Cua bootnode

azure/bootnode-image/bootnode-image-step-1.sh

@@ -67,7 +67,7 @@ UNIQSTR=$(date +%Y%m%d%H%M%S)
 echo "Unique string: $UNIQSTR"
 az group create --name masocp-bootnode-vm-rg-${UNIQSTR} --location eastus2
 
-output=$(az vm create --resource-group masocp-bootnode-vm-rg-${UNIQSTR} --name bootnode-prep --image RedHat:RHEL:92-gen2:latest --admin-username azureuser --ssh-key-values "$SSH_KEY" --size Standard_D2s_v3 --public-ip-sku Standard)
+output=$(az vm create --resource-group masocp-bootnode-vm-rg-${UNIQSTR} --name bootnode-prep --image RedHat:RHEL:92-gen2:latest --admin-username azureuser --ssh-key-values "$SSH_KEY" --size Standard_D2s_v3 --public-ip-sku Standard  --security-type Standard)
 
 echo $output
 vmip=$(echo $output | jq '.publicIpAddress' | tr -d '"')

azure/deploy.sh

@@ -127,227 +127,11 @@ if [[ $CLUSTER_TYPE == "azure" ]]; then
      log " Vnet Id of Cluster: $REQUESTER_VPC_ID"
 fi
 #====================
-
 # Deploy OCP cluster and bastion host
 if [[ $OPENSHIFT_USER_PROVIDE == "false" ]]; then
   cd $GIT_REPO_HOME
-
   ## Create OCP cluster
     cd $GIT_REPO_HOME/azure
     set +e
     ./create-ocp-cluster.sh
-    retcode=$?
-
-  if [[ $retcode -ne 0 ]]; then
-      log "OCP cluster creation failed"
-      exit 21
-  else
-    # Create a secret in the Cloud to keep OCP access credentials
-    cd $GIT_REPO_HOME
-    ./create-secret.sh ocp
-
-
-  fi
-  set -e
-
-  oc login -u $OCP_USERNAME -p $OCP_PASSWORD --server=https://api.${CLUSTER_NAME}.${BASE_DOMAIN}:6443 --insecure-skip-tls-verify=true
-  log "==== Adding PID limits to worker nodes ===="
-  oc create -f $GIT_REPO_HOME/templates/container-runtime-config.yml
-
-  # Backup deployment context
-  rm -rf /tmp/ansible-devops
-  mkdir /tmp/ansible-devops
-  cp -r * /tmp/ansible-devops
-  cd /tmp
-  zip -r $BACKUP_FILE_NAME ansible-devops/*
-  rm -rf /tmp/ansible-devops
-  set +e
-  az storage blob upload --account-name ${STORAGE_ACNT_NAME} --container-name masocpcontainer --name ${DEPLOYMENT_CONTEXT_UPLOAD_PATH} --file ${BACKUP_FILE_NAME}
-  retcode=$?
-  if [[ $retcode -ne 0 ]]; then
-    log "Failed while uploading deployment context to blob storage"
-    exit 23
-  fi
-  set -e
-  log "OCP cluster deployment context backed up at $DEPLOYMENT_CONTEXT_UPLOAD_PATH in file $CLUSTER_NAME.zip"
-
-else
-  log "==== Existing OCP cluster provided, skipping the cluster creation, Bastion host creation and S3 upload of deployment context ===="
-fi
-
-# Login to OCP cluster
-log "==== Adding ER key details to OCP default pull-secret ===="
-cd /tmp
-export OCP_SERVER="$(echo https://api.${CLUSTER_NAME}.${BASE_DOMAIN}:6443)"
-oc login -u $OCP_USERNAME -p $OCP_PASSWORD --server=$OCP_SERVER --insecure-skip-tls-verify=true
-export OCP_TOKEN="$(oc whoami --show-token)"
-oc extract secret/pull-secret -n openshift-config --keys=.dockerconfigjson --to=. --confirm
-export encodedEntitlementKey=$(echo cp:$SLS_ENTITLEMENT_KEY | tr -d '\n' | base64 -w0)
-export emailAddress=$(cat .dockerconfigjson | jq -r '.auths["cloud.openshift.com"].email')
-jq '.auths |= . + {"cp.icr.io": { "auth" : "$encodedEntitlementKey", "email" : "$emailAddress"}}' .dockerconfigjson >/tmp/dockerconfig.json
-
-envsubst </tmp/dockerconfig.json >/tmp/.dockerconfigjson
-oc set data secret/pull-secret -n openshift-config --from-file=/tmp/.dockerconfigjson
-
-# Run ansible playbook to create azurefiles storage class
-log "=== Creating azurefiles-premium Storage class , managed-premium Storage class on OCP cluster ==="
