From 2f4764c716452ffaa0c2fa1a2a98280a916851ef Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 10:18:48 +0300 Subject: [PATCH 01/77] Refactor echo statements in deploy control plane pipeline --- deploy/pipelines/01-deploy-control-plane.yaml | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index 27475bed1b..8deefe83e1 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -109,13 +109,13 @@ stages: az extension add --name azure-devops --output none --only-show-errors - echo "Environment: $ENVIRONMENT" - echo "Location: $LOCATION" + echo "Environment: $ENVIRONMENT" + echo "Location: $LOCATION" echo "" - echo "Agent: $(this_agent)" - echo "Organization: $(System.CollectionUri)" - echo "Project: $(System.TeamProject)" + echo "Agent: $(this_agent)" + echo "Organization: $(System.CollectionUri)" + echo "Project: $(System.TeamProject)" echo "" az devops configure --defaults organization=$(System.CollectionUri) project='$(System.TeamProject)' --output none --only-show-errors @@ -260,8 +260,8 @@ stages: export ARM_USE_OIDC=false export ARM_USE_AZUREAD=true - echo "Deployment credentials: Service Principal" - echo "Deployment credential ID (SPN): $WL_ARM_CLIENT_ID" + echo "Deployment credentials: Service Principal" + echo "Deployment credential ID (SPN): $WL_ARM_CLIENT_ID" az login --service-principal -u $ARM_CLIENT_ID -p=$ARM_CLIENT_SECRET --tenant $ARM_TENANT_ID --output none @@ -676,9 +676,9 @@ stages: . /etc/profile.d/deploy_server.sh ; /opt/bin/terraform/terraform --version if [ $USE_MSI != "true" ]; then - echo "Deployment credentials: Service Principal" - echo "Deployment credential ID (SPN): $CP_ARM_CLIENT_ID" - echo "Deployer subscription: $CP_ARM_SUBSCRIPTION_ID" + echo "Deployment credentials: Service Principal" + echo "Deployment credential ID (SPN): $CP_ARM_CLIENT_ID" + echo "Deployer subscription: $CP_ARM_SUBSCRIPTION_ID" export ARM_CLIENT_ID=$CP_ARM_CLIENT_ID export ARM_CLIENT_SECRET=$CP_ARM_CLIENT_SECRET @@ -765,9 +765,9 @@ stages: sudo chmod +x $SAP_AUTOMATION_REPO_PATH/deploy/scripts/deploy_controlplane.sh if [ $USE_MSI != "true" ]; then - echo "Deployment credentials: Service Principal" - echo "Deployment credential ID (SPN): $CP_ARM_CLIENT_ID" - echo "Deployer subscription: $CP_ARM_SUBSCRIPTION_ID" + echo "Deployment credentials: Service Principal" + echo "Deployment credential ID (SPN): $CP_ARM_CLIENT_ID" + echo "Deployer subscription: $CP_ARM_SUBSCRIPTION_ID" export TF_VAR_use_spn=true From 71044a76935d3f2c74b6a61d68504676210fcd2e Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 10:18:48 +0300 Subject: [PATCH 02/77] Refactor echo statements in deploy control plane pipeline --- deploy/pipelines/02-sap-workload-zone.yaml | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/deploy/pipelines/02-sap-workload-zone.yaml b/deploy/pipelines/02-sap-workload-zone.yaml index 9320120961..bbd2d086c6 100644 --- a/deploy/pipelines/02-sap-workload-zone.yaml +++ b/deploy/pipelines/02-sap-workload-zone.yaml @@ -436,9 +436,9 @@ stages: if [ $USE_MSI != "true" ]; then - echo "Deployment credentials: Service Principal" - echo "Deployment credential ID (SPN): $WL_ARM_CLIENT_ID" - echo "Deployer subscription: $STATE_SUBSCRIPTION" + echo "Deployment credentials: Service Principal" + echo "Deployment credential ID (SPN): $WL_ARM_CLIENT_ID" + echo "Deployer subscription: $STATE_SUBSCRIPTION" export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET @@ -462,7 +462,7 @@ stages: --region "${LOCATION}" --subscription $ARM_SUBSCRIPTION_ID --spn_id $ARM_CLIENT_ID --spn_secret "${ARM_CLIENT_SECRET}" \ --tenant_id $ARM_TENANT_ID --keyvault_subscription $STATE_SUBSCRIPTION secrets_set=$? ; - echo "Set Secrets returned: $secrets_set" + echo "Set Secrets returned: $secrets_set" else echo "Deployment credentials: Managed Identity" @@ -476,9 +476,6 @@ stages: debug_variable='' if [ $USE_MSI != "true" ]; then - echo "Deployment credentials: Service Principal" - echo "Service Principal: $WL_ARM_CLIENT_ID" - echo "Service Principal (OID) $WL_ARM_OBJECT_ID" isUserAccessAdmin=$(az role assignment list --role "User Access Administrator" --subscription $STATE_SUBSCRIPTION --assignee $WL_ARM_OBJECT_ID --query "[].principalName | [0]" --output tsv) From 01f0f400e01a4687f1c9e51f39d1a94afa4cf516 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 10:18:48 +0300 Subject: [PATCH 03/77] Refactor install_workloadzone.sh script to reset return_value variable --- deploy/scripts/install_workloadzone.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index f8b410e545..31fdcdbb06 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -880,7 +880,7 @@ if [ 2 == $return_value ] ; then ok_to_proceed=1 fi fi - +return_value=0 if [ 1 == $ok_to_proceed ]; then echo "" echo "#########################################################################################" From aebe3352a46349f7155330e223c30afbdac588ef Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 10:18:48 +0300 Subject: [PATCH 04/77] Refactor install_workloadzone.sh script to improve error handling --- deploy/scripts/install_workloadzone.sh | 258 +++++++++++++------------ 1 file changed, 130 insertions(+), 128 deletions(-) diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index 31fdcdbb06..3012f68e8c 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -127,8 +127,8 @@ get_region_code "$region" if [ "${region_code}" == 'UNKN' ]; then - LOCATION_CODE=$(echo "$workload_file_parametername" | awk -F'-' '{print $2}' ) - region_code=$(echo "${LOCATION_CODE}" | tr "[:lower:]" "[:upper:]" | xargs) + LOCATION_CODE=$(echo "$workload_file_parametername" | awk -F'-' '{print $2}' ) + region_code=$(echo "${LOCATION_CODE}" | tr "[:lower:]" "[:upper:]" | xargs) fi echo "Region code: ${region_code}" @@ -166,7 +166,7 @@ fi workload_config_information="${automation_config_directory}/${environment}${region_code}${network_logical_name}" deployer_config_information="${automation_config_directory}/${deployer_environment}${region_code}" save_config_vars "${workload_config_information}" \ - STATE_SUBSCRIPTION REMOTE_STATE_SA subscription +STATE_SUBSCRIPTION REMOTE_STATE_SA subscription if [ "${force}" == 1 ] then @@ -334,46 +334,46 @@ then fi fi if [ 0 = "${deploy_using_msi_only:-}" ]; then - if [ -n "$client_id" ] - then - if is_valid_guid "$client_id" ; then - echo "" - else - printf -v val %-40.40s "$client_id" - echo "#########################################################################################" - echo "# #" - echo -e "# The provided spn_id is not valid:$boldred ${val} $resetformatting #" - echo "# #" - echo "#########################################################################################" - exit 65 - fi - fi - - if [ -n "$tenant_id" ] - then - if is_valid_guid "$tenant_id" ; then - echo "Valid tenant id format" - else - printf -v val %-40.40s "$tenant_id" - echo "#########################################################################################" - echo "# #" - echo -e "# The provided tenant_id is not valid:$boldred ${val} $resetformatting #" - echo "# #" - echo "#########################################################################################" - exit 65 - fi - - fi - #setting the user environment variables - if [ -n "${spn_secret}" ] - then - set_executing_user_environment_variables "${spn_secret}" - else - set_executing_user_environment_variables "none" - fi + if [ -n "$client_id" ] + then + if is_valid_guid "$client_id" ; then + echo "" + else + printf -v val %-40.40s "$client_id" + echo "#########################################################################################" + echo "# #" + echo -e "# The provided spn_id is not valid:$boldred ${val} $resetformatting #" + echo "# #" + echo "#########################################################################################" + exit 65 + fi + fi + + if [ -n "$tenant_id" ] + then + if is_valid_guid "$tenant_id" ; then + echo "Valid tenant id format" + else + printf -v val %-40.40s "$tenant_id" + echo "#########################################################################################" + echo "# #" + echo -e "# The provided tenant_id is not valid:$boldred ${val} $resetformatting #" + echo "# #" + echo "#########################################################################################" + exit 65 + fi + + fi + #setting the user environment variables + if [ -n "${spn_secret}" ] + then + set_executing_user_environment_variables "${spn_secret}" + else + set_executing_user_environment_variables "none" + fi else - #setting the user environment variables - set_executing_user_environment_variables "N/A" + #setting the user environment variables + set_executing_user_environment_variables "N/A" fi if [[ -z ${REMOTE_STATE_SA} ]]; then @@ -412,7 +412,7 @@ fi if [ -z "$subscription" ] then - subscription="${STATE_SUBSCRIPTION}" + subscription="${STATE_SUBSCRIPTION}" fi if [ -z "$REMOTE_STATE_SA" ] @@ -442,76 +442,76 @@ fi useSAS=$(az storage account show --name "${REMOTE_STATE_SA}" --query allowSharedKeyAccess --subscription "${STATE_SUBSCRIPTION}" --out tsv) if [ "$useSAS" = "true" ] ; then - echo "Storage Account authentication: key" - export ARM_USE_AZUREAD=false + echo "Storage Account authentication: key" + export ARM_USE_AZUREAD=false else - echo "Storage Account authentication: Entra ID" - export ARM_USE_AZUREAD=true + echo "Storage Account authentication: Entra ID" + export ARM_USE_AZUREAD=true fi if [ 1 = "${deploy_using_msi_only:-}" ]; then - if [ -n "${keyvault}" ] - then - echo "Setting the secrets" + if [ -n "${keyvault}" ] + then + echo "Setting the secrets" - allParams=$(printf " --workload --environment %s --region %s --vault %s --keyvault_subscription %s --subscription %s --msi " "${environment}" "${region_code}" "${keyvault}" "${STATE_SUBSCRIPTION}" "${ARM_SUBSCRIPTION_ID}" ) + allParams=$(printf " --workload --environment %s --region %s --vault %s --keyvault_subscription %s --subscription %s --msi " "${environment}" "${region_code}" "${keyvault}" "${STATE_SUBSCRIPTION}" "${ARM_SUBSCRIPTION_ID}" ) - echo "Calling set_secrets with: ${allParams}" + echo "Calling set_secrets with: ${allParams}" - "${SAP_AUTOMATION_REPO_PATH}"/deploy/scripts/set_secrets.sh ${allParams} + "${SAP_AUTOMATION_REPO_PATH}"/deploy/scripts/set_secrets.sh ${allParams} - if [ -f secret.err ]; then - error_message=$(cat secret.err) - echo "##vso[task.logissue type=error]${error_message}" - rm secret.err - exit 65 - fi - fi + if [ -f secret.err ]; then + error_message=$(cat secret.err) + echo "##vso[task.logissue type=error]${error_message}" + rm secret.err + exit 65 + fi + fi else - if [ -n "${keyvault}" ] - then - echo "Setting the secrets" + if [ -n "${keyvault}" ] + then + echo "Setting the secrets" - save_config_var "client_id" "${workload_config_information}" - save_config_var "tenant_id" "${workload_config_information}" + save_config_var "client_id" "${workload_config_information}" + save_config_var "tenant_id" "${workload_config_information}" - if [ -n "$spn_secret" ] - then - fixed_allParams=$(printf " --workload --environment %s --region %s --vault %s --subscription %s --spn_secret ***** --keyvault_subscription %s --spn_id %s --tenant_id %s " "${environment}" "${region_code}" "${keyvault}" "${ARM_SUBSCRIPTION_ID}" "${STATE_SUBSCRIPTION}" "${client_id}" "${tenant_id}" ) + if [ -n "$spn_secret" ] + then + fixed_allParams=$(printf " --workload --environment %s --region %s --vault %s --subscription %s --spn_secret ***** --keyvault_subscription %s --spn_id %s --tenant_id %s " "${environment}" "${region_code}" "${keyvault}" "${ARM_SUBSCRIPTION_ID}" "${STATE_SUBSCRIPTION}" "${client_id}" "${tenant_id}" ) - echo "Calling set_secrets with: ${fixed_allParams}" + echo "Calling set_secrets with: ${fixed_allParams}" - allParams=$(printf " --workload --environment %s --region %s --vault %s --spn_secret %s --subscription %s --keyvault_subscription %s --spn_id %s --tenant_id %s " "${environment}" "${region_code}" "${keyvault}" "${spn_secret}" "${ARM_SUBSCRIPTION_ID}" "${STATE_SUBSCRIPTION}" "${client_id}" "${tenant_id}" ) + allParams=$(printf " --workload --environment %s --region %s --vault %s --spn_secret %s --subscription %s --keyvault_subscription %s --spn_id %s --tenant_id %s " "${environment}" "${region_code}" "${keyvault}" "${spn_secret}" "${ARM_SUBSCRIPTION_ID}" "${STATE_SUBSCRIPTION}" "${client_id}" "${tenant_id}" ) - "${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/set_secrets.sh" ${allParams} + "${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/set_secrets.sh" ${allParams} - if [ -f secret.err ]; then - error_message=$(cat secret.err) - echo "##vso[task.logissue type=error]${error_message}" + if [ -f secret.err ]; then + error_message=$(cat secret.err) + echo "##vso[task.logissue type=error]${error_message}" - exit 65 - fi - else - read -p "Do you want to specify the Workload SPN Details Y/N?" ans - answer=${ans^^} - if [ ${answer} == 'Y' ]; then - allParams=$(printf " --workload --environment %s --region %s --vault %s --subscription %s --spn_id %s " "${environment}" "${region_code}" "${keyvault}" "${STATE_SUBSCRIPTION}" "${client_id}" ) - - "${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/set_secrets.sh ${allParams}" - if [ $? -eq 255 ] - then - exit $? - fi - fi - fi + exit 65 + fi + else + read -p "Do you want to specify the Workload SPN Details Y/N?" ans + answer=${ans^^} + if [ ${answer} == 'Y' ]; then + allParams=$(printf " --workload --environment %s --region %s --vault %s --subscription %s --spn_id %s " "${environment}" "${region_code}" "${keyvault}" "${STATE_SUBSCRIPTION}" "${client_id}" ) + + "${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/set_secrets.sh ${allParams}" + if [ $? -eq 255 ] + then + exit $? + fi + fi + fi - if [ -f kv.log ] - then - rm kv.log - fi - fi + if [ -f kv.log ] + then + rm kv.log + fi + fi fi if [ -z "${deployer_tfstate_key}" ] then @@ -593,14 +593,14 @@ new_deployment=false isInCloudShellCheck=$(checkIfCloudShell) if checkIfCloudShell; then - mkdir -p "${HOME}/.terraform.d/plugin-cache" - export TF_PLUGIN_CACHE_DIR="${HOME}/.terraform.d/plugin-cache" + mkdir -p "${HOME}/.terraform.d/plugin-cache" + export TF_PLUGIN_CACHE_DIR="${HOME}/.terraform.d/plugin-cache" else - if [ ! -d /opt/terraform/.terraform.d/plugin-cache ]; then - mkdir -p /opt/terraform/.terraform.d/plugin-cache - sudo chown -R "$USER" /opt/terraform - fi - export TF_PLUGIN_CACHE_DIR=/opt/terraform/.terraform.d/plugin-cache + if [ ! -d /opt/terraform/.terraform.d/plugin-cache ]; then + mkdir -p /opt/terraform/.terraform.d/plugin-cache + sudo chown -R "$USER" /opt/terraform + fi + export TF_PLUGIN_CACHE_DIR=/opt/terraform/.terraform.d/plugin-cache fi root_dirname=$(pwd) @@ -778,9 +778,9 @@ echo "########################################################################## echo "" if [ 1 == $called_from_ado ] ; then - terraform -chdir="${terraform_module_directory}" plan -no-color -detailed-exitcode -var-file=${var_file} $tfstate_parameter $deployer_tfstate_key_parameter | tee -a plan_output.log + terraform -chdir="${terraform_module_directory}" plan -no-color -detailed-exitcode -var-file=${var_file} $tfstate_parameter $deployer_tfstate_key_parameter | tee -a plan_output.log else - terraform -chdir="${terraform_module_directory}" plan -detailed-exitcode -var-file=${var_file} $tfstate_parameter $deployer_tfstate_key_parameter | tee -a plan_output.log + terraform -chdir="${terraform_module_directory}" plan -detailed-exitcode -var-file=${var_file} $tfstate_parameter $deployer_tfstate_key_parameter | tee -a plan_output.log fi return_value=$? @@ -802,19 +802,19 @@ then exit $return_value fi - echo "TEST_ONLY: " $TEST_ONLY - if [ "${TEST_ONLY}" == "True" ]; then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $cyan Running plan only. $resetformatting #" - echo "# #" - echo "# No deployment performed. #" - echo "# #" - echo "#########################################################################################" - echo "" - exit 0 - fi +echo "TEST_ONLY: " $TEST_ONLY +if [ "${TEST_ONLY}" == "True" ]; then + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $cyan Running plan only. $resetformatting #" + echo "# #" + echo "# No deployment performed. #" + echo "# #" + echo "#########################################################################################" + echo "" + exit 0 +fi ok_to_proceed=0 @@ -902,9 +902,9 @@ if [ 1 == $ok_to_proceed ]; then else if [ -n "${approve}" ] then - terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter -json | tee -a apply_output.json + terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter -json | tee -a apply_output.json else - terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter + terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter fi fi @@ -912,7 +912,9 @@ if [ 1 == $ok_to_proceed ]; then return_value=$? fi + rerun_apply=0 + if [ -f apply_output.json ] then # Check for resource that can be imported @@ -1045,7 +1047,7 @@ fi if [ -f apply_output.json ] then - rm apply_output.json + rm apply_output.json fi workload_zone_prefix=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw workload_zone_prefix | tr -d \") @@ -1174,23 +1176,23 @@ unset TF_DATA_DIR ################################################################################# if [ "$useSAS" = "true" ] ; then - container_exists=$(az storage container exists --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --name tfvars --only-show-errors --query exists) + container_exists=$(az storage container exists --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --name tfvars --only-show-errors --query exists) else - container_exists=$(az storage container exists --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --name tfvars --only-show-errors --query exists --auth-mode login) + container_exists=$(az storage container exists --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --name tfvars --only-show-errors --query exists --auth-mode login) fi if [ "${container_exists}" == "false" ]; then - if [ "$useSAS" = "true" ] ; then - az storage container create --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --name tfvars --only-show-errors - else - az storage container create --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --name tfvars --auth-mode login --only-show-errors - fi + if [ "$useSAS" = "true" ] ; then + az storage container create --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --name tfvars --only-show-errors + else + az storage container create --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --name tfvars --auth-mode login --only-show-errors + fi fi if [ "$useSAS" = "true" ] ; then - az storage blob upload --file "${parameterfile}" --container-name tfvars/LANDSCAPE/"${key}" --name "${parameterfile_name}" --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --no-progress --overwrite --only-show-errors --output none + az storage blob upload --file "${parameterfile}" --container-name tfvars/LANDSCAPE/"${key}" --name "${parameterfile_name}" --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --no-progress --overwrite --only-show-errors --output none else - az storage blob upload --file "${parameterfile}" --container-name tfvars/LANDSCAPE/"${key}" --name "${parameterfile_name}" --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --no-progress --overwrite --auth-mode login --only-show-errors --output none + az storage blob upload --file "${parameterfile}" --container-name tfvars/LANDSCAPE/"${key}" --name "${parameterfile_name}" --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --no-progress --overwrite --auth-mode login --only-show-errors --output none fi From c4c48c4512c2812f00b34044c819245ecfe94e94 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 10:18:48 +0300 Subject: [PATCH 05/77] feng shui --- deploy/scripts/install_deployer.sh | 562 ++++--- deploy/scripts/install_library.sh | 782 +++++---- deploy/scripts/install_workloadzone.sh | 1442 +++++++++-------- deploy/scripts/installer.sh | 2001 ++++++++++++------------ 4 files changed, 2354 insertions(+), 2433 deletions(-) diff --git a/deploy/scripts/install_deployer.sh b/deploy/scripts/install_deployer.sh index 3adc7a624b..2a7bed526c 100755 --- a/deploy/scripts/install_deployer.sh +++ b/deploy/scripts/install_deployer.sh @@ -20,55 +20,65 @@ source "${script_directory}/helpers/script_helpers.sh" #Internal helper functions function showhelp { - echo "" - echo "#########################################################################################" - echo "# #" - echo "# #" - echo "# This file contains the logic to deploy the deployer. #" - echo "# The script experts the following exports: #" - echo "# #" - echo "# ARM_SUBSCRIPTION_ID to specify which subscription to deploy to #" - echo "# SAP_AUTOMATION_REPO_PATH the path to the folder containing the cloned sap-automation #" - echo "# #" - echo "# The script will persist the parameters needed between the executions in the #" - echo "# [CONFIG_REPO_PATH]/.sap_deployment_automation folder #" - echo "# #" - echo "# #" - echo "# Usage: install_deployer.sh #" - echo "# -p deployer parameter file #" - echo "# #" - echo "# -i interactive true/false setting the value to false will not prompt before apply #" - echo "# -h Show help #" - echo "# #" - echo "# Example: #" - echo "# #" - echo "# [REPO-ROOT]deploy/scripts/install_deployer.sh \ #" - echo "# -p PROD-WEEU-DEP00-INFRASTRUCTURE.json \ #" - echo "# -i true #" - echo "# #" - echo "#########################################################################################" + echo "" + echo "#########################################################################################" + echo "# #" + echo "# #" + echo "# This file contains the logic to deploy the deployer. #" + echo "# The script experts the following exports: #" + echo "# #" + echo "# ARM_SUBSCRIPTION_ID to specify which subscription to deploy to #" + echo "# SAP_AUTOMATION_REPO_PATH the path to the folder containing the cloned sap-automation #" + echo "# #" + echo "# The script will persist the parameters needed between the executions in the #" + echo "# [CONFIG_REPO_PATH]/.sap_deployment_automation folder #" + echo "# #" + echo "# #" + echo "# Usage: install_deployer.sh #" + echo "# -p deployer parameter file #" + echo "# #" + echo "# -i interactive true/false setting the value to false will not prompt before apply #" + echo "# -h Show help #" + echo "# #" + echo "# Example: #" + echo "# #" + echo "# [REPO-ROOT]deploy/scripts/install_deployer.sh \ #" + echo "# -p PROD-WEEU-DEP00-INFRASTRUCTURE.json \ #" + echo "# -i true #" + echo "# #" + echo "#########################################################################################" } - #process inputs - may need to check the option i for auto approve as it is not used INPUT_ARGUMENTS=$(getopt -n install_deployer -o p:ih --longoptions parameterfile:,auto-approve,help -- "$@") VALID_ARGUMENTS=$? if [ "$VALID_ARGUMENTS" != "0" ]; then - showhelp + showhelp fi eval set -- "$INPUT_ARGUMENTS" -while : -do - case "$1" in - -p | --parameterfile) parameterfile="$2" ; shift 2 ;; - -i | --auto-approve) approve="--auto-approve" ; shift ;; - -h | --help) showhelp - exit 3 ; shift ;; - --) shift; break ;; - esac +while :; do + case "$1" in + -p | --parameterfile) + parameterfile="$2" + shift 2 + ;; + -i | --auto-approve) + approve="--auto-approve" + shift + ;; + -h | --help) + showhelp + exit 3 + shift + ;; + --) + shift + break + ;; + esac done deployment_system=sap_deployer @@ -77,41 +87,38 @@ param_dirname=$(dirname "${parameterfile}") echo "Parameter file: ${parameterfile}" -if [ ! -f "${parameterfile}" ] -then - printf -v val %-40.40s "$parameterfile" - echo "" - echo "#########################################################################################" - echo "# #" - echo "# Parameter file does not exist: ${val} #" - echo "# #" - echo "#########################################################################################" - exit 2 #No such file or directory +if [ ! -f "${parameterfile}" ]; then + printf -v val %-40.40s "$parameterfile" + echo "" + echo "#########################################################################################" + echo "# #" + echo "# Parameter file does not exist: ${val} #" + echo "# #" + echo "#########################################################################################" + exit 2 #No such file or directory fi if [ "$param_dirname" != '.' ]; then - echo "" - echo "#########################################################################################" - echo "# #" - echo "# Please run this command from the folder containing the parameter file #" - echo "# #" - echo "#########################################################################################" - exit 3 + echo "" + echo "#########################################################################################" + echo "# #" + echo "# Please run this command from the folder containing the parameter file #" + echo "# #" + echo "#########################################################################################" + exit 3 fi - # Check that parameter files have environment and location defined validate_key_parameters "$parameterfile" return_code=$? if [ 0 != $return_code ]; then - exit $return_code + exit $return_code fi region=$(echo "${region}" | tr "[:upper:]" "[:lower:]") # Convert the region to the correct code get_region_code $region - key=$(echo "${parameterfile}" | cut -d. -f1) #Persisting the parameters across executions @@ -131,7 +138,7 @@ var_file="${param_dirname}"/"${parameterfile}" validate_exports return_code=$? if [ 0 != $return_code ]; then - exit $return_code + exit $return_code fi terraform_module_directory="${SAP_AUTOMATION_REPO_PATH}"/deploy/terraform/bootstrap/"${deployment_system}"/ @@ -148,85 +155,83 @@ new_deployment=false validate_dependencies return_code=$? if [ 0 != $return_code ]; then - exit $return_code + exit $return_code fi if [ ! -d ./.terraform/ ]; then - echo "#########################################################################################" - echo "# #" - echo "# New deployment #" - echo "# #" - echo "#########################################################################################" - terraform -chdir="${terraform_module_directory}" init -backend-config "path=${param_dirname}/terraform.tfstate" + echo "#########################################################################################" + echo "# #" + echo "# New deployment #" + echo "# #" + echo "#########################################################################################" + terraform -chdir="${terraform_module_directory}" init -backend-config "path=${param_dirname}/terraform.tfstate" else - if [ -f ./.terraform/terraform.tfstate ]; then - if grep "azurerm" ./.terraform/terraform.tfstate ; then - echo "#########################################################################################" - echo "# #" - echo "# The state is already migrated to Azure!!! #" - echo "# #" - echo "#########################################################################################" - sed -i /"use_microsoft_graph"/d "${param_dirname}/.terraform/terraform.tfstate" - if [ $approve == "--auto-approve" ] ; then - tfstate_resource_id=$(az resource list --name $REINSTALL_ACCOUNTNAME --subscription $REINSTALL_SUBSCRIPTION --resource-type Microsoft.Storage/storageAccounts --query "[].id | [0]" -o tsv) - if [ -n "${tfstate_resource_id}" ]; then - echo "Reinitializing against remote state" - export TF_VAR_tfstate_resource_id=$tfstate_resource_id - - terraform_module_directory="${SAP_AUTOMATION_REPO_PATH}"/deploy/terraform/run/"${deployment_system}"/ - terraform -chdir="${terraform_module_directory}" init -upgrade=true \ - --backend-config "subscription_id=$REINSTALL_SUBSCRIPTION" \ - --backend-config "resource_group_name=$REINSTALL_RESOURCE_GROUP" \ - --backend-config "storage_account_name=$REINSTALL_ACCOUNTNAME" \ - --backend-config "container_name=tfstate" \ - --backend-config "key=${key}.terraform.tfstate" - terraform -chdir="${terraform_module_directory}" refresh -var-file="${var_file}" - - else - terraform -chdir="${terraform_module_directory}" init -force-copy -migrate-state --backend-config "path=${param_dirname}/terraform.tfstate" - terraform -chdir="${terraform_module_directory}" init -reconfigure --backend-config "path=${param_dirname}/terraform.tfstate" - terraform -chdir="${terraform_module_directory}" refresh -var-file="${var_file}" - fi - else - read -p "Do you want to bootstrap the deployer again Y/N?" ans - answer=${ans^^} - if [ $answer == 'Y' ]; then - terraform -chdir="${terraform_module_directory}" init -upgrade=true -backend-config "path=${param_dirname}/terraform.tfstate" - terraform -chdir="${terraform_module_directory}" refresh -var-file="${var_file}" - else - unset TF_DATA_DIR - exit 0 - fi - fi + if [ -f ./.terraform/terraform.tfstate ]; then + if grep "azurerm" ./.terraform/terraform.tfstate; then + echo "#########################################################################################" + echo "# #" + echo "# The state is already migrated to Azure!!! #" + echo "# #" + echo "#########################################################################################" + sed -i /"use_microsoft_graph"/d "${param_dirname}/.terraform/terraform.tfstate" + if [ $approve == "--auto-approve" ]; then + tfstate_resource_id=$(az resource list --name $REINSTALL_ACCOUNTNAME --subscription $REINSTALL_SUBSCRIPTION --resource-type Microsoft.Storage/storageAccounts --query "[].id | [0]" -o tsv) + if [ -n "${tfstate_resource_id}" ]; then + echo "Reinitializing against remote state" + export TF_VAR_tfstate_resource_id=$tfstate_resource_id + + terraform_module_directory="${SAP_AUTOMATION_REPO_PATH}"/deploy/terraform/run/"${deployment_system}"/ + terraform -chdir="${terraform_module_directory}" init -upgrade=true \ + --backend-config "subscription_id=$REINSTALL_SUBSCRIPTION" \ + --backend-config "resource_group_name=$REINSTALL_RESOURCE_GROUP" \ + --backend-config "storage_account_name=$REINSTALL_ACCOUNTNAME" \ + --backend-config "container_name=tfstate" \ + --backend-config "key=${key}.terraform.tfstate" + terraform -chdir="${terraform_module_directory}" refresh -var-file="${var_file}" + else - terraform -chdir="${terraform_module_directory}" init -upgrade=true -backend-config "path=${param_dirname}/terraform.tfstate" + terraform -chdir="${terraform_module_directory}" init -force-copy -migrate-state --backend-config "path=${param_dirname}/terraform.tfstate" + terraform -chdir="${terraform_module_directory}" init -reconfigure --backend-config "path=${param_dirname}/terraform.tfstate" + terraform -chdir="${terraform_module_directory}" refresh -var-file="${var_file}" fi + else + read -p "Do you want to bootstrap the deployer again Y/N?" ans + answer=${ans^^} + if [ $answer == 'Y' ]; then + terraform -chdir="${terraform_module_directory}" init -upgrade=true -backend-config "path=${param_dirname}/terraform.tfstate" + terraform -chdir="${terraform_module_directory}" refresh -var-file="${var_file}" + else + unset TF_DATA_DIR + exit 0 + fi + fi else - terraform -chdir="${terraform_module_directory}" init -upgrade=true -backend-config "path=${param_dirname}/terraform.tfstate" + terraform -chdir="${terraform_module_directory}" init -upgrade=true -backend-config "path=${param_dirname}/terraform.tfstate" fi + else + terraform -chdir="${terraform_module_directory}" init -upgrade=true -backend-config "path=${param_dirname}/terraform.tfstate" + fi fi return_value=$? -if [ 1 == $return_value ] -then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldreduscore Errors during the init phase $resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" - unset TF_DATA_DIR - exit $return_value +if [ 1 == $return_value ]; then + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldreduscore Errors during the init phase $resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" + unset TF_DATA_DIR + exit $return_value fi extra_vars="" if [ -f terraform.tfvars ]; then - extra_vars=" -var-file=${param_dirname}/terraform.tfvars " + extra_vars=" -var-file=${param_dirname}/terraform.tfvars " fi -terraform -chdir="${terraform_module_directory}" refresh -var-file="${var_file}" $extra_vars - +terraform -chdir="${terraform_module_directory}" refresh -var-file="${var_file}" $extra_vars echo "" echo "#########################################################################################" @@ -236,29 +241,27 @@ echo "# echo "#########################################################################################" echo "" -terraform -chdir="${terraform_module_directory}" plan -detailed-exitcode -var-file="${var_file}" $extra_vars | tee -a plan_output.log +terraform -chdir="${terraform_module_directory}" plan -detailed-exitcode -var-file="${var_file}" $extra_vars | tee -a plan_output.log return_value=$? -if [ 1 == $return_value ] -then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldreduscore Errors during the plan phase $resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" - if [ -f plan_output.log ] - then - cat plan_output.log - rm plan_output.log - fi - unset TF_DATA_DIR - exit $return_value +if [ 1 == $return_value ]; then + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldreduscore Errors during the plan phase $resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" + if [ -f plan_output.log ]; then + cat plan_output.log + rm plan_output.log + fi + unset TF_DATA_DIR + exit $return_value fi if [ -f plan_output.log ]; then - rm plan_output.log + rm plan_output.log fi echo "" @@ -273,193 +276,174 @@ parallelism=10 #Provide a way to limit the number of parallell tasks for Terraform if [[ -n "${TF_PARALLELLISM}" ]]; then - parallelism=$TF_PARALLELLISM + parallelism=$TF_PARALLELLISM fi -if [ -n "${approve}" ] -then - terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -var-file="${var_file}" $extra_vars -json | tee -a apply_output.json +if [ -n "${approve}" ]; then + terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -var-file="${var_file}" $extra_vars -json | tee -a apply_output.json else - terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -var-file="${var_file}" $extra_vars + terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -var-file="${var_file}" $extra_vars fi return_value=$? rerun_apply=0 -if [ -f apply_output.json ] -then +if [ -f apply_output.json ]; then + errors_occurred=$(jq 'select(."@level" == "error") | length' apply_output.json) + # Check for resource that can be imported + existing=$(jq 'select(."@level" == "error") | {address: .diagnostic.address, summary: .diagnostic.summary} | select(.summary | startswith("A resource with the ID"))' apply_output.json) + if [[ -n ${existing} ]]; then + + readarray -t existing_resources < <(echo ${existing} | jq -c '.') + for item in "${existing_resources[@]}"; do + moduleID=$(jq -c -r '.address ' <<<"$item") + resourceID=$(jq -c -r '.summary' <<<"$item" | awk -F'\"' '{print $2}') + echo "Trying to import" $resourceID "into" $moduleID + + echo terraform -chdir="${terraform_module_directory}" import -var-file="${var_file}" $extra_vars $moduleID $resourceID + terraform -chdir="${terraform_module_directory}" import -var-file="${var_file}" $extra_vars $moduleID $resourceID + done + rerun_apply=1 + fi + if [ -f apply_output.json ]; then + rm apply_output.json + fi + + if [ $rerun_apply == 1 ]; then + echo "" + echo "#########################################################################################" + echo "# #" + echo "# Re-running Terraform apply #" + echo "# #" + echo "#########################################################################################" + echo "" + terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -var-file="${var_file}" $extra_vars -json | tee -a apply_output.json + return_value=$? + rerun_apply=0 + fi + + if [ -f apply_output.json ]; then + return_value=$? errors_occurred=$(jq 'select(."@level" == "error") | length' apply_output.json) # Check for resource that can be imported existing=$(jq 'select(."@level" == "error") | {address: .diagnostic.address, summary: .diagnostic.summary} | select(.summary | startswith("A resource with the ID"))' apply_output.json) - if [[ -n ${existing} ]] - then - - readarray -t existing_resources < <(echo ${existing} | jq -c '.' ) - for item in "${existing_resources[@]}"; do - moduleID=$(jq -c -r '.address ' <<< "$item") - resourceID=$(jq -c -r '.summary' <<< "$item" | awk -F'\"' '{print $2}') - echo "Trying to import" $resourceID "into" $moduleID - - echo terraform -chdir="${terraform_module_directory}" import -var-file="${var_file}" $extra_vars $moduleID $resourceID - terraform -chdir="${terraform_module_directory}" import -var-file="${var_file}" $extra_vars $moduleID $resourceID - done - rerun_apply=1 + if [[ -n ${existing} ]]; then + + readarray -t existing_resources < <(echo ${existing} | jq -c '.') + for item in "${existing_resources[@]}"; do + moduleID=$(jq -c -r '.address ' <<<"$item") + resourceID=$(jq -c -r '.summary' <<<"$item" | awk -F'\"' '{print $2}') + echo "Trying to import" $resourceID "into" $moduleID + + echo terraform -chdir="${terraform_module_directory}" import -var-file="${var_file}" $extra_vars $moduleID $resourceID + terraform -chdir="${terraform_module_directory}" import -var-file="${var_file}" $extra_vars $moduleID $resourceID + done + rerun_apply=1 + fi + if [ -f apply_output.json ]; then + rm apply_output.json fi - if [ -f apply_output.json ] - then - rm apply_output.json + + if [ $rerun_apply == 1 ]; then + echo "" + echo "#########################################################################################" + echo "# #" + echo "# Re-running Terraform apply #" + echo "# #" + echo "#########################################################################################" + echo "" + terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -var-file="${var_file}" $extra_vars -json | tee -a apply_output.json + return_value=$? fi - if [ $rerun_apply == 1 ] ; then + return_value=$? + errors_occurred=$(jq 'select(."@level" == "error") | length' apply_output.json) + if [ -f apply_output.json ]; then + + if [[ -n $errors_occurred ]]; then echo "" echo "#########################################################################################" echo "# #" - echo "# Re-running Terraform apply #" - echo "# #" - echo "#########################################################################################" - echo "" - terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -var-file="${var_file}" $extra_vars -json | tee -a apply_output.json - return_value=$? - rerun_apply=0 - fi - - if [ -f apply_output.json ] - then - return_value=$? - errors_occurred=$(jq 'select(."@level" == "error") | length' apply_output.json) - # Check for resource that can be imported - existing=$(jq 'select(."@level" == "error") | {address: .diagnostic.address, summary: .diagnostic.summary} | select(.summary | startswith("A resource with the ID"))' apply_output.json) - if [[ -n ${existing} ]] - then - - readarray -t existing_resources < <(echo ${existing} | jq -c '.' ) - for item in "${existing_resources[@]}"; do - moduleID=$(jq -c -r '.address ' <<< "$item") - resourceID=$(jq -c -r '.summary' <<< "$item" | awk -F'\"' '{print $2}') - echo "Trying to import" $resourceID "into" $moduleID - - echo terraform -chdir="${terraform_module_directory}" import -var-file="${var_file}" $extra_vars $moduleID $resourceID - terraform -chdir="${terraform_module_directory}" import -var-file="${var_file}" $extra_vars $moduleID $resourceID - done - rerun_apply=1 - fi - if [ -f apply_output.json ] - then - rm apply_output.json - fi + echo -e "# $boldreduscore!Errors during the apply phase!$resetformatting #" - if [ $rerun_apply == 1 ] ; then - echo "" - echo "#########################################################################################" - echo "# #" - echo "# Re-running Terraform apply #" - echo "# #" - echo "#########################################################################################" - echo "" - terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -var-file="${var_file}" $extra_vars -json | tee -a apply_output.json - return_value=$? - fi + return_value=2 + all_errors=$(jq 'select(."@level" == "error") | {summary: .diagnostic.summary, detail: .diagnostic.detail}' apply_output.json) + if [[ -n ${all_errors} ]]; then + readarray -t errors_strings < <(echo ${all_errors} | jq -c '.') + for errors_string in "${errors_strings[@]}"; do + string_to_report=$(jq -c -r '.detail ' <<<"$errors_string") + if [[ -z ${string_to_report} ]]; then + string_to_report=$(jq -c -r '.summary ' <<<"$errors_string") + fi - return_value=$? - errors_occurred=$(jq 'select(."@level" == "error") | length' apply_output.json) - if [ -f apply_output.json ] - then - - if [[ -n $errors_occurred ]] - then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldreduscore!Errors during the apply phase!$resetformatting #" - - return_value=2 - all_errors=$(jq 'select(."@level" == "error") | {summary: .diagnostic.summary, detail: .diagnostic.detail}' apply_output.json) - if [[ -n ${all_errors} ]] - then - readarray -t errors_strings < <(echo ${all_errors} | jq -c '.' ) - for errors_string in "${errors_strings[@]}"; do - string_to_report=$(jq -c -r '.detail ' <<< "$errors_string" ) - if [[ -z ${string_to_report} ]] - then - string_to_report=$(jq -c -r '.summary ' <<< "$errors_string" ) - fi - - echo -e "# $boldreduscore $string_to_report $resetformatting" - echo "##vso[task.logissue type=error]${string_to_report}" - - done + echo -e "# $boldreduscore $string_to_report $resetformatting" + echo "##vso[task.logissue type=error]${string_to_report}" - fi - echo "# #" - echo "#########################################################################################" - echo "" + done - fi fi + echo "# #" + echo "#########################################################################################" + echo "" + fi fi - if [ -f apply_output.json ] - then - rm apply_output.json - fi + fi + + if [ -f apply_output.json ]; then + rm apply_output.json + fi +fi +if [ 0 != $return_value ]; then + echo "#########################################################################################" + echo "# #" + echo -e "# $boldreduscore !!! Error when Creating the deployer !!! $resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" + exit $return_value fi -if [ 0 != $return_value ] -then + +keyvault=$(terraform -chdir="${terraform_module_directory}" output deployer_kv_user_name | tr -d \") +temp=$(echo "${keyvault}" | grep "Warning") +if [ -z "${temp}" ]; then + temp=$(echo "${keyvault}" | grep "Backend reinitialization required") + if [ -z "${temp}" ]; then + touch "${deployer_config_information}" + printf -v val %-.20s "$keyvault" + + echo "" echo "#########################################################################################" echo "# #" - echo -e "# $boldreduscore !!! Error when Creating the deployer !!! $resetformatting #" + echo -e "# Keyvault to use for SPN details:$cyan $val $resetformatting #" echo "# #" echo "#########################################################################################" echo "" - exit $return_value -fi - -keyvault=$(terraform -chdir="${terraform_module_directory}" output deployer_kv_user_name | tr -d \") -temp=$(echo "${keyvault}" | grep "Warning") -if [ -z "${temp}" ] -then - temp=$(echo "${keyvault}" | grep "Backend reinitialization required") - if [ -z "${temp}" ] - then - touch "${deployer_config_information}" - printf -v val %-.20s "$keyvault" - - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# Keyvault to use for SPN details:$cyan $val $resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" - save_config_var "keyvault" "${deployer_config_information}" - return_value=0 - else - return_value=2 - fi -fi - -sshsecret=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw deployer_sshkey_secret_name | tr -d \") -if [ -n "${sshsecret}" ] -then - save_config_var "sshsecret" "${deployer_config_information}" + save_config_var "keyvault" "${deployer_config_information}" return_value=0 + else + return_value=2 + fi fi -random_id=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw random_id_b64 | tr -d \") -if [ -n "${random_id}" ] -then - deployer_random_id="${random_id}" - save_config_var "deployer_random_id" "${deployer_config_information}" - return_value=0 +sshsecret=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw deployer_sshkey_secret_name | tr -d \") +if [ -n "${sshsecret}" ]; then + save_config_var "sshsecret" "${deployer_config_information}" + return_value=0 fi -deployer_public_ip_address=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw deployer_public_ip_address | tr -d \") -if [ -n "${deployer_public_ip_address}" ] -then - save_config_var "deployer_public_ip_address" "${deployer_config_information}" - return_value=0 +random_id=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw random_id_b64 | tr -d \") +if [ -n "${random_id}" ]; then + deployer_random_id="${random_id}" + save_config_var "deployer_random_id" "${deployer_config_information}" + return_value=0 fi +deployer_public_ip_address=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw deployer_public_ip_address | tr -d \") +if [ -n "${deployer_public_ip_address}" ]; then + save_config_var "deployer_public_ip_address" "${deployer_config_information}" + return_value=0 +fi unset TF_DATA_DIR diff --git a/deploy/scripts/install_library.sh b/deploy/scripts/install_library.sh index 6a23b82893..e0a9f22d5f 100755 --- a/deploy/scripts/install_library.sh +++ b/deploy/scripts/install_library.sh @@ -17,33 +17,33 @@ source "${script_directory}/deploy_utils.sh" #Internal helper functions function showhelp { - echo "" - echo "#########################################################################################" - echo "# #" - echo "# #" - echo "# This file contains the logic to deploy the deployer. #" - echo "# The script experts the following exports: #" - echo "# #" - echo "# ARM_SUBSCRIPTION_ID to specify which subscription to deploy to #" - echo "# SAP_AUTOMATION_REPO_PATH the path to the folder containing the cloned sap-automation #" - echo "# #" - echo "# The script will persist the parameters needed between the executions in the #" - echo "# [CONFIG_REPO_PATH]/.sap_deployment_automation folder #" - echo "# #" - echo "# #" - echo "# Usage: install_deployer.sh #" - echo "# -p deployer parameter file #" - echo "# -i interactive true/false setting the value to false will not prompt before apply #" - echo "# -h Show help #" - echo "# #" - echo "# Example: #" - echo "# #" - echo "# [REPO-ROOT]deploy/scripts/install_library.sh \ #" - echo "# -p PROD-WEEU-SAP_LIBRARY.json \ #" - echo "# -d ../../DEPLOYER/PROD-WEEU-DEP00-INFRASTRUCTURE/ \ #" - echo "# -i true #" - echo "# #" - echo "#########################################################################################" + echo "" + echo "#########################################################################################" + echo "# #" + echo "# #" + echo "# This file contains the logic to deploy the deployer. #" + echo "# The script experts the following exports: #" + echo "# #" + echo "# ARM_SUBSCRIPTION_ID to specify which subscription to deploy to #" + echo "# SAP_AUTOMATION_REPO_PATH the path to the folder containing the cloned sap-automation #" + echo "# #" + echo "# The script will persist the parameters needed between the executions in the #" + echo "# [CONFIG_REPO_PATH]/.sap_deployment_automation folder #" + echo "# #" + echo "# #" + echo "# Usage: install_deployer.sh #" + echo "# -p deployer parameter file #" + echo "# -i interactive true/false setting the value to false will not prompt before apply #" + echo "# -h Show help #" + echo "# #" + echo "# Example: #" + echo "# #" + echo "# [REPO-ROOT]deploy/scripts/install_library.sh \ #" + echo "# -p PROD-WEEU-SAP_LIBRARY.json \ #" + echo "# -d ../../DEPLOYER/PROD-WEEU-DEP00-INFRASTRUCTURE/ \ #" + echo "# -i true #" + echo "# #" + echo "#########################################################################################" } #process inputs - may need to check the option i for auto approve as it is not used @@ -56,106 +56,114 @@ if [ "$VALID_ARGUMENTS" != "0" ]; then fi eval set -- "$INPUT_ARGUMENTS" -while : -do +while :; do case "$1" in - -p | --parameterfile) parameterfile="$2" ; shift 2 ;; - -d | --deployer_statefile_foldername) deployer_statefile_foldername="$2" ; shift 2 ;; - -i | --auto-approve) approve="--auto-approve" ; shift ;; - -h | --help) showhelp - exit 3 ; shift ;; - --) shift; break ;; + -p | --parameterfile) + parameterfile="$2" + shift 2 + ;; + -d | --deployer_statefile_foldername) + deployer_statefile_foldername="$2" + shift 2 + ;; + -i | --auto-approve) + approve="--auto-approve" + shift + ;; + -h | --help) + showhelp + exit 3 + shift + ;; + --) + shift + break + ;; esac done deployment_system=sap_library use_deployer=true -if [ ! -f "${parameterfile}" ] -then - printf -v val %-40.40s "$parameterfile" - echo "" - echo "#########################################################################################" - echo "# #" - echo "# Parameter file does not exist: ${val} #" - echo "# #" - echo "#########################################################################################" - exit +if [ ! -f "${parameterfile}" ]; then + printf -v val %-40.40s "$parameterfile" + echo "" + echo "#########################################################################################" + echo "# #" + echo "# Parameter file does not exist: ${val} #" + echo "# #" + echo "#########################################################################################" + exit fi param_dirname=$(dirname "${parameterfile}") if [ $param_dirname != '.' ]; then - echo "" - echo "#########################################################################################" - echo "# #" - echo "# Please run this command from the folder containing the parameter file #" - echo "# #" - echo "#########################################################################################" - exit 3 + echo "" + echo "#########################################################################################" + echo "# #" + echo "# Please run this command from the folder containing the parameter file #" + echo "# #" + echo "#########################################################################################" + exit 3 fi ext=$(echo ${parameterfile} | cut -d. -f2) # Helper variables if [ "${ext}" == json ]; then - environment=$(jq --raw-output .infrastructure.environment "${parameterfile}") - region=$(jq --raw-output .infrastructure.region "${parameterfile}") - use_deployer=$(jq --raw-output .deployer.use "${parameterfile}") + environment=$(jq --raw-output .infrastructure.environment "${parameterfile}") + region=$(jq --raw-output .infrastructure.region "${parameterfile}") + use_deployer=$(jq --raw-output .deployer.use "${parameterfile}") else - load_config_vars "${param_dirname}"/"${parameterfile}" "environment" - load_config_vars "${param_dirname}"/"${parameterfile}" "location" - region=$(echo ${location} | xargs) + load_config_vars "${param_dirname}"/"${parameterfile}" "environment" + load_config_vars "${param_dirname}"/"${parameterfile}" "location" + region=$(echo ${location} | xargs) fi - key=$(echo "${parameterfile}" | cut -d. -f1) -if [ -z "${environment}" ] -then - echo "#########################################################################################" - echo "# #" - echo "# Incorrect parameter file. #" - echo "# #" - echo "# The file needs to contain the environment attribute!! #" - echo "# #" - echo "#########################################################################################" - echo "" - exit 64 +if [ -z "${environment}" ]; then + echo "#########################################################################################" + echo "# #" + echo "# Incorrect parameter file. #" + echo "# #" + echo "# The file needs to contain the environment attribute!! #" + echo "# #" + echo "#########################################################################################" + echo "" + exit 64 fi -if [ -z "${region}" ] -then - echo "#########################################################################################" - echo "# #" - echo "# Incorrect parameter file. #" - echo "# #" - echo "# The file needs to contain the infrastructure.region attribute!! #" - echo "# #" - echo "#########################################################################################" - echo "" - exit 64 +if [ -z "${region}" ]; then + echo "#########################################################################################" + echo "# #" + echo "# Incorrect parameter file. #" + echo "# #" + echo "# The file needs to contain the infrastructure.region attribute!! #" + echo "# #" + echo "#########################################################################################" + echo "" + exit 64 fi # Convert the region to the correct code region=$(echo "${region}" | tr "[:upper:]" "[:lower:]") get_region_code $region -if [ true == "$use_deployer" ] -then - if [ ! -d "${deployer_statefile_foldername}" ] - then - printf -v val %-40.40s "$deployer_statefile_foldername" - echo "" - echo "#########################################################################################" - echo "# #" - echo "# Directory does not exist: "${deployer_statefile_foldername}" #" - echo "# #" - echo "#########################################################################################" - exit - fi +if [ true == "$use_deployer" ]; then + if [ ! -d "${deployer_statefile_foldername}" ]; then + printf -v val %-40.40s "$deployer_statefile_foldername" + echo "" + echo "#########################################################################################" + echo "# #" + echo "# Directory does not exist: "${deployer_statefile_foldername}" #" + echo "# #" + echo "#########################################################################################" + exit + fi fi #Persisting the parameters across executions @@ -177,10 +185,8 @@ else export TF_PLUGIN_CACHE_DIR=/opt/terraform/.terraform.d/plugin-cache fi - param_dirname=$(pwd) - arm_config_stored=false param_dirname=$(pwd) @@ -191,144 +197,140 @@ export TF_DATA_DIR="${param_dirname}"/.terraform var_file="${param_dirname}"/"${parameterfile}" if [ ! -n "${SAP_AUTOMATION_REPO_PATH}" ]; then - echo "" - echo "#########################################################################################" - echo "# #" - echo "# Missing environment variables (SAP_AUTOMATION_REPO_PATH)!!! #" - echo "# #" - echo "# Please export the folloing variables: #" - echo "# SAP_AUTOMATION_REPO_PATH (path to the repo folder (sap-automation)) #" - echo "# ARM_SUBSCRIPTION_ID (subscription containing the state file storage account) #" - echo "# #" - echo "#########################################################################################" - unset TF_DATA_DIR - exit 4 + echo "" + echo "#########################################################################################" + echo "# #" + echo "# Missing environment variables (SAP_AUTOMATION_REPO_PATH)!!! #" + echo "# #" + echo "# Please export the folloing variables: #" + echo "# SAP_AUTOMATION_REPO_PATH (path to the repo folder (sap-automation)) #" + echo "# ARM_SUBSCRIPTION_ID (subscription containing the state file storage account) #" + echo "# #" + echo "#########################################################################################" + unset TF_DATA_DIR + exit 4 fi templen=$(echo "${ARM_SUBSCRIPTION_ID}" | wc -c) # Subscription length is 37 -if [ 37 != $templen ] -then - arm_config_stored=false +if [ 37 != $templen ]; then + arm_config_stored=false fi if [ ! -n "$ARM_SUBSCRIPTION_ID" ]; then - echo "" - echo "#########################################################################################" - echo "# #" - echo "# Missing environment variables (ARM_SUBSCRIPTION_ID)!!! #" - echo "# #" - echo "# Please export the folloing variables: #" - echo "# SAP_AUTOMATION_REPO_PATH (path to the repo folder (sap-automation)) #" - echo "# ARM_SUBSCRIPTION_ID (subscription containing the state file storage account) #" - echo "# #" - echo "#########################################################################################" - unset TF_DATA_DIR - exit 3 + echo "" + echo "#########################################################################################" + echo "# #" + echo "# Missing environment variables (ARM_SUBSCRIPTION_ID)!!! #" + echo "# #" + echo "# Please export the folloing variables: #" + echo "# SAP_AUTOMATION_REPO_PATH (path to the repo folder (sap-automation)) #" + echo "# ARM_SUBSCRIPTION_ID (subscription containing the state file storage account) #" + echo "# #" + echo "#########################################################################################" + unset TF_DATA_DIR + exit 3 fi terraform_module_directory="${SAP_AUTOMATION_REPO_PATH}"/deploy/terraform/bootstrap/"${deployment_system}"/ -if [ ! -d ${terraform_module_directory} ] -then - echo "#########################################################################################" - echo "# #" - echo "# Incorrect system deployment type specified :" ${deployment_system} " #" - echo "# #" - echo "# Valid options are: #" - echo "# sap_library #" - echo "# #" - echo "#########################################################################################" - echo "" - unset TF_DATA_DIR - exit 64 +if [ ! -d ${terraform_module_directory} ]; then + echo "#########################################################################################" + echo "# #" + echo "# Incorrect system deployment type specified :" ${deployment_system} " #" + echo "# #" + echo "# Valid options are: #" + echo "# sap_library #" + echo "# #" + echo "#########################################################################################" + echo "" + unset TF_DATA_DIR + exit 64 fi reinitialized=0 -if [ -f ./backend-config.tfvars ] -then - echo "#########################################################################################" - echo "# #" - echo "# The bootstrapping has already been done! #" - echo "# #" - echo "#########################################################################################" +if [ -f ./backend-config.tfvars ]; then + echo "#########################################################################################" + echo "# #" + echo "# The bootstrapping has already been done! #" + echo "# #" + echo "#########################################################################################" else - sed -i /REMOTE_STATE_RG/d "${library_config_information}" - sed -i /REMOTE_STATE_SA/d "${library_config_information}" - sed -i /tfstate_resource_id/d "${library_config_information}" + sed -i /REMOTE_STATE_RG/d "${library_config_information}" + sed -i /REMOTE_STATE_SA/d "${library_config_information}" + sed -i /tfstate_resource_id/d "${library_config_information}" fi if [ ! -d ./.terraform/ ]; then - echo "#########################################################################################" - echo "# #" - echo "# New deployment #" - echo "# #" - echo "#########################################################################################" - terraform -chdir="${terraform_module_directory}" init -upgrade=true -backend-config "path=${param_dirname}/terraform.tfstate" - sed -i /REMOTE_STATE_RG/d "${library_config_information}" - sed -i /REMOTE_STATE_SA/d "${library_config_information}" - sed -i /tfstate_resource_id/d "${library_config_information}" + echo "#########################################################################################" + echo "# #" + echo "# New deployment #" + echo "# #" + echo "#########################################################################################" + terraform -chdir="${terraform_module_directory}" init -upgrade=true -backend-config "path=${param_dirname}/terraform.tfstate" + sed -i /REMOTE_STATE_RG/d "${library_config_information}" + sed -i /REMOTE_STATE_SA/d "${library_config_information}" + sed -i /tfstate_resource_id/d "${library_config_information}" else - if [ -f ./.terraform/terraform.tfstate ]; then - if grep "azurerm" ./.terraform/terraform.tfstate ; then + if [ -f ./.terraform/terraform.tfstate ]; then + if grep "azurerm" ./.terraform/terraform.tfstate; then + echo "#########################################################################################" + echo "# #" + echo "# The state is already migrated to Azure!!! #" + echo "# #" + echo "#########################################################################################" + + if [ $approve == "--auto-approve" ]; then + tfstate_resource_id=$(az resource list --name $REINSTALL_ACCOUNTNAME --subscription $REINSTALL_SUBSCRIPTION --resource-type Microsoft.Storage/storageAccounts --query "[].id | [0]" -o tsv) + if [ -n "${tfstate_resource_id}" ]; then + echo "Reinitializing against remote state" + terraform_module_directory="${SAP_AUTOMATION_REPO_PATH}"/deploy/terraform/run/"${deployment_system}"/ + export TF_VAR_tfstate_resource_id=$tfstate_resource_id + terraform -chdir="${terraform_module_directory}" init -upgrade=true \ + --backend-config "subscription_id=$REINSTALL_SUBSCRIPTION" \ + --backend-config "resource_group_name=$REINSTALL_RESOURCE_GROUP" \ + --backend-config "storage_account_name=$REINSTALL_ACCOUNTNAME" \ + --backend-config "container_name=tfstate" \ + --backend-config "key=${key}.terraform.tfstate" + terraform -chdir="${terraform_module_directory}" refresh -var-file="${var_file}" + + else + terraform -chdir="${terraform_module_directory}" init -upgrade=true -reconfigure -backend-config "path=${param_dirname}/terraform.tfstate" + terraform -chdir="${terraform_module_directory}" refresh -var-file="${var_file}" + fi + else + + read -p "Do you want to re bootstrap the SAP library Y/N?" ans + answer=${ans^^} + if [ $answer == 'Y' ]; then + terraform -chdir="${terraform_module_directory}" init -upgrade=true -reconfigure -backend-config "path=${param_dirname}/terraform.tfstate" + return_value=$? + if [ 0 != $return_value ]; then + echo "" echo "#########################################################################################" echo "# #" - echo "# The state is already migrated to Azure!!! #" + echo -e "# $boldreduscore Errors during the init phase $resetformatting #" echo "# #" echo "#########################################################################################" - - if [ $approve == "--auto-approve" ] ; then - tfstate_resource_id=$(az resource list --name $REINSTALL_ACCOUNTNAME --subscription $REINSTALL_SUBSCRIPTION --resource-type Microsoft.Storage/storageAccounts --query "[].id | [0]" -o tsv) - if [ -n "${tfstate_resource_id}" ]; then - echo "Reinitializing against remote state" - terraform_module_directory="${SAP_AUTOMATION_REPO_PATH}"/deploy/terraform/run/"${deployment_system}"/ - export TF_VAR_tfstate_resource_id=$tfstate_resource_id - terraform -chdir="${terraform_module_directory}" init -upgrade=true \ - --backend-config "subscription_id=$REINSTALL_SUBSCRIPTION" \ - --backend-config "resource_group_name=$REINSTALL_RESOURCE_GROUP" \ - --backend-config "storage_account_name=$REINSTALL_ACCOUNTNAME" \ - --backend-config "container_name=tfstate" \ - --backend-config "key=${key}.terraform.tfstate" - terraform -chdir="${terraform_module_directory}" refresh -var-file="${var_file}" - - else - terraform -chdir="${terraform_module_directory}" init -upgrade=true -reconfigure -backend-config "path=${param_dirname}/terraform.tfstate" - terraform -chdir="${terraform_module_directory}" refresh -var-file="${var_file}" - fi - else - - read -p "Do you want to re bootstrap the SAP library Y/N?" ans - answer=${ans^^} - if [ $answer == 'Y' ]; then - terraform -chdir="${terraform_module_directory}" init -upgrade=true -reconfigure -backend-config "path=${param_dirname}/terraform.tfstate" - return_value=$? - if [ 0 != $return_value ] ; then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldreduscore Errors during the init phase $resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" - unset TF_DATA_DIR - exit $return_value - fi - else - unset TF_DATA_DIR - exit 0 - fi - fi + echo "" + unset TF_DATA_DIR + exit $return_value + fi else - terraform -chdir="${terraform_module_directory}" init -upgrade=true -backend-config "path=${param_dirname}/terraform.tfstate" + unset TF_DATA_DIR + exit 0 fi + fi else - terraform -chdir="${terraform_module_directory}" init -upgrade=true -backend-config "path=${param_dirname}/terraform.tfstate" + terraform -chdir="${terraform_module_directory}" init -upgrade=true -backend-config "path=${param_dirname}/terraform.tfstate" fi + else + terraform -chdir="${terraform_module_directory}" init -upgrade=true -backend-config "path=${param_dirname}/terraform.tfstate" + fi fi - echo "" echo "#########################################################################################" echo "# #" @@ -338,60 +340,58 @@ echo "########################################################################## echo "" if [ -n "${deployer_statefile_foldername}" ]; then - echo "Deployer folder specified: ${deployer_statefile_foldername}" - terraform -chdir="${terraform_module_directory}" plan -no-color -detailed-exitcode -var-file="${var_file}" -var deployer_statefile_foldername="${deployer_statefile_foldername}" > plan_output.log 2>&1 + echo "Deployer folder specified: ${deployer_statefile_foldername}" + terraform -chdir="${terraform_module_directory}" plan -no-color -detailed-exitcode -var-file="${var_file}" -var deployer_statefile_foldername="${deployer_statefile_foldername}" >plan_output.log 2>&1 else - terraform -chdir="${terraform_module_directory}" plan -no-color -detailed-exitcode -var-file="${var_file}" > plan_output.log 2>&1 + terraform -chdir="${terraform_module_directory}" plan -no-color -detailed-exitcode -var-file="${var_file}" >plan_output.log 2>&1 fi return_value=$? -if [ 0 == $return_value ] ; then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $cyan Infrastructure is up to date $resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" - if [ -f plan_output.log ] - then - rm plan_output.log - fi +if [ 0 == $return_value ]; then + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $cyan Infrastructure is up to date $resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" + if [ -f plan_output.log ]; then + rm plan_output.log + fi - tfstate_resource_id=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw tfstate_resource_id| tr -d \") - STATE_SUBSCRIPTION=$(echo $tfstate_resource_id | cut -d/ -f3 | tr -d \" | xargs) + tfstate_resource_id=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw tfstate_resource_id | tr -d \") + STATE_SUBSCRIPTION=$(echo $tfstate_resource_id | cut -d/ -f3 | tr -d \" | xargs) - az account set --sub $STATE_SUBSCRIPTION + az account set --sub $STATE_SUBSCRIPTION - REMOTE_STATE_SA=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw remote_state_storage_account_name| tr -d \") + REMOTE_STATE_SA=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw remote_state_storage_account_name | tr -d \") - get_and_store_sa_details ${REMOTE_STATE_SA} "${system_config_information}" + get_and_store_sa_details ${REMOTE_STATE_SA} "${system_config_information}" - unset TF_DATA_DIR - exit $return_value + unset TF_DATA_DIR + exit $return_value fi -if [ 1 == $return_value ] -then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldreduscore Errors during the plan phase $resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" +if [ 1 == $return_value ]; then + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldreduscore Errors during the plan phase $resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" - if [ -f plan_output.log ]; then - cat plan_output.log - rm plan_output.log - fi - unset TF_DATA_DIR - exit $return_value + if [ -f plan_output.log ]; then + cat plan_output.log + rm plan_output.log + fi + unset TF_DATA_DIR + exit $return_value fi if [ -f plan_output.log ]; then - cat plan_output.log - rm plan_output.log + cat plan_output.log + rm plan_output.log fi echo "" @@ -403,117 +403,106 @@ echo "########################################################################## echo "" deployer_parameter="" -if [ -n "${deployer_statefile_foldername}" ]; -then - echo "Deployer folder specified: ${deployer_statefile_foldername}" - if [ -n "${approve}" ] - then - terraform -chdir="${terraform_module_directory}" apply -var-file="${var_file}" -var deployer_statefile_foldername="${deployer_statefile_foldername}" -auto-approve -json | tee -a apply_output.json - else - terraform -chdir="${terraform_module_directory}" apply -var-file="${var_file}" -var deployer_statefile_foldername="${deployer_statefile_foldername}" - fi +if [ -n "${deployer_statefile_foldername}" ]; then + echo "Deployer folder specified: ${deployer_statefile_foldername}" + if [ -n "${approve}" ]; then + terraform -chdir="${terraform_module_directory}" apply -var-file="${var_file}" -var deployer_statefile_foldername="${deployer_statefile_foldername}" -auto-approve -json | tee -a apply_output.json + else + terraform -chdir="${terraform_module_directory}" apply -var-file="${var_file}" -var deployer_statefile_foldername="${deployer_statefile_foldername}" + fi else - if [ -n "${approve}" ] - then - terraform -chdir="${terraform_module_directory}" apply -var-file="${var_file}" -auto-approve -json | tee -a apply_output.json - else - terraform -chdir="${terraform_module_directory}" apply -var-file="${var_file}" - fi + if [ -n "${approve}" ]; then + terraform -chdir="${terraform_module_directory}" apply -var-file="${var_file}" -auto-approve -json | tee -a apply_output.json + else + terraform -chdir="${terraform_module_directory}" apply -var-file="${var_file}" + fi fi return_value=$? rerun_apply=0 -if [ -f apply_output.json ] -then - errors_occurred=$(jq 'select(."@level" == "error") | length' apply_output.json) - - # Check for resource that can be imported - existing=$(jq 'select(."@level" == "error") | {address: .diagnostic.address, summary: .diagnostic.summary} | select(.summary | startswith("A resource with the ID"))' apply_output.json) - if [[ -n ${existing} ]] - then - - readarray -t existing_resources < <(echo ${existing} | jq -c '.' ) - for item in "${existing_resources[@]}"; do - moduleID=$(jq -c -r '.address ' <<< "$item") - resourceID=$(jq -c -r '.summary' <<< "$item" | awk -F'\"' '{print $2}') - echo "Trying to import" $resourceID "into" $moduleID - - if [ -n "${deployer_statefile_foldername}" ]; - then - echo "Deployer folder specified: ${deployer_statefile_foldername}" - terraform -chdir="${terraform_module_directory}" import -var-file="${var_file}" -var deployer_statefile_foldername="${deployer_statefile_foldername}" $moduleID $resourceID - else - terraform -chdir="${terraform_module_directory}" import -var-file="${var_file}" $moduleID $resourceID - fi - - done - rerun_apply=1 - fi - if [ $rerun_apply == 1 ] ; then - echo "" - echo "#########################################################################################" - echo "# #" - echo "# Re-running Terraform apply #" - echo "# #" - echo "#########################################################################################" - echo "" - if [ -n "${deployer_statefile_foldername}" ]; - then - echo "Deployer folder specified: ${deployer_statefile_foldername}" - terraform -chdir="${terraform_module_directory}" apply -var-file="${var_file}" -var deployer_statefile_foldername="${deployer_statefile_foldername}" -auto-approve -json | tee -a apply_output.json - else - terraform -chdir="${terraform_module_directory}" apply -var-file="${var_file}" -auto-approve -json | tee -a apply_output.json - fi - return_value=$? - rerun_apply=0 - fi - errors_occurred=$(jq 'select(."@level" == "error") | length' apply_output.json) - - # Check for resource that can be imported - existing=$(jq 'select(."@level" == "error") | {address: .diagnostic.address, summary: .diagnostic.summary} | select(.summary | startswith("A resource with the ID"))' apply_output.json) - if [[ -n ${existing} ]] - then - - readarray -t existing_resources < <(echo ${existing} | jq -c '.' ) - for item in "${existing_resources[@]}"; do - moduleID=$(jq -c -r '.address ' <<< "$item") - resourceID=$(jq -c -r '.summary' <<< "$item" | awk -F'\"' '{print $2}') - echo "Trying to import" $resourceID "into" $moduleID - - if [ -n "${deployer_statefile_foldername}" ]; - then - echo "Deployer folder specified: ${deployer_statefile_foldername}" - terraform -chdir="${terraform_module_directory}" import -var-file="${var_file}" -var deployer_statefile_foldername="${deployer_statefile_foldername}" $moduleID $resourceID - else - terraform -chdir="${terraform_module_directory}" import -var-file="${var_file}" $moduleID $resourceID - fi - - done - rerun_apply=1 +if [ -f apply_output.json ]; then + errors_occurred=$(jq 'select(."@level" == "error") | length' apply_output.json) + + # Check for resource that can be imported + existing=$(jq 'select(."@level" == "error") | {address: .diagnostic.address, summary: .diagnostic.summary} | select(.summary | startswith("A resource with the ID"))' apply_output.json) + if [[ -n ${existing} ]]; then + + readarray -t existing_resources < <(echo ${existing} | jq -c '.') + for item in "${existing_resources[@]}"; do + moduleID=$(jq -c -r '.address ' <<<"$item") + resourceID=$(jq -c -r '.summary' <<<"$item" | awk -F'\"' '{print $2}') + echo "Trying to import" $resourceID "into" $moduleID + + if [ -n "${deployer_statefile_foldername}" ]; then + echo "Deployer folder specified: ${deployer_statefile_foldername}" + terraform -chdir="${terraform_module_directory}" import -var-file="${var_file}" -var deployer_statefile_foldername="${deployer_statefile_foldername}" $moduleID $resourceID + else + terraform -chdir="${terraform_module_directory}" import -var-file="${var_file}" $moduleID $resourceID + fi + + done + rerun_apply=1 + fi + if [ $rerun_apply == 1 ]; then + echo "" + echo "#########################################################################################" + echo "# #" + echo "# Re-running Terraform apply #" + echo "# #" + echo "#########################################################################################" + echo "" + if [ -n "${deployer_statefile_foldername}" ]; then + echo "Deployer folder specified: ${deployer_statefile_foldername}" + terraform -chdir="${terraform_module_directory}" apply -var-file="${var_file}" -var deployer_statefile_foldername="${deployer_statefile_foldername}" -auto-approve -json | tee -a apply_output.json + else + terraform -chdir="${terraform_module_directory}" apply -var-file="${var_file}" -auto-approve -json | tee -a apply_output.json fi + return_value=$? + rerun_apply=0 + fi + errors_occurred=$(jq 'select(."@level" == "error") | length' apply_output.json) + + # Check for resource that can be imported + existing=$(jq 'select(."@level" == "error") | {address: .diagnostic.address, summary: .diagnostic.summary} | select(.summary | startswith("A resource with the ID"))' apply_output.json) + if [[ -n ${existing} ]]; then + + readarray -t existing_resources < <(echo ${existing} | jq -c '.') + for item in "${existing_resources[@]}"; do + moduleID=$(jq -c -r '.address ' <<<"$item") + resourceID=$(jq -c -r '.summary' <<<"$item" | awk -F'\"' '{print $2}') + echo "Trying to import" $resourceID "into" $moduleID + + if [ -n "${deployer_statefile_foldername}" ]; then + echo "Deployer folder specified: ${deployer_statefile_foldername}" + terraform -chdir="${terraform_module_directory}" import -var-file="${var_file}" -var deployer_statefile_foldername="${deployer_statefile_foldername}" $moduleID $resourceID + else + terraform -chdir="${terraform_module_directory}" import -var-file="${var_file}" $moduleID $resourceID + fi + + done + rerun_apply=1 + fi - if [ $rerun_apply == 1 ] ; then - echo "" - echo "#########################################################################################" - echo "# #" - echo "# Re-running Terraform apply #" - echo "# #" - echo "#########################################################################################" - echo "" - if [ -n "${deployer_statefile_foldername}" ]; - then - echo "Deployer folder specified: ${deployer_statefile_foldername}" - terraform -chdir="${terraform_module_directory}" apply -var-file="${var_file}" -var deployer_statefile_foldername="${deployer_statefile_foldername}" -auto-approve -json | tee -a apply_output.json - else - terraform -chdir="${terraform_module_directory}" apply -var-file="${var_file}" -auto-approve -json | tee -a apply_output.json - fi - return_value=$? - rerun_apply=0 + if [ $rerun_apply == 1 ]; then + echo "" + echo "#########################################################################################" + echo "# #" + echo "# Re-running Terraform apply #" + echo "# #" + echo "#########################################################################################" + echo "" + if [ -n "${deployer_statefile_foldername}" ]; then + echo "Deployer folder specified: ${deployer_statefile_foldername}" + terraform -chdir="${terraform_module_directory}" apply -var-file="${var_file}" -var deployer_statefile_foldername="${deployer_statefile_foldername}" -auto-approve -json | tee -a apply_output.json + else + terraform -chdir="${terraform_module_directory}" apply -var-file="${var_file}" -auto-approve -json | tee -a apply_output.json fi - errors_occurred=$(jq 'select(."@level" == "error") | length' apply_output.json) + return_value=$? + rerun_apply=0 + fi + errors_occurred=$(jq 'select(."@level" == "error") | length' apply_output.json) - if [[ -n $errors_occurred ]] - then + if [[ -n $errors_occurred ]]; then echo "" echo "#########################################################################################" echo "# #" @@ -521,91 +510,80 @@ then return_value=2 all_errors=$(jq 'select(."