diff --git a/roles/sap_vm_provision/tasks/platform_ansible/aws_ec2_vs/execute_provision.yml b/roles/sap_vm_provision/tasks/platform_ansible/aws_ec2_vs/execute_provision.yml index 4913311..5747e5f 100644 --- a/roles/sap_vm_provision/tasks/platform_ansible/aws_ec2_vs/execute_provision.yml +++ b/roles/sap_vm_provision/tasks/platform_ansible/aws_ec2_vs/execute_provision.yml @@ -186,7 +186,7 @@ name: sshd state: reloaded when: - - sshd_config.changed + - __sap_vm_provision_task_os_sshd_config.changed ### end of block diff --git a/roles/sap_vm_provision/tasks/platform_ansible/gcp_ce_vm/execute_provision.yml b/roles/sap_vm_provision/tasks/platform_ansible/gcp_ce_vm/execute_provision.yml index 7f309d9..cd8529e 100644 --- a/roles/sap_vm_provision/tasks/platform_ansible/gcp_ce_vm/execute_provision.yml +++ b/roles/sap_vm_provision/tasks/platform_ansible/gcp_ce_vm/execute_provision.yml @@ -196,7 +196,7 @@ name: sshd state: reloaded when: - - sshd_config.changed + - __sap_vm_provision_task_os_sshd_config.changed ### end of block diff --git a/roles/sap_vm_provision/tasks/platform_ansible/ibmcloud_powervs/execute_main.yml b/roles/sap_vm_provision/tasks/platform_ansible/ibmcloud_powervs/execute_main.yml index a9fe1eb..c513f1a 100644 --- a/roles/sap_vm_provision/tasks/platform_ansible/ibmcloud_powervs/execute_main.yml +++ b/roles/sap_vm_provision/tasks/platform_ansible/ibmcloud_powervs/execute_main.yml @@ -107,6 +107,7 @@ IC_REGION: "{{ sap_vm_provision_ibmcloud_powervs_region }}" ibm.cloudcollection.ibm_pi_catalog_images_info: pi_cloud_instance_id: "{{ __sap_vm_provision_task_ibmcloud_pi_workspace_service_instance.resource.guid }}" # must be GUID, not CRN + sap: true # Return all OS Images for SAP ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}" # DNS may exist in separate Resource Group @@ -130,7 +131,7 @@ - name: Set fact for latest IBM Power Infrastructure OS Catalog Stock Image ansible.builtin.set_fact: - register_ibmcloud_pi_os_image_selected: "{{ __sap_vm_provision_task_ibmcloud_pi_os_image_list.resource.images | selectattr('name', 'search', lookup('ansible.builtin.vars', 'sap_vm_provision_' + sap_vm_provision_iac_platform + '_host_os_image_dictionary')[sap_vm_provision_ibmcloud_powervs_host_os_image]) | sort(reverse=True,case_sensitive=False,attribute='name') | first }}" + register_ibmcloud_pi_os_image_selected: "{{ __sap_vm_provision_task_ibmcloud_pi_os_image_list.resource.images | rejectattr('name', 'search', '.*BYOL.*') | selectattr('name', 'search', lookup('ansible.builtin.vars', 'sap_vm_provision_' + sap_vm_provision_iac_platform + '_host_os_image_dictionary')[sap_vm_provision_ibmcloud_powervs_host_os_image]) | sort(reverse=True,case_sensitive=False,attribute='name') | first }}" - name: Create Boot Image from IBM Power Infrastructure OS Catalog Stock Image no_log: "{{ __sap_vm_provision_no_log }}" @@ -176,7 +177,7 @@ ansible.builtin.add_host: name: "{{ add_item[0].host_node }}" groups: "{{ add_item[0].sap_system_type + '_' if (add_item[0].sap_system_type != '') }}{{ add_item[0].sap_host_type }}" - ansible_host: "{{ add_item[0].resource.addresses[0].ip }}" + ansible_host: "{{ add_item[0].resource.networks[0].ip }}" ansible_user: "root" ansible_ssh_private_key_file: "{{ sap_vm_provision_ssh_host_private_key_file_path }}" ansible_ssh_common_args: -o ConnectTimeout=180 -o ControlMaster=auto -o ControlPersist=3600s -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ForwardX11=no -o ProxyCommand='ssh -W %h:%p {{ sap_vm_provision_bastion_user }}@{{ sap_vm_provision_bastion_public_ip }} -p {{ sap_vm_provision_bastion_ssh_port }} -i {{ sap_vm_provision_ssh_bastion_private_key_file_path }} -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null' diff --git a/roles/sap_vm_provision/tasks/platform_ansible/ibmcloud_powervs/execute_provision.yml b/roles/sap_vm_provision/tasks/platform_ansible/ibmcloud_powervs/execute_provision.yml index c059e72..bac424d 100644 --- a/roles/sap_vm_provision/tasks/platform_ansible/ibmcloud_powervs/execute_provision.yml +++ b/roles/sap_vm_provision/tasks/platform_ansible/ibmcloud_powervs/execute_provision.yml @@ -155,7 +155,7 @@ - name: Create fact for delegate host IP ansible.builtin.set_fact: - provisioned_private_ip: "{{ __sap_vm_provision_task_provision_host_single.resource.addresses[0].ip }}" + provisioned_private_ip: "{{ __sap_vm_provision_task_provision_host_single.resource.networks[0].ip }}" - name: Copy facts to delegate host @@ -167,7 +167,7 @@ delegate_sap_vm_provision_bastion_ssh_port: "{{ sap_vm_provision_bastion_ssh_port }}" delegate_sap_vm_provision_ssh_bastion_private_key_file_path: "{{ sap_vm_provision_ssh_bastion_private_key_file_path }}" delegate_sap_vm_provision_ssh_host_private_key_file_path: "{{ sap_vm_provision_ssh_host_private_key_file_path }}" - delegate_private_ip: "{{ __sap_vm_provision_task_provision_host_single.resource.addresses[0].ip }}" + delegate_private_ip: "{{ __sap_vm_provision_task_provision_host_single.resource.networks[0].ip }}" delegate_hostname: "{{ inventory_hostname }}" delegate_sap_vm_provision_dns_root_domain_name: "{{ sap_vm_provision_dns_root_domain }}" @@ -209,7 +209,7 @@ name: sshd state: reloaded when: - - sshd_config.changed + - __sap_vm_provision_task_os_sshd_config.changed ### end of block diff --git a/roles/sap_vm_provision/tasks/platform_ansible/ibmcloud_vs/execute_provision.yml b/roles/sap_vm_provision/tasks/platform_ansible/ibmcloud_vs/execute_provision.yml index bed5ac6..d5e3ca0 100644 --- a/roles/sap_vm_provision/tasks/platform_ansible/ibmcloud_vs/execute_provision.yml +++ b/roles/sap_vm_provision/tasks/platform_ansible/ibmcloud_vs/execute_provision.yml @@ -180,7 +180,7 @@ name: sshd state: reloaded when: - - sshd_config.changed + - __sap_vm_provision_task_os_sshd_config.changed ### end of block diff --git a/roles/sap_vm_provision/tasks/platform_ansible/msazure_vm/execute_main.yml b/roles/sap_vm_provision/tasks/platform_ansible/msazure_vm/execute_main.yml index d509d90..943eae7 100644 --- a/roles/sap_vm_provision/tasks/platform_ansible/msazure_vm/execute_main.yml +++ b/roles/sap_vm_provision/tasks/platform_ansible/msazure_vm/execute_main.yml @@ -5,7 +5,7 @@ # Using environment, no_log