diff --git a/aws/bootnode-ami/prepare-bootnode-ami.sh b/aws/bootnode-ami/prepare-bootnode-ami.sh index 26f03eac..77719c5a 100755 --- a/aws/bootnode-ami/prepare-bootnode-ami.sh +++ b/aws/bootnode-ami/prepare-bootnode-ami.sh @@ -23,6 +23,8 @@ pip install awscli --upgrade --user pip install pyyaml pip install jaydebeapi pip install oauthlib==3.2.0 +pip install pymongo + # Install AWS cli curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" unzip -o awscliv2.zip @@ -39,13 +41,13 @@ mv -f jq /usr/local/bin #dnf module install -y container-tools ## Download Openshift CLI and move to /usr/local/bin -wget "https://mirror.openshift.com/pub/openshift-v4/clients/ocp/4.10.35/openshift-client-linux-4.10.35.tar.gz" -tar -xvf openshift-client-linux-4.10.35.tar.gz +wget "https://mirror.openshift.com/pub/openshift-v4/clients/ocp/4.12.18/openshift-client-linux-4.12.18.tar.gz" +tar -xvf openshift-client-linux-4.12.18.tar.gz chmod u+x oc kubectl mv -f oc /usr/local/bin mv -f kubectl /usr/local/bin oc version -rm -rf openshift-client-linux-4.10.35.tar.gz +rm -rf openshift-client-linux-4.12.18.tar.gz diff --git a/aws/cleanup-mas-deployment.sh b/aws/cleanup-mas-deployment.sh index 17a8fdc3..e9edd0c3 100755 --- a/aws/cleanup-mas-deployment.sh +++ b/aws/cleanup-mas-deployment.sh @@ -375,6 +375,17 @@ if [[ $VPC_ID != "null" ]]; then fi echo "---------------------------------------------" + # delete vpc peering connection filter as RequesterVpcInfo + VPCPEERID=$(aws ec2 describe-vpc-peering-connections --region ${REGION} --query "VpcPeeringConnections[?(RequesterVpcInfo.VpcId == '${VPC_ID}')].VpcPeeringConnectionId" --output text) + if [[ -n $VPCPEERID ]]; then + aws ec2 delete-vpc-peering-connection --vpc-peering-connection-id ${VPCPEERID} --region ${REGION} + fi + # delete vpc peering connection filter as AccepterVpcInfo + VPCPEERID=$(aws ec2 describe-vpc-peering-connections --region ${REGION} --query "VpcPeeringConnections[?(AccepterVpcInfo.VpcId == '${VPC_ID}')].VpcPeeringConnectionId" --output text) + if [[ -n $VPCPEERID ]]; then + aws ec2 delete-vpc-peering-connection --vpc-peering-connection-id ${VPCPEERID} --region ${REGION} + fi + # Delete VPC aws ec2 delete-vpc --region $REGION --vpc-id $VPC_ID else @@ -383,15 +394,18 @@ fi echo "---------------------------------------------" # Delete S3 bucket -echo "Checking for S3 buckets" -S3BUCKETS=$(aws s3api list-buckets --query 'Buckets[?contains(Name, `masocp-'"${UNIQ_STR}"'`) == `true`].[Name]' --output text) +echo "Checking for S3 buckets - ${UNIQ_STR}" +S3BUCKETS=$(aws s3api list-buckets --query 'Buckets[?contains(Name, `masocp-'"${UNIQ_STR}"'`) == `true`].[Name]' --region $REGION --output text) echo "S3BUCKETS = $S3BUCKETS" if [[ -n $S3BUCKETS ]]; then echo "Found S3 buckets for this AWS stack" for inst in $S3BUCKETS; do - inst=$(echo $inst | tr -d '\r\n') - aws s3 rb s3://$inst --force --region $REGION - echo "Deleted bucket $inst" + if [[ -n $inst ]]; then + inst=$(echo $inst | tr -d '\r\n') + aws s3 rb s3://$inst --force --region $REGION + echo "Deleted bucket $inst" + fi + done else echo "No S3 buckets for this AWS stack" diff --git a/aws/cleanup-s3-bucket.sh b/aws/cleanup-s3-bucket.sh new file mode 100644 index 00000000..312b2d08 --- /dev/null +++ b/aws/cleanup-s3-bucket.sh @@ -0,0 +1,41 @@ +#!/bin/bash +# Script to delete S3 buckets on AWS. +# This script will delete S3 buckets which got created as part of MAS deployment from all the regions configured in `DELETE_S3_REGIONS` variable. +# The script will fetch S3 buckets which are atleast 24 hours old. This is to prevent deleting S3 buckets which has an associated MAS deployment currently in-progress + +# Configured regions from where S3 buckets will be deleted +DELETE_S3_REGIONS=("us-east-1" "us-east-2" "us-west-2" "ap-east-1" "ap-southeast-1" "ap-southeast-2" "ap-northeast-1" "eu-central-1" "ap-south-1" "ap-northeast-2" "ap-northeast-3" "ca-central-1" "eu-south-1" "eu-west-1" "eu-west-2" "eu-west-3" "eu-north-1" "af-south-1" "me-south-1" "sa-east-1") +echo "======================================================" +echo "DELETE_S3_REGIONS=${DELETE_S3_REGIONS[@]}" +echo "======================================================" +date=$(date -d "24 hours ago" '+%Y-%m-%d') +echo "Fetch S3 buckets till $date date (current_day - 1 day)" +echo "======================================================" +S3BUCKETS=$(aws s3api list-buckets --query 'Buckets[?contains(Name, `masocp-`) == `true` && ( CreationDate<=`'"$date"'` )].[Name]' --output text) +echo "S3BUCKETS which contains 'masocp-' = $S3BUCKETS" +echo "======================================================" +for S3BUCKET in $S3BUCKETS; do + REGION=$(aws s3api get-bucket-location --bucket $S3BUCKET | jq -r '.LocationConstraint' ) + if [[ " ${DELETE_S3_REGIONS[@]} " =~ " ${REGION} " ]]; then + echo "S3BUCKET TO BE DELETED $S3BUCKET AND ITS REGION=${REGION} " + aws s3 rb s3://$S3BUCKET --force --region $REGION + elif [[ -z "$REGION" || "$REGION" == 'null' ]]; then + echo "S3BUCKET TO BE DELETED $S3BUCKET AND ITS REGION=${REGION} " + aws s3 rb s3://$S3BUCKET --force + fi +done +echo "======================================================" +S3BUCKETS=$(aws s3api list-buckets --query 'Buckets[?contains(Name, `cf-templates-`) == `true` && ( CreationDate<=`'"$date"'` )].[Name]' --output text) +echo "S3BUCKETS which contains 'cf-templates-' = $S3BUCKETS" +echo "======================================================" +for S3BUCKET in $S3BUCKETS; do + REGION=$(aws s3api get-bucket-location --bucket $S3BUCKET | jq -r '.LocationConstraint' ) + if [[ " ${DELETE_S3_REGIONS[@]} " =~ " ${REGION} " ]]; then + echo "S3BUCKET TO BE DELETED $S3BUCKET AND ITS REGION=${REGION} " + aws s3 rb s3://$S3BUCKET --force --region $REGION + elif [[ -z "$REGION" || "$REGION" == 'null' ]]; then + echo "S3BUCKET TO BE DELETED $S3BUCKET AND ITS REGION=${REGION} " + aws s3 rb s3://$S3BUCKET --force + fi +done +echo "======================================================" \ No newline at end of file diff --git a/aws/deploy.sh b/aws/deploy.sh index 3eba42ee..3506f82a 100755 --- a/aws/deploy.sh +++ b/aws/deploy.sh @@ -19,6 +19,8 @@ IAM_POLICY_NAME="masocp-policy-${RANDOM_STR}" IAM_USER_NAME="masocp-user-${RANDOM_STR}" # SLS variables export SLS_STORAGE_CLASS=gp2 +# UDS variables +export UDS_STORAGE_CLASS=gp2 # CP4D variables export CPD_METADATA_STORAGE_CLASS=gp2 export CPD_SERVICE_STORAGE_CLASS="ocs-storagecluster-cephfs" @@ -94,20 +96,28 @@ if [[ -n "$MAS_LICENSE_URL" ]]; then else log " MAS LICENSE URL file is not available." fi +log "deploy.sh AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID" +if [[ -f "/tmp/iam-user-created" ]]; then + log "deploy.sh /tmp/iam-user-created exists; iam user creation skipped AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID..." +else + ## IAM + # Create IAM policy + cd $GIT_REPO_HOME/aws + policyarn=$(aws iam create-policy --policy-name ${IAM_POLICY_NAME} --policy-document file://${GIT_REPO_HOME}/aws/iam/policy.json | jq '.Policy.Arn' | tr -d "\"") + # Create IAM user + aws iam create-user --user-name ${IAM_USER_NAME} + aws iam attach-user-policy --user-name ${IAM_USER_NAME} --policy-arn $policyarn + accessdetails=$(aws iam create-access-key --user-name ${IAM_USER_NAME}) + export AWS_ACCESS_KEY_ID=$(echo $accessdetails | jq '.AccessKey.AccessKeyId' | tr -d "\"") + export AWS_SECRET_ACCESS_KEY=$(echo $accessdetails | jq '.AccessKey.SecretAccessKey' | tr -d "\"") + log " AWS_ACCESS_KEY_ID: $AWS_ACCESS_KEY_ID" + # on successful user and policy creation, create a file /tmp/iam-user-created + echo "COMPLETE" > /tmp/iam-user-created + chmod a+rw /tmp/iam-user-created + # Put some delay for IAM permissions to be applied in the backend + sleep 60 +fi -## IAM -# Create IAM policy -cd $GIT_REPO_HOME/aws -policyarn=$(aws iam create-policy --policy-name ${IAM_POLICY_NAME} --policy-document file://${GIT_REPO_HOME}/aws/iam/policy.json | jq '.Policy.Arn' | tr -d "\"") -# Create IAM user -aws iam create-user --user-name ${IAM_USER_NAME} -aws iam attach-user-policy --user-name ${IAM_USER_NAME} --policy-arn $policyarn -accessdetails=$(aws iam create-access-key --user-name ${IAM_USER_NAME}) -export AWS_ACCESS_KEY_ID=$(echo $accessdetails | jq '.AccessKey.AccessKeyId' | tr -d "\"") -export AWS_SECRET_ACCESS_KEY=$(echo $accessdetails | jq '.AccessKey.SecretAccessKey' | tr -d "\"") -log " AWS_ACCESS_KEY_ID: $AWS_ACCESS_KEY_ID" -# Put some delay for IAM permissions to be applied in the backend -sleep 60 if [[ $OPENSHIFT_USER_PROVIDE == "false" ]]; then ## Provisiong OCP cluster @@ -181,9 +191,19 @@ EOT set -e log "==== OCP cluster creation completed ====" + export AWS_VPC_ID="$(terraform output -raw vpcid)" + log "AWS_VPC_ID ===> ${AWS_VPC_ID}" + oc login -u $OCP_USERNAME -p $OCP_PASSWORD --server=https://api.${CLUSTER_NAME}.${BASE_DOMAIN}:6443 log "==== Adding PID limits to worker nodes ====" oc create -f $GIT_REPO_HOME/templates/container-runtime-config.yml + log "==== Creating storage classes namely, gp2, ocs-storagecluster-ceph-rbd, ocs-storagecluster-cephfs, & openshift-storage.noobaa.io ====" + oc apply -f $GIT_REPO_HOME/aws/ocp-terraform/ocs/gp2.yaml + oc apply -f $GIT_REPO_HOME/aws/ocp-terraform/ocs/ocs-storagecluster-cephfs.yaml + oc apply -f $GIT_REPO_HOME/aws/ocp-terraform/ocs/ocs-storagecluster-ceph-rbd.yaml + oc apply -f $GIT_REPO_HOME/aws/ocp-terraform/ocs/openshift-storage.noobaa.io.yaml + # Ensure only gp2 is set as default storage class + oc patch storageclass gp3-csi -p '{"metadata": {"annotations": {"storageclass.kubernetes.io/is-default-class": "false"}}}' ## Create bastion host cd $GIT_REPO_HOME/aws @@ -199,7 +219,7 @@ EOT set -e - # Backup Terraform configuration + # Backup deployment context cd $GIT_REPO_HOME rm -rf /tmp/mas-multicloud mkdir /tmp/mas-multicloud @@ -207,18 +227,18 @@ EOT cd /tmp zip -r $BACKUP_FILE_NAME mas-multicloud/* set +e - aws s3 cp $BACKUP_FILE_NAME $DEPLOYMENT_CONTEXT_UPLOAD_PATH --region $DEPLOY_REGION + aws s3 cp $BACKUP_FILE_NAME $DEPLOYMENT_CONTEXT_UPLOAD_PATH --region $DEPLOY_REGION retcode=$? if [[ $retcode -ne 0 ]]; then aws s3 cp $BACKUP_FILE_NAME $DEPLOYMENT_CONTEXT_UPLOAD_PATH --region us-east-1 retcode=$? - fi + fi if [[ $retcode -ne 0 ]]; then log "Failed while uploading deployment context to S3" exit 23 fi set -e - log "OCP cluster Terraform configuration backed up at $DEPLOYMENT_CONTEXT_UPLOAD_PATH in file $CLUSTER_NAME.zip" + log "OCP cluster deployment context backed up at $DEPLOYMENT_CONTEXT_UPLOAD_PATH in file $CLUSTER_NAME.zip" # Create a secret in the Cloud to keep OCP access credentials cd $GIT_REPO_HOME @@ -270,11 +290,174 @@ fi set -e log "==== OCP cluster configuration (Cert Manager) completed ====" -## Deploy MongoDB -log "==== MongoDB deployment started ====" -export ROLE_NAME=mongodb && ansible-playbook ibm.mas_devops.run_role -log "==== MongoDB deployment completed ====" +log "==== AWS_VPC_ID = ${AWS_VPC_ID}" +log "==== EXISTING_NETWORK = ${EXISTING_NETWORK}" +log "==== BOOTNODE_VPC_ID = ${BOOTNODE_VPC_ID}" +if [[ -n $AWS_VPC_ID ]]; then + export VPC_ID="${AWS_VPC_ID}" #ipi +fi +if [[ -n $EXISTING_NETWORK ]]; then + export VPC_ID="${EXISTING_NETWORK}" #upi +fi +if [[ -z $AWS_VPC_ID && -z $EXISTING_NETWORK && -n $BOOTNODE_VPC_ID ]]; then + export VPC_ID="${BOOTNODE_VPC_ID}" #existing ocp +fi +if [[ -z $VPC_ID && $MONGO_FLAVOR == "Amazon DocumentDB" ]]; then + log "Failed to get the vpc id required to deploy documentdb" + exit 32 +fi +export AWS_REGION=$DEPLOY_REGION + +log "==== MONGO_USE_EXISTING_INSTANCE = ${MONGO_USE_EXISTING_INSTANCE}" +if [[ $MONGO_USE_EXISTING_INSTANCE == "true" ]]; then + if [[ $MONGO_FLAVOR == "Amazon DocumentDB" ]]; then + export MONGODB_PROVIDER="aws" + # setting to false, used be sls role + export SLS_MONGO_RETRYWRITES=false + log "==== aws/deploy.sh : Invoke docdb-create-vpc-peer.sh starts ====" + log "Existing instance of Amazon Document DB @ VPC_ID=$DOCUMENTDB_VPC_ID" + export ACCEPTER_VPC_ID=${DOCUMENTDB_VPC_ID} + export REQUESTER_VPC_ID=${VPC_ID} + + sh $GIT_REPO_HOME/mongo/docdb/docdb-create-vpc-peer.sh + log "==== aws/deploy.sh : Invoke docdb-create-vpc-peer.sh ends ====" + fi + export MONGODB_ADMIN_USERNAME="${MONGO_ADMIN_USERNAME}" + export MONGODB_ADMIN_PASSWORD="${MONGO_ADMIN_PASSWORD}" + export MONGODB_HOSTS="${MONGO_HOSTS}" + export MONGODB_CA_PEM_LOCAL_FILE=$GIT_REPO_HOME/mongo/mongo-ca.pem + export MONGODB_RETRY_WRITES=$SLS_MONGO_RETRYWRITES + log " MONGODB_ADMIN_USERNAME=$MONGODB_ADMIN_USERNAME MONGODB_HOSTS=$MONGODB_HOSTS MONGODB_CA_PEM_LOCAL_FILE=${MONGODB_CA_PEM_LOCAL_FILE} MONGODB_RETRY_WRITES=$MONGODB_RETRY_WRITES" + log "==== Existing MongoDB gencfg_mongo Started ====" + export ROLE_NAME=gencfg_mongo && ansible-playbook ibm.mas_devops.run_role + log "==== Existing MongoDB gencfg_mongo completed ====" +else + ## Deploy MongoDB started + log "==== MongoDB deployment started ==== MONGO_FLAVOR=$MONGO_FLAVOR" + if [[ $MONGO_FLAVOR == "Amazon DocumentDB" ]]; then + log "Provision new instance of Amazon Document DB @ VPC_ID=$VPC_ID" + export MONGODB_PROVIDER="aws" + # setting to false, used be sls role + export SLS_MONGO_RETRYWRITES=false + #by default its create (provision) action in mongo role. + #export MONGODB_ACTION="provision" + export DOCDB_CLUSTER_NAME="docdb-${RANDOM_STR}" + export DOCDB_INSTANCE_IDENTIFIER_PREFIX="docdb-${RANDOM_STR}" + export DOCDB_INSTANCE_NUMBER=3 + log "==== Invoke fetch-cidr-block.sh ====" + source $GIT_REPO_HOME/aws/utils/fetch-cidr-block.sh + if [ $? -ne 0 ]; then + SCRIPT_STATUS=44 + exit $SCRIPT_STATUS + fi + # IPv4 CIDR of private or default subnet + export DOCDB_CIDR_AZ1="${CIDR_BLOCKS_0}" + export DOCDB_CIDR_AZ2="${CIDR_BLOCKS_1}" + export DOCDB_CIDR_AZ3="${CIDR_BLOCKS_2}" + export DOCDB_INGRESS_CIDR="${VPC_CIDR_BLOCK}" + export DOCDB_EGRESS_CIDR="${VPC_CIDR_BLOCK}" + log "DOCDB_CIDR_AZ1=${DOCDB_CIDR_AZ1} DOCDB_CIDR_AZ2=${DOCDB_CIDR_AZ2} DOCDB_CIDR_AZ3=${DOCDB_CIDR_AZ3} VPC_CIDR_BLOCK=$VPC_CIDR_BLOCK" + + + SUBNET_1=`aws ec2 describe-subnets --filters \ + "Name=cidr,Values=$DOCDB_CIDR_AZ1" \ + "Name=vpc-id,Values=$VPC_ID" \ + --query "Subnets[*].{SUBNET_ID:SubnetId , TAG_NAME:Tags[?Key=='Name'] | [0].Value }" --output=text` + + SUBNET_ID1=`echo -e "$SUBNET_1" | awk '{print $1}'` + TAG_NAME1=`echo -e "$SUBNET_1" | awk '{print $2}'` + log "==== SUBNET_ID1=$SUBNET_ID1 and TAG_NAME1=$TAG_NAME1 ==== " + + SUBNET_2=`aws ec2 describe-subnets --filters \ + "Name=cidr,Values=$DOCDB_CIDR_AZ2" \ + "Name=vpc-id,Values=$VPC_ID" \ + --query "Subnets[*].{SUBNET_ID:SubnetId , TAG_NAME:Tags[?Key=='Name'] | [0].Value }" --output=text` + + SUBNET_ID2=`echo -e "$SUBNET_2" | awk '{print $1}'` + TAG_NAME2=`echo -e "$SUBNET_2" | awk '{print $2}'` + log "==== SUBNET_ID2=$SUBNET_ID2 and TAG_NAME2=$TAG_NAME2 ==== " + + SUBNET_3=`aws ec2 describe-subnets --filters \ + "Name=cidr,Values=$DOCDB_CIDR_AZ3" \ + "Name=vpc-id,Values=$VPC_ID" \ + --query "Subnets[*].{SUBNET_ID:SubnetId , TAG_NAME:Tags[?Key=='Name'] | [0].Value }" --output=text` + + SUBNET_ID3=`echo -e "$SUBNET_3" | awk '{print $1}'` + TAG_NAME3=`echo -e "$SUBNET_3" | awk '{print $2}'` + log "==== SUBNET_ID3=$SUBNET_ID3 and TAG_NAME3=$TAG_NAME3 ==== " + + if [[ -z "$SUBNET_ID1" ]]; then + SCRIPT_STATUS=41 + log "Subnet ID associated with CIDR Block 10.0.128.0/20 not found" + exit $SCRIPT_STATUS + fi + if [[ -z "$SUBNET_ID2" ]]; then + SCRIPT_STATUS=41 + log "Subnet ID associated with CIDR Block 10.0.144.0/20 not found" + exit $SCRIPT_STATUS + fi + if [[ -z "$SUBNET_ID3" ]]; then + SCRIPT_STATUS=41 + log "Subnet ID associated with CIDR Block 10.0.160.0/20 not found" + exit $SCRIPT_STATUS + fi + #mongo docdb role expects subnet name tag to be in this format docdb-${RANDOM_STR}, required in the create instance flow + aws ec2 create-tags --resources $SUBNET_ID1 --tags Key=Name,Value=docdb-${RANDOM_STR} + aws ec2 create-tags --resources $SUBNET_ID2 --tags Key=Name,Value=docdb-${RANDOM_STR} + aws ec2 create-tags --resources $SUBNET_ID3 --tags Key=Name,Value=docdb-${RANDOM_STR} + log "==== DocumentDB deployment started ==== @VPC_ID=${VPC_ID} ==== DOCDB_CLUSTER_NAME = ${DOCDB_CLUSTER_NAME}" + fi + export ROLE_NAME=mongodb && ansible-playbook ibm.mas_devops.run_role + if [[ $MONGO_FLAVOR == "Amazon DocumentDB" && $MONGO_USE_EXISTING_INSTANCE == "false" ]]; then + #Renaming subnet name tag to its original value, required in the create instance flow + if [[ (-n $SUBNET_ID1) && (-n $SUBNET_ID2) && (-n $SUBNET_ID3) && (-n $TAG_NAME1) && (-n $TAG_NAME2) && (-n $TAG_NAME3) ]]; then + log "==== Tagging subnet name to its original value ====" + aws ec2 create-tags --resources $SUBNET_ID1 --tags Key=Name,Value=$TAG_NAME1 + aws ec2 create-tags --resources $SUBNET_ID2 --tags Key=Name,Value=$TAG_NAME2 + aws ec2 create-tags --resources $SUBNET_ID3 --tags Key=Name,Value=$TAG_NAME3 + fi + fi + + log "==== MongoDB deployment completed ====" + ## Deploy MongoDB completed +fi + +if [[ -z $VPC_ID && $AWS_MSK_PROVIDER == "Yes" ]]; then + log "Failed to get the vpc id required to deploy AWS MSK" + exit 42 +fi +log "==== AWS_MSK_PROVIDER=$AWS_MSK_PROVIDER VPC_ID=$VPC_ID ====" +if [[ $AWS_MSK_PROVIDER == "Yes" ]]; then + log "==== AWS MSK deployment started ====" + export KAFKA_CLUSTER_NAME="msk-${RANDOM_STR}" + export KAFKA_NAMESPACE="msk-${RANDOM_STR}" + export AWS_KAFKA_USER_NAME="mskuser-${RANDOM_STR}" + export AWS_REGION="${DEPLOY_REGION}" + export KAFKA_VERSION="2.8.1" + export KAFKA_PROVIDER="aws" + export KAFKA_ACTION="install" + export AWS_MSK_INSTANCE_TYPE="kafka.m5.large" + export AWS_MSK_VOLUME_SIZE="100" + export AWS_MSK_INSTANCE_NUMBER=3 + + log "==== Invoke fetch-cidr-block.sh ====" + source $GIT_REPO_HOME/aws/utils/fetch-cidr-block.sh + if [ $? -ne 0 ]; then + SCRIPT_STATUS=44 + exit $SCRIPT_STATUS + fi + # IPv4 CIDR of private or default subnet + export AWS_MSK_CIDR_AZ1="${CIDR_BLOCKS_0}" + export AWS_MSK_CIDR_AZ2="${CIDR_BLOCKS_1}" + export AWS_MSK_CIDR_AZ3="${CIDR_BLOCKS_2}" + export AWS_MSK_INGRESS_CIDR="${VPC_CIDR_BLOCK}" + export AWS_MSK_EGRESS_CIDR="${VPC_CIDR_BLOCK}" + log "AWS_MSK_CIDR_AZ1=${AWS_MSK_CIDR_AZ1} AWS_MSK_CIDR_AZ2=${AWS_MSK_CIDR_AZ2} AWS_MSK_CIDR_AZ3=${AWS_MSK_CIDR_AZ3} VPC_CIDR_BLOCK=$VPC_CIDR_BLOCK" + + export ROLE_NAME=kafka && ansible-playbook ibm.mas_devops.run_role + log "==== AWS MSK deployment completed ====" +fi ## Copying the entitlement.lic to MAS_CONFIG_DIR if [[ -n "$MAS_LICENSE_URL" ]]; then cp $GIT_REPO_HOME/entitlement.lic $MAS_CONFIG_DIR @@ -321,12 +504,13 @@ if [[ (-z $SLS_URL) || (-z $SLS_REGISTRATION_KEY) || (-z $SLS_PUB_CERT_URL) ]]; else log "Configuring sls for byol offering" fi - + log "SLS_MONGO_RETRYWRITES=$SLS_MONGO_RETRYWRITES" log "==== SLS deployment started ====" export ROLE_NAME=sls && ansible-playbook ibm.mas_devops.run_role log "==== SLS deployment completed ====" else + log " SLS_MONGO_RETRYWRITES=$SLS_MONGO_RETRYWRITES " log "=== Using Existing SLS Deployment ===" export ROLE_NAME=sls && ansible-playbook ibm.mas_devops.run_role log "=== Generated SLS Config YAML ===" @@ -358,10 +542,23 @@ log "==== MAS Workspace generation started ====" export ROLE_NAME=gencfg_workspace && ansible-playbook ibm.mas_devops.run_role log "==== MAS Workspace generation completed ====" -if [[ $DEPLOY_MANAGE == "true" ]]; then - log "==== Configure JDBC started ====" +## Deploy Manage +if [[ $DEPLOY_MANAGE == "true" && (-z $MAS_JDBC_USER) && (-z $MAS_JDBC_PASSWORD) && (-z $MAS_JDBC_URL) && (-z $MAS_JDBC_CERT_URL) ]]; then + log "==== Configure internal db2 for manage started ====" + export ROLE_NAME=db2 && ansible-playbook ibm.mas_devops.run_role + export ROLE_NAME=suite_db2_setup_for_manage && ansible-playbook ibm.mas_devops.run_role + log "==== Configure internal db2 for manage started ====" +fi + +if [[ $DEPLOY_MANAGE == "true" && (-n $MAS_JDBC_USER) && (-n $MAS_JDBC_PASSWORD) && (-n $MAS_JDBC_URL) ]]; then + export SSL_ENABLED=false + if [ -n "$MAS_JDBC_CERT_URL" ]; then + log "MAS_JDBC_CERT_URL is not empty, setting SSL_ENABLED as true" + export SSL_ENABLED=true + fi + log "==== Configure JDBC started for external DB2 ==== SSL_ENABLED = $SSL_ENABLED" export ROLE_NAME=gencfg_jdbc && ansible-playbook ibm.mas_devops.run_role - log "==== Configure JDBC completed ====" + log "==== Configure JDBC completed for external DB2 ====" fi ## Deploy MAS @@ -380,6 +577,7 @@ if [[ $DEPLOY_MANAGE == "true" ]]; then # Configure app to use the DB log "==== MAS Manage configure app started ====" + export MAS_APPWS_BINDINGS_JDBC="workspace-application" export ROLE_NAME=suite_app_config && ansible-playbook ibm.mas_devops.run_role log "==== MAS Manage configure app completed ====" fi diff --git a/aws/iam/policy.json b/aws/iam/policy.json index 5acb39fd..ae85db0d 100644 --- a/aws/iam/policy.json +++ b/aws/iam/policy.json @@ -5,6 +5,9 @@ "Effect": "Allow", "Action": [ "autoscaling:DescribeAutoScalingGroups", + "cloudwatch:GetMetricStatistics", + "cloudwatch:ListMetrics", + "ec2:AcceptVpcPeeringConnection", "ec2:AllocateAddress", "ec2:AssociateAddress", "ec2:AssociateDhcpOptions", @@ -14,67 +17,14 @@ "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CopyImage", - "ec2:CreateDhcpOptions", - "ec2:CreateInternetGateway", - "ec2:CreateNatGateway", - "ec2:CreateNetworkInterface", - "ec2:CreateRoute", - "ec2:CreateRouteTable", - "ec2:CreateSecurityGroup", - "ec2:CreateSubnet", - "ec2:CreateTags", - "ec2:CreateVolume", - "ec2:CreateVpc", - "ec2:CreateVpcEndpoint", - "ec2:DeleteDhcpOptions", - "ec2:DeleteInternetGateway", - "ec2:DeleteNatGateway", - "ec2:DeleteNetworkInterface", - "ec2:DeleteRoute", - "ec2:DeleteRouteTable", - "ec2:DeleteSecurityGroup", - "ec2:DeleteSnapshot", - "ec2:DeleteSubnet", - "ec2:DeleteTags", - "ec2:DeleteVolume", - "ec2:DeleteVpc", - "ec2:DeleteVpcEndpoints", + "ec2:Create*", + "ec2:Delete*", "ec2:DeregisterImage", - "ec2:Describe", - "ec2:DescribeAccountAttributes", - "ec2:DescribeAddresses", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeDhcpOptions", - "ec2:DescribeImages", - "ec2:DescribeInstanceAttribute", - "ec2:DescribeInstanceCreditSpecifications", - "ec2:DescribeInstanceTypeOfferings", - "ec2:DescribeInstanceTypes", - "ec2:DescribeInstances", - "ec2:DescribeInternetGateways", - "ec2:DescribeKeyPairs", - "ec2:DescribeNatGateways", - "ec2:DescribeNetworkAcls", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribePrefixLists", - "ec2:DescribeRegions", - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeTags", - "ec2:DescribeVolumes", - "ec2:DescribeVpcAttribute", - "ec2:DescribeVpcClassicLink", - "ec2:DescribeVpcClassicLinkDnsSupport", - "ec2:DescribeVpcEndpoints", - "ec2:DescribeVpcs", + "ec2:Describe*", "ec2:DetachInternetGateway", "ec2:DisassociateRouteTable", "ec2:GetEbsDefaultKmsKeyId", - "ec2:ModifyInstanceAttribute", - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:ModifySubnetAttribute", - "ec2:ModifyVpcAttribute", + "ec2:Modify*", "ec2:ReleaseAddress", "ec2:ReplaceRouteTableAssociation", "ec2:RevokeSecurityGroupEgress", @@ -86,56 +36,24 @@ "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", "elasticloadbalancing:AttachLoadBalancerToSubnets", "elasticloadbalancing:ConfigureHealthCheck", - "elasticloadbalancing:CreateListener", - "elasticloadbalancing:CreateLoadBalancer", - "elasticloadbalancing:CreateLoadBalancerListeners", - "elasticloadbalancing:CreateTargetGroup", + "elasticloadbalancing:Create*", "elasticloadbalancing:DeleteLoadBalancer", "elasticloadbalancing:DeleteTargetGroup", "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", "elasticloadbalancing:DeregisterTargets", - "elasticloadbalancing:DescribeInstanceHealth", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DescribeLoadBalancerAttributes", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeTags", - "elasticloadbalancing:DescribeTargetGroupAttributes", - "elasticloadbalancing:DescribeTargetGroups", - "elasticloadbalancing:DescribeTargetHealth", - "elasticloadbalancing:ModifyLoadBalancerAttributes", - "elasticloadbalancing:ModifyTargetGroup", - "elasticloadbalancing:ModifyTargetGroupAttributes", - "elasticloadbalancing:RegisterInstancesWithLoadBalancer", - "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:Describe*", + "elasticloadbalancing:Modify*", + "elasticloadbalancing:Register*", "elasticloadbalancing:SetLoadBalancerPoliciesOfListener", "iam:AddRoleToInstanceProfile", + "iam:AttachRolePolicy", "iam:AttachUserPolicy", - "iam:CreateAccessKey", - "iam:CreateInstanceProfile", - "iam:CreatePolicy", - "iam:CreateServiceLinkedRole", - "iam:CreateRole", - "iam:CreateUser", - "iam:DeleteAccessKey", - "iam:DeleteInstanceProfile", - "iam:DeleteRole", - "iam:DeleteRolePolicy", - "iam:DeleteUser", - "iam:DeleteUserPolicy", + "iam:Create*", + "iam:Delete*", "iam:DetachUserPolicy", "iam:GetInstanceProfile", - "iam:GetRole", - "iam:GetRolePolicy", - "iam:GetUser", - "iam:GetUserPolicy", - "iam:ListAccessKeys", - "iam:ListAttachedRolePolicies", - "iam:ListInstanceProfiles", - "iam:ListInstanceProfilesForRole", - "iam:ListRolePolicies", - "iam:ListRoles", - "iam:ListUserPolicies", - "iam:ListUsers", + "iam:Get*", + "iam:List*", "iam:PassRole", "iam:PutRolePolicy", "iam:PutUserPolicy", @@ -144,35 +62,66 @@ "iam:TagRole", "iam:TagUser", "iam:UntagRole", - "kms:CreateKey", + "kms:Create*", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GetKeyPolicy", "kms:GetKeyRotationStatus", - "kms:ListResourceTags", + "kms:List*", + "kms:ReEncrypt*", + "kms:RetireGrant", "kms:ScheduleKeyDeletion", - "route53:ChangeResourceRecordSets", - "route53:ChangeTagsForResource", - "route53:CreateHostedZone", - "route53:DeleteHostedZone", - "route53:GetChange", - "route53:GetHostedZone", - "route53:ListHostedZones", - "route53:ListHostedZonesByName", - "route53:ListResourceRecordSets", - "route53:ListTagsForResource", - "route53:UpdateHostedZoneComment", + "kms:UpdateAlias", + "logs:DescribeLogStreams", + "logs:GetLogEvents", + "rds:AddTagsToResource", + "rds:CreateDB*", + "rds:DeleteDB*", + "rds:DescribeDB*", + "rds:ListTagsForResource", + "rds:ModifyDB*", + "rds:PromoteReadReplica", + "rds:RebootDBInstance", + "rds:RemoveTagsFromResource", + "rds:RestoreDB*", + "rds:StartDBInstance", + "rds:StopDBInstance", + "route53:*", "s3:*", "secretsmanager:CreateSecret", + "secretsmanager:DescribeSecret", + "secretsmanager:GetResourcePolicy", + "secretsmanager:GetSecretValue", + "secretsmanager:ListSecrets", + "secretsmanager:ListSecretVersionIds", + "secretsmanager:PutSecretValue", + "secretsmanager:UpdateSecret", "servicequotas:ListAWSDefaultServiceQuotas", "servicequotas:ListServiceQuotas", + "ses:GetIdentityVerificationAttributes", + "ses:ListIdentities", "ses:SendEmail", "ses:SendRawEmail", - "ses:ListIdentities", - "ses:GetIdentityVerificationAttributes", + "sns:ListSubscriptions", + "sns:ListTopics", + "sns:Publish", "sts:GetCallerIdentity", "tag:GetResources", "tag:TagResources", - "tag:UntagResources" + "tag:UntagResources", + "kafka:Batch*", + "kafka:Create*", + "kafka:Delete*", + "kafka:Describe*", + "kafka:GetBootstrapBrokers", + "kafka:GetCompatibleKafkaVersions", + "kafka:List*", + "kafka:RebootBroker", + "kafka:TagResource", + "kafka:UntagResource", + "kafka:Update*" ], "Resource": [ "*" diff --git a/aws/master-cft/byol-existing-ocp/cft-mas-core-dev.yaml b/aws/master-cft/byol-existing-ocp/cft-mas-core-dev.yaml index 8893f927..b297b3e6 100644 --- a/aws/master-cft/byol-existing-ocp/cft-mas-core-dev.yaml +++ b/aws/master-cft/byol-existing-ocp/cft-mas-core-dev.yaml @@ -137,6 +137,61 @@ Parameters: AllowedValues: - Production - Non-production + MongoDeploymentMode: + Description: >- + A new mongo instance will be created on selection of 'Provision a new mongo instance'. + To use an existing mongo instance, select 'Use an existing mongo instance' option + Type: String + Default: "Provision a new mongo instance" + MinLength: '1' + AllowedValues: + - "Provision a new mongo instance" + - "Use an existing mongo instance" + MongoDBProvider: + Description: >- + Select the desired MongoDB provider. + Note: When selecting MongoDBProvider as MongoDB and MongoDeploymentMode as 'Provision a new mongo instance', a new "MongoDB Community Edition" instance will be provisioned + Type: String + Default: "MongoDB" + MinLength: '1' + AllowedValues: + - "MongoDB" + - "Amazon DocumentDB" + MongoAdminUsername: + Description: >- + Enter the Mongo Admin Username. + Type: String + MongoAdminPassword: + Description: >- + Enter the Mongo Admin Password. + Type: String + NoEcho: true + MongoHosts: + Description: >- + Enter the Mongo Hosts. eg., docdb-nonwqp-1.abc.ca-central-1.docdb.amazonaws.com:27017,docdb-nonwqp-2.def.ca-central-1.docdb.amazonaws.com:27017 + Type: String + MongoCAPemFile: + Description: >- + Enter the S3 bucket URL where MongoCAPemFile was uploaded. + Type: String + DocumentDBProvisionedVPCId: + Description: >- + Enter the VPC ID where existing Amazon DocumentDB was provisioned. + Leave this field blank, if MongoDBProvider was selected as "MongoDB". + Make sure this VPC ID resides in the current deployment region and does not have matching or overlapping IPv4 CIDR blocks 10.0.0.0/16. + Type: String + AWSMSKProvider: + Description: >- + Select Yes, to provision a AWS MSK cluster + Type: String + Default: "No" + MinLength: '1' + AllowedValues: + - "No" + - "Yes" +Conditions: + MongoUseExistingInstanceCondition: !Equals [!Ref MongoDeploymentMode, "Use an existing mongo instance"] + Metadata: 'AWS::CloudFormation::Interface': ParameterGroups: @@ -167,13 +222,34 @@ Metadata: - Label: default: >- Maximo Manage database configuration (complete this section only if - you chose the 'MAS + Manage' offering type) + you chose the 'MAS + Manage' offering type. + In case if this section is left empty and you chose 'MAS + Manage' offering type, + then We will provision an internal DB2 instance for Manage) Parameters: - MASManageDBUser - MASManageDBPassword - MASManageDBJdbcUrl - MASManageDBCertificateUrl - ImportDemoData + - Label: + default: MongoDB Configuration + Parameters: + - MongoDeploymentMode + - MongoDBProvider + - Label: + default: >- + Existing MongoDB / DocumentDB configuration details + (complete this section only if MongoDeploymentMode was selected as 'Use an existing mongo instance') + Parameters: + - MongoAdminUsername + - MongoAdminPassword + - MongoHosts + - MongoCAPemFile + - DocumentDBProvisionedVPCId + - Label: + default: AWS MSK Provider + Parameters: + - AWSMSKProvider - Label: default: >- Existing Suite License Service connection details (leave this @@ -201,7 +277,7 @@ Metadata: Mappings: RegionMap: us-east-1: - HVM64: ami-07494308bf779622b + HVM64: ami-028c3019ed25237a4 us-east-2: HVM64: ami-0da4f91ded4bac1bd us-west-2: @@ -211,19 +287,19 @@ Mappings: ap-southeast-1: HVM64: ami-0e084c2cc29ec1720 ap-southeast-2: - HVM64: ami-04b93bf7675dfbac1 + HVM64: ami-093254aff333dcfe3 ap-northeast-1: HVM64: ami-0786a7bec0e143591 eu-central-1: HVM64: ami-09fbeb232efd55c04 ap-south-1: - HVM64: ami-02190fd9502ff751c + HVM64: ami-09ee06d85c3bf30f9 ap-northeast-2: HVM64: ami-0b5a78be9ec85d01b ap-northeast-3: HVM64: ami-0d96abb825f3fc970 ca-central-1: - HVM64: ami-0268cd112c39d8715 + HVM64: ami-05de5e08f0f2ebd49 eu-south-1: HVM64: ami-045e0d5842edd2162 eu-west-1: @@ -555,7 +631,7 @@ Resources: - 'git clone https://github.com/ibm-mas/ansible-devops.git;' - cd ansible-devops; - rm -rf multicloud-bootstrap 1>/dev/null 2>&1; - - 'git clone https://github.com/ibm-mas/multicloud-bootstrap.git;' + - 'git clone -b mas810-alpha https://github.com/ibm-mas/multicloud-bootstrap.git;' - cd multicloud-bootstrap; - 'find . -type f -name "*.sh" -exec chmod +x {} \;;' - ./init.sh "aws" " @@ -611,9 +687,28 @@ Resources: - !Ref OpenShiftPassword - ''' '''' ''' - !Ref EmailNotification - - ''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' ''' + - ''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' ''' + - ''' ''' + - !Ref BootNodeVPCId + - ''' '''' '''' '''' '''' '''' '''' '''' '''' '''' ''' - ''' ''' - !Ref OperationalMode + - ''' ''' + - !If [MongoUseExistingInstanceCondition, "true", "false"] + - ''' ''' + - !Ref MongoDBProvider + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoAdminUsername, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoAdminPassword, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoHosts, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoCAPemFile, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref DocumentDBProvisionedVPCId, ""] + - ''' ''' + - !Ref AWSMSKProvider - ''' "dev" ' - '2>&1 | tee mas-provisioning.log; ' Tags: diff --git a/aws/master-cft/byol-existing-ocp/cft-mas-core.yaml b/aws/master-cft/byol-existing-ocp/cft-mas-core.yaml index c1a7d28c..addc85e1 100644 --- a/aws/master-cft/byol-existing-ocp/cft-mas-core.yaml +++ b/aws/master-cft/byol-existing-ocp/cft-mas-core.yaml @@ -137,6 +137,61 @@ Parameters: AllowedValues: - Production - Non-production + MongoDeploymentMode: + Description: >- + A new mongo instance will be created on selection of 'Provision a new mongo instance'. + To use an existing mongo instance, select 'Use an existing mongo instance' option + Type: String + Default: "Provision a new mongo instance" + MinLength: '1' + AllowedValues: + - "Provision a new mongo instance" + - "Use an existing mongo instance" + MongoDBProvider: + Description: >- + Select the desired MongoDB provider. + Note: When selecting MongoDBProvider as MongoDB and MongoDeploymentMode as 'Provision a new mongo instance', a new "MongoDB Community Edition" instance will be provisioned + Type: String + Default: "MongoDB" + MinLength: '1' + AllowedValues: + - "MongoDB" + - "Amazon DocumentDB" + MongoAdminUsername: + Description: >- + Enter the Mongo Admin Username. + Type: String + MongoAdminPassword: + Description: >- + Enter the Mongo Admin Password. + Type: String + NoEcho: true + MongoHosts: + Description: >- + Enter the Mongo Hosts. eg., docdb-nonwqp-1.abc.ca-central-1.docdb.amazonaws.com:27017,docdb-nonwqp-2.def.ca-central-1.docdb.amazonaws.com:27017 + Type: String + MongoCAPemFile: + Description: >- + Enter the S3 bucket URL where MongoCAPemFile was uploaded. + Type: String + DocumentDBProvisionedVPCId: + Description: >- + Enter the VPC ID where existing Amazon DocumentDB was provisioned. + Leave this field blank, if MongoDBProvider was selected as "MongoDB". + Make sure this VPC ID resides in the current deployment region and does not have matching or overlapping IPv4 CIDR blocks 10.0.0.0/16. + Type: String + AWSMSKProvider: + Description: >- + Select Yes, to provision a AWS MSK cluster + Type: String + Default: "No" + MinLength: '1' + AllowedValues: + - "No" + - "Yes" +Conditions: + MongoUseExistingInstanceCondition: !Equals [!Ref MongoDeploymentMode, "Use an existing mongo instance"] + Metadata: 'AWS::CloudFormation::Interface': ParameterGroups: @@ -167,13 +222,34 @@ Metadata: - Label: default: >- Maximo Manage database configuration (complete this section only if - you chose the 'MAS + Manage' offering type) + you chose the 'MAS + Manage' offering type. + In case if this section is left empty and you chose 'MAS + Manage' offering type, + then We will provision an internal DB2 instance for Manage) Parameters: - MASManageDBUser - MASManageDBPassword - MASManageDBJdbcUrl - MASManageDBCertificateUrl - ImportDemoData + - Label: + default: MongoDB Configuration + Parameters: + - MongoDeploymentMode + - MongoDBProvider + - Label: + default: >- + Existing MongoDB / DocumentDB configuration details + (complete this section only if MongoDeploymentMode was selected as 'Use an existing mongo instance') + Parameters: + - MongoAdminUsername + - MongoAdminPassword + - MongoHosts + - MongoCAPemFile + - DocumentDBProvisionedVPCId + - Label: + default: AWS MSK Provider + Parameters: + - AWSMSKProvider - Label: default: >- Existing Suite License Service connection details (leave this @@ -558,7 +634,7 @@ Resources: - 'git clone https://github.com/ibm-mas/ansible-devops.git;' - cd ansible-devops; - rm -rf multicloud-bootstrap 1>/dev/null 2>&1; - - 'git clone https://github.com/ibm-mas/multicloud-bootstrap.git;' + - 'git clone -b mas810-alpha https://github.com/ibm-mas/multicloud-bootstrap.git;' - cd multicloud-bootstrap; - 'find . -type f -name "*.sh" -exec chmod +x {} \;;' - ./init.sh "aws" " @@ -614,9 +690,28 @@ Resources: - !Ref OpenShiftPassword - ''' '''' ''' - !Ref EmailNotification - - ''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' ''' + - ''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' ''' + - ''' ''' + - !Ref BootNodeVPCId + - ''' '''' '''' '''' '''' '''' '''' '''' '''' '''' ''' - ''' ''' - !Ref OperationalMode + - ''' ''' + - !If [MongoUseExistingInstanceCondition, "true", "false"] + - ''' ''' + - !Ref MongoDBProvider + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoAdminUsername, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoAdminPassword, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoHosts, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoCAPemFile, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref DocumentDBProvisionedVPCId, ""] + - ''' ''' + - !Ref AWSMSKProvider - ''' "prod" ' - '2>&1 | tee mas-provisioning.log; ' Tags: diff --git a/aws/master-cft/byol-ipi/cft-mas-core-dev.yaml b/aws/master-cft/byol-ipi/cft-mas-core-dev.yaml index 753b30f3..01159471 100644 --- a/aws/master-cft/byol-ipi/cft-mas-core-dev.yaml +++ b/aws/master-cft/byol-ipi/cft-mas-core-dev.yaml @@ -145,6 +145,63 @@ Parameters: AllowedValues: - Production - Non-production + + MongoDeploymentMode: + Description: >- + A new mongo instance will be created on selection of 'Provision a new mongo instance'. + To use an existing mongo instance, select 'Use an existing mongo instance' option + Type: String + Default: "Provision a new mongo instance" + MinLength: '1' + AllowedValues: + - "Provision a new mongo instance" + - "Use an existing mongo instance" + MongoDBProvider: + Description: >- + Select the desired MongoDB provider. + Note: When selecting MongoDBProvider as MongoDB and MongoDeploymentMode as 'Provision a new mongo instance', a new "MongoDB Community Edition" instance will be provisioned + Type: String + Default: "MongoDB" + MinLength: '1' + AllowedValues: + - "MongoDB" + - "Amazon DocumentDB" + MongoAdminUsername: + Description: >- + Enter the Mongo Admin Username. + Type: String + MongoAdminPassword: + Description: >- + Enter the Mongo Admin Password. + Type: String + NoEcho: true + MongoHosts: + Description: >- + Enter the Mongo Hosts. eg., docdb-nonwqp-1.abc.ca-central-1.docdb.amazonaws.com:27017,docdb-nonwqp-2.def.ca-central-1.docdb.amazonaws.com:27017 + Type: String + MongoCAPemFile: + Description: >- + Enter the S3 bucket URL where MongoCAPemFile was uploaded. + Type: String + DocumentDBProvisionedVPCId: + Description: >- + Enter the VPC ID where existing Amazon DocumentDB was provisioned. + Leave this field blank, if MongoDBProvider was selected as "MongoDB". + Make sure this VPC ID resides in the current deployment region and does not have matching or overlapping IPv4 CIDR blocks 10.0.0.0/16. + Type: String + + AWSMSKProvider: + Description: >- + Select Yes, to provision a AWS MSK cluster + Type: String + Default: "No" + MinLength: '1' + AllowedValues: + - "No" + - "Yes" +Conditions: + MongoUseExistingInstanceCondition: !Equals [!Ref MongoDeploymentMode, "Use an existing mongo instance"] + Metadata: 'AWS::CloudFormation::Interface': ParameterGroups: @@ -171,13 +228,34 @@ Metadata: - Label: default: >- Maximo Manage database configuration (complete this section only if - you chose the 'MAS + Manage' offering type) + you chose the 'MAS + Manage' offering type. + In case if this section is left empty and you chose 'MAS + Manage' offering type, + then We will provision an internal DB2 instance for Manage) Parameters: - MASManageDBUser - MASManageDBPassword - MASManageDBJdbcUrl - MASManageDBCertificateUrl - ImportDemoData + - Label: + default: MongoDB Configuration + Parameters: + - MongoDeploymentMode + - MongoDBProvider + - Label: + default: >- + Existing MongoDB / DocumentDB configuration details + (complete this section only if MongoDeploymentMode was selected as 'Use an existing mongo instance') + Parameters: + - MongoAdminUsername + - MongoAdminPassword + - MongoHosts + - MongoCAPemFile + - DocumentDBProvisionedVPCId + - Label: + default: AWS MSK Provision + Parameters: + - AWSMSKProvider - Label: default: >- Existing Suite License Service connection details (leave this @@ -205,7 +283,7 @@ Metadata: Mappings: RegionMap: us-east-1: - HVM64: ami-07494308bf779622b + HVM64: ami-028c3019ed25237a4 us-east-2: HVM64: ami-0da4f91ded4bac1bd us-west-2: @@ -215,19 +293,19 @@ Mappings: ap-southeast-1: HVM64: ami-0e084c2cc29ec1720 ap-southeast-2: - HVM64: ami-04b93bf7675dfbac1 + HVM64: ami-093254aff333dcfe3 ap-northeast-1: HVM64: ami-0786a7bec0e143591 eu-central-1: HVM64: ami-09fbeb232efd55c04 ap-south-1: - HVM64: ami-02190fd9502ff751c + HVM64: ami-09ee06d85c3bf30f9 ap-northeast-2: HVM64: ami-0b5a78be9ec85d01b ap-northeast-3: HVM64: ami-0d96abb825f3fc970 ca-central-1: - HVM64: ami-0268cd112c39d8715 + HVM64: ami-05de5e08f0f2ebd49 eu-south-1: HVM64: ami-045e0d5842edd2162 eu-west-1: @@ -570,7 +648,7 @@ Resources: - 'git clone https://github.com/ibm-mas/ansible-devops.git;' - cd ansible-devops; - rm -rf multicloud-bootstrap 1>/dev/null 2>&1; - - 'git clone https://github.com/ibm-mas/multicloud-bootstrap.git;' + - 'git clone -b mas810-alpha https://github.com/ibm-mas/multicloud-bootstrap.git;' - cd multicloud-bootstrap; - 'find . -type f -name "*.sh" -exec chmod +x {} \;;' - ./init.sh "aws" " @@ -624,9 +702,30 @@ Resources: - !Ref ImportDemoData - ''' '''' '''' '''' '''' ''' - !Ref EmailNotification - - ''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' ''' + - ''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' ''' + - ''' ''' + - !GetAtt + - CallLambdaFunctionGetSubnetForBootnode + - DefaultVPCId + - ''' '''' '''' '''' '''' '''' '''' '''' '''' '''' ''' - ''' ''' - !Ref OperationalMode + - ''' ''' + - !If [MongoUseExistingInstanceCondition, "true", "false"] + - ''' ''' + - !Ref MongoDBProvider + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoAdminUsername, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoAdminPassword, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoHosts, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoCAPemFile, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref DocumentDBProvisionedVPCId, ""] + - ''' ''' + - !Ref AWSMSKProvider - ''' "dev" ' - '2>&1 | tee mas-provisioning.log; ' Tags: diff --git a/aws/master-cft/byol-ipi/cft-mas-core.yaml b/aws/master-cft/byol-ipi/cft-mas-core.yaml index 405482d6..4d50a7a3 100644 --- a/aws/master-cft/byol-ipi/cft-mas-core.yaml +++ b/aws/master-cft/byol-ipi/cft-mas-core.yaml @@ -145,6 +145,63 @@ Parameters: AllowedValues: - Production - Non-production + + MongoDeploymentMode: + Description: >- + A new mongo instance will be created on selection of 'Provision a new mongo instance'. + To use an existing mongo instance, select 'Use an existing mongo instance' option + Type: String + Default: "Provision a new mongo instance" + MinLength: '1' + AllowedValues: + - "Provision a new mongo instance" + - "Use an existing mongo instance" + MongoDBProvider: + Description: >- + Select the desired MongoDB provider. + Note: When selecting MongoDBProvider as MongoDB and MongoDeploymentMode as 'Provision a new mongo instance', a new "MongoDB Community Edition" instance will be provisioned + Type: String + Default: "MongoDB" + MinLength: '1' + AllowedValues: + - "MongoDB" + - "Amazon DocumentDB" + MongoAdminUsername: + Description: >- + Enter the Mongo Admin Username. + Type: String + MongoAdminPassword: + Description: >- + Enter the Mongo Admin Password. + Type: String + NoEcho: true + MongoHosts: + Description: >- + Enter the Mongo Hosts. eg., docdb-nonwqp-1.abc.ca-central-1.docdb.amazonaws.com:27017,docdb-nonwqp-2.def.ca-central-1.docdb.amazonaws.com:27017 + Type: String + MongoCAPemFile: + Description: >- + Enter the S3 bucket URL where MongoCAPemFile was uploaded. + Type: String + DocumentDBProvisionedVPCId: + Description: >- + Enter the VPC ID where existing Amazon DocumentDB was provisioned. + Leave this field blank, if MongoDBProvider was selected as "MongoDB". + Make sure this VPC ID resides in the current deployment region and does not have matching or overlapping IPv4 CIDR blocks 10.0.0.0/16. + Type: String + + AWSMSKProvider: + Description: >- + Select Yes, to provision a AWS MSK cluster + Type: String + Default: "No" + MinLength: '1' + AllowedValues: + - "No" + - "Yes" +Conditions: + MongoUseExistingInstanceCondition: !Equals [!Ref MongoDeploymentMode, "Use an existing mongo instance"] + Metadata: 'AWS::CloudFormation::Interface': ParameterGroups: @@ -171,13 +228,34 @@ Metadata: - Label: default: >- Maximo Manage database configuration (complete this section only if - you chose the 'MAS + Manage' offering type) + you chose the 'MAS + Manage' offering type. + In case if this section is left empty and you chose 'MAS + Manage' offering type, + then We will provision an internal DB2 instance for Manage) Parameters: - MASManageDBUser - MASManageDBPassword - MASManageDBJdbcUrl - MASManageDBCertificateUrl - ImportDemoData + - Label: + default: MongoDB Configuration + Parameters: + - MongoDeploymentMode + - MongoDBProvider + - Label: + default: >- + Existing MongoDB / DocumentDB configuration details + (complete this section only if MongoDeploymentMode was selected as 'Use an existing mongo instance') + Parameters: + - MongoAdminUsername + - MongoAdminPassword + - MongoHosts + - MongoCAPemFile + - DocumentDBProvisionedVPCId + - Label: + default: AWS MSK Provision + Parameters: + - AWSMSKProvider - Label: default: >- Existing Suite License Service connection details (leave this @@ -574,7 +652,7 @@ Resources: - 'git clone https://github.com/ibm-mas/ansible-devops.git;' - cd ansible-devops; - rm -rf multicloud-bootstrap 1>/dev/null 2>&1; - - 'git clone https://github.com/ibm-mas/multicloud-bootstrap.git;' + - 'git clone -b mas810-alpha https://github.com/ibm-mas/multicloud-bootstrap.git;' - cd multicloud-bootstrap; - 'find . -type f -name "*.sh" -exec chmod +x {} \;;' - ./init.sh "aws" " @@ -628,9 +706,30 @@ Resources: - !Ref ImportDemoData - ''' '''' '''' '''' '''' ''' - !Ref EmailNotification - - ''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' ''' + - ''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' ''' + - ''' ''' + - !GetAtt + - CallLambdaFunctionGetSubnetForBootnode + - DefaultVPCId + - ''' '''' '''' '''' '''' '''' '''' '''' '''' '''' ''' - ''' ''' - !Ref OperationalMode + - ''' ''' + - !If [MongoUseExistingInstanceCondition, "true", "false"] + - ''' ''' + - !Ref MongoDBProvider + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoAdminUsername, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoAdminPassword, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoHosts, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoCAPemFile, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref DocumentDBProvisionedVPCId, ""] + - ''' ''' + - !Ref AWSMSKProvider - ''' "prod" ' - '2>&1 | tee mas-provisioning.log; ' Tags: diff --git a/aws/master-cft/byol-upi/cft-mas-core-dev.yaml b/aws/master-cft/byol-upi/cft-mas-core-dev.yaml index a41a8879..0527b06f 100644 --- a/aws/master-cft/byol-upi/cft-mas-core-dev.yaml +++ b/aws/master-cft/byol-upi/cft-mas-core-dev.yaml @@ -187,6 +187,61 @@ Parameters: AllowedValues: - Production - Non-production + MongoDeploymentMode: + Description: >- + A new mongo instance will be created on selection of 'Provision a new mongo instance'. + To use an existing mongo instance, select 'Use an existing mongo instance' option + Type: String + Default: "Provision a new mongo instance" + MinLength: '1' + AllowedValues: + - "Provision a new mongo instance" + - "Use an existing mongo instance" + MongoDBProvider: + Description: >- + Select the desired MongoDB provider. + Note: When selecting MongoDBProvider as MongoDB and MongoDeploymentMode as 'Provision a new mongo instance', a new "MongoDB Community Edition" instance will be provisioned + Type: String + Default: "MongoDB" + MinLength: '1' + AllowedValues: + - "MongoDB" + - "Amazon DocumentDB" + MongoAdminUsername: + Description: >- + Enter the Mongo Admin Username. + Type: String + MongoAdminPassword: + Description: >- + Enter the Mongo Admin Password. + Type: String + NoEcho: true + MongoHosts: + Description: >- + Enter the Mongo Hosts. eg., docdb-nonwqp-1.abc.ca-central-1.docdb.amazonaws.com:27017,docdb-nonwqp-2.def.ca-central-1.docdb.amazonaws.com:27017 + Type: String + MongoCAPemFile: + Description: >- + Enter the S3 bucket URL where MongoCAPemFile was uploaded. + Type: String + DocumentDBProvisionedVPCId: + Description: >- + Enter the VPC ID where existing Amazon DocumentDB was provisioned. + Leave this field blank, if MongoDBProvider was selected as "MongoDB". + Make sure this VPC ID resides in the current deployment region and does not have matching or overlapping IPv4 CIDR blocks 10.0.0.0/16. + Type: String + AWSMSKProvider: + Description: >- + Select Yes, to provision a AWS MSK cluster + Type: String + Default: "No" + MinLength: '1' + AllowedValues: + - "No" + - "Yes" + +Conditions: + MongoUseExistingInstanceCondition: !Equals [!Ref MongoDeploymentMode, "Use an existing mongo instance"] Metadata: 'AWS::CloudFormation::Interface': ParameterGroups: @@ -215,13 +270,34 @@ Metadata: - Label: default: >- Maximo Manage database configuration (complete this section only if - you chose the 'MAS + Manage' offering type) + you chose the 'MAS + Manage' offering type. + In case if this section is left empty and you chose 'MAS + Manage' offering type, + then We will provision an internal DB2 instance for Manage) Parameters: - MASManageDBUser - MASManageDBPassword - MASManageDBJdbcUrl - MASManageDBCertificateUrl - ImportDemoData + - Label: + default: MongoDB Configuration + Parameters: + - MongoDeploymentMode + - MongoDBProvider + - Label: + default: >- + Existing MongoDB / DocumentDB configuration details + (complete this section only if MongoDeploymentMode was selected as 'Use an existing mongo instance') + Parameters: + - MongoAdminUsername + - MongoAdminPassword + - MongoHosts + - MongoCAPemFile + - DocumentDBProvisionedVPCId + - Label: + default: AWS MSK Provider + Parameters: + - AWSMSKProvider - Label: default: >- Existing Suite License Service connection details (leave this @@ -260,7 +336,7 @@ Metadata: Mappings: RegionMap: us-east-1: - HVM64: ami-07494308bf779622b + HVM64: ami-028c3019ed25237a4 us-east-2: HVM64: ami-0da4f91ded4bac1bd us-west-2: @@ -270,19 +346,19 @@ Mappings: ap-southeast-1: HVM64: ami-0e084c2cc29ec1720 ap-southeast-2: - HVM64: ami-04b93bf7675dfbac1 + HVM64: ami-093254aff333dcfe3 ap-northeast-1: HVM64: ami-0786a7bec0e143591 eu-central-1: HVM64: ami-09fbeb232efd55c04 ap-south-1: - HVM64: ami-02190fd9502ff751c + HVM64: ami-09ee06d85c3bf30f9 ap-northeast-2: HVM64: ami-0b5a78be9ec85d01b ap-northeast-3: HVM64: ami-0d96abb825f3fc970 ca-central-1: - HVM64: ami-0268cd112c39d8715 + HVM64: ami-05de5e08f0f2ebd49 eu-south-1: HVM64: ami-045e0d5842edd2162 eu-west-1: @@ -577,7 +653,7 @@ Resources: - 'git clone https://github.com/ibm-mas/ansible-devops.git;' - cd ansible-devops; - rm -rf multicloud-bootstrap 1>/dev/null 2>&1; - - 'git clone https://github.com/ibm-mas/multicloud-bootstrap.git;' + - 'git clone -b mas810-alpha https://github.com/ibm-mas/multicloud-bootstrap.git;' - cd multicloud-bootstrap; - 'find . -type f -name "*.sh" -exec chmod +x {} \;;' - ./init.sh "aws" " @@ -631,7 +707,7 @@ Resources: - !Ref ImportDemoData - ''' '''' '''' '''' '''' ''' - !Ref EmailNotification - - ''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' ''' + - ''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' ''' - !Ref ExistingVPCId - ''' '''' ''' - !Ref ExistingPrivateSubnet1Id @@ -649,6 +725,22 @@ Resources: - !Ref PrivateCluster - ''' ''' - !Ref OperationalMode + - ''' ''' + - !If [MongoUseExistingInstanceCondition, "true", "false"] + - ''' ''' + - !Ref MongoDBProvider + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoAdminUsername, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoAdminPassword, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoHosts, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoCAPemFile, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref DocumentDBProvisionedVPCId, ""] + - ''' ''' + - !Ref AWSMSKProvider - ''' "dev" ' - '2>&1 | tee mas-provisioning.log; ' Tags: diff --git a/aws/master-cft/byol-upi/cft-mas-core.yaml b/aws/master-cft/byol-upi/cft-mas-core.yaml index 1083b48f..4d83a052 100644 --- a/aws/master-cft/byol-upi/cft-mas-core.yaml +++ b/aws/master-cft/byol-upi/cft-mas-core.yaml @@ -185,6 +185,61 @@ Parameters: AllowedValues: - Production - Non-production + MongoDeploymentMode: + Description: >- + A new mongo instance will be created on selection of 'Provision a new mongo instance'. + To use an existing mongo instance, select 'Use an existing mongo instance' option + Type: String + Default: "Provision a new mongo instance" + MinLength: '1' + AllowedValues: + - "Provision a new mongo instance" + - "Use an existing mongo instance" + MongoDBProvider: + Description: >- + Select the desired MongoDB provider. + Note: When selecting MongoDBProvider as MongoDB and MongoDeploymentMode as 'Provision a new mongo instance', a new "MongoDB Community Edition" instance will be provisioned + Type: String + Default: "MongoDB" + MinLength: '1' + AllowedValues: + - "MongoDB" + - "Amazon DocumentDB" + MongoAdminUsername: + Description: >- + Enter the Mongo Admin Username. + Type: String + MongoAdminPassword: + Description: >- + Enter the Mongo Admin Password. + Type: String + NoEcho: true + MongoHosts: + Description: >- + Enter the Mongo Hosts. eg., docdb-nonwqp-1.abc.ca-central-1.docdb.amazonaws.com:27017,docdb-nonwqp-2.def.ca-central-1.docdb.amazonaws.com:27017 + Type: String + MongoCAPemFile: + Description: >- + Enter the S3 bucket URL where MongoCAPemFile was uploaded. + Type: String + DocumentDBProvisionedVPCId: + Description: >- + Enter the VPC ID where existing Amazon DocumentDB was provisioned. + Leave this field blank, if MongoDBProvider was selected as "MongoDB". + Make sure this VPC ID resides in the current deployment region and does not have matching or overlapping IPv4 CIDR blocks 10.0.0.0/16. + Type: String + AWSMSKProvider: + Description: >- + Select Yes, to provision a AWS MSK cluster + Type: String + Default: "No" + MinLength: '1' + AllowedValues: + - "No" + - "Yes" + +Conditions: + MongoUseExistingInstanceCondition: !Equals [!Ref MongoDeploymentMode, "Use an existing mongo instance"] Metadata: 'AWS::CloudFormation::Interface': ParameterGroups: @@ -213,13 +268,34 @@ Metadata: - Label: default: >- Maximo Manage database configuration (complete this section only if - you chose the 'MAS + Manage' offering type) + you chose the 'MAS + Manage' offering type. + In case if this section is left empty and you chose 'MAS + Manage' offering type, + then We will provision an internal DB2 instance for Manage) Parameters: - MASManageDBUser - MASManageDBPassword - MASManageDBJdbcUrl - MASManageDBCertificateUrl - ImportDemoData + - Label: + default: MongoDB Configuration + Parameters: + - MongoDeploymentMode + - MongoDBProvider + - Label: + default: >- + Existing MongoDB / DocumentDB configuration details + (complete this section only if MongoDeploymentMode was selected as 'Use an existing mongo instance') + Parameters: + - MongoAdminUsername + - MongoAdminPassword + - MongoHosts + - MongoCAPemFile + - DocumentDBProvisionedVPCId + - Label: + default: AWS MSK Provider + Parameters: + - AWSMSKProvider - Label: default: >- Existing Suite License Service connection details (leave this @@ -579,7 +655,7 @@ Resources: - 'git clone https://github.com/ibm-mas/ansible-devops.git;' - cd ansible-devops; - rm -rf multicloud-bootstrap 1>/dev/null 2>&1; - - 'git clone https://github.com/ibm-mas/multicloud-bootstrap.git;' + - 'git clone -b mas810-alpha https://github.com/ibm-mas/multicloud-bootstrap.git;' - cd multicloud-bootstrap; - 'find . -type f -name "*.sh" -exec chmod +x {} \;;' - ./init.sh "aws" " @@ -633,7 +709,7 @@ Resources: - !Ref ImportDemoData - ''' '''' '''' '''' '''' ''' - !Ref EmailNotification - - ''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' ''' + - ''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' ''' - !Ref ExistingVPCId - ''' '''' ''' - !Ref ExistingPrivateSubnet1Id @@ -651,6 +727,22 @@ Resources: - !Ref PrivateCluster - ''' ''' - !Ref OperationalMode + - ''' ''' + - !If [MongoUseExistingInstanceCondition, "true", "false"] + - ''' ''' + - !Ref MongoDBProvider + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoAdminUsername, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoAdminPassword, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoHosts, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoCAPemFile, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref DocumentDBProvisionedVPCId, ""] + - ''' ''' + - !Ref AWSMSKProvider - ''' "prod" ' - '2>&1 | tee mas-provisioning.log; ' Tags: diff --git a/aws/master-cft/paid-existing-ocp/cft-mas-core-dev.yaml b/aws/master-cft/paid-existing-ocp/cft-mas-core-dev.yaml index 7676b2e7..26c9a743 100644 --- a/aws/master-cft/paid-existing-ocp/cft-mas-core-dev.yaml +++ b/aws/master-cft/paid-existing-ocp/cft-mas-core-dev.yaml @@ -131,6 +131,61 @@ Parameters: AllowedValues: - Production - Non-production + MongoDeploymentMode: + Description: >- + A new mongo instance will be created on selection of 'Provision a new mongo instance'. + To use an existing mongo instance, select 'Use an existing mongo instance' option + Type: String + Default: "Provision a new mongo instance" + MinLength: '1' + AllowedValues: + - "Provision a new mongo instance" + - "Use an existing mongo instance" + MongoDBProvider: + Description: >- + Select the desired MongoDB provider. + Note: When selecting MongoDBProvider as MongoDB and MongoDeploymentMode as 'Provision a new mongo instance', a new "MongoDB Community Edition" instance will be provisioned + Type: String + Default: "MongoDB" + MinLength: '1' + AllowedValues: + - "MongoDB" + - "Amazon DocumentDB" + MongoAdminUsername: + Description: >- + Enter the Mongo Admin Username. + Type: String + MongoAdminPassword: + Description: >- + Enter the Mongo Admin Password. + Type: String + NoEcho: true + MongoHosts: + Description: >- + Enter the Mongo Hosts. eg., docdb-nonwqp-1.abc.ca-central-1.docdb.amazonaws.com:27017,docdb-nonwqp-2.def.ca-central-1.docdb.amazonaws.com:27017 + Type: String + MongoCAPemFile: + Description: >- + Enter the S3 bucket URL where MongoCAPemFile was uploaded. + Type: String + DocumentDBProvisionedVPCId: + Description: >- + Enter the VPC ID where existing Amazon DocumentDB was provisioned. + Leave this field blank, if MongoDBProvider was selected as "MongoDB". + Make sure this VPC ID resides in the current deployment region and does not have matching or overlapping IPv4 CIDR blocks 10.0.0.0/16. + Type: String + AWSMSKProvider: + Description: >- + Select Yes, to provision a AWS MSK cluster + Type: String + Default: "No" + MinLength: '1' + AllowedValues: + - "No" + - "Yes" +Conditions: + MongoUseExistingInstanceCondition: !Equals [!Ref MongoDeploymentMode, "Use an existing mongo instance"] + Metadata: 'AWS::CloudFormation::Interface': ParameterGroups: @@ -160,13 +215,34 @@ Metadata: - Label: default: >- Maximo Manage database configuration (complete this section only if - you chose the 'MAS + Manage' offering type) + you chose the 'MAS + Manage' offering type. + In case if this section is left empty and you chose 'MAS + Manage' offering type, + then We will provision an internal DB2 instance for Manage) Parameters: - MASManageDBUser - MASManageDBPassword - MASManageDBJdbcUrl - MASManageDBCertificateUrl - ImportDemoData + - Label: + default: MongoDB Configuration + Parameters: + - MongoDeploymentMode + - MongoDBProvider + - Label: + default: >- + Existing MongoDB / DocumentDB configuration details + (complete this section only if MongoDeploymentMode was selected as 'Use an existing mongo instance') + Parameters: + - MongoAdminUsername + - MongoAdminPassword + - MongoHosts + - MongoCAPemFile + - DocumentDBProvisionedVPCId + - Label: + default: AWS MSK Provider + Parameters: + - AWSMSKProvider - Label: default: >- Existing Suite License Service connection details (leave this @@ -194,7 +270,7 @@ Metadata: Mappings: RegionMap: us-east-1: - HVM64: ami-01be123bce5d349ea + HVM64: ami-028c3019ed25237a4 us-east-2: HVM64: ami-0da4f91ded4bac1bd us-west-2: @@ -204,19 +280,19 @@ Mappings: ap-southeast-1: HVM64: ami-0e084c2cc29ec1720 ap-southeast-2: - HVM64: ami-04b93bf7675dfbac1 + HVM64: ami-093254aff333dcfe3 ap-northeast-1: HVM64: ami-0786a7bec0e143591 eu-central-1: HVM64: ami-09fbeb232efd55c04 ap-south-1: - HVM64: ami-02190fd9502ff751c + HVM64: ami-09ee06d85c3bf30f9 ap-northeast-2: HVM64: ami-0b5a78be9ec85d01b ap-northeast-3: HVM64: ami-0d96abb825f3fc970 ca-central-1: - HVM64: ami-0268cd112c39d8715 + HVM64: ami-05de5e08f0f2ebd49 eu-south-1: HVM64: ami-045e0d5842edd2162 eu-west-1: @@ -548,7 +624,7 @@ Resources: - 'git clone https://github.com/ibm-mas/ansible-devops.git;' - cd ansible-devops; - rm -rf multicloud-bootstrap 1>/dev/null 2>&1; - - 'git clone https://github.com/ibm-mas/multicloud-bootstrap.git;' + - 'git clone -b mas810-alpha https://github.com/ibm-mas/multicloud-bootstrap.git;' - cd multicloud-bootstrap; - 'find . -type f -name "*.sh" -exec chmod +x {} \;;' - ./init.sh "aws" " @@ -602,9 +678,28 @@ Resources: - !Ref OpenShiftPassword - ''' '''' ''' - !Ref EmailNotification - - ''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' ''' + - ''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' ''' + - ''' ''' + - !Ref BootNodeVPCId + - ''' '''' '''' '''' '''' '''' '''' '''' '''' '''' ''' - ''' ''' - !Ref OperationalMode + - ''' ''' + - !If [MongoUseExistingInstanceCondition, "true", "false"] + - ''' ''' + - !Ref MongoDBProvider + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoAdminUsername, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoAdminPassword, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoHosts, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoCAPemFile, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref DocumentDBProvisionedVPCId, ""] + - ''' ''' + - !Ref AWSMSKProvider - ''' "dev" ' - '2>&1 | tee mas-provisioning.log; ' Tags: diff --git a/aws/master-cft/paid-existing-ocp/cft-mas-core.yaml b/aws/master-cft/paid-existing-ocp/cft-mas-core.yaml index 544da40d..eed9b4e5 100644 --- a/aws/master-cft/paid-existing-ocp/cft-mas-core.yaml +++ b/aws/master-cft/paid-existing-ocp/cft-mas-core.yaml @@ -131,6 +131,61 @@ Parameters: AllowedValues: - Production - Non-production + MongoDeploymentMode: + Description: >- + A new mongo instance will be created on selection of 'Provision a new mongo instance'. + To use an existing mongo instance, select 'Use an existing mongo instance' option + Type: String + Default: "Provision a new mongo instance" + MinLength: '1' + AllowedValues: + - "Provision a new mongo instance" + - "Use an existing mongo instance" + MongoDBProvider: + Description: >- + Select the desired MongoDB provider. + Note: When selecting MongoDBProvider as MongoDB and MongoDeploymentMode as 'Provision a new mongo instance', a new "MongoDB Community Edition" instance will be provisioned + Type: String + Default: "MongoDB" + MinLength: '1' + AllowedValues: + - "MongoDB" + - "Amazon DocumentDB" + MongoAdminUsername: + Description: >- + Enter the Mongo Admin Username. + Type: String + MongoAdminPassword: + Description: >- + Enter the Mongo Admin Password. + Type: String + NoEcho: true + MongoHosts: + Description: >- + Enter the Mongo Hosts. eg., docdb-nonwqp-1.abc.ca-central-1.docdb.amazonaws.com:27017,docdb-nonwqp-2.def.ca-central-1.docdb.amazonaws.com:27017 + Type: String + MongoCAPemFile: + Description: >- + Enter the S3 bucket URL where MongoCAPemFile was uploaded. + Type: String + DocumentDBProvisionedVPCId: + Description: >- + Enter the VPC ID where existing Amazon DocumentDB was provisioned. + Leave this field blank, if MongoDBProvider was selected as "MongoDB". + Make sure this VPC ID resides in the current deployment region and does not have matching or overlapping IPv4 CIDR blocks 10.0.0.0/16. + Type: String + AWSMSKProvider: + Description: >- + Select Yes, to provision a AWS MSK cluster + Type: String + Default: "No" + MinLength: '1' + AllowedValues: + - "No" + - "Yes" +Conditions: + MongoUseExistingInstanceCondition: !Equals [!Ref MongoDeploymentMode, "Use an existing mongo instance"] + Metadata: 'AWS::CloudFormation::Interface': ParameterGroups: @@ -160,13 +215,34 @@ Metadata: - Label: default: >- Maximo Manage database configuration (complete this section only if - you chose the 'MAS + Manage' offering type) + you chose the 'MAS + Manage' offering type. + In case if this section is left empty and you chose 'MAS + Manage' offering type, + then We will provision an internal DB2 instance for Manage) Parameters: - MASManageDBUser - MASManageDBPassword - MASManageDBJdbcUrl - MASManageDBCertificateUrl - ImportDemoData + - Label: + default: MongoDB Configuration + Parameters: + - MongoDeploymentMode + - MongoDBProvider + - Label: + default: >- + Existing MongoDB / DocumentDB configuration details + (complete this section only if MongoDeploymentMode was selected as 'Use an existing mongo instance') + Parameters: + - MongoAdminUsername + - MongoAdminPassword + - MongoHosts + - MongoCAPemFile + - DocumentDBProvisionedVPCId + - Label: + default: AWS MSK Provider + Parameters: + - AWSMSKProvider - Label: default: >- Existing Suite License Service connection details (leave this @@ -200,7 +276,7 @@ Mappings: us-west-2: HVM64: ami-0821cafcce4fc2688 ca-central-1: - HVM64: ami-030b370d9aca15cfa + HVM64: ami-05de5e08f0f2ebd49 eu-north-1: HVM64: ami-098e79645f6b1fe5e eu-west-1: @@ -539,7 +615,7 @@ Resources: - 'git clone https://github.com/ibm-mas/ansible-devops.git;' - cd ansible-devops; - rm -rf multicloud-bootstrap 1>/dev/null 2>&1; - - 'git clone https://github.com/ibm-mas/multicloud-bootstrap.git;' + - 'git clone -b mas810-alpha https://github.com/ibm-mas/multicloud-bootstrap.git;' - cd multicloud-bootstrap; - 'find . -type f -name "*.sh" -exec chmod +x {} \;;' - ./init.sh "aws" " @@ -593,9 +669,28 @@ Resources: - !Ref OpenShiftPassword - ''' '''' ''' - !Ref EmailNotification - - ''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' ''' + - ''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' ''' + - ''' ''' + - !Ref BootNodeVPCId + - ''' '''' '''' '''' '''' '''' '''' '''' '''' '''' ''' - ''' ''' - !Ref OperationalMode + - ''' ''' + - !If [MongoUseExistingInstanceCondition, "true", "false"] + - ''' ''' + - !Ref MongoDBProvider + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoAdminUsername, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoAdminPassword, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoHosts, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoCAPemFile, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref DocumentDBProvisionedVPCId, ""] + - ''' ''' + - !Ref AWSMSKProvider - ''' "prod" ' - '2>&1 | tee mas-provisioning.log; ' Tags: diff --git a/aws/master-cft/paid-ipi/cft-mas-core-dev.yaml b/aws/master-cft/paid-ipi/cft-mas-core-dev.yaml index 1492a271..924cc8e1 100644 --- a/aws/master-cft/paid-ipi/cft-mas-core-dev.yaml +++ b/aws/master-cft/paid-ipi/cft-mas-core-dev.yaml @@ -134,6 +134,63 @@ Parameters: AllowedValues: - Production - Non-production + + MongoDeploymentMode: + Description: >- + A new mongo instance will be created on selection of 'Provision a new mongo instance'. + To use an existing mongo instance, select 'Use an existing mongo instance' option + Type: String + Default: "Provision a new mongo instance" + MinLength: '1' + AllowedValues: + - "Provision a new mongo instance" + - "Use an existing mongo instance" + MongoDBProvider: + Description: >- + Select the desired MongoDB provider. + Note: When selecting MongoDBProvider as MongoDB and MongoDeploymentMode as 'Provision a new mongo instance', a new "MongoDB Community Edition" instance will be provisioned + Type: String + Default: "MongoDB" + MinLength: '1' + AllowedValues: + - "MongoDB" + - "Amazon DocumentDB" + MongoAdminUsername: + Description: >- + Enter the Mongo Admin Username. + Type: String + MongoAdminPassword: + Description: >- + Enter the Mongo Admin Password. + Type: String + NoEcho: true + MongoHosts: + Description: >- + Enter the Mongo Hosts. eg., docdb-nonwqp-1.abc.ca-central-1.docdb.amazonaws.com:27017,docdb-nonwqp-2.def.ca-central-1.docdb.amazonaws.com:27017 + Type: String + MongoCAPemFile: + Description: >- + Enter the S3 bucket URL where MongoCAPemFile was uploaded. + Type: String + DocumentDBProvisionedVPCId: + Description: >- + Enter the VPC ID where existing Amazon DocumentDB was provisioned. + Leave this field blank, if MongoDBProvider was selected as "MongoDB". + Make sure this VPC ID resides in the current deployment region and does not have matching or overlapping IPv4 CIDR blocks 10.0.0.0/16. + Type: String + + AWSMSKProvider: + Description: >- + Select Yes, to provision a AWS MSK cluster + Type: String + Default: "No" + MinLength: '1' + AllowedValues: + - "No" + - "Yes" +Conditions: + MongoUseExistingInstanceCondition: !Equals [!Ref MongoDeploymentMode, "Use an existing mongo instance"] + Metadata: 'AWS::CloudFormation::Interface': ParameterGroups: @@ -159,13 +216,34 @@ Metadata: - Label: default: >- Maximo Manage database configuration (complete this section only if - you chose the 'MAS + Manage' offering type) + you chose the 'MAS + Manage' offering type. + In case if this section is left empty and you chose 'MAS + Manage' offering type, + then We will provision an internal DB2 instance for Manage) Parameters: - MASManageDBUser - MASManageDBPassword - MASManageDBJdbcUrl - MASManageDBCertificateUrl - ImportDemoData + - Label: + default: MongoDB Configuration + Parameters: + - MongoDeploymentMode + - MongoDBProvider + - Label: + default: >- + Existing MongoDB / DocumentDB configuration details + (complete this section only if MongoDeploymentMode was selected as 'Use an existing mongo instance') + Parameters: + - MongoAdminUsername + - MongoAdminPassword + - MongoHosts + - MongoCAPemFile + - DocumentDBProvisionedVPCId + - Label: + default: AWS MSK Provision + Parameters: + - AWSMSKProvider - Label: default: >- Existing Suite License Service connection details (leave this @@ -193,7 +271,7 @@ Metadata: Mappings: RegionMap: us-east-1: - HVM64: ami-01be123bce5d349ea + HVM64: ami-028c3019ed25237a4 us-east-2: HVM64: ami-0da4f91ded4bac1bd us-west-2: @@ -203,19 +281,19 @@ Mappings: ap-southeast-1: HVM64: ami-0e084c2cc29ec1720 ap-southeast-2: - HVM64: ami-04b93bf7675dfbac1 + HVM64: ami-093254aff333dcfe3 ap-northeast-1: HVM64: ami-0786a7bec0e143591 eu-central-1: HVM64: ami-09fbeb232efd55c04 ap-south-1: - HVM64: ami-02190fd9502ff751c + HVM64: ami-09ee06d85c3bf30f9 ap-northeast-2: HVM64: ami-0b5a78be9ec85d01b ap-northeast-3: HVM64: ami-0d96abb825f3fc970 ca-central-1: - HVM64: ami-0268cd112c39d8715 + HVM64: ami-05de5e08f0f2ebd49 eu-south-1: HVM64: ami-045e0d5842edd2162 eu-west-1: @@ -559,7 +637,7 @@ Resources: - 'git clone https://github.com/ibm-mas/ansible-devops.git;' - cd ansible-devops; - rm -rf multicloud-bootstrap 1>/dev/null 2>&1; - - 'git clone https://github.com/ibm-mas/multicloud-bootstrap.git;' + - 'git clone -b mas810-alpha https://github.com/ibm-mas/multicloud-bootstrap.git;' - cd multicloud-bootstrap; - 'find . -type f -name "*.sh" -exec chmod +x {} \;;' - ./init.sh "aws" " @@ -611,9 +689,30 @@ Resources: - !Ref ImportDemoData - ''' '''' '''' '''' '''' ''' - !Ref EmailNotification - - ''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' ''' + - ''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' ''' + - ''' ''' + - !GetAtt + - CallLambdaFunctionGetSubnetForBootnode + - DefaultVPCId + - ''' '''' '''' '''' '''' '''' '''' '''' '''' '''' ''' - ''' ''' - !Ref OperationalMode + - ''' ''' + - !If [MongoUseExistingInstanceCondition, "true", "false"] + - ''' ''' + - !Ref MongoDBProvider + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoAdminUsername, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoAdminPassword, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoHosts, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoCAPemFile, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref DocumentDBProvisionedVPCId, ""] + - ''' ''' + - !Ref AWSMSKProvider - ''' "dev" ' - '2>&1 | tee mas-provisioning.log; ' Tags: diff --git a/aws/master-cft/paid-ipi/cft-mas-core-without-ocp-license.yaml b/aws/master-cft/paid-ipi/cft-mas-core-without-ocp-license.yaml index 625fe648..954200fc 100644 --- a/aws/master-cft/paid-ipi/cft-mas-core-without-ocp-license.yaml +++ b/aws/master-cft/paid-ipi/cft-mas-core-without-ocp-license.yaml @@ -143,6 +143,63 @@ Parameters: AllowedValues: - Production - Non-production + + MongoDeploymentMode: + Description: >- + A new mongo instance will be created on selection of 'Provision a new mongo instance'. + To use an existing mongo instance, select 'Use an existing mongo instance' option + Type: String + Default: "Provision a new mongo instance" + MinLength: '1' + AllowedValues: + - "Provision a new mongo instance" + - "Use an existing mongo instance" + MongoDBProvider: + Description: >- + Select the desired MongoDB provider. + Note: When selecting MongoDBProvider as MongoDB and MongoDeploymentMode as 'Provision a new mongo instance', a new "MongoDB Community Edition" instance will be provisioned + Type: String + Default: "MongoDB" + MinLength: '1' + AllowedValues: + - "MongoDB" + - "Amazon DocumentDB" + MongoAdminUsername: + Description: >- + Enter the Mongo Admin Username. + Type: String + MongoAdminPassword: + Description: >- + Enter the Mongo Admin Password. + Type: String + NoEcho: true + MongoHosts: + Description: >- + Enter the Mongo Hosts. eg., docdb-nonwqp-1.abc.ca-central-1.docdb.amazonaws.com:27017,docdb-nonwqp-2.def.ca-central-1.docdb.amazonaws.com:27017 + Type: String + MongoCAPemFile: + Description: >- + Enter the S3 bucket URL where MongoCAPemFile was uploaded. + Type: String + DocumentDBProvisionedVPCId: + Description: >- + Enter the VPC ID where existing Amazon DocumentDB was provisioned. + Leave this field blank, if MongoDBProvider was selected as "MongoDB". + Make sure this VPC ID resides in the current deployment region and does not have matching or overlapping IPv4 CIDR blocks 10.0.0.0/16. + Type: String + + AWSMSKProvider: + Description: >- + Select Yes, to provision a AWS MSK cluster + Type: String + Default: "No" + MinLength: '1' + AllowedValues: + - "No" + - "Yes" +Conditions: + MongoUseExistingInstanceCondition: !Equals [!Ref MongoDeploymentMode, "Use an existing mongo instance"] + Metadata: 'AWS::CloudFormation::Interface': ParameterGroups: @@ -169,13 +226,34 @@ Metadata: - Label: default: >- Maximo Manage database configuration (complete this section only if - you chose the 'MAS + Manage' offering type) + you chose the 'MAS + Manage' offering type. + In case if this section is left empty and you chose 'MAS + Manage' offering type, + then We will provision an internal DB2 instance for Manage) Parameters: - MASManageDBUser - MASManageDBPassword - MASManageDBJdbcUrl - MASManageDBCertificateUrl - ImportDemoData + - Label: + default: MongoDB Configuration + Parameters: + - MongoDeploymentMode + - MongoDBProvider + - Label: + default: >- + Existing MongoDB / DocumentDB configuration details + (complete this section only if MongoDeploymentMode was selected as 'Use an existing mongo instance') + Parameters: + - MongoAdminUsername + - MongoAdminPassword + - MongoHosts + - MongoCAPemFile + - DocumentDBProvisionedVPCId + - Label: + default: AWS MSK Provision + Parameters: + - AWSMSKProvider - Label: default: >- Existing Suite License Service connection details (leave this @@ -203,7 +281,7 @@ Metadata: Mappings: RegionMap: us-east-1: - HVM64: ami-01be123bce5d349ea + HVM64: ami-028c3019ed25237a4 us-east-2: HVM64: ami-xxxxxxxxxxxxxxxxx us-west-2: @@ -560,7 +638,7 @@ Resources: - 'git clone https://github.com/ibm-mas/ansible-devops.git;' - cd ansible-devops; - rm -rf multicloud-bootstrap 1>/dev/null 2>&1; - - 'git clone https://github.com/ibm-mas/multicloud-bootstrap.git;' + - 'git clone -b mas810-alpha https://github.com/ibm-mas/multicloud-bootstrap.git;' - cd multicloud-bootstrap; - 'find . -type f -name "*.sh" -exec chmod +x {} \;;' - ./init.sh "aws" " @@ -612,9 +690,30 @@ Resources: - !Ref ImportDemoData - ''' '''' '''' '''' '''' ''' - !Ref EmailNotification - - ''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' ''' + - ''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' ''' + - ''' ''' + - !GetAtt + - CallLambdaFunctionGetSubnetForBootnode + - DefaultVPCId + - ''' '''' '''' '''' '''' '''' '''' '''' '''' '''' ''' - ''' ''' - !Ref OperationalMode + - ''' ''' + - !If [MongoUseExistingInstanceCondition, "true", "false"] + - ''' ''' + - !Ref MongoDBProvider + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoAdminUsername, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoAdminPassword, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoHosts, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoCAPemFile, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref DocumentDBProvisionedVPCId, ""] + - ''' ''' + - !Ref AWSMSKProvider - ''' "prod" ' - '2>&1 | tee mas-provisioning.log; ' Tags: diff --git a/aws/master-cft/paid-ipi/cft-mas-core.yaml b/aws/master-cft/paid-ipi/cft-mas-core.yaml index 9fd0a600..f3cc2dc9 100644 --- a/aws/master-cft/paid-ipi/cft-mas-core.yaml +++ b/aws/master-cft/paid-ipi/cft-mas-core.yaml @@ -134,6 +134,63 @@ Parameters: AllowedValues: - Production - Non-production + + MongoDeploymentMode: + Description: >- + A new mongo instance will be created on selection of 'Provision a new mongo instance'. + To use an existing mongo instance, select 'Use an existing mongo instance' option + Type: String + Default: "Provision a new mongo instance" + MinLength: '1' + AllowedValues: + - "Provision a new mongo instance" + - "Use an existing mongo instance" + MongoDBProvider: + Description: >- + Select the desired MongoDB provider. + Note: When selecting MongoDBProvider as MongoDB and MongoDeploymentMode as 'Provision a new mongo instance', a new "MongoDB Community Edition" instance will be provisioned + Type: String + Default: "MongoDB" + MinLength: '1' + AllowedValues: + - "MongoDB" + - "Amazon DocumentDB" + MongoAdminUsername: + Description: >- + Enter the Mongo Admin Username. + Type: String + MongoAdminPassword: + Description: >- + Enter the Mongo Admin Password. + Type: String + NoEcho: true + MongoHosts: + Description: >- + Enter the Mongo Hosts. eg., docdb-nonwqp-1.abc.ca-central-1.docdb.amazonaws.com:27017,docdb-nonwqp-2.def.ca-central-1.docdb.amazonaws.com:27017 + Type: String + MongoCAPemFile: + Description: >- + Enter the S3 bucket URL where MongoCAPemFile was uploaded. + Type: String + DocumentDBProvisionedVPCId: + Description: >- + Enter the VPC ID where existing Amazon DocumentDB was provisioned. + Leave this field blank, if MongoDBProvider was selected as "MongoDB". + Make sure this VPC ID resides in the current deployment region and does not have matching or overlapping IPv4 CIDR blocks 10.0.0.0/16. + Type: String + + AWSMSKProvider: + Description: >- + Select Yes, to provision a AWS MSK cluster + Type: String + Default: "No" + MinLength: '1' + AllowedValues: + - "No" + - "Yes" +Conditions: + MongoUseExistingInstanceCondition: !Equals [!Ref MongoDeploymentMode, "Use an existing mongo instance"] + Metadata: 'AWS::CloudFormation::Interface': ParameterGroups: @@ -159,13 +216,34 @@ Metadata: - Label: default: >- Maximo Manage database configuration (complete this section only if - you chose the 'MAS + Manage' offering type) + you chose the 'MAS + Manage' offering type. + In case if this section is left empty and you chose 'MAS + Manage' offering type, + then We will provision an internal DB2 instance for Manage) Parameters: - MASManageDBUser - MASManageDBPassword - MASManageDBJdbcUrl - MASManageDBCertificateUrl - ImportDemoData + - Label: + default: MongoDB Configuration + Parameters: + - MongoDeploymentMode + - MongoDBProvider + - Label: + default: >- + Existing MongoDB / DocumentDB configuration details + (complete this section only if MongoDeploymentMode was selected as 'Use an existing mongo instance') + Parameters: + - MongoAdminUsername + - MongoAdminPassword + - MongoHosts + - MongoCAPemFile + - DocumentDBProvisionedVPCId + - Label: + default: AWS MSK Provision + Parameters: + - AWSMSKProvider - Label: default: >- Existing Suite License Service connection details (leave this @@ -550,7 +628,7 @@ Resources: - 'git clone https://github.com/ibm-mas/ansible-devops.git;' - cd ansible-devops; - rm -rf multicloud-bootstrap 1>/dev/null 2>&1; - - 'git clone https://github.com/ibm-mas/multicloud-bootstrap.git;' + - 'git clone -b mas810-alpha https://github.com/ibm-mas/multicloud-bootstrap.git;' - cd multicloud-bootstrap; - 'find . -type f -name "*.sh" -exec chmod +x {} \;;' - ./init.sh "aws" " @@ -602,9 +680,30 @@ Resources: - !Ref ImportDemoData - ''' '''' '''' '''' '''' ''' - !Ref EmailNotification - - ''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' ''' + - ''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' ''' + - ''' ''' + - !GetAtt + - CallLambdaFunctionGetSubnetForBootnode + - DefaultVPCId + - ''' '''' '''' '''' '''' '''' '''' '''' '''' '''' ''' - ''' ''' - !Ref OperationalMode + - ''' ''' + - !If [MongoUseExistingInstanceCondition, "true", "false"] + - ''' ''' + - !Ref MongoDBProvider + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoAdminUsername, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoAdminPassword, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoHosts, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoCAPemFile, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref DocumentDBProvisionedVPCId, ""] + - ''' ''' + - !Ref AWSMSKProvider - ''' "prod" ' - '2>&1 | tee mas-provisioning.log; ' Tags: diff --git a/aws/master-cft/paid-upi/cft-mas-core-dev.yaml b/aws/master-cft/paid-upi/cft-mas-core-dev.yaml index d027d974..c483d193 100644 --- a/aws/master-cft/paid-upi/cft-mas-core-dev.yaml +++ b/aws/master-cft/paid-upi/cft-mas-core-dev.yaml @@ -176,6 +176,61 @@ Parameters: AllowedValues: - Production - Non-production + MongoDeploymentMode: + Description: >- + A new mongo instance will be created on selection of 'Provision a new mongo instance'. + To use an existing mongo instance, select 'Use an existing mongo instance' option + Type: String + Default: "Provision a new mongo instance" + MinLength: '1' + AllowedValues: + - "Provision a new mongo instance" + - "Use an existing mongo instance" + MongoDBProvider: + Description: >- + Select the desired MongoDB provider. + Note: When selecting MongoDBProvider as MongoDB and MongoDeploymentMode as 'Provision a new mongo instance', a new "MongoDB Community Edition" instance will be provisioned + Type: String + Default: "MongoDB" + MinLength: '1' + AllowedValues: + - "MongoDB" + - "Amazon DocumentDB" + MongoAdminUsername: + Description: >- + Enter the Mongo Admin Username. + Type: String + MongoAdminPassword: + Description: >- + Enter the Mongo Admin Password. + Type: String + NoEcho: true + MongoHosts: + Description: >- + Enter the Mongo Hosts. eg., docdb-nonwqp-1.abc.ca-central-1.docdb.amazonaws.com:27017,docdb-nonwqp-2.def.ca-central-1.docdb.amazonaws.com:27017 + Type: String + MongoCAPemFile: + Description: >- + Enter the S3 bucket URL where MongoCAPemFile was uploaded. + Type: String + DocumentDBProvisionedVPCId: + Description: >- + Enter the VPC ID where existing Amazon DocumentDB was provisioned. + Leave this field blank, if MongoDBProvider was selected as "MongoDB". + Make sure this VPC ID resides in the current deployment region and does not have matching or overlapping IPv4 CIDR blocks 10.0.0.0/16. + Type: String + AWSMSKProvider: + Description: >- + Select Yes, to provision a AWS MSK cluster + Type: String + Default: "No" + MinLength: '1' + AllowedValues: + - "No" + - "Yes" + +Conditions: + MongoUseExistingInstanceCondition: !Equals [!Ref MongoDeploymentMode, "Use an existing mongo instance"] Metadata: 'AWS::CloudFormation::Interface': ParameterGroups: @@ -201,13 +256,34 @@ Metadata: - Label: default: >- Maximo Manage database configuration (complete this section only if - you chose the 'MAS + Manage' offering type) + you chose the 'MAS + Manage' offering type. + In case if this section is left empty and you chose 'MAS + Manage' offering type, + then We will provision an internal DB2 instance for Manage) Parameters: - MASManageDBUser - MASManageDBPassword - MASManageDBJdbcUrl - MASManageDBCertificateUrl - ImportDemoData + - Label: + default: MongoDB Configuration + Parameters: + - MongoDeploymentMode + - MongoDBProvider + - Label: + default: >- + Existing MongoDB / DocumentDB configuration details + (complete this section only if MongoDeploymentMode was selected as 'Use an existing mongo instance') + Parameters: + - MongoAdminUsername + - MongoAdminPassword + - MongoHosts + - MongoCAPemFile + - DocumentDBProvisionedVPCId + - Label: + default: AWS MSK Provider + Parameters: + - AWSMSKProvider - Label: default: >- Existing Suite License Service connection details (leave this @@ -228,10 +304,6 @@ Metadata: default: Email notification Parameters: - EmailNotification - - Label: - default: Operational Mode - Parameters: - - OperationalMode - Label: default: Choose the OCP cluster type and existing VPC Details Parameters: @@ -243,10 +315,14 @@ Metadata: - ExistingPublicSubnet1Id - ExistingPublicSubnet2Id - ExistingPublicSubnet3Id + - Label: + default: Operational Mode + Parameters: + - OperationalMode Mappings: RegionMap: us-east-1: - HVM64: ami-01be123bce5d349ea + HVM64: ami-028c3019ed25237a4 us-east-2: HVM64: ami-0da4f91ded4bac1bd us-west-2: @@ -256,19 +332,19 @@ Mappings: ap-southeast-1: HVM64: ami-0e084c2cc29ec1720 ap-southeast-2: - HVM64: ami-04b93bf7675dfbac1 + HVM64: ami-093254aff333dcfe3 ap-northeast-1: HVM64: ami-0786a7bec0e143591 eu-central-1: HVM64: ami-09fbeb232efd55c04 ap-south-1: - HVM64: ami-02190fd9502ff751c + HVM64: ami-09ee06d85c3bf30f9 ap-northeast-2: HVM64: ami-0b5a78be9ec85d01b ap-northeast-3: HVM64: ami-0d96abb825f3fc970 ca-central-1: - HVM64: ami-0268cd112c39d8715 + HVM64: ami-05de5e08f0f2ebd49 eu-south-1: HVM64: ami-045e0d5842edd2162 eu-west-1: @@ -564,7 +640,7 @@ Resources: - 'git clone https://github.com/ibm-mas/ansible-devops.git;' - cd ansible-devops; - rm -rf multicloud-bootstrap 1>/dev/null 2>&1; - - 'git clone -b mas89-alpha https://github.com/ibm-mas/multicloud-bootstrap.git;' + - 'git clone -b mas810-alpha https://github.com/ibm-mas/multicloud-bootstrap.git;' - cd multicloud-bootstrap; - 'find . -type f -name "*.sh" -exec chmod +x {} \;;' - ./init.sh "aws" " @@ -616,7 +692,7 @@ Resources: - !Ref ImportDemoData - ''' '''' '''' '''' '''' ''' - !Ref EmailNotification - - ''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' ''' + - ''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' ''' - !Ref ExistingVPCId - ''' '''' ''' - !Ref ExistingPrivateSubnet1Id @@ -634,6 +710,22 @@ Resources: - !Ref PrivateCluster - ''' ''' - !Ref OperationalMode + - ''' ''' + - !If [MongoUseExistingInstanceCondition, "true", "false"] + - ''' ''' + - !Ref MongoDBProvider + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoAdminUsername, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoAdminPassword, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoHosts, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoCAPemFile, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref DocumentDBProvisionedVPCId, ""] + - ''' ''' + - !Ref AWSMSKProvider - ''' "dev" ' - '2>&1 | tee mas-provisioning.log; ' Tags: diff --git a/aws/master-cft/paid-upi/cft-mas-core-without-ocp-license.yaml b/aws/master-cft/paid-upi/cft-mas-core-without-ocp-license.yaml index 63744839..6edb5791 100644 --- a/aws/master-cft/paid-upi/cft-mas-core-without-ocp-license.yaml +++ b/aws/master-cft/paid-upi/cft-mas-core-without-ocp-license.yaml @@ -185,6 +185,61 @@ Parameters: AllowedValues: - Production - Non-production + MongoDeploymentMode: + Description: >- + A new mongo instance will be created on selection of 'Provision a new mongo instance'. + To use an existing mongo instance, select 'Use an existing mongo instance' option + Type: String + Default: "Provision a new mongo instance" + MinLength: '1' + AllowedValues: + - "Provision a new mongo instance" + - "Use an existing mongo instance" + MongoDBProvider: + Description: >- + Select the desired MongoDB provider. + Note: When selecting MongoDBProvider as MongoDB and MongoDeploymentMode as 'Provision a new mongo instance', a new "MongoDB Community Edition" instance will be provisioned + Type: String + Default: "MongoDB" + MinLength: '1' + AllowedValues: + - "MongoDB" + - "Amazon DocumentDB" + MongoAdminUsername: + Description: >- + Enter the Mongo Admin Username. + Type: String + MongoAdminPassword: + Description: >- + Enter the Mongo Admin Password. + Type: String + NoEcho: true + MongoHosts: + Description: >- + Enter the Mongo Hosts. eg., docdb-nonwqp-1.abc.ca-central-1.docdb.amazonaws.com:27017,docdb-nonwqp-2.def.ca-central-1.docdb.amazonaws.com:27017 + Type: String + MongoCAPemFile: + Description: >- + Enter the S3 bucket URL where MongoCAPemFile was uploaded. + Type: String + DocumentDBProvisionedVPCId: + Description: >- + Enter the VPC ID where existing Amazon DocumentDB was provisioned. + Leave this field blank, if MongoDBProvider was selected as "MongoDB". + Make sure this VPC ID resides in the current deployment region and does not have matching or overlapping IPv4 CIDR blocks 10.0.0.0/16. + Type: String + AWSMSKProvider: + Description: >- + Select Yes, to provision a AWS MSK cluster + Type: String + Default: "No" + MinLength: '1' + AllowedValues: + - "No" + - "Yes" + +Conditions: + MongoUseExistingInstanceCondition: !Equals [!Ref MongoDeploymentMode, "Use an existing mongo instance"] Metadata: 'AWS::CloudFormation::Interface': ParameterGroups: @@ -211,13 +266,34 @@ Metadata: - Label: default: >- Maximo Manage database configuration (complete this section only if - you chose the 'MAS + Manage' offering type) + you chose the 'MAS + Manage' offering type. + In case if this section is left empty and you chose 'MAS + Manage' offering type, + then We will provision an internal DB2 instance for Manage) Parameters: - MASManageDBUser - MASManageDBPassword - MASManageDBJdbcUrl - MASManageDBCertificateUrl - ImportDemoData + - Label: + default: MongoDB Configuration + Parameters: + - MongoDeploymentMode + - MongoDBProvider + - Label: + default: >- + Existing MongoDB / DocumentDB configuration details + (complete this section only if MongoDeploymentMode was selected as 'Use an existing mongo instance') + Parameters: + - MongoAdminUsername + - MongoAdminPassword + - MongoHosts + - MongoCAPemFile + - DocumentDBProvisionedVPCId + - Label: + default: AWS MSK Provider + Parameters: + - AWSMSKProvider - Label: default: >- Existing Suite License Service connection details (leave this @@ -238,10 +314,6 @@ Metadata: default: Email notification Parameters: - EmailNotification - - Label: - default: Operational Mode - Parameters: - - OperationalMode - Label: default: Choose the OCP cluster type and existing VPC Details Parameters: @@ -253,10 +325,14 @@ Metadata: - ExistingPublicSubnet1Id - ExistingPublicSubnet2Id - ExistingPublicSubnet3Id + - Label: + default: Operational Mode + Parameters: + - OperationalMode Mappings: RegionMap: us-east-1: - HVM64: ami-01be123bce5d349ea + HVM64: ami-028c3019ed25237a4 us-east-2: HVM64: ami-xxxxxxxxxxxxxxxxx us-west-2: @@ -565,7 +641,7 @@ Resources: - 'git clone https://github.com/ibm-mas/ansible-devops.git;' - cd ansible-devops; - rm -rf multicloud-bootstrap 1>/dev/null 2>&1; - - 'git clone https://github.com/ibm-mas/multicloud-bootstrap.git;' + - 'git clone -b mas810-alpha https://github.com/ibm-mas/multicloud-bootstrap.git;' - cd multicloud-bootstrap; - 'find . -type f -name "*.sh" -exec chmod +x {} \;;' - ./init.sh "aws" " @@ -617,7 +693,7 @@ Resources: - !Ref ImportDemoData - ''' '''' '''' '''' '''' ''' - !Ref EmailNotification - - ''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' ''' + - ''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' ''' - !Ref ExistingVPCId - ''' '''' ''' - !Ref ExistingPrivateSubnet1Id @@ -635,6 +711,22 @@ Resources: - !Ref PrivateCluster - ''' ''' - !Ref OperationalMode + - ''' ''' + - !If [MongoUseExistingInstanceCondition, "true", "false"] + - ''' ''' + - !Ref MongoDBProvider + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoAdminUsername, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoAdminPassword, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoHosts, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoCAPemFile, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref DocumentDBProvisionedVPCId, ""] + - ''' ''' + - !Ref AWSMSKProvider - ''' "prod" ' - '2>&1 | tee mas-provisioning.log; ' Tags: diff --git a/aws/master-cft/paid-upi/cft-mas-core.yaml b/aws/master-cft/paid-upi/cft-mas-core.yaml index 9309ea24..fdd00abf 100644 --- a/aws/master-cft/paid-upi/cft-mas-core.yaml +++ b/aws/master-cft/paid-upi/cft-mas-core.yaml @@ -176,6 +176,61 @@ Parameters: AllowedValues: - Production - Non-production + MongoDeploymentMode: + Description: >- + A new mongo instance will be created on selection of 'Provision a new mongo instance'. + To use an existing mongo instance, select 'Use an existing mongo instance' option + Type: String + Default: "Provision a new mongo instance" + MinLength: '1' + AllowedValues: + - "Provision a new mongo instance" + - "Use an existing mongo instance" + MongoDBProvider: + Description: >- + Select the desired MongoDB provider. + Note: When selecting MongoDBProvider as MongoDB and MongoDeploymentMode as 'Provision a new mongo instance', a new "MongoDB Community Edition" instance will be provisioned + Type: String + Default: "MongoDB" + MinLength: '1' + AllowedValues: + - "MongoDB" + - "Amazon DocumentDB" + MongoAdminUsername: + Description: >- + Enter the Mongo Admin Username. + Type: String + MongoAdminPassword: + Description: >- + Enter the Mongo Admin Password. + Type: String + NoEcho: true + MongoHosts: + Description: >- + Enter the Mongo Hosts. eg., docdb-nonwqp-1.abc.ca-central-1.docdb.amazonaws.com:27017,docdb-nonwqp-2.def.ca-central-1.docdb.amazonaws.com:27017 + Type: String + MongoCAPemFile: + Description: >- + Enter the S3 bucket URL where MongoCAPemFile was uploaded. + Type: String + DocumentDBProvisionedVPCId: + Description: >- + Enter the VPC ID where existing Amazon DocumentDB was provisioned. + Leave this field blank, if MongoDBProvider was selected as "MongoDB". + Make sure this VPC ID resides in the current deployment region and does not have matching or overlapping IPv4 CIDR blocks 10.0.0.0/16. + Type: String + AWSMSKProvider: + Description: >- + Select Yes, to provision a AWS MSK cluster + Type: String + Default: "No" + MinLength: '1' + AllowedValues: + - "No" + - "Yes" + +Conditions: + MongoUseExistingInstanceCondition: !Equals [!Ref MongoDeploymentMode, "Use an existing mongo instance"] Metadata: 'AWS::CloudFormation::Interface': ParameterGroups: @@ -201,13 +256,34 @@ Metadata: - Label: default: >- Maximo Manage database configuration (complete this section only if - you chose the 'MAS + Manage' offering type) + you chose the 'MAS + Manage' offering type. + In case if this section is left empty and you chose 'MAS + Manage' offering type, + then We will provision an internal DB2 instance for Manage) Parameters: - MASManageDBUser - MASManageDBPassword - MASManageDBJdbcUrl - MASManageDBCertificateUrl - ImportDemoData + - Label: + default: MongoDB Configuration + Parameters: + - MongoDeploymentMode + - MongoDBProvider + - Label: + default: >- + Existing MongoDB / DocumentDB configuration details + (complete this section only if MongoDeploymentMode was selected as 'Use an existing mongo instance') + Parameters: + - MongoAdminUsername + - MongoAdminPassword + - MongoHosts + - MongoCAPemFile + - DocumentDBProvisionedVPCId + - Label: + default: AWS MSK Provider + Parameters: + - AWSMSKProvider - Label: default: >- Existing Suite License Service connection details (leave this @@ -555,7 +631,7 @@ Resources: - 'git clone https://github.com/ibm-mas/ansible-devops.git;' - cd ansible-devops; - rm -rf multicloud-bootstrap 1>/dev/null 2>&1; - - 'git clone https://github.com/ibm-mas/multicloud-bootstrap.git;' + - 