname "${REMOTE_STATE_SA}" \ + --auto-approve + return_code=$? echo -e "$green--- Pull latest from DevOps Repository ---$reset" - git checkout -q $(Build.SourceBranchName) - git pull + git checkout -q $(Build.SourceBranchName) + git pull #stop the pipeline after you have reset the whitelisting on your resources echo "Return code from remover.sh $return_code." if [ 0 != $return_code ]; then - echo "##vso[task.logissue type=error]Return code from remover.sh $return_code." - exit $return_code + echo "##vso[task.logissue type=error]Return code from remover.sh $return_code." + exit $return_code fi echo -e "$green--- Add & update files in the DevOps Repository ---$reset" - cd $(Build.Repository.LocalPath) + cd $(Build.Repository.LocalPath) - changed=0 - # Pull changes - git checkout -q $(Build.SourceBranchName) - git pull origin $(Build.SourceBranchName) + changed=0 + # Pull changes + git checkout -q $(Build.SourceBranchName) + git pull origin $(Build.SourceBranchName) - if [ 0 == $return_code ]; then + if [ 0 == $return_code ]; then if [ -d $(Deployment_Configuration_Path)/SYSTEM/$(sap_system_folder)/.terraform ]; then - git rm -q -r --ignore-unmatch -f $(Deployment_Configuration_Path)/SYSTEM/$(sap_system_folder)/.terraform - changed=1 + git rm -q -r --ignore-unmatch -f $(Deployment_Configuration_Path)/SYSTEM/$(sap_system_folder)/.terraform + changed=1 fi if [ -f $(sap_system_configuration) ]; then - git add $(sap_system_configuration) - added=1 + git add $(sap_system_configuration) + added=1 fi if [ -f $(Deployment_Configuration_Path)/SYSTEM/$(sap_system_folder)/sap-parameters.yaml ]; then - git rm --ignore-unmatch -q $(Deployment_Configuration_Path)/SYSTEM/$(sap_system_folder)/sap-parameters.yaml - changed=1 + git rm --ignore-unmatch -q $(Deployment_Configuration_Path)/SYSTEM/$(sap_system_folder)/sap-parameters.yaml + changed=1 fi if [ $(ls $(Deployment_Configuration_Path)/SYSTEM/$(sap_system_folder)/*_hosts.yaml | wc -l ) -gt 0 ] ; then - git rm --ignore-unmatch -q $(Deployment_Configuration_Path)/SYSTEM/$(sap_system_folder)/*_hosts.yaml - changed=1 + git rm --ignore-unmatch -q $(Deployment_Configuration_Path)/SYSTEM/$(sap_system_folder)/*_hosts.yaml + changed=1 fi if [ $(ls $(Deployment_Configuration_Path)/SYSTEM/$(sap_system_folder)/*.md | wc -l ) -gt 0 ] ; then - git rm --ignore-unmatch -q $(Deployment_Configuration_Path)/SYSTEM/$(sap_system_folder)/*.md - changed=1 + git rm --ignore-unmatch -q $(Deployment_Configuration_Path)/SYSTEM/$(sap_system_folder)/*.md + changed=1 fi if [ 1 == $changed ]; then - git config --global user.email "$(Build.RequestedForEmail)" - git config --global user.name "$(Build.RequestedFor)" - git commit -m "Infrastructure for ${sap_system_folder} removed. [skip ci]" - git -c http.extraheader="AUTHORIZATION: bearer $(System.AccessToken)" push --set-upstream origin $(Build.SourceBranchName) + git config --global user.email "$(Build.RequestedForEmail)" + git config --global user.name "$(Build.RequestedFor)" + git commit -m "Infrastructure for ${sap_system_folder} removed. [skip ci]" + git -c http.extraheader="AUTHORIZATION: bearer $(System.AccessToken)" push --set-upstream origin $(Build.SourceBranchName) fi - fi + fi exit $return_code @@ -682,29 +683,29 @@ stages: az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "${NETWORK}Workload_Key_Vault.value" --out tsv) if [ -z ${az_var} ]; then - export workload_key_vault=$(cat "${workload_environment_file_name}" | grep workloadkeyvault | awk -F'=' '{print $2}' | xargs) + export workload_key_vault=$(cat "${workload_environment_file_name}" | grep workloadkeyvault | awk -F'=' '{print $2}' | xargs) else - export workload_key_vault="${az_var}" + export workload_key_vault="${az_var}" fi if [ -n $(Deployer_Key_Vault) ]; then - export key_vault=$(Deployer_Key_Vault) + export key_vault=$(Deployer_Key_Vault) else - export key_vault=$(grep "^keyvault=" -m1 ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) + export key_vault=$(grep "^keyvault=" -m1 ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) fi az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Subscription.value" --out tsv) if [ -n "${az_var}" ]; then - STATE_SUBSCRIPTION="${az_var}" + STATE_SUBSCRIPTION="${az_var}" else - STATE_SUBSCRIPTION=$(grep "^STATE_SUBSCRIPTION=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) + STATE_SUBSCRIPTION=$(grep "^STATE_SUBSCRIPTION=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) fi az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Account_Name.value" --out tsv) if [ -n "${az_var}" ]; then - REMOTE_STATE_SA="${az_var}" + REMOTE_STATE_SA="${az_var}" else - REMOTE_STATE_SA=$(grep "REMOTE_STATE_SA" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) + REMOTE_STATE_SA=$(grep "REMOTE_STATE_SA" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) fi echo "Workload Key Vault: ${workload_key_vault}" From ba26c42a8b574f67a69928ed992a7aeef2cd5545 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sun, 20 Oct 2024 22:29:04 +0300 Subject: [PATCH 147/279] Refactor echo statements to consistently use variables and improve Terraform details --- deploy/pipelines/01-deploy-control-plane.yaml | 2 +- deploy/pipelines/02-sap-workload-zone.yaml | 2 +- deploy/pipelines/10-remover-terraform.yaml | 16 ++++++++-------- deploy/pipelines/12-remove-control-plane.yaml | 8 ++++---- 4 files changed, 14 insertions(+), 14 deletions(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index 009941686d..fe7ec62e57 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -140,7 +140,7 @@ stages: key_vault="${az_var}" ; echo 'Deployer Key Vault' ${key_vault} else echo "Reading key vault from environment file" - key_vault=$(cat ${deployer_environment_file_name} | grep keyvault= -m1 | awk -F'=' '{print $2}' | xargs) ; echo 'Deployer Key Vault' ${key_vault} + key_vault=$(grep -m1 "^keyvault="" ${deployer_environment_file_name} |awk -F'=' '{print $2}' | xargs) ; echo 'Deployer Key Vault' ${key_vault} fi key_vault_id=$(az resource list --name "${key_vault}" --resource-type Microsoft.KeyVault/vaults --query "[].id | [0]" -o tsv) diff --git a/deploy/pipelines/02-sap-workload-zone.yaml b/deploy/pipelines/02-sap-workload-zone.yaml index 13c39a743a..1c03c68718 100644 --- a/deploy/pipelines/02-sap-workload-zone.yaml +++ b/deploy/pipelines/02-sap-workload-zone.yaml @@ -410,7 +410,7 @@ stages: else deployer_tfstate_key=$(grep "^deployer_tfstate_key=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) - key_vault=$(grep "^workload_key_vault=" -m1 ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) ; + key_vault=$(grep -m1 "^workload_key_vault=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) ; REMOTE_STATE_SA=$(grep "^REMOTE_STATE_SA=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index f6f20f4f59..39d6ccbe83 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -215,10 +215,10 @@ stages: NETWORK=$(grep "^network_logical_name" $HOME_CONFIG/SYSTEM/$(sap_system_folder)/$(sap_system_configuration) | awk -F'=' '{print $2}' | xargs) SID=$(grep "^sid" $HOME_CONFIG/SYSTEM/$(sap_system_folder)/$(sap_system_configuration) | awk -F'=' '{print $2}' | xargs) - ENVIRONMENT_IN_FILENAME=$(echo $(sap_system_folder) | awk -F'-' '{print $1}' | xargs) ; - LOCATION_CODE=$(echo $(sap_system_folder) | awk -F'-' '{print $2}' | xargs) ; - NETWORK_IN_FILENAME=$(echo $(sap_system_folder) | awk -F'-' '{print $3}' | xargs) ; - SID_IN_FILENAME=$(echo $(sap_system_folder) | awk -F'-' '{print $4}' | xargs) ; + ENVIRONMENT_IN_FILENAME=$(echo $(sap_system_folder) | awk -F'-' '{print $1}' | xargs) + LOCATION_CODE=$(echo $(sap_system_folder) | awk -F'-' '{print $2}' | xargs) + NETWORK_IN_FILENAME=$(echo $(sap_system_folder) | awk -F'-' '{print $3}' | xargs) + SID_IN_FILENAME=$(echo $(sap_system_folder) | awk -F'-' '{print $4}' | xargs) case "$LOCATION_CODE" in "AUCE") LOCATION_IN_FILENAME="australiacentral" ;; "AUC2") LOCATION_IN_FILENAME="australiacentral2" ;; @@ -370,7 +370,7 @@ stages: az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "${NETWORK}Workload_Key_Vault.value" --out tsv) if [ -z ${az_var} ]; then - export workload_key_vault=$(grep "^workloadkeyvault=" -m1 "${workload_environment_file_name}" | awk -F'=' '{print $2}' | xargs) + export workload_key_vault=$(grep -m1 "^workloadkeyvault=" "${workload_environment_file_name}" | awk -F'=' '{print $2}' | xargs) else export workload_key_vault="${az_var}" fi @@ -378,7 +378,7 @@ stages: if [ -n $(Deployer_Key_Vault) ]; then export key_vault=$(Deployer_Key_Vault) else - export key_vault=$(grep "^keyvault=" -m1 ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) + export key_vault=$(grep -m1 "^keyvault=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) fi az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Subscription.value" --out tsv) @@ -683,7 +683,7 @@ stages: az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "${NETWORK}Workload_Key_Vault.value" --out tsv) if [ -z ${az_var} ]; then - export workload_key_vault=$(cat "${workload_environment_file_name}" | grep workloadkeyvault | awk -F'=' '{print $2}' | xargs) + export workload_key_vault=$(grep "^workloadkeyvault=" "${workload_environment_file_name}" | awk -F'=' '{print $2}' | xargs) else export workload_key_vault="${az_var}" fi @@ -691,7 +691,7 @@ stages: if [ -n $(Deployer_Key_Vault) ]; then export key_vault=$(Deployer_Key_Vault) else - export key_vault=$(grep "^keyvault=" -m1 ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) + export key_vault=$(grep -m1 "^keyvault=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) fi az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Subscription.value" --out tsv) diff --git a/deploy/pipelines/12-remove-control-plane.yaml b/deploy/pipelines/12-remove-control-plane.yaml index 7972cc55d5..b7abf1ae9b 100644 --- a/deploy/pipelines/12-remove-control-plane.yaml +++ b/deploy/pipelines/12-remove-control-plane.yaml @@ -244,7 +244,7 @@ stages: echo "Deployer Key Vault: ${key_vault}" else echo "Reading key vault from environment file" - key_vault=$(cat ${deployer_environment_file_name} | grep keyvault= -m1 | awk -F'=' '{print $2}' | xargs) + key_vault=$(grep -m "^keyvault=" ${deployer_environment_file_name} | awk -F'=' '{print $2}' | xargs) echo "Deployer Key Vault: ${key_vault}" fi @@ -258,7 +258,7 @@ stages: else echo "Reading storage account from environment file" - REMOTE_STATE_SA=$(cat ${deployer_environment_file_name} | grep REMOTE_STATE_SA | awk -F'=' '{print $2}' | xargs) + REMOTE_STATE_SA=$(grep -m1 "^REMOTE_STATE_SA=" ${deployer_environment_file_name} | awk -F'=' '{print $2}' | xargs) echo "TF state account: $REMOTE_STATE_SA" fi @@ -267,7 +267,7 @@ stages: REMOTE_STATE_RG="${az_var}" echo "TF state rg name: $REMOTE_STATE_RG" else - REMOTE_STATE_RG=$(cat ${deployer_environment_file_name} | grep REMOTE_STATE_RG | awk -F'=' '{print $2}' | xargs) + REMOTE_STATE_RG=$(grep "^REMOTE_STATE_RG" ${deployer_environment_file_name} | awk -F'=' '{print $2}' | xargs) echo "TF state rg name: $REMOTE_STATE_RG" fi @@ -276,7 +276,7 @@ stages: deployer_random_id="${az_var}" else if [ -f ${deployer_environment_file_name} ] ; then - deployer_random_id=$(cat ${deployer_environment_file_name} | grep deployer_random_id= | awk -F'=' '{print $2}' | xargs) + deployer_random_id=$(grep "^deployer_random_id=" ${deployer_environment_file_name} | awk -F'=' '{print $2}' | xargs) fi fi From 84fb8df48d4e2427e5533b5d097b54b7b39e555c Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sun, 20 Oct 2024 22:33:27 +0300 Subject: [PATCH 148/279] Refactor echo statements to consistently use variables and improve Terraform details --- deploy/pipelines/10-remover-terraform.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index 39d6ccbe83..4b553a67f5 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -367,6 +367,9 @@ stages: fi echo -e "$green--- Set variables ---$reset" + cat "${workload_environment_file_name}" + grep "^workloadkeyvault=" "${workload_environment_file_name}" + grep -m1 "^workloadkeyvault=" "${workload_environment_file_name}" az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "${NETWORK}Workload_Key_Vault.value" --out tsv) if [ -z ${az_var} ]; then From 032362a2ce770b9a4b5e48c3cb9eaa03af7e44b4 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sun, 20 Oct 2024 22:38:40 +0300 Subject: [PATCH 149/279] Refactor echo statements to consistently use variables and improve Terraform details --- deploy/pipelines/10-remover-terraform.yaml | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index 4b553a67f5..a8b64c1ad6 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -210,6 +210,8 @@ stages: dos2unix -q $HOME_CONFIG/SYSTEM/$(sap_system_folder)/$(sap_system_configuration) echo -e "$green--- Read parameters ---$reset" + systemConfigurationFile=$HOME_CONFIG/SYSTEM/$(sap_system_folder)/$(sap_system_configuration) + ENVIRONMENT=$(grep "^environment" $HOME_CONFIG/SYSTEM/$(sap_system_folder)/$(sap_system_configuration) | awk -F'=' '{print $2}' | xargs) LOCATION=$(grep "^location" $HOME_CONFIG/SYSTEM/$(sap_system_folder)/$(sap_system_configuration) | awk -F'=' '{print $2}' | xargs | tr 'A-Z' 'a-z') NETWORK=$(grep "^network_logical_name" $HOME_CONFIG/SYSTEM/$(sap_system_folder)/$(sap_system_configuration) | awk -F'=' '{print $2}' | xargs) @@ -367,13 +369,13 @@ stages: fi echo -e "$green--- Set variables ---$reset" - cat "${workload_environment_file_name}" - grep "^workloadkeyvault=" "${workload_environment_file_name}" - grep -m1 "^workloadkeyvault=" "${workload_environment_file_name}" + cat "${systemConfigurationFile}" + grep "^workloadkeyvault=" "${systemConfigurationFile}" + grep -m1 "^workloadkeyvault=" "${systemConfigurationFile}" az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "${NETWORK}Workload_Key_Vault.value" --out tsv) if [ -z ${az_var} ]; then - export workload_key_vault=$(grep -m1 "^workloadkeyvault=" "${workload_environment_file_name}" | awk -F'=' '{print $2}' | xargs) + export workload_key_vault=$(grep -m1 "^workloadkeyvault=" "${systemConfigurationFile}" | awk -F'=' '{print $2}' | xargs) else export workload_key_vault="${az_var}" fi @@ -381,27 +383,28 @@ stages: if [ -n $(Deployer_Key_Vault) ]; then export key_vault=$(Deployer_Key_Vault) else - export key_vault=$(grep -m1 "^keyvault=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) + export key_vault=$(grep -m1 "^keyvault=" ${systemConfigurationFile} | awk -F'=' '{print $2}' | xargs) fi az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Subscription.value" --out tsv) if [ -n "${az_var}" ]; then STATE_SUBSCRIPTION="${az_var}" else - STATE_SUBSCRIPTION=$(grep "^STATE_SUBSCRIPTION=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) + STATE_SUBSCRIPTION=$(grep "^STATE_SUBSCRIPTION=" ${systemConfigurationFile} | awk -F'=' '{print $2}' | xargs) fi az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Account_Name.value" --out tsv) if [ -n "${az_var}" ]; then REMOTE_STATE_SA="${az_var}" else - REMOTE_STATE_SA=$(grep "REMOTE_STATE_SA" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) + REMOTE_STATE_SA=$(grep "REMOTE_STATE_SA" ${systemConfigurationFile} | awk -F'=' '{print $2}' | xargs) fi echo "Deployer Key Vault: ${key_vault}" echo "Workload Key Vault: ${workload_key_vault}" echo "TF state subscription: $STATE_SUBSCRIPTION" echo "TF state account: $REMOTE_STATE_SA" + echo "System configuration: $systemConfigurationFile" echo -e "$green--- Run the remover script that destroys the SAP system ---$reset" cd $CONFIG_REPO_PATH/SYSTEM/$(sap_system_folder) From 2750c6fa96856d704491b814db7105ff28a0d3f4 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sun, 20 Oct 2024 22:56:27 +0300 Subject: [PATCH 150/279] Refactor echo statements to consistently use variables and improve Terraform details --- deploy/pipelines/10-remover-terraform.yaml | 39 ++++++++++++---------- 1 file changed, 22 insertions(+), 17 deletions(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index a8b64c1ad6..48c45b4446 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -210,8 +210,6 @@ stages: dos2unix -q $HOME_CONFIG/SYSTEM/$(sap_system_folder)/$(sap_system_configuration) echo -e "$green--- Read parameters ---$reset" - systemConfigurationFile=$HOME_CONFIG/SYSTEM/$(sap_system_folder)/$(sap_system_configuration) - ENVIRONMENT=$(grep "^environment" $HOME_CONFIG/SYSTEM/$(sap_system_folder)/$(sap_system_configuration) | awk -F'=' '{print $2}' | xargs) LOCATION=$(grep "^location" $HOME_CONFIG/SYSTEM/$(sap_system_folder)/$(sap_system_configuration) | awk -F'=' '{print $2}' | xargs | tr 'A-Z' 'a-z') NETWORK=$(grep "^network_logical_name" $HOME_CONFIG/SYSTEM/$(sap_system_folder)/$(sap_system_configuration) | awk -F'=' '{print $2}' | xargs) @@ -281,6 +279,9 @@ stages: esac + workload_environment_file_name=$HOME/.sap_deployment_automation/$ENVIRONMENT$LOCATION_CODE$NETWORK; + echo "Workload Environment file: $workload_environment_file_name" + echo "Environment: $ENVIRONMENT" echo "Location: $LOCATION" echo "Network: $NETWORK" @@ -369,9 +370,6 @@ stages: fi echo -e "$green--- Set variables ---$reset" - cat "${systemConfigurationFile}" - grep "^workloadkeyvault=" "${systemConfigurationFile}" - grep -m1 "^workloadkeyvault=" "${systemConfigurationFile}" az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "${NETWORK}Workload_Key_Vault.value" --out tsv) if [ -z ${az_var} ]; then @@ -589,6 +587,8 @@ stages: LOCATION=$(grep "^location" LANDSCAPE/$(workload_zone_folder)/$(workload_zone_configuration_file) | awk -F'=' '{print $2}' | xargs | tr 'A-Z' 'a-z') NETWORK=$(grep "^network_logical_name" LANDSCAPE/$(workload_zone_folder)/$(workload_zone_configuration_file) | awk -F'=' '{print $2}' | xargs) + workload_environment_file_name=$HOME/.sap_deployment_automation/$ENVIRONMENT$LOCATION_CODE$NETWORK; + ENVIRONMENT_IN_FILENAME=$(echo $(workload_zone_folder) | awk -F'-' '{print $1}' | xargs ) LOCATION_CODE=$(echo $(workload_zone_folder) | awk -F'-' '{print $2}' | xargs ) case "$LOCATION_CODE" in @@ -651,13 +651,18 @@ stages: esac NETWORK_IN_FILENAME=$(echo $(workload_zone_folder) | awk -F'-' '{print $3}' | xargs ) - echo "Environment: ${ENVIRONMENT}" - echo "Location: ${LOCATION}" - echo "Network: ${NETWORK}" + workload_environment_file_name=$HOME/.sap_deployment_automation/$ENVIRONMENT$LOCATION_CODE$NETWORK; + echo "Workload Environment file: $workload_environment_file_name" + echo "Environment: ${ENVIRONMENT}" + echo "Location: ${LOCATION}" + echo "Network: ${NETWORK}" echo "" - echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" - echo "Location(filename): $LOCATION_IN_FILENAME" - echo "Network(filename): $NETWORK_IN_FILENAME" + + workload_environment_file_name=$HOME/.sap_deployment_automation/$ENVIRONMENT$LOCATION_CODE$NETWORK; + echo "Environment file: $workload_environment_file_name" + echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" + echo "Location(filename): $LOCATION_IN_FILENAME" + echo "Network(filename): $NETWORK_IN_FILENAME" echo "" printf -v val '%-15s' "$(variable_group) id:" echo "$val $VARIABLE_GROUP_ID" @@ -689,7 +694,7 @@ stages: az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "${NETWORK}Workload_Key_Vault.value" --out tsv) if [ -z ${az_var} ]; then - export workload_key_vault=$(grep "^workloadkeyvault=" "${workload_environment_file_name}" | awk -F'=' '{print $2}' | xargs) + export workload_key_vault=$(grep -m1 "^workloadkeyvault=" "${workload_environment_file_name}" | awk -F'=' '{print $2}' | xargs) else export workload_key_vault="${az_var}" fi @@ -711,13 +716,13 @@ stages: if [ -n "${az_var}" ]; then REMOTE_STATE_SA="${az_var}" else - REMOTE_STATE_SA=$(grep "REMOTE_STATE_SA" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) + REMOTE_STATE_SA=$(grep "^REMOTE_STATE_SA=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) fi - echo "Workload Key Vault: ${workload_key_vault}" - echo "Deployer Key Vault: ${key_vault}" - echo "TF state subscription: $STATE_SUBSCRIPTION" - echo "TF state account: $REMOTE_STATE_SA" + echo "Workload Key Vault: ${workload_key_vault}" + echo "Deployer Key Vault: ${key_vault}" + echo "Terraform state subscription: $STATE_SUBSCRIPTION" + echo "Terraform state account: $REMOTE_STATE_SA" # Check if running on deployer if [[ ! -f /etc/profile.d/deploy_server.sh ]]; then From 67f6846eef69c7a8869f25acffbbb1f65164e295 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sun, 20 Oct 2024 23:03:07 +0300 Subject: [PATCH 151/279] Debugging --- deploy/pipelines/10-remover-terraform.yaml | 29 +++++++++++----------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index 48c45b4446..5249a69d64 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -291,7 +291,6 @@ stages: echo "Location(filename): $LOCATION_IN_FILENAME" echo "Network(filename): $NETWORK_IN_FILENAME" echo "SID(filename): $SID_IN_FILENAME" - echo "Deployment credentials: Service Principal" printf -v val '%-15s' "$(variable_group) id:" echo "$val $VARIABLE_GROUP_ID" @@ -323,8 +322,9 @@ stages: # Check if running on deployer if [[ ! -f /etc/profile.d/deploy_server.sh ]]; then - if [ $LOGON_USING_SPN == "true" ]; then - echo "Logon Using SPN" + if [ $USE_MSI != "true" ]; then + echo "Deployment credentials: Service Principal" + echo "Deployment credentials Id (SPN): $WL_ARM_CLIENT_SECRET" export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET @@ -346,7 +346,8 @@ stages: echo -e "$green--- Running on deployer ---$reset" if [ $USE_MSI != "true" ]; then - echo -e "$cyan--- Remove using Service Principals ---$reset" + echo "Deployment credentials: Service Principal" + echo "Deployment credentials Id (SPN): $WL_ARM_CLIENT_SECRET" export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET @@ -361,7 +362,7 @@ stages: exit $return_code fi else - echo -e "$cyan --- Remove using Managed Identity ---$reset" + echo "Deployment credentials: Managed Identity" export ARM_USE_MSI=true export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID unset ARM_TENANT_ID @@ -373,7 +374,7 @@ stages: az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "${NETWORK}Workload_Key_Vault.value" --out tsv) if [ -z ${az_var} ]; then - export workload_key_vault=$(grep -m1 "^workloadkeyvault=" "${systemConfigurationFile}" | awk -F'=' '{print $2}' | xargs) + export workload_key_vault=$(grep -m1 "^workloadkeyvault=" "${workload_environment_file_name}" | awk -F'=' '{print $2}' | xargs) else export workload_key_vault="${az_var}" fi @@ -381,28 +382,28 @@ stages: if [ -n $(Deployer_Key_Vault) ]; then export key_vault=$(Deployer_Key_Vault) else - export key_vault=$(grep -m1 "^keyvault=" ${systemConfigurationFile} | awk -F'=' '{print $2}' | xargs) + export key_vault=$(grep -m1 "^keyvault=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) fi az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Subscription.value" --out tsv) if [ -n "${az_var}" ]; then STATE_SUBSCRIPTION="${az_var}" else - STATE_SUBSCRIPTION=$(grep "^STATE_SUBSCRIPTION=" ${systemConfigurationFile} | awk -F'=' '{print $2}' | xargs) + STATE_SUBSCRIPTION=$(grep "^STATE_SUBSCRIPTION=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) fi az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Account_Name.value" --out tsv) if [ -n "${az_var}" ]; then REMOTE_STATE_SA="${az_var}" else - REMOTE_STATE_SA=$(grep "REMOTE_STATE_SA" ${systemConfigurationFile} | awk -F'=' '{print $2}' | xargs) + REMOTE_STATE_SA=$(grep "REMOTE_STATE_SA" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) fi - echo "Deployer Key Vault: ${key_vault}" - echo "Workload Key Vault: ${workload_key_vault}" - echo "TF state subscription: $STATE_SUBSCRIPTION" - echo "TF state account: $REMOTE_STATE_SA" - echo "System configuration: $systemConfigurationFile" + echo "Deployer Key Vault: ${key_vault}" + echo "Workload Key Vault: ${workload_key_vault}" + echo "TF state subscription: $STATE_SUBSCRIPTION" + echo "TF state account: $REMOTE_STATE_SA" + echo "System configuration: $systemConfigurationFile" echo -e "$green--- Run the remover script that destroys the SAP system ---$reset" cd $CONFIG_REPO_PATH/SYSTEM/$(sap_system_folder) From cb3ad5ffda22381b1cd1ced0ee14426bd975a6b3 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sun, 20 Oct 2024 23:07:18 +0300 Subject: [PATCH 152/279] Refactor echo statements to consistently use variables and improve Terraform details --- deploy/pipelines/10-remover-terraform.yaml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index 5249a69d64..64da0d0a68 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -292,9 +292,12 @@ stages: echo "Network(filename): $NETWORK_IN_FILENAME" echo "SID(filename): $SID_IN_FILENAME" - printf -v val '%-15s' "$(variable_group) id:" + + tempval=$(echo "$(variable_group) id:") + printf -v val '%-15s' $tempval echo "$val $VARIABLE_GROUP_ID" - printf -v val '%-15s' "$(parent_variable_group) id:" + tempval=$(echo "$(parent_variable_group) id:") + printf -v val '%-15s' $tempval echo "$val $PARENT_VARIABLE_GROUP_ID" echo "" From d815d2c36bdbe3885b299c4dcf61199fcf75dc9f Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sun, 20 Oct 2024 23:25:10 +0300 Subject: [PATCH 153/279] Refactor echo statements to consistently use variables and improve Terraform details --- deploy/pipelines/10-remover-terraform.yaml | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index 64da0d0a68..964ad801b5 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -292,12 +292,11 @@ stages: echo "Network(filename): $NETWORK_IN_FILENAME" echo "SID(filename): $SID_IN_FILENAME" - - tempval=$(echo "$(variable_group) id:") - printf -v val '%-15s' $tempval + tempval=$(echo "$(variable_group) | xargs ") + printf -v val '%-15s' "$tempval id:" echo "$val $VARIABLE_GROUP_ID" - tempval=$(echo "$(parent_variable_group) id:") - printf -v val '%-15s' $tempval + tempval=$(echo "$(parent_variable_group) | xargs ") + printf -v val '%-15s' "$tempval id:" echo "$val $PARENT_VARIABLE_GROUP_ID" echo "" @@ -668,9 +667,12 @@ stages: echo "Location(filename): $LOCATION_IN_FILENAME" echo "Network(filename): $NETWORK_IN_FILENAME" echo "" - printf -v val '%-15s' "$(variable_group) id:" + + tempval=$(echo "$(variable_group) | xargs ") + printf -v val '%-15s' "$tempval id:" echo "$val $VARIABLE_GROUP_ID" - printf -v val '%-15s' "$(parent_variable_group) id:" + tempval=$(echo "$(parent_variable_group) | xargs ") + printf -v val '%-15s' "$tempval id:" echo "$val $PARENT_VARIABLE_GROUP_ID" if [ $ENVIRONMENT != $ENVIRONMENT_IN_FILENAME ]; then From 75e7252a694b2bde9ad22bb47dd34538dbcdbf35 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sun, 20 Oct 2024 23:28:06 +0300 Subject: [PATCH 154/279] Refactor echo statements to consistently use variables and improve Terraform details --- deploy/pipelines/10-remover-terraform.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index 964ad801b5..803872c45b 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -293,10 +293,10 @@ stages: echo "SID(filename): $SID_IN_FILENAME" tempval=$(echo "$(variable_group) | xargs ") - printf -v val '%-15s' "$tempval id:" + printf -v val '%-20s' "$tempval id:" echo "$val $VARIABLE_GROUP_ID" tempval=$(echo "$(parent_variable_group) | xargs ") - printf -v val '%-15s' "$tempval id:" + printf -v val '%-20s' "$tempval id:" echo "$val $PARENT_VARIABLE_GROUP_ID" echo "" @@ -669,10 +669,10 @@ stages: echo "" tempval=$(echo "$(variable_group) | xargs ") - printf -v val '%-15s' "$tempval id:" + printf -v val '%-20s' "$tempval id:" echo "$val $VARIABLE_GROUP_ID" tempval=$(echo "$(parent_variable_group) | xargs ") - printf -v val '%-15s' "$tempval id:" + printf -v val '%-20s' "$tempval id:" echo "$val $PARENT_VARIABLE_GROUP_ID" if [ $ENVIRONMENT != $ENVIRONMENT_IN_FILENAME ]; then From 567b194d132541028d3d5583c41952f41cc15b63 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sun, 20 Oct 2024 23:34:45 +0300 Subject: [PATCH 155/279] trimming --- deploy/pipelines/10-remover-terraform.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index 803872c45b..9e49f70912 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -292,7 +292,7 @@ stages: echo "Network(filename): $NETWORK_IN_FILENAME" echo "SID(filename): $SID_IN_FILENAME" - tempval=$(echo "$(variable_group) | xargs ") + tempval= $(echo $(variable_group) | xargs) printf -v val '%-20s' "$tempval id:" echo "$val $VARIABLE_GROUP_ID" tempval=$(echo "$(parent_variable_group) | xargs ") @@ -668,10 +668,10 @@ stages: echo "Network(filename): $NETWORK_IN_FILENAME" echo "" - tempval=$(echo "$(variable_group) | xargs ") + tempval=$(echo $(variable_group) | xargs ) printf -v val '%-20s' "$tempval id:" echo "$val $VARIABLE_GROUP_ID" - tempval=$(echo "$(parent_variable_group) | xargs ") + tempval=$(echo $(parent_variable_group) | xargs ) printf -v val '%-20s' "$tempval id:" echo "$val $PARENT_VARIABLE_GROUP_ID" From 6a51e733d1b04cb761d1c18c2b1e1963e79c17f2 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sun, 20 Oct 2024 23:40:36 +0300 Subject: [PATCH 156/279] Refactor echo statements to consistently use variables and improve Terraform details --- deploy/pipelines/10-remover-terraform.yaml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index 9e49f70912..e68cf03f85 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -195,12 +195,14 @@ stages: az devops configure --defaults organization=$(System.CollectionUri) project='$(System.TeamProject)' --output none --only-show-errors export VARIABLE_GROUP_ID=$(az pipelines variable-group list --query "[?name=='$(variable_group)'].id | [0]") + export VARIABLE_GROUP_NAME=$(az pipelines variable-group list --query "[?name=='$(variable_group)'].name | [0] --output tsv" | xargs) if [ -z ${VARIABLE_GROUP_ID} ]; then echo "##vso[task.logissue type=error]Variable group $(variable_group) could not be found." exit 2 fi - export PARENT_VARIABLE_GROUP_ID=$(az pipelines variable-group list --query "[?name=='$(parent_variable_group)'].id | [0]"); echo PARENT_VARIABLE_GROUP_ID $PARENT_VARIABLE_GROUP_ID + export PARENT_VARIABLE_GROUP_ID=$(az pipelines variable-group list --query "[?name=='$(parent_variable_group)'].id | [0]"); + export PARENT_VARIABLE_GROUP_NAME=$(az pipelines variable-group list --query "[?name=='$(parent_variable_group)'].name | [0] --output tsv" | xargs) if [ -z ${PARENT_VARIABLE_GROUP_ID} ]; then echo "##vso[task.logissue type=error]Variable group $(parent_variable_group) could not be found." exit 2 @@ -293,10 +295,10 @@ stages: echo "SID(filename): $SID_IN_FILENAME" tempval= $(echo $(variable_group) | xargs) - printf -v val '%-20s' "$tempval id:" + printf -v val '%-20s' ("$VARIABLE_GROUP_NAME id:") echo "$val $VARIABLE_GROUP_ID" tempval=$(echo "$(parent_variable_group) | xargs ") - printf -v val '%-20s' "$tempval id:" + printf -v val '%-20s' "$PARENT_VARIABLE_GROUP_NAME id:" echo "$val $PARENT_VARIABLE_GROUP_ID" echo "" From da2e2c6156fdad7fa38d4d62e38bf07bfcd3f83c Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sun, 20 Oct 2024 23:45:57 +0300 Subject: [PATCH 157/279] Refactor echo statements to consistently use variables and improve Terraform details --- deploy/pipelines/10-remover-terraform.yaml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index e68cf03f85..a18d041a19 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -195,14 +195,13 @@ stages: az devops configure --defaults organization=$(System.CollectionUri) project='$(System.TeamProject)' --output none --only-show-errors export VARIABLE_GROUP_ID=$(az pipelines variable-group list --query "[?name=='$(variable_group)'].id | [0]") - export VARIABLE_GROUP_NAME=$(az pipelines variable-group list --query "[?name=='$(variable_group)'].name | [0] --output tsv" | xargs) if [ -z ${VARIABLE_GROUP_ID} ]; then echo "##vso[task.logissue type=error]Variable group $(variable_group) could not be found." exit 2 fi export PARENT_VARIABLE_GROUP_ID=$(az pipelines variable-group list --query "[?name=='$(parent_variable_group)'].id | [0]"); - export PARENT_VARIABLE_GROUP_NAME=$(az pipelines variable-group list --query "[?name=='$(parent_variable_group)'].name | [0] --output tsv" | xargs) + if [ -z ${PARENT_VARIABLE_GROUP_ID} ]; then echo "##vso[task.logissue type=error]Variable group $(parent_variable_group) could not be found." exit 2 @@ -294,10 +293,12 @@ stages: echo "Network(filename): $NETWORK_IN_FILENAME" echo "SID(filename): $SID_IN_FILENAME" - tempval= $(echo $(variable_group) | xargs) - printf -v val '%-20s' ("$VARIABLE_GROUP_NAME id:") + tempval= '$(variable_group)' + echo '$(variable_group)" id:" + printf -v val '%-20s' ("$tempval id:") echo "$val $VARIABLE_GROUP_ID" - tempval=$(echo "$(parent_variable_group) | xargs ") + tempval= '$(parent_variable_group) id:' + printf -v val '%-20s' ("$tempval id:") printf -v val '%-20s' "$PARENT_VARIABLE_GROUP_NAME id:" echo "$val $PARENT_VARIABLE_GROUP_ID" From 0d3c68390c02e00c2cd56b77cb71d0611130b2c3 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sun, 20 Oct 2024 23:48:00 +0300 Subject: [PATCH 158/279] Refactor echo statements to consistently use variables and improve Terraform details --- deploy/pipelines/10-remover-terraform.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index a18d041a19..d9a14062ee 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -294,7 +294,7 @@ stages: echo "SID(filename): $SID_IN_FILENAME" tempval= '$(variable_group)' - echo '$(variable_group)" id:" + echo '$(variable_group) id:' printf -v val '%-20s' ("$tempval id:") echo "$val $VARIABLE_GROUP_ID" tempval= '$(parent_variable_group) id:' From de51d54fcb41dbd22f1635ecd1235394624b3219 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sun, 20 Oct 2024 23:53:16 +0300 Subject: [PATCH 159/279] Refactor echo statements to consistently use variables and improve Terraform details --- deploy/pipelines/10-remover-terraform.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index d9a14062ee..572bb0b80a 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -293,8 +293,9 @@ stages: echo "Network(filename): $NETWORK_IN_FILENAME" echo "SID(filename): $SID_IN_FILENAME" - tempval= '$(variable_group)' + echo '$(variable_group) id:' + tempval= (echo $(variable_group)) printf -v val '%-20s' ("$tempval id:") echo "$val $VARIABLE_GROUP_ID" tempval= '$(parent_variable_group) id:' From 3b417b25e8e0a52827031df1aee271264670a95c Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Sun, 20 Oct 2024 23:55:26 +0300 Subject: [PATCH 160/279] Refactor echo statements to consistently use variables and improve Terraform details --- deploy/pipelines/10-remover-terraform.yaml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index 572bb0b80a..4b6133cc46 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -294,9 +294,10 @@ stages: echo "SID(filename): $SID_IN_FILENAME" - echo '$(variable_group) id:' - tempval= (echo $(variable_group)) - printf -v val '%-20s' ("$tempval id:") + + tempval= $(echo '$(variable_group) id:') + echo $tempval + printf -v val '%-20s' $tempval echo "$val $VARIABLE_GROUP_ID" tempval= '$(parent_variable_group) id:' printf -v val '%-20s' ("$tempval id:") From 02853860ccf70395d675470e174376e3188203e2 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 00:00:17 +0300 Subject: [PATCH 161/279] Refactor echo statements to consistently use variables and improve Terraform details --- deploy/pipelines/10-remover-terraform.yaml | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index 4b6133cc46..56f06871bd 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -295,14 +295,11 @@ stages: - tempval= $(echo '$(variable_group) id:') - echo $tempval - printf -v val '%-20s' $tempval - echo "$val $VARIABLE_GROUP_ID" - tempval= '$(parent_variable_group) id:' - printf -v val '%-20s' ("$tempval id:") - printf -v val '%-20s' "$PARENT_VARIABLE_GROUP_NAME id:" - echo "$val $PARENT_VARIABLE_GROUP_ID" + printf -v tempval '%s id:' $(variable_group) + echo "$tempval $VARIABLE_GROUP_ID" + + printf -v tempval '%s id:' $(parent_variable_group) + echo "$tempval $PARENT_VARIABLE_GROUP_ID" echo "" From 9f2f3e789c1b4968b72023e148720e86dca52bd0 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 00:04:55 +0300 Subject: [PATCH 162/279] Refactor echo statements to consistently use variables and improve Terraform details --- deploy/pipelines/10-remover-terraform.yaml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index 56f06871bd..250b8fff5c 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -296,10 +296,14 @@ stages: printf -v tempval '%s id:' $(variable_group) - echo "$tempval $VARIABLE_GROUP_ID" + echo $tempval + printf -v val '%-20s id:' $tempval + echo "$val $VARIABLE_GROUP_ID" printf -v tempval '%s id:' $(parent_variable_group) - echo "$tempval $PARENT_VARIABLE_GROUP_ID" + echo $tempval + printf -v val '%-20s id:' $tempval + echo "$val $PARENT_VARIABLE_GROUP_ID" echo "" From c50e53ea6dda403c31f772bcb667b0ea70557402 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 00:06:29 +0300 Subject: [PATCH 163/279] Refactor echo statements to consistently use variables and improve formatting --- deploy/pipelines/10-remover-terraform.yaml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index 250b8fff5c..85bdc8071b 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -293,16 +293,14 @@ stages: echo "Network(filename): $NETWORK_IN_FILENAME" echo "SID(filename): $SID_IN_FILENAME" - - printf -v tempval '%s id:' $(variable_group) echo $tempval - printf -v val '%-20s id:' $tempval + printf -v val '%-20s' $tempval echo "$val $VARIABLE_GROUP_ID" printf -v tempval '%s id:' $(parent_variable_group) echo $tempval - printf -v val '%-20s id:' $tempval + printf -v val '%-20s:' $tempval echo "$val $PARENT_VARIABLE_GROUP_ID" echo "" From 1dc81867d805b1987ff3acd3563a8bc6c79dc152 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 00:12:54 +0300 Subject: [PATCH 164/279] Refactor echo statements to consistently use variables and improve formatting --- deploy/pipelines/10-remover-terraform.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index 85bdc8071b..c959c0b20d 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -295,8 +295,10 @@ stages: printf -v tempval '%s id:' $(variable_group) echo $tempval + echo "1" printf -v val '%-20s' $tempval echo "$val $VARIABLE_GROUP_ID" + echo "2" printf -v tempval '%s id:' $(parent_variable_group) echo $tempval From 91af151ecd7ef63a832cd3933b0c55d1d539d344 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 00:20:41 +0300 Subject: [PATCH 165/279] terraform --- deploy/pipelines/10-remover-terraform.