-cd $GIT_REPO_HOME/azure/azurefiles
-./azurefiles-premium.sh
-retcode=$?
-if [[ $retcode -ne 0 ]]; then
-  log "Failed to create azurefiles-premium storageclass"
-  exit 27
-fi
-
-## Configure OCP cluster
-log "==== OCP cluster configuration (Cert Manager) started ===="
-cd $GIT_REPO_HOME
-set +e
-export ROLE_NAME=ibm_catalogs && ansible-playbook ibm.mas_devops.run_role
-export ROLE_NAME=common_services && ansible-playbook ibm.mas_devops.run_role
-export ROLE_NAME=cert_manager && ansible-playbook ibm.mas_devops.run_role
-if [[ $? -ne 0 ]]; then
-  # One reason for this failure is catalog sources not having required state information, so recreate the catalog-operator pod
-  # https://bugzilla.redhat.com/show_bug.cgi?id=1807128
-  echo "Deleting catalog-operator pod"
-  podname=$(oc get pods -n openshift-operator-lifecycle-manager | grep catalog-operator | awk {'print $1'})
-  oc logs $podname -n openshift-operator-lifecycle-manager
-  oc delete pod $podname -n openshift-operator-lifecycle-manager
-  sleep 10
-  # Retry the step
-  export ROLE_NAME=ibm_catalogs && ansible-playbook ibm.mas_devops.run_role
-  export ROLE_NAME=common_services && ansible-playbook ibm.mas_devops.run_role
-  export ROLE_NAME=cert_manager && ansible-playbook ibm.mas_devops.run_role
-  retcode=$?
-  if [[ $retcode -ne 0 ]]; then
-    log "Failed while configuring OCP cluster"
-    exit 24
-  fi
-fi
-log "==== OCP cluster configuration (Cert Manager) completed ===="
-
-if [[ -n $DBProvisionedVPCId ]]; then
-   log "==== Vnet peering between  cluster and Database starts  ===="
-
-   cd $GIT_REPO_HOME
-   sh $GIT_REPO_HOME/azure/db/db-create-vnet-peer.sh
-   log "==== Vnet peering between  cluster and Database ends  ===="
-fi
-set -e
-## Deploy MongoDB
-log "==== MongoDB deployment started ===="
-export ROLE_NAME=mongodb && ansible-playbook ibm.mas_devops.run_role
-log "==== MongoDB deployment completed ===="
-
-## Copying the entitlement.lic to MAS_CONFIG_DIR
-cp $GIT_REPO_HOME/entitlement.lic $MAS_CONFIG_DIR
-
-## Deploy Amqstreams
-# log "==== Amq streams deployment started ===="
-# ansible-playbook install-amqstream.yml
-# log "==== Amq streams deployment completed ===="
-
-# SLS Deployment
-if [[ (-z $SLS_URL) || (-z $SLS_REGISTRATION_KEY) || (-z $SLS_PUB_CERT_URL) ]]; then
-  ## Deploy SLS
-  log "==== SLS deployment started ===="
-  # sls and gencfg_sls are combined in common sls role
-  export ROLE_NAME=sls && ansible-playbook ibm.mas_devops.run_role
-  log "==== SLS deployment completed ===="
-
-else
-  log "=== Using Existing SLS Deployment ==="  #
-  # works when SLS_URL is set, handled in same sls role
-  export ROLE_NAME=sls && ansible-playbook ibm.mas_devops.run_role
-  log "=== Generated SLS Config YAML ==="
-fi
-
-# Deploy UDS
-if [[ (-z $UDS_API_KEY) || (-z $UDS_ENDPOINT_URL) || (-z $UDS_PUB_CERT_URL) ]]; then
-  # Deploy UDS
-  log "==== UDS deployment started ===="
-  # uds and gencfg_uds are combined in common uds role
-  export ROLE_NAME=uds && ansible-playbook ibm.mas_devops.run_role
-  log "==== UDS deployment completed ===="
-
-else
-  log "=== Using Existing UDS Deployment ==="
-  # works when UDS_ENDPOINT_URL is set, handled in same uds role
-  export ROLE_NAME=uds && ansible-playbook ibm.mas_devops.run_role
-  log "=== Generated UDS Config YAML ==="
-fi
-
-# Deploy CP4D
-if [[ $DEPLOY_CP4D == "true" ]]; then
-  log "==== CP4D deployment started ===="