'git clone -b mas810-alpha https://github.com/ibm-mas/multicloud-bootstrap.git;' - cd multicloud-bootstrap; - 'find . -type f -name "*.sh" -exec chmod +x {} \;;' - ./init.sh "aws" " @@ -607,7 +683,7 @@ Resources: - !Ref ImportDemoData - ''' '''' '''' '''' '''' ''' - !Ref EmailNotification - - ''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' ''' + - ''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' '''' ''' - !Ref ExistingVPCId - ''' '''' ''' - !Ref ExistingPrivateSubnet1Id @@ -625,6 +701,22 @@ Resources: - !Ref PrivateCluster - ''' ''' - !Ref OperationalMode + - ''' ''' + - !If [MongoUseExistingInstanceCondition, "true", "false"] + - ''' ''' + - !Ref MongoDBProvider + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoAdminUsername, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoAdminPassword, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoHosts, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref MongoCAPemFile, ""] + - ''' ''' + - !If [MongoUseExistingInstanceCondition, !Ref DocumentDBProvisionedVPCId, ""] + - ''' ''' + - !Ref AWSMSKProvider - ''' "prod" ' - '2>&1 | tee mas-provisioning.log; ' Tags: diff --git a/aws/ocp-terraform/linux-prereq-install.sh b/aws/ocp-terraform/linux-prereq-install.sh index c5d3d28a..c18d846c 100644 --- a/aws/ocp-terraform/linux-prereq-install.sh +++ b/aws/ocp-terraform/linux-prereq-install.sh @@ -20,8 +20,8 @@ mv jq /usr/local/bin ## Download Openshift CLI and move to /usr/local/bin -wget "https://mirror.openshift.com/pub/openshift-v4/clients/ocp/4.10.35/openshift-client-linux-4.10.35.tar.gz" -tar -xvf openshift-client-linux-4.10.35.tar.gz +wget "https://mirror.openshift.com/pub/openshift-v4/clients/ocp/4.12.18/openshift-client-linux-4.12.18.tar.gz" +tar -xvf openshift-client-linux-4.12.18.tar.gz chmod u+x oc kubectl sudo mv oc /usr/local/bin sudo mv kubectl /usr/local/bin diff --git a/aws/ocp-terraform/mac-prereq-install.sh b/aws/ocp-terraform/mac-prereq-install.sh index 91442126..a152eaf1 100644 --- a/aws/ocp-terraform/mac-prereq-install.sh +++ b/aws/ocp-terraform/mac-prereq-install.sh @@ -20,8 +20,8 @@ mv jq /usr/local/bin ## Download Openshift CLI and move to /usr/local/bin -wget "https://mirror.openshift.com/pub/openshift-v4/clients/ocp/4.10.35/openshift-client-linux-4.10.35.tar.gz" -tar -xvf openshift-client-linux-4.10.35.tar.gz +wget "https://mirror.openshift.com/pub/openshift-v4/clients/ocp/4.12.18/openshift-client-linux-4.12.18.tar.gz" +tar -xvf openshift-client-linux-4.12.18.tar.gz chmod u+x oc kubectl sudo mv oc /usr/local/bin sudo mv kubectl /usr/local/bin diff --git a/aws/ocp-terraform/ocp/variables.tf b/aws/ocp-terraform/ocp/variables.tf index 3e071382..6cdff939 100644 --- a/aws/ocp-terraform/ocp/variables.tf +++ b/aws/ocp-terraform/ocp/variables.tf @@ -5,7 +5,7 @@ variable "openshift_installer_url" { variable "openshift_version" { type = string - default = "4.10.35" + default = "4.12.18" } variable "cluster_name" { diff --git a/aws/ocp-terraform/ocs/gp2.yaml b/aws/ocp-terraform/ocs/gp2.yaml new file mode 100644 index 00000000..d0693eca --- /dev/null +++ b/aws/ocp-terraform/ocs/gp2.yaml @@ -0,0 +1,14 @@ +--- +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: gp2 + annotations: + storageclass.kubernetes.io/is-default-class: "true" +provisioner: kubernetes.io/aws-ebs +parameters: + encrypted: "true" + type: gp2 +reclaimPolicy: Delete +allowVolumeExpansion: true +volumeBindingMode: WaitForFirstConsumer diff --git a/aws/ocp-terraform/ocs/ocs-storagecluster-ceph-rbd.yaml b/aws/ocp-terraform/ocs/ocs-storagecluster-ceph-rbd.yaml new file mode 100644 index 00000000..2f4eb308 --- /dev/null +++ b/aws/ocp-terraform/ocs/ocs-storagecluster-ceph-rbd.yaml @@ -0,0 +1,23 @@ +--- +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: ocs-storagecluster-ceph-rbd + annotations: + description: Provides RWO Filesystem volumes, and RWO and RWX Block volumes +provisioner: openshift-storage.rbd.csi.ceph.com +parameters: + csi.storage.k8s.io/fstype: ext4 + csi.storage.k8s.io/provisioner-secret-namespace: openshift-storage + csi.storage.k8s.io/provisioner-secret-name: rook-csi-rbd-provisioner + csi.storage.k8s.io/node-stage-secret-name: rook-csi-rbd-node + csi.storage.k8s.io/controller-expand-secret-name: rook-csi-rbd-provisioner + imageFormat: "2" + clusterID: openshift-storage + imageFeatures: layering + csi.storage.k8s.io/controller-expand-secret-namespace: openshift-storage + pool: ocs-storagecluster-cephblockpool + csi.storage.k8s.io/node-stage-secret-namespace: openshift-storage +reclaimPolicy: Delete +allowVolumeExpansion: true +volumeBindingMode: Immediate diff --git a/aws/ocp-terraform/ocs/ocs-storagecluster-cephfs.yaml b/aws/ocp-terraform/ocs/ocs-storagecluster-cephfs.yaml new file mode 100644 index 00000000..4a08c91c --- /dev/null +++ b/aws/ocp-terraform/ocs/ocs-storagecluster-cephfs.yaml @@ -0,0 +1,20 @@ +--- +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: ocs-storagecluster-cephfs + annotations: + description: Provides RWO and RWX Filesystem volumes +provisioner: openshift-storage.cephfs.csi.ceph.com +parameters: + clusterID: openshift-storage + csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner + csi.storage.k8s.io/controller-expand-secret-namespace: openshift-storage + csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node + csi.storage.k8s.io/node-stage-secret-namespace: openshift-storage + csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner + csi.storage.k8s.io/provisioner-secret-namespace: openshift-storage + fsName: ocs-storagecluster-cephfilesystem +reclaimPolicy: Delete +allowVolumeExpansion: true +volumeBindingMode: Immediate diff --git a/aws/ocp-terraform/ocs/openshift-storage.noobaa.io.yaml b/aws/ocp-terraform/ocs/openshift-storage.noobaa.io.yaml new file mode 100644 index 00000000..7a25af61 --- /dev/null +++ b/aws/ocp-terraform/ocs/openshift-storage.noobaa.io.yaml @@ -0,0 +1,12 @@ +--- +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: openshift-storage.noobaa.io + annotations: + description: Provides Object Bucket Claims (OBCs) +provisioner: openshift-storage.noobaa.io/obc +parameters: + bucketclass: noobaa-default-bucket-class +reclaimPolicy: Delete +volumeBindingMode: Immediate diff --git a/aws/ocp-terraform/ocs/templates.tf b/aws/ocp-terraform/ocs/templates.tf index 6e7cadb1..17e1edc9 100644 --- a/aws/ocp-terraform/ocs/templates.tf +++ b/aws/ocp-terraform/ocs/templates.tf @@ -26,12 +26,11 @@ metadata: labels: operators.coreos.com/odf-operator.openshift-storage: '' spec: - channel: "stable-4.10" + channel: "stable-4.12" installPlanApproval: Automatic name: odf-operator source: redhat-operators sourceNamespace: openshift-marketplace - startingCSV: "odf-operator.v4.10.7" --- apiVersion: odf.openshift.io/v1alpha1 kind: StorageSystem @@ -86,7 +85,7 @@ spec: portable: true replica: 3 resources: {} - version: 4.10.0 + version: 4.12.0 EOF } diff --git a/aws/ocp-terraform/outputs.tf b/aws/ocp-terraform/outputs.tf index 59c6dcf4..335732fd 100644 --- a/aws/ocp-terraform/outputs.tf +++ b/aws/ocp-terraform/outputs.tf @@ -19,6 +19,9 @@ output "openshift_password" { sensitive = true } +output "vpcid" { + value = var.new_or_existing_vpc_subnet == "new" ? module.network[0].vpcid : var.vpc_id +} # output "cpd_url" { # description = "URL for cpd web console" diff --git a/aws/ocp-terraform/scripts/libs_aws/aws_generic_helper.py b/aws/ocp-terraform/scripts/libs_aws/aws_generic_helper.py index 72448a02..fb45e6d2 100644 --- a/aws/ocp-terraform/scripts/libs_aws/aws_generic_helper.py +++ b/aws/ocp-terraform/scripts/libs_aws/aws_generic_helper.py @@ -36,7 +36,7 @@ class AWSGenericHelper(): 'elastic-ips': 3, 'application-load-ballancer': 2, 'classic-load-ballancer': 3, - 's3-buckets': 1 + 's3-buckets': -100 } }, 'portworx': { diff --git a/aws/ocp-terraform/variables.tf b/aws/ocp-terraform/variables.tf index fc4da501..9816e4df 100644 --- a/aws/ocp-terraform/variables.tf +++ b/aws/ocp-terraform/variables.tf @@ -331,7 +331,7 @@ variable "cloudctl_version" { variable "openshift_version" { description = "OCP Version" - default = "4.10.35" + default = "4.12.18" } variable "cpd_platform" { diff --git a/aws/utils/fetch-cidr-block.sh b/aws/utils/fetch-cidr-block.sh new file mode 100644 index 00000000..77e4bf14 --- /dev/null +++ b/aws/utils/fetch-cidr-block.sh @@ -0,0 +1,41 @@ +#!/bin/bash +log "DEPLOY_REGION=$DEPLOY_REGION VPC_ID=$VPC_ID" +CIDR_BLOCKS=`aws ec2 describe-subnets --region $DEPLOY_REGION \ + --filter Name=vpc-id,Values=$VPC_ID "Name=default-for-az,Values=false" "Name=map-public-ip-on-launch,Values=false" \ + --query "Subnets[*].{CIDR_BLOCKS:CidrBlock}" --output=text` +if [[ -z $CIDR_BLOCKS ]]; then + log "SUBNETS with default-for-az=false (non-default) not found, check for default" + CIDR_BLOCKS=`aws ec2 describe-subnets --region $DEPLOY_REGION \ + --filter Name=vpc-id,Values=$VPC_ID \ + --query "Subnets[*].{CIDR_BLOCKS:CidrBlock}" --output=text` +fi + +if [[ -n $CIDR_BLOCKS ]]; then + length=0 + for CIDR_BLOCK in $CIDR_BLOCKS; do + length=$((length+1)) + done + if [ "$length" -ge 3 ]; then + log "There are atleast 3 subnets" + length=0 + for EACH_CIDR_BLOCK in $CIDR_BLOCKS; do + array[$length]="$EACH_CIDR_BLOCK" + length=$((length+1)) + done + export CIDR_BLOCKS_0=${array[0]} + export CIDR_BLOCKS_1=${array[1]} + export CIDR_BLOCKS_2=${array[2]} + log "CIDR_BLOCKS_0=$CIDR_BLOCKS_0 CIDR_BLOCKS_1=$CIDR_BLOCKS_1 CIDR_BLOCKS_2=$CIDR_BLOCKS_2" + else + log "Atleast 3 subnets required, VPC ID $VPC_ID has less than 3 subnets" + SCRIPT_STATUS=44 + exit $SCRIPT_STATUS + fi +else + log "Subnets not found for the given VPC ID $VPC_ID" + SCRIPT_STATUS=44 + exit $SCRIPT_STATUS +fi + +VPC_CIDR_BLOCK=`aws ec2 describe-vpcs --vpc-ids $VPC_ID --query "Vpcs[*].{VPC_CIDR_BLOCK:CidrBlock}" --output=text` +log "VPC_CIDR_BLOCK=${VPC_CIDR_BLOCK}" \ No newline at end of file diff --git a/azure/01_vnet.json b/azure/01_vnet.json new file mode 100755 index 00000000..5441ca5a --- /dev/null +++ b/azure/01_vnet.json @@ -0,0 +1,137 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "baseName": { + "type": "string", + "minLength": 1, + "metadata": { + "description": "Base name to be used in resource names (usually the cluster's Infra ID)" + } + } + }, + "variables": { + "location": "[resourceGroup().location]", + "virtualNetworkName": "[concat(parameters('baseName'), '-vnet')]", + "addressPrefix": "10.0.0.0/16", + "masterSubnetName": "master-subnet", + "masterSubnetPrefix": "10.0.1.0/24", + "nodeSubnetName": "worker-subnet", + "nodeSubnetPrefix": "10.0.2.0/24", + "masterNsgName": "master-nsg", + "workerNsgName": "worker-nsg" + }, + "resources": [ + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "pid-a8835dfb-6bdf-4614-be3f-805ef276e05b", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "apiVersion": "2022-07-01", + "type": "Microsoft.Network/virtualNetworks", + "name": "[variables('virtualNetworkName')]", + "location": "[variables('location')]", + "dependsOn": [ + "[concat('Microsoft.Network/networkSecurityGroups/', variables('masterNsgName'))]", + "[concat('Microsoft.Network/networkSecurityGroups/', variables('workerNsgName'))]" + ], + "properties": { + "addressSpace": { + "addressPrefixes": [ + "[variables('addressPrefix')]" + ] + }, + "subnets": [ + { + "name": "[variables('masterSubnetName')]", + "properties": { + "addressPrefix": "[variables('masterSubnetPrefix')]", + "serviceEndpoints": [], + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('masterNsgName'))]" + } + } + }, + { + "name": "[variables('nodeSubnetName')]", + "properties": { + "addressPrefix": "[variables('nodeSubnetPrefix')]", + "serviceEndpoints": [], + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('workerNsgName'))]" + } + } + } + ] + } + }, + { + "type" : "Microsoft.Network/networkSecurityGroups", + "name" : "[variables('masterNsgName')]", + "apiVersion" : "2018-10-01", + "location" : "[variables('location')]", + "properties" : { + "securityRules" : [ + { + "name" : "apiserver_in", + "properties" : { + "protocol" : "Tcp", + "sourcePortRange" : "*", + "destinationPortRange" : "6443", + "sourceAddressPrefix" : "*", + "destinationAddressPrefix" : "*", + "access" : "Allow", + "priority" : 101, + "direction" : "Inbound" + } + } + ] + } + }, + { + "type": "Microsoft.Network/networkSecurityGroups", + "name": "[variables('workerNsgName')]", + "apiVersion": "2022-07-01", + "location": "[variables('location')]", + "properties": { + "securityRules": [ + { + "name": "https", + "properties": { + "protocol": "Tcp", + "sourcePortRange": "*", + "destinationPortRange": "443", + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 500, + "direction": "Inbound" + } + }, + { + "name": "http", + "properties": { + "protocol": "Tcp", + "sourcePortRange": "*", + "destinationPortRange": "80", + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 501, + "direction": "Inbound" + } + } + ] + } + } + ] +} diff --git a/azure/azurefiles/azurefiles-premium.sh b/azure/azurefiles/azurefiles-premium.sh index c0cee2cf..a0eff57f 100755 --- a/azure/azurefiles/azurefiles-premium.sh +++ b/azure/azurefiles/azurefiles-premium.sh @@ -23,9 +23,10 @@ oc create configmap azure-cred-file --from-literal=path="/etc/kubernetes/cloud.c export driver_version=v1.12.0 echo "Driver version " $driver_version ./install-driver.sh $driver_version - +oc patch storageclass managed-csi -p '{"metadata": {"annotations": {"storageclass.kubernetes.io/is-default-class": "false"}}}' #Deploy premium Storage Class envsubst < azurefiles-premium.yaml | tee azurefiles-premium.yaml oc apply -f azurefiles-premium.yaml - +envsubst < managed-premium.yaml | tee managed-premium.yaml +oc apply -f managed-premium.yaml oc apply -f persistent-volume-binder.yaml \ No newline at end of file diff --git a/azure/azurefiles/managed-premium.yaml b/azure/azurefiles/managed-premium.yaml new file mode 100644 index 00000000..9b004e94 --- /dev/null +++ b/azure/azurefiles/managed-premium.yaml @@ -0,0 +1,13 @@ +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: managed-premium + annotations: + storageclass.kubernetes.io/is-default-class: 'true' +provisioner: kubernetes.io/azure-disk +parameters: + kind: Managed + storageaccounttype: Premium_LRS +reclaimPolicy: Delete +allowVolumeExpansion: true +volumeBindingMode: WaitForFirstConsumer diff --git a/azure/bootnode-image/bootnode-image-step-1.sh b/azure/bootnode-image/bootnode-image-step-1.sh index 15ab76b4..f1eda8c6 100755 --- a/azure/bootnode-image/bootnode-image-step-1.sh +++ b/azure/bootnode-image/bootnode-image-step-1.sh @@ -11,7 +11,7 @@ # 2. Image resource group: This RG contains the Azure Compuet Gallery and the actual VM image. For example, masocp-bootnode-image-rg-20220706122203 # The suffix for the RG names is the timestamp generated by the script and it is same for this pair of resource groups. # Once the testing is done, it is recommended to delete these resource groups. -# +# # Prereqs: # - Make sure you have the SSH private key at /tmp/key-santosh-pawar.pem # @@ -26,7 +26,7 @@ # If you have specified value for ANSIBLE_COLLECTION_VERSION, this parameter will be ignored. # If you do not specify values for either ANSIBLE_COLLECTION_VERSION or ANSIBLE_COLLECTION_BRANCH, the Ansible collection will be # built locally from the master branch of Ansible collection repo, and installed. -# BOOTSTRAP_AUTOMATION_TAG_OR_BRANCH: If you want to build the image with specific bootstrap automation code tag or branch, provide that value. +# BOOTSTRAP_AUTOMATION_TAG_OR_BRANCH: If you want to build the image with specific bootstrap automation code tag or branch, provide that value. # Specific branch is normally used when testing the changes from your feature branch. # Specific tag is normally used when the bootstrap code is locked for a specific release. # SSH_KEY - Pass your private key ssh-key for the region - Paste the private key @@ -66,12 +66,15 @@ fi UNIQSTR=$(date +%Y%m%d%H%M%S) echo "Unique string: $UNIQSTR" az group create --name masocp-bootnode-vm-rg-${UNIQSTR} --location eastus2 -output=$(az vm create --resource-group masocp-bootnode-vm-rg-${UNIQSTR} --name bootnode-prep --image RedHat:RHEL:82gen2:latest --admin-username azureuser --ssh-key-values "$SSH_KEY" --size Standard_D2s_v3 --public-ip-sku Standard) + +output=$(az vm create --resource-group masocp-bootnode-vm-rg-${UNIQSTR} --name bootnode-prep --image RedHat:RHEL:92-gen2:latest --admin-username azureuser --ssh-key-values "$SSH_KEY" --size Standard_D2s_v3 --public-ip-sku Standard) + echo $output vmip=$(echo $output | jq '.publicIpAddress' | tr -d '"') echo "VM IP address: $vmip" -ssh -i $6 -o StrictHostKeyChecking=no azureuser@$vmip "cd /tmp; curl -skSL 'https://raw.githubusercontent.com/ibm-mas/multicloud-bootstrap/main/azure/bootnode-image/prepare-bootnode-image.sh' -o prepare-bootnode-image.sh; chmod +x prepare-bootnode-image.sh; sudo su - root -c \"/tmp/prepare-bootnode-image.sh '$ANSIBLE_COLLECTION_VERSION' '$ANSIBLE_COLLECTION_BRANCH' '$BOOTSTRAP_AUTOMATION_TAG_OR_BRANCH'\"" +ssh -i $6 -o StrictHostKeyChecking=no azureuser@$vmip "cd /tmp; curl -skSL 'https://raw.githubusercontent.com/ibm-mas/multicloud-bootstrap/mas810-alpha/azure/bootnode-image/prepare-bootnode-image.sh' -o prepare-bootnode-image.sh; chmod +x prepare-bootnode-image.sh; sudo su - root -c \"/tmp/prepare-bootnode-image.sh '$ANSIBLE_COLLECTION_VERSION' '$ANSIBLE_COLLECTION_BRANCH' '$BOOTSTRAP_AUTOMATION_TAG_OR_BRANCH'\"" + az vm deallocate --resource-group masocp-bootnode-vm-rg-${UNIQSTR} --name bootnode-prep az vm generalize --resource-group masocp-bootnode-vm-rg-${UNIQSTR} --name bootnode-prep az image create --resource-group masocp-bootnode-vm-rg-${UNIQSTR} --name masocp-bootnode-img-${UNIQSTR} --source bootnode-prep --hyper-v-generation V2 diff --git a/azure/bootnode-image/prepare-bootnode-image.sh b/azure/bootnode-image/prepare-bootnode-image.sh index dedb3c20..c00c6510 100755 --- a/azure/bootnode-image/prepare-bootnode-image.sh +++ b/azure/bootnode-image/prepare-bootnode-image.sh @@ -28,37 +28,41 @@ echo "BOOTSTRAP_AUTOMATION_TAG_OR_BRANCH=$BOOTSTRAP_AUTOMATION_TAG_OR_BRANCH" # Remove unnecessary packages dnf -y remove polkit +# Enable and disable repos to update certs +echo "Enable and disable repos to update certs" +#dnf update -y --disablerepo=* --enablerepo='*microsoft*' rhui-azure-rhel8-eus + # Update all packages to latest dnf update -y ## Install pre-reqs -dnf install git httpd-tools java unzip wget zip -y +dnf install git httpd-tools java python39 unzip wget zip pip container-tools -y +ln -s --force /usr/bin/python3.9 /usr/bin/python +ln -s --force /usr/bin/pip3.9 /usr/bin/pip + +ln -s --force /usr/bin/python3.9 /usr/bin/python3 +ln -s --force /usr/bin/pip3.9 /usr/bin/pip3 -#Install openshift-install 4.10.35 -wget https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/4.10.35/openshift-client-linux-4.10.35.tar.gz -tar -xvf openshift-client-linux-4.10.35.tar.gz +#Install openshift-install 4.12.18 +wget https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/4.12.18/openshift-client-linux-4.12.18.tar.gz +tar -xvf openshift-client-linux-4.12.18.tar.gz chmod u+x oc kubectl mv -f oc /usr/local/bin mv -f kubectl /usr/local/bin oc version -rm -rf openshift-client-linux-4.10.35.tar.gz +rm -rf openshift-client-linux-4.12.18.tar.gz ## Download the Openshift CLI and move to /usr/local/bin -wget "https://mirror.openshift.com/pub/openshift-v4/clients/ocp/4.10.35/openshift-install-linux.tar.gz" +wget "https://mirror.openshift.com/pub/openshift-v4/clients/ocp/4.12.18/openshift-install-linux.tar.gz" tar -xvf openshift-install-linux.tar.gz chmod u+x openshift-install mv -f openshift-install /usr/local/bin openshift-install version rm -rf openshift-install-linux.tar.gz -# Install Azure cli +# Install Azure cli for rhel9 rpm --import https://packages.microsoft.com/keys/microsoft.asc -echo -e "[azure-cli] -name=Azure CLI -baseurl=https://packages.microsoft.com/yumrepos/azure-cli -enabled=1 -gpgcheck=1 -gpgkey=https://packages.microsoft.com/keys/microsoft.asc" | tee /etc/yum.repos.d/azure-cli.repo +dnf install -y https://packages.microsoft.com/config/rhel/9.0/packages-microsoft-prod.rpm dnf install azure-cli -y # Install AzureCopy cli @@ -74,35 +78,13 @@ chmod +x jq mv jq /usr/local/bin # Install podman -dnf module install -y container-tools - -#Install the required Python development libraries -dnf install gcc openssl-devel bzip2-devel libffi-devel make -y +dnf install -y container-tools pip -wget "https://www.python.org/ftp/python/3.9.14/Python-3.9.14.tgz" -tar xzf Python-3.9.14.tgz -rm -rf Python-3.9.14.tgz -cd Python-3.9.14 -./configure --enable-optimizations -make altinstall -python3.9 -V -rm -rf /usr/local/lib/python3.9/unittest -rm -rf /usr/local/lib/python3.9/test - -ln -s --force /usr/local/bin/python3.9 /usr/bin/python -ln -s --force /usr/local/bin/pip3.9 /usr/bin/pip -ln -s --force /usr/local/bin/python3.9 /usr/bin/python3 -ln -s --force /usr/local/bin/pip3.9 /usr/bin/pip3 - pip install --upgrade pip -pip3 install pyyaml -pip3 install jaydebeapi -pip3 install jmespath -pip3 install yq -python3 -m pip install dotmap -python3 -m pip install yq +pip install jaydebeapi jmespath yq jsonpatch kubernetes PyYAML openshift dotmap +pip install oauthlib==3.2.2 ## Install terraform TERRAFORM_VER=`curl -s https://api.github.com/repos/hashicorp/terraform/releases/latest | grep tag_name | cut -d: -f2 | tr -d \"\,\v | awk '{$1=$1};1'` @@ -113,7 +95,7 @@ mv terraform /usr/local/bin/ rm -rf terraform_${TERRAFORM_VER}_linux_amd64.zip ## Install Ansible -pip3 install ansible==4.9.0 +pip3 install ansible pip3 install openshift ansible-galaxy collection install community.kubernetes @@ -136,7 +118,7 @@ else rm -rf ansible-devops ibm-mas_devops-*.tar.gz rm -rf ansible-devops fi - +pip install oauthlib==3.2.2 # Get the bootstrap github code cd /root rm -rf ansible-devops @@ -149,7 +131,8 @@ fi echo "Cloning bootstrap automation from tag/branch $BOOTSTRAP_AUTOMATION_TAG_OR_BRANCH" git clone -b $BOOTSTRAP_AUTOMATION_TAG_OR_BRANCH https://github.com/ibm-mas/multicloud-bootstrap.git cd multicloud-bootstrap -rm -rf aws azure/bootnode-image azure/master-arm +echo "removing folders" +rm -rf aws azure/bootnode-image azure/master-arm gcp mongo lib/ojdbc8.jar find . -type f -name "*.sh" -exec chmod +x {} \; # Clear bash history diff --git a/azure/cleanup-mas-deployment.sh b/azure/cleanup-mas-deployment.sh index 76c56166..79927c2a 100755 --- a/azure/cleanup-mas-deployment.sh +++ b/azure/cleanup-mas-deployment.sh @@ -29,8 +29,8 @@ usage() { echo "" echo " Do not specify both 'bootnode-resource-group' and 'unique-string' parameters at the same time." echo " For example, " - echo " cleanup-mas-deployment.sh -r mas-instance-rg" - echo " cleanup-mas-deployment.sh -u gr5t67" + echo " cleanup-mas-deployment.sh -r mas-instance-rg -t IPI(UPI) " + echo " cleanup-mas-deployment.sh -u gr5t67 -t IPI(UPI) " exit 1 } @@ -51,7 +51,7 @@ if [[ $# -eq 0 ]]; then echoRed "No arguments provided with $0. Exiting.." usage else - while getopts 'r:u:?h' c; do + while getopts 'r:u:t?h' c; do case $c in r) RG_NAME=$OPTARG @@ -103,16 +103,6 @@ if [[ -n $RG_NAME ]]; then set -e fi -# Check if this is IPI installation or UPI. The IPI installation will have a VNet named 'ocpfourx-vnet' in bootnode VPC. The UPI instalation -# does not have it as the existing VNet will be in the different resource group than the bootnode resource group. -ocpvnet=$(az resource list --resource-group $RG_NAME --resource-type Microsoft.Network/virtualNetworks --name "ocpfourx-vnet" | jq '. | length') -if [[ $ocpvnet -eq 1 ]]; then - INSTALL_MODE=IPI -else - INSTALL_MODE=UPI -fi -echo "This is $INSTALL_MODE installation" - if [[ -n $RG_NAME ]]; then # Get the cluster unique string UNIQ_STR=$(az deployment group list --resource-group $RG_NAME | jq ".[] | select(.properties.outputs.clusterUniqueString.value != null).properties.outputs.clusterUniqueString.value" | tr -d '"') @@ -127,68 +117,36 @@ if [[ ($UNIQ_STR == "null") || (-z $UNIQ_STR) ]]; then echo "Skipping the deletion of OCP cluster resources, will continue to delete the bootnode resource group" else # Get the OCP cluster resource group name - if [[ $INSTALL_MODE == "IPI" ]]; then OCP_CLUSTER_RG_NAME=$(az group list | jq ".[] | select(.name | contains(\"masocp-$UNIQ_STR\")).name" | tr -d '"') - else vnetname=$(az deployment group list --resource-group $RG_NAME | jq ".[] | select(.properties.parameters.openShiftClustervnetId.value != null).properties.parameters.openShiftClustervnetId.value" | tr -d '"') - INFRAID=$(echo $vnetname | cut -f 1 -d '-') - echo "INFRA_ID: $INFRAID" - OCP_CLUSTER_RG_NAME=$(az network vnet list | jq --arg VNET_NAME $vnetname '.[] | select(.name==$VNET_NAME).resourceGroup' | tr -d '"') - fi - echo "OCP_CLUSTER_RG_NAME: $OCP_CLUSTER_RG_NAME" - if [[ -n $OCP_CLUSTER_RG_NAME ]]; then + if [[ -z $vnetname ]]; then + INSTALL_MODE=IPI + echo "This is $INSTALL_MODE installation" + else + INSTALL_MODE=UPI + echo "This is $INSTALL_MODE installation" + fi + echo "OCP_CLUSTER_RG_NAME: $OCP_CLUSTER_RG_NAME" + if [[ -n $OCP_CLUSTER_RG_NAME ]]; then # Check if OCP cluster resource group exists - rg=$(az group list | jq ".[] | select(.name | contains(\"$OCP_CLUSTER_RG_NAME\")).name" | tr -d '"') - if [[ -z $rg ]]; then - echo "OCP cluster resource group $OCP_CLUSTER_RG_NAME does not exist" + rg=$(az group list | jq ".[] | select(.name | contains(\"$OCP_CLUSTER_RG_NAME\")).name" | tr -d '"') + if [[ -z $rg ]]; then + echo "OCP cluster resource group $OCP_CLUSTER_RG_NAME does not exist" + else + echo "Deleting resource group $OCP_CLUSTER_RG_NAME ..." + az group delete -y --name $OCP_CLUSTER_RG_NAME --no-wait + az group wait --name $OCP_CLUSTER_RG_NAME --deleted + echo "Deleted resource group $OCP_CLUSTER_RG_NAME" + fi else - if [[ $INSTALL_MODE == "IPI" ]]; then - # If IPI installation, delete the OCP cluster resource grup itself - echo "Deleting resource group $OCP_CLUSTER_RG_NAME ..." - az group delete --yes --name $OCP_CLUSTER_RG_NAME - echo "Deleted resource group $OCP_CLUSTER_RG_NAME" - else - # If UPI installation, delete only the OCP cluster related resources - # Find all resources having INFRA_ID in it - echo "Deleting resource from resource group" - # Delete resources by INFRA_ID - for restype in Microsoft.Compute/virtualMachines Microsoft.Compute/disks Microsoft.Network/loadBalancers Microsoft.Network/networkInterfaces Microsoft.ManagedIdentity/userAssignedIdentities Microsoft.Network/publicIPAddresses Microsoft.Compute/images Microsoft.Network/privateDnsZones/virtualNetworkLinks Microsoft.Storage/storageAccounts; do - unset residtodelete - echo " Deleting by INFRA_ID, checking resource type $restype" - for res in $(az resource list --resource-group $OCP_CLUSTER_RG_NAME --resource-type "$restype" | jq --arg INFRAID $INFRAID '.[] | select(.name | contains($INFRAID)) | .name,.id,":"' | tr -d '"' | tr '\n\r' ',' | tr ':' '\n' | sed 's/^,//g' | sed 's/,$//g'); do - resname=$(echo $res | cut -f 1 -d ',') - resid=$(echo $res | cut -f 2 -d ',') - residtodelete="$residtodelete $resid" - if [[ ($res == "$INFRAID-vnet" ) || ($res == "$INFRAID-nsg" ) ]]; then - echo " Existing resource $resname skipping deletion" - else - echo " Existing resource $resname deleting" - fi - done - echo " Resource IDs to delete: $residtodelete" - if [[ -n $residtodelete ]]; then - az resource delete --resource-group $OCP_CLUSTER_RG_NAME --resource-type "$restype" --ids $residtodelete > /dev/null - else - echo " No resources of type $restype found" - fi - done - # Delete the storage account created for this deployment - stgacnt=$(az storage account list --resource-group $OCP_CLUSTER_RG_NAME | jq --arg NAME masocp${UNIQUE_STR}sa '.[] | select(.name==$NAME).id' | tr -d '"') - echo " Storage account to delete: $stgacnt" - if [[ -n $stgacnt ]]; then - az storage account delete --ids $stgacnt - echo " Deleted storage account masocp${UNIQUE_STR}sa" - fi - echo "Deleted OCP cluster related resources" - fi + echo "OCP cluster resource group does not seem to exist" + echo "Skipping the deletion of OCP cluster resource group, will continue to delete the bootnode resource group" fi - else - echo "OCP cluster resource group does not seem to exist" - echo "Skipping the deletion of OCP cluster resource group, will continue to delete the bootnode resource group" - fi # Get domain and domain resource group BASE_DOMAIN=$(az deployment group list --resource-group $RG_NAME | jq ".[] | select(.properties.outputs.clusterUniqueString.value != null).properties.parameters.publicDomain.value" | tr -d '"') + DOMAINTYPE=$(az deployment group list --resource-group $RG_NAME | jq ".[] | select(.properties.outputs.clusterUniqueString.value != null).properties.parameters.privateCluster.value" | tr -d '"') + if [ $DOMAINTYPE == "false" ]; then BASE_DOMAIN_RG_NAME=$(az network dns zone list | jq --arg DNS_ZONE $BASE_DOMAIN '.[] | select(.name==$DNS_ZONE).resourceGroup' | tr -d '"') echo "BASE_DOMAIN=$BASE_DOMAIN" echo "BASE_DOMAIN_RG_NAME=$BASE_DOMAIN_RG_NAME" @@ -215,6 +173,8 @@ else fi fi fi +fi + ## Delete bootnode resource group if [[ -n $RG_NAME ]]; then @@ -242,10 +202,35 @@ if [[ -n $RG_NAME ]]; then else # Delete the resource group of bootnode echo "Deleting resource group $RG_NAME ..." - az group delete --yes --name $RG_NAME + az group delete -y --name $RG_NAME --no-wait + az group wait --name $RG_NAME --deleted echo "Deleted resource group $RG_NAME" fi else echo "No 'bootnode-resource-group' specified, you may need to delete the resource group explicitly if exists, or run the script with -r 'bootnode-resource-group' parameter" fi + +if [[ $INSTALL_MODE == "UPI" ]]; then + #Get the vnet resource name + OCP_CLUSTER_RG_NAME=$(az network vnet list | jq --arg VNET_NAME $vnetname '.[] | select(.name==$VNET_NAME).resourceGroup' | tr -d '"') + #Delete the bootnode subnet created in the existing vnet + #Get bootnode subnet name + bootnode_subnet_name=`az network vnet subnet list --resource-group $OCP_CLUSTER_RG_NAME --vnet-name $vnetname|jq '.[] | select(.name).name'|grep bootnode|tr -d '"'` + #Disassociate the nsg + az network nsg show -n bootnodeSubnet-nsg -g $OCP_CLUSTER_RG_NAME --query 'subnets[].id' -o tsv|grep $vnetname|xargs -L 1 az network vnet subnet update --network-security-group "" --ids + #Will not delete if using IPI resources + #az network nsg delete --resource-group $OCP_CLUSTER_RG_NAME --name bootnodeSubnet-nsg + #delete the bootnodesubnet + az network vnet subnet update --resource-group $OCP_CLUSTER_RG_NAME --name $bootnode_subnet_name --vnet-name $vnetname --remove delegations + az network vnet subnet delete --name $bootnode_subnet_name --resource-group $OCP_CLUSTER_RG_NAME --vnet-name $vnetname + for restype in Microsoft.Network/privateEndpoints Microsoft.Network/networkInterfaces Microsoft.Network/publicIPAddresses Microsoft.Network/privateDnsZones/virtualNetworkLinks Microsoft.Storage/storageAccounts; do + resourceId=$(az resource list --resource-group $OCP_CLUSTER_RG_NAME --resource-type "$restype"| jq '.[]'|grep -w id|tr -d '"'|tr -d ','|cut -d ":" -f 2) + echo $resourceId + if [[ -n $resourceId ]]; then + az resource delete --resource-group $OCP_CLUSTER_RG_NAME --resource-type "$restype" --ids $resourceId + else + echo " No resources of type $restype found" + fi + done +fi echoBlue "==== Execution completed at `date` ====" diff --git a/azure/create-ocp-cluster.sh b/azure/create-ocp-cluster.sh index 1885c403..1c2f86f4 100755 --- a/azure/create-ocp-cluster.sh +++ b/azure/create-ocp-cluster.sh @@ -25,6 +25,10 @@ openshift-username = "$OCP_USERNAME" openshift-password = "$OCP_PASSWORD" master-node-count = "$MASTER_NODE_COUNT" worker-node-count = "$WORKER_NODE_COUNT" +virtual-network-name = "$EXISTING_NETWORK" +new-or-existing = "$new_or_existing_vpc_subnet" +existing-vnet-resource-group = "$EXISTING_NETWORK_RG" +private-or-public-cluster = "$private_or_public_cluster" EOT if [[ -f terraform.tfvars ]]; then chmod 600 terraform.tfvars diff --git a/azure/deploy.sh b/azure/deploy.sh index 00148a73..83fc0c66 100755 --- a/azure/deploy.sh +++ b/azure/deploy.sh @@ -12,7 +12,7 @@ export KAFKA_STORAGE_CLASS=managed-premium SP_NAME="http://${CLUSTER_NAME}-sp" # SLS variables export SLS_STORAGE_CLASS=managed-premium -# BAS variables +# UDS variables export UDS_STORAGE_CLASS=managed-premium # CP4D variables export CPD_METADATA_STORAGE_CLASS=managed-premium @@ -62,17 +62,11 @@ if [[ $OPENSHIFT_USER_PROVIDE == "false" ]]; then cd $GIT_REPO_HOME ## Create OCP cluster - if [[ $INSTALLATION_MODE == "IPI" ]]; then cd $GIT_REPO_HOME/azure set +e ./create-ocp-cluster.sh retcode=$? - else - cd $GIT_REPO_HOME/azure/upifiles - set +e - ./create-ocp-cluster-upi.sh - retcode=$? - fi + if [[ $retcode -ne 0 ]]; then log "OCP cluster creation failed" exit 21 @@ -87,7 +81,7 @@ if [[ $OPENSHIFT_USER_PROVIDE == "false" ]]; then log "==== Adding PID limits to worker nodes ====" oc create -f $GIT_REPO_HOME/templates/container-runtime-config.yml - # Backup Terraform configuration + # Backup deployment context rm -rf /tmp/ansible-devops mkdir /tmp/ansible-devops cp -r * /tmp/ansible-devops @@ -98,11 +92,11 @@ if [[ $OPENSHIFT_USER_PROVIDE == "false" ]]; then az storage blob upload --account-name ${STORAGE_ACNT_NAME} --container-name masocpcontainer --name ${DEPLOYMENT_CONTEXT_UPLOAD_PATH} --file ${BACKUP_FILE_NAME} retcode=$? if [[ $retcode -ne 0 ]]; then - log "Failed while uploading deployment context to blob storage3" + log "Failed while uploading deployment context to blob storage" exit 23 fi set -e - log "OCP cluster Terraform configuration backed up at $DEPLOYMENT_CONTEXT_UPLOAD_PATH in file $CLUSTER_NAME.zip" + log "OCP cluster deployment context backed up at $DEPLOYMENT_CONTEXT_UPLOAD_PATH in file $CLUSTER_NAME.zip" else log "==== Existing OCP cluster provided, skipping the cluster creation, Bastion host creation and S3 upload of deployment context ====" @@ -123,7 +117,7 @@ envsubst /tmp/.dockerconfigjson oc set data secret/pull-secret -n openshift-config --from-file=/tmp/.dockerconfigjson # Run ansible playbook to create azurefiles storage class -log "=== Creating azurefiles-premium Storage class on OCP cluster ===" +log "=== Creating azurefiles-premium Storage class , managed-premium Storage class on OCP cluster ===" cd $GIT_REPO_HOME/azure/azurefiles ./azurefiles-premium.sh retcode=$? @@ -211,15 +205,28 @@ if [[ $DEPLOY_CP4D == "true" ]]; then log "==== CP4D deployment completed ====" fi +## Deploy Manage +if [[ $DEPLOY_MANAGE == "true" && (-z $MAS_JDBC_USER) && (-z $MAS_JDBC_PASSWORD) && (-z $MAS_JDBC_URL) && (-z $MAS_JDBC_CERT_URL) ]]; then + log "==== Configure internal db2 for manage started ====" + export ROLE_NAME=db2 && ansible-playbook ibm.mas_devops.run_role + export ROLE_NAME=suite_db2_setup_for_manage && ansible-playbook ibm.mas_devops.run_role + log "==== Configuration of internal db2 for manage completed ====" +fi + ## Create MAS Workspace log "==== MAS Workspace generation started ====" export ROLE_NAME=gencfg_workspace && ansible-playbook ibm.mas_devops.run_role log "==== MAS Workspace generation completed ====" -if [[ $DEPLOY_MANAGE == "true" ]]; then - log "==== Configure JDBC started ====" +if [[ $DEPLOY_MANAGE == "true" && (-n $MAS_JDBC_USER) && (-n $MAS_JDBC_PASSWORD) && (-n $MAS_JDBC_URL) ]]; then + export SSL_ENABLED=false + if [ -n "$MAS_JDBC_CERT_URL" ]; then + log "MAS_JDBC_CERT_URL is not empty, setting SSL_ENABLED as true" + export SSL_ENABLED=true + fi + log "==== Configure JDBC started for external DB2 ==== SSL_ENABLED = $SSL_ENABLED" export ROLE_NAME=gencfg_jdbc && ansible-playbook ibm.mas_devops.run_role - log "==== Configure JDBC completed ====" + log "==== Configure JDBC completed for external DB2 ====" fi ## Deploy MAS @@ -239,6 +246,7 @@ if [[ $DEPLOY_MANAGE == "true" ]]; then # Configure app to use the DB log "==== MAS Manage configure app started ====" + export MAS_APPWS_BINDINGS_JDBC="workspace-application" export ROLE_NAME=suite_app_config && ansible-playbook ibm.mas_devops.run_role log "==== MAS Manage configure app completed ====" fi diff --git a/azure/master-arm/byol-existing-ocp/createUiDefinition.json b/azure/master-arm/byol-existing-ocp/createUiDefinition.json index e6a75e55..8d5bda6c 100644 --- a/azure/master-arm/byol-existing-ocp/createUiDefinition.json +++ b/azure/master-arm/byol-existing-ocp/createUiDefinition.json @@ -201,6 +201,32 @@ }, "visible": true }, + { + "name": "BootNodeVnetId", + "type": "Microsoft.Common.TextBox", + "label": "BootNodeVnetId", + "defaultValue": "", + "toolTip": "Enter the Vnet Id to create the bootnode into. If existing OpenShift cluster is specified,\n make sure it is reachable from this Vnet.", + "constraints": { + "required": true, + "regex": "^[A-Za-z0-9-\\\\\\s!#@.:=?<>”$%&’()*+,/;[\\^_`{|}~\\]]*$", + "validationMessage": "Contain letters, numbers and special characters only." + }, + "visible": true + }, + { + "name": "BootNodeVnetResourceGroup", + "type": "Microsoft.Common.TextBox", + "label": "BootNodeVnetResourceGroup", + "defaultValue": "", + "toolTip": "Enter the BootNodeVnetId's resource group ", + "constraints": { + "required": true, + "regex": "^[A-Za-z0-9-\\\\\\s!#@.:=?<>”$%&’()*+,/;[\\^_`{|}~\\]]*$", + "validationMessage": "Contain letters, numbers and special characters only." + }, + "visible": true + }, { "name": "slsEndpointUrl", "type": "Microsoft.Common.TextBox", @@ -467,10 +493,12 @@ "offeringType": "[steps('ApplicationSettings').offeringType]", "entitledRegistryKey": "[steps('ApplicationSettings').entitledRegistryKey]", "masLicenseUrl": "[steps('ApplicationSettings').masLicenseUrl]", - "operationalMode": "[steps('ApplicationSettings').operationalMode]", + "operationalMode": "[steps('ApplicationSettings').operationalMode]", "openShiftClusterApiUrl": "[steps('ExistingInfrastructure').openShiftClusterApiUrl]", "openShiftUser": "[steps('ExistingInfrastructure').openShiftUser]", "openShiftPwd": "[steps('ExistingInfrastructure').openShiftPwd]", + "BootNodeVnetId": "[steps('ExistingInfrastructure').BootNodeVnetId]", + "BootNodeVnetResourceGroup": "[steps('ExistingInfrastructure').BootNodeVnetResourceGroup]", "slsEndpointUrl": "[steps('ExistingInfrastructure').slsEndpointUrl]", "slsRegistrationKey": "[steps('ExistingInfrastructure').slsRegistrationKey]", "slsPublicCertificateUrl": "[steps('ExistingInfrastructure').slsPublicCertificateUrl]", diff --git a/azure/master-arm/byol-existing-ocp/mainTemplate-dev.json b/azure/master-arm/byol-existing-ocp/mainTemplate-dev.json index 758fdef3..07fd0024 100755 --- a/azure/master-arm/byol-existing-ocp/mainTemplate-dev.json +++ b/azure/master-arm/byol-existing-ocp/mainTemplate-dev.json @@ -32,7 +32,7 @@ "offeringType": { "type": "string", "metadata": { - "description": "Select your preferred Suite offering type." + "description": "Select your preferred Suite offering type.For MAS Core + Manage: If db2 values are not provided,db2 will be internally deployed." }, "defaultValue": "MAS Core + Cloud Pak for Data", "allowedValues": [ @@ -40,10 +40,10 @@ "MAS Core + Manage (no Cloud Pak for Data)" ] }, - "publicDomain": { + "hostedDomain": { "type": "string", "metadata": { - "description": "Provide the public App Service domain that you created in the App Service Domains, for example: mas4aws.myorg.com" + "description": "Provide the public App Service domain /Private DNS zones that you created in the App Service Domains /Private DNS zones, for example: mas4azure.com" }, "defaultValue": "" }, @@ -228,6 +228,20 @@ "description": "Enter Azure service principal tenant id." } }, + "BootNodeVnetId": { + "defaultValue": "", + "type": "String", + "metadata": { + "description": "Enter the Vnet Id to create the bootnode into. If existing OpenShift cluster is specified,\n make sure it is reachable from this Vnet." + } + }, + "BootNodeVnetResourceGroup": { + "defaultValue": "", + "type": "String", + "metadata": { + "description": "Enter the BootNodeVnetId's resource group ." + } + }, "emailNotification": { "type": "string", "metadata": { @@ -277,21 +291,18 @@ }, "variables": { "seller_subscription_id": "b2ca5467-2502-4b05-b78e-744604c6531d", - "seller_compute_gallery_name": "masbyolimagegallery20221213212024", - "seller_image_definition": "masocp-image-def-20221213212024", + "seller_compute_gallery_name": "masbyolimagegallery20230320120702", + "seller_image_definition": "masocp-image-def-20230320120702", "projectName": "[concat('e',substring(uniqueString(resourceGroup().id, deployment().name), 0, 5))]", "rgName": "[resourceGroup().name]", - "vNetName": "[concat(variables('projectName'), '-vnet')]", - "vNetAddressPrefixes": "10.0.0.0/16", - "vNetSubnetName": "default", - "vNetSubnetAddressPrefix": "10.0.0.0/24", + "vNetSubnetName": "[concat('masocp-', variables('projectName'), '-bootnodeSubnet')]", + "vNetSubnetAddressPrefix": "10.0.5.0/24", "logAnalyticsWorkspace": "[concat('masocp-', variables('projectName'), '-logAnalyticsWorkspace')]", - "logAnalyticsWorkspaceId": "[resourceId('Microsoft.OperationalInsights/workspaces', variables('logAnalyticsWorkspace'))]", "vmName": "[concat('masocp-', variables('projectName'), '-bootnode-vm')]", "publicIPAddressName": "[concat(variables('projectName'), '-ip')]", "networkInterfaceName": "[concat(variables('projectName'), '-nic')]", "networkSecurityGroupName": "[concat(variables('projectName'), '-nsg')]", - "networkSecurityGroupName2": "[concat(variables('vNetSubnetName'), '-nsg')]", + "networkSecurityGroupName2": "bootnodeSubnet-nsg", "storageaccountName": "[concat('masocp', variables('projectName'),'stgaccount')]" }, "resources": [ @@ -332,54 +343,59 @@ } }, { - "comments": "Simple Network Security Group for subnet [variables('vNetSubnetName')]", - "type": "Microsoft.Network/networkSecurityGroups", - "apiVersion": "2022-07-01", - "name": "[variables('networkSecurityGroupName2')]", - "location": "[parameters('location')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "existingvnetTemplate", + "resourceGroup": "[parameters('BootNodeVnetResourceGroup')]", + "subscriptionid": "[variables('seller_subscription_id')]", "properties": { - "securityRules": [ - { - "name": "default-allow-22", - "properties": { - "priority": 1000, - "access": "Allow", - "direction": "Inbound", - "destinationPortRange": "22", - "protocol": "Tcp", - "sourceAddressPrefix": "[parameters('bootnodeSGIngressCidrIp')]", - "sourcePortRange": "*", - "destinationAddressPrefix": "*" - } - } - ] - } - }, - { - "type": "Microsoft.Network/virtualNetworks", - "apiVersion": "2022-07-01", - "name": "[variables('vNetName')]", - "location": "[parameters('location')]", - "dependsOn": [ - "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName2'))]" - ], - "properties": { - "addressSpace": { - "addressPrefixes": [ - "[variables('vNetAddressPrefixes')]" - ] - }, - "subnets": [ - { - "name": "[variables('vNetSubnetName')]", - "properties": { - "addressPrefix": "[variables('vNetSubnetAddressPrefix')]", - "networkSecurityGroup": { - "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName2'))]" + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": {}, + "variables": {}, + "resources": [ + { + "type": "Microsoft.Network/networkSecurityGroups", + "apiVersion": "2022-07-01", + "name": "[variables('networkSecurityGroupName2')]", + "location": "[parameters('location')]", + "properties": { + "securityRules": [ + { + "name": "default-allow-22", + "properties": { + "priority": 1000, + "access": "Allow", + "direction": "Inbound", + "destinationPortRange": "22", + "protocol": "Tcp", + "sourceAddressPrefix": "[parameters('bootnodeSGIngressCidrIp')]", + "sourcePortRange": "*", + "destinationAddressPrefix": "*" + } + } + ] + } + }, + { + "type": "Microsoft.Network/virtualNetworks/subnets", + "apiVersion": "2022-07-01", + "name": "[format('{0}/{1}', parameters('BootNodeVnetId'), variables('vNetSubnetName'))]", + "location": "[parameters('location')]", + "dependsOn": [ + "[resourceId(parameters('BootNodeVnetResourceGroup'),'Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName2'))]" + ], + "properties": { + "addressPrefix": "[variables('vNetSubnetAddressPrefix')]", + "networkSecurityGroup": { + "id": "[resourceId(parameters('BootNodeVnetResourceGroup'),'Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName2'))]" + } } } - } - ] + ] + } } }, { @@ -389,7 +405,7 @@ "location": "[parameters('location')]", "dependsOn": [ "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName'))]", - "[resourceId('Microsoft.Network/virtualNetworks', variables('vNetName'))]", + "existingvnetTemplate", "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName'))]" ], "properties": { @@ -402,7 +418,7 @@ "id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName'))]" }, "subnet": { - "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('vNetName'), variables('vNetSubnetName'))]" + "id": "[resourceId(parameters('BootNodeVnetResourceGroup'),'Microsoft.Network/virtualNetworks/subnets', parameters('BootNodeVnetId'), variables('vNetSubnetName'))]" } } } @@ -532,33 +548,26 @@ "typeHandlerVersion": "2.0", "autoUpgradeMinorVersion": true, "protectedSettings": { - "commandToExecute": "[concat('sleep 120;', 'cd /root/ansible-devops/multicloud-bootstrap;', './init-async.sh azure ''', parameters('offeringType'), ''' ''', parameters('location'), ''' null ''', parameters('clusterSize'), ''' ''', variables('projectName'), ''' ''', parameters('publicDomain'), ''' null ''', parameters('sshPublicKey'), ''' null ''', parameters('entitledRegistryKey'), ''' ''', parameters('openShiftPullSecret'), ''' ''', parameters('masLicenseUrl'), ''' ''', parameters('slsEndpointUrl'), ''' ''', parameters('slsRegistrationKey'), ''' ''', parameters('slsPublicCertificateUrl'), ''' ''', parameters('udsEndpointUrl'), ''' ''', parameters('udsAPIKey'), ''' ''', parameters('udsPublicCertificateUrl'), ''' ''', parameters('masManageDBUser'), ''' ''', parameters('masManageDBPassword'), ''' ''', parameters('masManageDBJdbcUrl'), ''' ''', parameters('masManageDBCertificateUrl'), ''' ''', parameters('importDemoData'), ''' ''', parameters('openShiftClusterApiUrl'), ''' ''', parameters('openShiftUser'), ''' ''', parameters('openShiftPwd'), ''' ''', variables('rgName'), ''' ''', parameters('emailNotification'), ''' ''', parameters('notificattionEmailAddress'), ''' ''', parameters('smtpHost'), ''' ''', parameters('smtpPort'), ''' ''', parameters('smtpUsername'), ''' ''', parameters('smtpPassword'), ''' ''', parameters('azureServicePrincipalClientId'), ''' ''', parameters('azureServicePrincipalClientSecret'), ''' ''', variables('seller_subscription_id'), ''' ''', parameters('azureServicePrincipalTenantId'), ''' null null '''' '''' null null null null null null null ''', parameters('operationalMode'), ''' dev ''', ''' > mas-provisioning.log 2>&1;')]" - } + "commandToExecute": "[concat('sleep 120;', 'cd /root/ansible-devops/multicloud-bootstrap;', './init-async.sh azure ''', parameters('offeringType'), ''' ''', parameters('location'), ''' null ''', parameters('clusterSize'), ''' ''', variables('projectName'), ''' ''', parameters('hostedDomain'), ''' null ''', parameters('sshPublicKey'), ''' null ''', parameters('entitledRegistryKey'), ''' ''', parameters('openShiftPullSecret'), ''' ''', parameters('masLicenseUrl'), ''' ''', parameters('slsEndpointUrl'), ''' ''', parameters('slsRegistrationKey'), ''' ''', parameters('slsPublicCertificateUrl'), ''' ''', parameters('udsEndpointUrl'), ''' ''', parameters('udsAPIKey'), ''' ''', parameters('udsPublicCertificateUrl'), ''' ''', parameters('masManageDBUser'), ''' ''', parameters('masManageDBPassword'), ''' ''', parameters('masManageDBJdbcUrl'), ''' ''', parameters('masManageDBCertificateUrl'), ''' ''', parameters('importDemoData'), ''' ''', parameters('openShiftClusterApiUrl'), ''' ''', parameters('openShiftUser'), ''' ''', parameters('openShiftPwd'), ''' ''', variables('rgName'), ''' ''', parameters('emailNotification'), ''' ''', parameters('notificattionEmailAddress'), ''' ''', parameters('smtpHost'), ''' ''', parameters('smtpPort'), ''' ''', parameters('smtpUsername'), ''' ''', parameters('smtpPassword'), ''' ''', parameters('azureServicePrincipalClientId'), ''' ''', parameters('azureServicePrincipalClientSecret'), ''' ''', variables('seller_subscription_id'), ''' ''', parameters('azureServicePrincipalTenantId'), ''' null null null null ''',parameters('BootNodeVnetId'),''' '''' null null null null null null null ''', parameters('operationalMode'), ''' '''' '''' '''' '''' '''' '''' '''' '''' dev ''', ''' > mas-provisioning.log 2>&1;')]" } } } ] }, { "type": "Microsoft.Compute/virtualMachines/extensions", - "apiVersion": "2022-08-01", - "name": "[concat(variables('vmName'),'/', 'OMSExtension')]", + "apiVersion": "2021-11-01", + "name": "[format('{0}/AzureMonitorLinuxAgent', variables('vmName'))]", "location": "[parameters('location')]", "dependsOn": [ "[resourceId('Microsoft.Compute/virtualMachines', variables('vmName'))]", "[resourceId('Microsoft.OperationalInsights/workspaces', variables('logAnalyticsWorkspace'))]" ], "properties": { - "publisher": "Microsoft.EnterpriseCloud.Monitoring", - "type": "OmsAgentForLinux", - "typeHandlerVersion": "1.4", + "publisher": "Microsoft.Azure.Monitor", + "type": "AzureMonitorLinuxAgent", + "typeHandlerVersion": "1.21", "autoUpgradeMinorVersion": true, - "settings": { - "workspaceId": "[reference(variables('logAnalyticsWorkspaceId'), '2021-06-01').customerId]", - "stopOnMultipleConnections": true - }, - "protectedSettings": { - "workspaceKey": "[listKeys(variables('logAnalyticsWorkspaceId'), '2021-06-01').primarySharedKey]" - } + "enableAutomaticUpgrade": true } }, { diff --git a/azure/master-arm/byol-existing-ocp/mainTemplate.json b/azure/master-arm/byol-existing-ocp/mainTemplate.json index d4df55c2..881d3cba 100644 --- a/azure/master-arm/byol-existing-ocp/mainTemplate.json +++ b/azure/master-arm/byol-existing-ocp/mainTemplate.json @@ -1,113 +1,113 @@ { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "location": { - "type": "string", - "metadata": { - "description": "Azure region where bootnode and OpenShift cluster resources to be deployed" - }, - "defaultValue": "[resourceGroup().location]" - }, - "adminUserName": { - "type": "string", - "metadata": { - "description": "adminUserName" - }, - "defaultValue": "azureuser", - "allowedValues": [ - "azureuser" - ] - }, - "vmSize": { - "type": "string", - "metadata": { - "description": "vmSize." - }, - "defaultValue": "Standard_D2s_v3", - "allowedValues": [ - "Standard_D2s_v3" - ] - }, - "offeringType": { - "type": "string", - "metadata": { - "description": "Select your preferred Suite offering type." - }, - "defaultValue": "MAS Core + Cloud Pak for Data", - "allowedValues": [ - "MAS Core + Cloud Pak for Data", - "MAS Core + Manage (no Cloud Pak for Data)" - ] - }, - "publicDomain": { - "type": "string", - "metadata": { - "description": "Provide the public App Service domain that you created in the App Service Domains, for example: mas4aws.myorg.com" - }, - "defaultValue": "" + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "string", + "metadata": { + "description": "Azure region where bootnode and OpenShift cluster resources to be deployed" }, - "bootnodeSGIngressCidrIp": { - "type": "string", - "defaultValue": "0.0.0.0/0", - "metadata": { - "description": "Use CIDR notation to enter the IP addresses that can access the bootnode. For example, 192.12.33.3/32. To allow access from all IP addresses, enter 0.0.0.0/0." - } + "defaultValue": "[resourceGroup().location]" + }, + "adminUserName": { + "type": "string", + "metadata": { + "description": "adminUserName" }, - "clusterSize": { - "type": "string", - "metadata": { - "description": "Select your preferred cluster size. All master nodes (M) are Standard_D8s_v3 virtual machines. All worker nodes (W) are Standard_D16s_v3 instances. Choose from: small (3M, 3W, total memory: 288GB), medium (3M, 5W, total memory: 416GB), or large (5M, 7W, total memory: 608GB)." - }, - "defaultValue": "small", - "allowedValues": [ - "small", - "medium", - "large" - ] + "defaultValue": "azureuser", + "allowedValues": [ + "azureuser" + ] + }, + "vmSize": { + "type": "string", + "metadata": { + "description": "vmSize." }, - "openShiftClusterApiUrl": { - "type": "string", - "metadata": { - "description": "Enter the cluster's URL in the format https://api... Do not specify the port number. For example,https://api.masocp.joalae.mas4aws.com" - }, - "defaultValue": "" + "defaultValue": "Standard_D2s_v3", + "allowedValues": [ + "Standard_D2s_v3" + ] + }, + "offeringType": { + "type": "string", + "metadata": { + "description": "Select your preferred Suite offering type.For MAS Core + Manage: If db2 values are not provided,db2 will be internally deployed." }, - "openShiftUser": { - "type": "string", - "metadata": { - "description": "Enter the username of the existing cluster account." - }, - "defaultValue": "" + "defaultValue": "MAS Core + Cloud Pak for Data", + "allowedValues": [ + "MAS Core + Cloud Pak for Data", + "MAS Core + Manage (no Cloud Pak for Data)" + ] + }, + "hostedDomain": { + "type": "string", + "metadata": { + "description": "Provide the public App Service domain /Private DNS zones that you created in the App Service Domains /Private DNS zones, for example: mas4azure.com" }, - "openShiftPwd": { - "type": "secureString", - "metadata": { - "description": "Enter the password of the existing cluster account." - }, - "defaultValue": "" + "defaultValue": "" + }, + "bootnodeSGIngressCidrIp": { + "type": "string", + "defaultValue": "0.0.0.0/0", + "metadata": { + "description": "Use CIDR notation to enter the IP addresses that can access the bootnode. For example, 192.12.33.3/32. To allow access from all IP addresses, enter 0.0.0.0/0." + } + }, + "clusterSize": { + "type": "string", + "metadata": { + "description": "Select your preferred cluster size. All master nodes (M) are Standard_D8s_v3 virtual machines. All worker nodes (W) are Standard_D16s_v3 instances. Choose from: small (3M, 3W, total memory: 288GB), medium (3M, 5W, total memory: 416GB), or large (5M, 7W, total memory: 608GB)." }, - "entitledRegistryKey": { - "type": "secureString", - "defaultValue": "", - "metadata": { - "description": "Enter the registry key that you downloaded from the IBM Container Library." - } + "defaultValue": "small", + "allowedValues": [ + "small", + "medium", + "large" + ] + }, + "openShiftClusterApiUrl": { + "type": "string", + "metadata": { + "description": "Enter the cluster's URL in the format https://api... Do not specify the port number. For example,https://api.masocp.joalae.mas4aws.com" }, - "openShiftPullSecret": { - "type": "secureString", - "defaultValue": "", - "metadata": { - "description": "Enter the JSON text from the pull secret file that you downloaded from the Red Hat Hybrid Cloud Console." - } + "defaultValue": "" + }, + "openShiftUser": { + "type": "string", + "metadata": { + "description": "Enter the username of the existing cluster account." }, - "masLicenseUrl": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Enter the URL (preferebly with SAS token) of your Suite license key file kept on the Blob storage, for example: https://masocpstgaccount.blob.core.windows.net/masocpcontainer/entitlement.lic?