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index c959c0b20d..4e2883f266 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -293,8 +293,9 @@ stages: echo "Network(filename): $NETWORK_IN_FILENAME" echo "SID(filename): $SID_IN_FILENAME" + echo "0" printf -v tempval '%s id:' $(variable_group) - echo $tempval + echo $tempval "1" echo "1" printf -v val '%-20s' $tempval echo "$val $VARIABLE_GROUP_ID" From e547178c6ec87b9c6a0cd2fd3f324b5637097ca2 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 00:23:28 +0300 Subject: [PATCH 166/279] Refactor echo statements to consistently use variables and improve Terraform details --- deploy/pipelines/10-remover-terraform.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index 4e2883f266..4bbee54de9 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -296,8 +296,9 @@ stages: echo "0" printf -v tempval '%s id:' $(variable_group) echo $tempval "1" + echo $tempval# echo "1" - printf -v val '%-20s' $tempval + printf -v val '%-20s' "${tempval}" echo "$val $VARIABLE_GROUP_ID" echo "2" From b90956e3241b2c363376eda945a9457fb865fb23 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 00:25:15 +0300 Subject: [PATCH 167/279] Refactor echo statements to consistently use variables and improve formatting --- deploy/pipelines/10-remover-terraform.yaml | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index 4bbee54de9..7272deb261 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -293,19 +293,13 @@ stages: echo "Network(filename): $NETWORK_IN_FILENAME" echo "SID(filename): $SID_IN_FILENAME" - echo "0" printf -v tempval '%s id:' $(variable_group) - echo $tempval "1" - echo $tempval# - echo "1" printf -v val '%-20s' "${tempval}" - echo "$val $VARIABLE_GROUP_ID" - echo "2" + echo "$val $VARIABLE_GROUP_ID" printf -v tempval '%s id:' $(parent_variable_group) - echo $tempval - printf -v val '%-20s:' $tempval - echo "$val $PARENT_VARIABLE_GROUP_ID" + printf -v val '%-20s' "${tempval}" + echo "$val $PARENT_VARIABLE_GROUP_ID" echo "" From 27ec5ce73ad1f15bb58eb8bb3c9a2a92058a8f44 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 00:40:16 +0300 Subject: [PATCH 168/279] Refactor echo statements to consistently use variables and improve formatting --- deploy/pipelines/01-deploy-control-plane.yaml | 22 +++++----- deploy/pipelines/02-sap-workload-zone.yaml | 11 +++-- deploy/pipelines/10-remover-terraform.yaml | 13 +++--- deploy/pipelines/12-remove-control-plane.yaml | 44 +++++++++---------- 4 files changed, 46 insertions(+), 44 deletions(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index fe7ec62e57..d368aa0038 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -489,20 +489,19 @@ stages: echo "##vso[task.logissue type=error]Variable group $(variable_group) could not be found." exit 2 fi - printf -v val '%-15s' "$(variable_group) id:" - echo "$val $VARIABLE_GROUP_ID" + + printf -v tempval '%s id:' $(variable_group) + printf -v val '%-20s' "${tempval}" + echo "$val $VARIABLE_GROUP_ID" echo -e "$green--- Variables ---$reset" az_var=$(az pipelines variable-group variable list --group-id "${VARIABLE_GROUP_ID}" --query "Deployer_Key_Vault.value" --output tsv) if [ -n "${az_var}" ]; then export key_vault="${az_var}" - echo "Deployer Key Vault: ${key_vault}" else if [ -f "${deployer_environment_file_name}" ] ; then key_vault=$(grep "^keyvault=" "${deployer_environment_file_name}" | awk -F'=' '{print $2}' | xargs) - echo "Deployer Key Vault: ${key_vault}" - echo "Deployer TFvars: $(deployerconfig)" az pipelines variable-group variable create --group-id "${VARIABLE_GROUP_ID}" --name Deployer_Key_Vault --value "${key_vault}" --output none --only-show-errors fi fi @@ -510,12 +509,9 @@ stages: az_var=$(az pipelines variable-group variable list --group-id "${VARIABLE_GROUP_ID}" --query "Terraform_Remote_Storage_Subscription.value" --output tsv) if [ -n "${az_var}" ]; then export STATE_SUBSCRIPTION="${az_var}" - echo "Terraform Subscription: ${STATE_SUBSCRIPTION}" else if [ -f "${deployer_environment_file_name}" ] ; then export STATE_SUBSCRIPTION=$(grep "^STATE_SUBSCRIPTION=" "${deployer_environment_file_name}" | awk -F'=' '{print $2}' | xargs) - echo "Terraform Subscription: ${STATE_SUBSCRIPTION}" - az pipelines variable-group variable create --group-id "${VARIABLE_GROUP_ID}" --name Terraform_Remote_Storage_Subscription --value "${STATE_SUBSCRIPTION}" --output none --only-show-errors fi fi @@ -531,16 +527,18 @@ stages: az_var=$(az pipelines variable-group variable list --group-id "${VARIABLE_GROUP_ID}" --query "Terraform_Remote_Storage_Account_Name.value" --output tsv) if [ -n "${az_var}" ]; then export REMOTE_STATE_SA="${az_var}" - echo "Terraform storage account: ${REMOTE_STATE_SA}" - else if [ -f "${deployer_environment_file_name}" ] ; then REMOTE_STATE_SA=$(grep "^REMOTE_STATE_SA=" "${deployer_environment_file_name}" | awk -F'=' '{print $2}' | xargs) - echo "Terraform storage account: ${REMOTE_STATE_SA}" - fi fi + echo "Terraform state subscription: $STATE_SUBSCRIPTION" + echo "Terraform state rg name: $REMOTE_STATE_RG" + echo "Terraform storage account: $REMOTE_STATE_SA" + echo "Deployer Key Vault: ${key_vault}" + echo "Deployer TFvars: $(deployerconfig)" + storage_account_parameter="" if [ -n "${REMOTE_STATE_SA}" ]; then storage_account_parameter="--storageaccountname ${REMOTE_STATE_SA}" diff --git a/deploy/pipelines/02-sap-workload-zone.yaml b/deploy/pipelines/02-sap-workload-zone.yaml index 1c03c68718..3815882f36 100644 --- a/deploy/pipelines/02-sap-workload-zone.yaml +++ b/deploy/pipelines/02-sap-workload-zone.yaml @@ -327,8 +327,6 @@ stages: az devops configure --defaults organization=$(System.CollectionUri) project='$(System.TeamProject)' --output none export PARENT_VARIABLE_GROUP_ID=$(az pipelines variable-group list --query "[?name=='$(parent_variable_group)'].id | [0]") - printf -v val '%-15s' "$(parent_variable_group) id:" - echo "$val $PARENT_VARIABLE_GROUP_ID" if [ -z ${PARENT_VARIABLE_GROUP_ID} ]; then echo "##vso[task.logissue type=error]Variable group $(parent_variable_group) could not be found." @@ -341,8 +339,13 @@ stages: echo "##vso[task.logissue type=error]Variable group $(variable_group) could not be found." exit 2 fi - printf -v val '%-15s' "$(variable_group) id:" - echo "$val $VARIABLE_GROUP_ID" + printf -v tempval '%s id:' $(variable_group) + printf -v val '%-20s' "${tempval}" + echo "$val $VARIABLE_GROUP_ID" + + printf -v tempval '%s id:' $(parent_variable_group) + printf -v val '%-20s' "${tempval}" + echo "$val $PARENT_VARIABLE_GROUP_ID" deployer_environment_file_name=$CONFIG_REPO_PATH/.sap_deployment_automation/$(deployer_environment)$(deployer_region) echo "Deployer Environment File: $deployer_environment_file_name" diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index 7272deb261..a847802fd8 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -670,12 +670,13 @@ stages: echo "Network(filename): $NETWORK_IN_FILENAME" echo "" - tempval=$(echo $(variable_group) | xargs ) - printf -v val '%-20s' "$tempval id:" - echo "$val $VARIABLE_GROUP_ID" - tempval=$(echo $(parent_variable_group) | xargs ) - printf -v val '%-20s' "$tempval id:" - echo "$val $PARENT_VARIABLE_GROUP_ID" + printf -v tempval '%s id:' $(variable_group) + printf -v val '%-20s' "${tempval}" + echo "$val $VARIABLE_GROUP_ID" + + printf -v tempval '%s id:' $(parent_variable_group) + printf -v val '%-20s' "${tempval}" + echo "$val $PARENT_VARIABLE_GROUP_ID" if [ $ENVIRONMENT != $ENVIRONMENT_IN_FILENAME ]; then echo "##vso[task.logissue type=error]The environment setting in $(workload_zone_configuration_file) '$ENVIRONMENT' does not match the $(workload_zone_configuration_file) file name '$ENVIRONMENT_IN_FILENAME'. Filename should have the pattern [ENVIRONMENT]-[REGION_CODE]-[NETWORK_LOGICAL_NAME]-INFRASTRUCTURE" diff --git a/deploy/pipelines/12-remove-control-plane.yaml b/deploy/pipelines/12-remove-control-plane.yaml index b7abf1ae9b..fc39da7d0b 100644 --- a/deploy/pipelines/12-remove-control-plane.yaml +++ b/deploy/pipelines/12-remove-control-plane.yaml @@ -86,8 +86,6 @@ stages: export VARIABLE_GROUP_ID=$(az pipelines variable-group list --query "[?name=='$(parent_variable_group)'].id | [0]") - printf -v val %-15.15s "$VARIABLE_GROUP_ID" - echo "${val}: $VARIABLE_GROUP_ID" if [ -z ${VARIABLE_GROUP_ID} ]; then echo "##vso[task.logissue type=error]Variable group $(parent_variable_group) could not be found." exit 2 @@ -219,10 +217,10 @@ stages: *) LOCATION_IN_FILENAME="westeurope" ;; esac - echo "Environment: ${ENVIRONMENT}" - echo "Location: ${LOCATION}" - echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" - echo "Location(filename): $LOCATION_IN_FILENAME" + echo "Environment: ${ENVIRONMENT}" + echo "Location: ${LOCATION}" + echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" + echo "Location(filename): $LOCATION_IN_FILENAME" echo "" @@ -241,34 +239,27 @@ stages: az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Deployer_Key_Vault.value" --out tsv) if [ -n "${az_var}" ]; then key_vault="${az_var}" - echo "Deployer Key Vault: ${key_vault}" else echo "Reading key vault from environment file" key_vault=$(grep -m "^keyvault=" ${deployer_environment_file_name} | awk -F'=' '{print $2}' | xargs) - echo "Deployer Key Vault: ${key_vault}" fi export STATE_SUBSCRIPTION=$ARM_SUBSCRIPTION_ID - echo "TF state subscription: $STATE_SUBSCRIPTION" az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Account_Name.value" --out tsv) if [ -n "${az_var}" ]; then REMOTE_STATE_SA="${az_var}" - echo "TF state account: $REMOTE_STATE_SA" else echo "Reading storage account from environment file" REMOTE_STATE_SA=$(grep -m1 "^REMOTE_STATE_SA=" ${deployer_environment_file_name} | awk -F'=' '{print $2}' | xargs) - echo "TF state account: $REMOTE_STATE_SA" fi az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Resource_Group_Name.value" --out tsv) if [ -n "${az_var}" ]; then REMOTE_STATE_RG="${az_var}" - echo "TF state rg name: $REMOTE_STATE_RG" else REMOTE_STATE_RG=$(grep "^REMOTE_STATE_RG" ${deployer_environment_file_name} | awk -F'=' '{print $2}' | xargs) - echo "TF state rg name: $REMOTE_STATE_RG" fi az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "DEPLOYER_RANDOM_ID_SEED.value" --out tsv) @@ -280,6 +271,11 @@ stages: fi fi + echo "Terraform state subscription: $STATE_SUBSCRIPTION" + echo "Terraform state rg name: $REMOTE_STATE_RG" + echo "Terraform state account: $REMOTE_STATE_SA" + echo "Deployer Key Vault: ${key_vault}" + if [ -f ${CONFIG_REPO_PATH}/LIBRARY/$(library_folder)/state.zip ]; then pass=$(echo $DEPLOYER_RANDOM_ID_SEED | sed 's/-//g') unzip -qq -o -P "${pass}" ${CONFIG_REPO_PATH}/LIBRARY/$(library_folder)/state.zip -d ${CONFIG_REPO_PATH}/LIBRARY/$(library_folder) @@ -302,7 +298,7 @@ stages: return_code=$? - echo "Return code from remove_controlplane $return_code." + echo "Return code from remove_controlplane: $return_code." echo -e "$green--- Remove Control Plane Part 1 ---$reset" cd $CONFIG_REPO_PATH @@ -481,8 +477,10 @@ stages: export VARIABLE_GROUP_ID=$(az pipelines variable-group list --query "[?name=='$(parent_variable_group)'].id | [0]") - printf -v val %-15.15s "$VARIABLE_GROUP_ID" - echo "${val}: $VARIABLE_GROUP_ID" + printf -v tempval '%s id:' $(parent_variable_group) + printf -v val '%-20s' "${tempval}" + echo "$val $VARIABLE_GROUP_ID" + if [ -z ${VARIABLE_GROUP_ID} ]; then echo "##vso[task.logissue type=error]Variable group $(parent_variable_group) could not be found." exit 2 @@ -580,10 +578,10 @@ stages: *) LOCATION_IN_FILENAME="westeurope" ;; esac - echo "Environment: ${ENVIRONMENT}" - echo "Location: ${LOCATION}" - echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" - echo "Location(filename): $LOCATION_IN_FILENAME" + echo "Environment: ${ENVIRONMENT}" + echo "Location: ${LOCATION}" + echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" + echo "Location(filename): $LOCATION_IN_FILENAME" echo "" if [ $ENVIRONMENT != $ENVIRONMENT_IN_FILENAME ]; then @@ -618,12 +616,14 @@ stages: az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Deployer_Key_Vault.value" --out tsv) if [ -n "${az_var}" ]; then - key_vault="${az_var}" ; echo 'Deployer Key Vault' ${key_vault} + key_vault="${az_var}" else echo "Reading key vault from environment file" - key_vault=$(cat ${deployer_environment_file_name} | grep keyvault= -m1 | awk -F'=' '{print $2}' | xargs) ; echo 'Deployer Key Vault' ${key_vault} + key_vault=$(grep -m1 "^keyvault=" ${deployer_environment_file_name} | awk -F'=' '{print $2}' | xargs) fi + echo "Deployer Key Vault: $key_vault" + key_vault_id=$(az resource list --name "${key_vault}" --resource-type Microsoft.KeyVault/vaults --query "[].id | [0]" -o tsv) if [ -n "${key_vault_id}" ]; then From edc2a7df6d342742e3f4449482b77fa57edb5e4a Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 00:57:02 +0300 Subject: [PATCH 169/279] Refactor echo statements to consistently use variables and improve Terraform details --- deploy/terraform/bootstrap/sap_library/providers.tf | 3 ++- deploy/terraform/bootstrap/sap_library/variables_local.tf | 2 ++ deploy/terraform/run/sap_library/providers.tf | 2 +- deploy/terraform/run/sap_library/variables_local.tf | 1 + 4 files changed, 6 insertions(+), 2 deletions(-) diff --git a/deploy/terraform/bootstrap/sap_library/providers.tf b/deploy/terraform/bootstrap/sap_library/providers.tf index ce94129da8..8c4f7c482f 100644 --- a/deploy/terraform/bootstrap/sap_library/providers.tf +++ b/deploy/terraform/bootstrap/sap_library/providers.tf @@ -56,7 +56,8 @@ provider "azurerm" { alias = "deployer" storage_use_azuread = true - use_msi = var.use_spn ? false : true + use_msi = false + subscription_id = coalesce(local.deployer_subscription_id, local.spn.subscription_id) } provider "azurerm" { diff --git a/deploy/terraform/bootstrap/sap_library/variables_local.tf b/deploy/terraform/bootstrap/sap_library/variables_local.tf index 503283cb6b..3ab4c877f4 100644 --- a/deploy/terraform/bootstrap/sap_library/variables_local.tf +++ b/deploy/terraform/bootstrap/sap_library/variables_local.tf @@ -18,6 +18,8 @@ locals { ) // Retrieve the arm_id of deployer's Key Vault from deployer's terraform.tfstate spn_key_vault_arm_id = try(data.terraform_remote_state.deployer[0].outputs.deployer_kv_user_arm_id, "") + deployer_subscription_id = length(local.spn_key_vault_arm_id) > 0 ? split("/", local.spn_key_vault_arm_id)[2] : "" + spn = { subscription_id = local.use_spn ? data.azurerm_key_vault_secret.subscription_id[0].value : null, diff --git a/deploy/terraform/run/sap_library/providers.tf b/deploy/terraform/run/sap_library/providers.tf index 24013b1dac..6dccee6cd6 100644 --- a/deploy/terraform/run/sap_library/providers.tf +++ b/deploy/terraform/run/sap_library/providers.tf @@ -50,7 +50,7 @@ provider "azurerm" { alias = "deployer" storage_use_azuread = !var.shared_access_key_enabled use_msi = true - + subscription_id = local.saplib_subscription_id } provider "azurerm" { diff --git a/deploy/terraform/run/sap_library/variables_local.tf b/deploy/terraform/run/sap_library/variables_local.tf index f5f491dadd..8360cf4301 100644 --- a/deploy/terraform/run/sap_library/variables_local.tf +++ b/deploy/terraform/run/sap_library/variables_local.tf @@ -33,6 +33,7 @@ locals { // Retrieve the arm_id of deployer's Key Vault from deployer's terraform.tfstate spn_key_vault_arm_id = try(data.terraform_remote_state.deployer[0].outputs.deployer_kv_user_arm_id, "") + spn = { subscription_id = local.use_spn ? data.azurerm_key_vault_secret.subscription_id[0].value : null, client_id = local.use_spn ? data.azurerm_key_vault_secret.client_id[0].value : null, From 6a23f351a74dad2925b49cbb95c6045b6efdde01 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 00:58:32 +0300 Subject: [PATCH 170/279] Refactor providers.tf to use Managed Service Identity (MSI) for authentication --- deploy/terraform/run/sap_deployer/providers.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/terraform/run/sap_deployer/providers.tf b/deploy/terraform/run/sap_deployer/providers.tf index 40e5d55546..37fc593bc7 100644 --- a/deploy/terraform/run/sap_deployer/providers.tf +++ b/deploy/terraform/run/sap_deployer/providers.tf @@ -28,7 +28,7 @@ provider "azurerm" { partner_id = "f94f50f2-2539-42f8-9c8e-c65b28c681f7" storage_use_azuread = !var.shared_access_key_enabled - use_msi = var.use_spn ? false : true + use_msi = true } provider "azurerm" { From d85b01a04db91c07469a057f899cacbeb91cf338 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 01:03:33 +0300 Subject: [PATCH 171/279] Refactor echo statements to consistently use variables and improve formatting --- deploy/pipelines/12-remove-control-plane.yaml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/deploy/pipelines/12-remove-control-plane.yaml b/deploy/pipelines/12-remove-control-plane.yaml index fc39da7d0b..307a7b1143 100644 --- a/deploy/pipelines/12-remove-control-plane.yaml +++ b/deploy/pipelines/12-remove-control-plane.yaml @@ -234,7 +234,8 @@ stages: exit 2 fi - deployer_environment_file_name=$HOME/.sap_deployment_automation/$ENVIRONMENT$LOCATION_CODE; echo "Environment file: " $deployer_environment_file_name + deployer_environment_file_name=$HOME/.sap_deployment_automation/$ENVIRONMENT$LOCATION_CODE; + echo "Environment file: $deployer_environment_file_name" az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Deployer_Key_Vault.value" --out tsv) if [ -n "${az_var}" ]; then @@ -580,6 +581,8 @@ stages: echo "Environment: ${ENVIRONMENT}" echo "Location: ${LOCATION}" + echo "Location code: ${LOCATION_CODE}" + echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" echo "Location(filename): $LOCATION_IN_FILENAME" echo "" @@ -596,7 +599,8 @@ stages: echo -e "$green--- Running the remove region script that destroys deployer VM and SAP library ---$reset" - deployer_environment_file_name=$HOME/.sap_deployment_automation/$ENVIRONMENT$LOCATION; echo "Environment file: " $deployer_environment_file_name + deployer_environment_file_name=$HOME/.sap_deployment_automation/$ENVIRONMENT$LOCATION_CODE + echo "Environment file: $deployer_environment_file_name" echo -e "$green--- az login ---$reset" From 5833c14d33c01f0f01dc3b112f77466cde1fbb56 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 01:07:06 +0300 Subject: [PATCH 172/279] Refactor echo statement to improve parameter file formatting --- deploy/scripts/remove_deployer.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/scripts/remove_deployer.sh b/deploy/scripts/remove_deployer.sh index 3aa3129ef5..6ef413741b 100755 --- a/deploy/scripts/remove_deployer.sh +++ b/deploy/scripts/remove_deployer.sh @@ -75,7 +75,7 @@ deployment_system=sap_deployer param_dirname=$(dirname "${parameterfile}") -echo "Parameter file: "${parameterfile}"" +echo "Parameter file: ${parameterfile}" if [ ! -f "${parameterfile}" ] then From 98b962c33ccb63d362681a43b29cf560360c3ca2 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 01:14:52 +0300 Subject: [PATCH 173/279] Refactor echo statements to improve formatting and use variables consistently --- deploy/pipelines/01-deploy-control-plane.yaml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index d368aa0038..e9a2e884b9 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -124,8 +124,11 @@ stages: az devops configure --defaults organization=$(System.CollectionUri) project='$(System.TeamProject)' --output none export VARIABLE_GROUP_ID=$(az pipelines variable-group list --query "[?name=='$(variable_group)'].id | [0]") - printf -v val '%-15s' "$(variable_group) id:" - echo "$val $VARIABLE_GROUP_ID" + + + printf -v tempval '%s id:' $(parent_variable_group) + printf -v val '%-20s' "${tempval}" + echo "$val $VARIABLE_GROUP_ID" if [ "${{ parameters.force_reset }}" = "True" ]; then echo "##vso[task.logissue type=warning]Forcing a re-install" @@ -140,7 +143,7 @@ stages: key_vault="${az_var}" ; echo 'Deployer Key Vault' ${key_vault} else echo "Reading key vault from environment file" - key_vault=$(grep -m1 "^keyvault="" ${deployer_environment_file_name} |awk -F'=' '{print $2}' | xargs) ; echo 'Deployer Key Vault' ${key_vault} + key_vault=$(grep -m1 "^keyvault=" ${deployer_environment_file_name} |awk -F'=' '{print $2}' | xargs) fi key_vault_id=$(az resource list --name "${key_vault}" --resource-type Microsoft.KeyVault/vaults --query "[].id | [0]" -o tsv) From 7b4af504e69a9ff5013da6f22f88ede6fdd5c5f9 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 01:32:52 +0300 Subject: [PATCH 174/279] Refactor echo statements to consistently use variables and improve formatting --- deploy/pipelines/01-deploy-control-plane.yaml | 22 ++++++++++++------- deploy/scripts/deploy_controlplane.sh | 8 ++++--- 2 files changed, 19 insertions(+), 11 deletions(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index e9a2e884b9..0b4f430f00 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -215,7 +215,7 @@ stages: sudo mv terraform /opt/terraform/bin/terraform sudo chmod +x /opt/terraform/bin/terraform rm -f terraform_$(tf_version)_linux_amd64.zip - az extension add --name storage-blob-preview >/dev/null + az extension add --name storage-blob-preview --allow-preview true --only-show-errors >/dev/null fi echo -e "$green--- Configure parameters ---$reset" echo -e "$green--- Convert config files to UX format ---$reset" @@ -225,10 +225,10 @@ stages: deployer_environment_file_name=$CONFIG_REPO_PATH/.sap_deployment_automation/${ENVIRONMENT}$LOCATION echo -e "$green--- Deploy the Control Plane ---$reset" if [ -n "$(PAT)" ]; then - echo 'Deployer Agent PAT is defined' + echo "Deployer Agent PAT: IsDefined" fi if [ -n "$(POOL)" ]; then - echo "Deployer Agent Pool: $(POOL)" + echo "Deployer Agent Pool: $(POOL)" fi if [ -f ${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/state.zip ]; then @@ -238,9 +238,10 @@ stages: fi if [ $(use_webapp) = "true" ]; then - echo "Deploy Web App: true" + echo "Deploy Web App: true" + else - echo "Deploy Web App: false" + echo "Deploy Web App: false" fi export TF_LOG_PATH=$CONFIG_REPO_PATH/.sap_deployment_automation/terraform.log @@ -537,8 +538,13 @@ stages: fi echo "Terraform state subscription: $STATE_SUBSCRIPTION" - echo "Terraform state rg name: $REMOTE_STATE_RG" - echo "Terraform storage account: $REMOTE_STATE_SA" + if [ -n "${REMOTE_STATE_RG}" ]; then + echo "Terraform state rg name: $REMOTE_STATE_RG" + fi + if [ -n "${REMOTE_STATE_SA}" ]; then + echo "Terraform storage account: $REMOTE_STATE_SA" + fi + echo "Deployer Key Vault: ${key_vault}" echo "Deployer TFvars: $(deployerconfig)" @@ -735,7 +741,7 @@ stages: echo -e "$green--- Deploy the Control Plane ---$reset" if [ -n "$(POOL)" ]; then - echo "Deployer Agent Pool: $(POOL)" + echo "Deployer Agent Pool: $(POOL)" fi if [ -f "${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder)/state.zip" ]; then diff --git a/deploy/scripts/deploy_controlplane.sh b/deploy/scripts/deploy_controlplane.sh index 5368b98853..ff56820934 100755 --- a/deploy/scripts/deploy_controlplane.sh +++ b/deploy/scripts/deploy_controlplane.sh @@ -84,12 +84,13 @@ echo "ADO flag: ${ado_flag}" key=$(basename "${deployer_parameter_file}" | cut -d. -f1) deployer_tfstate_key="${key}.terraform.tfstate" -echo "Deployer State File: ${deployer_tfstate_key}" +echo "Deployer State File: ${deployer_tfstate_key}" key=$(basename "${library_parameter_file}" | cut -d. -f1) library_tfstate_key="${key}.terraform.tfstate" -echo "Library State File: ${library_tfstate_key}" +echo "Deployer State File: ${deployer_tfstate_key}" +echo "Library State File: ${library_tfstate_key}" this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 root_dirname=$(pwd) @@ -132,7 +133,8 @@ fi # Convert the region to the correct code get_region_code "$region" -echo "Region code: ${region_code}" +echo "Region code: ${region_code}" + automation_config_directory=$CONFIG_REPO_PATH/.sap_deployment_automation generic_config_information="${automation_config_directory}"/config From 1eee95d29168a32fd077d57247e55d20aac996f0 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 01:42:26 +0300 Subject: [PATCH 175/279] Refactor deploy control plane pipeline to improve configuration and extension installation --- deploy/pipelines/01-deploy-control-plane.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index 0b4f430f00..9e52cb1515 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -440,6 +440,8 @@ stages: file_key_vault="" file_REMOTE_STATE_SA="" file_REMOTE_STATE_RG=$(deployerfolder) + REMOTE_STATE_SA="" + REMOTE_STATE_RG=$(deployerfolder) if [[ -f /etc/profile.d/deploy_server.sh ]]; then path=$(grep -m 1 "export PATH=" /etc/profile.d/deploy_server.sh | awk -F'=' '{print $2}' | xargs) @@ -482,8 +484,8 @@ stages: library_configfile="${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder)/$(libraryconfig)" echo -e "$green--- Configure devops CLI extension ---$reset" - az config set extension.use_dynamic_install=yes_without_prompt - az extension add --name azure-devops --output none + az config set extension.use_dynamic_install=yes_without_prompt --only-show-errors + az extension add --name azure-devops --output none --only-show-errors az devops configure --defaults organization=$(System.CollectionUri) project='$(System.TeamProject)' From d93778d0720d41111f6be94e581ebd633ae5ac34 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 02:12:21 +0300 Subject: [PATCH 176/279] Refactor providers.tf to use remote state for subscription ID --- deploy/terraform/bootstrap/sap_library/providers.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/terraform/bootstrap/sap_library/providers.tf b/deploy/terraform/bootstrap/sap_library/providers.tf index 8c4f7c482f..45ae30e080 100644 --- a/deploy/terraform/bootstrap/sap_library/providers.tf +++ b/deploy/terraform/bootstrap/sap_library/providers.tf @@ -57,7 +57,7 @@ provider "azurerm" { storage_use_azuread = true use_msi = false - subscription_id = coalesce(local.deployer_subscription_id, local.spn.subscription_id) + subscription_id = data.terraform_remote_state.deployer[0].outputs.created_resource_group_subscription_id } provider "azurerm" { From eea4aa3bb7ca2817c936d6a973082b8926d3057a Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 02:30:34 +0300 Subject: [PATCH 177/279] Refactor echo statements to consistently use variables and improve formatting --- deploy/pipelines/01-deploy-control-plane.yaml | 2 -- .../modules/sap_deployer/templates/configure_deployer.sh.tmpl | 4 ++++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index 9e52cb1515..ee2dca0c3b 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -723,9 +723,7 @@ stages: if [ 0 = $bootstrapped ]; then key_vault=$(grep "^keyvault=" "${deployer_environment_file_name}" | awk -F'=' '{print $2}' | xargs) export key_vault - echo "Deployer Key Vault: ${key_vault}" if [ -n "${key_vault}" ]; then - echo "Deployer Key Vault: ${key_vault}" key_vault_id=$(az resource list --name "${key_vault}" --resource-type Microsoft.KeyVault/vaults --query "[].id | [0]" -o tsv) if [ -n "${key_vault_id}" ]; then diff --git a/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl b/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl index ccaa64ec1a..dc0388c3e9 100644 --- a/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl +++ b/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl @@ -458,9 +458,13 @@ else "$${tf_cache}" wget -nv -O "/$${asad_home}/$${tf_zip}" "https://releases.hashicorp.com/terraform/$${tfversion}/$${tf_zip}" + sudo touch "$${asad_ws}/LOCAL/1" sudo unzip -o "/$${asad_home}/$${tf_zip}" -d "$${tf_dir}" + sudo touch "$${asad_ws}/LOCAL/2" sudo ln -vfs "../$(basename "$${tf_dir}")/terraform" "$${tf_bin}/terraform" + sudo touch "$${asad_ws}/LOCAL/3" sudo chmod 755 "$${tf_bin}/terraform" + sudo touch "$${asad_ws}/LOCAL/4" sudo rm "/$${asad_home}/$${tf_zip}" From c6628e86d404b3c2660826355a1a773053845d71 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 10:59:17 +0300 Subject: [PATCH 178/279] Refactor echo statements to consistently use variables and improve formatting Refactor providers.tf to use remote state for subscription ID Refactor deploy control plane pipeline to improve configuration and extension installation Fix validation issue in script_helpers.sh Update providers.tf to handle null subscription ID Remove unused variable in variables_local.tf --- deploy/scripts/helpers/script_helpers.sh | 4 ++-- deploy/terraform/bootstrap/sap_library/providers.tf | 2 +- deploy/terraform/bootstrap/sap_library/variables_local.tf | 2 -- 3 files changed, 3 insertions(+), 5 deletions(-) diff --git a/deploy/scripts/helpers/script_helpers.sh b/deploy/scripts/helpers/script_helpers.sh index 84ce9ff48d..df5640950f 100755 --- a/deploy/scripts/helpers/script_helpers.sh +++ b/deploy/scripts/helpers/script_helpers.sh @@ -394,7 +394,7 @@ function missing { function validate_dependencies { tfPath="/opt/terraform/bin/terraform" - if [ -f /opt/terraform/bin/terraform ]; then + if [ -d /opt/terraform/bin/terraform ]; then tfPath="/opt/terraform/bin/terraform" else tfPath=$(which terraform) @@ -486,7 +486,7 @@ function validate_dependencies { function validate_key_parameters { echo "Validating: $1" - ext=$(echo $1 | cut -d. -f2) + ext=$(echo "$1" | cut -d. -f2) # Helper variables if [ "${ext}" == json ]; then diff --git a/deploy/terraform/bootstrap/sap_library/providers.tf b/deploy/terraform/bootstrap/sap_library/providers.tf index 45ae30e080..d65ee77d1c 100644 --- a/deploy/terraform/bootstrap/sap_library/providers.tf +++ b/deploy/terraform/bootstrap/sap_library/providers.tf @@ -57,7 +57,7 @@ provider "azurerm" { storage_use_azuread = true use_msi = false - subscription_id = data.terraform_remote_state.deployer[0].outputs.created_resource_group_subscription_id + subscription_id = var.use_deployer ? data.terraform_remote_state.deployer[0].outputs.created_resource_group_subscription_id : null } provider "azurerm" { diff --git a/deploy/terraform/bootstrap/sap_library/variables_local.tf b/deploy/terraform/bootstrap/sap_library/variables_local.tf index 3ab4c877f4..503283cb6b 100644 --- a/deploy/terraform/bootstrap/sap_library/variables_local.tf +++ b/deploy/terraform/bootstrap/sap_library/variables_local.tf @@ -18,8 +18,6 @@ locals { ) // Retrieve the arm_id of deployer's Key Vault from deployer's terraform.tfstate spn_key_vault_arm_id = try(data.terraform_remote_state.deployer[0].outputs.deployer_kv_user_arm_id, "") - deployer_subscription_id = length(local.spn_key_vault_arm_id) > 0 ? split("/", local.spn_key_vault_arm_id)[2] : "" - spn = { subscription_id = local.use_spn ? data.azurerm_key_vault_secret.subscription_id[0].value : null, From a4a87e43e1136f57021f4343b06be60c41c0fc1c Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 11:37:09 +0300 Subject: [PATCH 179/279] Refactor echo statement to improve formatting in deploy_controlplane.sh --- deploy/scripts/deploy_controlplane.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/scripts/deploy_controlplane.sh b/deploy/scripts/deploy_controlplane.sh index ff56820934..ce8b7a09a5 100755 --- a/deploy/scripts/deploy_controlplane.sh +++ b/deploy/scripts/deploy_controlplane.sh @@ -79,7 +79,7 @@ do esac done -echo "ADO flag: ${ado_flag}" +echo "ADO flag: ${ado_flag}" key=$(basename "${deployer_parameter_file}" | cut -d. -f1) deployer_tfstate_key="${key}.terraform.tfstate" From 810fbaff23a9b78c3cdbe6d52a6caa5d4ca57495 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 11:45:28 +0300 Subject: [PATCH 180/279] Refactor echo statements to improve formatting in deploy_controlplane.sh and script_helpers.sh --- deploy/pipelines/01-deploy-control-plane.yaml | 4 ++-- deploy/scripts/deploy_controlplane.sh | 4 ++-- deploy/scripts/helpers/script_helpers.sh | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index ee2dca0c3b..60c2f22fbb 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -570,7 +570,7 @@ stages: fi if [ "$USE_WEBAPP" = "true" ]; then - echo "Deploy Web Application: true" + echo "Deploy Web Application: true" if [ -z "${APP_REGISTRATION_APP_ID}" ]; then echo "##vso[task.logissue type=error]Variable APP_REGISTRATION_APP_ID was not defined." @@ -588,7 +588,7 @@ stages: export TF_VAR_webapp_client_secret export TF_VAR_use_webapp=true else - echo "Deploy Web Application: false" + echo "Deploy Web Application: false" fi bootstrapped=0 diff --git a/deploy/scripts/deploy_controlplane.sh b/deploy/scripts/deploy_controlplane.sh index ce8b7a09a5..7a1f8150d4 100755 --- a/deploy/scripts/deploy_controlplane.sh +++ b/deploy/scripts/deploy_controlplane.sh @@ -256,11 +256,11 @@ fi load_config_vars "${deployer_config_information}" "step" if [ 0 = "${deploy_using_msi_only:-}" ]; then - echo "Identity to use: Service Principal" + echo "Identity to use: Service Principal" unset ARM_USE_MSI set_executing_user_environment_variables "${spn_secret}" else - echo "Identity to use: Managed Identity" + echo "Identity to use: Managed Identity" set_executing_user_environment_variables "none" fi diff --git a/deploy/scripts/helpers/script_helpers.sh b/deploy/scripts/helpers/script_helpers.sh index df5640950f..e4643dbb89 100755 --- a/deploy/scripts/helpers/script_helpers.sh +++ b/deploy/scripts/helpers/script_helpers.sh @@ -400,7 +400,7 @@ function validate_dependencies { tfPath=$(which terraform) fi - echo "Checking Terraform: $tfPath" + echo "Checking Terraform: $tfPath" # if /opt/terraform exists, assign permissions to the user if [ -d /opt/terraform ]; then @@ -485,7 +485,7 @@ function validate_dependencies { } function validate_key_parameters { - echo "Validating: $1" + echo "Validating: $1" ext=$(echo "$1" | cut -d. -f2) # Helper variables From 7d04ddd31a463bacbe7a4b38fd3c01ff546accfa Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 12:41:41 +0300 Subject: [PATCH 181/279] Refactor deploy_controlplane.sh and script_helpers.sh echo statements for improved formatting --- deploy/ansible/roles-os/1.1-swap/defaults/main.yaml | 8 ++++++++ deploy/ansible/roles-os/1.1-swap/tasks/main.yaml | 3 +-- 2 files changed, 9 insertions(+), 2 deletions(-) create mode 100644 deploy/ansible/roles-os/1.1-swap/defaults/main.yaml diff --git a/deploy/ansible/roles-os/1.1-swap/defaults/main.yaml b/deploy/ansible/roles-os/1.1-swap/defaults/main.yaml new file mode 100644 index 0000000000..199a68459e --- /dev/null +++ b/deploy/ansible/roles-os/1.1-swap/defaults/main.yaml @@ -0,0 +1,8 @@ +--- +# TODO: Maybe move these to a group_vars/all/distro file so that they +# can be shared by all playbooks/tasks automatically, and extend with +# standardised versions of all similar patterns used in the playbooks. +# Changed from ansible_os_family to ansible_distribution to adopt Oracle Linux. os_family returns returns value Redhat by default. +distro_name: "{{ ansible_distribution | upper }}-{{ ansible_distribution_major_version }}" +distribution_id: "{{ ansible_distribution | lower ~ ansible_distribution_major_version }}" +distribution_full_id: "{{ ansible_distribution | lower ~ ansible_distribution_version }}" diff --git a/deploy/ansible/roles-os/1.1-swap/tasks/main.yaml b/deploy/ansible/roles-os/1.1-swap/tasks/main.yaml index 44b71b00e7..016f87a6e2 100644 --- a/deploy/ansible/roles-os/1.1-swap/tasks/main.yaml +++ b/deploy/ansible/roles-os/1.1-swap/tasks/main.yaml @@ -35,9 +35,8 @@ state: latest environment: ZYPP_LOCK_TIMEOUT: "20" - when: - - ansible_os_family == 'Suse' + - distribution_id == 'sles_sap15' tags: - skip_ansible_lint From bf1878f7f6e676b5b97e7f18a4fd221b55093377 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 13:20:01 +0300 Subject: [PATCH 182/279] Refactor key vault secrets to include service principal access --- .../sap_landscape/key_vault_sap_landscape.tf | 21 ++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/deploy/terraform/terraform-units/modules/sap_landscape/key_vault_sap_landscape.tf b/deploy/terraform/terraform-units/modules/sap_landscape/key_vault_sap_landscape.tf index 23d5391977..cb3f86b164 100644 --- a/deploy/terraform/terraform-units/modules/sap_landscape/key_vault_sap_landscape.tf +++ b/deploy/terraform/terraform-units/modules/sap_landscape/key_vault_sap_landscape.tf @@ -167,7 +167,8 @@ resource "azurerm_key_vault_secret" "sid_ppk" { azurerm_key_vault_access_policy.kv_user, azurerm_role_assignment.role_assignment_spn, azurerm_role_assignment.role_assignment_msi, - azurerm_key_vault_access_policy.kv_user_msi + azurerm_key_vault_access_policy.kv_user_msi, + azurerm_key_vault_access_policy.kv_user_spn ] content_type = "" name = local.sid_ppk_name @@ -193,7 +194,8 @@ resource "azurerm_key_vault_secret" "sid_pk" { azurerm_key_vault_access_policy.kv_user, azurerm_role_assignment.role_assignment_spn, azurerm_role_assignment.role_assignment_msi, - azurerm_key_vault_access_policy.kv_user_msi + azurerm_key_vault_access_policy.kv_user_msi, + azurerm_key_vault_access_policy.kv_user_spn ] content_type = "" name = local.sid_pk_name @@ -224,7 +226,8 @@ resource "azurerm_key_vault_secret" "sid_username" { azurerm_key_vault_access_policy.kv_user, azurerm_role_assignment.role_assignment_spn, azurerm_role_assignment.role_assignment_msi, - azurerm_key_vault_access_policy.kv_user_msi + azurerm_key_vault_access_policy.kv_user_msi, + azurerm_key_vault_access_policy.kv_user_spn ] content_type = "" name = local.sid_username_secret_name @@ -253,7 +256,8 @@ resource "azurerm_key_vault_secret" "sid_password" { azurerm_key_vault_access_policy.kv_user, azurerm_role_assignment.role_assignment_spn, azurerm_role_assignment.role_assignment_msi, - azurerm_key_vault_access_policy.kv_user_msi + azurerm_key_vault_access_policy.kv_user_msi, + azurerm_key_vault_access_policy.kv_user_spn ] name = local.sid_password_secret_name content_type = "" @@ -284,7 +288,8 @@ resource "azurerm_key_vault_secret" "witness_access_key" { azurerm_key_vault_access_policy.kv_user, azurerm_role_assignment.role_assignment_spn, azurerm_role_assignment.role_assignment_msi, - azurerm_key_vault_access_policy.kv_user_msi + azurerm_key_vault_access_policy.kv_user_msi, + azurerm_key_vault_access_policy.kv_user_spn ] content_type = "" name = replace( @@ -321,7 +326,8 @@ resource "azurerm_key_vault_secret" "witness_name" { azurerm_key_vault_access_policy.kv_user, azurerm_role_assignment.role_assignment_spn, azurerm_role_assignment.role_assignment_msi, - azurerm_key_vault_access_policy.kv_user_msi + azurerm_key_vault_access_policy.kv_user_msi, + azurerm_key_vault_access_policy.kv_user_spn ] content_type = "" name = replace( @@ -388,7 +394,8 @@ resource "azurerm_key_vault_secret" "deployer_keyvault_user_name" { azurerm_key_vault_access_policy.kv_user, azurerm_role_assignment.role_assignment_spn, azurerm_role_assignment.role_assignment_msi, - azurerm_key_vault_access_policy.kv_user_msi + azurerm_key_vault_access_policy.kv_user_msi, + azurerm_key_vault_access_policy.kv_user_spn ] content_type = "" name = "deployer-kv-name" From ad1b8679c091e014b802778bb45bf9d089d74114 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 13:30:35 +0300 Subject: [PATCH 183/279] Refactor key vault secrets to include service principal access --- .../modules/sap_landscape/key_vault_sap_landscape.