@level" == "error") | {summary: .diagnostic.summary, detail: .diagnostic.detail}' apply_output.json) - if [[ -n ${all_errors} ]] - then - readarray -t errors_strings < <(echo ${all_errors} | jq -c '.' ) - for errors_string in "${errors_strings[@]}"; do - string_to_report=$(jq -c -r '.detail ' <<< "$errors_string" ) - if [[ -z ${string_to_report} ]] - then - string_to_report=$(jq -c -r '.summary ' <<< "$errors_string" ) - fi + if [[ -n ${all_errors} ]]; then + readarray -t errors_strings < <(echo ${all_errors} | jq -c '.') + for errors_string in "${errors_strings[@]}"; do + string_to_report=$(jq -c -r '.detail ' <<<"$errors_string") + if [[ -z ${string_to_report} ]]; then + string_to_report=$(jq -c -r '.summary ' <<<"$errors_string") + fi - echo -e "# $boldreduscore $string_to_report $resetformatting" - echo "##vso[task.logissue type=error]${string_to_report}" + echo -e "# $boldreduscore $string_to_report $resetformatting" + echo "##vso[task.logissue type=error]${string_to_report}" - done + done fi echo "# #" echo "#########################################################################################" echo "" - fi + fi fi -if [ -f apply_output.json ] -then - rm apply_output.json +if [ -f apply_output.json ]; then + rm apply_output.json fi -if [ 1 == $return_value ] ; then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldreduscore Errors during the apply phase $resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" - unset TF_DATA_DIR - exit $return_value +if [ 1 == $return_value ]; then + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldreduscore Errors during the apply phase $resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" + unset TF_DATA_DIR + exit $return_value fi -REMOTE_STATE_SA=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw remote_state_storage_account_name| tr -d \") +REMOTE_STATE_SA=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw remote_state_storage_account_name | tr -d \") temp=$(echo "${REMOTE_STATE_SA}" | grep -m1 "Warning") -if [ -z "${temp}" ] -then - temp=$(echo "${REMOTE_STATE_SA}" | grep "Backend reinitialization required") - if [ -z "${temp}" ] - then - save_config_var "REMOTE_STATE_SA" "${library_config_information}" - fi +if [ -z "${temp}" ]; then + temp=$(echo "${REMOTE_STATE_SA}" | grep "Backend reinitialization required") + if [ -z "${temp}" ]; then + save_config_var "REMOTE_STATE_SA" "${library_config_information}" + fi fi -tfstate_resource_id=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw tfstate_resource_id| tr -d \") +tfstate_resource_id=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw tfstate_resource_id | tr -d \") temp=$(echo $tfstate_resource_id | grep -m1 "Warning") -if [ -z "${temp}" ] -then - temp=$(echo "${tfstate_resource_id}" | grep "Backend reinitialization required") - if [ -z "${temp}" ] - then - save_config_var "tfstate_resource_id" "${library_config_information}" - fi +if [ -z "${temp}" ]; then + temp=$(echo "${tfstate_resource_id}" | grep "Backend reinitialization required") + if [ -z "${temp}" ]; then + save_config_var "tfstate_resource_id" "${library_config_information}" + fi fi REMOTE_STATE_RG=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw created_resource_group_name | tr -d \") temp=$(echo "${REMOTE_STATE_RG}" | grep -m1 "Warning") -if [ -z "${temp}" ] -then - temp=$(echo "${REMOTE_STATE_RG}" | grep "Backend reinitialization required") - if [ -z "${temp}" ] - then - save_config_var "REMOTE_STATE_RG" "${library_config_information}" - return_value=0 - fi +if [ -z "${temp}" ]; then + temp=$(echo "${REMOTE_STATE_RG}" | grep "Backend reinitialization required") + if [ -z "${temp}" ]; then + save_config_var "REMOTE_STATE_RG" "${library_config_information}" + return_value=0 + fi fi random_id_b64=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw random_id_b64 | tr -d \") temp=$(echo "${random_id_b64}" | grep -m1 "Warning") -if [ -z "${temp}" ] -then - temp=$(echo "${random_id_b64}" | grep "Backend reinitialization required") - if [ -z "${temp}" ] - then - save_config_var "library_random_id" "${random_id_b64}" - return_value=0 - fi +if [ -z "${temp}" ]; then + temp=$(echo "${random_id_b64}" | grep "Backend reinitialization required") + if [ -z "${temp}" ]; then + save_config_var "library_random_id" "${random_id_b64}" + return_value=0 + fi fi exit $return_value diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index 3012f68e8c..4d5a9c252b 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -26,32 +26,79 @@ deploy_using_msi_only=0 INPUT_ARGUMENTS=$(getopt -n install_workloadzone -o p:d:e:k:o:s:c:n:t:v:aifhm --longoptions parameterfile:,deployer_tfstate_key:,deployer_environment:,subscription:,spn_id:,spn_secret:,tenant_id:,state_subscription:,keyvault:,storageaccountname:,ado,auto-approve,force,help,msi -- "$@") VALID_ARGUMENTS=$? if [ "$VALID_ARGUMENTS" != "0" ]; then - showhelp + showhelp fi eval set -- "$INPUT_ARGUMENTS" -while : -do - case "$1" in - -a | --ado) called_from_ado=1 ; shift ;; - -c | --spn_id) client_id="$2" ; shift 2 ;; - -d | --deployer_tfstate_key) deployer_tfstate_key="$2" ; shift 2 ;; - -e | --deployer_environment) deployer_environment="$2" ; shift 2 ;; - -f | --force) force=1 ; shift ;; - -i | --auto-approve) approve="--auto-approve" ; shift ;; - -k | --state_subscription) STATE_SUBSCRIPTION="$2" ; shift 2 ;; - -m | --msi) deploy_using_msi_only=1 ; shift ;; - -n | --spn_secret) spn_secret="$2" ; shift 2 ;; - -o | --storageaccountname) REMOTE_STATE_SA="$2" ; shift 2 ;; - -p | --parameterfile) parameterfile="$2" ; shift 2 ;; - -s | --subscription) subscription="$2" ; shift 2 ;; - -t | --tenant_id) tenant_id="$2" ; shift 2 ;; - -v | --keyvault) keyvault="$2" ; shift 2 ;; - - -h | --help) workload_zone_showhelp - exit 3 ; shift ;; - --) shift; break ;; - esac +while :; do + case "$1" in + -a | --ado) + called_from_ado=1 + shift + ;; + -c | --spn_id) + client_id="$2" + shift 2 + ;; + -d | --deployer_tfstate_key) + deployer_tfstate_key="$2" + shift 2 + ;; + -e | --deployer_environment) + deployer_environment="$2" + shift 2 + ;; + -f | --force) + force=1 + shift + ;; + -i | --auto-approve) + approve="--auto-approve" + shift + ;; + -k | --state_subscription) + STATE_SUBSCRIPTION="$2" + shift 2 + ;; + -m | --msi) + deploy_using_msi_only=1 + shift + ;; + -n | --spn_secret) + spn_secret="$2" + shift 2 + ;; + -o | --storageaccountname) + REMOTE_STATE_SA="$2" + shift 2 + ;; + -p | --parameterfile) + parameterfile="$2" + shift 2 + ;; + -s | --subscription) + subscription="$2" + shift 2 + ;; + -t | --tenant_id) + tenant_id="$2" + shift 2 + ;; + -v | --keyvault) + keyvault="$2" + shift 2 + ;; + + -h | --help) + workload_zone_showhelp + exit 3 + shift + ;; + --) + shift + break + ;; + esac done tfstate_resource_id="" tfstate_parameter="" @@ -68,10 +115,10 @@ deployer_environment=$(echo "${deployer_environment}" | tr "[:lower:]" "[:upper: echo "Deployer environment: $deployer_environment" -if [ 1 == $called_from_ado ] ; then - this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 - export TF_VAR_Agent_IP=$this_ip - echo "Agent IP: $this_ip" +if [ 1 == $called_from_ado ]; then + this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 + export TF_VAR_Agent_IP=$this_ip + echo "Agent IP: $this_ip" fi @@ -80,55 +127,53 @@ workload_file_parametername=$(basename "${parameterfile}") param_dirname=$(dirname "${parameterfile}") if [ "$param_dirname" != '.' ]; then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldred Please run this command from the folder containing the parameter file$resetformatting #" - echo "# #" - echo "#########################################################################################" - exit 3 + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldred Please run this command from the folder containing the parameter file$resetformatting #" + echo "# #" + echo "#########################################################################################" + exit 3 fi -if [ ! -f "${workload_file_parametername}" ] -then - printf -v val %-40.40s "$workload_file_parametername" - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldreduscore Parameter file does not exist: ${val}$resetformatting #" - echo "# #" - echo "#########################################################################################" - exit 3 +if [ ! -f "${workload_file_parametername}" ]; then + printf -v val %-40.40s "$workload_file_parametername" + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldreduscore Parameter file does not exist: ${val}$resetformatting #" + echo "# #" + echo "#########################################################################################" + exit 3 fi # Check that the exports ARM_SUBSCRIPTION_ID and SAP_AUTOMATION_REPO_PATH are defined validate_exports return_code=$? if [ 0 != $return_code ]; then - exit $return_code + exit $return_code fi # Check that Terraform and Azure CLI is installed validate_dependencies return_code=$? if [ 0 != $return_code ]; then - exit $return_code + exit $return_code fi # Check that parameter files have environment and location defined validate_key_parameters "$workload_file_parametername" return_code=$? if [ 0 != $return_code ]; then - exit $return_code + exit $return_code fi # Convert the region to the correct code get_region_code "$region" - if [ "${region_code}" == 'UNKN' ]; then - LOCATION_CODE=$(echo "$workload_file_parametername" | awk -F'-' '{print $2}' ) - region_code=$(echo "${LOCATION_CODE}" | tr "[:lower:]" "[:upper:]" | xargs) + LOCATION_CODE=$(echo "$workload_file_parametername" | awk -F'-' '{print $2}') + region_code=$(echo "${LOCATION_CODE}" | tr "[:lower:]" "[:upper:]" | xargs) fi echo "Region code: ${region_code}" @@ -137,15 +182,15 @@ load_config_vars "$workload_file_parametername" "network_logical_name" network_logical_name=$(echo "${network_logical_name}" | tr "[:lower:]" "[:upper:]" | xargs) if [ -z "${network_logical_name}" ]; then - echo "#########################################################################################" - echo "# #" - echo -e "# $boldred Incorrect parameter file. $resetformatting #" - echo "# #" - echo "# The file must contain the network_logical_name attribute!! #" - echo "# #" - echo "#########################################################################################" - echo "" - return 64 #script usage wrong + echo "#########################################################################################" + echo "# #" + echo -e "# $boldred Incorrect parameter file. $resetformatting #" + echo "# #" + echo "# The file must contain the network_logical_name attribute!! #" + echo "# #" + echo "#########################################################################################" + echo "" + return 64 #script usage wrong fi key=$(echo "${workload_file_parametername}" | cut -d. -f1) @@ -157,24 +202,22 @@ automation_config_directory=$CONFIG_REPO_PATH/.sap_deployment_automation generic_config_information="${automation_config_directory}"/config if [ "$deployer_environment" != "$environment" ]; then - if [ -f "${automation_config_directory}"/"${environment}""${region_code}" ]; then - # Add support for having multiple vnets in the same environment and zone - rename exiting file to support seamless transition - mv "${automation_config_directory}"/"${environment}""${region_code}" "${automation_config_directory}"/"${environment}""${region_code}""${network_logical_name}" - fi + if [ -f "${automation_config_directory}"/"${environment}""${region_code}" ]; then + # Add support for having multiple vnets in the same environment and zone - rename exiting file to support seamless transition + mv "${automation_config_directory}"/"${environment}""${region_code}" "${automation_config_directory}"/"${environment}""${region_code}""${network_logical_name}" + fi fi workload_config_information="${automation_config_directory}/${environment}${region_code}${network_logical_name}" deployer_config_information="${automation_config_directory}/${deployer_environment}${region_code}" save_config_vars "${workload_config_information}" \ -STATE_SUBSCRIPTION REMOTE_STATE_SA subscription + STATE_SUBSCRIPTION REMOTE_STATE_SA subscription -if [ "${force}" == 1 ] -then - if [ -f "${workload_config_information}" ] - then - rm "${workload_config_information}" - fi - rm -Rf .terraform terraform.tfstate* +if [ "${force}" == 1 ]; then + if [ -f "${workload_config_information}" ]; then + rm "${workload_config_information}" + fi + rm -Rf .terraform terraform.tfstate* fi echo "" @@ -187,127 +230,115 @@ echo "Deployer Subscription: $STATE_SUBSCRIPTION" echo "Remote state storage account: $REMOTE_STATE_SA" echo "Target Subscription: $subscription" -if [[ -n $STATE_SUBSCRIPTION ]] -then - if is_valid_guid "$STATE_SUBSCRIPTION" ; then +if [[ -n $STATE_SUBSCRIPTION ]]; then + if is_valid_guid "$STATE_SUBSCRIPTION"; then - save_config_vars "${workload_config_information}" \ - STATE_SUBSCRIPTION + save_config_vars "${workload_config_information}" \ + STATE_SUBSCRIPTION - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $cyan Changing the subscription to: $STATE_SUBSCRIPTION $resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" - az account set --sub "${STATE_SUBSCRIPTION}" + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $cyan Changing the subscription to: $STATE_SUBSCRIPTION $resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" + az account set --sub "${STATE_SUBSCRIPTION}" - else - printf -v val %-40.40s "$STATE_SUBSCRIPTION" - echo "#########################################################################################" - echo "# #" - echo -e "#The provided state_subscription is not valid:$boldred ${val} $resetformatting#" - echo "# #" - echo "#########################################################################################" - echo "The provided subscription for the terraform storage is not valid: ${val}" > "${workload_config_information}".err - exit 65 - fi + else + printf -v val %-40.40s "$STATE_SUBSCRIPTION" + echo "#########################################################################################" + echo "# #" + echo -e "#The provided state_subscription is not valid:$boldred ${val} $resetformatting#" + echo "# #" + echo "#########################################################################################" + echo "The provided subscription for the terraform storage is not valid: ${val}" >"${workload_config_information}".err + exit 65 + fi fi -if [ -n "$REMOTE_STATE_SA" ] ; then - get_and_store_sa_details ${REMOTE_STATE_SA} ${workload_config_information} +if [ -n "$REMOTE_STATE_SA" ]; then + get_and_store_sa_details ${REMOTE_STATE_SA} ${workload_config_information} fi -if [ -n "$keyvault" ] -then - if valid_kv_name "$keyvault" ; then - save_config_var "keyvault" "${workload_config_information}" - else - printf -v val %-40.40s "$keyvault" - echo "#########################################################################################" - echo "# #" - echo -e "# The provided keyvault is not valid:$boldred ${val} $resetformatting #" - echo "# #" - echo "#########################################################################################" - - echo "The provided keyvault is not valid: ${val}" > "${workload_config_information}".err - exit 65 - fi +if [ -n "$keyvault" ]; then + if valid_kv_name "$keyvault"; then + save_config_var "keyvault" "${workload_config_information}" + else + printf -v val %-40.40s "$keyvault" + echo "#########################################################################################" + echo "# #" + echo -e "# The provided keyvault is not valid:$boldred ${val} $resetformatting #" + echo "# #" + echo "#########################################################################################" + + echo "The provided keyvault is not valid: ${val}" >"${workload_config_information}".err + exit 65 + fi fi +if [ ! -f "${workload_config_information}" ]; then + # Ask for deployer environment name and try to read the deployer state file and resource group details from the configuration file + if [ -z "$deployer_environment" ]; then + read -p "Deployer environment name: " deployer_environment + fi -if [ ! -f "${workload_config_information}" ] -then - # Ask for deployer environment name and try to read the deployer state file and resource group details from the configuration file - if [ -z "$deployer_environment" ] - then - read -p "Deployer environment name: " deployer_environment + deployer_config_information="${automation_config_directory}"/"${deployer_environment}""${region_code}" + if [ -f "$deployer_config_information" ]; then + if [ -z "${keyvault}" ]; then + load_config_vars "${deployer_config_information}" "keyvault" fi - deployer_config_information="${automation_config_directory}"/"${deployer_environment}""${region_code}" - if [ -f "$deployer_config_information" ] - then - if [ -z "${keyvault}" ] - then - load_config_vars "${deployer_config_information}" "keyvault" - fi + load_config_vars "${deployer_config_information}" "REMOTE_STATE_RG" + if [ -z "${REMOTE_STATE_SA}" ]; then + load_config_vars "${deployer_config_information}" "REMOTE_STATE_SA" + fi + load_config_vars "${deployer_config_information}" "tfstate_resource_id" + load_config_vars "${deployer_config_information}" "deployer_tfstate_key" - load_config_vars "${deployer_config_information}" "REMOTE_STATE_RG" - if [ -z "${REMOTE_STATE_SA}" ] - then - load_config_vars "${deployer_config_information}" "REMOTE_STATE_SA" - fi - load_config_vars "${deployer_config_information}" "tfstate_resource_id" - load_config_vars "${deployer_config_information}" "deployer_tfstate_key" + save_config_vars "${workload_config_information}" \ + keyvault \ + subscription \ + deployer_tfstate_key \ + tfstate_resource_id \ + REMOTE_STATE_SA \ + REMOTE_STATE_RG + fi +fi - save_config_vars "${workload_config_information}" \ +if [ -z "$tfstate_resource_id" ]; then + echo "No tfstate_resource_id" + if [ -n "$deployer_environment" ]; then + deployer_config_information="${automation_config_directory}"/"${deployer_environment}""${region_code}" + echo "Deployer config file: $deployer_config_information" + if [ -f "$deployer_config_information" ]; then + load_config_vars "${deployer_config_information}" "keyvault" + load_config_vars "${deployer_config_information}" "REMOTE_STATE_RG" + load_config_vars "${deployer_config_information}" "REMOTE_STATE_SA" + load_config_vars "${deployer_config_information}" "tfstate_resource_id" + load_config_vars "${deployer_config_information}" "deployer_tfstate_key" + + save_config_vars "${workload_config_information}" \ + tfstate_resource_id + + save_config_vars "${workload_config_information}" \ keyvault \ subscription \ deployer_tfstate_key \ - tfstate_resource_id \ REMOTE_STATE_SA \ REMOTE_STATE_RG fi -fi - -if [ -z "$tfstate_resource_id" ] -then - echo "No tfstate_resource_id" - if [ -n "$deployer_environment" ] - then - deployer_config_information="${automation_config_directory}"/"${deployer_environment}""${region_code}" - echo "Deployer config file: $deployer_config_information" - if [ -f "$deployer_config_information" ] - then - load_config_vars "${deployer_config_information}" "keyvault" - load_config_vars "${deployer_config_information}" "REMOTE_STATE_RG" - load_config_vars "${deployer_config_information}" "REMOTE_STATE_SA" - load_config_vars "${deployer_config_information}" "tfstate_resource_id" - load_config_vars "${deployer_config_information}" "deployer_tfstate_key" - - save_config_vars "${workload_config_information}" \ - tfstate_resource_id - - save_config_vars "${workload_config_information}" \ - keyvault \ - subscription \ - deployer_tfstate_key \ - REMOTE_STATE_SA \ - REMOTE_STATE_RG - fi - fi + fi else - echo "Terraform Storage Account Id: $tfstate_resource_id" + echo "Terraform Storage Account Id: $tfstate_resource_id" - save_config_vars "${workload_config_information}" \ + save_config_vars "${workload_config_information}" \ tfstate_resource_id fi - echo "" init "${automation_config_directory}" "${generic_config_information}" "${workload_config_information}" @@ -315,275 +346,252 @@ param_dirname=$(pwd) var_file="${param_dirname}"/"${parameterfile}" export TF_DATA_DIR="${param_dirname}/.terraform" -if [ -n "$subscription" ] -then - if is_valid_guid "$subscription" ; then - echo "" - export ARM_SUBSCRIPTION_ID="${subscription}" - else - printf -v val %-40.40s "$subscription" - echo "#########################################################################################" - echo "# #" - echo -e "# The provided subscription is not valid:$boldred ${val} $resetformatting# " - echo "# #" - echo "#########################################################################################" +if [ -n "$subscription" ]; then + if is_valid_guid "$subscription"; then + echo "" + export ARM_SUBSCRIPTION_ID="${subscription}" + else + printf -v val %-40.40s "$subscription" + echo "#########################################################################################" + echo "# #" + echo -e "# The provided subscription is not valid:$boldred ${val} $resetformatting# " + echo "# #" + echo "#########################################################################################" - echo "The provided subscription is not valid: ${val}" > "${workload_config_information}".err + echo "The provided subscription is not valid: ${val}" >"${workload_config_information}".err - exit 65 - fi + exit 65 + fi fi if [ 0 = "${deploy_using_msi_only:-}" ]; then - if [ -n "$client_id" ] - then - if is_valid_guid "$client_id" ; then - echo "" - else - printf -v val %-40.40s "$client_id" - echo "#########################################################################################" - echo "# #" - echo -e "# The provided spn_id is not valid:$boldred ${val} $resetformatting #" - echo "# #" - echo "#########################################################################################" - exit 65 - fi + if [ -n "$client_id" ]; then + if is_valid_guid "$client_id"; then + echo "" + else + printf -v val %-40.40s "$client_id" + echo "#########################################################################################" + echo "# #" + echo -e "# The provided spn_id is not valid:$boldred ${val} $resetformatting #" + echo "# #" + echo "#########################################################################################" + exit 65 fi + fi - if [ -n "$tenant_id" ] - then - if is_valid_guid "$tenant_id" ; then - echo "Valid tenant id format" - else - printf -v val %-40.40s "$tenant_id" - echo "#########################################################################################" - echo "# #" - echo -e "# The provided tenant_id is not valid:$boldred ${val} $resetformatting #" - echo "# #" - echo "#########################################################################################" - exit 65 - fi - - fi - #setting the user environment variables - if [ -n "${spn_secret}" ] - then - set_executing_user_environment_variables "${spn_secret}" + if [ -n "$tenant_id" ]; then + if is_valid_guid "$tenant_id"; then + echo "Valid tenant id format" else - set_executing_user_environment_variables "none" + printf -v val %-40.40s "$tenant_id" + echo "#########################################################################################" + echo "# #" + echo -e "# The provided tenant_id is not valid:$boldred ${val} $resetformatting #" + echo "# #" + echo "#########################################################################################" + exit 65 fi + + fi + #setting the user environment variables + if [ -n "${spn_secret}" ]; then + set_executing_user_environment_variables "${spn_secret}" + else + set_executing_user_environment_variables "none" + fi else - #setting the user environment variables - set_executing_user_environment_variables "N/A" + #setting the user environment variables + set_executing_user_environment_variables "N/A" fi if [[ -z ${REMOTE_STATE_SA} ]]; then - load_config_vars "${workload_config_information}" "REMOTE_STATE_SA" + load_config_vars "${workload_config_information}" "REMOTE_STATE_SA" fi load_config_vars "${workload_config_information}" "REMOTE_STATE_RG" load_config_vars "${workload_config_information}" "tfstate_resource_id" if [[ -z ${STATE_SUBSCRIPTION} ]]; then - load_config_vars "${workload_config_information}" "STATE_SUBSCRIPTION" + load_config_vars "${workload_config_information}" "STATE_SUBSCRIPTION" fi if [[ -z ${subscription} ]]; then - load_config_vars "${workload_config_information}" "subscription" + load_config_vars "${workload_config_information}" "subscription" fi if [[ -z ${deployer_tfstate_key} ]]; then - load_config_vars "${workload_config_information}" "deployer_tfstate_key" + load_config_vars "${workload_config_information}" "deployer_tfstate_key" fi -if [ -n "$tfstate_resource_id" ] -then - REMOTE_STATE_RG=$(echo "$tfstate_resource_id" | cut -d / -f5) - REMOTE_STATE_SA=$(echo "$tfstate_resource_id" | cut -d / -f9) - STATE_SUBSCRIPTION=$(echo "$tfstate_resource_id" | cut -d / -f3) +if [ -n "$tfstate_resource_id" ]; then + REMOTE_STATE_RG=$(echo "$tfstate_resource_id" | cut -d / -f5) + REMOTE_STATE_SA=$(echo "$tfstate_resource_id" | cut -d / -f9) + STATE_SUBSCRIPTION=$(echo "$tfstate_resource_id" | cut -d / -f3) - save_config_vars "${workload_config_information}" \ + save_config_vars "${workload_config_information}" \ REMOTE_STATE_SA \ REMOTE_STATE_RG \ STATE_SUBSCRIPTION else - get_and_store_sa_details ${REMOTE_STATE_SA} ${workload_config_information} + get_and_store_sa_details ${REMOTE_STATE_SA} ${workload_config_information} fi - -if [ -z "$subscription" ] -then - subscription="${STATE_SUBSCRIPTION}" +if [ -z "$subscription" ]; then + subscription="${STATE_SUBSCRIPTION}" fi -if [ -z "$REMOTE_STATE_SA" ] -then - if [ -z "$REMOTE_STATE_RG" ] - then - load_config_vars "${workload_config_information}" "tfstate_resource_id" - if [ -n "${tfstate_resource_id}" ] - then - REMOTE_STATE_RG=$(echo "$tfstate_resource_id" | cut -d / -f5) - REMOTE_STATE_SA=$(echo "$tfstate_resource_id" | cut -d / -f9) - STATE_SUBSCRIPTION=$(echo "$tfstate_resource_id" | cut -d / -f3) - fi +if [ -z "$REMOTE_STATE_SA" ]; then + if [ -z "$REMOTE_STATE_RG" ]; then + load_config_vars "${workload_config_information}" "tfstate_resource_id" + if [ -n "${tfstate_resource_id}" ]; then + REMOTE_STATE_RG=$(echo "$tfstate_resource_id" | cut -d / -f5) + REMOTE_STATE_SA=$(echo "$tfstate_resource_id" | cut -d / -f9) + STATE_SUBSCRIPTION=$(echo "$tfstate_resource_id" | cut -d / -f3) fi + fi - tfstate_parameter=" -var tfstate_resource_id=${tfstate_resource_id}" + tfstate_parameter=" -var tfstate_resource_id=${tfstate_resource_id}" else - if [ -z "$REMOTE_STATE_RG" ] - then - get_and_store_sa_details "${REMOTE_STATE_SA}" "${workload_config_information}" - load_config_vars "${workload_config_information}" "STATE_SUBSCRIPTION" - load_config_vars "${workload_config_information}" "REMOTE_STATE_RG" - load_config_vars "${workload_config_information}" "tfstate_resource_id" - fi + if [ -z "$REMOTE_STATE_RG" ]; then + get_and_store_sa_details "${REMOTE_STATE_SA}" "${workload_config_information}" + load_config_vars "${workload_config_information}" "STATE_SUBSCRIPTION" + load_config_vars "${workload_config_information}" "REMOTE_STATE_RG" + load_config_vars "${workload_config_information}" "tfstate_resource_id" + fi fi -useSAS=$(az storage account show --name "${REMOTE_STATE_SA}" --query allowSharedKeyAccess --subscription "${STATE_SUBSCRIPTION}" --out tsv) +useSAS=$(az storage account show --name "${REMOTE_STATE_SA}" --query allowSharedKeyAccess --subscription "${STATE_SUBSCRIPTION}" --out tsv) -if [ "$useSAS" = "true" ] ; then - echo "Storage Account authentication: key" - export ARM_USE_AZUREAD=false +if [ "$useSAS" = "true" ]; then + echo "Storage Account authentication: key" + export ARM_USE_AZUREAD=false else - echo "Storage Account authentication: Entra ID" - export ARM_USE_AZUREAD=true + echo "Storage Account authentication: Entra ID" + export ARM_USE_AZUREAD=true fi - if [ 1 = "${deploy_using_msi_only:-}" ]; then - if [ -n "${keyvault}" ] - then - echo "Setting the secrets" + if [ -n "${keyvault}" ]; then + echo "Setting the secrets" - allParams=$(printf " --workload --environment %s --region %s --vault %s --keyvault_subscription %s --subscription %s --msi " "${environment}" "${region_code}" "${keyvault}" "${STATE_SUBSCRIPTION}" "${ARM_SUBSCRIPTION_ID}" ) + allParams=$(printf " --workload --environment %s --region %s --vault %s --keyvault_subscription %s --subscription %s --msi " "${environment}" "${region_code}" "${keyvault}" "${STATE_SUBSCRIPTION}" "${ARM_SUBSCRIPTION_ID}") - echo "Calling set_secrets with: ${allParams}" + echo "Calling set_secrets with: ${allParams}" - "${SAP_AUTOMATION_REPO_PATH}"/deploy/scripts/set_secrets.sh ${allParams} + "${SAP_AUTOMATION_REPO_PATH}"/deploy/scripts/set_secrets.sh ${allParams} - if [ -f secret.err ]; then - error_message=$(cat secret.err) - echo "##vso[task.logissue type=error]${error_message}" - rm secret.err - exit 65 - fi + if [ -f secret.err ]; then + error_message=$(cat secret.err) + echo "##vso[task.logissue type=error]${error_message}" + rm secret.err + exit 65 fi + fi else - if [ -n "${keyvault}" ] - then - echo "Setting the secrets" + if [ -n "${keyvault}" ]; then + echo "Setting the secrets" - save_config_var "client_id" "${workload_config_information}" - save_config_var "tenant_id" "${workload_config_information}" + save_config_var "client_id" "${workload_config_information}" + save_config_var "tenant_id" "${workload_config_information}" - if [ -n "$spn_secret" ] - then - fixed_allParams=$(printf " --workload --environment %s --region %s --vault %s --subscription %s --spn_secret ***** --keyvault_subscription %s --spn_id %s --tenant_id %s " "${environment}" "${region_code}" "${keyvault}" "${ARM_SUBSCRIPTION_ID}" "${STATE_SUBSCRIPTION}" "${client_id}" "${tenant_id}" ) + if [ -n "$spn_secret" ]; then + fixed_allParams=$(printf " --workload --environment %s --region %s --vault %s --subscription %s --spn_secret ***** --keyvault_subscription %s --spn_id %s --tenant_id %s " "${environment}" "${region_code}" "${keyvault}" "${ARM_SUBSCRIPTION_ID}" "${STATE_SUBSCRIPTION}" "${client_id}" "${tenant_id}") - echo "Calling set_secrets with: ${fixed_allParams}" + echo "Calling set_secrets with: ${fixed_allParams}" - allParams=$(printf " --workload --environment %s --region %s --vault %s --spn_secret %s --subscription %s --keyvault_subscription %s --spn_id %s --tenant_id %s " "${environment}" "${region_code}" "${keyvault}" "${spn_secret}" "${ARM_SUBSCRIPTION_ID}" "${STATE_SUBSCRIPTION}" "${client_id}" "${tenant_id}" ) + allParams=$(printf " --workload --environment %s --region %s --vault %s --spn_secret %s --subscription %s --keyvault_subscription %s --spn_id %s --tenant_id %s " "${environment}" "${region_code}" "${keyvault}" "${spn_secret}" "${ARM_SUBSCRIPTION_ID}" "${STATE_SUBSCRIPTION}" "${client_id}" "${tenant_id}") - "${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/set_secrets.sh" ${allParams} + "${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/set_secrets.sh" ${allParams} - if [ -f secret.err ]; then - error_message=$(cat secret.err) - echo "##vso[task.logissue type=error]${error_message}" + if [ -f secret.err ]; then + error_message=$(cat secret.err) + echo "##vso[task.logissue type=error]${error_message}" - exit 65 - fi - else - read -p "Do you want to specify the Workload SPN Details Y/N?" ans - answer=${ans^^} - if [ ${answer} == 'Y' ]; then - allParams=$(printf " --workload --environment %s --region %s --vault %s --subscription %s --spn_id %s " "${environment}" "${region_code}" "${keyvault}" "${STATE_SUBSCRIPTION}" "${client_id}" ) - - "${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/set_secrets.sh ${allParams}" - if [ $? -eq 255 ] - then - exit $? - fi - fi + exit 65 + fi + else + read -p "Do you want to specify the Workload SPN Details Y/N?" ans + answer=${ans^^} + if [ ${answer} == 'Y' ]; then + allParams=$(printf " --workload --environment %s --region %s --vault %s --subscription %s --spn_id %s " "${environment}" "${region_code}" "${keyvault}" "${STATE_SUBSCRIPTION}" "${client_id}") + + "${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/set_secrets.sh ${allParams}" + if [ $? -eq 255 ]; then + exit $? fi + fi + fi - if [ -f kv.log ] - then - rm kv.log - fi + if [ -f kv.log ]; then + rm kv.log fi + fi fi -if [ -z "${deployer_tfstate_key}" ] -then - load_config_vars "${workload_config_information}" "deployer_tfstate_key" - if [ -n "${deployer_tfstate_key}" ] - then - # Deployer state was specified in $CONFIG_REPO_PATH/.sap_deployment_automation library config - deployer_tfstate_key_parameter=" -var deployer_tfstate_key=${deployer_tfstate_key}" - fi -else +if [ -z "${deployer_tfstate_key}" ]; then + load_config_vars "${workload_config_information}" "deployer_tfstate_key" + if [ -n "${deployer_tfstate_key}" ]; then + # Deployer state was specified in $CONFIG_REPO_PATH/.sap_deployment_automation library config deployer_tfstate_key_parameter=" -var deployer_tfstate_key=${deployer_tfstate_key}" - save_config_vars "${workload_config_information}" deployer_tfstate_key + fi +else + deployer_tfstate_key_parameter=" -var deployer_tfstate_key=${deployer_tfstate_key}" + save_config_vars "${workload_config_information}" deployer_tfstate_key fi if [ -z "${REMOTE_STATE_SA}" ]; then - read -p "Terraform state storage account name:" REMOTE_STATE_SA - get_and_store_sa_details "${REMOTE_STATE_SA}" "${workload_config_information}" - load_config_vars "${workload_config_information}" "STATE_SUBSCRIPTION" - load_config_vars "${workload_config_information}" "REMOTE_STATE_RG" - load_config_vars "${workload_config_information}" "tfstate_resource_id" - - tfstate_parameter=" -var tfstate_resource_id=${tfstate_resource_id}" - - if [ -n "${STATE_SUBSCRIPTION}" ] - then - if [ $account_set == 0 ] - then - az account set --sub "${STATE_SUBSCRIPTION}" - account_set=1 - fi + read -p "Terraform state storage account name:" REMOTE_STATE_SA + get_and_store_sa_details "${REMOTE_STATE_SA}" "${workload_config_information}" + load_config_vars "${workload_config_information}" "STATE_SUBSCRIPTION" + load_config_vars "${workload_config_information}" "REMOTE_STATE_RG" + load_config_vars "${workload_config_information}" "tfstate_resource_id" + + tfstate_parameter=" -var tfstate_resource_id=${tfstate_resource_id}" + + if [ -n "${STATE_SUBSCRIPTION}" ]; then + if [ $account_set == 0 ]; then + az account set --sub "${STATE_SUBSCRIPTION}" + account_set=1 fi + fi fi if [ -z "${REMOTE_STATE_RG}" ]; then - if [ -n "${REMOTE_STATE_SA}" ]; then - get_and_store_sa_details ${REMOTE_STATE_SA} "${workload_config_information}" - load_config_vars "${workload_config_information}" "STATE_SUBSCRIPTION" - load_config_vars "${workload_config_information}" "REMOTE_STATE_RG" - load_config_vars "${workload_config_information}" "tfstate_resource_id" - - tfstate_parameter=" -var tfstate_resource_id=${tfstate_resource_id}" - else - option="REMOTE_STATE_RG" - read -p "Remote state resource group name:" REMOTE_STATE_RG - save_config_vars "${workload_config_information}" REMOTE_STATE_RG - fi -fi - -if [ -n "${tfstate_resource_id}" ] -then - tfstate_parameter=" -var tfstate_resource_id=${tfstate_resource_id}" -else + if [ -n "${REMOTE_STATE_SA}" ]; then get_and_store_sa_details ${REMOTE_STATE_SA} "${workload_config_information}" + load_config_vars "${workload_config_information}" "STATE_SUBSCRIPTION" + load_config_vars "${workload_config_information}" "REMOTE_STATE_RG" load_config_vars "${workload_config_information}" "tfstate_resource_id" + tfstate_parameter=" -var tfstate_resource_id=${tfstate_resource_id}" + else + option="REMOTE_STATE_RG" + read -p "Remote state resource group name:" REMOTE_STATE_RG + save_config_vars "${workload_config_information}" REMOTE_STATE_RG + fi fi -terraform_module_directory="$(realpath "${SAP_AUTOMATION_REPO_PATH}"/deploy/terraform/run/"${deployment_system}" )" +if [ -n "${tfstate_resource_id}" ]; then + tfstate_parameter=" -var tfstate_resource_id=${tfstate_resource_id}" +else + get_and_store_sa_details ${REMOTE_STATE_SA} "${workload_config_information}" + load_config_vars "${workload_config_information}" "tfstate_resource_id" + tfstate_parameter=" -var tfstate_resource_id=${tfstate_resource_id}" +fi -if [ ! -d "${terraform_module_directory}" ] -then - printf -v val %-40.40s "$deployment_system" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldred Incorrect system deployment type specified: ${val}$resetformatting#" - echo "# #" - echo "# Valid options are: #" - echo "# sap_landscape #" - echo "# #" - echo "#########################################################################################" - echo "" - exit 1 +terraform_module_directory="$(realpath "${SAP_AUTOMATION_REPO_PATH}"/deploy/terraform/run/"${deployment_system}")" + +if [ ! -d "${terraform_module_directory}" ]; then + printf -v val %-40.40s "$deployment_system" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldred Incorrect system deployment type specified: ${val}$resetformatting#" + echo "# #" + echo "# Valid options are: #" + echo "# sap_landscape #" + echo "# #" + echo "#########################################################################################" + echo "" + exit 1 fi ok_to_proceed=false @@ -593,14 +601,14 @@ new_deployment=false isInCloudShellCheck=$(checkIfCloudShell) if checkIfCloudShell; then - mkdir -p "${HOME}/.terraform.d/plugin-cache" - export TF_PLUGIN_CACHE_DIR="${HOME}/.terraform.d/plugin-cache" + mkdir -p "${HOME}/.terraform.d/plugin-cache" + export TF_PLUGIN_CACHE_DIR="${HOME}/.terraform.d/plugin-cache" else - if [ ! -d /opt/terraform/.terraform.d/plugin-cache ]; then - mkdir -p /opt/terraform/.terraform.d/plugin-cache - sudo chown -R "$USER" /opt/terraform - fi - export TF_PLUGIN_CACHE_DIR=/opt/terraform/.terraform.d/plugin-cache + if [ ! -d /opt/terraform/.terraform.d/plugin-cache ]; then + mkdir -p /opt/terraform/.terraform.d/plugin-cache + sudo chown -R "$USER" /opt/terraform + fi + export TF_PLUGIN_CACHE_DIR=/opt/terraform/.terraform.d/plugin-cache fi root_dirname=$(pwd) @@ -614,48 +622,45 @@ echo "Resource Group: ${REMOTE_STATE_RG}" echo "State file: ${key}.terraform.tfstate" echo "Target subscription: ${ARM_SUBSCRIPTION_ID}" -if [ ! -d ./.terraform/ ]; -then - terraform -chdir="${terraform_module_directory}" init -upgrade=true \ - --backend-config "subscription_id=${STATE_SUBSCRIPTION}" \ - --backend-config "resource_group_name=${REMOTE_STATE_RG}" \ - --backend-config "storage_account_name=${REMOTE_STATE_SA}" \ - --backend-config "container_name=tfstate" \ +if [ ! -d ./.terraform/ ]; then + terraform -chdir="${terraform_module_directory}" init -upgrade=true \ + --backend-config "subscription_id=${STATE_SUBSCRIPTION}" \ + --backend-config "resource_group_name=${REMOTE_STATE_RG}" \ + --backend-config "storage_account_name=${REMOTE_STATE_SA}" \ + --backend-config "container_name=tfstate" \ --backend-config "key=${key}.terraform.tfstate" - return_value=$? + return_value=$? else - temp=$(grep "\"type\": \"local\"" .terraform/terraform.tfstate) - if [ -n "${temp}" ] - then - - terraform -chdir="${terraform_module_directory}" init -upgrade=true -force-copy \ - --backend-config "subscription_id=${STATE_SUBSCRIPTION}" \ - --backend-config "resource_group_name=${REMOTE_STATE_RG}" \ - --backend-config "storage_account_name=${REMOTE_STATE_SA}" \ - --backend-config "container_name=tfstate" \ - --backend-config "key=${key}.terraform.tfstate" - return_value=$? - else - check_output=1 - terraform -chdir="${terraform_module_directory}" init -upgrade=true -reconfigure \ - --backend-config "subscription_id=${STATE_SUBSCRIPTION}" \ - --backend-config "resource_group_name=${REMOTE_STATE_RG}" \ - --backend-config "storage_account_name=${REMOTE_STATE_SA}" \ - --backend-config "container_name=tfstate" \ - --backend-config "key=${key}.terraform.tfstate" - return_value=$? - fi + temp=$(grep "\"type\": \"local\"" .terraform/terraform.tfstate) + if [ -n "${temp}" ]; then + + terraform -chdir="${terraform_module_directory}" init -upgrade=true -force-copy \ + --backend-config "subscription_id=${STATE_SUBSCRIPTION}" \ + --backend-config "resource_group_name=${REMOTE_STATE_RG}" \ + --backend-config "storage_account_name=${REMOTE_STATE_SA}" \ + --backend-config "container_name=tfstate" \ + --backend-config "key=${key}.terraform.tfstate" + return_value=$? + else + check_output=1 + terraform -chdir="${terraform_module_directory}" init -upgrade=true -reconfigure \ + --backend-config "subscription_id=${STATE_SUBSCRIPTION}" \ + --backend-config "resource_group_name=${REMOTE_STATE_RG}" \ + --backend-config "storage_account_name=${REMOTE_STATE_SA}" \ + --backend-config "container_name=tfstate" \ + --backend-config "key=${key}.terraform.tfstate" + return_value=$? + fi fi -if [ 0 != $return_value ] -then - echo "#########################################################################################" - echo "# #" - echo -e "# $boldreduscore!!! Error when Initializing !!!$resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" - echo "Terraform initialization failed" > "${workload_config_information}".err - exit $return_value +if [ 0 != $return_value ]; then + echo "#########################################################################################" + echo "# #" + echo -e "# $boldreduscore!!! Error when Initializing !!!$resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" + echo "Terraform initialization failed" >"${workload_config_information}".err + exit $return_value fi check_output=0 @@ -673,70 +678,69 @@ save_config_var "subscription" "${workload_config_information}" save_config_var "STATE_SUBSCRIPTION" "${workload_config_information}" save_config_var "tfstate_resource_id" "${workload_config_information}" -if [ 1 == $check_output ] -then - outputs=$(terraform -chdir="${terraform_module_directory}" output) - if echo "${outputs}" | grep "No outputs"; then - ok_to_proceed=true - new_deployment=true - echo "#########################################################################################" - echo "# #" - echo -e "# $cyan New deployment $resetformatting #" - echo "# #" - echo "#########################################################################################" - else - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $cyan Existing deployment was detected $resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" - - workloadkeyvault=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw workloadzone_kv_name | tr -d \") - if valid_kv_name "$workloadkeyvault" ; then - save_config_var "workloadkeyvault" "${workload_config_information}" - fi +if [ 1 == $check_output ]; then + outputs=$(terraform -chdir="${terraform_module_directory}" output) + if echo "${outputs}" | grep "No outputs"; then + ok_to_proceed=true + new_deployment=true + echo "#########################################################################################" + echo "# #" + echo -e "# $cyan New deployment $resetformatting #" + echo "# #" + echo "#########################################################################################" + else + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $cyan Existing deployment was detected $resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" - deployed_using_version=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw automation_version) - if [ -z "${deployed_using_version}" ]; then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldred The environment was deployed using an older version of the Terrafrom templates $resetformatting #" - echo "# #" - echo "# !!! Risk for Data loss !!! #" - echo "# #" - echo "# Please inspect the output of Terraform plan carefully before proceeding #" - echo "# #" - echo "#########################################################################################" - if [ 1 == $called_from_ado ] ; then - unset TF_DATA_DIR - echo "The environment was deployed using an older version of the Terrafrom templates, Risk for data loss" > "${workload_config_information}".err - - exit 1 - fi + workloadkeyvault=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw workloadzone_kv_name | tr -d \") + if valid_kv_name "$workloadkeyvault"; then + save_config_var "workloadkeyvault" "${workload_config_information}" + fi - read -p "Do you want to continue Y/N?" ans - answer=${ans^^} - if [ $answer == 'Y' ]; then - ok_to_proceed=true - else - unset TF_DATA_DIR - exit 1 - fi - else - printf -v val %-.20s "$deployed_using_version" - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $cyan Deployed using the Terraform templates version: $val $resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" - #Add version logic here - fi + deployed_using_version=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw automation_version) + if [ -z "${deployed_using_version}" ]; then + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldred The environment was deployed using an older version of the Terrafrom templates $resetformatting #" + echo "# #" + echo "# !!! Risk for Data loss !!! #" + echo "# #" + echo "# Please inspect the output of Terraform plan carefully before proceeding #" + echo "# #" + echo "#########################################################################################" + if [ 1 == $called_from_ado ]; then + unset TF_DATA_DIR + echo "The environment was deployed using an older version of the Terrafrom templates, Risk for data loss" >"${workload_config_information}".err + + exit 1 + fi + + read -p "Do you want to continue Y/N?" ans + answer=${ans^^} + if [ $answer == 'Y' ]; then + ok_to_proceed=true + else + unset TF_DATA_DIR + exit 1 + fi + else + printf -v val %-.20s "$deployed_using_version" + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $cyan Deployed using the Terraform templates version: $val $resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" + #Add version logic here fi + fi fi # ip_saved=0 @@ -777,338 +781,321 @@ echo "# echo "#########################################################################################" echo "" -if [ 1 == $called_from_ado ] ; then - terraform -chdir="${terraform_module_directory}" plan -no-color -detailed-exitcode -var-file=${var_file} $tfstate_parameter $deployer_tfstate_key_parameter | tee -a plan_output.log +if [ 1 == $called_from_ado ]; then + terraform -chdir="${terraform_module_directory}" plan -no-color -detailed-exitcode -var-file=${var_file} $tfstate_parameter $deployer_tfstate_key_parameter | tee -a plan_output.log else - terraform -chdir="${terraform_module_directory}" plan -detailed-exitcode -var-file=${var_file} $tfstate_parameter $deployer_tfstate_key_parameter | tee -a plan_output.log + terraform -chdir="${terraform_module_directory}" plan -detailed-exitcode -var-file=${var_file} $tfstate_parameter $deployer_tfstate_key_parameter | tee -a plan_output.log fi return_value=$? echo "Terraform Plan return code: $return_value" -if [ 1 == $return_value ] -then - echo "#########################################################################################" - echo "# #" - echo -e "# $boldreduscore Errors running plan $resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" - if [ -f plan_output.log ] ; then - cat plan_output.log - rm plan_output.log - fi - unset TF_DATA_DIR - echo "Errors running Terraform plan" > "${workload_config_information}".err - exit $return_value +if [ 1 == $return_value ]; then + echo "#########################################################################################" + echo "# #" + echo -e "# $boldreduscore Errors running plan $resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" + if [ -f plan_output.log ]; then + cat plan_output.log + rm plan_output.log + fi + unset TF_DATA_DIR + echo "Errors running Terraform plan" >"${workload_config_information}".err + exit $return_value fi echo "TEST_ONLY: " $TEST_ONLY if [ "${TEST_ONLY}" == "True" ]; then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $cyan Running plan only. $resetformatting #" - echo "# #" - echo "# No deployment performed. #" - echo "# #" - echo "#########################################################################################" - echo "" - exit 0 + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $cyan Running plan only. $resetformatting #" + echo "# #" + echo "# No deployment performed. #" + echo "# #" + echo "#########################################################################################" + echo "" + exit 0 fi - ok_to_proceed=0 if [ -f plan_output.log ]; then - cat plan_output.log - LASTERROR=$(grep -m1 'Error: ' plan_output.log ) - - if [ -n "${LASTERROR}" ] ; then - echo "3" - if [ 1 == $called_from_ado ] ; then - echo "##vso[task.logissue type=error]$LASTERROR" - fi - + cat plan_output.log + LASTERROR=$(grep -m1 'Error: ' plan_output.log) - return_value=1 + if [ -n "${LASTERROR}" ]; then + echo "3" + if [ 1 == $called_from_ado ]; then + echo "##vso[task.logissue type=error]$LASTERROR" fi -fi -if [ 0 == $return_value ] ; then - if [ -f plan_output.log ] - then - rm plan_output.log - fi - - workloadkeyvault=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw workloadzone_kv_name | tr -d \") - if valid_kv_name "$workloadkeyvault" ; then - save_config_var "workloadkeyvault" "${workload_config_information}" - fi - save_config_vars "landscape_tfstate_key" "${workload_config_information}" - - ok_to_proceed=1 + return_value=1 + fi fi -if [ 2 == $return_value ] ; then - test=$(grep kv_user plan_output.log | grep -m1 replaced) - if [ -n "${test}" ] ; then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldred !!! Risk for Data loss !!! $resetformatting #" - echo "# #" - echo "# Please inspect the output of Terraform plan carefully before proceeding #" - echo "# #" - echo "#########################################################################################" - echo "" - if [ 1 == $called_from_ado ] ; then - unset TF_DATA_DIR - exit 1 - fi - read -n 1 -r -s -p $'Press enter to continue...\n' +if [ 0 == $return_value ]; then + if [ -f plan_output.log ]; then + rm plan_output.log + fi - cat plan_output.log - read -p "Do you want to continue with the deployment Y/N?" ans - answer=${ans^^} - if [ $answer == 'Y' ]; then - ok_to_proceed=1 - else - unset TF_DATA_DIR + workloadkeyvault=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw workloadzone_kv_name | tr -d \") + if valid_kv_name "$workloadkeyvault"; then + save_config_var "workloadkeyvault" "${workload_config_information}" + fi + save_config_vars "landscape_tfstate_key" "${workload_config_information}" - exit 0 - fi - else - ok_to_proceed=1 - fi + ok_to_proceed=1 fi -return_value=0 -if [ 1 == $ok_to_proceed ]; then + +if [ 2 == $return_value ]; then + test=$(grep kv_user plan_output.log | grep -m1 replaced) + if [ -n "${test}" ]; then echo "" echo "#########################################################################################" echo "# #" - echo -e "# $cyan Running Terraform apply $resetformatting #" + echo -e "# $boldred !!! Risk for Data loss !!! $resetformatting #" + echo "# #" + echo "# Please inspect the output of Terraform plan carefully before proceeding #" echo "# #" echo "#########################################################################################" echo "" - - parallelism=10 - - #Provide a way to limit the number of parallell tasks for Terraform - if [[ -n "${TF_PARALLELLISM}" ]]; then - parallelism=$TF_PARALLELLISM + if [ 1 == $called_from_ado ]; then + unset TF_DATA_DIR + exit 1 fi + read -n 1 -r -s -p $'Press enter to continue...\n' - if [ 1 == $called_from_ado ] ; then - terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -no-color -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter -json | tee -a apply_output.json + cat plan_output.log + read -p "Do you want to continue with the deployment Y/N?" ans + answer=${ans^^} + if [ $answer == 'Y' ]; then + ok_to_proceed=1 else - if [ -n "${approve}" ] - then - terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter -json | tee -a apply_output.json - else - terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter - fi + unset TF_DATA_DIR + exit 0 + fi + else + ok_to_proceed=1 + fi +fi +return_value=0 +if [ 1 == $ok_to_proceed ]; then + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $cyan Running Terraform apply $resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" + + parallelism=10 + + #Provide a way to limit the number of parallell tasks for Terraform + if [[ -n "${TF_PARALLELLISM}" ]]; then + parallelism=$TF_PARALLELLISM + fi + + if [ 1 == $called_from_ado ]; then + terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -no-color -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter -json | tee -a apply_output.json + else + if [ -n "${approve}" ]; then + terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter -json | tee -a apply_output.json + else + terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter fi - return_value=$? + fi + + return_value=$? fi rerun_apply=0 -if [ -f apply_output.json ] -then - # Check for resource that can be imported - existing=$(jq 'select(."@level" == "error") | {address: .diagnostic.address, summary: .diagnostic.summary} | select(.summary | startswith("A resource with the ID"))' apply_output.json) - if [[ -n ${existing} ]] - then - - readarray -t existing_resources < <(echo ${existing} | jq -c '.' ) - for item in "${existing_resources[@]}"; do - moduleID=$(jq -c -r '.address ' <<< "$item") - resourceID=$(jq -c -r '.summary' <<< "$item" | awk -F'\"' '{print $2}') - echo "Trying to import" $resourceID "into" $moduleID - allParamsforImport=$(printf " -var-file=%s %s %s %s %s %s %s %s " "${var_file}" "${extra_vars}" "${tfstate_parameter}" "${landscape_tfstate_key_parameter}" "${deployer_tfstate_key_parameter}" "${deployment_parameter}" "${version_parameter} " ) - echo terraform -chdir="${terraform_module_directory}" import $allParamsforImport $moduleID $resourceID - terraform -chdir="${terraform_module_directory}" import $allParamsforImport $moduleID $resourceID - done +if [ -f apply_output.json ]; then + # Check for resource that can be imported + existing=$(jq 'select(."@level" == "error") | {address: .diagnostic.address, summary: .diagnostic.summary} | select(.summary | startswith("A resource with the ID"))' apply_output.json) + if [[ -n ${existing} ]]; then + + readarray -t existing_resources < <(echo ${existing} | jq -c '.') + for item in "${existing_resources[@]}"; do + moduleID=$(jq -c -r '.address ' <<<"$item") + resourceID=$(jq -c -r '.summary' <<<"$item" | awk -F'\"' '{print $2}') + echo "Trying to import" $resourceID "into" $moduleID + allParamsforImport=$(printf " -var-file=%s %s %s %s %s %s %s %s " "${var_file}" "${extra_vars}" "${tfstate_parameter}" "${landscape_tfstate_key_parameter}" "${deployer_tfstate_key_parameter}" "${deployment_parameter}" "${version_parameter} ") + echo terraform -chdir="${terraform_module_directory}" import $allParamsforImport $moduleID $resourceID + terraform -chdir="${terraform_module_directory}" import $allParamsforImport $moduleID $resourceID + done + + rerun_apply=1 + rm apply_output.json + echo "" + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $cyan Re running Terraform apply$resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" + echo "" + if [ 1 == $called_from_ado ]; then + terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -no-color -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter -json | tee -a apply_output.json + else + terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter -json | tee -a apply_output.json + fi + return_value=$? - rerun_apply=1 - rm apply_output.json - echo "" - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $cyan Re running Terraform apply$resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" - echo "" - if [ 1 == $called_from_ado ] ; then - terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -no-color -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter -json | tee -a apply_output.json - else - terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter -json | tee -a apply_output.json - fi - return_value=$? + fi + if [ -f apply_output.json ]; then + # Check for resource that can be imported + existing=$(jq 'select(."@level" == "error") | {address: .diagnostic.address, summary: .diagnostic.summary} | select(.summary | startswith("A resource with the ID"))' apply_output.json) + if [[ -n ${existing} ]]; then + + readarray -t existing_resources < <(echo ${existing} | jq -c '.') + for item in "${existing_resources[@]}"; do + moduleID=$(jq -c -r '.address ' <<<"$item") + resourceID=$(jq -c -r '.summary' <<<"$item" | awk -F'\"' '{print $2}') + echo "Trying to import" $resourceID "into" $moduleID + allParamsforImport=$(printf " -var-file=%s %s %s %s %s %s %s %s " "${var_file}" "${extra_vars}" "${tfstate_parameter}" "${landscape_tfstate_key_parameter}" "${deployer_tfstate_key_parameter}" "${deployment_parameter}" "${version_parameter} ") + echo terraform -chdir="${terraform_module_directory}" import $allParamsforImport $moduleID $resourceID + terraform -chdir="${terraform_module_directory}" import $allParamsforImport $moduleID $resourceID + done + + rerun_apply=1 + fi + if [ $rerun_apply == 1 ]; then + echo "" + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $cyan Re running Terraform apply$resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" + echo "" + if [ 1 == $called_from_ado ]; then + terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -no-color -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter -json | tee -a apply_output.json + else + terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter -json | tee -a apply_output.json + fi + return_value=$? fi - if [ -f apply_output.json ] - then - # Check for resource that can be imported - existing=$(jq 'select(."@level" == "error") | {address: .diagnostic.address, summary: .diagnostic.summary} | select(.summary | startswith("A resource with the ID"))' apply_output.json) - if [[ -n ${existing} ]] - then - - readarray -t existing_resources < <(echo ${existing} | jq -c '.' ) - for item in "${existing_resources[@]}"; do - moduleID=$(jq -c -r '.address ' <<< "$item") - resourceID=$(jq -c -r '.summary' <<< "$item" | awk -F'\"' '{print $2}') - echo "Trying to import" $resourceID "into" $moduleID - allParamsforImport=$(printf " -var-file=%s %s %s %s %s %s %s %s " "${var_file}" "${extra_vars}" "${tfstate_parameter}" "${landscape_tfstate_key_parameter}" "${deployer_tfstate_key_parameter}" "${deployment_parameter}" "${version_parameter} " ) - echo terraform -chdir="${terraform_module_directory}" import $allParamsforImport $moduleID $resourceID - terraform -chdir="${terraform_module_directory}" import $allParamsforImport $moduleID $resourceID - done - - rerun_apply=1 - fi - if [ $rerun_apply == 1 ] ; then - echo "" - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $cyan Re running Terraform apply$resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" - echo "" - if [ 1 == $called_from_ado ] ; then - terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -no-color -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter -json | tee -a apply_output.json - else - terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter -json | tee -a apply_output.json + return_value=0 + errors_occurred=$(jq 'select(."@level" == "error") | length' apply_output.json) + + cat apply_output.json + + if [[ -n $errors_occurred ]]; then + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldreduscore!Errors during the apply phase!$resetformatting #" + + return_value=2 + all_errors=$(jq 'select(."@level" == "error") | {summary: .diagnostic.summary, detail: .diagnostic.detail} | select(.summary ) ' apply_output.json) + if [[ -n ${all_errors} ]]; then + readarray -t errors_strings < <(echo ${all_errors} | jq -c '.') + for errors_string in "${errors_strings[@]}"; do + string_to_report=$(jq -c -r '.detail ' <<<"$errors_string") + if [[ -z ${string_to_report} ]]; then + string_to_report=$(jq -c -r '.summary ' <<<"$errors_string") + fi + report=$(echo $string_to_report | grep -m1 "Message=" "${var_file}" | cut -d'=' -f2- | tr -d ' ' | tr -d '"') + if [[ -n ${report} ]]; then + echo -e "# $boldreduscore $report $resetformatting" + if [ 1 == $called_from_ado ]; then + + roleAssignmentExists=$(echo ${report} | grep -m1 "RoleAssignmentExists") + if [ -z ${roleAssignmentExists} ]; then + echo "##vso[task.logissue type=error]${report}" + fi + fi + else + echo -e "# $boldreduscore $string_to_report $resetformatting" + if [ 1 == $called_from_ado ]; then + roleAssignmentExists=$(echo ${string_to_report} | grep -m1 "RoleAssignmentExists") + if [ -z ${roleAssignmentExists} ]; then + echo "##vso[task.logissue type=error]${string_to_report}" + fi fi - return_value=$? - fi - - return_value=0 - errors_occurred=$(jq 'select(."@level" == "error") | length' apply_output.json) - - cat apply_output.json - - if [[ -n $errors_occurred ]] - then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldreduscore!Errors during the apply phase!$resetformatting #" - - return_value=2 - all_errors=$(jq 'select(."@level" == "error") | {summary: .diagnostic.summary, detail: .diagnostic.detail} | select(.summary ) ' apply_output.json) - if [[ -n ${all_errors} ]] - then - readarray -t errors_strings < <(echo ${all_errors} | jq -c '.' ) - for errors_string in "${errors_strings[@]}"; do - string_to_report=$(jq -c -r '.detail ' <<< "$errors_string" ) - if [[ -z ${string_to_report} ]] - then - string_to_report=$(jq -c -r '.summary ' <<< "$errors_string" ) - fi - report=$(echo $string_to_report | grep -m1 "Message=" "${var_file}" | cut -d'=' -f2- | tr -d ' ' | tr -d '"') - if [[ -n ${report} ]] ; then - echo -e "# $boldreduscore $report $resetformatting" - if [ 1 == $called_from_ado ] ; then - - roleAssignmentExists=$(echo ${report} | grep -m1 "RoleAssignmentExists") - if [ -z ${roleAssignmentExists} ] ; then - echo "##vso[task.logissue type=error]${report}" - fi - fi - else - echo -e "# $boldreduscore $string_to_report $resetformatting" - if [ 1 == $called_from_ado ] ; then - roleAssignmentExists=$(echo ${string_to_report} | grep -m1 "RoleAssignmentExists") - if [ -z ${roleAssignmentExists} ] - then - echo "##vso[task.logissue type=error]${string_to_report}" - fi - fi - fi - echo -e "# $boldreduscore $string_to_report $resetformatting" - - done fi - echo "# #" - echo "#########################################################################################" - echo "" + echo -e "# $boldreduscore $string_to_report $resetformatting" + + done + fi + echo "# #" + echo "#########################################################################################" + echo "" - fi fi + fi fi -if [ -f apply_output.json ] -then - rm apply_output.json +if [ -f apply_output.json ]; then + rm apply_output.json fi workload_zone_prefix=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw workload_zone_prefix | tr -d \") save_config_var "workload_zone_prefix" "${workload_config_information}" save_config_var "landscape_tfstate_key" "${workload_config_information}" -if [ 0 == $return_value ] ; then +if [ 0 == $return_value ]; then - save_config_vars "landscape_tfstate_key" "${workload_config_information}" - workloadkeyvault=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw workloadzone_kv_name | tr -d \") + save_config_vars "landscape_tfstate_key" "${workload_config_information}" + workloadkeyvault=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw workloadzone_kv_name | tr -d \") - temp=$(echo "${workloadkeyvault}" | grep "Warning") - if [ -z "${temp}" ] - then - temp=$(echo "${workloadkeyvault}" | grep "Backend reinitialization required") - if [ -z "${temp}" ] - then + temp=$(echo "${workloadkeyvault}" | grep "Warning") + if [ -z "${temp}" ]; then + temp=$(echo "${workloadkeyvault}" | grep "Backend reinitialization required") + if [ -z "${temp}" ]; then - printf -v val %-.20s "$workloadkeyvault" + printf -v val %-.20s "$workloadkeyvault" - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# Keyvault to use for System details:$cyan $val $resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# Keyvault to use for System details:$cyan $val $resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" - save_config_var "workloadkeyvault" "${workload_config_information}" - fi + save_config_var "workloadkeyvault" "${workload_config_information}" fi + fi fi -if [ 0 != $return_value ] ; then - unset TF_DATA_DIR - exit $return_value +if [ 0 != $return_value ]; then + unset TF_DATA_DIR + exit $return_value fi echo "" echo "#########################################################################################" echo "# #" -echo -e "# $cyan Creating deployment $resetformatting #" +echo -e "# $cyan Creating deployment $resetformatting #" echo "# #" echo "#########################################################################################" echo "" -if [ -n "${spn_secret}" ] -then - az logout - az login --service-principal --username "${client_id}" --password="${spn_secret}" --tenant "${tenant_id}" --output none +if [ -n "${spn_secret}" ]; then + az logout + az login --service-principal --username "${client_id}" --password="${spn_secret}" --tenant "${tenant_id}" --output none fi full_script_path="$(realpath "${BASH_SOURCE[0]}")" script_directory="$(dirname "${full_script_path}")" -rg_name=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw created_resource_group_name | tr -d \") +rg_name=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw created_resource_group_name | tr -d \") az deployment group create --resource-group "${rg_name}" --name "SAP-WORKLOAD-ZONE_${rg_name}" --subscription "${subscription}" --template-file "${script_directory}/templates/empty-deployment.json" --output none now=$(date) -cat < "${workload_config_information}".md +cat <"${workload_config_information}".md # Workload Zone Deployment # Date : "${now}" @@ -1132,9 +1119,8 @@ echo "# - Key Vault: ${kvname} #" echo "# #" echo "#########################################################################################" - if [ -f "${workload_config_information}".err ]; then - cat "${workload_config_information}".err + cat "${workload_config_information}".err fi # echo "" @@ -1167,7 +1153,6 @@ fi unset TF_DATA_DIR - ################################################################################# # # # Copy tfvars to storage account # @@ -1175,25 +1160,24 @@ unset TF_DATA_DIR # # ################################################################################# -if [ "$useSAS" = "true" ] ; then - container_exists=$(az storage container exists --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --name tfvars --only-show-errors --query exists) +if [ "$useSAS" = "true" ]; then + container_exists=$(az storage container exists --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --name tfvars --only-show-errors --query exists) else - container_exists=$(az storage container exists --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --name tfvars --only-show-errors --query exists --auth-mode login) + container_exists=$(az storage container exists --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --name tfvars --only-show-errors --query exists --auth-mode login) fi if [ "${container_exists}" == "false" ]; then - if [ "$useSAS" = "true" ] ; then - az storage container create --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --name tfvars --only-show-errors - else - az storage container create --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --name tfvars --auth-mode login --only-show-errors - fi + if [ "$useSAS" = "true" ]; then + az storage container create --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --name tfvars --only-show-errors + else + az storage container create --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --name tfvars --auth-mode login --only-show-errors + fi fi -if [ "$useSAS" = "true" ] ; then - az storage blob upload --file "${parameterfile}" --container-name tfvars/LANDSCAPE/"${key}" --name "${parameterfile_name}" --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --no-progress --overwrite --only-show-errors --output none +if [ "$useSAS" = "true" ]; then + az storage blob upload --file "${parameterfile}" --container-name tfvars/LANDSCAPE/"${key}" --name "${parameterfile_name}" --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --no-progress --overwrite --only-show-errors --output none else - az storage blob upload --file "${parameterfile}" --container-name tfvars/LANDSCAPE/"${key}" --name "${parameterfile_name}" --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --no-progress --overwrite --auth-mode login --only-show-errors --output none + az storage blob upload --file "${parameterfile}" --container-name tfvars/LANDSCAPE/"${key}" --name "${parameterfile_name}" --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --no-progress --overwrite --auth-mode login --only-show-errors --output none fi - exit $return_value diff --git a/deploy/scripts/installer.sh b/deploy/scripts/installer.sh index 358e3542c9..1c02bb90bf 100755 --- a/deploy/scripts/installer.sh +++ b/deploy/scripts/installer.sh @@ -28,29 +28,60 @@ INPUT_ARGUMENTS=$(getopt -n installer -o p:t:o:d:l:s:ahif --longoptions type:,pa VALID_ARGUMENTS=$? if [ "$VALID_ARGUMENTS" != "0" ]; then - showhelp + showhelp fi called_from_ado=0 eval set -- "$INPUT_ARGUMENTS" -while : -do - case "$1" in - -t | --type) deployment_system="$2" ; shift 2 ;; - -p | --parameterfile) parameterfile="$2" ; shift 2 ;; - -o | --storageaccountname) REMOTE_STATE_SA="$2" ; shift 2 ;; - -s | --state_subscription) STATE_SUBSCRIPTION="$2" ; shift 2 ;; - -d | --deployer_tfstate_key) deployer_tfstate_key="$2" ; shift 2 ;; - -l | --landscape_tfstate_key) landscape_tfstate_key="$2" ; shift 2 ;; - -a | --ado) called_from_ado=1 ; shift ;; - -f | --force) force=1 ; shift ;; - -i | --auto-approve) approve="--auto-approve" ; shift ;; - -h | --help) showhelp - exit 3 ; shift ;; - --) shift; break ;; - esac +while :; do + case "$1" in + -t | --type) + deployment_system="$2" + shift 2 + ;; + -p | --parameterfile) + parameterfile="$2" + shift 2 + ;; + -o | --storageaccountname) + REMOTE_STATE_SA="$2" + shift 2 + ;; + -s | --state_subscription) + STATE_SUBSCRIPTION="$2" + shift 2 + ;; + -d | --deployer_tfstate_key) + deployer_tfstate_key="$2" + shift 2 + ;; + -l | --landscape_tfstate_key) + landscape_tfstate_key="$2" + shift 2 + ;; + -a | --ado) + called_from_ado=1 + shift + ;; + -f | --force) + force=1 + shift + ;; + -i | --auto-approve) + approve="--auto-approve" + shift + ;; + -h | --help) + showhelp + exit 3 + shift + ;; + --) + shift + break + ;; + esac done - echo "Parameter file: $parameterfile" echo "Current directory: $(pwd)" echo "Terraform state subscription_id: ${STATE_SUBSCRIPTION}" @@ -67,88 +98,85 @@ parameterfile_name=$(basename "${parameterfile}") param_dirname=$(dirname "${parameterfile}") if [ "${param_dirname}" != '.' ]; then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldred Please run this command from the folder containing the parameter file $resetformatting #" - echo "# #" - echo "#########################################################################################" - exit 3 + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldred Please run this command from the folder containing the parameter file $resetformatting #" + echo "# #" + echo "#########################################################################################" + exit 3 fi -if [ ! -f "${parameterfile}" ] -then - printf -v val %-35.35s "$parameterfile" - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldred Parameter file does not exist: ${val} $resetformatting #" - echo "# #" - echo "#########################################################################################" +if [ ! -f "${parameterfile}" ]; then + printf -v val %-35.35s "$parameterfile" + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldred Parameter file does not exist: ${val} $resetformatting #" + echo "# #" + echo "#########################################################################################" - echo "Parameter file does not exist: ${val}" > "${system_config_information}".err + echo "Parameter file does not exist: ${val}" >"${system_config_information}".err - exit 2 #No such file or directory + exit 2 #No such file or directory fi -if [ -z "${deployment_system}" ] -then - printf -v val %-40.40s "$deployment_system" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldred Incorrect system deployment type specified: ${val}$resetformatting#" - echo "# #" - echo "# Valid options are: #" - echo "# sap_deployer #" - echo "# sap_library #" - echo "# sap_landscape #" - echo "# sap_system #" - echo "# #" - echo "#########################################################################################" - echo "" - exit 64 #script usage wrong +if [ -z "${deployment_system}" ]; then + printf -v val %-40.40s "$deployment_system" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldred Incorrect system deployment type specified: ${val}$resetformatting#" + echo "# #" + echo "# Valid options are: #" + echo "# sap_deployer #" + echo "# sap_library #" + echo "# sap_landscape #" + echo "# sap_system #" + echo "# #" + echo "#########################################################################################" + echo "" + exit 64 #script usage wrong fi # Check that the exports ARM_SUBSCRIPTION_ID and SAP_AUTOMATION_REPO_PATH are defined validate_exports return_code=$? if [ 0 != $return_code ]; then - echo "Missing exports" > "${system_config_information}".err - exit $return_code + echo "Missing exports" >"${system_config_information}".err + exit $return_code fi # Check that Terraform and Azure CLI is installed validate_dependencies return_code=$? if [ 0 != $return_code ]; then - echo "Missing software" > "${system_config_information}".err - exit $return_code + echo "Missing software" >"${system_config_information}".err + exit $return_code fi # Check that parameter files have environment and location defined validate_key_parameters "$parameterfile_name" return_code=$? if [ 0 != $return_code ]; then - echo "Missing parameters in $parameterfile_name" > "${system_config_information}".err - exit $return_code + echo "Missing parameters in $parameterfile_name" >"${system_config_information}".err + exit $return_code fi region=$(echo "${region}" | tr "[:upper:]" "[:lower:]") -if valid_region_name "${region}" ; then - # Convert the region to the correct code - get_region_code ${region} +if valid_region_name "${region}"; then + # Convert the region to the correct code + get_region_code ${region} else - echo "Invalid region: $region" - exit 2 + echo "Invalid region: $region" + exit 2 fi key=$(echo "${parameterfile_name}" | cut -d. -f1) network_logical_name="" -if [ "${deployment_system}" == sap_system ] -then - load_config_vars "$parameterfile_name" "network_logical_name" - network_logical_name=$(echo "${network_logical_name}" | tr "[:lower:]" "[:upper:]") +if [ "${deployment_system}" == sap_system ]; then + load_config_vars "$parameterfile_name" "network_logical_name" + network_logical_name=$(echo "${network_logical_name}" | tr "[:lower:]" "[:upper:]") fi #Persisting the parameters across executions @@ -161,10 +189,10 @@ echo "Configuration file: $system_config_information" echo "Deployment region: $region" echo "Deployment region code: $region_code" -if [ 1 == $called_from_ado ] ; then - this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 - export TF_VAR_Agent_IP=$this_ip - echo "Agent IP: $this_ip" +if [ 1 == $called_from_ado ]; then + this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 + export TF_VAR_Agent_IP=$this_ip + echo "Agent IP: $this_ip" fi @@ -186,7 +214,7 @@ parallelism=10 #Provide a way to limit the number of parallell tasks for Terraform if [[ -n "${TF_PARALLELLISM}" ]]; then - parallelism=$TF_PARALLELLISM + parallelism=$TF_PARALLELLISM fi echo "Parallelism count: $parallelism" @@ -200,94 +228,87 @@ var_file="${param_dirname}"/"${parameterfile}" extra_vars="" if [ -f terraform.tfvars ]; then - extra_vars=" -var-file=${param_dirname}/terraform.tfvars " + extra_vars=" -var-file=${param_dirname}/terraform.tfvars " fi -if [ "${deployment_system}" == sap_deployer ] -then - deployer_tfstate_key=${key}.terraform.tfstate - ARM_SUBSCRIPTION_ID=$STATE_SUBSCRIPTION - export ARM_SUBSCRIPTION_ID +if [ "${deployment_system}" == sap_deployer ]; then + deployer_tfstate_key=${key}.terraform.tfstate + ARM_SUBSCRIPTION_ID=$STATE_SUBSCRIPTION + export ARM_SUBSCRIPTION_ID fi -if [[ -z $STATE_SUBSCRIPTION ]]; -then +if [[ -z $STATE_SUBSCRIPTION ]]; then STATE_SUBSCRIPTION=$ARM_SUBSCRIPTION_ID fi +if [[ -n $STATE_SUBSCRIPTION ]]; then + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $cyan Changing the subscription to: $STATE_SUBSCRIPTION $resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" + az account set --sub "${STATE_SUBSCRIPTION}" + + return_code=$? + if [ 0 != $return_code ]; then -if [[ -n $STATE_SUBSCRIPTION ]]; -then - echo "" echo "#########################################################################################" echo "# #" - echo -e "# $cyan Changing the subscription to: $STATE_SUBSCRIPTION $resetformatting #" + echo -e "# $boldred The deployment account (MSI or SPN) does not have access to $resetformatting #" + echo -e "# $boldred ${STATE_SUBSCRIPTION} $resetformatting #" echo "# #" echo "#########################################################################################" - echo "" - az account set --sub "${STATE_SUBSCRIPTION}" - - return_code=$? - if [ 0 != $return_code ]; then - echo "#########################################################################################" - echo "# #" - echo -e "# $boldred The deployment account (MSI or SPN) does not have access to $resetformatting #" - echo -e "# $boldred ${STATE_SUBSCRIPTION} $resetformatting #" - echo "# #" - echo "#########################################################################################" - - echo "##vso[task.logissue type=error]The deployment account (MSI or SPN) does not have access to ${STATE_SUBSCRIPTION}" - exit $return_code - fi + echo "##vso[task.logissue type=error]The deployment account (MSI or SPN) does not have access to ${STATE_SUBSCRIPTION}" + exit $return_code + fi - account_set=1 + account_set=1 fi -if [[ -z $REMOTE_STATE_SA ]]; -then - load_config_vars "${system_config_information}" "REMOTE_STATE_SA" - load_config_vars "${system_config_information}" "REMOTE_STATE_RG" - load_config_vars "${system_config_information}" "tfstate_resource_id" - load_config_vars "${system_config_information}" "STATE_SUBSCRIPTION" - load_config_vars "${system_config_information}" "ARM_SUBSCRIPTION_ID" +if [[ -z $REMOTE_STATE_SA ]]; then + load_config_vars "${system_config_information}" "REMOTE_STATE_SA" + load_config_vars "${system_config_information}" "REMOTE_STATE_RG" + load_config_vars "${system_config_information}" "tfstate_resource_id" + load_config_vars "${system_config_information}" "STATE_SUBSCRIPTION" + load_config_vars "${system_config_information}" "ARM_SUBSCRIPTION_ID" else - save_config_vars "${system_config_information}" REMOTE_STATE_SA + save_config_vars "${system_config_information}" REMOTE_STATE_SA fi deployer_tfstate_key_parameter='' -if [[ -z $deployer_tfstate_key ]]; -then - load_config_vars "${system_config_information}" "deployer_tfstate_key" +if [[ -z $deployer_tfstate_key ]]; then + load_config_vars "${system_config_information}" "deployer_tfstate_key" else - echo "Deployer state file name: ${deployer_tfstate_key}" - echo "Target subscription: $ARM_SUBSCRIPTION_ID" + echo "Deployer state file name: ${deployer_tfstate_key}" + echo "Target subscription: $ARM_SUBSCRIPTION_ID" fi -if [ "${deployment_system}" != sap_deployer ] -then - if [ -z ${deployer_tfstate_key} ]; then - if [ 1 != $called_from_ado ]; then - read -p "Deployer terraform statefile name :" landscape_tfstate_key - deployer_tfstate_key_parameter=" -var deployer_tfstate_key=${deployer_tfstate_key}" - save_config_var "deployer_tfstate_key" "${system_config_information}" - else - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldreduscore!Deployer state file name is missing!$resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" - - echo "Deployer terraform statefile name is missing" > "${system_config_information}".err - unset TF_DATA_DIR - exit 2 - fi +if [ "${deployment_system}" != sap_deployer ]; then + if [ -z ${deployer_tfstate_key} ]; then + if [ 1 != $called_from_ado ]; then + read -p "Deployer terraform statefile name :" landscape_tfstate_key + deployer_tfstate_key_parameter=" -var deployer_tfstate_key=${deployer_tfstate_key}" + save_config_var "deployer_tfstate_key" "${system_config_information}" else - deployer_tfstate_key_parameter=" -var deployer_tfstate_key=${deployer_tfstate_key}" - echo "Deployer state file name: ${deployer_tfstate_key}" + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldreduscore!Deployer state file name is missing!$resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" + + echo "Deployer terraform statefile name is missing" >"${system_config_information}".err + unset TF_DATA_DIR + exit 2 fi + else + deployer_tfstate_key_parameter=" -var deployer_tfstate_key=${deployer_tfstate_key}" + echo "Deployer state file name: ${deployer_tfstate_key}" + fi else load_config_vars "${system_config_information}" "keyvault" export TF_VAR_deployer_kv_user_arm_id=$(az resource list --name "${keyvault}" --subscription ${STATE_SUBSCRIPTION} --resource-type Microsoft.KeyVault/vaults --query "[].id | [0]" -o tsv) @@ -298,9 +319,9 @@ else fi -useSAS=$(az storage account show --name "${REMOTE_STATE_SA}" --query allowSharedKeyAccess --subscription ${STATE_SUBSCRIPTION} --out tsv) +useSAS=$(az storage account show --name "${REMOTE_STATE_SA}" --query allowSharedKeyAccess --subscription ${STATE_SUBSCRIPTION} --out tsv) -if [ "$useSAS" = "true" ] ; then +if [ "$useSAS" = "true" ]; then echo "Storage Account Authentication: Key" export ARM_USE_AZUREAD=false else @@ -308,60 +329,56 @@ else export ARM_USE_AZUREAD=true fi - landscape_tfstate_key_parameter='' -if [[ -z $landscape_tfstate_key ]]; -then - load_config_vars "${system_config_information}" "landscape_tfstate_key" +if [[ -z $landscape_tfstate_key ]]; then + load_config_vars "${system_config_information}" "landscape_tfstate_key" else - echo "Workload zone state file: ${landscape_tfstate_key}" - save_config_vars "${system_config_information}" landscape_tfstate_key + echo "Workload zone state file: ${landscape_tfstate_key}" + save_config_vars "${system_config_information}" landscape_tfstate_key fi -if [ "${deployment_system}" == sap_system ] -then - if [ -z ${landscape_tfstate_key} ]; then - if [ 1 != $called_from_ado ]; then - read -p "Workload terraform statefile name :" landscape_tfstate_key - landscape_tfstate_key_parameter=" -var landscape_tfstate_key=${landscape_tfstate_key}" - save_config_var "landscape_tfstate_key" "${system_config_information}" - else - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldred Workload zone terraform statefile name is missing $resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" - - echo "Workload zone terraform statefile name is missing" > "${system_config_information}".err - - unset TF_DATA_DIR - exit 2 - fi +if [ "${deployment_system}" == sap_system ]; then + if [ -z ${landscape_tfstate_key} ]; then + if [ 1 != $called_from_ado ]; then + read -p "Workload terraform statefile name :" landscape_tfstate_key + landscape_tfstate_key_parameter=" -var landscape_tfstate_key=${landscape_tfstate_key}" + save_config_var "landscape_tfstate_key" "${system_config_information}" else - landscape_tfstate_key_parameter=" -var landscape_tfstate_key=${landscape_tfstate_key}" + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldred Workload zone terraform statefile name is missing $resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" + + echo "Workload zone terraform statefile name is missing" >"${system_config_information}".err + + unset TF_DATA_DIR + exit 2 fi + else + landscape_tfstate_key_parameter=" -var landscape_tfstate_key=${landscape_tfstate_key}" + fi fi -if [[ -z $STATE_SUBSCRIPTION ]]; -then - load_config_vars "${system_config_information}" "STATE_SUBSCRIPTION" +if [[ -z $STATE_SUBSCRIPTION ]]; then + load_config_vars "${system_config_information}" "STATE_SUBSCRIPTION" else - if is_valid_guid "$STATE_SUBSCRIPTION" ; then - save_config_var "STATE_SUBSCRIPTION" "${system_config_information}" - else - printf -v val %-40.40s "$STATE_SUBSCRIPTION" - echo "#########################################################################################" - echo "# #" - echo -e "# The provided state_subscription is not valid:$boldred ${val}$resetformatting#" - echo "# #" - echo "#########################################################################################" - echo "The provided subscription for Terraform remote state is not valid:${val}" > "${system_config_information}".err - exit 65 - fi + if is_valid_guid "$STATE_SUBSCRIPTION"; then + save_config_var "STATE_SUBSCRIPTION" "${system_config_information}" + else + printf -v val %-40.40s "$STATE_SUBSCRIPTION" + echo "#########################################################################################" + echo "# #" + echo -e "# The provided state_subscription is not valid:$boldred ${val}$resetformatting#" + echo "# #" + echo "#########################################################################################" + echo "The provided subscription for Terraform remote state is not valid:${val}" >"${system_config_information}".err + exit 65 + fi fi @@ -371,19 +388,19 @@ account_set=0 set_executing_user_environment_variables "none" if [[ -n ${subscription} ]]; then - if is_valid_guid "${subscription}" ; then - echo "Valid subscription format" - else - printf -v val %-40.40s "$subscription" - echo "#########################################################################################" - echo "# #" - echo -e "# The provided subscription is not valid:$boldred ${val} $resetformatting# " - echo "# #" - echo "#########################################################################################" - echo "The provided subscription is not valid:${val}" > "${system_config_information}".err - exit 65 - fi - export ARM_SUBSCRIPTION_ID="${subscription}" + if is_valid_guid "${subscription}"; then + echo "Valid subscription format" + else + printf -v val %-40.40s "$subscription" + echo "#########################################################################################" + echo "# #" + echo -e "# The provided subscription is not valid:$boldred ${val} $resetformatting# " + echo "# #" + echo "#########################################################################################" + echo "The provided subscription is not valid:${val}" >"${system_config_information}".err + exit 65 + fi + export ARM_SUBSCRIPTION_ID="${subscription}" fi load_config_vars "${system_config_information}" "STATE_SUBSCRIPTION" @@ -391,34 +408,34 @@ load_config_vars "${system_config_information}" "REMOTE_STATE_RG" load_config_vars "${system_config_information}" "tfstate_resource_id" if [[ -z ${REMOTE_STATE_SA} ]]; then - if [ 1 != $called_from_ado ]; then - read -p "Terraform state storage account name:" REMOTE_STATE_SA + if [ 1 != $called_from_ado ]; then + read -p "Terraform state storage account name:" REMOTE_STATE_SA - get_and_store_sa_details "${REMOTE_STATE_SA}" "${system_config_information}" - load_config_vars "${system_config_information}" "STATE_SUBSCRIPTION" - load_config_vars "${system_config_information}" "REMOTE_STATE_RG" - load_config_vars "${system_config_information}" "tfstate_resource_id" - fi + get_and_store_sa_details "${REMOTE_STATE_SA}" "${system_config_information}" + load_config_vars "${system_config_information}" "STATE_SUBSCRIPTION" + load_config_vars "${system_config_information}" "REMOTE_STATE_RG" + load_config_vars "${system_config_information}" "tfstate_resource_id" + fi fi if [ -z ${REMOTE_STATE_SA} ]; then - option="REMOTE_STATE_SA" - missing - exit 1 + option="REMOTE_STATE_SA" + missing + exit 1 fi if [[ -z ${REMOTE_STATE_RG} ]]; then - get_and_store_sa_details "${REMOTE_STATE_SA}" "${system_config_information}" - load_config_vars "${system_config_information}" "STATE_SUBSCRIPTION" - load_config_vars "${system_config_information}" "REMOTE_STATE_RG" - load_config_vars "${system_config_information}" "tfstate_resource_id" + get_and_store_sa_details "${REMOTE_STATE_SA}" "${system_config_information}" + load_config_vars "${system_config_information}" "STATE_SUBSCRIPTION" + load_config_vars "${system_config_information}" "REMOTE_STATE_RG" + load_config_vars "${system_config_information}" "tfstate_resource_id" fi if [[ -z ${tfstate_resource_id} ]]; then - get_and_store_sa_details "${REMOTE_STATE_SA}" "${system_config_information}" - load_config_vars "${system_config_information}" "STATE_SUBSCRIPTION" - load_config_vars "${system_config_information}" "REMOTE_STATE_RG" - load_config_vars "${system_config_information}" "tfstate_resource_id" + get_and_store_sa_details "${REMOTE_STATE_SA}" "${system_config_information}" + load_config_vars "${system_config_information}" "STATE_SUBSCRIPTION" + load_config_vars "${system_config_information}" "REMOTE_STATE_RG" + load_config_vars "${system_config_information}" "tfstate_resource_id" fi @@ -428,22 +445,21 @@ terraform_module_directory="$SAP_AUTOMATION_REPO_PATH"/deploy/terraform/run/"${d export TF_DATA_DIR="${param_dirname}/.terraform" cd ${param_dirname} -if [ ! -d "${terraform_module_directory}" ] -then - printf -v val %-40.40s "$deployment_system" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldred Incorrect system deployment type specified: ${val}$resetformatting#" - echo "# #" - echo "# Valid options are: #" - echo "# sap_deployer #" - echo "# sap_library #" - echo "# sap_landscape #" - echo "# sap_system #" - echo "# #" - echo "#########################################################################################" - echo "" - exit 1 +if [ ! -d "${terraform_module_directory}" ]; then + printf -v val %-40.40s "$deployment_system" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldred Incorrect system deployment type specified: ${val}$resetformatting#" + echo "# #" + echo "# Valid options are: #" + echo "# sap_deployer #" + echo "# sap_library #" + echo "# sap_landscape #" + echo "# sap_system #" + echo "# #" + echo "#########################################################################################" + echo "" + exit 1 fi ok_to_proceed=false @@ -468,164 +484,158 @@ echo "" check_output=0 if [ -f terraform.tfstate ]; then - if [ -f ./.terraform/terraform.tfstate ]; then - if grep "\"type\": \"azurerm\"" .terraform/terraform.tfstate ; then - echo "" - else - - if [ "${deployment_system}" == sap_deployer ]; then + if [ -f ./.terraform/terraform.tfstate ]; then + if grep "\"type\": \"azurerm\"" .terraform/terraform.tfstate; then + echo "" + else - echo "" - echo -e "$cyan Reinitializing deployer in case of on a new deployer $resetformatting" + if [ "${deployment_system}" == sap_deployer ]; then - terraform_module_directory="${SAP_AUTOMATION_REPO_PATH}"/deploy/terraform/bootstrap/"${deployment_system}"/ - terraform -chdir="${terraform_module_directory}" init -backend-config "path=${param_dirname}/terraform.tfstate" -reconfigure - echo "" - key_vault_id=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw deployer_kv_user_arm_id | tr -d \") + echo "" + echo -e "$cyan Reinitializing deployer in case of on a new deployer $resetformatting" - if [ -n "${key_vault_id}" ] - then - export TF_VAR_deployer_kv_user_arm_id="${key_vault_id}" ; echo $TF_VAR_deployer_kv_user_arm_id - fi - fi + terraform_module_directory="${SAP_AUTOMATION_REPO_PATH}"/deploy/terraform/bootstrap/"${deployment_system}"/ + terraform -chdir="${terraform_module_directory}" init -backend-config "path=${param_dirname}/terraform.tfstate" -reconfigure + echo "" + key_vault_id=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw deployer_kv_user_arm_id | tr -d \") + if [ -n "${key_vault_id}" ]; then + export TF_VAR_deployer_kv_user_arm_id="${key_vault_id}" + echo $TF_VAR_deployer_kv_user_arm_id + fi + fi - if [ "${deployment_system}" == sap_library ] - then - echo "Reinitializing library in case of on a new deployer" - terraform_module_directory="${SAP_AUTOMATION_REPO_PATH}"/deploy/terraform/bootstrap/"${deployment_system}"/ + if [ "${deployment_system}" == sap_library ]; then + echo "Reinitializing library in case of on a new deployer" + terraform_module_directory="${SAP_AUTOMATION_REPO_PATH}"/deploy/terraform/bootstrap/"${deployment_system}"/ - terraform -chdir="${terraform_module_directory}" init -backend-config "path=${param_dirname}/terraform.tfstate" -reconfigure - fi - fi + terraform -chdir="${terraform_module_directory}" init -backend-config "path=${param_dirname}/terraform.tfstate" -reconfigure + fi fi + fi fi terraform_module_directory="${SAP_AUTOMATION_REPO_PATH}"/deploy/terraform/run/"${deployment_system}"/ export TF_DATA_DIR="${param_dirname}/.terraform" -if [ ! -d ./.terraform/ ]; -then - echo "New deployment" - deployment_parameter=" -var deployment=new " +if [ ! -d ./.terraform/ ]; then + echo "New deployment" + deployment_parameter=" -var deployment=new " - terraform -chdir="${terraform_module_directory}" init -upgrade=true \ - --backend-config "subscription_id=${STATE_SUBSCRIPTION}" \ - --backend-config "resource_group_name=${REMOTE_STATE_RG}" \ - --backend-config "storage_account_name=${REMOTE_STATE_SA}" \ - --backend-config "container_name=tfstate" \ + terraform -chdir="${terraform_module_directory}" init -upgrade=true \ + --backend-config "subscription_id=${STATE_SUBSCRIPTION}" \ + --backend-config "resource_group_name=${REMOTE_STATE_RG}" \ + --backend-config "storage_account_name=${REMOTE_STATE_SA}" \ + --backend-config "container_name=tfstate" \ --backend-config "key=${key}.terraform.tfstate" - return_value=$? + return_value=$? else - temp=$(grep "\"type\": \"local\"" .terraform/terraform.tfstate) - if [ -n "${temp}" ] - then - terraform -chdir="${terraform_module_directory}" init -upgrade=true -force-copy \ - --backend-config "subscription_id=${STATE_SUBSCRIPTION}" \ - --backend-config "resource_group_name=${REMOTE_STATE_RG}" \ - --backend-config "storage_account_name=${REMOTE_STATE_SA}" \ - --backend-config "container_name=tfstate" \ - --backend-config "key=${key}.terraform.tfstate" - return_value=$? + temp=$(grep "\"type\": \"local\"" .terraform/terraform.tfstate) + if [ -n "${temp}" ]; then + terraform -chdir="${terraform_module_directory}" init -upgrade=true -force-copy \ + --backend-config "subscription_id=${STATE_SUBSCRIPTION}" \ + --backend-config "resource_group_name=${REMOTE_STATE_RG}" \ + --backend-config "storage_account_name=${REMOTE_STATE_SA}" \ + --backend-config "container_name=tfstate" \ + --backend-config "key=${key}.terraform.tfstate" + return_value=$? - else - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $cyan The system has already been deployed and the statefile is in Azure $resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" + else + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $cyan The system has already been deployed and the statefile is in Azure $resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" - check_output=1 - terraform -chdir="${terraform_module_directory}" init -upgrade=true -reconfigure \ - --backend-config "subscription_id=${STATE_SUBSCRIPTION}" \ - --backend-config "resource_group_name=${REMOTE_STATE_RG}" \ - --backend-config "storage_account_name=${REMOTE_STATE_SA}" \ - --backend-config "container_name=tfstate" \ - --backend-config "key=${key}.terraform.tfstate" - return_value=$? + check_output=1 + terraform -chdir="${terraform_module_directory}" init -upgrade=true -reconfigure \ + --backend-config "subscription_id=${STATE_SUBSCRIPTION}" \ + --backend-config "resource_group_name=${REMOTE_STATE_RG}" \ + --backend-config "storage_account_name=${REMOTE_STATE_SA}" \ + --backend-config "container_name=tfstate" \ + --backend-config "key=${key}.terraform.tfstate" + return_value=$? - fi + fi fi -if [ 0 != $return_value ] -then +if [ 0 != $return_value ]; then + echo "#########################################################################################" + echo "# #" + echo -e "# $boldreduscore!!! Error when Initializing !!!$resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" + echo "Error when initializing Terraform" >"${system_config_information}".err + exit $return_value +fi +if [ 1 == $check_output ]; then + outputs=$(terraform -chdir="${terraform_module_directory}" output) + if echo "${outputs}" | grep "No outputs"; then + ok_to_proceed=true echo "#########################################################################################" echo "# #" - echo -e "# $boldreduscore!!! Error when Initializing !!!$resetformatting #" + echo -e "# $cyan New deployment $resetformatting #" echo "# #" echo "#########################################################################################" + + deployment_parameter=" -var deployment=new " + + else echo "" - echo "Error when initializing Terraform" > "${system_config_information}".err - exit $return_value -fi -if [ 1 == $check_output ] -then - outputs=$(terraform -chdir="${terraform_module_directory}" output ) - if echo "${outputs}" | grep "No outputs"; then - ok_to_proceed=true - echo "#########################################################################################" - echo "# #" - echo -e "# $cyan New deployment $resetformatting #" - echo "# #" - echo "#########################################################################################" + echo "#########################################################################################" + echo "# #" + echo -e "# $cyan Existing deployment was detected$resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" + # allParams=$(printf " -var-file=%s %s %s %s %s %s %s" "${var_file}" "${extra_vars}" "${tfstate_parameter}" "${landscape_tfstate_key_parameter}" "${deployer_tfstate_key_parameter}" "${deployment_parameter}" "${version_parameter}" ) + # terraform -chdir="${terraform_module_directory}" refresh $allParams + + deployment_parameter=" " - deployment_parameter=" -var deployment=new " + deployed_using_version=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw automation_version | tr -d \") + if [ -z "${deployed_using_version}" ]; then + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldred The environment was deployed using an older version of the Terrafrom templates$resetformatting #" + echo "# #" + echo "# !!! Risk for Data loss !!! #" + echo "# #" + echo "# Please inspect the output of Terraform plan carefully before proceeding #" + echo "# #" + echo "#########################################################################################" + + if [ 1 == $called_from_ado ]; then + unset TF_DATA_DIR + exit 1 + fi + read -p "Do you want to continue Y/N?" ans + answer=${ans^^} + if [ $answer == 'Y' ]; then + ok_to_proceed=true + else + unset TF_DATA_DIR + exit 1 + fi else - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $cyan Existing deployment was detected$resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" - # allParams=$(printf " -var-file=%s %s %s %s %s %s %s" "${var_file}" "${extra_vars}" "${tfstate_parameter}" "${landscape_tfstate_key_parameter}" "${deployer_tfstate_key_parameter}" "${deployment_parameter}" "${version_parameter}" ) - # terraform -chdir="${terraform_module_directory}" refresh $allParams - - deployment_parameter=" " - - deployed_using_version=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw automation_version | tr -d \") - - if [ -z "${deployed_using_version}" ]; then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldred The environment was deployed using an older version of the Terrafrom templates$resetformatting #" - echo "# #" - echo "# !!! Risk for Data loss !!! #" - echo "# #" - echo "# Please inspect the output of Terraform plan carefully before proceeding #" - echo "# #" - echo "#########################################################################################" - - if [ 1 == $called_from_ado ] ; then - unset TF_DATA_DIR - exit 1 - fi - read -p "Do you want to continue Y/N?" ans - answer=${ans^^} - if [ $answer == 'Y' ]; then - ok_to_proceed=true - else - unset TF_DATA_DIR - exit 1 - fi - else - version_parameter=" -var terraform_template_version=${deployed_using_version} " - - printf -v val %-.20s "$deployed_using_version" - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $cyan Deployed using the Terraform templates version: $val $resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" - #Add version logic here - fi + version_parameter=" -var terraform_template_version=${deployed_using_version} " + + printf -v val %-.20s "$deployed_using_version" + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $cyan Deployed using the Terraform templates version: $val $resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" + #Add version logic here fi + fi fi echo "" @@ -636,133 +646,124 @@ echo "# echo "#########################################################################################" echo "" -if [ -f plan_output.log ] -then - rm plan_output.log +if [ -f plan_output.log ]; then + rm plan_output.log fi -allParams=$(printf " -var-file=%s %s %s %s %s %s %s %s" "${var_file}" "${extra_vars}" "${tfstate_parameter}" "${landscape_tfstate_key_parameter}" "${deployer_tfstate_key_parameter}" "${deployment_parameter}" "${version_parameter}" "${deployer_parameter}" ) +allParams=$(printf " -var-file=%s %s %s %s %s %s %s %s" "${var_file}" "${extra_vars}" "${tfstate_parameter}" "${landscape_tfstate_key_parameter}" "${deployer_tfstate_key_parameter}" "${deployment_parameter}" "${version_parameter}" "${deployer_parameter}") terraform -chdir="$terraform_module_directory" plan -no-color -detailed-exitcode $allParams | tee -a plan_output.log return_value=$? echo "Terraform Plan return code: $return_value" -if [ 1 == $return_value ] ; then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldreduscore Errors during the plan phase $resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" - echo "Error when running Terraform plan" > "${system_config_information}".err - - unset TF_DATA_DIR - rm plan_output.log - exit $return_value +if [ 1 == $return_value ]; then + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldreduscore Errors during the plan phase $resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" + echo "Error when running Terraform plan" >"${system_config_information}".err + + unset TF_DATA_DIR + rm plan_output.log + exit $return_value fi state_path="SYSTEM" -if [ 1 != $return_value ] ; then - - if [ "${deployment_system}" == sap_deployer ] - then - state_path="DEPLOYER" +if [ 1 != $return_value ]; then - deployer_public_ip_address=$(terraform -chdir="${terraform_module_directory}" output deployer_public_ip_address | tr -d \") - save_config_var "deployer_public_ip_address" "${system_config_information}" + if [ "${deployment_system}" == sap_deployer ]; then + state_path="DEPLOYER" - keyvault=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw deployer_kv_user_name | tr -d \") - save_config_var "keyvault" "${system_config_information}" - if [ 1 == $called_from_ado ] ; then - - if [[ "${TF_VAR_use_webapp}" == "true" && $IS_PIPELINE_DEPLOYMENT = "true" ]]; then - webapp_url_base=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw webapp_url_base | tr -d \") + deployer_public_ip_address=$(terraform -chdir="${terraform_module_directory}" output deployer_public_ip_address | tr -d \") + save_config_var "deployer_public_ip_address" "${system_config_information}" - if [ -n "${webapp_url_base}" ] ; then - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "WEBAPP_URL_BASE.value") - if [ -z ${az_var} ]; then - az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name WEBAPP_URL_BASE --value $webapp_url_base --output none --only-show-errors - else - az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name WEBAPP_URL_BASE --value $webapp_url_base --output none --only-show-errors - fi - fi + keyvault=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw deployer_kv_user_name | tr -d \") + save_config_var "keyvault" "${system_config_information}" + if [ 1 == $called_from_ado ]; then - webapp_id=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw webapp_id | tr -d \") - if [ -n "${webapp_id}" ] ; then - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "WEBAPP_ID.value") - if [ -z ${az_var} ]; then - az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name WEBAPP_ID --value $webapp_id --output none --only-show-errors - else - az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name WEBAPP_ID --value $webapp_id --output none --only-show-errors - fi - fi + if [[ "${TF_VAR_use_webapp}" == "true" && $IS_PIPELINE_DEPLOYMENT = "true" ]]; then + webapp_url_base=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw webapp_url_base | tr -d \") - msi_object_id=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw deployer_user_assigned_identity | tr -d \") - - if [ -n "${msi_object_id}" ] ; then - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "MSI_ID.value") - if [ -z ${az_var} ]; then - az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name MSI_ID --value $msi_object_id --output none --only-show-errors - else - az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name MSI_ID --value $msi_object_id --output none --only-show-errors - fi - fi + if [ -n "${webapp_url_base}" ]; then + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "WEBAPP_URL_BASE.value") + if [ -z ${az_var} ]; then + az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name WEBAPP_URL_BASE --value $webapp_url_base --output none --only-show-errors + else + az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name WEBAPP_URL_BASE --value $webapp_url_base --output none --only-show-errors + fi + fi + webapp_id=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw webapp_id | tr -d \") + if [ -n "${webapp_id}" ]; then + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "WEBAPP_ID.value") + if [ -z ${az_var} ]; then + az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name WEBAPP_ID --value $webapp_id --output none --only-show-errors + else + az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name WEBAPP_ID --value $webapp_id --output none --only-show-errors + fi + fi - fi + msi_object_id=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw deployer_user_assigned_identity | tr -d \") + if [ -n "${msi_object_id}" ]; then + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "MSI_ID.value") + if [ -z ${az_var} ]; then + az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name MSI_ID --value $msi_object_id --output none --only-show-errors + else + az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name MSI_ID --value $msi_object_id --output none --only-show-errors + fi fi + fi fi - if [ "${deployment_system}" == sap_landscape ] + fi - then - state_path="LANDSCAPE" - if [ $landscape_tfstate_key_exists == false ] - then - save_config_vars "${system_config_information}" \ - landscape_tfstate_key - fi + if [ "${deployment_system}" == sap_landscape ]; then + state_path="LANDSCAPE" + if [ $landscape_tfstate_key_exists == false ]; then + save_config_vars "${system_config_information}" \ + landscape_tfstate_key fi + fi - if [ "${deployment_system}" == sap_library ] - then - state_path="LIBRARY" - if [ "$deployment_parameter" == " " ] - then # This is not a new deployment. Reusing variable previously declared in the shell script above. - tfstate_resource_id=$(terraform -chdir="${terraform_module_directory}" output tfstate_resource_id| tr -d \") - STATE_SUBSCRIPTION=$(echo "$tfstate_resource_id" | cut -d/ -f3 | tr -d \" | xargs) + if [ "${deployment_system}" == sap_library ]; then + state_path="LIBRARY" + if [ "$deployment_parameter" == " " ]; then # This is not a new deployment. Reusing variable previously declared in the shell script above. + tfstate_resource_id=$(terraform -chdir="${terraform_module_directory}" output tfstate_resource_id | tr -d \") + STATE_SUBSCRIPTION=$(echo "$tfstate_resource_id" | cut -d/ -f3 | tr -d \" | xargs) - az account set --sub "${STATE_SUBSCRIPTION}" + az account set --sub "${STATE_SUBSCRIPTION}" - REMOTE_STATE_SA=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw remote_state_storage_account_name| tr -d \") + REMOTE_STATE_SA=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw remote_state_storage_account_name | tr -d \") - get_and_store_sa_details "${REMOTE_STATE_SA}" "${system_config_information}" + get_and_store_sa_details "${REMOTE_STATE_SA}" "${system_config_information}" - if [ 1 == "$called_from_ado" ]; then - SAPBITS=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw sapbits_storage_account_name| tr -d \") - if [ -n "${SAPBITS}" ] ; then - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "INSTALLATION_MEDIA_ACCOUNT.value") - if [ -z ${az_var} ]; then - az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name INSTALLATION_MEDIA_ACCOUNT --value $SAPBITS --output none --only-show-errors - else - az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name INSTALLATION_MEDIA_ACCOUNT --value $SAPBITS --output none --only-show-errors - fi - fi + if [ 1 == "$called_from_ado" ]; then + SAPBITS=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw sapbits_storage_account_name | tr -d \") + if [ -n "${SAPBITS}" ]; then + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "INSTALLATION_MEDIA_ACCOUNT.value") + if [ -z ${az_var} ]; then + az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name INSTALLATION_MEDIA_ACCOUNT --value $SAPBITS --output none --only-show-errors + else + az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name INSTALLATION_MEDIA_ACCOUNT --value $SAPBITS --output none --only-show-errors fi + fi fi fi + fi - ok_to_proceed=true + ok_to_proceed=true fi -useSAS=$(az storage account show --name "${REMOTE_STATE_SA}" --query allowSharedKeyAccess --subscription "${STATE_SUBSCRIPTION}" --out tsv) +useSAS=$(az storage account show --name "${REMOTE_STATE_SA}" --query allowSharedKeyAccess --subscription "${STATE_SUBSCRIPTION}" --out tsv) -if [ "$useSAS" = "true" ] ; then +if [ "$useSAS" = "true" ]; then echo "Storage Account authentication: key" export ARM_USE_AZUREAD=false else @@ -770,688 +771,664 @@ else export ARM_USE_AZUREAD=true fi - -if [ "$useSAS" = "true" ] ; then +if [ "$useSAS" = "true" ]; then container_exists=$(az storage container exists --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --name tfvars --only-show-errors --query exists) else container_exists=$(az storage container exists --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --name tfvars --only-show-errors --query exists --auth-mode login) fi if [ "${container_exists}" == "false" ]; then - if [ "$useSAS" = "true" ] ; then + if [ "$useSAS" = "true" ]; then az storage container create --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --name tfvars --only-show-errors else az storage container create --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --name tfvars --auth-mode login --only-show-errors fi fi -if [ "$useSAS" = "true" ] ; then - az storage blob upload --file "${parameterfile}" --container-name tfvars/LANDSCAPE/"${key}" --name "${parameterfile_name}" --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --no-progress --overwrite --only-show-errors --output none +if [ "$useSAS" = "true" ]; then + az storage blob upload --file "${parameterfile}" --container-name tfvars/LANDSCAPE/"${key}" --name "${parameterfile_name}" --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --no-progress --overwrite --only-show-errors --output none else - az storage blob upload --file "${parameterfile}" --container-name tfvars/LANDSCAPE/"${key}" --name "${parameterfile_name}" --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --no-progress --overwrite --auth-mode login --only-show-errors --output none + az storage blob upload --file "${parameterfile}" --container-name tfvars/LANDSCAPE/"${key}" --name "${parameterfile_name}" --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --no-progress --overwrite --auth-mode login --only-show-errors --output none fi fatal_errors=0 # HANA VM test=$(grep vm_dbnode plan_output.log | grep -m1 replaced) -if [ -n "${test}" ] ; then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldreduscore!!! Risk for Data loss !!!$resetformatting #" - echo "# #" - echo "# Database server(s) will be replaced #" - echo "# #" - echo "#########################################################################################" - echo "" - echo "" - echo "##vso[task.logissue type=error]${test}" - fatal_errors=1 +if [ -n "${test}" ]; then + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldreduscore!!! Risk for Data loss !!!$resetformatting #" + echo "# #" + echo "# Database server(s) will be replaced #" + echo "# #" + echo "#########################################################################################" + echo "" + echo "" + echo "##vso[task.logissue type=error]${test}" + fatal_errors=1 fi # HANA VM disks -test=$(grep azurerm_managed_disk.data_disk plan_output.log | grep -m1 replaced) -if [ -n "${test}" ] ; then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldreduscore!!! Risk for Data loss !!!$resetformatting #" - echo "# #" - echo "# Database server disks will be replaced #" - echo "# #" - echo "#########################################################################################" - echo "" - echo "" - fatal_errors=1 +test=$(grep azurerm_managed_disk.data_disk plan_output.log | grep -m1 replaced) +if [ -n "${test}" ]; then + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldreduscore!!! Risk for Data loss !!!$resetformatting #" + echo "# #" + echo "# Database server disks will be replaced #" + echo "# #" + echo "#########################################################################################" + echo "" + echo "" + fatal_errors=1 fi # AnyDB server test=$(grep dbserver plan_output.log | grep -m1 replaced) -if [ -n "${test}" ] ; then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldreduscore!!! Risk for Data loss !!!$resetformatting #" - echo "# #" - echo "# Database server(s) will be replaced #" - echo "# #" - echo "#########################################################################################" - echo "" - echo "" - echo "##vso[task.logissue type=error]${test}" - fatal_errors=1 +if [ -n "${test}" ]; then + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldreduscore!!! Risk for Data loss !!!$resetformatting #" + echo "# #" + echo "# Database server(s) will be replaced #" + echo "# #" + echo "#########################################################################################" + echo "" + echo "" + echo "##vso[task.logissue type=error]${test}" + fatal_errors=1 fi # AnyDB disks test=$(grep azurerm_managed_disk.disks plan_output.log | grep -m1 replaced) -if [ -n "${test}" ] ; then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldreduscore!!! Risk for Data loss !!!$resetformatting #" - echo "# #" - echo "# Database server disks will be replaced #" - echo "# #" - echo "#########################################################################################" - echo "" - echo "" - echo "##vso[task.logissue type=error]${test}" - fatal_errors=1 +if [ -n "${test}" ]; then + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldreduscore!!! Risk for Data loss !!!$resetformatting #" + echo "# #" + echo "# Database server disks will be replaced #" + echo "# #" + echo "#########################################################################################" + echo "" + echo "" + echo "##vso[task.logissue type=error]${test}" + fatal_errors=1 fi # App server test=$(grep virtual_machine.app plan_output.log | grep -m1 replaced) -if [ -n "${test}" ] ; then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldreduscore!!! Risk for Data loss !!!$resetformatting #" - echo "# #" - echo "# Application server will be replaced #" - echo "# #" - echo "#########################################################################################" - echo "" - echo "" - echo "##vso[task.logissue type=error]${test}" - fatal_errors=1 +if [ -n "${test}" ]; then + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldreduscore!!! Risk for Data loss !!!$resetformatting #" + echo "# #" + echo "# Application server will be replaced #" + echo "# #" + echo "#########################################################################################" + echo "" + echo "" + echo "##vso[task.logissue type=error]${test}" + fatal_errors=1 fi # App server disks test=$(grep azurerm_managed_disk.app plan_output.log | grep -m1 replaced) -if [ -n "${test}" ] ; then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldreduscore!!! Risk for Data loss !!!$resetformatting #" - echo "# #" - echo "# Application server disks will be replaced #" - echo "# #" - echo "#########################################################################################" - echo "" - echo "" - echo "##vso[task.logissue type=error]${test}" - fatal_errors=1 +if [ -n "${test}" ]; then + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldreduscore!!! Risk for Data loss !!!$resetformatting #" + echo "# #" + echo "# Application server disks will be replaced #" + echo "# #" + echo "#########################################################################################" + echo "" + echo "" + echo "##vso[task.logissue type=error]${test}" + fatal_errors=1 fi # SCS server test=$(grep virtual_machine.scs plan_output.log | grep -m1 replaced) -if [ -n "${test}" ] ; then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldreduscore!!! Risk for Data loss !!!$resetformatting #" - echo "# #" - echo "# SCS server(s) disks will be replaced #" - echo "# #" - echo "#########################################################################################" - echo "" - echo "" - echo "##vso[task.logissue type=error]${test}" - fatal_errors=1 +if [ -n "${test}" ]; then + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldreduscore!!! Risk for Data loss !!!$resetformatting #" + echo "# #" + echo "# SCS server(s) disks will be replaced #" + echo "# #" + echo "#########################################################################################" + echo "" + echo "" + echo "##vso[task.logissue type=error]${test}" + fatal_errors=1 fi # SCS server disks test=$(grep azurerm_managed_disk.scs plan_output.log | grep -m1 replaced) -if [ -n "${test}" ] ; then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldreduscore!!! Risk for Data loss !!!$resetformatting #" - echo "# #" - echo "# SCS server disks will be replaced #" - echo "# #" - echo "#########################################################################################" - echo "" - echo "" - echo "##vso[task.logissue type=error]${test}" - fatal_errors=1 +if [ -n "${test}" ]; then + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldreduscore!!! Risk for Data loss !!!$resetformatting #" + echo "# #" + echo "# SCS server disks will be replaced #" + echo "# #" + echo "#########################################################################################" + echo "" + echo "" + echo "##vso[task.logissue type=error]${test}" + fatal_errors=1 fi # Web server test=$(grep virtual_machine.web plan_output.log | grep -m1 replaced) -if [ -n "${test}" ] ; then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldreduscore!!! Risk for Data loss !!!$resetformatting #" - echo "# #" - echo "# Web Dispatcher server(s) will be replaced #" - echo "# #" - echo "#########################################################################################" - echo "" - echo "" - echo "##vso[task.logissue type=error]${test}" - fatal_errors=1 +if [ -n "${test}" ]; then + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldreduscore!!! Risk for Data loss !!!$resetformatting #" + echo "# #" + echo "# Web Dispatcher server(s) will be replaced #" + echo "# #" + echo "#########################################################################################" + echo "" + echo "" + echo "##vso[task.logissue type=error]${test}" + fatal_errors=1 fi # Web dispatcher server disks test=$(grep azurerm_managed_disk.web plan_output.log | grep -m1 "must be replaced") -if [ -n "${test}" ] ; then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldreduscore!!! Risk for Data loss !!!$resetformatting #" - echo "# #" - echo "# Web Dispatcher server disks will be replaced #" - echo "# #" - echo "#########################################################################################" - echo "" - - echo "" - echo "##vso[task.logissue type=error]${test}" - fatal_errors=1 +if [ -n "${test}" ]; then + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldreduscore!!! Risk for Data loss !!!$resetformatting #" + echo "# #" + echo "# Web Dispatcher server disks will be replaced #" + echo "# #" + echo "#########################################################################################" + echo "" + + echo "" + echo "##vso[task.logissue type=error]${test}" + fatal_errors=1 fi echo "TEST_ONLY: " $TEST_ONLY if [ "${TEST_ONLY}" == "True" ]; then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $cyan Running plan only. $resetformatting #" - echo "# #" - echo "# No deployment performed. #" - echo "# #" - echo "#########################################################################################" - echo "" - exit 0 + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $cyan Running plan only. $resetformatting #" + echo "# #" + echo "# No deployment performed. #" + echo "# #" + echo "#########################################################################################" + echo "" + exit 0 fi ok_to_proceed=1 -if [ $fatal_errors == 1 ] ; then - ok_to_proceed=0 - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldreduscore!!! Risk for Data loss !!!$resetformatting #" - echo "# #" - echo "# Please inspect the output of Terraform plan carefully before proceeding #" - echo "# #" - echo "#########################################################################################" - echo "" - if [ 1 == "$called_from_ado" ]; then - unset TF_DATA_DIR - echo "Risk for data loss, Please inspect the output of Terraform plan carefully. Run manually from deployer" > "${system_config_information}".err - echo ##vso[task.logissue type=error]Risk for data loss, Please inspect the output of Terraform plan carefully. Run manually from deployer - exit 1 - fi +if [ $fatal_errors == 1 ]; then + ok_to_proceed=0 + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldreduscore!!! Risk for Data loss !!!$resetformatting #" + echo "# #" + echo "# Please inspect the output of Terraform plan carefully before proceeding #" + echo "# #" + echo "#########################################################################################" + echo "" + if [ 1 == "$called_from_ado" ]; then + unset TF_DATA_DIR + echo "Risk for data loss, Please inspect the output of Terraform plan carefully. Run manually from deployer" >"${system_config_information}".err + echo ##vso[task.logissue type=error]Risk for data loss, Please inspect the output of Terraform plan carefully. Run manually from deployer + exit 1 + fi - if [ 1 == $force ]; then - ok_to_proceed=1 + if [ 1 == $force ]; then + ok_to_proceed=1 + else + read -p "Do you want to continue with the deployment Y/N?" ans + answer=${ans^^} + if [ $answer == 'Y' ]; then + ok_to_proceed=true else - read -p "Do you want to continue with the deployment Y/N?" ans - answer=${ans^^} - if [ $answer == 'Y' ]; then - ok_to_proceed=true - else - unset TF_DATA_DIR - exit 1 - fi + unset TF_DATA_DIR + exit 1 fi + fi fi rerun_apply=0 if [ 1 == $ok_to_proceed ]; then - if [ -f error.log ] - then - rm error.log - fi - if [ -f plan_output.log ] - then - rm plan_output.log - fi + if [ -f error.log ]; then + rm error.log + fi + if [ -f plan_output.log ]; then + rm plan_output.log + fi - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $cyan Running Terraform apply$resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $cyan Running Terraform apply$resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" - allParams=$(printf " -var-file=%s %s %s %s %s %s %s %s " "${var_file}" "${extra_vars}" "${tfstate_parameter}" "${landscape_tfstate_key_parameter}" "${deployer_tfstate_key_parameter}" "${deployment_parameter}" "${version_parameter}" "${approve}" ) + allParams=$(printf " -var-file=%s %s %s %s %s %s %s %s " "${var_file}" "${extra_vars}" "${tfstate_parameter}" "${landscape_tfstate_key_parameter}" "${deployer_tfstate_key_parameter}" "${deployment_parameter}" "${version_parameter}" "${approve}") - if [ 1 == $called_from_ado ] ; then - terraform -chdir="${terraform_module_directory}" apply -parallelism="${parallelism}" -no-color -compact-warnings -json $allParams | tee -a apply_output.json + if [ 1 == $called_from_ado ]; then + terraform -chdir="${terraform_module_directory}" apply -parallelism="${parallelism}" -no-color -compact-warnings -json $allParams | tee -a apply_output.json + else + if [ -n "${approve}" ]; then + terraform -chdir="${terraform_module_directory}" apply -parallelism="${parallelism}" -json $allParams | tee -a apply_output.json else - if [ -n "${approve}" ] - then - terraform -chdir="${terraform_module_directory}" apply -parallelism="${parallelism}" -json $allParams | tee -a apply_output.json - else - terraform -chdir="${terraform_module_directory}" apply -parallelism="${parallelism}" $allParams - fi + terraform -chdir="${terraform_module_directory}" apply -parallelism="${parallelism}" $allParams fi - return_value=$? + fi + return_value=$? - if [ -f apply_output.json ] - then - errors_occurred=$(jq 'select(."@level" == "error") | length' apply_output.json) - - # Check for resource that can be imported - existing=$(jq 'select(."@level" == "error") | {address: .diagnostic.address, summary: .diagnostic.summary} | select(.summary | startswith("A resource with the ID"))' apply_output.json) - if [[ -n ${existing} ]] - then - - readarray -t existing_resources < <(echo ${existing} | jq -c '.' ) - for item in "${existing_resources[@]}"; do - moduleID=$(jq -c -r '.address ' <<< "$item") - resourceID=$(jq -c -r '.summary' <<< "$item" | awk -F'\"' '{print $2}') - echo "Trying to import" $resourceID "into" $moduleID - allParamsforImport=$(printf " -var-file=%s %s %s %s %s %s %s " "${var_file}" "${extra_vars}" "${tfstate_parameter}" "${landscape_tfstate_key_parameter}" "${deployer_tfstate_key_parameter}" "${deployment_parameter}" "${version_parameter} " ) - echo terraform -chdir="${terraform_module_directory}" import $allParamsforImport $moduleID $resourceID - terraform -chdir="${terraform_module_directory}" import $allParamsforImport $moduleID $resourceID - done - rm apply_output.json - - if [ $rerun_apply == 1 ] ; then - rerun_apply=0 - - echo "" - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $cyan Re running Terraform apply$resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" - echo "" - if [ 1 == $called_from_ado ] ; then - terraform -chdir="${terraform_module_directory}" apply -parallelism="${parallelism}" -no-color -compact-warnings -json $allParams | tee -a apply_output.json - else - terraform -chdir="${terraform_module_directory}" apply -parallelism="${parallelism}" -json $allParams | tee -a apply_output.json - fi - return_value=$? - fi - fi + if [ -f apply_output.json ]; then + errors_occurred=$(jq 'select(."@level" == "error") | length' apply_output.json) - if [ -f apply_output.json ] - then - # Check for resource that can be imported - existing=$(jq 'select(."@level" == "error") | {address: .diagnostic.address, summary: .diagnostic.summary} | select(.summary | startswith("A resource with the ID"))' apply_output.json) - if [[ -n ${existing} ]] - then - - readarray -t existing_resources < <(echo ${existing} | jq -c '.' ) - for item in "${existing_resources[@]}"; do - moduleID=$(jq -c -r '.address ' <<< "$item") - resourceID=$(jq -c -r '.summary' <<< "$item" | awk -F'\"' '{print $2}') - echo "Trying to import" $resourceID "into" $moduleID - allParamsforImport=$(printf " -var-file=%s %s %s %s %s %s %s " "${var_file}" "${extra_vars}" "${tfstate_parameter}" "${landscape_tfstate_key_parameter}" "${deployer_tfstate_key_parameter}" "${deployment_parameter}" "${version_parameter} " ) - echo terraform -chdir="${terraform_module_directory}" import $allParamsforImport $moduleID $resourceID - terraform -chdir="${terraform_module_directory}" import $allParamsforImport $moduleID $resourceID - done - - rm apply_output.json - - echo "" - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $cyan Re running Terraform apply$resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" - echo "" - if [ 1 == $called_from_ado ] ; then - terraform -chdir="${terraform_module_directory}" apply -parallelism="${parallelism}" -no-color -compact-warnings -json $allParams | tee -a apply_output.json - else - terraform -chdir="${terraform_module_directory}" apply -parallelism="${parallelism}" -json $allParams | tee -a apply_output.json - fi - return_value=$? - fi + # Check for resource that can be imported + existing=$(jq 'select(."@level" == "error") | {address: .diagnostic.address, summary: .diagnostic.summary} | select(.summary | startswith("A resource with the ID"))' apply_output.json) + if [[ -n ${existing} ]]; then - fi + readarray -t existing_resources < <(echo ${existing} | jq -c '.') + for item in "${existing_resources[@]}"; do + moduleID=$(jq -c -r '.address ' <<<"$item") + resourceID=$(jq -c -r '.summary' <<<"$item" | awk -F'\"' '{print $2}') + echo "Trying to import" $resourceID "into" $moduleID + allParamsforImport=$(printf " -var-file=%s %s %s %s %s %s %s " "${var_file}" "${extra_vars}" "${tfstate_parameter}" "${landscape_tfstate_key_parameter}" "${deployer_tfstate_key_parameter}" "${deployment_parameter}" "${version_parameter} ") + echo terraform -chdir="${terraform_module_directory}" import $allParamsforImport $moduleID $resourceID + terraform -chdir="${terraform_module_directory}" import $allParamsforImport $moduleID $resourceID + done + rm apply_output.json - if [ -f apply_output.json ] - then - - if [[ -n $errors_occurred ]] - then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldreduscore!Errors during the apply phase!$resetformatting #" - - return_value=2 - all_errors=$(jq 'select(."@level" == "error") | {summary: .diagnostic.summary, detail: .diagnostic.detail} ' apply_output.json) - if [[ -n ${all_errors} ]] - then - readarray -t errors_strings < <(echo ${all_errors} | jq -c '.' ) - for errors_string in "${errors_strings[@]}"; do - string_to_report=$(jq -c -r '.detail ' <<< "$errors_string" ) - if [[ -z ${string_to_report} ]] - then - string_to_report=$(jq -c -r '.summary ' <<< "$errors_string" ) - fi - report=$(echo $string_to_report | grep -m1 "Message=" "${var_file}" | cut -d'=' -f2- | tr -d ' ' | tr -d '"') - if [[ -n ${report} ]] ; then - echo -e "# $boldreduscore $report $resetformatting" - if [ 1 == $called_from_ado ] ; then - - roleAssignmentExists=$(echo ${report} | grep -m1 "RoleAssignmentExists") - if [ -z ${roleAssignmentExists} ] ; then - echo "##vso[task.logissue type=error]${report}" - fi - fi - else - echo -e "# $boldreduscore $string_to_report $resetformatting" - if [ 1 == $called_from_ado ] ; then - roleAssignmentExists=$(echo ${string_to_report} | grep -m1 "RoleAssignmentExists") - if [ -z ${roleAssignmentExists} ] - then - echo "##vso[task.logissue type=error]${string_to_report}" - fi - fi - fi - echo -e "# $boldreduscore $string_to_report $resetformatting" - - done - fi - echo "# #" - echo "#########################################################################################" - echo "" - if [ 1 == $called_from_ado ] ; then - terraform -chdir="${terraform_module_directory}" apply -parallelism="${parallelism}" -no-color -compact-warnings -json $allParams | tee -a apply_output.json - else - terraform -chdir="${terraform_module_directory}" apply -parallelism="${parallelism}" -json $allParams | tee -a apply_output.json - fi - return_value=$? + if [ $rerun_apply == 1 ]; then + rerun_apply=0 - fi + echo "" + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $cyan Re running Terraform apply$resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" + echo "" + if [ 1 == $called_from_ado ]; then + terraform -chdir="${terraform_module_directory}" apply -parallelism="${parallelism}" -no-color -compact-warnings -json $allParams | tee -a apply_output.json + else + terraform -chdir="${terraform_module_directory}" apply -parallelism="${parallelism}" -json $allParams | tee -a apply_output.json fi - + return_value=$? + fi fi - if [ -f apply_output.json ] - then + if [ -f apply_output.json ]; then + # Check for resource that can be imported + existing=$(jq 'select(."@level" == "error") | {address: .diagnostic.address, summary: .diagnostic.summary} | select(.summary | startswith("A resource with the ID"))' apply_output.json) + if [[ -n ${existing} ]]; then + + readarray -t existing_resources < <(echo ${existing} | jq -c '.') + for item in "${existing_resources[@]}"; do + moduleID=$(jq -c -r '.address ' <<<"$item") + resourceID=$(jq -c -r '.summary' <<<"$item" | awk -F'\"' '{print $2}') + echo "Trying to import" $resourceID "into" $moduleID + allParamsforImport=$(printf " -var-file=%s %s %s %s %s %s %s " "${var_file}" "${extra_vars}" "${tfstate_parameter}" "${landscape_tfstate_key_parameter}" "${deployer_tfstate_key_parameter}" "${deployment_parameter}" "${version_parameter} ") + echo terraform -chdir="${terraform_module_directory}" import $allParamsforImport $moduleID $resourceID + terraform -chdir="${terraform_module_directory}" import $allParamsforImport $moduleID $resourceID + done + rm apply_output.json - fi - if [ 0 != $return_value ] ; then + echo "" echo "" echo "#########################################################################################" echo "# #" - echo -e "# $boldreduscore!Errors during the apply phase!$resetformatting #" + echo -e "# $cyan Re running Terraform apply$resetformatting #" echo "# #" echo "#########################################################################################" echo "" - unset TF_DATA_DIR - exit $return_value - fi + echo "" + if [ 1 == $called_from_ado ]; then + terraform -chdir="${terraform_module_directory}" apply -parallelism="${parallelism}" -no-color -compact-warnings -json $allParams | tee -a apply_output.json + else + terraform -chdir="${terraform_module_directory}" apply -parallelism="${parallelism}" -json $allParams | tee -a apply_output.json + fi + return_value=$? + fi -fi + fi -if [ "${deployment_system}" == sap_deployer ] -then + if [ -f apply_output.json ]; then - # terraform -chdir="${terraform_module_directory}" output + if [[ -n $errors_occurred ]]; then + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldreduscore!Errors during the apply phase!$resetformatting #" - deployer_public_ip_address=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw deployer_public_ip_address | tr -d \") - keyvault=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw deployer_kv_user_name | tr -d \") + return_value=2 + all_errors=$(jq 'select(."@level" == "error") | {summary: .diagnostic.summary, detail: .diagnostic.detail} ' apply_output.json) + if [[ -n ${all_errors} ]]; then + readarray -t errors_strings < <(echo ${all_errors} | jq -c '.') + for errors_string in "${errors_strings[@]}"; do + string_to_report=$(jq -c -r '.detail ' <<<"$errors_string") + if [[ -z ${string_to_report} ]]; then + string_to_report=$(jq -c -r '.summary ' <<<"$errors_string") + fi + report=$(echo $string_to_report | grep -m1 "Message=" "${var_file}" | cut -d'=' -f2- | tr -d ' ' | tr -d '"') + if [[ -n ${report} ]]; then + echo -e "# $boldreduscore $report $resetformatting" + if [ 1 == $called_from_ado ]; then + + roleAssignmentExists=$(echo ${report} | grep -m1 "RoleAssignmentExists") + if [ -z ${roleAssignmentExists} ]; then + echo "##vso[task.logissue type=error]${report}" + fi + fi + else + echo -e "# $boldreduscore $string_to_report $resetformatting" + if [ 1 == $called_from_ado ]; then + roleAssignmentExists=$(echo ${string_to_report} | grep -m1 "RoleAssignmentExists") + if [ -z ${roleAssignmentExists} ]; then + echo "##vso[task.logissue type=error]${string_to_report}" + fi + fi + fi + echo -e "# $boldreduscore $string_to_report $resetformatting" - random_id=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw random_id_b64 | tr -d \") - temp=$(echo "${random_id}" | grep -m1 "Warning") - if [ -z "${temp}" ] - then - temp=$(echo "${random_id}" | grep "Backend reinitialization required") - if [ -z "${temp}" ] - then - save_config_var "deployer_random_id" "${random_id}" - return_value=0 + done fi + echo "# #" + echo "#########################################################################################" + echo "" + if [ 1 == $called_from_ado ]; then + terraform -chdir="${terraform_module_directory}" apply -parallelism="${parallelism}" -no-color -compact-warnings -json $allParams | tee -a apply_output.json + else + terraform -chdir="${terraform_module_directory}" apply -parallelism="${parallelism}" -json $allParams | tee -a apply_output.json + fi + return_value=$? + + fi fi - created_resource_group_name=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw created_resource_group_name | tr -d \") - echo "" + fi + + if [ -f apply_output.json ]; then + rm apply_output.json + fi + + if [ 0 != $return_value ]; then echo "" echo "#########################################################################################" echo "# #" - echo -e "# $cyan Capturing telemetry $resetformatting #" + echo -e "# $boldreduscore!Errors during the apply phase!$resetformatting #" echo "# #" echo "#########################################################################################" echo "" - echo "" + unset TF_DATA_DIR + exit $return_value + fi - if [ -n "${ARM_CLIENT_SECRET}" ] ; then - az login --service-principal --username "${ARM_CLIENT_ID}" --password=$ARM_CLIENT_SECRET --tenant "${ARM_TENANT_ID}" --output none - else - az login --identity --output none - fi - full_script_path="$(realpath "${BASH_SOURCE[0]}")" - script_directory="$(dirname "${full_script_path}")" - az deployment group create --resource-group ${created_resource_group_name} --name "ControlPlane_Deployer_${created_resource_group_name}" --template-file "${script_directory}/templates/empty-deployment.json" --output none - return_value=0 - if [ 1 == $called_from_ado ] ; then - - terraform -chdir="${terraform_module_directory}" output -json -no-color deployer_uai - - if [ -n "${created_resource_group_name}" ] ; then - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "WEBAPP_RESOURCE_GROUP.value") - if [ -z ${az_var} ]; then - az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name WEBAPP_RESOURCE_GROUP --value $created_resource_group_name --output none --only-show-errors - else - az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name WEBAPP_RESOURCE_GROUP --value $created_resource_group_name --output none --only-show-errors - fi - fi +fi - if [[ "${TF_VAR_use_webapp}" == "true" && $IS_PIPELINE_DEPLOYMENT = "true" ]]; then - webapp_url_base=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw webapp_url_base | tr -d \") - if [ -n "${webapp_url_base}" ] ; then - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "WEBAPP_URL_BASE.value") - if [ -z ${az_var} ]; then - az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name WEBAPP_URL_BASE --value $webapp_url_base --output none --only-show-errors - else - az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name WEBAPP_URL_BASE --value $webapp_url_base --output none --only-show-errors - fi - fi +if [ "${deployment_system}" == sap_deployer ]; then - webapp_identity=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw webapp_identity | tr -d \") - if [ -n "${webapp_identity}" ] ; then - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "WEBAPP_IDENTITY.value") - if [ -z ${az_var} ]; then - az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name WEBAPP_IDENTITY --value $webapp_identity --output none --only-show-errors - else - az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name WEBAPP_IDENTITY --value $webapp_identity --output none --only-show-errors - fi - fi + # terraform -chdir="${terraform_module_directory}" output - webapp_id=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw webapp_id | tr -d \") - if [ -n "${webapp_id}" ] ; then - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "WEBAPP_ID.value") - if [ -z ${az_var} ]; then - az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name WEBAPP_ID --value $webapp_id --output none --only-show-errors - else - az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name WEBAPP_ID --value $webapp_id --output none --only-show-errors - fi - fi - if [ -n "${random_id}" ] ; then - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "DEPLOYER_RANDOM_ID_SEED.value") - if [ -z ${az_var} ]; then - az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name DEPLOYER_RANDOM_ID_SEED --value "${random_id}" --output none --only-show-errors - else - az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name DEPLOYER_RANDOM_ID_SEED --value "${random_id}" --output none --only-show-errors - fi - fi - fi + deployer_public_ip_address=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw deployer_public_ip_address | tr -d \") + keyvault=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw deployer_kv_user_name | tr -d \") + random_id=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw random_id_b64 | tr -d \") + temp=$(echo "${random_id}" | grep -m1 "Warning") + if [ -z "${temp}" ]; then + temp=$(echo "${random_id}" | grep "Backend reinitialization required") + if [ -z "${temp}" ]; then + save_config_var "deployer_random_id" "${random_id}" + return_value=0 fi + fi - if valid_kv_name "$keyvault" ; then - save_config_var "keyvault" "${system_config_information}" - else - printf -v val %-40.40s "$keyvault" - echo "#########################################################################################" - echo "# #" - echo -e "# The provided keyvault is not valid:$boldred ${val} $resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "The provided keyvault is not valid " "${val}" > secret.err + created_resource_group_name=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw created_resource_group_name | tr -d \") + echo "" + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $cyan Capturing telemetry $resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" + echo "" + + if [ -n "${ARM_CLIENT_SECRET}" ]; then + az login --service-principal --username "${ARM_CLIENT_ID}" --password=$ARM_CLIENT_SECRET --tenant "${ARM_TENANT_ID}" --output none + else + az login --identity --output none + fi + full_script_path="$(realpath "${BASH_SOURCE[0]}")" + script_directory="$(dirname "${full_script_path}")" + az deployment group create --resource-group ${created_resource_group_name} --name "ControlPlane_Deployer_${created_resource_group_name}" --template-file "${script_directory}/templates/empty-deployment.json" --output none + return_value=0 + if [ 1 == $called_from_ado ]; then + + terraform -chdir="${terraform_module_directory}" output -json -no-color deployer_uai + + if [ -n "${created_resource_group_name}" ]; then + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "WEBAPP_RESOURCE_GROUP.value") + if [ -z ${az_var} ]; then + az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name WEBAPP_RESOURCE_GROUP --value $created_resource_group_name --output none --only-show-errors + else + az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name WEBAPP_RESOURCE_GROUP --value $created_resource_group_name --output none --only-show-errors + fi fi - save_config_var "deployer_public_ip_address" "${system_config_information}" -fi + if [[ "${TF_VAR_use_webapp}" == "true" && $IS_PIPELINE_DEPLOYMENT = "true" ]]; then + webapp_url_base=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw webapp_url_base | tr -d \") + if [ -n "${webapp_url_base}" ]; then + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "WEBAPP_URL_BASE.value") + if [ -z ${az_var} ]; then + az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name WEBAPP_URL_BASE --value $webapp_url_base --output none --only-show-errors + else + az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name WEBAPP_URL_BASE --value $webapp_url_base --output none --only-show-errors + fi + fi -if [ "${deployment_system}" == sap_system ] -then - # re_run=0 - # database_loadbalancer_public_ip_address=$(terraform -chdir="${terraform_module_directory}" output -no-color database_loadbalancer_ip | tr -d "\n" | tr -d "(" | tr -d ")" | tr -d " ") - # database_loadbalancer_public_ip_address=$(echo ${database_loadbalancer_public_ip_address/tolist/}) - # database_loadbalancer_public_ip_address=$(echo ${database_loadbalancer_public_ip_address/,]/]}) - # echo "Database Load Balancer IP: $database_loadbalancer_public_ip_address" - - # load_config_vars "${parameterfile_name}" "database_loadbalancer_ips" - # database_loadbalancer_ips=$(echo ${database_loadbalancer_ips} | xargs) - - # if [[ "${database_loadbalancer_public_ip_address}" != "${database_loadbalancer_ips}" ]]; - # then - # database_loadbalancer_ips=${database_loadbalancer_public_ip_address} - # if [ -n "${database_loadbalancer_ips}" ]; then - # save_config_var "database_loadbalancer_ips" "${parameterfile_name}" - # re_run=1 - # fi - # fi - - # scs_loadbalancer_public_ip_address=$(terraform -chdir="${terraform_module_directory}" output -no-color scs_loadbalancer_ips | tr -d "\n" | tr -d "(" | tr -d ")" | tr -d " ") - # scs_loadbalancer_public_ip_address=$(echo ${scs_loadbalancer_public_ip_address/tolist/}) - # scs_loadbalancer_public_ip_address=$(echo ${scs_loadbalancer_public_ip_address/,]/]}) - # echo "SCS Load Balancer IP: $scs_loadbalancer_public_ip_address" - - # load_config_vars "${parameterfile_name}" "scs_server_loadbalancer_ips" - # scs_server_loadbalancer_ips=$(echo ${scs_server_loadbalancer_ips} | xargs) - - # if [[ "${scs_loadbalancer_public_ip_address}" != "${scs_server_loadbalancer_ips}" ]]; - # then - # scs_server_loadbalancer_ips=${scs_loadbalancer_public_ip_address} - # if [ -n "${scs_server_loadbalancer_ips}" ]; then - # save_config_var "scs_server_loadbalancer_ips" "${parameterfile_name}" - # re_run=1 - # fi - # fi - - # if [ 1 == $re_run ] ; then - # if [ 1 == $called_from_ado ] ; then - # terraform -chdir="${terraform_module_directory}" apply -parallelism="${parallelism}" -no-color -compact-warnings $allParams 2>error.log - # else - # terraform -chdir="${terraform_module_directory}" apply -parallelism="${parallelism}" $allParams 2>error.log - # fi - # fi - - rg_name=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw created_resource_group_name | tr -d \") + webapp_identity=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw webapp_identity | tr -d \") + if [ -n "${webapp_identity}" ]; then + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "WEBAPP_IDENTITY.value") + if [ -z ${az_var} ]; then + az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name WEBAPP_IDENTITY --value $webapp_identity --output none --only-show-errors + else + az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name WEBAPP_IDENTITY --value $webapp_identity --output none --only-show-errors + fi + fi - echo "" - echo "" + webapp_id=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw webapp_id | tr -d \") + if [ -n "${webapp_id}" ]; then + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "WEBAPP_ID.value") + if [ -z ${az_var} ]; then + az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name WEBAPP_ID --value $webapp_id --output none --only-show-errors + else + az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name WEBAPP_ID --value $webapp_id --output none --only-show-errors + fi + fi + if [ -n "${random_id}" ]; then + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "DEPLOYER_RANDOM_ID_SEED.value") + if [ -z ${az_var} ]; then + az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name DEPLOYER_RANDOM_ID_SEED --value "${random_id}" --output none --only-show-errors + else + az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name DEPLOYER_RANDOM_ID_SEED --value "${random_id}" --output none --only-show-errors + fi + fi + fi + + fi + + if valid_kv_name "$keyvault"; then + save_config_var "keyvault" "${system_config_information}" + else + printf -v val %-40.40s "$keyvault" echo "#########################################################################################" echo "# #" - echo -e "# $cyan Capturing telemetry $resetformatting #" + echo -e "# The provided keyvault is not valid:$boldred ${val} $resetformatting #" echo "# #" echo "#########################################################################################" - echo "" - echo "" - full_script_path="$(realpath "${BASH_SOURCE[0]}")" - script_directory="$(dirname "${full_script_path}")" - az deployment group create --resource-group ${rg_name} --name "SAP_${rg_name}" --subscription $ARM_SUBSCRIPTION_ID --template-file "${script_directory}/templates/empty-deployment.json" --output none + echo "The provided keyvault is not valid " "${val}" >secret.err + fi + save_config_var "deployer_public_ip_address" "${system_config_information}" fi +if [ "${deployment_system}" == sap_system ]; then + # re_run=0 + # database_loadbalancer_public_ip_address=$(terraform -chdir="${terraform_module_directory}" output -no-color database_loadbalancer_ip | tr -d "\n" | tr -d "(" | tr -d ")" | tr -d " ") + # database_loadbalancer_public_ip_address=$(echo ${database_loadbalancer_public_ip_address/tolist/}) + # database_loadbalancer_public_ip_address=$(echo ${database_loadbalancer_public_ip_address/,]/]}) + # echo "Database Load Balancer IP: $database_loadbalancer_public_ip_address" + + # load_config_vars "${parameterfile_name}" "database_loadbalancer_ips" + # database_loadbalancer_ips=$(echo ${database_loadbalancer_ips} | xargs) + + # if [[ "${database_loadbalancer_public_ip_address}" != "${database_loadbalancer_ips}" ]]; + # then + # database_loadbalancer_ips=${database_loadbalancer_public_ip_address} + # if [ -n "${database_loadbalancer_ips}" ]; then + # save_config_var "database_loadbalancer_ips" "${parameterfile_name}" + # re_run=1 + # fi + # fi + + # scs_loadbalancer_public_ip_address=$(terraform -chdir="${terraform_module_directory}" output -no-color scs_loadbalancer_ips | tr -d "\n" | tr -d "(" | tr -d ")" | tr -d " ") + # scs_loadbalancer_public_ip_address=$(echo ${scs_loadbalancer_public_ip_address/tolist/}) + # scs_loadbalancer_public_ip_address=$(echo ${scs_loadbalancer_public_ip_address/,]/]}) + # echo "SCS Load Balancer IP: $scs_loadbalancer_public_ip_address" + + # load_config_vars "${parameterfile_name}" "scs_server_loadbalancer_ips" + # scs_server_loadbalancer_ips=$(echo ${scs_server_loadbalancer_ips} | xargs) + + # if [[ "${scs_loadbalancer_public_ip_address}" != "${scs_server_loadbalancer_ips}" ]]; + # then + # scs_server_loadbalancer_ips=${scs_loadbalancer_public_ip_address} + # if [ -n "${scs_server_loadbalancer_ips}" ]; then + # save_config_var "scs_server_loadbalancer_ips" "${parameterfile_name}" + # re_run=1 + # fi + # fi + + # if [ 1 == $re_run ] ; then + # if [ 1 == $called_from_ado ] ; then + # terraform -chdir="${terraform_module_directory}" apply -parallelism="${parallelism}" -no-color -compact-warnings $allParams 2>error.log + # else + # terraform -chdir="${terraform_module_directory}" apply -parallelism="${parallelism}" $allParams 2>error.log + # fi + # fi + + rg_name=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw created_resource_group_name | tr -d \") + + echo "" + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $cyan Capturing telemetry $resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" + echo "" + full_script_path="$(realpath "${BASH_SOURCE[0]}")" + script_directory="$(dirname "${full_script_path}")" + az deployment group create --resource-group ${rg_name} --name "SAP_${rg_name}" --subscription $ARM_SUBSCRIPTION_ID --template-file "${script_directory}/templates/empty-deployment.json" --output none + +fi -if [ "${deployment_system}" == sap_landscape ] -then - save_config_vars "${system_config_information}" \ +if [ "${deployment_system}" == sap_landscape ]; then + save_config_vars "${system_config_information}" \ landscape_tfstate_key - rg_name=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw created_resource_group_name | tr -d \") - echo "" - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $cyan Capturing telemetry $resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" - echo "" - full_script_path="$(realpath "${BASH_SOURCE[0]}")" - script_directory="$(dirname "${full_script_path}")" - az deployment group create --resource-group ${rg_name} --name "SAP-WORKLOAD-ZONE_${rg_name}" --template-file "${script_directory}/templates/empty-deployment.json" --output none + rg_name=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw created_resource_group_name | tr -d \") + echo "" + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $cyan Capturing telemetry $resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" + echo "" + full_script_path="$(realpath "${BASH_SOURCE[0]}")" + script_directory="$(dirname "${full_script_path}")" + az deployment group create --resource-group ${rg_name} --name "SAP-WORKLOAD-ZONE_${rg_name}" --template-file "${script_directory}/templates/empty-deployment.json" --output none fi -if [ "${deployment_system}" == sap_library ] -then - REMOTE_STATE_SA=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw remote_state_storage_account_name | tr -d \") - sapbits_storage_account_name=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw sapbits_storage_account_name | tr -d \") - random_id_b64=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw random_id_b64 | tr -d \") - temp=$(echo "${random_id_b64}" | grep -m1 "Warning") - if [ -z "${temp}" ] - then - temp=$(echo "${random_id_b64}" | grep "Backend reinitialization required") - if [ -z "${temp}" ] - then - save_config_var "library_random_id" "${random_id_b64}" - return_value=0 - fi +if [ "${deployment_system}" == sap_library ]; then + REMOTE_STATE_SA=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw remote_state_storage_account_name | tr -d \") + sapbits_storage_account_name=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw sapbits_storage_account_name | tr -d \") + random_id_b64=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw random_id_b64 | tr -d \") + temp=$(echo "${random_id_b64}" | grep -m1 "Warning") + if [ -z "${temp}" ]; then + temp=$(echo "${random_id_b64}" | grep "Backend reinitialization required") + if [ -z "${temp}" ]; then + save_config_var "library_random_id" "${random_id_b64}" + return_value=0 fi + fi + if [ 1 == $called_from_ado ]; then - if [ 1 == $called_from_ado ] ; then - - if [ -n "${sapbits_storage_account_name}" ] ; then - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "INSTALLATION_MEDIA_ACCOUNT.value") - if [ -z ${az_var} ]; then - az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name INSTALLATION_MEDIA_ACCOUNT --value "${sapbits_storage_account_name}" --output none --only-show-errors - else - az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name INSTALLATION_MEDIA_ACCOUNT --value "${sapbits_storage_account_name}" --output none --only-show-errors - fi - fi - if [ -n "${random_id_b64}" ] ; then - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "LIBRARY_RANDOM_ID_SEED.value") - if [ -z ${az_var} ]; then - az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name LIBRARY_RANDOM_ID_SEED --value "${random_id_b64}" --output none --only-show-errors - else - az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name LIBRARY_RANDOM_ID_SEED --value "${random_id_b64}" --output none --only-show-errors - fi - fi - + if [ -n "${sapbits_storage_account_name}" ]; then + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "INSTALLATION_MEDIA_ACCOUNT.value") + if [ -z ${az_var} ]; then + az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name INSTALLATION_MEDIA_ACCOUNT --value "${sapbits_storage_account_name}" --output none --only-show-errors + else + az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name INSTALLATION_MEDIA_ACCOUNT --value "${sapbits_storage_account_name}" --output none --only-show-errors + fi + fi + if [ -n "${random_id_b64}" ]; then + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query "LIBRARY_RANDOM_ID_SEED.value") + if [ -z ${az_var} ]; then + az pipelines variable-group variable create --group-id ${VARIABLE_GROUP_ID} --name LIBRARY_RANDOM_ID_SEED --value "${random_id_b64}" --output none --only-show-errors + else + az pipelines variable-group variable update --group-id ${VARIABLE_GROUP_ID} --name LIBRARY_RANDOM_ID_SEED --value "${random_id_b64}" --output none --only-show-errors + fi fi - get_and_store_sa_details "${REMOTE_STATE_SA}" "${system_config_information}" - rg_name=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw created_resource_group_name | tr -d \") + fi - echo "" - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $cyan Capturing telemetry $resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" - echo "" + get_and_store_sa_details "${REMOTE_STATE_SA}" "${system_config_information}" + rg_name=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw created_resource_group_name | tr -d \") - full_script_path="$(realpath "${BASH_SOURCE[0]}")" - script_directory="$(dirname "${full_script_path}")" - az deployment group create --resource-group ${rg_name} --name "SAP-LIBRARY_${rg_name}" --template-file "${script_directory}/templates/empty-deployment.json" --output none + echo "" + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $cyan Capturing telemetry $resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" + echo "" + + full_script_path="$(realpath "${BASH_SOURCE[0]}")" + script_directory="$(dirname "${full_script_path}")" + az deployment group create --resource-group ${rg_name} --name "SAP-LIBRARY_${rg_name}" --template-file "${script_directory}/templates/empty-deployment.json" --output none fi if [ -f "${system_config_information}".err ]; then - cat "${system_config_information}".err - rm "${system_config_information}".err + cat "${system_config_information}".err + rm "${system_config_information}".err fi unset TF_DATA_DIR @@ -1462,42 +1439,42 @@ unset TF_DATA_DIR # # ################################################################################# -useSAS=$(az storage account show --name "${REMOTE_STATE_SA}" --query allowSharedKeyAccess --subscription "${STATE_SUBSCRIPTION}" --out tsv) +useSAS=$(az storage account show --name "${REMOTE_STATE_SA}" --query allowSharedKeyAccess --subscription "${STATE_SUBSCRIPTION}" --out tsv) -if [ "$useSAS" = "true" ] ; then - az storage blob upload --file "${parameterfile}" --container-name tfvars/"${state_path}"/"${key}" --name "${parameterfile_name}" --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --no-progress --overwrite --only-show-errors --output none +if [ "$useSAS" = "true" ]; then + az storage blob upload --file "${parameterfile}" --container-name tfvars/"${state_path}"/"${key}" --name "${parameterfile_name}" --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --no-progress --overwrite --only-show-errors --output none else - az storage blob upload --file "${parameterfile}" --container-name tfvars/"${state_path}"/"${key}" --name "${parameterfile_name}" --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --auth-mode login --no-progress --overwrite --only-show-errors --output none + az storage blob upload --file "${parameterfile}" --container-name tfvars/"${state_path}"/"${key}" --name "${parameterfile_name}" --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --auth-mode login --no-progress --overwrite --only-show-errors --output none fi -if [ "${deployment_system}" == sap_system ] ; then +if [ "${deployment_system}" == sap_system ]; then echo "Uploading the yaml files from ${param_dirname} to the storage account" - if [ "$useSAS" = "true" ] ; then - az storage blob upload --file sap-parameters.yaml --container-name tfvars/"${state_path}"/"${key}" --name sap-parameters.yaml --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --no-progress --overwrite --only-show-errors --output none + if [ "$useSAS" = "true" ]; then + az storage blob upload --file sap-parameters.yaml --container-name tfvars/"${state_path}"/"${key}" --name sap-parameters.yaml --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --no-progress --overwrite --only-show-errors --output none else - az storage blob upload --file sap-parameters.yaml --container-name tfvars/"${state_path}"/"${key}" --name sap-parameters.yaml --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --auth-mode login --no-progress --overwrite --only-show-errors --output none + az storage blob upload --file sap-parameters.yaml --container-name tfvars/"${state_path}"/"${key}" --name sap-parameters.yaml --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --auth-mode login --no-progress --overwrite --only-show-errors --output none fi hosts_file=$(ls *_hosts.yaml) - if [ "$useSAS" = "true" ] ; then - az storage blob upload --file "${hosts_file}" --container-name tfvars/"${state_path}"/"${key}" --name "${hosts_file}" --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --no-progress --overwrite --only-show-errors --output none + if [ "$useSAS" = "true" ]; then + az storage blob upload --file "${hosts_file}" --container-name tfvars/"${state_path}"/"${key}" --name "${hosts_file}" --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --no-progress --overwrite --only-show-errors --output none else - az storage blob upload --file "${hosts_file}" --container-name tfvars/"${state_path}"/"${key}" --name "${hosts_file}" --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --auth-mode login --no-progress --overwrite --only-show-errors --output none + az storage blob upload --file "${hosts_file}" --container-name tfvars/"${state_path}"/"${key}" --name "${hosts_file}" --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --auth-mode login --no-progress --overwrite --only-show-errors --output none fi fi -if [ "${deployment_system}" == sap_landscape ] ; then - if [ "$useSAS" = "true" ] ; then - az storage blob upload --file "${system_config_information}" --container-name tfvars/.sap_deployment_automation --name "${environment}${region_code}${network_logical_name}" --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --no-progress --overwrite --only-show-errors --output none +if [ "${deployment_system}" == sap_landscape ]; then + if [ "$useSAS" = "true" ]; then + az storage blob upload --file "${system_config_information}" --container-name tfvars/.sap_deployment_automation --name "${environment}${region_code}${network_logical_name}" --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --no-progress --overwrite --only-show-errors --output none else - az storage blob upload --file "${system_config_information}" --container-name tfvars/.sap_deployment_automation --name "${environment}${region_code}${network_logical_name}" --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --auth-mode login --no-progress --overwrite --only-show-errors --output none + az storage blob upload --file "${system_config_information}" --container-name tfvars/.sap_deployment_automation --name "${environment}${region_code}${network_logical_name}" --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --auth-mode login --no-progress --overwrite --only-show-errors --output none fi fi -if [ "${deployment_system}" == sap_library ] ; then +if [ "${deployment_system}" == sap_library ]; then deployer_config_information="${automation_config_directory}"/"${environment}""${region_code}" - if [ "$useSAS" = "true" ] ; then - az storage blob upload --file "${deployer_config_information}" --container-name tfvars/.sap_deployment_automation --name "${environment}${region_code}" --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --no-progress --overwrite --only-show-errors --output none + if [ "$useSAS" = "true" ]; then + az storage blob upload --file "${deployer_config_information}" --container-name tfvars/.sap_deployment_automation --name "${environment}${region_code}" --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --no-progress --overwrite --only-show-errors --output none else - az storage blob upload --file "${deployer_config_information}" --container-name tfvars/.sap_deployment_automation --name "${environment}${region_code}" --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --auth-mode login --no-progress --overwrite --only-show-errors --output none + az storage blob upload --file "${deployer_config_information}" --container-name tfvars/.sap_deployment_automation --name "${environment}${region_code}" --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --auth-mode login --no-progress --overwrite --only-show-errors --output none fi fi @@ -1509,6 +1486,4 @@ echo "# echo "#########################################################################################" echo "" - - exit $return_value From e4b4ab4dfe491bf2b31b63dc98c6d3196ddba2ec Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 10:18:48 +0300 Subject: [PATCH 06/77] Refactor echo statements in deploy control plane pipeline --- deploy/pipelines/02-sap-workload-zone.yaml | 6 +++--- deploy/scripts/install_workloadzone.sh | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/deploy/pipelines/02-sap-workload-zone.yaml b/deploy/pipelines/02-sap-workload-zone.yaml index bbd2d086c6..30f556216f 100644 --- a/deploy/pipelines/02-sap-workload-zone.yaml +++ b/deploy/pipelines/02-sap-workload-zone.yaml @@ -436,9 +436,9 @@ stages: if [ $USE_MSI != "true" ]; then - echo "Deployment credentials: Service Principal" - echo "Deployment credential ID (SPN): $WL_ARM_CLIENT_ID" - echo "Deployer subscription: $STATE_SUBSCRIPTION" + echo "Deployment credentials: Service Principal" + echo "Deployment credential ID (SPN): $WL_ARM_CLIENT_ID" + echo "Deployer subscription: $STATE_SUBSCRIPTION" export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index 4d5a9c252b..9d113260fc 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -380,7 +380,7 @@ if [ 0 = "${deploy_using_msi_only:-}" ]; then if [ -n "$tenant_id" ]; then if is_valid_guid "$tenant_id"; then - echo "Valid tenant id format" + echo "" else printf -v val %-40.40s "$tenant_id" echo "#########################################################################################" From fefb749d3ddca403f40b2f838aaaf0723f6c5419 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 10:18:48 +0300 Subject: [PATCH 07/77] Refactor echo statements in deploy control plane pipeline --- deploy/pipelines/03-sap-system-deployment.yaml | 2 +- deploy/pipelines/10-remover-terraform.yaml | 15 ++++++++++----- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/deploy/pipelines/03-sap-system-deployment.yaml b/deploy/pipelines/03-sap-system-deployment.yaml index 954c3499cf..de3b51a5af 100644 --- a/deploy/pipelines/03-sap-system-deployment.yaml +++ b/deploy/pipelines/03-sap-system-deployment.yaml @@ -261,7 +261,7 @@ stages: if [ $USE_MSI != "true" ]; then echo "Deployment credentials: Service Principal" - echo "Deployment credential ID (SPN): $WL_ARM_CLIENT_ID" + echo "Deployment credential ID (SPN): $WL_ARM_CLIENT_ID" export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index e9ed4969e1..1f61e20363 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -178,7 +178,7 @@ stages: exit $return_code fi else - echo "Deployment credentials: ^Managed Identity" + echo "Deployment credentials: Managed Identity" export ARM_USE_MSI=true export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID @@ -325,14 +325,14 @@ stages: if [[ ! -f /etc/profile.d/deploy_server.sh ]]; then if [ $USE_MSI != "true" ]; then - echo "Deployment credentials: Service Principal" - echo "Deployment credentials Id (SPN): $WL_ARM_CLIENT_SECRET" + echo "Deployment credentials: Service Principal" + echo "Deployment credentials ID (SPN): $WL_ARM_CLIENT_SECRET" export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET export ARM_TENANT_ID=$WL_ARM_TENANT_ID export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID - export ARM_USE_MSI=false + unset ARM_USE_MSI az login --service-principal --username $WL_ARM_CLIENT_ID --password=$WL_ARM_CLIENT_SECRET --tenant $WL_ARM_TENANT_ID --output none return_code=$? if [ 0 != $return_code ]; then @@ -751,7 +751,11 @@ stages: export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET export ARM_TENANT_ID=$WL_ARM_TENANT_ID export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID - export ARM_USE_MSI=false + unset ARM_USE_MSI + + echo "Deployment credentials: Service Principal" + echo "Deployment credentials ID (SPN): $WL_ARM_CLIENT_SECRET" + az login --service-principal --username "${WL_ARM_CLIENT_ID}" --password="${WL_ARM_CLIENT_SECRET}" --tenant "${WL_ARM_TENANT_ID}" --output none return_code=$? if [ 0 != $return_code ]; then @@ -760,6 +764,7 @@ stages: exit $return_code fi else + echo "Deployment credentials: Managed Identity" export ARM_USE_MSI=true export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID unset ARM_TENANT_ID From 3ad3b4148714895dfe289de9278d449d2a85cd3f Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 10:18:49 +0300 Subject: [PATCH 08/77] Refactor variables_local.tf to improve readability and error handling --- deploy/terraform/run/sap_landscape/variables_local.