[blob-sas-token] (Applicable only for BYOL product)" - } + "defaultValue": "" + }, + "openShiftPwd": { + "type": "secureString", + "metadata": { + "description": "Enter the password of the existing cluster account." }, + "defaultValue": "" + }, + "entitledRegistryKey": { + "type": "secureString", + "defaultValue": "", + "metadata": { + "description": "Enter the registry key that you downloaded from the IBM Container Library." + } + }, + "openShiftPullSecret": { + "type": "secureString", + "defaultValue": "", + "metadata": { + "description": "Enter the JSON text from the pull secret file that you downloaded from the Red Hat Hybrid Cloud Console." + } + }, + "masLicenseUrl": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Enter the URL (preferebly with SAS token) of your Suite license key file kept on the Blob storage, for example: https://masocpstgaccount.blob.core.windows.net/masocpcontainer/entitlement.lic?[blob-sas-token] (Applicable only for BYOL product)" + } + }, "operationalMode": { "type": "string", "defaultValue": "Production", @@ -118,506 +118,515 @@ "Production", "Non-production" ] + }, + "masManageDBUser": { + "type": "string", + "metadata": { + "description": "Enter the username that the Maximo Manage application uses to connect to the database." }, - "masManageDBUser": { - "type": "string", - "metadata": { - "description": "Enter the username that the Maximo Manage application uses to connect to the database." - }, - "defaultValue": "" - }, - "masManageDBPassword": { - "type": "secureString", - "metadata": { - "description": "Enter the password that the Maximo Manage application uses to connect to the database." - }, - "defaultValue": "" - }, - "masManageDBJdbcUrl": { - "type": "string", - "metadata": { - "description": "Enter the URL location of the database that the Maximo Manage application connects to, for example: jdbc:db2://1.2.3.4:50051/FTMDB:sslConnection=true;" - }, - "defaultValue": "" - }, - "masManageDBCertificateUrl": { - "type": "string", - "metadata": { - "description": "Enter the Blob SAS location of the database's public certificate, for example: s3://masocp-license/db-certificate.crt" - }, - "defaultValue": "" - }, - "importDemoData": { - "type": "string", - "metadata": { - "description": "Indicate whether you want to import demo data into the database. This might be useful for development or test environments." - }, - "defaultValue": "false", - "allowedValues": [ - "true", - "false" - ] + "defaultValue": "" + }, + "masManageDBPassword": { + "type": "secureString", + "metadata": { + "description": "Enter the password that the Maximo Manage application uses to connect to the database." }, - "sshPublicKey": { - "type": "string", - "defaultValue": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZsnnoLyMnmObhjDLHNh9ksowEb1dV1eb8Ssw7vdzLFoWVf+Upm1xtH2vOybaDfE/rES+aQIsjrKhwlGM+o2ViM9skQJIX/34/gzt3r+SUG4bzRvAtmPofAoQTrvRKWwL47K8nNPVcqHoV1TMEL9R+F8UTwQGbhz5FuxEt0eReOBCxNQnuLPLChawaml7LSNNaRka6tBQ/QeA/oJdo82sn/tpNZFNivOn8+fo+HNQPvirFJKLmsiER2HFuhH6p3wHYA1IMqzzOcWv52cRRIONyowyPbuCCVzbdXSHWt2JtcyvkwAqc2a5DuhxTeioYP+xAij9r/Xkc/x94sXAsAJtz imported-openssh-key", - "metadata": { - "description": "Provide the public SSH key that you want to add to the bootnode, bastion host and cluster nodes." - } + "defaultValue": "" + }, + "masManageDBJdbcUrl": { + "type": "string", + "metadata": { + "description": "Enter the URL location of the database that the Maximo Manage application connects to, for example: jdbc:db2://1.2.3.4:50051/FTMDB:sslConnection=true;" }, - "slsEndpointUrl": { - "type": "string", - "metadata": { - "description": "Enter the endpoint URL that you retrieved from the 'masocp-' OpenShift route in the SLS namespace (ibm-sls-). URL should not have slash (/) at the end." - }, - "defaultValue": "" + "defaultValue": "" + }, + "masManageDBCertificateUrl": { + "type": "string", + "metadata": { + "description": "Enter the Blob SAS location of the database's public certificate, for example: s3://masocp-license/db-certificate.crt" }, - "slsRegistrationKey": { - "type": "string", - "metadata": { - "description": "Enter the 'status.registrationKey' value that you retrieved from the LicenseService instance YAML in the SLS namespace (ibm-sls-)." - }, - "defaultValue": "" + "defaultValue": "" + }, + "importDemoData": { + "type": "string", + "metadata": { + "description": "Indicate whether you want to import demo data into the database. This might be useful for development or test environments." }, - "slsPublicCertificateUrl": { - "type": "string", - "metadata": { - "description": "Enter the URL (preferebly with SAS token) of the service's public certificate that you retrieved from the 'ca.crt' file in the '-sls-cfg' secret in the MAS core namespace (mas--core)." - }, + "defaultValue": "false", + "allowedValues": [ + "true", + "false" + ] + }, + "sshPublicKey": { + "type": "string", + "metadata": { + "description": "Provide the public SSH key that you want to add to the bootnode, bastion host and cluster nodes.", "defaultValue": "" + } + }, + "slsEndpointUrl": { + "type": "string", + "metadata": { + "description": "Enter the endpoint URL that you retrieved from the 'masocp-' OpenShift route in the SLS namespace (ibm-sls-). URL should not have slash (/) at the end." }, - "udsEndpointUrl": { - "type": "string", - "metadata": { - "description": "Enter the endpoint URL that you retrieved from the 'uds-endpoint' OpenShift route in the ibm-common-services namespace. URL should not have slash (/) at the end." - }, - "defaultValue": "" + "defaultValue": "" + }, + "slsRegistrationKey": { + "type": "string", + "metadata": { + "description": "Enter the 'status.registrationKey' value that you retrieved from the LicenseService instance YAML in the SLS namespace (ibm-sls-)." }, - "udsAPIKey": { - "type": "string", - "metadata": { - "description": "Enter the service's API key that you retrieved from the 'uds-api-key' secret in the ibm-common-services namespace." - }, - "defaultValue": "" + "defaultValue": "" + }, + "slsPublicCertificateUrl": { + "type": "string", + "metadata": { + "description": "Enter the URL (preferebly with SAS token) of the service's public certificate that you retrieved from the 'ca.crt' file in the '-sls-cfg' secret in the MAS core namespace (mas--core)." }, - "udsPublicCertificateUrl": { - "type": "string", - "metadata": { - "description": "Enter the URL (preferebly with SAS token) of the service's public certificate that you retrieved from the 'ca-bundle.pem' file in the '-uds-cfg' route in the MAS core namespace." - }, - "defaultValue": "" + "defaultValue": "" + }, + "udsEndpointUrl": { + "type": "string", + "metadata": { + "description": "Enter the endpoint URL that you retrieved from the 'uds-endpoint' OpenShift route in the ibm-common-services namespace. URL should not have slash (/) at the end." }, - "azureServicePrincipalClientId": { - "type": "string", - "defaultValue": "1bc717ac-ea87-4011-ac59-21e6942a2e2f", - "metadata": { - "description": "Enter Azure service principal client Id." - } + "defaultValue": "" + }, + "udsAPIKey": { + "type": "string", + "metadata": { + "description": "Enter the service's API key that you retrieved from the 'uds-api-key' secret in the ibm-common-services namespace." }, - "azureServicePrincipalClientSecret": { - "type": "secureString", - "defaultValue": "", - "metadata": { - "description": "Enter Azure service principal client secret." - } + "defaultValue": "" + }, + "udsPublicCertificateUrl": { + "type": "string", + "metadata": { + "description": "Enter the URL (preferebly with SAS token) of the service's public certificate that you retrieved from the 'ca-bundle.pem' file in the '-uds-cfg' route in the MAS core namespace." }, - "azureServicePrincipalTenantId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Enter Azure service principal tenant id." - } + "defaultValue": "" + }, + "azureServicePrincipalClientId": { + "type": "string", + "defaultValue": "1bc717ac-ea87-4011-ac59-21e6942a2e2f", + "metadata": { + "description": "Enter Azure service principal client Id." + } + }, + "azureServicePrincipalClientSecret": { + "type": "secureString", + "defaultValue": "", + "metadata": { + "description": "Enter Azure service principal client secret." + } + }, + "azureServicePrincipalTenantId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Enter Azure service principal tenant id." + } + }, + "BootNodeVnetId": { + "defaultValue": "", + "type": "String", + "metadata": { + "description": "Enter the Vnet Id to create the bootnode into. If existing OpenShift cluster is specified,\n make sure it is reachable from this Vnet." + } + }, + "BootNodeVnetResourceGroup": { + "defaultValue": "", + "type": "String", + "metadata": { + "description": "Enter the BootNodeVnetId's resource group ." + } + }, + "emailNotification": { + "type": "string", + "metadata": { + "description": "Indicate whether you want to receive emails that contain the connection details and credentials for the Suite. These emails are sent using the provided SMTP server details." }, - "emailNotification": { - "type": "string", - "metadata": { - "description": "Indicate whether you want to receive emails that contain the connection details and credentials for the Suite. These emails are sent using the provided SMTP server details." - }, - "defaultValue": "false", - "allowedValues": [ - "true", - "false" - ] + "defaultValue": "false", + "allowedValues": [ + "true", + "false" + ] + }, + "smtpHost": { + "type": "string", + "metadata": { + "description": "Hostname of IP address of the SMTP server." }, - "smtpHost": { - "type": "string", - "metadata": { - "description": "Hostname of IP address of the SMTP server." - }, - "defaultValue": "smtp.mailgun.org" + "defaultValue": "smtp.mailgun.org" + }, + "smtpPort": { + "type": "string", + "metadata": { + "description": "Port of the SMTP server." }, - "smtpPort": { - "type": "string", - "metadata": { - "description": "Port of the SMTP server." - }, - "defaultValue": "587" + "defaultValue": "587" + }, + "smtpUsername": { + "type": "string", + "metadata": { + "description": "Username to be used with SMTP server." }, - "smtpUsername": { - "type": "string", - "metadata": { - "description": "Username to be used with SMTP server." - }, - "defaultValue": "postmaster@sandbox3978ba24a60744d190234c38b5135dfb.mailgun.org" + "defaultValue": "postmaster@sandbox3978ba24a60744d190234c38b5135dfb.mailgun.org" + }, + "smtpPassword": { + "type": "secureString", + "metadata": { + "description": "Password to be used with SMTP server." }, - "smtpPassword": { - "type": "secureString", - "metadata": { - "description": "Password to be used with SMTP server." - }, - "defaultValue": "" + "defaultValue": "" + }, + "notificattionEmailAddress": { + "type": "string", + "metadata": { + "description": "Email address to send email to. If empty, no email will be sent." }, - "notificattionEmailAddress": { - "type": "string", - "metadata": { - "description": "Email address to send email to. If empty, no email will be sent." - }, - "defaultValue": "" + "defaultValue": "" + } + }, + "variables": { + "seller_subscription_id": "b2ca5467-2502-4b05-b78e-744604c6531d", + "projectName": "[concat('e',substring(uniqueString(resourceGroup().id, deployment().name), 0, 5))]", + "rgName": "[resourceGroup().name]", + "vNetSubnetName": "[concat('masocp-', variables('projectName'), '-bootnodeSubnet')]", + "vNetSubnetAddressPrefix": "10.0.5.0/24", + "logAnalyticsWorkspace": "[concat('masocp-', variables('projectName'), '-logAnalyticsWorkspace')]", + "vmName": "[concat('masocp-', variables('projectName'), '-bootnode-vm')]", + "publicIPAddressName": "[concat(variables('projectName'), '-ip')]", + "networkInterfaceName": "[concat(variables('projectName'), '-nic')]", + "networkSecurityGroupName": "[concat(variables('projectName'), '-nsg')]", + "networkSecurityGroupName2": "bootnodeSubnet-nsg", + "storageaccountName": "[concat('masocp', variables('projectName'),'stgaccount')]" + }, + "resources": [ + { + "type": "Microsoft.Network/networkSecurityGroups", + "apiVersion": "2022-07-01", + "name": "[variables('networkSecurityGroupName')]", + "location": "[parameters('location')]", + "properties": { + "securityRules": [ + { + "name": "ssh_rule", + "properties": { + "description": "Locks inbound down to ssh default port 22.", + "protocol": "Tcp", + "sourcePortRange": "*", + "destinationPortRange": "22", + "sourceAddressPrefix": "[parameters('bootnodeSGIngressCidrIp')]", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 123, + "direction": "Inbound" + } + } + ] } }, - "variables": { - "seller_subscription_id": "b2ca5467-2502-4b05-b78e-744604c6531d", - "projectName": "[concat('e',substring(uniqueString(resourceGroup().id, deployment().name), 0, 5))]", - "rgName": "[resourceGroup().name]", - "vNetName": "[concat(variables('projectName'), '-vnet')]", - "vNetAddressPrefixes": "10.0.0.0/16", - "vNetSubnetName": "default", - "vNetSubnetAddressPrefix": "10.0.0.0/24", - "logAnalyticsWorkspace": "[concat('masocp-', variables('projectName'), '-logAnalyticsWorkspace')]", - "logAnalyticsWorkspaceId": "[resourceId('Microsoft.OperationalInsights/workspaces', variables('logAnalyticsWorkspace'))]", - "vmName": "[concat('masocp-', variables('projectName'), '-bootnode-vm')]", - "publicIPAddressName": "[concat(variables('projectName'), '-ip')]", - "networkInterfaceName": "[concat(variables('projectName'), '-nic')]", - "networkSecurityGroupName": "[concat(variables('projectName'), '-nsg')]", - "networkSecurityGroupName2": "[concat(variables('vNetSubnetName'), '-nsg')]", - "storageaccountName": "[concat('masocp', variables('projectName'),'stgaccount')]" - }, - "resources": [ - { - "type": "Microsoft.Network/networkSecurityGroups", - "apiVersion": "2022-07-01", - "name": "[variables('networkSecurityGroupName')]", - "location": "[parameters('location')]", - "properties": { - "securityRules": [ - { - "name": "ssh_rule", - "properties": { - "description": "Locks inbound down to ssh default port 22.", - "protocol": "Tcp", - "sourcePortRange": "*", - "destinationPortRange": "22", - "sourceAddressPrefix": "[parameters('bootnodeSGIngressCidrIp')]", - "destinationAddressPrefix": "*", - "access": "Allow", - "priority": 123, - "direction": "Inbound" - } - } - ] - } - }, - { - "type": "Microsoft.Network/publicIPAddresses", - "apiVersion": "2022-07-01", - "name": "[variables('publicIPAddressName')]", - "location": "[parameters('location')]", - "properties": { - "publicIPAllocationMethod": "Dynamic" - }, - "sku": { - "name": "Basic" - } - }, - { - "comments": "Simple Network Security Group for subnet [variables('vNetSubnetName')]", - "type": "Microsoft.Network/networkSecurityGroups", - "apiVersion": "2022-07-01", - "name": "[variables('networkSecurityGroupName2')]", - "location": "[parameters('location')]", - "properties": { - "securityRules": [ + { + "type": "Microsoft.Network/publicIPAddresses", + "apiVersion": "2022-07-01", + "name": "[variables('publicIPAddressName')]", + "location": "[parameters('location')]", + "properties": { + "publicIPAllocationMethod": "Dynamic" + }, + "sku": { + "name": "Basic" + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "existingvnetTemplate", + "resourceGroup": "[parameters('BootNodeVnetResourceGroup')]", + "subscriptionid": "[variables('seller_subscription_id')]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": {}, + "variables": {}, + "resources": [ { - "name": "default-allow-22", + "type": "Microsoft.Network/networkSecurityGroups", + "apiVersion": "2022-07-01", + "name": "[variables('networkSecurityGroupName2')]", + "location": "[parameters('location')]", "properties": { - "priority": 1000, - "access": "Allow", - "direction": "Inbound", - "destinationPortRange": "22", - "protocol": "Tcp", - "sourceAddressPrefix": "[parameters('bootnodeSGIngressCidrIp')]", - "sourcePortRange": "*", - "destinationAddressPrefix": "*" + "securityRules": [ + { + "name": "default-allow-22", + "properties": { + "priority": 1000, + "access": "Allow", + "direction": "Inbound", + "destinationPortRange": "22", + "protocol": "Tcp", + "sourceAddressPrefix": "[parameters('bootnodeSGIngressCidrIp')]", + "sourcePortRange": "*", + "destinationAddressPrefix": "*" + } + } + ] } - } - ] - } - }, - { - "type": "Microsoft.Network/virtualNetworks", - "apiVersion": "2022-07-01", - "name": "[variables('vNetName')]", - "location": "[parameters('location')]", - "dependsOn": [ - "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName2'))]" - ], - "properties": { - "addressSpace": { - "addressPrefixes": [ - "[variables('vNetAddressPrefixes')]" - ] - }, - "subnets": [ + }, { - "name": "[variables('vNetSubnetName')]", + "type": "Microsoft.Network/virtualNetworks/subnets", + "apiVersion": "2022-07-01", + "name": "[format('{0}/{1}', parameters('BootNodeVnetId'), variables('vNetSubnetName'))]", + "location": "[parameters('location')]", + "dependsOn": [ + "[resourceId(parameters('BootNodeVnetResourceGroup'),'Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName2'))]" + ], "properties": { "addressPrefix": "[variables('vNetSubnetAddressPrefix')]", "networkSecurityGroup": { - "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName2'))]" + "id": "[resourceId(parameters('BootNodeVnetResourceGroup'),'Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName2'))]" } } } ] } - }, - { - "type": "Microsoft.Network/networkInterfaces", - "apiVersion": "2022-07-01", - "name": "[variables('networkInterfaceName')]", - "location": "[parameters('location')]", - "dependsOn": [ - "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName'))]", - "[resourceId('Microsoft.Network/virtualNetworks', variables('vNetName'))]", - "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName'))]" - ], - "properties": { - "ipConfigurations": [ - { - "name": "ipconfig1", - "properties": { - "privateIPAllocationMethod": "Dynamic", - "publicIPAddress": { - "id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName'))]" - }, - "subnet": { - "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('vNetName'), variables('vNetSubnetName'))]" - } - } - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces", - "apiVersion": "2021-06-01", - "name": "[variables('logAnalyticsWorkspace')]", - "location": "[parameters('location')]", - "properties": { - "sku": { - "name": "pergb2018" - }, - "features": { - "enableLogAccessUsingOnlyResourcePermissions": true - }, - "workspaceCapping": { - "dailyQuotaGb": -1 - }, - "publicNetworkAccessForIngestion": "Enabled", - "publicNetworkAccessForQuery": "Enabled" - }, - "resources": [ + } + }, + { + "type": "Microsoft.Network/networkInterfaces", + "apiVersion": "2022-07-01", + "name": "[variables('networkInterfaceName')]", + "location": "[parameters('location')]", + "dependsOn": [ + "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName'))]", + "existingvnetTemplate", + "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName'))]" + ], + "properties": { + "ipConfigurations": [ { - "apiVersion": "2020-08-01", - "type": "dataSources", - "name": "BootNode-Logs", - "dependsOn": [ - "[resourceId('Microsoft.OperationalInsights/workspaces', variables('logAnalyticsWorkspace'))]" - ], - "kind": "CustomLog", + "name": "ipconfig1", "properties": { - "customLogName": "masProvisioningLogs", - "description": "This collects azure deployment logs i.e. custom logs inside log analytics workspace", - "inputs": [ - { - "location": { - "fileSystemLocations": { - "linuxFileTypeLogPaths": [ "/root/ansible-devops/multicloud-bootstrap/mas-provisioning.log" ] - } - }, - "recordDelimiter": { - "regexDelimiter": { - "pattern": "\\n", - "matchIndex": 0, - "numberdGroup": "[json('null')]" - } - } - } - ], - "extractions": [ - { - "extractionName": "TimeGenerated", - "extractionType": "DateTime", - "extractionProperties": { - "dateTimeExtraction": { - "regex": "[json('null')]", - "joinStringRegex": "[json('null')]" - } - } - } - ] + "privateIPAllocationMethod": "Dynamic", + "publicIPAddress": { + "id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName'))]" + }, + "subnet": { + "id": "[resourceId(parameters('BootNodeVnetResourceGroup'),'Microsoft.Network/virtualNetworks/subnets', parameters('BootNodeVnetId'), variables('vNetSubnetName'))]" + } } } ] - }, - { - "type": "Microsoft.Compute/virtualMachines", - "apiVersion": "2022-08-01", - "name": "[variables('vmName')]", - "location": "[parameters('location')]", - - "dependsOn": [ - "[resourceId('Microsoft.Network/networkInterfaces', variables('networkInterfaceName'))]" - ], - "plan": { - "name": "ibm-maximo-vm-offer-byol", - "publisher": "ibm-usa-ny-armonk-hq-6275750-ibmcloud-asperia", - "product": "ibm-maximo-vm-offer" - }, - "properties": { - "hardwareProfile": { - "vmSize": "[parameters('vmSize')]" - }, - "osProfile": { - "computerName": "[variables('vmName')]", - "adminUsername": "[parameters('adminUserName')]", - "linuxConfiguration": { - "disablePasswordAuthentication": true, - "ssh": { - "publicKeys": [ - { - "path": "[concat('/home/azureuser', '/.ssh/authorized_keys')]", - "keyData": "[parameters('sshPublicKey')]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces", + "apiVersion": "2021-06-01", + "name": "[variables('logAnalyticsWorkspace')]", + "location": "[parameters('location')]", + "properties": { + "sku": { + "name": "pergb2018" + }, + "features": { + "enableLogAccessUsingOnlyResourcePermissions": true + }, + "workspaceCapping": { + "dailyQuotaGb": -1 + }, + "publicNetworkAccessForIngestion": "Enabled", + "publicNetworkAccessForQuery": "Enabled" + }, + "resources": [ + { + "apiVersion": "2020-08-01", + "type": "dataSources", + "name": "BootNode-Logs", + "dependsOn": [ + "[resourceId('Microsoft.OperationalInsights/workspaces', variables('logAnalyticsWorkspace'))]" + ], + "kind": "CustomLog", + "properties": { + "customLogName": "masProvisioningLogs", + "description": "This collects azure deployment logs i.e. custom logs inside log analytics workspace", + "inputs": [ + { + "location": { + "fileSystemLocations": { + "linuxFileTypeLogPaths": [ "/root/ansible-devops/multicloud-bootstrap/mas-provisioning.log" ] } - ] + }, + "recordDelimiter": { + "regexDelimiter": { + "pattern": "\\n", + "matchIndex": 0, + "numberdGroup": "[json('null')]" + } + } } - } - }, - "storageProfile": { - "imageReference": { - "offer": "ibm-maximo-vm-offer", - "publisher": "ibm-usa-ny-armonk-hq-6275750-ibmcloud-asperia", - "sku": "ibm-maximo-vm-offer-byol", - "version": "latest" - }, - "osDisk": { - "createOption": "fromImage" - } - }, - "networkProfile": { - "networkInterfaces": [ + ], + "extractions": [ { - "id": "[resourceId('Microsoft.Network/networkInterfaces', variables('networkInterfaceName'))]" + "extractionName": "TimeGenerated", + "extractionType": "DateTime", + "extractionProperties": { + "dateTimeExtraction": { + "regex": "[json('null')]", + "joinStringRegex": "[json('null')]" + } + } } ] } + } + ] + }, + { + "type": "Microsoft.Compute/virtualMachines", + "apiVersion": "2022-08-01", + "name": "[variables('vmName')]", + "location": "[parameters('location')]", + + "dependsOn": [ + "[resourceId('Microsoft.Network/networkInterfaces', variables('networkInterfaceName'))]" + ], + "plan": { + "name": "ibm-maximo-vm-offer-byol", + "publisher": "ibm-usa-ny-armonk-hq-6275750-ibmcloud-asperia", + "product": "ibm-maximo-vm-offer" + }, + "properties": { + "hardwareProfile": { + "vmSize": "[parameters('vmSize')]" }, - "resources": [ - { - "apiVersion": "2022-08-01", - "type": "extensions", - "name": "config-app", - "location": "[parameters('location')]", - "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', variables('vmName'))]" - ], - "tags": { - "displayName": "config-app" - }, - "properties": { - "publisher": "Microsoft.Azure.Extensions", - "type": "CustomScript", - "typeHandlerVersion": "2.0", - "autoUpgradeMinorVersion": true, - "protectedSettings": { - "commandToExecute": "[concat('sleep 120;', 'cd /root/ansible-devops/multicloud-bootstrap;', './init-async.sh azure ''', parameters('offeringType'), ''' ''', parameters('location'), ''' null ''', parameters('clusterSize'), ''' ''', variables('projectName'), ''' ''', parameters('publicDomain'), ''' null ''', parameters('sshPublicKey'), ''' null ''', parameters('entitledRegistryKey'), ''' ''', parameters('openShiftPullSecret'), ''' ''', parameters('masLicenseUrl'), ''' ''', parameters('slsEndpointUrl'), ''' ''', parameters('slsRegistrationKey'), ''' ''', parameters('slsPublicCertificateUrl'), ''' ''', parameters('udsEndpointUrl'), ''' ''', parameters('udsAPIKey'), ''' ''', parameters('udsPublicCertificateUrl'), ''' ''', parameters('masManageDBUser'), ''' ''', parameters('masManageDBPassword'), ''' ''', parameters('masManageDBJdbcUrl'), ''' ''', parameters('masManageDBCertificateUrl'), ''' ''', parameters('importDemoData'), ''' ''', parameters('openShiftClusterApiUrl'), ''' ''', parameters('openShiftUser'), ''' ''', parameters('openShiftPwd'), ''' ''', variables('rgName'), ''' ''', parameters('emailNotification'), ''' ''', parameters('notificattionEmailAddress'), ''' ''', parameters('smtpHost'), ''' ''', parameters('smtpPort'), ''' ''', parameters('smtpUsername'), ''' ''', parameters('smtpPassword'), ''' ''', parameters('azureServicePrincipalClientId'), ''' ''', parameters('azureServicePrincipalClientSecret'), ''' ''', variables('seller_subscription_id'), ''' ''', parameters('azureServicePrincipalTenantId'), ''' null null '''' '''' null null null null null null null ''', parameters('operationalMode'), ''' prod ''', ''' > mas-provisioning.log 2>&1;')]" - } + "osProfile": { + "computerName": "[variables('vmName')]", + "adminUsername": "[parameters('adminUserName')]", + "linuxConfiguration": { + "disablePasswordAuthentication": true, + "ssh": { + "publicKeys": [ + { + "path": "[concat('/home/azureuser', '/.ssh/authorized_keys')]", + "keyData": "[parameters('sshPublicKey')]" + } + ] } } - ] - }, - { - "type": "Microsoft.Compute/virtualMachines/extensions", - "apiVersion": "2022-08-01", - "name": "[concat(variables('vmName'),'/', 'OMSExtension')]", - "location": "[parameters('location')]", - "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', variables('vmName'))]", - "[resourceId('Microsoft.OperationalInsights/workspaces', variables('logAnalyticsWorkspace'))]" - ], - "properties": { - "publisher": "Microsoft.EnterpriseCloud.Monitoring", - "type": "OmsAgentForLinux", - "typeHandlerVersion": "1.4", - "autoUpgradeMinorVersion": true, - "settings": { - "workspaceId": "[reference(variables('logAnalyticsWorkspaceId'), '2021-06-01').customerId]", - "stopOnMultipleConnections": true + }, + "storageProfile": { + "imageReference": { + "offer": "ibm-maximo-vm-offer", + "publisher": "ibm-usa-ny-armonk-hq-6275750-ibmcloud-asperia", + "sku": "ibm-maximo-vm-offer-byol", + "version": "latest" }, - "protectedSettings": { - "workspaceKey": "[listKeys(variables('logAnalyticsWorkspaceId'), '2021-06-01').primarySharedKey]" + "osDisk": { + "createOption": "fromImage" } - } - }, - { - "type": "Microsoft.Storage/storageAccounts", - "apiVersion": "2022-05-01", - "name": "[variables('storageaccountName')]", - "location": "[parameters('location')]", - "sku": { - "name": "Standard_LRS" }, - "kind": "StorageV2", - "properties": { - "supportsHttpsTrafficOnly": true + "networkProfile": { + "networkInterfaces": [ + { + "id": "[resourceId('Microsoft.Network/networkInterfaces', variables('networkInterfaceName'))]" + } + ] } }, - { - "type": "Microsoft.Storage/storageAccounts/blobServices/containers", - "apiVersion": "2022-05-01", - "name": "[concat(variables('storageaccountName'), '/default/masocpcontainer')]", - "dependsOn": [ - "[resourceId('Microsoft.Storage/storageAccounts', variables('storageaccountName'))]" - ], - "properties": { - "immutableStorageWithVersioning": { - "enabled": false + "resources": [ + { + "apiVersion": "2022-08-01", + "type": "extensions", + "name": "config-app", + "location": "[parameters('location')]", + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', variables('vmName'))]" + ], + "tags": { + "displayName": "config-app" }, - "defaultEncryptionScope": "$account-encryption-key", - "denyEncryptionScopeOverride": false, - "publicAccess": "None" + "properties": { + "publisher": "Microsoft.Azure.Extensions", + "type": "CustomScript", + "typeHandlerVersion": "2.0", + "autoUpgradeMinorVersion": true, + "protectedSettings": { + "commandToExecute": "[concat('sleep 120;', 'cd /root/ansible-devops/multicloud-bootstrap;', './init-async.sh azure ''', parameters('offeringType'), ''' ''', parameters('location'), ''' null ''', parameters('clusterSize'), ''' ''', variables('projectName'), ''' ''', parameters('hostedDomain'), ''' null ''', parameters('sshPublicKey'), ''' null ''', parameters('entitledRegistryKey'), ''' ''', parameters('openShiftPullSecret'), ''' ''', parameters('masLicenseUrl'), ''' ''', parameters('slsEndpointUrl'), ''' ''', parameters('slsRegistrationKey'), ''' ''', parameters('slsPublicCertificateUrl'), ''' ''', parameters('udsEndpointUrl'), ''' ''', parameters('udsAPIKey'), ''' ''', parameters('udsPublicCertificateUrl'), ''' ''', parameters('masManageDBUser'), ''' ''', parameters('masManageDBPassword'), ''' ''', parameters('masManageDBJdbcUrl'), ''' ''', parameters('masManageDBCertificateUrl'), ''' ''', parameters('importDemoData'), ''' ''', parameters('openShiftClusterApiUrl'), ''' ''', parameters('openShiftUser'), ''' ''', parameters('openShiftPwd'), ''' ''', variables('rgName'), ''' ''', parameters('emailNotification'), ''' ''', parameters('notificattionEmailAddress'), ''' ''', parameters('smtpHost'), ''' ''', parameters('smtpPort'), ''' ''', parameters('smtpUsername'), ''' ''', parameters('smtpPassword'), ''' ''', parameters('azureServicePrincipalClientId'), ''' ''', parameters('azureServicePrincipalClientSecret'), ''' ''', variables('seller_subscription_id'), ''' ''', parameters('azureServicePrincipalTenantId'), ''' null null null null ''',parameters('BootNodeVnetId'),''' '''' null null null null null null null ''', parameters('operationalMode'), ''' '''' '''' '''' '''' '''' '''' '''' '''' dev ''', ''' > mas-provisioning.log 2>&1;')]" } + } } + ] + }, + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2021-11-01", + "name": "[format('{0}/AzureMonitorLinuxAgent', variables('vmName'))]", + "location": "[parameters('location')]", + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', variables('vmName'))]", + "[resourceId('Microsoft.OperationalInsights/workspaces', variables('logAnalyticsWorkspace'))]" + ], + "properties": { + "publisher": "Microsoft.Azure.Monitor", + "type": "AzureMonitorLinuxAgent", + "typeHandlerVersion": "1.21", + "autoUpgradeMinorVersion": true, + "enableAutomaticUpgrade": true } - ], - "outputs": { - "masCloudAutomationVersion": { - "type": "string", - "value": "2.0" - }, - "clusterUniqueString": { - "type": "string", - "value": "[variables('projectName')]" - }, - "masInitialSetupUrl": { - "type": "string", - "value": "[uri(concat('https://admin.', variables('projectName'), '.apps.', last(split(parameters('openShiftClusterApiUrl'),'api.')), '/initialsetup'), '')]" - }, - "masAdminUrl": { - "type": "string", - "value": "[uri(concat('https://admin.', variables('projectName'), '.apps.', last(split(parameters('openShiftClusterApiUrl'),'api.'))), '')]" - }, - "masWorkspaceUrl": { - "type": "string", - "value": "[uri(concat('https://wsmasocp.home.', variables('projectName'), '.apps.', last(split(parameters('openShiftClusterApiUrl'),'api.'))), '')]" + }, + { + "type": "Microsoft.Storage/storageAccounts", + "apiVersion": "2022-05-01", + "name": "[variables('storageaccountName')]", + "location": "[parameters('location')]", + "sku": { + "name": "Standard_LRS" + }, + "kind": "StorageV2", + "properties": { + "supportsHttpsTrafficOnly": true } + }, + { + "type": "Microsoft.Storage/storageAccounts/blobServices/containers", + "apiVersion": "2022-05-01", + "name": "[concat(variables('storageaccountName'), '/default/masocpcontainer')]", + "dependsOn": [ + "[resourceId('Microsoft.Storage/storageAccounts', variables('storageaccountName'))]" + ], + "properties": { + "immutableStorageWithVersioning": { + "enabled": false + }, + "defaultEncryptionScope": "$account-encryption-key", + "denyEncryptionScopeOverride": false, + "publicAccess": "None" + } + } + ], + "outputs": { + "masCloudAutomationVersion": { + "type": "string", + "value": "2.0" + }, + "clusterUniqueString": { + "type": "string", + "value": "[variables('projectName')]" + }, + "masInitialSetupUrl": { + "type": "string", + "value": "[uri(concat('https://admin.', variables('projectName'), '.apps.', last(split(parameters('openShiftClusterApiUrl'),'api.')), '/initialsetup'), '')]" + }, + "masAdminUrl": { + "type": "string", + "value": "[uri(concat('https://admin.', variables('projectName'), '.apps.', last(split(parameters('openShiftClusterApiUrl'),'api.'))), '')]" + }, + "masWorkspaceUrl": { + "type": "string", + "value": "[uri(concat('https://wsmasocp.home.', variables('projectName'), '.apps.', last(split(parameters('openShiftClusterApiUrl'),'api.'))), '')]" } - } \ No newline at end of file + } +} diff --git a/azure/master-arm/byol-ipi/createUiDefinition.json b/azure/master-arm/byol-ipi/createUiDefinition.json index 5138df6e..27975bc6 100644 --- a/azure/master-arm/byol-ipi/createUiDefinition.json +++ b/azure/master-arm/byol-ipi/createUiDefinition.json @@ -100,7 +100,7 @@ "type": "Microsoft.Common.DropDown", "label": "Offering type", "defaultValue": "MAS Core + Cloud Pak for Data", - "toolTip": "Select your preferred Suite offering type.", + "toolTip": "Select your preferred Suite offering type.For MAS Core + Manage: If db2 values are not provided,db2 will be internally deployed", "constraints": { "allowedValues": [ { diff --git a/azure/master-arm/byol-ipi/mainTemplate-dev.json b/azure/master-arm/byol-ipi/mainTemplate-dev.json index b78389a3..2ad9fd82 100644 --- a/azure/master-arm/byol-ipi/mainTemplate-dev.json +++ b/azure/master-arm/byol-ipi/mainTemplate-dev.json @@ -32,7 +32,7 @@ "offeringType": { "type": "string", "metadata": { - "description": "Select your preferred Suite offering type." + "description": "Select your preferred Suite offering type.For MAS Core + Manage: If db2 values are not provided,db2 will be internally deployed" }, "defaultValue": "MAS Core + Cloud Pak for Data", "allowedValues": [ @@ -256,13 +256,13 @@ }, "variables": { "seller_subscription_id": "b2ca5467-2502-4b05-b78e-744604c6531d", - "seller_compute_gallery_name": "masbyolimagegallery20221213212024", - "seller_image_definition": "masocp-image-def-20221213212024", - "projectName": "[concat('i',substring(uniqueString(resourceGroup().id, deployment().name), 0, 5))]", + "seller_compute_gallery_name": "masbyolimagegallery20230527200350", + "seller_image_definition": "masocp-image-def-20230527200350", + "projectName": "[concat('u',substring(uniqueString(resourceGroup().id, deployment().name), 0, 5))]", "rgName": "[resourceGroup().name]", - "vNetName": "[concat(variables('projectName'), '-vnet')]", + "vNetName": "bootnode-vnet", "vNetAddressPrefixes": "10.0.0.0/16", - "vNetSubnetName": "default", + "vNetSubnetName": "bootnodeSubnet", "vNetSubnetAddressPrefix": "10.0.0.0/24", "logAnalyticsWorkspace": "[concat('masocp-', variables('projectName'), '-logAnalyticsWorkspace')]", "logAnalyticsWorkspaceId": "[resourceId('Microsoft.OperationalInsights/workspaces', variables('logAnalyticsWorkspace'))]", @@ -511,7 +511,7 @@ "typeHandlerVersion": "2.0", "autoUpgradeMinorVersion": true, "protectedSettings": { - "commandToExecute": "[concat('sleep 120;', 'cd /root/ansible-devops/multicloud-bootstrap;', './init-async.sh azure ''', parameters('offeringType'), ''' ''', parameters('location'), ''' null ''', parameters('clusterSize'), ''' ''', variables('projectName'), ''' ''', parameters('publicDomain'), ''' null ''', parameters('sshPublicKey'), ''' null ''', parameters('entitledRegistryKey'), ''' ''', parameters('openShiftPullSecret'), ''' ''', parameters('masLicenseUrl'), ''' ''', parameters('slsEndpointUrl'), ''' ''', parameters('slsRegistrationKey'), ''' ''', parameters('slsPublicCertificateUrl'), ''' ''', parameters('udsEndpointUrl'), ''' ''', parameters('udsAPIKey'), ''' ''', parameters('udsPublicCertificateUrl'), ''' ''', parameters('masManageDBUser'), ''' ''', parameters('masManageDBPassword'), ''' ''', parameters('masManageDBJdbcUrl'), ''' ''', parameters('masManageDBCertificateUrl'), ''' ''', parameters('importDemoData'), ''' '''' '''' '''' ''', variables('rgName'), ''' ''', parameters('emailNotification'), ''' ''', parameters('notificattionEmailAddress'), ''' ''', parameters('smtpHost'), ''' ''', parameters('smtpPort'), ''' ''', parameters('smtpUsername'), ''' ''', parameters('smtpPassword'), ''' ''', parameters('azureServicePrincipalClientId'), ''' ''', parameters('azureServicePrincipalClientSecret'), ''' ''', variables('seller_subscription_id'), ''' ''', parameters('azureServicePrincipalTenantId'), ''' null null '''' '''' null null null null null null null ''', parameters('operationalMode'), ''' dev ''', ''' > mas-provisioning.log 2>&1;')]" + "commandToExecute": "[concat('sleep 120;', 'cd /root/ansible-devops/multicloud-bootstrap;', './init-async.sh azure ''', parameters('offeringType'), ''' ''', parameters('location'), ''' null ''', parameters('clusterSize'), ''' ''', variables('projectName'), ''' ''', parameters('publicDomain'), ''' null ''', parameters('sshPublicKey'), ''' null ''', parameters('entitledRegistryKey'), ''' ''', parameters('openShiftPullSecret'), ''' ''', parameters('masLicenseUrl'), ''' ''', parameters('slsEndpointUrl'), ''' ''', parameters('slsRegistrationKey'), ''' ''', parameters('slsPublicCertificateUrl'), ''' ''', parameters('udsEndpointUrl'), ''' ''', parameters('udsAPIKey'), ''' ''', parameters('udsPublicCertificateUrl'), ''' ''', parameters('masManageDBUser'), ''' ''', parameters('masManageDBPassword'), ''' ''', parameters('masManageDBJdbcUrl'), ''' ''', parameters('masManageDBCertificateUrl'), ''' ''', parameters('importDemoData'), ''' '''' '''' '''' ''', variables('rgName'), ''' ''', parameters('emailNotification'), ''' ''', parameters('notificattionEmailAddress'), ''' ''', parameters('smtpHost'), ''' ''', parameters('smtpPort'), ''' ''', parameters('smtpUsername'), ''' ''', parameters('smtpPassword'), ''' ''', parameters('azureServicePrincipalClientId'), ''' ''', parameters('azureServicePrincipalClientSecret'), ''' ''', variables('seller_subscription_id'), ''' ''', parameters('azureServicePrincipalTenantId'), ''' null null null null '''' '''' null null null null null null null ''', parameters('operationalMode'), ''' '''' '''' '''' '''' '''' '''' '''' '''' dev ''', ''' > mas-provisioning.log 2>&1;')]" } } } @@ -519,25 +519,19 @@ }, { "type": "Microsoft.Compute/virtualMachines/extensions", - "apiVersion": "2022-08-01", - "name": "[concat(variables('vmName'),'/', 'OMSExtension')]", + "apiVersion": "2021-11-01", + "name": "[format('{0}/AzureMonitorLinuxAgent', variables('vmName'))]", "location": "[parameters('location')]", "dependsOn": [ "[resourceId('Microsoft.Compute/virtualMachines', variables('vmName'))]", "[resourceId('Microsoft.OperationalInsights/workspaces', variables('logAnalyticsWorkspace'))]" ], "properties": { - "publisher": "Microsoft.EnterpriseCloud.Monitoring", - "type": "OmsAgentForLinux", - "typeHandlerVersion": "1.4", + "publisher": "Microsoft.Azure.Monitor", + "type": "AzureMonitorLinuxAgent", + "typeHandlerVersion": "1.21", "autoUpgradeMinorVersion": true, - "settings": { - "workspaceId": "[reference(variables('logAnalyticsWorkspaceId'), '2021-06-01').customerId]", - "stopOnMultipleConnections": true - }, - "protectedSettings": { - "workspaceKey": "[listKeys(variables('logAnalyticsWorkspaceId'), '2021-06-01').primarySharedKey]" - } + "enableAutomaticUpgrade": true } }, { @@ -600,4 +594,4 @@ "value": "[uri(concat('https://wsmasocp.home.', variables('projectName'), '.apps.masocp-', variables('projectName'), '.', parameters('publicDomain')), '')]" } } -} \ No newline at end of file +} diff --git a/azure/master-arm/byol-ipi/mainTemplate.json b/azure/master-arm/byol-ipi/mainTemplate.json index 1d220090..2548ab96 100644 --- a/azure/master-arm/byol-ipi/mainTemplate.json +++ b/azure/master-arm/byol-ipi/mainTemplate.json @@ -32,7 +32,7 @@ "offeringType": { "type": "string", "metadata": { - "description": "Select your preferred Suite offering type." + "description": "Select your preferred Suite offering type.For MAS Core + Manage: If db2 values are not provided,db2 will be internally deployed" }, "defaultValue": "MAS Core + Cloud Pak for Data", "allowedValues": [ @@ -258,9 +258,9 @@ "seller_subscription_id": "b2ca5467-2502-4b05-b78e-744604c6531d", "projectName": "[concat('i',substring(uniqueString(resourceGroup().id, deployment().name), 0, 5))]", "rgName": "[resourceGroup().name]", - "vNetName": "[concat(variables('projectName'), '-vnet')]", + "vNetName": "['bootnode-vnet')]", "vNetAddressPrefixes": "10.0.0.0/16", - "vNetSubnetName": "default", + "vNetSubnetName": "bootnodeSubnet", "vNetSubnetAddressPrefix": "10.0.0.0/24", "logAnalyticsWorkspace": "[concat('masocp-', variables('projectName'), '-logAnalyticsWorkspace')]", "logAnalyticsWorkspaceId": "[resourceId('Microsoft.OperationalInsights/workspaces', variables('logAnalyticsWorkspace'))]", @@ -517,7 +517,7 @@ "typeHandlerVersion": "2.0", "autoUpgradeMinorVersion": true, "protectedSettings": { - "commandToExecute": "[concat('sleep 120;', 'cd /root/ansible-devops/multicloud-bootstrap;', './init-async.sh azure ''', parameters('offeringType'), ''' ''', parameters('location'), ''' null ''', parameters('clusterSize'), ''' ''', variables('projectName'), ''' ''', parameters('publicDomain'), ''' null ''', parameters('sshPublicKey'), ''' null ''', parameters('entitledRegistryKey'), ''' ''', parameters('openShiftPullSecret'), ''' ''', parameters('masLicenseUrl'), ''' ''', parameters('slsEndpointUrl'), ''' ''', parameters('slsRegistrationKey'), ''' ''', parameters('slsPublicCertificateUrl'), ''' ''', parameters('udsEndpointUrl'), ''' ''', parameters('udsAPIKey'), ''' ''', parameters('udsPublicCertificateUrl'), ''' ''', parameters('masManageDBUser'), ''' ''', parameters('masManageDBPassword'), ''' ''', parameters('masManageDBJdbcUrl'), ''' ''', parameters('masManageDBCertificateUrl'), ''' ''', parameters('importDemoData'), ''' '''' '''' '''' ''', variables('rgName'), ''' ''', parameters('emailNotification'), ''' ''', parameters('notificattionEmailAddress'), ''' ''', parameters('smtpHost'), ''' ''', parameters('smtpPort'), ''' ''', parameters('smtpUsername'), ''' ''', parameters('smtpPassword'), ''' ''', parameters('azureServicePrincipalClientId'), ''' ''', parameters('azureServicePrincipalClientSecret'), ''' ''', variables('seller_subscription_id'), ''' ''', parameters('azureServicePrincipalTenantId'), ''' null null '''' '''' null null null null null null null ''', parameters('operationalMode'), ''' prod ''', ''' > mas-provisioning.log 2>&1;')]" + "commandToExecute": "[concat('sleep 120;', 'cd /root/ansible-devops/multicloud-bootstrap;', './init-async.sh azure ''', parameters('offeringType'), ''' ''', parameters('location'), ''' null ''', parameters('clusterSize'), ''' ''', variables('projectName'), ''' ''', parameters('publicDomain'), ''' null ''', parameters('sshPublicKey'), ''' null ''', parameters('entitledRegistryKey'), ''' ''', parameters('openShiftPullSecret'), ''' ''', parameters('masLicenseUrl'), ''' ''', parameters('slsEndpointUrl'), ''' ''', parameters('slsRegistrationKey'), ''' ''', parameters('slsPublicCertificateUrl'), ''' ''', parameters('udsEndpointUrl'), ''' ''', parameters('udsAPIKey'), ''' ''', parameters('udsPublicCertificateUrl'), ''' ''', parameters('masManageDBUser'), ''' ''', parameters('masManageDBPassword'), ''' ''', parameters('masManageDBJdbcUrl'), ''' ''', parameters('masManageDBCertificateUrl'), ''' ''', parameters('importDemoData'), ''' '''' '''' '''' ''', variables('rgName'), ''' ''', parameters('emailNotification'), ''' ''', parameters('notificattionEmailAddress'), ''' ''', parameters('smtpHost'), ''' ''', parameters('smtpPort'), ''' ''', parameters('smtpUsername'), ''' ''', parameters('smtpPassword'), ''' ''', parameters('azureServicePrincipalClientId'), ''' ''', parameters('azureServicePrincipalClientSecret'), ''' ''', variables('seller_subscription_id'), ''' ''', parameters('azureServicePrincipalTenantId'), ''' null null null null '''' '''' null null null null null null null ''', parameters('operationalMode'), ''' '''' '''' '''' '''' '''' '''' '''' '''' prod ''', ''' > mas-provisioning.log 2>&1;')]" } } } @@ -525,25 +525,19 @@ }, { "type": "Microsoft.Compute/virtualMachines/extensions", - "apiVersion": "2022-08-01", - "name": "[concat(variables('vmName'),'/', 'OMSExtension')]", + "apiVersion": "2021-11-01", + "name": "[format('{0}/AzureMonitorLinuxAgent', variables('vmName'))]", "location": "[parameters('location')]", "dependsOn": [ "[resourceId('Microsoft.Compute/virtualMachines', variables('vmName'))]", "[resourceId('Microsoft.OperationalInsights/workspaces', variables('logAnalyticsWorkspace'))]" ], "properties": { - "publisher": "Microsoft.EnterpriseCloud.Monitoring", - "type": "OmsAgentForLinux", - "typeHandlerVersion": "1.4", + "publisher": "Microsoft.Azure.Monitor", + "type": "AzureMonitorLinuxAgent", + "typeHandlerVersion": "1.21", "autoUpgradeMinorVersion": true, - "settings": { - "workspaceId": "[reference(variables('logAnalyticsWorkspaceId'), '2021-06-01').customerId]", - "stopOnMultipleConnections": true - }, - "protectedSettings": { - "workspaceKey": "[listKeys(variables('logAnalyticsWorkspaceId'), '2021-06-01').primarySharedKey]" - } + "enableAutomaticUpgrade": true } }, { @@ -606,4 +600,4 @@ "value": "[uri(concat('https://wsmasocp.home.', variables('projectName'), '.apps.masocp-', variables('projectName'), '.', parameters('publicDomain')), '')]" } } -} \ No newline at end of file +} diff --git a/azure/master-arm/byol-upi/createUiDefinition.json b/azure/master-arm/byol-upi/createUiDefinition.json index 58f7b081..3a46ef3c 100644 --- a/azure/master-arm/byol-upi/createUiDefinition.json +++ b/azure/master-arm/byol-upi/createUiDefinition.json @@ -83,11 +83,11 @@ "label": "Application Settings", "elements": [ { - "name": "publicDomain", + "name": "HostedDomain", "type": "Microsoft.Common.TextBox", - "label": "Public domain", + "label": "Hosted domain", "defaultValue": "", - "toolTip": "Provide the public App Service domain that you created in the App Service Domains, for example: mas4aws.myorg.com", + "toolTip": "Provide the public App Service domain /Private DNS zones that you created in the App Service Domains /Private DNS zones, for example: mas4azure.com", "constraints": { "required": true, "regex": "^[A-Za-z0-9-\\\\\\s!