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/terraform/terraform-units/modules/sap_landscape/key_vault_sap_landscape.tf b/deploy/terraform/terraform-units/modules/sap_landscape/key_vault_sap_landscape.tf index cb3f86b164..0d7b90682e 100644 --- a/deploy/terraform/terraform-units/modules/sap_landscape/key_vault_sap_landscape.tf +++ b/deploy/terraform/terraform-units/modules/sap_landscape/key_vault_sap_landscape.tf @@ -119,8 +119,8 @@ resource "azurerm_key_vault_access_policy" "kv_user_spn" { provider = azurerm.main count = var.options.use_spn && !var.enable_rbac_authorization_for_keyvault ? 1 : 0 key_vault_id = local.user_keyvault_exist ? local.user_key_vault_id : azurerm_key_vault.kv_user[0].id - tenant_id = local.service_principal.tenant_id - object_id = local.service_principal.object_id != "" ? local.service_principal.object_id : "00000000-0000-0000-0000-000000000000" + tenant_id = var.service_principal.tenant_id + object_id = var.service_principal.object_id secret_permissions = [ "Get", From 0efcc4057bc10b18ec37a6e66e758e46fba18349 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 13:48:13 +0300 Subject: [PATCH 184/279] Refactor key vault secrets to include service principal access --- .../modules/sap_landscape/key_vault_sap_landscape.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/terraform/terraform-units/modules/sap_landscape/key_vault_sap_landscape.tf b/deploy/terraform/terraform-units/modules/sap_landscape/key_vault_sap_landscape.tf index 0d7b90682e..00de6b6ee0 100644 --- a/deploy/terraform/terraform-units/modules/sap_landscape/key_vault_sap_landscape.tf +++ b/deploy/terraform/terraform-units/modules/sap_landscape/key_vault_sap_landscape.tf @@ -117,7 +117,7 @@ resource "azurerm_key_vault_access_policy" "kv_user" { resource "azurerm_key_vault_access_policy" "kv_user_spn" { provider = azurerm.main - count = var.options.use_spn && !var.enable_rbac_authorization_for_keyvault ? 1 : 0 + count = var.options.use_spn ? 1 : 0 key_vault_id = local.user_keyvault_exist ? local.user_key_vault_id : azurerm_key_vault.kv_user[0].id tenant_id = var.service_principal.tenant_id object_id = var.service_principal.object_id From e6d6714b265fbde334061642953722675c6404ba Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 15:00:35 +0300 Subject: [PATCH 185/279] Refactor key vault secrets to include service principal access --- deploy/pipelines/02-sap-workload-zone.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/deploy/pipelines/02-sap-workload-zone.yaml b/deploy/pipelines/02-sap-workload-zone.yaml index 3815882f36..40ba9f0651 100644 --- a/deploy/pipelines/02-sap-workload-zone.yaml +++ b/deploy/pipelines/02-sap-workload-zone.yaml @@ -460,7 +460,9 @@ stages: $SAP_AUTOMATION_REPO_PATH/deploy/scripts/set_secrets.sh --workload --vault "${key_vault}" --environment "${ENVIRONMENT}" \ --region "${LOCATION}" --subscription $ARM_SUBSCRIPTION_ID --spn_id $ARM_CLIENT_ID --spn_secret "${ARM_CLIENT_SECRET}" \ --tenant_id $ARM_TENANT_ID --keyvault_subscription $STATE_SUBSCRIPTION - secrets_set=$? ; echo -e "$cyan Set Secrets returned $secrets_set $reset" + secrets_set=$? ; + echo "Set Secrets returned: $secrets_set" + else echo "Deployment credentials: Managed Identity" # export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID @@ -476,6 +478,10 @@ stages: isUserAccessAdmin=$(az role assignment list --role "User Access Administrator" --subscription $STATE_SUBSCRIPTION --query "[?principalType=='ServicePrincipal'].principalId | [0] " --assignee $ARM_OBJECT_ID) + echo "Service Principal: "$ARM_CLIENT_ID" + echo "Is User Access Administrator: $isUserAccessAdmin" + echo "Deployment credentials: Managed Identity" + tfstate_resource_id=$(az resource list --name "${REMOTE_STATE_SA}" --subscription ${STATE_SUBSCRIPTION} --resource-type Microsoft.Storage/storageAccounts --query "[].id | [0]" -o tsv) if [ -n "${isUserAccessAdmin}" ]; then From 9f67af1f64c6c28a39566e375f477f7ad22160dd Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 15:03:27 +0300 Subject: [PATCH 186/279] Refactor echo statements for improved formatting in deploy_controlplane.sh and script_helpers.sh --- deploy/pipelines/02-sap-workload-zone.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/pipelines/02-sap-workload-zone.yaml b/deploy/pipelines/02-sap-workload-zone.yaml index 40ba9f0651..98dfcd4693 100644 --- a/deploy/pipelines/02-sap-workload-zone.yaml +++ b/deploy/pipelines/02-sap-workload-zone.yaml @@ -478,7 +478,7 @@ stages: isUserAccessAdmin=$(az role assignment list --role "User Access Administrator" --subscription $STATE_SUBSCRIPTION --query "[?principalType=='ServicePrincipal'].principalId | [0] " --assignee $ARM_OBJECT_ID) - echo "Service Principal: "$ARM_CLIENT_ID" + echo "Service Principal: $ARM_CLIENT_ID" echo "Is User Access Administrator: $isUserAccessAdmin" echo "Deployment credentials: Managed Identity" From 93c03084d76d78d2be40e9beca667af56877a55c Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 15:04:50 +0300 Subject: [PATCH 187/279] Refactor permissions assignment in deploy_controlplane.sh --- deploy/pipelines/02-sap-workload-zone.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/deploy/pipelines/02-sap-workload-zone.yaml b/deploy/pipelines/02-sap-workload-zone.yaml index 98dfcd4693..19ca9f05c9 100644 --- a/deploy/pipelines/02-sap-workload-zone.yaml +++ b/deploy/pipelines/02-sap-workload-zone.yaml @@ -487,26 +487,26 @@ stages: if [ -n "${isUserAccessAdmin}" ]; then echo -e "$green--- Set permissions ---$reset" - perms=$(az role assignment list --subscription ${STATE_SUBSCRIPTION} --role "Reader" --query "[?principalId=='$WL_ARM_OBJECT_ID'].principalId | [0]" -o tsv --only-show-errors) + perms=$(az role assignment list --subscription ${STATE_SUBSCRIPTION} --role "Reader" --query "[?principalId=='$ARM_OBJECT_ID'].principalId | [0]" -o tsv --only-show-errors) if [ -z "$perms" ]; then echo -e "$green --- Assign subscription permissions to $perms ---$reset" - az role assignment create --assignee-object-id $WL_ARM_OBJECT_ID --assignee-principal-type ServicePrincipal --role "Reader" --scope "/subscriptions/${STATE_SUBSCRIPTION}" --output none + az role assignment create --assignee-object-id $ARM_OBJECT_ID --assignee-principal-type ServicePrincipal --role "Reader" --scope "/subscriptions/${STATE_SUBSCRIPTION}" --output none fi perms=$(az role assignment list --subscription ${STATE_SUBSCRIPTION} --role "Storage Blob Data Contributor" --scope "${tfstate_resource_id}" --query "[?principalId=='$WL_ARM_OBJECT_ID'].principalName | [0]" -o tsv --only-show-errors) if [ -z "$perms" ]; then - echo "Assigning Storage Account Contributor permissions for $WL_ARM_OBJECT_ID to ${tfstate_resource_id}" - az role assignment create --assignee-object-id $WL_ARM_OBJECT_ID --assignee-principal-type ServicePrincipal --role "Storage Blob Data Contributor" --scope "${tfstate_resource_id}" --output none + echo "Assigning Storage Account Contributor permissions for $ARM_OBJECT_ID to ${tfstate_resource_id}" + az role assignment create --assignee-object-id $ARM_OBJECT_ID --assignee-principal-type ServicePrincipal --role "Storage Blob Data Contributor" --scope "${tfstate_resource_id}" --output none fi resource_group_name=$(az resource show --id "${tfstate_resource_id}" --query resourceGroup -o tsv) if [ -n "${resource_group_name}" ]; then for scope in $(az resource list --resource-group "${resource_group_name}" --subscription ${STATE_SUBSCRIPTION} --resource-type Microsoft.Network/privateDnsZones --query "[].id" --output tsv); do - perms=$(az role assignment list --subscription ${STATE_SUBSCRIPTION} --role "Private DNS Zone Contributor" --scope $scope --query "[?principalId=='$WL_ARM_OBJECT_ID'].principalId | [0]" -o tsv --only-show-errors) + perms=$(az role assignment list --subscription ${STATE_SUBSCRIPTION} --role "Private DNS Zone Contributor" --scope $scope --query "[?principalId=='$ARM_OBJECT_ID'].principalId | [0]" -o tsv --only-show-errors) if [ -z "$perms" ]; then echo "Assigning DNS Zone Contributor permissions for $WL_ARM_OBJECT_ID to ${scope}" - az role assignment create --assignee-object-id $WL_ARM_OBJECT_ID --assignee-principal-type ServicePrincipal --role "Private DNS Zone Contributor" --scope $scope --output none + az role assignment create --assignee-object-id $ARM_OBJECT_ID --assignee-principal-type ServicePrincipal --role "Private DNS Zone Contributor" --scope $scope --output none fi done fi @@ -518,11 +518,11 @@ stages: vnet_resource_id=$(az resource list --resource-group "${resource_group_name}" --subscription ${STATE_SUBSCRIPTION} --resource-type Microsoft.Network/virtualNetworks -o tsv --query "[].id | [0]") if [ -n "${vnet_resource_id}" ]; then - perms=$(az role assignment list --subscription ${STATE_SUBSCRIPTION} --role "Network Contributor" --scope $vnet_resource_id --only-show-errors --query "[].principalId | [0]" --assignee $WL_ARM_OBJECT_ID -o tsv --only-show-errors) + perms=$(az role assignment list --subscription ${STATE_SUBSCRIPTION} --role "Network Contributor" --scope $vnet_resource_id --only-show-errors --query "[].principalId | [0]" --assignee $ARM_OBJECT_ID -o tsv --only-show-errors) if [ -z "$perms" ]; then - echo "Assigning Network Contributor rights for $WL_ARM_OBJECT_ID to ${vnet_resource_id}" - az role assignment create --assignee-object-id $WL_ARM_OBJECT_ID --assignee-principal-type ServicePrincipal --role "Network Contributor" --scope $vnet_resource_id --output none + echo "Assigning Network Contributor rights for $ARM_OBJECT_ID to ${vnet_resource_id}" + az role assignment create --assignee-object-id $ARM_OBJECT_ID --assignee-principal-type ServicePrincipal --role "Network Contributor" --scope $vnet_resource_id --output none fi fi fi From c4741b2c7605d3ecda2eab85f145c91dbc0c80bc Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 15:14:06 +0300 Subject: [PATCH 188/279] Refactor echo statements for improved formatting and include deployer subscription --- deploy/pipelines/02-sap-workload-zone.yaml | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/deploy/pipelines/02-sap-workload-zone.yaml b/deploy/pipelines/02-sap-workload-zone.yaml index 19ca9f05c9..dae020b34b 100644 --- a/deploy/pipelines/02-sap-workload-zone.yaml +++ b/deploy/pipelines/02-sap-workload-zone.yaml @@ -438,6 +438,7 @@ stages: echo "Deployment credentials: Service Principal" echo "Deployment credential ID (SPN): $WL_ARM_CLIENT_ID" + echo "Deployer subscription: $STATE_SUBSCRIPTION" export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET @@ -476,11 +477,15 @@ stages: if [ $USE_MSI != "true" ]; then - isUserAccessAdmin=$(az role assignment list --role "User Access Administrator" --subscription $STATE_SUBSCRIPTION --query "[?principalType=='ServicePrincipal'].principalId | [0] " --assignee $ARM_OBJECT_ID) + az role assignment list --role "User Access Administrator" --subscription $STATE_SUBSCRIPTION + echo "...................." + az role assignment list --role "User Access Administrator" --subscription $STATE_SUBSCRIPTION --query "[?principalType=='ServicePrincipal'].principalId + + isUserAccessAdmin=$(az role assignment list --role "User Access Administrator" --subscription $STATE_SUBSCRIPTION --query "[?principalType=='ServicePrincipal'].principalId | [0] " --assignee $WL_ARM_OBJECT_ID --out tsv) echo "Service Principal: $ARM_CLIENT_ID" - echo "Is User Access Administrator: $isUserAccessAdmin" - echo "Deployment credentials: Managed Identity" + echo "Is User Access Administrator: ${isUserAccessAdmin}" + echo "Deployment credentials: Service Principal" tfstate_resource_id=$(az resource list --name "${REMOTE_STATE_SA}" --subscription ${STATE_SUBSCRIPTION} --resource-type Microsoft.Storage/storageAccounts --query "[].id | [0]" -o tsv) From cdf22e63acc0446845c27075a81e5bb8fa283e2a Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 15:16:04 +0300 Subject: [PATCH 189/279] Refactor echo statements for improved formatting and include deployer subscription --- deploy/pipelines/02-sap-workload-zone.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/pipelines/02-sap-workload-zone.yaml b/deploy/pipelines/02-sap-workload-zone.yaml index dae020b34b..5e1d2688d1 100644 --- a/deploy/pipelines/02-sap-workload-zone.yaml +++ b/deploy/pipelines/02-sap-workload-zone.yaml @@ -479,7 +479,7 @@ stages: az role assignment list --role "User Access Administrator" --subscription $STATE_SUBSCRIPTION echo "...................." - az role assignment list --role "User Access Administrator" --subscription $STATE_SUBSCRIPTION --query "[?principalType=='ServicePrincipal'].principalId + az role assignment list --role "User Access Administrator" --subscription $STATE_SUBSCRIPTION --query "[?principalType=='ServicePrincipal'].principalId" isUserAccessAdmin=$(az role assignment list --role "User Access Administrator" --subscription $STATE_SUBSCRIPTION --query "[?principalType=='ServicePrincipal'].principalId | [0] " --assignee $WL_ARM_OBJECT_ID --out tsv) From a78fa59d70438859fc6f002a9b16cd7066f7da59 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 15:27:43 +0300 Subject: [PATCH 190/279] Refactor echo statements for improved formatting and include deployer subscription --- deploy/pipelines/02-sap-workload-zone.yaml | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/deploy/pipelines/02-sap-workload-zone.yaml b/deploy/pipelines/02-sap-workload-zone.yaml index 5e1d2688d1..8d8182a68a 100644 --- a/deploy/pipelines/02-sap-workload-zone.yaml +++ b/deploy/pipelines/02-sap-workload-zone.yaml @@ -476,16 +476,13 @@ stages: debug_variable='' if [ $USE_MSI != "true" ]; then + echo "Deployment credentials: Service Principal" + echo "Service Principal: $WL_ARM_CLIENT_ID" + echo "Service Principal (OID) $WL_ARM_OBJECT_ID" - az role assignment list --role "User Access Administrator" --subscription $STATE_SUBSCRIPTION - echo "...................." - az role assignment list --role "User Access Administrator" --subscription $STATE_SUBSCRIPTION --query "[?principalType=='ServicePrincipal'].principalId" - - isUserAccessAdmin=$(az role assignment list --role "User Access Administrator" --subscription $STATE_SUBSCRIPTION --query "[?principalType=='ServicePrincipal'].principalId | [0] " --assignee $WL_ARM_OBJECT_ID --out tsv) + isUserAccessAdmin=$(az role assignment list --role "User Access Administrator" --subscription $STATE_SUBSCRIPTION --assignee $WL_ARM_OBJECT_ID --query "[].principalName | [0]" --output tsv) - echo "Service Principal: $ARM_CLIENT_ID" echo "Is User Access Administrator: ${isUserAccessAdmin}" - echo "Deployment credentials: Service Principal" tfstate_resource_id=$(az resource list --name "${REMOTE_STATE_SA}" --subscription ${STATE_SUBSCRIPTION} --resource-type Microsoft.Storage/storageAccounts --query "[].id | [0]" -o tsv) From 5f5fe0073bb4ef809ea48959e73575848e7aa761 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 18:42:51 +0300 Subject: [PATCH 191/279] Change to use ARM CLIENT ID --- deploy/pipelines/02-sap-workload-zone.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/pipelines/02-sap-workload-zone.yaml b/deploy/pipelines/02-sap-workload-zone.yaml index 8d8182a68a..1c1278c794 100644 --- a/deploy/pipelines/02-sap-workload-zone.yaml +++ b/deploy/pipelines/02-sap-workload-zone.yaml @@ -480,7 +480,7 @@ stages: echo "Service Principal: $WL_ARM_CLIENT_ID" echo "Service Principal (OID) $WL_ARM_OBJECT_ID" - isUserAccessAdmin=$(az role assignment list --role "User Access Administrator" --subscription $STATE_SUBSCRIPTION --assignee $WL_ARM_OBJECT_ID --query "[].principalName | [0]" --output tsv) + isUserAccessAdmin=$(az role assignment list --role "User Access Administrator" --subscription $STATE_SUBSCRIPTION --assignee $WL_ARM_CLIENT_ID --query "[].principalName | [0]" --output tsv) echo "Is User Access Administrator: ${isUserAccessAdmin}" From 2fe7923b49fd1e25572f8a683d2c04b1e6ccf02b Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 18:52:10 +0300 Subject: [PATCH 192/279] Refactor echo statement to include deployer subscription in 02-sap-workload-zone.yaml --- deploy/pipelines/02-sap-workload-zone.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy/pipelines/02-sap-workload-zone.yaml b/deploy/pipelines/02-sap-workload-zone.yaml index 1c1278c794..9aa9d041ec 100644 --- a/deploy/pipelines/02-sap-workload-zone.yaml +++ b/deploy/pipelines/02-sap-workload-zone.yaml @@ -437,8 +437,8 @@ stages: if [ $USE_MSI != "true" ]; then echo "Deployment credentials: Service Principal" - echo "Deployment credential ID (SPN): $WL_ARM_CLIENT_ID" - echo "Deployer subscription: $STATE_SUBSCRIPTION" + echo "Deployment credential ID (SPN): $WL_ARM_CLIENT_ID" + echo "Deployer subscription: $STATE_SUBSCRIPTION" export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET @@ -480,7 +480,7 @@ stages: echo "Service Principal: $WL_ARM_CLIENT_ID" echo "Service Principal (OID) $WL_ARM_OBJECT_ID" - isUserAccessAdmin=$(az role assignment list --role "User Access Administrator" --subscription $STATE_SUBSCRIPTION --assignee $WL_ARM_CLIENT_ID --query "[].principalName | [0]" --output tsv) + isUserAccessAdmin=$(az role assignment list --role "User Access Administrator" --subscription $STATE_SUBSCRIPTION --assignee $WL_ARM_OBJECT_ID --query "[].principalName | [0]" --output tsv) echo "Is User Access Administrator: ${isUserAccessAdmin}" From d80c692227a319cfebb08b615d48c9838843967b Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 18:57:50 +0300 Subject: [PATCH 193/279] Refactor echo statements for improved formatting and include deployer subscription in 02-sap-workload-zone.yaml --- deploy/pipelines/02-sap-workload-zone.yaml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/deploy/pipelines/02-sap-workload-zone.yaml b/deploy/pipelines/02-sap-workload-zone.yaml index 9aa9d041ec..4001fcb486 100644 --- a/deploy/pipelines/02-sap-workload-zone.yaml +++ b/deploy/pipelines/02-sap-workload-zone.yaml @@ -384,14 +384,14 @@ stages: if [ -z ${az_var} ]; then REMOTE_STATE_SA=$(grep "^REMOTE_STATE_SA" ${deployer_environment_file_name} | awk -F'=' '{print $2}' | xargs) ; else - REMOTE_STATE_SA=${az_var}; echo 'Terraform state file storage account' $REMOTE_STATE_SA + REMOTE_STATE_SA=${az_var} fi az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Subscription.value" --out tsv) if [ -z ${az_var} ]; then STATE_SUBSCRIPTION=$(grep "^STATE_SUBSCRIPTION" ${deployer_environment_file_name} | awk -F'=' '{print $2}' | xargs) else - STATE_SUBSCRIPTION=${az_var}; echo 'Terraform state file subscription' $STATE_SUBSCRIPTION + STATE_SUBSCRIPTION=${az_var} fi @@ -482,8 +482,6 @@ stages: isUserAccessAdmin=$(az role assignment list --role "User Access Administrator" --subscription $STATE_SUBSCRIPTION --assignee $WL_ARM_OBJECT_ID --query "[].principalName | [0]" --output tsv) - echo "Is User Access Administrator: ${isUserAccessAdmin}" - tfstate_resource_id=$(az resource list --name "${REMOTE_STATE_SA}" --subscription ${STATE_SUBSCRIPTION} --resource-type Microsoft.Storage/storageAccounts --query "[].id | [0]" -o tsv) if [ -n "${isUserAccessAdmin}" ]; then From 31cdb1a18993b7d541ec2091ca6944bac50b543d Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 19:07:45 +0300 Subject: [PATCH 194/279] Refactor echo statements for improved formatting and include deployer subscription in 02-sap-workload-zone.yaml --- deploy/pipelines/02-sap-workload-zone.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/deploy/pipelines/02-sap-workload-zone.yaml b/deploy/pipelines/02-sap-workload-zone.yaml index 4001fcb486..8aa931fcb6 100644 --- a/deploy/pipelines/02-sap-workload-zone.yaml +++ b/deploy/pipelines/02-sap-workload-zone.yaml @@ -487,26 +487,26 @@ stages: if [ -n "${isUserAccessAdmin}" ]; then echo -e "$green--- Set permissions ---$reset" - perms=$(az role assignment list --subscription ${STATE_SUBSCRIPTION} --role "Reader" --query "[?principalId=='$ARM_OBJECT_ID'].principalId | [0]" -o tsv --only-show-errors) + perms=$(az role assignment list --subscription ${STATE_SUBSCRIPTION} --role "Reader" --assignee $WL_ARM_OBJECT_ID --query "[].principalName | [0]" --output tsv --only-show-errors) if [ -z "$perms" ]; then echo -e "$green --- Assign subscription permissions to $perms ---$reset" - az role assignment create --assignee-object-id $ARM_OBJECT_ID --assignee-principal-type ServicePrincipal --role "Reader" --scope "/subscriptions/${STATE_SUBSCRIPTION}" --output none + az role assignment create --assignee $ARM_OBJECT_ID --role "Reader" --scope "/subscriptions/${STATE_SUBSCRIPTION}" --output none fi - perms=$(az role assignment list --subscription ${STATE_SUBSCRIPTION} --role "Storage Blob Data Contributor" --scope "${tfstate_resource_id}" --query "[?principalId=='$WL_ARM_OBJECT_ID'].principalName | [0]" -o tsv --only-show-errors) + perms=$(az role assignment list --subscription ${STATE_SUBSCRIPTION} --role "Storage Blob Data Contributor" --scope "${tfstate_resource_id}" --assignee $WL_ARM_OBJECT_ID --query "[].principalName | [0]" --only-show-errors) if [ -z "$perms" ]; then echo "Assigning Storage Account Contributor permissions for $ARM_OBJECT_ID to ${tfstate_resource_id}" - az role assignment create --assignee-object-id $ARM_OBJECT_ID --assignee-principal-type ServicePrincipal --role "Storage Blob Data Contributor" --scope "${tfstate_resource_id}" --output none + az role assignment create --assignee $ARM_OBJECT_ID --role "Storage Blob Data Contributor" --scope "${tfstate_resource_id}" --output none fi resource_group_name=$(az resource show --id "${tfstate_resource_id}" --query resourceGroup -o tsv) if [ -n "${resource_group_name}" ]; then for scope in $(az resource list --resource-group "${resource_group_name}" --subscription ${STATE_SUBSCRIPTION} --resource-type Microsoft.Network/privateDnsZones --query "[].id" --output tsv); do - perms=$(az role assignment list --subscription ${STATE_SUBSCRIPTION} --role "Private DNS Zone Contributor" --scope $scope --query "[?principalId=='$ARM_OBJECT_ID'].principalId | [0]" -o tsv --only-show-errors) + perms=$(az role assignment list --subscription ${STATE_SUBSCRIPTION} --role "Private DNS Zone Contributor" --scope $scope --assignee $WL_ARM_OBJECT_ID --query "[].principalName | [0]" --output tsv --only-show-errors) if [ -z "$perms" ]; then echo "Assigning DNS Zone Contributor permissions for $WL_ARM_OBJECT_ID to ${scope}" - az role assignment create --assignee-object-id $ARM_OBJECT_ID --assignee-principal-type ServicePrincipal --role "Private DNS Zone Contributor" --scope $scope --output none + az role assignment create --assignee $ARM_OBJECT_ID --role "Private DNS Zone Contributor" --scope $scope --output none fi done fi @@ -518,11 +518,11 @@ stages: vnet_resource_id=$(az resource list --resource-group "${resource_group_name}" --subscription ${STATE_SUBSCRIPTION} --resource-type Microsoft.Network/virtualNetworks -o tsv --query "[].id | [0]") if [ -n "${vnet_resource_id}" ]; then - perms=$(az role assignment list --subscription ${STATE_SUBSCRIPTION} --role "Network Contributor" --scope $vnet_resource_id --only-show-errors --query "[].principalId | [0]" --assignee $ARM_OBJECT_ID -o tsv --only-show-errors) + perms=$(az role assignment list --subscription ${STATE_SUBSCRIPTION} --role "Network Contributor" --scope $vnet_resource_id --query "[].principalName | [0]" --assignee $ARM_OBJECT_ID --output tsv --only-show-errors) if [ -z "$perms" ]; then echo "Assigning Network Contributor rights for $ARM_OBJECT_ID to ${vnet_resource_id}" - az role assignment create --assignee-object-id $ARM_OBJECT_ID --assignee-principal-type ServicePrincipal --role "Network Contributor" --scope $vnet_resource_id --output none + az role assignment create --assignee $ARM_OBJECT_ID --role "Network Contributor" --scope $vnet_resource_id --output none fi fi fi From cd19f339420b8676e430b85a14e238b4435a80c2 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 19:21:35 +0300 Subject: [PATCH 195/279] Refactor echo statements for improved formatting and include deployer subscription in 02-sap-workload-zone.yaml --- deploy/pipelines/02-sap-workload-zone.yaml | 11 +++-- deploy/scripts/helpers/script_helpers.sh | 4 +- deploy/scripts/install_workloadzone.sh | 50 +++++++++++----------- 3 files changed, 35 insertions(+), 30 deletions(-) diff --git a/deploy/pipelines/02-sap-workload-zone.yaml b/deploy/pipelines/02-sap-workload-zone.yaml index 8aa931fcb6..00d73debc5 100644 --- a/deploy/pipelines/02-sap-workload-zone.yaml +++ b/deploy/pipelines/02-sap-workload-zone.yaml @@ -566,9 +566,14 @@ stages: echo "Return code: ${return_code}" if [ -f ${workload_environment_file_name} ]; then - export workload_key_vault=$(cat ${workload_environment_file_name} | grep workloadkeyvault= | awk -F'=' '{print $2}' | xargs) ; echo 'Workload Key Vault' ${workload_key_vault} - export workload_prefix=$(cat ${workload_environment_file_name} | grep workload_zone_prefix= | awk -F'=' '{print $2}' | xargs) ; echo 'Workload Prefix' ${workload_prefix} - export landscape_tfstate_key=$(cat ${workload_environment_file_name} | grep landscape_tfstate_key= | awk -F'=' '{print $2}' | xargs) ; echo 'Workload Zone State File' $landscape_tfstate_key + export workload_key_vault=$(cat ${workload_environment_file_name} | grep workloadkeyvault= | awk -F'=' '{print $2}' | xargs) + echo "Workload zone key vault: ${workload_key_vault}" + + export workload_prefix=$(cat ${workload_environment_file_name} | grep workload_zone_prefix= | awk -F'=' '{print $2}' | xargs) + echo "Workload zone prefix: ${workload_prefix}" + + export landscape_tfstate_key=$(cat ${workload_environment_file_name} | grep landscape_tfstate_key= | awk -F'=' '{print $2}' | xargs) + echo "Workload zone state file: ${landscape_tfstate_key}" fi expiry_date=$(date -d "+365 days" +%Y-%m-%d) diff --git a/deploy/scripts/helpers/script_helpers.sh b/deploy/scripts/helpers/script_helpers.sh index e4643dbb89..76bf1408f5 100755 --- a/deploy/scripts/helpers/script_helpers.sh +++ b/deploy/scripts/helpers/script_helpers.sh @@ -13,8 +13,8 @@ script_directory_parent="$(dirname "${script_directory}")" source "${script_directory_parent}"/deploy_utils.sh if [[ -f /etc/profile.d/deploy_server.sh ]]; then - path=$(grep -m 1 "export PATH=" /etc/profile.d/deploy_server.sh | awk -F'=' '{print $2}' | xargs) - export PATH=$path + path=$(grep -m 1 "export PATH=" /etc/profile.d/deploy_server.sh | awk -F'=' '{print $2}' | xargs) + export PATH=$path fi function control_plane_showhelp { diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index c45d15e913..a3b250e0ba 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -1105,33 +1105,33 @@ if [ -f "${workload_config_information}".err ]; then cat "${workload_config_information}".err fi -echo "" -echo "#########################################################################################" -echo "# #" -echo -e "# $cyan Adding the subnets to storage account firewalls $resetformatting #" -echo "# #" -echo "#########################################################################################" -echo "" - -subnet_id=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw app_subnet_id | tr -d \") - -useSAS=$(az storage account show --name "${REMOTE_STATE_SA}" --query allowSharedKeyAccess --subscription "${STATE_SUBSCRIPTION}" --out tsv) -echo "useSAS = $useSAS" - -if [ -n "${subnet_id}" ]; then - echo "Adding the app subnet" - az storage account network-rule add --resource-group "${REMOTE_STATE_RG}" --account-name "${REMOTE_STATE_SA}" --subscription "${STATE_SUBSCRIPTION}" --subnet $subnet_id --output none - if [ -n "$SAPBITS" ] ; then - az storage account network-rule add --resource-group "${REMOTE_STATE_RG}" --account-name $SAPBITS --subscription "${STATE_SUBSCRIPTION}" --subnet $subnet_id --output none - fi -fi +# echo "" +# echo "#########################################################################################" +# echo "# #" +# echo -e "# $cyan Adding the subnets to storage account firewalls $resetformatting #" +# echo "# #" +# echo "#########################################################################################" +# echo "" + +# subnet_id=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw app_subnet_id | tr -d \") + +# useSAS=$(az storage account show --name "${REMOTE_STATE_SA}" --query allowSharedKeyAccess --subscription "${STATE_SUBSCRIPTION}" --out tsv) +# echo "Shared Access Key access: $useSAS" + +# if [ -n "${subnet_id}" ]; then +# echo "Adding the application subnet to the storage account hosting the Terraform State files" +# az storage account network-rule add --resource-group "${REMOTE_STATE_RG}" --account-name "${REMOTE_STATE_SA}" --subscription "${STATE_SUBSCRIPTION}" --subnet $subnet_id --output none +# if [ -n "$SAPBITS" ] ; then +# az storage account network-rule add --resource-group "${REMOTE_STATE_RG}" --account-name $SAPBITS --subscription "${STATE_SUBSCRIPTION}" --subnet $subnet_id --output none +# fi +# fi -subnet_id=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw db_subnet_id | tr -d \") +# subnet_id=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw db_subnet_id | tr -d \") -if [ -n "${subnet_id}" ]; then - echo "Adding the db subnet" - az storage account network-rule add --resource-group "${REMOTE_STATE_RG}" --account-name "${REMOTE_STATE_SA}" --subscription "${STATE_SUBSCRIPTION}" --subnet $subnet_id --output none -fi +# if [ -n "${subnet_id}" ]; then +# echo "Adding the db subnet" +# az storage account network-rule add --resource-group "${REMOTE_STATE_RG}" --account-name "${REMOTE_STATE_SA}" --subscription "${STATE_SUBSCRIPTION}" --subnet $subnet_id --output none +# fi unset TF_DATA_DIR From 14be375b08d6331e1903d64922abc4560a2cbe42 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 19:29:24 +0300 Subject: [PATCH 196/279] Refactor echo statements and include deployer subscription in 02-sap-workload-zone.yaml Change to use WL_ARM_CLIENT_ID instead of ARM_CLIENT_ID Update variable group and variable names in New-SDAFDevopsWorkloadZone.ps1 Update echo statements in script_helpers.sh for improved formatting --- deploy/scripts/New-SDAFDevopsWorkloadZone.ps1 | 10 +++++----- deploy/scripts/helpers/script_helpers.sh | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/deploy/scripts/New-SDAFDevopsWorkloadZone.ps1 b/deploy/scripts/New-SDAFDevopsWorkloadZone.ps1 index 70a6887638..9c1c9c7d31 100644 --- a/deploy/scripts/New-SDAFDevopsWorkloadZone.ps1 +++ b/deploy/scripts/New-SDAFDevopsWorkloadZone.ps1 @@ -230,7 +230,7 @@ if ($authenticationMethod -eq "Service Principal") { $GroupID = (az pipelines variable-group list --query "[?name=='$WorkloadZonePrefix'].id | [0]" --only-show-errors ) if ($GroupID.Length -eq 0) { Write-Host "Creating the variable group" $WorkloadZonePrefix -ForegroundColor Green - az pipelines variable-group create --name $WorkloadZonePrefix --variables Agent='Azure Pipelines' ARM_CLIENT_ID=$ARM_CLIENT_ID ARM_OBJECT_ID=$ARM_OBJECT_ID ARM_CLIENT_SECRET=$ARM_CLIENT_SECRET ARM_SUBSCRIPTION_ID=$Workload_zone_subscriptionID ARM_TENANT_ID=$ARM_TENANT_ID POOL=$Pool_Name AZURE_CONNECTION_NAME=$Service_Connection_Name TF_LOG=OFF Logon_Using_SPN=true USE_MSI=false --output none --authorize true + az pipelines variable-group create --name $WorkloadZonePrefix --variables Agent='Azure Pipelines' WL_ARM_CLIENT_ID=$ARM_CLIENT_ID WL_ARM_OBJECT_ID=$ARM_OBJECT_ID WL_ARM_CLIENT_SECRET=$ARM_CLIENT_SECRET WL_ARM_SUBSCRIPTION_ID=$Workload_zone_subscriptionID ARM_TENANT_ID=$ARM_TENANT_ID POOL=$Pool_Name AZURE_CONNECTION_NAME=$Service_Connection_Name TF_LOG=OFF Logon_Using_SPN=true USE_MSI=false --output none --authorize true $GroupID = (az pipelines variable-group list --query "[?name=='$WorkloadZonePrefix'].id | [0]" --only-show-errors) } @@ -241,7 +241,7 @@ else { $GroupID = (az pipelines variable-group list --query "[?name=='$WorkloadZonePrefix'].id | [0]" --only-show-errors ) if ($GroupID.Length -eq 0) { Write-Host "Creating the variable group" $WorkloadZonePrefix -ForegroundColor Green - az pipelines variable-group create --name $WorkloadZonePrefix --variables Agent='Azure Pipelines' ARM_SUBSCRIPTION_ID=$Workload_zone_subscriptionID POOL=$Pool_Name AZURE_CONNECTION_NAME=$Service_Connection_Name TF_LOG=OFF Logon_Using_SPN=false USE_MSI=true --output none --authorize true + az pipelines variable-group create --name $WorkloadZonePrefix --variables Agent='Azure Pipelines' WL_ARM_SUBSCRIPTION_ID=$Workload_zone_subscriptionID POOL=$Pool_Name AZURE_CONNECTION_NAME=$Service_Connection_Name TF_LOG=OFF Logon_Using_SPN=false USE_MSI=true --output none --authorize true $GroupID = (az pipelines variable-group list --query "[?name=='$WorkloadZonePrefix'].id | [0]" --only-show-errors) } } @@ -250,9 +250,9 @@ if ($authenticationMethod -eq "Service Principal") { $Env:AZURE_DEVOPS_EXT_AZURE_RM_SERVICE_PRINCIPAL_KEY = $ARM_CLIENT_SECRET - az pipelines variable-group variable update --group-id $GroupID --name "ARM_CLIENT_SECRET" --value $ARM_CLIENT_SECRET --secret true --output none --only-show-errors - az pipelines variable-group variable update --group-id $GroupID --name "ARM_CLIENT_ID" --value $ARM_CLIENT_ID --output none --only-show-errors - az pipelines variable-group variable update --group-id $GroupID --name "ARM_OBJECT_ID" --value $ARM_OBJECT_ID --output none --only-show-errors + az pipelines variable-group variable update --group-id $GroupID --name "WL_ARM_CLIENT_SECRET" --value $ARM_CLIENT_SECRET --secret true --output none --only-show-errors + az pipelines variable-group variable update --group-id $GroupID --name "WL_ARM_CLIENT_ID" --value $ARM_CLIENT_ID --output none --only-show-errors + az pipelines variable-group variable update --group-id $GroupID --name "WL_ARM_OBJECT_ID" --value $ARM_OBJECT_ID --output none --only-show-errors $epExists = (az devops service-endpoint list --query "[?name=='$Service_Connection_Name'].name | [0]") diff --git a/deploy/scripts/helpers/script_helpers.sh b/deploy/scripts/helpers/script_helpers.sh index 76bf1408f5..4062b45542 100755 --- a/deploy/scripts/helpers/script_helpers.sh +++ b/deploy/scripts/helpers/script_helpers.sh @@ -400,7 +400,7 @@ function validate_dependencies { tfPath=$(which terraform) fi - echo "Checking Terraform: $tfPath" + echo "Checking Terraform: $tfPath" # if /opt/terraform exists, assign permissions to the user if [ -d /opt/terraform ]; then @@ -485,7 +485,7 @@ function validate_dependencies { } function validate_key_parameters { - echo "Validating: $1" + echo "Validating: $1" ext=$(echo "$1" | cut -d. -f2) # Helper variables From 188d629af5de737e4f8fa5d1069a0d0a2bdb24ac Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 19:34:54 +0300 Subject: [PATCH 197/279] Refactor echo statements for improved formatting and include deployer subscription in 02-sap-workload-zone.yaml --- .../pipelines/03-sap-system-deployment.yaml | 30 +++++++++---------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/deploy/pipelines/03-sap-system-deployment.yaml b/deploy/pipelines/03-sap-system-deployment.yaml index 1789521a63..89d5f402f6 100644 --- a/deploy/pipelines/03-sap-system-deployment.yaml +++ b/deploy/pipelines/03-sap-system-deployment.yaml @@ -183,15 +183,15 @@ stages: *) LOCATION_IN_FILENAME="westeurope" ;; esac - echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" - echo "Location(filename): $LOCATION_IN_FILENAME" - echo "Network(filename): $NETWORK_IN_FILENAME" - echo "SID(filename): $SID_IN_FILENAME" + echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" + echo "Location(filename): $LOCATION_IN_FILENAME" + echo "Network(filename): $NETWORK_IN_FILENAME" + echo "SID(filename): $SID_IN_FILENAME" echo "" - echo "Agent: $(this_agent)" - echo "Organization: $(System.CollectionUri)" - echo "Project: $(System.TeamProject)" + echo "Agent: $(this_agent)" + echo "Organization: $(System.CollectionUri)" + echo "Project: $(System.TeamProject)" echo "" echo "Azure CLI version:" echo "-------------------------------------------------" @@ -246,7 +246,7 @@ stages: exit 2 fi printf -v val '%-15s' "$(variable_group) id:" - echo "$val $VARIABLE_GROUP_ID" + echo "$val $VARIABLE_GROUP_ID" echo -e "$green--- Login ---$reset" if [ -z $USE_MSI ]; then @@ -260,8 +260,8 @@ stages: fi if [ $USE_MSI != "true" ]; then - echo "Deployment credentials: Service Principal" - echo "Deployment credential ID (SPN): $WL_ARM_CLIENT_ID" + echo "Deployment credentials: Service Principal" + echo "Deployment credential ID (SPN): $WL_ARM_CLIENT_ID" export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET @@ -276,7 +276,7 @@ stages: exit $return_code fi else - echo "Deployment credentials: Managed Identity" + echo "Deployment credentials: Managed Identity" export ARM_USE_MSI=true export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID unset ARM_TENANT_ID @@ -328,10 +328,10 @@ stages: export workload_key_vault=${az_var} fi - echo "Deployer state file: $deployer_tfstate_key" - echo "Deployer Key Vault: $key_vault" - echo "Workload Zone state file: $landscape_tfstate_key" - echo "Workload Zone Key Vault: $workload_key_vault" + echo "Deployer state file: $deployer_tfstate_key" + echo "Deployer Key Vault: $key_vault" + echo "Workload Zone state file: $landscape_tfstate_key" + echo "Workload Zone Key Vault: $workload_key_vault" echo -e "$green--- Run the installer script that deploys the SAP System ---$reset" From 228292e672aa523a34b85c14c52c99f68edcd37f Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 19:37:54 +0300 Subject: [PATCH 198/279] Refactor echo statements for improved formatting and include deployer subscription in 03-sap-system-deployment.yaml --- deploy/pipelines/03-sap-system-deployment.