-  export ROLE_NAME=cp4d && ansible-playbook ibm.mas_devops.run_role
-  log "==== CP4D deployment completed ===="
-fi
-
-## Deploy Manage
-if [[ $DEPLOY_MANAGE == "true" && (-z $MAS_JDBC_USER) && (-z $MAS_JDBC_PASSWORD) && (-z $MAS_JDBC_URL) && (-z $MAS_JDBC_CERT_URL) ]]; then
-
-  log "==== Configure internal db2 for manage started ===="
-  export ROLE_NAME=db2 && ansible-playbook ibm.mas_devops.run_role
-  export ROLE_NAME=suite_db2_setup_for_manage && ansible-playbook ibm.mas_devops.run_role
-  log "==== Configuration of internal db2 for manage completed ===="
-fi
-
-## Create MAS Workspace
-log "==== MAS Workspace generation started ===="
-export ROLE_NAME=gencfg_workspace && ansible-playbook ibm.mas_devops.run_role
-log "==== MAS Workspace generation completed ===="
-
-if [[ $DEPLOY_MANAGE == "true" && (-n $MAS_JDBC_USER) && (-n $MAS_JDBC_PASSWORD) && (-n $MAS_JDBC_URL) ]]; then
-      export SSL_ENABLED=false
-      #Setting the DB values
-      if [[ ${MAS_JDBC_URL,, } =~ ^jdbc:db2? ]]; then
-                       log "Setting to DB2 Values"
-                        export MAS_APP_SETTINGS_DB2_SCHEMA="maximo"
-                        export MAS_APP_SETTINGS_TABLESPACE="maxdata"
-                        export MAS_APP_SETTINGS_INDEXSPACE="maxindex"
-        elif [[ ${MAS_JDBC_URL,, } =~ ^jdbc:sql? ]]; then
-                         log "Setting to MSSQL Values"
-                          export MAS_APP_SETTINGS_DB2_SCHEMA="dbo"
-                          export MAS_APP_SETTINGS_TABLESPACE="PRIMARY"
-                          export MAS_APP_SETTINGS_INDEXSPACE="PRIMARY"
-        elif [[ ${MAS_JDBC_URL,, } =~ ^jdbc:oracle? ]]; then
-                          log "Setting to ORACLE Values"
-                          export MAS_APP_SETTINGS_DB2_SCHEMA="maximo"
-                          export MAS_APP_SETTINGS_TABLESPACE="maxdata"
-                          export MAS_APP_SETTINGS_INDEXSPACE="maxindex"
-        fi
-
-      log " MAS_APP_SETTINGS_DB2_SCHEMA: $MAS_APP_SETTINGS_DB2_SCHEMA"
-      log " DEPLOY_MANAGEMAS_APP_SETTINGS_TABLESPACE: $MAS_APP_SETTINGS_TABLESPACE"
-      log " MAS_APP_SETTINGS_INDEXSPACE: $MAS_APP_SETTINGS_INDEXSPACE"
-  if [ -n "$MAS_JDBC_CERT_URL" ]; then
-    log "MAS_JDBC_CERT_URL is not empty, setting SSL_ENABLED as true"
-    export SSL_ENABLED=true
-  fi
-  log "==== Configure JDBC started for external DB2 ==== SSL_ENABLED = $SSL_ENABLED"
-  export ROLE_NAME=gencfg_jdbc && ansible-playbook ibm.mas_devops.run_role
-  log "==== Configure JDBC completed for external DB2 ===="
-fi
-
-## Deploy MAS
-log "==== MAS deployment started ===="
-export ROLE_NAME=suite_dns && ansible-playbook ibm.mas_devops.run_role
-export ROLE_NAME=suite_install && ansible-playbook ibm.mas_devops.run_role
-export ROLE_NAME=suite_config && ansible-playbook ibm.mas_devops.run_role
-export ROLE_NAME=suite_verify && ansible-playbook ibm.mas_devops.run_role
-log "==== MAS deployment completed ===="
-
-## Deploy Manage
-if [[ $DEPLOY_MANAGE == "true" ]]; then
-  # Deploy Manage
-  log "==== MAS Manage deployment started ===="
-  export ROLE_NAME=suite_app_install && ansible-playbook ibm.mas_devops.run_role
-  log "==== MAS Manage deployment completed ===="
-
-  # Configure app to use the DB
-  log "==== MAS Manage configure app started ===="
-  export MAS_APPWS_BINDINGS_JDBC="workspace-application"
-  export ROLE_NAME=suite_app_config && ansible-playbook ibm.mas_devops.run_role
-  log "==== MAS Manage configure app completed ===="
-fi
+fi