#@.:=?<>”$%&’()*+,/;[\\^_`{|}~\\]]*$", @@ -100,7 +100,7 @@ "type": "Microsoft.Common.DropDown", "label": "Offering type", "defaultValue": "MAS Core + Cloud Pak for Data", - "toolTip": "Select your preferred Suite offering type.", + "toolTip": "Select your preferred Suite offering type.For MAS Core + Manage: If db2 values are not provided,db2 will be internally deployed", "constraints": { "allowedValues": [ { @@ -218,16 +218,47 @@ "type": "Microsoft.Common.TextBox", "label": "VNet Name", "defaultValue": "", - "toolTip": "Vnet name eg.masocp-vnet", + "toolTip": "VNet Name eg.masocp-vnet", "constraints": { "required": true, "regex": "^[A-Za-z0-9-\\\\\\s!#@.:=?<>”$%&’()*+,/;[\\^_`{|}~\\]]*$", "validationMessage": "Contain lowercase letters only." }, "visible": true + }, + { + "name": "vnetIdResourceGroup", + "type": "Microsoft.Common.TextBox", + "label": "VNet Name resource group", + "defaultValue": "", + "toolTip": "Resource group of VNet eg.masocp-vnet-rg", + "constraints": { + "required": true, + "regex": "^[A-Za-z0-9-\\\\\\s!#@.:=?<>”$%&’()*+,/;[\\^_`{|}~\\]]*$", + "validationMessage": "Contain lowercase letters only." + }, + "visible": true + }, + { + "name": "PrivateCluster", + "type": "Microsoft.Common.DropDown", + "label": "PrivateCluster", + "defaultValue": "false", + "toolTip": "Select true to create a private OpenShift cluster.", + "constraints": { + "allowedValues": [ + { + "label": "true", + "value": "true" + }, + { + "label": "false", + "value": "false" + } + ] + }, + "visible": true } - - ] }, { @@ -499,7 +530,7 @@ "azureServicePrincipalClientId": "[basics('azureServicePrincipalClientId')]", "azureServicePrincipalClientSecret": "[basics('azureServicePrincipalClientSecret')]", - "publicDomain": "[steps('ApplicationSettings').publicDomain]", + "HostedDomain": "[steps('ApplicationSettings').HostedDomain]", "offeringType": "[steps('ApplicationSettings').offeringType]", "clusterSize": "[steps('ApplicationSettings').clusterSize]", "entitledRegistryKey": "[steps('ApplicationSettings').entitledRegistryKey]", @@ -507,7 +538,8 @@ "masLicenseUrl": "[steps('ApplicationSettings').masLicenseUrl]", "operationalMode": "[steps('ApplicationSettings').operationalMode]", "openShiftClustervnetId": "[steps('ExistingNetworkInfrastructure').openShiftClustervnetId]", - + "PrivateCluster": "[steps('ExistingNetworkInfrastructure').PrivateCluster]", + "vnetIdResourceGroup": "[steps('ExistingNetworkInfrastructure').vnetIdResourceGroup]", "slsEndpointUrl": "[steps('ExistingInfrastructure').slsEndpointUrl]", "slsRegistrationKey": "[steps('ExistingInfrastructure').slsRegistrationKey]", "slsPublicCertificateUrl": "[steps('ExistingInfrastructure').slsPublicCertificateUrl]", @@ -532,4 +564,4 @@ } } -} \ No newline at end of file +} diff --git a/azure/master-arm/byol-upi/mainTemplate-dev.json b/azure/master-arm/byol-upi/mainTemplate-dev.json index 74c29236..fcea6c0f 100755 --- a/azure/master-arm/byol-upi/mainTemplate-dev.json +++ b/azure/master-arm/byol-upi/mainTemplate-dev.json @@ -27,12 +27,12 @@ "defaultValue": "Standard_D2s_v3", "allowedValues": [ "Standard_D2s_v3" - ] + ] }, "offeringType": { "type": "string", "metadata": { - "description": "Select your preferred Suite offering type." + "description": "Select your preferred Suite offering type.For MAS Core + Manage: If db2 values are not provided,db2 will be internally deployed." }, "defaultValue": "MAS Core + Cloud Pak for Data", "allowedValues": [ @@ -40,10 +40,10 @@ "MAS Core + Manage (no Cloud Pak for Data)" ] }, - "publicDomain": { + "HostedDomain": { "type": "string", "metadata": { - "description": "Provide the public App Service domain that you created in the App Service Domains, for example: mas4aws.myorg.com" + "description": "Provide the public App Service domain /Private DNS zones that you created in the App Service Domains /Private DNS zones, for example: mas4azure.com" }, "defaultValue": "" }, @@ -97,7 +97,7 @@ "Production", "Non-production" ] - }, + }, "masManageDBUser": { "type": "string", "metadata": { @@ -207,23 +207,41 @@ "description": "Enter Azure service principal tenant id." } }, - "emailNotification": { - "type": "string", - "metadata": { - "description": "Indicate whether you want to receive emails that contain the connection details and credentials for the Suite. These emails are sent using the provided SMTP server details." - }, + "privateCluster": { "defaultValue": "false", "allowedValues": [ "true", "false" - ] + ], + "type": "string", + "metadata": { + "description": "Select true to create a private OpenShift cluster." + } }, "openShiftClustervnetId": { + "defaultValue": "", "type": "string", "metadata": { "description": "Enter the existing VNet name to create the OpenShift cluster resources into (required for UPI mode deployment)." + } + }, + "vnetIdResourceGroup": { + "defaultValue": "kxr601-vnet-rg", + "type": "string", + "metadata": { + "description": "Enter resource group of openShiftClustervnetId : (required for UPI mode deployment)." + } + }, + "emailNotification": { + "type": "string", + "metadata": { + "description": "Indicate whether you want to receive emails that contain the connection details and credentials for the Suite. These emails are sent using the provided SMTP server details." }, - "defaultValue": "" + "defaultValue": "false", + "allowedValues": [ + "true", + "false" + ] }, "smtpHost": { "type": "string", @@ -263,23 +281,21 @@ }, "variables": { "seller_subscription_id": "b2ca5467-2502-4b05-b78e-744604c6531d", - "seller_compute_gallery_name": "masbyolimagegallery20221213212024", - "seller_image_definition": "masocp-image-def-20221213212024", + "seller_compute_gallery_name": "masbyolimagegallery20230527200350", + "seller_image_definition": "masocp-image-def-20230527200350", "projectName": "[concat('u',substring(uniqueString(resourceGroup().id, deployment().name), 0, 5))]", "rgName": "[resourceGroup().name]", - "vNetName": "[concat(variables('projectName'), '-vnet')]", - "vNetAddressPrefixes": "10.0.0.0/16", - "vNetSubnetName": "default", - "vNetSubnetAddressPrefix": "10.0.0.0/24", + "vNetSubnetName": "[concat('masocp-', variables('projectName'), '-bootnodeSubnet')]", + "vNetSubnetAddressPrefix": "10.0.4.0/24", "logAnalyticsWorkspace": "[concat('masocp-', variables('projectName'), '-logAnalyticsWorkspace')]", "logAnalyticsWorkspaceId": "[resourceId('Microsoft.OperationalInsights/workspaces', variables('logAnalyticsWorkspace'))]", "vmName": "[concat('masocp-', variables('projectName'), '-bootnode-vm')]", "publicIPAddressName": "[concat(variables('projectName'), '-ip')]", "networkInterfaceName": "[concat(variables('projectName'), '-nic')]", "networkSecurityGroupName": "[concat(variables('projectName'), '-nsg')]", - "networkSecurityGroupName2": "[concat(variables('vNetSubnetName'), '-nsg')]", + "networkSecurityGroupName2": "bootnodeSubnet-nsg", "storageaccountName": "[concat('masocp', variables('projectName'),'stgaccount')]" - }, + }, "resources": [ { "type": "Microsoft.Network/networkSecurityGroups", @@ -318,54 +334,59 @@ } }, { - "comments": "Simple Network Security Group for subnet [variables('vNetSubnetName')]", - "type": "Microsoft.Network/networkSecurityGroups", - "apiVersion": "2022-07-01", - "name": "[variables('networkSecurityGroupName2')]", - "location": "[parameters('location')]", - "properties": { - "securityRules": [ - { - "name": "default-allow-22", - "properties": { - "priority": 1000, - "access": "Allow", - "direction": "Inbound", - "destinationPortRange": "22", - "protocol": "Tcp", - "sourceAddressPrefix": "[parameters('bootnodeSGIngressCidrIp')]", - "sourcePortRange": "*", - "destinationAddressPrefix": "*" - } - } - ] - } - }, - { - "type": "Microsoft.Network/virtualNetworks", - "apiVersion": "2022-07-01", - "name": "[variables('vNetName')]", - "location": "[parameters('location')]", - "dependsOn": [ - "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName2'))]" - ], + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "existingvnetTemplate", + "resourceGroup": "[parameters('vnetIdResourceGroup')]", + "subscriptionid": "[variables('seller_subscription_id')]", "properties": { - "addressSpace": { - "addressPrefixes": [ - "[variables('vNetAddressPrefixes')]" - ] - }, - "subnets": [ - { - "name": "[variables('vNetSubnetName')]", - "properties": { - "addressPrefix": "[variables('vNetSubnetAddressPrefix')]", - "networkSecurityGroup": { - "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName2'))]" + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": {}, + "variables": {}, + "resources": [ + { + "type": "Microsoft.Network/networkSecurityGroups", + "apiVersion": "2022-07-01", + "name": "[variables('networkSecurityGroupName2')]", + "location": "[parameters('location')]", + "properties": { + "securityRules": [ + { + "name": "default-allow-22", + "properties": { + "priority": 1000, + "access": "Allow", + "direction": "Inbound", + "destinationPortRange": "22", + "protocol": "Tcp", + "sourceAddressPrefix": "[parameters('bootnodeSGIngressCidrIp')]", + "sourcePortRange": "*", + "destinationAddressPrefix": "*" + } + } + ] + } + }, + { + "type": "Microsoft.Network/virtualNetworks/subnets", + "apiVersion": "2022-07-01", + "name": "[format('{0}/{1}', parameters('openShiftClustervnetId'), variables('vNetSubnetName'))]", + "location": "[parameters('location')]", + "dependsOn": [ + "[resourceId(parameters('vnetIdResourceGroup'),'Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName2'))]" + ], + "properties": { + "addressPrefix": "[variables('vNetSubnetAddressPrefix')]", + "networkSecurityGroup": { + "id": "[resourceId(parameters('vnetIdResourceGroup'),'Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName2'))]" + } } } - } - ] + ] + } } }, { @@ -375,7 +396,7 @@ "location": "[parameters('location')]", "dependsOn": [ "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName'))]", - "[resourceId('Microsoft.Network/virtualNetworks', variables('vNetName'))]", + "existingvnetTemplate", "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName'))]" ], "properties": { @@ -388,7 +409,7 @@ "id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName'))]" }, "subnet": { - "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('vNetName'), variables('vNetSubnetName'))]" + "id": "[resourceId(parameters('vnetIdResourceGroup'),'Microsoft.Network/virtualNetworks/subnets', parameters('openShiftClustervnetId'), variables('vNetSubnetName'))]" } } } @@ -429,7 +450,9 @@ { "location": { "fileSystemLocations": { - "linuxFileTypeLogPaths": [ "/root/ansible-devops/multicloud-bootstrap/mas-provisioning.log" ] + "linuxFileTypeLogPaths": [ + "/root/ansible-devops/multicloud-bootstrap/mas-provisioning.log" + ] } }, "recordDelimiter": { @@ -518,33 +541,27 @@ "typeHandlerVersion": "2.0", "autoUpgradeMinorVersion": true, "protectedSettings": { - "commandToExecute": "[concat('sleep 120;', 'cd /root/ansible-devops/multicloud-bootstrap;', './init-async.sh azure ''', parameters('offeringType'), ''' ''', parameters('location'), ''' null ''', parameters('clusterSize'), ''' ''', variables('projectName'), ''' ''', parameters('publicDomain'), ''' null ''', parameters('sshPublicKey'), ''' null ''', parameters('entitledRegistryKey'), ''' ''', parameters('openShiftPullSecret'), ''' ''', parameters('masLicenseUrl'), ''' ''', parameters('slsEndpointUrl'), ''' ''', parameters('slsRegistrationKey'), ''' ''', parameters('slsPublicCertificateUrl'), ''' ''', parameters('udsEndpointUrl'), ''' ''', parameters('udsAPIKey'), ''' ''', parameters('udsPublicCertificateUrl'), ''' ''', parameters('masManageDBUser'), ''' ''', parameters('masManageDBPassword'), ''' ''', parameters('masManageDBJdbcUrl'), ''' ''', parameters('masManageDBCertificateUrl'), ''' ''', parameters('importDemoData'), ''' '''' '''' '''' ''', variables('rgName'), ''' ''', parameters('emailNotification'), ''' ''', parameters('notificattionEmailAddress'), ''' ''', parameters('smtpHost'), ''' ''', parameters('smtpPort'), ''' ''', parameters('smtpUsername'), ''' ''', parameters('smtpPassword'), ''' ''', parameters('azureServicePrincipalClientId'), ''' ''', parameters('azureServicePrincipalClientSecret'), ''' ''', variables('seller_subscription_id'), ''' ''', parameters('azureServicePrincipalTenantId'), ''' null null ''', parameters('openShiftClustervnetId'), ''' '''' null null null null null null null ''', parameters('operationalMode'), ''' dev ''', ''' > mas-provisioning.log 2>&1;')]" - } + "commandToExecute": "[concat('sleep 120;', 'cd /root/ansible-devops/multicloud-bootstrap;', './init-async.sh azure ''', parameters('offeringType'), ''' ''', parameters('location'), ''' null ''', parameters('clusterSize'), ''' ''', variables('projectName'), ''' ''', parameters('HostedDomain'), ''' null ''', parameters('sshPublicKey'), ''' null ''', parameters('entitledRegistryKey'), ''' ''', parameters('openShiftPullSecret'), ''' ''', parameters('masLicenseUrl'), ''' ''', parameters('slsEndpointUrl'), ''' ''', parameters('slsRegistrationKey'), ''' ''', parameters('slsPublicCertificateUrl'), ''' ''', parameters('udsEndpointUrl'), ''' ''', parameters('udsAPIKey'), ''' ''', parameters('udsPublicCertificateUrl'), ''' ''', parameters('masManageDBUser'), ''' ''', parameters('masManageDBPassword'), ''' ''', parameters('masManageDBJdbcUrl'), ''' ''', parameters('masManageDBCertificateUrl'), ''' ''', parameters('importDemoData'), ''' '''' '''' '''' ''', variables('rgName'), ''' ''', parameters('emailNotification'), ''' ''', parameters('notificattionEmailAddress'), ''' ''', parameters('smtpHost'), ''' ''', parameters('smtpPort'), ''' ''', parameters('smtpUsername'), ''' ''', parameters('smtpPassword'), ''' ''', parameters('azureServicePrincipalClientId'), ''' ''', parameters('azureServicePrincipalClientSecret'), ''' ''', variables('seller_subscription_id'), ''' ''', parameters('azureServicePrincipalTenantId'), ''' null null null null ''', parameters('openShiftClustervnetId'), ''' '''' null null null null null null ''', parameters('privateCluster'),''' ''' ,parameters('operationalMode'), ''' '''' '''' '''' '''' '''' '''' '''' '''' dev ''', ''' > mas-provisioning.log 2>&1;')]" + } } } ] }, { "type": "Microsoft.Compute/virtualMachines/extensions", - "apiVersion": "2022-08-01", - "name": "[concat(variables('vmName'),'/', 'OMSExtension')]", + "apiVersion": "2021-11-01", + "name": "[format('{0}/AzureMonitorLinuxAgent', variables('vmName'))]", "location": "[parameters('location')]", "dependsOn": [ "[resourceId('Microsoft.Compute/virtualMachines', variables('vmName'))]", "[resourceId('Microsoft.OperationalInsights/workspaces', variables('logAnalyticsWorkspace'))]" ], "properties": { - "publisher": "Microsoft.EnterpriseCloud.Monitoring", - "type": "OmsAgentForLinux", - "typeHandlerVersion": "1.4", + "publisher": "Microsoft.Azure.Monitor", + "type": "AzureMonitorLinuxAgent", + "typeHandlerVersion": "1.21", "autoUpgradeMinorVersion": true, - "settings": { - "workspaceId": "[reference(variables('logAnalyticsWorkspaceId'), '2021-06-01').customerId]", - "stopOnMultipleConnections": true - }, - "protectedSettings": { - "workspaceKey": "[listKeys(variables('logAnalyticsWorkspaceId'), '2021-06-01').primarySharedKey]" - } + "enableAutomaticUpgrade": true } }, { @@ -588,23 +605,23 @@ }, "openShiftConsoleUrl": { "type": "string", - "value": "[uri(concat('https://console-openshift-console.apps.masocp-', variables('projectName'), '.', parameters('publicDomain')), '')]" + "value": "[uri(concat('https://console-openshift-console.apps.masocp-', variables('projectName'), '.', parameters('HostedDomain')), '')]" }, "openShiftApiUrl": { "type": "string", - "value": "[uri(concat('https://api.masocp-', variables('projectName'), '.', parameters('publicDomain')), '')]" + "value": "[uri(concat('https://api.masocp-', variables('projectName'), '.', parameters('HostedDomain')), '')]" }, "masInitialSetupUrl": { "type": "string", - "value": "[uri(concat('https://admin.', variables('projectName'), '.apps.masocp-', variables('projectName'), '.', parameters('publicDomain'), '/initialsetup'), '')]" + "value": "[uri(concat('https://admin.', variables('projectName'), '.apps.masocp-', variables('projectName'), '.', parameters('HostedDomain'), '/initialsetup'), '')]" }, "masAdminUrl": { "type": "string", - "value": "[uri(concat('https://admin.', variables('projectName'), '.apps.masocp-', variables('projectName'), '.', parameters('publicDomain')), '')]" + "value": "[uri(concat('https://admin.', variables('projectName'), '.apps.masocp-', variables('projectName'), '.', parameters('HostedDomain')), '')]" }, "masWorkspaceUrl": { "type": "string", - "value": "[uri(concat('https://wsmasocp.home.', variables('projectName'), '.apps.masocp-', variables('projectName'), '.', parameters('publicDomain')), '')]" + "value": "[uri(concat('https://wsmasocp.home.', variables('projectName'), '.apps.masocp-', variables('projectName'), '.', parameters('HostedDomain')), '')]" } } -} \ No newline at end of file +} diff --git a/azure/master-arm/byol-upi/mainTemplate.json b/azure/master-arm/byol-upi/mainTemplate.json index b61ddba4..f5dbfc7c 100644 --- a/azure/master-arm/byol-upi/mainTemplate.json +++ b/azure/master-arm/byol-upi/mainTemplate.json @@ -1,589 +1,605 @@ { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "location": { - "type": "string", - "metadata": { - "description": "Azure region where bootnode and OpenShift cluster resources to be deployed" - }, - "defaultValue": "[resourceGroup().location]" - }, - "adminUserName": { - "type": "string", - "metadata": { - "description": "adminUserName" - }, - "defaultValue": "azureuser", - "allowedValues": [ - "azureuser" - ] - }, - "vmSize": { - "type": "string", - "metadata": { - "description": "vmSize." - }, - "defaultValue": "Standard_D2s_v3", - "allowedValues": [ - "Standard_D2s_v3" - ] - }, - "offeringType": { - "type": "string", - "metadata": { - "description": "Select your preferred Suite offering type." - }, - "defaultValue": "MAS Core + Cloud Pak for Data", - "allowedValues": [ - "MAS Core + Cloud Pak for Data", - "MAS Core + Manage (no Cloud Pak for Data)" - ] - }, - "publicDomain": { - "type": "string", - "metadata": { - "description": "Provide the public App Service domain that you created in the App Service Domains, for example: mas4aws.myorg.com" - }, - "defaultValue": "" - }, - "bootnodeSGIngressCidrIp": { - "type": "string", - "defaultValue": "0.0.0.0/0", - "metadata": { - "description": "Use CIDR notation to enter the IP addresses that can access the bootnode. For example, 192.12.33.3/32. To allow access from all IP addresses, enter 0.0.0.0/0." - } + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "string", + "metadata": { + "description": "Azure region where bootnode and OpenShift cluster resources to be deployed" }, - "clusterSize": { - "type": "string", - "metadata": { - "description": "Select your preferred cluster size. All master nodes (M) are Standard_D8s_v3 virtual machines. All worker nodes (W) are Standard_D16s_v3 instances. Choose from: small (3M, 3W, total memory: 288GB), medium (3M, 5W, total memory: 416GB), or large (5M, 7W, total memory: 608GB)." - }, - "defaultValue": "small", - "allowedValues": [ - "small", - "medium", - "large" - ] + "defaultValue": "[resourceGroup().location]" + }, + "adminUserName": { + "type": "string", + "metadata": { + "description": "adminUserName" }, - "entitledRegistryKey": { - "type": "secureString", - "defaultValue": "", - "metadata": { - "description": "Enter the registry key that you downloaded from the IBM Container Library." - } + "defaultValue": "azureuser", + "allowedValues": [ + "azureuser" + ] + }, + "vmSize": { + "type": "string", + "metadata": { + "description": "vmSize." }, - "openShiftPullSecret": { - "type": "secureString", - "defaultValue": "", - "metadata": { - "description": "Enter the JSON text from the pull secret file that you downloaded from the Red Hat Hybrid Cloud Console." - } + "defaultValue": "Standard_D2s_v3", + "allowedValues": [ + "Standard_D2s_v3" + ] + }, + "offeringType": { + "type": "string", + "metadata": { + "description": "Select your preferred Suite offering type.For MAS Core + Manage: If db2 values are not provided,db2 will be internally deployed." + }, + "defaultValue": "MAS Core + Cloud Pak for Data", + "allowedValues": [ + "MAS Core + Cloud Pak for Data", + "MAS Core + Manage (no Cloud Pak for Data)" + ] + }, + "HostedDomain": { + "type": "string", + "metadata": { + "description": "Provide the public App Service domain /Private DNS zones that you created in the App Service Domains /Private DNS zones, for example: mas4azure.com" }, - "masLicenseUrl": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Enter the URL (preferebly with SAS token) of your Suite license key file kept on the Blob storage, for example: https://masocpstgaccount.blob.core.windows.net/masocpcontainer/entitlement.lic?[blob-sas-token] (Applicable only for BYOL product)" + "defaultValue": "" + }, + "bootnodeSGIngressCidrIp": { + "type": "string", + "defaultValue": "0.0.0.0/0", + "metadata": { + "description": "Use CIDR notation to enter the IP addresses that can access the bootnode. For example, 192.12.33.3/32. To allow access from all IP addresses, enter 0.0.0.0/0." } + }, + "clusterSize": { + "type": "string", + "metadata": { + "description": "Select your preferred cluster size. All master nodes (M) are Standard_D8s_v3 virtual machines. All worker nodes (W) are Standard_D16s_v3 instances. Choose from: small (3M, 3W, total memory: 288GB), medium (3M, 5W, total memory: 416GB), or large (5M, 7W, total memory: 608GB)." + }, + "defaultValue": "small", + "allowedValues": [ + "small", + "medium", + "large" + ] + }, + "entitledRegistryKey": { + "type": "secureString", + "defaultValue": "", + "metadata": { + "description": "Enter the registry key that you downloaded from the IBM Container Library." + } + }, + "openShiftPullSecret": { + "type": "secureString", + "defaultValue": "", + "metadata": { + "description": "Enter the JSON text from the pull secret file that you downloaded from the Red Hat Hybrid Cloud Console." + } + }, + "masLicenseUrl": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Enter the URL (preferebly with SAS token) of your Suite license key file kept on the Blob storage, for example: https://masocpstgaccount.blob.core.windows.net/masocpcontainer/entitlement.lic?[blob-sas-token] (Applicable only for BYOL product)" + } + }, + "operationalMode": { + "type": "string", + "defaultValue": "Production", + "metadata": { + "description": "Non-production installations can be used for internal development and testing activities only." + }, + "allowedValues": [ + "Production", + "Non-production" + ] + }, + "masManageDBUser": { + "type": "string", + "metadata": { + "description": "Enter the username that the Maximo Manage application uses to connect to the database." }, - "operationalMode": { - "type": "string", - "defaultValue": "Production", - "metadata": { - "description": "Non-production installations can be used for internal development and testing activities only." - }, - "allowedValues": [ - "Production", - "Non-production" - ] - }, - "masManageDBUser": { - "type": "string", - "metadata": { - "description": "Enter the username that the Maximo Manage application uses to connect to the database." - }, - "defaultValue": "" - }, - "masManageDBPassword": { - "type": "secureString", - "metadata": { - "description": "Enter the password that the Maximo Manage application uses to connect to the database." - }, - "defaultValue": "" - }, - "masManageDBJdbcUrl": { - "type": "string", - "metadata": { - "description": "Enter the URL location of the database that the Maximo Manage application connects to, for example: jdbc:db2://1.2.3.4:50051/FTMDB:sslConnection=true;" - }, - "defaultValue": "" - }, - "masManageDBCertificateUrl": { - "type": "string", - "metadata": { - "description": "Enter the Blob SAS location of the database's public certificate, for example: s3://masocp-license/db-certificate.crt" - }, - "defaultValue": "" - }, - "importDemoData": { - "type": "string", - "metadata": { - "description": "Indicate whether you want to import demo data into the database. This might be useful for development or test environments." - }, - "defaultValue": "false", - "allowedValues": [ - "true", - "false" - ] - }, - "sshPublicKey": { - "type": "string", - "defaultValue": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZsnnoLyMnmObhjDLHNh9ksowEb1dV1eb8Ssw7vdzLFoWVf+Upm1xtH2vOybaDfE/rES+aQIsjrKhwlGM+o2ViM9skQJIX/34/gzt3r+SUG4bzRvAtmPofAoQTrvRKWwL47K8nNPVcqHoV1TMEL9R+F8UTwQGbhz5FuxEt0eReOBCxNQnuLPLChawaml7LSNNaRka6tBQ/QeA/oJdo82sn/tpNZFNivOn8+fo+HNQPvirFJKLmsiER2HFuhH6p3wHYA1IMqzzOcWv52cRRIONyowyPbuCCVzbdXSHWt2JtcyvkwAqc2a5DuhxTeioYP+xAij9r/Xkc/x94sXAsAJtz imported-openssh-key", - "metadata": { - "description": "Provide the public SSH key that you want to add to the bootnode, bastion host and cluster nodes." - } - }, - "slsEndpointUrl": { - "type": "string", - "metadata": { - "description": "Enter the endpoint URL that you retrieved from the 'masocp-' OpenShift route in the SLS namespace (ibm-sls-). URL should not have slash (/) at the end." - }, - "defaultValue": "" - }, - "slsRegistrationKey": { - "type": "string", - "metadata": { - "description": "Enter the 'status.registrationKey' value that you retrieved from the LicenseService instance YAML in the SLS namespace (ibm-sls-)." - }, - "defaultValue": "" + "defaultValue": "" + }, + "masManageDBPassword": { + "type": "secureString", + "metadata": { + "description": "Enter the password that the Maximo Manage application uses to connect to the database." }, - "slsPublicCertificateUrl": { - "type": "string", - "metadata": { - "description": "Enter the URL (preferebly with SAS token) of the service's public certificate that you retrieved from the 'ca.crt' file in the '-sls-cfg' secret in the MAS core namespace (mas--core)." - }, - "defaultValue": "" + "defaultValue": "" + }, + "masManageDBJdbcUrl": { + "type": "string", + "metadata": { + "description": "Enter the URL location of the database that the Maximo Manage application connects to, for example: jdbc:db2://1.2.3.4:50051/FTMDB:sslConnection=true;" }, - "udsEndpointUrl": { - "type": "string", - "metadata": { - "description": "Enter the endpoint URL that you retrieved from the 'uds-endpoint' OpenShift route in the ibm-common-services namespace. URL should not have slash (/) at the end." - }, - "defaultValue": "" + "defaultValue": "" + }, + "masManageDBCertificateUrl": { + "type": "string", + "metadata": { + "description": "Enter the Blob SAS location of the database's public certificate, for example: s3://masocp-license/db-certificate.crt" }, - "udsAPIKey": { - "type": "string", - "metadata": { - "description": "Enter the service's API key that you retrieved from the 'uds-api-key' secret in the ibm-common-services namespace." - }, - "defaultValue": "" + "defaultValue": "" + }, + "importDemoData": { + "type": "string", + "metadata": { + "description": "Indicate whether you want to import demo data into the database. This might be useful for development or test environments." + }, + "defaultValue": "false", + "allowedValues": [ + "true", + "false" + ] + }, + "sshPublicKey": { + "type": "string", + "defaultValue": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZsnnoLyMnmObhjDLHNh9ksowEb1dV1eb8Ssw7vdzLFoWVf+Upm1xtH2vOybaDfE/rES+aQIsjrKhwlGM+o2ViM9skQJIX/34/gzt3r+SUG4bzRvAtmPofAoQTrvRKWwL47K8nNPVcqHoV1TMEL9R+F8UTwQGbhz5FuxEt0eReOBCxNQnuLPLChawaml7LSNNaRka6tBQ/QeA/oJdo82sn/tpNZFNivOn8+fo+HNQPvirFJKLmsiER2HFuhH6p3wHYA1IMqzzOcWv52cRRIONyowyPbuCCVzbdXSHWt2JtcyvkwAqc2a5DuhxTeioYP+xAij9r/Xkc/x94sXAsAJtz imported-openssh-key", + "metadata": { + "description": "Provide the public SSH key that you want to add to the bootnode, bastion host and cluster nodes." + } + }, + "slsEndpointUrl": { + "type": "string", + "metadata": { + "description": "Enter the endpoint URL that you retrieved from the 'masocp-' OpenShift route in the SLS namespace (ibm-sls-). URL should not have slash (/) at the end." }, - "udsPublicCertificateUrl": { - "type": "string", - "metadata": { - "description": "Enter the URL (preferebly with SAS token) of the service's public certificate that you retrieved from the 'ca-bundle.pem' file in the '-uds-cfg' route in the MAS core namespace." - }, - "defaultValue": "" + "defaultValue": "" + }, + "slsRegistrationKey": { + "type": "string", + "metadata": { + "description": "Enter the 'status.registrationKey' value that you retrieved from the LicenseService instance YAML in the SLS namespace (ibm-sls-)." }, - "azureServicePrincipalClientId": { - "type": "string", - "defaultValue": "1bc717ac-ea87-4011-ac59-21e6942a2e2f", - "metadata": { - "description": "Enter Azure service principal client Id." - } + "defaultValue": "" + }, + "slsPublicCertificateUrl": { + "type": "string", + "metadata": { + "description": "Enter the URL (preferebly with SAS token) of the service's public certificate that you retrieved from the 'ca.crt' file in the '-sls-cfg' secret in the MAS core namespace (mas--core)." }, - "azureServicePrincipalClientSecret": { - "type": "secureString", - "defaultValue": "", - "metadata": { - "description": "Enter Azure service principal client secret." - } + "defaultValue": "" + }, + "udsEndpointUrl": { + "type": "string", + "metadata": { + "description": "Enter the endpoint URL that you retrieved from the 'uds-endpoint' OpenShift route in the ibm-common-services namespace. URL should not have slash (/) at the end." }, - "azureServicePrincipalTenantId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Enter Azure service principal tenant id." - } + "defaultValue": "" + }, + "udsAPIKey": { + "type": "string", + "metadata": { + "description": "Enter the service's API key that you retrieved from the 'uds-api-key' secret in the ibm-common-services namespace." }, - "emailNotification": { - "type": "string", - "metadata": { - "description": "Indicate whether you want to receive emails that contain the connection details and credentials for the Suite. These emails are sent using the provided SMTP server details." - }, - "defaultValue": "false", - "allowedValues": [ - "true", - "false" - ] + "defaultValue": "" + }, + "udsPublicCertificateUrl": { + "type": "string", + "metadata": { + "description": "Enter the URL (preferebly with SAS token) of the service's public certificate that you retrieved from the 'ca-bundle.pem' file in the '-uds-cfg' route in the MAS core namespace." }, - "openShiftClustervnetId": { - "type": "string", - "metadata": { + "defaultValue": "" + }, + "azureServicePrincipalClientId": { + "type": "string", + "defaultValue": "1bc717ac-ea87-4011-ac59-21e6942a2e2f", + "metadata": { + "description": "Enter Azure service principal client Id." + } + }, + "azureServicePrincipalClientSecret": { + "type": "secureString", + "defaultValue": "", + "metadata": { + "description": "Enter Azure service principal client secret." + } + }, + "azureServicePrincipalTenantId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Enter Azure service principal tenant id." + } + }, + "privateCluster": { + "defaultValue": "false", + "allowedValues": [ + "true", + "false" + ], + "type": "string", + "metadata": { + "description": "Select true to create a private OpenShift cluster." + } + }, + "openShiftClustervnetId": { + "defaultValue": "", + "type": "string", + "metadata": { "description": "Enter the existing VNet name to create the OpenShift cluster resources into (required for UPI mode deployment)." - }, - "defaultValue": "" - }, - "smtpHost": { - "type": "string", - "metadata": { - "description": "Hostname of IP address of the SMTP server." - }, - "defaultValue": "smtp.mailgun.org" - }, - "smtpPort": { - "type": "string", - "metadata": { - "description": "Port of the SMTP server." - }, - "defaultValue": "587" - }, - "smtpUsername": { - "type": "string", - "metadata": { - "description": "Username to be used with SMTP server." - }, - "defaultValue": "postmaster@sandbox3978ba24a60744d190234c38b5135dfb.mailgun.org" + } + }, + "vnetIdResourceGroup": { + "defaultValue": "", + "type": "string", + "metadata": { + "description": "Enter resource group of openShiftClustervnetId : (required for UPI mode deployment)." + } + }, + "emailNotification": { + "type": "string", + "metadata": { + "description": "Indicate whether you want to receive emails that contain the connection details and credentials for the Suite. These emails are sent using the provided SMTP server details." + }, + "defaultValue": "false", + "allowedValues": [ + "true", + "false" + ] + }, + "smtpHost": { + "type": "string", + "metadata": { + "description": "Hostname of IP address of the SMTP server." }, - "smtpPassword": { - "type": "secureString", - "metadata": { - "description": "Password to be used with SMTP server." - }, - "defaultValue": "" + "defaultValue": "smtp.mailgun.org" + }, + "smtpPort": { + "type": "string", + "metadata": { + "description": "Port of the SMTP server." }, - "notificattionEmailAddress": { - "type": "string", - "metadata": { - "description": "Email address to send email to. If empty, no email will be sent." - }, - "defaultValue": "" + "defaultValue": "587" + }, + "smtpUsername": { + "type": "string", + "metadata": { + "description": "Username to be used with SMTP server." } }, - "variables": { - "seller_subscription_id": "b2ca5467-2502-4b05-b78e-744604c6531d", - "projectName": "[concat('u',substring(uniqueString(resourceGroup().id, deployment().name), 0, 5))]", - "rgName": "[resourceGroup().name]", - "vNetName": "[concat(variables('projectName'), '-vnet')]", - "vNetAddressPrefixes": "10.0.0.0/16", - "vNetSubnetName": "default", - "vNetSubnetAddressPrefix": "10.0.0.0/24", - "logAnalyticsWorkspace": "[concat('masocp-', variables('projectName'), '-logAnalyticsWorkspace')]", - "logAnalyticsWorkspaceId": "[resourceId('Microsoft.OperationalInsights/workspaces', variables('logAnalyticsWorkspace'))]", - "vmName": "[concat('masocp-', variables('projectName'), '-bootnode-vm')]", - "publicIPAddressName": "[concat(variables('projectName'), '-ip')]", - "networkInterfaceName": "[concat(variables('projectName'), '-nic')]", - "networkSecurityGroupName": "[concat(variables('projectName'), '-nsg')]", - "networkSecurityGroupName2": "[concat(variables('vNetSubnetName'), '-nsg')]", - "storageaccountName": "[concat('masocp', variables('projectName'),'stgaccount')]" - }, - "resources": [ - { - "type": "Microsoft.Network/networkSecurityGroups", - "apiVersion": "2022-07-01", - "name": "[variables('networkSecurityGroupName')]", - "location": "[parameters('location')]", - "properties": { - "securityRules": [ - { - "name": "ssh_rule", - "properties": { - "description": "Locks inbound down to ssh default port 22.", - "protocol": "Tcp", - "sourcePortRange": "*", - "destinationPortRange": "22", - "sourceAddressPrefix": "[parameters('bootnodeSGIngressCidrIp')]", - "destinationAddressPrefix": "*", - "access": "Allow", - "priority": 123, - "direction": "Inbound" - } - } - ] - } + "smtpPassword": { + "type": "secureString", + "metadata": { + "description": "Password to be used with SMTP server." }, - { - "type": "Microsoft.Network/publicIPAddresses", - "apiVersion": "2022-07-01", - "name": "[variables('publicIPAddressName')]", - "location": "[parameters('location')]", - "properties": { - "publicIPAllocationMethod": "Dynamic" - }, - "sku": { - "name": "Basic" - } + "defaultValue": "" + }, + "notificattionEmailAddress": { + "type": "string", + "metadata": { + "description": "Email address to send email to. If empty, no email will be sent." }, - { - "comments": "Simple Network Security Group for subnet [variables('vNetSubnetName')]", - "type": "Microsoft.Network/networkSecurityGroups", - "apiVersion": "2022-07-01", - "name": "[variables('networkSecurityGroupName2')]", - "location": "[parameters('location')]", - "properties": { - "securityRules": [ + "defaultValue": "" + } + }, + "variables": { + "seller_subscription_id": "b2ca5467-2502-4b05-b78e-744604c6531d", + "projectName": "[concat('u',substring(uniqueString(resourceGroup().id, deployment().name), 0, 5))]", + "rgName": "[resourceGroup().name]", + "vNetSubnetName": "[concat('masocp-', variables('projectName'), '-bootnodeSubnet')]", + "vNetSubnetAddressPrefix": "10.0.4.0/24", + "logAnalyticsWorkspace": "[concat('masocp-', variables('projectName'), '-logAnalyticsWorkspace')]", + "logAnalyticsWorkspaceId": "[resourceId('Microsoft.OperationalInsights/workspaces', variables('logAnalyticsWorkspace'))]", + "vmName": "[concat('masocp-', variables('projectName'), '-bootnode-vm')]", + "publicIPAddressName": "[concat(variables('projectName'), '-ip')]", + "networkInterfaceName": "[concat(variables('projectName'), '-nic')]", + "networkSecurityGroupName": "[concat(variables('projectName'), '-nsg')]", + "networkSecurityGroupName2": "bootnodeSubnet-nsg", + "storageaccountName": "[concat('masocp', variables('projectName'),'stgaccount')]" + }, + "resources": [ + { + "type": "Microsoft.Network/networkSecurityGroups", + "apiVersion": "2022-07-01", + "name": "[variables('networkSecurityGroupName')]", + "location": "[parameters('location')]", + "properties": { + "securityRules": [ + { + "name": "ssh_rule", + "properties": { + "description": "Locks inbound down to ssh default port 22.", + "protocol": "Tcp", + "sourcePortRange": "*", + "destinationPortRange": "22", + "sourceAddressPrefix": "[parameters('bootnodeSGIngressCidrIp')]", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 123, + "direction": "Inbound" + } + } + ] + } + }, + { + "type": "Microsoft.Network/publicIPAddresses", + "apiVersion": "2022-07-01", + "name": "[variables('publicIPAddressName')]", + "location": "[parameters('location')]", + "properties": { + "publicIPAllocationMethod": "Dynamic" + }, + "sku": { + "name": "Basic" + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "existingvnetTemplate", + "resourceGroup": "[parameters('vnetIdResourceGroup')]", + "subscriptionid": "[variables('seller_subscription_id')]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": {}, + "variables": {}, + "resources": [ { - "name": "default-allow-22", + "type": "Microsoft.Network/networkSecurityGroups", + "apiVersion": "2022-07-01", + "name": "[variables('networkSecurityGroupName2')]", + "location": "[parameters('location')]", "properties": { - "priority": 1000, - "access": "Allow", - "direction": "Inbound", - "destinationPortRange": "22", - "protocol": "Tcp", - "sourceAddressPrefix": "[parameters('bootnodeSGIngressCidrIp')]", - "sourcePortRange": "*", - "destinationAddressPrefix": "*" + "securityRules": [ + { + "name": "default-allow-22", + "properties": { + "priority": 1000, + "access": "Allow", + "direction": "Inbound", + "destinationPortRange": "22", + "protocol": "Tcp", + "sourceAddressPrefix": "[parameters('bootnodeSGIngressCidrIp')]", + "sourcePortRange": "*", + "destinationAddressPrefix": "*" + } + } + ] } - } - ] - } - }, - { - "type": "Microsoft.Network/virtualNetworks", - "apiVersion": "2022-07-01", - "name": "[variables('vNetName')]", - "location": "[parameters('location')]", - "dependsOn": [ - "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName2'))]" - ], - "properties": { - "addressSpace": { - "addressPrefixes": [ - "[variables('vNetAddressPrefixes')]" - ] - }, - "subnets": [ + }, { - "name": "[variables('vNetSubnetName')]", + "type": "Microsoft.Network/virtualNetworks/subnets", + "apiVersion": "2022-07-01", + "name": "[format('{0}/{1}', parameters('openShiftClustervnetId'), variables('vNetSubnetName'))]", + "location": "[parameters('location')]", + "dependsOn": [ + "[resourceId(parameters('vnetIdResourceGroup'),'Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName2'))]" + ], "properties": { "addressPrefix": "[variables('vNetSubnetAddressPrefix')]", "networkSecurityGroup": { - "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName2'))]" - } - } - } - ] - } - }, - { - "type": "Microsoft.Network/networkInterfaces", - "apiVersion": "2022-07-01", - "name": "[variables('networkInterfaceName')]", - "location": "[parameters('location')]", - "dependsOn": [ - "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName'))]", - "[resourceId('Microsoft.Network/virtualNetworks', variables('vNetName'))]", - "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName'))]" - ], - "properties": { - "ipConfigurations": [ - { - "name": "ipconfig1", - "properties": { - "privateIPAllocationMethod": "Dynamic", - "publicIPAddress": { - "id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName'))]" - }, - "subnet": { - "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('vNetName'), variables('vNetSubnetName'))]" + "id": "[resourceId(parameters('vnetIdResourceGroup'),'Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName2'))]" } } } ] } - }, - { - "type": "Microsoft.OperationalInsights/workspaces", - "apiVersion": "2021-06-01", - "name": "[variables('logAnalyticsWorkspace')]", - "location": "[parameters('location')]", - "properties": { - "sku": { - "name": "pergb2018" - }, - "features": { - "enableLogAccessUsingOnlyResourcePermissions": true - }, - "workspaceCapping": { - "dailyQuotaGb": -1 - }, - "publicNetworkAccessForIngestion": "Enabled", - "publicNetworkAccessForQuery": "Enabled" - }, - "resources": [ + } + }, + { + "type": "Microsoft.Network/networkInterfaces", + "apiVersion": "2022-07-01", + "name": "[variables('networkInterfaceName')]", + "location": "[parameters('location')]", + "dependsOn": [ + "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName'))]", + "existingvnetTemplate", + "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName'))]" + ], + "properties": { + "ipConfigurations": [ { - "apiVersion": "2020-08-01", - "type": "dataSources", - "name": "BootNode-Logs", - "dependsOn": [ - "[resourceId('Microsoft.OperationalInsights/workspaces', variables('logAnalyticsWorkspace'))]" - ], - "kind": "CustomLog", + "name": "ipconfig1", "properties": { - "customLogName": "masProvisioningLogs", - "description": "This collects azure deployment logs i.e. custom logs inside log analytics workspace", - "inputs": [ - { - "location": { - "fileSystemLocations": { - "linuxFileTypeLogPaths": [ "/root/ansible-devops/multicloud-bootstrap/mas-provisioning.log" ] - } - }, - "recordDelimiter": { - "regexDelimiter": { - "pattern": "\\n", - "matchIndex": 0, - "numberdGroup": "[json('null')]" - } - } - } - ], - "extractions": [ - { - "extractionName": "TimeGenerated", - "extractionType": "DateTime", - "extractionProperties": { - "dateTimeExtraction": { - "regex": "[json('null')]", - "joinStringRegex": "[json('null')]" - } - } - } - ] + "privateIPAllocationMethod": "Dynamic", + "publicIPAddress": { + "id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName'))]" + }, + "subnet": { + "id": "[resourceId(parameters('vnetIdResourceGroup'),'Microsoft.Network/virtualNetworks/subnets', parameters('openShiftClustervnetId'), variables('vNetSubnetName'))]" + } } } ] - }, - { - "type": "Microsoft.Compute/virtualMachines", - "apiVersion": "2022-08-01", - "name": "[variables('vmName')]", - "location": "[parameters('location')]", - "dependsOn": [ - "[resourceId('Microsoft.Network/networkInterfaces', variables('networkInterfaceName'))]" - ], - "plan": { - "name": "ibm-maximo-vm-offer-byol", - "publisher": "ibm-usa-ny-armonk-hq-6275750-ibmcloud-asperia", - "product": "ibm-maximo-vm-offer" - }, - "properties": { - "hardwareProfile": { - "vmSize": "[parameters('vmSize')]" - }, - "osProfile": { - "computerName": "[variables('vmName')]", - "adminUsername": "[parameters('adminUserName')]", - "linuxConfiguration": { - "disablePasswordAuthentication": true, - "ssh": { - "publicKeys": [ - { - "path": "[concat('/home/azureuser', '/.ssh/authorized_keys')]", - "keyData": "[parameters('sshPublicKey')]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces", + "apiVersion": "2021-06-01", + "name": "[variables('logAnalyticsWorkspace')]", + "location": "[parameters('location')]", + "properties": { + "sku": { + "name": "pergb2018" + }, + "features": { + "enableLogAccessUsingOnlyResourcePermissions": true + }, + "workspaceCapping": { + "dailyQuotaGb": -1 + }, + "publicNetworkAccessForIngestion": "Enabled", + "publicNetworkAccessForQuery": "Enabled" + }, + "resources": [ + { + "apiVersion": "2020-08-01", + "type": "dataSources", + "name": "BootNode-Logs", + "dependsOn": [ + "[resourceId('Microsoft.OperationalInsights/workspaces', variables('logAnalyticsWorkspace'))]" + ], + "kind": "CustomLog", + "properties": { + "customLogName": "masProvisioningLogs", + "description": "This collects azure deployment logs i.e. custom logs inside log analytics workspace", + "inputs": [ + { + "location": { + "fileSystemLocations": { + "linuxFileTypeLogPaths": [ + "/root/ansible-devops/multicloud-bootstrap/mas-provisioning.log" + ] } - ] + }, + "recordDelimiter": { + "regexDelimiter": { + "pattern": "\\n", + "matchIndex": 0, + "numberdGroup": "[json('null')]" + } + } } - } - }, - "storageProfile": { - "imageReference": { - "offer": "ibm-maximo-vm-offer", - "publisher": "ibm-usa-ny-armonk-hq-6275750-ibmcloud-asperia", - "sku": "ibm-maximo-vm-offer-byol", - "version": "latest" - }, - "osDisk": { - "createOption": "fromImage" - } - }, - "networkProfile": { - "networkInterfaces": [ + ], + "extractions": [ { - "id": "[resourceId('Microsoft.Network/networkInterfaces', variables('networkInterfaceName'))]" + "extractionName": "TimeGenerated", + "extractionType": "DateTime", + "extractionProperties": { + "dateTimeExtraction": { + "regex": "[json('null')]", + "joinStringRegex": "[json('null')]" + } + } } ] } + } + ] + }, + { + "type": "Microsoft.Compute/virtualMachines", + "apiVersion": "2022-08-01", + "name": "[variables('vmName')]", + "location": "[parameters('location')]", + "dependsOn": [ + "[resourceId('Microsoft.Network/networkInterfaces', variables('networkInterfaceName'))]" + ], + "plan": { + "name": "ibm-maximo-vm-offer-byol", + "publisher": "ibm-usa-ny-armonk-hq-6275750-ibmcloud-asperia", + "product": "ibm-maximo-vm-offer" + }, + "properties": { + "hardwareProfile": { + "vmSize": "[parameters('vmSize')]" }, - "resources": [ - { - "apiVersion": "2022-08-01", - "type": "extensions", - "name": "config-app", - "location": "[parameters('location')]", - "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', variables('vmName'))]" - ], - "tags": { - "displayName": "config-app" - }, - "properties": { - "publisher": "Microsoft.Azure.Extensions", - "type": "CustomScript", - "typeHandlerVersion": "2.0", - "autoUpgradeMinorVersion": true, - "protectedSettings": { - "commandToExecute": "[concat('sleep 120;', 'cd /root/ansible-devops/multicloud-bootstrap;', './init-async.sh azure ''', parameters('offeringType'), ''' ''', parameters('location'), ''' null ''', parameters('clusterSize'), ''' ''', variables('projectName'), ''' ''', parameters('publicDomain'), ''' null ''', parameters('sshPublicKey'), ''' null ''', parameters('entitledRegistryKey'), ''' ''', parameters('openShiftPullSecret'), ''' ''', parameters('masLicenseUrl'), ''' ''', parameters('slsEndpointUrl'), ''' ''', parameters('slsRegistrationKey'), ''' ''', parameters('slsPublicCertificateUrl'), ''' ''', parameters('udsEndpointUrl'), ''' ''', parameters('udsAPIKey'), ''' ''', parameters('udsPublicCertificateUrl'), ''' ''', parameters('masManageDBUser'), ''' ''', parameters('masManageDBPassword'), ''' ''', parameters('masManageDBJdbcUrl'), ''' ''', parameters('masManageDBCertificateUrl'), ''' ''', parameters('importDemoData'), ''' '''' '''' '''' ''', variables('rgName'), ''' ''', parameters('emailNotification'), ''' ''', parameters('notificattionEmailAddress'), ''' ''', parameters('smtpHost'), ''' ''', parameters('smtpPort'), ''' ''', parameters('smtpUsername'), ''' ''', parameters('smtpPassword'), ''' ''', parameters('azureServicePrincipalClientId'), ''' ''', parameters('azureServicePrincipalClientSecret'), ''' ''', variables('seller_subscription_id'), ''' ''', parameters('azureServicePrincipalTenantId'), ''' null null ''', parameters('openShiftClustervnetId'), ''' '''' null null null null null null null ''', parameters('operationalMode'), ''' prod ''', ''' > mas-provisioning.log 2>&1;')]" - } + "osProfile": { + "computerName": "[variables('vmName')]", + "adminUsername": "[parameters('adminUserName')]", + "linuxConfiguration": { + "disablePasswordAuthentication": true, + "ssh": { + "publicKeys": [ + { + "path": "[concat('/home/azureuser', '/.ssh/authorized_keys')]", + "keyData": "[parameters('sshPublicKey')]" + } + ] } } - ] - }, - { - "type": "Microsoft.Compute/virtualMachines/extensions", - "apiVersion": "2022-08-01", - "name": "[concat(variables('vmName'),'/', 'OMSExtension')]", - "location": "[parameters('location')]", - "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', variables('vmName'))]", - "[resourceId('Microsoft.OperationalInsights/workspaces', variables('logAnalyticsWorkspace'))]" - ], - "properties": { - "publisher": "Microsoft.EnterpriseCloud.Monitoring", - "type": "OmsAgentForLinux", - "typeHandlerVersion": "1.4", - "autoUpgradeMinorVersion": true, - "settings": { - "workspaceId": "[reference(variables('logAnalyticsWorkspaceId'), '2021-06-01').customerId]", - "stopOnMultipleConnections": true + }, + "storageProfile": { + "imageReference": { + "offer": "ibm-maximo-vm-offer", + "publisher": "ibm-usa-ny-armonk-hq-6275750-ibmcloud-asperia", + "sku": "ibm-maximo-vm-offer-byol", + "version": "latest" }, - "protectedSettings": { - "workspaceKey": "[listKeys(variables('logAnalyticsWorkspaceId'), '2021-06-01').primarySharedKey]" + "osDisk": { + "createOption": "fromImage" } - } - }, - { - "type": "Microsoft.Storage/storageAccounts", - "apiVersion": "2022-05-01", - "name": "[variables('storageaccountName')]", - "location": "[parameters('location')]", - "sku": { - "name": "Standard_LRS" }, - "kind": "StorageV2", - "properties": { - "supportsHttpsTrafficOnly": true + "networkProfile": { + "networkInterfaces": [ + { + "id": "[resourceId('Microsoft.Network/networkInterfaces', variables('networkInterfaceName'))]" + } + ] } }, - { - "type": "Microsoft.Storage/storageAccounts/blobServices/containers", - "apiVersion": "2022-05-01", - "name": "[concat(variables('storageaccountName'), '/default/masocpcontainer')]", - "dependsOn": [ - "[resourceId('Microsoft.Storage/storageAccounts', variables('storageaccountName'))]" - ], - "properties": { - "immutableStorageWithVersioning": { - "enabled": false + "resources": [ + { + "apiVersion": "2022-08-01", + "type": "extensions", + "name": "config-app", + "location": "[parameters('location')]", + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', variables('vmName'))]" + ], + "tags": { + "displayName": "config-app" }, - "defaultEncryptionScope": "$account-encryption-key", - "denyEncryptionScopeOverride": false, - "publicAccess": "None" + "properties": { + "publisher": "Microsoft.Azure.Extensions", + "type": "CustomScript", + "typeHandlerVersion": "2.0", + "autoUpgradeMinorVersion": true, + "protectedSettings": { + "commandToExecute": "[concat('sleep 120;', 'cd /root/ansible-devops/multicloud-bootstrap;', './init-async.sh azure ''', parameters('offeringType'), ''' ''', parameters('location'), ''' null ''', parameters('clusterSize'), ''' ''', variables('projectName'), ''' ''', parameters('HostedDomain'), ''' null ''', parameters('sshPublicKey'), ''' null ''', parameters('entitledRegistryKey'), ''' ''', parameters('openShiftPullSecret'), ''' ''', parameters('masLicenseUrl'), ''' ''', parameters('slsEndpointUrl'), ''' ''', parameters('slsRegistrationKey'), ''' ''', parameters('slsPublicCertificateUrl'), ''' ''', parameters('udsEndpointUrl'), ''' ''', parameters('udsAPIKey'), ''' ''', parameters('udsPublicCertificateUrl'), ''' ''', parameters('masManageDBUser'), ''' ''', parameters('masManageDBPassword'), ''' ''', parameters('masManageDBJdbcUrl'), ''' ''', parameters('masManageDBCertificateUrl'), ''' ''', parameters('importDemoData'), ''' '''' '''' '''' ''', variables('rgName'), ''' ''', parameters('emailNotification'), ''' ''', parameters('notificattionEmailAddress'), ''' ''', parameters('smtpHost'), ''' ''', parameters('smtpPort'), ''' ''', parameters('smtpUsername'), ''' ''', parameters('smtpPassword'), ''' ''', parameters('azureServicePrincipalClientId'), ''' ''', parameters('azureServicePrincipalClientSecret'), ''' ''', variables('seller_subscription_id'), ''' ''', parameters('azureServicePrincipalTenantId'), ''' null null null null ''', parameters('openShiftClustervnetId'), ''' '''' null null null null null null ''', parameters('privateCluster'),''' ''' ,parameters('operationalMode'), ''' '''' '''' '''' '''' '''' '''' '''' '''' dev ''', ''' > mas-provisioning.log 2>&1;')]" + } + } } + ] + }, + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2021-11-01", + "name": "[format('{0}/AzureMonitorLinuxAgent', variables('vmName'))]", + "location": "[parameters('location')]", + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', variables('vmName'))]", + "[resourceId('Microsoft.OperationalInsights/workspaces', variables('logAnalyticsWorkspace'))]" + ], + "properties": { + "publisher": "Microsoft.Azure.Monitor", + "type": "AzureMonitorLinuxAgent", + "typeHandlerVersion": "1.21", + "autoUpgradeMinorVersion": true, + "enableAutomaticUpgrade": true + } + }, + { + "type": "Microsoft.Storage/storageAccounts", + "apiVersion": "2022-05-01", + "name": "[variables('storageaccountName')]", + "location": "[parameters('location')]", + "sku": { + "name": "Standard_LRS" + }, + "kind": "StorageV2", + "properties": { + "supportsHttpsTrafficOnly": true } - ], - "outputs": { + }, + { + "type": "Microsoft.Storage/storageAccounts/blobServices/containers", + "apiVersion": "2022-05-01", + "name": "[concat(variables('storageaccountName'), '/default/masocpcontainer')]", + "dependsOn": [ + "[resourceId('Microsoft.Storage/storageAccounts', variables('storageaccountName'))]" + ], + "properties": { + "immutableStorageWithVersioning": { + "enabled": false + }, + "defaultEncryptionScope": "$account-encryption-key", + "denyEncryptionScopeOverride": false, + "publicAccess": "None" + } + } + ], + "outputs": { "masCloudAutomationVersion": { "type": "string", "value": "2.0" @@ -594,23 +610,23 @@ }, "openShiftConsoleUrl": { "type": "string", - "value": "[uri(concat('https://console-openshift-console.apps.masocp-', variables('projectName'), '.', parameters('publicDomain')), '')]" + "value": "[uri(concat('https://console-openshift-console.apps.masocp-', variables('projectName'), '.', parameters('HostedDomain')), '')]" }, "openShiftApiUrl": { "type": "string", - "value": "[uri(concat('https://api.masocp-', variables('projectName'), '.', parameters('publicDomain')), '')]" + "value": "[uri(concat('https://api.masocp-', variables('projectName'), '.', parameters('HostedDomain')), '')]" }, "masInitialSetupUrl": { "type": "string", - "value": "[uri(concat('https://admin.', variables('projectName'), '.apps.masocp-', variables('projectName'), '.', parameters('publicDomain'), '/initialsetup'), '')]" + "value": "[uri(concat('https://admin.', variables('projectName'), '.apps.masocp-', variables('projectName'), '.', parameters('HostedDomain'), '/initialsetup'), '')]" }, "masAdminUrl": { "type": "string", - "value": "[uri(concat('https://admin.', variables('projectName'), '.apps.masocp-', variables('projectName'), '.', parameters('publicDomain')), '')]" + "value": "[uri(concat('https://admin.', variables('projectName'), '.apps.masocp-', variables('projectName'), '.', parameters('HostedDomain')), '')]" }, "masWorkspaceUrl": { "type": "string", - "value": "[uri(concat('https://wsmasocp.home.', variables('projectName'), '.apps.masocp-', variables('projectName'), '.', parameters('publicDomain')), '')]" + "value": "[uri(concat('https://wsmasocp.home.', variables('projectName'), '.apps.masocp-', variables('projectName'), '.', parameters('HostedDomain')), '')]" } } - } \ No newline at end of file +} diff --git a/azure/notify.sh b/azure/notify.sh index 595e1f1b..e0f54854 100755 --- a/azure/notify.sh +++ b/azure/notify.sh @@ -1,7 +1,7 @@ #!/bin/bash # This script will send email notification using SMTP details -cd $GIT_REPO_HOME/azure +cd $GIT_REPO_HOME/${CLUSTER_TYPE} SCRIPT_FILE="notify.py" if [[ $STATUS == "SUCCESS" ]]; then diff --git a/azure/ocp-terraform/azure_infra/az_resource_quota_validation.sh b/azure/ocp-terraform/azure_infra/az_resource_quota_validation.sh index e5cda6eb..7e953591 100644 --- a/azure/ocp-terraform/azure_infra/az_resource_quota_validation.sh +++ b/azure/ocp-terraform/azure_infra/az_resource_quota_validation.sh @@ -410,8 +410,8 @@ calculate_available_resource_quota() { test_check=$1_check az_quota_limit_temp=$(grep -B6 -A2 "$quota_string_pattern" $quota_usage_output_json) - az_limit=$(echo "$az_quota_limit_temp" | grep limit | awk '{gsub(/\"|\,/,"",$2)}1' | awk '{print $2}') - az_current_value=$(echo "$az_quota_limit_temp" | grep currentValue | awk '{gsub(/\"|\,/,"",$2)}1' | awk '{print $2}') + az_limit=$(echo "$az_quota_limit_temp" | grep limit | awk '{print $2}') + az_current_value=$(echo "$az_quota_limit_temp" | grep currentValue | awk '{print $2}') az_available_quota=$(echo $az_limit $az_current_value | awk '{ print $1 - $2 }') # az_available_$quota_name_quota=$az_available_quota diff --git a/azure/ocp-terraform/azure_infra/common.tf b/azure/ocp-terraform/azure_infra/common.tf index e8dfaa85..4e897afc 100644 --- a/azure/ocp-terraform/azure_infra/common.tf +++ b/azure/ocp-terraform/azure_infra/common.tf @@ -16,36 +16,3 @@ resource "azurerm_storage_account" "allnodes" { azurerm_resource_group.cpdrg, ] } - -resource "azurerm_template_deployment" "pid" { - name = "atrribute_tracking" - resource_group_name = var.resource-group - depends_on = [ - azurerm_resource_group.cpdrg, - ] - template_body = <> $SECRETFILE - ocpusername=$OCP_USERNAME - ocppassword=$OCP_PASSWORD - masusername=$MAS_USER - maspassword=$MAS_PASSWORD +uniquestring=$RANDOM_STR +ocpclusterurl=$OPENSHIFT_CLUSTER_CONSOLE_URL_NEW +ocpapiurl=$OPENSHIFT_CLUSTER_API_URL_NEW +ocpusername=$OCP_USERNAME +ocppassword=$OCP_PASSWORD +masinitialsetupurl=$MAS_URL_INIT_SETUP_NEW +masadminurl=$MAS_URL_ADMIN_NEW +masworkspaceurl=$MAS_URL_WORKSPACE_NEW +masusername=$MAS_USER +maspassword=$MAS_PASSWORD EOT elif [[ $SECRET_TYPE == "ocp" ]]; then cat <> $SECRETFILE - ocpusername=$OCP_USERNAME - ocppassword=$OCP_PASSWORD +uniquestring=$RANDOM_STR +ocpclusterurl=$OPENSHIFT_CLUSTER_CONSOLE_URL_NEW +ocpapiurl=$OPENSHIFT_CLUSTER_API_URL_NEW +ocpusername=$OCP_USERNAME +ocppassword=$OCP_PASSWORD EOT elif [[ $SECRET_TYPE == "mas" ]]; then get_mas_creds $RANDOM_STR cat <> $SECRETFILE - masusername=$MAS_USER - maspassword=$MAS_PASSWORD +uniquestring=$RANDOM_STR +masinitialsetupurl=$MAS_URL_INIT_SETUP_NEW +masadminurl=$MAS_URL_ADMIN_NEW +masworkspaceurl=$MAS_URL_WORKSPACE_NEW +masusername=$MAS_USER +maspassword=$MAS_PASSWORD EOT else log "Unsupported parameter passed" @@ -63,6 +84,9 @@ elif [[ $CLUSTER_TYPE == "azure" ]]; then fi # az keyvault secret show --name maximo-$SECRET_TYPE-secret --vault-name $vaultname log "Secret created in Azure Key Vault" +elif [[ $CLUSTER_TYPE == "gcp" ]]; then + gcloud secrets create "maximo-$SECRET_TYPE-secret-$RANDOM_STR" --data-file=$SECRETFILE + log "Secret created in GCP Secret Manager" fi # Delete the secrets file rm -rf $SECRETFILE \ No newline at end of file diff --git a/gcp/ansible-playbooks/configure-gce-pd-ssd.yaml b/gcp/ansible-playbooks/configure-gce-pd-ssd.yaml new file mode 100755 index 00000000..4233ed9f --- /dev/null +++ b/gcp/ansible-playbooks/configure-gce-pd-ssd.yaml @@ -0,0 +1,21 @@ +--- +- name: Create gce-pd-ssd storage class + hosts: localhost + gather_facts: no + tasks: + # Create storage class + - name: create gce-pd-ssd storage class + kubernetes.core.k8s: + definition: + apiVersion: storage.k8s.io/v1 + kind: StorageClass + metadata: + name: gce-pd-ssd + provisioner: kubernetes.io/gce-pd + parameters: + type: pd-ssd + volumeBindingMode: WaitForFirstConsumer + reclaimPolicy: Delete + wait: yes + + \ No newline at end of file diff --git a/gcp/ansible-playbooks/configure-storage.yaml b/gcp/ansible-playbooks/configure-storage.yaml new file mode 100755 index 00000000..21b45c52 --- /dev/null +++ b/gcp/ansible-playbooks/configure-storage.yaml @@ -0,0 +1,6 @@ +--- +- name: Configure NFS storage + hosts: localhost + gather_facts: no + roles: + - "{{ storage_type }}" diff --git a/gcp/ansible-playbooks/roles/nfs/defaults/main.yaml b/gcp/ansible-playbooks/roles/nfs/defaults/main.yaml new file mode 100755 index 00000000..7e27738e --- /dev/null +++ b/gcp/ansible-playbooks/roles/nfs/defaults/main.yaml @@ -0,0 +1,5 @@ +nfs_storage_provisioner_name: "{{ lookup('env', 'GCP_NFS_STORAGE_PROVISIONIER_NAME') | default('nfs-storage-provisioner', true) }}" +nfs_storage_provisioner_namespace: "{{ lookup('env', 'GCP_NFS_STORAGE_PROVISIONIER_NAMESPACE') | default('masocp-nfs', true) }}" +nfs_server: "{{ lookup('env', 'GCP_NFS_SERVER') }}" +file_share_name: "{{ lookup('env', 'GCP_FILE_SHARE_NAME') | default('/masocp_gcp_nfs', true) }}" +nfs_client_provisioner_replicas: "{{ lookup('env', 'GCP_NFS_CLIENT_PROVISIONER') | default('2', true) }}" \ No newline at end of file diff --git a/gcp/ansible-playbooks/roles/nfs/tasks/main.yaml b/gcp/ansible-playbooks/roles/nfs/tasks/main.yaml new file mode 100755 index 00000000..a78c2b85 --- /dev/null +++ b/gcp/ansible-playbooks/roles/nfs/tasks/main.yaml @@ -0,0 +1,68 @@ +# Debug Info +- name: "Debug information" + debug: + msg: + - "NFS server ............................. {{ nfs_server }}" + - "NFS storage provisioner name ........... {{ nfs_storage_provisioner_name }}" + - "NFS storage provisioner namespace ...... {{ nfs_storage_provisioner_namespace }}" + - "File share name ........................ {{ file_share_name }}" + - "NFS client provisioner replicas ........ {{ nfs_client_provisioner_replicas }}" + +# Check if NFS server is defined +- name: Assert that NFS server is defined + assert: + that: nfs_server is defined and nfs_server != "" + fail_msg: "nfs_server must be defined" + +# Create namespace +- name: Create namespace + kubernetes.core.k8s: + apply: yes + definition: "{{ lookup('template', 'templates/gcp/namespace.yaml.j2') }}" + wait: yes + +# Create role +- name: Create role + kubernetes.core.k8s: + apply: yes + definition: "{{ lookup('template', 'templates/gcp/role.yaml.j2') }}" + wait: yes + +# Create RBAC +- name: Create RBAC + kubernetes.core.k8s: + apply: yes + definition: "{{ lookup('template', 'templates/gcp/rbac.yaml.j2') }}" + wait: yes + +# Create admin policy +- name: Create admin policy + shell: | + oc adm policy add-role-to-user use-scc-hostmount-anyuid -z nfs-client-provisioner --role-namespace {{ nfs_storage_provisioner_namespace }} -n {{ nfs_storage_provisioner_namespace }} + +# Create deployment +- name: Create deployment + kubernetes.core.k8s: + apply: yes + definition: "{{ lookup('template', 'templates/gcp/deployment.yaml.j2') }}" + wait: yes + +# Create storage class +- name: Create storage class + kubernetes.core.k8s: + apply: yes + definition: "{{ lookup('template', 'templates/gcp/storageclass.yaml.j2') }}" + wait: yes + +# Wait for NFS client pods to be ready +- name: "Wait for NFS client pods to be ready (30s delay)" + kubernetes.core.k8s_info: + api_version: apps/v1 + name: nfs-client-provisioner + namespace: "{{ nfs_storage_provisioner_namespace }}" + kind: Deployment + register: deployment_result + until: + - deployment_result.resources[0].status.availableReplicas is defined and deployment_result.resources[0].status.availableReplicas == (nfs_client_provisioner_replicas|int) + retries: 10 # approx 5 minutes before we give up + delay: 30 # 1 minute diff --git a/gcp/ansible-playbooks/roles/nfs/templates/gcp/deployment.yaml.j2 b/gcp/ansible-playbooks/roles/nfs/templates/gcp/deployment.yaml.j2 new file mode 100755 index 00000000..e81d4a75 --- /dev/null +++ b/gcp/ansible-playbooks/roles/nfs/templates/gcp/deployment.yaml.j2 @@ -0,0 +1,39 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nfs-client-provisioner + labels: + app: nfs-client-provisioner + # replace with namespace where provisioner is deployed + namespace: "{{ nfs_storage_provisioner_namespace }}" +spec: + replicas: {{ nfs_client_provisioner_replicas }} + strategy: + type: Recreate + selector: + matchLabels: + app: nfs-client-provisioner + template: + metadata: + labels: + app: nfs-client-provisioner + spec: + serviceAccountName: nfs-client-provisioner + containers: + - name: nfs-client-provisioner + image: k8s.gcr.io/sig-storage/nfs-subdir-external-provisioner:v4.0.2 + volumeMounts: + - name: nfs-client-root + mountPath: /persistentvolumes + env: + - name: PROVISIONER_NAME + value: "{{ nfs_storage_provisioner_name }}" + - name: NFS_SERVER + value: "{{ nfs_server }}" + - name: NFS_PATH + value: "{{ file_share_name }}" + volumes: + - name: nfs-client-root + nfs: + server: "{{ nfs_server }}" + path: "{{ file_share_name }}" diff --git a/gcp/ansible-playbooks/roles/nfs/templates/gcp/namespace.yaml.j2 b/gcp/ansible-playbooks/roles/nfs/templates/gcp/namespace.yaml.j2 new file mode 100755 index 00000000..46bdd790 --- /dev/null +++ b/gcp/ansible-playbooks/roles/nfs/templates/gcp/namespace.yaml.j2 @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: "{{ nfs_storage_provisioner_namespace }}" diff --git a/gcp/ansible-playbooks/roles/nfs/templates/gcp/rbac.yaml.j2 b/gcp/ansible-playbooks/roles/nfs/templates/gcp/rbac.yaml.j2 new file mode 100755 index 00000000..9fdc6635 --- /dev/null +++ b/gcp/ansible-playbooks/roles/nfs/templates/gcp/rbac.yaml.j2 @@ -0,0 +1,68 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: nfs-client-provisioner + # replace with namespace where provisioner is deployed + namespace: "{{ nfs_storage_provisioner_namespace }}" +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: nfs-client-provisioner-runner +rules: + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "update", "patch"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: run-nfs-client-provisioner +subjects: + - kind: ServiceAccount + name: nfs-client-provisioner + # replace with namespace where provisioner is deployed + namespace: "{{ nfs_storage_provisioner_namespace }}" +roleRef: + kind: ClusterRole + name: nfs-client-provisioner-runner + apiGroup: rbac.authorization.k8s.io +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: leader-locking-nfs-client-provisioner + # replace with namespace where provisioner is deployed + namespace: "{{ nfs_storage_provisioner_namespace }}" +rules: + - apiGroups: [""] + resources: ["endpoints"] + verbs: ["get", "list", "watch", "create", "update", "patch"] +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: leader-locking-nfs-client-provisioner + # replace with namespace where provisioner is deployed + namespace: "{{ nfs_storage_provisioner_namespace }}" +subjects: + - kind: ServiceAccount + name: nfs-client-provisioner + # replace with namespace where provisioner is deployed + namespace: "{{ nfs_storage_provisioner_namespace }}" +roleRef: + kind: Role + name: leader-locking-nfs-client-provisioner + apiGroup: rbac.authorization.k8s.io diff --git a/gcp/ansible-playbooks/roles/nfs/templates/gcp/role.yaml.j2 b/gcp/ansible-playbooks/roles/nfs/templates/gcp/role.yaml.j2 new file mode 100755 index 00000000..529aff23 --- /dev/null +++ b/gcp/ansible-playbooks/roles/nfs/templates/gcp/role.yaml.j2 @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: use-scc-hostmount-anyuid + namespace: "{{ nfs_storage_provisioner_namespace }}" +rules: +- apiGroups: + - security.openshift.io + resourceNames: + - hostmount-anyuid + resources: + - securitycontextconstraints + verbs: + - use \ No newline at end of file diff --git a/gcp/ansible-playbooks/roles/nfs/templates/gcp/storageclass.yaml.j2 b/gcp/ansible-playbooks/roles/nfs/templates/gcp/storageclass.yaml.j2 new file mode 100755 index 00000000..caf0295f --- /dev/null +++ b/gcp/ansible-playbooks/roles/nfs/templates/gcp/storageclass.yaml.j2 @@ -0,0 +1,7 @@ +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: nfs-client +provisioner: "{{ nfs_storage_provisioner_name }}" # or choose another name, must match deployment's env PROVISIONER_NAME' +parameters: + archiveOnDelete: "false" diff --git a/gcp/ansible-playbooks/roles/odf/defaults/main.yaml b/gcp/ansible-playbooks/roles/odf/defaults/main.yaml new file mode 100755 index 00000000..2d17f2e9 --- /dev/null +++ b/gcp/ansible-playbooks/roles/odf/defaults/main.yaml @@ -0,0 +1,31 @@ +odf_channel: "{{ lookup('env', 'ODF_CHANNEL') | default('stable-4.10', true) }}" +odf_namespace: "{{ lookup('env', 'ODF_NAMESPACE') | default('openshift-storage', true) }}" +odf_operator: "{{ lookup('env', 'ODF_OPERATOR') | default('odf-operator', true) }}" +odf_startingcsv: "{{ lookup('env', 'ODF_STARTINGCSV') | default('odf-operator.v4.10.7', true) }}" + +# Cloud Platform variable +ipi_platform: "{{ lookup('env', 'IPI_PLATFORM') | default('gcp', true) }}" +# StorageSystem variables +odf_storagesystem_name: "{{ lookup('env', 'ODF_STORAGESYSTEM') | default('ocs-storagecluster-storagesystem', true) }}" + +# OCS StorageCluster variables +ocs_storagecluster_name: "{{ lookup('env', 'OCS_STORAGECLUSTER') | default('ocs-storagecluster', true) }}" +ocs_storagecluster_storage_size: "{{ lookup('env', 'OCS_STORAGECLUSTER_SIZE') | default('512Gi', true) }}" +ocs_storagecluster_deviceset_name: "{{ lookup('env', 'OCS_STORAGECLUSTER_DEVICESET') | default('ocs-deviceset-gcp-pd-ssd', true) }}" +ocs_storagecluster_storageclass_name: "{{ lookup('env', 'OCS_STORAGECLUSTER_STORAGECLASS') | default('gce-pd-ssd', true) }}" +ocs_storagecluster_version: "{{ lookup('env', 'OCS_STORAGECLUSTER_VERSION') | default('4.10.0', true) }}" +ocs_storagecluster_replicas: "{{ lookup('env', 'OCS_STORAGECLUSTER_REPLICA') | default(3, true) }}" +ocs_storagecluster_accessmode: "{{ lookup('env', 'OCS_STORAGECLUSTER_ACCESSMODE') | default('ReadWriteOnce', true) }}" + +# OCS machineset variables +clusterid: "{{ lookup('env', 'CLUSTER_ID') }}" +region: "{{ lookup('env', 'REGION') }}" + +#GCP machineset variables +projectid: "{{ lookup('env', 'GCP_PROJECT_ID') }}" +serviceaccount_email: "{{ lookup('env', 'GCP_SERVICEACC_EMAIL') }}" + +# Azure MachineSet variables +vnet_rg : "{{ lookup('env', 'VNET_RG') }}" +worker_subnet: "{{ lookup('env', 'WORKER_SUBNET_NAME') }}" +vnet_name: "{{ lookup('env', 'VNET_NAME') }}" diff --git a/gcp/ansible-playbooks/roles/odf/tasks/main.yaml b/gcp/ansible-playbooks/roles/odf/tasks/main.yaml new file mode 100755 index 00000000..03549ab5 --- /dev/null +++ b/gcp/ansible-playbooks/roles/odf/tasks/main.yaml @@ -0,0 +1,164 @@ +# - name: Get worker nodes +# shell: +# cmd: oc get nodes -l node-role.kubernetes.io/worker -l '!node-role.kubernetes.io/master' | awk '{print $1}' | grep worker +# register: worker + +# # Create new machinecode +# - name: Worker nodes +# debug: +# msg: "{{ item }}" +# loop: "{{worker.stdout_lines }}" + +# - name: Add label in each worker node +# kubernetes.core.k8s: +# state: present +# definition: +# apiVersion: v1 +# kind: Node +# metadata: +# name: "{{ item }}" +# labels: +# cluster.ocs.openshift.io/openshift-storage: '' +# loop: "{{ worker.stdout_lines }}" +# when: worker.stdout_lines is defined + + +# Create OCS Machine set for Azure cluster +- name: Create OCS machineset (Azure) + kubernetes.core.k8s: + apply: yes + definition: "{{ lookup('template', 'templates/azure/ocs-machineset.yaml.j2') }}" + wait: yes + when: ipi_platform == "azure" + +- name: Create OCS machineset (GCP) + kubernetes.core.k8s: + apply: yes + definition: "{{ lookup('template', 'templates/gcp/ocs-machineset.yaml.j2') }}" + wait: yes + when: ipi_platform == "gcp" +- name: Sleep for 10 minutes + shell: + cmd: sleep 600 + +# Create NS +- name: create Namespace Openshift-Storage + kubernetes.core.k8s: + definition: + apiVersion: v1 + kind: Namespace + metadata: + name: "{{odf_namespace}}" + labels: + openshift.io/cluster-monitoring: 'true' + annotations: + openshift.io/node-selector: '' + + +# Create Operator Group if not present +# part 1: Check for OG +- name: Check if Operator Group is present + kubernetes.core.k8s_info: + api_version: operators.coreos.com/v1 + namespace: "{{odf_namespace}}" + kind: OperatorGroup + register: operator_grp_res + +# Part 2: Create OG if not present +- name: "Create Operator Group if not present " + kubernetes.core.k8s: + apply: yes + definition: "{{ lookup('template', 'templates/operatorgroup.yaml.j2') }}" + when: operator_grp_res.resources[0] is not defined + +# Subscribe to ODF operator +- name: "Create ODF operator subscription" + kubernetes.core.k8s: + apply: yes + definition: "{{ lookup('template', 'templates/odfsubscribe.yaml.j2') }}" + +# Wait untill storagesystems CRD is available +- name: "Wait until the StorageSystem CRD is available" + kubernetes.core.k8s_info: + api_version: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + name: "storagesystems.odf.openshift.io" + wait: yes + wait_sleep: 10 + wait_timeout: 300 + wait_condition: + type: NamesAccepted + status: "True" + register: storagesystem_crd_info + retries: 120 + delay: 5 + until: + - storagesystem_crd_info.resources is defined + - storagesystem_crd_info.resources | length > 0 + +- name: Sleep 10 seconds + shell: + cmd: sleep 10 + +# Create StorageSystem CR +- name: "Create StorageSystem" + kubernetes.core.k8s: + apply: yes + definition: "{{ lookup('template', 'templates/storagesystem.yaml.j2') }}" + register: odf_storagesystem_reg + +- name: Set uuid as fact + set_fact: + odf_storagesystem_uid: "{{ odf_storagesystem_reg.result.metadata.uid }}" + +- name: "Create StorageCluster" + kubernetes.core.k8s: + apply: yes + definition: "{{ lookup('template', 'templates/storagecluster.yaml.j2') }}" + +# # Wait for StorageCluster to be ready +- name: "Wait for StorageCluster to be ready (60s delay)" + kubernetes.core.k8s_info: + api_version: ocs.openshift.io/v1 + name: "{{ocs_storagecluster_name}}" + namespace: "{{odf_namespace}}" + kind: StorageCluster + register: storagecluster_cr_result + until: + - storagecluster_cr_result.resources is defined and storagecluster_cr_result.resources | length == 1 + - storagecluster_cr_result.resources[0].status is defined + - storagecluster_cr_result.resources[0].status.conditions is defined + - storagecluster_cr_result.resources[0].status.conditions[1].type == 'Available' and storagecluster_cr_result.resources[0].status.conditions[1].status == 'True' + retries: 45 # approx 45 minutes before we give up + delay: 60 # 1 minute + + +# Wait for StorageSystem to be ready +- name: "Wait for StorageSystem to be ready (60s delay)" + kubernetes.core.k8s_info: + api_version: odf.openshift.io/v1alpha1 + name: "{{odf_storagesystem_name}}" + namespace: "{{odf_namespace}}" + kind: StorageSystem + register: storagesystem_cr_result + until: + - storagesystem_cr_result.resources is defined and storagesystem_cr_result.resources | length == 1 + - storagesystem_cr_result.resources[0].status is defined + - storagesystem_cr_result.resources[0].status.conditions is defined + - storagesystem_cr_result.resources[0].status.conditions[0].type == 'Available' and storagesystem_cr_result.resources[0].status.conditions[0].status == 'True' + - storagesystem_cr_result.resources[0].status.conditions[2].type == 'StorageSystemInvalid' and storagesystem_cr_result.resources[0].status.conditions[2].status == 'False' + retries: 45 # approx 45 minutes before we give up + delay: 60 # 1 minute + +# # enable console +- name: "Enable console plugin" + kubernetes.core.k8s_json_patch: + api_version: operator.openshift.io/v1 + kind: Console + name: cluster + namespace: "{{odf_namespace}}" + patch: + - op: add + path: /spec/plugins + value: + - odf-console \ No newline at end of file diff --git a/gcp/ansible-playbooks/roles/odf/templates/azure/ocs-machineset.yaml.j2 b/gcp/ansible-playbooks/roles/odf/templates/azure/ocs-machineset.yaml.j2 new file mode 100755 index 00000000..3283cbf7 --- /dev/null +++ b/gcp/ansible-playbooks/roles/odf/templates/azure/ocs-machineset.yaml.j2 @@ -0,0 +1,192 @@ +--- +apiVersion: machine.openshift.io/v1beta1 +kind: MachineSet +metadata: + labels: + machine.openshift.io/cluster-api-cluster: {{clusterid}} + name: {{clusterid}}-workerocs-{{region}}-1 + namespace: openshift-machine-api +spec: + replicas: 1 + selector: + matchLabels: + machine.openshift.io/cluster-api-cluster: {{clusterid}} + machine.openshift.io/cluster-api-machineset: {{clusterid}}-workerocs-{{region}}-1 + template: + metadata: + labels: + machine.openshift.io/cluster-api-cluster: {{clusterid}} + machine.openshift.io/cluster-api-machine-role: worker + machine.openshift.io/cluster-api-machine-type: worker + machine.openshift.io/cluster-api-machineset: {{clusterid}}-workerocs-{{region}}-1 + spec: + taints: + - effect: NoSchedule + key: node.ocs.openshift.io/storage + value: "true" + metadata: + labels: + cluster.ocs.openshift.io/openshift-storage: "" + node-role.kubernetes.io/infra: "" + node-role.kubernetes.io/worker: "" + role: storage-node + providerSpec: + value: + apiVersion: azureproviderconfig.openshift.io/v1beta1 + credentialsSecret: + name: azure-cloud-credentials + namespace: openshift-machine-api + image: + offer: "" + publisher: "" + resourceID: /resourceGroups/{{clusterid}}-rg/providers/Microsoft.Compute/images/{{clusterid}} + sku: "" + version: "" + kind: AzureMachineProviderSpec + location: {{region}} + managedIdentity: {{clusterid}}-identity + metadata: + creationTimestamp: null + networkResourceGroup: {{vnet_rg}} + osDisk: + diskSizeGB: 512 + managedDisk: + storageAccountType: Premium_LRS + osType: Linux + publicIP: false + publicLoadBalancer: {{clusterid}} + resourceGroup: {{clusterid}}-rg + subnet: {{worker_subnet}} + userDataSecret: + name: worker-user-data + vmSize: Standard_D16s_v3 + vnet: {{vnet_name}} + zone: "1" +--- +apiVersion: machine.openshift.io/v1beta1 +kind: MachineSet +metadata: + labels: + machine.openshift.io/cluster-api-cluster: {{clusterid}} + name: {{clusterid}}-workerocs-{{region}}-2 + namespace: openshift-machine-api +spec: + replicas: 1 + selector: + matchLabels: + machine.openshift.io/cluster-api-cluster: {{clusterid}} + machine.openshift.io/cluster-api-machineset: {{clusterid}}-workerocs-{{region}}-2 + template: + metadata: + labels: + machine.openshift.io/cluster-api-cluster: {{clusterid}} + machine.openshift.io/cluster-api-machine-role: worker + machine.openshift.io/cluster-api-machine-type: worker + machine.openshift.io/cluster-api-machineset: {{clusterid}}-workerocs-{{region}}-2 + spec: + taints: + - effect: NoSchedule + key: node.ocs.openshift.io/storage + value: "true" + metadata: + labels: + cluster.ocs.openshift.io/openshift-storage: "" + node-role.kubernetes.io/infra: "" + node-role.kubernetes.io/worker: "" + role: storage-node + providerSpec: + value: + apiVersion: azureproviderconfig.openshift.io/v1beta1 + credentialsSecret: + name: azure-cloud-credentials + namespace: openshift-machine-api + image: + offer: "" + publisher: "" + resourceID: /resourceGroups/{{clusterid}}-rg/providers/Microsoft.Compute/images/{{clusterid}} + sku: "" + version: "" + kind: AzureMachineProviderSpec + location: {{region}} + managedIdentity: {{clusterid}}-identity + metadata: + creationTimestamp: null + networkResourceGroup: {{vnet_rg}} + osDisk: + diskSizeGB: 512 + managedDisk: + storageAccountType: Premium_LRS + osType: Linux + publicIP: false + publicLoadBalancer: {{clusterid}} + resourceGroup: {{clusterid}}-rg + subnet: {{worker_subnet}} + userDataSecret: + name: worker-user-data + vmSize: Standard_D16s_v3 + vnet: {{vnet_name}} + zone: "2" +--- +apiVersion: machine.openshift.io/v1beta1 +kind: MachineSet +metadata: + labels: + machine.openshift.io/cluster-api-cluster: {{clusterid}} + name: {{clusterid}}-workerocs-{{region}}-3 + namespace: openshift-machine-api +spec: + replicas: 1 + selector: + matchLabels: + machine.openshift.io/cluster-api-cluster: {{clusterid}} + machine.openshift.io/cluster-api-machineset: {{clusterid}}-workerocs-{{region}}-3 + template: + metadata: + labels: + machine.openshift.io/cluster-api-cluster: {{clusterid}} + machine.openshift.io/cluster-api-machine-role: worker + machine.openshift.io/cluster-api-machine-type: worker + machine.openshift.io/cluster-api-machineset: {{clusterid}}-workerocs-{{region}}-3 + spec: + taints: + - effect: NoSchedule + key: node.ocs.openshift.io/storage + value: "true" + metadata: + labels: + cluster.ocs.openshift.io/openshift-storage: "" + node-role.kubernetes.io/infra: "" + node-role.kubernetes.io/worker: "" + role: storage-node + providerSpec: + value: + apiVersion: azureproviderconfig.openshift.io/v1beta1 + credentialsSecret: + name: azure-cloud-credentials + namespace: openshift-machine-api + image: + offer: "" + publisher: "" + resourceID: /resourceGroups/{{clusterid}}-rg/providers/Microsoft.Compute/images/{{clusterid}} + sku: "" + version: "" + kind: AzureMachineProviderSpec + location: {{region}} + managedIdentity: {{clusterid}}-identity + metadata: + creationTimestamp: null + networkResourceGroup: {{vnet_rg}} + osDisk: + diskSizeGB: 512 + managedDisk: + storageAccountType: Premium_LRS + osType: Linux + publicIP: false + publicLoadBalancer: {{clusterid}} + resourceGroup: {{clusterid}}-rg + subnet: {{worker_subnet}} + userDataSecret: + name: worker-user-data + vmSize: Standard_D16s_v3 + vnet: {{vnet_name}} + zone: "3" \ No newline at end of file diff --git a/gcp/ansible-playbooks/roles/odf/templates/gcp/ocs-machineset.yaml.j2 b/gcp/ansible-playbooks/roles/odf/templates/gcp/ocs-machineset.yaml.j2 new file mode 100755 index 00000000..a37e6cc7 --- /dev/null +++ b/gcp/ansible-playbooks/roles/odf/templates/gcp/ocs-machineset.yaml.j2 @@ -0,0 +1,213 @@ +--- +apiVersion: machine.openshift.io/v1beta1 +kind: MachineSet +metadata: + annotations: + machine.openshift.io/GPU: '0' + machine.openshift.io/memoryMb: '65536' + machine.openshift.io/vCPU: '16' + name: {{clusterid}}-workerocs-a + namespace: openshift-machine-api + labels: + machine.openshift.io/cluster-api-cluster: {{clusterid}} +spec: + replicas: 1 + selector: + matchLabels: + machine.openshift.io/cluster-api-cluster: {{clusterid}} + machine.openshift.io/cluster-api-machineset: {{clusterid}}-workerocs-a + template: + metadata: + labels: + machine.openshift.io/cluster-api-cluster: {{clusterid}} + machine.openshift.io/cluster-api-machine-role: worker + machine.openshift.io/cluster-api-machine-type: worker + machine.openshift.io/cluster-api-machineset: {{clusterid}}-workerocs-a + spec: + lifecycleHooks: {} + taints: + - effect: NoSchedule + key: node.ocs.openshift.io/storage + value: "true" + metadata: + labels: + cluster.ocs.openshift.io/openshift-storage: "" + node-role.kubernetes.io/infra: "" + node-role.kubernetes.io/worker: "" + role: storage-node + providerSpec: + value: + machineType: e2-standard-16 + userDataSecret: + name: worker-user-data + deletionProtection: false + networkInterfaces: + - network: {{clusterid}}-network + subnetwork: {{clusterid}}-worker-subnet + credentialsSecret: + name: gcp-cloud-credentials + zone: {{region}}-a + canIPForward: false + metadata: + creationTimestamp: null + projectID: {{projectid}} + region: {{region}} + kind: GCPMachineProviderSpec + disks: + - autoDelete: true + boot: true + image: >- + projects/rhcos-cloud/global/images/rhcos-410-84-202207061638-0-gcp-x86-64 + labels: null + sizeGb: 128 + type: pd-ssd + tags: + - {{clusterid}}-worker + serviceAccounts: + - email: {{serviceaccount_email}} + scopes: + - 'https://www.googleapis.com/auth/cloud-platform' + apiVersion: machine.openshift.io/v1beta1 + +--- +apiVersion: machine.openshift.io/v1beta1 +kind: MachineSet +metadata: + annotations: + machine.openshift.io/GPU: '0' + machine.openshift.io/memoryMb: '65536' + machine.openshift.io/vCPU: '16' + name: {{clusterid}}-workerocs-b + namespace: openshift-machine-api + labels: + machine.openshift.io/cluster-api-cluster: {{clusterid}} +spec: + replicas: 1 + selector: + matchLabels: + machine.openshift.io/cluster-api-cluster: {{clusterid}} + machine.openshift.io/cluster-api-machineset: {{clusterid}}-workerocs-b + template: + metadata: + labels: + machine.openshift.io/cluster-api-cluster: {{clusterid}} + machine.openshift.io/cluster-api-machine-role: worker + machine.openshift.io/cluster-api-machine-type: worker + machine.openshift.io/cluster-api-machineset: {{clusterid}}-workerocs-b + spec: + lifecycleHooks: {} + taints: + - effect: NoSchedule + key: node.ocs.openshift.io/storage + value: "true" + metadata: + labels: + cluster.ocs.openshift.io/openshift-storage: "" + node-role.kubernetes.io/infra: "" + node-role.kubernetes.io/worker: "" + role: storage-node + providerSpec: + value: + machineType: e2-standard-16 + userDataSecret: + name: worker-user-data + deletionProtection: false + networkInterfaces: + - network: {{clusterid}}-network + subnetwork: {{clusterid}}-worker-subnet + credentialsSecret: + name: gcp-cloud-credentials + zone: {{region}}-b + canIPForward: false + metadata: + creationTimestamp: null + projectID: {{projectid}} + region: {{region}} + kind: GCPMachineProviderSpec + disks: + - autoDelete: true + boot: true + image: >- + projects/rhcos-cloud/global/images/rhcos-410-84-202207061638-0-gcp-x86-64 + labels: null + sizeGb: 128 + type: pd-ssd + tags: + - {{clusterid}}-worker + serviceAccounts: + - email: {{serviceaccount_email}} + scopes: + - 'https://www.googleapis.com/auth/cloud-platform' + apiVersion: machine.openshift.io/v1beta1 + +--- +apiVersion: machine.openshift.io/v1beta1 +kind: MachineSet +metadata: + annotations: + machine.openshift.io/GPU: '0' + machine.openshift.io/memoryMb: '65536' + machine.openshift.io/vCPU: '16' + name: {{clusterid}}-workerocs-c + namespace: openshift-machine-api + labels: + machine.openshift.io/cluster-api-cluster: {{clusterid}} +spec: + replicas: 1 + selector: + matchLabels: + machine.openshift.io/cluster-api-cluster: {{clusterid}} + machine.openshift.io/cluster-api-machineset: {{clusterid}}-workerocs-c + template: + metadata: + labels: + machine.openshift.io/cluster-api-cluster: {{clusterid}} + machine.openshift.io/cluster-api-machine-role: worker + machine.openshift.io/cluster-api-machine-type: worker + machine.openshift.io/cluster-api-machineset: {{clusterid}}-workerocs-c + spec: + lifecycleHooks: {} + taints: + - effect: NoSchedule + key: node.ocs.openshift.io/storage + value: "true" + metadata: + labels: + cluster.ocs.openshift.io/openshift-storage: "" + node-role.kubernetes.io/infra: "" + node-role.kubernetes.io/worker: "" + role: storage-node + providerSpec: + value: + machineType: e2-standard-16 + userDataSecret: + name: worker-user-data + deletionProtection: false + networkInterfaces: + - network: {{clusterid}}-network + subnetwork: {{clusterid}}-worker-subnet + credentialsSecret: + name: gcp-cloud-credentials + zone: {{region}}-c + canIPForward: false + metadata: + creationTimestamp: null + projectID: {{projectid}} + region: {{region}} + kind: GCPMachineProviderSpec + disks: + - autoDelete: true + boot: true + image: >- + projects/rhcos-cloud/global/images/rhcos-410-84-202207061638-0-gcp-x86-64 + labels: null + sizeGb: 128 + type: pd-ssd + tags: + - {{clusterid}}-worker + serviceAccounts: + - email: {{serviceaccount_email}} + scopes: + - 'https://www.googleapis.com/auth/cloud-platform' + apiVersion: machine.openshift.io/v1beta1 + diff --git a/gcp/ansible-playbooks/roles/odf/templates/odfsubscribe.yaml.j2 b/gcp/ansible-playbooks/roles/odf/templates/odfsubscribe.yaml.j2 new file mode 100755 index 00000000..ab1ad6b1 --- /dev/null +++ b/gcp/ansible-playbooks/roles/odf/templates/odfsubscribe.yaml.j2 @@ -0,0 +1,13 @@ +--- +apiVersion: operators.coreos.com/v1alpha1 +kind: Subscription +metadata: + name: "{{odf_operator}}" + namespace: "{{odf_namespace}}" +spec: + channel: "{{odf_channel}}" + installPlanApproval: Automatic + name: "{{odf_operator}}" + source: redhat-operators + sourceNamespace: openshift-marketplace + startingCSV: "{{odf_startingcsv}}" \ No newline at end of file diff --git a/gcp/ansible-playbooks/roles/odf/templates/operatorgroup.yaml.j2 b/gcp/ansible-playbooks/roles/odf/templates/operatorgroup.yaml.j2 new file mode 100755 index 00000000..7bbc039d --- /dev/null +++ b/gcp/ansible-playbooks/roles/odf/templates/operatorgroup.yaml.j2 @@ -0,0 +1,8 @@ +apiVersion: operators.coreos.com/v1 +kind: OperatorGroup +metadata: + name: openshift-storage-operator-group + namespace: "{{odf_namespace}}" +spec: + targetNamespaces: + - "{{odf_namespace}}" diff --git a/gcp/ansible-playbooks/roles/odf/templates/storagecluster.yaml.j2 b/gcp/ansible-playbooks/roles/odf/templates/storagecluster.yaml.j2 new file mode 100755 index 00000000..b9bf9442 --- /dev/null +++ b/gcp/ansible-playbooks/roles/odf/templates/storagecluster.yaml.j2 @@ -0,0 +1,48 @@ +apiVersion: ocs.openshift.io/v1 +kind: StorageCluster +metadata: + + name: "{{ ocs_storagecluster_name }}" + namespace: "{{ odf_namespace }}" + ownerReferences: + - apiVersion: odf.openshift.io/v1alpha1 + kind: StorageSystem + name: "{{odf_storagesystem_name }}" + uid: "{{odf_storagesystem_uid}}" + +spec: + arbiter: {} + encryption: + kms: {} + externalStorage: {} + managedResources: + cephBlockPools: {} + cephCluster: {} + cephConfig: {} + cephDashboard: {} + cephFilesystems: {} + cephObjectStoreUsers: {} + cephObjectStores: {} + mirroring: {} + nodeTopologies: {} + storageDeviceSets: + - config: {} + resources: {} + placement: {} + name: "{{ ocs_storagecluster_deviceset_name }}" + dataPVCTemplate: + metadata: {} + spec: + accessModes: + - {{ocs_storagecluster_accessmode}} + resources: + requests: + storage: "{{ocs_storagecluster_storage_size}}" + storageClassName: "{{ocs_storagecluster_storageclass_name}}" + volumeMode: Block + status: {} + count: 1 + replica: {{ocs_storagecluster_replicas}} + portable: true + preparePlacement: {} + version: "{{ ocs_storagecluster_version }}" diff --git a/gcp/ansible-playbooks/roles/odf/templates/storagesystem.yaml.j2 b/gcp/ansible-playbooks/roles/odf/templates/storagesystem.yaml.j2 new file mode 100755 index 00000000..f0e2f650 --- /dev/null +++ b/gcp/ansible-playbooks/roles/odf/templates/storagesystem.yaml.j2 @@ -0,0 +1,10 @@ +--- +apiVersion: odf.openshift.io/v1alpha1 +kind: StorageSystem +metadata: + name: "{{odf_storagesystem_name}}" + namespace: "{{odf_namespace}}" +spec: + kind: storagecluster.ocs.openshift.io/v1 + name: "{{ocs_storagecluster_name}}" + namespace: "{{odf_namespace}}" \ No newline at end of file diff --git a/gcp/autogen-specs/configurations.yaml b/gcp/autogen-specs/configurations.yaml new file mode 100755 index 00000000..439a9859 --- /dev/null +++ b/gcp/autogen-specs/configurations.yaml @@ -0,0 +1,357 @@ +apiVersion: dev.marketplace.cloud.google.com/v1alpha1 +kind: DeploymentManagerTemplate +metadata: + name: dmtemplate +deploymentManagerRef: + group: dev.marketplace.cloud.google.com + kind: DeploymentManagerAutogenTemplate + name: autogen +zipFilePath: masocp-template-1.0.0.zip # {"$kpt-set":"zipPath"} +--- +apiVersion: dev.marketplace.cloud.google.com/v1alpha1 +kind: DeploymentManagerAutogenTemplate +metadata: + name: autogen +spec: + # See https://pkg.go.dev/github.com/GoogleCloudPlatform/marketplace-tools/mpdev/internal/apply?tab=doc#PackageInfo + packageInfo: + version: '1.0.0' + osInfo: + name: Red Hat Enterprise Linux CoreOS + version: '8.5' + components: + - name: IBM Maximo Application Suite + version: '8.9.0' + # See https://github.com/GoogleCloudPlatform/marketplace-tools/docs/autogen-reference.md + # for explanation of fields + deploymentSpec: + singleVm: + bootDisk: + diskSize: + defaultSizeGb: 10 + minSizeGb: 10 + diskType: + defaultType: pd-standard + gceMetadataItems: + - key: offeringType + valueFromDeployInputField: offeringType + - key: region + valueFromDeployInputField: region + - key: publicDomain + valueFromDeployInputField: publicDomain + - key: bootnodeSGIngressCidrIp + valueFromDeployInputField: bootnodeSGIngressCidrIp + #Uniqustr created in gceStartupScript + - key: clusterSize + valueFromDeployInputField: clusterSize + - key: entitledRegistryKey + valueFromDeployInputField: entitledRegistryKey + - key: openShiftPullSecret + valueFromDeployInputField: openShiftPullSecret + - key: masLicenseUrl + valueFromDeployInputField: masLicenseUrl + - key: masManageDBUser + valueFromDeployInputField: masManageDBUser + - key: masManageDBPassword + valueFromDeployInputField: masManageDBPassword + - key: masManageDBJdbcUrl + valueFromDeployInputField: masManageDBJdbcUrl + - key: masManageDBCertificateUrl + valueFromDeployInputField: masManageDBCertificateUrl + - key: importDemoData + valueFromDeployInputField: importDemoData + - key: sshPublicKey + valueFromDeployInputField: sshPublicKey + - key: slsEndpointUrl + valueFromDeployInputField: slsEndpointUrl + - key: slsRegistrationKey + valueFromDeployInputField: slsRegistrationKey + - key: slsPublicCertificateUrl + valueFromDeployInputField: slsPublicCertificateUrl + - key: udsEndpointUrl + valueFromDeployInputField: udsEndpointUrl + - key: udsAPIKey + valueFromDeployInputField: udsAPIKey + - key: udsPublicCertificateUrl + valueFromDeployInputField: udsPublicCertificateUrl + - key: googleCloudServiceAccount + valueFromDeployInputField: googleCloudServiceAccount + - key: googleProjectId + valueFromDeployInputField: googleProjectId + - key: emailNotification + valueFromDeployInputField: emailNotification + - key: smtpHost + valueFromDeployInputField: smtpHost + - key: smtpPort + valueFromDeployInputField: smtpPort + - key: smtpUsername + valueFromDeployInputField: smtpUsername + - key: smtpPassword + valueFromDeployInputField: smtpPassword + - key: notificattionEmailAddress + valueFromDeployInputField: notificattionEmailAddress + deployInput: + sections: + - fields: + - name: offeringType + required: true + title: Offering Type + stringDropdown: + values: + - MAS Core + Cloud Pak for Data + - MAS Core + Manage (no Cloud Pak for Data) + defaultValueIndex: + value: 0 + tooltip: + "Select your preferred Suite offering type." + - name: region + required: true + title: Region + stringBox: + defaultValue: "us-central1" + tooltip: Deployment region + - name: publicDomain + title: Public domain + stringBox: + defaultValue: "MAS-Public-Domain" + tooltip: + "Provide the public App Service domain that you created in the App Service Domains, for example: mas4aws.myorg.com." + - name: bootnodeSGIngressCidrIp + title: Bootnode NSG Ingress CIDR IP range + stringBox: + defaultValue: "0.0.0.0/0" + tooltip: + "Use CIDR notation to enter the IP addresses that can access the bootnode. For example, 192.12.33.3/32. To allow access from all IP addresses, enter 0.0.0.0/0." + - name: clusterSize + title: Cluster Size + stringDropdown: + values: + - "small" + - "medium" + - "large" + defaultValueIndex: + value: 0 + tooltip: "Select your preferred cluster size. All master nodes (M) are Standard_D8s_v3 virtual machines. All worker nodes (W) are Standard_D16s_v3 instances. Choose from: small (3M, 3W, total memory: 288GB), medium (3M, 5W, total memory: 416GB), or large (5M, 7W, total memory: 608GB)." + - name: entitledRegistryKey + title: Entitled registry key + stringBox: + defaultValue: "" + tooltip: + "Enter the registry key that you downloaded from the IBM Container Library." + - name: openShiftPullSecret + title: OpenShift pull secret + stringBox: + defaultValue: "" + tooltip: + "Enter the JSON text from the pull secret file that you downloaded from the Red Hat Hybrid Cloud Console." + - name: masLicenseUrl + title: MAS license URL + stringBox: + defaultValue: "" + tooltip: + "Enter the URL (preferebly with XXX token) of your Suite license key file kept on the Cloud Storage Bucket, for example: https://xxxx.xxx.xx.x.net/masocpcontainer/entitlement.lic?