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/deploy/pipelines/03-sap-system-deployment.yaml b/deploy/pipelines/03-sap-system-deployment.yaml index 89d5f402f6..ca53c002f1 100644 --- a/deploy/pipelines/03-sap-system-deployment.yaml +++ b/deploy/pipelines/03-sap-system-deployment.yaml @@ -328,10 +328,10 @@ stages: export workload_key_vault=${az_var} fi - echo "Deployer state file: $deployer_tfstate_key" - echo "Deployer Key Vault: $key_vault" - echo "Workload Zone state file: $landscape_tfstate_key" - echo "Workload Zone Key Vault: $workload_key_vault" + echo "Deployer state file: $deployer_tfstate_key" + echo "Deployer Key Vault: $key_vault" + echo "Workload Zone state file: $landscape_tfstate_key" + echo "Workload Zone Key Vault: $workload_key_vault" echo -e "$green--- Run the installer script that deploys the SAP System ---$reset" From f66492ee59232ff1e24843dc4ea48c75dca201e4 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 19:41:36 +0300 Subject: [PATCH 199/279] Refactor echo statements for improved formatting and include deployer subscription in 03-sap-system-deployment.yaml --- .../pipelines/03-sap-system-deployment.yaml | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/deploy/pipelines/03-sap-system-deployment.yaml b/deploy/pipelines/03-sap-system-deployment.yaml index ca53c002f1..954c3499cf 100644 --- a/deploy/pipelines/03-sap-system-deployment.yaml +++ b/deploy/pipelines/03-sap-system-deployment.yaml @@ -114,11 +114,11 @@ stages: NETWORK=$(grep "^network_logical_name" $HOME_CONFIG/SYSTEM/$(sap_system_folder)/$(sap_system_configuration) | awk -F'=' '{print $2}' | xargs) SID=$(grep "^sid" $HOME_CONFIG/SYSTEM/$(sap_system_folder)/$(sap_system_configuration) | awk -F'=' '{print $2}' | xargs) - echo "Environment: $ENVIRONMENT" - echo "Location: $LOCATION" - echo "Network: $NETWORK" - echo "SID: $SID" - echo "System TFvars: $(sap_system_configuration)" + echo "Environment: $ENVIRONMENT" + echo "Location: $LOCATION" + echo "Network: $NETWORK" + echo "SID: $SID" + echo "System TFvars: $(sap_system_configuration)" ENVIRONMENT_IN_FILENAME=$(echo $(sap_system_folder) | awk -F'-' '{print $1}' | xargs) ; LOCATION_CODE=$(echo $(sap_system_folder) | awk -F'-' '{print $2}' | xargs) ; @@ -183,15 +183,15 @@ stages: *) LOCATION_IN_FILENAME="westeurope" ;; esac - echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" - echo "Location(filename): $LOCATION_IN_FILENAME" - echo "Network(filename): $NETWORK_IN_FILENAME" - echo "SID(filename): $SID_IN_FILENAME" + echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" + echo "Location(filename): $LOCATION_IN_FILENAME" + echo "Network(filename): $NETWORK_IN_FILENAME" + echo "SID(filename): $SID_IN_FILENAME" echo "" - echo "Agent: $(this_agent)" - echo "Organization: $(System.CollectionUri)" - echo "Project: $(System.TeamProject)" + echo "Agent: $(this_agent)" + echo "Organization: $(System.CollectionUri)" + echo "Project: $(System.TeamProject)" echo "" echo "Azure CLI version:" echo "-------------------------------------------------" @@ -246,7 +246,7 @@ stages: exit 2 fi printf -v val '%-15s' "$(variable_group) id:" - echo "$val $VARIABLE_GROUP_ID" + echo "$val $VARIABLE_GROUP_ID" echo -e "$green--- Login ---$reset" if [ -z $USE_MSI ]; then From a93cb9ca3b434932cbecff7062b8489c57e14679 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 19:51:34 +0300 Subject: [PATCH 200/279] indentation --- deploy/pipelines/02-sap-workload-zone.yaml | 58 +++++++++++----------- deploy/scripts/install_workloadzone.sh | 12 ++--- 2 files changed, 35 insertions(+), 35 deletions(-) diff --git a/deploy/pipelines/02-sap-workload-zone.yaml b/deploy/pipelines/02-sap-workload-zone.yaml index 00d73debc5..87dc2c153c 100644 --- a/deploy/pipelines/02-sap-workload-zone.yaml +++ b/deploy/pipelines/02-sap-workload-zone.yaml @@ -283,22 +283,22 @@ stages: NETWORK_IN_FILENAME=$(echo $(workload_zone_folder) | awk -F'-' '{print $3}' | xargs ) - echo "Environment: $ENVIRONMENT" - echo "Location: $LOCATION" - echo "Network: $NETWORK" + echo "Environment: $ENVIRONMENT" + echo "Location: $LOCATION" + echo "Network: $NETWORK" - echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" - echo "Location(filename): $LOCATION_IN_FILENAME" - echo "Network(filename): $NETWORK_IN_FILENAME" + echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" + echo "Location(filename): $LOCATION_IN_FILENAME" + echo "Network(filename): $NETWORK_IN_FILENAME" - echo "Deployer Environment $(deployer_environment)" - echo "Deployer Region $(deployer_region)" - echo "Workload TFvars $(workload_zone_configuration_file)" + echo "Deployer Environment $(deployer_environment)" + echo "Deployer Region $(deployer_region)" + echo "Workload TFvars $(workload_zone_configuration_file)" echo "" - echo "Agent pool: $(this_agent)" - echo "Organization: $(System.CollectionUri)" - echo "Project: $(System.TeamProject)" + echo "Agent pool: $(this_agent)" + echo "Organization: $(System.CollectionUri)" + echo "Project: $(System.TeamProject)" echo "" echo "Azure CLI version:" echo "-------------------------------------------------" @@ -341,17 +341,17 @@ stages: fi printf -v tempval '%s id:' $(variable_group) printf -v val '%-20s' "${tempval}" - echo "$val $VARIABLE_GROUP_ID" + echo "$val $VARIABLE_GROUP_ID" printf -v tempval '%s id:' $(parent_variable_group) printf -v val '%-20s' "${tempval}" - echo "$val $PARENT_VARIABLE_GROUP_ID" + echo "$val $PARENT_VARIABLE_GROUP_ID" deployer_environment_file_name=$CONFIG_REPO_PATH/.sap_deployment_automation/$(deployer_environment)$(deployer_region) - echo "Deployer Environment File: $deployer_environment_file_name" + echo "Deployer Environment File: $deployer_environment_file_name" workload_environment_file_name=$CONFIG_REPO_PATH/.sap_deployment_automation/${ENVIRONMENT}${LOCATION_CODE}${NETWORK} - echo "Workload Zone Environment File: $workload_environment_file_name" + echo "Workload Zone Environment File: $workload_environment_file_name" dos2unix -q ${deployer_environment_file_name} dos2unix -q ${workload_environment_file_name} @@ -420,13 +420,13 @@ stages: STATE_SUBSCRIPTION=$(grep "^STATE_SUBSCRIPTION=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) fi - echo "Deployer statefile: $deployer_tfstate_key" - echo "Deployer Key vault: $key_vault" - echo "Workload Key vault: ${workload_key_vault}" - echo "Target subscription $WL_ARM_SUBSCRIPTION_ID" + echo "Deployer statefile: $deployer_tfstate_key" + echo "Deployer Key vault: $key_vault" + echo "Workload Key vault: ${workload_key_vault}" + echo "Target subscription $WL_ARM_SUBSCRIPTION_ID" - echo "Terraform state file subscription: $STATE_SUBSCRIPTION" - echo "Terraform state file storage account: $REMOTE_STATE_SA" + echo "Terraform state file subscription: $STATE_SUBSCRIPTION" + echo "Terraform state file storage account: $REMOTE_STATE_SA" secrets_set=1 echo -e "$green---az login ---$reset" @@ -436,9 +436,9 @@ stages: if [ $USE_MSI != "true" ]; then - echo "Deployment credentials: Service Principal" - echo "Deployment credential ID (SPN): $WL_ARM_CLIENT_ID" - echo "Deployer subscription: $STATE_SUBSCRIPTION" + echo "Deployment credentials: Service Principal" + echo "Deployment credential ID (SPN): $WL_ARM_CLIENT_ID" + echo "Deployer subscription: $STATE_SUBSCRIPTION" export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET @@ -465,7 +465,7 @@ stages: echo "Set Secrets returned: $secrets_set" else - echo "Deployment credentials: Managed Identity" + echo "Deployment credentials: Managed Identity" # export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID export ARM_USE_MSI=true export ARM_USE_AZUREAD=true @@ -476,9 +476,9 @@ stages: debug_variable='' if [ $USE_MSI != "true" ]; then - echo "Deployment credentials: Service Principal" - echo "Service Principal: $WL_ARM_CLIENT_ID" - echo "Service Principal (OID) $WL_ARM_OBJECT_ID" + echo "Deployment credentials: Service Principal" + echo "Service Principal: $WL_ARM_CLIENT_ID" + echo "Service Principal (OID) $WL_ARM_OBJECT_ID" isUserAccessAdmin=$(az role assignment list --role "User Access Administrator" --subscription $STATE_SUBSCRIPTION --assignee $WL_ARM_OBJECT_ID --query "[].principalName | [0]" --output tsv) diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index a3b250e0ba..99482123bd 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -64,12 +64,12 @@ this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 deployer_environment=$(echo "${deployer_environment}" | tr "[:lower:]" "[:upper:]") -echo "Deployer environment: $deployer_environment" +echo "Deployer environment: $deployer_environment" if [ 1 == $called_from_ado ] ; then this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 export TF_VAR_Agent_IP=$this_ip - echo "Agent IP: $this_ip" + echo "Agent IP: $this_ip" fi @@ -167,10 +167,10 @@ then fi -echo "Configuration file: $workload_config_information" -echo "Deployment region: $region" -echo "Deployment region code: $region_code" -echo "Keyvault: $keyvault" +echo "Configuration file: $workload_config_information" +echo "Deployment region: $region" +echo "Deployment region code: $region_code" +echo "Keyvault: $keyvault" if [ -n "$STATE_SUBSCRIPTION" ] then From 6a87ff6ab13fbd1df90ae858ea17008785f6b926 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 20:06:21 +0300 Subject: [PATCH 201/279] Refactor echo statements for improved formatting and include deployer subscription in 03-sap-system-deployment.yaml --- deploy/pipelines/10-remover-terraform.yaml | 73 ++++++++++--------- deploy/pipelines/12-remove-control-plane.yaml | 32 ++++---- deploy/scripts/install_deployer.sh | 4 +- deploy/scripts/install_library.sh | 3 +- deploy/scripts/install_workloadzone.sh | 10 +-- deploy/scripts/installer.sh | 17 ++--- deploy/scripts/remove_controlplane.sh | 10 +-- deploy/scripts/remover.sh | 16 ++-- 8 files changed, 80 insertions(+), 85 deletions(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index a847802fd8..b4a287a46d 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -164,8 +164,8 @@ stages: rm -f terraform_$(tf_version)_linux_amd64.zip else if [ $USE_MSI != "true" ]; then - echo "Deployment credentials: Service Principal" - echo "Deployment credential ID (SPN): $WL_ARM_CLIENT_ID" + echo "Deployment credentials: Service Principal" + echo "Deployment credential ID (SPN): $WL_ARM_CLIENT_ID" export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET @@ -180,7 +180,7 @@ stages: exit $return_code fi else - echo "Deployment credentials: ^Managed Identity" + echo "Deployment credentials: ^Managed Identity" export ARM_USE_MSI=true export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID @@ -281,25 +281,27 @@ stages: workload_environment_file_name=$HOME/.sap_deployment_automation/$ENVIRONMENT$LOCATION_CODE$NETWORK; - echo "Workload Environment file: $workload_environment_file_name" + echo "Workload Environment file: $workload_environment_file_name" - echo "Environment: $ENVIRONMENT" - echo "Location: $LOCATION" - echo "Network: $NETWORK" - echo "SID: $SID" + echo "Environment: $ENVIRONMENT" + echo "Location: $LOCATION" + echo "Network: $NETWORK" + echo "SID: $SID" echo "" - echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" - echo "Location(filename): $LOCATION_IN_FILENAME" - echo "Network(filename): $NETWORK_IN_FILENAME" - echo "SID(filename): $SID_IN_FILENAME" + echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" + echo "Location(filename): $LOCATION_IN_FILENAME" + echo "Network(filename): $NETWORK_IN_FILENAME" + echo "SID(filename): $SID_IN_FILENAME" + + printf -v tempval '%s id:' $(variable_group) printf -v val '%-20s' "${tempval}" - echo "$val $VARIABLE_GROUP_ID" + echo "$val $VARIABLE_GROUP_ID" printf -v tempval '%s id:' $(parent_variable_group) printf -v val '%-20s' "${tempval}" - echo "$val $PARENT_VARIABLE_GROUP_ID" + echo "$val $PARENT_VARIABLE_GROUP_ID" echo "" @@ -327,8 +329,8 @@ stages: if [[ ! -f /etc/profile.d/deploy_server.sh ]]; then if [ $USE_MSI != "true" ]; then - echo "Deployment credentials: Service Principal" - echo "Deployment credentials Id (SPN): $WL_ARM_CLIENT_SECRET" + echo "Deployment credentials: Service Principal" + echo "Deployment credentials Id (SPN): $WL_ARM_CLIENT_SECRET" export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET @@ -403,11 +405,12 @@ stages: REMOTE_STATE_SA=$(grep "REMOTE_STATE_SA" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) fi - echo "Deployer Key Vault: ${key_vault}" - echo "Workload Key Vault: ${workload_key_vault}" - echo "TF state subscription: $STATE_SUBSCRIPTION" - echo "TF state account: $REMOTE_STATE_SA" - echo "System configuration: $systemConfigurationFile" + echo "Deployer Key Vault: ${key_vault}" + + echo "Workload Key Vault: ${workload_key_vault}" + echo "TF state subscription: $STATE_SUBSCRIPTION" + echo "TF state account: $REMOTE_STATE_SA" + echo "System configuration: $systemConfigurationFile" echo -e "$green--- Run the remover script that destroys the SAP system ---$reset" cd $CONFIG_REPO_PATH/SYSTEM/$(sap_system_folder) @@ -657,26 +660,26 @@ stages: NETWORK_IN_FILENAME=$(echo $(workload_zone_folder) | awk -F'-' '{print $3}' | xargs ) workload_environment_file_name=$HOME/.sap_deployment_automation/$ENVIRONMENT$LOCATION_CODE$NETWORK; - echo "Workload Environment file: $workload_environment_file_name" - echo "Environment: ${ENVIRONMENT}" - echo "Location: ${LOCATION}" - echo "Network: ${NETWORK}" + echo "Workload Environment file: $workload_environment_file_name" + echo "Environment: ${ENVIRONMENT}" + echo "Location: ${LOCATION}" + echo "Network: ${NETWORK}" echo "" workload_environment_file_name=$HOME/.sap_deployment_automation/$ENVIRONMENT$LOCATION_CODE$NETWORK; - echo "Environment file: $workload_environment_file_name" - echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" - echo "Location(filename): $LOCATION_IN_FILENAME" - echo "Network(filename): $NETWORK_IN_FILENAME" + echo "Environment file: $workload_environment_file_name" + echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" + echo "Location(filename): $LOCATION_IN_FILENAME" + echo "Network(filename): $NETWORK_IN_FILENAME" echo "" printf -v tempval '%s id:' $(variable_group) printf -v val '%-20s' "${tempval}" - echo "$val $VARIABLE_GROUP_ID" + echo "$val $VARIABLE_GROUP_ID" printf -v tempval '%s id:' $(parent_variable_group) printf -v val '%-20s' "${tempval}" - echo "$val $PARENT_VARIABLE_GROUP_ID" + echo "$val $PARENT_VARIABLE_GROUP_ID" if [ $ENVIRONMENT != $ENVIRONMENT_IN_FILENAME ]; then echo "##vso[task.logissue type=error]The environment setting in $(workload_zone_configuration_file) '$ENVIRONMENT' does not match the $(workload_zone_configuration_file) file name '$ENVIRONMENT_IN_FILENAME'. Filename should have the pattern [ENVIRONMENT]-[REGION_CODE]-[NETWORK_LOGICAL_NAME]-INFRASTRUCTURE" @@ -728,10 +731,10 @@ stages: REMOTE_STATE_SA=$(grep "^REMOTE_STATE_SA=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) fi - echo "Workload Key Vault: ${workload_key_vault}" - echo "Deployer Key Vault: ${key_vault}" - echo "Terraform state subscription: $STATE_SUBSCRIPTION" - echo "Terraform state account: $REMOTE_STATE_SA" + echo "Workload Key Vault: ${workload_key_vault}" + echo "Deployer Key Vault: ${key_vault}" + echo "Terraform state subscription: $STATE_SUBSCRIPTION" + echo "Terraform state account: $REMOTE_STATE_SA" # Check if running on deployer if [[ ! -f /etc/profile.d/deploy_server.sh ]]; then diff --git a/deploy/pipelines/12-remove-control-plane.yaml b/deploy/pipelines/12-remove-control-plane.yaml index 307a7b1143..5aaa5caf77 100644 --- a/deploy/pipelines/12-remove-control-plane.yaml +++ b/deploy/pipelines/12-remove-control-plane.yaml @@ -217,10 +217,10 @@ stages: *) LOCATION_IN_FILENAME="westeurope" ;; esac - echo "Environment: ${ENVIRONMENT}" - echo "Location: ${LOCATION}" - echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" - echo "Location(filename): $LOCATION_IN_FILENAME" + echo "Environment: ${ENVIRONMENT}" + echo "Location: ${LOCATION}" + echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" + echo "Location(filename): $LOCATION_IN_FILENAME" echo "" @@ -235,7 +235,7 @@ stages: fi deployer_environment_file_name=$HOME/.sap_deployment_automation/$ENVIRONMENT$LOCATION_CODE; - echo "Environment file: $deployer_environment_file_name" + echo "Environment file: $deployer_environment_file_name" az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Deployer_Key_Vault.value" --out tsv) if [ -n "${az_var}" ]; then @@ -272,10 +272,10 @@ stages: fi fi - echo "Terraform state subscription: $STATE_SUBSCRIPTION" - echo "Terraform state rg name: $REMOTE_STATE_RG" - echo "Terraform state account: $REMOTE_STATE_SA" - echo "Deployer Key Vault: ${key_vault}" + echo "Terraform state subscription: $STATE_SUBSCRIPTION" + echo "Terraform state rg name: $REMOTE_STATE_RG" + echo "Terraform state account: $REMOTE_STATE_SA" + echo "Deployer Key Vault: ${key_vault}" if [ -f ${CONFIG_REPO_PATH}/LIBRARY/$(library_folder)/state.zip ]; then pass=$(echo $DEPLOYER_RANDOM_ID_SEED | sed 's/-//g') @@ -299,7 +299,7 @@ stages: return_code=$? - echo "Return code from remove_controlplane: $return_code." + echo "Return code from remove_controlplane: $return_code." echo -e "$green--- Remove Control Plane Part 1 ---$reset" cd $CONFIG_REPO_PATH @@ -579,12 +579,12 @@ stages: *) LOCATION_IN_FILENAME="westeurope" ;; esac - echo "Environment: ${ENVIRONMENT}" - echo "Location: ${LOCATION}" - echo "Location code: ${LOCATION_CODE}" + echo "Environment: ${ENVIRONMENT}" + echo "Location: ${LOCATION}" + echo "Location code: ${LOCATION_CODE}" - echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" - echo "Location(filename): $LOCATION_IN_FILENAME" + echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" + echo "Location(filename): $LOCATION_IN_FILENAME" echo "" if [ $ENVIRONMENT != $ENVIRONMENT_IN_FILENAME ]; then @@ -626,7 +626,7 @@ stages: key_vault=$(grep -m1 "^keyvault=" ${deployer_environment_file_name} | awk -F'=' '{print $2}' | xargs) fi - echo "Deployer Key Vault: $key_vault" + echo "Deployer Key Vault: $key_vault" key_vault_id=$(az resource list --name "${key_vault}" --resource-type Microsoft.KeyVault/vaults --query "[].id | [0]" -o tsv) if [ -n "${key_vault_id}" ]; then diff --git a/deploy/scripts/install_deployer.sh b/deploy/scripts/install_deployer.sh index 551b0b91a0..40c34eb5de 100755 --- a/deploy/scripts/install_deployer.sh +++ b/deploy/scripts/install_deployer.sh @@ -75,7 +75,7 @@ deployment_system=sap_deployer param_dirname=$(dirname "${parameterfile}") -echo "Parameter file: "${parameterfile}"" +echo "Parameter file: ${parameterfile}" if [ ! -f "${parameterfile}" ] then @@ -139,7 +139,7 @@ export TF_DATA_DIR="${param_dirname}"/.terraform this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 export TF_VAR_Agent_IP=$this_ip -echo "Agent IP: $this_ip" +echo "Agent IP: $this_ip" ok_to_proceed=false new_deployment=false diff --git a/deploy/scripts/install_library.sh b/deploy/scripts/install_library.sh index 2646c9d984..d4e20fbfb7 100755 --- a/deploy/scripts/install_library.sh +++ b/deploy/scripts/install_library.sh @@ -143,7 +143,6 @@ fi region=$(echo "${region}" | tr "[:upper:]" "[:lower:]") get_region_code $region - if [ true == "$use_deployer" ] then if [ ! -d "${deployer_statefile_foldername}" ] @@ -406,7 +405,7 @@ echo "" deployer_parameter="" if [ -n "${deployer_statefile_foldername}" ]; then - echo "Deployer folder specified:" "${deployer_statefile_foldername}" + echo "Deployer folder specified: ${deployer_statefile_foldername}" if [ -n "${approve}" ] then terraform -chdir="${terraform_module_directory}" apply -var-file="${var_file}" -var deployer_statefile_foldername="${deployer_statefile_foldername}" -auto-approve -json | tee -a apply_output.json diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index 99482123bd..53244fddd5 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -64,7 +64,7 @@ this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 deployer_environment=$(echo "${deployer_environment}" | tr "[:lower:]" "[:upper:]") -echo "Deployer environment: $deployer_environment" +echo "Deployer environment: $deployer_environment" if [ 1 == $called_from_ado ] ; then this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 @@ -167,10 +167,10 @@ then fi -echo "Configuration file: $workload_config_information" -echo "Deployment region: $region" -echo "Deployment region code: $region_code" -echo "Keyvault: $keyvault" +echo "Configuration file: $workload_config_information" +echo "Deployment region: $region" +echo "Deployment region code: $region_code" +echo "Keyvault: $keyvault" if [ -n "$STATE_SUBSCRIPTION" ] then diff --git a/deploy/scripts/installer.sh b/deploy/scripts/installer.sh index f475abed9c..f88df0f865 100755 --- a/deploy/scripts/installer.sh +++ b/deploy/scripts/installer.sh @@ -50,10 +50,10 @@ do done -echo "Parameter file: $parameterfile" -echo "Current directory: $(pwd)" -echo "Terraform state subscription_id: ${STATE_SUBSCRIPTION}" -echo "Terraform state storage account name:${REMOTE_STATE_SA}" +echo "Parameter file: $parameterfile" +echo "Current directory: $(pwd)" +echo "Terraform state subscription_id: ${STATE_SUBSCRIPTION}" +echo "Terraform state storage account name: ${REMOTE_STATE_SA}" tfstate_resource_id="" tfstate_parameter="" @@ -156,14 +156,14 @@ automation_config_directory=$CONFIG_REPO_PATH/.sap_deployment_automation/ generic_config_information="${automation_config_directory}"config system_config_information="${automation_config_directory}""${environment}""${region_code}""${network_logical_name}" -echo "Configuration file: $system_config_information" -echo "Deployment region: $region" -echo "Deployment region code: $region_code" +echo "Configuration file: $system_config_information" +echo "Deployment region: $region" +echo "Deployment region code: $region_code" if [ 1 == $called_from_ado ] ; then this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 export TF_VAR_Agent_IP=$this_ip - echo "Agent IP: $this_ip" + echo "Agent IP: $this_ip" fi @@ -246,7 +246,6 @@ fi if [[ -z $REMOTE_STATE_SA ]]; then - echo "Loading the State file information" load_config_vars "${system_config_information}" "REMOTE_STATE_SA" load_config_vars "${system_config_information}" "REMOTE_STATE_RG" load_config_vars "${system_config_information}" "tfstate_resource_id" diff --git a/deploy/scripts/remove_controlplane.sh b/deploy/scripts/remove_controlplane.sh index cc6163108b..48bf7a48b4 100755 --- a/deploy/scripts/remove_controlplane.sh +++ b/deploy/scripts/remove_controlplane.sh @@ -177,13 +177,11 @@ init "${automation_config_directory}" "${generic_config_information}" "${deploye this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 export TF_IN_AUTOMATION="true" -echo "Deployer environment: $deployer_environment" +echo "Deployer environment: $deployer_environment" this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 export TF_VAR_Agent_IP=$this_ip -echo "Agent IP: $this_ip" - - +echo "Agent IP: $this_ip" if [ -n "${subscription}" ] then @@ -246,10 +244,10 @@ key=$(echo "${deployer_file_parametername}" | cut -d. -f1) useSAS=$(az storage account show --name "${REMOTE_STATE_SA}" --query allowSharedKeyAccess --subscription "${STATE_SUBSCRIPTION}" --out tsv) if [ "$useSAS" = "true" ] ; then - echo "Authenticate storage using SAS" + echo "Storage Account Authentication: Key" export ARM_USE_AZUREAD=false else - echo "Authenticate storage using Entra ID" + echo "Storage Account Authentication: Entra ID" export ARM_USE_AZUREAD=true fi diff --git a/deploy/scripts/remover.sh b/deploy/scripts/remover.sh index 6149e7a29a..d09d58caa4 100755 --- a/deploy/scripts/remover.sh +++ b/deploy/scripts/remover.sh @@ -114,7 +114,7 @@ landscape_tfstate_key_parameter="" #show_help=false #deployer_tfstate_key_exists=false #landscape_tfstate_key_exists=false -echo "parameterfile: $parameterfile" +echo "parameterfile: $parameterfile" working_directory=$(pwd) @@ -195,9 +195,7 @@ this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 export TF_VAR_Agent_IP=$this_ip -echo "Agent IP: $this_ip" - - +echo "Agent IP: $this_ip" automation_config_directory=$CONFIG_REPO_PATH/.sap_deployment_automation generic_config_information="${automation_config_directory}"/config @@ -218,10 +216,10 @@ if [ "${deployment_system}" == sap_system ]; then system_config_information="${automation_config_directory}"/"${environment}""${region_code}""${network_logical_name}" fi -echo "Deployer environment: $deployer_environment" -echo "Configuration file: $system_config_information" -echo "Deployment region: $region" -echo "Deployment region code: $region_code" +echo "Deployer environment: $deployer_environment" +echo "Configuration file: $system_config_information" +echo "Deployment region: $region" +echo "Deployment region code: $region_code" key=$(echo "${parameterfile_name}" | cut -d. -f1) @@ -239,7 +237,6 @@ else export TF_PLUGIN_CACHE_DIR=/opt/terraform/.terraform.d/plugin-cache fi - init "${automation_config_directory}" "${generic_config_information}" "${system_config_information}" var_file="${parameterfile_dirname}"/"${parameterfile}" if [ -z "$REMOTE_STATE_SA" ]; @@ -317,7 +314,6 @@ else export ARM_USE_AZUREAD=true fi - echo "" echo "#########################################################################################" echo "# #" From 5e2b0817b8a910b5a85eced30e30aed2d000b3b7 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 20:14:52 +0300 Subject: [PATCH 202/279] Refactor echo statements for improved formatting and include deployer subscription in 03-sap-system-deployment.yaml --- deploy/pipelines/10-remover-terraform.yaml | 65 +++++++++++----------- 1 file changed, 31 insertions(+), 34 deletions(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index b4a287a46d..d5e1822871 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -164,8 +164,8 @@ stages: rm -f terraform_$(tf_version)_linux_amd64.zip else if [ $USE_MSI != "true" ]; then - echo "Deployment credentials: Service Principal" - echo "Deployment credential ID (SPN): $WL_ARM_CLIENT_ID" + echo "Deployment credentials: Service Principal" + echo "Deployment credential ID (SPN): $WL_ARM_CLIENT_ID" export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET @@ -283,25 +283,23 @@ stages: workload_environment_file_name=$HOME/.sap_deployment_automation/$ENVIRONMENT$LOCATION_CODE$NETWORK; echo "Workload Environment file: $workload_environment_file_name" - echo "Environment: $ENVIRONMENT" - echo "Location: $LOCATION" - echo "Network: $NETWORK" - echo "SID: $SID" + echo "Environment: $ENVIRONMENT" + echo "Location: $LOCATION" + echo "Network: $NETWORK" + echo "SID: $SID" echo "" - echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" - echo "Location(filename): $LOCATION_IN_FILENAME" - echo "Network(filename): $NETWORK_IN_FILENAME" - echo "SID(filename): $SID_IN_FILENAME" - - + echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" + echo "Location(filename): $LOCATION_IN_FILENAME" + echo "Network(filename): $NETWORK_IN_FILENAME" + echo "SID(filename): $SID_IN_FILENAME" printf -v tempval '%s id:' $(variable_group) printf -v val '%-20s' "${tempval}" - echo "$val $VARIABLE_GROUP_ID" + echo "$val $VARIABLE_GROUP_ID" printf -v tempval '%s id:' $(parent_variable_group) printf -v val '%-20s' "${tempval}" - echo "$val $PARENT_VARIABLE_GROUP_ID" + echo "$val $PARENT_VARIABLE_GROUP_ID" echo "" @@ -405,12 +403,12 @@ stages: REMOTE_STATE_SA=$(grep "REMOTE_STATE_SA" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) fi - echo "Deployer Key Vault: ${key_vault}" + echo "Deployer Key Vault: ${key_vault}" - echo "Workload Key Vault: ${workload_key_vault}" - echo "TF state subscription: $STATE_SUBSCRIPTION" - echo "TF state account: $REMOTE_STATE_SA" - echo "System configuration: $systemConfigurationFile" + echo "Workload Key Vault: ${workload_key_vault}" + echo "TF state subscription: $STATE_SUBSCRIPTION" + echo "TF state account: $REMOTE_STATE_SA" + echo "System configuration: $systemConfigurationFile" echo -e "$green--- Run the remover script that destroys the SAP system ---$reset" cd $CONFIG_REPO_PATH/SYSTEM/$(sap_system_folder) @@ -660,26 +658,26 @@ stages: NETWORK_IN_FILENAME=$(echo $(workload_zone_folder) | awk -F'-' '{print $3}' | xargs ) workload_environment_file_name=$HOME/.sap_deployment_automation/$ENVIRONMENT$LOCATION_CODE$NETWORK; - echo "Workload Environment file: $workload_environment_file_name" - echo "Environment: ${ENVIRONMENT}" - echo "Location: ${LOCATION}" - echo "Network: ${NETWORK}" + echo "Workload Environment file: $workload_environment_file_name" + echo "Environment: ${ENVIRONMENT}" + echo "Location: ${LOCATION}" + echo "Network: ${NETWORK}" echo "" workload_environment_file_name=$HOME/.sap_deployment_automation/$ENVIRONMENT$LOCATION_CODE$NETWORK; - echo "Environment file: $workload_environment_file_name" - echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" - echo "Location(filename): $LOCATION_IN_FILENAME" - echo "Network(filename): $NETWORK_IN_FILENAME" + echo "Environment file: $workload_environment_file_name" + echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" + echo "Location(filename): $LOCATION_IN_FILENAME" + echo "Network(filename): $NETWORK_IN_FILENAME" echo "" printf -v tempval '%s id:' $(variable_group) printf -v val '%-20s' "${tempval}" - echo "$val $VARIABLE_GROUP_ID" + echo "$val $VARIABLE_GROUP_ID" printf -v tempval '%s id:' $(parent_variable_group) printf -v val '%-20s' "${tempval}" - echo "$val $PARENT_VARIABLE_GROUP_ID" + echo "$val $PARENT_VARIABLE_GROUP_ID" if [ $ENVIRONMENT != $ENVIRONMENT_IN_FILENAME ]; then echo "##vso[task.logissue type=error]The environment setting in $(workload_zone_configuration_file) '$ENVIRONMENT' does not match the $(workload_zone_configuration_file) file name '$ENVIRONMENT_IN_FILENAME'. Filename should have the pattern [ENVIRONMENT]-[REGION_CODE]-[NETWORK_LOGICAL_NAME]-INFRASTRUCTURE" @@ -731,10 +729,10 @@ stages: REMOTE_STATE_SA=$(grep "^REMOTE_STATE_SA=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) fi - echo "Workload Key Vault: ${workload_key_vault}" - echo "Deployer Key Vault: ${key_vault}" - echo "Terraform state subscription: $STATE_SUBSCRIPTION" - echo "Terraform state account: $REMOTE_STATE_SA" + echo "Workload Key Vault: ${workload_key_vault}" + echo "Deployer Key Vault: ${key_vault}" + echo "Terraform state subscription: $STATE_SUBSCRIPTION" + echo "Terraform state account: $REMOTE_STATE_SA" # Check if running on deployer if [[ ! -f /etc/profile.d/deploy_server.sh ]]; then @@ -785,7 +783,6 @@ stages: return_code=$? - #stop the pipeline after you have reset the whitelisting on your resources echo "Return code from remover.sh $return_code." if [ 0 != $return_code ]; then From 2ea9b3dcfcc87ffad17a1768b872d62056ccb271 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 20:25:23 +0300 Subject: [PATCH 203/279] Refactor echo statements for improved formatting and include deployer subscription in 03-sap-system-deployment.yaml --- deploy/scripts/remover.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/deploy/scripts/remover.sh b/deploy/scripts/remover.sh index d09d58caa4..de31b7e67f 100755 --- a/deploy/scripts/remover.sh +++ b/deploy/scripts/remover.sh @@ -195,7 +195,7 @@ this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 export TF_VAR_Agent_IP=$this_ip -echo "Agent IP: $this_ip" +echo "Agent IP: $this_ip" automation_config_directory=$CONFIG_REPO_PATH/.sap_deployment_automation generic_config_information="${automation_config_directory}"/config @@ -216,10 +216,10 @@ if [ "${deployment_system}" == sap_system ]; then system_config_information="${automation_config_directory}"/"${environment}""${region_code}""${network_logical_name}" fi -echo "Deployer environment: $deployer_environment" -echo "Configuration file: $system_config_information" -echo "Deployment region: $region" -echo "Deployment region code: $region_code" +echo "Deployer environment: $deployer_environment" +echo "Configuration file: $system_config_information" +echo "Deployment region: $region" +echo "Deployment region code: $region_code" key=$(echo "${parameterfile_name}" | cut -d. -f1) From 3efc1cadf1e70f96fc8c9bd9a436878c82662e57 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 20:31:31 +0300 Subject: [PATCH 204/279] Refactor echo statements for improved formatting and fix indentation in 10-remover-terraform.yaml --- deploy/pipelines/10-remover-terraform.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index d5e1822871..c799ad73fb 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -281,7 +281,7 @@ stages: workload_environment_file_name=$HOME/.sap_deployment_automation/$ENVIRONMENT$LOCATION_CODE$NETWORK; - echo "Workload Environment file: $workload_environment_file_name" + echo "Workload Environment file: $workload_environment_file_name" echo "Environment: $ENVIRONMENT" echo "Location: $LOCATION" @@ -299,7 +299,7 @@ stages: printf -v tempval '%s id:' $(parent_variable_group) printf -v val '%-20s' "${tempval}" - echo "$val $PARENT_VARIABLE_GROUP_ID" + echo "$val $PARENT_VARIABLE_GROUP_ID" echo "" @@ -661,7 +661,7 @@ stages: echo "Workload Environment file: $workload_environment_file_name" echo "Environment: ${ENVIRONMENT}" echo "Location: ${LOCATION}" - echo "Network: ${NETWORK}" + echo "Network: ${NETWORK}" echo "" workload_environment_file_name=$HOME/.sap_deployment_automation/$ENVIRONMENT$LOCATION_CODE$NETWORK; From 60305e04c30eab7da282e460522c74bea1f54ec0 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 20:32:44 +0300 Subject: [PATCH 205/279] Refactor echo statement for improved formatting in remover.sh --- deploy/scripts/remover.