is ineffective and log will show 'EXEC /bin/sh -c 'ENV_VAR=value python3 /AnsiballZ_ansible_module_name.py && sleep 0' # Therefore do not use environment for secrets, use only for non-sensitive values as this will reduce Ansible Task parameters. environment: - ANSIBLE_AZURE_AUTH_SOURCE: "env" + ANSIBLE_AZURE_AUTH_SOURCE: "auto" # Set to auto to use module parameters # AZURE_SUBSCRIPTION_ID: "{{ sap_vm_provision_msazure_subscription_id }}" # AZURE_TENANT: "{{ sap_vm_provision_msazure_tenant_id }}" # AZURE_CLIENT_ID: "{{ sap_vm_provision_msazure_app_client_id }}" @@ -56,7 +56,7 @@ file: "{{ 'platform_' + sap_vm_provision_iac_type }}/{{ sap_vm_provision_iac_platform }}/execute_provision.yml" apply: environment: - ANSIBLE_AZURE_AUTH_SOURCE: "env" + ANSIBLE_AZURE_AUTH_SOURCE: "auto" # Set to auto to use module parameters # AZURE_SUBSCRIPTION_ID: "{{ sap_vm_provision_msazure_subscription_id }}" # AZURE_TENANT: "{{ sap_vm_provision_msazure_tenant_id }}" # AZURE_CLIENT_ID: "{{ sap_vm_provision_msazure_app_client_id }}" @@ -221,7 +221,7 @@ # Using environment, no_log is ineffective and log will show 'EXEC /bin/sh -c 'ENV_VAR=value python3 /AnsiballZ_ansible_module_name.py && sleep 0' # Therefore do not use environment for secrets, use only for non-sensitive values as this will reduce Ansible Task parameters. environment: - ANSIBLE_AZURE_AUTH_SOURCE: "env" + ANSIBLE_AZURE_AUTH_SOURCE: "auto" # Set to auto to use module parameters # AZURE_SUBSCRIPTION_ID: "{{ sap_vm_provision_msazure_subscription_id }}" # AZURE_TENANT: "{{ sap_vm_provision_msazure_tenant_id }}" # AZURE_CLIENT_ID: "{{ sap_vm_provision_msazure_app_client_id }}" @@ -236,7 +236,7 @@ file: "{{ 'platform_' + sap_vm_provision_iac_type }}/{{ sap_vm_provision_iac_platform }}/execute_setup_ha.yml" apply: environment: - ANSIBLE_AZURE_AUTH_SOURCE: "env" + ANSIBLE_AZURE_AUTH_SOURCE: "auto" # Set to auto to use module parameters # AZURE_SUBSCRIPTION_ID: "{{ sap_vm_provision_msazure_subscription_id }}" # AZURE_TENANT: "{{ sap_vm_provision_msazure_tenant_id }}" # AZURE_CLIENT_ID: "{{ sap_vm_provision_msazure_app_client_id }}" diff --git a/roles/sap_vm_provision/tasks/platform_ansible/msazure_vm/execute_provision.yml b/roles/sap_vm_provision/tasks/platform_ansible/msazure_vm/execute_provision.yml index e308b64..fe6b361 100644 --- a/roles/sap_vm_provision/tasks/platform_ansible/msazure_vm/execute_provision.yml +++ b/roles/sap_vm_provision/tasks/platform_ansible/msazure_vm/execute_provision.yml @@ -34,7 +34,7 @@ location: "{{ sap_vm_provision_msazure_location_region }}" name: "{{ inventory_hostname }}-nic" virtual_network: "{{ sap_vm_provision_msazure_vnet_name }}" - subnet_name: "{{ sap_vm_provision___sap_vm_provision_msazure_vnet_subnet_name }}" + subnet_name: "{{ sap_vm_provision_msazure_vnet_subnet_name }}" create_with_security_group: false ip_configurations: - name: "{{ inventory_hostname }}-nic-ipconfig" @@ -285,7 +285,7 @@ name: sshd state: reloaded when: - - sshd_config.changed + - __sap_vm_provision_task_os_sshd_config.changed ### end of block diff --git