azure/ocp-terraform/azure_infra/provider.tf

@@ -1,8 +1,16 @@
+terraform {
+required_providers {
+  azurerm = {
+  source  = "hashicorp/azurerm"
+  version = "3.21.0"
+      }
+          }
+            }
 provider "azurerm" {
-  version         = "= 2.6.0"
   subscription_id = var.azure-subscription-id
   client_id       = var.azure-client-id
   client_secret   = var.azure-client-secret
   tenant_id       = var.azure-tenant-id
+  partner_id      = "pid-5a1e8d63-79c9-418d-b3af-b2a21a557aac-partnercenter"
   features {}
 }

azure/ocp-terraform/azure_infra/vnet.tf

@@ -22,7 +22,7 @@ resource "azurerm_resource_group" "cpdrg" {
 }
 
 resource "azurerm_virtual_network" "cpdvirtualnetwork" {
-  count               = var.new-or-existing == "new" ? 1 : 0
+  count              =  var.new-or-existing == "new" ? 1 : 0
   name                = var.virtual-network-name
   address_space       = [var.virtual-network-cidr]
   location            = var.region
@@ -34,11 +34,11 @@ resource "azurerm_virtual_network" "cpdvirtualnetwork" {
 
 
 resource "azurerm_subnet" "masternode" {
-  count                = var.new-or-existing == "new" ? 1 : 0
+  count                =  var.new-or-existing == "new" ? 1 : 0
   name                 = var.master-subnet-name
   resource_group_name  = var.resource-group
   virtual_network_name = var.virtual-network-name
-  address_prefix       = var.master-subnet-cidr
+  address_prefixes      = [var.master-subnet-cidr]
   depends_on = [
     azurerm_resource_group.cpdrg,
     azurerm_virtual_network.cpdvirtualnetwork
@@ -50,7 +50,7 @@ resource "azurerm_subnet" "workernode" {
   name                 = var.worker-subnet-name
   resource_group_name  = var.resource-group
   virtual_network_name = var.virtual-network-name
-  address_prefix       = var.worker-subnet-cidr
+  address_prefixes      = [var.worker-subnet-cidr]
   depends_on = [
     azurerm_resource_group.cpdrg,
     azurerm_virtual_network.cpdvirtualnetwork
@@ -75,7 +75,7 @@ resource "azurerm_network_interface" "nfs" {
 }
 
 resource "azurerm_network_security_group" "master" {
-  count               = var.new-or-existing == "new" ? 1 : 0
+  count                =   var.new-or-existing == "new" ? 1 : 0
   name                = var.master-nsg-name
   location            = var.region
   resource_group_name = var.resource-group
@@ -99,7 +99,7 @@ resource "azurerm_network_security_group" "master" {
 }
 