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/scripts/remover.sh b/deploy/scripts/remover.sh index de31b7e67f..51f07dc484 100755 --- a/deploy/scripts/remover.sh +++ b/deploy/scripts/remover.sh @@ -114,7 +114,7 @@ landscape_tfstate_key_parameter="" #show_help=false #deployer_tfstate_key_exists=false #landscape_tfstate_key_exists=false -echo "parameterfile: $parameterfile" +echo "parameterfile: $parameterfile" working_directory=$(pwd) From 5e721471bd1dd4387793382b7f8c2164c868ff55 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 20:38:28 +0300 Subject: [PATCH 206/279] Refactor echo statements for improved formatting and remove unnecessary output in remover.sh and 10-remover-terraform.yaml --- deploy/pipelines/10-remover-terraform.yaml | 7 ++----- deploy/scripts/remover.sh | 1 - 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index c799ad73fb..e9ed4969e1 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -164,8 +164,6 @@ stages: rm -f terraform_$(tf_version)_linux_amd64.zip else if [ $USE_MSI != "true" ]; then - echo "Deployment credentials: Service Principal" - echo "Deployment credential ID (SPN): $WL_ARM_CLIENT_ID" export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET @@ -327,8 +325,8 @@ stages: if [[ ! -f /etc/profile.d/deploy_server.sh ]]; then if [ $USE_MSI != "true" ]; then - echo "Deployment credentials: Service Principal" - echo "Deployment credentials Id (SPN): $WL_ARM_CLIENT_SECRET" + echo "Deployment credentials: Service Principal" + echo "Deployment credentials Id (SPN): $WL_ARM_CLIENT_SECRET" export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET @@ -574,7 +572,6 @@ stages: az devops configure --defaults organization=$(System.CollectionUri) project='$(System.TeamProject)' --output none export VARIABLE_GROUP_ID=$(az pipelines variable-group list --query "[?name=='$(variable_group)'].id | [0]") - echo '$(variable_group) id: ' $VARIABLE_GROUP_ID if [ -z ${VARIABLE_GROUP_ID} ]; then echo "##vso[task.logissue type=error]Variable group $(variable_group) could not be found." exit 2 diff --git a/deploy/scripts/remover.sh b/deploy/scripts/remover.sh index 51f07dc484..a824c19247 100755 --- a/deploy/scripts/remover.sh +++ b/deploy/scripts/remover.sh @@ -216,7 +216,6 @@ if [ "${deployment_system}" == sap_system ]; then system_config_information="${automation_config_directory}"/"${environment}""${region_code}""${network_logical_name}" fi -echo "Deployer environment: $deployer_environment" echo "Configuration file: $system_config_information" echo "Deployment region: $region" echo "Deployment region code: $region_code" From 0c9cdc5a0d7e88398a891c4491a67470b4d565bc Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 20:43:21 +0300 Subject: [PATCH 207/279] Refactor echo statements for improved formatting and remove unnecessary output in remover.sh and 10-remover-terraform.yaml --- deploy/pipelines/12-remove-control-plane.yaml | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/deploy/pipelines/12-remove-control-plane.yaml b/deploy/pipelines/12-remove-control-plane.yaml index 5aaa5caf77..34fd7bfdcb 100644 --- a/deploy/pipelines/12-remove-control-plane.yaml +++ b/deploy/pipelines/12-remove-control-plane.yaml @@ -217,10 +217,10 @@ stages: *) LOCATION_IN_FILENAME="westeurope" ;; esac - echo "Environment: ${ENVIRONMENT}" - echo "Location: ${LOCATION}" - echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" - echo "Location(filename): $LOCATION_IN_FILENAME" + echo "Environment: ${ENVIRONMENT}" + echo "Location: ${LOCATION}" + echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" + echo "Location(filename): $LOCATION_IN_FILENAME" echo "" @@ -235,7 +235,7 @@ stages: fi deployer_environment_file_name=$HOME/.sap_deployment_automation/$ENVIRONMENT$LOCATION_CODE; - echo "Environment file: $deployer_environment_file_name" + echo "Environment file: $deployer_environment_file_name" az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "Deployer_Key_Vault.value" --out tsv) if [ -n "${az_var}" ]; then @@ -272,10 +272,10 @@ stages: fi fi - echo "Terraform state subscription: $STATE_SUBSCRIPTION" - echo "Terraform state rg name: $REMOTE_STATE_RG" - echo "Terraform state account: $REMOTE_STATE_SA" - echo "Deployer Key Vault: ${key_vault}" + echo "Terraform state subscription: $STATE_SUBSCRIPTION" + echo "Terraform state rg name: $REMOTE_STATE_RG" + echo "Terraform state account: $REMOTE_STATE_SA" + echo "Deployer Key Vault: ${key_vault}" if [ -f ${CONFIG_REPO_PATH}/LIBRARY/$(library_folder)/state.zip ]; then pass=$(echo $DEPLOYER_RANDOM_ID_SEED | sed 's/-//g') @@ -579,12 +579,12 @@ stages: *) LOCATION_IN_FILENAME="westeurope" ;; esac - echo "Environment: ${ENVIRONMENT}" - echo "Location: ${LOCATION}" - echo "Location code: ${LOCATION_CODE}" + echo "Environment: ${ENVIRONMENT}" + echo "Location: ${LOCATION}" + echo "Location code: ${LOCATION_CODE}" - echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" - echo "Location(filename): $LOCATION_IN_FILENAME" + echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" + echo "Location(filename): $LOCATION_IN_FILENAME" echo "" if [ $ENVIRONMENT != $ENVIRONMENT_IN_FILENAME ]; then @@ -600,7 +600,7 @@ stages: echo -e "$green--- Running the remove region script that destroys deployer VM and SAP library ---$reset" deployer_environment_file_name=$HOME/.sap_deployment_automation/$ENVIRONMENT$LOCATION_CODE - echo "Environment file: $deployer_environment_file_name" + echo "Environment file: $deployer_environment_file_name" echo -e "$green--- az login ---$reset" @@ -626,7 +626,7 @@ stages: key_vault=$(grep -m1 "^keyvault=" ${deployer_environment_file_name} | awk -F'=' '{print $2}' | xargs) fi - echo "Deployer Key Vault: $key_vault" + echo "Deployer Key Vault: $key_vault" key_vault_id=$(az resource list --name "${key_vault}" --resource-type Microsoft.KeyVault/vaults --query "[].id | [0]" -o tsv) if [ -n "${key_vault_id}" ]; then From 0f059be235bd26edf07cb756f5633adedd3775cc Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 21:23:58 +0300 Subject: [PATCH 208/279] Refactor echo statements for improved formatting and remove unnecessary output in remover.sh and 10-remover-terraform.yaml --- deploy/pipelines/01-deploy-control-plane.yaml | 39 ++++++++++--------- deploy/scripts/deploy_controlplane.sh | 14 +++---- deploy/scripts/set_secrets.sh | 4 +- 3 files changed, 29 insertions(+), 28 deletions(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index 60c2f22fbb..4725557eb4 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -109,13 +109,13 @@ stages: az extension add --name azure-devops --output none --only-show-errors - echo "Environment: $ENVIRONMENT" - echo "Location: $LOCATION" + echo "Environment: $ENVIRONMENT" + echo "Location: $LOCATION" echo "" - echo "Agent: $(this_agent)" - echo "Organization: $(System.CollectionUri)" - echo "Project: $(System.TeamProject)" + echo "Agent: $(this_agent)" + echo "Organization: $(System.CollectionUri)" + echo "Project: $(System.TeamProject)" echo "" echo "Azure CLI version:" echo "-------------------------------------------------" @@ -126,7 +126,7 @@ stages: export VARIABLE_GROUP_ID=$(az pipelines variable-group list --query "[?name=='$(variable_group)'].id | [0]") - printf -v tempval '%s id:' $(parent_variable_group) + printf -v tempval '%s id:' $(variable_group) printf -v val '%-20s' "${tempval}" echo "$val $VARIABLE_GROUP_ID" @@ -202,7 +202,7 @@ stages: if [ ! -f /etc/profile.d/deploy_server.sh ]; then echo -e "$green--- Install dos2unix ---$reset" sudo apt-get -qq install dos2unix - sudo apt -qq install zip + sudo apt-get -qq install zip echo -e "$green--- Install terraform ---$reset" wget -q $(tf_url) return_code=$? @@ -225,10 +225,10 @@ stages: deployer_environment_file_name=$CONFIG_REPO_PATH/.sap_deployment_automation/${ENVIRONMENT}$LOCATION echo -e "$green--- Deploy the Control Plane ---$reset" if [ -n "$(PAT)" ]; then - echo "Deployer Agent PAT: IsDefined" + echo "Deployer Agent PAT: IsDefined" fi if [ -n "$(POOL)" ]; then - echo "Deployer Agent Pool: $(POOL)" + echo "Deployer Agent Pool: $(POOL)" fi if [ -f ${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/state.zip ]; then @@ -238,10 +238,10 @@ stages: fi if [ $(use_webapp) = "true" ]; then - echo "Deploy Web App: true" + echo "Deploy Web App: true" else - echo "Deploy Web App: false" + echo "Deploy Web App: false" fi export TF_LOG_PATH=$CONFIG_REPO_PATH/.sap_deployment_automation/terraform.log @@ -250,7 +250,7 @@ stages: if [ "$USE_MSI" = "true" ]; then export ARM_CLIENT_SECRET=$servicePrincipalKey export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID - echo "Deployment credentials: Managed Identity" + echo "Deployment credentials: Managed Identity" $SAP_AUTOMATION_REPO_PATH/deploy/scripts/deploy_controlplane.sh \ @@ -292,12 +292,13 @@ stages: if [ -z "$file_deployer_tfstate_key" ]; then file_deployer_tfstate_key=$DEPLOYER_TFSTATE_KEY fi - echo 'Deployer State File' $file_deployer_tfstate_key + echo "Deployer State File $file_deployer_tfstate_key" + file_key_vault=$(cat ${deployer_environment_file_name} | grep keyvault= | awk -F'=' '{print $2}' | xargs) - echo 'Deployer Key Vault' ${file_key_vault} + echo "Deployer Key Vault: ${file_key_vault}" + deployer_random_id=$(cat ${deployer_environment_file_name} | grep deployer_random_id= | awk -F'=' '{print $2}' | xargs) library_random_id=$(cat ${deployer_environment_file_name} | grep library_random_id= | awk -F'=' '{print $2}' | xargs) - echo 'Deployer Random ID' ${deployer_random_id} fi echo -e "$green--- Update repo ---$reset" @@ -310,7 +311,7 @@ stages: added=1 fi if [ -f ${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/terraform.tfstate ]; then - sudo apt install zip + sudo apt-get install zip -y pass=$(echo $(System.CollectionId) | sed 's/-//g') zip -j -P "${pass}" ${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/state ${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/terraform.tfstate git add -f ${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/state.zip @@ -646,7 +647,7 @@ stages: echo -e "$green--- Install dos2unix ---$reset" sudo apt-get -qq install dos2unix - sudo apt -qq install zip + sudo apt-get -qq install zip echo -e "$green --- Install terraform ---$reset" @@ -841,7 +842,7 @@ stages: if [ -n "${backend}" ]; then echo "Local Terraform state" if [ -f "${CONFIG_REPO_PATH}"/DEPLOYER/$(deployerfolder)/terraform.tfstate ]; then - sudo apt install zip + sudo apt-get -qq install zip echo "Compressing the deployer state file" pass=$(echo $(System.CollectionId) | sed 's/-//g') zip -j -P "${pass}" "${CONFIG_REPO_PATH}"/DEPLOYER/$(deployerfolder)/state "${CONFIG_REPO_PATH}"/DEPLOYER/$(deployerfolder)/terraform.tfstate @@ -865,7 +866,7 @@ stages: if [ -n "${backend}" ]; then echo "Local Terraform state" if [ -f "${CONFIG_REPO_PATH}"/LIBRARY/$(libraryfolder)/terraform.tfstate ]; then - sudo apt install zip + sudo apt-get -qq install zip echo "Compressing the library state file" pass=$(echo $(System.CollectionId) | sed 's/-//g') zip -j -P "${pass}" "${CONFIG_REPO_PATH}"/LIBRARY/$(libraryfolder)/state ${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder)/terraform.tfstate diff --git a/deploy/scripts/deploy_controlplane.sh b/deploy/scripts/deploy_controlplane.sh index 7a1f8150d4..fe4c417964 100755 --- a/deploy/scripts/deploy_controlplane.sh +++ b/deploy/scripts/deploy_controlplane.sh @@ -79,18 +79,18 @@ do esac done -echo "ADO flag: ${ado_flag}" +echo "ADO flag: ${ado_flag}" key=$(basename "${deployer_parameter_file}" | cut -d. -f1) deployer_tfstate_key="${key}.terraform.tfstate" -echo "Deployer State File: ${deployer_tfstate_key}" +echo "Deployer State File: ${deployer_tfstate_key}" key=$(basename "${library_parameter_file}" | cut -d. -f1) library_tfstate_key="${key}.terraform.tfstate" -echo "Deployer State File: ${deployer_tfstate_key}" -echo "Library State File: ${library_tfstate_key}" +echo "Deployer State File: ${deployer_tfstate_key}" +echo "Library State File: ${library_tfstate_key}" this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 root_dirname=$(pwd) @@ -133,7 +133,7 @@ fi # Convert the region to the correct code get_region_code "$region" -echo "Region code: ${region_code}" +echo "Region code: ${region_code}" automation_config_directory=$CONFIG_REPO_PATH/.sap_deployment_automation @@ -256,11 +256,11 @@ fi load_config_vars "${deployer_config_information}" "step" if [ 0 = "${deploy_using_msi_only:-}" ]; then - echo "Identity to use: Service Principal" + echo "Identity to use: Service Principal" unset ARM_USE_MSI set_executing_user_environment_variables "${spn_secret}" else - echo "Identity to use: Managed Identity" + echo "Identity to use: Managed Identity" set_executing_user_environment_variables "none" fi diff --git a/deploy/scripts/set_secrets.sh b/deploy/scripts/set_secrets.sh index c7d65b832a..9e58a10b26 100755 --- a/deploy/scripts/set_secrets.sh +++ b/deploy/scripts/set_secrets.sh @@ -294,8 +294,8 @@ echo "# echo "#########################################################################################" echo "" -echo "Key vault: ${keyvault}" -echo "Subscription: ${STATE_SUBSCRIPTION}" +echo "Key vault: ${keyvault}" +echo "Subscription: ${STATE_SUBSCRIPTION}" save_config_vars "${environment_config_information}" \ keyvault \ From ecd7615a73bb16793831853923a1dadd23b30e14 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 21:47:29 +0300 Subject: [PATCH 209/279] Refactor echo statements for improved formatting and remove unnecessary output in 01-deploy-control-plane.yaml --- deploy/pipelines/01-deploy-control-plane.yaml | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index 4725557eb4..2a65cff917 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -105,7 +105,7 @@ stages: cd $CONFIG_REPO_PATH git checkout -q $(Build.SourceBranchName) echo -e "$green--- Configure devops CLI extension ---$reset" - az config set extension.use_dynamic_install=yes_without_prompt + az config set extension.use_dynamic_install=yes_without_prompt --only-show-errors az extension add --name azure-devops --output none --only-show-errors @@ -117,15 +117,10 @@ stages: echo "Organization: $(System.CollectionUri)" echo "Project: $(System.TeamProject)" echo "" - echo "Azure CLI version:" - echo "-------------------------------------------------" - az --version - echo "" - az devops configure --defaults organization=$(System.CollectionUri) project='$(System.TeamProject)' --output none + az devops configure --defaults organization=$(System.CollectionUri) project='$(System.TeamProject)' --output none --only-show-errors export VARIABLE_GROUP_ID=$(az pipelines variable-group list --query "[?name=='$(variable_group)'].id | [0]") - printf -v tempval '%s id:' $(variable_group) printf -v val '%-20s' "${tempval}" echo "$val $VARIABLE_GROUP_ID" From 65f3200b9010610b3ee85bdc3bf8779cd550a1c3 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 21:49:35 +0300 Subject: [PATCH 210/279] Refactor validate_dependencies function to check for the existence of the terraform binary file instead of the terraform directory. --- deploy/scripts/helpers/script_helpers.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/scripts/helpers/script_helpers.sh b/deploy/scripts/helpers/script_helpers.sh index 4062b45542..31f6e77db0 100755 --- a/deploy/scripts/helpers/script_helpers.sh +++ b/deploy/scripts/helpers/script_helpers.sh @@ -394,7 +394,7 @@ function missing { function validate_dependencies { tfPath="/opt/terraform/bin/terraform" - if [ -d /opt/terraform/bin/terraform ]; then + if [ -f /opt/terraform/bin/terraform ]; then tfPath="/opt/terraform/bin/terraform" else tfPath=$(which terraform) From 060d2381cdea5df838b0a6de77b10786daf6876d Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 22:00:18 +0300 Subject: [PATCH 211/279] Refactor echo statements for improved formatting and remove unnecessary output in deploy and remove pipelines --- deploy/pipelines/01-deploy-control-plane.yaml | 12 ++++++------ deploy/pipelines/12-remove-control-plane.yaml | 4 ++-- .../templates/configure_deployer.sh.tmpl | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index 2a65cff917..37da824df9 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -308,7 +308,7 @@ stages: if [ -f ${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/terraform.tfstate ]; then sudo apt-get install zip -y pass=$(echo $(System.CollectionId) | sed 's/-//g') - zip -j -P "${pass}" ${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/state ${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/terraform.tfstate + zip -q -j -P "${pass}" ${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/state ${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/terraform.tfstate git add -f ${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/state.zip added=1 fi @@ -737,14 +737,14 @@ stages: echo -e "$green--- Deploy the Control Plane ---$reset" if [ -n "$(POOL)" ]; then - echo "Deployer Agent Pool: $(POOL)" + echo "Deployer Agent Pool: $(POOL)" fi if [ -f "${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder)/state.zip" ]; then pass=$(echo $(System.CollectionId) | sed 's/-//g') echo "Unzipping the library state file" - unzip -o -P "${pass}" "${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder)/state.zip" -d "${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder)" + unzip -o -qq -P "${pass}" "${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder)/state.zip" -d "${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder)" fi # ls -lart ${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder) @@ -753,7 +753,7 @@ stages: pass=$(echo $(System.CollectionId) | sed 's/-//g') echo "Unzipping the deployer state file" - unzip -o -P "${pass}" "${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/state.zip" -d "${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)" + unzip -o -qq -P "${pass}" "${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/state.zip" -d "${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)" fi # ls -lart "${CONFIG_REPO_PATH}"/DEPLOYER/$(deployerfolder) @@ -840,7 +840,7 @@ stages: sudo apt-get -qq install zip echo "Compressing the deployer state file" pass=$(echo $(System.CollectionId) | sed 's/-//g') - zip -j -P "${pass}" "${CONFIG_REPO_PATH}"/DEPLOYER/$(deployerfolder)/state "${CONFIG_REPO_PATH}"/DEPLOYER/$(deployerfolder)/terraform.tfstate + zip -q -j -P "${pass}" "${CONFIG_REPO_PATH}"/DEPLOYER/$(deployerfolder)/state "${CONFIG_REPO_PATH}"/DEPLOYER/$(deployerfolder)/terraform.tfstate git add -f "${CONFIG_REPO_PATH}"/DEPLOYER/$(deployerfolder)/state.zip added=1 fi @@ -864,7 +864,7 @@ stages: sudo apt-get -qq install zip echo "Compressing the library state file" pass=$(echo $(System.CollectionId) | sed 's/-//g') - zip -j -P "${pass}" "${CONFIG_REPO_PATH}"/LIBRARY/$(libraryfolder)/state ${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder)/terraform.tfstate + zip -q -j -P "${pass}" "${CONFIG_REPO_PATH}"/LIBRARY/$(libraryfolder)/state ${CONFIG_REPO_PATH}/LIBRARY/$(libraryfolder)/terraform.tfstate git add -f "${CONFIG_REPO_PATH}"/LIBRARY/$(libraryfolder)/state.zip added=1 fi diff --git a/deploy/pipelines/12-remove-control-plane.yaml b/deploy/pipelines/12-remove-control-plane.yaml index 34fd7bfdcb..3c101705d1 100644 --- a/deploy/pipelines/12-remove-control-plane.yaml +++ b/deploy/pipelines/12-remove-control-plane.yaml @@ -315,7 +315,7 @@ stages: echo "Compressing the state file." sudo apt install zip pass=$(echo $DEPLOYER_RANDOM_ID_SEED | sed 's/-//g') - zip -j -P "${pass}" DEPLOYER/$(deployer_folder)/state DEPLOYER/$(deployer_folder)/terraform.tfstate + zip -q -j -P "${pass}" DEPLOYER/$(deployer_folder)/state DEPLOYER/$(deployer_folder)/terraform.tfstate git add -f DEPLOYER/$(deployer_folder)/state.zip changed=1 fi @@ -327,7 +327,7 @@ stages: sudo apt install zip echo "Compressing the library state file" pass=$(echo $DEPLOYER_RANDOM_ID_SEED | sed 's/-//g') - zip -j -P "${pass}" ${CONFIG_REPO_PATH}/LIBRARY/$(library_folder)/state ${CONFIG_REPO_PATH}/LIBRARY/$(library_folder)/terraform.tfstate + zip -q -j -P "${pass}" ${CONFIG_REPO_PATH}/LIBRARY/$(library_folder)/state ${CONFIG_REPO_PATH}/LIBRARY/$(library_folder)/terraform.tfstate git add -f ${CONFIG_REPO_PATH}/LIBRARY/$(library_folder)/state.zip changed=1 fi diff --git a/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl b/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl index dc0388c3e9..54e7e2df67 100644 --- a/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl +++ b/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl @@ -459,7 +459,7 @@ else wget -nv -O "/$${asad_home}/$${tf_zip}" "https://releases.hashicorp.com/terraform/$${tfversion}/$${tf_zip}" sudo touch "$${asad_ws}/LOCAL/1" - sudo unzip -o "/$${asad_home}/$${tf_zip}" -d "$${tf_dir}" + sudo unzip -qq -o "/$${asad_home}/$${tf_zip}" -d "$${tf_dir}" sudo touch "$${asad_ws}/LOCAL/2" sudo ln -vfs "../$(basename "$${tf_dir}")/terraform" "$${tf_bin}/terraform" sudo touch "$${asad_ws}/LOCAL/3" From 682f23aeed187082cf691ab41cdb1f0168bb7128 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 22:11:08 +0300 Subject: [PATCH 212/279] Refactor echo statements for improved formatting and remove unnecessary output in deploy and remove pipelines --- deploy/pipelines/01-deploy-control-plane.yaml | 13 +++++++++---- deploy/scripts/install_workloadzone.sh | 2 +- deploy/scripts/installer.sh | 2 +- 3 files changed, 11 insertions(+), 6 deletions(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index 37da824df9..a6e9fbd227 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -676,8 +676,10 @@ stages: . /etc/profile.d/deploy_server.sh ; /opt/bin/terraform/terraform --version if [ $USE_MSI != "true" ]; then + echo "Deployment credentials: Service Principal" + echo "Deployment credential ID (SPN): $CP_ARM_CLIENT_ID" + echo "Deployer subscription: $CP_ARM_SUBSCRIPTION_ID" - echo -e "$cyan--- Install using Service Principals ---$reset" export ARM_CLIENT_ID=$CP_ARM_CLIENT_ID export ARM_CLIENT_SECRET=$CP_ARM_CLIENT_SECRET export ARM_TENANT_ID=$CP_ARM_TENANT_ID @@ -693,7 +695,8 @@ stages: fi az account set --subscription $ARM_SUBSCRIPTION_ID else - echo -e "$cyan--- Install using Managed Identity ---$reset" + echo "Deployment credentials: MAnaged Identity" + # export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID export ARM_USE_MSI=true export ARM_USE_AZUREAD=true @@ -762,7 +765,9 @@ stages: sudo chmod +x $SAP_AUTOMATION_REPO_PATH/deploy/scripts/deploy_controlplane.sh if [ $USE_MSI != "true" ]; then - echo -e "$cyan --- Install using Service Principals ---$reset" + echo "Deployment credentials: Service Principal" + echo "Deployment credential ID (SPN): $CP_ARM_CLIENT_ID" + echo "Deployer subscription: $CP_ARM_SUBSCRIPTION_ID" export TF_VAR_use_spn=true @@ -775,7 +780,7 @@ stages: --auto-approve --ado \ ${storage_account_parameter} ${keyvault_parameter} else - echo -e "$cyan --- Install using Managed Identity ---$reset" + echo "Deployment credentials: Managed Identity" export TF_VAR_use_spn=false ${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/deploy_controlplane.sh \ diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index 53244fddd5..2b5cb90b76 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -763,7 +763,7 @@ else fi return_value=$? -echo "Terraform Plan return code: " $return_value +echo "Terraform Plan return code: $return_value" if [ 1 == $return_value ] then echo "#########################################################################################" diff --git a/deploy/scripts/installer.sh b/deploy/scripts/installer.sh index f88df0f865..214328cbdd 100755 --- a/deploy/scripts/installer.sh +++ b/deploy/scripts/installer.sh @@ -641,7 +641,7 @@ allParams=$(printf " -var-file=%s %s %s %s %s %s %s" "${var_file}" "${extra_vars terraform -chdir="$terraform_module_directory" plan -no-color -detailed-exitcode $allParams | tee -a plan_output.log return_value=$? -echo "Terraform Plan return code: " $return_value +echo "Terraform Plan return code: $return_value" if [ 1 == $return_value ] ; then echo "" From c777aafa9fb5b099452aaaaa6e23fa6dd5b1400f Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 22:26:39 +0300 Subject: [PATCH 213/279] Refactor echo statements for improved formatting and remove unnecessary output in set_secrets.sh --- deploy/scripts/set_secrets.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/scripts/set_secrets.sh b/deploy/scripts/set_secrets.sh index 9e58a10b26..249f0f1464 100755 --- a/deploy/scripts/set_secrets.sh +++ b/deploy/scripts/set_secrets.sh @@ -294,8 +294,8 @@ echo "# echo "#########################################################################################" echo "" -echo "Key vault: ${keyvault}" -echo "Subscription: ${STATE_SUBSCRIPTION}" +echo "Key vault: ${keyvault}" +echo "Subscription: ${STATE_SUBSCRIPTION}" save_config_vars "${environment_config_information}" \ keyvault \ From 709ca640a1a164b710c5ffcf8485e9dfac11cb35 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 22:29:48 +0300 Subject: [PATCH 214/279] Refactor azuread_service_principal data source to conditionally include object_id in locals --- deploy/terraform/run/sap_landscape/imports.tf | 5 +++++ deploy/terraform/run/sap_landscape/variables_local.tf | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/deploy/terraform/run/sap_landscape/imports.tf b/deploy/terraform/run/sap_landscape/imports.tf index 635f979069..344f40aa43 100644 --- a/deploy/terraform/run/sap_landscape/imports.tf +++ b/deploy/terraform/run/sap_landscape/imports.tf @@ -67,3 +67,8 @@ data "azurerm_key_vault_secret" "cp_tenant_id" { key_vault_id = local.spn_key_vault_arm_id } +// Import current service principal +data "azuread_service_principal" "sp" { + count = var.use_spn ? 1 : 0 + client_id = local.spn.client_id + } diff --git a/deploy/terraform/run/sap_landscape/variables_local.tf b/deploy/terraform/run/sap_landscape/variables_local.tf index 6237105a45..03205e2949 100644 --- a/deploy/terraform/run/sap_landscape/variables_local.tf +++ b/deploy/terraform/run/sap_landscape/variables_local.tf @@ -51,7 +51,7 @@ locals { service_principal = { subscription_id = local.spn.subscription_id, tenant_id = local.spn.tenant_id, - object_id = var.use_spn ? local.spn.client_id : null + object_id = var.use_spn ? data.azuread_service_principal.sp[0].object_id : null } account = { From 453590689ef89179c835bebcbb71761269831cf1 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 22:32:12 +0300 Subject: [PATCH 215/279] Update SDAF version to 3.13.1.0 in ansible-input-api.yaml and version.txt --- deploy/ansible/vars/ansible-input-api.yaml | 2 +- deploy/configs/version.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/ansible/vars/ansible-input-api.yaml b/deploy/ansible/vars/ansible-input-api.yaml index 18b4ae7722..b03529cb8d 100644 --- a/deploy/ansible/vars/ansible-input-api.yaml +++ b/deploy/ansible/vars/ansible-input-api.yaml @@ -5,7 +5,7 @@ become_user_name: root oracle_user_name: oracle orchestration_ansible_user: azureadm # ------------------- Begin - SDAF Ansible Version ---------------------------8 -SDAF_Version: "3.13.0.0" +SDAF_Version: "3.13.1.0" # ------------------- End - SDAF Ansible Version ---------------------------8 diff --git a/deploy/configs/version.txt b/deploy/configs/version.txt index c21c6f6867..bc8db301f8 100644 --- a/deploy/configs/version.txt +++ b/deploy/configs/version.txt @@ -1 +1 @@ -3.13.0.0 +3.13.1.0 From 1280354530285229be6576ffaf9dc25692cc13ca Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 22:41:38 +0300 Subject: [PATCH 216/279] Refactor echo statements for improved formatting and remove unnecessary output in deploy and remove pipelines --- deploy/pipelines/02-sap-workload-zone.yaml | 10 +++++----- deploy/scripts/install_workloadzone.sh | 12 ++++++------ 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/deploy/pipelines/02-sap-workload-zone.yaml b/deploy/pipelines/02-sap-workload-zone.yaml index 87dc2c153c..905dfd515a 100644 --- a/deploy/pipelines/02-sap-workload-zone.yaml +++ b/deploy/pipelines/02-sap-workload-zone.yaml @@ -462,10 +462,10 @@ stages: --region "${LOCATION}" --subscription $ARM_SUBSCRIPTION_ID --spn_id $ARM_CLIENT_ID --spn_secret "${ARM_CLIENT_SECRET}" \ --tenant_id $ARM_TENANT_ID --keyvault_subscription $STATE_SUBSCRIPTION secrets_set=$? ; - echo "Set Secrets returned: $secrets_set" + echo "Set Secrets returned: $secrets_set" else - echo "Deployment credentials: Managed Identity" + echo "Deployment credentials: Managed Identity" # export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID export ARM_USE_MSI=true export ARM_USE_AZUREAD=true @@ -476,9 +476,9 @@ stages: debug_variable='' if [ $USE_MSI != "true" ]; then - echo "Deployment credentials: Service Principal" - echo "Service Principal: $WL_ARM_CLIENT_ID" - echo "Service Principal (OID) $WL_ARM_OBJECT_ID" + echo "Deployment credentials: Service Principal" + echo "Service Principal: $WL_ARM_CLIENT_ID" + echo "Service Principal (OID) $WL_ARM_OBJECT_ID" isUserAccessAdmin=$(az role assignment list --role "User Access Administrator" --subscription $STATE_SUBSCRIPTION --assignee $WL_ARM_OBJECT_ID --query "[].principalName | [0]" --output tsv) diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index 2b5cb90b76..e15dd945ef 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -64,12 +64,12 @@ this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 deployer_environment=$(echo "${deployer_environment}" | tr "[:lower:]" "[:upper:]") -echo "Deployer environment: $deployer_environment" +echo "Deployer environment: $deployer_environment" if [ 1 == $called_from_ado ] ; then this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 export TF_VAR_Agent_IP=$this_ip - echo "Agent IP: $this_ip" + echo "Agent IP: $this_ip" fi @@ -167,10 +167,10 @@ then fi -echo "Configuration file: $workload_config_information" -echo "Deployment region: $region" -echo "Deployment region code: $region_code" -echo "Keyvault: $keyvault" +echo "Configuration file: $workload_config_information" +echo "Deployment region: $region" +echo "Deployment region code: $region_code" +echo "Keyvault: $keyvault" if [ -n "$STATE_SUBSCRIPTION" ] then From e2640bd3157855f0095e6c63b78f548062ed69b4 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 22:55:35 +0300 Subject: [PATCH 217/279] Refactor echo statements for improved formatting and remove unnecessary output in deploy and remove pipelines --- deploy/pipelines/02-sap-workload-zone.yaml | 60 +++++++++++----------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/deploy/pipelines/02-sap-workload-zone.yaml b/deploy/pipelines/02-sap-workload-zone.yaml index 905dfd515a..ed4cfb7099 100644 --- a/deploy/pipelines/02-sap-workload-zone.yaml +++ b/deploy/pipelines/02-sap-workload-zone.yaml @@ -283,22 +283,22 @@ stages: NETWORK_IN_FILENAME=$(echo $(workload_zone_folder) | awk -F'-' '{print $3}' | xargs ) - echo "Environment: $ENVIRONMENT" - echo "Location: $LOCATION" - echo "Network: $NETWORK" + echo "Environment: $ENVIRONMENT" + echo "Location: $LOCATION" + echo "Network: $NETWORK" - echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" - echo "Location(filename): $LOCATION_IN_FILENAME" - echo "Network(filename): $NETWORK_IN_FILENAME" + echo "Environment(filename): $ENVIRONMENT_IN_FILENAME" + echo "Location(filename): $LOCATION_IN_FILENAME" + echo "Network(filename): $NETWORK_IN_FILENAME" - echo "Deployer Environment $(deployer_environment)" - echo "Deployer Region $(deployer_region)" - echo "Workload TFvars $(workload_zone_configuration_file)" + echo "Deployer Environment $(deployer_environment)" + echo "Deployer Region $(deployer_region)" + echo "Workload TFvars $(workload_zone_configuration_file)" echo "" - echo "Agent pool: $(this_agent)" - echo "Organization: $(System.CollectionUri)" - echo "Project: $(System.TeamProject)" + echo "Agent pool: $(this_agent)" + echo "Organization: $(System.CollectionUri)" + echo "Project: $(System.TeamProject)" echo "" echo "Azure CLI version:" echo "-------------------------------------------------" @@ -341,17 +341,17 @@ stages: fi printf -v tempval '%s id:' $(variable_group) printf -v val '%-20s' "${tempval}" - echo "$val $VARIABLE_GROUP_ID" + echo "$val $VARIABLE_GROUP_ID" printf -v tempval '%s id:' $(parent_variable_group) printf -v val '%-20s' "${tempval}" - echo "$val $PARENT_VARIABLE_GROUP_ID" + echo "$val $PARENT_VARIABLE_GROUP_ID" deployer_environment_file_name=$CONFIG_REPO_PATH/.sap_deployment_automation/$(deployer_environment)$(deployer_region) - echo "Deployer Environment File: $deployer_environment_file_name" + echo "Deployer Environment File: $deployer_environment_file_name" workload_environment_file_name=$CONFIG_REPO_PATH/.sap_deployment_automation/${ENVIRONMENT}${LOCATION_CODE}${NETWORK} - echo "Workload Zone Environment File: $workload_environment_file_name" + echo "Workload Zone Environment File: $workload_environment_file_name" dos2unix -q ${deployer_environment_file_name} dos2unix -q ${workload_environment_file_name} @@ -420,13 +420,13 @@ stages: STATE_SUBSCRIPTION=$(grep "^STATE_SUBSCRIPTION=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) fi - echo "Deployer statefile: $deployer_tfstate_key" - echo "Deployer Key vault: $key_vault" - echo "Workload Key vault: ${workload_key_vault}" - echo "Target subscription $WL_ARM_SUBSCRIPTION_ID" + echo "Deployer statefile: $deployer_tfstate_key" + echo "Deployer Key vault: $key_vault" + echo "Workload Key vault: ${workload_key_vault}" + echo "Target subscription $WL_ARM_SUBSCRIPTION_ID" - echo "Terraform state file subscription: $STATE_SUBSCRIPTION" - echo "Terraform state file storage account: $REMOTE_STATE_SA" + echo "Terraform state file subscription: $STATE_SUBSCRIPTION" + echo "Terraform state file storage account:$REMOTE_STATE_SA" secrets_set=1 echo -e "$green---az login ---$reset" @@ -436,9 +436,9 @@ stages: if [ $USE_MSI != "true" ]; then - echo "Deployment credentials: Service Principal" - echo "Deployment credential ID (SPN): $WL_ARM_CLIENT_ID" - echo "Deployer subscription: $STATE_SUBSCRIPTION" + echo "Deployment credentials: Service Principal" + echo "Deployment credential ID (SPN): $WL_ARM_CLIENT_ID" + echo "Deployer subscription: $STATE_SUBSCRIPTION" export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET @@ -462,10 +462,10 @@ stages: --region "${LOCATION}" --subscription $ARM_SUBSCRIPTION_ID --spn_id $ARM_CLIENT_ID --spn_secret "${ARM_CLIENT_SECRET}" \ --tenant_id $ARM_TENANT_ID --keyvault_subscription $STATE_SUBSCRIPTION secrets_set=$? ; - echo "Set Secrets returned: $secrets_set" + echo "Set Secrets returned: $secrets_set" else - echo "Deployment credentials: Managed Identity" + echo "Deployment credentials: Managed Identity" # export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID export ARM_USE_MSI=true export ARM_USE_AZUREAD=true @@ -476,9 +476,9 @@ stages: debug_variable='' if [ $USE_MSI != "true" ]; then - echo "Deployment credentials: Service Principal" - echo "Service Principal: $WL_ARM_CLIENT_ID" - echo "Service Principal (OID) $WL_ARM_OBJECT_ID" + echo "Deployment credentials: Service Principal" + echo "Service Principal: $WL_ARM_CLIENT_ID" + echo "Service Principal (OID) $WL_ARM_OBJECT_ID" isUserAccessAdmin=$(az role assignment list --role "User Access Administrator" --subscription $STATE_SUBSCRIPTION --assignee $WL_ARM_OBJECT_ID --query "[].principalName | [0]" --output tsv) From 06700897d069accc87705725fe96bccd2778c355 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 23:17:10 +0300 Subject: [PATCH 218/279] Refactor key_vault_sap_landscape.tf to conditionally include object_id in azurerm_key_vault_access_policy --- .../sap_landscape/key_vault_sap_landscape.tf | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/deploy/terraform/terraform-units/modules/sap_landscape/key_vault_sap_landscape.tf b/deploy/terraform/terraform-units/modules/sap_landscape/key_vault_sap_landscape.tf index 00de6b6ee0..fe5fae3ad1 100644 --- a/deploy/terraform/terraform-units/modules/sap_landscape/key_vault_sap_landscape.tf +++ b/deploy/terraform/terraform-units/modules/sap_landscape/key_vault_sap_landscape.tf @@ -1,3 +1,6 @@ +data "azuread_client_config" "current" {} + + #######################################4#######################################8 # # # Workload zone key vault # @@ -95,14 +98,11 @@ resource "azurerm_role_assignment" "role_assignment_spn" { } resource "azurerm_key_vault_access_policy" "kv_user" { - provider = azurerm.main - count = (var.key_vault.exists || var.enable_rbac_authorization_for_keyvault) ? ( - 0) : ( - (length(var.deployer_tfstate) > 0 ? var.deployer_tfstate.deployer_uai.principal_id == local.service_principal.object_id : false) ? 0 : 1 - ) + provider = azurerm.deployer + count = var.options.use_spn && (length(try(var.deployer_tfstate.deployer_uai.principal_id,"")) > 0) ? 1 : 0 key_vault_id = local.user_keyvault_exist ? local.user_key_vault_id : azurerm_key_vault.kv_user[0].id tenant_id = local.service_principal.tenant_id - object_id = local.service_principal.object_id != "" ? local.service_principal.object_id : "00000000-0000-0000-0000-000000000000" + object_id = var.deployer_tfstate.deployer_uai.principal_id secret_permissions = [ "Get", @@ -119,8 +119,8 @@ resource "azurerm_key_vault_access_policy" "kv_user_spn" { provider = azurerm.main count = var.options.use_spn ? 1 : 0 key_vault_id = local.user_keyvault_exist ? local.user_key_vault_id : azurerm_key_vault.kv_user[0].id - tenant_id = var.service_principal.tenant_id - object_id = var.service_principal.object_id + tenant_id = data.azuread_client_config.current.tenant_id + object_id = data.azuread_client_config.current.object_id secret_permissions = [ "Get", From e3a89a5a33534e229f8ac8d07ea0683063813d49 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 23:20:47 +0300 Subject: [PATCH 219/279] Refactor echo statements for improved formatting and remove unnecessary output in deploy and remove pipelines --- deploy/pipelines/02-sap-workload-zone.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/deploy/pipelines/02-sap-workload-zone.yaml b/deploy/pipelines/02-sap-workload-zone.yaml index ed4cfb7099..86f773114f 100644 --- a/deploy/pipelines/02-sap-workload-zone.yaml +++ b/deploy/pipelines/02-sap-workload-zone.yaml @@ -462,10 +462,10 @@ stages: --region "${LOCATION}" --subscription $ARM_SUBSCRIPTION_ID --spn_id $ARM_CLIENT_ID --spn_secret "${ARM_CLIENT_SECRET}" \ --tenant_id $ARM_TENANT_ID --keyvault_subscription $STATE_SUBSCRIPTION secrets_set=$? ; - echo "Set Secrets returned: $secrets_set" + echo "Set Secrets returned: $secrets_set" else - echo "Deployment credentials: Managed Identity" + echo "Deployment credentials: Managed Identity" # export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID export ARM_USE_MSI=true export ARM_USE_AZUREAD=true @@ -476,9 +476,9 @@ stages: debug_variable='' if [ $USE_MSI != "true" ]; then - echo "Deployment credentials: Service Principal" - echo "Service Principal: $WL_ARM_CLIENT_ID" - echo "Service Principal (OID) $WL_ARM_OBJECT_ID" + echo "Deployment credentials: Service Principal" + echo "Service Principal: $WL_ARM_CLIENT_ID" + echo "Service Principal (OID) $WL_ARM_OBJECT_ID" isUserAccessAdmin=$(az role assignment list --role "User Access Administrator" --subscription $STATE_SUBSCRIPTION --assignee $WL_ARM_OBJECT_ID --query "[].principalName | [0]" --output tsv) From 9cf4d76d176c30cf63c27af9ebb8207d7b24852a Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Mon, 21 Oct 2024 23:26:57 +0300 Subject: [PATCH 220/279] Refactor key_vault_sap_landscape.tf to conditionally include object_id in azurerm_key_vault_access_policy --- .../sap_landscape/key_vault_sap_landscape.tf | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/deploy/terraform/terraform-units/modules/sap_landscape/key_vault_sap_landscape.tf b/deploy/terraform/terraform-units/modules/sap_landscape/key_vault_sap_landscape.tf index fe5fae3ad1..f4533734aa 100644 --- a/deploy/terraform/terraform-units/modules/sap_landscape/key_vault_sap_landscape.tf +++ b/deploy/terraform/terraform-units/modules/sap_landscape/key_vault_sap_landscape.tf @@ -97,24 +97,6 @@ resource "azurerm_role_assignment" "role_assignment_spn" { principal_id = local.service_principal.object_id } -resource "azurerm_key_vault_access_policy" "kv_user" { - provider = azurerm.deployer - count = var.options.use_spn && (length(try(var.deployer_tfstate.deployer_uai.principal_id,"")) > 0) ? 1 : 0 - key_vault_id = local.user_keyvault_exist ? local.user_key_vault_id : azurerm_key_vault.kv_user[0].id - tenant_id = local.service_principal.tenant_id - object_id = var.deployer_tfstate.deployer_uai.principal_id - - secret_permissions = [ - "Get", - "List", - "Set", - "Delete", - "Recover", - "Restore", - "Purge" - ] -} - resource "azurerm_key_vault_access_policy" "kv_user_spn" { provider = azurerm.main count = var.options.use_spn ? 1 : 0 From 5123055ffe3019703d56b5c697ea0d8e509b392e Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 22 Oct 2024 07:34:34 +0300 Subject: [PATCH 221/279] Refactor key_vault_sap_landscape.tf to conditionally include object_id in azurerm_key_vault_access_policy --- .../sap_landscape/key_vault_sap_landscape.tf | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/deploy/terraform/terraform-units/modules/sap_landscape/key_vault_sap_landscape.tf b/deploy/terraform/terraform-units/modules/sap_landscape/key_vault_sap_landscape.tf index f4533734aa..d9b5f67955 100644 --- a/deploy/terraform/terraform-units/modules/sap_landscape/key_vault_sap_landscape.tf +++ b/deploy/terraform/terraform-units/modules/sap_landscape/key_vault_sap_landscape.tf @@ -97,6 +97,24 @@ resource "azurerm_role_assignment" "role_assignment_spn" { principal_id = local.service_principal.object_id } +resource "azurerm_key_vault_access_policy" "kv_user" { + provider = azurerm.deployer + count = 0 + key_vault_id = local.user_keyvault_exist ? local.user_key_vault_id : azurerm_key_vault.kv_user[0].id + tenant_id = local.service_principal.tenant_id + object_id = var.deployer_tfstate.deployer_uai.principal_id + + secret_permissions = [ + "Get", + "List", + "Set", + "Delete", + "Recover", + "Restore", + "Purge" + ] +} + resource "azurerm_key_vault_access_policy" "kv_user_spn" { provider = azurerm.main count = var.options.use_spn ? 