This repository was archived by the owner on Jul 26, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 673
Expand file tree
/
Copy pathwalk-through.yaml
More file actions
228 lines (184 loc) · 6.76 KB
/
walk-through.yaml
File metadata and controls
228 lines (184 loc) · 6.76 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
#
# Get launchpad subscription details
#
- name: Get deployment user object_id (make sure you are logged-in to the launchpad Azure subscription first.)
shell: az ad signed-in-user show --query id -o tsv
register: bash_object_id
when: AZURE_OBJECT_ID is undefined
- name: Get deployment user UPN
shell: az ad signed-in-user show --query userPrincipalName -o tsv
register: bash_upn
when: upn_owner is not defined
- name: Get default user's tenant name
shell: az rest --method get --url "https://graph.microsoft.com/v1.0/organization" --query "value[0].verifiedDomains[?isDefault].name" -o tsv
register: bash_tenant_name
when: tenant_name is not defined
- name: Get default user's tenant guid
shell: az account show --query tenantId -o tsv
register: tenant_id
- name: Get default subscription id
shell: az account show --query id -o tsv
register: subscription_id
- name: Get default subscription name
shell: az account show --query name -o tsv
register: subscription_name
- name: Get public ip address for bootstrap whitelisting
shell: dig @resolver1.opendns.com A myip.opendns.com +short -4
register: public_ip
- set_fact:
regions: "{{ azure_regions }}"
deployment_mode: "platform"
object_id: "{{ bash_object_id.stdout | default(AZURE_OBJECT_ID) }}"
upn: "{{ upn_owner | default(bash_upn.stdout) }}"
tenant_name: "{{ tenant_name | default(bash_tenant_name.stdout) }}"
base_folder: "{{ base_folder | default('/tf/caf') }}"
PUBLIC_IP_WHITE_LIST: "{{ [public_ip.stdout] }}"
- debug:
msg:
- "{{ regions }}"
- "{{ customer_name }}"
- "{{ object_id }}"
- "{{ upn }}"
- "{{ base_folder }}"
- "{{ input_caf_environment if input_caf_environment is defined else TF_VAR_environment }}"
- name: "load {{ template_folder | default(platform_definition_folder)}}/ignite.yaml"
include_vars:
name: bootstrap
dir: "{{ template_folder | default(platform_definition_folder)}}"
depth: 1
ignore_unknown_extensions: true
files_matching: "ignite.yaml"
- set_fact:
caf_environment: "{{ TF_VAR_environment }}"
when: TF_VAR_environment is defined
- set_fact:
topology: "{{ lookup('template', '{{ topology_file }}') | from_yaml | replace('{{base_folder}}', base_folder) }}"
topology_deployment__to_merge: "{{ lookup('template', '{{ topology_file }}') | from_yaml }}"
destination_path: "{{definition_folder | default(platform_definition_folder)}}"
resource_template_folder: "{{ public_templates_folder }}/resources"
platform_service_folder: "{{ public_templates_folder }}/platform/services"
public_templates_variables_folder: "{{ public_templates_folder }}/variables"
- name: "Creates directory - {{destination_path}}"
file:
path: "{{destination_path}}"
state: directory
#
# Load the files into variables
#
- name: "load _variables files"
include_vars:
name: variables
dir: "{{ public_templates_variables_folder}}"
depth: 1
ignore_unknown_extensions: true
files_matching: "_variables"
- debug:
msg:
- "variables: {{variables}}"
- "topology: {{topology}}"
- include_tasks: "load_regions.yaml"
loop: "{{topology.deployments[deployment_mode].keys()}}"
loop_control:
loop_var: stage
- name: Merge deployment files into topologies variable
merge_vars:
suffix_to_merge: _deployment__to_merge
merged_var_name: merged_topologies
expected_type: 'dict'
recursive_dict_merge: True
- name: "Topologies merged"
set_fact:
resources: "{{ merged_topologies }}"
# - debug:
# msg: "{{resources}}"
# Need topologies to render the following templates
- name: "load tfstates"
set_fact:
"tfstates_deployment__to_merge": "{{ lookup('template', '{{platform_service_folder}}/tfstates.yaml') | from_yaml }}"
- name: Merge deployment files into topologies variable
merge_vars:
suffix_to_merge: _deployment__to_merge
merged_var_name: merged_topologies
expected_type: 'dict'
recursive_dict_merge: True
- set_fact:
resources: "{{ merged_topologies }}"
# - debug:
# msg: "resources1: {{resources}}"
#
# Generate target folder structure and files
#
- name: Copy files
include_tasks: "load_regions.yaml"
loop: "{{topology.deployments[deployment_mode].keys()}}"
loop_control:
loop_var: stage
- find:
paths: "{{public_templates_variables_folder}}"
recurse: no
patterns: "_variables*.yaml"
file_type: file
register: variable_files_to_process
- name: copy variables files
ansible.builtin.copy:
src: "{{ item.path }}"
dest: "{{destination_path}}/{{ item.path | basename }}"
loop: "{{variable_files_to_process.files}}"
# Copy github workflows
- find:
paths: "{{public_templates_folder}}/pipelines/.github/workflows"
recurse: yes
file_type: file
register: github_workflows_to_process
- name: copy github workflows
ansible.builtin.template:
src: "{{ item.path }}"
dest: "{{base_folder}}/{{ item.path | regex_replace(public_templates_folder + '/pipelines', '') }}"
loop: "{{github_workflows_to_process.files}}"
# Copy default firewall rules
- name: "Creates destination directory - {{firewall_rules_path}}"
file:
path: "{{firewall_rules_path}}/{{item}}"
state: directory
with_items:
- application_rule_collections
- network_rule_collections
- nat_rule_collections
- find:
paths: "{{public_templates_folder}}/firewall_rules"
recurse: yes
file_type: file
register: firewall_files_to_process
- name: copy firewall files
ansible.builtin.copy:
src: "{{ item.path }}"
dest: "{{firewall_rules_path}}/{{ item.path | regex_replace(public_templates_folder + '/firewall_rules', '') }}"
loop: "{{firewall_files_to_process.files}}"
# Copy platform templates
- find:
paths: "{{platform_service_folder}}"
recurse: no
patterns: "*.yaml"
file_type: file
register: platform_service_template_files_to_process
- name: "Creates destination directory - {{topology.private_templates_folder}}"
file:
path: "{{topology.private_templates_folder}}"
state: directory
- name: copy public platform templates
ansible.builtin.copy:
src: "{{ item.path }}"
dest: "{{topology.private_templates_folder}}/{{ item.path | regex_replace(platform_service_folder, '') }}"
loop: "{{platform_service_template_files_to_process.files}}"
- name: tfstates.yaml
ansible.builtin.template:
src: "{{platform_service_folder}}/tfstates.yaml"
dest: "{{destination_path}}/tfstates.yaml"
- name: ignite.yaml
ansible.builtin.template:
src: "{{public_templates_folder}}/platform/caf_platform_prod_nonprod.yaml"
dest: "{{destination_path}}/ignite.yaml"
- name: "{{platform_service_folder}}/README.md"
ansible.builtin.template:
src: "{{platform_service_folder}}/README.md"
dest: "{{destination_path}}/GETTING-STARTED.md"