[blob-sas-token] (Applicable only for BYOL product)" + - name: masManageDBUser + title: MAS Manage DB user + stringBox: + defaultValue: "" + tooltip: + "Enter the username that the Maximo Manage application uses to connect to the database." + - name: masManageDBPassword + title: MAS manage DB password + stringBox: + defaultValue: "" + tooltip: + "Enter the password that the Maximo Manage application uses to connect to the database." + - name: masManageDBJdbcUrl + title: MAS Manage DB JDBC URL + stringBox: + defaultValue: "" + tooltip: + "Enter the URL location of the database that the Maximo Manage application connects to, for example: jdbc:db2://1.2.3.4:50051/FTMDB:sslConnection=true" + - name: masManageDBCertificateUrl + title: MAS Manage DB certificate URL + stringBox: + defaultValue: "" + tooltip: + "Enter the Blob SAS location of the database's public certificate, for example: s3://masocp-license/db-certificate.crt" + - name: importDemoData + title: Import Demo Data + stringDropdown: + values: + - "true" + - "false" + defaultValueIndex: + value: 0 + tooltip: + "Indicate whether you want to import demo data into the database. This might be useful for development or test environments." + - name: sshPublicKey + title: SSH public key + stringBox: + defaultValue: "" + tooltip: + "Provide the public SSH key that you want to add to the bootnode, bastion host and cluster nodes." + placement: MAIN + - fields: + - name: slsEndpointUrl + title: SLS endpoint URL + stringBox: + defaultValue: "" + tooltip: + "Enter the endpoint URL that you retrieved from the 'masocp-' OpenShift route in the SLS namespace (ibm-sls-). URL should not have slash (/) at the end." + - name: slsRegistrationKey + title: SLS registration key + stringBox: + defaultValue: "" + tooltip: + "Enter the 'status.registrationKey' value that you retrieved from the LicenseService instance YAML in the SLS namespace (ibm-sls-)." + - name: slsPublicCertificateUrl + title: SLS public certificate URL + stringBox: + defaultValue: "" + tooltip: + "Enter the URL (preferebly with SAS token) of the service's public certificate that you retrieved from the 'ca.crt' file in the '-sls-cfg' secret in the MAS core namespace (mas--core)." + - name: udsEndpointUrl + title: UDS endpoint URL + stringBox: + defaultValue: "" + tooltip: + "Enter the endpoint URL that you retrieved from the 'uds-endpoint' OpenShift route in the ibm-common-services namespace. URL should not have slash (/) at the end." + - name: udsAPIKey + title: UDS API key + stringBox: + defaultValue: "" + tooltip: + "Enter the service's API key that you retrieved from the 'uds-api-key' secret in the ibm-common-services namespace." + - name: udsPublicCertificateUrl + title: UDS public certificate URL + stringBox: + defaultValue: "" + tooltip: + "Enter the URL (preferebly with SAS token) of the service's public certificate that you retrieved from the 'ca-bundle.pem' file in the '-uds-cfg' route in the MAS core namespace." + - name: googleCloudServiceAccount + title: Google Cloud Service Account key + stringBox: + defaultValue: "" + tooltip: + "Enter the JSON text from the Service Account key file" + - name: googleProjectId + title: Project Id + stringBox: + defaultValue: "" + tooltip: + "Enter the Project Id" + - name: emailNotification + title: Email Notification + stringDropdown: + values: + - "true" + - "false" + defaultValueIndex: + value: 0 + tooltip: + "Indicate whether you want to receive emails that contain the connection details and credentials for the Suite. These emails are sent using the provided SMTP server details." + - name: smtpHost + title: SMTP Host + stringBox: + defaultValue: "" + tooltip: + "Hostname of IP address of the SMTP server." + - name: smtpPort + title: SMTP Port + stringBox: + defaultValue: "" + tooltip: + "Port of the SMTP server." + - name: smtpUsername + title: SMTP Username + stringBox: + defaultValue: "" + tooltip: + "Username to be used with SMTP server." + - name: smtpPassword + title: SMTP password + stringBox: + defaultValue: "" + tooltip: + "Password to be used with SMTP server." + - name: notificattionEmailAddress + emailBox: + validation: + regex: ^[a-zA-Z0-9!#$%&\'*+\/=?^_`{|}~\.-]+@[a-zA-Z0-9](?:[a-zA-Z0-9]?[.-]?[a-zA-Z0-9]+)+[[a-zA-Z0-9]{1}$ + title: Notification Email address + tooltip: Indicate whether you want to receive emails that contain the connection details and credentials for the Suite. These emails are sent using the provided SMTP server details. + placement: CUSTOM_TOP + name: AppSetting + title: Application Setting + firewallRules: + - port: '80' + protocol: TCP + - defaultOff: true + port: '443' + protocol: TCP + images: + - name: sp-edge-bootnode-build-20221104 # {"$ref":"#/definitions/io.k8s.cli.setters.image"} + project: sp-edge-ocp-cluster-ipi # {"$ref":"#/definitions/io.k8s.cli.setters.projectId"} + machineType: + defaultMachineType: + gceMachineType: e2-medium + networkInterfaces: + minCount: 1 + maxCount: 8 + gceStartupScript: + bashScriptContent: | + #!/bin/bash + # Initiate the provisioning process + getMetadata() { + curl http://metadata.google.internal/computeMetadata/v1/instance/attributes/$1 -H "Metadata-Flavor: Google" + } + filepath=/var/log/firstrun.txt + + if ! test -f $filepath ; then + echo "file created" >> $filepath + offeringType=`getMetadata offeringType` + region=`getMetadata region` + publicDomain=`getMetadata publicDomain` + bootnodeSGIngressCidrIp=`getMetadata bootnodeSGIngressCidrIp` + clusterSize=`getMetadata clusterSize` + entitledRegistryKey=`getMetadata entitledRegistryKey` + openShiftPullSecret=`getMetadata openShiftPullSecret` + masLicenseUrl=`getMetadata masLicenseUrl` + masManageDBUser=`getMetadata masManageDBUser` + masManageDBPassword=`getMetadata masManageDBPassword` + masManageDBJdbcUrl=`getMetadata masManageDBJdbcUrl` + masManageDBCertificateUrl=`getMetadata masManageDBCertificateUrl` + importDemoData=`getMetadata importDemoData` + sshPublicKey=`getMetadata sshPublicKey` + slsEndpointUrl=`getMetadata slsEndpointUrl` + slsRegistrationKey=`getMetadata slsRegistrationKey` + slsPublicCertificateUrl=`getMetadata slsPublicCertificateUrl` + udsEndpointUrl=`getMetadata udsEndpointUrl` + udsAPIKey=`getMetadata udsAPIKey` + udsPublicCertificateUrl=`getMetadata udsPublicCertificateUrl` + googleCloudServiceAccount=`getMetadata googleCloudServiceAccount` + emailNotification=`getMetadata emailNotification` + smtpHost=`getMetadata smtpHost` + smtpPort=`getMetadata smtpPort` + smtpUsername=`getMetadata smtpUsername` + smtpPassword=`getMetadata smtpPassword` + notificattionEmailAddress=`getMetadata notificattionEmailAddress` + googleProjectId=`getMetadata googleProjectId` + googleCloudServiceAccount=`getMetadata googleCloudServiceAccount` + ssh-keyscan github.com >> ~/.ssh/known_hosts + cd /root + git clone https://github.com/ibm-mas/ansible-devops.git + cd ansible-devops + rm -rf multicloud-bootstrap 1>/dev/null 2>&1 + git clone -b edge-gcp-support https://github.com/ibm-mas/multicloud-bootstrap.git + cd multicloud-bootstrap + find . -type f -name "*.sh" -exec chmod +x {} \;; + ./init-async.sh gcp "$offeringType" "$region" null "$clusterSize" "{{ uniqstr }}" "$publicDomain" null "$sshPublicKey" null "$entitledRegistryKey" "$openShiftPullSecret" "$masLicenseUrl" '' '' '' '' '' '' "$masManageDBUser" "$masManageDBPassword" "$masManageDBJdbcUrl" "$masManageDBCertificateUrl" "$importDemoData" '' '' '' '' "$emailNotification" "$notificattionEmailAddress" "$smtpHost" "$smtpPort" "$smtpUsername" "$smtpPassword" '' '' '' '' "$googleProjectId" "$googleCloudServiceAccount" '' '' '' '' '' '' '' '' '' '' '' 'dev' > mas-provisioning.log 2>&1; + else + echo "second execution" + fi + stackdriver: + logging: + defaultOn: false + monitoring: + defaultOn: false \ No newline at end of file diff --git a/gcp/bootnode-image/prepare-bootnode-image.sh b/gcp/bootnode-image/prepare-bootnode-image.sh new file mode 100755 index 00000000..f5b9ef4a --- /dev/null +++ b/gcp/bootnode-image/prepare-bootnode-image.sh @@ -0,0 +1,60 @@ +#!/bin/bash +set -e + +# This script should be executed on the Ubuntu instance before creating image from it. +# The created image will be used to create Bootnode instance for MAS provisioning. + +# Update the package database +apt-get update + +## Install pre-reqs +apt -y install apache2-utils nfs-common openjdk-8-jre-headless python3-pip skopeo unzip zip +ln -s --force /usr/bin/python3 /usr/bin/python +pip3 install dotmap jaydebeapi jmespath pyyaml yq + +## Install jq +wget "https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64" +mv jq-linux64 jq +chmod +x jq +mv jq /usr/local/bin + +## Download Openshift CLI and move to /usr/local/bin +wget "https://mirror.openshift.com/pub/openshift-v4/clients/ocp/4.10.35/openshift-client-linux-4.10.35.tar.gz" +tar -xvf openshift-client-linux-4.10.35.tar.gz +chmod u+x oc kubectl +mv oc /usr/local/bin +mv kubectl /usr/local/bin +oc version +rm -rf openshift-client-linux-4.10.35.tar.gz + +## Install Ansible +pip3 install ansible==4.9.0 +pip3 install openshift +ansible-galaxy collection install community.kubernetes + +# Install Ops agent and create config file +cd /tmp +curl -sSO https://dl.google.com/cloudagents/add-google-cloud-ops-agent-repo.sh +bash add-google-cloud-ops-agent-repo.sh --also-install +service google-cloud-ops-agent stop +cat < /etc/google-cloud-ops-agent/config.yaml +logging: + receivers: + masocp_deployment_receiver_[UNIQID]: + type: files + include_paths: [/root/ansible-devops/multicloud-bootstrap/mas-provisioning.log,/root/openshift-install/config/masocp-[UNIQID]/.openshift_install.log] + record_log_file_path: true + service: + pipelines: + masocp_deployment_pipeline_[UNIQID]: + receivers: + - masocp_deployment_receiver_[UNIQID] +EOT + +# Remove the SSH keys +rm -rf /home/*/.ssh/authorized_keys /root/.ssh/authorized_keys + +echo "Bootnode preparation completed" + +# Clear bash history +history -c \ No newline at end of file diff --git a/gcp/cleanup-mas-deployment.sh b/gcp/cleanup-mas-deployment.sh new file mode 100755 index 00000000..3be5ff09 --- /dev/null +++ b/gcp/cleanup-mas-deployment.sh @@ -0,0 +1,302 @@ +#!/bin/bash +# Script to cleanup the MAS deployment on GCP. +# It will cleanup all the below resources that get created during the deployment. +# +# Parameters: +# -u UNIQUE_STR: Unique string using which the OpenShift resource group to be deleted. +# This is an required parameter. + +# Fail the script if any of the steps fail +set -e + +# Functions +usage() { + echo "Usage: cleanup-mas-deployment.sh -u UNIQUE_STR" + echo " " + echo "Parameters" + echo " PROJECT_ID - Project ID where OpenShift cluster is created." + echo " UNIQUE_STR - Unique string using which the OpenShift resource group to be deleted." + echo " For example, " + echo " cleanup-mas-deployment.sh -p mas-project -u dgt67h" + exit 1 +} + +# Read arguments +if [[ $# -eq 0 ]]; then + echo "No arguments provided with $0. Exiting.." + usage +else + while getopts 'p:u:?h' c; do + case $c in + p) + PROJECT_ID=$OPTARG + ;; + u) + UNIQUE_STR=$OPTARG + ;; + h | *) + usage + ;; + esac + done +fi +echo "Script Inputs:" +echo " Project ID = $PROJECT_ID" +echo " Unique string = $UNIQUE_STR" + +# Check for supported region +if [[ (-z $PROJECT_ID) || (-z $UNIQUE_STR) ]]; then + echo "ERROR: Missing parameters" + usage +fi + +echo "==== Execution started at `date` ====" +echo "---------------------------------------------" +gcloud config set component_manager/disable_update_check true +gcloud config set survey/disable_prompts true + +## Delete virtual machines instances +echo "Checking for virtual machines" +# Get virtual machine list +INSTANCES=$(gcloud compute instances list --format=json --filter="name~$UNIQUE_STR" | jq ".[].name" | tr -d '"') +echo "INSTANCES = $INSTANCES" +if [[ -n $INSTANCES ]]; then + echo "Virtual instances found for this MAS instance" + for inst in $INSTANCES; do + # Get the zone details + ZONE=$(gcloud compute instances list --format=json --filter="name=$inst" | jq ".[].zone" | tr -d '"' | cut -d '/' -f 9) + echo "VM name: $inst Zone:$ZONE" + gcloud compute instances delete $inst --delete-disks=all --project=$PROJECT_ID --zone=$ZONE --quiet & + done + # Wait until all the VMs are deleted + while [ "$INSTANCES" != "" ]; do + sleep 60 + INSTANCES=$(gcloud compute instances list --format=json --filter="name~$UNIQUE_STR" | jq ".[].name" | tr -d '"') + if [[ -n "$INSTANCES" ]]; then + echo "Virtual instances still exist: $INSTANCES" + continue + else + echo "All virtual instances deleted" + break + fi + done +fi + +# Delete forwarding rules +echo "Checking for forwarding rules" +# Get forwarding rule list +FRS=$(gcloud compute forwarding-rules list --format=json --filter="name~$UNIQUE_STR" | jq ".[].name" | tr -d '"') +echo "FRS = $FRS" +if [[ -n $FRS ]]; then + echo "Forwarding rules found for this MAS instance" + for inst in $FRS; do + # Get the forwarding rule details + REG=$(gcloud compute forwarding-rules list --format=json --filter="name=$inst" | jq ".[].region" | tr -d '"' | cut -d '/' -f 9) + echo "Forwarding rule name: $inst Region:$REG" + gcloud compute forwarding-rules delete $inst --region=$REG --quiet + done +fi + +# Delete internal load balancers +echo "Checking for internal load balancers" +# Get internal load balancer list +LBS=$(gcloud compute backend-services list --format=json --filter="name~$UNIQUE_STR" | jq ".[].name" | tr -d '"') +echo "LBS = $LBS" +if [[ -n $LBS ]]; then + echo "Internal load balancers found for this MAS instance" + for inst in $LBS; do + # Get the internal load balancer details + REG=$(gcloud compute backend-services list --format=json --filter="name=$inst" | jq ".[].region" | tr -d '"' | cut -d '/' -f 9) + echo "Internal LB name: $inst Region:$REG" + gcloud compute backend-services delete $inst --region=$REG --quiet + done +fi + +# Delete target pools +echo "Checking for target pools" +# Get target pool list +TPS=$(gcloud compute target-pools list --format=json --filter="name~$UNIQUE_STR" | jq ".[].name" | tr -d '"') +echo "TPS = $TPS" +if [[ -n $TPS ]]; then + echo "Target pools found for this MAS instance" + for inst in $TPS; do + # Get the target pools details + REG=$(gcloud compute target-pools list --format=json --filter="name=$inst" | jq ".[].region" | tr -d '"' | cut -d '/' -f 9) + echo "Target pool name: $inst Region:$REG" + gcloud compute target-pools delete $inst --region=$REG --quiet + done +fi + +# Delete instance groups +echo "Checking for instance groups" +# Get instance group list +IGS=$(gcloud compute instance-groups list --format=json --filter="name~$UNIQUE_STR" | jq ".[].name" | tr -d '"') +echo "IGS = $IGS" +if [[ -n $IGS ]]; then + echo "Internal instance groups found for this MAS instance" + for inst in $IGS; do + # Get the instance group details + ZONE=$(gcloud compute instance-groups list --format=json --filter="name=$inst" | jq ".[].zone" | tr -d '"' | cut -d '/' -f 9) + echo "Instance group: $inst Zone:$ZONE" + gcloud compute instance-groups unmanaged delete $inst --zone=$ZONE --quiet + done +fi + +# Delete cloud storage buckets +echo "Checking for cloud storage buckets" +# Get cloud storage bucket list +CSBTS=$(gcloud storage buckets list --format=json --filter="name~$UNIQUE_STR" | jq ".[].name" | tr -d '"') +echo "CSBTS = $CSBTS" +if [[ -n $CSBTS ]]; then + echo "Cloud storage buckets found for this MAS instance" + for inst in $CSBTS; do + echo "Cloud storage bucket: $inst" + gcloud storage rm --recursive gs://$inst --quiet + done +fi +echo "Checking for cloud storage bucket used by ODF storage" +CSBTS=$(gcloud storage buckets list --format=json | jq ".[] | select(.labels.createdby==\"masocp-$UNIQUE_STR\").name" | tr -d '"') +echo "CSBTS = $CSBTS" +if [[ -n $CSBTS ]]; then + echo "Cloud storage buckets found for this MAS instance" + for inst in $CSBTS; do + echo "Cloud storage bucket: $inst" + gcloud storage rm --recursive gs://$inst --quiet + done +fi + +# Delete IP addresses +echo "Checking for IP addresses" +# Get IP address list +IPS=$(gcloud compute addresses list --format=json --filter="name~$UNIQUE_STR" | jq ".[].name" | tr -d '"') +echo "IPS = $IPS" +if [[ -n $IPS ]]; then + echo "IP addresses found for this MAS instance" + for inst in $IPS; do + # Get the IP address details + REG=$(gcloud compute addresses list --format=json --filter="name=$inst" | jq ".[].region" | tr -d '"' | cut -d '/' -f 9) + echo "IP address name: $inst Region:$REG" + gcloud compute addresses delete $inst --region=$REG --quiet + done +fi + +# Delete managed DNS zones +echo "Checking for managed DNS zones" +# Get managed DNS zone list +MDNSZNS=$(gcloud dns managed-zones list --format=json --filter="name~$UNIQUE_STR" | jq ".[].name" | tr -d '"') +echo "MDNSZNS = $MDNSZNS" +if [[ -n $MDNSZNS ]]; then + echo "Managed DNS zones found for this MAS instance" + for inst in $MDNSZNS; do + # Get the managed DNS zone recordsets + echo " Deleting DNS zone $inst" + for type in A + do + echo " Retrieving record sets of type $type" + MDNSZNRSS=$(gcloud dns record-sets list --zone=$inst --format=json --filter="type=$type" | jq ".[].name" | tr -d '"') + echo " MDNSZNRSS = $MDNSZNRSS" + if [[ -n $MDNSZNRSS ]]; then + for inst1 in $MDNSZNRSS; do + gcloud dns record-sets delete $inst1 --zone=$inst --type=$type + done + fi + done + # Delete the managed zone + gcloud dns managed-zones delete $inst + done +fi + +# Delete filestore instance +echo "Checking for filestore instances" +# Get filestore instance list +FSTORES=$(gcloud filestore instances list --format=json --filter="name~$UNIQUE_STR" | jq ".[].name" | tr -d '"') +echo "FSTORES = $FSTORES" +if [[ -n $FSTORES ]]; then + echo "Filestore instances found for this MAS instance" + for inst in $FSTORES; do + echo "Filestore instance name: $inst" + gcloud filestore instances delete $inst --quiet + done +fi + +# Delete secrets +echo "Checking for secrets" +# Get secrets list +SECRETS=$(gcloud secrets list --format=json --filter="name~$UNIQUE_STR" | jq ".[].name" | tr -d '"') +echo "SECRETS = $SECRETS" +if [[ -n $SECRETS ]]; then + echo "Secrets found for this MAS instance" + for inst in $SECRETS; do + echo "Secrets name: $inst" + gcloud secrets delete $inst --quiet + done +fi + +# Delete service accounts +echo "Checking for service accounts" +# Get service accounts list +SAS=$(gcloud iam service-accounts list --format=json --filter="displayName~$UNIQUE_STR" | jq ".[].name" | tr -d '"') +echo "SAS = $SAS" +if [[ -n $SAS ]]; then + echo "Service accounts found for this MAS instance" + for inst in $SAS; do + echo "Service account name: $inst" + inst=$(echo $inst | cut -d '/' -f 4) + gcloud iam service-accounts delete $inst --quiet + done +fi + +# Delete virtual network +echo "Checking for virtual network" +NWS=$(gcloud compute networks list --format=json | jq ".[] | select(.name | contains(\"$UNIQUE_STR\")).name" | tr -d '"') +echo "NWS = $NWS" +if [[ -n $NWS ]]; then + echo "Virtual networks found for this MAS instance" + + # Delete firewall rules + echo "Checking for firewall rules for this VPC" + # Get firewall rule list + FRS=$(gcloud compute firewall-rules list --format=json --filter="network=https://www.googleapis.com/compute/v1/projects/$PROJECT_ID/global/networks/$NWS" | jq ".[].name" | tr -d '"') + echo "FRS = $FRS" + if [[ -n $FRS ]]; then + echo "Firewall rules found for this MAS instance" + for inst in $FRS; do + echo "Firewall rule: $inst" + gcloud compute firewall-rules delete $inst --quiet + done + fi + + # Delete routers + echo "Checking for routers for this VPC" + # Get router list + RTRS=$(gcloud compute routers list --format=json --filter="network=https://www.googleapis.com/compute/v1/projects/$PROJECT_ID/global/networks/$NWS" | jq ".[].name" | tr -d '"') + echo "RTRS = $RTRS" + if [[ -n $RTRS ]]; then + echo "Routers found for this MAS instance" + for inst in $RTRS; do + # Get the router details + REG=$(gcloud compute routers list --format=json --filter="name=$inst" | jq ".[].region" | tr -d '"' | cut -d '/' -f 9) + echo "Router: $inst Region:$REG" + gcloud compute routers delete $inst --region=$REG --quiet + done + fi + + # Delete subnets + echo "Checking for subnets for this VPC" + # Get subnet list + SBNTS=$(gcloud compute networks subnets list --format=json --filter="network=https://www.googleapis.com/compute/v1/projects/$PROJECT_ID/global/networks/$NWS" | jq ".[].name" | tr -d '"') + echo "SBNTS = $SBNTS" + if [[ -n $SBNTS ]]; then + echo "Subnets found for this MAS instance" + for inst in $SBNTS; do + # Get the subnet details + REG=$(gcloud compute networks subnets list --format=json --filter="name=$inst" | jq ".[].region" | tr -d '"' | cut -d '/' -f 9) + echo "Subnet: $inst Region: $REG" + gcloud compute networks subnets delete $inst --region=$REG --quiet + done + fi + + # Delete VPC + gcloud compute networks delete $NWS --quiet +fi +echo "==== Execution completed at `date` ====" diff --git a/gcp/create-bastion-host.sh b/gcp/create-bastion-host.sh new file mode 100755 index 00000000..61a89cd7 --- /dev/null +++ b/gcp/create-bastion-host.sh @@ -0,0 +1,31 @@ +#!/bin/bash + +# Get the VPC and subnet names created for OCP cluster +ZONE=$(oc get machines -n openshift-machine-api -o jsonpath='{.items[0].spec.providerSpec.value.zone}') +VPC_NAME=$(oc get machines -n openshift-machine-api -o jsonpath='{.items[0].spec.providerSpec.value.networkInterfaces[0].network}') +SUBNET_NAME=$(oc get machines -n openshift-machine-api -o jsonpath='{.items[0].spec.providerSpec.value.networkInterfaces[0].subnetwork}') + +log " VPC_NAME=$VPC_NAME" +log " SUBNET_NAME=$SUBNET_NAME" +log " ZONE=$ZONE" + +#install terraform +snap install terraform --classic + +cd $GIT_REPO_HOME/gcp/ocp-bastion-host +rm -rf terraform.tfvars +# Create tfvars file +cat <> terraform.tfvars +region = "$DEPLOY_REGION" +zone = "$ZONE" +gcp_project = "$GOOGLE_PROJECTID" +vpc_name = "$VPC_NAME" +subnet_name = "$SUBNET_NAME" +bastion_vm_name = "masocp-$RANDOM_STR-bastionvm" +bastion_rule_name = "masocp-$RANDOM_STR-bastion-rule" +EOT +log "==== Bastion host creation started ====" +terraform init -input=false +terraform plan -input=false -out=tfplan +terraform apply -input=false -auto-approve +log "==== Bastion host creation completed ====" \ No newline at end of file diff --git a/gcp/deploy.sh b/gcp/deploy.sh new file mode 100755 index 00000000..0e3703bc --- /dev/null +++ b/gcp/deploy.sh @@ -0,0 +1,331 @@ +#!/bin/bash +set -e + +# This script deploys OpenShift cluster and MAS application + +## Variables +# Storage class, you can use 'odf' or 'nfs' +export STORAGE_TYPE="nfs" +# Storage class variables +export MONGODB_STORAGE_CLASS="gce-pd-ssd" +export KAFKA_STORAGE_CLASS="gce-pd-ssd" +export SLS_STORAGE_CLASS="gce-pd-ssd" +export UDS_STORAGE_CLASS="gce-pd-ssd" +export CPD_METADATA_STORAGE_CLASS="gce-pd-ssd" +[ $STORAGE_TYPE == "nfs" ] && export CPD_PRIMARY_STORAGE_CLASS="nfs-client" || export CPD_PRIMARY_STORAGE_CLASS="ocs-storagecluster-cephfs" +[ $STORAGE_TYPE == "nfs" ] && export CPD_SERVICE_STORAGE_CLASS="nfs-client" || export CPD_SERVICE_STORAGE_CLASS="ocs-storagecluster-cephfs" + +# DB2WH variables +export DB2_META_STORAGE_CLASS=$CPD_PRIMARY_STORAGE_CLASS +export DB2_DATA_STORAGE_CLASS=$CPD_PRIMARY_STORAGE_CLASS +export DB2_BACKUP_STORAGE_CLASS=$CPD_PRIMARY_STORAGE_CLASS +export DB2_LOGS_STORAGE_CLASS=$CPD_PRIMARY_STORAGE_CLASS +export DB2_TEMP_STORAGE_CLASS=$CPD_PRIMARY_STORAGE_CLASS + +# Variables required by ocp_provision Ansible role +CLUSTER_TYPE_ORIG=$CLUSTER_TYPE +export CLUSTER_TYPE="ipi" +export IPI_PLATFORM="gcp" +export IPI_REGION=$DEPLOY_REGION +export IPI_CONTROLPLANE_TYPE="e2-standard-8" +export IPI_COMPUTE_TYPE="e2-standard-16" +export IPI_BASE_DOMAIN=$BASE_DOMAIN +export IPI_PULL_SECRET_FILE=$OPENSHIFT_PULL_SECRET_FILE_PATH +export GOOGLE_APPLICATION_CREDENTIALS=${GIT_REPO_HOME}/service-account.json +export GOOGLE_PROJECTID=$GOOGLE_PROJECTID +export SSH_PUB_KEY=$SSH_KEY_NAME +log "Below are Cloud specific deployment parameters," +log " STORAGE_TYPE=$STORAGE_TYPE" +log " MONGODB_STORAGE_CLASS: $MONGODB_STORAGE_CLASS" +log " KAFKA_STORAGE_CLASS: $KAFKA_STORAGE_CLASS" +log " SLS_STORAGE_CLASS: $SLS_STORAGE_CLASS" +log " UDS_STORAGE_CLASS: $UDS_STORAGE_CLASS" +log " CPD_PRIMARY_STORAGE_CLASS: $CPD_PRIMARY_STORAGE_CLASS" +log " CPD_METADATA_STORAGE_CLASS: $CPD_METADATA_STORAGE_CLASS" +log " CPD_SERVICE_STORAGE_CLASS: $CPD_SERVICE_STORAGE_CLASS" +log " SSH_PUB_KEY: $SSH_PUB_KEY" + +## Download files from cloud storage bucket +# Download SLS certificate +cd $GIT_REPO_HOME +if [[ ${SLS_PUB_CERT_URL,,} =~ ^https? ]]; then + log "Downloading SLS certificate from HTTP URL" + wget "$SLS_PUB_CERT_URL" -O sls.crt +fi +if [[ -f sls.crt ]]; then + chmod 600 sls.crt +fi +# Download UDS certificate +cd $GIT_REPO_HOME +if [[ ${UDS_PUB_CERT_URL,,} =~ ^https? ]]; then + log "Downloading UDS certificate from HTTP URL" + wget "$UDS_PUB_CERT_URL" -O uds.crt +fi +if [[ -f uds.crt ]]; then + chmod 600 uds.crt +fi +# Download service account credentials file +cd $GIT_REPO_HOME +if [[ ${GOOGLE_APPLICATION_CREDENTIALS_FILE,,} =~ ^https? ]]; then + log "Downloading service account credentials file from HTTP URL" + wget "$GOOGLE_APPLICATION_CREDENTIALS_FILE" -O service-account.json +fi +if [[ -f service-account.json ]]; then + chmod 600 service-account.json +fi + +# Read License File & Retrive SLS hostname and host id +if [[ -n "$MAS_LICENSE_URL" ]]; then + line=$(head -n 1 entitlement.lic) + set -- $line + hostid=$3 + log " SLS_HOST_ID: $hostid" + # SLS Instance name + export SLS_LICENSE_ID="$hostid" + log " SLS_INSTANCE_NAME=$SLS_INSTANCE_NAME" + log " SLS_LICENSE_ID=$SLS_LICENSE_ID" +else + log " MAS LICENSE URL file is not available." +fi + + +## Create OCP cluster +log "==== OCP cluster creation started ====" +cd $GIT_REPO_HOME/../ibm/mas_devops/playbooks +# Provision OCP cluster +export ROLE_NAME=ocp_provision && ansible-playbook ibm.mas_devops.run_role +log "==== OCP cluster creation completed ====" +CLUSTER_TYPE=$CLUSTER_TYPE_ORIG + +# Login to GCP +gcloud auth activate-service-account --key-file=$GIT_REPO_HOME/service-account.json +sleep 5 +log "Logged into using service account" + +## Create bastion host +cd $GIT_REPO_HOME/gcp +set +e +./create-bastion-host.sh +retcode=$? +if [[ $retcode -ne 0 ]]; then + log "Bastion host creation failed in Terraform step" + exit 22 +fi +set -e + +## Create deployment context bucket +log "==== Deployment context bucket creation started ====" +set +e +gcloud storage buckets create gs://masocp-${RANDOM_STR}-bucket --location $DEPLOY_REGION +retcode=$? +echo "retcode=$retcode" +if [[ $retcode -ne 0 ]]; then + log "Failed to create deployment context bucket." + exit 23 +fi +set -e +log "==== Deployment context bucket creation completed ====" + +# Backup deployment context +cd $GIT_REPO_HOME +rm -rf /tmp/mas-multicloud +mkdir /tmp/mas-multicloud +cp -r * /tmp/mas-multicloud +cd /tmp +zip -r $BACKUP_FILE_NAME mas-multicloud/* +set +e +gsutil cp $BACKUP_FILE_NAME gs://masocp-${RANDOM_STR}-bucket/ocp-cluster-provisioning-deployment-context/ +retcode=$? +echo "retcode=$retcode" +if [[ $retcode -ne 0 ]]; then + log "Failed while uploading deployment context to Cloud Storage bucket" + exit 23 +fi +set -e +log "OCP cluster deployment context backed up at $DEPLOYMENT_CONTEXT_UPLOAD_PATH in file $CLUSTER_NAME.zip" + +# Configure htpasswd +kubeconfigfile="/root/openshift-install/config/${CLUSTER_NAME}/auth/kubeconfig" +htpasswd -c -B -b /tmp/.htpasswd $OCP_USERNAME $OCP_PASSWORD +oc delete secret htpass-secret -n openshift-config --kubeconfig $kubeconfigfile | true > /dev/null 2>&1 +oc create secret generic htpass-secret --from-file=htpasswd=/tmp/.htpasswd -n openshift-config --kubeconfig $kubeconfigfile +log "Created OpenShift secret for htpasswd" +oc apply -f $GIT_REPO_HOME/templates/oauth-htpasswd.yml --kubeconfig $kubeconfigfile +log "Created OAuth configuration in OpenShift cluster" +oc adm policy add-cluster-role-to-user cluster-admin $OCP_USERNAME --kubeconfig $kubeconfigfile +log "Updated cluster-admin role in OpenShift cluster" + +# Login to OCP cluster using newly htpasswd credentials +set +e +sleep 10 +login=failed +for counter in {0..9} +do + oc login --insecure-skip-tls-verify=true -u $OCP_USERNAME -p $OCP_PASSWORD --server=https://api.${CLUSTER_NAME}.${BASE_DOMAIN}:6443 + if [[ $? -ne 0 ]]; then + log "OCP login failed, waiting ..." + sleep 60 + else + log "OCP login successful" + login=success + break + fi +done +if [[ $login == "failed" ]]; then + log "Could not login to OpenShift cluster, exiting" + exit 1 +fi +set -e + +# Create a secret in the Cloud to keep OCP access credentials +export OPENSHIFT_CLUSTER_CONSOLE_URL="https:\/\/console-openshift-console.apps.${CLUSTER_NAME}.${BASE_DOMAIN}" +export OPENSHIFT_CLUSTER_API_URL="https:\/\/api.${CLUSTER_NAME}.${BASE_DOMAIN}:6443" +cd $GIT_REPO_HOME +./create-secret.sh ocp + +log "==== Adding PID limits to worker nodes ====" +oc create -f $GIT_REPO_HOME/templates/container-runtime-config.yml + +log "==== Adding ER key details to OCP default pull-secret ====" +cd /tmp +export OCP_SERVER="$(echo https://api.${CLUSTER_NAME}.${BASE_DOMAIN}:6443)" +oc login -u $OCP_USERNAME -p $OCP_PASSWORD --server=$OCP_SERVER --insecure-skip-tls-verify=true +export OCP_TOKEN="$(oc whoami --show-token)" +oc extract secret/pull-secret -n openshift-config --keys=.dockerconfigjson --to=. --confirm +export encodedEntitlementKey=$(echo cp:$SLS_ENTITLEMENT_KEY | tr -d '\n' | base64 -w0) +export emailAddress=$(cat .dockerconfigjson | jq -r '.auths["cloud.openshift.com"].email') +jq '.auths |= . + {"cp.icr.io": { "auth" : "$encodedEntitlementKey", "email" : "$emailAddress"}}' .dockerconfigjson >/tmp/dockerconfig.json + +envsubst /tmp/.dockerconfigjson +oc set data secret/pull-secret -n openshift-config --from-file=/tmp/.dockerconfigjson + +## Configure gce-pd-ssd storage class +log "==== Storageclass gce-pd-ssd configuration started ====" +cd $GIT_REPO_HOME/gcp/ansible-playbooks +ansible-playbook configure-gce-pd-ssd.yaml +log "==== Storageclass gce-pd-ssd configuration completed ====" + +## Configure storage +if [[ $STORAGE_TYPE == "odf" ]]; then + export CLUSTER_ID=$(oc get machineset -n openshift-machine-api -o jsonpath='{.items[0].metadata.labels.machine\.openshift\.io/cluster-api-cluster}') + export REGION=$(oc get machineset -n openshift-machine-api -o jsonpath='{.items[0].spec.template.spec.providerSpec.value.region}') + export GCP_PROJECT_ID=$(oc get machineset -n openshift-machine-api -o jsonpath='{.items[0].spec.template.spec.providerSpec.value.projectID}') + export GCP_SERVICEACC_EMAIL=$(oc get machineset -n openshift-machine-api -o jsonpath='{.items[0].spec.template.spec.providerSpec.value.serviceAccounts[0].email}') + log " CLUSTER_ID=$CLUSTER_ID" + log " REGION=$REGION" + log " GCP_PROJECT_ID=$GCP_PROJECT_ID" + log " GCP_SERVICEACC_EMAIL=$GCP_SERVICEACC_EMAIL" +elif [[ $STORAGE_TYPE == "nfs" ]]; then + # Create filestore instance + NFS_FILESTORE_NAME=${CLUSTER_NAME}-nfs + VPCNAME=$(cat /root/openshift-install/config/$CLUSTER_NAME/cluster.tfvars.json | jq ".network" | cut -d '/' -f 10 | tr -d '\\"') + if [[ -z $VPCNAME ]]; then + log " ERROR: Could not retrieve VPC name" + exit 1 + fi + log " VPCNAME=$VPCNAME" + zonesuffix=$(gcloud compute regions describe $DEPLOY_REGION --format=json | jq ".zones[0]" | tr -d '"' | cut -d '/' -f 9 | cut -d '-' -f 3) + ZONENAME=${DEPLOY_REGION}-${zonesuffix} + log " ZONENAME=$ZONENAME" + gcloud filestore instances create $NFS_FILESTORE_NAME --file-share=name=masocp_gcp_nfs,capacity=3TB --tier=basic-ssd --network=name=$VPCNAME --region=$DEPLOY_REGION --zone=$ZONENAME + export GCP_NFS_SERVER=$(gcloud filestore instances describe $NFS_FILESTORE_NAME --zone=$ZONENAME --location=$DEPLOY_REGION --format=json | jq ".networks[0].ipAddresses[0]" | tr -d '"') + log "NFS filestore $NFS_FILESTORE_NAME created in GCP with IP address $GCP_NFS_SERVER" + if [[ -z $GCP_NFS_SERVER ]]; then + log " ERROR: Could not retrieve filestore instance IP address" + exit 1 + fi + + export GCP_FILE_SHARE_NAME="/masocp_gcp_nfs" + log " GCP_FILE_SHARE_NAME=$GCP_FILE_SHARE_NAME" + sleep 60 +fi +log "==== Storageclass configuration started ====" +cd $GIT_REPO_HOME/gcp/ansible-playbooks +ansible-playbook configure-storage.yaml --extra-vars "storage_type=$STORAGE_TYPE" +log "==== Storageclass configuration completed ====" + +if [[ $STORAGE_TYPE == "odf" ]]; then + # Add label to the Cloud storage bucket created by ODF storage + CLDSTGBKT=$(oc get backingstores -n openshift-storage -o json | jq ".items[].spec.googleCloudStorage.targetBucket" | tr -d '"') + log " CLDSTGBKT: $CLDSTGBKT" + if [[ -n $CLDSTGBKT ]]; then + log " Adding label to Cloud Storage bucket" + gsutil label ch -l createdby:$CLUSTER_NAME gs://${CLUSTER_NAME}-bucket + fi +fi + +## Configure IBM catalogs, deploy common services and cert manager +log "==== OCP cluster configuration (Cert Manager) started ====" +cd $GIT_REPO_HOME/../ibm/mas_devops/playbooks +export ROLE_NAME=ibm_catalogs && ansible-playbook ibm.mas_devops.run_role +export ROLE_NAME=common_services && ansible-playbook ibm.mas_devops.run_role +export ROLE_NAME=cert_manager && ansible-playbook ibm.mas_devops.run_role +log "==== OCP cluster configuration (Cert Manager) completed ====" + +## Deploy MongoDB +log "==== MongoDB deployment started ====" +export ROLE_NAME=mongodb && ansible-playbook ibm.mas_devops.run_role +log "==== MongoDB deployment completed ====" + +## Copying the entitlement.lic to MAS_CONFIG_DIR +if [[ -n "$MAS_LICENSE_URL" ]]; then + cp $GIT_REPO_HOME/entitlement.lic $MAS_CONFIG_DIR +fi + +if [[ $DEPLOY_MANAGE == "true" && $DEPLOY_CP4D == "true" ]]; then + ## Deploy Amqstreams + log "==== Amq streams deployment started ====" + export ROLE_NAME=kafka && ansible-playbook ibm.mas_devops.run_role + log "==== Amq streams deployment completed ====" +fi + +## Deploy SLS +# sls and gencfg_sls are combined in common sls role, works when SLS_URL is set, handled in same sls role +log "==== SLS deployment started ====" +export ROLE_NAME=sls && ansible-playbook ibm.mas_devops.run_role +log "==== SLS deployment completed ====" + +# Deploy UDS +log "==== UDS deployment started ====" +# uds and gencfg_uds are combined in common uds role, works when UDS_ENDPOINT_URL is set, handled in same uds role +export ROLE_NAME=uds && ansible-playbook ibm.mas_devops.run_role +log "==== UDS deployment completed ====" + +## Deploy CP4D +if [[ $DEPLOY_CP4D == "true" ]]; then + log "==== CP4D deployment started ====" + export ROLE_NAME=cp4d && ansible-playbook ibm.mas_devops.run_role + export ROLE_NAME=db2 && ansible-playbook ibm.mas_devops.run_role + log "==== CP4D deployment completed ====" +fi + +## Create MAS Workspace +log "==== MAS Workspace generation started ====" +export ROLE_NAME=gencfg_workspace && ansible-playbook ibm.mas_devops.run_role +log "==== MAS Workspace generation completed ====" + +if [[ $DEPLOY_MANAGE == "true" ]]; then + log "==== Configure JDBC started ====" + export ROLE_NAME=gencfg_jdbc && ansible-playbook ibm.mas_devops.run_role + log "==== Configure JDBC completed ====" +fi + +## Deploy MAS +log "==== MAS deployment started ====" +export ROLE_NAME=suite_install && ansible-playbook ibm.mas_devops.run_role +export ROLE_NAME=suite_config && ansible-playbook ibm.mas_devops.run_role +export ROLE_NAME=suite_verify && ansible-playbook ibm.mas_devops.run_role +log "==== MAS deployment completed ====" + +## Deploy Manage +if [[ $DEPLOY_MANAGE == "true" ]]; then + # Deploy Manage + log "==== MAS Manage deployment started ====" + export ROLE_NAME=suite_app_install && ansible-playbook ibm.mas_devops.run_role + log "==== MAS Manage deployment completed ====" + + # Configure app to use the DB + log "==== MAS Manage configure app started ====" + export ROLE_NAME=suite_app_config && ansible-playbook ibm.mas_devops.run_role + log "==== MAS Manage configure app completed ====" +fi diff --git a/gcp/gcpfiles/mas_config.yaml b/gcp/gcpfiles/mas_config.yaml new file mode 100755 index 00000000..fd7741be --- /dev/null +++ b/gcp/gcpfiles/mas_config.yaml @@ -0,0 +1,35 @@ +imports: +- path: solution.jinja + +resources: +- name: solution + type: solution.jinja + properties: + zone: "Deployment Zone" + input_offeringType: 'Select your preferred Suite offering type:: MAS Core + Cloud Pak for Data or MAS Core + Manage (no Cloud Pak for Data)' + input_region: 'Deployment Region, for example: us-central1' + input_publicDomain: 'Provide the public Cloud domain that you created in the Cloud Domains, for example: masocpgcpdevedge.com' + input_clusterSize: 'Select your preferred cluster size. Choose from: small (3M, 3W, total memory: 288GB), medium (3M, 5W, total memory: 416GB), or large (5M, 7W, total memory: 608GB).' + input_entitledRegistryKey: 'Enter the registry key that you downloaded from the IBM Container Library.' + input_openShiftPullSecret: 'Enter the JSON text from the pull secret file that you downloaded from the Red Hat Hybrid Cloud Console.' + input_masLicenseUrl: 'Enter the URL (preferebly with XXX token) of your Suite license key file kept on the Cloud Storage Bucket, for example: https://storage.googleapis.com/masocp-deploy-bucket/masocpfile/entitlement.lic (Applicable only for BYOL product)' + input_masManageDBUser: 'Enter the username that the Maximo Manage application uses to connect to the database.db2inst1' + input_masManageDBPassword: 'Enter the password that the Maximo Manage application uses to connect to the database.' + input_masManageDBJdbcUrl: 'Enter the URL location of the database that the Maximo Manage application connects to, for example: jdbc:db2://1.2.3.4:50051/FTMDB:sslConnection=true' + input_masManageDBCertificateUrl: 'Enter the Blob SAS location of the databases public certificate, for example: https://storage.googleapis.com/masocp-deploy-bucket/masocpfile/db2.crt' + input_importDemoData: 'Indicate whether you want to import demo data into the database. This might be useful for development or test environments, for example : True' + input_sshPublicKey: 'Provide the public SSH key that you want to add to the bootnode, bastion host and cluster nodes.' + input_slsEndpointUrl: 'Enter the endpoint URL that you retrieved from the masocp- OpenShift route in the SLS namespace (ibm-sls-). URL should not have slash (/) at the end.' + input_slsRegistrationKey: 'Enter the status.registrationKey value that you retrieved from the LicenseService instance YAML in the SLS namespace (ibm-sls-).' + input_slsPublicCertificateUrl: 'Enter the URL (preferebly with SAS token) of the services public certificate that you retrieved from the ca.crt file in the -sls-cfg secret in the MAS core namespace (mas--core).' + input_udsEndpointUrl: 'Enter the endpoint URL that you retrieved from the uds-endpoint OpenShift route in the ibm-common-services namespace. URL should not have slash (/) at the end.' + input_udsAPIKey: 'Enter the services API key that you retrieved from the uds-api-key secret in the ibm-common-services namespace.' + input_udsPublicCertificateUrl: 'Enter the URL (preferebly with SAS token) of the services public certificate that you retrieved from the ca-bundle.pem file in the -uds-cfg route in the MAS core namespace.' + input_googleCloudServiceAccount: 'Enter the HTTP URL of the service account key file' + input_googleProjectId: 'Enter Google Cloud accounts Project Id' + input_emailNotification: "Indicate whether you want to receive emails that contain the connection details and credentials for the Suite. These emails are sent using the provided SMTP server details. for example: True" + input_smtpHost: 'Hostname of IP address of the SMTP server.' + input_smtpPort: 'Port of the SMTP server.' + input_smtpUsername: 'Username to be used with SMTP server.' + input_smtpPassword: 'Password to be used with SMTP server.' + input_notificattionEmailAddress: 'Enter the notification Email address' \ No newline at end of file diff --git a/gcp/notify.py b/gcp/notify.py new file mode 100755 index 00000000..e2343e07 --- /dev/null +++ b/gcp/notify.py @@ -0,0 +1,65 @@ +#!/usr/bin/python + +import email, smtplib, ssl, sys + +from email import encoders +from email.mime.base import MIMEBase +from email.mime.multipart import MIMEMultipart +from email.mime.text import MIMEText + +print("Status:", sys.argv[1]) + +subject_details = "MAS Provisioning Notification (contains an attachment)" +body_details = "[MESSAGE-TEXT]\n\nMAS provisioning status: [STATUS]#[STATUS-MESSAGE]\nRegion: [REGION]\nUnique String: [UNIQ-STR]\nOpenShift Cluster URL: [OPENSHIFT-CLUSTER-CONSOLE-URL]\nOpenShift API URL: [OPENSHIFT-CLUSTER-API-URL]\nOpenShift User: [OCP-USER]\nSLS Endpoint URL: [SLS-ENDPOINT-URL]\nMAS Initial Setup URL: [MAS-URL-INIT-SETUP]\nMAS Admin URL: [MAS-URL-ADMIN]\nMAS Workspace URL: [MAS-URL-WORKSPACE]\nMAS User: [MAS-USER]\n" +subject_creds = "MAS Provisioning Notification (contains credentials)" +body_creds = "MAS provisioning status: [STATUS]\nRegion: [REGION]\nUnique String: [UNIQ-STR]\nOpenShift Password: [OCP-PASSWORD]\nMAS Password: [MAS-PASSWORD]" +sender_email = "noreply@maximo.ibm.com" +recipients = [[RECEPIENT]] + +# Create a multipart message and set headers +message_details = MIMEMultipart() +message_details["From"] = sender_email +message_details["To"] = ", ".join(recipients) +message_details["Subject"] = subject_details + +message_creds = MIMEMultipart() +message_creds["From"] = sender_email +message_creds["To"] = ", ".join(recipients) +message_creds["Subject"] = subject_creds + +# Add body to email +message_details.attach(MIMEText(body_details, "plain")) +message_creds.attach(MIMEText(body_creds, "plain")) + +filename = "[CERT-FILE]" # In same directory as script + +# Open file in binary mode +with open(filename, "rb") as attachment: + part = MIMEBase("application", "octet-stream") + part.set_payload(attachment.read()) + +# Encode file in ASCII characters to send by email +encoders.encode_base64(part) + +# Add header as key/value pair to attachment part +part.add_header( + "Content-Disposition", + f"attachment; filename= {filename}", +) + +# Add attachment to message and convert message to string +message_details.attach(part) +text_details = message_details.as_string() +text_creds = message_creds.as_string() + +try: + smtpObj = smtplib.SMTP("[SMTP-HOST]", [SMTP-PORT]) + smtpObj.login("[SMTP-USERNAME]", "[SMTP-PASSWORD]") + smtpObj.sendmail(sender_email, recipients, text_details) + if (sys.argv[1] == "SUCCESS"): + smtpObj.sendmail(sender_email, recipients, text_creds) + print("Successfully sent email") +except SMTPException: + print("Error: unable to send email") + +smtpObj.quit() diff --git a/gcp/notify.sh b/gcp/notify.sh new file mode 100755 index 00000000..79c9ac85 --- /dev/null +++ b/gcp/notify.sh @@ -0,0 +1,70 @@ +#!/bin/bash + +# This script will send email notification using SMTP details +cd $GIT_REPO_HOME/${CLUSTER_TYPE} +SCRIPT_FILE="notify.py" + +if [[ $STATUS == "SUCCESS" ]]; then + # Login to OCP cluster + oc login -u $OCP_USERNAME -p $OCP_PASSWORD --server=https://api.${CLUSTER_NAME}.