1 : 0 From 5cd5eb4c92802ab6618d366a95dfe61378ac5b30 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 22 Oct 2024 14:32:56 +0300 Subject: [PATCH 222/279] Refactor echo statements for improved formatting and remove unnecessary output in deploy and remove pipelines --- deploy/scripts/deploy_controlplane.sh | 4 ++-- deploy/scripts/install_deployer.sh | 4 ++-- deploy/scripts/install_library.sh | 10 +++++----- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/deploy/scripts/deploy_controlplane.sh b/deploy/scripts/deploy_controlplane.sh index fe4c417964..7c4e9096d2 100755 --- a/deploy/scripts/deploy_controlplane.sh +++ b/deploy/scripts/deploy_controlplane.sh @@ -179,13 +179,13 @@ relative_path="${deployer_dirname}" export TF_DATA_DIR="${relative_path}"/.terraform step=0 - +echo "" echo "#########################################################################################" echo "# #" echo -e "# $cyan Starting the control plane deployment $resetformatting #" echo "# #" echo "#########################################################################################" - +echo "" noAccess=$( az account show --query name | grep "N/A(tenant level account)") if [ -n "$noAccess" ]; then diff --git a/deploy/scripts/install_deployer.sh b/deploy/scripts/install_deployer.sh index 40c34eb5de..3adc7a624b 100755 --- a/deploy/scripts/install_deployer.sh +++ b/deploy/scripts/install_deployer.sh @@ -75,7 +75,7 @@ deployment_system=sap_deployer param_dirname=$(dirname "${parameterfile}") -echo "Parameter file: ${parameterfile}" +echo "Parameter file: ${parameterfile}" if [ ! -f "${parameterfile}" ] then @@ -139,7 +139,7 @@ export TF_DATA_DIR="${param_dirname}"/.terraform this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 export TF_VAR_Agent_IP=$this_ip -echo "Agent IP: $this_ip" +echo "Agent IP: $this_ip" ok_to_proceed=false new_deployment=false diff --git a/deploy/scripts/install_library.sh b/deploy/scripts/install_library.sh index d4e20fbfb7..6a23b82893 100755 --- a/deploy/scripts/install_library.sh +++ b/deploy/scripts/install_library.sh @@ -338,7 +338,7 @@ echo "########################################################################## echo "" if [ -n "${deployer_statefile_foldername}" ]; then - echo "Deployer folder specified:" "${deployer_statefile_foldername}" + echo "Deployer folder specified: ${deployer_statefile_foldername}" terraform -chdir="${terraform_module_directory}" plan -no-color -detailed-exitcode -var-file="${var_file}" -var deployer_statefile_foldername="${deployer_statefile_foldername}" > plan_output.log 2>&1 else terraform -chdir="${terraform_module_directory}" plan -no-color -detailed-exitcode -var-file="${var_file}" > plan_output.log 2>&1 @@ -440,7 +440,7 @@ then if [ -n "${deployer_statefile_foldername}" ]; then - echo "Deployer folder specified:" "${deployer_statefile_foldername}" + echo "Deployer folder specified: ${deployer_statefile_foldername}" terraform -chdir="${terraform_module_directory}" import -var-file="${var_file}" -var deployer_statefile_foldername="${deployer_statefile_foldername}" $moduleID $resourceID else terraform -chdir="${terraform_module_directory}" import -var-file="${var_file}" $moduleID $resourceID @@ -459,7 +459,7 @@ then echo "" if [ -n "${deployer_statefile_foldername}" ]; then - echo "Deployer folder specified:" "${deployer_statefile_foldername}" + echo "Deployer folder specified: ${deployer_statefile_foldername}" terraform -chdir="${terraform_module_directory}" apply -var-file="${var_file}" -var deployer_statefile_foldername="${deployer_statefile_foldername}" -auto-approve -json | tee -a apply_output.json else terraform -chdir="${terraform_module_directory}" apply -var-file="${var_file}" -auto-approve -json | tee -a apply_output.json @@ -482,7 +482,7 @@ then if [ -n "${deployer_statefile_foldername}" ]; then - echo "Deployer folder specified:" "${deployer_statefile_foldername}" + echo "Deployer folder specified: ${deployer_statefile_foldername}" terraform -chdir="${terraform_module_directory}" import -var-file="${var_file}" -var deployer_statefile_foldername="${deployer_statefile_foldername}" $moduleID $resourceID else terraform -chdir="${terraform_module_directory}" import -var-file="${var_file}" $moduleID $resourceID @@ -502,7 +502,7 @@ then echo "" if [ -n "${deployer_statefile_foldername}" ]; then - echo "Deployer folder specified:" "${deployer_statefile_foldername}" + echo "Deployer folder specified: ${deployer_statefile_foldername}" terraform -chdir="${terraform_module_directory}" apply -var-file="${var_file}" -var deployer_statefile_foldername="${deployer_statefile_foldername}" -auto-approve -json | tee -a apply_output.json else terraform -chdir="${terraform_module_directory}" apply -var-file="${var_file}" -auto-approve -json | tee -a apply_output.json From f7d3fd8b713f965fa285d598da99afb171d9e1ad Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 22 Oct 2024 14:40:14 +0300 Subject: [PATCH 223/279] Refactor echo statements for improved formatting and remove unnecessary output in deploy and remove pipelines --- deploy/scripts/deploy_controlplane.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/scripts/deploy_controlplane.sh b/deploy/scripts/deploy_controlplane.sh index 7c4e9096d2..cc51feb3d7 100755 --- a/deploy/scripts/deploy_controlplane.sh +++ b/deploy/scripts/deploy_controlplane.sh @@ -634,7 +634,7 @@ if [ 3 == $step ]; then allParams=$(printf " --parameterfile %s --storageaccountname %s --type sap_deployer %s %s " "${deployer_file_parametername}" "${REMOTE_STATE_SA}" "${approveparam}" "${ado_flag}" ) - echo -e "$cyan calling installer.sh with parameters: $allParams" + echo -e "$cyan calling installer.sh with parameters: $allParams $reset" "${SAP_AUTOMATION_REPO_PATH}"/deploy/scripts/installer.sh $allParams return_code=$? @@ -669,7 +669,7 @@ if [ 4 == $step ]; then cd "${library_dirname}" || exit allParams=$(printf " --parameterfile %s --storageaccountname %s --type sap_library %s %s" "${library_file_parametername}" "${REMOTE_STATE_SA}" "${approveparam}" "${ado_flag}") - echo -e "$cyan calling installer.sh with parameters: $allParams" + echo -e "$cyan calling installer.sh with parameters: $allParams $reset" "${SAP_AUTOMATION_REPO_PATH}"/deploy/scripts/installer.sh $allParams return_code=$? From f11ad2c87c7e266fed605427103aa22c5e06b0b7 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 22 Oct 2024 14:44:44 +0300 Subject: [PATCH 224/279] Refactor echo statements for improved formatting and remove unnecessary output in deploy and remove pipelines --- deploy/scripts/installer.sh | 1 + deploy/terraform/run/sap_deployer/providers.tf | 1 + deploy/terraform/run/sap_deployer/tfvar_variables.tf | 5 +++++ 3 files changed, 7 insertions(+) diff --git a/deploy/scripts/installer.sh b/deploy/scripts/installer.sh index 214328cbdd..f7e2862b06 100755 --- a/deploy/scripts/installer.sh +++ b/deploy/scripts/installer.sh @@ -293,6 +293,7 @@ else export TF_VAR_deployer_kv_user_arm_id=$(az resource list --name "${keyvault}" --subscription ${STATE_SUBSCRIPTION} --resource-type Microsoft.KeyVault/vaults --query "[].id | [0]" -o tsv) echo "Deployer Keyvault ID: $TF_VAR_deployer_kv_user_arm_id" + export TF_VAR_subscription_id=${STATE_SUBSCRIPTION} fi diff --git a/deploy/terraform/run/sap_deployer/providers.tf b/deploy/terraform/run/sap_deployer/providers.tf index 37fc593bc7..f66867198a 100644 --- a/deploy/terraform/run/sap_deployer/providers.tf +++ b/deploy/terraform/run/sap_deployer/providers.tf @@ -27,6 +27,7 @@ provider "azurerm" { } partner_id = "f94f50f2-2539-42f8-9c8e-c65b28c681f7" storage_use_azuread = !var.shared_access_key_enabled + subscription_id = try(var.subscription_id, null) use_msi = true } diff --git a/deploy/terraform/run/sap_deployer/tfvar_variables.tf b/deploy/terraform/run/sap_deployer/tfvar_variables.tf index cad9d90772..ed7c6e5aba 100644 --- a/deploy/terraform/run/sap_deployer/tfvar_variables.tf +++ b/deploy/terraform/run/sap_deployer/tfvar_variables.tf @@ -22,6 +22,11 @@ variable "location" { type = string } +variable "subscription_id" { + description = "Defines the Azure subscription_id" + type = string + } + #######################################4#######################################8 # # # Resource group definitioms # From 412d8661d8aee1effb663204d9f4ca6860143016 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 22 Oct 2024 14:48:20 +0300 Subject: [PATCH 225/279] Refactor echo statements for improved formatting in installer.sh --- deploy/scripts/deploy_controlplane.sh | 2 +- deploy/scripts/installer.sh | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/deploy/scripts/deploy_controlplane.sh b/deploy/scripts/deploy_controlplane.sh index cc51feb3d7..96a6644d0a 100755 --- a/deploy/scripts/deploy_controlplane.sh +++ b/deploy/scripts/deploy_controlplane.sh @@ -634,7 +634,7 @@ if [ 3 == $step ]; then allParams=$(printf " --parameterfile %s --storageaccountname %s --type sap_deployer %s %s " "${deployer_file_parametername}" "${REMOTE_STATE_SA}" "${approveparam}" "${ado_flag}" ) - echo -e "$cyan calling installer.sh with parameters: $allParams $reset" + echo "Calling installer.sh with parameters: $allParams" "${SAP_AUTOMATION_REPO_PATH}"/deploy/scripts/installer.sh $allParams return_code=$? diff --git a/deploy/scripts/installer.sh b/deploy/scripts/installer.sh index f7e2862b06..20488c4e06 100755 --- a/deploy/scripts/installer.sh +++ b/deploy/scripts/installer.sh @@ -156,9 +156,9 @@ automation_config_directory=$CONFIG_REPO_PATH/.sap_deployment_automation/ generic_config_information="${automation_config_directory}"config system_config_information="${automation_config_directory}""${environment}""${region_code}""${network_logical_name}" -echo "Configuration file: $system_config_information" -echo "Deployment region: $region" -echo "Deployment region code: $region_code" +echo "Configuration file: $system_config_information" +echo "Deployment region: $region" +echo "Deployment region code: $region_code" if [ 1 == $called_from_ado ] ; then this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 From e334dcf254135ec293ed93400260e92ce50324c0 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 22 Oct 2024 14:55:38 +0300 Subject: [PATCH 226/279] Refactor echo statements for improved formatting and remove unnecessary output in installer.sh --- deploy/scripts/installer.sh | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/deploy/scripts/installer.sh b/deploy/scripts/installer.sh index 20488c4e06..d8293cde74 100755 --- a/deploy/scripts/installer.sh +++ b/deploy/scripts/installer.sh @@ -50,10 +50,10 @@ do done -echo "Parameter file: $parameterfile" -echo "Current directory: $(pwd)" -echo "Terraform state subscription_id: ${STATE_SUBSCRIPTION}" -echo "Terraform state storage account name: ${REMOTE_STATE_SA}" +echo "Parameter file: $parameterfile" +echo "Current directory: $(pwd)" +echo "Terraform state subscription_id: ${STATE_SUBSCRIPTION}" +echo "Terraform state storage account name:${REMOTE_STATE_SA}" tfstate_resource_id="" tfstate_parameter="" @@ -261,8 +261,8 @@ if [[ -z $deployer_tfstate_key ]]; then load_config_vars "${system_config_information}" "deployer_tfstate_key" else - echo "Deployer state file name: ${deployer_tfstate_key}" - echo "Target subscription: ${ARM_SUBSCRIPTION_ID}" + echo "Deployer state file name: ${deployer_tfstate_key}" + echo "Target subscription: $ARM_SUBSCRIPTION_ID" fi if [ "${deployment_system}" != sap_deployer ] @@ -293,7 +293,8 @@ else export TF_VAR_deployer_kv_user_arm_id=$(az resource list --name "${keyvault}" --subscription ${STATE_SUBSCRIPTION} --resource-type Microsoft.KeyVault/vaults --query "[].id | [0]" -o tsv) echo "Deployer Keyvault ID: $TF_VAR_deployer_kv_user_arm_id" - export TF_VAR_subscription_id=${STATE_SUBSCRIPTION} + deployer_parameter=" -var subscription_id=${STATE_SUBSCRIPTION} " + export ARM_SUBSCRIPTION_ID=$STATE_SUBSCRIPTION fi @@ -638,7 +639,7 @@ then rm plan_output.log fi -allParams=$(printf " -var-file=%s %s %s %s %s %s %s" "${var_file}" "${extra_vars}" "${tfstate_parameter}" "${landscape_tfstate_key_parameter}" "${deployer_tfstate_key_parameter}" "${deployment_parameter}" "${version_parameter}" ) +allParams=$(printf " -var-file=%s %s %s %s %s %s %s %s" "${var_file}" "${extra_vars}" "${tfstate_parameter}" "${landscape_tfstate_key_parameter}" "${deployer_tfstate_key_parameter}" "${deployment_parameter}" "${version_parameter}" "${deployer_parameter}" ) terraform -chdir="$terraform_module_directory" plan -no-color -detailed-exitcode $allParams | tee -a plan_output.log return_value=$? From 4c93076c762261d6591031590a81e9b065ec6abd Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 22 Oct 2024 14:58:11 +0300 Subject: [PATCH 227/279] Refactor echo statements for improved formatting and remove unnecessary output in set_secrets.sh --- deploy/scripts/set_secrets.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy/scripts/set_secrets.sh b/deploy/scripts/set_secrets.sh index 249f0f1464..58dc09e860 100755 --- a/deploy/scripts/set_secrets.sh +++ b/deploy/scripts/set_secrets.sh @@ -201,7 +201,7 @@ if [ 0 = "${deploy_using_msi_only:-}" ]; then fi else if is_valid_guid "${client_id}" ; then - echo "Valid client_id specified" + echo "" else printf -v val %-40.40s "$client_id" echo "#########################################################################################" @@ -228,7 +228,7 @@ if [ 0 = "${deploy_using_msi_only:-}" ]; then fi else if is_valid_guid "${tenant_id}" ; then - echo "Valid tenant_id specified" + echo "" else printf -v val %-40.40s "$tenant_id" echo "#########################################################################################" @@ -272,7 +272,7 @@ if [ -z "${subscription}" ]; then read -r -p "SPN Subscription: " subscription else if is_valid_guid "${subscription}" ; then - echo "Valid subscription specified" + echo "" else printf -v val %-40.40s "${subscription}" echo "#########################################################################################" From 7017e1173f03c9535ca3fa4fd8b45012f4541a49 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 22 Oct 2024 15:00:43 +0300 Subject: [PATCH 228/279] Refactor echo statements for improved formatting and remove unnecessary output in installer.sh and providers.tf --- deploy/scripts/installer.sh | 2 +- deploy/terraform/run/sap_deployer/providers.tf | 2 +- deploy/terraform/run/sap_deployer/tfvar_variables.tf | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/deploy/scripts/installer.sh b/deploy/scripts/installer.sh index d8293cde74..94f0385937 100755 --- a/deploy/scripts/installer.sh +++ b/deploy/scripts/installer.sh @@ -292,7 +292,7 @@ else load_config_vars "${system_config_information}" "keyvault" export TF_VAR_deployer_kv_user_arm_id=$(az resource list --name "${keyvault}" --subscription ${STATE_SUBSCRIPTION} --resource-type Microsoft.KeyVault/vaults --query "[].id | [0]" -o tsv) - echo "Deployer Keyvault ID: $TF_VAR_deployer_kv_user_arm_id" + echo "Deployer Keyvault ID x: $TF_VAR_deployer_kv_user_arm_id" deployer_parameter=" -var subscription_id=${STATE_SUBSCRIPTION} " export ARM_SUBSCRIPTION_ID=$STATE_SUBSCRIPTION diff --git a/deploy/terraform/run/sap_deployer/providers.tf b/deploy/terraform/run/sap_deployer/providers.tf index f66867198a..ed98c27c5a 100644 --- a/deploy/terraform/run/sap_deployer/providers.tf +++ b/deploy/terraform/run/sap_deployer/providers.tf @@ -27,7 +27,7 @@ provider "azurerm" { } partner_id = "f94f50f2-2539-42f8-9c8e-c65b28c681f7" storage_use_azuread = !var.shared_access_key_enabled - subscription_id = try(var.subscription_id, null) + subscription_id = var.subscription_id use_msi = true } diff --git a/deploy/terraform/run/sap_deployer/tfvar_variables.tf b/deploy/terraform/run/sap_deployer/tfvar_variables.tf index ed7c6e5aba..259c37f2de 100644 --- a/deploy/terraform/run/sap_deployer/tfvar_variables.tf +++ b/deploy/terraform/run/sap_deployer/tfvar_variables.tf @@ -25,6 +25,7 @@ variable "location" { variable "subscription_id" { description = "Defines the Azure subscription_id" type = string + default = null } #######################################4#######################################8 From 06c9581317b7899a265bec97eaad2736f3a7251a Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 22 Oct 2024 15:06:57 +0300 Subject: [PATCH 229/279] Refactor echo statements for improved formatting and remove unnecessary output in installer.sh --- deploy/scripts/deploy_controlplane.sh | 2 +- deploy/scripts/installer.sh | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy/scripts/deploy_controlplane.sh b/deploy/scripts/deploy_controlplane.sh index 96a6644d0a..f60ece867a 100755 --- a/deploy/scripts/deploy_controlplane.sh +++ b/deploy/scripts/deploy_controlplane.sh @@ -636,7 +636,7 @@ if [ 3 == $step ]; then echo "Calling installer.sh with parameters: $allParams" - "${SAP_AUTOMATION_REPO_PATH}"/deploy/scripts/installer.sh $allParams + "${SAP_AUTOMATION_REPO_PATH}"/deploy/scripts/installer.sh "$allParams" return_code=$? if [ 0 != $return_code ]; then echo "Migrating the deployer state failed" > "${deployer_config_information}".err diff --git a/deploy/scripts/installer.sh b/deploy/scripts/installer.sh index 94f0385937..6d5e78398f 100755 --- a/deploy/scripts/installer.sh +++ b/deploy/scripts/installer.sh @@ -167,7 +167,6 @@ if [ 1 == $called_from_ado ] ; then fi - #Plugins isInCloudShellCheck=$(checkIfCloudShell) @@ -182,7 +181,6 @@ else export TF_PLUGIN_CACHE_DIR=/opt/terraform/.terraform.d/plugin-cache fi - parallelism=10 #Provide a way to limit the number of parallell tasks for Terraform @@ -298,6 +296,8 @@ else fi +echo $deployer_parameter + useSAS=$(az storage account show --name "${REMOTE_STATE_SA}" --query allowSharedKeyAccess --subscription ${STATE_SUBSCRIPTION} --out tsv) if [ "$useSAS" = "true" ] ; then From 80e32baf34ee4ab5d29f80346a2470d44d8df1a2 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 22 Oct 2024 15:12:03 +0300 Subject: [PATCH 230/279] Refactor installer.sh to fix path issue and pass parameters correctly --- deploy/scripts/deploy_controlplane.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/scripts/deploy_controlplane.sh b/deploy/scripts/deploy_controlplane.sh index f60ece867a..52d6f968db 100755 --- a/deploy/scripts/deploy_controlplane.sh +++ b/deploy/scripts/deploy_controlplane.sh @@ -636,7 +636,7 @@ if [ 3 == $step ]; then echo "Calling installer.sh with parameters: $allParams" - "${SAP_AUTOMATION_REPO_PATH}"/deploy/scripts/installer.sh "$allParams" + "${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/installer.sh" $allParams return_code=$? if [ 0 != $return_code ]; then echo "Migrating the deployer state failed" > "${deployer_config_information}".err From 437e53955cedc51eaa019552899e2377b98d1f6d Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 22 Oct 2024 15:18:33 +0300 Subject: [PATCH 231/279] Refactor deploy_controlplane.sh to include state subscription parameter in installer.sh call --- deploy/scripts/deploy_controlplane.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/deploy/scripts/deploy_controlplane.sh b/deploy/scripts/deploy_controlplane.sh index 52d6f968db..bb7adf9bcb 100755 --- a/deploy/scripts/deploy_controlplane.sh +++ b/deploy/scripts/deploy_controlplane.sh @@ -632,10 +632,9 @@ if [ 3 == $step ]; then load_config_vars "${deployer_config_information}" "REMOTE_STATE_SA" fi - allParams=$(printf " --parameterfile %s --storageaccountname %s --type sap_deployer %s %s " "${deployer_file_parametername}" "${REMOTE_STATE_SA}" "${approveparam}" "${ado_flag}" ) - - echo "Calling installer.sh with parameters: $allParams" + allParams=$(printf " --parameterfile %s --storageaccountname %s --state_subscription --type sap_deployer %s %s " "${deployer_file_parametername}" "${REMOTE_STATE_SA}" "${STATE_SUBSCRIPTION}" "${approveparam}" "${ado_flag}" ) + echo "Calling installer.sh with: $allParams" "${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/installer.sh" $allParams return_code=$? if [ 0 != $return_code ]; then From 53b40062a5b11f631bae4ef774e344766d164eff Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 22 Oct 2024 15:21:29 +0300 Subject: [PATCH 232/279] Refactor deploy_controlplane.sh to include correct subscription parameter in installer.sh call --- deploy/scripts/deploy_controlplane.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/scripts/deploy_controlplane.sh b/deploy/scripts/deploy_controlplane.sh index bb7adf9bcb..f912ae9354 100755 --- a/deploy/scripts/deploy_controlplane.sh +++ b/deploy/scripts/deploy_controlplane.sh @@ -632,7 +632,7 @@ if [ 3 == $step ]; then load_config_vars "${deployer_config_information}" "REMOTE_STATE_SA" fi - allParams=$(printf " --parameterfile %s --storageaccountname %s --state_subscription --type sap_deployer %s %s " "${deployer_file_parametername}" "${REMOTE_STATE_SA}" "${STATE_SUBSCRIPTION}" "${approveparam}" "${ado_flag}" ) + allParams=$(printf " --parameterfile %s --storageaccountname %s --state_subscription --type sap_deployer %s %s " "${deployer_file_parametername}" "${REMOTE_STATE_SA}" "${subscription}" "${approveparam}" "${ado_flag}" ) echo "Calling installer.sh with: $allParams" "${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/installer.sh" $allParams From 179800716a825265e91ac9b2efc21a2fc8f37972 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 22 Oct 2024 15:26:24 +0300 Subject: [PATCH 233/279] Refactor deploy_controlplane.sh to include deployer subscription parameter and persist parameters --- deploy/scripts/deploy_controlplane.sh | 41 ++++++++++++++------------- 1 file changed, 22 insertions(+), 19 deletions(-) diff --git a/deploy/scripts/deploy_controlplane.sh b/deploy/scripts/deploy_controlplane.sh index f912ae9354..1840eabd66 100755 --- a/deploy/scripts/deploy_controlplane.sh +++ b/deploy/scripts/deploy_controlplane.sh @@ -85,6 +85,7 @@ key=$(basename "${deployer_parameter_file}" | cut -d. -f1) deployer_tfstate_key="${key}.terraform.tfstate" echo "Deployer State File: ${deployer_tfstate_key}" +echo "Deployer Subscription: ${subscription}" key=$(basename "${library_parameter_file}" | cut -d. -f1) library_tfstate_key="${key}.terraform.tfstate" @@ -274,6 +275,23 @@ if [ $recover == 1 ]; then fi fi +#Persist the parameters +if [ -n "$subscription" ]; then + save_config_var "subscription" "${deployer_config_information}" + export STATE_SUBSCRIPTION=$subscription + save_config_var "STATE_SUBSCRIPTION" "${deployer_config_information}" + export ARM_SUBSCRIPTION_ID=$subscription + save_config_var "ARM_SUBSCRIPTION_ID" "${deployer_config_information}" +fi + +if [ -n "$client_id" ]; then + save_config_var "client_id" "${deployer_config_information}" +fi + +if [ -n "$tenant_id" ]; then + save_config_var "tenant_id" "${deployer_config_information}" +fi + curdir=$(pwd) if [ 0 == $step ]; then echo "" @@ -286,15 +304,16 @@ if [ 0 == $step ]; then allParams=$(printf " --parameterfile %s %s" "${deployer_file_parametername}" "${approveparam}") - echo $allParams - cd "${deployer_dirname}" || exit if [ $force == 1 ]; then rm -Rf .terraform terraform.tfstate* fi - "${SAP_AUTOMATION_REPO_PATH}"/deploy/scripts/install_deployer.sh $allParams + echo "Calling install_deployer.sh: $allParams" + echo "Deployer State File: ${deployer_tfstate_key}" + + "${SAP_AUTOMATION_REPO_PATH}"/deploy/scripts/install_deployer.sh return_code=$? if [ 0 != $return_code ]; then echo "Bootstrapping of the deployer failed" > "${deployer_config_information}".err @@ -313,22 +332,6 @@ if [ 0 == $step ]; then echo "Bootstrapping of the deployer failed" > "${deployer_config_information}".err exit 10 fi - - #Persist the parameters - if [ -n "$subscription" ]; then - save_config_var "subscription" "${deployer_config_information}" - export STATE_SUBSCRIPTION=$subscription - save_config_var "STATE_SUBSCRIPTION" "${deployer_config_information}" - fi - - if [ -n "$client_id" ]; then - save_config_var "client_id" "${deployer_config_information}" - fi - - if [ -n "$tenant_id" ]; then - save_config_var "tenant_id" "${deployer_config_information}" - fi - if [ -n "${FORCE_RESET}" ]; then step=3 save_config_var "step" "${deployer_config_information}" From 22abbfe0adc82ebd14037d938f220c7290de552b Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 22 Oct 2024 15:30:16 +0300 Subject: [PATCH 234/279] Refactor deploy_controlplane.sh to include state subscription parameter in installer.sh call --- deploy/scripts/deploy_controlplane.sh | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/deploy/scripts/deploy_controlplane.sh b/deploy/scripts/deploy_controlplane.sh index 1840eabd66..232a491ee5 100755 --- a/deploy/scripts/deploy_controlplane.sh +++ b/deploy/scripts/deploy_controlplane.sh @@ -631,11 +631,20 @@ if [ 3 == $step ]; then if [[ -z $REMOTE_STATE_SA ]]; then - echo "Loading the State file information" load_config_vars "${deployer_config_information}" "REMOTE_STATE_SA" fi - allParams=$(printf " --parameterfile %s --storageaccountname %s --state_subscription --type sap_deployer %s %s " "${deployer_file_parametername}" "${REMOTE_STATE_SA}" "${subscription}" "${approveparam}" "${ado_flag}" ) + if [[ -z $STATE_SUBSCRIPTION ]]; + then + load_config_vars "${deployer_config_information}" "STATE_SUBSCRIPTION" + fi + + if [[ -z $ARM_SUBSCRIPTION_ID ]]; + then + load_config_vars "${deployer_config_information}" "ARM_SUBSCRIPTION_ID" + fi + + allParams=$(printf " --parameterfile %s --storageaccountname %s --state_subscription --type sap_deployer %s %s " "${deployer_file_parametername}" "${REMOTE_STATE_SA}" "${STATE_SUBSCRIPTION}" "${approveparam}" "${ado_flag}" ) echo "Calling installer.sh with: $allParams" "${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/installer.sh" $allParams From de10301662dd4e6cf0587c84999022aa4f370908 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 22 Oct 2024 15:32:20 +0300 Subject: [PATCH 235/279] Refactor deploy_controlplane.sh to include state subscription parameter in installer.sh call --- deploy/scripts/deploy_controlplane.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/scripts/deploy_controlplane.sh b/deploy/scripts/deploy_controlplane.sh index 232a491ee5..edaf2a6702 100755 --- a/deploy/scripts/deploy_controlplane.sh +++ b/deploy/scripts/deploy_controlplane.sh @@ -644,7 +644,7 @@ if [ 3 == $step ]; then load_config_vars "${deployer_config_information}" "ARM_SUBSCRIPTION_ID" fi - allParams=$(printf " --parameterfile %s --storageaccountname %s --state_subscription --type sap_deployer %s %s " "${deployer_file_parametername}" "${REMOTE_STATE_SA}" "${STATE_SUBSCRIPTION}" "${approveparam}" "${ado_flag}" ) + allParams=$(printf " --parameterfile %s --storageaccountname %s --state_subscription %s --type sap_deployer %s %s " "${deployer_file_parametername}" "${REMOTE_STATE_SA}" "${STATE_SUBSCRIPTION}" "${approveparam}" "${ado_flag}" ) echo "Calling installer.sh with: $allParams" "${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/installer.sh" $allParams From e8ec41e88e3e0a79b556d8f227bb7e7462762421 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 22 Oct 2024 15:38:51 +0300 Subject: [PATCH 236/279] Refactor deploy_controlplane.sh to include correct subscription parameter in installer.sh call --- deploy/scripts/install_workloadzone.sh | 9 +++++---- deploy/scripts/installer.sh | 20 ++++++++++---------- 2 files changed, 15 insertions(+), 14 deletions(-) diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index e15dd945ef..a1b9348e8e 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -588,10 +588,11 @@ root_dirname=$(pwd) echo "" echo "Terraform details" echo "-------------------------------------------------------------------------" -echo "Subscription: ${STATE_SUBSCRIPTION}" -echo "Storage Account: ${REMOTE_STATE_SA}" -echo "Resource Group: ${REMOTE_STATE_RG}" -echo "State file: ${key}.terraform.tfstate" +echo "Subscription: ${STATE_SUBSCRIPTION}" +echo "Storage Account: ${REMOTE_STATE_SA}" +echo "Resource Group: ${REMOTE_STATE_RG}" +echo "State file: ${key}.terraform.tfstate" +echo "Target subscription: ${ARM_SUBSCRIPTION_ID}" if [ ! -d ./.terraform/ ]; then diff --git a/deploy/scripts/installer.sh b/deploy/scripts/installer.sh index 6d5e78398f..9bd4d6e3ff 100755 --- a/deploy/scripts/installer.sh +++ b/deploy/scripts/installer.sh @@ -290,7 +290,7 @@ else load_config_vars "${system_config_information}" "keyvault" export TF_VAR_deployer_kv_user_arm_id=$(az resource list --name "${keyvault}" --subscription ${STATE_SUBSCRIPTION} --resource-type Microsoft.KeyVault/vaults --query "[].id | [0]" -o tsv) - echo "Deployer Keyvault ID x: $TF_VAR_deployer_kv_user_arm_id" + echo "Deployer Keyvault ID: $TF_VAR_deployer_kv_user_arm_id" deployer_parameter=" -var subscription_id=${STATE_SUBSCRIPTION} " export ARM_SUBSCRIPTION_ID=$STATE_SUBSCRIPTION @@ -301,10 +301,10 @@ echo $deployer_parameter useSAS=$(az storage account show --name "${REMOTE_STATE_SA}" --query allowSharedKeyAccess --subscription ${STATE_SUBSCRIPTION} --out tsv) if [ "$useSAS" = "true" ] ; then - echo "Storage Account Authentication: Key" + echo "Storage Account Authentication: Key" export ARM_USE_AZUREAD=false else - echo "Storage Account Authentication: Entra ID" + echo "Storage Account Authentication: Entra ID" export ARM_USE_AZUREAD=true fi @@ -315,7 +315,7 @@ if [[ -z $landscape_tfstate_key ]]; then load_config_vars "${system_config_information}" "landscape_tfstate_key" else - echo "Workload zone state file: ${landscape_tfstate_key}" + echo "Workload zone state file: ${landscape_tfstate_key}" save_config_vars "${system_config_information}" landscape_tfstate_key fi @@ -342,7 +342,7 @@ then fi else landscape_tfstate_key_parameter=" -var landscape_tfstate_key=${landscape_tfstate_key}" - echo "Workload zone state file: ${landscape_tfstate_key}" + echo "Workload zone state file: ${landscape_tfstate_key}" fi fi @@ -460,11 +460,11 @@ terraform --version echo "" echo "Terraform details" echo "-------------------------------------------------------------------------" -echo "Subscription: ${STATE_SUBSCRIPTION}" -echo "Storage Account: ${REMOTE_STATE_SA}" -echo "Resource Group: ${REMOTE_STATE_RG}" -echo "State file: ${key}.terraform.tfstate" -echo "Target subscription: ${ARM_SUBSCRIPTION_ID}" +echo "Subscription: ${STATE_SUBSCRIPTION}" +echo "Storage Account: ${REMOTE_STATE_SA}" +echo "Resource Group: ${REMOTE_STATE_RG}" +echo "State file: ${key}.terraform.tfstate" +echo "Target subscription: ${ARM_SUBSCRIPTION_ID}" echo "" check_output=0 From 2c0e7a3b57d7fb9475f22fea2e76b06fd0d1066e Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 22 Oct 2024 15:42:15 +0300 Subject: [PATCH 237/279] Refactor deploy_controlplane.sh to include correct subscription parameter in installer.sh call and handle storage account authentication --- deploy/scripts/installer.sh | 28 +++++++++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) diff --git a/deploy/scripts/installer.sh b/deploy/scripts/installer.sh index 9bd4d6e3ff..df6e89b34b 100755 --- a/deploy/scripts/installer.sh +++ b/deploy/scripts/installer.sh @@ -751,8 +751,6 @@ if [ 1 != $return_value ] ; then fi fi fi - - fi fi @@ -760,12 +758,36 @@ if [ 1 != $return_value ] ; then fi -container_exists=$(az storage container exists --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --name tfvars --only-show-errors --query exists) +useSAS=$(az storage account show --name "${REMOTE_STATE_SA}" --query allowSharedKeyAccess --subscription "${STATE_SUBSCRIPTION}" --out tsv) + +if [ "$useSAS" = "true" ] ; then + echo "Storage Account authentication: key" + export ARM_USE_AZUREAD=false +else + echo "Storage Account authentication: Entra ID" + export ARM_USE_AZUREAD=true +fi + + +if [ "$useSAS" = "true" ] ; then + container_exists=$(az storage container exists --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --name tfvars --only-show-errors --query exists) +else + container_exists=$(az storage container exists --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --name tfvars --only-show-errors --query exists --auth-mode login) +fi if [ "${container_exists}" == "false" ]; then + if [ "$useSAS" = "true" ] ; then az storage container create --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --name tfvars --only-show-errors + else + az storage container create --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --name tfvars --auth-mode login --only-show-errors + fi fi +if [ "$useSAS" = "true" ] ; then + az storage blob upload --file "${parameterfile}" --container-name tfvars/LANDSCAPE/"${key}" --name "${parameterfile_name}" --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --no-progress --overwrite --only-show-errors --output none +else + az storage blob upload --file "${parameterfile}" --container-name tfvars/LANDSCAPE/"${key}" --name "${parameterfile_name}" --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --no-progress --overwrite --auth-mode login --only-show-errors --output none +fi fatal_errors=0 # HANA VM From 2cdcf2573233c703f4bacae713d45ead7677c824 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 22 Oct 2024 15:45:28 +0300 Subject: [PATCH 238/279] Refactor deploy_controlplane.sh to remove unnecessary echo statement --- deploy/scripts/installer.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/deploy/scripts/installer.sh b/deploy/scripts/installer.sh index df6e89b34b..09e4ddbe41 100755 --- a/deploy/scripts/installer.sh +++ b/deploy/scripts/installer.sh @@ -296,8 +296,6 @@ else fi -echo $deployer_parameter - useSAS=$(az storage account show --name "${REMOTE_STATE_SA}" --query allowSharedKeyAccess --subscription ${STATE_SUBSCRIPTION} --out tsv) if [ "$useSAS" = "true" ] ; then From 89bae66c08e40c1f13d357317b63faef55832065 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 22 Oct 2024 15:55:13 +0300 Subject: [PATCH 239/279] Refactor deploy_controlplane.sh to remove unnecessary echo statements and improve parameter handling --- deploy/scripts/deploy_controlplane.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/deploy/scripts/deploy_controlplane.sh b/deploy/scripts/deploy_controlplane.sh index edaf2a6702..94aa4a6f21 100755 --- a/deploy/scripts/deploy_controlplane.sh +++ b/deploy/scripts/deploy_controlplane.sh @@ -535,6 +535,7 @@ if [ 2 == $step ]; then fi allParams=$(printf " -p %s -d %s %s" "${library_file_parametername}" "${relative_path}" "${approveparam}") + echo "Calling install_library.sh with: $allParams" "${SAP_AUTOMATION_REPO_PATH}"/deploy/scripts/install_library.sh $allParams return_code=$? @@ -680,7 +681,7 @@ if [ 4 == $step ]; then cd "${library_dirname}" || exit allParams=$(printf " --parameterfile %s --storageaccountname %s --type sap_library %s %s" "${library_file_parametername}" "${REMOTE_STATE_SA}" "${approveparam}" "${ado_flag}") - echo -e "$cyan calling installer.sh with parameters: $allParams $reset" + echo "Calling installer.sh with: $allParams" "${SAP_AUTOMATION_REPO_PATH}"/deploy/scripts/installer.sh $allParams return_code=$? From 2346842f8fa75c9ec7fbf2a04a0001bd3474b963 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 22 Oct 2024 18:25:21 +0300 Subject: [PATCH 240/279] Refactor deploy_controlplane.sh to improve parameter handling --- deploy/scripts/deploy_controlplane.