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy/terraform/run/sap_landscape/variables_local.tf b/deploy/terraform/run/sap_landscape/variables_local.tf index d00529619c..30842e6402 100644 --- a/deploy/terraform/run/sap_landscape/variables_local.tf +++ b/deploy/terraform/run/sap_landscape/variables_local.tf @@ -22,9 +22,9 @@ locals { tfstate_container_name = module.sap_namegenerator.naming.resource_suffixes.tfstate // Retrieve the arm_id of deployer's Key Vault from deployer's terraform.tfstate - spn_key_vault_arm_id = try(local.key_vault.kv_spn_id, - try(data.terraform_remote_state.deployer[0].outputs.deployer_kv_user_arm_id, - "") + spn_key_vault_arm_id = coalesce( + local.key_vault.kv_spn_id, + try(data.terraform_remote_state.deployer[0].outputs.deployer_kv_user_arm_id, "") ) deployer_subscription_id = coalesce( From 7aac0624dea8d43ae5fa9fb9840a35605d5e8679 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 10:18:49 +0300 Subject: [PATCH 09/77] Refactor variables_local.tf to improve readability and error handling --- deploy/terraform/run/sap_landscape/variables_local.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/terraform/run/sap_landscape/variables_local.tf b/deploy/terraform/run/sap_landscape/variables_local.tf index 30842e6402..37a54894a6 100644 --- a/deploy/terraform/run/sap_landscape/variables_local.tf +++ b/deploy/terraform/run/sap_landscape/variables_local.tf @@ -23,7 +23,7 @@ locals { // Retrieve the arm_id of deployer's Key Vault from deployer's terraform.tfstate spn_key_vault_arm_id = coalesce( - local.key_vault.kv_spn_id, + try(local.key_vault.kv_spn_id,""), try(data.terraform_remote_state.deployer[0].outputs.deployer_kv_user_arm_id, "") ) From 2bfc51fef49b42c71591389278b026ad32872e3d Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 10:18:49 +0300 Subject: [PATCH 10/77] Refactor deploy control plane pipeline to include deployer_tfstate_key parameter --- deploy/pipelines/10-remover-terraform.yaml | 8 ++++++++ deploy/scripts/remover.sh | 4 ++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index 1f61e20363..0fb0ec21df 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -719,6 +719,13 @@ stages: STATE_SUBSCRIPTION=$(grep "^STATE_SUBSCRIPTION=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) fi + az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Deployer_State_FileName.value" --out tsv) + if [ -n "${az_var}" ]; then + deployer_tfstate_key="${az_var}" + else + deployer_tfstate_key=$(grep "^STATE_SUBSCRIPTION=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) + fi + az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Account_Name.value" --out tsv) if [ -n "${az_var}" ]; then REMOTE_STATE_SA="${az_var}" @@ -781,6 +788,7 @@ stages: --state_subscription ${STATE_SUBSCRIPTION} \ --storageaccountname "${REMOTE_STATE_SA}" \ --auto-approve \ + --deployer_tfstate_key ${deployer_tfstate_key} \ --ado return_code=$? diff --git a/deploy/scripts/remover.sh b/deploy/scripts/remover.sh index 35cb1baf32..33106e4244 100755 --- a/deploy/scripts/remover.sh +++ b/deploy/scripts/remover.sh @@ -78,7 +78,7 @@ function missing { } #process inputs - may need to check the option i for auto approve as it is not used -INPUT_ARGUMENTS=$(getopt -n remover -o p:o:t:s:ahi --longoptions type:,parameterfile:,storageaccountname:,state_subscription:,ado,auto-approve,help -- "$@") +INPUT_ARGUMENTS=$(getopt -n remover -o p:o:t:s:d:ahi --longoptions type:,parameterfile,deployer_tfstate_key:,storageaccountname:,state_subscription:,ado,auto-approve,help -- "$@") VALID_ARGUMENTS=$? if [ "$VALID_ARGUMENTS" != "0" ]; then @@ -93,6 +93,7 @@ do -p | --parameterfile) parameterfile="$2" ; shift 2 ;; -o | --storageaccountname) REMOTE_STATE_SA="$2" ; shift 2 ;; -s | --state_subscription) STATE_SUBSCRIPTION="$2" ; shift 2 ;; + -d | --deployer_tfstate_key) deployer_tfstate_key="$2" ; shift 2 ;; -t | --type) deployment_system="$2" ; shift 2 ;; -i | --auto-approve) approve="--auto-approve" ; shift ;; -a | --ado) called_from_ado=1 ; shift ;; @@ -105,7 +106,6 @@ done #variables tfstate_resource_id="" tfstate_parameter="" -deployer_tfstate_key="" deployer_tfstate_key_parameter="" landscape_tfstate_key="" landscape_tfstate_key_parameter="" From 9d65fe2a3c0b84f89db38b27097a41b4812955c7 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 10:18:49 +0300 Subject: [PATCH 11/77] Refactor deploy control plane pipeline to include deployer_tfstate_key and landscape_tfstate_key parameters --- deploy/pipelines/10-remover-terraform.yaml | 27 ++++++++++++++++++++-- deploy/scripts/remover.sh | 4 ++-- 2 files changed, 27 insertions(+), 4 deletions(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index 0fb0ec21df..129379b1c2 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -408,6 +408,20 @@ stages: echo "TF state account: $REMOTE_STATE_SA" echo "System configuration: $systemConfigurationFile" + az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Deployer_State_FileName.value" --out tsv) + if [ -n "${az_var}" ]; then + deployer_tfstate_key="${az_var}" + else + deployer_tfstate_key=$(grep "^STATE_SUBSCRIPTION=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) + fi + + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query $NETWORK"Workload_Zone_State_FileName.value" --out tsv) + if [ -n "${az_var}" ]; then + landscape_tfstate_key="${az_var}" + else + landscape_tfstate_key=$(grep "^landscape_tfstate_key=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) + fi + echo -e "$green--- Run the remover script that destroys the SAP system ---$reset" cd $CONFIG_REPO_PATH/SYSTEM/$(sap_system_folder) ${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/remover.sh \ @@ -415,6 +429,8 @@ stages: --type sap_system \ --state_subscription ${STATE_SUBSCRIPTION} \ --storageaccountname "${REMOTE_STATE_SA}" \ + --deployer_tfstate_key ${deployer_tfstate_key} \ + --landscape_tfstate_key ${landscape_tfstate_key} \ --auto-approve return_code=$? @@ -726,6 +742,13 @@ stages: deployer_tfstate_key=$(grep "^STATE_SUBSCRIPTION=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) fi + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query $NETWORK"Workload_Zone_State_FileName.value" --out tsv) + if [ -n "${az_var}" ]; then + landscape_tfstate_key="${az_var}" + else + landscape_tfstate_key=$(grep "^landscape_tfstate_key=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) + fi + az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Account_Name.value" --out tsv) if [ -n "${az_var}" ]; then REMOTE_STATE_SA="${az_var}" @@ -787,9 +810,9 @@ stages: --type sap_landscape \ --state_subscription ${STATE_SUBSCRIPTION} \ --storageaccountname "${REMOTE_STATE_SA}" \ - --auto-approve \ --deployer_tfstate_key ${deployer_tfstate_key} \ - --ado + --landscape_tfstate_key ${landscape_tfstate_key} \ + --auto-approve return_code=$? diff --git a/deploy/scripts/remover.sh b/deploy/scripts/remover.sh index 33106e4244..de71fb049b 100755 --- a/deploy/scripts/remover.sh +++ b/deploy/scripts/remover.sh @@ -78,7 +78,7 @@ function missing { } #process inputs - may need to check the option i for auto approve as it is not used -INPUT_ARGUMENTS=$(getopt -n remover -o p:o:t:s:d:ahi --longoptions type:,parameterfile,deployer_tfstate_key:,storageaccountname:,state_subscription:,ado,auto-approve,help -- "$@") +INPUT_ARGUMENTS=$(getopt -n remover -o p:o:t:s:d:l:ahi --longoptions type:,parameterfile,storageaccountname:,state_subscription:,deployer_tfstate_key:,landscape_tfstate_key:,ado,auto-approve,help -- "$@") VALID_ARGUMENTS=$? if [ "$VALID_ARGUMENTS" != "0" ]; then @@ -94,6 +94,7 @@ do -o | --storageaccountname) REMOTE_STATE_SA="$2" ; shift 2 ;; -s | --state_subscription) STATE_SUBSCRIPTION="$2" ; shift 2 ;; -d | --deployer_tfstate_key) deployer_tfstate_key="$2" ; shift 2 ;; + -l | --landscape_tfstate_key) landscape_tfstate_key="$2" ; shift 2 ;; -t | --type) deployment_system="$2" ; shift 2 ;; -i | --auto-approve) approve="--auto-approve" ; shift ;; -a | --ado) called_from_ado=1 ; shift ;; @@ -107,7 +108,6 @@ done tfstate_resource_id="" tfstate_parameter="" deployer_tfstate_key_parameter="" -landscape_tfstate_key="" landscape_tfstate_key_parameter="" # unused variables From 521fd6610840f65b816dc1a5ca3b26903d5bf072 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 10:18:49 +0300 Subject: [PATCH 12/77] Refactor echo statement in deploy control plane pipeline --- deploy/pipelines/10-remover-terraform.yaml | 4 +- deploy/scripts/remover.sh | 540 +++++++++++---------- 2 files changed, 279 insertions(+), 265 deletions(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index 129379b1c2..aa319b5ab1 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -406,7 +406,7 @@ stages: echo "Workload Key Vault: ${workload_key_vault}" echo "TF state subscription: $STATE_SUBSCRIPTION" echo "TF state account: $REMOTE_STATE_SA" - echo "System configuration: $systemConfigurationFile" + echo "System configuration: $(sap_system_configuration)" az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Deployer_State_FileName.value" --out tsv) if [ -n "${az_var}" ]; then @@ -423,7 +423,7 @@ stages: fi echo -e "$green--- Run the remover script that destroys the SAP system ---$reset" - cd $CONFIG_REPO_PATH/SYSTEM/$(sap_system_folder) + cd $CONFIG_REPO_PATH/SYSTEM/$(sap_system_folder) || exit ${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/remover.sh \ --parameterfile $(sap_system_configuration) \ --type sap_system \ diff --git a/deploy/scripts/remover.sh b/deploy/scripts/remover.sh index de71fb049b..2e687546e3 100755 --- a/deploy/scripts/remover.sh +++ b/deploy/scripts/remover.sh @@ -21,60 +21,60 @@ source "${script_directory}/helpers/script_helpers.sh" #Internal helper functions function showhelp { - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldreduscore !Warning!: This script will remove deployed systems $resetformatting #" - echo "# #" - echo "# This file contains the logic to remove the different systems #" - echo "# The script expects the following exports: #" - echo "# #" - echo "# SAP_AUTOMATION_REPO_PATH (path to the repo folder (sap-automation)) #" - echo "# ARM_SUBSCRIPTION_ID (subscription containing the state file storage account) #" - echo "# REMOTE_STATE_RG (resource group name for storage account containing state files) #" - echo "# REMOTE_STATE_SA (storage account for state file) #" - echo "# #" - echo "# The script will persist the parameters needed between the executions in the #" - echo "# [CONFIG_REPO_PATH]/.sap_deployment_automation folder. #" - echo "# #" - echo "# #" - echo "# Usage: remover.sh #" - echo "# -p or --parameterfile parameter file #" - echo "# -t or --type type of system to remove #" - echo "# valid options: #" - echo "# sap_deployer #" - echo "# sap_library #" - echo "# sap_landscape #" - echo "# sap_system #" - echo "# -h or --help Show help #" - echo "# #" - echo "# Optional parameters #" - echo "# #" - echo "# -o or --storageaccountname Storage account name for state file #" - echo "# -s or --state_subscription Subscription for tfstate storage account #" - echo "# #" - echo "# Example: #" - echo "# #" - echo "# [REPO-ROOT]deploy/scripts/remover.sh \ #" - echo "# --parameterfile DEV-WEEU-SAP01-X00.tfvars \ #" - echo "# --type sap_system #" - echo "# #" - echo "#########################################################################################" + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldreduscore !Warning!: This script will remove deployed systems $resetformatting #" + echo "# #" + echo "# This file contains the logic to remove the different systems #" + echo "# The script expects the following exports: #" + echo "# #" + echo "# SAP_AUTOMATION_REPO_PATH (path to the repo folder (sap-automation)) #" + echo "# ARM_SUBSCRIPTION_ID (subscription containing the state file storage account) #" + echo "# REMOTE_STATE_RG (resource group name for storage account containing state files) #" + echo "# REMOTE_STATE_SA (storage account for state file) #" + echo "# #" + echo "# The script will persist the parameters needed between the executions in the #" + echo "# [CONFIG_REPO_PATH]/.sap_deployment_automation folder. #" + echo "# #" + echo "# #" + echo "# Usage: remover.sh #" + echo "# -p or --parameterfile parameter file #" + echo "# -t or --type type of system to remove #" + echo "# valid options: #" + echo "# sap_deployer #" + echo "# sap_library #" + echo "# sap_landscape #" + echo "# sap_system #" + echo "# -h or --help Show help #" + echo "# #" + echo "# Optional parameters #" + echo "# #" + echo "# -o or --storageaccountname Storage account name for state file #" + echo "# -s or --state_subscription Subscription for tfstate storage account #" + echo "# #" + echo "# Example: #" + echo "# #" + echo "# [REPO-ROOT]deploy/scripts/remover.sh \ #" + echo "# --parameterfile DEV-WEEU-SAP01-X00.tfvars \ #" + echo "# --type sap_system #" + echo "# #" + echo "#########################################################################################" } function missing { - printf -v val %-.40s "$option" - echo "" - echo "" - echo "#########################################################################################" - echo "# #" - echo "# Missing environment variables: ${option}!!! #" - echo "# #" - echo "# Please export the folloing variables: #" - echo "# SAP_AUTOMATION_REPO_PATH (path to the repo folder (sap-automation)) #" - echo "# ARM_SUBSCRIPTION_ID (subscription containing the state file storage account) #" - echo "# #" - echo "#########################################################################################" + printf -v val %-.40s "$option" + echo "" + echo "" + echo "#########################################################################################" + echo "# #" + echo "# Missing environment variables: ${option}!!! #" + echo "# #" + echo "# Please export the folloing variables: #" + echo "# SAP_AUTOMATION_REPO_PATH (path to the repo folder (sap-automation)) #" + echo "# ARM_SUBSCRIPTION_ID (subscription containing the state file storage account) #" + echo "# #" + echo "#########################################################################################" } #process inputs - may need to check the option i for auto approve as it is not used @@ -82,26 +82,55 @@ INPUT_ARGUMENTS=$(getopt -n remover -o p:o:t:s:d:l:ahi --longoptions type:,param VALID_ARGUMENTS=$? if [ "$VALID_ARGUMENTS" != "0" ]; then - showhelp + showhelp fi called_from_ado=0 eval set -- "$INPUT_ARGUMENTS" -while : -do - case "$1" in - -p | --parameterfile) parameterfile="$2" ; shift 2 ;; - -o | --storageaccountname) REMOTE_STATE_SA="$2" ; shift 2 ;; - -s | --state_subscription) STATE_SUBSCRIPTION="$2" ; shift 2 ;; - -d | --deployer_tfstate_key) deployer_tfstate_key="$2" ; shift 2 ;; - -l | --landscape_tfstate_key) landscape_tfstate_key="$2" ; shift 2 ;; - -t | --type) deployment_system="$2" ; shift 2 ;; - -i | --auto-approve) approve="--auto-approve" ; shift ;; - -a | --ado) called_from_ado=1 ; shift ;; - -h | --help) showhelp - exit 3 ; shift ;; - --) shift; break ;; - esac +while :; do + case "$1" in + -p | --parameterfile) + parameterfile="$2" + shift 2 + ;; + -o | --storageaccountname) + REMOTE_STATE_SA="$2" + shift 2 + ;; + -s | --state_subscription) + STATE_SUBSCRIPTION="$2" + shift 2 + ;; + -d | --deployer_tfstate_key) + deployer_tfstate_key="$2" + shift 2 + ;; + -l | --landscape_tfstate_key) + landscape_tfstate_key="$2" + shift 2 + ;; + -t | --type) + deployment_system="$2" + shift 2 + ;; + -i | --auto-approve) + approve="--auto-approve" + shift + ;; + -a | --ado) + called_from_ado=1 + shift + ;; + -h | --help) + showhelp + exit 3 + shift + ;; + --) + shift + break + ;; + esac done #variables @@ -123,72 +152,70 @@ parameterfile_name=$(basename "${parameterfile_path}") parameterfile_dirname=$(dirname "${parameterfile_path}") if [ "${parameterfile_dirname}" != "${working_directory}" ]; then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldred Please run this command from the folder containing the parameter file $resetformatting #" - echo "# #" - echo "#########################################################################################" - exit 3 + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldred Please run this command from the folder containing the parameter file $resetformatting #" + echo "# #" + echo "#########################################################################################" + exit 3 fi -if [ ! -f "${parameterfile}" ] -then - printf -v val %-35.35s "$parameterfile" - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldred Parameter file does not exist: ${val} $resetformatting #" - echo "# #" - echo "#########################################################################################" - exit 2 #No such file or directory +if [ ! -f "${parameterfile}" ]; then + printf -v val %-35.35s "$parameterfile" + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldred Parameter file does not exist: ${val} $resetformatting #" + echo "# #" + echo "#########################################################################################" + exit 2 #No such file or directory fi - if [ -z "${deployment_system}" ]; then - printf -v val %-40.40s "$deployment_system" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldred Incorrect system deployment type specified: ${val} $resetformatting #" - echo "# #" - echo "# Valid options are: #" - echo "# sap_deployer #" - echo "# sap_library #" - echo "# sap_landscape #" - echo "# sap_system #" - echo "# #" - echo "#########################################################################################" - echo "" - exit 64 #script usage wrong + printf -v val %-40.40s "$deployment_system" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldred Incorrect system deployment type specified: ${val} $resetformatting #" + echo "# #" + echo "# Valid options are: #" + echo "# sap_deployer #" + echo "# sap_library #" + echo "# sap_landscape #" + echo "# sap_system #" + echo "# #" + echo "#########################################################################################" + echo "" + exit 64 #script usage wrong fi # Check that the exports ARM_SUBSCRIPTION_ID and SAP_AUTOMATION_REPO_PATH are defined validate_exports return_code=$? if [ 0 != $return_code ]; then - exit $return_code + exit $return_code fi # Check that Terraform and Azure CLI is installed validate_dependencies return_code=$? if [ 0 != $return_code ]; then - exit $return_code + exit $return_code fi # Check that parameter files have environment and location defined validate_key_parameters "$parameterfile_name" return_code=$? if [ 0 != $return_code ]; then - exit $return_code + exit $return_code fi -if valid_region_name "${region}" ; then - # Convert the region to the correct code - get_region_code ${region} +if valid_region_name "${region}"; then + # Convert the region to the correct code + get_region_code ${region} else - echo "Invalid region: $region" - exit 2 + echo "Invalid region: $region" + exit 2 fi this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 @@ -203,17 +230,17 @@ generic_config_information="${automation_config_directory}"/config system_config_information="${automation_config_directory}"/"${environment}""${region_code}" if [ "${deployment_system}" == sap_landscape ]; then - load_config_vars "$parameterfile_name" "network_logical_name" - network_logical_name=$(echo "${network_logical_name}" | tr "[:lower:]" "[:upper:]") + load_config_vars "$parameterfile_name" "network_logical_name" + network_logical_name=$(echo "${network_logical_name}" | tr "[:lower:]" "[:upper:]") - system_config_information="${automation_config_directory}"/"${environment}""${region_code}""${network_logical_name}" + system_config_information="${automation_config_directory}"/"${environment}""${region_code}""${network_logical_name}" fi if [ "${deployment_system}" == sap_system ]; then - load_config_vars "$parameterfile_name" "network_logical_name" - network_logical_name=$(echo "${network_logical_name}" | tr "[:lower:]" "[:upper:]") + load_config_vars "$parameterfile_name" "network_logical_name" + network_logical_name=$(echo "${network_logical_name}" | tr "[:lower:]" "[:upper:]") - system_config_information="${automation_config_directory}"/"${environment}""${region_code}""${network_logical_name}" + system_config_information="${automation_config_directory}"/"${environment}""${region_code}""${network_logical_name}" fi echo "Configuration file: $system_config_information" @@ -236,30 +263,29 @@ echo "" isInCloudShellCheck=$(checkIfCloudShell) if checkIfCloudShell; then - mkdir -p "${HOME}/.terraform.d/plugin-cache" - export TF_PLUGIN_CACHE_DIR="${HOME}/.terraform.d/plugin-cache" + mkdir -p "${HOME}/.terraform.d/plugin-cache" + export TF_PLUGIN_CACHE_DIR="${HOME}/.terraform.d/plugin-cache" else - if [ ! -d /opt/terraform/.terraform.d/plugin-cache ]; then - mkdir -p /opt/terraform/.terraform.d/plugin-cache - sudo chown -R "$USER" /opt/terraform - fi - export TF_PLUGIN_CACHE_DIR=/opt/terraform/.terraform.d/plugin-cache + if [ ! -d /opt/terraform/.terraform.d/plugin-cache ]; then + mkdir -p /opt/terraform/.terraform.d/plugin-cache + sudo chown -R "$USER" /opt/terraform + fi + export TF_PLUGIN_CACHE_DIR=/opt/terraform/.terraform.d/plugin-cache fi init "${automation_config_directory}" "${generic_config_information}" "${system_config_information}" var_file="${parameterfile_dirname}"/"${parameterfile}" -if [ -z "$REMOTE_STATE_SA" ]; -then - load_config_vars "${system_config_information}" "REMOTE_STATE_SA" - load_config_vars "${system_config_information}" "REMOTE_STATE_RG" - load_config_vars "${system_config_information}" "tfstate_resource_id" - load_config_vars "${system_config_information}" "STATE_SUBSCRIPTION" +if [ -z "$REMOTE_STATE_SA" ]; then + load_config_vars "${system_config_information}" "REMOTE_STATE_SA" + load_config_vars "${system_config_information}" "REMOTE_STATE_RG" + load_config_vars "${system_config_information}" "tfstate_resource_id" + load_config_vars "${system_config_information}" "STATE_SUBSCRIPTION" else - save_config_vars "${system_config_information}" REMOTE_STATE_SA - get_and_store_sa_details ${REMOTE_STATE_SA} "${system_config_information}" - load_config_vars "${system_config_information}" "STATE_SUBSCRIPTION" - load_config_vars "${system_config_information}" "REMOTE_STATE_RG" - load_config_vars "${system_config_information}" "tfstate_resource_id" + save_config_vars "${system_config_information}" REMOTE_STATE_SA + get_and_store_sa_details ${REMOTE_STATE_SA} "${system_config_information}" + load_config_vars "${system_config_information}" "STATE_SUBSCRIPTION" + load_config_vars "${system_config_information}" "REMOTE_STATE_RG" + load_config_vars "${system_config_information}" "tfstate_resource_id" fi load_config_vars "${system_config_information}" "deployer_tfstate_key" @@ -268,12 +294,12 @@ load_config_vars "${system_config_information}" "ARM_SUBSCRIPTION_ID" deployer_tfstate_key_parameter='' if [ "${deployment_system}" != sap_deployer ]; then - deployer_tfstate_key_parameter=" -var deployer_tfstate_key=${deployer_tfstate_key} " + deployer_tfstate_key_parameter=" -var deployer_tfstate_key=${deployer_tfstate_key} " fi landscape_tfstate_key_parameter='' if [ "${deployment_system}" == sap_system ]; then - landscape_tfstate_key_parameter=" -var landscape_tfstate_key=${landscape_tfstate_key} " + landscape_tfstate_key_parameter=" -var landscape_tfstate_key=${landscape_tfstate_key} " fi tfstate_parameter=" -var tfstate_resource_id=${tfstate_resource_id} " @@ -282,7 +308,7 @@ tfstate_parameter=" -var tfstate_resource_id=${tfstate_resource_id} " set_executing_user_environment_variables "none" if [ -n "${STATE_SUBSCRIPTION}" ]; then - az account set --sub "${STATE_SUBSCRIPTION}" + az account set --sub "${STATE_SUBSCRIPTION}" fi export TF_DATA_DIR="${parameterfile_dirname}"/.terraform @@ -290,32 +316,32 @@ export TF_DATA_DIR="${parameterfile_dirname}"/.terraform terraform_module_directory="${SAP_AUTOMATION_REPO_PATH}"/deploy/terraform/run/"${deployment_system}"/ if [ ! -d "${terraform_module_directory}" ]; then - printf -v val %-40.40s "$deployment_system" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldred Incorrect system deployment type specified: ${val} $resetformatting#" - echo "# #" - echo "# Valid options are: #" - echo "# sap_deployer #" - echo "# sap_library #" - echo "# sap_landscape #" - echo "# sap_system #" - echo "# #" - echo "#########################################################################################" - echo "" - exit 66 #cannot open input file/folder + printf -v val %-40.40s "$deployment_system" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldred Incorrect system deployment type specified: ${val} $resetformatting#" + echo "# #" + echo "# Valid options are: #" + echo "# sap_deployer #" + echo "# sap_library #" + echo "# sap_landscape #" + echo "# sap_system #" + echo "# #" + echo "#########################################################################################" + echo "" + exit 66 #cannot open input file/folder fi #ok_to_proceed=false #new_deployment=false if [ -f backend.tf ]; then - rm backend.tf + rm backend.tf fi -useSAS=$(az storage account show --name "${REMOTE_STATE_SA}" --query allowSharedKeyAccess --subscription "${STATE_SUBSCRIPTION}" --out tsv) +useSAS=$(az storage account show --name "${REMOTE_STATE_SA}" --query allowSharedKeyAccess --subscription "${STATE_SUBSCRIPTION}" --out tsv) -if [ "$useSAS" = "true" ] ; then +if [ "$useSAS" = "true" ]; then echo "Authenticate storage using SAS" export ARM_USE_AZUREAD=false else @@ -331,155 +357,143 @@ echo "# echo "#########################################################################################" echo "" -terraform -chdir="${terraform_module_directory}" init -reconfigure \ ---backend-config "subscription_id=${STATE_SUBSCRIPTION}" \ ---backend-config "resource_group_name=${REMOTE_STATE_RG}" \ ---backend-config "storage_account_name=${REMOTE_STATE_SA}" \ ---backend-config "container_name=tfstate" \ ---backend-config "key=${key}.terraform.tfstate" || { - echo "Terraform init failed" - exit 1 +terraform -chdir="${terraform_module_directory}" init -reconfigure \ + --backend-config "subscription_id=${STATE_SUBSCRIPTION}" \ + --backend-config "resource_group_name=${REMOTE_STATE_RG}" \ + --backend-config "storage_account_name=${REMOTE_STATE_SA}" \ + --backend-config "container_name=tfstate" \ + --backend-config "key=${key}.terraform.tfstate" || { + echo "Terraform init failed" + exit 1 } - - created_resource_group_id=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw created_resource_group_id | tr -d \") created_resource_group_id_length=$(expr length "$created_resource_group_id") created_resource_group_subscription_id=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw created_resource_group_subscription_id | tr -d \") created_resource_group_subscription_id_length=$(expr length "$created_resource_group_subscription_id") if [ "${created_resource_group_id_length}" -eq 0 ] && [ "${created_resource_group_subscription_id_length}" -eq 0 ]; then - resource_group_exist=$(az group exists --name "${created_resource_group_id}" --subscription "${created_resource_group_subscription_id}") + resource_group_exist=$(az group exists --name "${created_resource_group_id}" --subscription "${created_resource_group_subscription_id}") else - resource_group_exist=true + resource_group_exist=true fi -if [ "$resource_group_exist" ]; -then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $cyan Running Terraform destroy$resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" - - if [ "$deployment_system" == "sap_deployer" ]; then - terraform -chdir="${terraform_bootstrap_directory}" refresh -var-file="${var_file}" \ - "$deployer_tfstate_key_parameter" - - echo -e "#$cyan processing $deployment_system removal as defined in $parameterfile_name $resetformatting" - terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" \ - "$deployer_tfstate_key_parameter" - - elif [ "$deployment_system" == "sap_library" ]; then - echo -e "#$cyan processing $deployment_system removal as defined in $parameterfile_name $resetformatting" - - terraform_bootstrap_directory="${SAP_AUTOMATION_REPO_PATH}/deploy/terraform/bootstrap/${deployment_system}/" - if [ ! -d "${terraform_bootstrap_directory}" ]; then - printf -v val %-40.40s "$terraform_bootstrap_directory" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldred Unable to find bootstrap directory: ${val}$resetformatting#" - echo "# #" - echo "#########################################################################################" - echo "" - exit 66 #cannot open input file/folder - fi - terraform -chdir="${terraform_bootstrap_directory}" init -upgrade=true -force-copy +if [ "$resource_group_exist" ]; then + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $cyan Running Terraform destroy$resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" + + if [ "$deployment_system" == "sap_deployer" ]; then + terraform -chdir="${terraform_bootstrap_directory}" refresh -var-file="${var_file}" \ + "$deployer_tfstate_key_parameter" + + echo -e "#$cyan processing $deployment_system removal as defined in $parameterfile_name $resetformatting" + terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" \ + "$deployer_tfstate_key_parameter" + + elif [ "$deployment_system" == "sap_library" ]; then + echo -e "#$cyan processing $deployment_system removal as defined in $parameterfile_name $resetformatting" + + terraform_bootstrap_directory="${SAP_AUTOMATION_REPO_PATH}/deploy/terraform/bootstrap/${deployment_system}/" + if [ ! -d "${terraform_bootstrap_directory}" ]; then + printf -v val %-40.40s "$terraform_bootstrap_directory" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldred Unable to find bootstrap directory: ${val}$resetformatting#" + echo "# #" + echo "#########################################################################################" + echo "" + exit 66 #cannot open input file/folder + fi + terraform -chdir="${terraform_bootstrap_directory}" init -upgrade=true -force-copy - terraform -chdir="${terraform_bootstrap_directory}" refresh -var-file="${var_file}" \ - "$landscape_tfstate_key_parameter" \ - "$deployer_tfstate_key_parameter" + terraform -chdir="${terraform_bootstrap_directory}" refresh -var-file="${var_file}" \ + "$landscape_tfstate_key_parameter" \ + "$deployer_tfstate_key_parameter" - terraform -chdir="${terraform_bootstrap_directory}" destroy -var-file="${var_file}" "${approve}" \ - "$landscape_tfstate_key_parameter" \ - "$deployer_tfstate_key_parameter" - else + terraform -chdir="${terraform_bootstrap_directory}" destroy -var-file="${var_file}" "${approve}" \ + "$landscape_tfstate_key_parameter" \ + "$deployer_tfstate_key_parameter" + else - echo -e "#$cyan processing "$deployment_system" removal as defined in "$parameterfile_name" "$resetformatting"" - if [ -n "${approve}" ] - then + echo -e "#$cyan processing "$deployment_system" removal as defined in "$parameterfile_name" "$resetformatting"" + if [ -n "${approve}" ]; then - terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" $approve $tfstate_parameter $landscape_tfstate_key_parameter \ + terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" $approve $tfstate_parameter $landscape_tfstate_key_parameter - $deployer_tfstate_key_parameter -json | tee -a destroy_output.json - else - terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" $approve $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter + $deployer_tfstate_key_parameter -json | tee -a destroy_output.json + else + terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" $approve $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter - fi + fi - return_value=$? - - if [ -f destroy_output.json ] - then - errors_occurred=$(jq 'select(."@level" == "error") | length' destroy_output.json) - - if [[ -n $errors_occurred ]] - then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldreduscore!Errors during the destroy phase!$resetformatting #" - - return_value=2 - all_errors=$(jq 'select(."@level" == "error") | {summary: .diagnostic.summary, detail: .diagnostic.detail}' destroy_output.json) - if [[ -n ${all_errors} ]] - then - readarray -t errors_strings < <(echo ${all_errors} | jq -c '.' ) - for errors_string in "${errors_strings[@]}"; do - string_to_report=$(jq -c -r '.detail ' <<< "$errors_string" ) - if [[ -z ${string_to_report} ]] - then - string_to_report=$(jq -c -r '.summary ' <<< "$errors_string" ) - fi - - report=$(echo $string_to_report | grep -m1 "Message=" "${var_file}" | cut -d'=' -f2- | tr -d ' ' | tr -d '"') - if [[ -n ${report} ]] ; then - echo -e "# $boldreduscore $report $resetformatting" - echo "##vso[task.logissue type=error]${report}" - else - echo -e "# $boldreduscore $string_to_report $resetformatting" - echo "##vso[task.logissue type=error]${string_to_report}" - fi - - - done - - fi - echo "# #" - echo "#########################################################################################" - echo "" + return_value=$? + + if [ -f destroy_output.json ]; then + errors_occurred=$(jq 'select(."@level" == "error") | length' destroy_output.json) + + if [[ -n $errors_occurred ]]; then + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldreduscore!Errors during the destroy phase!$resetformatting #" + + return_value=2 + all_errors=$(jq 'select(."@level" == "error") | {summary: .diagnostic.summary, detail: .diagnostic.detail}' destroy_output.json) + if [[ -n ${all_errors} ]]; then + readarray -t errors_strings < <(echo ${all_errors} | jq -c '.') + for errors_string in "${errors_strings[@]}"; do + string_to_report=$(jq -c -r '.detail ' <<<"$errors_string") + if [[ -z ${string_to_report} ]]; then + string_to_report=$(jq -c -r '.summary ' <<<"$errors_string") + fi + report=$(echo $string_to_report | grep -m1 "Message=" "${var_file}" | cut -d'=' -f2- | tr -d ' ' | tr -d '"') + if [[ -n ${report} ]]; then + echo -e "# $boldreduscore $report $resetformatting" + echo "##vso[task.logissue type=error]${report}" + else + echo -e "# $boldreduscore $string_to_report $resetformatting" + echo "##vso[task.logissue type=error]${string_to_report}" fi - fi + done - if [ -f destroy_output.json ] - then - rm destroy_output.json fi + echo "# #" + echo "#########################################################################################" + echo "" + + fi fi + if [ -f destroy_output.json ]; then + rm destroy_output.json + fi + + fi else - return_value=0 + return_value=0 fi - if [ "${deployment_system}" == sap_deployer ]; then - sed -i /deployer_tfstate_key/d "${system_config_information}" + sed -i /deployer_tfstate_key/d "${system_config_information}" fi if [ "${deployment_system}" == sap_landscape ]; then - rm "${system_config_information}" + rm "${system_config_information}" fi if [ "${deployment_system}" == sap_library ]; then - sed -i /REMOTE_STATE_RG/d "${system_config_information}" - sed -i /REMOTE_STATE_SA/d "${system_config_information}" - sed -i /tfstate_resource_id/d "${system_config_information}" + sed -i /REMOTE_STATE_RG/d "${system_config_information}" + sed -i /REMOTE_STATE_SA/d "${system_config_information}" + sed -i /tfstate_resource_id/d "${system_config_information}" fi # if [ "${deployment_system}" == sap_system ]; then From ca4137b72b8f9bfee2230f209dcb2272d0c0790e Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 10:18:49 +0300 Subject: [PATCH 13/77] Refactor remover script in deploy control plane pipeline --- deploy/pipelines/10-remover-terraform.yaml | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index aa319b5ab1..54082f9eb5 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -422,18 +422,20 @@ stages: landscape_tfstate_key=$(grep "^landscape_tfstate_key=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) fi - echo -e "$green--- Run the remover script that destroys the SAP system ---$reset" cd $CONFIG_REPO_PATH/SYSTEM/$(sap_system_folder) || exit - ${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/remover.sh \ - --parameterfile $(sap_system_configuration) \ - --type sap_system \ - --state_subscription ${STATE_SUBSCRIPTION} \ - --storageaccountname "${REMOTE_STATE_SA}" \ - --deployer_tfstate_key ${deployer_tfstate_key} \ - --landscape_tfstate_key ${landscape_tfstate_key} \ - --auto-approve - return_code=$? + echo -e "$green--- Run the remover script that destroys the SAP system ---$reset" + ${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/remover.sh + # \ + # --parameterfile $(sap_system_configuration) \ + # --type sap_system \ + # --state_subscription ${STATE_SUBSCRIPTION} \ + # --storageaccountname "${REMOTE_STATE_SA}" \ + # --deployer_tfstate_key ${deployer_tfstate_key} \ + # --landscape_tfstate_key ${landscape_tfstate_key} \ + # --auto-approve + return_code=$? + exit 66 echo -e "$green--- Pull latest from DevOps Repository ---$reset" git checkout -q $(Build.SourceBranchName) git pull From 37c1afaf07fd0ac09433dd99fca970272ffba3ec Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 10:18:49 +0300 Subject: [PATCH 14/77] Refactor deploy control plane pipeline to include deployer_tfstate_key and landscape_tfstate_key parameters --- deploy/pipelines/10-remover-terraform.yaml | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index 54082f9eb5..a9d9a35606 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -425,15 +425,17 @@ stages: cd $CONFIG_REPO_PATH/SYSTEM/$(sap_system_folder) || exit echo -e "$green--- Run the remover script that destroys the SAP system ---$reset" - ${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/remover.sh - # \ - # --parameterfile $(sap_system_configuration) \ - # --type sap_system \ - # --state_subscription ${STATE_SUBSCRIPTION} \ + echo "Deployer state file name: $deployer_tfstate_key" + echo "Workload zone state file name: $landscape_tfstate_key" + + ${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/remover.sh \ + --parameterfile $(sap_system_configuration) \ + --type sap_system \ + --state_subscription ${STATE_SUBSCRIPTION} \ # --storageaccountname "${REMOTE_STATE_SA}" \ # --deployer_tfstate_key ${deployer_tfstate_key} \ # --landscape_tfstate_key ${landscape_tfstate_key} \ - # --auto-approve + --auto-approve return_code=$? exit 66 echo -e "$green--- Pull latest from DevOps Repository ---$reset" From 488f9654c5ccebe620a2232d13f43e9f9e32a233 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 10:18:49 +0300 Subject: [PATCH 15/77] Refactor deploy control plane pipeline to include deployer_tfstate_key and landscape_tfstate_key parameters --- deploy/pipelines/10-remover-terraform.yaml | 18 +- deploy/scripts/remover.sh | 576 ++++++++++----------- 2 files changed, 287 insertions(+), 307 deletions(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index a9d9a35606..6fb06d8fe7 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -423,19 +423,21 @@ stages: fi cd $CONFIG_REPO_PATH/SYSTEM/$(sap_system_folder) || exit - echo -e "$green--- Run the remover script that destroys the SAP system ---$reset" echo "Deployer state file name: $deployer_tfstate_key" echo "Workload zone state file name: $landscape_tfstate_key" + echo -e "$green--- Run the remover script that destroys the SAP system ---$reset" + ${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/remover.sh \ - --parameterfile $(sap_system_configuration) \ - --type sap_system \ - --state_subscription ${STATE_SUBSCRIPTION} \ - # --storageaccountname "${REMOTE_STATE_SA}" \ - # --deployer_tfstate_key ${deployer_tfstate_key} \ - # --landscape_tfstate_key ${landscape_tfstate_key} \ - --auto-approve + --parameterfile $(sap_system_configuration) \ + --type sap_system \ + --state_subscription "${STATE_SUBSCRIPTION}" \ + --storageaccountname "${REMOTE_STATE_SA}" \ + --deployer_tfstate_key "${deployer_tfstate_key}" \ + --landscape_tfstate_key "${landscape_tfstate_key}" \ + --auto-approve + return_code=$? exit 66 echo -e "$green--- Pull latest from DevOps Repository ---$reset" diff --git a/deploy/scripts/remover.sh b/deploy/scripts/remover.sh index 2e687546e3..8dc14b1896 100755 --- a/deploy/scripts/remover.sh +++ b/deploy/scripts/remover.sh @@ -21,129 +21,100 @@ source "${script_directory}/helpers/script_helpers.sh" #Internal helper functions function showhelp { - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldreduscore !Warning!: This script will remove deployed systems $resetformatting #" - echo "# #" - echo "# This file contains the logic to remove the different systems #" - echo "# The script expects the following exports: #" - echo "# #" - echo "# SAP_AUTOMATION_REPO_PATH (path to the repo folder (sap-automation)) #" - echo "# ARM_SUBSCRIPTION_ID (subscription containing the state file storage account) #" - echo "# REMOTE_STATE_RG (resource group name for storage account containing state files) #" - echo "# REMOTE_STATE_SA (storage account for state file) #" - echo "# #" - echo "# The script will persist the parameters needed between the executions in the #" - echo "# [CONFIG_REPO_PATH]/.sap_deployment_automation folder. #" - echo "# #" - echo "# #" - echo "# Usage: remover.sh #" - echo "# -p or --parameterfile parameter file #" - echo "# -t or --type type of system to remove #" - echo "# valid options: #" - echo "# sap_deployer #" - echo "# sap_library #" - echo "# sap_landscape #" - echo "# sap_system #" - echo "# -h or --help Show help #" - echo "# #" - echo "# Optional parameters #" - echo "# #" - echo "# -o or --storageaccountname Storage account name for state file #" - echo "# -s or --state_subscription Subscription for tfstate storage account #" - echo "# #" - echo "# Example: #" - echo "# #" - echo "# [REPO-ROOT]deploy/scripts/remover.sh \ #" - echo "# --parameterfile DEV-WEEU-SAP01-X00.tfvars \ #" - echo "# --type sap_system #" - echo "# #" - echo "#########################################################################################" + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldreduscore !Warning!: This script will remove deployed systems $resetformatting #" + echo "# #" + echo "# This file contains the logic to remove the different systems #" + echo "# The script expects the following exports: #" + echo "# #" + echo "# SAP_AUTOMATION_REPO_PATH (path to the repo folder (sap-automation)) #" + echo "# ARM_SUBSCRIPTION_ID (subscription containing the state file storage account) #" + echo "# REMOTE_STATE_RG (resource group name for storage account containing state files) #" + echo "# REMOTE_STATE_SA (storage account for state file) #" + echo "# #" + echo "# The script will persist the parameters needed between the executions in the #" + echo "# [CONFIG_REPO_PATH]/.sap_deployment_automation folder. #" + echo "# #" + echo "# #" + echo "# Usage: remover.sh #" + echo "# -p or --parameterfile parameter file #" + echo "# -t or --type type of system to remove #" + echo "# valid options: #" + echo "# sap_deployer #" + echo "# sap_library #" + echo "# sap_landscape #" + echo "# sap_system #" + echo "# -h or --help Show help #" + echo "# #" + echo "# Optional parameters #" + echo "# #" + echo "# -o or --storageaccountname Storage account name for state file #" + echo "# -s or --state_subscription Subscription for tfstate storage account #" + echo "# #" + echo "# Example: #" + echo "# #" + echo "# [REPO-ROOT]deploy/scripts/remover.sh \ #" + echo "# --parameterfile DEV-WEEU-SAP01-X00.json \ #" + echo "# --type sap_system #" + echo "# #" + echo "#########################################################################################" } function missing { - printf -v val %-.40s "$option" - echo "" - echo "" - echo "#########################################################################################" - echo "# #" - echo "# Missing environment variables: ${option}!!! #" - echo "# #" - echo "# Please export the folloing variables: #" - echo "# SAP_AUTOMATION_REPO_PATH (path to the repo folder (sap-automation)) #" - echo "# ARM_SUBSCRIPTION_ID (subscription containing the state file storage account) #" - echo "# #" - echo "#########################################################################################" + printf -v val %-.40s "$option" + echo "" + echo "" + echo "#########################################################################################" + echo "# #" + echo "# Missing environment variables: ${option}!!! #" + echo "# #" + echo "# Please export the folloing variables: #" + echo "# SAP_AUTOMATION_REPO_PATH (path to the repo folder (sap-automation)) #" + echo "# ARM_SUBSCRIPTION_ID (subscription containing the state file storage account) #" + echo "# #" + echo "#########################################################################################" } #process inputs - may need to check the option i for auto approve as it is not used -INPUT_ARGUMENTS=$(getopt -n remover -o p:o:t:s:d:l:ahi --longoptions type:,parameterfile,storageaccountname:,state_subscription:,deployer_tfstate_key:,landscape_tfstate_key:,ado,auto-approve,help -- "$@") +INPUT_ARGUMENTS=$(getopt -n remover -o p:o:t:s:ahi --longoptions type:,parameterfile:,storageaccountname:,state_subscription:,ado,auto-approve,help -- "$@") VALID_ARGUMENTS=$? if [ "$VALID_ARGUMENTS" != "0" ]; then - showhelp + showhelp fi called_from_ado=0 eval set -- "$INPUT_ARGUMENTS" -while :; do - case "$1" in - -p | --parameterfile) - parameterfile="$2" - shift 2 - ;; - -o | --storageaccountname) - REMOTE_STATE_SA="$2" - shift 2 - ;; - -s | --state_subscription) - STATE_SUBSCRIPTION="$2" - shift 2 - ;; - -d | --deployer_tfstate_key) - deployer_tfstate_key="$2" - shift 2 - ;; - -l | --landscape_tfstate_key) - landscape_tfstate_key="$2" - shift 2 - ;; - -t | --type) - deployment_system="$2" - shift 2 - ;; - -i | --auto-approve) - approve="--auto-approve" - shift - ;; - -a | --ado) - called_from_ado=1 - shift - ;; - -h | --help) - showhelp - exit 3 - shift - ;; - --) - shift - break - ;; - esac +while : +do + case "$1" in + -p | --parameterfile) parameterfile="$2" ; shift 2 ;; + -o | --storageaccountname) REMOTE_STATE_SA="$2" ; shift 2 ;; + -s | --state_subscription) STATE_SUBSCRIPTION="$2" ; shift 2 ;; + -t | --type) deployment_system="$2" ; shift 2 ;; + -i | --auto-approve) approve="--auto-approve" ; shift ;; + -a | --ado) called_from_ado=1 ; shift ;; + -h | --help) showhelp + exit 3 ; shift ;; + --) shift; break ;; + esac done #variables tfstate_resource_id="" tfstate_parameter="" +deployer_tfstate_key="" deployer_tfstate_key_parameter="" +landscape_tfstate_key="" landscape_tfstate_key_parameter="" # unused variables #show_help=false #deployer_tfstate_key_exists=false #landscape_tfstate_key_exists=false -echo "parameterfile: $parameterfile" +echo "parameterfile: $parameterfile" working_directory=$(pwd) @@ -152,77 +123,81 @@ parameterfile_name=$(basename "${parameterfile_path}") parameterfile_dirname=$(dirname "${parameterfile_path}") if [ "${parameterfile_dirname}" != "${working_directory}" ]; then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldred Please run this command from the folder containing the parameter file $resetformatting #" - echo "# #" - echo "#########################################################################################" - exit 3 + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldred Please run this command from the folder containing the parameter file $resetformatting #" + echo "# #" + echo "#########################################################################################" + exit 3 fi -if [ ! -f "${parameterfile}" ]; then - printf -v val %-35.35s "$parameterfile" - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldred Parameter file does not exist: ${val} $resetformatting #" - echo "# #" - echo "#########################################################################################" - exit 2 #No such file or directory +if [ ! -f "${parameterfile}" ] +then + printf -v val %-35.35s "$parameterfile" + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldred Parameter file does not exist: ${val} $resetformatting #" + echo "# #" + echo "#########################################################################################" + exit 2 #No such file or directory fi + if [ -z "${deployment_system}" ]; then - printf -v val %-40.40s "$deployment_system" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldred Incorrect system deployment type specified: ${val} $resetformatting #" - echo "# #" - echo "# Valid options are: #" - echo "# sap_deployer #" - echo "# sap_library #" - echo "# sap_landscape #" - echo "# sap_system #" - echo "# #" - echo "#########################################################################################" - echo "" - exit 64 #script usage wrong + printf -v val %-40.40s "$deployment_system" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldred Incorrect system deployment type specified: ${val} $resetformatting #" + echo "# #" + echo "# Valid options are: #" + echo "# sap_deployer #" + echo "# sap_library #" + echo "# sap_landscape #" + echo "# sap_system #" + echo "# #" + echo "#########################################################################################" + echo "" + exit 64 #script usage wrong fi # Check that the exports ARM_SUBSCRIPTION_ID and SAP_AUTOMATION_REPO_PATH are defined validate_exports return_code=$? if [ 0 != $return_code ]; then - exit $return_code + exit $return_code fi # Check that Terraform and Azure CLI is installed validate_dependencies return_code=$? if [ 0 != $return_code ]; then - exit $return_code + exit $return_code fi # Check that parameter files have environment and location defined validate_key_parameters "$parameterfile_name" return_code=$? if [ 0 != $return_code ]; then - exit $return_code + exit $return_code fi -if valid_region_name "${region}"; then - # Convert the region to the correct code - get_region_code ${region} +if valid_region_name "${region}" ; then + # Convert the region to the correct code + get_region_code ${region} else - echo "Invalid region: $region" - exit 2 + echo "Invalid region: $region" + exit 2 fi this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 +echo "Deployer environment: $deployer_environment" + this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 export TF_VAR_Agent_IP=$this_ip -echo "Agent IP: $this_ip" +echo "Agent IP: $this_ip" automation_config_directory=$CONFIG_REPO_PATH/.sap_deployment_automation generic_config_information="${automation_config_directory}"/config @@ -230,62 +205,47 @@ generic_config_information="${automation_config_directory}"/config system_config_information="${automation_config_directory}"/"${environment}""${region_code}" if [ "${deployment_system}" == sap_landscape ]; then - load_config_vars "$parameterfile_name" "network_logical_name" - network_logical_name=$(echo "${network_logical_name}" | tr "[:lower:]" "[:upper:]") + load_config_vars "$parameterfile_name" "network_logical_name" + network_logical_name=$(echo "${network_logical_name}" | tr "[:lower:]" "[:upper:]") - system_config_information="${automation_config_directory}"/"${environment}""${region_code}""${network_logical_name}" + system_config_information="${automation_config_directory}"/"${environment}""${region_code}""${network_logical_name}" fi if [ "${deployment_system}" == sap_system ]; then - load_config_vars "$parameterfile_name" "network_logical_name" - network_logical_name=$(echo "${network_logical_name}" | tr "[:lower:]" "[:upper:]") + load_config_vars "$parameterfile_name" "network_logical_name" + network_logical_name=$(echo "${network_logical_name}" | tr "[:lower:]" "[:upper:]") - system_config_information="${automation_config_directory}"/"${environment}""${region_code}""${network_logical_name}" + system_config_information="${automation_config_directory}"/"${environment}""${region_code}""${network_logical_name}" fi -echo "Configuration file: $system_config_information" -echo "Deployment region: $region" -echo "Deployment region code: $region_code" +echo "Configuration file: $system_config_information" +echo "Deployment region: $region" +echo "Deployment region code: $region_code" key=$(echo "${parameterfile_name}" | cut -d. -f1) -echo "" -echo "Terraform details" -echo "-------------------------------------------------------------------------" -echo "Subscription: ${STATE_SUBSCRIPTION}" -echo "Storage Account: ${REMOTE_STATE_SA}" -echo "Resource Group: ${REMOTE_STATE_RG}" -echo "State file: ${key}.terraform.tfstate" -echo "Target subscription: ${ARM_SUBSCRIPTION_ID}" -echo "" - #Plugins -isInCloudShellCheck=$(checkIfCloudShell) - -if checkIfCloudShell; then - mkdir -p "${HOME}/.terraform.d/plugin-cache" - export TF_PLUGIN_CACHE_DIR="${HOME}/.terraform.d/plugin-cache" -else - if [ ! -d /opt/terraform/.terraform.d/plugin-cache ]; then +if [ ! -d /opt/terraform/.terraform.d/plugin-cache ] +then mkdir -p /opt/terraform/.terraform.d/plugin-cache - sudo chown -R "$USER" /opt/terraform - fi - export TF_PLUGIN_CACHE_DIR=/opt/terraform/.terraform.d/plugin-cache fi +export TF_PLUGIN_CACHE_DIR=/opt/terraform/.terraform.d/plugin-cache + init "${automation_config_directory}" "${generic_config_information}" "${system_config_information}" var_file="${parameterfile_dirname}"/"${parameterfile}" -if [ -z "$REMOTE_STATE_SA" ]; then - load_config_vars "${system_config_information}" "REMOTE_STATE_SA" - load_config_vars "${system_config_information}" "REMOTE_STATE_RG" - load_config_vars "${system_config_information}" "tfstate_resource_id" - load_config_vars "${system_config_information}" "STATE_SUBSCRIPTION" +if [ -z "$REMOTE_STATE_SA" ]; +then + load_config_vars "${system_config_information}" "REMOTE_STATE_SA" + load_config_vars "${system_config_information}" "REMOTE_STATE_RG" + load_config_vars "${system_config_information}" "tfstate_resource_id" + load_config_vars "${system_config_information}" "STATE_SUBSCRIPTION" else - save_config_vars "${system_config_information}" REMOTE_STATE_SA - get_and_store_sa_details ${REMOTE_STATE_SA} "${system_config_information}" - load_config_vars "${system_config_information}" "STATE_SUBSCRIPTION" - load_config_vars "${system_config_information}" "REMOTE_STATE_RG" - load_config_vars "${system_config_information}" "tfstate_resource_id" + save_config_vars "${system_config_information}" REMOTE_STATE_SA + get_and_store_sa_details ${REMOTE_STATE_SA} "${system_config_information}" + load_config_vars "${system_config_information}" "STATE_SUBSCRIPTION" + load_config_vars "${system_config_information}" "REMOTE_STATE_RG" + load_config_vars "${system_config_information}" "tfstate_resource_id" fi load_config_vars "${system_config_information}" "deployer_tfstate_key" @@ -294,21 +254,21 @@ load_config_vars "${system_config_information}" "ARM_SUBSCRIPTION_ID" deployer_tfstate_key_parameter='' if [ "${deployment_system}" != sap_deployer ]; then - deployer_tfstate_key_parameter=" -var deployer_tfstate_key=${deployer_tfstate_key} " + deployer_tfstate_key_parameter=" -var deployer_tfstate_key=${deployer_tfstate_key}" fi landscape_tfstate_key_parameter='' if [ "${deployment_system}" == sap_system ]; then - landscape_tfstate_key_parameter=" -var landscape_tfstate_key=${landscape_tfstate_key} " + landscape_tfstate_key_parameter=" -var landscape_tfstate_key=${landscape_tfstate_key}" fi -tfstate_parameter=" -var tfstate_resource_id=${tfstate_resource_id} " +tfstate_parameter=" -var tfstate_resource_id=${tfstate_resource_id}" #setting the user environment variables set_executing_user_environment_variables "none" if [ -n "${STATE_SUBSCRIPTION}" ]; then - az account set --sub "${STATE_SUBSCRIPTION}" + az account set --sub "${STATE_SUBSCRIPTION}" fi export TF_DATA_DIR="${parameterfile_dirname}"/.terraform @@ -316,32 +276,32 @@ export TF_DATA_DIR="${parameterfile_dirname}"/.terraform terraform_module_directory="${SAP_AUTOMATION_REPO_PATH}"/deploy/terraform/run/"${deployment_system}"/ if [ ! -d "${terraform_module_directory}" ]; then - printf -v val %-40.40s "$deployment_system" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldred Incorrect system deployment type specified: ${val} $resetformatting#" - echo "# #" - echo "# Valid options are: #" - echo "# sap_deployer #" - echo "# sap_library #" - echo "# sap_landscape #" - echo "# sap_system #" - echo "# #" - echo "#########################################################################################" - echo "" - exit 66 #cannot open input file/folder + printf -v val %-40.40s "$deployment_system" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldred Incorrect system deployment type specified: ${val} $resetformatting#" + echo "# #" + echo "# Valid options are: #" + echo "# sap_deployer #" + echo "# sap_library #" + echo "# sap_landscape #" + echo "# sap_system #" + echo "# #" + echo "#########################################################################################" + echo "" + exit 66 #cannot open input file/folder fi #ok_to_proceed=false #new_deployment=false if [ -f backend.tf ]; then - rm backend.tf + rm backend.tf fi -useSAS=$(az storage account show --name "${REMOTE_STATE_SA}" --query allowSharedKeyAccess --subscription "${STATE_SUBSCRIPTION}" --out tsv) +useSAS=$(az storage account show --name "${REMOTE_STATE_SA}" --query allowSharedKeyAccess --subscription "${STATE_SUBSCRIPTION}" --out tsv) -if [ "$useSAS" = "true" ]; then +if [ "$useSAS" = "true" ] ; then echo "Authenticate storage using SAS" export ARM_USE_AZUREAD=false else @@ -349,6 +309,7 @@ else export ARM_USE_AZUREAD=true fi + echo "" echo "#########################################################################################" echo "# #" @@ -357,143 +318,160 @@ echo "# echo "#########################################################################################" echo "" -terraform -chdir="${terraform_module_directory}" init -reconfigure \ - --backend-config "subscription_id=${STATE_SUBSCRIPTION}" \ - --backend-config "resource_group_name=${REMOTE_STATE_RG}" \ - --backend-config "storage_account_name=${REMOTE_STATE_SA}" \ - --backend-config "container_name=tfstate" \ - --backend-config "key=${key}.terraform.tfstate" || { - echo "Terraform init failed" - exit 1 +terraform -chdir="${terraform_module_directory}" init -reconfigure \ +--backend-config "subscription_id=${STATE_SUBSCRIPTION}" \ +--backend-config "resource_group_name=${REMOTE_STATE_RG}" \ +--backend-config "storage_account_name=${REMOTE_STATE_SA}" \ +--backend-config "container_name=tfstate" \ +--backend-config "key=${key}.terraform.tfstate" || { + echo "Terraform init failed" + exit 1 } + + created_resource_group_id=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw created_resource_group_id | tr -d \") created_resource_group_id_length=$(expr length "$created_resource_group_id") created_resource_group_subscription_id=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw created_resource_group_subscription_id | tr -d \") created_resource_group_subscription_id_length=$(expr length "$created_resource_group_subscription_id") if [ "${created_resource_group_id_length}" -eq 0 ] && [ "${created_resource_group_subscription_id_length}" -eq 0 ]; then - resource_group_exist=$(az group exists --name "${created_resource_group_id}" --subscription "${created_resource_group_subscription_id}") + resource_group_exist=$(az group exists --name "${created_resource_group_id}" --subscription "${created_resource_group_subscription_id}") else - resource_group_exist=true + resource_group_exist=true fi -if [ "$resource_group_exist" ]; then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $cyan Running Terraform destroy$resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" - - if [ "$deployment_system" == "sap_deployer" ]; then - terraform -chdir="${terraform_bootstrap_directory}" refresh -var-file="${var_file}" \ - "$deployer_tfstate_key_parameter" - - echo -e "#$cyan processing $deployment_system removal as defined in $parameterfile_name $resetformatting" - terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" \ - "$deployer_tfstate_key_parameter" - - elif [ "$deployment_system" == "sap_library" ]; then - echo -e "#$cyan processing $deployment_system removal as defined in $parameterfile_name $resetformatting" - - terraform_bootstrap_directory="${SAP_AUTOMATION_REPO_PATH}/deploy/terraform/bootstrap/${deployment_system}/" - if [ ! -d "${terraform_bootstrap_directory}" ]; then - printf -v val %-40.40s "$terraform_bootstrap_directory" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldred Unable to find bootstrap directory: ${val}$resetformatting#" - echo "# #" - echo "#########################################################################################" - echo "" - exit 66 #cannot open input file/folder - fi - terraform -chdir="${terraform_bootstrap_directory}" init -upgrade=true -force-copy - - terraform -chdir="${terraform_bootstrap_directory}" refresh -var-file="${var_file}" \ - "$landscape_tfstate_key_parameter" \ - "$deployer_tfstate_key_parameter" - - terraform -chdir="${terraform_bootstrap_directory}" destroy -var-file="${var_file}" "${approve}" \ - "$landscape_tfstate_key_parameter" \ - "$deployer_tfstate_key_parameter" - else - - echo -e "#$cyan processing "$deployment_system" removal as defined in "$parameterfile_name" "$resetformatting"" - if [ -n "${approve}" ]; then +if [ $resource_group_exist ]; +then + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $cyan Running Terraform destroy$resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" + + if [ "$deployment_system" == "sap_deployer" ]; then + terraform -chdir="${terraform_bootstrap_directory}" refresh -var-file="${var_file}" \ + $deployer_tfstate_key_parameter + + echo -e "#$cyan processing $deployment_system removal as defined in $parameterfile_name $resetformatting" + terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" \ + $deployer_tfstate_key_parameter + + elif [ "$deployment_system" == "sap_library" ]; then + echo -e "#$cyan processing $deployment_system removal as defined in $parameterfile_name $resetformatting" + + terraform_bootstrap_directory="${SAP_AUTOMATION_REPO_PATH}/deploy/terraform/bootstrap/${deployment_system}/" + if [ ! -d "${terraform_bootstrap_directory}" ]; then + printf -v val %-40.40s "$terraform_bootstrap_directory" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldred Unable to find bootstrap directory: ${val}$resetformatting#" + echo "# #" + echo "#########################################################################################" + echo "" + exit 66 #cannot open input file/folder + fi + terraform -chdir="${terraform_bootstrap_directory}" init -upgrade=true -force-copy - terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" $approve $tfstate_parameter $landscape_tfstate_key_parameter + terraform -chdir="${terraform_bootstrap_directory}" refresh -var-file="${var_file}" \ + $landscape_tfstate_key_parameter \ + $deployer_tfstate_key_parameter - $deployer_tfstate_key_parameter -json | tee -a destroy_output.json + terraform -chdir="${terraform_bootstrap_directory}" destroy -var-file="${var_file}" ${approve} \ + $landscape_tfstate_key_parameter \ + $deployer_tfstate_key_parameter else - terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" $approve $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter - fi + echo -e "#$cyan processing $deployment_system removal as defined in $parameterfile_name $resetformatting" + echo $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter + if [ -n "${approve}" ] + then + + terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" ${approve} \ + $tfstate_parameter \ + $landscape_tfstate_key_parameter \ + $deployer_tfstate_key_parameter -json | tee -a destroy_output.json + else + terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" ${approve} \ + $tfstate_parameter \ + $landscape_tfstate_key_parameter \ + $deployer_tfstate_key_parameter - return_value=$? - - if [ -f destroy_output.json ]; then - errors_occurred=$(jq 'select(."@level" == "error") | length' destroy_output.json) - - if [[ -n $errors_occurred ]]; then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldreduscore!Errors during the destroy phase!$resetformatting #" - - return_value=2 - all_errors=$(jq 'select(."@level" == "error") | {summary: .diagnostic.summary, detail: .diagnostic.detail}' destroy_output.json) - if [[ -n ${all_errors} ]]; then - readarray -t errors_strings < <(echo ${all_errors} | jq -c '.') - for errors_string in "${errors_strings[@]}"; do - string_to_report=$(jq -c -r '.detail ' <<<"$errors_string") - if [[ -z ${string_to_report} ]]; then - string_to_report=$(jq -c -r '.summary ' <<<"$errors_string") - fi + fi - report=$(echo $string_to_report | grep -m1 "Message=" "${var_file}" | cut -d'=' -f2- | tr -d ' ' | tr -d '"') - if [[ -n ${report} ]]; then - echo -e "# $boldreduscore $report $resetformatting" - echo "##vso[task.logissue type=error]${report}" - else - echo -e "# $boldreduscore $string_to_report $resetformatting" - echo "##vso[task.logissue type=error]${string_to_report}" - fi + return_value=$? + + if [ -f destroy_output.json ] + then + errors_occurred=$(jq 'select(."@level" == "error") | length' destroy_output.json) + + if [[ -n $errors_occurred ]] + then + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldreduscore!Errors during the destroy phase!$resetformatting #" + + return_value=2 + all_errors=$(jq 'select(."