a/roles/sap_vm_provision/tasks/platform_ansible/msazure_vm/execute_setup_ha.yml b/roles/sap_vm_provision/tasks/platform_ansible/msazure_vm/execute_setup_ha.yml index b3cce58..c2851b2 100644 --- a/roles/sap_vm_provision/tasks/platform_ansible/msazure_vm/execute_setup_ha.yml +++ b/roles/sap_vm_provision/tasks/platform_ansible/msazure_vm/execute_setup_ha.yml @@ -315,12 +315,14 @@ - name: Ansible Task block for provisioning of Load Balancer for High Availability delegate_to: localhost run_once: true + # Using environment, no_log is ineffective and log will show 'EXEC /bin/sh -c 'ENV_VAR=value python3 /AnsiballZ_ansible_module_name.py && sleep 0' + # Therefore do not use environment for secrets, use only for non-sensitive values as this will reduce Ansible Task parameters. environment: - ANSIBLE_AZURE_AUTH_SOURCE: "env" - AZURE_SUBSCRIPTION_ID: "{{ sap_vm_provision_msazure_subscription_id }}" - AZURE_TENANT: "{{ sap_vm_provision_msazure_tenant_id }}" - AZURE_CLIENT_ID: "{{ sap_vm_provision_msazure_app_client_id }}" - AZURE_SECRET: "{{ sap_vm_provision_msazure_app_client_secret }}" + ANSIBLE_AZURE_AUTH_SOURCE: "auto" # Set to auto to use module parameters + # AZURE_SUBSCRIPTION_ID: "{{ sap_vm_provision_msazure_subscription_id }}" + # AZURE_TENANT: "{{ sap_vm_provision_msazure_tenant_id }}" + # AZURE_CLIENT_ID: "{{ sap_vm_provision_msazure_app_client_id }}" + # AZURE_SECRET: "{{ sap_vm_provision_msazure_app_client_secret }}" when: - sap_ha_pacemaker_cluster_msazure_resource_group is defined - (groups["hana_secondary"] is defined and (groups["hana_secondary"] | length>0)) or (groups["nwas_ers"] is defined and (groups["nwas_ers"] | length>0)) or (groups["anydb_secondary"] is defined and (groups["anydb_secondary"] | length>0)) @@ -332,12 +334,12 @@ azure.azcollection.azure_rm_subnet_info: resource_group: "{{ sap_vm_provision_msazure_resource_group_name }}" virtual_network_name: "{{ sap_vm_provision_msazure_vnet_name }}" - name: "{{ sap_vm_provision___sap_vm_provision_msazure_vnet_subnet_name }}" - # Azure credentials - subscription_id: "{{ sap_vm_provision_msazure_subscription_id }}" - tenant: "{{ sap_vm_provision_msazure_tenant_id }}" - client_id: "{{ sap_vm_provision_msazure_app_client_id }}" - secret: "{{ sap_vm_provision_msazure_app_client_secret }}" + name: "{{ sap_vm_provision_msazure_vnet_subnet_name }}" + # Azure credentials + subscription_id: "{{ sap_vm_provision_msazure_subscription_id }}" + tenant: "{{ sap_vm_provision_msazure_tenant_id }}" + client_id: "{{ sap_vm_provision_msazure_app_client_id }}" + secret: "{{ sap_vm_provision_msazure_app_client_secret }}" - name: Define Ansible Variables for Azure Load Balancer - VIP for SAP HANA ansible.builtin.set_fact: @@ -609,7 +611,7 @@ location: "{{ sap_vm_provision_msazure_location_region }}" name: "{{ host_node }}-nic" virtual_network: "{{ sap_vm_provision_msazure_vnet_name }}" - subnet_name: "{{ sap_vm_provision___sap_vm_provision_msazure_vnet_subnet_name }}" + subnet_name: "{{ sap_vm_provision_msazure_vnet_subnet_name }}" create_with_security_group: false ip_configurations: - name: "{{ host_node }}-nic-ipconfig" @@ -639,7 +641,7 @@ location: "{{ sap_vm_provision_msazure_location_region }}" name: "{{ host_node }}-nic" virtual_network: "{{ sap_vm_provision_msazure_vnet_name }}" - subnet_name: "{{ sap_vm_provision___sap_vm_provision_msazure_vnet_subnet_name }}" + subnet_name: "{{ sap_vm_provision_msazure_vnet_subnet_name }}" create_with_security_group: false ip_configurations: - name: "{{ host_node }}-nic-ipconfig" @@ -669,7 +671,7 @@ location: "{{ sap_vm_provision_msazure_location_region }}" name: "{{ host_node }}-nic" virtual_network: "{{ sap_vm_provision_msazure_vnet_name }}" - subnet_name: "{{ sap_vm_provision___sap_vm_provision_msazure_vnet_subnet_name }}" + subnet_name: "{{ sap_vm_provision_msazure_vnet_subnet_name }}" create_with_security_group: false ip_configurations: - name: "{{ host_node }}-nic-ipconfig" diff --git a/roles/sap_vm_provision/tasks/platform_ansible/msazure_vm/post_deployment_execute.yml b/roles/sap_vm_provision/tasks/platform_ansible/msazure_vm/post_deployment_execute.yml index af18187..ce1651c 100644 --- a/roles/sap_vm_provision/tasks/platform_ansible/msazure_vm/post_deployment_execute.yml +++ b/roles/sap_vm_provision/tasks/platform_ansible/msazure_vm/post_deployment_execute.yml @@ -3,12 +3,14 @@ - name: Ansible Task block for amending Load Balancer ports for High Availability - after provisioning MS Azure VM delegate_to: localhost run_once: true + # Using environment, no_log is ineffective and log will show 'EXEC /bin/sh -c 'ENV_VAR=value python3 /AnsiballZ_ansible_module_name.py && sleep 0' + # Therefore do not use environment for secrets, use only for non-sensitive values as this will reduce Ansible Task parameters. environment: - ANSIBLE_AZURE_AUTH_SOURCE: "env" - AZURE_SUBSCRIPTION_ID: "{{ sap_vm_provision_msazure_subscription_id }}" - AZURE_TENANT: "{{ sap_vm_provision_msazure_tenant_id }}" - AZURE_CLIENT_ID: "{{ sap_vm_provision_msazure_app_client_id }}" - AZURE_SECRET: "{{ sap_vm_provision_msazure_app_client_secret }}" + ANSIBLE_AZURE_AUTH_SOURCE: "auto" # Set to auto to use module parameters + # AZURE_SUBSCRIPTION_ID: "{{ sap_vm_provision_msazure_subscription_id }}" + # AZURE_TENANT: "{{ sap_vm_provision_msazure_tenant_id }}" + # AZURE_CLIENT_ID: "{{ sap_vm_provision_msazure_app_client_id }}" + # AZURE_SECRET: "{{ sap_vm_provision_msazure_app_client_secret }}" when: - sap_ha_pacemaker_cluster_msazure_resource_group is defined - (groups["hana_secondary"] is defined and (groups["hana_secondary"] | length>0)) or (groups["nwas_ers"] is defined and (groups["nwas_ers"] | length>0)) or (groups["anydb_secondary"] is defined and (groups["anydb_secondary"] | length>0)) @@ -50,7 +52,7 @@ azure.azcollection.azure_rm_subnet_info: resource_group: "{{ sap_vm_provision_msazure_resource_group_name }}" virtual_network_name: "{{ sap_vm_provision_msazure_vnet_name }}" - name: "{{ sap_vm_provision___sap_vm_provision_msazure_vnet_subnet_name }}" + name: "{{ sap_vm_provision_msazure_vnet_subnet_name }}" # Azure credentials subscription_id: "{{ sap_vm_provision_msazure_subscription_id }}" tenant: "{{ sap_vm_provision_msazure_tenant_id }}"