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/scripts/deploy_controlplane.sh b/deploy/scripts/deploy_controlplane.sh index 94aa4a6f21..69445bb48f 100755 --- a/deploy/scripts/deploy_controlplane.sh +++ b/deploy/scripts/deploy_controlplane.sh @@ -313,7 +313,7 @@ if [ 0 == $step ]; then echo "Calling install_deployer.sh: $allParams" echo "Deployer State File: ${deployer_tfstate_key}" - "${SAP_AUTOMATION_REPO_PATH}"/deploy/scripts/install_deployer.sh + "${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/install_deployer.sh" $allParams return_code=$? if [ 0 != $return_code ]; then echo "Bootstrapping of the deployer failed" > "${deployer_config_information}".err From 7923a21fa09b834c5e523e99a184096592348316 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 22 Oct 2024 18:51:54 +0300 Subject: [PATCH 241/279] Refactor deploy_controlplane.sh to improve storage account authentication handling --- deploy/scripts/deploy_controlplane.sh | 2 +- deploy/scripts/install_workloadzone.sh | 4 ++-- deploy/scripts/installer.sh | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/deploy/scripts/deploy_controlplane.sh b/deploy/scripts/deploy_controlplane.sh index 69445bb48f..77bba5e664 100755 --- a/deploy/scripts/deploy_controlplane.sh +++ b/deploy/scripts/deploy_controlplane.sh @@ -550,7 +550,7 @@ if [ 2 == $step ]; then REMOTE_STATE_SA=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw remote_state_storage_account_name | tr -d \") STATE_SUBSCRIPTION=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw created_resource_group_subscription_id | tr -d \") - if [ $ado_flag != "--ado" ] ; then + if [ "${ado_flag}" != "--ado" ] ; then az storage account network-rule add -g "${REMOTE_STATE_RG}" --account-name "${REMOTE_STATE_SA}" --ip-address ${this_ip} --output none fi diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index a1b9348e8e..b373537487 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -422,10 +422,10 @@ fi useSAS=$(az storage account show --name "${REMOTE_STATE_SA}" --query allowSharedKeyAccess --subscription "${STATE_SUBSCRIPTION}" --out tsv) if [ "$useSAS" = "true" ] ; then - echo "Storage Account authentication: key" + echo "Storage Account authentication: key" export ARM_USE_AZUREAD=false else - echo "Storage Account authentication: Entra ID" + echo "Storage Account authentication: Entra ID" export ARM_USE_AZUREAD=true fi diff --git a/deploy/scripts/installer.sh b/deploy/scripts/installer.sh index 09e4ddbe41..a381a30ed5 100755 --- a/deploy/scripts/installer.sh +++ b/deploy/scripts/installer.sh @@ -641,7 +641,7 @@ allParams=$(printf " -var-file=%s %s %s %s %s %s %s %s" "${var_file}" "${extra_v terraform -chdir="$terraform_module_directory" plan -no-color -detailed-exitcode $allParams | tee -a plan_output.log return_value=$? -echo "Terraform Plan return code: $return_value" +echo "Terraform Plan return code: $return_value" if [ 1 == $return_value ] ; then echo "" @@ -759,10 +759,10 @@ fi useSAS=$(az storage account show --name "${REMOTE_STATE_SA}" --query allowSharedKeyAccess --subscription "${STATE_SUBSCRIPTION}" --out tsv) if [ "$useSAS" = "true" ] ; then - echo "Storage Account authentication: key" + echo "Storage Account authentication: key" export ARM_USE_AZUREAD=false else - echo "Storage Account authentication: Entra ID" + echo "Storage Account authentication: Entra ID" export ARM_USE_AZUREAD=true fi From f96f3e27bcd1bc4fadf3e86ecd36ab0650ab8437 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 22 Oct 2024 19:26:21 +0300 Subject: [PATCH 242/279] Refactor deploy_controlplane.sh to improve parameter handling and remove unnecessary echo statements --- deploy/scripts/helpers/script_helpers.sh | 14 ++++---------- deploy/scripts/install_workloadzone.sh | 6 +++++- 2 files changed, 9 insertions(+), 11 deletions(-) diff --git a/deploy/scripts/helpers/script_helpers.sh b/deploy/scripts/helpers/script_helpers.sh index 31f6e77db0..063d4d0794 100755 --- a/deploy/scripts/helpers/script_helpers.sh +++ b/deploy/scripts/helpers/script_helpers.sh @@ -486,18 +486,12 @@ function validate_dependencies { function validate_key_parameters { echo "Validating: $1" - ext=$(echo "$1" | cut -d. -f2) # Helper variables - if [ "${ext}" == json ]; then - export environment=$(jq --raw-output .infrastructure.environment $1) - export region=$(jq --raw-output .infrastructure.region $1) - else - load_config_vars $1 "environment" - environment=$(echo ${environment} | xargs | tr "[:lower:]" "[:upper:]" ) - load_config_vars $1 "location" - region=$(echo ${location} | xargs) - fi + load_config_vars $1 "environment" + export environment=$(echo ${environment} | xargs | tr "[:lower:]" "[:upper:]" ) + load_config_vars $1 "location" + export region=$(echo ${location} | xargs) if [ -z "${environment}" ]; then echo "#########################################################################################" diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index b373537487..ae912eb235 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -73,7 +73,6 @@ if [ 1 == $called_from_ado ] ; then fi - workload_file_parametername=$(basename "${parameterfile}") param_dirname=$(dirname "${parameterfile}") @@ -120,6 +119,11 @@ if [ 0 != $return_code ]; then exit $return_code fi +# Convert the region to the correct code +get_region_code "$region" + +echo "Region code: ${region_code}" + load_config_vars "$workload_file_parametername" "network_logical_name" network_logical_name=$(echo "${network_logical_name}" | tr "[:lower:]" "[:upper:]") From c8e6507be4dde8daf491e9b60fbef2fde66a6f0f Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 22 Oct 2024 19:40:09 +0300 Subject: [PATCH 243/279] Refactor deploy_utils.sh to fix variable value retrieval from config file --- deploy/scripts/deploy_utils.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/scripts/deploy_utils.sh b/deploy/scripts/deploy_utils.sh index 6028f0291a..b6298616aa 100755 --- a/deploy/scripts/deploy_utils.sh +++ b/deploy/scripts/deploy_utils.sh @@ -49,9 +49,9 @@ function load_config_vars() { # NOTE: Should we care if we fail to retrieve a value from the file? var_value="$(grep -m1 "^${var_name}=" "${var_file}" | cut -d'=' -f2- | tr -d ' ' | tr -d '"')" - if [ -z "${var_value}" ] + if [ -z ${var_value} ] then - var_value="$(grep -m1 "^${var_name} " "${var_file}" | cut -d'=' -f2- | tr -d ' ' | tr -d '"')" + var_value="$(grep -m1 "^${var_name}[[:space:]]=" "${var_file}" | cut -d'=' -f2- | tr -d ' ' | tr -d '"')" fi # NOTE: this continue means we skip setting an empty value for a variable From ebcc53b021417e8db1a5f37d2eeb57dc8707918a Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 22 Oct 2024 19:52:41 +0300 Subject: [PATCH 244/279] Refactor parameter handling in script_helpers.sh and install_workloadzone.sh --- deploy/scripts/helpers/script_helpers.sh | 4 ++-- deploy/scripts/install_workloadzone.sh | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/deploy/scripts/helpers/script_helpers.sh b/deploy/scripts/helpers/script_helpers.sh index 063d4d0794..c1a5e18e2a 100755 --- a/deploy/scripts/helpers/script_helpers.sh +++ b/deploy/scripts/helpers/script_helpers.sh @@ -493,7 +493,7 @@ function validate_key_parameters { load_config_vars $1 "location" export region=$(echo ${location} | xargs) - if [ -z "${environment}" ]; then + if [ -z ${environment} ]; then echo "#########################################################################################" echo "# #" echo -e "# $boldred Incorrect parameter file. $resetformatting #" @@ -505,7 +505,7 @@ function validate_key_parameters { return 64 #script usage wrong fi - if [ -z "${region}" ]; then + if [ -z ${region} ]; then echo "#########################################################################################" echo "# #" echo -e "# $boldred Incorrect parameter file. $resetformatting #" diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index ae912eb235..86800ed549 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -115,6 +115,7 @@ fi # Check that parameter files have environment and location defined validate_key_parameters "$workload_file_parametername" +return_code=$? if [ 0 != $return_code ]; then exit $return_code fi From b3282ae32cb691d3f5b8a8368ad680bf7603ec02 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 22 Oct 2024 20:49:02 +0300 Subject: [PATCH 245/279] Refactor install_workloadzone.sh to handle unknown region codes --- deploy/scripts/install_workloadzone.sh | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index 86800ed549..c7befb29b2 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -12,9 +12,11 @@ full_script_path="$(realpath "${BASH_SOURCE[0]}")" script_directory="$(dirname "${full_script_path}")" #call stack has full scriptname when using source +# shellcheck disable=SC1091 source "${script_directory}/deploy_utils.sh" #helper files +# shellcheck disable=SC1091 source "${script_directory}/helpers/script_helpers.sh" force=0 @@ -123,6 +125,12 @@ fi # Convert the region to the correct code get_region_code "$region" + +if [ "$region_code" == 'UNKN' ]; then + LOCATION_CODE=$(echo "$workload_file_parametername" | awk -F'-' '{print $2}' | xargs ) + region_code=$LOCATION_CODE +fi + echo "Region code: ${region_code}" load_config_vars "$workload_file_parametername" "network_logical_name" @@ -153,7 +161,7 @@ landscape_tfstate_key=${key}.terraform.tfstate automation_config_directory=$CONFIG_REPO_PATH/.sap_deployment_automation generic_config_information="${automation_config_directory}"/config -if [ $deployer_environment != $environment ]; then +if [ "$deployer_environment" != "$environment" ]; then if [ -f "${automation_config_directory}"/"${environment}""${region_code}" ]; then # Add support for having multiple vnets in the same environment and zone - rename exiting file to support seamless transition mv "${automation_config_directory}"/"${environment}""${region_code}" "${automation_config_directory}"/"${environment}""${region_code}""${network_logical_name}" From 7551eaaf9cbd4f82e68074f38c43bdeff0e50153 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 22 Oct 2024 20:55:51 +0300 Subject: [PATCH 246/279] Refactor install_workloadzone.sh to handle unknown region codes --- deploy/scripts/install_workloadzone.sh | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index c7befb29b2..fa786475df 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -126,7 +126,7 @@ fi get_region_code "$region" -if [ "$region_code" == 'UNKN' ]; then +if [ "${region_code}" == 'UNKN' ]; then LOCATION_CODE=$(echo "$workload_file_parametername" | awk -F'-' '{print $2}' | xargs ) region_code=$LOCATION_CODE fi @@ -148,11 +148,6 @@ if [ -z "${network_logical_name}" ]; then return 64 #script usage wrong fi - -# Convert the region to the correct code -region=$(echo "${region}" | tr "[:upper:]" "[:lower:]") -get_region_code "$region" - key=$(echo "${workload_file_parametername}" | cut -d. -f1) landscape_tfstate_key=${key}.terraform.tfstate From 8f816be95c60d5116803ddfc0902a016686b1e6e Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 22 Oct 2024 21:06:20 +0300 Subject: [PATCH 247/279] Refactor install_workloadzone.sh to handle unknown region codes and improve parameter handling --- deploy/scripts/install_workloadzone.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index fa786475df..b3d9c4273f 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -134,7 +134,7 @@ fi echo "Region code: ${region_code}" load_config_vars "$workload_file_parametername" "network_logical_name" -network_logical_name=$(echo "${network_logical_name}" | tr "[:lower:]" "[:upper:]") +network_logical_name=$(echo "${network_logical_name}" | tr "[:lower:]" "[:upper:]" | xargs) if [ -z "${network_logical_name}" ]; then echo "#########################################################################################" @@ -163,7 +163,7 @@ if [ "$deployer_environment" != "$environment" ]; then fi fi -workload_config_information="${automation_config_directory}"/"${environment}""${region_code}""${network_logical_name}" +workload_config_information="${automation_config_directory}/${environment}${region_code}${network_logical_name}" if [ "${force}" == 1 ] then @@ -175,15 +175,16 @@ then fi -echo "Configuration file: $workload_config_information" +echo "Configuration file: ${environment}${region_code}${network_logical_name}" echo "Deployment region: $region" echo "Deployment region code: $region_code" echo "Keyvault: $keyvault" +echo "Target Subscription: $STATE_SUBSCRIPTION" if [ -n "$STATE_SUBSCRIPTION" ] then if is_valid_guid "$STATE_SUBSCRIPTION" ; then - echo "Valid subscription format" + save_config_vars "${workload_config_information}" \ STATE_SUBSCRIPTION From bc6d825ad7687b0bcdd816fdca813c6f909fb902 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 22 Oct 2024 21:19:23 +0300 Subject: [PATCH 248/279] Refactor install_workloadzone.sh to handle unknown region codes and improve parameter handling --- deploy/scripts/install_workloadzone.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index b3d9c4273f..46ef537045 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -127,8 +127,8 @@ get_region_code "$region" if [ "${region_code}" == 'UNKN' ]; then - LOCATION_CODE=$(echo "$workload_file_parametername" | awk -F'-' '{print $2}' | xargs ) - region_code=$LOCATION_CODE + LOCATION_CODE=$(echo "$workload_file_parametername" | awk -F'-' '{print $2}' ) + region_code=$(echo "${LOCATION_CODE}" | tr "[:lower:]" "[:upper:]" | xargs) fi echo "Region code: ${region_code}" @@ -174,7 +174,7 @@ then rm -Rf .terraform terraform.tfstate* fi - +echo "" echo "Configuration file: ${environment}${region_code}${network_logical_name}" echo "Deployment region: $region" echo "Deployment region code: $region_code" From 3a545aa1dcb5a2845ffe5d2dfb86e947e734f595 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 22 Oct 2024 21:24:18 +0300 Subject: [PATCH 249/279] Refactor region code handling in deploy_utils.sh and script_helpers.sh --- deploy/scripts/deploy_utils.sh | 2 +- deploy/scripts/helpers/script_helpers.sh | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy/scripts/deploy_utils.sh b/deploy/scripts/deploy_utils.sh index b6298616aa..bc6a7d38a5 100755 --- a/deploy/scripts/deploy_utils.sh +++ b/deploy/scripts/deploy_utils.sh @@ -415,7 +415,7 @@ function print_script_name_and_function() { } function get_region_code() { - region_lower=$(echo "${region}" | tr [:upper:] [:lower:] ) + region_lower=$(echo "${region}" | tr [:upper:] [:lower:] | xargs | tr -d '\r') case "${region_lower}" in "australiacentral") export region_code="AUCE" ;; "australiacentral2") export region_code="AUC2" ;; diff --git a/deploy/scripts/helpers/script_helpers.sh b/deploy/scripts/helpers/script_helpers.sh index c1a5e18e2a..516564242b 100755 --- a/deploy/scripts/helpers/script_helpers.sh +++ b/deploy/scripts/helpers/script_helpers.sh @@ -489,9 +489,9 @@ function validate_key_parameters { # Helper variables load_config_vars $1 "environment" - export environment=$(echo ${environment} | xargs | tr "[:lower:]" "[:upper:]" ) + export environment=$(echo ${environment} | xargs | tr "[:lower:]" "[:upper:]" | tr -d '\r' ) load_config_vars $1 "location" - export region=$(echo ${location} | xargs) + export region=$(echo ${location} | xargs | tr -d '\r') if [ -z ${environment} ]; then echo "#########################################################################################" From fa2bf2e6d3e0b04dd299e3b9084f7af51e8efa18 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 22 Oct 2024 21:29:52 +0300 Subject: [PATCH 250/279] Refactor install_workloadzone.sh to handle unknown region codes and improve parameter handling --- deploy/scripts/install_workloadzone.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index 46ef537045..f62e4bdeb4 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -444,9 +444,9 @@ if [ 1 = "${deploy_using_msi_only:-}" ]; then then echo "Setting the secrets" - allParams=$(printf " --workload --environment %s --region %s --vault %s --subscription %s --msi " "${environment}" "${region_code}" "${keyvault}" "${subscription}" ) + allParams=$(printf " --workload --environment %s --region %s --vault %s --subscription %s --msi " "${environment}" "${region_code}" "${keyvault}" "${STATE_SUBSCRIPTION}" ) - echo "Calling set_secrets with " "${allParams}" + echo "Calling set_secrets with: ${allParams}" "${SAP_AUTOMATION_REPO_PATH}"/deploy/scripts/set_secrets.sh ${allParams} @@ -468,13 +468,13 @@ else if [ -n "$spn_secret" ] then - allParams=$(printf " --workload --environment %s --region %s --vault %s --spn_secret ***** --subscription %s --spn_id %s --tenant_id %s " "${environment}" "${region_code}" "${keyvault}" "${subscription}" "${client_id}" "${tenant_id}" ) + allParams=$(printf " --workload --environment %s --region %s --vault %s --spn_secret ***** --subscription %s --spn_id %s --tenant_id %s " "${environment}" "${region_code}" "${keyvault}" "${STATE_SUBSCRIPTION}" "${client_id}" "${tenant_id}" ) - echo "Calling set_secrets with " "${allParams}" + echo "Calling set_secrets with: ${allParams}" - allParams=$(printf " --workload --environment %s --region %s --vault %s --spn_secret %s --subscription %s --spn_id %s --tenant_id %s " "${environment}" "${region_code}" "${keyvault}" "${spn_secret}" "${subscription}" "${client_id}" "${tenant_id}" ) + allParams=$(printf " --workload --environment %s --region %s --vault %s --spn_secret %s --subscription %s --spn_id %s --tenant_id %s " "${environment}" "${region_code}" "${keyvault}" "${spn_secret}" "${STATE_SUBSCRIPTION}" "${client_id}" "${tenant_id}" ) - "${SAP_AUTOMATION_REPO_PATH}"/deploy/scripts/set_secrets.sh ${allParams} + "${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/set_secrets.sh ${allParams}" if [ -f secret.err ]; then error_message=$(cat secret.err) @@ -486,9 +486,9 @@ else read -p "Do you want to specify the Workload SPN Details Y/N?" ans answer=${ans^^} if [ ${answer} == 'Y' ]; then - allParams=$(printf " --workload --environment %s --region %s --vault %s --subscription %s --spn_id %s " "${environment}" "${region_code}" "${keyvault}" "${subscription}" "${client_id}" ) + allParams=$(printf " --workload --environment %s --region %s --vault %s --subscription %s --spn_id %s " "${environment}" "${region_code}" "${keyvault}" "${STATE_SUBSCRIPTION}" "${client_id}" ) - "${SAP_AUTOMATION_REPO_PATH}"/deploy/scripts/set_secrets.sh ${allParams} + "${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/set_secrets.sh ${allParams}" if [ $? -eq 255 ] then exit $? From 8010994576d06aea3d01d282a4fb8ecc6a585573 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 22 Oct 2024 21:36:53 +0300 Subject: [PATCH 251/279] Refactor install_workloadzone.sh to handle unknown region codes and improve parameter handling --- deploy/scripts/install_workloadzone.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index f62e4bdeb4..eafb53ed21 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -468,9 +468,9 @@ else if [ -n "$spn_secret" ] then - allParams=$(printf " --workload --environment %s --region %s --vault %s --spn_secret ***** --subscription %s --spn_id %s --tenant_id %s " "${environment}" "${region_code}" "${keyvault}" "${STATE_SUBSCRIPTION}" "${client_id}" "${tenant_id}" ) + fixed_allParams=$(printf " --workload --environment %s --region %s --vault %s --spn_secret ***** --subscription %s --spn_id %s --tenant_id %s " "${environment}" "${region_code}" "${keyvault}" "${STATE_SUBSCRIPTION}" "${client_id}" "${tenant_id}" ) - echo "Calling set_secrets with: ${allParams}" + echo "Calling set_secrets with: ${fixed_allParams}" allParams=$(printf " --workload --environment %s --region %s --vault %s --spn_secret %s --subscription %s --spn_id %s --tenant_id %s " "${environment}" "${region_code}" "${keyvault}" "${spn_secret}" "${STATE_SUBSCRIPTION}" "${client_id}" "${tenant_id}" ) From 98a8fef1d966adba74edf375f3570081793b9ec1 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 22 Oct 2024 21:46:12 +0300 Subject: [PATCH 252/279] Refactor install_workloadzone.sh to handle unknown region codes and improve parameter handling --- deploy/scripts/install_workloadzone.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index eafb53ed21..aa046314f9 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -164,6 +164,8 @@ if [ "$deployer_environment" != "$environment" ]; then fi workload_config_information="${automation_config_directory}/${environment}${region_code}${network_logical_name}" +deployer_config_information="${automation_config_directory}/${deployer_environment}${region_code}" + if [ "${force}" == 1 ] then @@ -274,7 +276,7 @@ then if [ -n "$deployer_environment" ] then deployer_config_information="${automation_config_directory}"/"${deployer_environment}""${region_code}" - echo "Deployer config file $deployer_config_information" + echo "Deployer config file: $deployer_config_information" if [ -f "$deployer_config_information" ] then load_config_vars "${deployer_config_information}" "keyvault" @@ -282,7 +284,7 @@ then load_config_vars "${deployer_config_information}" "REMOTE_STATE_SA" load_config_vars "${deployer_config_information}" "tfstate_resource_id" load_config_vars "${deployer_config_information}" "deployer_tfstate_key" - echo "tfstate_resource_id: $tfstate_resource_id" + save_config_vars "${workload_config_information}" \ tfstate_resource_id @@ -313,7 +315,7 @@ export TF_DATA_DIR="${param_dirname}/.terraform" if [ -n "$subscription" ] then if is_valid_guid "$subscription" ; then - echo "Valid subscription format" + echo "" else printf -v val %-40.40s "$subscription" echo "#########################################################################################" From a384b848be007a1b6fbd4b0226068581fd1e4c6a Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 22 Oct 2024 21:51:19 +0300 Subject: [PATCH 253/279] Refactor install_workloadzone.sh to handle unknown region codes and improve parameter handling --- deploy/scripts/install_workloadzone.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index aa046314f9..178bd3c2a0 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -316,6 +316,7 @@ if [ -n "$subscription" ] then if is_valid_guid "$subscription" ; then echo "" + export ARM_SUBSCRIPTION_ID="${subscription}" else printf -v val %-40.40s "$subscription" echo "#########################################################################################" @@ -446,7 +447,7 @@ if [ 1 = "${deploy_using_msi_only:-}" ]; then then echo "Setting the secrets" - allParams=$(printf " --workload --environment %s --region %s --vault %s --subscription %s --msi " "${environment}" "${region_code}" "${keyvault}" "${STATE_SUBSCRIPTION}" ) + allParams=$(printf " --workload --environment %s --region %s --vault %s --keyvault_subscription %s --msi " "${environment}" "${region_code}" "${keyvault}" "${STATE_SUBSCRIPTION}" ) echo "Calling set_secrets with: ${allParams}" @@ -470,11 +471,11 @@ else if [ -n "$spn_secret" ] then - fixed_allParams=$(printf " --workload --environment %s --region %s --vault %s --spn_secret ***** --subscription %s --spn_id %s --tenant_id %s " "${environment}" "${region_code}" "${keyvault}" "${STATE_SUBSCRIPTION}" "${client_id}" "${tenant_id}" ) + fixed_allParams=$(printf " --workload --environment %s --region %s --vault %s --spn_secret ***** --keyvault_subscription %s --spn_id %s --tenant_id %s " "${environment}" "${region_code}" "${keyvault}" "${STATE_SUBSCRIPTION}" "${client_id}" "${tenant_id}" ) echo "Calling set_secrets with: ${fixed_allParams}" - allParams=$(printf " --workload --environment %s --region %s --vault %s --spn_secret %s --subscription %s --spn_id %s --tenant_id %s " "${environment}" "${region_code}" "${keyvault}" "${spn_secret}" "${STATE_SUBSCRIPTION}" "${client_id}" "${tenant_id}" ) + allParams=$(printf " --workload --environment %s --region %s --vault %s --spn_secret %s --keyvault_subscription %s --spn_id %s --tenant_id %s " "${environment}" "${region_code}" "${keyvault}" "${spn_secret}" "${STATE_SUBSCRIPTION}" "${client_id}" "${tenant_id}" ) "${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/set_secrets.sh ${allParams}" From 54bb015dea00cbdeeba7fe628ed34e769d20e042 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 22 Oct 2024 21:52:32 +0300 Subject: [PATCH 254/279] Refactor install_workloadzone.sh to improve parameter handling and region code handling in deploy_utils.sh and script_helpers.sh --- deploy/scripts/install_workloadzone.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index 178bd3c2a0..f8c70d98c4 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -180,8 +180,9 @@ echo "" echo "Configuration file: ${environment}${region_code}${network_logical_name}" echo "Deployment region: $region" echo "Deployment region code: $region_code" -echo "Keyvault: $keyvault" -echo "Target Subscription: $STATE_SUBSCRIPTION" +echo "Deployer Keyvault: $keyvault" +echo "Deployer Subscription: $subscription" +echo "Target Subscription: $subscription" if [ -n "$STATE_SUBSCRIPTION" ] then From 6b651207ef3b4526e1d4142ac0d760216f62f8db Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 22 Oct 2024 22:03:14 +0300 Subject: [PATCH 255/279] Refactor install_workloadzone.sh to improve parameter handling and region code handling --- deploy/scripts/install_workloadzone.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index f8c70d98c4..03e51c0aa4 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -181,10 +181,10 @@ echo "Configuration file: ${environment}${region_code}${network echo "Deployment region: $region" echo "Deployment region code: $region_code" echo "Deployer Keyvault: $keyvault" -echo "Deployer Subscription: $subscription" +echo "Deployer Subscription: $STATE_SUBSCRIPTION" echo "Target Subscription: $subscription" -if [ -n "$STATE_SUBSCRIPTION" ] +if [[ -n $STATE_SUBSCRIPTION ]] then if is_valid_guid "$STATE_SUBSCRIPTION" ; then @@ -216,6 +216,8 @@ fi if [ -n "$REMOTE_STATE_SA" ] ; then get_and_store_sa_details ${REMOTE_STATE_SA} ${workload_config_information} + save_config_vars "${workload_config_information}" \ + tfstate_resource_id REMOTE_STATE_RG fi if [ -n "$keyvault" ] @@ -335,7 +337,7 @@ if [ 0 = "${deploy_using_msi_only:-}" ]; then if [ -n "$client_id" ] then if is_valid_guid "$client_id" ; then - echo "Valid spn id format" + echo "" else printf -v val %-40.40s "$client_id" echo "#########################################################################################" From b5923258779fc3918268ca062516b96636690e4b Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 22 Oct 2024 22:10:04 +0300 Subject: [PATCH 256/279] Refactor install_workloadzone.sh to improve parameter handling and region code handling --- deploy/scripts/install_workloadzone.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index 03e51c0aa4..d107266cd8 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -165,6 +165,8 @@ fi workload_config_information="${automation_config_directory}/${environment}${region_code}${network_logical_name}" deployer_config_information="${automation_config_directory}/${deployer_environment}${region_code}" +save_config_vars "${workload_config_information}" \ + STATE_SUBSCRIPTION REMOTE_STATE_SA subscription if [ "${force}" == 1 ] @@ -182,6 +184,7 @@ echo "Deployment region: $region" echo "Deployment region code: $region_code" echo "Deployer Keyvault: $keyvault" echo "Deployer Subscription: $STATE_SUBSCRIPTION" +echo "Remote state storage account: $REMOTE_STATE_SA" echo "Target Subscription: $subscription" if [[ -n $STATE_SUBSCRIPTION ]] @@ -213,6 +216,7 @@ then fi +cat ${workload_config_information} if [ -n "$REMOTE_STATE_SA" ] ; then get_and_store_sa_details ${REMOTE_STATE_SA} ${workload_config_information} @@ -220,6 +224,8 @@ if [ -n "$REMOTE_STATE_SA" ] ; then tfstate_resource_id REMOTE_STATE_RG fi +cat ${workload_config_information} + if [ -n "$keyvault" ] then if valid_kv_name "$keyvault" ; then From cb7cc87d607b716be885f4a1f0a13ca904420709 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 22 Oct 2024 22:20:54 +0300 Subject: [PATCH 257/279] Refactor install_workloadzone.sh to improve parameter handling and region code handling --- deploy/scripts/deploy_utils.sh | 12 ++++++++---- deploy/scripts/install_workloadzone.sh | 7 +------ 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/deploy/scripts/deploy_utils.sh b/deploy/scripts/deploy_utils.sh index bc6a7d38a5..db8929871e 100755 --- a/deploy/scripts/deploy_utils.sh +++ b/deploy/scripts/deploy_utils.sh @@ -132,13 +132,17 @@ function get_and_store_sa_details { save_config_vars "${config_file_name}" REMOTE_STATE_SA if [ -z $STATE_SUBSCRIPTION ];then - tfstate_resource_id=$(az resource list --name "${REMOTE_STATE_SA}" --resource-type Microsoft.Storage/storageAccounts --query "[].id | [0]" --output tsv) + tf_resource_id=$(az resource list --name "${REMOTE_STATE_SA}" --resource-type Microsoft.Storage/storageAccounts --query "[].id | [0]" --output tsv) + REMOTE_STATE_RGNAME=$(az resource list --name "${REMOTE_STATE_SA}" --resource-type Microsoft.Storage/storageAccounts --query "[].resourceGroup | [0]" --output tsv) else - tfstate_resource_id=$(az resource list --name "${REMOTE_STATE_SA}" --resource-type Microsoft.Storage/storageAccounts --subscription $STATE_SUBSCRIPTION --query "[].id | [0]" --output tsv) + tf_resource_id=$(az resource list --name "${REMOTE_STATE_SA}" --resource-type Microsoft.Storage/storageAccounts --subscription $STATE_SUBSCRIPTION --query "[].id | [0]" --output tsv) + REMOTE_STATE_RGNAME=$(az resource list --name "${REMOTE_STATE_SA}" --resource-type Microsoft.Storage/storageAccounts --subscription $STATE_SUBSCRIPTION --query "[].resourceGroup | [0]" --output tsv) + fi fail_if_null tfstate_resource_id - export STATE_SUBSCRIPTION=$(echo $tfstate_resource_id | cut -d/ -f3 | tr -d \" | xargs) - export REMOTE_STATE_RG=$(echo $tfstate_resource_id | cut -d/ -f5 | tr -d \" | xargs) + + export REMOTE_STATE_RG=$REMOTE_STATE_RGNAME + export tfstate_resource_id=$tf_resource_id save_config_vars "${config_file_name}" \ REMOTE_STATE_RG \ diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index d107266cd8..e0ae46f88a 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -168,7 +168,6 @@ deployer_config_information="${automation_config_directory}/${deployer_environme save_config_vars "${workload_config_information}" \ STATE_SUBSCRIPTION REMOTE_STATE_SA subscription - if [ "${force}" == 1 ] then if [ -f "${workload_config_information}" ] @@ -216,12 +215,8 @@ then fi -cat ${workload_config_information} if [ -n "$REMOTE_STATE_SA" ] ; then - get_and_store_sa_details ${REMOTE_STATE_SA} ${workload_config_information} - save_config_vars "${workload_config_information}" \ - tfstate_resource_id REMOTE_STATE_RG fi cat ${workload_config_information} @@ -486,7 +481,7 @@ else allParams=$(printf " --workload --environment %s --region %s --vault %s --spn_secret %s --keyvault_subscription %s --spn_id %s --tenant_id %s " "${environment}" "${region_code}" "${keyvault}" "${spn_secret}" "${STATE_SUBSCRIPTION}" "${client_id}" "${tenant_id}" ) - "${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/set_secrets.sh ${allParams}" + "${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/set_secrets.sh" ${allParams} if [ -f secret.err ]; then error_message=$(cat secret.err) From 5063d92e7cf2e591b6bc418fbdfed2d9c19cfab0 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 22 Oct 2024 22:34:52 +0300 Subject: [PATCH 258/279] Refactor install_workloadzone.sh to improve parameter handling and region code handling --- deploy/pipelines/01-deploy-control-plane.yaml | 2 +- deploy/scripts/install_workloadzone.sh | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index a6e9fbd227..ee7b9d6b05 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -695,7 +695,7 @@ stages: fi az account set --subscription $ARM_SUBSCRIPTION_ID else - echo "Deployment credentials: MAnaged Identity" + echo "Deployment credentials: Managed Identity" # export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID export ARM_USE_MSI=true diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index e0ae46f88a..29cb8a3145 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -451,7 +451,7 @@ if [ 1 = "${deploy_using_msi_only:-}" ]; then then echo "Setting the secrets" - allParams=$(printf " --workload --environment %s --region %s --vault %s --keyvault_subscription %s --msi " "${environment}" "${region_code}" "${keyvault}" "${STATE_SUBSCRIPTION}" ) + allParams=$(printf " --workload --environment %s --region %s --vault %s --keyvault_subscription %s --subscription %s --msi " "${environment}" "${region_code}" "${keyvault}" "${STATE_SUBSCRIPTION}" "${ARM_SUBSCRIPTION_ID}" ) echo "Calling set_secrets with: ${allParams}" @@ -475,11 +475,11 @@ else if [ -n "$spn_secret" ] then - fixed_allParams=$(printf " --workload --environment %s --region %s --vault %s --spn_secret ***** --keyvault_subscription %s --spn_id %s --tenant_id %s " "${environment}" "${region_code}" "${keyvault}" "${STATE_SUBSCRIPTION}" "${client_id}" "${tenant_id}" ) + fixed_allParams=$(printf " --workload --environment %s --region %s --vault %s --subscription %s --spn_secret ***** --keyvault_subscription %s --spn_id %s --tenant_id %s " "${environment}" "${region_code}" "${keyvault}" "${ARM_SUBSCRIPTION_ID}" "${STATE_SUBSCRIPTION}" "${client_id}" "${tenant_id}" ) echo "Calling set_secrets with: ${fixed_allParams}" - allParams=$(printf " --workload --environment %s --region %s --vault %s --spn_secret %s --keyvault_subscription %s --spn_id %s --tenant_id %s " "${environment}" "${region_code}" "${keyvault}" "${spn_secret}" "${STATE_SUBSCRIPTION}" "${client_id}" "${tenant_id}" ) + allParams=$(printf " --workload --environment %s --region %s --vault %s --spn_secret %s --subscription %s --keyvault_subscription %s --spn_id %s --tenant_id %s " "${environment}" "${region_code}" "${keyvault}" "${spn_secret}" "${ARM_SUBSCRIPTION_ID}" "${STATE_SUBSCRIPTION}" "${client_id}" "${tenant_id}" ) "${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/set_secrets.sh" ${allParams} From 920d6726b2a19c72ac42ea3846b05dd94cd6c877 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 22 Oct 2024 22:56:33 +0300 Subject: [PATCH 259/279] Refactor install_workloadzone.sh to improve parameter handling and region code handling --- deploy/pipelines/01-deploy-control-plane.yaml | 15 ++++++++------- deploy/scripts/set_secrets.sh | 4 ++-- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index ee7b9d6b05..27475bed1b 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -220,10 +220,10 @@ stages: deployer_environment_file_name=$CONFIG_REPO_PATH/.sap_deployment_automation/${ENVIRONMENT}$LOCATION echo -e "$green--- Deploy the Control Plane ---$reset" if [ -n "$(PAT)" ]; then - echo "Deployer Agent PAT: IsDefined" + echo "Deployer Agent PAT: IsDefined" fi if [ -n "$(POOL)" ]; then - echo "Deployer Agent Pool: $(POOL)" + echo " Deployer Agent Pool: $(POOL)" fi if [ -f ${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/state.zip ]; then @@ -548,7 +548,7 @@ stages: storage_account_parameter="" if [ -n "${REMOTE_STATE_SA}" ]; then - storage_account_parameter="--storageaccountname ${REMOTE_STATE_SA}" + storage_account_parameter=" --storageaccountname ${REMOTE_STATE_SA} " else sed -i 's/step=2/step=1/' "$deployer_environment_file_name" sed -i 's/step=3/step=1/' "$deployer_environment_file_name" @@ -578,7 +578,7 @@ stages: exit 2 fi TF_VAR_app_registration_app_id=$(APP_REGISTRATION_APP_ID); - echo "App Registration ID: ${TF_VAR_app_registration_app_id}" + echo "App Registration ID: ${TF_VAR_app_registration_app_id}" export TF_VAR_app_registration_app_id TF_VAR_webapp_client_secret=$(WEB_APP_CLIENT_SECRET) export TF_VAR_webapp_client_secret @@ -786,9 +786,10 @@ stages: ${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/deploy_controlplane.sh \ --deployer_parameter_file "${deployer_configfile}" \ --library_parameter_file "${library_configfile}" \ - --subscription "${STATE_SUBSCRIPTION}" \ - --auto-approve --ado --msi \ - "${storage_account_parameter}" "${keyvault_parameter}" + --subscription "${STATE_SUBSCRIPTION}" --ado --msi \ + "${storage_account_parameter}" "${keyvault_parameter}" \ + --auto-approve + fi return_code=$? diff --git a/deploy/scripts/set_secrets.sh b/deploy/scripts/set_secrets.sh index 58dc09e860..51cd63b91f 100755 --- a/deploy/scripts/set_secrets.sh +++ b/deploy/scripts/set_secrets.sh @@ -294,8 +294,8 @@ echo "# echo "#########################################################################################" echo "" -echo "Key vault: ${keyvault}" -echo "Subscription: ${STATE_SUBSCRIPTION}" +echo "Key vault: ${keyvault}" +echo "Subscription: ${STATE_SUBSCRIPTION}" save_config_vars "${environment_config_information}" \ keyvault \ From be34bdce07b8d776e3b1fabd1f09ad57a6dd8dae Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 22 Oct 2024 23:29:01 +0300 Subject: [PATCH 260/279] Refactor install_workloadzone.sh to remove unnecessary code --- deploy/scripts/install_workloadzone.sh | 2 -- deploy/terraform/bootstrap/sap_deployer/providers.tf | 2 +- deploy/terraform/bootstrap/sap_deployer/tfvar_variables.tf | 5 +++++ deploy/terraform/run/sap_deployer/providers.tf | 2 +- deploy/terraform/run/sap_deployer/tfvar_variables.tf | 6 ++++++ deploy/terraform/run/sap_landscape/providers.tf | 2 +- deploy/terraform/run/sap_landscape/tfvar_variables.tf | 5 +++++ 7 files changed, 19 insertions(+), 5 deletions(-) diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index 29cb8a3145..7aa9c5bbeb 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -219,8 +219,6 @@ if [ -n "$REMOTE_STATE_SA" ] ; then get_and_store_sa_details ${REMOTE_STATE_SA} ${workload_config_information} fi -cat ${workload_config_information} - if [ -n "$keyvault" ] then if valid_kv_name "$keyvault" ; then diff --git a/deploy/terraform/bootstrap/sap_deployer/providers.tf b/deploy/terraform/bootstrap/sap_deployer/providers.tf index 660cc0ed5f..c5bfa21270 100644 --- a/deploy/terraform/bootstrap/sap_deployer/providers.tf +++ b/deploy/terraform/bootstrap/sap_deployer/providers.tf @@ -20,7 +20,7 @@ data "azurerm_client_config" "current" { provider "azurerm" { features { resource_group { - prevent_deletion_if_contains_resources = true + prevent_deletion_if_contains_resources = var.prevent_deletion_if_contains_resources } key_vault { purge_soft_delete_on_destroy = !var.enable_purge_control_for_keyvaults diff --git a/deploy/terraform/bootstrap/sap_deployer/tfvar_variables.tf b/deploy/terraform/bootstrap/sap_deployer/tfvar_variables.tf index a2fea50615..2d26d87b37 100644 --- a/deploy/terraform/bootstrap/sap_deployer/tfvar_variables.tf +++ b/deploy/terraform/bootstrap/sap_deployer/tfvar_variables.tf @@ -22,6 +22,11 @@ variable "location" { type = string } +variable "prevent_deletion_if_contains_resources" { + description = "Controls if resource groups are deleted even if they contain resources" + type = bool + default = true + } #######################################4#######################################8 # # # Resource group definitioms # diff --git a/deploy/terraform/run/sap_deployer/providers.tf b/deploy/terraform/run/sap_deployer/providers.tf index ed98c27c5a..41f3b50f86 100644 --- a/deploy/terraform/run/sap_deployer/providers.tf +++ b/deploy/terraform/run/sap_deployer/providers.tf @@ -16,7 +16,7 @@ Description: provider "azurerm" { features { resource_group { - prevent_deletion_if_contains_resources = true + prevent_deletion_if_contains_resources = var.prevent_deletion_if_contains_resources } key_vault { purge_soft_delete_on_destroy = !var.enable_purge_control_for_keyvaults diff --git a/deploy/terraform/run/sap_deployer/tfvar_variables.tf b/deploy/terraform/run/sap_deployer/tfvar_variables.tf index 259c37f2de..faae59eed2 100644 --- a/deploy/terraform/run/sap_deployer/tfvar_variables.tf +++ b/deploy/terraform/run/sap_deployer/tfvar_variables.tf @@ -28,6 +28,12 @@ variable "subscription_id" { default = null } + +variable "prevent_deletion_if_contains_resources" { + description = "Controls if resource groups are deleted even if they contain resources" + type = bool + default = true + } #######################################4#######################################8 # # # Resource group definitioms # diff --git a/deploy/terraform/run/sap_landscape/providers.tf b/deploy/terraform/run/sap_landscape/providers.tf index 867327b13a..2588fd88ee 100644 --- a/deploy/terraform/run/sap_landscape/providers.tf +++ b/deploy/terraform/run/sap_landscape/providers.tf @@ -22,7 +22,7 @@ provider "azurerm" { provider "azurerm" { features { resource_group { - prevent_deletion_if_contains_resources = true + prevent_deletion_if_contains_resources = var.prevent_deletion_if_contains_resources } key_vault { purge_soft_delete_on_destroy = !var.enable_purge_control_for_keyvaults diff --git a/deploy/terraform/run/sap_landscape/tfvar_variables.tf b/deploy/terraform/run/sap_landscape/tfvar_variables.tf index a022608ca3..5e5c64bafd 100644 --- a/deploy/terraform/run/sap_landscape/tfvar_variables.tf +++ b/deploy/terraform/run/sap_landscape/tfvar_variables.tf @@ -33,6 +33,11 @@ variable "place_delete_lock_on_resources" { default = false } +variable "prevent_deletion_if_contains_resources" { + description = "Controls if resource groups are deleted even if they contain resources" + type = bool + default = true + } #######################################4#######################################8 # # # Resource group definitioms # From af1ab403a8af465e61d0162ab72fd863cba13dde Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Tue, 22 Oct 2024 23:41:23 +0300 Subject: [PATCH 261/279] Refactor echo statements to improve readability and consistency --- deploy/scripts/installer.sh | 2 +- deploy/scripts/remove_controlplane.