From fb71c91ba41f64fa288f51fe90f7888292ef2d1b Mon Sep 17 00:00:00 2001 From: Judd Maltin Date: Wed, 20 Sep 2023 16:30:04 -0400 Subject: [PATCH] Azure with Subscription: fixup and include generated password (#7045) * return proper generated_password syntax * add generated_password * emit the guid * fix showroom_deploy name --- .../cloud_providers/azure_infrastructure_deployment.yml | 9 +++++++++ .../open-environment-azure-subscription/default_vars.yml | 6 ++++-- .../open-environment-azure-subscription/infra.yml | 1 - .../post_software.yml | 3 ++- .../roles/open-env-azure-create-open-env/tasks/main.yml | 5 ++++- 5 files changed, 19 insertions(+), 5 deletions(-) diff --git a/ansible/cloud_providers/azure_infrastructure_deployment.yml b/ansible/cloud_providers/azure_infrastructure_deployment.yml index aaaf8362270..c5878535da3 100644 --- a/ansible/cloud_providers/azure_infrastructure_deployment.yml +++ b/ansible/cloud_providers/azure_infrastructure_deployment.yml @@ -15,6 +15,15 @@ AZURE_CONFIG_DIR: "{{ output_dir }}/.azure-{{project_tag}}" tasks: + # shouldn't this be in defaults/main.yml? + - name: Generate Azure bastion password + when: generated_password is not defined + ansible.builtin.set_fact: + generated_password: >- + {{- lookup('ansible.builtin.password', '/dev/null length=1 chars=letters') -}} + {{- lookup('ansible.builtin.password', '/dev/null length=10') -}} + {{- lookup('ansible.builtin.password', '/dev/null length=1 chars=digits') -}} + - name: Create fact _subscription_id = azure_subscription_id if not subs based when: env_type != "open-environment-azure-subscription" ansible.builtin.set_fact: diff --git a/ansible/configs/open-environment-azure-subscription/default_vars.yml b/ansible/configs/open-environment-azure-subscription/default_vars.yml index 655b227cd46..fdc7109ff05 100644 --- a/ansible/configs/open-environment-azure-subscription/default_vars.yml +++ b/ansible/configs/open-environment-azure-subscription/default_vars.yml @@ -1,4 +1,8 @@ --- +# azure user domain: purpose? +# is this the red hat Azure AD? +azure_user_domain: azure.opentlc.com + # deploy a bastion - not required for a basic open-env azure_deploy_bastion: false @@ -56,8 +60,6 @@ azure_config_dir: "/tmp/azure-{{ guid }}" azure_root_dns_zone: azure.redhatworkshops.io cluster_dns_zone: azure.redhatworkshops.io HostedZoneId: "{{ azure_root_dns_zone }}" -generated_password: >- - {{- lookup('ansible.builtin.password', '/dev/null', length=10, chars=['ascii_letters', 'digits', 'punctuation']) -}} # Azure DNS resource group azure_dns_resource_group: rhpds-dns-handler diff --git a/ansible/configs/open-environment-azure-subscription/infra.yml b/ansible/configs/open-environment-azure-subscription/infra.yml index ca775ccd303..bd7dcc39d28 100644 --- a/ansible/configs/open-environment-azure-subscription/infra.yml +++ b/ansible/configs/open-environment-azure-subscription/infra.yml @@ -11,7 +11,6 @@ ansible.builtin.set_fact: azure_subscription_id: "{{ subscription_id }}" az_resource_group: "openenv-{{ guid }}" - generated_password: "{{ generated_password }}" # must be indented as is, or fails on "import_playbook has extra params" - name: Deploy a bastion, if desired diff --git a/ansible/configs/open-environment-azure-subscription/post_software.yml b/ansible/configs/open-environment-azure-subscription/post_software.yml index 73b54b56c44..936725a65f5 100644 --- a/ansible/configs/open-environment-azure-subscription/post_software.yml +++ b/ansible/configs/open-environment-azure-subscription/post_software.yml @@ -121,6 +121,7 @@ azure_service_principal_id: "{{ azapp.applications[0].app_id }}" azure_service_principal_password: "{{ azpass }}" azure_tenant_id: "{{ azure_tenant }}" + guid: "{{ guid }}" - name: Provide installed bastion data when: @@ -139,7 +140,7 @@ showroom_component_name: "aro-ilt" tasks: - name: Deploy Showroom - when: showroom_deploya | default(false) | bool + when: showroom_deploy | default(false) | bool include_role: name: showroom diff --git a/ansible/roles/open-env-azure-create-open-env/tasks/main.yml b/ansible/roles/open-env-azure-create-open-env/tasks/main.yml index 980015f87ac..9460adb85ba 100644 --- a/ansible/roles/open-env-azure-create-open-env/tasks/main.yml +++ b/ansible/roles/open-env-azure-create-open-env/tasks/main.yml @@ -173,10 +173,13 @@ - name: Save ARO SP password ansible.builtin.set_fact: az_aro_pass="{{ azaroappcreate.stdout | from_json | json_query('password') }}" +# shouldn't this be in defaults/main.yml? - name: Generate open env password ansible.builtin.set_fact: generated_password: >- - {{- lookup('ansible.builtin.password', '/dev/null', length=10, chars=['ascii_letters', 'digits', 'punctuation']) -}} + {{- lookup('ansible.builtin.password', '/dev/null length=1 chars=letters') -}} + {{- lookup('ansible.builtin.password', '/dev/null length=10') -}} + {{- lookup('ansible.builtin.password', '/dev/null length=1 chars=digits') -}} - name: Set openenv admin UPN ansible.builtin.set_fact: openenv_admin_upn="openenv-admin-{{ guid }}@{{ azure_user_domain }}"