 resource "azurerm_network_security_group" "worker" {
-  count               = var.new-or-existing == "new" ? 1 : 0
+  count               =  var.new-or-existing == "new" ? 1 : 0
   name                = var.worker-nsg-name
   location            = var.region
   resource_group_name = var.resource-group
@@ -126,7 +126,7 @@ resource "azurerm_network_security_rule" "nfsin" {
 }
 
 resource "azurerm_network_security_rule" "worker-https" {
-  count                       = var.new-or-existing == "new" ? 1 : 0
+  count                       =  var.new-or-existing == "new" ? 1 : 0
   name                        = "https"
   priority                    = 500
   direction                   = "Inbound"
@@ -141,7 +141,7 @@ resource "azurerm_network_security_rule" "worker-https" {
 }
 
 resource "azurerm_network_security_rule" "worker-http" {
-  count                       = var.new-or-existing == "new" ? 1 : 0
+  count                       =   var.new-or-existing == "new" ? 1 : 0
   name                        = "http"
   priority                    = 501
   direction                   = "Inbound"
@@ -156,7 +156,7 @@ resource "azurerm_network_security_rule" "worker-http" {
 }
 
 resource "azurerm_subnet_network_security_group_association" "master" {
-  count                     = var.new-or-existing == "new" ? 1 : 0
+  count                     =    var.new-or-existing == "new" ? 1 : 0
   subnet_id                 = "/subscriptions/${var.azure-subscription-id}/resourceGroups/${var.resource-group}/providers/Microsoft.Network/virtualNetworks/${var.virtual-network-name}/subnets/${var.master-subnet-name}"
   network_security_group_id = "/subscriptions/${var.azure-subscription-id}/resourceGroups/${var.resource-group}/providers/Microsoft.Network/networkSecurityGroups/${azurerm_network_security_group.master[count.index].name}"
   depends_on = [
@@ -167,7 +167,7 @@ resource "azurerm_subnet_network_security_group_association" "master" {
 }
 
 resource "azurerm_subnet_network_security_group_association" "worker" {
-  count                     = var.new-or-existing == "new" ? 1 : 0
+  count                     =   var.new-or-existing == "new" ? 1 : 0
   subnet_id                 = "/subscriptions/${var.azure-subscription-id}/resourceGroups/${var.resource-group}/providers/Microsoft.Network/virtualNetworks/${var.virtual-network-name}/subnets/${var.worker-subnet-name}"
   network_security_group_id = "/subscriptions/${var.azure-subscription-id}/resourceGroups/${var.resource-group}/providers/Microsoft.Network/networkSecurityGroups/${azurerm_network_security_group.worker[count.index].name}"
   depends_on = [
@@ -183,11 +183,11 @@ resource "azurerm_subnet_network_security_group_association" "worker" {
 # Create bastion subnet in the vnet
 
   resource "azurerm_subnet" "bastion_subnet" {
-  count               = var.new-or-existing == "new" ? 1 : 0
+  count               =   var.new-or-existing == "new" ? 1 : 0
   name                 = "AzureBastionSubnet"
   resource_group_name  = var.resource-group
   virtual_network_name = var.virtual-network-name
-  address_prefix     =  var.bastion_cidr
+  address_prefixes    = [var.bastion_cidr]
   depends_on = [
   azurerm_resource_group.cpdrg,
   azurerm_virtual_network.cpdvirtualnetwork
@@ -196,7 +196,7 @@ resource "azurerm_subnet_network_security_group_association" "worker" {
 
 #Create public IP
   resource "azurerm_public_ip" "bastion_ip" {
-  count              = var.new-or-existing == "new" ? 1 : 0
+  count              =   var.new-or-existing == "new" ? 1 : 0
   name                = "bastion-ip"
   location            = var.region
   resource_group_name = var.resource-group
@@ -210,7 +210,7 @@ resource "azurerm_subnet_network_security_group_association" "worker" {
 
 #Create bastion host
   resource "azurerm_bastion_host" "bastion_host" {
-  count                     = var.new-or-existing == "new" ? 1 : 0
+    count               = var.new-or-existing == "new" ? 1 : 0
     name                = "azure-bastion-host"
     location            = var.region
     resource_group_name = var.resource-group