@level" == "error") | {summary: .diagnostic.summary, detail: .diagnostic.detail}' destroy_output.json) + if [[ -n ${all_errors} ]] + then + readarray -t errors_strings < <(echo ${all_errors} | jq -c '.' ) + for errors_string in "${errors_strings[@]}"; do + string_to_report=$(jq -c -r '.detail ' <<< "$errors_string" ) + if [[ -z ${string_to_report} ]] + then + string_to_report=$(jq -c -r '.summary ' <<< "$errors_string" ) + fi + + report=$(echo $string_to_report | grep -m1 "Message=" "${var_file}" | cut -d'=' -f2- | tr -d ' ' | tr -d '"') + if [[ -n ${report} ]] ; then + echo -e "# $boldreduscore $report $resetformatting" + echo "##vso[task.logissue type=error]${report}" + else + echo -e "# $boldreduscore $string_to_report $resetformatting" + echo "##vso[task.logissue type=error]${string_to_report}" + fi + + + done + + fi + echo "# #" + echo "#########################################################################################" + echo "" - done + fi fi - echo "# #" - echo "#########################################################################################" - echo "" - - fi - fi + if [ -f destroy_output.json ] + then + rm destroy_output.json + fi - if [ -f destroy_output.json ]; then - rm destroy_output.json fi - fi else - return_value=0 + return_value=0 fi + if [ "${deployment_system}" == sap_deployer ]; then - sed -i /deployer_tfstate_key/d "${system_config_information}" + sed -i /deployer_tfstate_key/d "${system_config_information}" fi if [ "${deployment_system}" == sap_landscape ]; then - rm "${system_config_information}" + rm "${system_config_information}" fi if [ "${deployment_system}" == sap_library ]; then - sed -i /REMOTE_STATE_RG/d "${system_config_information}" - sed -i /REMOTE_STATE_SA/d "${system_config_information}" - sed -i /tfstate_resource_id/d "${system_config_information}" + sed -i /REMOTE_STATE_RG/d "${system_config_information}" + sed -i /REMOTE_STATE_SA/d "${system_config_information}" + sed -i /tfstate_resource_id/d "${system_config_information}" fi # if [ "${deployment_system}" == sap_system ]; then From bc04b580d10d61077fce3a06e36755d4c84ee589 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 10:18:49 +0300 Subject: [PATCH 16/77] aa --- deploy/scripts/remover.sh | 80 +++++++++++++++++++++------------------ 1 file changed, 44 insertions(+), 36 deletions(-) diff --git a/deploy/scripts/remover.sh b/deploy/scripts/remover.sh index 8dc14b1896..35cb1baf32 100755 --- a/deploy/scripts/remover.sh +++ b/deploy/scripts/remover.sh @@ -29,13 +29,13 @@ function showhelp { echo "# This file contains the logic to remove the different systems #" echo "# The script expects the following exports: #" echo "# #" - echo "# SAP_AUTOMATION_REPO_PATH (path to the repo folder (sap-automation)) #" + echo "# SAP_AUTOMATION_REPO_PATH (path to the repo folder (sap-automation)) #" echo "# ARM_SUBSCRIPTION_ID (subscription containing the state file storage account) #" echo "# REMOTE_STATE_RG (resource group name for storage account containing state files) #" echo "# REMOTE_STATE_SA (storage account for state file) #" echo "# #" echo "# The script will persist the parameters needed between the executions in the #" - echo "# [CONFIG_REPO_PATH]/.sap_deployment_automation folder. #" + echo "# [CONFIG_REPO_PATH]/.sap_deployment_automation folder. #" echo "# #" echo "# #" echo "# Usage: remover.sh #" @@ -56,7 +56,7 @@ function showhelp { echo "# Example: #" echo "# #" echo "# [REPO-ROOT]deploy/scripts/remover.sh \ #" - echo "# --parameterfile DEV-WEEU-SAP01-X00.json \ #" + echo "# --parameterfile DEV-WEEU-SAP01-X00.tfvars \ #" echo "# --type sap_system #" echo "# #" echo "#########################################################################################" @@ -114,7 +114,7 @@ landscape_tfstate_key_parameter="" #show_help=false #deployer_tfstate_key_exists=false #landscape_tfstate_key_exists=false -echo "parameterfile: $parameterfile" +echo "parameterfile: $parameterfile" working_directory=$(pwd) @@ -193,11 +193,9 @@ fi this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 -echo "Deployer environment: $deployer_environment" - this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 export TF_VAR_Agent_IP=$this_ip -echo "Agent IP: $this_ip" +echo "Agent IP: $this_ip" automation_config_directory=$CONFIG_REPO_PATH/.sap_deployment_automation generic_config_information="${automation_config_directory}"/config @@ -218,19 +216,35 @@ if [ "${deployment_system}" == sap_system ]; then system_config_information="${automation_config_directory}"/"${environment}""${region_code}""${network_logical_name}" fi -echo "Configuration file: $system_config_information" -echo "Deployment region: $region" -echo "Deployment region code: $region_code" +echo "Configuration file: $system_config_information" +echo "Deployment region: $region" +echo "Deployment region code: $region_code" key=$(echo "${parameterfile_name}" | cut -d. -f1) +echo "" +echo "Terraform details" +echo "-------------------------------------------------------------------------" +echo "Subscription: ${STATE_SUBSCRIPTION}" +echo "Storage Account: ${REMOTE_STATE_SA}" +echo "Resource Group: ${REMOTE_STATE_RG}" +echo "State file: ${key}.terraform.tfstate" +echo "Target subscription: ${ARM_SUBSCRIPTION_ID}" +echo "" + #Plugins -if [ ! -d /opt/terraform/.terraform.d/plugin-cache ] -then - mkdir -p /opt/terraform/.terraform.d/plugin-cache -fi -export TF_PLUGIN_CACHE_DIR=/opt/terraform/.terraform.d/plugin-cache +isInCloudShellCheck=$(checkIfCloudShell) +if checkIfCloudShell; then + mkdir -p "${HOME}/.terraform.d/plugin-cache" + export TF_PLUGIN_CACHE_DIR="${HOME}/.terraform.d/plugin-cache" +else + if [ ! -d /opt/terraform/.terraform.d/plugin-cache ]; then + mkdir -p /opt/terraform/.terraform.d/plugin-cache + sudo chown -R "$USER" /opt/terraform + fi + export TF_PLUGIN_CACHE_DIR=/opt/terraform/.terraform.d/plugin-cache +fi init "${automation_config_directory}" "${generic_config_information}" "${system_config_information}" var_file="${parameterfile_dirname}"/"${parameterfile}" @@ -254,15 +268,15 @@ load_config_vars "${system_config_information}" "ARM_SUBSCRIPTION_ID" deployer_tfstate_key_parameter='' if [ "${deployment_system}" != sap_deployer ]; then - deployer_tfstate_key_parameter=" -var deployer_tfstate_key=${deployer_tfstate_key}" + deployer_tfstate_key_parameter=" -var deployer_tfstate_key=${deployer_tfstate_key} " fi landscape_tfstate_key_parameter='' if [ "${deployment_system}" == sap_system ]; then - landscape_tfstate_key_parameter=" -var landscape_tfstate_key=${landscape_tfstate_key}" + landscape_tfstate_key_parameter=" -var landscape_tfstate_key=${landscape_tfstate_key} " fi -tfstate_parameter=" -var tfstate_resource_id=${tfstate_resource_id}" +tfstate_parameter=" -var tfstate_resource_id=${tfstate_resource_id} " #setting the user environment variables set_executing_user_environment_variables "none" @@ -309,7 +323,6 @@ else export ARM_USE_AZUREAD=true fi - echo "" echo "#########################################################################################" echo "# #" @@ -341,7 +354,7 @@ else resource_group_exist=true fi -if [ $resource_group_exist ]; +if [ "$resource_group_exist" ]; then echo "" echo "#########################################################################################" @@ -353,11 +366,11 @@ then if [ "$deployment_system" == "sap_deployer" ]; then terraform -chdir="${terraform_bootstrap_directory}" refresh -var-file="${var_file}" \ - $deployer_tfstate_key_parameter + "$deployer_tfstate_key_parameter" echo -e "#$cyan processing $deployment_system removal as defined in $parameterfile_name $resetformatting" terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" \ - $deployer_tfstate_key_parameter + "$deployer_tfstate_key_parameter" elif [ "$deployment_system" == "sap_library" ]; then echo -e "#$cyan processing $deployment_system removal as defined in $parameterfile_name $resetformatting" @@ -376,28 +389,23 @@ then terraform -chdir="${terraform_bootstrap_directory}" init -upgrade=true -force-copy terraform -chdir="${terraform_bootstrap_directory}" refresh -var-file="${var_file}" \ - $landscape_tfstate_key_parameter \ - $deployer_tfstate_key_parameter + "$landscape_tfstate_key_parameter" \ + "$deployer_tfstate_key_parameter" - terraform -chdir="${terraform_bootstrap_directory}" destroy -var-file="${var_file}" ${approve} \ - $landscape_tfstate_key_parameter \ - $deployer_tfstate_key_parameter + terraform -chdir="${terraform_bootstrap_directory}" destroy -var-file="${var_file}" "${approve}" \ + "$landscape_tfstate_key_parameter" \ + "$deployer_tfstate_key_parameter" else - echo -e "#$cyan processing $deployment_system removal as defined in $parameterfile_name $resetformatting" - echo $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter + echo -e "#$cyan processing "$deployment_system" removal as defined in "$parameterfile_name" "$resetformatting"" if [ -n "${approve}" ] then - terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" ${approve} \ - $tfstate_parameter \ - $landscape_tfstate_key_parameter \ + terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" $approve $tfstate_parameter $landscape_tfstate_key_parameter \ + $deployer_tfstate_key_parameter -json | tee -a destroy_output.json else - terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" ${approve} \ - $tfstate_parameter \ - $landscape_tfstate_key_parameter \ - $deployer_tfstate_key_parameter + terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" $approve $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter fi From 76b20d2a0c0311b2212364b86dc799cb1a9f2c55 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 10:18:50 +0300 Subject: [PATCH 17/77] Refactor deploy control plane pipeline to include deployer_tfstate_key and landscape_tfstate_key parameters --- deploy/pipelines/10-remover-terraform.yaml | 21 ++++++++------------- deploy/scripts/remover.sh | 3 +-- 2 files changed, 9 insertions(+), 15 deletions(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index 6fb06d8fe7..49bc79f973 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -410,16 +410,16 @@ stages: az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Deployer_State_FileName.value" --out tsv) if [ -n "${az_var}" ]; then - deployer_tfstate_key="${az_var}" + export deployer_tfstate_key="${az_var}" else - deployer_tfstate_key=$(grep "^STATE_SUBSCRIPTION=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) + export deployer_tfstate_key=$(grep "^deployer_tfstate_key=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) fi az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query $NETWORK"Workload_Zone_State_FileName.value" --out tsv) if [ -n "${az_var}" ]; then - landscape_tfstate_key="${az_var}" + export landscape_tfstate_key="${az_var}" else - landscape_tfstate_key=$(grep "^landscape_tfstate_key=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) + export landscape_tfstate_key=$(grep "^landscape_tfstate_key=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) fi cd $CONFIG_REPO_PATH/SYSTEM/$(sap_system_folder) || exit @@ -434,12 +434,9 @@ stages: --type sap_system \ --state_subscription "${STATE_SUBSCRIPTION}" \ --storageaccountname "${REMOTE_STATE_SA}" \ - --deployer_tfstate_key "${deployer_tfstate_key}" \ - --landscape_tfstate_key "${landscape_tfstate_key}" \ --auto-approve return_code=$? - exit 66 echo -e "$green--- Pull latest from DevOps Repository ---$reset" git checkout -q $(Build.SourceBranchName) git pull @@ -743,16 +740,16 @@ stages: az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Deployer_State_FileName.value" --out tsv) if [ -n "${az_var}" ]; then - deployer_tfstate_key="${az_var}" + export deployer_tfstate_key="${az_var}" else - deployer_tfstate_key=$(grep "^STATE_SUBSCRIPTION=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) + export deployer_tfstate_key=$(grep "^deployer_tfstate_key=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) fi az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query $NETWORK"Workload_Zone_State_FileName.value" --out tsv) if [ -n "${az_var}" ]; then - landscape_tfstate_key="${az_var}" + export landscape_tfstate_key="${az_var}" else - landscape_tfstate_key=$(grep "^landscape_tfstate_key=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) + export landscape_tfstate_key=$(grep "^landscape_tfstate_key=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) fi az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Account_Name.value" --out tsv) @@ -816,8 +813,6 @@ stages: --type sap_landscape \ --state_subscription ${STATE_SUBSCRIPTION} \ --storageaccountname "${REMOTE_STATE_SA}" \ - --deployer_tfstate_key ${deployer_tfstate_key} \ - --landscape_tfstate_key ${landscape_tfstate_key} \ --auto-approve return_code=$? diff --git a/deploy/scripts/remover.sh b/deploy/scripts/remover.sh index 35cb1baf32..1cc86a8006 100755 --- a/deploy/scripts/remover.sh +++ b/deploy/scripts/remover.sh @@ -105,9 +105,8 @@ done #variables tfstate_resource_id="" tfstate_parameter="" -deployer_tfstate_key="" + deployer_tfstate_key_parameter="" -landscape_tfstate_key="" landscape_tfstate_key_parameter="" # unused variables From b3b6b7d9d9db484cc21e0ad68705457ab1c35986 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 10:18:50 +0300 Subject: [PATCH 18/77] Refactor deploy control plane pipeline to include deployer_tfstate_key and landscape_tfstate_key parameters --- deploy/pipelines/10-remover-terraform.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index 49bc79f973..57bc3ab665 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -763,7 +763,10 @@ stages: echo "Deployer Key Vault: ${key_vault}" echo "Terraform state subscription: $STATE_SUBSCRIPTION" echo "Terraform state account: $REMOTE_STATE_SA" + echo "System configuration: $(workload_zone_configuration_file)" + echo "Deployer state file name: $deployer_tfstate_key" + echo "Workload zone state file name: $landscape_tfstate_key" # Check if running on deployer if [[ ! -f /etc/profile.d/deploy_server.sh ]]; then @@ -806,7 +809,7 @@ stages: fi echo -e "$green --- Run the remover script that destroys the SAP workload zone (landscape) ---$reset" - cd "$CONFIG_REPO_PATH/LANDSCAPE/$(workload_zone_folder)" + cd "$CONFIG_REPO_PATH/LANDSCAPE/$(workload_zone_folder)" || exit $SAP_AUTOMATION_REPO_PATH/deploy/scripts/remover.sh \ --parameterfile $(workload_zone_configuration_file) \ From e417cb3089d2adf000bbcd2d3048adc528e928ea Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 10:18:50 +0300 Subject: [PATCH 19/77] Refactor deploy control plane pipeline to remove unnecessary use_msi flag --- deploy/terraform/run/sap_landscape/providers.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/terraform/run/sap_landscape/providers.tf b/deploy/terraform/run/sap_landscape/providers.tf index 2588fd88ee..c411619782 100644 --- a/deploy/terraform/run/sap_landscape/providers.tf +++ b/deploy/terraform/run/sap_landscape/providers.tf @@ -15,7 +15,7 @@ provider "azurerm" { features {} subscription_id = length(local.deployer_subscription_id) > 0 ? local.deployer_subscription_id : null - use_msi = var.use_spn ? false : true + storage_use_azuread = true } From 35e4b768b24de377e0fd7dc1557b4f2a8f8a3d20 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 10:18:50 +0300 Subject: [PATCH 20/77] Refactor deploy control plane pipeline to update default value for spn_keyvault_id --- deploy/terraform/run/sap_landscape/tfvar_variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/terraform/run/sap_landscape/tfvar_variables.tf b/deploy/terraform/run/sap_landscape/tfvar_variables.tf index 5e5c64bafd..e6c3d82c62 100644 --- a/deploy/terraform/run/sap_landscape/tfvar_variables.tf +++ b/deploy/terraform/run/sap_landscape/tfvar_variables.tf @@ -352,7 +352,7 @@ variable "user_keyvault_id" { variable "spn_keyvault_id" { description = "If provided, the Azure resource identifier of the deployment credential keyvault" - default = "" + default = null } variable "enable_purge_control_for_keyvaults" { From a76d9a78b5b62b850d8449fee536256679fa87c7 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 10:18:50 +0300 Subject: [PATCH 21/77] Refactor deploy control plane pipeline to update default value for spn_keyvault_id --- deploy/terraform/run/sap_landscape/tfvar_variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/terraform/run/sap_landscape/tfvar_variables.tf b/deploy/terraform/run/sap_landscape/tfvar_variables.tf index e6c3d82c62..5e5c64bafd 100644 --- a/deploy/terraform/run/sap_landscape/tfvar_variables.tf +++ b/deploy/terraform/run/sap_landscape/tfvar_variables.tf @@ -352,7 +352,7 @@ variable "user_keyvault_id" { variable "spn_keyvault_id" { description = "If provided, the Azure resource identifier of the deployment credential keyvault" - default = null + default = "" } variable "enable_purge_control_for_keyvaults" { From 57f63c472014ab0d4167d8bb2d6e839cbbdc567b Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 10:18:50 +0300 Subject: [PATCH 22/77] Refactor deploy control plane pipeline to update default value for spn_key_vault_arm_id --- deploy/terraform/run/sap_landscape/imports.tf | 3 +-- deploy/terraform/run/sap_landscape/variables_local.tf | 5 +---- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/deploy/terraform/run/sap_landscape/imports.tf b/deploy/terraform/run/sap_landscape/imports.tf index 344f40aa43..297af9af41 100644 --- a/deploy/terraform/run/sap_landscape/imports.tf +++ b/deploy/terraform/run/sap_landscape/imports.tf @@ -15,8 +15,7 @@ data "terraform_remote_state" "deployer" { container_name = local.tfstate_container_name key = var.deployer_tfstate_key subscription_id = local.saplib_subscription_id - use_msi = var.use_spn ? false : true - use_azuread_auth = true + } } diff --git a/deploy/terraform/run/sap_landscape/variables_local.tf b/deploy/terraform/run/sap_landscape/variables_local.tf index 37a54894a6..af4562b762 100644 --- a/deploy/terraform/run/sap_landscape/variables_local.tf +++ b/deploy/terraform/run/sap_landscape/variables_local.tf @@ -22,10 +22,7 @@ locals { tfstate_container_name = module.sap_namegenerator.naming.resource_suffixes.tfstate // Retrieve the arm_id of deployer's Key Vault from deployer's terraform.tfstate - spn_key_vault_arm_id = coalesce( - try(local.key_vault.kv_spn_id,""), - try(data.terraform_remote_state.deployer[0].outputs.deployer_kv_user_arm_id, "") - ) + spn_key_vault_arm_id = try(local.key_vault.kv_spn_id,data.terraform_remote_state.deployer[0].outputs.deployer_kv_user_arm_id) deployer_subscription_id = coalesce( try(data.terraform_remote_state.deployer[0].outputs.created_resource_group_subscription_id,""), From f5f6130beb7dd3714e74ab988d868d49b05416a5 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 10:18:50 +0300 Subject: [PATCH 23/77] Refactor deploy control plane pipeline to include deployer_tfstate_key and landscape_tfstate_key parameters --- deploy/scripts/remover.sh | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/deploy/scripts/remover.sh b/deploy/scripts/remover.sh index 1cc86a8006..02fa216eaa 100755 --- a/deploy/scripts/remover.sh +++ b/deploy/scripts/remover.sh @@ -322,6 +322,23 @@ else export ARM_USE_AZUREAD=true fi +if [ -n $deployer_tfstate_key ]; then +terraform_deployer_module_directory="${SAP_AUTOMATION_REPO_PATH}"/deploy/terraform/run/sap_deployer/ + +terraform -chdir="${terraform_deployer_module_directory}" init -reconfigure \ +--backend-config "subscription_id=${STATE_SUBSCRIPTION}" \ +--backend-config "resource_group_name=${REMOTE_STATE_RG}" \ +--backend-config "storage_account_name=${REMOTE_STATE_SA}" \ +--backend-config "container_name=tfstate" \ +--backend-config "key=${deployer_tfstate_key}" || { + echo "Terraform init failed" + exit 1 +} +fi + +deployer_kv_user_arm_id=$(terraform -chdir="${terraform_deployer_module_directory}" output -no-color -raw deployer_kv_user_arm_id | tr -d \") +export TF_VAR_spn_keyvault_id=$deployer_kv_user_arm_id + echo "" echo "#########################################################################################" echo "# #" @@ -399,7 +416,6 @@ then echo -e "#$cyan processing "$deployment_system" removal as defined in "$parameterfile_name" "$resetformatting"" if [ -n "${approve}" ] then - terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" $approve $tfstate_parameter $landscape_tfstate_key_parameter \ $deployer_tfstate_key_parameter -json | tee -a destroy_output.json From 36bb4fa67bd98dc684974ed8069eda0eb91750e0 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 10:18:50 +0300 Subject: [PATCH 24/77] Refactor deploy control plane pipeline to trim deployer_tfstate_key in imports.tf --- deploy/terraform/run/sap_landscape/imports.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/terraform/run/sap_landscape/imports.tf b/deploy/terraform/run/sap_landscape/imports.tf index 297af9af41..0d5ef68b4a 100644 --- a/deploy/terraform/run/sap_landscape/imports.tf +++ b/deploy/terraform/run/sap_landscape/imports.tf @@ -13,7 +13,7 @@ data "terraform_remote_state" "deployer" { resource_group_name = local.saplib_resource_group_name storage_account_name = local.tfstate_storage_account_name container_name = local.tfstate_container_name - key = var.deployer_tfstate_key + key = trim(var.deployer_tfstate_key) subscription_id = local.saplib_subscription_id } From 7524974e42cc50007871cccd175c4ba5a58eb070 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 10:18:50 +0300 Subject: [PATCH 25/77] Refactor deploy control plane pipeline to trim deployer_tfstate_key in imports.tf and update default value for spn_keyvault_id --- deploy/pipelines/10-remover-terraform.yaml | 13 +++++++++++-- deploy/terraform/run/sap_landscape/imports.tf | 2 +- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index 57bc3ab665..42509262c7 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -754,15 +754,24 @@ stages: az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Account_Name.value" --out tsv) if [ -n "${az_var}" ]; then - REMOTE_STATE_SA="${az_var}" + export REMOTE_STATE_SA="${az_var}" + else + export REMOTE_STATE_SA=$(grep "^REMOTE_STATE_SA=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) + fi + + az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Resource_Group_Name.value" --out tsv) + if [ -n "${az_var}" ]; then + export REMOTE_STATE_RG="${az_var}" else - REMOTE_STATE_SA=$(grep "^REMOTE_STATE_SA=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) + export REMOTE_STATE_RG=$(grep "^REMOTE_STATE_RG=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) fi echo "Workload Key Vault: ${workload_key_vault}" echo "Deployer Key Vault: ${key_vault}" echo "Terraform state subscription: $STATE_SUBSCRIPTION" echo "Terraform state account: $REMOTE_STATE_SA" + echo "Terraform state resource group: $REMOTE_STATE_RG" + echo "System configuration: $(workload_zone_configuration_file)" echo "Deployer state file name: $deployer_tfstate_key" diff --git a/deploy/terraform/run/sap_landscape/imports.tf b/deploy/terraform/run/sap_landscape/imports.tf index 0d5ef68b4a..97cf252328 100644 --- a/deploy/terraform/run/sap_landscape/imports.tf +++ b/deploy/terraform/run/sap_landscape/imports.tf @@ -13,7 +13,7 @@ data "terraform_remote_state" "deployer" { resource_group_name = local.saplib_resource_group_name storage_account_name = local.tfstate_storage_account_name container_name = local.tfstate_container_name - key = trim(var.deployer_tfstate_key) + key = trimspace(var.deployer_tfstate_key) subscription_id = local.saplib_subscription_id } From df9e762a3ea230670595ebd922a99df17026b925 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 10:18:51 +0300 Subject: [PATCH 26/77] Refactor deploy control plane pipeline to trim deployer_tfstate_key in imports.tf and update default value for spn_keyvault_id --- deploy/scripts/remover.sh | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/deploy/scripts/remover.sh b/deploy/scripts/remover.sh index 02fa216eaa..4260e64065 100755 --- a/deploy/scripts/remover.sh +++ b/deploy/scripts/remover.sh @@ -323,21 +323,22 @@ else fi if [ -n $deployer_tfstate_key ]; then -terraform_deployer_module_directory="${SAP_AUTOMATION_REPO_PATH}"/deploy/terraform/run/sap_deployer/ - -terraform -chdir="${terraform_deployer_module_directory}" init -reconfigure \ ---backend-config "subscription_id=${STATE_SUBSCRIPTION}" \ ---backend-config "resource_group_name=${REMOTE_STATE_RG}" \ ---backend-config "storage_account_name=${REMOTE_STATE_SA}" \ ---backend-config "container_name=tfstate" \ ---backend-config "key=${deployer_tfstate_key}" || { - echo "Terraform init failed" - exit 1 -} + terraform_deployer_module_directory="${SAP_AUTOMATION_REPO_PATH}"/deploy/terraform/run/sap_deployer/ + + terraform -chdir="${terraform_deployer_module_directory}" init -reconfigure \ + --backend-config "subscription_id=${STATE_SUBSCRIPTION}" \ + --backend-config "resource_group_name=${REMOTE_STATE_RG}" \ + --backend-config "storage_account_name=${REMOTE_STATE_SA}" \ + --backend-config "container_name=tfstate" \ + --backend-config "key=${deployer_tfstate_key}" || { + echo "Terraform init failed" + exit 1 + } + deployer_kv_user_arm_id=$(terraform -chdir="${terraform_deployer_module_directory}" output -no-color -raw deployer_kv_user_arm_id | tr -d \") + export TF_VAR_spn_keyvault_id=$deployer_kv_user_arm_id + terraform -chdir="${terraform_deployer_module_directory}" output fi -deployer_kv_user_arm_id=$(terraform -chdir="${terraform_deployer_module_directory}" output -no-color -raw deployer_kv_user_arm_id | tr -d \") -export TF_VAR_spn_keyvault_id=$deployer_kv_user_arm_id echo "" echo "#########################################################################################" From 9a5f226070b41f88ca3bbb46c46d02117096f851 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 10:18:51 +0300 Subject: [PATCH 27/77] Refactor deploy control plane pipeline to include provider for azurerm.workload in imports.tf --- deploy/terraform/run/sap_landscape/imports.tf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/deploy/terraform/run/sap_landscape/imports.tf b/deploy/terraform/run/sap_landscape/imports.tf index 97cf252328..349550bf50 100644 --- a/deploy/terraform/run/sap_landscape/imports.tf +++ b/deploy/terraform/run/sap_landscape/imports.tf @@ -8,6 +8,8 @@ data "azurerm_client_config" "current" {} data "terraform_remote_state" "deployer" { backend = "azurerm" + provider = azurerm.workload + count = length(try(var.deployer_tfstate_key, "")) > 0 ? 1 : 0 config = { resource_group_name = local.saplib_resource_group_name From 290dc22ff51b2703986d411023c9d0b7f78c98f6 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 10:18:51 +0300 Subject: [PATCH 28/77] Refactor deploy control plane pipeline to include provider for azurerm.workload in imports.tf --- deploy/terraform/run/sap_landscape/imports.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/deploy/terraform/run/sap_landscape/imports.tf b/deploy/terraform/run/sap_landscape/imports.tf index 349550bf50..4d9ecfda1e 100644 --- a/deploy/terraform/run/sap_landscape/imports.tf +++ b/deploy/terraform/run/sap_landscape/imports.tf @@ -8,7 +8,6 @@ data "azurerm_client_config" "current" {} data "terraform_remote_state" "deployer" { backend = "azurerm" - provider = azurerm.workload count = length(try(var.deployer_tfstate_key, "")) > 0 ? 1 : 0 config = { From 6287e18705ac8ce5316b814d5b0d700aa1973e68 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 10:18:51 +0300 Subject: [PATCH 29/77] Refactor deploy control plane pipeline to update storage account authentication and export TF_VAR_tfstate_resource_id --- deploy/scripts/remover.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/deploy/scripts/remover.sh b/deploy/scripts/remover.sh index 4260e64065..bc4aabd0f0 100755 --- a/deploy/scripts/remover.sh +++ b/deploy/scripts/remover.sh @@ -315,14 +315,14 @@ fi useSAS=$(az storage account show --name "${REMOTE_STATE_SA}" --query allowSharedKeyAccess --subscription "${STATE_SUBSCRIPTION}" --out tsv) if [ "$useSAS" = "true" ] ; then - echo "Authenticate storage using SAS" + echo "Storage Account Authentication: Key" export ARM_USE_AZUREAD=false else - echo "Authenticate storage using Entra ID" + echo "Storage Account Authentication: Entra ID" export ARM_USE_AZUREAD=true fi -if [ -n $deployer_tfstate_key ]; then +if [ -n "$deployer_tfstate_key" ]; then terraform_deployer_module_directory="${SAP_AUTOMATION_REPO_PATH}"/deploy/terraform/run/sap_deployer/ terraform -chdir="${terraform_deployer_module_directory}" init -reconfigure \ @@ -336,7 +336,7 @@ if [ -n $deployer_tfstate_key ]; then } deployer_kv_user_arm_id=$(terraform -chdir="${terraform_deployer_module_directory}" output -no-color -raw deployer_kv_user_arm_id | tr -d \") export TF_VAR_spn_keyvault_id=$deployer_kv_user_arm_id - terraform -chdir="${terraform_deployer_module_directory}" output + terraform -chdir="${terraform_deployer_module_directory}" output created_resource_group_subscription_id fi @@ -358,7 +358,7 @@ terraform -chdir="${terraform_module_directory}" init -reconfigure \ exit 1 } - +export TF_VAR_tfstate_resource_id=$(az storage account show --name "${REMOTE_STATE_SA}" --query id --subscription "${STATE_SUBSCRIPTION}" --out tsv) created_resource_group_id=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw created_resource_group_id | tr -d \") created_resource_group_id_length=$(expr length "$created_resource_group_id") From a1dc88d39ea5c4b17aad830b3a760e2b7ae89d2c Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 10:18:51 +0300 Subject: [PATCH 30/77] Refactor deploy control plane pipeline to update deployer and landscape state file paths --- deploy/scripts/remover.sh | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/deploy/scripts/remover.sh b/deploy/scripts/remover.sh index bc4aabd0f0..d85b19af19 100755 --- a/deploy/scripts/remover.sh +++ b/deploy/scripts/remover.sh @@ -229,7 +229,8 @@ echo "Storage Account: ${REMOTE_STATE_SA}" echo "Resource Group: ${REMOTE_STATE_RG}" echo "State file: ${key}.terraform.tfstate" echo "Target subscription: ${ARM_SUBSCRIPTION_ID}" -echo "" +echo "Deployer State file: ${deployer_tfstate_key}" +echo "Landscape State file: ${landscape_tfstate_key}" #Plugins isInCloudShellCheck=$(checkIfCloudShell) @@ -414,10 +415,16 @@ then "$deployer_tfstate_key_parameter" else - echo -e "#$cyan processing "$deployment_system" removal as defined in "$parameterfile_name" "$resetformatting"" + echo -e "#$cyan processing $deployment_system removal as defined in $parameterfile_name $resetformatting" + + allParams=$(printf " --parameterfile %s --storageaccountname %s --state_subscription %s --type sap_deployer %s %s " "${deployer_file_parametername}" "${REMOTE_STATE_SA}" "${STATE_SUBSCRIPTION}" "${approveparam}" "${ado_flag}" ) + + echo "Calling destroy with: -var-file=${var_file} $approve $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter" + + if [ -n "${approve}" ] then - terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" $approve $tfstate_parameter $landscape_tfstate_key_parameter \ + terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" $approve $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter $deployer_tfstate_key_parameter -json | tee -a destroy_output.json else From f4e4e43d1fc9404f27d857e7068e6246c3120971 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 10:18:51 +0300 Subject: [PATCH 31/77] Refactor deploy control plane pipeline to remove unnecessary code in remover.sh --- deploy/scripts/remover.sh | 4 ---- 1 file changed, 4 deletions(-) diff --git a/deploy/scripts/remover.sh b/deploy/scripts/remover.sh index d85b19af19..c0b271cf47 100755 --- a/deploy/scripts/remover.sh +++ b/deploy/scripts/remover.sh @@ -416,12 +416,8 @@ then else echo -e "#$cyan processing $deployment_system removal as defined in $parameterfile_name $resetformatting" - - allParams=$(printf " --parameterfile %s --storageaccountname %s --state_subscription %s --type sap_deployer %s %s " "${deployer_file_parametername}" "${REMOTE_STATE_SA}" "${STATE_SUBSCRIPTION}" "${approveparam}" "${ado_flag}" ) - echo "Calling destroy with: -var-file=${var_file} $approve $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter" - if [ -n "${approve}" ] then terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" $approve $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter From fdb1ae55ca291ef693ca4bbd57fecb40a5861f41 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 10:18:51 +0300 Subject: [PATCH 32/77] Refactor deploy control plane pipeline to remove unnecessary code in remover.sh --- deploy/scripts/remover.sh | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/deploy/scripts/remover.sh b/deploy/scripts/remover.sh index c0b271cf47..0c82edee47 100755 --- a/deploy/scripts/remover.sh +++ b/deploy/scripts/remover.sh @@ -323,24 +323,6 @@ else export ARM_USE_AZUREAD=true fi -if [ -n "$deployer_tfstate_key" ]; then - terraform_deployer_module_directory="${SAP_AUTOMATION_REPO_PATH}"/deploy/terraform/run/sap_deployer/ - - terraform -chdir="${terraform_deployer_module_directory}" init -reconfigure \ - --backend-config "subscription_id=${STATE_SUBSCRIPTION}" \ - --backend-config "resource_group_name=${REMOTE_STATE_RG}" \ - --backend-config "storage_account_name=${REMOTE_STATE_SA}" \ - --backend-config "container_name=tfstate" \ - --backend-config "key=${deployer_tfstate_key}" || { - echo "Terraform init failed" - exit 1 - } - deployer_kv_user_arm_id=$(terraform -chdir="${terraform_deployer_module_directory}" output -no-color -raw deployer_kv_user_arm_id | tr -d \") - export TF_VAR_spn_keyvault_id=$deployer_kv_user_arm_id - terraform -chdir="${terraform_deployer_module_directory}" output created_resource_group_subscription_id -fi - - echo "" echo "#########################################################################################" echo "# #" From c16e0b786b1205e5bf28661f5f3d9cc3dedc556a Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Wed, 23 Oct 2024 20:42:29 +0300 Subject: [PATCH 33/77] Refactor echo statements in deploy control plane pipeline --- deploy/pipelines/02-sap-workload-zone.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy/pipelines/02-sap-workload-zone.yaml b/deploy/pipelines/02-sap-workload-zone.yaml index 30f556216f..bbd2d086c6 100644 --- a/deploy/pipelines/02-sap-workload-zone.yaml +++ b/deploy/pipelines/02-sap-workload-zone.yaml @@ -436,9 +436,9 @@ stages: if [ $USE_MSI != "true" ]; then - echo "Deployment credentials: Service Principal" - echo "Deployment credential ID (SPN): $WL_ARM_CLIENT_ID" - echo "Deployer subscription: $STATE_SUBSCRIPTION" + echo "Deployment credentials: Service Principal" + echo "Deployment credential ID (SPN): $WL_ARM_CLIENT_ID" + echo "Deployer subscription: $STATE_SUBSCRIPTION" export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET From 155645589a9fbb9b0cfdbe4f63c0ecdc58a7e2ed Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Wed, 23 Oct 2024 21:54:48 +0300 Subject: [PATCH 34/77] Refactor install_workloadzone.sh script to improve error handling --- deploy/scripts/install_workloadzone.sh | 269 +++++++++++++------------ 1 file changed, 142 insertions(+), 127 deletions(-) diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index 9d113260fc..26c63ffdb2 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -172,8 +172,8 @@ fi get_region_code "$region" if [ "${region_code}" == 'UNKN' ]; then - LOCATION_CODE=$(echo "$workload_file_parametername" | awk -F'-' '{print $2}') - region_code=$(echo "${LOCATION_CODE}" | tr "[:lower:]" "[:upper:]" | xargs) + LOCATION_CODE=$(echo "$workload_file_parametername" | awk -F'-' '{print $2}' ) + region_code=$(echo "${LOCATION_CODE}" | tr "[:lower:]" "[:upper:]" | xargs) fi echo "Region code: ${region_code}" @@ -211,7 +211,7 @@ fi workload_config_information="${automation_config_directory}/${environment}${region_code}${network_logical_name}" deployer_config_information="${automation_config_directory}/${deployer_environment}${region_code}" save_config_vars "${workload_config_information}" \ - STATE_SUBSCRIPTION REMOTE_STATE_SA subscription +STATE_SUBSCRIPTION REMOTE_STATE_SA subscription if [ "${force}" == 1 ]; then if [ -f "${workload_config_information}" ]; then @@ -364,43 +364,46 @@ if [ -n "$subscription" ]; then fi fi if [ 0 = "${deploy_using_msi_only:-}" ]; then - if [ -n "$client_id" ]; then - if is_valid_guid "$client_id"; then - echo "" - else - printf -v val %-40.40s "$client_id" - echo "#########################################################################################" - echo "# #" - echo -e "# The provided spn_id is not valid:$boldred ${val} $resetformatting #" - echo "# #" - echo "#########################################################################################" - exit 65 + if [ -n "$client_id" ] + then + if is_valid_guid "$client_id" ; then + echo "" + else + printf -v val %-40.40s "$client_id" + echo "#########################################################################################" + echo "# #" + echo -e "# The provided spn_id is not valid:$boldred ${val} $resetformatting #" + echo "# #" + echo "#########################################################################################" + exit 65 + fi fi - fi - if [ -n "$tenant_id" ]; then - if is_valid_guid "$tenant_id"; then - echo "" + if [ -n "$tenant_id" ] + then + if is_valid_guid "$tenant_id" ; then + echo "Valid tenant id format" + else + printf -v val %-40.40s "$tenant_id" + echo "#########################################################################################" + echo "# #" + echo -e "# The provided tenant_id is not valid:$boldred ${val} $resetformatting #" + echo "# #" + echo "#########################################################################################" + exit 65 + fi + + fi + #setting the user environment variables + if [ -n "${spn_secret}" ] + then + set_executing_user_environment_variables "${spn_secret}" else - printf -v val %-40.40s "$tenant_id" - echo "#########################################################################################" - echo "# #" - echo -e "# The provided tenant_id is not valid:$boldred ${val} $resetformatting #" - echo "# #" - echo "#########################################################################################" - exit 65 + set_executing_user_environment_variables "none" fi - - fi - #setting the user environment variables - if [ -n "${spn_secret}" ]; then - set_executing_user_environment_variables "${spn_secret}" - else - set_executing_user_environment_variables "none" - fi else - #setting the user environment variables - set_executing_user_environment_variables "N/A" + #setting the user environment variables + set_executing_user_environment_variables "N/A" fi if [[ -z ${REMOTE_STATE_SA} ]]; then @@ -435,8 +438,10 @@ else get_and_store_sa_details ${REMOTE_STATE_SA} ${workload_config_information} fi -if [ -z "$subscription" ]; then - subscription="${STATE_SUBSCRIPTION}" + +if [ -z "$subscription" ] +then + subscription="${STATE_SUBSCRIPTION}" fi if [ -z "$REMOTE_STATE_SA" ]; then @@ -461,71 +466,76 @@ fi useSAS=$(az storage account show --name "${REMOTE_STATE_SA}" --query allowSharedKeyAccess --subscription "${STATE_SUBSCRIPTION}" --out tsv) -if [ "$useSAS" = "true" ]; then - echo "Storage Account authentication: key" - export ARM_USE_AZUREAD=false +if [ "$useSAS" = "true" ] ; then + echo "Storage Account authentication: key" + export ARM_USE_AZUREAD=false else - echo "Storage Account authentication: Entra ID" - export ARM_USE_AZUREAD=true + echo "Storage Account authentication: Entra ID" + export ARM_USE_AZUREAD=true fi if [ 1 = "${deploy_using_msi_only:-}" ]; then - if [ -n "${keyvault}" ]; then - echo "Setting the secrets" + if [ -n "${keyvault}" ] + then + echo "Setting the secrets" - allParams=$(printf " --workload --environment %s --region %s --vault %s --keyvault_subscription %s --subscription %s --msi " "${environment}" "${region_code}" "${keyvault}" "${STATE_SUBSCRIPTION}" "${ARM_SUBSCRIPTION_ID}") + allParams=$(printf " --workload --environment %s --region %s --vault %s --keyvault_subscription %s --subscription %s --msi " "${environment}" "${region_code}" "${keyvault}" "${STATE_SUBSCRIPTION}" "${ARM_SUBSCRIPTION_ID}" ) - echo "Calling set_secrets with: ${allParams}" + echo "Calling set_secrets with: ${allParams}" - "${SAP_AUTOMATION_REPO_PATH}"/deploy/scripts/set_secrets.sh ${allParams} + "${SAP_AUTOMATION_REPO_PATH}"/deploy/scripts/set_secrets.sh ${allParams} - if [ -f secret.err ]; then - error_message=$(cat secret.err) - echo "##vso[task.logissue type=error]${error_message}" - rm secret.err - exit 65 + if [ -f secret.err ]; then + error_message=$(cat secret.err) + echo "##vso[task.logissue type=error]${error_message}" + rm secret.err + exit 65 + fi fi - fi else - if [ -n "${keyvault}" ]; then - echo "Setting the secrets" + if [ -n "${keyvault}" ] + then + echo "Setting the secrets" - save_config_var "client_id" "${workload_config_information}" - save_config_var "tenant_id" "${workload_config_information}" + save_config_var "client_id" "${workload_config_information}" + save_config_var "tenant_id" "${workload_config_information}" - if [ -n "$spn_secret" ]; then - fixed_allParams=$(printf " --workload --environment %s --region %s --vault %s --subscription %s --spn_secret ***** --keyvault_subscription %s --spn_id %s --tenant_id %s " "${environment}" "${region_code}" "${keyvault}" "${ARM_SUBSCRIPTION_ID}" "${STATE_SUBSCRIPTION}" "${client_id}" "${tenant_id}") + if [ -n "$spn_secret" ] + then + fixed_allParams=$(printf " --workload --environment %s --region %s --vault %s --subscription %s --spn_secret ***** --keyvault_subscription %s --spn_id %s --tenant_id %s " "${environment}" "${region_code}" "${keyvault}" "${ARM_SUBSCRIPTION_ID}" "${STATE_SUBSCRIPTION}" "${client_id}" "${tenant_id}" ) - echo "Calling set_secrets with: ${fixed_allParams}" + echo "Calling set_secrets with: ${fixed_allParams}" - allParams=$(printf " --workload --environment %s --region %s --vault %s --spn_secret %s --subscription %s --keyvault_subscription %s --spn_id %s --tenant_id %s " "${environment}" "${region_code}" "${keyvault}" "${spn_secret}" "${ARM_SUBSCRIPTION_ID}" "${STATE_SUBSCRIPTION}" "${client_id}" "${tenant_id}") + allParams=$(printf " --workload --environment %s --region %s --vault %s --spn_secret %s --subscription %s --keyvault_subscription %s --spn_id %s --tenant_id %s " "${environment}" "${region_code}" "${keyvault}" "${spn_secret}" "${ARM_SUBSCRIPTION_ID}" "${STATE_SUBSCRIPTION}" "${client_id}" "${tenant_id}" ) - "${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/set_secrets.sh" ${allParams} + "${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/set_secrets.sh" ${allParams} - if [ -f secret.err ]; then - error_message=$(cat secret.err) - echo "##vso[task.logissue type=error]${error_message}" - - exit 65 - fi - else - read -p "Do you want to specify the Workload SPN Details Y/N?" ans - answer=${ans^^} - if [ ${answer} == 'Y' ]; then - allParams=$(printf " --workload --environment %s --region %s --vault %s --subscription %s --spn_id %s " "${environment}" "${region_code}" "${keyvault}" "${STATE_SUBSCRIPTION}" "${client_id}") + if [ -f secret.err ]; then + error_message=$(cat secret.err) + echo "##vso[task.logissue type=error]${error_message}" - "${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/set_secrets.sh ${allParams}" - if [ $? -eq 255 ]; then - exit $? + exit 65 + fi + else + read -p "Do you want to specify the Workload SPN Details Y/N?" ans + answer=${ans^^} + if [ ${answer} == 'Y' ]; then + allParams=$(printf " --workload --environment %s --region %s --vault %s --subscription %s --spn_id %s " "${environment}" "${region_code}" "${keyvault}" "${STATE_SUBSCRIPTION}" "${client_id}" ) + + "${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/set_secrets.sh ${allParams}" + if [ $? -eq 255 ] + then + exit $? + fi + fi fi - fi - fi - if [ -f kv.log ]; then - rm kv.log + if [ -f kv.log ] + then + rm kv.log + fi fi - fi fi if [ -z "${deployer_tfstate_key}" ]; then load_config_vars "${workload_config_information}" "deployer_tfstate_key" @@ -601,14 +611,14 @@ new_deployment=false isInCloudShellCheck=$(checkIfCloudShell) if checkIfCloudShell; then - mkdir -p "${HOME}/.terraform.d/plugin-cache" - export TF_PLUGIN_CACHE_DIR="${HOME}/.terraform.d/plugin-cache" + mkdir -p "${HOME}/.terraform.d/plugin-cache" + export TF_PLUGIN_CACHE_DIR="${HOME}/.terraform.d/plugin-cache" else - if [ ! -d /opt/terraform/.terraform.d/plugin-cache ]; then - mkdir -p /opt/terraform/.terraform.d/plugin-cache - sudo chown -R "$USER" /opt/terraform - fi - export TF_PLUGIN_CACHE_DIR=/opt/terraform/.terraform.d/plugin-cache + if [ ! -d /opt/terraform/.terraform.d/plugin-cache ]; then + mkdir -p /opt/terraform/.terraform.d/plugin-cache + sudo chown -R "$USER" /opt/terraform + fi + export TF_PLUGIN_CACHE_DIR=/opt/terraform/.terraform.d/plugin-cache fi root_dirname=$(pwd) @@ -781,10 +791,10 @@ echo "# echo "#########################################################################################" echo "" -if [ 1 == $called_from_ado ]; then - terraform -chdir="${terraform_module_directory}" plan -no-color -detailed-exitcode -var-file=${var_file} $tfstate_parameter $deployer_tfstate_key_parameter | tee -a plan_output.log +if [ 1 == $called_from_ado ] ; then + terraform -chdir="${terraform_module_directory}" plan -no-color -detailed-exitcode -var-file=${var_file} $tfstate_parameter $deployer_tfstate_key_parameter | tee -a plan_output.log else - terraform -chdir="${terraform_module_directory}" plan -detailed-exitcode -var-file=${var_file} $tfstate_parameter $deployer_tfstate_key_parameter | tee -a plan_output.log + terraform -chdir="${terraform_module_directory}" plan -detailed-exitcode -var-file=${var_file} $tfstate_parameter $deployer_tfstate_key_parameter | tee -a plan_output.log fi return_value=$? @@ -807,16 +817,16 @@ fi echo "TEST_ONLY: " $TEST_ONLY if [ "${TEST_ONLY}" == "True" ]; then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $cyan Running plan only. $resetformatting #" - echo "# #" - echo "# No deployment performed. #" - echo "# #" - echo "#########################################################################################" - echo "" - exit 0 + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $cyan Running plan only. $resetformatting #" + echo "# #" + echo "# No deployment performed. #" + echo "# #" + echo "#########################################################################################" + echo "" + exit 0 fi ok_to_proceed=0 @@ -897,14 +907,15 @@ if [ 1 == $ok_to_proceed ]; then parallelism=$TF_PARALLELLISM fi - if [ 1 == $called_from_ado ]; then - terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -no-color -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter -json | tee -a apply_output.json - else - if [ -n "${approve}" ]; then - terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter -json | tee -a apply_output.json + if [ 1 == $called_from_ado ] ; then + terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -no-color -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter -json | tee -a apply_output.json else - terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter - fi + if [ -n "${approve}" ] + then + terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter -json | tee -a apply_output.json + else + terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter + fi fi @@ -912,12 +923,15 @@ if [ 1 == $ok_to_proceed ]; then fi + rerun_apply=0 -if [ -f apply_output.json ]; then - # Check for resource that can be imported - existing=$(jq 'select(."@level" == "error") | {address: .diagnostic.address, summary: .diagnostic.summary} | select(.summary | startswith("A resource with the ID"))' apply_output.json) - if [[ -n ${existing} ]]; then +if [ -f apply_output.json ] +then + # Check for resource that can be imported + existing=$(jq 'select(."@level" == "error") | {address: .diagnostic.address, summary: .diagnostic.summary} | select(.summary | startswith("A resource with the ID"))' apply_output.json) + if [[ -n ${existing} ]] + then readarray -t existing_resources < <(echo ${existing} | jq -c '.') for item in "${existing_resources[@]}"; do @@ -1036,8 +1050,9 @@ if [ -f apply_output.json ]; then fi -if [ -f apply_output.json ]; then - rm apply_output.json +if [ -f apply_output.json ] +then + rm apply_output.json fi workload_zone_prefix=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw workload_zone_prefix | tr -d \") @@ -1064,9 +1079,9 @@ if [ 0 == $return_value ]; then echo "#########################################################################################" echo "" - save_config_var "workloadkeyvault" "${workload_config_information}" + save_config_var "workloadkeyvault" "${workload_config_information}" + fi fi - fi fi @@ -1160,24 +1175,24 @@ unset TF_DATA_DIR # # ################################################################################# -if [ "$useSAS" = "true" ]; then - container_exists=$(az storage container exists --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --name tfvars --only-show-errors --query exists) +if [ "$useSAS" = "true" ] ; then + container_exists=$(az storage container exists --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --name tfvars --only-show-errors --query exists) else - container_exists=$(az storage container exists --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --name tfvars --only-show-errors --query exists --auth-mode login) + container_exists=$(az storage container exists --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --name tfvars --only-show-errors --query exists --auth-mode login) fi if [ "${container_exists}" == "false" ]; then - if [ "$useSAS" = "true" ]; then - az storage container create --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --name tfvars --only-show-errors - else - az storage container create --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --name tfvars --auth-mode login --only-show-errors - fi + if [ "$useSAS" = "true" ] ; then + az storage container create --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --name tfvars --only-show-errors + else + az storage container create --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --name tfvars --auth-mode login --only-show-errors + fi fi -if [ "$useSAS" = "true" ]; then - az storage blob upload --file "${parameterfile}" --container-name tfvars/LANDSCAPE/"${key}" --name "${parameterfile_name}" --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --no-progress --overwrite --only-show-errors --output none +if [ "$useSAS" = "true" ] ; then + az storage blob upload --file "${parameterfile}" --container-name tfvars/LANDSCAPE/"${key}" --name "${parameterfile_name}" --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --no-progress --overwrite --only-show-errors --output none else - az storage blob upload --file "${parameterfile}" --container-name tfvars/LANDSCAPE/"${key}" --name "${parameterfile_name}" --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --no-progress --overwrite --auth-mode login --only-show-errors --output none + az storage blob upload --file "${parameterfile}" --container-name tfvars/LANDSCAPE/"${key}" --name "${parameterfile_name}" --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --no-progress --overwrite --auth-mode login --only-show-errors --output none fi exit $return_value From 9a532666dfb89351a1d6114911e92e6e81b609d9 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Wed, 23 Oct 2024 22:56:08 +0300 Subject: [PATCH 35/77] feng shui --- deploy/scripts/install_workloadzone.sh | 849 +++++++++++++++++++++---- 1 file changed, 708 insertions(+), 141 deletions(-) diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index 26c63ffdb2..81694b2b8f 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -27,9 +27,68 @@ INPUT_ARGUMENTS=$(getopt -n install_workloadzone -o p:d:e:k:o:s:c:n:t:v:aifhm -- VALID_ARGUMENTS=$? if [ "$VALID_ARGUMENTS" != "0" ]; then showhelp + showhelp fi eval set -- "$INPUT_ARGUMENTS" +while :; do + case "$1" in + -a | --ado) + called_from_ado=1 + shift + ;; + -c | --spn_id) + client_id="$2" + shift 2 + ;; + -d | --deployer_tfstate_key) + deployer_tfstate_key="$2" + shift 2 + ;; + -e | --deployer_environment) + deployer_environment="$2" + shift 2 + ;; + -f | --force) + force=1 + shift + ;; + -i | --auto-approve) + approve="--auto-approve" + shift + ;; + -k | --state_subscription) + STATE_SUBSCRIPTION="$2" + shift 2 + ;; + -m | --msi) + deploy_using_msi_only=1 + shift + ;; + -n | --spn_secret) + spn_secret="$2" + shift 2 + ;; + -o | --storageaccountname) + REMOTE_STATE_SA="$2" + shift 2 + ;; + -p | --parameterfile) + parameterfile="$2" + shift 2 + ;; + -s | --subscription) + subscription="$2" + shift 2 + ;; + -t | --tenant_id) + tenant_id="$2" + shift 2 + ;; + -v | --keyvault) + keyvault="$2" + shift 2 + ;; while :; do case "$1" in -a | --ado) @@ -99,6 +158,16 @@ while :; do break ;; esac + -h | --help) + workload_zone_showhelp + exit 3 + shift + ;; + --) + shift + break + ;; + esac done tfstate_resource_id="" tfstate_parameter="" @@ -115,6 +184,10 @@ deployer_environment=$(echo "${deployer_environment}" | tr "[:lower:]" "[:upper: echo "Deployer environment: $deployer_environment" +if [ 1 == $called_from_ado ]; then + this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 + export TF_VAR_Agent_IP=$this_ip + echo "Agent IP: $this_ip" if [ 1 == $called_from_ado ]; then this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 export TF_VAR_Agent_IP=$this_ip @@ -134,8 +207,24 @@ if [ "$param_dirname" != '.' ]; then echo "# #" echo "#########################################################################################" exit 3 + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldred Please run this command from the folder containing the parameter file$resetformatting #" + echo "# #" + echo "#########################################################################################" + exit 3 fi +if [ ! -f "${workload_file_parametername}" ]; then + printf -v val %-40.40s "$workload_file_parametername" + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldreduscore Parameter file does not exist: ${val}$resetformatting #" + echo "# #" + echo "#########################################################################################" + exit 3 if [ ! -f "${workload_file_parametername}" ]; then printf -v val %-40.40s "$workload_file_parametername" echo "" @@ -152,6 +241,7 @@ validate_exports return_code=$? if [ 0 != $return_code ]; then exit $return_code + exit $return_code fi # Check that Terraform and Azure CLI is installed @@ -159,6 +249,7 @@ validate_dependencies return_code=$? if [ 0 != $return_code ]; then exit $return_code + exit $return_code fi # Check that parameter files have environment and location defined @@ -166,14 +257,15 @@ validate_key_parameters "$workload_file_parametername" return_code=$? if [ 0 != $return_code ]; then exit $return_code + exit $return_code fi # Convert the region to the correct code get_region_code "$region" if [ "${region_code}" == 'UNKN' ]; then - LOCATION_CODE=$(echo "$workload_file_parametername" | awk -F'-' '{print $2}' ) - region_code=$(echo "${LOCATION_CODE}" | tr "[:lower:]" "[:upper:]" | xargs) + LOCATION_CODE=$(echo "$workload_file_parametername" | awk -F'-' '{print $2}') + region_code=$(echo "${LOCATION_CODE}" | tr "[:lower:]" "[:upper:]" | xargs) fi echo "Region code: ${region_code}" @@ -191,6 +283,15 @@ if [ -z "${network_logical_name}" ]; then echo "#########################################################################################" echo "" return 64 #script usage wrong + echo "#########################################################################################" + echo "# #" + echo -e "# $boldred Incorrect parameter file. $resetformatting #" + echo "# #" + echo "# The file must contain the network_logical_name attribute!! #" + echo "# #" + echo "#########################################################################################" + echo "" + return 64 #script usage wrong fi key=$(echo "${workload_file_parametername}" | cut -d. -f1) @@ -206,13 +307,22 @@ if [ "$deployer_environment" != "$environment" ]; then # Add support for having multiple vnets in the same environment and zone - rename exiting file to support seamless transition mv "${automation_config_directory}"/"${environment}""${region_code}" "${automation_config_directory}"/"${environment}""${region_code}""${network_logical_name}" fi + if [ -f "${automation_config_directory}"/"${environment}""${region_code}" ]; then + # Add support for having multiple vnets in the same environment and zone - rename exiting file to support seamless transition + mv "${automation_config_directory}"/"${environment}""${region_code}" "${automation_config_directory}"/"${environment}""${region_code}""${network_logical_name}" + fi fi workload_config_information="${automation_config_directory}/${environment}${region_code}${network_logical_name}" deployer_config_information="${automation_config_directory}/${deployer_environment}${region_code}" save_config_vars "${workload_config_information}" \ -STATE_SUBSCRIPTION REMOTE_STATE_SA subscription + STATE_SUBSCRIPTION REMOTE_STATE_SA subscription +if [ "${force}" == 1 ]; then + if [ -f "${workload_config_information}" ]; then + rm "${workload_config_information}" + fi + rm -Rf .terraform terraform.tfstate* if [ "${force}" == 1 ]; then if [ -f "${workload_config_information}" ]; then rm "${workload_config_information}" @@ -230,9 +340,13 @@ echo "Deployer Subscription: $STATE_SUBSCRIPTION" echo "Remote state storage account: $REMOTE_STATE_SA" echo "Target Subscription: $subscription" +if [[ -n $STATE_SUBSCRIPTION ]]; then + if is_valid_guid "$STATE_SUBSCRIPTION"; then if [[ -n $STATE_SUBSCRIPTION ]]; then if is_valid_guid "$STATE_SUBSCRIPTION"; then + save_config_vars "${workload_config_information}" \ + STATE_SUBSCRIPTION save_config_vars "${workload_config_information}" \ STATE_SUBSCRIPTION @@ -244,6 +358,14 @@ if [[ -n $STATE_SUBSCRIPTION ]]; then echo "#########################################################################################" echo "" az account set --sub "${STATE_SUBSCRIPTION}" + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $cyan Changing the subscription to: $STATE_SUBSCRIPTION $resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" + az account set --sub "${STATE_SUBSCRIPTION}" else printf -v val %-40.40s "$STATE_SUBSCRIPTION" @@ -255,13 +377,35 @@ if [[ -n $STATE_SUBSCRIPTION ]]; then echo "The provided subscription for the terraform storage is not valid: ${val}" >"${workload_config_information}".err exit 65 fi + else + printf -v val %-40.40s "$STATE_SUBSCRIPTION" + echo "#########################################################################################" + echo "# #" + echo -e "#The provided state_subscription is not valid:$boldred ${val} $resetformatting#" + echo "# #" + echo "#########################################################################################" + echo "The provided subscription for the terraform storage is not valid: ${val}" >"${workload_config_information}".err + exit 65 + fi fi +if [ -n "$REMOTE_STATE_SA" ]; then + get_and_store_sa_details ${REMOTE_STATE_SA} ${workload_config_information} if [ -n "$REMOTE_STATE_SA" ]; then get_and_store_sa_details ${REMOTE_STATE_SA} ${workload_config_information} fi +if [ -n "$keyvault" ]; then + if valid_kv_name "$keyvault"; then + save_config_var "keyvault" "${workload_config_information}" + else + printf -v val %-40.40s "$keyvault" + echo "#########################################################################################" + echo "# #" + echo -e "# The provided keyvault is not valid:$boldred ${val} $resetformatting #" + echo "# #" + echo "#########################################################################################" if [ -n "$keyvault" ]; then if valid_kv_name "$keyvault"; then save_config_var "keyvault" "${workload_config_information}" @@ -276,21 +420,40 @@ if [ -n "$keyvault" ]; then echo "The provided keyvault is not valid: ${val}" >"${workload_config_information}".err exit 65 fi + echo "The provided keyvault is not valid: ${val}" >"${workload_config_information}".err + exit 65 + fi fi +if [ ! -f "${workload_config_information}" ]; then + # Ask for deployer environment name and try to read the deployer state file and resource group details from the configuration file + if [ -z "$deployer_environment" ]; then + read -p "Deployer environment name: " deployer_environment + fi if [ ! -f "${workload_config_information}" ]; then # Ask for deployer environment name and try to read the deployer state file and resource group details from the configuration file if [ -z "$deployer_environment" ]; then read -p "Deployer environment name: " deployer_environment fi + deployer_config_information="${automation_config_directory}"/"${deployer_environment}""${region_code}" + if [ -f "$deployer_config_information" ]; then + if [ -z "${keyvault}" ]; then + load_config_vars "${deployer_config_information}" "keyvault" + fi deployer_config_information="${automation_config_directory}"/"${deployer_environment}""${region_code}" if [ -f "$deployer_config_information" ]; then if [ -z "${keyvault}" ]; then load_config_vars "${deployer_config_information}" "keyvault" fi + load_config_vars "${deployer_config_information}" "REMOTE_STATE_RG" + if [ -z "${REMOTE_STATE_SA}" ]; then + load_config_vars "${deployer_config_information}" "REMOTE_STATE_SA" + fi + load_config_vars "${deployer_config_information}" "tfstate_resource_id" + load_config_vars "${deployer_config_information}" "deployer_tfstate_key" load_config_vars "${deployer_config_information}" "REMOTE_STATE_RG" if [ -z "${REMOTE_STATE_SA}" ]; then load_config_vars "${deployer_config_information}" "REMOTE_STATE_SA" @@ -306,8 +469,27 @@ if [ ! -f "${workload_config_information}" ]; then REMOTE_STATE_SA \ REMOTE_STATE_RG fi + save_config_vars "${workload_config_information}" \ + keyvault \ + subscription \ + deployer_tfstate_key \ + tfstate_resource_id \ + REMOTE_STATE_SA \ + REMOTE_STATE_RG + fi fi +if [ -z "$tfstate_resource_id" ]; then + echo "No tfstate_resource_id" + if [ -n "$deployer_environment" ]; then + deployer_config_information="${automation_config_directory}"/"${deployer_environment}""${region_code}" + echo "Deployer config file: $deployer_config_information" + if [ -f "$deployer_config_information" ]; then + load_config_vars "${deployer_config_information}" "keyvault" + load_config_vars "${deployer_config_information}" "REMOTE_STATE_RG" + load_config_vars "${deployer_config_information}" "REMOTE_STATE_SA" + load_config_vars "${deployer_config_information}" "tfstate_resource_id" + load_config_vars "${deployer_config_information}" "deployer_tfstate_key" if [ -z "$tfstate_resource_id" ]; then echo "No tfstate_resource_id" if [ -n "$deployer_environment" ]; then @@ -320,6 +502,8 @@ if [ -z "$tfstate_resource_id" ]; then load_config_vars "${deployer_config_information}" "tfstate_resource_id" load_config_vars "${deployer_config_information}" "deployer_tfstate_key" + save_config_vars "${workload_config_information}" \ + tfstate_resource_id save_config_vars "${workload_config_information}" \ tfstate_resource_id @@ -331,10 +515,20 @@ if [ -z "$tfstate_resource_id" ]; then REMOTE_STATE_RG fi fi + save_config_vars "${workload_config_information}" \ + keyvault \ + subscription \ + deployer_tfstate_key \ + REMOTE_STATE_SA \ + REMOTE_STATE_RG + fi + fi else echo "Terraform Storage Account Id: $tfstate_resource_id" + echo "Terraform Storage Account Id: $tfstate_resource_id" + save_config_vars "${workload_config_information}" \ save_config_vars "${workload_config_information}" \ tfstate_resource_id fi @@ -346,6 +540,17 @@ param_dirname=$(pwd) var_file="${param_dirname}"/"${parameterfile}" export TF_DATA_DIR="${param_dirname}/.terraform" +if [ -n "$subscription" ]; then + if is_valid_guid "$subscription"; then + echo "" + export ARM_SUBSCRIPTION_ID="${subscription}" + else + printf -v val %-40.40s "$subscription" + echo "#########################################################################################" + echo "# #" + echo -e "# The provided subscription is not valid:$boldred ${val} $resetformatting# " + echo "# #" + echo "#########################################################################################" if [ -n "$subscription" ]; then if is_valid_guid "$subscription"; then echo "" @@ -358,56 +563,57 @@ if [ -n "$subscription" ]; then echo "# #" echo "#########################################################################################" + echo "The provided subscription is not valid: ${val}" >"${workload_config_information}".err echo "The provided subscription is not valid: ${val}" >"${workload_config_information}".err exit 65 fi + exit 65 + fi fi if [ 0 = "${deploy_using_msi_only:-}" ]; then - if [ -n "$client_id" ] - then - if is_valid_guid "$client_id" ; then - echo "" - else - printf -v val %-40.40s "$client_id" - echo "#########################################################################################" - echo "# #" - echo -e "# The provided spn_id is not valid:$boldred ${val} $resetformatting #" - echo "# #" - echo "#########################################################################################" - exit 65 - fi + if [ -n "$client_id" ]; then + if is_valid_guid "$client_id"; then + echo "" + else + printf -v val %-40.40s "$client_id" + echo "#########################################################################################" + echo "# #" + echo -e "# The provided spn_id is not valid:$boldred ${val} $resetformatting #" + echo "# #" + echo "#########################################################################################" + exit 65 fi + fi - if [ -n "$tenant_id" ] - then - if is_valid_guid "$tenant_id" ; then - echo "Valid tenant id format" - else - printf -v val %-40.40s "$tenant_id" - echo "#########################################################################################" - echo "# #" - echo -e "# The provided tenant_id is not valid:$boldred ${val} $resetformatting #" - echo "# #" - echo "#########################################################################################" - exit 65 - fi - - fi - #setting the user environment variables - if [ -n "${spn_secret}" ] - then - set_executing_user_environment_variables "${spn_secret}" + if [ -n "$tenant_id" ]; then + if is_valid_guid "$tenant_id"; then + echo "Valid tenant id format" else - set_executing_user_environment_variables "none" + printf -v val %-40.40s "$tenant_id" + echo "#########################################################################################" + echo "# #" + echo -e "# The provided tenant_id is not valid:$boldred ${val} $resetformatting #" + echo "# #" + echo "#########################################################################################" + exit 65 fi + + fi + #setting the user environment variables + if [ -n "${spn_secret}" ]; then + set_executing_user_environment_variables "${spn_secret}" + else + set_executing_user_environment_variables "none" + fi else - #setting the user environment variables - set_executing_user_environment_variables "N/A" + #setting the user environment variables + set_executing_user_environment_variables "N/A" fi if [[ -z ${REMOTE_STATE_SA} ]]; then load_config_vars "${workload_config_information}" "REMOTE_STATE_SA" + load_config_vars "${workload_config_information}" "REMOTE_STATE_SA" fi load_config_vars "${workload_config_information}" "REMOTE_STATE_RG" @@ -415,35 +621,51 @@ load_config_vars "${workload_config_information}" "tfstate_resource_id" if [[ -z ${STATE_SUBSCRIPTION} ]]; then load_config_vars "${workload_config_information}" "STATE_SUBSCRIPTION" + load_config_vars "${workload_config_information}" "STATE_SUBSCRIPTION" fi if [[ -z ${subscription} ]]; then load_config_vars "${workload_config_information}" "subscription" + load_config_vars "${workload_config_information}" "subscription" fi if [[ -z ${deployer_tfstate_key} ]]; then load_config_vars "${workload_config_information}" "deployer_tfstate_key" + load_config_vars "${workload_config_information}" "deployer_tfstate_key" fi +if [ -n "$tfstate_resource_id" ]; then + REMOTE_STATE_RG=$(echo "$tfstate_resource_id" | cut -d / -f5) + REMOTE_STATE_SA=$(echo "$tfstate_resource_id" | cut -d / -f9) + STATE_SUBSCRIPTION=$(echo "$tfstate_resource_id" | cut -d / -f3) if [ -n "$tfstate_resource_id" ]; then REMOTE_STATE_RG=$(echo "$tfstate_resource_id" | cut -d / -f5) REMOTE_STATE_SA=$(echo "$tfstate_resource_id" | cut -d / -f9) STATE_SUBSCRIPTION=$(echo "$tfstate_resource_id" | cut -d / -f3) + save_config_vars "${workload_config_information}" \ save_config_vars "${workload_config_information}" \ REMOTE_STATE_SA \ REMOTE_STATE_RG \ STATE_SUBSCRIPTION else get_and_store_sa_details ${REMOTE_STATE_SA} ${workload_config_information} + get_and_store_sa_details ${REMOTE_STATE_SA} ${workload_config_information} fi - -if [ -z "$subscription" ] -then - subscription="${STATE_SUBSCRIPTION}" +if [ -z "$subscription" ]; then + subscription="${STATE_SUBSCRIPTION}" fi +if [ -z "$REMOTE_STATE_SA" ]; then + if [ -z "$REMOTE_STATE_RG" ]; then + load_config_vars "${workload_config_information}" "tfstate_resource_id" + if [ -n "${tfstate_resource_id}" ]; then + REMOTE_STATE_RG=$(echo "$tfstate_resource_id" | cut -d / -f5) + REMOTE_STATE_SA=$(echo "$tfstate_resource_id" | cut -d / -f9) + STATE_SUBSCRIPTION=$(echo "$tfstate_resource_id" | cut -d / -f3) + fi + fi if [ -z "$REMOTE_STATE_SA" ]; then if [ -z "$REMOTE_STATE_RG" ]; then load_config_vars "${workload_config_information}" "tfstate_resource_id" @@ -455,6 +677,7 @@ if [ -z "$REMOTE_STATE_SA" ]; then fi tfstate_parameter=" -var tfstate_resource_id=${tfstate_resource_id}" + tfstate_parameter=" -var tfstate_resource_id=${tfstate_resource_id}" else if [ -z "$REMOTE_STATE_RG" ]; then get_and_store_sa_details "${REMOTE_STATE_SA}" "${workload_config_information}" @@ -462,81 +685,89 @@ else load_config_vars "${workload_config_information}" "REMOTE_STATE_RG" load_config_vars "${workload_config_information}" "tfstate_resource_id" fi + if [ -z "$REMOTE_STATE_RG" ]; then + get_and_store_sa_details "${REMOTE_STATE_SA}" "${workload_config_information}" + load_config_vars "${workload_config_information}" "STATE_SUBSCRIPTION" + load_config_vars "${workload_config_information}" "REMOTE_STATE_RG" + load_config_vars "${workload_config_information}" "tfstate_resource_id" + fi fi +useSAS=$(az storage account show --name "${REMOTE_STATE_SA}" --query allowSharedKeyAccess --subscription "${STATE_SUBSCRIPTION}" --out tsv) useSAS=$(az storage account show --name "${REMOTE_STATE_SA}" --query allowSharedKeyAccess --subscription "${STATE_SUBSCRIPTION}" --out tsv) -if [ "$useSAS" = "true" ] ; then - echo "Storage Account authentication: key" - export ARM_USE_AZUREAD=false +if [ "$useSAS" = "true" ]; then + echo "Storage Account authentication: key" + export ARM_USE_AZUREAD=false else - echo "Storage Account authentication: Entra ID" - export ARM_USE_AZUREAD=true + echo "Storage Account authentication: Entra ID" + export ARM_USE_AZUREAD=true fi if [ 1 = "${deploy_using_msi_only:-}" ]; then - if [ -n "${keyvault}" ] - then - echo "Setting the secrets" + if [ -n "${keyvault}" ]; then + echo "Setting the secrets" - allParams=$(printf " --workload --environment %s --region %s --vault %s --keyvault_subscription %s --subscription %s --msi " "${environment}" "${region_code}" "${keyvault}" "${STATE_SUBSCRIPTION}" "${ARM_SUBSCRIPTION_ID}" ) + allParams=$(printf " --workload --environment %s --region %s --vault %s --keyvault_subscription %s --subscription %s --msi " "${environment}" "${region_code}" "${keyvault}" "${STATE_SUBSCRIPTION}" "${ARM_SUBSCRIPTION_ID}") - echo "Calling set_secrets with: ${allParams}" + echo "Calling set_secrets with: ${allParams}" - "${SAP_AUTOMATION_REPO_PATH}"/deploy/scripts/set_secrets.sh ${allParams} + "${SAP_AUTOMATION_REPO_PATH}"/deploy/scripts/set_secrets.sh ${allParams} - if [ -f secret.err ]; then - error_message=$(cat secret.err) - echo "##vso[task.logissue type=error]${error_message}" - rm secret.err - exit 65 - fi + if [ -f secret.err ]; then + error_message=$(cat secret.err) + echo "##vso[task.logissue type=error]${error_message}" + rm secret.err + exit 65 fi + fi else - if [ -n "${keyvault}" ] - then - echo "Setting the secrets" + if [ -n "${keyvault}" ]; then + echo "Setting the secrets" - save_config_var "client_id" "${workload_config_information}" - save_config_var "tenant_id" "${workload_config_information}" + save_config_var "client_id" "${workload_config_information}" + save_config_var "tenant_id" "${workload_config_information}" - if [ -n "$spn_secret" ] - then - fixed_allParams=$(printf " --workload --environment %s --region %s --vault %s --subscription %s --spn_secret ***** --keyvault_subscription %s --spn_id %s --tenant_id %s " "${environment}" "${region_code}" "${keyvault}" "${ARM_SUBSCRIPTION_ID}" "${STATE_SUBSCRIPTION}" "${client_id}" "${tenant_id}" ) + if [ -n "$spn_secret" ]; then + fixed_allParams=$(printf " --workload --environment %s --region %s --vault %s --subscription %s --spn_secret ***** --keyvault_subscription %s --spn_id %s --tenant_id %s " "${environment}" "${region_code}" "${keyvault}" "${ARM_SUBSCRIPTION_ID}" "${STATE_SUBSCRIPTION}" "${client_id}" "${tenant_id}") - echo "Calling set_secrets with: ${fixed_allParams}" + echo "Calling set_secrets with: ${fixed_allParams}" - allParams=$(printf " --workload --environment %s --region %s --vault %s --spn_secret %s --subscription %s --keyvault_subscription %s --spn_id %s --tenant_id %s " "${environment}" "${region_code}" "${keyvault}" "${spn_secret}" "${ARM_SUBSCRIPTION_ID}" "${STATE_SUBSCRIPTION}" "${client_id}" "${tenant_id}" ) + allParams=$(printf " --workload --environment %s --region %s --vault %s --spn_secret %s --subscription %s --keyvault_subscription %s --spn_id %s --tenant_id %s " "${environment}" "${region_code}" "${keyvault}" "${spn_secret}" "${ARM_SUBSCRIPTION_ID}" "${STATE_SUBSCRIPTION}" "${client_id}" "${tenant_id}") - "${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/set_secrets.sh" ${allParams} + "${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/set_secrets.sh" ${allParams} - if [ -f secret.err ]; then - error_message=$(cat secret.err) - echo "##vso[task.logissue type=error]${error_message}" + if [ -f secret.err ]; then + error_message=$(cat secret.err) + echo "##vso[task.logissue type=error]${error_message}" - exit 65 - fi - else - read -p "Do you want to specify the Workload SPN Details Y/N?" ans - answer=${ans^^} - if [ ${answer} == 'Y' ]; then - allParams=$(printf " --workload --environment %s --region %s --vault %s --subscription %s --spn_id %s " "${environment}" "${region_code}" "${keyvault}" "${STATE_SUBSCRIPTION}" "${client_id}" ) - - "${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/set_secrets.sh ${allParams}" - if [ $? -eq 255 ] - then - exit $? - fi - fi - fi + exit 65 + fi + else + read -p "Do you want to specify the Workload SPN Details Y/N?" ans + answer=${ans^^} + if [ ${answer} == 'Y' ]; then + allParams=$(printf " --workload --environment %s --region %s --vault %s --subscription %s --spn_id %s " "${environment}" "${region_code}" "${keyvault}" "${STATE_SUBSCRIPTION}" "${client_id}") - if [ -f kv.log ] - then - rm kv.log + "${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/set_secrets.sh ${allParams}" + if [ $? -eq 255 ]; then + exit $? fi + fi fi + + if [ -f kv.log ]; then + rm kv.log + fi + fi fi +if [ -z "${deployer_tfstate_key}" ]; then + load_config_vars "${workload_config_information}" "deployer_tfstate_key" + if [ -n "${deployer_tfstate_key}" ]; then + # Deployer state was specified in $CONFIG_REPO_PATH/.sap_deployment_automation library config + deployer_tfstate_key_parameter=" -var deployer_tfstate_key=${deployer_tfstate_key}" + fi if [ -z "${deployer_tfstate_key}" ]; then load_config_vars "${workload_config_information}" "deployer_tfstate_key" if [ -n "${deployer_tfstate_key}" ]; then @@ -546,6 +777,8 @@ if [ -z "${deployer_tfstate_key}" ]; then else deployer_tfstate_key_parameter=" -var deployer_tfstate_key=${deployer_tfstate_key}" save_config_vars "${workload_config_information}" deployer_tfstate_key + deployer_tfstate_key_parameter=" -var deployer_tfstate_key=${deployer_tfstate_key}" + save_config_vars "${workload_config_information}" deployer_tfstate_key fi if [ -z "${REMOTE_STATE_SA}" ]; then @@ -554,7 +787,13 @@ if [ -z "${REMOTE_STATE_SA}" ]; then load_config_vars "${workload_config_information}" "STATE_SUBSCRIPTION" load_config_vars "${workload_config_information}" "REMOTE_STATE_RG" load_config_vars "${workload_config_information}" "tfstate_resource_id" + read -p "Terraform state storage account name:" REMOTE_STATE_SA + get_and_store_sa_details "${REMOTE_STATE_SA}" "${workload_config_information}" + load_config_vars "${workload_config_information}" "STATE_SUBSCRIPTION" + load_config_vars "${workload_config_information}" "REMOTE_STATE_RG" + load_config_vars "${workload_config_information}" "tfstate_resource_id" + tfstate_parameter=" -var tfstate_resource_id=${tfstate_resource_id}" tfstate_parameter=" -var tfstate_resource_id=${tfstate_resource_id}" if [ -n "${STATE_SUBSCRIPTION}" ]; then @@ -563,9 +802,20 @@ if [ -z "${REMOTE_STATE_SA}" ]; then account_set=1 fi fi + if [ -n "${STATE_SUBSCRIPTION}" ]; then + if [ $account_set == 0 ]; then + az account set --sub "${STATE_SUBSCRIPTION}" + account_set=1 + fi + fi fi if [ -z "${REMOTE_STATE_RG}" ]; then + if [ -n "${REMOTE_STATE_SA}" ]; then + get_and_store_sa_details ${REMOTE_STATE_SA} "${workload_config_information}" + load_config_vars "${workload_config_information}" "STATE_SUBSCRIPTION" + load_config_vars "${workload_config_information}" "REMOTE_STATE_RG" + load_config_vars "${workload_config_information}" "tfstate_resource_id" if [ -n "${REMOTE_STATE_SA}" ]; then get_and_store_sa_details ${REMOTE_STATE_SA} "${workload_config_information}" load_config_vars "${workload_config_information}" "STATE_SUBSCRIPTION" @@ -578,18 +828,42 @@ if [ -z "${REMOTE_STATE_RG}" ]; then read -p "Remote state resource group name:" REMOTE_STATE_RG save_config_vars "${workload_config_information}" REMOTE_STATE_RG fi + tfstate_parameter=" -var tfstate_resource_id=${tfstate_resource_id}" + else + option="REMOTE_STATE_RG" + read -p "Remote state resource group name:" REMOTE_STATE_RG + save_config_vars "${workload_config_information}" REMOTE_STATE_RG + fi fi +if [ -n "${tfstate_resource_id}" ]; then + tfstate_parameter=" -var tfstate_resource_id=${tfstate_resource_id}" if [ -n "${tfstate_resource_id}" ]; then tfstate_parameter=" -var tfstate_resource_id=${tfstate_resource_id}" else get_and_store_sa_details ${REMOTE_STATE_SA} "${workload_config_information}" load_config_vars "${workload_config_information}" "tfstate_resource_id" tfstate_parameter=" -var tfstate_resource_id=${tfstate_resource_id}" + get_and_store_sa_details ${REMOTE_STATE_SA} "${workload_config_information}" + load_config_vars "${workload_config_information}" "tfstate_resource_id" + tfstate_parameter=" -var tfstate_resource_id=${tfstate_resource_id}" fi +terraform_module_directory="$(realpath "${SAP_AUTOMATION_REPO_PATH}"/deploy/terraform/run/"${deployment_system}")" terraform_module_directory="$(realpath "${SAP_AUTOMATION_REPO_PATH}"/deploy/terraform/run/"${deployment_system}")" +if [ ! -d "${terraform_module_directory}" ]; then + printf -v val %-40.40s "$deployment_system" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldred Incorrect system deployment type specified: ${val}$resetformatting#" + echo "# #" + echo "# Valid options are: #" + echo "# sap_landscape #" + echo "# #" + echo "#########################################################################################" + echo "" + exit 1 if [ ! -d "${terraform_module_directory}" ]; then printf -v val %-40.40s "$deployment_system" echo "#########################################################################################" @@ -611,14 +885,14 @@ new_deployment=false isInCloudShellCheck=$(checkIfCloudShell) if checkIfCloudShell; then - mkdir -p "${HOME}/.terraform.d/plugin-cache" - export TF_PLUGIN_CACHE_DIR="${HOME}/.terraform.d/plugin-cache" + mkdir -p "${HOME}/.terraform.d/plugin-cache" + export TF_PLUGIN_CACHE_DIR="${HOME}/.terraform.d/plugin-cache" else - if [ ! -d /opt/terraform/.terraform.d/plugin-cache ]; then - mkdir -p /opt/terraform/.terraform.d/plugin-cache - sudo chown -R "$USER" /opt/terraform - fi - export TF_PLUGIN_CACHE_DIR=/opt/terraform/.terraform.d/plugin-cache + if [ ! -d /opt/terraform/.terraform.d/plugin-cache ]; then + mkdir -p /opt/terraform/.terraform.d/plugin-cache + sudo chown -R "$USER" /opt/terraform + fi + export TF_PLUGIN_CACHE_DIR=/opt/terraform/.terraform.d/plugin-cache fi root_dirname=$(pwd) @@ -632,6 +906,12 @@ echo "Resource Group: ${REMOTE_STATE_RG}" echo "State file: ${key}.terraform.tfstate" echo "Target subscription: ${ARM_SUBSCRIPTION_ID}" +if [ ! -d ./.terraform/ ]; then + terraform -chdir="${terraform_module_directory}" init -upgrade=true \ + --backend-config "subscription_id=${STATE_SUBSCRIPTION}" \ + --backend-config "resource_group_name=${REMOTE_STATE_RG}" \ + --backend-config "storage_account_name=${REMOTE_STATE_SA}" \ + --backend-config "container_name=tfstate" \ if [ ! -d ./.terraform/ ]; then terraform -chdir="${terraform_module_directory}" init -upgrade=true \ --backend-config "subscription_id=${STATE_SUBSCRIPTION}" \ @@ -640,7 +920,10 @@ if [ ! -d ./.terraform/ ]; then --backend-config "container_name=tfstate" \ --backend-config "key=${key}.terraform.tfstate" return_value=$? + return_value=$? else + temp=$(grep "\"type\": \"local\"" .terraform/terraform.tfstate) + if [ -n "${temp}" ]; then temp=$(grep "\"type\": \"local\"" .terraform/terraform.tfstate) if [ -n "${temp}" ]; then @@ -661,7 +944,33 @@ else --backend-config "key=${key}.terraform.tfstate" return_value=$? fi + terraform -chdir="${terraform_module_directory}" init -upgrade=true -force-copy \ + --backend-config "subscription_id=${STATE_SUBSCRIPTION}" \ + --backend-config "resource_group_name=${REMOTE_STATE_RG}" \ + --backend-config "storage_account_name=${REMOTE_STATE_SA}" \ + --backend-config "container_name=tfstate" \ + --backend-config "key=${key}.terraform.tfstate" + return_value=$? + else + check_output=1 + terraform -chdir="${terraform_module_directory}" init -upgrade=true -reconfigure \ + --backend-config "subscription_id=${STATE_SUBSCRIPTION}" \ + --backend-config "resource_group_name=${REMOTE_STATE_RG}" \ + --backend-config "storage_account_name=${REMOTE_STATE_SA}" \ + --backend-config "container_name=tfstate" \ + --backend-config "key=${key}.terraform.tfstate" + return_value=$? + fi fi +if [ 0 != $return_value ]; then + echo "#########################################################################################" + echo "# #" + echo -e "# $boldreduscore!!! Error when Initializing !!!$resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" + echo "Terraform initialization failed" >"${workload_config_information}".err + exit $return_value if [ 0 != $return_value ]; then echo "#########################################################################################" echo "# #" @@ -688,6 +997,24 @@ save_config_var "subscription" "${workload_config_information}" save_config_var "STATE_SUBSCRIPTION" "${workload_config_information}" save_config_var "tfstate_resource_id" "${workload_config_information}" +if [ 1 == $check_output ]; then + outputs=$(terraform -chdir="${terraform_module_directory}" output) + if echo "${outputs}" | grep "No outputs"; then + ok_to_proceed=true + new_deployment=true + echo "#########################################################################################" + echo "# #" + echo -e "# $cyan New deployment $resetformatting #" + echo "# #" + echo "#########################################################################################" + else + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $cyan Existing deployment was detected $resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" if [ 1 == $check_output ]; then outputs=$(terraform -chdir="${terraform_module_directory}" output) if echo "${outputs}" | grep "No outputs"; then @@ -707,11 +1034,30 @@ if [ 1 == $check_output ]; then echo "#########################################################################################" echo "" + workloadkeyvault=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw workloadzone_kv_name | tr -d \") + if valid_kv_name "$workloadkeyvault"; then + save_config_var "workloadkeyvault" "${workload_config_information}" + fi workloadkeyvault=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw workloadzone_kv_name | tr -d \") if valid_kv_name "$workloadkeyvault"; then save_config_var "workloadkeyvault" "${workload_config_information}" fi + deployed_using_version=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw automation_version) + if [ -z "${deployed_using_version}" ]; then + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldred The environment was deployed using an older version of the Terrafrom templates $resetformatting #" + echo "# #" + echo "# !!! Risk for Data loss !!! #" + echo "# #" + echo "# Please inspect the output of Terraform plan carefully before proceeding #" + echo "# #" + echo "#########################################################################################" + if [ 1 == $called_from_ado ]; then + unset TF_DATA_DIR + echo "The environment was deployed using an older version of the Terrafrom templates, Risk for data loss" >"${workload_config_information}".err deployed_using_version=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw automation_version) if [ -z "${deployed_using_version}" ]; then echo "" @@ -730,6 +1076,8 @@ if [ 1 == $check_output ]; then exit 1 fi + exit 1 + fi read -p "Do you want to continue Y/N?" ans answer=${ans^^} @@ -751,6 +1099,26 @@ if [ 1 == $check_output ]; then #Add version logic here fi fi + read -p "Do you want to continue Y/N?" ans + answer=${ans^^} + if [ $answer == 'Y' ]; then + ok_to_proceed=true + else + unset TF_DATA_DIR + exit 1 + fi + else + printf -v val %-.20s "$deployed_using_version" + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $cyan Deployed using the Terraform templates version: $val $resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" + #Add version logic here + fi + fi fi # ip_saved=0 @@ -791,14 +1159,28 @@ echo "# echo "#########################################################################################" echo "" -if [ 1 == $called_from_ado ] ; then - terraform -chdir="${terraform_module_directory}" plan -no-color -detailed-exitcode -var-file=${var_file} $tfstate_parameter $deployer_tfstate_key_parameter | tee -a plan_output.log +if [ 1 == $called_from_ado ]; then + terraform -chdir="${terraform_module_directory}" plan -no-color -detailed-exitcode -var-file=${var_file} $tfstate_parameter $deployer_tfstate_key_parameter | tee -a plan_output.log else - terraform -chdir="${terraform_module_directory}" plan -detailed-exitcode -var-file=${var_file} $tfstate_parameter $deployer_tfstate_key_parameter | tee -a plan_output.log + terraform -chdir="${terraform_module_directory}" plan -detailed-exitcode -var-file=${var_file} $tfstate_parameter $deployer_tfstate_key_parameter | tee -a plan_output.log fi return_value=$? echo "Terraform Plan return code: $return_value" +if [ 1 == $return_value ]; then + echo "#########################################################################################" + echo "# #" + echo -e "# $boldreduscore Errors running plan $resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" + if [ -f plan_output.log ]; then + cat plan_output.log + rm plan_output.log + fi + unset TF_DATA_DIR + echo "Errors running Terraform plan" >"${workload_config_information}".err + exit $return_value if [ 1 == $return_value ]; then echo "#########################################################################################" echo "# #" @@ -817,23 +1199,30 @@ fi echo "TEST_ONLY: " $TEST_ONLY if [ "${TEST_ONLY}" == "True" ]; then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $cyan Running plan only. $resetformatting #" - echo "# #" - echo "# No deployment performed. #" - echo "# #" - echo "#########################################################################################" - echo "" - exit 0 + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $cyan Running plan only. $resetformatting #" + echo "# #" + echo "# No deployment performed. #" + echo "# #" + echo "#########################################################################################" + echo "" + exit 0 fi ok_to_proceed=0 if [ -f plan_output.log ]; then cat plan_output.log LASTERROR=$(grep -m1 'Error: ' plan_output.log) + cat plan_output.log + LASTERROR=$(grep -m1 'Error: ' plan_output.log) + if [ -n "${LASTERROR}" ]; then + echo "3" + if [ 1 == $called_from_ado ]; then + echo "##vso[task.logissue type=error]$LASTERROR" + fi if [ -n "${LASTERROR}" ]; then echo "3" if [ 1 == $called_from_ado ]; then @@ -842,13 +1231,24 @@ if [ -f plan_output.log ]; then return_value=1 fi + return_value=1 + fi fi +if [ 0 == $return_value ]; then + if [ -f plan_output.log ]; then + rm plan_output.log + fi if [ 0 == $return_value ]; then if [ -f plan_output.log ]; then rm plan_output.log fi + workloadkeyvault=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw workloadzone_kv_name | tr -d \") + if valid_kv_name "$workloadkeyvault"; then + save_config_var "workloadkeyvault" "${workload_config_information}" + fi + save_config_vars "landscape_tfstate_key" "${workload_config_information}" workloadkeyvault=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw workloadzone_kv_name | tr -d \") if valid_kv_name "$workloadkeyvault"; then save_config_var "workloadkeyvault" "${workload_config_information}" @@ -856,8 +1256,26 @@ if [ 0 == $return_value ]; then save_config_vars "landscape_tfstate_key" "${workload_config_information}" ok_to_proceed=1 + ok_to_proceed=1 fi +if [ 2 == $return_value ]; then + test=$(grep kv_user plan_output.log | grep -m1 replaced) + if [ -n "${test}" ]; then + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldred !!! Risk for Data loss !!! $resetformatting #" + echo "# #" + echo "# Please inspect the output of Terraform plan carefully before proceeding #" + echo "# #" + echo "#########################################################################################" + echo "" + if [ 1 == $called_from_ado ]; then + unset TF_DATA_DIR + exit 1 + fi + read -n 1 -r -s -p $'Press enter to continue...\n' if [ 2 == $return_value ]; then test=$(grep kv_user plan_output.log | grep -m1 replaced) if [ -n "${test}" ]; then @@ -876,6 +1294,13 @@ if [ 2 == $return_value ]; then fi read -n 1 -r -s -p $'Press enter to continue...\n' + cat plan_output.log + read -p "Do you want to continue with the deployment Y/N?" ans + answer=${ans^^} + if [ $answer == 'Y' ]; then + ok_to_proceed=1 + else + unset TF_DATA_DIR cat plan_output.log read -p "Do you want to continue with the deployment Y/N?" ans answer=${ans^^} @@ -888,6 +1313,11 @@ if [ 2 == $return_value ]; then fi else ok_to_proceed=1 + fi + exit 0 + fi + else + ok_to_proceed=1 fi fi return_value=0 @@ -899,39 +1329,50 @@ if [ 1 == $ok_to_proceed ]; then echo "# #" echo "#########################################################################################" echo "" + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $cyan Running Terraform apply $resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" + parallelism=10 parallelism=10 + #Provide a way to limit the number of parallell tasks for Terraform + if [[ -n "${TF_PARALLELLISM}" ]]; then + parallelism=$TF_PARALLELLISM + fi #Provide a way to limit the number of parallell tasks for Terraform if [[ -n "${TF_PARALLELLISM}" ]]; then parallelism=$TF_PARALLELLISM fi - if [ 1 == $called_from_ado ] ; then - terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -no-color -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter -json | tee -a apply_output.json + if [ 1 == $called_from_ado ]; then + terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -no-color -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter -json | tee -a apply_output.json + else + if [ -n "${approve}" ]; then + terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter -json | tee -a apply_output.json else - if [ -n "${approve}" ] - then - terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter -json | tee -a apply_output.json - else - terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter - fi + terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter + fi fi + fi return_value=$? + return_value=$? fi rerun_apply=0 -if [ -f apply_output.json ] -then - # Check for resource that can be imported - existing=$(jq 'select(."@level" == "error") | {address: .diagnostic.address, summary: .diagnostic.summary} | select(.summary | startswith("A resource with the ID"))' apply_output.json) - if [[ -n ${existing} ]] - then +if [ -f apply_output.json ]; then + # Check for resource that can be imported + existing=$(jq 'select(."@level" == "error") | {address: .diagnostic.address, summary: .diagnostic.summary} | select(.summary | startswith("A resource with the ID"))' apply_output.json) + if [[ -n ${existing} ]]; then readarray -t existing_resources < <(echo ${existing} | jq -c '.') for item in "${existing_resources[@]}"; do @@ -942,6 +1383,15 @@ then echo terraform -chdir="${terraform_module_directory}" import $allParamsforImport $moduleID $resourceID terraform -chdir="${terraform_module_directory}" import $allParamsforImport $moduleID $resourceID done + readarray -t existing_resources < <(echo ${existing} | jq -c '.') + for item in "${existing_resources[@]}"; do + moduleID=$(jq -c -r '.address ' <<<"$item") + resourceID=$(jq -c -r '.summary' <<<"$item" | awk -F'\"' '{print $2}') + echo "Trying to import" $resourceID "into" $moduleID + allParamsforImport=$(printf " -var-file=%s %s %s %s %s %s %s %s " "${var_file}" "${extra_vars}" "${tfstate_parameter}" "${landscape_tfstate_key_parameter}" "${deployer_tfstate_key_parameter}" "${deployment_parameter}" "${version_parameter} ") + echo terraform -chdir="${terraform_module_directory}" import $allParamsforImport $moduleID $resourceID + terraform -chdir="${terraform_module_directory}" import $allParamsforImport $moduleID $resourceID + done rerun_apply=1 rm apply_output.json @@ -960,9 +1410,31 @@ then terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter -json | tee -a apply_output.json fi return_value=$? + rerun_apply=1 + rm apply_output.json + echo "" + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $cyan Re running Terraform apply$resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" + echo "" + if [ 1 == $called_from_ado ]; then + terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -no-color -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter -json | tee -a apply_output.json + else + terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter -json | tee -a apply_output.json + fi + return_value=$? fi + fi + if [ -f apply_output.json ]; then + # Check for resource that can be imported + existing=$(jq 'select(."@level" == "error") | {address: .diagnostic.address, summary: .diagnostic.summary} | select(.summary | startswith("A resource with the ID"))' apply_output.json) + if [[ -n ${existing} ]]; then if [ -f apply_output.json ]; then # Check for resource that can be imported existing=$(jq 'select(."@level" == "error") | {address: .diagnostic.address, summary: .diagnostic.summary} | select(.summary | startswith("A resource with the ID"))' apply_output.json) @@ -977,9 +1449,37 @@ then echo terraform -chdir="${terraform_module_directory}" import $allParamsforImport $moduleID $resourceID terraform -chdir="${terraform_module_directory}" import $allParamsforImport $moduleID $resourceID done + readarray -t existing_resources < <(echo ${existing} | jq -c '.') + for item in "${existing_resources[@]}"; do + moduleID=$(jq -c -r '.address ' <<<"$item") + resourceID=$(jq -c -r '.summary' <<<"$item" | awk -F'\"' '{print $2}') + echo "Trying to import" $resourceID "into" $moduleID + allParamsforImport=$(printf " -var-file=%s %s %s %s %s %s %s %s " "${var_file}" "${extra_vars}" "${tfstate_parameter}" "${landscape_tfstate_key_parameter}" "${deployer_tfstate_key_parameter}" "${deployment_parameter}" "${version_parameter} ") + echo terraform -chdir="${terraform_module_directory}" import $allParamsforImport $moduleID $resourceID + terraform -chdir="${terraform_module_directory}" import $allParamsforImport $moduleID $resourceID + done rerun_apply=1 fi + if [ $rerun_apply == 1 ]; then + echo "" + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $cyan Re running Terraform apply$resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" + echo "" + if [ 1 == $called_from_ado ]; then + terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -no-color -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter -json | tee -a apply_output.json + else + terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter -json | tee -a apply_output.json + fi + return_value=$? + fi + rerun_apply=1 + fi if [ $rerun_apply == 1 ]; then echo "" echo "" @@ -998,17 +1498,38 @@ then return_value=$? fi + return_value=0 + errors_occurred=$(jq 'select(."@level" == "error") | length' apply_output.json) return_value=0 errors_occurred=$(jq 'select(."@level" == "error") | length' apply_output.json) + cat apply_output.json cat apply_output.json + if [[ -n $errors_occurred ]]; then + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldreduscore!Errors during the apply phase!$resetformatting #" if [[ -n $errors_occurred ]]; then echo "" echo "#########################################################################################" echo "# #" echo -e "# $boldreduscore!Errors during the apply phase!$resetformatting #" + return_value=2 + all_errors=$(jq 'select(."@level" == "error") | {summary: .diagnostic.summary, detail: .diagnostic.detail} | select(.summary ) ' apply_output.json) + if [[ -n ${all_errors} ]]; then + readarray -t errors_strings < <(echo ${all_errors} | jq -c '.') + for errors_string in "${errors_strings[@]}"; do + string_to_report=$(jq -c -r '.detail ' <<<"$errors_string") + if [[ -z ${string_to_report} ]]; then + string_to_report=$(jq -c -r '.summary ' <<<"$errors_string") + fi + report=$(echo $string_to_report | grep -m1 "Message=" "${var_file}" | cut -d'=' -f2- | tr -d ' ' | tr -d '"') + if [[ -n ${report} ]]; then + echo -e "# $boldreduscore $report $resetformatting" + if [ 1 == $called_from_ado ]; then return_value=2 all_errors=$(jq 'select(."@level" == "error") | {summary: .diagnostic.summary, detail: .diagnostic.detail} | select(.summary ) ' apply_output.json) if [[ -n ${all_errors} ]]; then @@ -1037,6 +1558,21 @@ then fi fi fi + echo -e "# $boldreduscore $string_to_report $resetformatting" + roleAssignmentExists=$(echo ${report} | grep -m1 "RoleAssignmentExists") + if [ -z ${roleAssignmentExists} ]; then + echo "##vso[task.logissue type=error]${report}" + fi + fi + else + echo -e "# $boldreduscore $string_to_report $resetformatting" + if [ 1 == $called_from_ado ]; then + roleAssignmentExists=$(echo ${string_to_report} | grep -m1 "RoleAssignmentExists") + if [ -z ${roleAssignmentExists} ]; then + echo "##vso[task.logissue type=error]${string_to_report}" + fi + fi + fi echo -e "# $boldreduscore $string_to_report $resetformatting" done @@ -1044,33 +1580,54 @@ then echo "# #" echo "#########################################################################################" echo "" + done + fi + echo "# #" + echo "#########################################################################################" + echo "" fi fi + fi + fi fi -if [ -f apply_output.json ] -then - rm apply_output.json +if [ -f apply_output.json ]; then + rm apply_output.json fi workload_zone_prefix=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw workload_zone_prefix | tr -d \") save_config_var "workload_zone_prefix" "${workload_config_information}" save_config_var "landscape_tfstate_key" "${workload_config_information}" +if [ 0 == $return_value ]; then if [ 0 == $return_value ]; then save_config_vars "landscape_tfstate_key" "${workload_config_information}" workloadkeyvault=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw workloadzone_kv_name | tr -d \") + save_config_vars "landscape_tfstate_key" "${workload_config_information}" + workloadkeyvault=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw workloadzone_kv_name | tr -d \") + temp=$(echo "${workloadkeyvault}" | grep "Warning") + if [ -z "${temp}" ]; then + temp=$(echo "${workloadkeyvault}" | grep "Backend reinitialization required") + if [ -z "${temp}" ]; then temp=$(echo "${workloadkeyvault}" | grep "Warning") if [ -z "${temp}" ]; then temp=$(echo "${workloadkeyvault}" | grep "Backend reinitialization required") if [ -z "${temp}" ]; then printf -v val %-.20s "$workloadkeyvault" + printf -v val %-.20s "$workloadkeyvault" + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# Keyvault to use for System details:$cyan $val $resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" echo "" echo "#########################################################################################" echo "# #" @@ -1079,12 +1636,15 @@ if [ 0 == $return_value ]; then echo "#########################################################################################" echo "" - save_config_var "workloadkeyvault" "${workload_config_information}" - fi + save_config_var "workloadkeyvault" "${workload_config_information}" fi + fi fi +if [ 0 != $return_value ]; then + unset TF_DATA_DIR + exit $return_value if [ 0 != $return_value ]; then unset TF_DATA_DIR exit $return_value @@ -1094,10 +1654,14 @@ echo "" echo "#########################################################################################" echo "# #" echo -e "# $cyan Creating deployment $resetformatting #" +echo -e "# $cyan Creating deployment $resetformatting #" echo "# #" echo "#########################################################################################" echo "" +if [ -n "${spn_secret}" ]; then + az logout + az login --service-principal --username "${client_id}" --password="${spn_secret}" --tenant "${tenant_id}" --output none if [ -n "${spn_secret}" ]; then az logout az login --service-principal --username "${client_id}" --password="${spn_secret}" --tenant "${tenant_id}" --output none @@ -1106,11 +1670,13 @@ fi full_script_path="$(realpath "${BASH_SOURCE[0]}")" script_directory="$(dirname "${full_script_path}")" +rg_name=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw created_resource_group_name | tr -d \") rg_name=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw created_resource_group_name | tr -d \") az deployment group create --resource-group "${rg_name}" --name "SAP-WORKLOAD-ZONE_${rg_name}" --subscription "${subscription}" --template-file "${script_directory}/templates/empty-deployment.json" --output none now=$(date) cat <"${workload_config_information}".md +cat <"${workload_config_information}".md # Workload Zone Deployment # Date : "${now}" @@ -1136,6 +1702,7 @@ echo "########################################################################## if [ -f "${workload_config_information}".err ]; then cat "${workload_config_information}".err + cat "${workload_config_information}".err fi # echo "" @@ -1175,24 +1742,24 @@ unset TF_DATA_DIR # # ################################################################################# -if [ "$useSAS" = "true" ] ; then - container_exists=$(az storage container exists --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --name tfvars --only-show-errors --query exists) +if [ "$useSAS" = "true" ]; then + container_exists=$(az storage container exists --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --name tfvars --only-show-errors --query exists) else - container_exists=$(az storage container exists --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --name tfvars --only-show-errors --query exists --auth-mode login) + container_exists=$(az storage container exists --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --name tfvars --only-show-errors --query exists --auth-mode login) fi if [ "${container_exists}" == "false" ]; then - if [ "$useSAS" = "true" ] ; then - az storage container create --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --name tfvars --only-show-errors - else - az storage container create --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --name tfvars --auth-mode login --only-show-errors - fi + if [ "$useSAS" = "true" ]; then + az storage container create --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --name tfvars --only-show-errors + else + az storage container create --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --name tfvars --auth-mode login --only-show-errors + fi fi -if [ "$useSAS" = "true" ] ; then - az storage blob upload --file "${parameterfile}" --container-name tfvars/LANDSCAPE/"${key}" --name "${parameterfile_name}" --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --no-progress --overwrite --only-show-errors --output none +if [ "$useSAS" = "true" ]; then + az storage blob upload --file "${parameterfile}" --container-name tfvars/LANDSCAPE/"${key}" --name "${parameterfile_name}" --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --no-progress --overwrite --only-show-errors --output none else - az storage blob upload --file "${parameterfile}" --container-name tfvars/LANDSCAPE/"${key}" --name "${parameterfile_name}" --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --no-progress --overwrite --auth-mode login --only-show-errors --output none + az storage blob upload --file "${parameterfile}" --container-name tfvars/LANDSCAPE/"${key}" --name "${parameterfile_name}" --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --no-progress --overwrite --auth-mode login --only-show-errors --output none fi exit $return_value From 5dca7a752119bae6e9be1e8d1f0bfefb773ba64b Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Wed, 23 Oct 2024 23:03:10 +0300 Subject: [PATCH 36/77] Refactor echo statements in deploy control plane pipeline --- deploy/pipelines/02-sap-workload-zone.yaml | 6 +++--- deploy/scripts/install_workloadzone.sh | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/deploy/pipelines/02-sap-workload-zone.yaml b/deploy/pipelines/02-sap-workload-zone.yaml index bbd2d086c6..30f556216f 100644 --- a/deploy/pipelines/02-sap-workload-zone.yaml +++ b/deploy/pipelines/02-sap-workload-zone.yaml @@ -436,9 +436,9 @@ stages: if [ $USE_MSI != "true" ]; then - echo "Deployment credentials: Service Principal" - echo "Deployment credential ID (SPN): $WL_ARM_CLIENT_ID" - echo "Deployer subscription: $STATE_SUBSCRIPTION" + echo "Deployment credentials: Service Principal" + echo "Deployment credential ID (SPN): $WL_ARM_CLIENT_ID" + echo "Deployer subscription: $STATE_SUBSCRIPTION" export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index 81694b2b8f..c8ee770214 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -588,7 +588,7 @@ if [ 0 = "${deploy_using_msi_only:-}" ]; then if [ -n "$tenant_id" ]; then if is_valid_guid "$tenant_id"; then - echo "Valid tenant id format" + echo "" else printf -v val %-40.40s "$tenant_id" echo "#########################################################################################" From f84d1b97c4c916349a9c8d5b31713acf47a3a48f Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Wed, 23 Oct 2024 23:44:39 +0300 Subject: [PATCH 37/77] Refactor variables_local.tf to improve readability and error handling --- deploy/terraform/run/sap_landscape/variables_local.tf | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/deploy/terraform/run/sap_landscape/variables_local.tf b/deploy/terraform/run/sap_landscape/variables_local.tf index af4562b762..30842e6402 100644 --- a/deploy/terraform/run/sap_landscape/variables_local.tf +++ b/deploy/terraform/run/sap_landscape/variables_local.tf @@ -22,7 +22,10 @@ locals { tfstate_container_name = module.sap_namegenerator.naming.resource_suffixes.tfstate // Retrieve the arm_id of deployer's Key Vault from deployer's terraform.tfstate - spn_key_vault_arm_id = try(local.key_vault.kv_spn_id,data.terraform_remote_state.deployer[0].outputs.deployer_kv_user_arm_id) + spn_key_vault_arm_id = coalesce( + local.key_vault.kv_spn_id, + try(data.terraform_remote_state.deployer[0].outputs.deployer_kv_user_arm_id, "") + ) deployer_subscription_id = coalesce( try(data.terraform_remote_state.deployer[0].outputs.created_resource_group_subscription_id,""), From f81638ef9ce78e219772119b01e1e18d56a7df3a Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Wed, 23 Oct 2024 23:50:24 +0300 Subject: [PATCH 38/77] Refactor variables_local.tf to improve readability and error handling --- deploy/terraform/run/sap_landscape/variables_local.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/terraform/run/sap_landscape/variables_local.tf b/deploy/terraform/run/sap_landscape/variables_local.tf index 30842e6402..37a54894a6 100644 --- a/deploy/terraform/run/sap_landscape/variables_local.tf +++ b/deploy/terraform/run/sap_landscape/variables_local.tf @@ -23,7 +23,7 @@ locals { // Retrieve the arm_id of deployer's Key Vault from deployer's terraform.tfstate spn_key_vault_arm_id = coalesce( - local.key_vault.kv_spn_id, + try(local.key_vault.kv_spn_id,""), try(data.terraform_remote_state.deployer[0].outputs.deployer_kv_user_arm_id, "") ) From 87aaf7853072e1ae33417576a1d1cb18218cb74c Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 00:01:42 +0300 Subject: [PATCH 39/77] Refactor deploy control plane pipeline to include deployer_tfstate_key parameter --- deploy/pipelines/10-remover-terraform.yaml | 15 +++++---------- deploy/scripts/remover.sh | 4 ++-- 2 files changed, 7 insertions(+), 12 deletions(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index 42509262c7..d11d532ce2 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -740,16 +740,9 @@ stages: az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Deployer_State_FileName.value" --out tsv) if [ -n "${az_var}" ]; then - export deployer_tfstate_key="${az_var}" + deployer_tfstate_key="${az_var}" else - export deployer_tfstate_key=$(grep "^deployer_tfstate_key=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) - fi - - az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query $NETWORK"Workload_Zone_State_FileName.value" --out tsv) - if [ -n "${az_var}" ]; then - export landscape_tfstate_key="${az_var}" - else - export landscape_tfstate_key=$(grep "^landscape_tfstate_key=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) + deployer_tfstate_key=$(grep "^STATE_SUBSCRIPTION=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) fi az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Account_Name.value" --out tsv) @@ -825,7 +818,9 @@ stages: --type sap_landscape \ --state_subscription ${STATE_SUBSCRIPTION} \ --storageaccountname "${REMOTE_STATE_SA}" \ - --auto-approve + --auto-approve \ + --deployer_tfstate_key ${deployer_tfstate_key} \ + --ado return_code=$? diff --git a/deploy/scripts/remover.sh b/deploy/scripts/remover.sh index 0c82edee47..06438d64f8 100755 --- a/deploy/scripts/remover.sh +++ b/deploy/scripts/remover.sh @@ -78,7 +78,7 @@ function missing { } #process inputs - may need to check the option i for auto approve as it is not used -INPUT_ARGUMENTS=$(getopt -n remover -o p:o:t:s:ahi --longoptions type:,parameterfile:,storageaccountname:,state_subscription:,ado,auto-approve,help -- "$@") +INPUT_ARGUMENTS=$(getopt -n remover -o p:o:t:s:d:ahi --longoptions type:,parameterfile,deployer_tfstate_key:,storageaccountname:,state_subscription:,ado,auto-approve,help -- "$@") VALID_ARGUMENTS=$? if [ "$VALID_ARGUMENTS" != "0" ]; then @@ -93,6 +93,7 @@ do -p | --parameterfile) parameterfile="$2" ; shift 2 ;; -o | --storageaccountname) REMOTE_STATE_SA="$2" ; shift 2 ;; -s | --state_subscription) STATE_SUBSCRIPTION="$2" ; shift 2 ;; + -d | --deployer_tfstate_key) deployer_tfstate_key="$2" ; shift 2 ;; -t | --type) deployment_system="$2" ; shift 2 ;; -i | --auto-approve) approve="--auto-approve" ; shift ;; -a | --ado) called_from_ado=1 ; shift ;; @@ -105,7 +106,6 @@ done #variables tfstate_resource_id="" tfstate_parameter="" - deployer_tfstate_key_parameter="" landscape_tfstate_key_parameter="" From 3809dfbe2fb8bcf5c3ac2637b643078e099bddc4 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 00:25:30 +0300 Subject: [PATCH 40/77] Refactor deploy control plane pipeline to include deployer_tfstate_key and landscape_tfstate_key parameters --- deploy/pipelines/10-remover-terraform.yaml | 43 ++++++++++++---------- deploy/scripts/remover.sh | 3 +- 2 files changed, 26 insertions(+), 20 deletions(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index d11d532ce2..eeb9c39af3 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -406,35 +406,33 @@ stages: echo "Workload Key Vault: ${workload_key_vault}" echo "TF state subscription: $STATE_SUBSCRIPTION" echo "TF state account: $REMOTE_STATE_SA" - echo "System configuration: $(sap_system_configuration)" + echo "System configuration: $systemConfigurationFile" az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Deployer_State_FileName.value" --out tsv) if [ -n "${az_var}" ]; then - export deployer_tfstate_key="${az_var}" + deployer_tfstate_key="${az_var}" else - export deployer_tfstate_key=$(grep "^deployer_tfstate_key=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) + deployer_tfstate_key=$(grep "^STATE_SUBSCRIPTION=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) fi az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query $NETWORK"Workload_Zone_State_FileName.value" --out tsv) if [ -n "${az_var}" ]; then - export landscape_tfstate_key="${az_var}" + landscape_tfstate_key="${az_var}" else - export landscape_tfstate_key=$(grep "^landscape_tfstate_key=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) + landscape_tfstate_key=$(grep "^landscape_tfstate_key=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) fi - cd $CONFIG_REPO_PATH/SYSTEM/$(sap_system_folder) || exit - - echo "Deployer state file name: $deployer_tfstate_key" - echo "Workload zone state file name: $landscape_tfstate_key" - echo -e "$green--- Run the remover script that destroys the SAP system ---$reset" - - ${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/remover.sh \ - --parameterfile $(sap_system_configuration) \ - --type sap_system \ - --state_subscription "${STATE_SUBSCRIPTION}" \ - --storageaccountname "${REMOTE_STATE_SA}" \ - --auto-approve + cd $CONFIG_REPO_PATH/SYSTEM/$(sap_system_folder) + ${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/remover.sh \ + --parameterfile $(sap_system_configuration) \ + --type sap_system \ + --state_subscription ${STATE_SUBSCRIPTION} \ + --storageaccountname "${REMOTE_STATE_SA}" \ + --deployer_tfstate_key ${deployer_tfstate_key} \ + --landscape_tfstate_key ${landscape_tfstate_key} \ + --auto-approve + return_code=$? return_code=$? echo -e "$green--- Pull latest from DevOps Repository ---$reset" @@ -745,6 +743,13 @@ stages: deployer_tfstate_key=$(grep "^STATE_SUBSCRIPTION=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) fi + az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query $NETWORK"Workload_Zone_State_FileName.value" --out tsv) + if [ -n "${az_var}" ]; then + landscape_tfstate_key="${az_var}" + else + landscape_tfstate_key=$(grep "^landscape_tfstate_key=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) + fi + az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Account_Name.value" --out tsv) if [ -n "${az_var}" ]; then export REMOTE_STATE_SA="${az_var}" @@ -818,9 +823,9 @@ stages: --type sap_landscape \ --state_subscription ${STATE_SUBSCRIPTION} \ --storageaccountname "${REMOTE_STATE_SA}" \ - --auto-approve \ --deployer_tfstate_key ${deployer_tfstate_key} \ - --ado + --landscape_tfstate_key ${landscape_tfstate_key} \ + --auto-approve return_code=$? diff --git a/deploy/scripts/remover.sh b/deploy/scripts/remover.sh index 06438d64f8..798a0cbe8e 100755 --- a/deploy/scripts/remover.sh +++ b/deploy/scripts/remover.sh @@ -78,7 +78,7 @@ function missing { } #process inputs - may need to check the option i for auto approve as it is not used -INPUT_ARGUMENTS=$(getopt -n remover -o p:o:t:s:d:ahi --longoptions type:,parameterfile,deployer_tfstate_key:,storageaccountname:,state_subscription:,ado,auto-approve,help -- "$@") +INPUT_ARGUMENTS=$(getopt -n remover -o p:o:t:s:d:l:ahi --longoptions type:,parameterfile,storageaccountname:,state_subscription:,deployer_tfstate_key:,landscape_tfstate_key:,ado,auto-approve,help -- "$@") VALID_ARGUMENTS=$? if [ "$VALID_ARGUMENTS" != "0" ]; then @@ -94,6 +94,7 @@ do -o | --storageaccountname) REMOTE_STATE_SA="$2" ; shift 2 ;; -s | --state_subscription) STATE_SUBSCRIPTION="$2" ; shift 2 ;; -d | --deployer_tfstate_key) deployer_tfstate_key="$2" ; shift 2 ;; + -l | --landscape_tfstate_key) landscape_tfstate_key="$2" ; shift 2 ;; -t | --type) deployment_system="$2" ; shift 2 ;; -i | --auto-approve) approve="--auto-approve" ; shift ;; -a | --ado) called_from_ado=1 ; shift ;; From 03e5b1533186163c55281fb6930c776582b414c4 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 00:32:24 +0300 Subject: [PATCH 41/77] Refactor echo statement in deploy control plane pipeline --- deploy/pipelines/10-remover-terraform.yaml | 4 +- deploy/scripts/remover.sh | 543 +++++++++++---------- 2 files changed, 280 insertions(+), 267 deletions(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index eeb9c39af3..3e23c4b175 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -406,7 +406,7 @@ stages: echo "Workload Key Vault: ${workload_key_vault}" echo "TF state subscription: $STATE_SUBSCRIPTION" echo "TF state account: $REMOTE_STATE_SA" - echo "System configuration: $systemConfigurationFile" + echo "System configuration: $(sap_system_configuration)" az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Deployer_State_FileName.value" --out tsv) if [ -n "${az_var}" ]; then @@ -423,7 +423,7 @@ stages: fi echo -e "$green--- Run the remover script that destroys the SAP system ---$reset" - cd $CONFIG_REPO_PATH/SYSTEM/$(sap_system_folder) + cd $CONFIG_REPO_PATH/SYSTEM/$(sap_system_folder) || exit ${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/remover.sh \ --parameterfile $(sap_system_configuration) \ --type sap_system \ diff --git a/deploy/scripts/remover.sh b/deploy/scripts/remover.sh index 798a0cbe8e..44fff9d0c4 100755 --- a/deploy/scripts/remover.sh +++ b/deploy/scripts/remover.sh @@ -21,60 +21,60 @@ source "${script_directory}/helpers/script_helpers.sh" #Internal helper functions function showhelp { - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldreduscore !Warning!: This script will remove deployed systems $resetformatting #" - echo "# #" - echo "# This file contains the logic to remove the different systems #" - echo "# The script expects the following exports: #" - echo "# #" - echo "# SAP_AUTOMATION_REPO_PATH (path to the repo folder (sap-automation)) #" - echo "# ARM_SUBSCRIPTION_ID (subscription containing the state file storage account) #" - echo "# REMOTE_STATE_RG (resource group name for storage account containing state files) #" - echo "# REMOTE_STATE_SA (storage account for state file) #" - echo "# #" - echo "# The script will persist the parameters needed between the executions in the #" - echo "# [CONFIG_REPO_PATH]/.sap_deployment_automation folder. #" - echo "# #" - echo "# #" - echo "# Usage: remover.sh #" - echo "# -p or --parameterfile parameter file #" - echo "# -t or --type type of system to remove #" - echo "# valid options: #" - echo "# sap_deployer #" - echo "# sap_library #" - echo "# sap_landscape #" - echo "# sap_system #" - echo "# -h or --help Show help #" - echo "# #" - echo "# Optional parameters #" - echo "# #" - echo "# -o or --storageaccountname Storage account name for state file #" - echo "# -s or --state_subscription Subscription for tfstate storage account #" - echo "# #" - echo "# Example: #" - echo "# #" - echo "# [REPO-ROOT]deploy/scripts/remover.sh \ #" - echo "# --parameterfile DEV-WEEU-SAP01-X00.tfvars \ #" - echo "# --type sap_system #" - echo "# #" - echo "#########################################################################################" + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldreduscore !Warning!: This script will remove deployed systems $resetformatting #" + echo "# #" + echo "# This file contains the logic to remove the different systems #" + echo "# The script expects the following exports: #" + echo "# #" + echo "# SAP_AUTOMATION_REPO_PATH (path to the repo folder (sap-automation)) #" + echo "# ARM_SUBSCRIPTION_ID (subscription containing the state file storage account) #" + echo "# REMOTE_STATE_RG (resource group name for storage account containing state files) #" + echo "# REMOTE_STATE_SA (storage account for state file) #" + echo "# #" + echo "# The script will persist the parameters needed between the executions in the #" + echo "# [CONFIG_REPO_PATH]/.sap_deployment_automation folder. #" + echo "# #" + echo "# #" + echo "# Usage: remover.sh #" + echo "# -p or --parameterfile parameter file #" + echo "# -t or --type type of system to remove #" + echo "# valid options: #" + echo "# sap_deployer #" + echo "# sap_library #" + echo "# sap_landscape #" + echo "# sap_system #" + echo "# -h or --help Show help #" + echo "# #" + echo "# Optional parameters #" + echo "# #" + echo "# -o or --storageaccountname Storage account name for state file #" + echo "# -s or --state_subscription Subscription for tfstate storage account #" + echo "# #" + echo "# Example: #" + echo "# #" + echo "# [REPO-ROOT]deploy/scripts/remover.sh \ #" + echo "# --parameterfile DEV-WEEU-SAP01-X00.tfvars \ #" + echo "# --type sap_system #" + echo "# #" + echo "#########################################################################################" } function missing { - printf -v val %-.40s "$option" - echo "" - echo "" - echo "#########################################################################################" - echo "# #" - echo "# Missing environment variables: ${option}!!! #" - echo "# #" - echo "# Please export the folloing variables: #" - echo "# SAP_AUTOMATION_REPO_PATH (path to the repo folder (sap-automation)) #" - echo "# ARM_SUBSCRIPTION_ID (subscription containing the state file storage account) #" - echo "# #" - echo "#########################################################################################" + printf -v val %-.40s "$option" + echo "" + echo "" + echo "#########################################################################################" + echo "# #" + echo "# Missing environment variables: ${option}!!! #" + echo "# #" + echo "# Please export the folloing variables: #" + echo "# SAP_AUTOMATION_REPO_PATH (path to the repo folder (sap-automation)) #" + echo "# ARM_SUBSCRIPTION_ID (subscription containing the state file storage account) #" + echo "# #" + echo "#########################################################################################" } #process inputs - may need to check the option i for auto approve as it is not used @@ -82,26 +82,55 @@ INPUT_ARGUMENTS=$(getopt -n remover -o p:o:t:s:d:l:ahi --longoptions type:,param VALID_ARGUMENTS=$? if [ "$VALID_ARGUMENTS" != "0" ]; then - showhelp + showhelp fi called_from_ado=0 eval set -- "$INPUT_ARGUMENTS" -while : -do - case "$1" in - -p | --parameterfile) parameterfile="$2" ; shift 2 ;; - -o | --storageaccountname) REMOTE_STATE_SA="$2" ; shift 2 ;; - -s | --state_subscription) STATE_SUBSCRIPTION="$2" ; shift 2 ;; - -d | --deployer_tfstate_key) deployer_tfstate_key="$2" ; shift 2 ;; - -l | --landscape_tfstate_key) landscape_tfstate_key="$2" ; shift 2 ;; - -t | --type) deployment_system="$2" ; shift 2 ;; - -i | --auto-approve) approve="--auto-approve" ; shift ;; - -a | --ado) called_from_ado=1 ; shift ;; - -h | --help) showhelp - exit 3 ; shift ;; - --) shift; break ;; - esac +while :; do + case "$1" in + -p | --parameterfile) + parameterfile="$2" + shift 2 + ;; + -o | --storageaccountname) + REMOTE_STATE_SA="$2" + shift 2 + ;; + -s | --state_subscription) + STATE_SUBSCRIPTION="$2" + shift 2 + ;; + -d | --deployer_tfstate_key) + deployer_tfstate_key="$2" + shift 2 + ;; + -l | --landscape_tfstate_key) + landscape_tfstate_key="$2" + shift 2 + ;; + -t | --type) + deployment_system="$2" + shift 2 + ;; + -i | --auto-approve) + approve="--auto-approve" + shift + ;; + -a | --ado) + called_from_ado=1 + shift + ;; + -h | --help) + showhelp + exit 3 + shift + ;; + --) + shift + break + ;; + esac done #variables @@ -123,72 +152,70 @@ parameterfile_name=$(basename "${parameterfile_path}") parameterfile_dirname=$(dirname "${parameterfile_path}") if [ "${parameterfile_dirname}" != "${working_directory}" ]; then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldred Please run this command from the folder containing the parameter file $resetformatting #" - echo "# #" - echo "#########################################################################################" - exit 3 + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldred Please run this command from the folder containing the parameter file $resetformatting #" + echo "# #" + echo "#########################################################################################" + exit 3 fi -if [ ! -f "${parameterfile}" ] -then - printf -v val %-35.35s "$parameterfile" - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldred Parameter file does not exist: ${val} $resetformatting #" - echo "# #" - echo "#########################################################################################" - exit 2 #No such file or directory +if [ ! -f "${parameterfile}" ]; then + printf -v val %-35.35s "$parameterfile" + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldred Parameter file does not exist: ${val} $resetformatting #" + echo "# #" + echo "#########################################################################################" + exit 2 #No such file or directory fi - if [ -z "${deployment_system}" ]; then - printf -v val %-40.40s "$deployment_system" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldred Incorrect system deployment type specified: ${val} $resetformatting #" - echo "# #" - echo "# Valid options are: #" - echo "# sap_deployer #" - echo "# sap_library #" - echo "# sap_landscape #" - echo "# sap_system #" - echo "# #" - echo "#########################################################################################" - echo "" - exit 64 #script usage wrong + printf -v val %-40.40s "$deployment_system" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldred Incorrect system deployment type specified: ${val} $resetformatting #" + echo "# #" + echo "# Valid options are: #" + echo "# sap_deployer #" + echo "# sap_library #" + echo "# sap_landscape #" + echo "# sap_system #" + echo "# #" + echo "#########################################################################################" + echo "" + exit 64 #script usage wrong fi # Check that the exports ARM_SUBSCRIPTION_ID and SAP_AUTOMATION_REPO_PATH are defined validate_exports return_code=$? if [ 0 != $return_code ]; then - exit $return_code + exit $return_code fi # Check that Terraform and Azure CLI is installed validate_dependencies return_code=$? if [ 0 != $return_code ]; then - exit $return_code + exit $return_code fi # Check that parameter files have environment and location defined validate_key_parameters "$parameterfile_name" return_code=$? if [ 0 != $return_code ]; then - exit $return_code + exit $return_code fi -if valid_region_name "${region}" ; then - # Convert the region to the correct code - get_region_code ${region} +if valid_region_name "${region}"; then + # Convert the region to the correct code + get_region_code ${region} else - echo "Invalid region: $region" - exit 2 + echo "Invalid region: $region" + exit 2 fi this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 @@ -203,17 +230,17 @@ generic_config_information="${automation_config_directory}"/config system_config_information="${automation_config_directory}"/"${environment}""${region_code}" if [ "${deployment_system}" == sap_landscape ]; then - load_config_vars "$parameterfile_name" "network_logical_name" - network_logical_name=$(echo "${network_logical_name}" | tr "[:lower:]" "[:upper:]") + load_config_vars "$parameterfile_name" "network_logical_name" + network_logical_name=$(echo "${network_logical_name}" | tr "[:lower:]" "[:upper:]") - system_config_information="${automation_config_directory}"/"${environment}""${region_code}""${network_logical_name}" + system_config_information="${automation_config_directory}"/"${environment}""${region_code}""${network_logical_name}" fi if [ "${deployment_system}" == sap_system ]; then - load_config_vars "$parameterfile_name" "network_logical_name" - network_logical_name=$(echo "${network_logical_name}" | tr "[:lower:]" "[:upper:]") + load_config_vars "$parameterfile_name" "network_logical_name" + network_logical_name=$(echo "${network_logical_name}" | tr "[:lower:]" "[:upper:]") - system_config_information="${automation_config_directory}"/"${environment}""${region_code}""${network_logical_name}" + system_config_information="${automation_config_directory}"/"${environment}""${region_code}""${network_logical_name}" fi echo "Configuration file: $system_config_information" @@ -237,30 +264,29 @@ echo "Landscape State file: ${landscape_tfstate_key}" isInCloudShellCheck=$(checkIfCloudShell) if checkIfCloudShell; then - mkdir -p "${HOME}/.terraform.d/plugin-cache" - export TF_PLUGIN_CACHE_DIR="${HOME}/.terraform.d/plugin-cache" + mkdir -p "${HOME}/.terraform.d/plugin-cache" + export TF_PLUGIN_CACHE_DIR="${HOME}/.terraform.d/plugin-cache" else - if [ ! -d /opt/terraform/.terraform.d/plugin-cache ]; then - mkdir -p /opt/terraform/.terraform.d/plugin-cache - sudo chown -R "$USER" /opt/terraform - fi - export TF_PLUGIN_CACHE_DIR=/opt/terraform/.terraform.d/plugin-cache + if [ ! -d /opt/terraform/.terraform.d/plugin-cache ]; then + mkdir -p /opt/terraform/.terraform.d/plugin-cache + sudo chown -R "$USER" /opt/terraform + fi + export TF_PLUGIN_CACHE_DIR=/opt/terraform/.terraform.d/plugin-cache fi init "${automation_config_directory}" "${generic_config_information}" "${system_config_information}" var_file="${parameterfile_dirname}"/"${parameterfile}" -if [ -z "$REMOTE_STATE_SA" ]; -then - load_config_vars "${system_config_information}" "REMOTE_STATE_SA" - load_config_vars "${system_config_information}" "REMOTE_STATE_RG" - load_config_vars "${system_config_information}" "tfstate_resource_id" - load_config_vars "${system_config_information}" "STATE_SUBSCRIPTION" +if [ -z "$REMOTE_STATE_SA" ]; then + load_config_vars "${system_config_information}" "REMOTE_STATE_SA" + load_config_vars "${system_config_information}" "REMOTE_STATE_RG" + load_config_vars "${system_config_information}" "tfstate_resource_id" + load_config_vars "${system_config_information}" "STATE_SUBSCRIPTION" else - save_config_vars "${system_config_information}" REMOTE_STATE_SA - get_and_store_sa_details ${REMOTE_STATE_SA} "${system_config_information}" - load_config_vars "${system_config_information}" "STATE_SUBSCRIPTION" - load_config_vars "${system_config_information}" "REMOTE_STATE_RG" - load_config_vars "${system_config_information}" "tfstate_resource_id" + save_config_vars "${system_config_information}" REMOTE_STATE_SA + get_and_store_sa_details ${REMOTE_STATE_SA} "${system_config_information}" + load_config_vars "${system_config_information}" "STATE_SUBSCRIPTION" + load_config_vars "${system_config_information}" "REMOTE_STATE_RG" + load_config_vars "${system_config_information}" "tfstate_resource_id" fi load_config_vars "${system_config_information}" "deployer_tfstate_key" @@ -269,12 +295,12 @@ load_config_vars "${system_config_information}" "ARM_SUBSCRIPTION_ID" deployer_tfstate_key_parameter='' if [ "${deployment_system}" != sap_deployer ]; then - deployer_tfstate_key_parameter=" -var deployer_tfstate_key=${deployer_tfstate_key} " + deployer_tfstate_key_parameter=" -var deployer_tfstate_key=${deployer_tfstate_key} " fi landscape_tfstate_key_parameter='' if [ "${deployment_system}" == sap_system ]; then - landscape_tfstate_key_parameter=" -var landscape_tfstate_key=${landscape_tfstate_key} " + landscape_tfstate_key_parameter=" -var landscape_tfstate_key=${landscape_tfstate_key} " fi tfstate_parameter=" -var tfstate_resource_id=${tfstate_resource_id} " @@ -283,7 +309,7 @@ tfstate_parameter=" -var tfstate_resource_id=${tfstate_resource_id} " set_executing_user_environment_variables "none" if [ -n "${STATE_SUBSCRIPTION}" ]; then - az account set --sub "${STATE_SUBSCRIPTION}" + az account set --sub "${STATE_SUBSCRIPTION}" fi export TF_DATA_DIR="${parameterfile_dirname}"/.terraform @@ -291,33 +317,33 @@ export TF_DATA_DIR="${parameterfile_dirname}"/.terraform terraform_module_directory="${SAP_AUTOMATION_REPO_PATH}"/deploy/terraform/run/"${deployment_system}"/ if [ ! -d "${terraform_module_directory}" ]; then - printf -v val %-40.40s "$deployment_system" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldred Incorrect system deployment type specified: ${val} $resetformatting#" - echo "# #" - echo "# Valid options are: #" - echo "# sap_deployer #" - echo "# sap_library #" - echo "# sap_landscape #" - echo "# sap_system #" - echo "# #" - echo "#########################################################################################" - echo "" - exit 66 #cannot open input file/folder + printf -v val %-40.40s "$deployment_system" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldred Incorrect system deployment type specified: ${val} $resetformatting#" + echo "# #" + echo "# Valid options are: #" + echo "# sap_deployer #" + echo "# sap_library #" + echo "# sap_landscape #" + echo "# sap_system #" + echo "# #" + echo "#########################################################################################" + echo "" + exit 66 #cannot open input file/folder fi #ok_to_proceed=false #new_deployment=false if [ -f backend.tf ]; then - rm backend.tf + rm backend.tf fi -useSAS=$(az storage account show --name "${REMOTE_STATE_SA}" --query allowSharedKeyAccess --subscription "${STATE_SUBSCRIPTION}" --out tsv) +useSAS=$(az storage account show --name "${REMOTE_STATE_SA}" --query allowSharedKeyAccess --subscription "${STATE_SUBSCRIPTION}" --out tsv) -if [ "$useSAS" = "true" ] ; then - echo "Storage Account Authentication: Key" +if [ "$useSAS" = "true" ]; then + echo "Authenticate storage using SAS" export ARM_USE_AZUREAD=false else echo "Storage Account Authentication: Entra ID" @@ -332,156 +358,143 @@ echo "# echo "#########################################################################################" echo "" -terraform -chdir="${terraform_module_directory}" init -reconfigure \ ---backend-config "subscription_id=${STATE_SUBSCRIPTION}" \ ---backend-config "resource_group_name=${REMOTE_STATE_RG}" \ ---backend-config "storage_account_name=${REMOTE_STATE_SA}" \ ---backend-config "container_name=tfstate" \ ---backend-config "key=${key}.terraform.tfstate" || { - echo "Terraform init failed" - exit 1 +terraform -chdir="${terraform_module_directory}" init -reconfigure \ + --backend-config "subscription_id=${STATE_SUBSCRIPTION}" \ + --backend-config "resource_group_name=${REMOTE_STATE_RG}" \ + --backend-config "storage_account_name=${REMOTE_STATE_SA}" \ + --backend-config "container_name=tfstate" \ + --backend-config "key=${key}.terraform.tfstate" || { + echo "Terraform init failed" + exit 1 } -export TF_VAR_tfstate_resource_id=$(az storage account show --name "${REMOTE_STATE_SA}" --query id --subscription "${STATE_SUBSCRIPTION}" --out tsv) - created_resource_group_id=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw created_resource_group_id | tr -d \") created_resource_group_id_length=$(expr length "$created_resource_group_id") created_resource_group_subscription_id=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw created_resource_group_subscription_id | tr -d \") created_resource_group_subscription_id_length=$(expr length "$created_resource_group_subscription_id") if [ "${created_resource_group_id_length}" -eq 0 ] && [ "${created_resource_group_subscription_id_length}" -eq 0 ]; then - resource_group_exist=$(az group exists --name "${created_resource_group_id}" --subscription "${created_resource_group_subscription_id}") + resource_group_exist=$(az group exists --name "${created_resource_group_id}" --subscription "${created_resource_group_subscription_id}") else - resource_group_exist=true + resource_group_exist=true fi -if [ "$resource_group_exist" ]; -then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $cyan Running Terraform destroy$resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" - - if [ "$deployment_system" == "sap_deployer" ]; then - terraform -chdir="${terraform_bootstrap_directory}" refresh -var-file="${var_file}" \ - "$deployer_tfstate_key_parameter" - - echo -e "#$cyan processing $deployment_system removal as defined in $parameterfile_name $resetformatting" - terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" \ - "$deployer_tfstate_key_parameter" - - elif [ "$deployment_system" == "sap_library" ]; then - echo -e "#$cyan processing $deployment_system removal as defined in $parameterfile_name $resetformatting" - - terraform_bootstrap_directory="${SAP_AUTOMATION_REPO_PATH}/deploy/terraform/bootstrap/${deployment_system}/" - if [ ! -d "${terraform_bootstrap_directory}" ]; then - printf -v val %-40.40s "$terraform_bootstrap_directory" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldred Unable to find bootstrap directory: ${val}$resetformatting#" - echo "# #" - echo "#########################################################################################" - echo "" - exit 66 #cannot open input file/folder - fi - terraform -chdir="${terraform_bootstrap_directory}" init -upgrade=true -force-copy +if [ "$resource_group_exist" ]; then + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $cyan Running Terraform destroy$resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" + + if [ "$deployment_system" == "sap_deployer" ]; then + terraform -chdir="${terraform_bootstrap_directory}" refresh -var-file="${var_file}" \ + "$deployer_tfstate_key_parameter" + + echo -e "#$cyan processing $deployment_system removal as defined in $parameterfile_name $resetformatting" + terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" \ + "$deployer_tfstate_key_parameter" + + elif [ "$deployment_system" == "sap_library" ]; then + echo -e "#$cyan processing $deployment_system removal as defined in $parameterfile_name $resetformatting" + + terraform_bootstrap_directory="${SAP_AUTOMATION_REPO_PATH}/deploy/terraform/bootstrap/${deployment_system}/" + if [ ! -d "${terraform_bootstrap_directory}" ]; then + printf -v val %-40.40s "$terraform_bootstrap_directory" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldred Unable to find bootstrap directory: ${val}$resetformatting#" + echo "# #" + echo "#########################################################################################" + echo "" + exit 66 #cannot open input file/folder + fi + terraform -chdir="${terraform_bootstrap_directory}" init -upgrade=true -force-copy - terraform -chdir="${terraform_bootstrap_directory}" refresh -var-file="${var_file}" \ - "$landscape_tfstate_key_parameter" \ - "$deployer_tfstate_key_parameter" + terraform -chdir="${terraform_bootstrap_directory}" refresh -var-file="${var_file}" \ + "$landscape_tfstate_key_parameter" \ + "$deployer_tfstate_key_parameter" - terraform -chdir="${terraform_bootstrap_directory}" destroy -var-file="${var_file}" "${approve}" \ - "$landscape_tfstate_key_parameter" \ - "$deployer_tfstate_key_parameter" - else + terraform -chdir="${terraform_bootstrap_directory}" destroy -var-file="${var_file}" "${approve}" \ + "$landscape_tfstate_key_parameter" \ + "$deployer_tfstate_key_parameter" + else - echo -e "#$cyan processing $deployment_system removal as defined in $parameterfile_name $resetformatting" - echo "Calling destroy with: -var-file=${var_file} $approve $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter" + echo -e "#$cyan processing "$deployment_system" removal as defined in "$parameterfile_name" "$resetformatting"" + if [ -n "${approve}" ]; then - if [ -n "${approve}" ] - then - terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" $approve $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter + terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" $approve $tfstate_parameter $landscape_tfstate_key_parameter - $deployer_tfstate_key_parameter -json | tee -a destroy_output.json - else - terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" $approve $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter + $deployer_tfstate_key_parameter -json | tee -a destroy_output.json + else + terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" $approve $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter - fi + fi - return_value=$? - - if [ -f destroy_output.json ] - then - errors_occurred=$(jq 'select(."@level" == "error") | length' destroy_output.json) - - if [[ -n $errors_occurred ]] - then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldreduscore!Errors during the destroy phase!$resetformatting #" - - return_value=2 - all_errors=$(jq 'select(."@level" == "error") | {summary: .diagnostic.summary, detail: .diagnostic.detail}' destroy_output.json) - if [[ -n ${all_errors} ]] - then - readarray -t errors_strings < <(echo ${all_errors} | jq -c '.' ) - for errors_string in "${errors_strings[@]}"; do - string_to_report=$(jq -c -r '.detail ' <<< "$errors_string" ) - if [[ -z ${string_to_report} ]] - then - string_to_report=$(jq -c -r '.summary ' <<< "$errors_string" ) - fi - - report=$(echo $string_to_report | grep -m1 "Message=" "${var_file}" | cut -d'=' -f2- | tr -d ' ' | tr -d '"') - if [[ -n ${report} ]] ; then - echo -e "# $boldreduscore $report $resetformatting" - echo "##vso[task.logissue type=error]${report}" - else - echo -e "# $boldreduscore $string_to_report $resetformatting" - echo "##vso[task.logissue type=error]${string_to_report}" - fi - - - done - - fi - echo "# #" - echo "#########################################################################################" - echo "" + return_value=$? + + if [ -f destroy_output.json ]; then + errors_occurred=$(jq 'select(."@level" == "error") | length' destroy_output.json) + + if [[ -n $errors_occurred ]]; then + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldreduscore!Errors during the destroy phase!$resetformatting #" + + return_value=2 + all_errors=$(jq 'select(."@level" == "error") | {summary: .diagnostic.summary, detail: .diagnostic.detail}' destroy_output.json) + if [[ -n ${all_errors} ]]; then + readarray -t errors_strings < <(echo ${all_errors} | jq -c '.') + for errors_string in "${errors_strings[@]}"; do + string_to_report=$(jq -c -r '.detail ' <<<"$errors_string") + if [[ -z ${string_to_report} ]]; then + string_to_report=$(jq -c -r '.summary ' <<<"$errors_string") + fi + report=$(echo $string_to_report | grep -m1 "Message=" "${var_file}" | cut -d'=' -f2- | tr -d ' ' | tr -d '"') + if [[ -n ${report} ]]; then + echo -e "# $boldreduscore $report $resetformatting" + echo "##vso[task.logissue type=error]${report}" + else + echo -e "# $boldreduscore $string_to_report $resetformatting" + echo "##vso[task.logissue type=error]${string_to_report}" fi - fi + done - if [ -f destroy_output.json ] - then - rm destroy_output.json fi + echo "# #" + echo "#########################################################################################" + echo "" + fi + + fi + + if [ -f destroy_output.json ]; then + rm destroy_output.json fi + fi else - return_value=0 + return_value=0 fi - if [ "${deployment_system}" == sap_deployer ]; then - sed -i /deployer_tfstate_key/d "${system_config_information}" + sed -i /deployer_tfstate_key/d "${system_config_information}" fi if [ "${deployment_system}" == sap_landscape ]; then - rm "${system_config_information}" + rm "${system_config_information}" fi if [ "${deployment_system}" == sap_library ]; then - sed -i /REMOTE_STATE_RG/d "${system_config_information}" - sed -i /REMOTE_STATE_SA/d "${system_config_information}" - sed -i /tfstate_resource_id/d "${system_config_information}" + sed -i /REMOTE_STATE_RG/d "${system_config_information}" + sed -i /REMOTE_STATE_SA/d "${system_config_information}" + sed -i /tfstate_resource_id/d "${system_config_information}" fi # if [ "${deployment_system}" == sap_system ]; then From 410b56706ae4c422dadced6dc68a198c15e9c120 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 00:35:30 +0300 Subject: [PATCH 42/77] Refactor remover script in deploy control plane pipeline --- deploy/pipelines/10-remover-terraform.yaml | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index 3e23c4b175..206f5b7d62 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -422,19 +422,20 @@ stages: landscape_tfstate_key=$(grep "^landscape_tfstate_key=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) fi - echo -e "$green--- Run the remover script that destroys the SAP system ---$reset" cd $CONFIG_REPO_PATH/SYSTEM/$(sap_system_folder) || exit - ${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/remover.sh \ - --parameterfile $(sap_system_configuration) \ - --type sap_system \ - --state_subscription ${STATE_SUBSCRIPTION} \ - --storageaccountname "${REMOTE_STATE_SA}" \ - --deployer_tfstate_key ${deployer_tfstate_key} \ - --landscape_tfstate_key ${landscape_tfstate_key} \ - --auto-approve - return_code=$? + echo -e "$green--- Run the remover script that destroys the SAP system ---$reset" + ${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/remover.sh + # \ + # --parameterfile $(sap_system_configuration) \ + # --type sap_system \ + # --state_subscription ${STATE_SUBSCRIPTION} \ + # --storageaccountname "${REMOTE_STATE_SA}" \ + # --deployer_tfstate_key ${deployer_tfstate_key} \ + # --landscape_tfstate_key ${landscape_tfstate_key} \ + # --auto-approve return_code=$? + exit 66 echo -e "$green--- Pull latest from DevOps Repository ---$reset" git checkout -q $(Build.SourceBranchName) git pull From b8b02356fc49376f4c8f99a8ff7a212cdead046b Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 00:38:59 +0300 Subject: [PATCH 43/77] Refactor deploy control plane pipeline to include deployer_tfstate_key and landscape_tfstate_key parameters --- deploy/pipelines/10-remover-terraform.yaml | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index 206f5b7d62..3b14613cee 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -425,15 +425,17 @@ stages: cd $CONFIG_REPO_PATH/SYSTEM/$(sap_system_folder) || exit echo -e "$green--- Run the remover script that destroys the SAP system ---$reset" - ${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/remover.sh - # \ - # --parameterfile $(sap_system_configuration) \ - # --type sap_system \ - # --state_subscription ${STATE_SUBSCRIPTION} \ + echo "Deployer state file name: $deployer_tfstate_key" + echo "Workload zone state file name: $landscape_tfstate_key" + + ${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/remover.sh \ + --parameterfile $(sap_system_configuration) \ + --type sap_system \ + --state_subscription ${STATE_SUBSCRIPTION} \ # --storageaccountname "${REMOTE_STATE_SA}" \ # --deployer_tfstate_key ${deployer_tfstate_key} \ # --landscape_tfstate_key ${landscape_tfstate_key} \ - # --auto-approve + --auto-approve return_code=$? exit 66 echo -e "$green--- Pull latest from DevOps Repository ---$reset" From 8df2e160c3bec2a49d5f0c614ec37e613e621b61 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 00:48:12 +0300 Subject: [PATCH 44/77] Refactor deploy control plane pipeline to include deployer_tfstate_key and landscape_tfstate_key parameters --- deploy/pipelines/10-remover-terraform.yaml | 18 +- deploy/scripts/remover.sh | 577 ++++++++++----------- 2 files changed, 287 insertions(+), 308 deletions(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index 3b14613cee..da763b1a8a 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -423,19 +423,21 @@ stages: fi cd $CONFIG_REPO_PATH/SYSTEM/$(sap_system_folder) || exit - echo -e "$green--- Run the remover script that destroys the SAP system ---$reset" echo "Deployer state file name: $deployer_tfstate_key" echo "Workload zone state file name: $landscape_tfstate_key" + echo -e "$green--- Run the remover script that destroys the SAP system ---$reset" + ${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/remover.sh \ - --parameterfile $(sap_system_configuration) \ - --type sap_system \ - --state_subscription ${STATE_SUBSCRIPTION} \ - # --storageaccountname "${REMOTE_STATE_SA}" \ - # --deployer_tfstate_key ${deployer_tfstate_key} \ - # --landscape_tfstate_key ${landscape_tfstate_key} \ - --auto-approve + --parameterfile $(sap_system_configuration) \ + --type sap_system \ + --state_subscription "${STATE_SUBSCRIPTION}" \ + --storageaccountname "${REMOTE_STATE_SA}" \ + --deployer_tfstate_key "${deployer_tfstate_key}" \ + --landscape_tfstate_key "${landscape_tfstate_key}" \ + --auto-approve + return_code=$? exit 66 echo -e "$green--- Pull latest from DevOps Repository ---$reset" diff --git a/deploy/scripts/remover.sh b/deploy/scripts/remover.sh index 44fff9d0c4..2211a8fc2c 100755 --- a/deploy/scripts/remover.sh +++ b/deploy/scripts/remover.sh @@ -21,129 +21,100 @@ source "${script_directory}/helpers/script_helpers.sh" #Internal helper functions function showhelp { - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldreduscore !Warning!: This script will remove deployed systems $resetformatting #" - echo "# #" - echo "# This file contains the logic to remove the different systems #" - echo "# The script expects the following exports: #" - echo "# #" - echo "# SAP_AUTOMATION_REPO_PATH (path to the repo folder (sap-automation)) #" - echo "# ARM_SUBSCRIPTION_ID (subscription containing the state file storage account) #" - echo "# REMOTE_STATE_RG (resource group name for storage account containing state files) #" - echo "# REMOTE_STATE_SA (storage account for state file) #" - echo "# #" - echo "# The script will persist the parameters needed between the executions in the #" - echo "# [CONFIG_REPO_PATH]/.sap_deployment_automation folder. #" - echo "# #" - echo "# #" - echo "# Usage: remover.sh #" - echo "# -p or --parameterfile parameter file #" - echo "# -t or --type type of system to remove #" - echo "# valid options: #" - echo "# sap_deployer #" - echo "# sap_library #" - echo "# sap_landscape #" - echo "# sap_system #" - echo "# -h or --help Show help #" - echo "# #" - echo "# Optional parameters #" - echo "# #" - echo "# -o or --storageaccountname Storage account name for state file #" - echo "# -s or --state_subscription Subscription for tfstate storage account #" - echo "# #" - echo "# Example: #" - echo "# #" - echo "# [REPO-ROOT]deploy/scripts/remover.sh \ #" - echo "# --parameterfile DEV-WEEU-SAP01-X00.tfvars \ #" - echo "# --type sap_system #" - echo "# #" - echo "#########################################################################################" + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldreduscore !Warning!: This script will remove deployed systems $resetformatting #" + echo "# #" + echo "# This file contains the logic to remove the different systems #" + echo "# The script expects the following exports: #" + echo "# #" + echo "# SAP_AUTOMATION_REPO_PATH (path to the repo folder (sap-automation)) #" + echo "# ARM_SUBSCRIPTION_ID (subscription containing the state file storage account) #" + echo "# REMOTE_STATE_RG (resource group name for storage account containing state files) #" + echo "# REMOTE_STATE_SA (storage account for state file) #" + echo "# #" + echo "# The script will persist the parameters needed between the executions in the #" + echo "# [CONFIG_REPO_PATH]/.sap_deployment_automation folder. #" + echo "# #" + echo "# #" + echo "# Usage: remover.sh #" + echo "# -p or --parameterfile parameter file #" + echo "# -t or --type type of system to remove #" + echo "# valid options: #" + echo "# sap_deployer #" + echo "# sap_library #" + echo "# sap_landscape #" + echo "# sap_system #" + echo "# -h or --help Show help #" + echo "# #" + echo "# Optional parameters #" + echo "# #" + echo "# -o or --storageaccountname Storage account name for state file #" + echo "# -s or --state_subscription Subscription for tfstate storage account #" + echo "# #" + echo "# Example: #" + echo "# #" + echo "# [REPO-ROOT]deploy/scripts/remover.sh \ #" + echo "# --parameterfile DEV-WEEU-SAP01-X00.json \ #" + echo "# --type sap_system #" + echo "# #" + echo "#########################################################################################" } function missing { - printf -v val %-.40s "$option" - echo "" - echo "" - echo "#########################################################################################" - echo "# #" - echo "# Missing environment variables: ${option}!!! #" - echo "# #" - echo "# Please export the folloing variables: #" - echo "# SAP_AUTOMATION_REPO_PATH (path to the repo folder (sap-automation)) #" - echo "# ARM_SUBSCRIPTION_ID (subscription containing the state file storage account) #" - echo "# #" - echo "#########################################################################################" + printf -v val %-.40s "$option" + echo "" + echo "" + echo "#########################################################################################" + echo "# #" + echo "# Missing environment variables: ${option}!!! #" + echo "# #" + echo "# Please export the folloing variables: #" + echo "# SAP_AUTOMATION_REPO_PATH (path to the repo folder (sap-automation)) #" + echo "# ARM_SUBSCRIPTION_ID (subscription containing the state file storage account) #" + echo "# #" + echo "#########################################################################################" } #process inputs - may need to check the option i for auto approve as it is not used -INPUT_ARGUMENTS=$(getopt -n remover -o p:o:t:s:d:l:ahi --longoptions type:,parameterfile,storageaccountname:,state_subscription:,deployer_tfstate_key:,landscape_tfstate_key:,ado,auto-approve,help -- "$@") +INPUT_ARGUMENTS=$(getopt -n remover -o p:o:t:s:ahi --longoptions type:,parameterfile:,storageaccountname:,state_subscription:,ado,auto-approve,help -- "$@") VALID_ARGUMENTS=$? if [ "$VALID_ARGUMENTS" != "0" ]; then - showhelp + showhelp fi called_from_ado=0 eval set -- "$INPUT_ARGUMENTS" -while :; do - case "$1" in - -p | --parameterfile) - parameterfile="$2" - shift 2 - ;; - -o | --storageaccountname) - REMOTE_STATE_SA="$2" - shift 2 - ;; - -s | --state_subscription) - STATE_SUBSCRIPTION="$2" - shift 2 - ;; - -d | --deployer_tfstate_key) - deployer_tfstate_key="$2" - shift 2 - ;; - -l | --landscape_tfstate_key) - landscape_tfstate_key="$2" - shift 2 - ;; - -t | --type) - deployment_system="$2" - shift 2 - ;; - -i | --auto-approve) - approve="--auto-approve" - shift - ;; - -a | --ado) - called_from_ado=1 - shift - ;; - -h | --help) - showhelp - exit 3 - shift - ;; - --) - shift - break - ;; - esac +while : +do + case "$1" in + -p | --parameterfile) parameterfile="$2" ; shift 2 ;; + -o | --storageaccountname) REMOTE_STATE_SA="$2" ; shift 2 ;; + -s | --state_subscription) STATE_SUBSCRIPTION="$2" ; shift 2 ;; + -t | --type) deployment_system="$2" ; shift 2 ;; + -i | --auto-approve) approve="--auto-approve" ; shift ;; + -a | --ado) called_from_ado=1 ; shift ;; + -h | --help) showhelp + exit 3 ; shift ;; + --) shift; break ;; + esac done #variables tfstate_resource_id="" tfstate_parameter="" +deployer_tfstate_key="" deployer_tfstate_key_parameter="" +landscape_tfstate_key="" landscape_tfstate_key_parameter="" # unused variables #show_help=false #deployer_tfstate_key_exists=false #landscape_tfstate_key_exists=false -echo "parameterfile: $parameterfile" +echo "parameterfile: $parameterfile" working_directory=$(pwd) @@ -152,77 +123,81 @@ parameterfile_name=$(basename "${parameterfile_path}") parameterfile_dirname=$(dirname "${parameterfile_path}") if [ "${parameterfile_dirname}" != "${working_directory}" ]; then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldred Please run this command from the folder containing the parameter file $resetformatting #" - echo "# #" - echo "#########################################################################################" - exit 3 + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldred Please run this command from the folder containing the parameter file $resetformatting #" + echo "# #" + echo "#########################################################################################" + exit 3 fi -if [ ! -f "${parameterfile}" ]; then - printf -v val %-35.35s "$parameterfile" - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldred Parameter file does not exist: ${val} $resetformatting #" - echo "# #" - echo "#########################################################################################" - exit 2 #No such file or directory +if [ ! -f "${parameterfile}" ] +then + printf -v val %-35.35s "$parameterfile" + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldred Parameter file does not exist: ${val} $resetformatting #" + echo "# #" + echo "#########################################################################################" + exit 2 #No such file or directory fi + if [ -z "${deployment_system}" ]; then - printf -v val %-40.40s "$deployment_system" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldred Incorrect system deployment type specified: ${val} $resetformatting #" - echo "# #" - echo "# Valid options are: #" - echo "# sap_deployer #" - echo "# sap_library #" - echo "# sap_landscape #" - echo "# sap_system #" - echo "# #" - echo "#########################################################################################" - echo "" - exit 64 #script usage wrong + printf -v val %-40.40s "$deployment_system" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldred Incorrect system deployment type specified: ${val} $resetformatting #" + echo "# #" + echo "# Valid options are: #" + echo "# sap_deployer #" + echo "# sap_library #" + echo "# sap_landscape #" + echo "# sap_system #" + echo "# #" + echo "#########################################################################################" + echo "" + exit 64 #script usage wrong fi # Check that the exports ARM_SUBSCRIPTION_ID and SAP_AUTOMATION_REPO_PATH are defined validate_exports return_code=$? if [ 0 != $return_code ]; then - exit $return_code + exit $return_code fi # Check that Terraform and Azure CLI is installed validate_dependencies return_code=$? if [ 0 != $return_code ]; then - exit $return_code + exit $return_code fi # Check that parameter files have environment and location defined validate_key_parameters "$parameterfile_name" return_code=$? if [ 0 != $return_code ]; then - exit $return_code + exit $return_code fi -if valid_region_name "${region}"; then - # Convert the region to the correct code - get_region_code ${region} +if valid_region_name "${region}" ; then + # Convert the region to the correct code + get_region_code ${region} else - echo "Invalid region: $region" - exit 2 + echo "Invalid region: $region" + exit 2 fi this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 +echo "Deployer environment: $deployer_environment" + this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 export TF_VAR_Agent_IP=$this_ip -echo "Agent IP: $this_ip" +echo "Agent IP: $this_ip" automation_config_directory=$CONFIG_REPO_PATH/.sap_deployment_automation generic_config_information="${automation_config_directory}"/config @@ -230,63 +205,47 @@ generic_config_information="${automation_config_directory}"/config system_config_information="${automation_config_directory}"/"${environment}""${region_code}" if [ "${deployment_system}" == sap_landscape ]; then - load_config_vars "$parameterfile_name" "network_logical_name" - network_logical_name=$(echo "${network_logical_name}" | tr "[:lower:]" "[:upper:]") + load_config_vars "$parameterfile_name" "network_logical_name" + network_logical_name=$(echo "${network_logical_name}" | tr "[:lower:]" "[:upper:]") - system_config_information="${automation_config_directory}"/"${environment}""${region_code}""${network_logical_name}" + system_config_information="${automation_config_directory}"/"${environment}""${region_code}""${network_logical_name}" fi if [ "${deployment_system}" == sap_system ]; then - load_config_vars "$parameterfile_name" "network_logical_name" - network_logical_name=$(echo "${network_logical_name}" | tr "[:lower:]" "[:upper:]") + load_config_vars "$parameterfile_name" "network_logical_name" + network_logical_name=$(echo "${network_logical_name}" | tr "[:lower:]" "[:upper:]") - system_config_information="${automation_config_directory}"/"${environment}""${region_code}""${network_logical_name}" + system_config_information="${automation_config_directory}"/"${environment}""${region_code}""${network_logical_name}" fi -echo "Configuration file: $system_config_information" -echo "Deployment region: $region" -echo "Deployment region code: $region_code" +echo "Configuration file: $system_config_information" +echo "Deployment region: $region" +echo "Deployment region code: $region_code" key=$(echo "${parameterfile_name}" | cut -d. -f1) -echo "" -echo "Terraform details" -echo "-------------------------------------------------------------------------" -echo "Subscription: ${STATE_SUBSCRIPTION}" -echo "Storage Account: ${REMOTE_STATE_SA}" -echo "Resource Group: ${REMOTE_STATE_RG}" -echo "State file: ${key}.terraform.tfstate" -echo "Target subscription: ${ARM_SUBSCRIPTION_ID}" -echo "Deployer State file: ${deployer_tfstate_key}" -echo "Landscape State file: ${landscape_tfstate_key}" - #Plugins -isInCloudShellCheck=$(checkIfCloudShell) - -if checkIfCloudShell; then - mkdir -p "${HOME}/.terraform.d/plugin-cache" - export TF_PLUGIN_CACHE_DIR="${HOME}/.terraform.d/plugin-cache" -else - if [ ! -d /opt/terraform/.terraform.d/plugin-cache ]; then +if [ ! -d /opt/terraform/.terraform.d/plugin-cache ] +then mkdir -p /opt/terraform/.terraform.d/plugin-cache - sudo chown -R "$USER" /opt/terraform - fi - export TF_PLUGIN_CACHE_DIR=/opt/terraform/.terraform.d/plugin-cache fi +export TF_PLUGIN_CACHE_DIR=/opt/terraform/.terraform.d/plugin-cache + init "${automation_config_directory}" "${generic_config_information}" "${system_config_information}" var_file="${parameterfile_dirname}"/"${parameterfile}" -if [ -z "$REMOTE_STATE_SA" ]; then - load_config_vars "${system_config_information}" "REMOTE_STATE_SA" - load_config_vars "${system_config_information}" "REMOTE_STATE_RG" - load_config_vars "${system_config_information}" "tfstate_resource_id" - load_config_vars "${system_config_information}" "STATE_SUBSCRIPTION" +if [ -z "$REMOTE_STATE_SA" ]; +then + load_config_vars "${system_config_information}" "REMOTE_STATE_SA" + load_config_vars "${system_config_information}" "REMOTE_STATE_RG" + load_config_vars "${system_config_information}" "tfstate_resource_id" + load_config_vars "${system_config_information}" "STATE_SUBSCRIPTION" else - save_config_vars "${system_config_information}" REMOTE_STATE_SA - get_and_store_sa_details ${REMOTE_STATE_SA} "${system_config_information}" - load_config_vars "${system_config_information}" "STATE_SUBSCRIPTION" - load_config_vars "${system_config_information}" "REMOTE_STATE_RG" - load_config_vars "${system_config_information}" "tfstate_resource_id" + save_config_vars "${system_config_information}" REMOTE_STATE_SA + get_and_store_sa_details ${REMOTE_STATE_SA} "${system_config_information}" + load_config_vars "${system_config_information}" "STATE_SUBSCRIPTION" + load_config_vars "${system_config_information}" "REMOTE_STATE_RG" + load_config_vars "${system_config_information}" "tfstate_resource_id" fi load_config_vars "${system_config_information}" "deployer_tfstate_key" @@ -295,21 +254,21 @@ load_config_vars "${system_config_information}" "ARM_SUBSCRIPTION_ID" deployer_tfstate_key_parameter='' if [ "${deployment_system}" != sap_deployer ]; then - deployer_tfstate_key_parameter=" -var deployer_tfstate_key=${deployer_tfstate_key} " + deployer_tfstate_key_parameter=" -var deployer_tfstate_key=${deployer_tfstate_key}" fi landscape_tfstate_key_parameter='' if [ "${deployment_system}" == sap_system ]; then - landscape_tfstate_key_parameter=" -var landscape_tfstate_key=${landscape_tfstate_key} " + landscape_tfstate_key_parameter=" -var landscape_tfstate_key=${landscape_tfstate_key}" fi -tfstate_parameter=" -var tfstate_resource_id=${tfstate_resource_id} " +tfstate_parameter=" -var tfstate_resource_id=${tfstate_resource_id}" #setting the user environment variables set_executing_user_environment_variables "none" if [ -n "${STATE_SUBSCRIPTION}" ]; then - az account set --sub "${STATE_SUBSCRIPTION}" + az account set --sub "${STATE_SUBSCRIPTION}" fi export TF_DATA_DIR="${parameterfile_dirname}"/.terraform @@ -317,32 +276,32 @@ export TF_DATA_DIR="${parameterfile_dirname}"/.terraform terraform_module_directory="${SAP_AUTOMATION_REPO_PATH}"/deploy/terraform/run/"${deployment_system}"/ if [ ! -d "${terraform_module_directory}" ]; then - printf -v val %-40.40s "$deployment_system" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldred Incorrect system deployment type specified: ${val} $resetformatting#" - echo "# #" - echo "# Valid options are: #" - echo "# sap_deployer #" - echo "# sap_library #" - echo "# sap_landscape #" - echo "# sap_system #" - echo "# #" - echo "#########################################################################################" - echo "" - exit 66 #cannot open input file/folder + printf -v val %-40.40s "$deployment_system" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldred Incorrect system deployment type specified: ${val} $resetformatting#" + echo "# #" + echo "# Valid options are: #" + echo "# sap_deployer #" + echo "# sap_library #" + echo "# sap_landscape #" + echo "# sap_system #" + echo "# #" + echo "#########################################################################################" + echo "" + exit 66 #cannot open input file/folder fi #ok_to_proceed=false #new_deployment=false if [ -f backend.tf ]; then - rm backend.tf + rm backend.tf fi -useSAS=$(az storage account show --name "${REMOTE_STATE_SA}" --query allowSharedKeyAccess --subscription "${STATE_SUBSCRIPTION}" --out tsv) +useSAS=$(az storage account show --name "${REMOTE_STATE_SA}" --query allowSharedKeyAccess --subscription "${STATE_SUBSCRIPTION}" --out tsv) -if [ "$useSAS" = "true" ]; then +if [ "$useSAS" = "true" ] ; then echo "Authenticate storage using SAS" export ARM_USE_AZUREAD=false else @@ -350,6 +309,7 @@ else export ARM_USE_AZUREAD=true fi + echo "" echo "#########################################################################################" echo "# #" @@ -358,143 +318,160 @@ echo "# echo "#########################################################################################" echo "" -terraform -chdir="${terraform_module_directory}" init -reconfigure \ - --backend-config "subscription_id=${STATE_SUBSCRIPTION}" \ - --backend-config "resource_group_name=${REMOTE_STATE_RG}" \ - --backend-config "storage_account_name=${REMOTE_STATE_SA}" \ - --backend-config "container_name=tfstate" \ - --backend-config "key=${key}.terraform.tfstate" || { - echo "Terraform init failed" - exit 1 +terraform -chdir="${terraform_module_directory}" init -reconfigure \ +--backend-config "subscription_id=${STATE_SUBSCRIPTION}" \ +--backend-config "resource_group_name=${REMOTE_STATE_RG}" \ +--backend-config "storage_account_name=${REMOTE_STATE_SA}" \ +--backend-config "container_name=tfstate" \ +--backend-config "key=${key}.terraform.tfstate" || { + echo "Terraform init failed" + exit 1 } + + created_resource_group_id=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw created_resource_group_id | tr -d \") created_resource_group_id_length=$(expr length "$created_resource_group_id") created_resource_group_subscription_id=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw created_resource_group_subscription_id | tr -d \") created_resource_group_subscription_id_length=$(expr length "$created_resource_group_subscription_id") if [ "${created_resource_group_id_length}" -eq 0 ] && [ "${created_resource_group_subscription_id_length}" -eq 0 ]; then - resource_group_exist=$(az group exists --name "${created_resource_group_id}" --subscription "${created_resource_group_subscription_id}") + resource_group_exist=$(az group exists --name "${created_resource_group_id}" --subscription "${created_resource_group_subscription_id}") else - resource_group_exist=true + resource_group_exist=true fi -if [ "$resource_group_exist" ]; then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $cyan Running Terraform destroy$resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" - - if [ "$deployment_system" == "sap_deployer" ]; then - terraform -chdir="${terraform_bootstrap_directory}" refresh -var-file="${var_file}" \ - "$deployer_tfstate_key_parameter" - - echo -e "#$cyan processing $deployment_system removal as defined in $parameterfile_name $resetformatting" - terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" \ - "$deployer_tfstate_key_parameter" - - elif [ "$deployment_system" == "sap_library" ]; then - echo -e "#$cyan processing $deployment_system removal as defined in $parameterfile_name $resetformatting" - - terraform_bootstrap_directory="${SAP_AUTOMATION_REPO_PATH}/deploy/terraform/bootstrap/${deployment_system}/" - if [ ! -d "${terraform_bootstrap_directory}" ]; then - printf -v val %-40.40s "$terraform_bootstrap_directory" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldred Unable to find bootstrap directory: ${val}$resetformatting#" - echo "# #" - echo "#########################################################################################" - echo "" - exit 66 #cannot open input file/folder - fi - terraform -chdir="${terraform_bootstrap_directory}" init -upgrade=true -force-copy - - terraform -chdir="${terraform_bootstrap_directory}" refresh -var-file="${var_file}" \ - "$landscape_tfstate_key_parameter" \ - "$deployer_tfstate_key_parameter" - - terraform -chdir="${terraform_bootstrap_directory}" destroy -var-file="${var_file}" "${approve}" \ - "$landscape_tfstate_key_parameter" \ - "$deployer_tfstate_key_parameter" - else - - echo -e "#$cyan processing "$deployment_system" removal as defined in "$parameterfile_name" "$resetformatting"" - if [ -n "${approve}" ]; then +if [ $resource_group_exist ]; +then + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $cyan Running Terraform destroy$resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" + + if [ "$deployment_system" == "sap_deployer" ]; then + terraform -chdir="${terraform_bootstrap_directory}" refresh -var-file="${var_file}" \ + $deployer_tfstate_key_parameter + + echo -e "#$cyan processing $deployment_system removal as defined in $parameterfile_name $resetformatting" + terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" \ + $deployer_tfstate_key_parameter + + elif [ "$deployment_system" == "sap_library" ]; then + echo -e "#$cyan processing $deployment_system removal as defined in $parameterfile_name $resetformatting" + + terraform_bootstrap_directory="${SAP_AUTOMATION_REPO_PATH}/deploy/terraform/bootstrap/${deployment_system}/" + if [ ! -d "${terraform_bootstrap_directory}" ]; then + printf -v val %-40.40s "$terraform_bootstrap_directory" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldred Unable to find bootstrap directory: ${val}$resetformatting#" + echo "# #" + echo "#########################################################################################" + echo "" + exit 66 #cannot open input file/folder + fi + terraform -chdir="${terraform_bootstrap_directory}" init -upgrade=true -force-copy - terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" $approve $tfstate_parameter $landscape_tfstate_key_parameter + terraform -chdir="${terraform_bootstrap_directory}" refresh -var-file="${var_file}" \ + $landscape_tfstate_key_parameter \ + $deployer_tfstate_key_parameter - $deployer_tfstate_key_parameter -json | tee -a destroy_output.json + terraform -chdir="${terraform_bootstrap_directory}" destroy -var-file="${var_file}" ${approve} \ + $landscape_tfstate_key_parameter \ + $deployer_tfstate_key_parameter else - terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" $approve $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter - fi + echo -e "#$cyan processing $deployment_system removal as defined in $parameterfile_name $resetformatting" + echo $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter + if [ -n "${approve}" ] + then + + terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" ${approve} \ + $tfstate_parameter \ + $landscape_tfstate_key_parameter \ + $deployer_tfstate_key_parameter -json | tee -a destroy_output.json + else + terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" ${approve} \ + $tfstate_parameter \ + $landscape_tfstate_key_parameter \ + $deployer_tfstate_key_parameter - return_value=$? - - if [ -f destroy_output.json ]; then - errors_occurred=$(jq 'select(."@level" == "error") | length' destroy_output.json) - - if [[ -n $errors_occurred ]]; then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldreduscore!Errors during the destroy phase!$resetformatting #" - - return_value=2 - all_errors=$(jq 'select(."@level" == "error") | {summary: .diagnostic.summary, detail: .diagnostic.detail}' destroy_output.json) - if [[ -n ${all_errors} ]]; then - readarray -t errors_strings < <(echo ${all_errors} | jq -c '.') - for errors_string in "${errors_strings[@]}"; do - string_to_report=$(jq -c -r '.detail ' <<<"$errors_string") - if [[ -z ${string_to_report} ]]; then - string_to_report=$(jq -c -r '.summary ' <<<"$errors_string") - fi + fi - report=$(echo $string_to_report | grep -m1 "Message=" "${var_file}" | cut -d'=' -f2- | tr -d ' ' | tr -d '"') - if [[ -n ${report} ]]; then - echo -e "# $boldreduscore $report $resetformatting" - echo "##vso[task.logissue type=error]${report}" - else - echo -e "# $boldreduscore $string_to_report $resetformatting" - echo "##vso[task.logissue type=error]${string_to_report}" - fi + return_value=$? + + if [ -f destroy_output.json ] + then + errors_occurred=$(jq 'select(."@level" == "error") | length' destroy_output.json) + + if [[ -n $errors_occurred ]] + then + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldreduscore!Errors during the destroy phase!$resetformatting #" + + return_value=2 + all_errors=$(jq 'select(."@level" == "error") | {summary: .diagnostic.summary, detail: .diagnostic.detail}' destroy_output.json) + if [[ -n ${all_errors} ]] + then + readarray -t errors_strings < <(echo ${all_errors} | jq -c '.' ) + for errors_string in "${errors_strings[@]}"; do + string_to_report=$(jq -c -r '.detail ' <<< "$errors_string" ) + if [[ -z ${string_to_report} ]] + then + string_to_report=$(jq -c -r '.summary ' <<< "$errors_string" ) + fi + + report=$(echo $string_to_report | grep -m1 "Message=" "${var_file}" | cut -d'=' -f2- | tr -d ' ' | tr -d '"') + if [[ -n ${report} ]] ; then + echo -e "# $boldreduscore $report $resetformatting" + echo "##vso[task.logissue type=error]${report}" + else + echo -e "# $boldreduscore $string_to_report $resetformatting" + echo "##vso[task.logissue type=error]${string_to_report}" + fi + + + done + + fi + echo "# #" + echo "#########################################################################################" + echo "" - done + fi fi - echo "# #" - echo "#########################################################################################" - echo "" - - fi - fi + if [ -f destroy_output.json ] + then + rm destroy_output.json + fi - if [ -f destroy_output.json ]; then - rm destroy_output.json fi - fi else - return_value=0 + return_value=0 fi + if [ "${deployment_system}" == sap_deployer ]; then - sed -i /deployer_tfstate_key/d "${system_config_information}" + sed -i /deployer_tfstate_key/d "${system_config_information}" fi if [ "${deployment_system}" == sap_landscape ]; then - rm "${system_config_information}" + rm "${system_config_information}" fi if [ "${deployment_system}" == sap_library ]; then - sed -i /REMOTE_STATE_RG/d "${system_config_information}" - sed -i /REMOTE_STATE_SA/d "${system_config_information}" - sed -i /tfstate_resource_id/d "${system_config_information}" + sed -i /REMOTE_STATE_RG/d "${system_config_information}" + sed -i /REMOTE_STATE_SA/d "${system_config_information}" + sed -i /tfstate_resource_id/d "${system_config_information}" fi # if [ "${deployment_system}" == sap_system ]; then From f0f84dabba6f98e341819ba6e69c41fb80731df8 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 00:49:05 +0300 Subject: [PATCH 45/77] aa --- deploy/scripts/remover.sh | 80 +++++++++++++++++++++------------------ 1 file changed, 44 insertions(+), 36 deletions(-) diff --git a/deploy/scripts/remover.sh b/deploy/scripts/remover.sh index 2211a8fc2c..d062545f64 100755 --- a/deploy/scripts/remover.sh +++ b/deploy/scripts/remover.sh @@ -29,13 +29,13 @@ function showhelp { echo "# This file contains the logic to remove the different systems #" echo "# The script expects the following exports: #" echo "# #" - echo "# SAP_AUTOMATION_REPO_PATH (path to the repo folder (sap-automation)) #" + echo "# SAP_AUTOMATION_REPO_PATH (path to the repo folder (sap-automation)) #" echo "# ARM_SUBSCRIPTION_ID (subscription containing the state file storage account) #" echo "# REMOTE_STATE_RG (resource group name for storage account containing state files) #" echo "# REMOTE_STATE_SA (storage account for state file) #" echo "# #" echo "# The script will persist the parameters needed between the executions in the #" - echo "# [CONFIG_REPO_PATH]/.sap_deployment_automation folder. #" + echo "# [CONFIG_REPO_PATH]/.sap_deployment_automation folder. #" echo "# #" echo "# #" echo "# Usage: remover.sh #" @@ -56,7 +56,7 @@ function showhelp { echo "# Example: #" echo "# #" echo "# [REPO-ROOT]deploy/scripts/remover.sh \ #" - echo "# --parameterfile DEV-WEEU-SAP01-X00.json \ #" + echo "# --parameterfile DEV-WEEU-SAP01-X00.tfvars \ #" echo "# --type sap_system #" echo "# #" echo "#########################################################################################" @@ -114,7 +114,7 @@ landscape_tfstate_key_parameter="" #show_help=false #deployer_tfstate_key_exists=false #landscape_tfstate_key_exists=false -echo "parameterfile: $parameterfile" +echo "parameterfile: $parameterfile" working_directory=$(pwd) @@ -193,11 +193,9 @@ fi this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 -echo "Deployer environment: $deployer_environment" - this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 export TF_VAR_Agent_IP=$this_ip -echo "Agent IP: $this_ip" +echo "Agent IP: $this_ip" automation_config_directory=$CONFIG_REPO_PATH/.sap_deployment_automation generic_config_information="${automation_config_directory}"/config @@ -218,19 +216,35 @@ if [ "${deployment_system}" == sap_system ]; then system_config_information="${automation_config_directory}"/"${environment}""${region_code}""${network_logical_name}" fi -echo "Configuration file: $system_config_information" -echo "Deployment region: $region" -echo "Deployment region code: $region_code" +echo "Configuration file: $system_config_information" +echo "Deployment region: $region" +echo "Deployment region code: $region_code" key=$(echo "${parameterfile_name}" | cut -d. -f1) +echo "" +echo "Terraform details" +echo "-------------------------------------------------------------------------" +echo "Subscription: ${STATE_SUBSCRIPTION}" +echo "Storage Account: ${REMOTE_STATE_SA}" +echo "Resource Group: ${REMOTE_STATE_RG}" +echo "State file: ${key}.terraform.tfstate" +echo "Target subscription: ${ARM_SUBSCRIPTION_ID}" +echo "" + #Plugins -if [ ! -d /opt/terraform/.terraform.d/plugin-cache ] -then - mkdir -p /opt/terraform/.terraform.d/plugin-cache -fi -export TF_PLUGIN_CACHE_DIR=/opt/terraform/.terraform.d/plugin-cache +isInCloudShellCheck=$(checkIfCloudShell) +if checkIfCloudShell; then + mkdir -p "${HOME}/.terraform.d/plugin-cache" + export TF_PLUGIN_CACHE_DIR="${HOME}/.terraform.d/plugin-cache" +else + if [ ! -d /opt/terraform/.terraform.d/plugin-cache ]; then + mkdir -p /opt/terraform/.terraform.d/plugin-cache + sudo chown -R "$USER" /opt/terraform + fi + export TF_PLUGIN_CACHE_DIR=/opt/terraform/.terraform.d/plugin-cache +fi init "${automation_config_directory}" "${generic_config_information}" "${system_config_information}" var_file="${parameterfile_dirname}"/"${parameterfile}" @@ -254,15 +268,15 @@ load_config_vars "${system_config_information}" "ARM_SUBSCRIPTION_ID" deployer_tfstate_key_parameter='' if [ "${deployment_system}" != sap_deployer ]; then - deployer_tfstate_key_parameter=" -var deployer_tfstate_key=${deployer_tfstate_key}" + deployer_tfstate_key_parameter=" -var deployer_tfstate_key=${deployer_tfstate_key} " fi landscape_tfstate_key_parameter='' if [ "${deployment_system}" == sap_system ]; then - landscape_tfstate_key_parameter=" -var landscape_tfstate_key=${landscape_tfstate_key}" + landscape_tfstate_key_parameter=" -var landscape_tfstate_key=${landscape_tfstate_key} " fi -tfstate_parameter=" -var tfstate_resource_id=${tfstate_resource_id}" +tfstate_parameter=" -var tfstate_resource_id=${tfstate_resource_id} " #setting the user environment variables set_executing_user_environment_variables "none" @@ -309,7 +323,6 @@ else export ARM_USE_AZUREAD=true fi - echo "" echo "#########################################################################################" echo "# #" @@ -341,7 +354,7 @@ else resource_group_exist=true fi -if [ $resource_group_exist ]; +if [ "$resource_group_exist" ]; then echo "" echo "#########################################################################################" @@ -353,11 +366,11 @@ then if [ "$deployment_system" == "sap_deployer" ]; then terraform -chdir="${terraform_bootstrap_directory}" refresh -var-file="${var_file}" \ - $deployer_tfstate_key_parameter + "$deployer_tfstate_key_parameter" echo -e "#$cyan processing $deployment_system removal as defined in $parameterfile_name $resetformatting" terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" \ - $deployer_tfstate_key_parameter + "$deployer_tfstate_key_parameter" elif [ "$deployment_system" == "sap_library" ]; then echo -e "#$cyan processing $deployment_system removal as defined in $parameterfile_name $resetformatting" @@ -376,28 +389,23 @@ then terraform -chdir="${terraform_bootstrap_directory}" init -upgrade=true -force-copy terraform -chdir="${terraform_bootstrap_directory}" refresh -var-file="${var_file}" \ - $landscape_tfstate_key_parameter \ - $deployer_tfstate_key_parameter + "$landscape_tfstate_key_parameter" \ + "$deployer_tfstate_key_parameter" - terraform -chdir="${terraform_bootstrap_directory}" destroy -var-file="${var_file}" ${approve} \ - $landscape_tfstate_key_parameter \ - $deployer_tfstate_key_parameter + terraform -chdir="${terraform_bootstrap_directory}" destroy -var-file="${var_file}" "${approve}" \ + "$landscape_tfstate_key_parameter" \ + "$deployer_tfstate_key_parameter" else - echo -e "#$cyan processing $deployment_system removal as defined in $parameterfile_name $resetformatting" - echo $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter + echo -e "#$cyan processing "$deployment_system" removal as defined in "$parameterfile_name" "$resetformatting"" if [ -n "${approve}" ] then - terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" ${approve} \ - $tfstate_parameter \ - $landscape_tfstate_key_parameter \ + terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" $approve $tfstate_parameter $landscape_tfstate_key_parameter \ + $deployer_tfstate_key_parameter -json | tee -a destroy_output.json else - terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" ${approve} \ - $tfstate_parameter \ - $landscape_tfstate_key_parameter \ - $deployer_tfstate_key_parameter + terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" $approve $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter fi From a95ab7d380142a83d88b69e743d2ed58f224ebdf Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 00:54:22 +0300 Subject: [PATCH 46/77] Refactor deploy control plane pipeline to include deployer_tfstate_key and landscape_tfstate_key parameters --- deploy/pipelines/10-remover-terraform.yaml | 21 ++++++++------------- deploy/scripts/remover.sh | 3 +-- 2 files changed, 9 insertions(+), 15 deletions(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index da763b1a8a..42509262c7 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -410,16 +410,16 @@ stages: az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Deployer_State_FileName.value" --out tsv) if [ -n "${az_var}" ]; then - deployer_tfstate_key="${az_var}" + export deployer_tfstate_key="${az_var}" else - deployer_tfstate_key=$(grep "^STATE_SUBSCRIPTION=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) + export deployer_tfstate_key=$(grep "^deployer_tfstate_key=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) fi az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query $NETWORK"Workload_Zone_State_FileName.value" --out tsv) if [ -n "${az_var}" ]; then - landscape_tfstate_key="${az_var}" + export landscape_tfstate_key="${az_var}" else - landscape_tfstate_key=$(grep "^landscape_tfstate_key=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) + export landscape_tfstate_key=$(grep "^landscape_tfstate_key=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) fi cd $CONFIG_REPO_PATH/SYSTEM/$(sap_system_folder) || exit @@ -434,12 +434,9 @@ stages: --type sap_system \ --state_subscription "${STATE_SUBSCRIPTION}" \ --storageaccountname "${REMOTE_STATE_SA}" \ - --deployer_tfstate_key "${deployer_tfstate_key}" \ - --landscape_tfstate_key "${landscape_tfstate_key}" \ --auto-approve return_code=$? - exit 66 echo -e "$green--- Pull latest from DevOps Repository ---$reset" git checkout -q $(Build.SourceBranchName) git pull @@ -743,16 +740,16 @@ stages: az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Deployer_State_FileName.value" --out tsv) if [ -n "${az_var}" ]; then - deployer_tfstate_key="${az_var}" + export deployer_tfstate_key="${az_var}" else - deployer_tfstate_key=$(grep "^STATE_SUBSCRIPTION=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) + export deployer_tfstate_key=$(grep "^deployer_tfstate_key=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) fi az_var=$(az pipelines variable-group variable list --group-id ${VARIABLE_GROUP_ID} --query $NETWORK"Workload_Zone_State_FileName.value" --out tsv) if [ -n "${az_var}" ]; then - landscape_tfstate_key="${az_var}" + export landscape_tfstate_key="${az_var}" else - landscape_tfstate_key=$(grep "^landscape_tfstate_key=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) + export landscape_tfstate_key=$(grep "^landscape_tfstate_key=" ${workload_environment_file_name} | awk -F'=' '{print $2}' | xargs) fi az_var=$(az pipelines variable-group variable list --group-id ${PARENT_VARIABLE_GROUP_ID} --query "Terraform_Remote_Storage_Account_Name.value" --out tsv) @@ -828,8 +825,6 @@ stages: --type sap_landscape \ --state_subscription ${STATE_SUBSCRIPTION} \ --storageaccountname "${REMOTE_STATE_SA}" \ - --deployer_tfstate_key ${deployer_tfstate_key} \ - --landscape_tfstate_key ${landscape_tfstate_key} \ --auto-approve return_code=$? diff --git a/deploy/scripts/remover.sh b/deploy/scripts/remover.sh index d062545f64..aa3d465e7b 100755 --- a/deploy/scripts/remover.sh +++ b/deploy/scripts/remover.sh @@ -105,9 +105,8 @@ done #variables tfstate_resource_id="" tfstate_parameter="" -deployer_tfstate_key="" + deployer_tfstate_key_parameter="" -landscape_tfstate_key="" landscape_tfstate_key_parameter="" # unused variables From 062e825f14a1b9f789336159fef9e3272a987809 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 01:03:49 +0300 Subject: [PATCH 47/77] Refactor deploy control plane pipeline to include deployer_tfstate_key and landscape_tfstate_key parameters --- deploy/pipelines/10-remover-terraform.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index 42509262c7..776809afd7 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -770,8 +770,6 @@ stages: echo "Deployer Key Vault: ${key_vault}" echo "Terraform state subscription: $STATE_SUBSCRIPTION" echo "Terraform state account: $REMOTE_STATE_SA" - echo "Terraform state resource group: $REMOTE_STATE_RG" - echo "System configuration: $(workload_zone_configuration_file)" echo "Deployer state file name: $deployer_tfstate_key" @@ -819,6 +817,7 @@ stages: echo -e "$green --- Run the remover script that destroys the SAP workload zone (landscape) ---$reset" cd "$CONFIG_REPO_PATH/LANDSCAPE/$(workload_zone_folder)" || exit + cd "$CONFIG_REPO_PATH/LANDSCAPE/$(workload_zone_folder)" || exit $SAP_AUTOMATION_REPO_PATH/deploy/scripts/remover.sh \ --parameterfile $(workload_zone_configuration_file) \ From bf5b45795fe5bb4c2a344f98ca0c9db1f2d74aa3 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 01:22:39 +0300 Subject: [PATCH 48/77] Refactor deploy control plane pipeline to update default value for spn_keyvault_id --- deploy/terraform/run/sap_landscape/tfvar_variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/terraform/run/sap_landscape/tfvar_variables.tf b/deploy/terraform/run/sap_landscape/tfvar_variables.tf index 5e5c64bafd..e6c3d82c62 100644 --- a/deploy/terraform/run/sap_landscape/tfvar_variables.tf +++ b/deploy/terraform/run/sap_landscape/tfvar_variables.tf @@ -352,7 +352,7 @@ variable "user_keyvault_id" { variable "spn_keyvault_id" { description = "If provided, the Azure resource identifier of the deployment credential keyvault" - default = "" + default = null } variable "enable_purge_control_for_keyvaults" { From d664d62690187ad837664057b9a325d81d780a4c Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 01:32:06 +0300 Subject: [PATCH 49/77] Refactor deploy control plane pipeline to update default value for spn_keyvault_id --- deploy/terraform/run/sap_landscape/tfvar_variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/terraform/run/sap_landscape/tfvar_variables.tf b/deploy/terraform/run/sap_landscape/tfvar_variables.tf index e6c3d82c62..5e5c64bafd 100644 --- a/deploy/terraform/run/sap_landscape/tfvar_variables.tf +++ b/deploy/terraform/run/sap_landscape/tfvar_variables.tf @@ -352,7 +352,7 @@ variable "user_keyvault_id" { variable "spn_keyvault_id" { description = "If provided, the Azure resource identifier of the deployment credential keyvault" - default = null + default = "" } variable "enable_purge_control_for_keyvaults" { From 3d3bdc911ecf82e1683a9dd4884ff7d836032764 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 01:40:47 +0300 Subject: [PATCH 50/77] Refactor deploy control plane pipeline to update default value for spn_key_vault_arm_id --- deploy/terraform/run/sap_landscape/variables_local.tf | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/deploy/terraform/run/sap_landscape/variables_local.tf b/deploy/terraform/run/sap_landscape/variables_local.tf index 37a54894a6..af4562b762 100644 --- a/deploy/terraform/run/sap_landscape/variables_local.tf +++ b/deploy/terraform/run/sap_landscape/variables_local.tf @@ -22,10 +22,7 @@ locals { tfstate_container_name = module.sap_namegenerator.naming.resource_suffixes.tfstate // Retrieve the arm_id of deployer's Key Vault from deployer's terraform.tfstate - spn_key_vault_arm_id = coalesce( - try(local.key_vault.kv_spn_id,""), - try(data.terraform_remote_state.deployer[0].outputs.deployer_kv_user_arm_id, "") - ) + spn_key_vault_arm_id = try(local.key_vault.kv_spn_id,data.terraform_remote_state.deployer[0].outputs.deployer_kv_user_arm_id) deployer_subscription_id = coalesce( try(data.terraform_remote_state.deployer[0].outputs.created_resource_group_subscription_id,""), From c2cafe74a68a4a3c4ba764f57144dcb96f4d7ea5 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 01:53:50 +0300 Subject: [PATCH 51/77] Refactor deploy control plane pipeline to include deployer_tfstate_key and landscape_tfstate_key parameters --- deploy/scripts/remover.sh | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/deploy/scripts/remover.sh b/deploy/scripts/remover.sh index aa3d465e7b..3d42f15531 100755 --- a/deploy/scripts/remover.sh +++ b/deploy/scripts/remover.sh @@ -322,6 +322,23 @@ else export ARM_USE_AZUREAD=true fi +if [ -n $deployer_tfstate_key ]; then +terraform_deployer_module_directory="${SAP_AUTOMATION_REPO_PATH}"/deploy/terraform/run/sap_deployer/ + +terraform -chdir="${terraform_deployer_module_directory}" init -reconfigure \ +--backend-config "subscription_id=${STATE_SUBSCRIPTION}" \ +--backend-config "resource_group_name=${REMOTE_STATE_RG}" \ +--backend-config "storage_account_name=${REMOTE_STATE_SA}" \ +--backend-config "container_name=tfstate" \ +--backend-config "key=${deployer_tfstate_key}" || { + echo "Terraform init failed" + exit 1 +} +fi + +deployer_kv_user_arm_id=$(terraform -chdir="${terraform_deployer_module_directory}" output -no-color -raw deployer_kv_user_arm_id | tr -d \") +export TF_VAR_spn_keyvault_id=$deployer_kv_user_arm_id + echo "" echo "#########################################################################################" echo "# #" @@ -399,7 +416,6 @@ then echo -e "#$cyan processing "$deployment_system" removal as defined in "$parameterfile_name" "$resetformatting"" if [ -n "${approve}" ] then - terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" $approve $tfstate_parameter $landscape_tfstate_key_parameter \ $deployer_tfstate_key_parameter -json | tee -a destroy_output.json From 01dd88f0e47dd52103e3470d78300c9461047fa9 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 01:58:06 +0300 Subject: [PATCH 52/77] Refactor deploy control plane pipeline to trim deployer_tfstate_key in imports.tf --- deploy/terraform/run/sap_landscape/imports.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/terraform/run/sap_landscape/imports.tf b/deploy/terraform/run/sap_landscape/imports.tf index 4d9ecfda1e..8483592bc8 100644 --- a/deploy/terraform/run/sap_landscape/imports.tf +++ b/deploy/terraform/run/sap_landscape/imports.tf @@ -14,7 +14,7 @@ data "terraform_remote_state" "deployer" { resource_group_name = local.saplib_resource_group_name storage_account_name = local.tfstate_storage_account_name container_name = local.tfstate_container_name - key = trimspace(var.deployer_tfstate_key) + key = trim(var.deployer_tfstate_key) subscription_id = local.saplib_subscription_id } From 84a839a0d3e982cd0abb366231abb08e9de5d06f Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 02:03:34 +0300 Subject: [PATCH 53/77] Refactor deploy control plane pipeline to trim deployer_tfstate_key in imports.tf and update default value for spn_keyvault_id --- deploy/pipelines/10-remover-terraform.yaml | 2 ++ deploy/terraform/run/sap_landscape/imports.tf | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index 776809afd7..762f4a8158 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -770,6 +770,8 @@ stages: echo "Deployer Key Vault: ${key_vault}" echo "Terraform state subscription: $STATE_SUBSCRIPTION" echo "Terraform state account: $REMOTE_STATE_SA" + echo "Terraform state resource group: $REMOTE_STATE_RG" + echo "System configuration: $(workload_zone_configuration_file)" echo "Deployer state file name: $deployer_tfstate_key" diff --git a/deploy/terraform/run/sap_landscape/imports.tf b/deploy/terraform/run/sap_landscape/imports.tf index 8483592bc8..4d9ecfda1e 100644 --- a/deploy/terraform/run/sap_landscape/imports.tf +++ b/deploy/terraform/run/sap_landscape/imports.tf @@ -14,7 +14,7 @@ data "terraform_remote_state" "deployer" { resource_group_name = local.saplib_resource_group_name storage_account_name = local.tfstate_storage_account_name container_name = local.tfstate_container_name - key = trim(var.deployer_tfstate_key) + key = trimspace(var.deployer_tfstate_key) subscription_id = local.saplib_subscription_id } From 54f8064291a9707c093157b8a43d8cbd459f8294 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 02:08:19 +0300 Subject: [PATCH 54/77] Refactor deploy control plane pipeline to trim deployer_tfstate_key in imports.tf and update default value for spn_keyvault_id --- deploy/scripts/remover.sh | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/deploy/scripts/remover.sh b/deploy/scripts/remover.sh index 3d42f15531..d06b9a76f2 100755 --- a/deploy/scripts/remover.sh +++ b/deploy/scripts/remover.sh @@ -323,21 +323,22 @@ else fi if [ -n $deployer_tfstate_key ]; then -terraform_deployer_module_directory="${SAP_AUTOMATION_REPO_PATH}"/deploy/terraform/run/sap_deployer/ - -terraform -chdir="${terraform_deployer_module_directory}" init -reconfigure \ ---backend-config "subscription_id=${STATE_SUBSCRIPTION}" \ ---backend-config "resource_group_name=${REMOTE_STATE_RG}" \ ---backend-config "storage_account_name=${REMOTE_STATE_SA}" \ ---backend-config "container_name=tfstate" \ ---backend-config "key=${deployer_tfstate_key}" || { - echo "Terraform init failed" - exit 1 -} + terraform_deployer_module_directory="${SAP_AUTOMATION_REPO_PATH}"/deploy/terraform/run/sap_deployer/ + + terraform -chdir="${terraform_deployer_module_directory}" init -reconfigure \ + --backend-config "subscription_id=${STATE_SUBSCRIPTION}" \ + --backend-config "resource_group_name=${REMOTE_STATE_RG}" \ + --backend-config "storage_account_name=${REMOTE_STATE_SA}" \ + --backend-config "container_name=tfstate" \ + --backend-config "key=${deployer_tfstate_key}" || { + echo "Terraform init failed" + exit 1 + } + deployer_kv_user_arm_id=$(terraform -chdir="${terraform_deployer_module_directory}" output -no-color -raw deployer_kv_user_arm_id | tr -d \") + export TF_VAR_spn_keyvault_id=$deployer_kv_user_arm_id + terraform -chdir="${terraform_deployer_module_directory}" output fi -deployer_kv_user_arm_id=$(terraform -chdir="${terraform_deployer_module_directory}" output -no-color -raw deployer_kv_user_arm_id | tr -d \") -export TF_VAR_spn_keyvault_id=$deployer_kv_user_arm_id echo "" echo "#########################################################################################" From a7ae17fe223c3eb8da945fc0f6717de467a4e20c Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 02:14:02 +0300 Subject: [PATCH 55/77] Refactor deploy control plane pipeline to include provider for azurerm.workload in imports.tf --- deploy/terraform/run/sap_landscape/imports.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/deploy/terraform/run/sap_landscape/imports.tf b/deploy/terraform/run/sap_landscape/imports.tf index 4d9ecfda1e..349550bf50 100644 --- a/deploy/terraform/run/sap_landscape/imports.tf +++ b/deploy/terraform/run/sap_landscape/imports.tf @@ -8,6 +8,7 @@ data "azurerm_client_config" "current" {} data "terraform_remote_state" "deployer" { backend = "azurerm" + provider = azurerm.workload count = length(try(var.deployer_tfstate_key, "")) > 0 ? 1 : 0 config = { From 6b95044d9f961fc4f8d763f17ee67daf5c5914d5 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 02:17:02 +0300 Subject: [PATCH 56/77] Refactor deploy control plane pipeline to include provider for azurerm.workload in imports.tf --- deploy/terraform/run/sap_landscape/imports.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/deploy/terraform/run/sap_landscape/imports.tf b/deploy/terraform/run/sap_landscape/imports.tf index 349550bf50..4d9ecfda1e 100644 --- a/deploy/terraform/run/sap_landscape/imports.tf +++ b/deploy/terraform/run/sap_landscape/imports.tf @@ -8,7 +8,6 @@ data "azurerm_client_config" "current" {} data "terraform_remote_state" "deployer" { backend = "azurerm" - provider = azurerm.workload count = length(try(var.deployer_tfstate_key, "")) > 0 ? 1 : 0 config = { From 5decc2c0e5e1c924678e976bec27409065437b54 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 09:57:37 +0300 Subject: [PATCH 57/77] Refactor deploy control plane pipeline to update storage account authentication and export TF_VAR_tfstate_resource_id --- deploy/scripts/remover.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/deploy/scripts/remover.sh b/deploy/scripts/remover.sh index d06b9a76f2..bc4aabd0f0 100755 --- a/deploy/scripts/remover.sh +++ b/deploy/scripts/remover.sh @@ -315,14 +315,14 @@ fi useSAS=$(az storage account show --name "${REMOTE_STATE_SA}" --query allowSharedKeyAccess --subscription "${STATE_SUBSCRIPTION}" --out tsv) if [ "$useSAS" = "true" ] ; then - echo "Authenticate storage using SAS" + echo "Storage Account Authentication: Key" export ARM_USE_AZUREAD=false else echo "Storage Account Authentication: Entra ID" export ARM_USE_AZUREAD=true fi -if [ -n $deployer_tfstate_key ]; then +if [ -n "$deployer_tfstate_key" ]; then terraform_deployer_module_directory="${SAP_AUTOMATION_REPO_PATH}"/deploy/terraform/run/sap_deployer/ terraform -chdir="${terraform_deployer_module_directory}" init -reconfigure \ @@ -336,7 +336,7 @@ if [ -n $deployer_tfstate_key ]; then } deployer_kv_user_arm_id=$(terraform -chdir="${terraform_deployer_module_directory}" output -no-color -raw deployer_kv_user_arm_id | tr -d \") export TF_VAR_spn_keyvault_id=$deployer_kv_user_arm_id - terraform -chdir="${terraform_deployer_module_directory}" output + terraform -chdir="${terraform_deployer_module_directory}" output created_resource_group_subscription_id fi @@ -358,7 +358,7 @@ terraform -chdir="${terraform_module_directory}" init -reconfigure \ exit 1 } - +export TF_VAR_tfstate_resource_id=$(az storage account show --name "${REMOTE_STATE_SA}" --query id --subscription "${STATE_SUBSCRIPTION}" --out tsv) created_resource_group_id=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw created_resource_group_id | tr -d \") created_resource_group_id_length=$(expr length "$created_resource_group_id") From edd80beccf3a3bb4e75a115db58ccbba2591874e Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 10:04:32 +0300 Subject: [PATCH 58/77] Refactor deploy control plane pipeline to update deployer and landscape state file paths --- deploy/scripts/remover.sh | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/deploy/scripts/remover.sh b/deploy/scripts/remover.sh index bc4aabd0f0..d85b19af19 100755 --- a/deploy/scripts/remover.sh +++ b/deploy/scripts/remover.sh @@ -229,7 +229,8 @@ echo "Storage Account: ${REMOTE_STATE_SA}" echo "Resource Group: ${REMOTE_STATE_RG}" echo "State file: ${key}.terraform.tfstate" echo "Target subscription: ${ARM_SUBSCRIPTION_ID}" -echo "" +echo "Deployer State file: ${deployer_tfstate_key}" +echo "Landscape State file: ${landscape_tfstate_key}" #Plugins isInCloudShellCheck=$(checkIfCloudShell) @@ -414,10 +415,16 @@ then "$deployer_tfstate_key_parameter" else - echo -e "#$cyan processing "$deployment_system" removal as defined in "$parameterfile_name" "$resetformatting"" + echo -e "#$cyan processing $deployment_system removal as defined in $parameterfile_name $resetformatting" + + allParams=$(printf " --parameterfile %s --storageaccountname %s --state_subscription %s --type sap_deployer %s %s " "${deployer_file_parametername}" "${REMOTE_STATE_SA}" "${STATE_SUBSCRIPTION}" "${approveparam}" "${ado_flag}" ) + + echo "Calling destroy with: -var-file=${var_file} $approve $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter" + + if [ -n "${approve}" ] then - terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" $approve $tfstate_parameter $landscape_tfstate_key_parameter \ + terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" $approve $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter $deployer_tfstate_key_parameter -json | tee -a destroy_output.json else From 9003e5c43dbf9f9828aa55192ff3de7c0007c425 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 10:06:01 +0300 Subject: [PATCH 59/77] Refactor deploy control plane pipeline to remove unnecessary code in remover.sh --- deploy/scripts/remover.sh | 4 ---- 1 file changed, 4 deletions(-) diff --git a/deploy/scripts/remover.sh b/deploy/scripts/remover.sh index d85b19af19..c0b271cf47 100755 --- a/deploy/scripts/remover.sh +++ b/deploy/scripts/remover.sh @@ -416,12 +416,8 @@ then else echo -e "#$cyan processing $deployment_system removal as defined in $parameterfile_name $resetformatting" - - allParams=$(printf " --parameterfile %s --storageaccountname %s --state_subscription %s --type sap_deployer %s %s " "${deployer_file_parametername}" "${REMOTE_STATE_SA}" "${STATE_SUBSCRIPTION}" "${approveparam}" "${ado_flag}" ) - echo "Calling destroy with: -var-file=${var_file} $approve $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter" - if [ -n "${approve}" ] then terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" $approve $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter From 2213c390256d00aba704da06cc9daad9a23875c8 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 10:15:10 +0300 Subject: [PATCH 60/77] Refactor deploy control plane pipeline to remove unnecessary code in remover.sh --- deploy/scripts/remover.sh | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/deploy/scripts/remover.sh b/deploy/scripts/remover.sh index c0b271cf47..0c82edee47 100755 --- a/deploy/scripts/remover.sh +++ b/deploy/scripts/remover.sh @@ -323,24 +323,6 @@ else export ARM_USE_AZUREAD=true fi -if [ -n "$deployer_tfstate_key" ]; then - terraform_deployer_module_directory="${SAP_AUTOMATION_REPO_PATH}"/deploy/terraform/run/sap_deployer/ - - terraform -chdir="${terraform_deployer_module_directory}" init -reconfigure \ - --backend-config "subscription_id=${STATE_SUBSCRIPTION}" \ - --backend-config "resource_group_name=${REMOTE_STATE_RG}" \ - --backend-config "storage_account_name=${REMOTE_STATE_SA}" \ - --backend-config "container_name=tfstate" \ - --backend-config "key=${deployer_tfstate_key}" || { - echo "Terraform init failed" - exit 1 - } - deployer_kv_user_arm_id=$(terraform -chdir="${terraform_deployer_module_directory}" output -no-color -raw deployer_kv_user_arm_id | tr -d \") - export TF_VAR_spn_keyvault_id=$deployer_kv_user_arm_id - terraform -chdir="${terraform_deployer_module_directory}" output created_resource_group_subscription_id -fi - - echo "" echo "#########################################################################################" echo "# #" From 87891d8335691ce03d51679b4d1fe79ca453baa2 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 10:29:33 +0300 Subject: [PATCH 61/77] Refactor install_workloadzone.sh to export SPN key vault ID if keyvault is provided --- deploy/scripts/install_workloadzone.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index c8ee770214..141b1cc1ed 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -399,6 +399,10 @@ fi if [ -n "$keyvault" ]; then if valid_kv_name "$keyvault"; then save_config_var "keyvault" "${workload_config_information}" + key_vault_id=$(az resource list --name "${key_vault}" --resource-type Microsoft.KeyVault/vaults --query "[].id | [0]" -o tsv) + if [ -n "$keyvault" ]; then + export TF_VAR_spn_keyvault_id=${key_vault_id} + fi else printf -v val %-40.40s "$keyvault" echo "#########################################################################################" From 66a443c20b7621bb812782f80058f2e986229f27 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 11:40:03 +0300 Subject: [PATCH 62/77] Refactor tfvar_variables.tf to set default value of short_named_endpoints_nics to true --- deploy/terraform/bootstrap/sap_library/tfvar_variables.tf | 2 +- deploy/terraform/run/sap_library/tfvar_variables.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/terraform/bootstrap/sap_library/tfvar_variables.tf b/deploy/terraform/bootstrap/sap_library/tfvar_variables.tf index e74f9a63fd..59b5658dc4 100644 --- a/deploy/terraform/bootstrap/sap_library/tfvar_variables.tf +++ b/deploy/terraform/bootstrap/sap_library/tfvar_variables.tf @@ -202,7 +202,7 @@ variable "use_private_endpoint" { variable "short_named_endpoints_nics" { description = "If defined, uses short names for private endpoints nics" - default = false + default = true } variable "public_network_access_enabled" { diff --git a/deploy/terraform/run/sap_library/tfvar_variables.tf b/deploy/terraform/run/sap_library/tfvar_variables.tf index e0a4878a6a..86a1c2be26 100644 --- a/deploy/terraform/run/sap_library/tfvar_variables.tf +++ b/deploy/terraform/run/sap_library/tfvar_variables.tf @@ -39,7 +39,7 @@ variable "place_delete_lock_on_resources" { variable "short_named_endpoints_nics" { description = "If defined, uses short names for private endpoints nics" - default = false + default = true } From d3b44ad0b2a586a2ba4a6718108f70ad33968fe8 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 12:13:38 +0300 Subject: [PATCH 63/77] Refactor remover.sh to consolidate terraform destroy command --- deploy/scripts/remover.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/deploy/scripts/remover.sh b/deploy/scripts/remover.sh index 0c82edee47..7d2ad3feb3 100755 --- a/deploy/scripts/remover.sh +++ b/deploy/scripts/remover.sh @@ -402,9 +402,7 @@ then if [ -n "${approve}" ] then - terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" $approve $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter - - $deployer_tfstate_key_parameter -json | tee -a destroy_output.json + terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" $approve $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter -json | tee -a destroy_output.json else terraform -chdir="${terraform_module_directory}" destroy -var-file="${var_file}" $approve $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter From 9744163cecbd8c70c21551740e80f91847eb0aba Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 12:49:52 +0300 Subject: [PATCH 64/77] Refactor echo statements in remover.sh and remove-control-plane.yaml --- deploy/pipelines/10-remover-terraform.yaml | 4 ++-- deploy/pipelines/12-remove-control-plane.yaml | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index 762f4a8158..c11c2f4799 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -442,7 +442,7 @@ stages: git pull #stop the pipeline after you have reset the whitelisting on your resources - echo "Return code from remover.sh $return_code." + echo "Return code from remover.sh: $return_code." if [ 0 != $return_code ]; then echo "##vso[task.logissue type=error]Return code from remover.sh $return_code." exit $return_code @@ -831,7 +831,7 @@ stages: return_code=$? #stop the pipeline after you have reset the whitelisting on your resources - echo "Return code from remover.sh $return_code." + echo "Return code from remover.sh: $return_code." if [ 0 != $return_code ]; then echo "##vso[task.logissue type=error]Return code from remover.sh $return_code." exit $return_code diff --git a/deploy/pipelines/12-remove-control-plane.yaml b/deploy/pipelines/12-remove-control-plane.yaml index 3c101705d1..8e5e5458ba 100644 --- a/deploy/pipelines/12-remove-control-plane.yaml +++ b/deploy/pipelines/12-remove-control-plane.yaml @@ -79,8 +79,8 @@ stages: echo DEPLOYMENT_REPO_PATH=$DEPLOYMENT_REPO_PATH > .sap_deployment_automation/config echo -e "$green--- Configure devops CLI extension ---$reset" - az config set extension.use_dynamic_install=yes_without_prompt - az config set extension.dynamic_install_allow_preview=true + az config set extension.use_dynamic_install=yes_without_prompt --only-show-errors + az config set extension.dynamic_install_allow_preview=true --only-show-errors az devops configure --defaults organization=$(System.CollectionUri) project='$(System.TeamProject)' --output none @@ -299,7 +299,7 @@ stages: return_code=$? - echo "Return code from remove_controlplane: $return_code." + echo "Return code from remove_controlplane: $return_code." echo -e "$green--- Remove Control Plane Part 1 ---$reset" cd $CONFIG_REPO_PATH @@ -472,7 +472,7 @@ stages: cd $HOME; mkdir -p .sap_deployment_automation echo -e "$green--- Configure devops CLI extension ---$reset" - az config set extension.use_dynamic_install=yes_without_prompt + az config set extension.use_dynamic_install=yes_without_prompt --only-show-errors az devops configure --defaults organization=$(System.CollectionUri) project='$(System.TeamProject)' --output none @@ -653,7 +653,7 @@ stages: return_code=$? - echo "Return code from remove_deployer $return_code." + echo "Return code from remove_deployer: $return_code." if [ 0 != $return_code ]; then echo "##vso[task.logissue type=error]Return code from remove_deployer $return_code." fi From 5e8b97b3e5aefca912cf9421a48c2b592a9aba4c Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 12:56:58 +0300 Subject: [PATCH 65/77] Refactor echo statements in deploy/pipelines/01-deploy-control-plane.yaml --- deploy/pipelines/01-deploy-control-plane.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index 8deefe83e1..0ce742fafb 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -220,10 +220,10 @@ stages: deployer_environment_file_name=$CONFIG_REPO_PATH/.sap_deployment_automation/${ENVIRONMENT}$LOCATION echo -e "$green--- Deploy the Control Plane ---$reset" if [ -n "$(PAT)" ]; then - echo "Deployer Agent PAT: IsDefined" + echo "Deployer Agent PAT: IsDefined" fi if [ -n "$(POOL)" ]; then - echo " Deployer Agent Pool: $(POOL)" + echo " Deployer Agent Pool: $(POOL)" fi if [ -f ${CONFIG_REPO_PATH}/DEPLOYER/$(deployerfolder)/state.zip ]; then @@ -260,8 +260,8 @@ stages: export ARM_USE_OIDC=false export ARM_USE_AZUREAD=true - echo "Deployment credentials: Service Principal" - echo "Deployment credential ID (SPN): $WL_ARM_CLIENT_ID" + echo "Deployment credentials: Service Principal" + echo "Deployment credential ID (SPN): $CP_ARM_CLIENT_ID" az login --service-principal -u $ARM_CLIENT_ID -p=$ARM_CLIENT_SECRET --tenant $ARM_TENANT_ID --output none From 5c0c8ba2e201a43ddcc9ffe600b6a1800ccf4b2d Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 14:28:38 +0300 Subject: [PATCH 66/77] Refactor providers.tf to conditionally set use_msi based on var.use_spn --- deploy/terraform/run/sap_landscape/providers.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/deploy/terraform/run/sap_landscape/providers.tf b/deploy/terraform/run/sap_landscape/providers.tf index c411619782..876c768990 100644 --- a/deploy/terraform/run/sap_landscape/providers.tf +++ b/deploy/terraform/run/sap_landscape/providers.tf @@ -15,6 +15,7 @@ provider "azurerm" { features {} subscription_id = length(local.deployer_subscription_id) > 0 ? local.deployer_subscription_id : null + use_msi = var.use_spn ? false : true storage_use_azuread = true } From 282afe27ffeceaa09f0ba060135d23acb266ad6e Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 15:27:48 +0300 Subject: [PATCH 67/77] Refactor echo statements in deploy/pipelines/01-deploy-control-plane.yaml and remover.sh --- deploy/pipelines/01-deploy-control-plane.yaml | 15 ++++++++------- .../bootstrap/sap_library/tfvar_variables.tf | 2 +- .../terraform/run/sap_library/tfvar_variables.tf | 2 +- 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index 0ce742fafb..900fd517e2 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -109,13 +109,13 @@ stages: az extension add --name azure-devops --output none --only-show-errors - echo "Environment: $ENVIRONMENT" - echo "Location: $LOCATION" + echo "Environment: $ENVIRONMENT" + echo "Location: $LOCATION" echo "" - echo "Agent: $(this_agent)" - echo "Organization: $(System.CollectionUri)" - echo "Project: $(System.TeamProject)" + echo "Agent: $(this_agent)" + echo "Organization: $(System.CollectionUri)" + echo "Project: $(System.TeamProject)" echo "" az devops configure --defaults organization=$(System.CollectionUri) project='$(System.TeamProject)' --output none --only-show-errors @@ -123,7 +123,7 @@ stages: printf -v tempval '%s id:' $(variable_group) printf -v val '%-20s' "${tempval}" - echo "$val $VARIABLE_GROUP_ID" + echo "$val $VARIABLE_GROUP_ID" if [ "${{ parameters.force_reset }}" = "True" ]; then echo "##vso[task.logissue type=warning]Forcing a re-install" @@ -161,7 +161,8 @@ stages: step=0 else if [ -f ${deployer_environment_file_name} ]; then - step=$(cat ${deployer_environment_file_name} | grep step= | awk -F'=' '{print $2}' | xargs) ; echo 'Step' ${step} + step=$(cat ${deployer_environment_file_name} | grep step= | awk -F'=' '{print $2}' | xargs) + echo "Step: $(this_agent)" if [ "0" != ${step} ]; then exit 0 fi diff --git a/deploy/terraform/bootstrap/sap_library/tfvar_variables.tf b/deploy/terraform/bootstrap/sap_library/tfvar_variables.tf index 59b5658dc4..e74f9a63fd 100644 --- a/deploy/terraform/bootstrap/sap_library/tfvar_variables.tf +++ b/deploy/terraform/bootstrap/sap_library/tfvar_variables.tf @@ -202,7 +202,7 @@ variable "use_private_endpoint" { variable "short_named_endpoints_nics" { description = "If defined, uses short names for private endpoints nics" - default = true + default = false } variable "public_network_access_enabled" { diff --git a/deploy/terraform/run/sap_library/tfvar_variables.tf b/deploy/terraform/run/sap_library/tfvar_variables.tf index 86a1c2be26..e0a4878a6a 100644 --- a/deploy/terraform/run/sap_library/tfvar_variables.tf +++ b/deploy/terraform/run/sap_library/tfvar_variables.tf @@ -39,7 +39,7 @@ variable "place_delete_lock_on_resources" { variable "short_named_endpoints_nics" { description = "If defined, uses short names for private endpoints nics" - default = true + default = false } From 208ba664c5e088a81c9fd7a9a6bda8ad21b62bbd Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 15:41:30 +0300 Subject: [PATCH 68/77] Refactor echo statements in deploy/pipelines/01-deploy-control-plane.yaml to improve clarity of deployment credentials --- deploy/pipelines/01-deploy-control-plane.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index 900fd517e2..9a035025f2 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -246,7 +246,7 @@ stages: if [ "$USE_MSI" = "true" ]; then export ARM_CLIENT_SECRET=$servicePrincipalKey export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID - echo "Deployment credentials: Managed Identity" + echo "Deployment credentials: Managed Identity" $SAP_AUTOMATION_REPO_PATH/deploy/scripts/deploy_controlplane.sh \ @@ -696,7 +696,7 @@ stages: fi az account set --subscription $ARM_SUBSCRIPTION_ID else - echo "Deployment credentials: Managed Identity" + echo "Deployment credentials: Managed Identity" # export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID export ARM_USE_MSI=true From 553133601558899d78018fea4a7bdd01c75ccfe5 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 15:56:46 +0300 Subject: [PATCH 69/77] Refactor echo statements in deploy/pipelines/01-deploy-control-plane.yaml to improve clarity of deployment credentials --- deploy/pipelines/01-deploy-control-plane.yaml | 4 ++-- deploy/pipelines/03-sap-system-deployment.yaml | 2 +- deploy/pipelines/10-remover-terraform.yaml | 4 ++-- .../terraform-units/modules/sap_library/storage_accounts.tf | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/deploy/pipelines/01-deploy-control-plane.yaml b/deploy/pipelines/01-deploy-control-plane.yaml index 9a035025f2..b8aa970aa8 100644 --- a/deploy/pipelines/01-deploy-control-plane.yaml +++ b/deploy/pipelines/01-deploy-control-plane.yaml @@ -579,7 +579,7 @@ stages: exit 2 fi TF_VAR_app_registration_app_id=$(APP_REGISTRATION_APP_ID); - echo "App Registration ID: ${TF_VAR_app_registration_app_id}" + echo "App Registration ID: ${TF_VAR_app_registration_app_id}" export TF_VAR_app_registration_app_id TF_VAR_webapp_client_secret=$(WEB_APP_CLIENT_SECRET) export TF_VAR_webapp_client_secret @@ -696,7 +696,7 @@ stages: fi az account set --subscription $ARM_SUBSCRIPTION_ID else - echo "Deployment credentials: Managed Identity" + echo "Deployment credentials: Managed Identity" # export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID export ARM_USE_MSI=true diff --git a/deploy/pipelines/03-sap-system-deployment.yaml b/deploy/pipelines/03-sap-system-deployment.yaml index de3b51a5af..61fd3c8283 100644 --- a/deploy/pipelines/03-sap-system-deployment.yaml +++ b/deploy/pipelines/03-sap-system-deployment.yaml @@ -276,7 +276,7 @@ stages: exit $return_code fi else - echo "Deployment credentials: Managed Identity" + echo "Deployment credentials: Managed Identity" export ARM_USE_MSI=true export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID unset ARM_TENANT_ID diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index c11c2f4799..a528b3c41d 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -178,7 +178,7 @@ stages: exit $return_code fi else - echo "Deployment credentials: Managed Identity" + echo "Deployment credentials: Managed Identity" export ARM_USE_MSI=true export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID @@ -809,7 +809,7 @@ stages: exit $return_code fi else - echo "Deployment credentials: Managed Identity" + echo "Deployment credentials: Managed Identity" export ARM_USE_MSI=true export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID unset ARM_TENANT_ID diff --git a/deploy/terraform/terraform-units/modules/sap_library/storage_accounts.tf b/deploy/terraform/terraform-units/modules/sap_library/storage_accounts.tf index 6930834d21..ae12c5ed4f 100644 --- a/deploy/terraform/terraform-units/modules/sap_library/storage_accounts.tf +++ b/deploy/terraform/terraform-units/modules/sap_library/storage_accounts.tf @@ -218,7 +218,7 @@ resource "azurerm_private_endpoint" "table_tfstate" { subnet_id = var.deployer_tfstate.subnet_mgmt_id - custom_network_interface_name = var.short_named_endpoints_nics ? format("%s%s%s%s", + custom_network_interface_name = var.short_named_endpoints_nics ? format("%s%s%st%s", var.naming.resource_prefixes.storage_private_link_tf, length(local.prefix) > 0 ? ( local.prefix) : ( From b4734d9da5395f5db7a7186897158705a358e5f5 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 18:10:33 +0300 Subject: [PATCH 70/77] Refactor install_workloadzone.sh to improve argument parsing and readability --- deploy/scripts/install_workloadzone.sh | 160 ++++--------------------- 1 file changed, 23 insertions(+), 137 deletions(-) diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index 141b1cc1ed..5853521c51 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -31,144 +31,30 @@ if [ "$VALID_ARGUMENTS" != "0" ]; then fi eval set -- "$INPUT_ARGUMENTS" -while :; do - case "$1" in - -a | --ado) - called_from_ado=1 - shift - ;; - -c | --spn_id) - client_id="$2" - shift 2 - ;; - -d | --deployer_tfstate_key) - deployer_tfstate_key="$2" - shift 2 - ;; - -e | --deployer_environment) - deployer_environment="$2" - shift 2 - ;; - -f | --force) - force=1 - shift - ;; - -i | --auto-approve) - approve="--auto-approve" - shift - ;; - -k | --state_subscription) - STATE_SUBSCRIPTION="$2" - shift 2 - ;; - -m | --msi) - deploy_using_msi_only=1 - shift - ;; - -n | --spn_secret) - spn_secret="$2" - shift 2 - ;; - -o | --storageaccountname) - REMOTE_STATE_SA="$2" - shift 2 - ;; - -p | --parameterfile) - parameterfile="$2" - shift 2 - ;; - -s | --subscription) - subscription="$2" - shift 2 - ;; - -t | --tenant_id) - tenant_id="$2" - shift 2 - ;; - -v | --keyvault) - keyvault="$2" - shift 2 - ;; -while :; do - case "$1" in - -a | --ado) - called_from_ado=1 - shift - ;; - -c | --spn_id) - client_id="$2" - shift 2 - ;; - -d | --deployer_tfstate_key) - deployer_tfstate_key="$2" - shift 2 - ;; - -e | --deployer_environment) - deployer_environment="$2" - shift 2 - ;; - -f | --force) - force=1 - shift - ;; - -i | --auto-approve) - approve="--auto-approve" - shift - ;; - -k | --state_subscription) - STATE_SUBSCRIPTION="$2" - shift 2 - ;; - -m | --msi) - deploy_using_msi_only=1 - shift - ;; - -n | --spn_secret) - spn_secret="$2" - shift 2 - ;; - -o | --storageaccountname) - REMOTE_STATE_SA="$2" - shift 2 - ;; - -p | --parameterfile) - parameterfile="$2" - shift 2 - ;; - -s | --subscription) - subscription="$2" - shift 2 - ;; - -t | --tenant_id) - tenant_id="$2" - shift 2 - ;; - -v | --keyvault) - keyvault="$2" - shift 2 - ;; - - -h | --help) - workload_zone_showhelp - exit 3 - shift - ;; - --) - shift - break - ;; - esac - -h | --help) - workload_zone_showhelp - exit 3 - shift - ;; - --) - shift - break - ;; - esac +while : +do + case "$1" in + -a | --ado) called_from_ado=1 ; shift ;; + -c | --spn_id) client_id="$2" ; shift 2 ;; + -d | --deployer_tfstate_key) deployer_tfstate_key="$2" ; shift 2 ;; + -e | --deployer_environment) deployer_environment="$2" ; shift 2 ;; + -f | --force) force=1 ; shift ;; + -i | --auto-approve) approve="--auto-approve" ; shift ;; + -k | --state_subscription) STATE_SUBSCRIPTION="$2" ; shift 2 ;; + -m | --msi) deploy_using_msi_only=1 ; shift ;; + -n | --spn_secret) spn_secret="$2" ; shift 2 ;; + -o | --storageaccountname) REMOTE_STATE_SA="$2" ; shift 2 ;; + -p | --parameterfile) parameterfile="$2" ; shift 2 ;; + -s | --subscription) subscription="$2" ; shift 2 ;; + -t | --tenant_id) tenant_id="$2" ; shift 2 ;; + -v | --keyvault) keyvault="$2" ; shift 2 ;; + + -h | --help) workload_zone_showhelp + exit 3 ; shift ;; + --) shift; break ;; + esac done + tfstate_resource_id="" tfstate_parameter="" From ea0fb68ef0e12c074413e61471091e9281b8b1fb Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 18:26:47 +0300 Subject: [PATCH 71/77] Refactor code for improved argument parsing and readability in install_workloadzone.sh --- deploy/scripts/install_workloadzone.sh | 1816 +++++++++--------------- 1 file changed, 679 insertions(+), 1137 deletions(-) diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index 5853521c51..f8b410e545 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -26,8 +26,7 @@ deploy_using_msi_only=0 INPUT_ARGUMENTS=$(getopt -n install_workloadzone -o p:d:e:k:o:s:c:n:t:v:aifhm --longoptions parameterfile:,deployer_tfstate_key:,deployer_environment:,subscription:,spn_id:,spn_secret:,tenant_id:,state_subscription:,keyvault:,storageaccountname:,ado,auto-approve,force,help,msi -- "$@") VALID_ARGUMENTS=$? if [ "$VALID_ARGUMENTS" != "0" ]; then - showhelp - showhelp + showhelp fi eval set -- "$INPUT_ARGUMENTS" @@ -54,7 +53,6 @@ do --) shift; break ;; esac done - tfstate_resource_id="" tfstate_parameter="" @@ -70,14 +68,10 @@ deployer_environment=$(echo "${deployer_environment}" | tr "[:lower:]" "[:upper: echo "Deployer environment: $deployer_environment" -if [ 1 == $called_from_ado ]; then - this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 - export TF_VAR_Agent_IP=$this_ip - echo "Agent IP: $this_ip" -if [ 1 == $called_from_ado ]; then - this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 - export TF_VAR_Agent_IP=$this_ip - echo "Agent IP: $this_ip" +if [ 1 == $called_from_ado ] ; then + this_ip=$(curl -s ipinfo.io/ip) >/dev/null 2>&1 + export TF_VAR_Agent_IP=$this_ip + echo "Agent IP: $this_ip" fi @@ -86,71 +80,54 @@ workload_file_parametername=$(basename "${parameterfile}") param_dirname=$(dirname "${parameterfile}") if [ "$param_dirname" != '.' ]; then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldred Please run this command from the folder containing the parameter file$resetformatting #" - echo "# #" - echo "#########################################################################################" - exit 3 - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldred Please run this command from the folder containing the parameter file$resetformatting #" - echo "# #" - echo "#########################################################################################" - exit 3 + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldred Please run this command from the folder containing the parameter file$resetformatting #" + echo "# #" + echo "#########################################################################################" + exit 3 fi -if [ ! -f "${workload_file_parametername}" ]; then - printf -v val %-40.40s "$workload_file_parametername" - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldreduscore Parameter file does not exist: ${val}$resetformatting #" - echo "# #" - echo "#########################################################################################" - exit 3 -if [ ! -f "${workload_file_parametername}" ]; then - printf -v val %-40.40s "$workload_file_parametername" - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldreduscore Parameter file does not exist: ${val}$resetformatting #" - echo "# #" - echo "#########################################################################################" - exit 3 +if [ ! -f "${workload_file_parametername}" ] +then + printf -v val %-40.40s "$workload_file_parametername" + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldreduscore Parameter file does not exist: ${val}$resetformatting #" + echo "# #" + echo "#########################################################################################" + exit 3 fi # Check that the exports ARM_SUBSCRIPTION_ID and SAP_AUTOMATION_REPO_PATH are defined validate_exports return_code=$? if [ 0 != $return_code ]; then - exit $return_code - exit $return_code + exit $return_code fi # Check that Terraform and Azure CLI is installed validate_dependencies return_code=$? if [ 0 != $return_code ]; then - exit $return_code - exit $return_code + exit $return_code fi # Check that parameter files have environment and location defined validate_key_parameters "$workload_file_parametername" return_code=$? if [ 0 != $return_code ]; then - exit $return_code - exit $return_code + exit $return_code fi # Convert the region to the correct code get_region_code "$region" + if [ "${region_code}" == 'UNKN' ]; then - LOCATION_CODE=$(echo "$workload_file_parametername" | awk -F'-' '{print $2}') + LOCATION_CODE=$(echo "$workload_file_parametername" | awk -F'-' '{print $2}' ) region_code=$(echo "${LOCATION_CODE}" | tr "[:lower:]" "[:upper:]" | xargs) fi @@ -160,24 +137,15 @@ load_config_vars "$workload_file_parametername" "network_logical_name" network_logical_name=$(echo "${network_logical_name}" | tr "[:lower:]" "[:upper:]" | xargs) if [ -z "${network_logical_name}" ]; then - echo "#########################################################################################" - echo "# #" - echo -e "# $boldred Incorrect parameter file. $resetformatting #" - echo "# #" - echo "# The file must contain the network_logical_name attribute!! #" - echo "# #" - echo "#########################################################################################" - echo "" - return 64 #script usage wrong - echo "#########################################################################################" - echo "# #" - echo -e "# $boldred Incorrect parameter file. $resetformatting #" - echo "# #" - echo "# The file must contain the network_logical_name attribute!! #" - echo "# #" - echo "#########################################################################################" - echo "" - return 64 #script usage wrong + echo "#########################################################################################" + echo "# #" + echo -e "# $boldred Incorrect parameter file. $resetformatting #" + echo "# #" + echo "# The file must contain the network_logical_name attribute!! #" + echo "# #" + echo "#########################################################################################" + echo "" + return 64 #script usage wrong fi key=$(echo "${workload_file_parametername}" | cut -d. -f1) @@ -189,31 +157,24 @@ automation_config_directory=$CONFIG_REPO_PATH/.sap_deployment_automation generic_config_information="${automation_config_directory}"/config if [ "$deployer_environment" != "$environment" ]; then - if [ -f "${automation_config_directory}"/"${environment}""${region_code}" ]; then - # Add support for having multiple vnets in the same environment and zone - rename exiting file to support seamless transition - mv "${automation_config_directory}"/"${environment}""${region_code}" "${automation_config_directory}"/"${environment}""${region_code}""${network_logical_name}" - fi - if [ -f "${automation_config_directory}"/"${environment}""${region_code}" ]; then - # Add support for having multiple vnets in the same environment and zone - rename exiting file to support seamless transition - mv "${automation_config_directory}"/"${environment}""${region_code}" "${automation_config_directory}"/"${environment}""${region_code}""${network_logical_name}" - fi + if [ -f "${automation_config_directory}"/"${environment}""${region_code}" ]; then + # Add support for having multiple vnets in the same environment and zone - rename exiting file to support seamless transition + mv "${automation_config_directory}"/"${environment}""${region_code}" "${automation_config_directory}"/"${environment}""${region_code}""${network_logical_name}" + fi fi workload_config_information="${automation_config_directory}/${environment}${region_code}${network_logical_name}" deployer_config_information="${automation_config_directory}/${deployer_environment}${region_code}" save_config_vars "${workload_config_information}" \ - STATE_SUBSCRIPTION REMOTE_STATE_SA subscription + STATE_SUBSCRIPTION REMOTE_STATE_SA subscription -if [ "${force}" == 1 ]; then - if [ -f "${workload_config_information}" ]; then - rm "${workload_config_information}" - fi - rm -Rf .terraform terraform.tfstate* -if [ "${force}" == 1 ]; then - if [ -f "${workload_config_information}" ]; then - rm "${workload_config_information}" - fi - rm -Rf .terraform terraform.tfstate* +if [ "${force}" == 1 ] +then + if [ -f "${workload_config_information}" ] + then + rm "${workload_config_information}" + fi + rm -Rf .terraform terraform.tfstate* fi echo "" @@ -226,203 +187,127 @@ echo "Deployer Subscription: $STATE_SUBSCRIPTION" echo "Remote state storage account: $REMOTE_STATE_SA" echo "Target Subscription: $subscription" -if [[ -n $STATE_SUBSCRIPTION ]]; then - if is_valid_guid "$STATE_SUBSCRIPTION"; then -if [[ -n $STATE_SUBSCRIPTION ]]; then - if is_valid_guid "$STATE_SUBSCRIPTION"; then +if [[ -n $STATE_SUBSCRIPTION ]] +then + if is_valid_guid "$STATE_SUBSCRIPTION" ; then - save_config_vars "${workload_config_information}" \ - STATE_SUBSCRIPTION - save_config_vars "${workload_config_information}" \ - STATE_SUBSCRIPTION + save_config_vars "${workload_config_information}" \ + STATE_SUBSCRIPTION - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $cyan Changing the subscription to: $STATE_SUBSCRIPTION $resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" - az account set --sub "${STATE_SUBSCRIPTION}" - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $cyan Changing the subscription to: $STATE_SUBSCRIPTION $resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" - az account set --sub "${STATE_SUBSCRIPTION}" + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $cyan Changing the subscription to: $STATE_SUBSCRIPTION $resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" + az account set --sub "${STATE_SUBSCRIPTION}" - else - printf -v val %-40.40s "$STATE_SUBSCRIPTION" - echo "#########################################################################################" - echo "# #" - echo -e "#The provided state_subscription is not valid:$boldred ${val} $resetformatting#" - echo "# #" - echo "#########################################################################################" - echo "The provided subscription for the terraform storage is not valid: ${val}" >"${workload_config_information}".err - exit 65 - fi - else - printf -v val %-40.40s "$STATE_SUBSCRIPTION" - echo "#########################################################################################" - echo "# #" - echo -e "#The provided state_subscription is not valid:$boldred ${val} $resetformatting#" - echo "# #" - echo "#########################################################################################" - echo "The provided subscription for the terraform storage is not valid: ${val}" >"${workload_config_information}".err - exit 65 - fi + else + printf -v val %-40.40s "$STATE_SUBSCRIPTION" + echo "#########################################################################################" + echo "# #" + echo -e "#The provided state_subscription is not valid:$boldred ${val} $resetformatting#" + echo "# #" + echo "#########################################################################################" + echo "The provided subscription for the terraform storage is not valid: ${val}" > "${workload_config_information}".err + exit 65 + fi fi -if [ -n "$REMOTE_STATE_SA" ]; then - get_and_store_sa_details ${REMOTE_STATE_SA} ${workload_config_information} -if [ -n "$REMOTE_STATE_SA" ]; then - get_and_store_sa_details ${REMOTE_STATE_SA} ${workload_config_information} +if [ -n "$REMOTE_STATE_SA" ] ; then + get_and_store_sa_details ${REMOTE_STATE_SA} ${workload_config_information} fi -if [ -n "$keyvault" ]; then - if valid_kv_name "$keyvault"; then - save_config_var "keyvault" "${workload_config_information}" - key_vault_id=$(az resource list --name "${key_vault}" --resource-type Microsoft.KeyVault/vaults --query "[].id | [0]" -o tsv) - if [ -n "$keyvault" ]; then - export TF_VAR_spn_keyvault_id=${key_vault_id} +if [ -n "$keyvault" ] +then + if valid_kv_name "$keyvault" ; then + save_config_var "keyvault" "${workload_config_information}" + else + printf -v val %-40.40s "$keyvault" + echo "#########################################################################################" + echo "# #" + echo -e "# The provided keyvault is not valid:$boldred ${val} $resetformatting #" + echo "# #" + echo "#########################################################################################" + + echo "The provided keyvault is not valid: ${val}" > "${workload_config_information}".err + exit 65 fi - else - printf -v val %-40.40s "$keyvault" - echo "#########################################################################################" - echo "# #" - echo -e "# The provided keyvault is not valid:$boldred ${val} $resetformatting #" - echo "# #" - echo "#########################################################################################" -if [ -n "$keyvault" ]; then - if valid_kv_name "$keyvault"; then - save_config_var "keyvault" "${workload_config_information}" - else - printf -v val %-40.40s "$keyvault" - echo "#########################################################################################" - echo "# #" - echo -e "# The provided keyvault is not valid:$boldred ${val} $resetformatting #" - echo "# #" - echo "#########################################################################################" - - echo "The provided keyvault is not valid: ${val}" >"${workload_config_information}".err - exit 65 - fi - echo "The provided keyvault is not valid: ${val}" >"${workload_config_information}".err - exit 65 - fi fi -if [ ! -f "${workload_config_information}" ]; then - # Ask for deployer environment name and try to read the deployer state file and resource group details from the configuration file - if [ -z "$deployer_environment" ]; then - read -p "Deployer environment name: " deployer_environment - fi -if [ ! -f "${workload_config_information}" ]; then - # Ask for deployer environment name and try to read the deployer state file and resource group details from the configuration file - if [ -z "$deployer_environment" ]; then - read -p "Deployer environment name: " deployer_environment - fi - deployer_config_information="${automation_config_directory}"/"${deployer_environment}""${region_code}" - if [ -f "$deployer_config_information" ]; then - if [ -z "${keyvault}" ]; then - load_config_vars "${deployer_config_information}" "keyvault" - fi - deployer_config_information="${automation_config_directory}"/"${deployer_environment}""${region_code}" - if [ -f "$deployer_config_information" ]; then - if [ -z "${keyvault}" ]; then - load_config_vars "${deployer_config_information}" "keyvault" +if [ ! -f "${workload_config_information}" ] +then + # Ask for deployer environment name and try to read the deployer state file and resource group details from the configuration file + if [ -z "$deployer_environment" ] + then + read -p "Deployer environment name: " deployer_environment fi - load_config_vars "${deployer_config_information}" "REMOTE_STATE_RG" - if [ -z "${REMOTE_STATE_SA}" ]; then - load_config_vars "${deployer_config_information}" "REMOTE_STATE_SA" - fi - load_config_vars "${deployer_config_information}" "tfstate_resource_id" - load_config_vars "${deployer_config_information}" "deployer_tfstate_key" - load_config_vars "${deployer_config_information}" "REMOTE_STATE_RG" - if [ -z "${REMOTE_STATE_SA}" ]; then - load_config_vars "${deployer_config_information}" "REMOTE_STATE_SA" - fi - load_config_vars "${deployer_config_information}" "tfstate_resource_id" - load_config_vars "${deployer_config_information}" "deployer_tfstate_key" + deployer_config_information="${automation_config_directory}"/"${deployer_environment}""${region_code}" + if [ -f "$deployer_config_information" ] + then + if [ -z "${keyvault}" ] + then + load_config_vars "${deployer_config_information}" "keyvault" + fi - save_config_vars "${workload_config_information}" \ - keyvault \ - subscription \ - deployer_tfstate_key \ - tfstate_resource_id \ - REMOTE_STATE_SA \ - REMOTE_STATE_RG - fi - save_config_vars "${workload_config_information}" \ - keyvault \ - subscription \ - deployer_tfstate_key \ - tfstate_resource_id \ - REMOTE_STATE_SA \ - REMOTE_STATE_RG - fi -fi + load_config_vars "${deployer_config_information}" "REMOTE_STATE_RG" + if [ -z "${REMOTE_STATE_SA}" ] + then + load_config_vars "${deployer_config_information}" "REMOTE_STATE_SA" + fi + load_config_vars "${deployer_config_information}" "tfstate_resource_id" + load_config_vars "${deployer_config_information}" "deployer_tfstate_key" -if [ -z "$tfstate_resource_id" ]; then - echo "No tfstate_resource_id" - if [ -n "$deployer_environment" ]; then - deployer_config_information="${automation_config_directory}"/"${deployer_environment}""${region_code}" - echo "Deployer config file: $deployer_config_information" - if [ -f "$deployer_config_information" ]; then - load_config_vars "${deployer_config_information}" "keyvault" - load_config_vars "${deployer_config_information}" "REMOTE_STATE_RG" - load_config_vars "${deployer_config_information}" "REMOTE_STATE_SA" - load_config_vars "${deployer_config_information}" "tfstate_resource_id" - load_config_vars "${deployer_config_information}" "deployer_tfstate_key" -if [ -z "$tfstate_resource_id" ]; then - echo "No tfstate_resource_id" - if [ -n "$deployer_environment" ]; then - deployer_config_information="${automation_config_directory}"/"${deployer_environment}""${region_code}" - echo "Deployer config file: $deployer_config_information" - if [ -f "$deployer_config_information" ]; then - load_config_vars "${deployer_config_information}" "keyvault" - load_config_vars "${deployer_config_information}" "REMOTE_STATE_RG" - load_config_vars "${deployer_config_information}" "REMOTE_STATE_SA" - load_config_vars "${deployer_config_information}" "tfstate_resource_id" - load_config_vars "${deployer_config_information}" "deployer_tfstate_key" - - save_config_vars "${workload_config_information}" \ - tfstate_resource_id - save_config_vars "${workload_config_information}" \ - tfstate_resource_id - - save_config_vars "${workload_config_information}" \ + save_config_vars "${workload_config_information}" \ keyvault \ subscription \ deployer_tfstate_key \ + tfstate_resource_id \ REMOTE_STATE_SA \ REMOTE_STATE_RG fi - fi - save_config_vars "${workload_config_information}" \ - keyvault \ - subscription \ - deployer_tfstate_key \ - REMOTE_STATE_SA \ - REMOTE_STATE_RG +fi + +if [ -z "$tfstate_resource_id" ] +then + echo "No tfstate_resource_id" + if [ -n "$deployer_environment" ] + then + deployer_config_information="${automation_config_directory}"/"${deployer_environment}""${region_code}" + echo "Deployer config file: $deployer_config_information" + if [ -f "$deployer_config_information" ] + then + load_config_vars "${deployer_config_information}" "keyvault" + load_config_vars "${deployer_config_information}" "REMOTE_STATE_RG" + load_config_vars "${deployer_config_information}" "REMOTE_STATE_SA" + load_config_vars "${deployer_config_information}" "tfstate_resource_id" + load_config_vars "${deployer_config_information}" "deployer_tfstate_key" + + save_config_vars "${workload_config_information}" \ + tfstate_resource_id + + save_config_vars "${workload_config_information}" \ + keyvault \ + subscription \ + deployer_tfstate_key \ + REMOTE_STATE_SA \ + REMOTE_STATE_RG + fi fi - fi else - echo "Terraform Storage Account Id: $tfstate_resource_id" - echo "Terraform Storage Account Id: $tfstate_resource_id" + echo "Terraform Storage Account Id: $tfstate_resource_id" - save_config_vars "${workload_config_information}" \ - save_config_vars "${workload_config_information}" \ + save_config_vars "${workload_config_information}" \ tfstate_resource_id fi + echo "" init "${automation_config_directory}" "${generic_config_information}" "${workload_config_information}" @@ -430,68 +315,58 @@ param_dirname=$(pwd) var_file="${param_dirname}"/"${parameterfile}" export TF_DATA_DIR="${param_dirname}/.terraform" -if [ -n "$subscription" ]; then - if is_valid_guid "$subscription"; then - echo "" - export ARM_SUBSCRIPTION_ID="${subscription}" - else - printf -v val %-40.40s "$subscription" - echo "#########################################################################################" - echo "# #" - echo -e "# The provided subscription is not valid:$boldred ${val} $resetformatting# " - echo "# #" - echo "#########################################################################################" -if [ -n "$subscription" ]; then - if is_valid_guid "$subscription"; then - echo "" - export ARM_SUBSCRIPTION_ID="${subscription}" - else - printf -v val %-40.40s "$subscription" - echo "#########################################################################################" - echo "# #" - echo -e "# The provided subscription is not valid:$boldred ${val} $resetformatting# " - echo "# #" - echo "#########################################################################################" +if [ -n "$subscription" ] +then + if is_valid_guid "$subscription" ; then + echo "" + export ARM_SUBSCRIPTION_ID="${subscription}" + else + printf -v val %-40.40s "$subscription" + echo "#########################################################################################" + echo "# #" + echo -e "# The provided subscription is not valid:$boldred ${val} $resetformatting# " + echo "# #" + echo "#########################################################################################" - echo "The provided subscription is not valid: ${val}" >"${workload_config_information}".err - echo "The provided subscription is not valid: ${val}" >"${workload_config_information}".err + echo "The provided subscription is not valid: ${val}" > "${workload_config_information}".err - exit 65 - fi - exit 65 - fi + exit 65 + fi fi if [ 0 = "${deploy_using_msi_only:-}" ]; then - if [ -n "$client_id" ]; then - if is_valid_guid "$client_id"; then - echo "" - else - printf -v val %-40.40s "$client_id" - echo "#########################################################################################" - echo "# #" - echo -e "# The provided spn_id is not valid:$boldred ${val} $resetformatting #" - echo "# #" - echo "#########################################################################################" - exit 65 - fi + if [ -n "$client_id" ] + then + if is_valid_guid "$client_id" ; then + echo "" + else + printf -v val %-40.40s "$client_id" + echo "#########################################################################################" + echo "# #" + echo -e "# The provided spn_id is not valid:$boldred ${val} $resetformatting #" + echo "# #" + echo "#########################################################################################" + exit 65 + fi fi - if [ -n "$tenant_id" ]; then - if is_valid_guid "$tenant_id"; then - echo "" - else - printf -v val %-40.40s "$tenant_id" - echo "#########################################################################################" - echo "# #" - echo -e "# The provided tenant_id is not valid:$boldred ${val} $resetformatting #" - echo "# #" - echo "#########################################################################################" - exit 65 - fi + if [ -n "$tenant_id" ] + then + if is_valid_guid "$tenant_id" ; then + echo "Valid tenant id format" + else + printf -v val %-40.40s "$tenant_id" + echo "#########################################################################################" + echo "# #" + echo -e "# The provided tenant_id is not valid:$boldred ${val} $resetformatting #" + echo "# #" + echo "#########################################################################################" + exit 65 + fi fi #setting the user environment variables - if [ -n "${spn_secret}" ]; then + if [ -n "${spn_secret}" ] + then set_executing_user_environment_variables "${spn_secret}" else set_executing_user_environment_variables "none" @@ -502,91 +377,71 @@ else fi if [[ -z ${REMOTE_STATE_SA} ]]; then - load_config_vars "${workload_config_information}" "REMOTE_STATE_SA" - load_config_vars "${workload_config_information}" "REMOTE_STATE_SA" + load_config_vars "${workload_config_information}" "REMOTE_STATE_SA" fi load_config_vars "${workload_config_information}" "REMOTE_STATE_RG" load_config_vars "${workload_config_information}" "tfstate_resource_id" if [[ -z ${STATE_SUBSCRIPTION} ]]; then - load_config_vars "${workload_config_information}" "STATE_SUBSCRIPTION" - load_config_vars "${workload_config_information}" "STATE_SUBSCRIPTION" + load_config_vars "${workload_config_information}" "STATE_SUBSCRIPTION" fi if [[ -z ${subscription} ]]; then - load_config_vars "${workload_config_information}" "subscription" - load_config_vars "${workload_config_information}" "subscription" + load_config_vars "${workload_config_information}" "subscription" fi if [[ -z ${deployer_tfstate_key} ]]; then - load_config_vars "${workload_config_information}" "deployer_tfstate_key" - load_config_vars "${workload_config_information}" "deployer_tfstate_key" + load_config_vars "${workload_config_information}" "deployer_tfstate_key" fi -if [ -n "$tfstate_resource_id" ]; then - REMOTE_STATE_RG=$(echo "$tfstate_resource_id" | cut -d / -f5) - REMOTE_STATE_SA=$(echo "$tfstate_resource_id" | cut -d / -f9) - STATE_SUBSCRIPTION=$(echo "$tfstate_resource_id" | cut -d / -f3) -if [ -n "$tfstate_resource_id" ]; then - REMOTE_STATE_RG=$(echo "$tfstate_resource_id" | cut -d / -f5) - REMOTE_STATE_SA=$(echo "$tfstate_resource_id" | cut -d / -f9) - STATE_SUBSCRIPTION=$(echo "$tfstate_resource_id" | cut -d / -f3) - - save_config_vars "${workload_config_information}" \ - save_config_vars "${workload_config_information}" \ +if [ -n "$tfstate_resource_id" ] +then + REMOTE_STATE_RG=$(echo "$tfstate_resource_id" | cut -d / -f5) + REMOTE_STATE_SA=$(echo "$tfstate_resource_id" | cut -d / -f9) + STATE_SUBSCRIPTION=$(echo "$tfstate_resource_id" | cut -d / -f3) + + save_config_vars "${workload_config_information}" \ REMOTE_STATE_SA \ REMOTE_STATE_RG \ STATE_SUBSCRIPTION else - get_and_store_sa_details ${REMOTE_STATE_SA} ${workload_config_information} - get_and_store_sa_details ${REMOTE_STATE_SA} ${workload_config_information} + get_and_store_sa_details ${REMOTE_STATE_SA} ${workload_config_information} fi -if [ -z "$subscription" ]; then + +if [ -z "$subscription" ] +then subscription="${STATE_SUBSCRIPTION}" fi -if [ -z "$REMOTE_STATE_SA" ]; then - if [ -z "$REMOTE_STATE_RG" ]; then - load_config_vars "${workload_config_information}" "tfstate_resource_id" - if [ -n "${tfstate_resource_id}" ]; then - REMOTE_STATE_RG=$(echo "$tfstate_resource_id" | cut -d / -f5) - REMOTE_STATE_SA=$(echo "$tfstate_resource_id" | cut -d / -f9) - STATE_SUBSCRIPTION=$(echo "$tfstate_resource_id" | cut -d / -f3) - fi - fi -if [ -z "$REMOTE_STATE_SA" ]; then - if [ -z "$REMOTE_STATE_RG" ]; then - load_config_vars "${workload_config_information}" "tfstate_resource_id" - if [ -n "${tfstate_resource_id}" ]; then - REMOTE_STATE_RG=$(echo "$tfstate_resource_id" | cut -d / -f5) - REMOTE_STATE_SA=$(echo "$tfstate_resource_id" | cut -d / -f9) - STATE_SUBSCRIPTION=$(echo "$tfstate_resource_id" | cut -d / -f3) +if [ -z "$REMOTE_STATE_SA" ] +then + if [ -z "$REMOTE_STATE_RG" ] + then + load_config_vars "${workload_config_information}" "tfstate_resource_id" + if [ -n "${tfstate_resource_id}" ] + then + REMOTE_STATE_RG=$(echo "$tfstate_resource_id" | cut -d / -f5) + REMOTE_STATE_SA=$(echo "$tfstate_resource_id" | cut -d / -f9) + STATE_SUBSCRIPTION=$(echo "$tfstate_resource_id" | cut -d / -f3) + fi fi - fi - tfstate_parameter=" -var tfstate_resource_id=${tfstate_resource_id}" - tfstate_parameter=" -var tfstate_resource_id=${tfstate_resource_id}" + tfstate_parameter=" -var tfstate_resource_id=${tfstate_resource_id}" else - if [ -z "$REMOTE_STATE_RG" ]; then - get_and_store_sa_details "${REMOTE_STATE_SA}" "${workload_config_information}" - load_config_vars "${workload_config_information}" "STATE_SUBSCRIPTION" - load_config_vars "${workload_config_information}" "REMOTE_STATE_RG" - load_config_vars "${workload_config_information}" "tfstate_resource_id" - fi - if [ -z "$REMOTE_STATE_RG" ]; then - get_and_store_sa_details "${REMOTE_STATE_SA}" "${workload_config_information}" - load_config_vars "${workload_config_information}" "STATE_SUBSCRIPTION" - load_config_vars "${workload_config_information}" "REMOTE_STATE_RG" - load_config_vars "${workload_config_information}" "tfstate_resource_id" - fi + if [ -z "$REMOTE_STATE_RG" ] + then + get_and_store_sa_details "${REMOTE_STATE_SA}" "${workload_config_information}" + load_config_vars "${workload_config_information}" "STATE_SUBSCRIPTION" + load_config_vars "${workload_config_information}" "REMOTE_STATE_RG" + load_config_vars "${workload_config_information}" "tfstate_resource_id" + fi fi -useSAS=$(az storage account show --name "${REMOTE_STATE_SA}" --query allowSharedKeyAccess --subscription "${STATE_SUBSCRIPTION}" --out tsv) -useSAS=$(az storage account show --name "${REMOTE_STATE_SA}" --query allowSharedKeyAccess --subscription "${STATE_SUBSCRIPTION}" --out tsv) +useSAS=$(az storage account show --name "${REMOTE_STATE_SA}" --query allowSharedKeyAccess --subscription "${STATE_SUBSCRIPTION}" --out tsv) -if [ "$useSAS" = "true" ]; then +if [ "$useSAS" = "true" ] ; then echo "Storage Account authentication: key" export ARM_USE_AZUREAD=false else @@ -594,178 +449,141 @@ else export ARM_USE_AZUREAD=true fi + if [ 1 = "${deploy_using_msi_only:-}" ]; then - if [ -n "${keyvault}" ]; then - echo "Setting the secrets" + if [ -n "${keyvault}" ] + then + echo "Setting the secrets" - allParams=$(printf " --workload --environment %s --region %s --vault %s --keyvault_subscription %s --subscription %s --msi " "${environment}" "${region_code}" "${keyvault}" "${STATE_SUBSCRIPTION}" "${ARM_SUBSCRIPTION_ID}") + allParams=$(printf " --workload --environment %s --region %s --vault %s --keyvault_subscription %s --subscription %s --msi " "${environment}" "${region_code}" "${keyvault}" "${STATE_SUBSCRIPTION}" "${ARM_SUBSCRIPTION_ID}" ) - echo "Calling set_secrets with: ${allParams}" + echo "Calling set_secrets with: ${allParams}" - "${SAP_AUTOMATION_REPO_PATH}"/deploy/scripts/set_secrets.sh ${allParams} + "${SAP_AUTOMATION_REPO_PATH}"/deploy/scripts/set_secrets.sh ${allParams} - if [ -f secret.err ]; then - error_message=$(cat secret.err) - echo "##vso[task.logissue type=error]${error_message}" - rm secret.err - exit 65 - fi + if [ -f secret.err ]; then + error_message=$(cat secret.err) + echo "##vso[task.logissue type=error]${error_message}" + rm secret.err + exit 65 + fi fi else - if [ -n "${keyvault}" ]; then - echo "Setting the secrets" + if [ -n "${keyvault}" ] + then + echo "Setting the secrets" - save_config_var "client_id" "${workload_config_information}" - save_config_var "tenant_id" "${workload_config_information}" + save_config_var "client_id" "${workload_config_information}" + save_config_var "tenant_id" "${workload_config_information}" - if [ -n "$spn_secret" ]; then - fixed_allParams=$(printf " --workload --environment %s --region %s --vault %s --subscription %s --spn_secret ***** --keyvault_subscription %s --spn_id %s --tenant_id %s " "${environment}" "${region_code}" "${keyvault}" "${ARM_SUBSCRIPTION_ID}" "${STATE_SUBSCRIPTION}" "${client_id}" "${tenant_id}") + if [ -n "$spn_secret" ] + then + fixed_allParams=$(printf " --workload --environment %s --region %s --vault %s --subscription %s --spn_secret ***** --keyvault_subscription %s --spn_id %s --tenant_id %s " "${environment}" "${region_code}" "${keyvault}" "${ARM_SUBSCRIPTION_ID}" "${STATE_SUBSCRIPTION}" "${client_id}" "${tenant_id}" ) - echo "Calling set_secrets with: ${fixed_allParams}" + echo "Calling set_secrets with: ${fixed_allParams}" - allParams=$(printf " --workload --environment %s --region %s --vault %s --spn_secret %s --subscription %s --keyvault_subscription %s --spn_id %s --tenant_id %s " "${environment}" "${region_code}" "${keyvault}" "${spn_secret}" "${ARM_SUBSCRIPTION_ID}" "${STATE_SUBSCRIPTION}" "${client_id}" "${tenant_id}") + allParams=$(printf " --workload --environment %s --region %s --vault %s --spn_secret %s --subscription %s --keyvault_subscription %s --spn_id %s --tenant_id %s " "${environment}" "${region_code}" "${keyvault}" "${spn_secret}" "${ARM_SUBSCRIPTION_ID}" "${STATE_SUBSCRIPTION}" "${client_id}" "${tenant_id}" ) - "${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/set_secrets.sh" ${allParams} + "${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/set_secrets.sh" ${allParams} - if [ -f secret.err ]; then - error_message=$(cat secret.err) - echo "##vso[task.logissue type=error]${error_message}" + if [ -f secret.err ]; then + error_message=$(cat secret.err) + echo "##vso[task.logissue type=error]${error_message}" - exit 65 - fi - else - read -p "Do you want to specify the Workload SPN Details Y/N?" ans - answer=${ans^^} - if [ ${answer} == 'Y' ]; then - allParams=$(printf " --workload --environment %s --region %s --vault %s --subscription %s --spn_id %s " "${environment}" "${region_code}" "${keyvault}" "${STATE_SUBSCRIPTION}" "${client_id}") - - "${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/set_secrets.sh ${allParams}" - if [ $? -eq 255 ]; then - exit $? - fi + exit 65 + fi + else + read -p "Do you want to specify the Workload SPN Details Y/N?" ans + answer=${ans^^} + if [ ${answer} == 'Y' ]; then + allParams=$(printf " --workload --environment %s --region %s --vault %s --subscription %s --spn_id %s " "${environment}" "${region_code}" "${keyvault}" "${STATE_SUBSCRIPTION}" "${client_id}" ) + + "${SAP_AUTOMATION_REPO_PATH}/deploy/scripts/set_secrets.sh ${allParams}" + if [ $? -eq 255 ] + then + exit $? + fi + fi fi - fi - if [ -f kv.log ]; then - rm kv.log - fi + if [ -f kv.log ] + then + rm kv.log + fi fi fi -if [ -z "${deployer_tfstate_key}" ]; then - load_config_vars "${workload_config_information}" "deployer_tfstate_key" - if [ -n "${deployer_tfstate_key}" ]; then - # Deployer state was specified in $CONFIG_REPO_PATH/.sap_deployment_automation library config - deployer_tfstate_key_parameter=" -var deployer_tfstate_key=${deployer_tfstate_key}" - fi -if [ -z "${deployer_tfstate_key}" ]; then - load_config_vars "${workload_config_information}" "deployer_tfstate_key" - if [ -n "${deployer_tfstate_key}" ]; then - # Deployer state was specified in $CONFIG_REPO_PATH/.sap_deployment_automation library config - deployer_tfstate_key_parameter=" -var deployer_tfstate_key=${deployer_tfstate_key}" - fi +if [ -z "${deployer_tfstate_key}" ] +then + load_config_vars "${workload_config_information}" "deployer_tfstate_key" + if [ -n "${deployer_tfstate_key}" ] + then + # Deployer state was specified in $CONFIG_REPO_PATH/.sap_deployment_automation library config + deployer_tfstate_key_parameter=" -var deployer_tfstate_key=${deployer_tfstate_key}" + fi else - deployer_tfstate_key_parameter=" -var deployer_tfstate_key=${deployer_tfstate_key}" - save_config_vars "${workload_config_information}" deployer_tfstate_key - deployer_tfstate_key_parameter=" -var deployer_tfstate_key=${deployer_tfstate_key}" - save_config_vars "${workload_config_information}" deployer_tfstate_key + deployer_tfstate_key_parameter=" -var deployer_tfstate_key=${deployer_tfstate_key}" + save_config_vars "${workload_config_information}" deployer_tfstate_key fi if [ -z "${REMOTE_STATE_SA}" ]; then - read -p "Terraform state storage account name:" REMOTE_STATE_SA - get_and_store_sa_details "${REMOTE_STATE_SA}" "${workload_config_information}" - load_config_vars "${workload_config_information}" "STATE_SUBSCRIPTION" - load_config_vars "${workload_config_information}" "REMOTE_STATE_RG" - load_config_vars "${workload_config_information}" "tfstate_resource_id" - read -p "Terraform state storage account name:" REMOTE_STATE_SA - get_and_store_sa_details "${REMOTE_STATE_SA}" "${workload_config_information}" - load_config_vars "${workload_config_information}" "STATE_SUBSCRIPTION" - load_config_vars "${workload_config_information}" "REMOTE_STATE_RG" - load_config_vars "${workload_config_information}" "tfstate_resource_id" - - tfstate_parameter=" -var tfstate_resource_id=${tfstate_resource_id}" - tfstate_parameter=" -var tfstate_resource_id=${tfstate_resource_id}" - - if [ -n "${STATE_SUBSCRIPTION}" ]; then - if [ $account_set == 0 ]; then - az account set --sub "${STATE_SUBSCRIPTION}" - account_set=1 - fi - fi - if [ -n "${STATE_SUBSCRIPTION}" ]; then - if [ $account_set == 0 ]; then - az account set --sub "${STATE_SUBSCRIPTION}" - account_set=1 - fi - fi -fi - -if [ -z "${REMOTE_STATE_RG}" ]; then - if [ -n "${REMOTE_STATE_SA}" ]; then - get_and_store_sa_details ${REMOTE_STATE_SA} "${workload_config_information}" - load_config_vars "${workload_config_information}" "STATE_SUBSCRIPTION" - load_config_vars "${workload_config_information}" "REMOTE_STATE_RG" - load_config_vars "${workload_config_information}" "tfstate_resource_id" - if [ -n "${REMOTE_STATE_SA}" ]; then - get_and_store_sa_details ${REMOTE_STATE_SA} "${workload_config_information}" + read -p "Terraform state storage account name:" REMOTE_STATE_SA + get_and_store_sa_details "${REMOTE_STATE_SA}" "${workload_config_information}" load_config_vars "${workload_config_information}" "STATE_SUBSCRIPTION" load_config_vars "${workload_config_information}" "REMOTE_STATE_RG" load_config_vars "${workload_config_information}" "tfstate_resource_id" tfstate_parameter=" -var tfstate_resource_id=${tfstate_resource_id}" - else - option="REMOTE_STATE_RG" - read -p "Remote state resource group name:" REMOTE_STATE_RG - save_config_vars "${workload_config_information}" REMOTE_STATE_RG - fi - tfstate_parameter=" -var tfstate_resource_id=${tfstate_resource_id}" - else - option="REMOTE_STATE_RG" - read -p "Remote state resource group name:" REMOTE_STATE_RG - save_config_vars "${workload_config_information}" REMOTE_STATE_RG - fi + + if [ -n "${STATE_SUBSCRIPTION}" ] + then + if [ $account_set == 0 ] + then + az account set --sub "${STATE_SUBSCRIPTION}" + account_set=1 + fi + fi +fi + +if [ -z "${REMOTE_STATE_RG}" ]; then + if [ -n "${REMOTE_STATE_SA}" ]; then + get_and_store_sa_details ${REMOTE_STATE_SA} "${workload_config_information}" + load_config_vars "${workload_config_information}" "STATE_SUBSCRIPTION" + load_config_vars "${workload_config_information}" "REMOTE_STATE_RG" + load_config_vars "${workload_config_information}" "tfstate_resource_id" + + tfstate_parameter=" -var tfstate_resource_id=${tfstate_resource_id}" + else + option="REMOTE_STATE_RG" + read -p "Remote state resource group name:" REMOTE_STATE_RG + save_config_vars "${workload_config_information}" REMOTE_STATE_RG + fi fi -if [ -n "${tfstate_resource_id}" ]; then - tfstate_parameter=" -var tfstate_resource_id=${tfstate_resource_id}" -if [ -n "${tfstate_resource_id}" ]; then - tfstate_parameter=" -var tfstate_resource_id=${tfstate_resource_id}" +if [ -n "${tfstate_resource_id}" ] +then + tfstate_parameter=" -var tfstate_resource_id=${tfstate_resource_id}" else - get_and_store_sa_details ${REMOTE_STATE_SA} "${workload_config_information}" - load_config_vars "${workload_config_information}" "tfstate_resource_id" - tfstate_parameter=" -var tfstate_resource_id=${tfstate_resource_id}" - get_and_store_sa_details ${REMOTE_STATE_SA} "${workload_config_information}" - load_config_vars "${workload_config_information}" "tfstate_resource_id" - tfstate_parameter=" -var tfstate_resource_id=${tfstate_resource_id}" + get_and_store_sa_details ${REMOTE_STATE_SA} "${workload_config_information}" + load_config_vars "${workload_config_information}" "tfstate_resource_id" + tfstate_parameter=" -var tfstate_resource_id=${tfstate_resource_id}" fi -terraform_module_directory="$(realpath "${SAP_AUTOMATION_REPO_PATH}"/deploy/terraform/run/"${deployment_system}")" -terraform_module_directory="$(realpath "${SAP_AUTOMATION_REPO_PATH}"/deploy/terraform/run/"${deployment_system}")" - -if [ ! -d "${terraform_module_directory}" ]; then - printf -v val %-40.40s "$deployment_system" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldred Incorrect system deployment type specified: ${val}$resetformatting#" - echo "# #" - echo "# Valid options are: #" - echo "# sap_landscape #" - echo "# #" - echo "#########################################################################################" - echo "" - exit 1 -if [ ! -d "${terraform_module_directory}" ]; then - printf -v val %-40.40s "$deployment_system" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldred Incorrect system deployment type specified: ${val}$resetformatting#" - echo "# #" - echo "# Valid options are: #" - echo "# sap_landscape #" - echo "# #" - echo "#########################################################################################" - echo "" - exit 1 +terraform_module_directory="$(realpath "${SAP_AUTOMATION_REPO_PATH}"/deploy/terraform/run/"${deployment_system}" )" + +if [ ! -d "${terraform_module_directory}" ] +then + printf -v val %-40.40s "$deployment_system" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldred Incorrect system deployment type specified: ${val}$resetformatting#" + echo "# #" + echo "# Valid options are: #" + echo "# sap_landscape #" + echo "# #" + echo "#########################################################################################" + echo "" + exit 1 fi ok_to_proceed=false @@ -796,80 +614,48 @@ echo "Resource Group: ${REMOTE_STATE_RG}" echo "State file: ${key}.terraform.tfstate" echo "Target subscription: ${ARM_SUBSCRIPTION_ID}" -if [ ! -d ./.terraform/ ]; then - terraform -chdir="${terraform_module_directory}" init -upgrade=true \ - --backend-config "subscription_id=${STATE_SUBSCRIPTION}" \ - --backend-config "resource_group_name=${REMOTE_STATE_RG}" \ - --backend-config "storage_account_name=${REMOTE_STATE_SA}" \ - --backend-config "container_name=tfstate" \ -if [ ! -d ./.terraform/ ]; then - terraform -chdir="${terraform_module_directory}" init -upgrade=true \ - --backend-config "subscription_id=${STATE_SUBSCRIPTION}" \ - --backend-config "resource_group_name=${REMOTE_STATE_RG}" \ - --backend-config "storage_account_name=${REMOTE_STATE_SA}" \ - --backend-config "container_name=tfstate" \ +if [ ! -d ./.terraform/ ]; +then + terraform -chdir="${terraform_module_directory}" init -upgrade=true \ + --backend-config "subscription_id=${STATE_SUBSCRIPTION}" \ + --backend-config "resource_group_name=${REMOTE_STATE_RG}" \ + --backend-config "storage_account_name=${REMOTE_STATE_SA}" \ + --backend-config "container_name=tfstate" \ --backend-config "key=${key}.terraform.tfstate" - return_value=$? - return_value=$? -else - temp=$(grep "\"type\": \"local\"" .terraform/terraform.tfstate) - if [ -n "${temp}" ]; then - temp=$(grep "\"type\": \"local\"" .terraform/terraform.tfstate) - if [ -n "${temp}" ]; then - - terraform -chdir="${terraform_module_directory}" init -upgrade=true -force-copy \ - --backend-config "subscription_id=${STATE_SUBSCRIPTION}" \ - --backend-config "resource_group_name=${REMOTE_STATE_RG}" \ - --backend-config "storage_account_name=${REMOTE_STATE_SA}" \ - --backend-config "container_name=tfstate" \ - --backend-config "key=${key}.terraform.tfstate" return_value=$? - else - check_output=1 - terraform -chdir="${terraform_module_directory}" init -upgrade=true -reconfigure \ - --backend-config "subscription_id=${STATE_SUBSCRIPTION}" \ - --backend-config "resource_group_name=${REMOTE_STATE_RG}" \ - --backend-config "storage_account_name=${REMOTE_STATE_SA}" \ - --backend-config "container_name=tfstate" \ - --backend-config "key=${key}.terraform.tfstate" - return_value=$? - fi - terraform -chdir="${terraform_module_directory}" init -upgrade=true -force-copy \ - --backend-config "subscription_id=${STATE_SUBSCRIPTION}" \ - --backend-config "resource_group_name=${REMOTE_STATE_RG}" \ - --backend-config "storage_account_name=${REMOTE_STATE_SA}" \ - --backend-config "container_name=tfstate" \ - --backend-config "key=${key}.terraform.tfstate" - return_value=$? - else - check_output=1 - terraform -chdir="${terraform_module_directory}" init -upgrade=true -reconfigure \ - --backend-config "subscription_id=${STATE_SUBSCRIPTION}" \ - --backend-config "resource_group_name=${REMOTE_STATE_RG}" \ - --backend-config "storage_account_name=${REMOTE_STATE_SA}" \ - --backend-config "container_name=tfstate" \ - --backend-config "key=${key}.terraform.tfstate" - return_value=$? - fi +else + temp=$(grep "\"type\": \"local\"" .terraform/terraform.tfstate) + if [ -n "${temp}" ] + then + + terraform -chdir="${terraform_module_directory}" init -upgrade=true -force-copy \ + --backend-config "subscription_id=${STATE_SUBSCRIPTION}" \ + --backend-config "resource_group_name=${REMOTE_STATE_RG}" \ + --backend-config "storage_account_name=${REMOTE_STATE_SA}" \ + --backend-config "container_name=tfstate" \ + --backend-config "key=${key}.terraform.tfstate" + return_value=$? + else + check_output=1 + terraform -chdir="${terraform_module_directory}" init -upgrade=true -reconfigure \ + --backend-config "subscription_id=${STATE_SUBSCRIPTION}" \ + --backend-config "resource_group_name=${REMOTE_STATE_RG}" \ + --backend-config "storage_account_name=${REMOTE_STATE_SA}" \ + --backend-config "container_name=tfstate" \ + --backend-config "key=${key}.terraform.tfstate" + return_value=$? + fi fi -if [ 0 != $return_value ]; then - echo "#########################################################################################" - echo "# #" - echo -e "# $boldreduscore!!! Error when Initializing !!!$resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" - echo "Terraform initialization failed" >"${workload_config_information}".err - exit $return_value -if [ 0 != $return_value ]; then - echo "#########################################################################################" - echo "# #" - echo -e "# $boldreduscore!!! Error when Initializing !!!$resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" - echo "Terraform initialization failed" >"${workload_config_information}".err - exit $return_value +if [ 0 != $return_value ] +then + echo "#########################################################################################" + echo "# #" + echo -e "# $boldreduscore!!! Error when Initializing !!!$resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" + echo "Terraform initialization failed" > "${workload_config_information}".err + exit $return_value fi check_output=0 @@ -887,128 +673,70 @@ save_config_var "subscription" "${workload_config_information}" save_config_var "STATE_SUBSCRIPTION" "${workload_config_information}" save_config_var "tfstate_resource_id" "${workload_config_information}" -if [ 1 == $check_output ]; then - outputs=$(terraform -chdir="${terraform_module_directory}" output) - if echo "${outputs}" | grep "No outputs"; then - ok_to_proceed=true - new_deployment=true - echo "#########################################################################################" - echo "# #" - echo -e "# $cyan New deployment $resetformatting #" - echo "# #" - echo "#########################################################################################" - else - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $cyan Existing deployment was detected $resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" -if [ 1 == $check_output ]; then - outputs=$(terraform -chdir="${terraform_module_directory}" output) - if echo "${outputs}" | grep "No outputs"; then - ok_to_proceed=true - new_deployment=true - echo "#########################################################################################" - echo "# #" - echo -e "# $cyan New deployment $resetformatting #" - echo "# #" - echo "#########################################################################################" - else - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $cyan Existing deployment was detected $resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" - - workloadkeyvault=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw workloadzone_kv_name | tr -d \") - if valid_kv_name "$workloadkeyvault"; then - save_config_var "workloadkeyvault" "${workload_config_information}" - fi - workloadkeyvault=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw workloadzone_kv_name | tr -d \") - if valid_kv_name "$workloadkeyvault"; then - save_config_var "workloadkeyvault" "${workload_config_information}" - fi - - deployed_using_version=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw automation_version) - if [ -z "${deployed_using_version}" ]; then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldred The environment was deployed using an older version of the Terrafrom templates $resetformatting #" - echo "# #" - echo "# !!! Risk for Data loss !!! #" - echo "# #" - echo "# Please inspect the output of Terraform plan carefully before proceeding #" - echo "# #" - echo "#########################################################################################" - if [ 1 == $called_from_ado ]; then - unset TF_DATA_DIR - echo "The environment was deployed using an older version of the Terrafrom templates, Risk for data loss" >"${workload_config_information}".err - deployed_using_version=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw automation_version) - if [ -z "${deployed_using_version}" ]; then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldred The environment was deployed using an older version of the Terrafrom templates $resetformatting #" - echo "# #" - echo "# !!! Risk for Data loss !!! #" - echo "# #" - echo "# Please inspect the output of Terraform plan carefully before proceeding #" - echo "# #" - echo "#########################################################################################" - if [ 1 == $called_from_ado ]; then - unset TF_DATA_DIR - echo "The environment was deployed using an older version of the Terrafrom templates, Risk for data loss" >"${workload_config_information}".err - - exit 1 - fi - exit 1 - fi - - read -p "Do you want to continue Y/N?" ans - answer=${ans^^} - if [ $answer == 'Y' ]; then +if [ 1 == $check_output ] +then + outputs=$(terraform -chdir="${terraform_module_directory}" output) + if echo "${outputs}" | grep "No outputs"; then ok_to_proceed=true - else - unset TF_DATA_DIR - exit 1 - fi + new_deployment=true + echo "#########################################################################################" + echo "# #" + echo -e "# $cyan New deployment $resetformatting #" + echo "# #" + echo "#########################################################################################" else - printf -v val %-.20s "$deployed_using_version" - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $cyan Deployed using the Terraform templates version: $val $resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" - #Add version logic here - fi - fi - read -p "Do you want to continue Y/N?" ans - answer=${ans^^} - if [ $answer == 'Y' ]; then - ok_to_proceed=true - else - unset TF_DATA_DIR - exit 1 - fi - else - printf -v val %-.20s "$deployed_using_version" - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $cyan Deployed using the Terraform templates version: $val $resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" - #Add version logic here + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $cyan Existing deployment was detected $resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" + + workloadkeyvault=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw workloadzone_kv_name | tr -d \") + if valid_kv_name "$workloadkeyvault" ; then + save_config_var "workloadkeyvault" "${workload_config_information}" + fi + + deployed_using_version=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw automation_version) + if [ -z "${deployed_using_version}" ]; then + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldred The environment was deployed using an older version of the Terrafrom templates $resetformatting #" + echo "# #" + echo "# !!! Risk for Data loss !!! #" + echo "# #" + echo "# Please inspect the output of Terraform plan carefully before proceeding #" + echo "# #" + echo "#########################################################################################" + if [ 1 == $called_from_ado ] ; then + unset TF_DATA_DIR + echo "The environment was deployed using an older version of the Terrafrom templates, Risk for data loss" > "${workload_config_information}".err + + exit 1 + fi + + read -p "Do you want to continue Y/N?" ans + answer=${ans^^} + if [ $answer == 'Y' ]; then + ok_to_proceed=true + else + unset TF_DATA_DIR + exit 1 + fi + else + printf -v val %-.20s "$deployed_using_version" + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $cyan Deployed using the Terraform templates version: $val $resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" + #Add version logic here + fi fi - fi fi # ip_saved=0 @@ -1049,524 +777,336 @@ echo "# echo "#########################################################################################" echo "" -if [ 1 == $called_from_ado ]; then - terraform -chdir="${terraform_module_directory}" plan -no-color -detailed-exitcode -var-file=${var_file} $tfstate_parameter $deployer_tfstate_key_parameter | tee -a plan_output.log +if [ 1 == $called_from_ado ] ; then + terraform -chdir="${terraform_module_directory}" plan -no-color -detailed-exitcode -var-file=${var_file} $tfstate_parameter $deployer_tfstate_key_parameter | tee -a plan_output.log else - terraform -chdir="${terraform_module_directory}" plan -detailed-exitcode -var-file=${var_file} $tfstate_parameter $deployer_tfstate_key_parameter | tee -a plan_output.log + terraform -chdir="${terraform_module_directory}" plan -detailed-exitcode -var-file=${var_file} $tfstate_parameter $deployer_tfstate_key_parameter | tee -a plan_output.log fi return_value=$? echo "Terraform Plan return code: $return_value" -if [ 1 == $return_value ]; then - echo "#########################################################################################" - echo "# #" - echo -e "# $boldreduscore Errors running plan $resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" - if [ -f plan_output.log ]; then - cat plan_output.log - rm plan_output.log - fi - unset TF_DATA_DIR - echo "Errors running Terraform plan" >"${workload_config_information}".err - exit $return_value -if [ 1 == $return_value ]; then - echo "#########################################################################################" - echo "# #" - echo -e "# $boldreduscore Errors running plan $resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" - if [ -f plan_output.log ]; then - cat plan_output.log - rm plan_output.log - fi - unset TF_DATA_DIR - echo "Errors running Terraform plan" >"${workload_config_information}".err - exit $return_value -fi - -echo "TEST_ONLY: " $TEST_ONLY -if [ "${TEST_ONLY}" == "True" ]; then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $cyan Running plan only. $resetformatting #" - echo "# #" - echo "# No deployment performed. #" - echo "# #" - echo "#########################################################################################" - echo "" - exit 0 -fi - -ok_to_proceed=0 -if [ -f plan_output.log ]; then - cat plan_output.log - LASTERROR=$(grep -m1 'Error: ' plan_output.log) - cat plan_output.log - LASTERROR=$(grep -m1 'Error: ' plan_output.log) - - if [ -n "${LASTERROR}" ]; then - echo "3" - if [ 1 == $called_from_ado ]; then - echo "##vso[task.logissue type=error]$LASTERROR" - fi - if [ -n "${LASTERROR}" ]; then - echo "3" - if [ 1 == $called_from_ado ]; then - echo "##vso[task.logissue type=error]$LASTERROR" - fi - - return_value=1 - fi - return_value=1 - fi -fi - -if [ 0 == $return_value ]; then - if [ -f plan_output.log ]; then - rm plan_output.log - fi -if [ 0 == $return_value ]; then - if [ -f plan_output.log ]; then - rm plan_output.log - fi - - workloadkeyvault=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw workloadzone_kv_name | tr -d \") - if valid_kv_name "$workloadkeyvault"; then - save_config_var "workloadkeyvault" "${workload_config_information}" - fi - save_config_vars "landscape_tfstate_key" "${workload_config_information}" - workloadkeyvault=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw workloadzone_kv_name | tr -d \") - if valid_kv_name "$workloadkeyvault"; then - save_config_var "workloadkeyvault" "${workload_config_information}" - fi - save_config_vars "landscape_tfstate_key" "${workload_config_information}" - - ok_to_proceed=1 - ok_to_proceed=1 -fi - -if [ 2 == $return_value ]; then - test=$(grep kv_user plan_output.log | grep -m1 replaced) - if [ -n "${test}" ]; then - echo "" +if [ 1 == $return_value ] +then echo "#########################################################################################" echo "# #" - echo -e "# $boldred !!! Risk for Data loss !!! $resetformatting #" - echo "# #" - echo "# Please inspect the output of Terraform plan carefully before proceeding #" + echo -e "# $boldreduscore Errors running plan $resetformatting #" echo "# #" echo "#########################################################################################" echo "" - if [ 1 == $called_from_ado ]; then - unset TF_DATA_DIR - exit 1 + if [ -f plan_output.log ] ; then + cat plan_output.log + rm plan_output.log fi - read -n 1 -r -s -p $'Press enter to continue...\n' -if [ 2 == $return_value ]; then - test=$(grep kv_user plan_output.log | grep -m1 replaced) - if [ -n "${test}" ]; then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldred !!! Risk for Data loss !!! $resetformatting #" - echo "# #" - echo "# Please inspect the output of Terraform plan carefully before proceeding #" - echo "# #" - echo "#########################################################################################" - echo "" - if [ 1 == $called_from_ado ]; then - unset TF_DATA_DIR - exit 1 - fi - read -n 1 -r -s -p $'Press enter to continue...\n' - - cat plan_output.log - read -p "Do you want to continue with the deployment Y/N?" ans - answer=${ans^^} - if [ $answer == 'Y' ]; then - ok_to_proceed=1 - else - unset TF_DATA_DIR - cat plan_output.log - read -p "Do you want to continue with the deployment Y/N?" ans - answer=${ans^^} - if [ $answer == 'Y' ]; then - ok_to_proceed=1 - else - unset TF_DATA_DIR + unset TF_DATA_DIR + echo "Errors running Terraform plan" > "${workload_config_information}".err + exit $return_value +fi + echo "TEST_ONLY: " $TEST_ONLY + if [ "${TEST_ONLY}" == "True" ]; then + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $cyan Running plan only. $resetformatting #" + echo "# #" + echo "# No deployment performed. #" + echo "# #" + echo "#########################################################################################" + echo "" exit 0 - fi - else - ok_to_proceed=1 fi - exit 0 + + +ok_to_proceed=0 +if [ -f plan_output.log ]; then + cat plan_output.log + LASTERROR=$(grep -m1 'Error: ' plan_output.log ) + + if [ -n "${LASTERROR}" ] ; then + echo "3" + if [ 1 == $called_from_ado ] ; then + echo "##vso[task.logissue type=error]$LASTERROR" + fi + + + return_value=1 fi - else - ok_to_proceed=1 - fi fi -return_value=0 -if [ 1 == $ok_to_proceed ]; then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $cyan Running Terraform apply $resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $cyan Running Terraform apply $resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" - - parallelism=10 - parallelism=10 - - #Provide a way to limit the number of parallell tasks for Terraform - if [[ -n "${TF_PARALLELLISM}" ]]; then - parallelism=$TF_PARALLELLISM - fi - #Provide a way to limit the number of parallell tasks for Terraform - if [[ -n "${TF_PARALLELLISM}" ]]; then - parallelism=$TF_PARALLELLISM - fi - if [ 1 == $called_from_ado ]; then - terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -no-color -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter -json | tee -a apply_output.json - else - if [ -n "${approve}" ]; then - terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter -json | tee -a apply_output.json - else - terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter +if [ 0 == $return_value ] ; then + if [ -f plan_output.log ] + then + rm plan_output.log fi - fi - fi - - return_value=$? - return_value=$? + workloadkeyvault=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw workloadzone_kv_name | tr -d \") + if valid_kv_name "$workloadkeyvault" ; then + save_config_var "workloadkeyvault" "${workload_config_information}" + fi + save_config_vars "landscape_tfstate_key" "${workload_config_information}" + ok_to_proceed=1 fi +if [ 2 == $return_value ] ; then + test=$(grep kv_user plan_output.log | grep -m1 replaced) + if [ -n "${test}" ] ; then + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldred !!! Risk for Data loss !!! $resetformatting #" + echo "# #" + echo "# Please inspect the output of Terraform plan carefully before proceeding #" + echo "# #" + echo "#########################################################################################" + echo "" + if [ 1 == $called_from_ado ] ; then + unset TF_DATA_DIR + exit 1 + fi + read -n 1 -r -s -p $'Press enter to continue...\n' -rerun_apply=0 + cat plan_output.log + read -p "Do you want to continue with the deployment Y/N?" ans + answer=${ans^^} + if [ $answer == 'Y' ]; then + ok_to_proceed=1 + else + unset TF_DATA_DIR -if [ -f apply_output.json ]; then - # Check for resource that can be imported - existing=$(jq 'select(."@level" == "error") | {address: .diagnostic.address, summary: .diagnostic.summary} | select(.summary | startswith("A resource with the ID"))' apply_output.json) - if [[ -n ${existing} ]]; then - - readarray -t existing_resources < <(echo ${existing} | jq -c '.') - for item in "${existing_resources[@]}"; do - moduleID=$(jq -c -r '.address ' <<<"$item") - resourceID=$(jq -c -r '.summary' <<<"$item" | awk -F'\"' '{print $2}') - echo "Trying to import" $resourceID "into" $moduleID - allParamsforImport=$(printf " -var-file=%s %s %s %s %s %s %s %s " "${var_file}" "${extra_vars}" "${tfstate_parameter}" "${landscape_tfstate_key_parameter}" "${deployer_tfstate_key_parameter}" "${deployment_parameter}" "${version_parameter} ") - echo terraform -chdir="${terraform_module_directory}" import $allParamsforImport $moduleID $resourceID - terraform -chdir="${terraform_module_directory}" import $allParamsforImport $moduleID $resourceID - done - readarray -t existing_resources < <(echo ${existing} | jq -c '.') - for item in "${existing_resources[@]}"; do - moduleID=$(jq -c -r '.address ' <<<"$item") - resourceID=$(jq -c -r '.summary' <<<"$item" | awk -F'\"' '{print $2}') - echo "Trying to import" $resourceID "into" $moduleID - allParamsforImport=$(printf " -var-file=%s %s %s %s %s %s %s %s " "${var_file}" "${extra_vars}" "${tfstate_parameter}" "${landscape_tfstate_key_parameter}" "${deployer_tfstate_key_parameter}" "${deployment_parameter}" "${version_parameter} ") - echo terraform -chdir="${terraform_module_directory}" import $allParamsforImport $moduleID $resourceID - terraform -chdir="${terraform_module_directory}" import $allParamsforImport $moduleID $resourceID - done - - rerun_apply=1 - rm apply_output.json - echo "" - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $cyan Re running Terraform apply$resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" - echo "" - if [ 1 == $called_from_ado ]; then - terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -no-color -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter -json | tee -a apply_output.json + exit 0 + fi else - terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter -json | tee -a apply_output.json + ok_to_proceed=1 fi - return_value=$? - rerun_apply=1 - rm apply_output.json - echo "" +fi + +if [ 1 == $ok_to_proceed ]; then echo "" echo "#########################################################################################" echo "# #" - echo -e "# $cyan Re running Terraform apply$resetformatting #" + echo -e "# $cyan Running Terraform apply $resetformatting #" echo "# #" echo "#########################################################################################" echo "" - echo "" - if [ 1 == $called_from_ado ]; then - terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -no-color -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter -json | tee -a apply_output.json + + parallelism=10 + + #Provide a way to limit the number of parallell tasks for Terraform + if [[ -n "${TF_PARALLELLISM}" ]]; then + parallelism=$TF_PARALLELLISM + fi + + if [ 1 == $called_from_ado ] ; then + terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -no-color -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter -json | tee -a apply_output.json else - terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter -json | tee -a apply_output.json + if [ -n "${approve}" ] + then + terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter -json | tee -a apply_output.json + else + terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter + fi + fi - return_value=$? - fi - fi + return_value=$? - if [ -f apply_output.json ]; then - # Check for resource that can be imported - existing=$(jq 'select(."@level" == "error") | {address: .diagnostic.address, summary: .diagnostic.summary} | select(.summary | startswith("A resource with the ID"))' apply_output.json) - if [[ -n ${existing} ]]; then - if [ -f apply_output.json ]; then +fi +rerun_apply=0 +if [ -f apply_output.json ] +then # Check for resource that can be imported existing=$(jq 'select(."@level" == "error") | {address: .diagnostic.address, summary: .diagnostic.summary} | select(.summary | startswith("A resource with the ID"))' apply_output.json) - if [[ -n ${existing} ]]; then - - readarray -t existing_resources < <(echo ${existing} | jq -c '.') - for item in "${existing_resources[@]}"; do - moduleID=$(jq -c -r '.address ' <<<"$item") - resourceID=$(jq -c -r '.summary' <<<"$item" | awk -F'\"' '{print $2}') - echo "Trying to import" $resourceID "into" $moduleID - allParamsforImport=$(printf " -var-file=%s %s %s %s %s %s %s %s " "${var_file}" "${extra_vars}" "${tfstate_parameter}" "${landscape_tfstate_key_parameter}" "${deployer_tfstate_key_parameter}" "${deployment_parameter}" "${version_parameter} ") - echo terraform -chdir="${terraform_module_directory}" import $allParamsforImport $moduleID $resourceID - terraform -chdir="${terraform_module_directory}" import $allParamsforImport $moduleID $resourceID - done - readarray -t existing_resources < <(echo ${existing} | jq -c '.') - for item in "${existing_resources[@]}"; do - moduleID=$(jq -c -r '.address ' <<<"$item") - resourceID=$(jq -c -r '.summary' <<<"$item" | awk -F'\"' '{print $2}') - echo "Trying to import" $resourceID "into" $moduleID - allParamsforImport=$(printf " -var-file=%s %s %s %s %s %s %s %s " "${var_file}" "${extra_vars}" "${tfstate_parameter}" "${landscape_tfstate_key_parameter}" "${deployer_tfstate_key_parameter}" "${deployment_parameter}" "${version_parameter} ") - echo terraform -chdir="${terraform_module_directory}" import $allParamsforImport $moduleID $resourceID - terraform -chdir="${terraform_module_directory}" import $allParamsforImport $moduleID $resourceID - done - - rerun_apply=1 - fi - if [ $rerun_apply == 1 ]; then - echo "" - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $cyan Re running Terraform apply$resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" - echo "" - if [ 1 == $called_from_ado ]; then - terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -no-color -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter -json | tee -a apply_output.json - else - terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter -json | tee -a apply_output.json - fi - return_value=$? - fi - rerun_apply=1 - fi - if [ $rerun_apply == 1 ]; then - echo "" - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $cyan Re running Terraform apply$resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" - echo "" - if [ 1 == $called_from_ado ]; then - terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -no-color -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter -json | tee -a apply_output.json - else - terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter -json | tee -a apply_output.json - fi - return_value=$? - fi + if [[ -n ${existing} ]] + then + + readarray -t existing_resources < <(echo ${existing} | jq -c '.' ) + for item in "${existing_resources[@]}"; do + moduleID=$(jq -c -r '.address ' <<< "$item") + resourceID=$(jq -c -r '.summary' <<< "$item" | awk -F'\"' '{print $2}') + echo "Trying to import" $resourceID "into" $moduleID + allParamsforImport=$(printf " -var-file=%s %s %s %s %s %s %s %s " "${var_file}" "${extra_vars}" "${tfstate_parameter}" "${landscape_tfstate_key_parameter}" "${deployer_tfstate_key_parameter}" "${deployment_parameter}" "${version_parameter} " ) + echo terraform -chdir="${terraform_module_directory}" import $allParamsforImport $moduleID $resourceID + terraform -chdir="${terraform_module_directory}" import $allParamsforImport $moduleID $resourceID + done - return_value=0 - errors_occurred=$(jq 'select(."@level" == "error") | length' apply_output.json) - return_value=0 - errors_occurred=$(jq 'select(."@level" == "error") | length' apply_output.json) + rerun_apply=1 + rm apply_output.json + echo "" + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $cyan Re running Terraform apply$resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" + echo "" + if [ 1 == $called_from_ado ] ; then + terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -no-color -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter -json | tee -a apply_output.json + else + terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter -json | tee -a apply_output.json + fi + return_value=$? - cat apply_output.json - cat apply_output.json + fi - if [[ -n $errors_occurred ]]; then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldreduscore!Errors during the apply phase!$resetformatting #" - if [[ -n $errors_occurred ]]; then - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# $boldreduscore!Errors during the apply phase!$resetformatting #" - - return_value=2 - all_errors=$(jq 'select(."@level" == "error") | {summary: .diagnostic.summary, detail: .diagnostic.detail} | select(.summary ) ' apply_output.json) - if [[ -n ${all_errors} ]]; then - readarray -t errors_strings < <(echo ${all_errors} | jq -c '.') - for errors_string in "${errors_strings[@]}"; do - string_to_report=$(jq -c -r '.detail ' <<<"$errors_string") - if [[ -z ${string_to_report} ]]; then - string_to_report=$(jq -c -r '.summary ' <<<"$errors_string") - fi - report=$(echo $string_to_report | grep -m1 "Message=" "${var_file}" | cut -d'=' -f2- | tr -d ' ' | tr -d '"') - if [[ -n ${report} ]]; then - echo -e "# $boldreduscore $report $resetformatting" - if [ 1 == $called_from_ado ]; then - return_value=2 - all_errors=$(jq 'select(."@level" == "error") | {summary: .diagnostic.summary, detail: .diagnostic.detail} | select(.summary ) ' apply_output.json) - if [[ -n ${all_errors} ]]; then - readarray -t errors_strings < <(echo ${all_errors} | jq -c '.') - for errors_string in "${errors_strings[@]}"; do - string_to_report=$(jq -c -r '.detail ' <<<"$errors_string") - if [[ -z ${string_to_report} ]]; then - string_to_report=$(jq -c -r '.summary ' <<<"$errors_string") - fi - report=$(echo $string_to_report | grep -m1 "Message=" "${var_file}" | cut -d'=' -f2- | tr -d ' ' | tr -d '"') - if [[ -n ${report} ]]; then - echo -e "# $boldreduscore $report $resetformatting" - if [ 1 == $called_from_ado ]; then - - roleAssignmentExists=$(echo ${report} | grep -m1 "RoleAssignmentExists") - if [ -z ${roleAssignmentExists} ]; then - echo "##vso[task.logissue type=error]${report}" - fi - fi - else - echo -e "# $boldreduscore $string_to_report $resetformatting" - if [ 1 == $called_from_ado ]; then - roleAssignmentExists=$(echo ${string_to_report} | grep -m1 "RoleAssignmentExists") - if [ -z ${roleAssignmentExists} ]; then - echo "##vso[task.logissue type=error]${string_to_report}" - fi - fi - fi - echo -e "# $boldreduscore $string_to_report $resetformatting" - roleAssignmentExists=$(echo ${report} | grep -m1 "RoleAssignmentExists") - if [ -z ${roleAssignmentExists} ]; then - echo "##vso[task.logissue type=error]${report}" - fi - fi - else - echo -e "# $boldreduscore $string_to_report $resetformatting" - if [ 1 == $called_from_ado ]; then - roleAssignmentExists=$(echo ${string_to_report} | grep -m1 "RoleAssignmentExists") - if [ -z ${roleAssignmentExists} ]; then - echo "##vso[task.logissue type=error]${string_to_report}" - fi + if [ -f apply_output.json ] + then + # Check for resource that can be imported + existing=$(jq 'select(."@level" == "error") | {address: .diagnostic.address, summary: .diagnostic.summary} | select(.summary | startswith("A resource with the ID"))' apply_output.json) + if [[ -n ${existing} ]] + then + + readarray -t existing_resources < <(echo ${existing} | jq -c '.' ) + for item in "${existing_resources[@]}"; do + moduleID=$(jq -c -r '.address ' <<< "$item") + resourceID=$(jq -c -r '.summary' <<< "$item" | awk -F'\"' '{print $2}') + echo "Trying to import" $resourceID "into" $moduleID + allParamsforImport=$(printf " -var-file=%s %s %s %s %s %s %s %s " "${var_file}" "${extra_vars}" "${tfstate_parameter}" "${landscape_tfstate_key_parameter}" "${deployer_tfstate_key_parameter}" "${deployment_parameter}" "${version_parameter} " ) + echo terraform -chdir="${terraform_module_directory}" import $allParamsforImport $moduleID $resourceID + terraform -chdir="${terraform_module_directory}" import $allParamsforImport $moduleID $resourceID + done + + rerun_apply=1 + fi + if [ $rerun_apply == 1 ] ; then + echo "" + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $cyan Re running Terraform apply$resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" + echo "" + if [ 1 == $called_from_ado ] ; then + terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -no-color -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter -json | tee -a apply_output.json + else + terraform -chdir="${terraform_module_directory}" apply ${approve} -parallelism="${parallelism}" -var-file=${var_file} $tfstate_parameter $landscape_tfstate_key_parameter $deployer_tfstate_key_parameter -json | tee -a apply_output.json fi - fi - echo -e "# $boldreduscore $string_to_report $resetformatting" + return_value=$? + fi - done - fi - echo "# #" - echo "#########################################################################################" - echo "" - done - fi - echo "# #" - echo "#########################################################################################" - echo "" + return_value=0 + errors_occurred=$(jq 'select(."@level" == "error") | length' apply_output.json) + + cat apply_output.json + + if [[ -n $errors_occurred ]] + then + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# $boldreduscore!Errors during the apply phase!$resetformatting #" + + return_value=2 + all_errors=$(jq 'select(."@level" == "error") | {summary: .diagnostic.summary, detail: .diagnostic.detail} | select(.summary ) ' apply_output.json) + if [[ -n ${all_errors} ]] + then + readarray -t errors_strings < <(echo ${all_errors} | jq -c '.' ) + for errors_string in "${errors_strings[@]}"; do + string_to_report=$(jq -c -r '.detail ' <<< "$errors_string" ) + if [[ -z ${string_to_report} ]] + then + string_to_report=$(jq -c -r '.summary ' <<< "$errors_string" ) + fi + report=$(echo $string_to_report | grep -m1 "Message=" "${var_file}" | cut -d'=' -f2- | tr -d ' ' | tr -d '"') + if [[ -n ${report} ]] ; then + echo -e "# $boldreduscore $report $resetformatting" + if [ 1 == $called_from_ado ] ; then + + roleAssignmentExists=$(echo ${report} | grep -m1 "RoleAssignmentExists") + if [ -z ${roleAssignmentExists} ] ; then + echo "##vso[task.logissue type=error]${report}" + fi + fi + else + echo -e "# $boldreduscore $string_to_report $resetformatting" + if [ 1 == $called_from_ado ] ; then + roleAssignmentExists=$(echo ${string_to_report} | grep -m1 "RoleAssignmentExists") + if [ -z ${roleAssignmentExists} ] + then + echo "##vso[task.logissue type=error]${string_to_report}" + fi + fi + fi + echo -e "# $boldreduscore $string_to_report $resetformatting" + + done + fi + echo "# #" + echo "#########################################################################################" + echo "" + fi fi - fi - fi - fi fi -if [ -f apply_output.json ]; then - rm apply_output.json +if [ -f apply_output.json ] +then + rm apply_output.json fi workload_zone_prefix=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw workload_zone_prefix | tr -d \") save_config_var "workload_zone_prefix" "${workload_config_information}" save_config_var "landscape_tfstate_key" "${workload_config_information}" -if [ 0 == $return_value ]; then -if [ 0 == $return_value ]; then +if [ 0 == $return_value ] ; then - save_config_vars "landscape_tfstate_key" "${workload_config_information}" - workloadkeyvault=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw workloadzone_kv_name | tr -d \") - save_config_vars "landscape_tfstate_key" "${workload_config_information}" - workloadkeyvault=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw workloadzone_kv_name | tr -d \") + save_config_vars "landscape_tfstate_key" "${workload_config_information}" + workloadkeyvault=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw workloadzone_kv_name | tr -d \") - temp=$(echo "${workloadkeyvault}" | grep "Warning") - if [ -z "${temp}" ]; then - temp=$(echo "${workloadkeyvault}" | grep "Backend reinitialization required") - if [ -z "${temp}" ]; then - temp=$(echo "${workloadkeyvault}" | grep "Warning") - if [ -z "${temp}" ]; then - temp=$(echo "${workloadkeyvault}" | grep "Backend reinitialization required") - if [ -z "${temp}" ]; then + temp=$(echo "${workloadkeyvault}" | grep "Warning") + if [ -z "${temp}" ] + then + temp=$(echo "${workloadkeyvault}" | grep "Backend reinitialization required") + if [ -z "${temp}" ] + then - printf -v val %-.20s "$workloadkeyvault" - printf -v val %-.20s "$workloadkeyvault" + printf -v val %-.20s "$workloadkeyvault" - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# Keyvault to use for System details:$cyan $val $resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" - echo "" - echo "#########################################################################################" - echo "# #" - echo -e "# Keyvault to use for System details:$cyan $val $resetformatting #" - echo "# #" - echo "#########################################################################################" - echo "" + echo "" + echo "#########################################################################################" + echo "# #" + echo -e "# Keyvault to use for System details:$cyan $val $resetformatting #" + echo "# #" + echo "#########################################################################################" + echo "" - save_config_var "workloadkeyvault" "${workload_config_information}" + save_config_var "workloadkeyvault" "${workload_config_information}" + fi fi - fi fi -if [ 0 != $return_value ]; then - unset TF_DATA_DIR - exit $return_value -if [ 0 != $return_value ]; then - unset TF_DATA_DIR - exit $return_value +if [ 0 != $return_value ] ; then + unset TF_DATA_DIR + exit $return_value fi echo "" echo "#########################################################################################" echo "# #" -echo -e "# $cyan Creating deployment $resetformatting #" -echo -e "# $cyan Creating deployment $resetformatting #" +echo -e "# $cyan Creating deployment $resetformatting #" echo "# #" echo "#########################################################################################" echo "" -if [ -n "${spn_secret}" ]; then - az logout - az login --service-principal --username "${client_id}" --password="${spn_secret}" --tenant "${tenant_id}" --output none -if [ -n "${spn_secret}" ]; then - az logout - az login --service-principal --username "${client_id}" --password="${spn_secret}" --tenant "${tenant_id}" --output none +if [ -n "${spn_secret}" ] +then + az logout + az login --service-principal --username "${client_id}" --password="${spn_secret}" --tenant "${tenant_id}" --output none fi full_script_path="$(realpath "${BASH_SOURCE[0]}")" script_directory="$(dirname "${full_script_path}")" -rg_name=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw created_resource_group_name | tr -d \") -rg_name=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw created_resource_group_name | tr -d \") +rg_name=$(terraform -chdir="${terraform_module_directory}" output -no-color -raw created_resource_group_name | tr -d \") az deployment group create --resource-group "${rg_name}" --name "SAP-WORKLOAD-ZONE_${rg_name}" --subscription "${subscription}" --template-file "${script_directory}/templates/empty-deployment.json" --output none now=$(date) -cat <"${workload_config_information}".md -cat <"${workload_config_information}".md +cat < "${workload_config_information}".md # Workload Zone Deployment # Date : "${now}" @@ -1590,9 +1130,9 @@ echo "# - Key Vault: ${kvname} #" echo "# #" echo "#########################################################################################" + if [ -f "${workload_config_information}".err ]; then - cat "${workload_config_information}".err - cat "${workload_config_information}".err + cat "${workload_config_information}".err fi # echo "" @@ -1625,6 +1165,7 @@ fi unset TF_DATA_DIR + ################################################################################# # # # Copy tfvars to storage account # @@ -1632,24 +1173,25 @@ unset TF_DATA_DIR # # ################################################################################# -if [ "$useSAS" = "true" ]; then +if [ "$useSAS" = "true" ] ; then container_exists=$(az storage container exists --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --name tfvars --only-show-errors --query exists) else container_exists=$(az storage container exists --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --name tfvars --only-show-errors --query exists --auth-mode login) fi if [ "${container_exists}" == "false" ]; then - if [ "$useSAS" = "true" ]; then + if [ "$useSAS" = "true" ] ; then az storage container create --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --name tfvars --only-show-errors else az storage container create --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --name tfvars --auth-mode login --only-show-errors fi fi -if [ "$useSAS" = "true" ]; then - az storage blob upload --file "${parameterfile}" --container-name tfvars/LANDSCAPE/"${key}" --name "${parameterfile_name}" --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --no-progress --overwrite --only-show-errors --output none +if [ "$useSAS" = "true" ] ; then + az storage blob upload --file "${parameterfile}" --container-name tfvars/LANDSCAPE/"${key}" --name "${parameterfile_name}" --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --no-progress --overwrite --only-show-errors --output none else - az storage blob upload --file "${parameterfile}" --container-name tfvars/LANDSCAPE/"${key}" --name "${parameterfile_name}" --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --no-progress --overwrite --auth-mode login --only-show-errors --output none + az storage blob upload --file "${parameterfile}" --container-name tfvars/LANDSCAPE/"${key}" --name "${parameterfile_name}" --subscription "${STATE_SUBSCRIPTION}" --account-name "${REMOTE_STATE_SA}" --no-progress --overwrite --auth-mode login --only-show-errors --output none fi + exit $return_value From 4d036ae82e18e22c685de7c190f34dba1b50b94d Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 20:32:49 +0300 Subject: [PATCH 72/77] Refactor echo statements in deploy/pipelines/01-deploy-control-plane.yaml and remover.sh for improved clarity of credentials --- deploy/pipelines/10-remover-terraform.yaml | 4 ++-- deploy/scripts/remover.sh | 5 +++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/deploy/pipelines/10-remover-terraform.yaml b/deploy/pipelines/10-remover-terraform.yaml index a528b3c41d..08828c6ca1 100644 --- a/deploy/pipelines/10-remover-terraform.yaml +++ b/deploy/pipelines/10-remover-terraform.yaml @@ -348,8 +348,8 @@ stages: echo -e "$green--- Running on deployer ---$reset" if [ $USE_MSI != "true" ]; then - echo "Deployment credentials: Service Principal" - echo "Deployment credentials Id (SPN): $WL_ARM_CLIENT_SECRET" + echo "Deployment credentials: Service Principal" + echo "Deployment credentials ID (SPN): $WL_ARM_CLIENT_SECRET" export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET diff --git a/deploy/scripts/remover.sh b/deploy/scripts/remover.sh index 7d2ad3feb3..83a3ada06f 100755 --- a/deploy/scripts/remover.sh +++ b/deploy/scripts/remover.sh @@ -316,10 +316,11 @@ fi useSAS=$(az storage account show --name "${REMOTE_STATE_SA}" --query allowSharedKeyAccess --subscription "${STATE_SUBSCRIPTION}" --out tsv) if [ "$useSAS" = "true" ] ; then - echo "Storage Account Authentication: Key" + echo "Storage Account Authentication: Key" export ARM_USE_AZUREAD=false else - echo "Storage Account Authentication: Entra ID" + echo "Storage Account Authentication: Entra ID" + export ARM_USE_AZUREAD=true fi From 2963f769303e8787becb04ad80c582e3246e18c3 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 20:44:47 +0300 Subject: [PATCH 73/77] Refactor LandscapeModel.cs, LandscapeDetails.json, and LandscapeTemplate.txt Add prevent_deletion_if_contains_resources property to LandscapeModel.cs, LandscapeDetails.json, and LandscapeTemplate.txt to prevent deletion of resource group if there are resources left within the resource group during deletion. --- Webapp/SDAF/Models/LandscapeModel.cs | 2 ++ Webapp/SDAF/ParameterDetails/LandscapeDetails.json | 9 +++++++++ Webapp/SDAF/ParameterDetails/LandscapeTemplate.txt | 3 ++- 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/Webapp/SDAF/Models/LandscapeModel.cs b/Webapp/SDAF/Models/LandscapeModel.cs index ee7d46a981..d87e335508 100644 --- a/Webapp/SDAF/Models/LandscapeModel.cs +++ b/Webapp/SDAF/Models/LandscapeModel.cs @@ -221,6 +221,8 @@ public bool IsValid() public string resourcegroup_name { get; set; } + public bool? prevent_deletion_if_contains_resources { get; set; } = true; + /*---------------------------------------------------------------------------8 | | | Azure NetApp Files information | diff --git a/Webapp/SDAF/ParameterDetails/LandscapeDetails.json b/Webapp/SDAF/ParameterDetails/LandscapeDetails.json index 7680110f6a..d88c961541 100644 --- a/Webapp/SDAF/ParameterDetails/LandscapeDetails.json +++ b/Webapp/SDAF/ParameterDetails/LandscapeDetails.json @@ -120,6 +120,15 @@ "Options": [], "Overrules": "", "Display": 2 + }, + { + "Name": "prevent_deletion_if_contains_resources", + "Required": false, + "Description": "Prevent deletion of resource group if there are Resources left within the Resource Group during deletion", + "Type": "checkbox", + "Options": [], + "Overrules": "", + "Display": 2 } ] }, diff --git a/Webapp/SDAF/ParameterDetails/LandscapeTemplate.txt b/Webapp/SDAF/ParameterDetails/LandscapeTemplate.txt index a971bf73fe..172bd1b026 100644 --- a/Webapp/SDAF/ParameterDetails/LandscapeTemplate.txt +++ b/Webapp/SDAF/ParameterDetails/LandscapeTemplate.txt @@ -305,7 +305,8 @@ $$resourcegroup_name$$ # The resourcegroup_name arm_id is optional, it can be used to provide an existing resource group for the deployment $$resourcegroup_arm_id$$ - +# Prevent deletion of resource group if there are Resources left within the Resource Group during deletion +$$prevent_deletion_if_contains_resources$$ ######################################################################################### # # From 77d70d6523a7ebbad4e05ee2b8a8d01e150802c6 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 21:06:34 +0300 Subject: [PATCH 74/77] Refactor package dependencies in os-packages.yaml --- .../roles-os/1.4-packages/vars/os-packages.yaml | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/deploy/ansible/roles-os/1.4-packages/vars/os-packages.yaml b/deploy/ansible/roles-os/1.4-packages/vars/os-packages.yaml index 979d785afe..2f6c5bddbe 100644 --- a/deploy/ansible/roles-os/1.4-packages/vars/os-packages.yaml +++ b/deploy/ansible/roles-os/1.4-packages/vars/os-packages.yaml @@ -339,25 +339,27 @@ packages: - { tier: 'ha', package: 'socat', node_tier: 'all', state: 'present' } - { tier: 'ha', package: 'corosync', node_tier: 'all', state: 'present' } - { tier: 'ha', package: 'resource-agents>=4.3', node_tier: 'all', state: 'present' } - - { tier: 'ha', package: 'fence-agents>=4.4.0', node_tier: 'all', state: 'present' } - { tier: 'ha', package: 'cloud-netconfig-azure>=1.3', node_tier: 'all', state: 'present' } # Assumption: Public_Cloud_Module_x86_64 already available - { tier: 'ha', package: 'python-azure-mgmt-compute', node_tier: 'all', state: 'present' } - { tier: 'ha', package: 'python-azure-identity', node_tier: 'all', state: 'present' } # Added as part of documentation update - - { tier: 'ha', package: 'sap-suse-cluster-connector', node_tier: 'hana', state: 'present' } + - { tier: 'ha', package: 'sap-suse-cluster-connector', node_tier: 'hana', state: 'present' } - { tier: 'ha', package: 'sap-suse-cluster-connector', node_tier: 'scs', state: 'present' } - { tier: 'ha', package: 'sap-suse-cluster-connector', node_tier: 'ers', state: 'present' } # -------------------------- End - packages required for Clustering ------------------------------------8 sles_sap12.4: # --------------------------- Begin - Packages required for SYBASE -----------------------------------------8 # 2371942 - Error Executing isql or dscp on SAP ASE or SAP HANA Accelerator for SAP ASE - - { tier: 'os', package: 'glibc-32bit', node_tier: 'sybase', state: 'present' } + - { tier: 'os', package: 'glibc-32bit', node_tier: 'sybase', state: 'present' } + - { tier: 'ha', package: 'fence-agents>=4.4.0', node_tier: 'all', state: 'present' } # --------------------------- End - Packages required for SYBASE -------------------------------------------8 sles_sap12.5: # --------------------------- Begin - Packages required for SYBASE -----------------------------------------8 # 2371942 - Error Executing isql or dscp on SAP ASE or SAP HANA Accelerator for SAP ASE - - { tier: 'os', package: 'glibc-32bit', node_tier: 'sybase', state: 'present' } - # --------------------------- End - Packages required for SYBASE -------------------------------------------8 + - { tier: 'os', package: 'glibc-32bit', node_tier: 'sybase', state: 'present' } + - { tier: 'ha', package: 'fence-agents-azure-arm', node_tier: 'scs', state: 'present' } + - { tier: 'ha', package: 'fence-agents-azure-arm', node_tier: 'ers', state: 'present' } + - { tier: 'ha', package: 'fence-agents-azure-arm', node_tier: 'hana', state: 'present' } # --------------------------- End - Packages required for SYBASE -------------------------------------------8 sles_sap15: - { tier: 'os', package: 'chrony', node_tier: 'all', state: 'present' } # - { tier: 'os', package: 'libyui-qt-pkg11', node_tier: 'all', state: 'present' } @@ -365,7 +367,7 @@ packages: - { tier: 'os', package: 'systemd', node_tier: 'all', state: 'present' } - { tier: 'os', package: 'tuned', node_tier: 'all', state: 'present' } - { tier: 'os', package: 'numad', node_tier: 'all', state: 'present' } - - { tier: 'os', package: 'ntp', node_tier: 'all', state: 'absent' } + - { tier: 'os', package: 'ntp', node_tier: 'all', state: 'absent' } - { tier: 'os', package: 'unrar', node_tier: 'scs', state: 'present' } # --------------------------- Begin - Packages required for DB2 -----------------------------------------8 # https://www.ibm.com/docs/en/db2/11.5?topic=servers-linux From f03920ce44e74aea6a96be8c9dd96a4f68eee51f Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 21:32:55 +0300 Subject: [PATCH 75/77] Refactor ansible role to remove unused variable and update passlib dependency --- .../roles-os/1.17-generic-pacemaker/tasks/1.17.1-pre_checks.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/deploy/ansible/roles-os/1.17-generic-pacemaker/tasks/1.17.1-pre_checks.yml b/deploy/ansible/roles-os/1.17-generic-pacemaker/tasks/1.17.1-pre_checks.yml index 645619b3c9..693c66ce8e 100644 --- a/deploy/ansible/roles-os/1.17-generic-pacemaker/tasks/1.17.1-pre_checks.yml +++ b/deploy/ansible/roles-os/1.17-generic-pacemaker/tasks/1.17.1-pre_checks.yml @@ -10,8 +10,6 @@ ansible.builtin.pip: name: passlib state: present - vars: - ansible_python_interpreter: "python3" tags: - always From 8c09e401960294495153832ca7844a6fc4a9f53a Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 21:39:41 +0300 Subject: [PATCH 76/77] Refactor ansible role to remove unused variable and update passlib dependency --- .../tasks/1.17.1-pre_checks.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/deploy/ansible/roles-os/1.17-generic-pacemaker/tasks/1.17.1-pre_checks.yml b/deploy/ansible/roles-os/1.17-generic-pacemaker/tasks/1.17.1-pre_checks.yml index 693c66ce8e..d2bdc69d39 100644 --- a/deploy/ansible/roles-os/1.17-generic-pacemaker/tasks/1.17.1-pre_checks.yml +++ b/deploy/ansible/roles-os/1.17-generic-pacemaker/tasks/1.17.1-pre_checks.yml @@ -6,12 +6,12 @@ # | | # +------------------------------------4--------------------------------------*/ -- name: "1.17 Generic Pacemaker: - Ensure passlib is installed" - ansible.builtin.pip: - name: passlib - state: present - tags: - - always +# - name: "1.17 Generic Pacemaker: - Ensure passlib is installed" +# ansible.builtin.pip: +# name: passlib +# state: present +# tags: +# - always # /*---------------------------------------------------------------------------8 From 4422529eed57c4e238bc4d778f8cab1d67792d68 Mon Sep 17 00:00:00 2001 From: Kimmo Forss Date: Thu, 24 Oct 2024 22:02:36 +0300 Subject: [PATCH 77/77] Refactor echo statement in install_workloadzone.sh for improved clarity --- deploy/scripts/install_workloadzone.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/scripts/install_workloadzone.sh b/deploy/scripts/install_workloadzone.sh index f8b410e545..42af391e2a 100755 --- a/deploy/scripts/install_workloadzone.sh +++ b/deploy/scripts/install_workloadzone.sh @@ -352,7 +352,7 @@ if [ 0 = "${deploy_using_msi_only:-}" ]; then if [ -n "$tenant_id" ] then if is_valid_guid "$tenant_id" ; then - echo "Valid tenant id format" + echo "" else printf -v val %-40.40s "$tenant_id" echo "#########################################################################################"