${BASE_DOMAIN}:6443 + # Collect email details + certfile="${CLUSTER_NAME}-ca.crt" + retrieve_mas_ca_cert $RANDOM_STR $certfile + certcontents=$(cat $certfile | tr '\n' "," | sed "s/,/\\\\\\\n/g") + certcontents=$(echo $certcontents | sed 's/\//\\\//g') + log "$certcontents" + if [[ -z $SLS_URL ]]; then + get_sls_endpoint_url $RANDOM_STR + log " CALL_SLS_URL=$CALL_SLS_URL" + fi + if [[ -z $UDS_ENDPOINT_URL ]]; then + get_uds_endpoint_url $RANDOM_STR + log " CALL_UDS_URL=$CALL_UDS_URL" + fi + get_mas_creds $RANDOM_STR + log " MAS_USER=$MAS_USER" + #log " MAS_PASSWORD=$MAS_PASSWORD" +else + certfile="status" + echo "Deployment failed - $STATUS_MSG" > $certfile +fi + +# Process recepient list +if [[ -n $RECEPIENT ]]; then + for i in $(echo "$RECEPIENT" | tr "," "\n") + do + echo $i + if [[ $emaillist == "" ]]; then + emaillist="'$i'" + else + emaillist="${emaillist},'$i'" + fi + done +fi +echo "Email list = $emaillist" + +sed -i "s/\[SMTP-HOST\]/$SMTP_HOST/g" $SCRIPT_FILE +sed -i "s/\[SMTP-PORT\]/$SMTP_PORT/g" $SCRIPT_FILE +sed -i "s/\[SMTP-USERNAME\]/$SMTP_USERNAME/g" $SCRIPT_FILE +sed -i "s/\[SMTP-PASSWORD\]/$SMTP_PASSWORD/g" $SCRIPT_FILE +sed -i "s/\[CERT-FILE\]/$certfile/g" $SCRIPT_FILE +sed -i "s/\[RECEPIENT\]/$emaillist/g" $SCRIPT_FILE +sed -i "s/\[MESSAGE-TEXT\]/$MESSAGE_TEXT/g" $SCRIPT_FILE +sed -i "s/\[STATUS\]/$STATUS/g" $SCRIPT_FILE +sed -i "s/\[STATUS-MESSAGE\]/$STATUS_MSG/g" $SCRIPT_FILE +sed -i "s/\[REGION\]/$DEPLOY_REGION/g" $SCRIPT_FILE +sed -i "s/\[UNIQ-STR\]/$RANDOM_STR/g" $SCRIPT_FILE +sed -i "s/\[OPENSHIFT-CLUSTER-CONSOLE-URL\]/$OPENSHIFT_CLUSTER_CONSOLE_URL/g" $SCRIPT_FILE +sed -i "s/\[OPENSHIFT-CLUSTER-API-URL\]/$OPENSHIFT_CLUSTER_API_URL/g" $SCRIPT_FILE +sed -i "s/\[OCP-USER\]/$OCP_USERNAME/g" $SCRIPT_FILE +sed -i "s/\[SLS-ENDPOINT-URL\]/$CALL_SLS_URL/g" $SCRIPT_FILE +sed -i "s/\[OCP-PASSWORD\]/$OCP_PASSWORD/g" $SCRIPT_FILE +sed -i "s/\[MAS-PASSWORD\]/$MAS_PASSWORD/g" $SCRIPT_FILE +sed -i "s/\[MAS-URL-INIT-SETUP\]/$MAS_URL_INIT_SETUP/g" $SCRIPT_FILE +sed -i "s/\[MAS-URL-ADMIN\]/$MAS_URL_ADMIN/g" $SCRIPT_FILE +sed -i "s/\[MAS-URL-WORKSPACE\]/$MAS_URL_WORKSPACE/g" $SCRIPT_FILE +sed -i "s/\[MAS-USER\]/$MAS_USER/g" $SCRIPT_FILE + +chmod +x $SCRIPT_FILE +echo "SCRIPT_FILE=$SCRIPT_FILE" +./$SCRIPT_FILE $STATUS diff --git a/gcp/ocp-bastion-host/main.tf b/gcp/ocp-bastion-host/main.tf new file mode 100755 index 00000000..cfd2bca4 --- /dev/null +++ b/gcp/ocp-bastion-host/main.tf @@ -0,0 +1,51 @@ +provider "google" { + project = "${var.gcp_project}" + region = var.region +} + +# Create a firewall rule for bastion host +resource "google_compute_firewall" "allow-bastion" { + name = "${var.bastion_rule_name}" + network = "${var.vpc_name}" + allow { + protocol = "tcp" + ports = ["22"] + } + source_ranges = ["0.0.0.0/0"] + target_tags = ["bastion"] + } + +#create bastion host in the master subnet +resource "google_compute_instance" "default" { + name = "${var.bastion_vm_name}" + machine_type = "n1-standard-1" + zone = "${var.zone}" + + tags = ["bastion"] + + boot_disk { + initialize_params { + image = "debian-cloud/debian-11" + + } + + } + + // Local SSD disk + scratch_disk { + interface = "SCSI" + + } + + network_interface { + network = "${var.vpc_name}" + subnetwork = "${var.subnet_name}" + + access_config { + } + } + + + + +} \ No newline at end of file diff --git a/gcp/ocp-bastion-host/variables.tf b/gcp/ocp-bastion-host/variables.tf new file mode 100755 index 00000000..1193756d --- /dev/null +++ b/gcp/ocp-bastion-host/variables.tf @@ -0,0 +1,22 @@ +variable "bastion_rule_name"{ + default = "bastionrule" +} + +variable "vpc_name" { + default = "default" +} + +variable "gcp_project" { + +} +variable "subnet_name" { + +} +variable "region" { +} +variable "bastion_vm_name" { + +} +variable "zone" { + +} \ No newline at end of file diff --git a/gcp/releases/masocp-template-1.0.0.zip b/gcp/releases/masocp-template-1.0.0.zip new file mode 100755 index 00000000..560235d8 Binary files /dev/null and b/gcp/releases/masocp-template-1.0.0.zip differ diff --git a/get-product-versions.sh b/get-product-versions.sh index a6dd2071..e174f36d 100755 --- a/get-product-versions.sh +++ b/get-product-versions.sh @@ -26,8 +26,21 @@ VersionsArray=( ibm-cert-manager-operator user-data-services-operator cpd-platfo fi done -# MongoDB -getMongoVersion MongoDBCommunity +#log "MONGO_FLAVOR=$MONGO_FLAVOR and MONGO_USE_EXISTING_INSTANCE=$MONGO_USE_EXISTING_INSTANCE" + +if [[ (-z $MONGO_USE_EXISTING_INSTANCE && -z $MONGO_FLAVOR) || ($MONGO_FLAVOR == "MongoDB" && $MONGO_USE_EXISTING_INSTANCE == "false" ) ]]; then + # MongoDB new + getMongoVersion MongoDBCommunity +elif [[ ($MONGO_FLAVOR == "MongoDB" && $MONGO_USE_EXISTING_INSTANCE == "true") ]]; then + # MongoDB existing + log "MAS Provisioned with an existing MongoDB instance" +elif [[ ($MONGO_FLAVOR == "Amazon DocumentDB" && $MONGO_USE_EXISTING_INSTANCE == "false") ]]; then + # Docdb new + log "MAS Provisioned with a new instance of Amazon DocumentDB" +elif [[ ($MONGO_FLAVOR == "Amazon DocumentDB" && $MONGO_USE_EXISTING_INSTANCE == "true") ]]; then + # Docdb existing + log "MAS Provisioned with an existing Amazon DocumentDB" +fi # MAS mas_version=$(oc get subscription ibm-mas-operator -n mas-$MAS_INSTANCE_ID-core -o json | jq .status.installedCSV -r | grep --perl-regexp '(?:(\d+)\.)?(?:(\d+)\.)?(?:(\d+)\.\d+)' --only-matching ) @@ -35,6 +48,6 @@ log " MAS version is $mas_version" # Manage (if installed) if [[ $DEPLOY_MANAGE == "true" ]]; then -manage_version=$(oc get subscription ibm-mas-manage -n mas-$MAS_INSTANCE_ID-$MAS_APP_ID -o json | jq .status.installedCSV -r | grep --perl-regexp '(?:(\d+)\.)?(?:(\d+)\.)?(?:(\d+)\.\d+)' --only-matching ) -log " Manage version is $manage_version" + manage_version=$(oc get subscription ibm-mas-manage -n mas-$MAS_INSTANCE_ID-$MAS_APP_ID -o json | jq .status.installedCSV -r | grep --perl-regexp '(?:(\d+)\.)?(?:(\d+)\.)?(?:(\d+)\.\d+)' --only-matching ) + log " Manage version is $manage_version" fi \ No newline at end of file diff --git a/helper.sh b/helper.sh index f11d45fb..6041e294 100644 --- a/helper.sh +++ b/helper.sh @@ -128,7 +128,33 @@ mark_provisioning_failed() { elif [[ $retcode -eq 30 ]]; then export STATUS_MSG="MAS+CP4D offering is not supported on ROSA cluster. Please select option to create a new cluster in a new deployment or provide a self-managed cluster." elif [[ $retcode -eq 31 ]]; then - export STATUS_MSG="Please provide a valid DB certificate URL.." + export STATUS_MSG="Please provide a valid DB certificate URL.." + elif [[ $retcode -eq 32 ]]; then + export STATUS_MSG="Failure in fetching the VPC id required to deploy document DB.." + elif [[ $retcode -eq 33 ]]; then + export STATUS_MSG="The Mongo DB details are missing or invalid." + elif [[ $retcode -eq 34 ]]; then + export STATUS_MSG="Please provide a valid Mongo CA PEM certificate URL.." + elif [[ $retcode -eq 35 ]]; then + export STATUS_MSG="Failure in creating VPC peering." + elif [[ $retcode -eq 36 ]]; then + export STATUS_MSG="Failure in creating IAM policy." + elif [[ $retcode -eq 37 ]]; then + export STATUS_MSG="Failure in creating Create Route. Please make sure there is no other VPCs which has matching or overlapping IPv4 CIDR blocks 10.0.0.0/16 " + elif [[ $retcode -eq 38 ]]; then + export STATUS_MSG="Failure in connecting to existing Mongo DB instance." + elif [[ $retcode -eq 39 ]]; then + export STATUS_MSG="$DOCUMENTDB_VPC_ID is not found in region $DEPLOY_REGION" + elif [[ $retcode -eq 40 ]]; then + export STATUS_MSG="Failure in finding VPC in region $DEPLOY_REGION" + elif [[ $retcode -eq 41 ]]; then + export STATUS_MSG="Subnet ID associated with CIDR Block is not found" + elif [[ $retcode -eq 42 ]]; then + export STATUS_MSG="Failure in fetching the VPC id required to deploy AWS MSK.." + elif [[ $retcode -eq 43 ]]; then + export STATUS_MSG="Amazon DocumentDB is not supported in current deploy region $DEPLOY_REGION" + elif [[ $retcode -eq 44 ]]; then + export STATUS_MSG="Failure in fetching the CIDR block associated with Subnet" fi export MESSAGE_TEXT=NA export OPENSHIFT_CLUSTER_CONSOLE_URL=NA @@ -215,7 +241,7 @@ validate_prouduct_type() { log "hyperscaler in MAS_ANNOTATIONS: $MAS_ANNOTATIONS" if [[ $CLUSTER_TYPE == "azure" ]]; then export MAS_ANNOTATIONS="mas.ibm.com/hyperscalerProvider=azure,mas.ibm.com/hyperscalerChannel=azure" - fi + fi log "hyperscaler in MAS_ANNOTATIONS: $MAS_ANNOTATIONS" if [[ $OPERATIONAL_MODE == "Non-production" ]]; then if [[ -n "$MAS_ANNOTATIONS" ]]; then diff --git a/init.sh b/init.sh index 99ee93f3..197f4985 100644 --- a/init.sh +++ b/init.sh @@ -15,9 +15,6 @@ export BASE_DOMAIN_RG_NAME=$8 export SSH_KEY_NAME=$9 export DEPLOY_WAIT_HANDLE=${10} export SLS_ENTITLEMENT_KEY=${11} - - - export OCP_PULL_SECRET=${12} export MAS_LICENSE_URL=${13} export SLS_URL=${14} @@ -30,7 +27,7 @@ export MAS_JDBC_USER=${20} export MAS_JDBC_PASSWORD=${21} export MAS_JDBC_URL=${22} export MAS_JDBC_CERT_URL=${23} -export MAS_DB_IMPORT_DEMO_DATA=${24} +export MAS_APP_SETTINGS_DEMODATA=${24} export EXS_OCP_URL=${25} export EXS_OCP_USER=${26} export EXS_OCP_PWD=${27} @@ -45,19 +42,31 @@ export AZURE_SP_CLIENT_ID=${35} export AZURE_SP_CLIENT_PWD=${36} export SELLER_SUBSCRIPTION_ID=${37} export TENANT_ID=${38} -export BOOTNODE_VPC_ID=${39} -export BOOTNODE_SUBNET_ID=${40} -export EXISTING_NETWORK=${41} -export EXISTING_NETWORK_RG=${42} -export EXISTING_PRIVATE_SUBNET1_ID=${43} -export EXISTING_PRIVATE_SUBNET2_ID=${44} -export EXISTING_PRIVATE_SUBNET3_ID=${45} -export EXISTING_PUBLIC_SUBNET1_ID=${46} -export EXISTING_PUBLIC_SUBNET2_ID=${47} -export EXISTING_PUBLIC_SUBNET3_ID=${48} -export PRIVATE_CLUSTER=${49} -export OPERATIONAL_MODE=${50} -export ENV_TYPE=${51} +export GOOGLE_PROJECTID=${39} +export GOOGLE_APPLICATION_CREDENTIALS_FILE=${40} +export BOOTNODE_VPC_ID=${41} +export BOOTNODE_SUBNET_ID=${42} +export EXISTING_NETWORK=${43} +export EXISTING_NETWORK_RG=${44} +export EXISTING_PRIVATE_SUBNET1_ID=${45} +export EXISTING_PRIVATE_SUBNET2_ID=${46} +export EXISTING_PRIVATE_SUBNET3_ID=${47} +export EXISTING_PUBLIC_SUBNET1_ID=${48} +export EXISTING_PUBLIC_SUBNET2_ID=${49} +export EXISTING_PUBLIC_SUBNET3_ID=${50} +export PRIVATE_CLUSTER=${51} +export OPERATIONAL_MODE=${52} + +#true if use existing instance selected, false if provision new instance selected +export MONGO_USE_EXISTING_INSTANCE=${53} +export MONGO_FLAVOR=${54} +export MONGO_ADMIN_USERNAME=${55} +export MONGO_ADMIN_PASSWORD=${56} +export MONGO_HOSTS=${57} +export MONGO_CA_PEM_FILE=${58} +export DOCUMENTDB_VPC_ID=${59} +export AWS_MSK_PROVIDER=${60} +export ENV_TYPE=${61} export GIT_REPO_HOME=$(pwd) # Load helper functions . helper.sh @@ -73,7 +82,6 @@ export -f validate_prouduct_type export GIT_REPO_HOME=$(pwd) - ## Configure CloudWatch agent if [[ $CLUSTER_TYPE == "aws" ]]; then log "Configuring CloudWatch logs agent" @@ -109,9 +117,20 @@ EOT cd - fi +## Configure Ops agent +if [[ $CLUSTER_TYPE == "gcp" ]]; then + log "Configuring Ops agent" + # Update config file + sed -i "s/\[UNIQID\]/$RANDOM_STR/g" /etc/google-cloud-ops-agent/config.yaml + # Start Ops agent service + service google-cloud-ops-agent restart + sleep 5 + cd - +fi + # Check for input parameters -if [[ (-z $CLUSTER_TYPE) || (-z $DEPLOY_REGION) || (-z $ACCOUNT_ID) \ - || (-z $RANDOM_STR) || (-z $SSH_KEY_NAME) || (-z $DEPLOY_WAIT_HANDLE) ]]; then +if [[ (-z $CLUSTER_TYPE) || (-z $DEPLOY_REGION) || (-z $RANDOM_STR) || (-z $CLUSTER_SIZE) || (-z $SLS_ENTITLEMENT_KEY) \ + || (-z $SSH_KEY_NAME) ]]; then log "ERROR: Required parameter not specified, please provide all the required inputs to the script." PRE_VALIDATION=fail fi @@ -143,13 +162,17 @@ export OPENSHIFT_PULL_SECRET_FILE_PATH=${GIT_REPO_HOME}/pull-secret.json export MASTER_NODE_COUNT="3" export WORKER_NODE_COUNT="3" export AZ_MODE="multi_zone" +export OCP_VERSION="4.12.18" + export MAS_IMAGE_TEST_DOWNLOAD="cp.icr.io/cp/mas/admin-dashboard:5.1.27" -export BACKUP_FILE_NAME="terraform-backup-${CLUSTER_NAME}.zip" +export BACKUP_FILE_NAME="deployment-backup-${CLUSTER_NAME}.zip" if [[ $CLUSTER_TYPE == "aws" ]]; then export DEPLOYMENT_CONTEXT_UPLOAD_PATH="s3://masocp-${RANDOM_STR}-bucket-${DEPLOY_REGION}/ocp-cluster-provisioning-deployment-context/" elif [[ $CLUSTER_TYPE == "azure" ]]; then export DEPLOYMENT_CONTEXT_UPLOAD_PATH="ocp-cluster-provisioning-deployment-context/${BACKUP_FILE_NAME}" export STORAGE_ACNT_NAME="masocp${RANDOM_STR}stgaccount" +elif [[ $CLUSTER_TYPE == "gcp" ]]; then + export DEPLOYMENT_CONTEXT_UPLOAD_PATH="gs://masocp-${RANDOM_STR}-bucket/ocp-cluster-provisioning-deployment-context/" fi # Mongo variables export MAS_INSTANCE_ID="${RANDOM_STR}" @@ -166,7 +189,9 @@ export SLS_MONGODB_CFG_FILE="${MAS_CONFIG_DIR}/mongo-${MONGODB_NAMESPACE}.yml" # Exporting SLS_LICENSE_FILE only when product type is different than privatepublic(i.e. Paid offering) # Paid offering does not require entitlement.lic i.e. MAS license file. -validate_prouduct_type +if [[ $CLUSTER_TYPE == "aws" ]]; then + validate_prouduct_type +fi if [[ ($PRODUCT_TYPE == "privatepublic") && ($CLUSTER_TYPE == "aws") ]];then log "Product type is privatepublic hence not exporting SLS_LICENSE_FILE variable" else @@ -187,9 +212,9 @@ export UDS_TLS_CERT_LOCAL_FILE_PATH="${GIT_REPO_HOME}/uds.crt" # CP4D variables export CPD_ENTITLEMENT_KEY=$SLS_ENTITLEMENT_KEY export CPD_VERSION=cpd40 -export CPD_PRODUCT_VERSION=4.5.0 -export MAS_CHANNEL=8.9.x -export MAS_CATALOG_VERSION=v8-amd64 +export CPD_PRODUCT_VERSION=4.6.3 +export MAS_CHANNEL=8.10.x +export MAS_CATALOG_VERSION=v8-230518-amd64 if [[ $CLUSTER_TYPE == "aws" ]]; then export CPD_PRIMARY_STORAGE_CLASS="ocs-storagecluster-cephfs" elif [[ $CLUSTER_TYPE == "azure" ]]; then @@ -219,25 +244,29 @@ export MAS_APP_ID=manage export MAS_APPWS_JDBC_BINDING="workspace-application" export MAS_JDBC_CERT_LOCAL_FILE=$GIT_REPO_HOME/db.crt export MAS_CLOUD_AUTOMATION_VERSION=1.0 -export MAS_DEVOPS_COLLECTION_VERSION=12.3.2 -export MAS_APP_CHANNEL=8.5.x +export MAS_DEVOPS_COLLECTION_VERSION=13.11.0 +export MAS_APP_CHANNEL=8.6.x if [ -z "$EXISTING_NETWORK" ]; then export new_or_existing_vpc_subnet="new" export enable_permission_quota_check=true export PRIVATE_CLUSTER=false + export private_or_public_cluster=public else export new_or_existing_vpc_subnet="exist" export enable_permission_quota_check=false + export private_or_public_cluster=public fi log " new_or_existing_vpc_subnet=$new_or_existing_vpc_subnet" log " enable_permission_quota_check=$enable_permission_quota_check" if [[ -z "$EXISTING_NETWORK" && $CLUSTER_TYPE == "azure" ]]; then export INSTALLATION_MODE="IPI" + # Setting the name of the v-net + export EXISTING_NETWORK=${RANDOM_STR}-vnet else export INSTALLATION_MODE="UPI" fi -#log "==== INSTALLATION MODE: ${INSTALLATION_MODE}" +log "==== INSTALLATION MODE: ${INSTALLATION_MODE}" RESP_CODE=0 @@ -269,11 +298,10 @@ case $CLUSTER_SIZE in esac - - # Log the variable values log "Below are common deployment parameters," log " OPERATIONAL_MODE: $OPERATIONAL_MODE" +log " AWS_MSK_PROVIDER: $AWS_MSK_PROVIDER" log " CLUSTER_TYPE: $CLUSTER_TYPE" log " OFFERING_TYPE: $OFFERING_TYPE" log " DEPLOY_REGION: $DEPLOY_REGION" @@ -288,8 +316,6 @@ log " DEPLOY_WAIT_HANDLE: $DEPLOY_WAIT_HANDLE" #log " SLS_ENTITLEMENT_KEY: $SLS_ENTITLEMENT_KEY" #log " MAS_ENTITLEMENT_KEY: $MAS_ENTITLEMENT_KEY" #log " ENTITLEMENT_KEY: $ENTITLEMENT_KEY" - - #log " OCP_PULL_SECRET: $OCP_PULL_SECRET" log " DEPLOY_CP4D: $DEPLOY_CP4D" log " DEPLOY_MANAGE: $DEPLOY_MANAGE" @@ -303,7 +329,7 @@ log " UDS_PUB_CERT_URL: $UDS_PUB_CERT_URL" log " MAS_JDBC_USER: $MAS_JDBC_USER" log " MAS_JDBC_URL: $MAS_JDBC_URL" log " MAS_JDBC_CERT_URL: $MAS_JDBC_CERT_URL" -log " MAS_DB_IMPORT_DEMO_DATA: $MAS_DB_IMPORT_DEMO_DATA" +log " MAS_APP_SETTINGS_DEMODATA: $MAS_APP_SETTINGS_DEMODATA" log " EXS_OCP_URL: $EXS_OCP_URL" log " EXS_OCP_USER: $EXS_OCP_USER" log " RG_NAME=$RG_NAME" @@ -316,10 +342,18 @@ log " SMTP_USERNAME=$SMTP_USERNAME" log " AZURE_SP_CLIENT_ID=$AZURE_SP_CLIENT_ID" log " SELLER_SUBSCRIPTION_ID=$SELLER_SUBSCRIPTION_ID" log " TENANT_ID=$TENANT_ID" +log " GOOGLE_PROJECTID=$GOOGLE_PROJECTID" +log " GOOGLE_APPLICATION_CREDENTIALS_FILE=$GOOGLE_APPLICATION_CREDENTIALS_FILE" log " EMAIL_NOTIFICATION: $EMAIL_NOTIFICATION" log " EXISTING_NETWORK=$EXISTING_NETWORK" log " EXISTING_NETWORK_RG=$EXISTING_NETWORK_RG" log " ENV_TYPE=$ENV_TYPE" +log " MONGO_USE_EXISTING_INSTANCE=${MONGO_USE_EXISTING_INSTANCE}" +log " MONGO_FLAVOR=${MONGO_FLAVOR}" +log " MONGO_ADMIN_USERNAME=${MONGO_ADMIN_USERNAME}" +#log " MONGO_ADMIN_PASSWORD=${MONGO_ADMIN_PASSWORD}" +log " MONGO_HOSTS=${MONGO_HOSTS}" +log " MONGO_CA_PEM_FILE=${MONGO_CA_PEM_FILE}" log " EXISTING_PRIVATE_SUBNET1_ID=$EXISTING_PRIVATE_SUBNET1_ID" log " EXISTING_PRIVATE_SUBNET2_ID=$EXISTING_PRIVATE_SUBNET2_ID" log " EXISTING_PRIVATE_SUBNET3_ID=$EXISTING_PRIVATE_SUBNET3_ID" @@ -376,9 +410,28 @@ if [[ $CLUSTER_TYPE == "azure" ]]; then log " BASE_DOMAIN_RG_NAME: $BASE_DOMAIN_RG_NAME" # Get VNet RG name for UPI based installation if [[ $INSTALLATION_MODE == "UPI" ]]; then - VNET_NAME=$EXISTING_NETWORK - export EXISTING_NETWORK_RG=`az network vnet list | jq --arg VNET_NAME $VNET_NAME '.[] | select(.name==$VNET_NAME).resourceGroup' | tr -d '"'` - log " EXISTING_NETWORK_RG: $EXISTING_NETWORK_RG" + # Domain name with private dns - only available for UPI + if [[ $PRIVATE_CLUSTER == "true" ]]; then + export private_or_public_cluster="private" + export BASE_DOMAIN_RG_NAME=`az network private-dns zone list | jq --arg DNS_ZONE $DNS_ZONE '.[] | select(.name==$DNS_ZONE).resourceGroup' | tr -d '"'` + log " UPI PRIVATE CLUSTER - BASE_DOMAIN_RG_NAME: $BASE_DOMAIN_RG_NAME" + else + export private_or_public_cluster="public" + export BASE_DOMAIN_RG_NAME=`az network dns zone list | jq --arg DNS_ZONE $DNS_ZONE '.[] | select(.name==$DNS_ZONE).resourceGroup' | tr -d '"'` + log " UPI PUBLIC CLUSTER - BASE_DOMAIN_RG_NAME: $BASE_DOMAIN_RG_NAME" + fi + + VNET_NAME=$EXISTING_NETWORK + export EXISTING_NETWORK_RG=`az network vnet list | jq --arg VNET_NAME $VNET_NAME '.[] | select(.name==$VNET_NAME).resourceGroup' | tr -d '"'` + #Assign the nsg name + # export nsg_name=`az network vnet subnet list --resource-group $EXISTING_NETWORK_RG --vnet-name $VNET_NAME|jq '.[0] | select(.name).networkSecurityGroup.id'|awk -F'/' '{print $9}'|tr -d '"'` + #Assign the network subnet + export master_subnet_name=`az network vnet subnet list --resource-group $EXISTING_NETWORK_RG --vnet-name $VNET_NAME|jq '.[] | select(.name).name'|grep master|tr -d '"'` + export worker_subnet_name=`az network vnet subnet list --resource-group $EXISTING_NETWORK_RG --vnet-name $VNET_NAME|jq '.[] | select(.name).name'|grep worker|tr -d '"'` + log " MASTER SUBNET NAME: $master_subnet_name " + log " WORKER SUBNET NAME: $worker_subnet_name" + # log " NSG NAME: $nsg_name" + log " EXISTING_NETWORK_RG: $EXISTING_NETWORK_RG" fi fi @@ -398,7 +451,6 @@ else fi log "===== PRE-VALIDATION COMPLETED ($PRE_VALIDATION) =====" - # Perform the MAS deployment only if pre-validation checks are passed if [[ $PRE_VALIDATION == "pass" ]]; then ## If user provided input of Openshift API url along with creds, then use the provided details for deployment of other components like CP4D, MAS etc. @@ -448,15 +500,15 @@ if [[ $PRE_VALIDATION == "pass" ]]; then chmod 600 $OPENSHIFT_PULL_SECRET_FILE_PATH ## Installing the collection depending on ENV_TYPE - if [[ $CLUSTER_TYPE == "aws" ]]; then + if [[ ($CLUSTER_TYPE == "aws") || ($CLUSTER_TYPE == "gcp") ]]; then if [[ $ENV_TYPE == "dev" ]]; then - echo "=== Building and Installing Ansible Collection Locally ===" + log "=== Building and Installing Ansible Collection Locally ===" cd $GIT_REPO_HOME/../ibm/mas_devops ansible-galaxy collection build - ansible-galaxy collection install ibm-mas_devops-*.tar.gz - echo "=== Ansible Collection built and installed locally Successfully ===" + ansible-galaxy collection install --force ibm-mas_devops-*.tar.gz + log "=== Ansible Collection built and installed locally Successfully ===" else - echo "MAS_DEVOPS_COLLECTION_VERSION=$MAS_DEVOPS_COLLECTION_VERSION" + log "MAS_DEVOPS_COLLECTION_VERSION=$MAS_DEVOPS_COLLECTION_VERSION" log "==== Installing Ansible Collection ====" ansible-galaxy collection install ibm.mas_devops:==${MAS_DEVOPS_COLLECTION_VERSION} log "==== Installed Ansible Collection Successfully ====" @@ -485,7 +537,6 @@ if [[ $PRE_VALIDATION == "pass" ]]; then export MESSAGE_TEXT="Please import the attached certificate into the browser to access MAS UI." export OPENSHIFT_CLUSTER_CONSOLE_URL="https:\/\/console-openshift-console.apps.${CLUSTER_NAME}.${BASE_DOMAIN}" export OPENSHIFT_CLUSTER_API_URL="https:\/\/api.${CLUSTER_NAME}.${BASE_DOMAIN}:6443" - export OPENSHIFT_CLUSTER_API_URL="https:\/\/api.${CLUSTER_NAME}.${BASE_DOMAIN}:6443" export MAS_URL_INIT_SETUP="https:\/\/admin.${RANDOM_STR}.apps.${CLUSTER_NAME}.${BASE_DOMAIN}\/initialsetup" export MAS_URL_ADMIN="https:\/\/admin.${RANDOM_STR}.apps.${CLUSTER_NAME}.${BASE_DOMAIN}" export MAS_URL_WORKSPACE="https:\/\/$MAS_WORKSPACE_ID.home.${RANDOM_STR}.apps.${CLUSTER_NAME}.${BASE_DOMAIN}" @@ -498,7 +549,7 @@ if [[ $PRE_VALIDATION == "pass" ]]; then else mark_provisioning_failed $retcode if [[ $retcode -eq 2 ]]; then - log "OCP Creation Successful ,Suite Deployment failed" + log "OCP Creation Successful, Suite Deployment failed" log "===== PROVISIONING COMPLETED =====" export STATUS=FAILURE export STATUS_MSG="OCP Creation Successful,Failed in the Ansible playbook execution" @@ -511,7 +562,6 @@ if [[ $PRE_VALIDATION == "pass" ]]; then RESP_CODE=2 fi fi - fi log " STATUS=$STATUS" @@ -545,6 +595,10 @@ if [[ $CLUSTER_TYPE == "aws" ]]; then elif [[ $CLUSTER_TYPE == "azure" ]]; then # Upload the log file to blob storage az storage blob upload --account-name ${STORAGE_ACNT_NAME} --container-name masocpcontainer --name ocp-cluster-provisioning-deployment-context/mas-provisioning.log --file $GIT_REPO_HOME/mas-provisioning.log +elif [[ $CLUSTER_TYPE == "gcp" ]]; then + # Upload the log files to cloud storage + gsutil cp $GIT_REPO_HOME/mas-provisioning.log gs://masocp-${RANDOM_STR}-bucket/ocp-cluster-provisioning-deployment-context/ + gsutil cp /root/openshift-install/config/${CLUSTER_NAME}/.openshift_install.log gs://${RANDOM_STR}-bucket/ocp-cluster-provisioning-deployment-context/ fi log "Shutting down VM in a minute" shutdown -P "+1" diff --git a/jdbc-prevalidate.py b/jdbc-prevalidateDB2.py similarity index 100% rename from jdbc-prevalidate.py rename to jdbc-prevalidateDB2.py diff --git a/jdbc-prevalidateOracle.py b/jdbc-prevalidateOracle.py new file mode 100644 index 00000000..26730dcb --- /dev/null +++ b/jdbc-prevalidateOracle.py @@ -0,0 +1,14 @@ +import jaydebeapi +import os +con=jaydebeapi.connect('oracle.jdbc.driver.OracleDriver', + os.getenv('MAS_JDBC_URL'), + {'user':os.getenv('MAS_JDBC_USER'), + 'password':os.getenv('MAS_JDBC_PASSWORD')}, + jars=os.getenv('MAS_ORACLE_JAR_LOCAL_PATH'),) + +if con : +# print("Connected to db successfully !") + con.close() + os._exit(0) +else: + os._exit(1) diff --git a/lib/ojdbc8.jar b/lib/ojdbc8.jar new file mode 100644 index 00000000..7dd0d3b1 Binary files /dev/null and b/lib/ojdbc8.jar differ diff --git a/mongo/docdb/docdb-create-iam-user.sh b/mongo/docdb/docdb-create-iam-user.sh new file mode 100644 index 00000000..5989f381 --- /dev/null +++ b/mongo/docdb/docdb-create-iam-user.sh @@ -0,0 +1,42 @@ +#!/bin/bash +SCRIPT_STATUS=0 +if [[ -f "/tmp/iam-user-created" ]]; then + log "mongo/docdb/docdb-create-iam-user.sh : /tmp/iam-user-created exists; docdb-create-iam-user.sh skipped ..." +else + log "mongo/docdb/docdb-create-iam-user.sh : /tmp/iam-user-created not exists" + log "mongo/docdb/docdb-create-iam-user.sh: .......... starts" + # IAM variables + IAM_POLICY_NAME="masocp-policy-${RANDOM_STR}" + IAM_USER_NAME="masocp-user-${RANDOM_STR}" + ## IAM # Create IAM policy + cd $GIT_REPO_HOME/aws + policyarn=$(aws iam create-policy --policy-name ${IAM_POLICY_NAME} --policy-document file://${GIT_REPO_HOME}/aws/iam/policy.json | jq '.Policy.Arn' | tr -d "\"") + # Create IAM user + aws iam create-user --user-name ${IAM_USER_NAME} + aws iam attach-user-policy --user-name ${IAM_USER_NAME} --policy-arn $policyarn + + if [ $? -ne 0 ]; then + SCRIPT_STATUS=36 + fi + accessdetails=$(aws iam create-access-key --user-name ${IAM_USER_NAME}) + export AWS_ACCESS_KEY_ID=$(echo $accessdetails | jq '.AccessKey.AccessKeyId' | tr -d "\"") + export AWS_SECRET_ACCESS_KEY=$(echo $accessdetails | jq '.AccessKey.SecretAccessKey' | tr -d "\"") + + aws configure set aws_access_key_id $AWS_ACCESS_KEY_ID + aws configure set aws_secret_access_key $AWS_SECRET_ACCESS_KEY + aws configure set default.region $DEPLOY_REGION + + if [ $? -ne 0 ]; then + SCRIPT_STATUS=36 + fi + log "mongo/docdb/docdb-create-iam-user.sh: .......... AWS_ACCESS_KEY_ID:DEPLOY_REGION $AWS_ACCESS_KEY_ID : $DEPLOY_REGION" + # on successful completion of docdb-create-iam-user.sh, create a file + echo "COMPLETE" > /tmp/iam-user-created + chmod a+rw /tmp/iam-user-created + # Put some delay for IAM permissions to be applied in the backend + sleep 60 + log "mongo/docdb/docdb-create-iam-user.sh: .......... ends" + +fi + + diff --git a/mongo/docdb/docdb-create-vpc-peer.sh b/mongo/docdb/docdb-create-vpc-peer.sh new file mode 100644 index 00000000..2f21b658 --- /dev/null +++ b/mongo/docdb/docdb-create-vpc-peer.sh @@ -0,0 +1,202 @@ +#!/bin/bash +if [[ $MONGO_FLAVOR == "Amazon DocumentDB" ]]; then + SCRIPT_STATUS=0 + export VPC_1=$REQUESTER_VPC_ID + export VPC_2=$ACCEPTER_VPC_ID + export ACCEPTER_REGION=$DEPLOY_REGION + + log "docdb-create-vpc-peer.sh .......... starts" + log "docdb-create-vpc-peer.sh : REQUESTER_VPC_ID : $REQUESTER_VPC_ID" #BOOTNODE_VPC_ID or VPC_ID + log "docdb-create-vpc-peer.sh : ACCEPTER_VPC_ID : $ACCEPTER_VPC_ID" #DOCUMENTDB_VPC_ID + log "docdb-create-vpc-peer.sh : ACCEPTER_REGION : $ACCEPTER_REGION" + if [[ "${VPC_1}" != "${VPC_2}" ]]; then + + log "docdb-create-vpc-peer.sh : Invoke docdb-create-iam-user.sh" + + sh $GIT_REPO_HOME/mongo/docdb/docdb-create-iam-user.sh + if [ $? -ne 0 ]; then + SCRIPT_STATUS=36 + exit $SCRIPT_STATUS + fi + + export _VPC_1=`aws ec2 describe-vpcs --filters "Name=vpc-id,Values=$VPC_1" --region $ACCEPTER_REGION --query=Vpcs[*].VpcId --output=text` + export _VPC_2=`aws ec2 describe-vpcs --filters "Name=vpc-id,Values=$VPC_2" --region $ACCEPTER_REGION --query=Vpcs[*].VpcId --output=text` + log "_VPC_1=$_VPC_1" + log "_VPC_2=$_VPC_2" + + if [[ -z "$_VPC_2" ]]; then + SCRIPT_STATUS="39" + log "docdb-create-vpc-peer.sh : User entered $_VPC_2 is not found in region $ACCEPTER_REGION, exiting..." + exit $SCRIPT_STATUS + fi + + #This edge case will not occur as BOOTNODE_VPC_ID or VPC_ID will be there. + if [[ -z "$_VPC_1" ]]; then + SCRIPT_STATUS="40" + log "docdb-create-vpc-peer.sh : $_VPC_1 is not found in region $ACCEPTER_REGION, exiting..." + exit $SCRIPT_STATUS + fi + + export VPC_1_CIDR=`aws ec2 describe-vpcs --filters "Name=vpc-id,Values=$VPC_1" --region $ACCEPTER_REGION --query=Vpcs[*].CidrBlock --output=text` + export VPC_2_CIDR=`aws ec2 describe-vpcs --filters "Name=vpc-id,Values=$VPC_2" --region $ACCEPTER_REGION --query=Vpcs[*].CidrBlock --output=text` + log "VPC_1_CIDR=$VPC_1_CIDR" + log "VPC_2_CIDR=$VPC_2_CIDR" + + if [[ -z "$VPC_1_CIDR" || -z "$VPC_2_CIDR" ]]; then + SCRIPT_STATUS=35 + log "docdb-create-vpc-peer.sh : VPC_1_CIDR or VPC_2_CIDR is empty, exiting..." + exit $SCRIPT_STATUS + fi + + log "docdb-create-vpc-peer.sh : Invoke create-vpc-peering-connection" + export VPC_PEERING_CONNECTION_ID=`aws ec2 create-vpc-peering-connection --vpc-id ${VPC_1} --peer-vpc-id ${VPC_2} --query="VpcPeeringConnection.VpcPeeringConnectionId" --output text` + sleep 30 + log "docdb-create-vpc-peer.sh : VPC_PEERING_CONNECTION_ID=$VPC_PEERING_CONNECTION_ID" + if [[ -z "$VPC_PEERING_CONNECTION_ID" ]]; then + SCRIPT_STATUS=35 + log "docdb-create-vpc-peer.sh : VPC_PEERING_CONNECTION_ID is empty, exiting..." + exit $SCRIPT_STATUS + fi + if [[ -n "$VPC_PEERING_CONNECTION_ID" ]]; then + log "docdb-create-vpc-peer.sh : aws ec2 accept-vpc-peering-connection" + + counter=0 + found="false" + while [[ $found == "false" ]] && [[ $counter < 20 ]]; do + counter=counter+1 + aws ec2 accept-vpc-peering-connection --vpc-peering-connection-id ${VPC_PEERING_CONNECTION_ID} --query="VpcPeeringConnection.Status.Code" + if [[ $? -ne 0 ]]; then + SCRIPT_STATUS=35 + log "docdb-create-vpc-peer.sh : ACCEPT_VPC_PEERING_CONNECTION failed, exiting..." + exit $SCRIPT_STATUS + else + log "docdb-create-vpc-peer.sh : ACCEPT_VPC_PEERING_CONNECTION accepted, waiting for provisioning and status change to active..." + sleep 60 + export ACCEPT_VPC_PEERING_CONNECTION=`aws ec2 accept-vpc-peering-connection --vpc-peering-connection-id ${VPC_PEERING_CONNECTION_ID} --query="VpcPeeringConnection.Status.Code"` + log "docdb-create-vpc-peer.sh : ACCEPT_VPC_PEERING_CONNECTION==$ACCEPT_VPC_PEERING_CONNECTION" + if [[ "${ACCEPT_VPC_PEERING_CONNECTION}" == *"active"* ]] ;then + found="true" + fi + fi + done + + log "docdb-create-vpc-peer.sh : ACCEPT_VPC_PEERING_CONNECTION=$ACCEPT_VPC_PEERING_CONNECTION" + if [[ -z "$ACCEPT_VPC_PEERING_CONNECTION" ]]; then + SCRIPT_STATUS=35 + log "docdb-create-vpc-peer.sh : ACCEPT_VPC_PEERING_CONNECTION is empty, exiting..." + exit $SCRIPT_STATUS + fi + + # Creating Routes for vpc peering at cluster and mirror machines + log "docdb-create-vpc-peer.sh : create routes started" + + # Get main Route table id for each vpc id + if [[ -n "$VPC_PEERING_CONNECTION_ID" && "${ACCEPT_VPC_PEERING_CONNECTION}" == *"active"* ]] ;then + # routing tables + log "---------------------------------------------" + log "Checking for routing tables for VPC $VPC_1" + RTS=$(aws ec2 describe-route-tables --filter Name=vpc-id,Values=$VPC_1 --region $DEPLOY_REGION | jq ".RouteTables[].RouteTableId" | tr -d '"') + log "RTS = $RTS" + if [[ -n $RTS ]]; then + log "Found routing tables for this AWS stack" + for VPC_1_ROUTE_TABLE_ID in $RTS; do + + #check if the route with blackhole status exist + EXISTING_ROUTE_TABLE_ID_WITH_BLACKHOLE_STATUS=`aws ec2 describe-route-tables --filters \ + --region $ACCEPTER_REGION \ + "Name=route-table-id,Values=$VPC_1_ROUTE_TABLE_ID" \ + "Name=route.destination-cidr-block,Values=$VPC_2_CIDR" \ + "Name=route.state,Values=blackhole" \ + --query RouteTables[].RouteTableId --output=text` + + if [[ -n $EXISTING_ROUTE_TABLE_ID_WITH_BLACKHOLE_STATUS ]]; then + log "docdb-create-vpc-peer.sh : aws ec2 delete-route route-table-id $VPC_1_ROUTE_TABLE_ID destination-cidr-block $VPC_2_CIDR started" + aws ec2 delete-route --route-table-id $VPC_1_ROUTE_TABLE_ID --destination-cidr-block $VPC_2_CIDR --region $ACCEPTER_REGION + fi + + #check if the route exist already + EXISTING_ROUTE_TABLE_ID=`aws ec2 describe-route-tables --filters \ + --region $ACCEPTER_REGION \ + "Name=route-table-id,Values=$VPC_1_ROUTE_TABLE_ID" \ + "Name=route.vpc-peering-connection-id,Values=$VPC_PEERING_CONNECTION_ID" \ + "Name=route.destination-cidr-block,Values=$VPC_2_CIDR" \ + "Name=route.state,Values=active" \ + --query RouteTables[].RouteTableId --output=text` + log "docdb-create-vpc-peer.sh : EXISTING_ROUTE_TABLE_ID=$EXISTING_ROUTE_TABLE_ID" + if [[ -z $EXISTING_ROUTE_TABLE_ID ]]; then + log "docdb-create-vpc-peer.sh : aws ec2 create-route $VPC_1_ROUTE_TABLE_ID $VPC_2_CIDR $VPC_PEERING_CONNECTION_ID started" + export CREATE_ROUTE_1=`aws ec2 create-route --route-table-id $VPC_1_ROUTE_TABLE_ID --destination-cidr-block $VPC_2_CIDR --vpc-peering-connection-id $VPC_PEERING_CONNECTION_ID --output=text` + sleep 10 + log "docdb-create-vpc-peer.sh : CREATE_ROUTE_1=$CREATE_ROUTE_1" + if [[ ("${CREATE_ROUTE_1}" != "True") ]]; then + #An error occurred (RouteAlreadyExists) when calling the CreateRoute operation: The route identified by 172.31.0.0/16 already exists. + SCRIPT_STATUS=37 + log "docdb-create-vpc-peer.sh : aws ec2 create-route CREATE_ROUTE_1 creation failed, exiting..." + exit $SCRIPT_STATUS + fi + fi + done + else + log "No routing tables found for this AWS stack" + fi + log "---------------------------------------------" + + # routing tables + log "Checking for routing tables for VPC $VPC_2" + RTS=$(aws ec2 describe-route-tables --filter Name=vpc-id,Values=$VPC_2 --region $DEPLOY_REGION | jq ".RouteTables[].RouteTableId" | tr -d '"') + log "RTS = $RTS" + if [[ -n $RTS ]]; then + log "Found routing tables for this AWS stack" + for VPC_2_ROUTE_TABLE_ID in $RTS; do + #check if the route with blackhole status exist + EXISTING_ROUTE_TABLE_ID_WITH_BLACKHOLE_STATUS=`aws ec2 describe-route-tables --filters \ + --region $ACCEPTER_REGION \ + "Name=route-table-id,Values=$VPC_2_ROUTE_TABLE_ID" \ + "Name=route.destination-cidr-block,Values=$VPC_1_CIDR" \ + "Name=route.state,Values=blackhole" \ + --query RouteTables[].RouteTableId --output=text` + + if [[ -n $EXISTING_ROUTE_TABLE_ID_WITH_BLACKHOLE_STATUS ]]; then + log "docdb-create-vpc-peer.sh : aws ec2 delete-route route-table-id $VPC_2_ROUTE_TABLE_ID destination-cidr-block $VPC_1_CIDR started" + aws ec2 delete-route --route-table-id $VPC_2_ROUTE_TABLE_ID --destination-cidr-block $VPC_1_CIDR --region $ACCEPTER_REGION + fi + + #check if the route exist already for same peer and dest vpc + EXISTING_ROUTE_TABLE_ID=`aws ec2 describe-route-tables --filters \ + --region $ACCEPTER_REGION \ + "Name=route-table-id,Values=$VPC_2_ROUTE_TABLE_ID" \ + "Name=route.vpc-peering-connection-id,Values=$VPC_PEERING_CONNECTION_ID" \ + "Name=route.destination-cidr-block,Values=$VPC_1_CIDR" \ + "Name=route.state,Values=active" \ + --query RouteTables[].RouteTableId --output=text` + + log "docdb-create-vpc-peer.sh : EXISTING_ROUTE_TABLE_ID_2=$EXISTING_ROUTE_TABLE_ID" + if [[ -z $EXISTING_ROUTE_TABLE_ID ]]; then + log "docdb-create-vpc-peer.sh : aws ec2 create-route $VPC_2_ROUTE_TABLE_ID $VPC_1_CIDR $VPC_PEERING_CONNECTION_ID started" + export CREATE_ROUTE_2=`aws ec2 create-route --route-table-id $VPC_2_ROUTE_TABLE_ID --destination-cidr-block $VPC_1_CIDR --vpc-peering-connection-id $VPC_PEERING_CONNECTION_ID --output=text` + sleep 10 + log "docdb-create-vpc-peer.sh : CREATE_ROUTE_2=$CREATE_ROUTE_2" + if [[ ("${CREATE_ROUTE_2}" != "True") ]]; then + SCRIPT_STATUS=37 + log "docdb-create-vpc-peer.sh : aws ec2 create-route CREATE_ROUTE_2 creation failed, exiting..." + exit $SCRIPT_STATUS + fi + fi + + done + else + log "No routing tables found for this AWS stack" + fi + log "---------------------------------------------" + + else + SCRIPT_STATUS=37 + log "docdb-create-vpc-peer.sh : route not created, VPC_PEERING_CONNECTION_ID=$VPC_PEERING_CONNECTION_ID : ACCEPT_VPC_PEERING_CONNECTION=$ACCEPT_VPC_PEERING_CONNECTION" + exit $SCRIPT_STATUS + fi + log "docdb-create-vpc-peer.sh : create routes completed" + fi + fi +log "docdb-create-vpc-peer.sh .......... ends : SCRIPT_STATUS=$SCRIPT_STATUS" + +fi diff --git a/mongo/mongo-ca.pem b/mongo/mongo-ca.pem new file mode 100644 index 00000000..e69de29b diff --git a/mongo/mongo-prevalidate.py b/mongo/mongo-prevalidate.py new file mode 100644 index 00000000..3cb960e6 --- /dev/null +++ b/mongo/mongo-prevalidate.py @@ -0,0 +1,43 @@ +import pymongo +import sys +import os + +MONGO_ADMIN_USERNAME = os.getenv('MONGO_ADMIN_USERNAME') +MONGO_ADMIN_PASSWORD = os.getenv('MONGO_ADMIN_PASSWORD') +MONGO_HOSTS = os.getenv('MONGO_HOSTS') +RETRY_WRITES = os.getenv('RETRY_WRITES') +GIT_REPO_HOME = os.getenv('GIT_REPO_HOME') +print(f'mongo-prevalidate : RETRY_WRITES={RETRY_WRITES}') + +CONNECTION_STRING=f'mongodb://{MONGO_ADMIN_USERNAME}:{MONGO_ADMIN_PASSWORD}@{MONGO_HOSTS}/?tls=true&tlsCAFile={GIT_REPO_HOME}/mongo/mongo-ca.pem&retryWrites={RETRY_WRITES}' +print(f'CONNECTION_STRING {CONNECTION_STRING}') +client = pymongo.MongoClient(CONNECTION_STRING) + +if client : + print("Connection to mongodb success !") +else: + print("Connection to mongodb failed !") + os._exit(38) + +##Specify the database to be used +db = client.sample_database + +##Specify the collection to be used +col = db.sample_collection + +##Insert a single document +col.insert_one({'hello':'Amazon DocumentDB'}) + +##Find the document that was previously written +x = col.find_one({'hello':'Amazon DocumentDB'}) + +##Print the result to the screen +print(x) + +if client : + print("Connection to mongodb success !") + client.close() + os._exit(0) +else: + print("Connection to mongodb failed !") + os._exit(38) \ No newline at end of file diff --git a/mongo/pre-validate-mongo.sh b/mongo/pre-validate-mongo.sh new file mode 100644 index 00000000..a3f42fb4 --- /dev/null +++ b/mongo/pre-validate-mongo.sh @@ -0,0 +1,115 @@ +#!/bin/bash +if [[ $CLUSTER_TYPE == "aws" ]]; then + SCRIPT_STATUS=0 + + + log " MONGO_USE_EXISTING_INSTANCE=${MONGO_USE_EXISTING_INSTANCE}" + log " MONGO_FLAVOR=${MONGO_FLAVOR}" + log " MONGO_ADMIN_USERNAME=${MONGO_ADMIN_USERNAME}" + #log " MONGO_ADMIN_PASSWORD=${MONGO_ADMIN_PASSWORD}" + log " MONGO_HOSTS=${MONGO_HOSTS}" + log " MONGO_CA_PEM_FILE=${MONGO_CA_PEM_FILE}" + + if [[ $MONGO_FLAVOR == "MongoDB" ]]; then + export RETRY_WRITES="true"; + export MONGODB_PROVIDER="community"; + elif [[ $MONGO_FLAVOR == "Amazon DocumentDB" ]]; then + export RETRY_WRITES="false"; + export MONGODB_PROVIDER="aws"; + fi + log "MONGODB RETRY_WRITES=${RETRY_WRITES}" + log "MONGODB DB_PROVIDER=${MONGODB_PROVIDER}" + + log "==== BOOTNODE_VPC_ID = ${BOOTNODE_VPC_ID}" + log "==== EXISTING_NETWORK = ${EXISTING_NETWORK}" + log "==== Existing DocumentDB DOCUMENTDB_VPC_ID = ${DOCUMENTDB_VPC_ID}" + + # Mongo CFT inputs validation and connection test + if [[ $MONGO_USE_EXISTING_INSTANCE == "true" ]]; then + + if [ -z "$MONGO_ADMIN_USERNAME" ]; then + log "ERROR: Mongo Admin username is not specified" + SCRIPT_STATUS=33 + exit $SCRIPT_STATUS + elif [ -z "$MONGO_ADMIN_PASSWORD" ]; then + log "ERROR: Mongo Admin password is not specified" + SCRIPT_STATUS=33 + exit $SCRIPT_STATUS + elif [ -z "$MONGO_HOSTS" ]; then + log "ERROR: Mongo Hosts is not specified" + SCRIPT_STATUS=33 + exit $SCRIPT_STATUS + elif [ -z "$MONGO_CA_PEM_FILE" ]; then + log "ERROR: Mongo CA PEM file is not specified" + SCRIPT_STATUS=33 + exit $SCRIPT_STATUS + fi + + log "Downloading Mongo CA PEM certificate" + if [[ ${MONGO_CA_PEM_FILE,,} =~ ^s3 ]]; then + log "Copy S3 Mongo CA PEM certificate" + # https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingRouting.html#Redirects + aws s3 cp "$MONGO_CA_PEM_FILE" $GIT_REPO_HOME/mongo/mongo-ca.pem --region $DEPLOY_REGION + if [ $? -ne 0 ]; then + log "s3: Invalid Mongo CA PEM certificate URL" + SCRIPT_STATUS=34 + exit $SCRIPT_STATUS + fi + elif [[ ${MONGO_CA_PEM_FILE,,} =~ ^https? ]]; then + log "wget Mongo CA PEM certificate" + wget "$MONGO_CA_PEM_FILE" -O $GIT_REPO_HOME/mongo/mongo-ca.pem + if [ $? -ne 0 ]; then + log "wget: Invalid Mongo CA PEM certificate URL" + SCRIPT_STATUS=34 + exit $SCRIPT_STATUS + fi + fi + # creating the vpc peer only if flavor is Amazon DocDB + existing instance + if [[ $MONGO_FLAVOR == "Amazon DocumentDB" ]]; then + if [ -z "$DOCUMENTDB_VPC_ID" ]; then + log "Prevalidate Mongo : ERROR: Document DB VPC id is not specified" + SCRIPT_STATUS=33 + exit $SCRIPT_STATUS + fi + + export ACCEPTER_VPC_ID=${DOCUMENTDB_VPC_ID} + if [[ -n $BOOTNODE_VPC_ID ]]; then + log "Prevalidate Mongo : BOOTNODE_VPC_ID=${BOOTNODE_VPC_ID}" + export REQUESTER_VPC_ID=${BOOTNODE_VPC_ID} + elif [[ -n $EXISTING_NETWORK ]]; then + log "Prevalidate Mongo : EXISTING_NETWORK=${EXISTING_NETWORK}" + export REQUESTER_VPC_ID=${EXISTING_NETWORK} + else + log "Prevalidate Mongo : ERROR: BootNode VPC id is not specified" + SCRIPT_STATUS=43 + exit $SCRIPT_STATUS + fi + sh $GIT_REPO_HOME/mongo/docdb/docdb-create-vpc-peer.sh + SCRIPT_STATUS=$? + if [ $SCRIPT_STATUS -ne 0 ]; then + log "Prevalidate Mongo : ERROR: docdb-create-vpc-peer FAILED, exiting" + exit $SCRIPT_STATUS + fi + fi + + log "Prevalidate Mongo : Connecting to the Mongo Database" + python $GIT_REPO_HOME/mongo/mongo-prevalidate.py + SCRIPT_STATUS=$? + if [ $SCRIPT_STATUS -ne 0 ]; then + log "Prevalidate Mongo : ERROR: Mongo DB URL Validation = FAIL, exiting" + fi + exit $SCRIPT_STATUS + fi + + if [[ $MONGO_FLAVOR == "Amazon DocumentDB" && $MONGO_USE_EXISTING_INSTANCE == "false" ]]; then + # check if the deploy region supports Amazon DocumentDB + DOCDB_SUPPORTED_REGIONS="ap-northeast-1;ap-northeast-2;ap-south-1;ap-southeast-1;ap-southeast-2;ca-central-1;eu-central-1;eu-south-1;eu-west-1;eu-west-2;eu-west-3;sa-east-1;us-east-1;us-east-2;us-gov-west-1;us-west-2" + if [[ ${DOCDB_SUPPORTED_REGIONS} =~ $DEPLOY_REGION ]]; then + log "Amazon DocumentDB is supported in current deploy region $DEPLOY_REGION " + else + log "ERROR: Amazon DocumentDB is not supported in current deploy region $DEPLOY_REGION" + SCRIPT_STATUS=43 + exit $SCRIPT_STATUS + fi + fi +fi \ No newline at end of file diff --git a/pre-validate.sh b/pre-validate.sh index d4f698f8..667f1f7a 100644 --- a/pre-validate.sh +++ b/pre-validate.sh @@ -7,6 +7,8 @@ if [[ $CLUSTER_TYPE == "aws" ]]; then elif [[ $CLUSTER_TYPE == "azure" ]]; then # az account list-locations --query "[].{Name:name}" -o table|grep -Ev '^(Name|-)'|tr '\n' ';' SUPPORTED_REGIONS="eastus;eastus2;southcentralus;westus2;westus3;australiaeast;southeastasia;northeurope;swedencentral;uksouth;westeurope;centralus;southafricanorth;centralindia;eastasia;japaneast;koreacentral;canadacentral;francecentral;germanywestcentral;norwayeast;brazilsouth" +elif [[ $CLUSTER_TYPE == "gcp" ]]; then + SUPPORTED_REGIONS="asia-east1;asia-east2;asia-northeast1;asia-northeast2;asia-northeast3;asia-south1;asia-south2;asia-southeast1;asia-southeast2;australia-southeast12;europe-central2;europe-north1;europe-southwest1;europe-west1;europe-west2;europe-west3;europe-west4;europe-west6;europe-west8;europe-west9;northamerica-northeast1;northamerica-northeast2;southamerica-east1;southamerica-west1;us-central1;us-east1;us-east4;us-east5;us-south1;us-west1;us-west2;us-west3;us-west4" else SUPPORTED_REGIONS=$DEPLOY_REGION fi @@ -50,6 +52,16 @@ if [[ ($CLUSTER_TYPE == "aws") && (-n $BASE_DOMAIN) ]]; then else true fi +# Check if provided hosted zone is public /private for azure +if [[ ($CLUSTER_TYPE == "azure") && (-n $BASE_DOMAIN) ]]; then + if [[ $PRIVATE_CLUSTER == "false" ]]; then + PUBLIC_DNS_VALIDATION=`az network dns zone list |grep -w $BASE_DOMAIN| tr -d '"'` + [[ ! -z "$PUBLIC_DNS_VALIDATION" ]] && log "Valid PUBLIC DNS selection" || log "Invalid PUBLIC DNS SELECTION" + else + PRIVATE_DNS_VALIDATION=`az network private-dns zone list |grep -w $BASE_DOMAIN| tr -d '"'` + [[ ! -z "$PRIVATE_DNS_VALIDATION" ]] && log "Valid PRIVATE DNS selection" || log "Invalid PRIVATE DNS SELECTION" + fi +fi if [ $? -eq 0 ]; then log "MAS public domain verification = PASS" @@ -77,8 +89,7 @@ fi # JDBC CFT inputs validation and connection test if [[ $DEPLOY_MANAGE == "true" ]]; then if [[ (-z $MAS_JDBC_USER) && (-z $MAS_JDBC_PASSWORD) && (-z $MAS_JDBC_URL) && (-z $MAS_JDBC_CERT_URL) ]]; then - log "ERROR: Database details are not specified for MAS Manage deployment" - SCRIPT_STATUS=14 + log "=== New internal DB2 database will be provisioned for MAS Manage deployment ===" else if [ -z "$MAS_JDBC_USER" ]; then log "ERROR: Database username is not specified" @@ -89,9 +100,6 @@ if [[ $DEPLOY_MANAGE == "true" ]]; then elif [ -z "$MAS_JDBC_URL" ]; then log "ERROR: Database connection url is not specified" SCRIPT_STATUS=14 - elif [ -z "$MAS_JDBC_CERT_URL" ]; then - log "ERROR: Database certificate url is not specified" - SCRIPT_STATUS=14 else log "Downloading DB certificate" cd $GIT_REPO_HOME @@ -117,23 +125,46 @@ if [[ $DEPLOY_MANAGE == "true" ]]; then elif [[ ${MAS_JDBC_CERT_URL,,} =~ ^https? ]]; then wget "$MAS_JDBC_CERT_URL" -O db.crt fi + elif [[ $CLUSTER_TYPE == "gcp" ]]; then + wget "$MAS_JDBC_CERT_URL" -O db.crt fi export MAS_DB2_JAR_LOCAL_PATH=$GIT_REPO_HOME/lib/db2jcc4.jar if [[ ${MAS_JDBC_URL,, } =~ ^jdbc:db2? ]]; then - log "Connecting to the Database" - if python jdbc-prevalidate.py; then - log "JDBC URL Validation = PASS" + log "Connecting to DB2 Database" + if python jdbc-prevalidateDB2.py; then + log "Db2 JDBC URL Validation = PASS" else - log "ERROR: JDBC URL Validation = FAIL" + log "ERROR: Db2 JDBC URL Validation = FAIL" + SCRIPT_STATUS=14 + fi + elif [[ ${MAS_JDBC_URL,, } =~ ^jdbc:oracle? ]]; then + export MAS_ORACLE_JAR_LOCAL_PATH=$GIT_REPO_HOME/lib/ojdbc8.jar + log "Connecting to Oracle Database" + if python jdbc-prevalidateOracle.py; then + log "Oracle JDBC URL Validation = PASS" + else + log "ERROR: Oracle JDBC URL Validation = FAIL" SCRIPT_STATUS=14 fi else - log "Skipping JDBC URL validation, supported only for DB2" + log "Skipping JDBC URL validation, supported only for DB2 and Oracle". fi fi fi fi +#mongo pre-validation only for AWS currently. +if [[ $CLUSTER_TYPE == "aws" ]]; then + log "=== pre-validate-mongo.sh started ===" + sh $GIT_REPO_HOME/mongo/pre-validate-mongo.sh + SCRIPT_STATUS=$? + if [ $SCRIPT_STATUS -ne 0 ]; then + log "ERROR: MongoDB URL Validation FAILED in pre-validate-mongo.sh, exiting" + exit $SCRIPT_STATUS + fi + log "=== pre-validate-mongo.sh completed ===" +fi + # Check if all the existing SLS inputs are provided if [[ (-z $SLS_URL) && (-z $SLS_REGISTRATION_KEY) && (-z $SLS_PUB_CERT_URL) ]]; then log "=== New SLS Will be deployed ===" @@ -197,7 +228,7 @@ fi ## MAS_ANNOTATIONS environment variable is used in suit-install role of MAS Installtion if [[ $CLUSTER_TYPE == "aws" ]]; then - #validating product type for helper.sh + # Validating product type for helper.sh validate_prouduct_type fi # Check if MAS license is provided diff --git a/script-functions.bash b/script-functions.bash index 48295e5a..0b088d9b 100755 --- a/script-functions.bash +++ b/script-functions.bash @@ -8,9 +8,9 @@ declare -A op_versions op_versions['MongoDBCommunity']=4.1.9 op_versions['Db2uCluster']=11.4 op_versions['kafkas.kafka.strimzi.io']=2.4.9 -op_versions['ocpVersion48']='^4\.([8])(\.[0-9]+.*)*$' op_versions['ocpVersion410']='^4\.([1][0])?(\.[0-9][0-9]+.*)*$' op_versions['ocpVersion411']='^4\.([1][1])?(\.[0-9][0-9]+.*)*$' +op_versions['ocpVersion412']='^4\.([1][2])?(\.[0-9][0-9]+.*)*$' op_versions['rosaVersion']='^4\.([1][0])?(\.[0-9]+.*)*$' op_versions['cpd-platform-operator']=2.0.7 op_versions['user-data-services-operator']=2.0.6 @@ -61,6 +61,8 @@ function getOCPVersion() { log " OCP version is $currentOpenshiftVersion" if [[ ${currentOpenshiftVersion} =~ ${op_versions[ocpVersion410]} ]]; then log " OCP Supported Version" + elif [[ ${currentOpenshiftVersion} =~ ${op_versions[ocpVersion412]} ]]; then + log " OCP Supported Version" elif [[ ${currentOpenshiftVersion} =~ ${op_versions[ocpVersion411]} ]]; then log " OCP Version Not Supported" #log " DEPLOY_CP4D: $DEPLOY_CP4D" @@ -71,8 +73,8 @@ function getOCPVersion() { #fi else - log " Unsupported Openshift version $currentOpenshiftVersion. Supported OpenShift versions are 4.8.x and 4.10.x" - export SERVICE_NAME=" Unsupported Openshift version $currentOpenshiftVersion. Supported OpenShift versions are 4.8.x and 4.10.x" + log " Unsupported Openshift version $currentOpenshiftVersion. Supported OpenShift versions are 4.10.x and 4.12.x" + export SERVICE_NAME=" Unsupported Openshift version $currentOpenshiftVersion. Supported OpenShift versions are 4.10.x and 4.12.x" SCRIPT_STATUS=29 return $SCRIPT_STATUS fi @@ -109,13 +111,13 @@ function getWorkerNodeDetails(){ else memory=${memory::-2} fi - + if [[ (${cpu} =~ ${requiredCPU} || ${cpu} =~ ${requiredCPU1}) || (${memory} -lt 31000000) ]]; then log " Minimum CPU/Memory requirements not satisfied" export SERVICE_NAME=" Minimum CPU/Memory requirements not satisfied" SCRIPT_STATUS=29 return $SCRIPT_STATUS - fi + fi done; log " Minimum CPU requirement satisfied" @@ -134,8 +136,8 @@ function getOCS() { return $SCRIPT_STATUS else log " OCS StorageClass is available" - fi - + fi + } function getazurefile() { @@ -148,14 +150,14 @@ function getazurefile() { return $SCRIPT_STATUS else log " azurefiles-premium StorageClass is available" - fi - + fi + } function getOPNamespace() { check_for_csv_success=$(oc get csv --all-namespaces | awk -v pattern="$1" '$2 ~ pattern { print }' | awk -F' ' '{print $NF}') no_of_csv=$(oc get csv --all-namespaces | awk -v pattern="$1" '$2 ~ pattern { print }' | wc -l) - + if [ "$no_of_csv" -gt 1 ]; then log " Multiple ${1} installed." export SERVICE_NAME=" Multiple ${1} installed" @@ -214,7 +216,7 @@ function getOPNamespace() { return $SCRIPT_STATUS fi else - log " $1 New instance Will Be Created" + log " $1 New instance Will Be Created" fi elif [[ $1 = "user-data-services-operator" ]]; then instance=$(oc get analyticsproxies --all-namespaces -o json | jq -j '.items | length') @@ -238,7 +240,7 @@ function getOPNamespace() { fi else log " $1 New instance Will Be Created" - fi + fi elif [[ $1 = "ibm-cert-manager-operator" ]]; then instance=$(oc get CertManager --all-namespaces -o json | jq -j '.items | length') if [[ $instance > 1 ]]; then @@ -260,7 +262,7 @@ function getOPNamespace() { return $SCRIPT_STATUS fi else - log " $1 New instance Will Be Created" + log " $1 New instance Will Be Created" fi fi else @@ -298,7 +300,7 @@ function getVersion() { if [[ ${op_namespaces[${1}]} ]]; then export ${op_namespaces[${1}]}=$namespace fi - else + else log " Instance Name for ${1} is not matching." SCRIPT_STATUS=29 export SERVICE_NAME=" Instance Name for ${1} is not matching" @@ -336,11 +338,11 @@ function getKafkaVersion() { if [[ ${op_namespaces[kafkas.kafka.strimzi.io]} ]]; then export ${op_namespaces[kafkas.kafka.strimzi.io]}=$namespace fi - else + else log " Instance Name for Kafka is not matching." SCRIPT_STATUS=29 export SERVICE_NAME=" Instance Name for Kafka is not matching" - return $SCRIPT_STATUS + return $SCRIPT_STATUS fi else log " Unsupported Kafka version $currentVersion."