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/scripts/installer.sh b/deploy/scripts/installer.sh index a381a30ed5..50f869c13f 100755 --- a/deploy/scripts/installer.sh +++ b/deploy/scripts/installer.sh @@ -163,7 +163,7 @@ echo "Deployment region code: $region_code" if [ 1 == $called_from_ado ] ; then this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 export TF_VAR_Agent_IP=$this_ip - echo "Agent IP: $this_ip" + echo "Agent IP: $this_ip" fi diff --git a/deploy/scripts/remove_controlplane.sh b/deploy/scripts/remove_controlplane.sh index 48bf7a48b4..033d88a4b8 100755 --- a/deploy/scripts/remove_controlplane.sh +++ b/deploy/scripts/remove_controlplane.sh @@ -181,7 +181,7 @@ echo "Deployer environment: $deployer_environment" this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 export TF_VAR_Agent_IP=$this_ip -echo "Agent IP: $this_ip" +echo "Agent IP: $this_ip" if [ -n "${subscription}" ] then From 2e8730d888a4f937eef18e028c9aedb5a3a3d1a9 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Wed, 23 Oct 2024 10:08:43 +0300 Subject: [PATCH 262/279] Refactor installer.sh to improve parameter handling and region code handling --- deploy/scripts/installer.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/deploy/scripts/installer.sh b/deploy/scripts/installer.sh index 50f869c13f..8f2630ad1c 100755 --- a/deploy/scripts/installer.sh +++ b/deploy/scripts/installer.sh @@ -1164,6 +1164,12 @@ if [ 1 == $ok_to_proceed ]; then echo "# #" echo "#########################################################################################" echo "" + if [ 1 == $called_from_ado ] ; then + terraform -chdir="${terraform_module_directory}" apply -parallelism="${parallelism}" -no-color -compact-warnings -json $allParams | tee -a apply_output.json + else + terraform -chdir="${terraform_module_directory}" apply -parallelism="${parallelism}" -json $allParams | tee -a apply_output.json + fi + return_value=$? fi fi From 6c5f38e3a7ed44c9077bda05f77b450196bb6214 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Wed, 23 Oct 2024 10:42:35 +0300 Subject: [PATCH 263/279] Refactor installer.sh to improve parameter handling and region code handling --- deploy/scripts/installer.sh | 51 ++++++++++++++++++++++--------------- 1 file changed, 30 insertions(+), 21 deletions(-) diff --git a/deploy/scripts/installer.sh b/deploy/scripts/installer.sh index 8f2630ad1c..224e1cbe18 100755 --- a/deploy/scripts/installer.sh +++ b/deploy/scripts/installer.sh @@ -467,35 +467,44 @@ echo "" check_output=0 if [ -f terraform.tfstate ]; then + if [ -f ./.terraform/terraform.tfstate ]; then + if grep "azurerm" ./.terraform/terraform.tfstate ; then + echo "" + echo "#########################################################################################" + echo "# #" + echo "# The state is already migrated to Azure!!! #" + echo "# #" + echo "#########################################################################################" + echo "" + else - if [ "${deployment_system}" == sap_deployer ] - then - echo "" - echo -e "$cyan Reinitializing deployer in case of on a new deployer $resetformatting" - - terraform_module_directory="${SAP_AUTOMATION_REPO_PATH}"/deploy/terraform/bootstrap/"${deployment_system}"/ - terraform -chdir="${terraform_module_directory}" init -backend-config "path=${param_dirname}/terraform.tfstate" -reconfigure - echo "" - key_vault_id=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw deployer_kv_user_arm_id | tr -d \") + if [ "${deployment_system}" == sap_deployer ]; then - if [ -n "${key_vault_id}" ] - then - export TF_VAR_deployer_kv_user_arm_id="${key_vault_id}" ; echo $TF_VAR_deployer_kv_user_arm_id - fi + echo "" + echo -e "$cyan Reinitializing deployer in case of on a new deployer $resetformatting" + terraform_module_directory="${SAP_AUTOMATION_REPO_PATH}"/deploy/terraform/bootstrap/"${deployment_system}"/ + terraform -chdir="${terraform_module_directory}" init -backend-config "path=${param_dirname}/terraform.tfstate" -reconfigure + echo "" + key_vault_id=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw deployer_kv_user_arm_id | tr -d \") - fi + if [ -n "${key_vault_id}" ] + then + export TF_VAR_deployer_kv_user_arm_id="${key_vault_id}" ; echo $TF_VAR_deployer_kv_user_arm_id + fi + fi - if [ "${deployment_system}" == sap_library ] - then - echo "Reinitializing library in case of on a new deployer" - terraform_module_directory="${SAP_AUTOMATION_REPO_PATH}"/deploy/terraform/bootstrap/"${deployment_system}"/ - terraform -chdir="${terraform_module_directory}" init -backend-config "path=${param_dirname}/terraform.tfstate" -reconfigure - fi + if [ "${deployment_system}" == sap_library ] + then + echo "Reinitializing library in case of on a new deployer" + terraform_module_directory="${SAP_AUTOMATION_REPO_PATH}"/deploy/terraform/bootstrap/"${deployment_system}"/ + terraform -chdir="${terraform_module_directory}" init -backend-config "path=${param_dirname}/terraform.tfstate" -reconfigure + fi + fi + fi fi - terraform_module_directory="${SAP_AUTOMATION_REPO_PATH}"/deploy/terraform/run/"${deployment_system}"/ export TF_DATA_DIR="${param_dirname}/.terraform" From 47a2d14732eea527d25048ac19e036c3bbd92ccb Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Wed, 23 Oct 2024 10:44:26 +0300 Subject: [PATCH 264/279] Refactor installer.sh to remove unnecessary echo statements --- deploy/scripts/installer.sh | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/deploy/scripts/installer.sh b/deploy/scripts/installer.sh index 224e1cbe18..e3132d64a2 100755 --- a/deploy/scripts/installer.sh +++ b/deploy/scripts/installer.sh @@ -468,13 +468,7 @@ echo "" check_output=0 if [ -f terraform.tfstate ]; then if [ -f ./.terraform/terraform.tfstate ]; then - if grep "azurerm" ./.terraform/terraform.tfstate ; then - echo "" - echo "#########################################################################################" - echo "# #" - echo "# The state is already migrated to Azure!!! #" - echo "# #" - echo "#########################################################################################" + if grep "\"type\": \"azurerm\"" .terraform/terraform.tfstate ; then echo "" else From 7234ec334fd5c19738db0d94f2e62a981c14c60d Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Wed, 23 Oct 2024 11:18:25 +0300 Subject: [PATCH 265/279] Refactor installer.sh to improve parameter handling and region code handling --- deploy/scripts/install_workloadzone.sh | 1 + deploy/scripts/installer.sh | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index 7aa9c5bbeb..94a4d6d81b 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -181,6 +181,7 @@ echo "" echo "Configuration file: ${environment}${region_code}${network_logical_name}" echo "Deployment region: $region" echo "Deployment region code: $region_code" +echo "Deployment environment: $deployer_environment" echo "Deployer Keyvault: $keyvault" echo "Deployer Subscription: $STATE_SUBSCRIPTION" echo "Remote state storage account: $REMOTE_STATE_SA" diff --git a/deploy/scripts/installer.sh b/deploy/scripts/installer.sh index e3132d64a2..9facd4520c 100755 --- a/deploy/scripts/installer.sh +++ b/deploy/scripts/installer.sh @@ -644,7 +644,7 @@ allParams=$(printf " -var-file=%s %s %s %s %s %s %s %s" "${var_file}" "${extra_v terraform -chdir="$terraform_module_directory" plan -no-color -detailed-exitcode $allParams | tee -a plan_output.log return_value=$? -echo "Terraform Plan return code: $return_value" +echo "Terraform Plan return code: $return_value" if [ 1 == $return_value ] ; then echo "" @@ -762,10 +762,10 @@ fi useSAS=$(az storage account show --name "${REMOTE_STATE_SA}" --query allowSharedKeyAccess --subscription "${STATE_SUBSCRIPTION}" --out tsv) if [ "$useSAS" = "true" ] ; then - echo "Storage Account authentication: key" + echo "Storage Account authentication: key" export ARM_USE_AZUREAD=false else - echo "Storage Account authentication: Entra ID" + echo "Storage Account authentication: Entra ID" export ARM_USE_AZUREAD=true fi From e5e34ecba4710deeaeefd915980e4872db2abbc7 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Wed, 23 Oct 2024 11:55:32 +0300 Subject: [PATCH 266/279] Refactor storage_accounts.tf to include var.use_private_endpoint in the count condition --- .../terraform-units/modules/sap_landscape/storage_accounts.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/terraform/terraform-units/modules/sap_landscape/storage_accounts.tf b/deploy/terraform/terraform-units/modules/sap_landscape/storage_accounts.tf index cd14c2e1b0..d25f519f4e 100644 --- a/deploy/terraform/terraform-units/modules/sap_landscape/storage_accounts.tf +++ b/deploy/terraform/terraform-units/modules/sap_landscape/storage_accounts.tf @@ -326,7 +326,7 @@ resource "azurerm_storage_account" "transport" { resource "azurerm_private_dns_a_record" "transport" { provider = azurerm.privatelinkdnsmanagement - count = var.create_transport_storage && local.use_Azure_native_DNS && local.use_AFS_for_shared && length(var.transport_private_endpoint_id) == 0 ? 1 : 0 + count = var.use_private_endpoint && var.create_transport_storage && local.use_Azure_native_DNS && local.use_AFS_for_shared && length(var.transport_private_endpoint_id) == 0 ? 1 : 0 name = replace( lower( format("%s", local.landscape_shared_transport_storage_account_name) From e1c5a6c7e6c264a09283cf600a9e71d42767297b Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Wed, 23 Oct 2024 11:58:25 +0300 Subject: [PATCH 267/279] Refactor storage_accounts.tf to include var.use_private_endpoint in the count condition --- .../terraform-units/modules/sap_landscape/storage_accounts.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/terraform/terraform-units/modules/sap_landscape/storage_accounts.tf b/deploy/terraform/terraform-units/modules/sap_landscape/storage_accounts.tf index d25f519f4e..cd5a28f734 100644 --- a/deploy/terraform/terraform-units/modules/sap_landscape/storage_accounts.tf +++ b/deploy/terraform/terraform-units/modules/sap_landscape/storage_accounts.tf @@ -525,7 +525,7 @@ resource "azurerm_storage_account" "install" { resource "azurerm_storage_account_network_rules" "install" { provider = azurerm.main - count = local.use_AFS_for_shared && length(var.install_storage_account_id) == 0 ? 1 : 0 + count = local.use_AFS_for_shared && var.enable_firewall_for_keyvaults_and_storage && length(var.install_storage_account_id) == 0 ? 1 : 0 depends_on = [ azurerm_storage_account.install, azurerm_storage_share.install, From 160cf788c9b342a948bcb40bedb3293400d085fc Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Wed, 23 Oct 2024 12:07:35 +0300 Subject: [PATCH 268/279] Keyvault network rules --- .../modules/sap_landscape/key_vault_sap_landscape.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/terraform/terraform-units/modules/sap_landscape/key_vault_sap_landscape.tf b/deploy/terraform/terraform-units/modules/sap_landscape/key_vault_sap_landscape.tf index d9b5f67955..7fe898cfaf 100644 --- a/deploy/terraform/terraform-units/modules/sap_landscape/key_vault_sap_landscape.tf +++ b/deploy/terraform/terraform-units/modules/sap_landscape/key_vault_sap_landscape.tf @@ -35,7 +35,7 @@ resource "azurerm_key_vault" "kv_user" { content { bypass = "AzureServices" - default_action = local.management_subnet_exists ? "Deny" : "Allow" + default_action = var.enable_firewall_for_keyvaults_and_storage ? "Deny" : "Allow" ip_rules = compact( [ From 3ad26a8e72145d622de8602c251a1a5fbbf988e0 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Wed, 23 Oct 2024 12:28:18 +0300 Subject: [PATCH 269/279] Refactor key_vault_sap_landscape.tf to include var.enable_firewall_for_keyvaults_and_storage in the default_action condition --- deploy/scripts/install_workloadzone.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index 94a4d6d81b..0b4a5e6e8e 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -1117,6 +1117,16 @@ Date : "${now}" EOF +printf -v kvname '%-40s' "${workloadkeyvault}" +echo "" +echo "#########################################################################################" +echo "# #" +echo -e "# $cyan Please save these values: $resetformatting #" +echo "# - Key Vault: ${kvname} #" +echo "# #" +echo "#########################################################################################" + + if [ -f "${workload_config_information}".err ]; then cat "${workload_config_information}".err fi From 6101502ba296ad911f773182a4dccda2b09aeb8c Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Wed, 23 Oct 2024 12:38:20 +0300 Subject: [PATCH 270/279] Refactor installer.sh to handle empty SPN secret in set_executing_user_environment_variables --- deploy/scripts/install_workloadzone.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index 0b4a5e6e8e..0bd637fd2f 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -365,7 +365,12 @@ if [ 0 = "${deploy_using_msi_only:-}" ]; then fi #setting the user environment variables - set_executing_user_environment_variables "${spn_secret}" + if [ -n "${spn_secret}" ] + then + set_executing_user_environment_variables "${spn_secret}" + else + set_executing_user_environment_variables "none" + fi else #setting the user environment variables set_executing_user_environment_variables "N/A" From a26dbb9d0c627c4e0c16eb9213306438c44a48b3 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Wed, 23 Oct 2024 13:03:08 +0300 Subject: [PATCH 271/279] Refactor installer.sh to handle empty SPN secret in set_executing_user_environment_variables --- deploy/scripts/install_workloadzone.sh | 3 +-- deploy/scripts/installer.sh | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index 0bd637fd2f..1e5231e233 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -1075,7 +1075,7 @@ if [ 0 == $return_value ] ; then echo "" save_config_var "workloadkeyvault" "${workload_config_information}" - fi + fi_system fi fi @@ -1096,7 +1096,6 @@ echo "" if [ -n "${spn_secret}" ] then az logout - echo "Login as SPN" az login --service-principal --username "${client_id}" --password="${spn_secret}" --tenant "${tenant_id}" --output none fi diff --git a/deploy/scripts/installer.sh b/deploy/scripts/installer.sh index 9facd4520c..d9f0866ac8 100755 --- a/deploy/scripts/installer.sh +++ b/deploy/scripts/installer.sh @@ -285,6 +285,7 @@ then fi else deployer_tfstate_key_parameter=" -var deployer_tfstate_key=${deployer_tfstate_key}" + echo "Deployer state file name: ${deployer_tfstate_key}" fi else load_config_vars "${system_config_information}" "keyvault" @@ -340,7 +341,6 @@ then fi else landscape_tfstate_key_parameter=" -var landscape_tfstate_key=${landscape_tfstate_key}" - echo "Workload zone state file: ${landscape_tfstate_key}" fi fi From 15892398f4f3cdc35f7808da323eeb344318046c Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Wed, 23 Oct 2024 13:09:56 +0300 Subject: [PATCH 272/279] Refactor module.tf to include enable_firewall_for_keyvaults_and_storage variable --- deploy/terraform/run/sap_system/module.tf | 1 + .../run/sap_system/tfvar_variables.tf | 5 +++ .../common_infrastructure/storage_accounts.tf | 39 +++++++++++-------- .../common_infrastructure/variables_global.tf | 4 ++ 4 files changed, 32 insertions(+), 17 deletions(-) diff --git a/deploy/terraform/run/sap_system/module.tf b/deploy/terraform/run/sap_system/module.tf index 0a13d0c6d5..93094b8142 100644 --- a/deploy/terraform/run/sap_system/module.tf +++ b/deploy/terraform/run/sap_system/module.tf @@ -93,6 +93,7 @@ module "common_infrastructure" { use_random_id_for_storageaccounts = var.use_random_id_for_storageaccounts use_scalesets_for_deployment = var.use_scalesets_for_deployment dns_settings = local.dns_settings + enable_firewall_for_keyvaults_and_storage = var.enable_firewall_for_keyvaults_and_storage } #------------------------------------------------------------------------------- diff --git a/deploy/terraform/run/sap_system/tfvar_variables.tf b/deploy/terraform/run/sap_system/tfvar_variables.tf index 3f2b7cab9b..a51596c730 100644 --- a/deploy/terraform/run/sap_system/tfvar_variables.tf +++ b/deploy/terraform/run/sap_system/tfvar_variables.tf @@ -135,6 +135,11 @@ variable "shared_access_key_enabled_nfs" { type = bool } +variable "enable_firewall_for_keyvaults_and_storage" { + description = "Boolean value indicating if firewall should be enabled for key vaults and storage" + default = true + type = bool + } ######################################################################################### # # diff --git a/deploy/terraform/terraform-units/modules/sap_system/common_infrastructure/storage_accounts.tf b/deploy/terraform/terraform-units/modules/sap_system/common_infrastructure/storage_accounts.tf index 4785530e08..bab63ad0a1 100644 --- a/deploy/terraform/terraform-units/modules/sap_system/common_infrastructure/storage_accounts.tf +++ b/deploy/terraform/terraform-units/modules/sap_system/common_infrastructure/storage_accounts.tf @@ -44,23 +44,28 @@ resource "azurerm_storage_account" "sapmnt" { public_network_access_enabled = try(var.landscape_tfstate.public_network_access_enabled, true) tags = var.tags - network_rules { - default_action = "Deny" - virtual_network_subnet_ids = compact( - [ - try(var.landscape_tfstate.admin_subnet_id, ""), - try(var.landscape_tfstate.app_subnet_id, ""), - try(var.landscape_tfstate.db_subnet_id, ""), - try(var.landscape_tfstate.web_subnet_id, ""), - try(var.landscape_tfstate.subnet_mgmt_id, "") - ] - ) - ip_rules = compact( - [ - length(var.Agent_IP) > 0 ? var.Agent_IP : "" - ] - ) - } + dynamic "network_rules" { + for_each = range(var.enable_firewall_for_keyvaults_and_storage ? 1 : 0) + content { + + default_action = var.enable_firewall_for_keyvaults_and_storage ? "Deny" : "Allow" + virtual_network_subnet_ids = compact( + [ + try(var.landscape_tfstate.admin_subnet_id, ""), + try(var.landscape_tfstate.app_subnet_id, ""), + try(var.landscape_tfstate.db_subnet_id, ""), + try(var.landscape_tfstate.web_subnet_id, ""), + try(var.landscape_tfstate.subnet_mgmt_id, "") + ] + ) + ip_rules = compact( + [ + length(var.Agent_IP) > 0 ? var.Agent_IP : "" + ] + ) + + } + } } diff --git a/deploy/terraform/terraform-units/modules/sap_system/common_infrastructure/variables_global.tf b/deploy/terraform/terraform-units/modules/sap_system/common_infrastructure/variables_global.tf index 922e45fa16..e1cc5e4826 100644 --- a/deploy/terraform/terraform-units/modules/sap_system/common_infrastructure/variables_global.tf +++ b/deploy/terraform/terraform-units/modules/sap_system/common_infrastructure/variables_global.tf @@ -216,6 +216,10 @@ variable "use_private_endpoint" { default = false type = bool } +variable "enable_firewall_for_keyvaults_and_storage" { + description = "Boolean value indicating if firewall should be enabled for key vaults and storage" + type = bool + } ######################################################################################### # # From f3c0a77bf558f070eeef5dab6f7d6f6997675eec Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Wed, 23 Oct 2024 13:26:26 +0300 Subject: [PATCH 273/279] Refactor installer.sh to handle empty SPN secret in set_executing_user_environment_variables and remove error file --- deploy/scripts/installer.sh | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/deploy/scripts/installer.sh b/deploy/scripts/installer.sh index d9f0866ac8..6e460552f7 100755 --- a/deploy/scripts/installer.sh +++ b/deploy/scripts/installer.sh @@ -8,6 +8,7 @@ set -o pipefail boldreduscore="\e[1;4;31m" boldred="\e[1;31m" cyan="\e[1;36m" +green="\e[1;32m" resetformatting="\e[0m" #External helper functions @@ -1450,6 +1451,7 @@ fi if [ -f "${system_config_information}".err ]; then cat "${system_config_information}".err + sudo rm "${system_config_information}".err fi unset TF_DATA_DIR @@ -1458,7 +1460,6 @@ unset TF_DATA_DIR # # # Copy tfvars to storage account # # # -# # ################################################################################# useSAS=$(az storage account show --name "${REMOTE_STATE_SA}" --query allowSharedKeyAccess --subscription "${STATE_SUBSCRIPTION}" --out tsv) @@ -1500,5 +1501,14 @@ if [ "${deployment_system}" == sap_library ] ; then fi fi +echo "" +echo "#########################################################################################" +echo "# #" +echo -e "# $green Deployment completed $resetformatting #" +echo "# #" +echo "#########################################################################################" +echo "" + + exit $return_value From df8322e4f77b70bfee7d2db049806dfad19a9aea Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Wed, 23 Oct 2024 13:39:12 +0300 Subject: [PATCH 274/279] Add Terraform output detaisl --- deploy/scripts/installer.sh | 6 +++--- deploy/scripts/remover.sh | 14 ++++++++++++-- 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/deploy/scripts/installer.sh b/deploy/scripts/installer.sh index 6e460552f7..358e3542c9 100755 --- a/deploy/scripts/installer.sh +++ b/deploy/scripts/installer.sh @@ -619,7 +619,7 @@ then echo "" echo "#########################################################################################" echo "# #" - echo -e "# $cyan Deployed using the Terraform templates version: $val $resetformatting #" + echo -e "# $cyan Deployed using the Terraform templates version: $val $resetformatting #" echo "# #" echo "#########################################################################################" echo "" @@ -1451,7 +1451,7 @@ fi if [ -f "${system_config_information}".err ]; then cat "${system_config_information}".err - sudo rm "${system_config_information}".err + rm "${system_config_information}".err fi unset TF_DATA_DIR @@ -1504,7 +1504,7 @@ fi echo "" echo "#########################################################################################" echo "# #" -echo -e "# $green Deployment completed $resetformatting #" +echo -e "# $green Deployment completed $resetformatting #" echo "# #" echo "#########################################################################################" echo "" diff --git a/deploy/scripts/remover.sh b/deploy/scripts/remover.sh index a824c19247..4880d77485 100755 --- a/deploy/scripts/remover.sh +++ b/deploy/scripts/remover.sh @@ -29,13 +29,13 @@ function showhelp { echo "# This file contains the logic to remove the different systems #" echo "# The script expects the following exports: #" echo "# #" - echo "# SAP_AUTOMATION_REPO_PATH (path to the repo folder (sap-automation)) #" + echo "# SAP_AUTOMATION_REPO_PATH (path to the repo folder (sap-automation)) #" echo "# ARM_SUBSCRIPTION_ID (subscription containing the state file storage account) #" echo "# REMOTE_STATE_RG (resource group name for storage account containing state files) #" echo "# REMOTE_STATE_SA (storage account for state file) #" echo "# #" echo "# The script will persist the parameters needed between the executions in the #" - echo "# [CONFIG_REPO_PATH]/.sap_deployment_automation folder. #" + echo "# [CONFIG_REPO_PATH]/.sap_deployment_automation folder. #" echo "# #" echo "# #" echo "# Usage: remover.sh #" @@ -222,6 +222,16 @@ echo "Deployment region code: $region_code" key=$(echo "${parameterfile_name}" | cut -d. -f1) +echo "" +echo "Terraform details" +echo "-------------------------------------------------------------------------" +echo "Subscription: ${STATE_SUBSCRIPTION}" +echo "Storage Account: ${REMOTE_STATE_SA}" +echo "Resource Group: ${REMOTE_STATE_RG}" +echo "State file: ${key}.terraform.tfstate" +echo "Target subscription: ${ARM_SUBSCRIPTION_ID}" +echo "" + #Plugins isInCloudShellCheck=$(checkIfCloudShell) From 745667c3544dc51157efa82f8ee3dbd4c74dd218 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Wed, 23 Oct 2024 13:48:22 +0300 Subject: [PATCH 275/279] Refactor Terraform plugin cache directory handling --- deploy/scripts/remover.sh | 49 +++++++++++++++++++-------------------- 1 file changed, 24 insertions(+), 25 deletions(-) diff --git a/deploy/scripts/remover.sh b/deploy/scripts/remover.sh index 4880d77485..1d757b5c41 100755 --- a/deploy/scripts/remover.sh +++ b/deploy/scripts/remover.sh @@ -236,14 +236,14 @@ echo "" isInCloudShellCheck=$(checkIfCloudShell) if checkIfCloudShell; then - mkdir -p "${HOME}/.terraform.d/plugin-cache" - export TF_PLUGIN_CACHE_DIR="${HOME}/.terraform.d/plugin-cache" + mkdir -p "${HOME}/.terraform.d/plugin-cache" + export TF_PLUGIN_CACHE_DIR="${HOME}/.terraform.d/plugin-cache" else - if [ ! -d /opt/terraform/.terraform.d/plugin-cache ]; then - mkdir -p /opt/terraform/.terraform.d/plugin-cache - sudo chown -R "$USER" /opt/terraform - fi - export TF_PLUGIN_CACHE_DIR=/opt/terraform/.terraform.d/plugin-cache + if [ ! -d /opt/terraform/.terraform.d/plugin-cache ]; then + mkdir -p /opt/terraform/.terraform.d/plugin-cache + sudo chown -R "$USER" /opt/terraform + fi + export TF_PLUGIN_CACHE_DIR=/opt/terraform/.terraform.d/plugin-cache fi init "${automation_config_directory}" "${generic_config_information}" "${system_config_information}" @@ -354,7 +354,7 @@ else resource_group_exist=true fi -if [ $resource_group_exist ]; +if [ "$resource_group_exist" ]; then echo "" echo "#########################################################################################" @@ -366,11 +366,11 @@ then if [ "$deployment_system" == "sap_deployer" ]; then terraform -chdir="${terraform_bootstrap_directory}" refresh -var-file="${var_file}" \ - $deployer_tfstate_key_parameter + "$deployer_tfstate_key_parameter" echo -e "#$cyan processing $deployment_system removal as defined in $parameterfile_name $resetformatting" terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" \ - $deployer_tfstate_key_parameter + "$deployer_tfstate_key_parameter" elif [ "$deployment_system" == "sap_library" ]; then echo -e "#$cyan processing $deployment_system removal as defined in $parameterfile_name $resetformatting" @@ -389,28 +389,27 @@ then terraform -chdir="${terraform_bootstrap_directory}" init -upgrade=true -force-copy terraform -chdir="${terraform_bootstrap_directory}" refresh -var-file="${var_file}" \ - $landscape_tfstate_key_parameter \ - $deployer_tfstate_key_parameter + "$landscape_tfstate_key_parameter" \ + "$deployer_tfstate_key_parameter" - terraform -chdir="${terraform_bootstrap_directory}" destroy -var-file="${var_file}" ${approve} \ - $landscape_tfstate_key_parameter \ - $deployer_tfstate_key_parameter + terraform -chdir="${terraform_bootstrap_directory}" destroy -var-file="${var_file}" "${approve}" \ + "$landscape_tfstate_key_parameter" \ + "$deployer_tfstate_key_parameter" else - echo -e "#$cyan processing $deployment_system removal as defined in $parameterfile_name $resetformatting" - echo $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter + echo -e "#$cyan processing "$deployment_system" removal as defined in "$parameterfile_name" "$resetformatting"" if [ -n "${approve}" ] then - terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" ${approve} \ - $tfstate_parameter \ - $landscape_tfstate_key_parameter \ - $deployer_tfstate_key_parameter -json | tee -a destroy_output.json + terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" "${approve}" \ + "$tfstate_parameter" \ + "$landscape_tfstate_key_parameter" \ + "$deployer_tfstate_key_parameter" -json | tee -a destroy_output.json else - terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" ${approve} \ - $tfstate_parameter \ - $landscape_tfstate_key_parameter \ - $deployer_tfstate_key_parameter + terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" "${approve}" \ + "$tfstate_parameter" \ + "$landscape_tfstate_key_parameter" \ + "$deployer_tfstate_key_parameter" fi From 3ef72479a06190b1d24c052296ceffd51f5356ce Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Wed, 23 Oct 2024 13:53:37 +0300 Subject: [PATCH 276/279] Refactor Terraform destroy command in remover.sh --- deploy/scripts/remover.sh | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/deploy/scripts/remover.sh b/deploy/scripts/remover.sh index 1d757b5c41..ed1c79570e 100755 --- a/deploy/scripts/remover.sh +++ b/deploy/scripts/remover.sh @@ -401,15 +401,16 @@ then if [ -n "${approve}" ] then - terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" "${approve}" \ - "$tfstate_parameter" \ + terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" ${approve} \ + $tfstate_parameter \ "$landscape_tfstate_key_parameter" \ - "$deployer_tfstate_key_parameter" -json | tee -a destroy_output.json + + $deployer_tfstate_key_parameter -json | tee -a destroy_output.json else - terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" "${approve}" \ - "$tfstate_parameter" \ + terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" ${approve} \ + $tfstate_parameter \ "$landscape_tfstate_key_parameter" \ - "$deployer_tfstate_key_parameter" + $deployer_tfstate_key_parameter fi From a9ec661eab1112865f46b1b4e57c4561ffaeca3d Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Wed, 23 Oct 2024 13:58:56 +0300 Subject: [PATCH 277/279] Refactor Terraform destroy command in remover.sh --- deploy/scripts/remover.sh | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/deploy/scripts/remover.sh b/deploy/scripts/remover.sh index ed1c79570e..b9e4a938b6 100755 --- a/deploy/scripts/remover.sh +++ b/deploy/scripts/remover.sh @@ -268,15 +268,15 @@ load_config_vars "${system_config_information}" "ARM_SUBSCRIPTION_ID" deployer_tfstate_key_parameter='' if [ "${deployment_system}" != sap_deployer ]; then - deployer_tfstate_key_parameter=" -var deployer_tfstate_key=${deployer_tfstate_key}" + deployer_tfstate_key_parameter=" -var deployer_tfstate_key=${deployer_tfstate_key} " fi landscape_tfstate_key_parameter='' if [ "${deployment_system}" == sap_system ]; then - landscape_tfstate_key_parameter=" -var landscape_tfstate_key=${landscape_tfstate_key}" + landscape_tfstate_key_parameter=" -var landscape_tfstate_key=${landscape_tfstate_key} " fi -tfstate_parameter=" -var tfstate_resource_id=${tfstate_resource_id}" +tfstate_parameter=" -var tfstate_resource_id=${tfstate_resource_id} " #setting the user environment variables set_executing_user_environment_variables "none" @@ -401,16 +401,11 @@ then if [ -n "${approve}" ] then - terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" ${approve} \ - $tfstate_parameter \ - "$landscape_tfstate_key_parameter" \ + terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" $approve $tfstate_parameter $landscape_tfstate_key_parameter \ $deployer_tfstate_key_parameter -json | tee -a destroy_output.json else - terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" ${approve} \ - $tfstate_parameter \ - "$landscape_tfstate_key_parameter" \ - $deployer_tfstate_key_parameter + terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" $approve $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter fi From f32d3122c9b26f0acbc84e1cccc243e2156e1d59 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Wed, 23 Oct 2024 14:19:22 +0300 Subject: [PATCH 278/279] Refactor echo statement in deploy pipeline to include return code from deployment --- deploy/pipelines/02-sap-workload-zone.yaml | 3 ++- deploy/terraform/run/sap_landscape/variables_local.tf | 7 +++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/deploy/pipelines/02-sap-workload-zone.yaml b/deploy/pipelines/02-sap-workload-zone.yaml index 86f773114f..9320120961 100644 --- a/deploy/pipelines/02-sap-workload-zone.yaml +++ b/deploy/pipelines/02-sap-workload-zone.yaml @@ -564,7 +564,8 @@ stages: fi return_code=$? - echo "Return code: ${return_code}" + echo "Return code from deployment: ${return_code}" + if [ -f ${workload_environment_file_name} ]; then export workload_key_vault=$(cat ${workload_environment_file_name} | grep workloadkeyvault= | awk -F'=' '{print $2}' | xargs) echo "Workload zone key vault: ${workload_key_vault}" diff --git a/deploy/terraform/run/sap_landscape/variables_local.tf b/deploy/terraform/run/sap_landscape/variables_local.tf index 03205e2949..d00529619c 100644 --- a/deploy/terraform/run/sap_landscape/variables_local.tf +++ b/deploy/terraform/run/sap_landscape/variables_local.tf @@ -29,10 +29,9 @@ locals { deployer_subscription_id = coalesce( try(data.terraform_remote_state.deployer[0].outputs.created_resource_group_subscription_id,""), - length(local.spn_key_vault_arm_id) > 0 ? ( - split("/", local.spn_key_vault_arm_id)[2]) : ( - "" - )) + length(local.spn_key_vault_arm_id) > 0 ? (split("/", local.spn_key_vault_arm_id)[2]) : (""), + local.saplib_subscription_id + ) spn = { subscription_id = data.azurerm_key_vault_secret.subscription_id.value, From f0cac1e4c3d9fab571792b26a69b82fb4894bc47 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Wed, 23 Oct 2024 14:42:48 +0300 Subject: [PATCH 279/279] Refactor echo statement in deploy pipeline to include return code from deployment --- deploy/scripts/remove_controlplane.sh | 56 +++++++++---------- deploy/scripts/remover.sh | 2 +- .../templates/configure_deployer.sh.tmpl | 4 -- 3 files changed, 29 insertions(+), 33 deletions(-) diff --git a/deploy/scripts/remove_controlplane.sh b/deploy/scripts/remove_controlplane.sh index 033d88a4b8..292d34037f 100755 --- a/deploy/scripts/remove_controlplane.sh +++ b/deploy/scripts/remove_controlplane.sh @@ -39,34 +39,34 @@ keep_agent=0 function showhelp { echo "" - echo "#################################################################################################################" - echo "# #" - echo "# #" - echo "# This file contains the logic to remove the deployer and library from an Azure region #" - echo "# #" - echo "# The script experts the following exports: #" - echo "# #" - echo "# SAP_AUTOMATION_REPO_PATH the path to the folder containing the cloned sap-automation #" - echo "# #" - echo "# The script is to be run from a parent folder to the folders containing the json parameter files for #" - echo "# the deployer and the library and the environment. #" - echo "# #" - echo "# The script will persist the parameters needed between the executions in the #" - echo "# [CONFIG_REPO_PATH]/.sap_deployment_automation folder #" - echo "# #" - echo "# #" - echo "# Usage: remove_region.sh #" - echo "# -d or --deployer_parameter_file deployer parameter file #" - echo "# -l or --library_parameter_file library parameter file #" - echo "# #" - echo "# #" - echo "# Example: #" - echo "# #" - echo "# SAP_AUTOMATION_REPO_PATH/scripts/remove_controlplane.sh \ #" - echo "# --deployer_parameter_file DEPLOYER/PROD-WEEU-DEP00-INFRASTRUCTURE/PROD-WEEU-DEP00-INFRASTRUCTURE.json \ #" - echo "# --library_parameter_file LIBRARY/PROD-WEEU-SAP_LIBRARY/PROD-WEEU-SAP_LIBRARY.json \ #" - echo "# #" - echo "#################################################################################################################" + echo "##################################################################################################################" + echo "# #" + echo "# #" + echo "# This file contains the logic to remove the deployer and library from an Azure region #" + echo "# #" + echo "# The script experts the following exports: #" + echo "# #" + echo "# SAP_AUTOMATION_REPO_PATH the path to the folder containing the cloned sap-automation #" + echo "# #" + echo "# The script is to be run from a parent folder to the folders containing the json parameter files for #" + echo "# the deployer and the library and the environment. #" + echo "# #" + echo "# The script will persist the parameters needed between the executions in the #" + echo "# [CONFIG_REPO_PATH]/.sap_deployment_automation folder #" + echo "# #" + echo "# #" + echo "# Usage: remove_region.sh #" + echo "# -d or --deployer_parameter_file deployer parameter file #" + echo "# -l or --library_parameter_file library parameter file #" + echo "# #" + echo "# #" + echo "# Example: #" + echo "# #" + echo "# SAP_AUTOMATION_REPO_PATH/scripts/remove_controlplane.sh \ #" + echo "# --deployer_parameter_file DEPLOYER/PROD-WEEU-DEP00-INFRASTRUCTURE/PROD-WEEU-DEP00-INFRASTRUCTURE.tfvars \ #" + echo "# --library_parameter_file LIBRARY/PROD-WEEU-SAP_LIBRARY/PROD-WEEU-SAP_LIBRARY.tfvars \ #" + echo "# #" + echo "##################################################################################################################" } function missing { diff --git a/deploy/scripts/remover.sh b/deploy/scripts/remover.sh index b9e4a938b6..35cb1baf32 100755 --- a/deploy/scripts/remover.sh +++ b/deploy/scripts/remover.sh @@ -56,7 +56,7 @@ function showhelp { echo "# Example: #" echo "# #" echo "# [REPO-ROOT]deploy/scripts/remover.sh \ #" - echo "# --parameterfile DEV-WEEU-SAP01-X00.json \ #" + echo "# --parameterfile DEV-WEEU-SAP01-X00.tfvars \ #" echo "# --type sap_system #" echo "# #" echo "#########################################################################################" diff --git a/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl b/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl index 54e7e2df67..cd0a5c6f5f 100644 --- a/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl +++ b/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl @@ -458,13 +458,9 @@ else "$${tf_cache}" wget -nv -O "/$${asad_home}/$${tf_zip}" "https://releases.hashicorp.com/terraform/$${tfversion}/$${tf_zip}" - sudo touch "$${asad_ws}/LOCAL/1" sudo unzip -qq -o "/$${asad_home}/$${tf_zip}" -d "$${tf_dir}" - sudo touch "$${asad_ws}/LOCAL/2" sudo ln -vfs "../$(basename "$${tf_dir}")/terraform" "$${tf_bin}/terraform" - sudo touch "$${asad_ws}/LOCAL/3" sudo chmod 755 "$${tf_bin}/terraform" - sudo touch "$${asad_ws}/LOCAL/4" sudo rm "/$${asad_home}/$${tf_zip}"